diff --git a/.github/workflows/pdf-service-api-AutoDeployTrigger-034191ad-ad96-46a0-be7b-7aea280e210d.yml b/.github/workflows/pdf-service-api-AutoDeployTrigger-034191ad-ad96-46a0-be7b-7aea280e210d.yml deleted file mode 100644 index b951c6c..0000000 --- a/.github/workflows/pdf-service-api-AutoDeployTrigger-034191ad-ad96-46a0-be7b-7aea280e210d.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Trigger auto deployment for pdf-service-api - -# When this action will be executed -on: - # Automatically trigger it when detected changes in repo - push: - branches: - [ master ] - paths: - - '**' - - '.github/workflows/pdf-service-api-AutoDeployTrigger-034191ad-ad96-46a0-be7b-7aea280e210d.yml' - - # Allow mannually trigger - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout to the branch - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Log in to container registry - uses: docker/login-action@v1 - with: - registry: bccplatform.azurecr.io - username: ${{ secrets.PDFSERVICEAPI_REGISTRY_USERNAME }} - password: ${{ secrets.PDFSERVICEAPI_REGISTRY_PASSWORD }} - - - name: Build and push container image for service to registry - uses: docker/build-push-action@v2 - with: - push: true - tags: bccplatform.azurecr.io/pdf-service:${{ github.sha }} - file: ./Dockerfile - context: ./ - - - name: Build and push container image for proxy to registry - uses: docker/build-push-action@v2 - with: - push: true - tags: bccplatform.azurecr.io/pdf-service-proxy:${{ github.sha }} - file: ./proxy/BccCode.PdfServer.Proxy/Dockerfile - context: ./proxy/BccCode.PdfServer.Proxy/ - - - deploy: - runs-on: ubuntu-latest - needs: build - - steps: - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.PDFSERVICEAPI_AZURE_CREDENTIALS }} - - - - name: Deploy to containerapp - uses: azure/CLI@v1 - with: - inlineScript: | - az config set extension.use_dynamic_install=yes_without_prompt - az containerapp registry set -n pdf-service -g pdf-service-prod --server bccplatform.azurecr.io --username ${{ secrets.PDFSERVICEAPI_REGISTRY_USERNAME }} --password ${{ secrets.PDFSERVICEAPI_REGISTRY_PASSWORD }} - az containerapp update -n pdf-service -g pdf-service-prod --container-name pdf-service --image bccplatform.azurecr.io/pdf-service:${{ github.sha }} - az containerapp update -n pdf-service -g pdf-service-prod --container-name pdf-service-proxy --image bccplatform.azurecr.io/pdf-service-proxy:${{ github.sha }} diff --git a/.github/workflows/pdf-service-api.yml b/.github/workflows/pdf-service-api.yml new file mode 100644 index 0000000..89954d8 --- /dev/null +++ b/.github/workflows/pdf-service-api.yml @@ -0,0 +1,86 @@ +name: Trigger auto deployment for pdf-service-api + +on: + push: + branches: [master] + paths: + - "**" + - ".github/workflows/pdf-service-api-AutoDeployTrigger-034191ad-ad96-46a0-be7b-7aea280e210d.yml" + workflow_dispatch: + +env: + acr: crbccplatformprod + +permissions: + id-token: write + contents: read + +jobs: + build: + runs-on: ubuntu-latest + environment: prod + steps: + - name: Checkout to the branch + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Azure login + uses: azure/login@v1 + with: + client-id: ${{ vars.AZURE_CLIENT_ID }} + tenant-id: ${{ vars.AZURE_TENANT_ID }} + subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} + + - name: Getting Credentials for Azure Container Registry + id: acr + uses: Azure/cli@v1.0.7 + with: + inlineScript: | + echo "login<> $GITHUB_OUTPUT + echo "$(az acr login --name ${{env.acr}} --expose-token)" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Login to Azure Container Registry + uses: docker/login-action@v2 + with: + registry: ${{ fromJSON(steps.acr.outputs.login).loginServer }} + username: "00000000-0000-0000-0000-000000000000" + password: ${{ fromJSON(steps.acr.outputs.login).accessToken }} + + - name: Build and push container image to registry + uses: docker/build-push-action@v3 + with: + context: ./ + push: true + tags: | + ${{ env.acr }}.azurecr.io/pdf-service:${{ github.sha }} + + - name: Build and push container image to registry + uses: docker/build-push-action@v3 + with: + context: ./proxy/BccCode.PdfServer.Proxy/ + push: true + tags: | + ${{ env.acr }}.azurecr.io/pdf-service-proxy:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: build + environment: prod + steps: + - name: Azure Login + uses: azure/login@v1 + with: + client-id: ${{ vars.AZURE_CLIENT_ID }} + tenant-id: ${{ vars.AZURE_TENANT_ID }} + subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} + + - name: Deploy to containerapp + uses: azure/CLI@v1 + with: + inlineScript: | + az config set extension.use_dynamic_install=yes_without_prompt + az containerapp update -n ca-pdf -g pdf-prod --container-name pdf-service --image ${{ env.acr }}.azurecr.io/pdf-service:${{ github.sha }} + az containerapp update -n ca-pdf -g pdf-prod --container-name pdf-service-proxy --image ${{ env.acr }}.azurecr.io/pdf-service-proxy:${{ github.sha }} diff --git a/infra/main.tf b/infra/main.tf deleted file mode 100644 index ce59f00..0000000 --- a/infra/main.tf +++ /dev/null @@ -1,278 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - - azuread = { - source = "hashicorp/azuread" - version = "~> 2.15.0" - } - - azapi = { - source = "Azure/azapi" - version = "0.4.0" - } - } - experiments = [module_variable_optional_attrs] - - backend "azurerm" { - resource_group_name = "BCC-Platform" - storage_account_name = "bccplatformtfstate" - container_name = "pdf-service" - key = "pdf-service.terraform.tfstate" - subscription_id = "a77a3461-9212-44cf-bc6a-11c6281797e9" - tenant_id = "8572f54e-d0a8-4ea4-a28e-557c63698a4a" - } - -} - -locals { - azure_tenant_id = var.azure_tenant_id - azure_subscription_id = var.azure_subscription_id - azure_platform_subscription_id = var.azure_platform_subscription_id - location = var.location - resource_group = "${var.resource_prefix}-${var.environment}" - resource_prefix = "${var.resource_prefix}" - tags = {} -} - -provider "azuread" { - tenant_id = var.azure_tenant_id - features {} -} - -provider "azurerm" { - alias = "main" - subscription_id = local.azure_subscription_id - tenant_id = local.azure_tenant_id - skip_provider_registration = true - features {} -} - -provider "azurerm" { - alias = "platform" - subscription_id = local.azure_platform_subscription_id - tenant_id = local.azure_tenant_id - skip_provider_registration = true - features {} -} - - -provider "azapi" { - subscription_id = local.azure_subscription_id - tenant_id = local.azure_tenant_id - skip_provider_registration = true -} - - -# Get Resource Group -data "azurerm_resource_group" "rg" { - provider = azurerm.main - name = local.resource_group -} - -# Get Container Registry -data "azurerm_container_registry" "acr" { - provider = azurerm.platform - name = "bccplatform" - resource_group_name = "BCC-Platform" -} - -# Analytics Workspace -module "log_analytics_workspace" { - source = "./modules/azure/log_analytics" - name = "${local.resource_prefix}-logs" - location = local.location - resource_group_name = data.azurerm_resource_group.rg.name - tags = local.tags - providers = { - azurerm = azurerm.main - } -} - -# Application Insights -module "application_insights" { - source = "./modules/azure/application_insights" - name = "${local.resource_prefix}-env-insights" - location = local.location - resource_group_name = data.azurerm_resource_group.rg.name - tags = local.tags - application_type = "web" - workspace_id = module.log_analytics_workspace.id - providers = { - azurerm = azurerm.main - } -} - -# VLAN for Container Environment -module "container_apps_vlan" { - source = "./modules/azure/container_apps_vlan" - name = "${local.resource_prefix}-vlan" - location = local.location - resource_group_name = data.azurerm_resource_group.rg.name - tags = local.tags - - depends_on = [ - data.azurerm_resource_group.rg - ] - - providers = { - azurerm = azurerm.main - } -} - - -# Container Environment -module "container_apps_env" { - source = "./modules/azure/container_apps_env" - managed_environment_name = "${local.resource_prefix}-env" - location = local.location - resource_group_id = data.azurerm_resource_group.rg.id - tags = local.tags - instrumentation_key = module.application_insights.instrumentation_key - workspace_id = module.log_analytics_workspace.workspace_id - primary_shared_key = module.log_analytics_workspace.primary_shared_key - vlan_subnet_id = module.container_apps_vlan.subnet_id - - providers = { - azurerm = azurerm.main - } -} - - -#ref: -# https://github.com/Azure/azure-resource-manager-schemas/blob/68af7da6820cc91660904b34813aeee606c400f1/schemas/2022-03-01/Microsoft.App.json - -# API Container App -module "api_container_app" { - source = "./modules/azure/container_apps" - managed_environment_id = module.container_apps_env.id - location = local.location - resource_group_id = data.azurerm_resource_group.rg.id - tags = local.tags - registries = [{ - admin_password = data.azurerm_container_registry.acr.admin_password - admin_username = data.azurerm_container_registry.acr.admin_username - login_server = data.azurerm_container_registry.acr.login_server - }] - container_app = { - name = "${local.resource_prefix}" - configuration = { - ingress = { - external = true - targetPort = 5130 - } - dapr = { - enabled = false - # appId = "${local.resource_prefix}" - # appProtocol = "http" - # appPort = 5130 - } - secrets = [ - { - name = "application-insights-connection-string" - value = module.application_insights.connection_string - } - ] - # customDomains = [ - # { - # bindingType = "SniEnabled", - # certificateId = "", - # name = module.api_container_app.domain_name - # } - # ] - } - template = { - containers = [{ - image = "hello-world:latest" //"bccplatform.azurecr.io/bcc-code-run-prod-api:latest" - name = "${local.resource_prefix}" - env = [{ - name = "APP_PORT" - value = 8080 - }, - { - name = "ENVIRONMENT_NAME" - value = terraform.workspace - } - ] - resources = { - cpu = 0.5 - memory = "1Gi" - } - }, - { - image = "hello-world:latest" //"bccplatform.azurecr.io/bcc-code-run-prod-api:latest" - name = "${local.resource_prefix}-proxy" - env = [{ - name = "APP_PORT" - value = 5130 - }, - { - name = "ASPNETCORE_URLS" - value = "http://+:5130" - }, - { - name = "ENVIRONMENT_NAME" - value = terraform.workspace - }, - { - name = "APPLICATIONINSIGHTS_CONNECTION_STRING" - secretRef = "application-insights-connection-string" - }, - { - name = "APPLICATIONINSIGHTS__CONNECTIONSTRING" - secretRef = "application-insights-connection-string" - }, - ] - resources = { - cpu = 0.25 - memory = "0.5Gi" - } - }] - scale = { - minReplicas = 0 - maxReplicas = 10 - } - } - } - providers = { - azurerm = azurerm.main - } -} - -# # # Add gateway - -# module "gateway" { -# source = "./modules/azure/front_door" -# name = "${local.resource_prefix}-gateway" -# location = local.location -# tags = local.tags -# endpoint_domain_name = var.endpoint_domain_name -# endpoint_name = "default" -# resource_group_id = data.azurerm_resource_group.rg.id -# providers = { -# azurerm = azurerm.main -# } -# } - -# module "api_route" { -# source = "./modules/azure/front_door_route" -# name = "${local.resource_prefix}-svc-route" -# front_door_name = "${local.resource_prefix}-gateway" -# origin_host = module.api_container_app.domain_name -# route_path = "/*" -# origin_path = "/" -# endpoint_name = "default" -# endpoint_domain_name = var.endpoint_domain_name -# resource_group_id = data.azurerm_resource_group.rg.id -# resource_group_name = data.azurerm_resource_group.rg.name -# depends_on = [ -# module.gateway -# ] -# providers = { -# azurerm = azurerm.main -# } -# } \ No newline at end of file diff --git a/infra/modules/azure/application_insights/main.tf b/infra/modules/azure/application_insights/main.tf deleted file mode 100644 index 48855f0..0000000 --- a/infra/modules/azure/application_insights/main.tf +++ /dev/null @@ -1,36 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - azapi = { - source = "Azure/azapi" - version = "0.4.0" - } - } - experiments = [module_variable_optional_attrs] -} - -locals { - module_tag = { - "module" = basename(abspath(path.module)) - } - tags = merge(var.tags, local.module_tag) -} - -resource "azurerm_application_insights" "resource" { - name = var.name - location = var.location - resource_group_name = var.resource_group_name - tags = local.tags - application_type = "web" - workspace_id = var.workspace_id - - lifecycle { - ignore_changes = [ - tags - ] - } -} \ No newline at end of file diff --git a/infra/modules/azure/application_insights/outputs.tf b/infra/modules/azure/application_insights/outputs.tf deleted file mode 100644 index a4b5616..0000000 --- a/infra/modules/azure/application_insights/outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -output "name" { - value = azurerm_application_insights.resource.name - description = "Specifies the name of the resource." -} - -output "id" { - value = azurerm_application_insights.resource.id - description = "Specifies the resource id of the resource." -} - -output "instrumentation_key" { - value = azurerm_application_insights.resource.instrumentation_key - description = "Specifies the instrumentation key of the Application Insights." - sensitive = true -} - -output "connection_string" { - value = azurerm_application_insights.resource.connection_string - description = "Specifies the connection string of the Application Insights." - sensitive = true -} - -output "app_id" { - value = azurerm_application_insights.resource.app_id - description = "Specifies the resource id of the resource." -} \ No newline at end of file diff --git a/infra/modules/azure/application_insights/variables.tf b/infra/modules/azure/application_insights/variables.tf deleted file mode 100644 index 997018c..0000000 --- a/infra/modules/azure/application_insights/variables.tf +++ /dev/null @@ -1,32 +0,0 @@ - -variable "name" { - description = "(Required) Specifies the name of the resource. Changing this forces a new resource to be created." - type = string -} - -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the resource. Changing this forces a new resource to be created." - type = string -} - -variable "tags" { - description = "(Optional) Specifies the tags of the log analytics workspace" - type = map(any) - default = {} -} - -variable "location" { - description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." - type = string -} - -variable "application_type" { - description = "(Required) Specifies the type of Application Insights to create. Valid values are ios for iOS, java for Java web, MobileCenter for App Center, Node.JS for Node.js, other for General, phone for Windows Phone, store for Windows Store and web for ASP.NET. Please note these values are case sensitive; unmatched values are treated as ASP.NET by Azure. Changing this forces a new resource to be created." - type = string - default = "web" -} - -variable "workspace_id" { - description = "(Optional) Specifies the id of a log analytics workspace resource. Changing this forces a new resource to be created." - type = string -} diff --git a/infra/modules/azure/container_apps/main.tf b/infra/modules/azure/container_apps/main.tf deleted file mode 100644 index fb90a43..0000000 --- a/infra/modules/azure/container_apps/main.tf +++ /dev/null @@ -1,81 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - azapi = { - source = "Azure/azapi" - version = "0.4.0" - } - } - experiments = [module_variable_optional_attrs] -} - -locals { - module_tag = { - "module" = basename(abspath(path.module)) - } - tags = merge(var.tags, local.module_tag) -} - -resource "azapi_resource" "daprComponents" { - for_each = {for component in var.dapr_components: component.name => component} - - name = each.key - parent_id = var.managed_environment_id - type = "Microsoft.App/managedEnvironments/daprComponents@2022-03-01" - - body = jsonencode({ - properties = { - componentType = each.value.componentType - version = each.value.version - ignoreErrors = each.value.ignoreErrors - initTimeout = each.value.initTimeout - secrets = each.value.secrets - metadata = each.value.metadata - scopes = each.value.scopes - } - }) -} - -#ref -# https://raw.githubusercontent.com/Azure/azure-resource-manager-schemas/68af7da6820cc91660904b34813aeee606c400f1/schemas/2022-03-01/Microsoft.App.json - -resource "azapi_resource" "container_app" { - # for_each = {for app in var.container_apps: app.name => app} - - name = var.container_app.name - location = var.location - parent_id = var.resource_group_id - type = "Microsoft.App/containerApps@2022-03-01" - tags = var.tags - - body = jsonencode({ - properties = { - - managedEnvironmentId = var.managed_environment_id - configuration = { - registries = [for reg in var.registries : { - server = reg.login_server - username = reg.admin_username - passwordSecretRef = "acr-pw-${replace(reg.login_server,".","-")}" - }] - secrets = concat((var.container_app.configuration.secrets == null ? [] : var.container_app.configuration.secrets), [for reg in var.registries : { - name = "acr-pw-${replace(reg.login_server,".","-")}" - value = reg.admin_password - }]) - ingress = try(var.container_app.configuration.ingress, null) - dapr = try(var.container_app.configuration.dapr, null) - } - template = var.container_app.template - - } - }) - - ignore_missing_property = true - ignore_casing = true - response_export_values = ["properties.configuration.ingress.fqdn"] - -} \ No newline at end of file diff --git a/infra/modules/azure/container_apps/outputs.tf b/infra/modules/azure/container_apps/outputs.tf deleted file mode 100644 index e7dd4ca..0000000 --- a/infra/modules/azure/container_apps/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "domain_name" { - value = jsondecode(azapi_resource.container_app.output).properties.configuration.ingress.fqdn -} - -output "id" { - value = azapi_resource.container_app.id -} - -output "identity" { - value = azapi_resource.container_app.identity -} \ No newline at end of file diff --git a/infra/modules/azure/container_apps/variables.tf b/infra/modules/azure/container_apps/variables.tf deleted file mode 100644 index a54f3b1..0000000 --- a/infra/modules/azure/container_apps/variables.tf +++ /dev/null @@ -1,94 +0,0 @@ - -variable "managed_environment_id" { - description = "(Required) Specifies the id of the managed environment." - type = string -} - -variable "resource_group_id" { - description = "(Required) The resource id of the resource group in which to create the resource. Changing this forces a new resource to be created." - type = string -} - -variable "tags" { - description = "(Optional) Specifies the tags of the log analytics workspace" - type = map(any) - default = {} -} - -variable "location" { - description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." - type = string -} - -variable "registries" { - description = "Container registry details" - type = list(object({ - login_server = string - admin_username = string - admin_password = string - })) -} - -variable "container_app" { - description = "Specifies the container apps in the managed environment." - type = object({ - name = string - configuration = object({ - ingress = optional(object({ - external = optional(bool) - targetPort = optional(number) - })) - dapr = optional(object({ - enabled = optional(bool) - appId = optional(string) - appProtocol = optional(string) - appPort = optional(number) - })) - secrets = optional(list(object({ - name = string - value = string - }))) - }) - template = object({ - containers = list(object({ - image = string - name = string - env = optional(list(object({ - name = string - value = optional(string) - secretRef = optional(string) - }))) - resources = optional(object({ - cpu = optional(number) - memory = optional(string) - })) - })) - scale = optional(object({ - minReplicas = optional(number) - maxReplicas = optional(number) - })) - }) - }) -} - -variable "dapr_components" { - description = "Specifies the dapr components in the managed environment." - type = list(object({ - name = string - componentType = string - version = string - ignoreErrors = optional(bool) - initTimeout = string - secrets = optional(list(object({ - name = string - value = any - }))) - metadata = optional(list(object({ - name = string - value = optional(any) - secretRef = optional(any) - }))) - scopes = optional(list(string)) - })) - default = [] -} \ No newline at end of file diff --git a/infra/modules/azure/container_apps_env/main.tf b/infra/modules/azure/container_apps_env/main.tf deleted file mode 100644 index 2500962..0000000 --- a/infra/modules/azure/container_apps_env/main.tf +++ /dev/null @@ -1,56 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - azapi = { - source = "Azure/azapi" - version = "0.4.0" - } - } - experiments = [module_variable_optional_attrs] -} - -locals { - module_tag = { - "module" = basename(abspath(path.module)) - } - tags = merge(var.tags, local.module_tag) -} - -resource "azapi_resource" "managed_environment" { - name = var.managed_environment_name - location = var.location - parent_id = var.resource_group_id - type = "Microsoft.App/managedEnvironments@2022-03-01" - tags = local.tags - - body = jsonencode({ - properties = { - daprAIInstrumentationKey = var.instrumentation_key - appLogsConfiguration = { - destination = "log-analytics" - logAnalyticsConfiguration = { - customerId = var.workspace_id - sharedKey = var.primary_shared_key - } - } - vnetConfiguration = { - infrastructureSubnetId = var.vlan_subnet_id - internal = false - } - zoneRedundant = true - } - }) - - lifecycle { - ignore_changes = [ - tags - ] - } - - ignore_missing_property = true - ignore_casing = true -} diff --git a/infra/modules/azure/container_apps_env/outputs.tf b/infra/modules/azure/container_apps_env/outputs.tf deleted file mode 100644 index 5c784d1..0000000 --- a/infra/modules/azure/container_apps_env/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "name" { - value = azapi_resource.managed_environment.name - description = "Specifies the name of the managed environment." -} - -output "id" { - value = azapi_resource.managed_environment.id - description = "Specifies the resource id of the managed environment." -} \ No newline at end of file diff --git a/infra/modules/azure/container_apps_env/variables.tf b/infra/modules/azure/container_apps_env/variables.tf deleted file mode 100644 index 8bc9763..0000000 --- a/infra/modules/azure/container_apps_env/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ - -variable "managed_environment_name" { - description = "(Required) Specifies the name of the managed environment." - type = string -} - -variable "resource_group_id" { - description = "(Required) The resource id of the resource group in which to create the resource. Changing this forces a new resource to be created." - type = string -} - -variable "tags" { - description = "(Optional) Specifies the tags of the log analytics workspace" - type = map(any) - default = {} -} - -variable "location" { - description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." - type = string -} - -variable "instrumentation_key" { - description = "(Optional) Specifies the instrumentation key of the application insights resource." - type = string -} - -variable "workspace_id" { - description = "(Optional) Specifies workspace id of the log analytics workspace." - type = string -} - -variable "primary_shared_key" { - description = "(Optional) Specifies the workspace key of the log analytics workspace." - type = string -} - -variable "vlan_subnet_id" { - description = "(Required) Specifies the id of the vlan subnet for the managed environment." - type = string -} - - diff --git a/infra/modules/azure/container_apps_vlan/main.tf b/infra/modules/azure/container_apps_vlan/main.tf deleted file mode 100644 index e631133..0000000 --- a/infra/modules/azure/container_apps_vlan/main.tf +++ /dev/null @@ -1,61 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - } - experiments = [module_variable_optional_attrs] -} - -resource "azurerm_network_security_group" "nsg" { - name = "${var.name}-nsg" - location = var.location - resource_group_name = var.resource_group_name - tags = var.tags - - security_rule { - name = "AllowPort80" - priority = 101 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "80" - source_address_prefix = "*" - destination_address_prefix = "*" - } - - security_rule { - name = "AllowPort443" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "443" - source_address_prefix = "*" - destination_address_prefix = "*" - } -} - -resource "azurerm_virtual_network" "vlan" { - name = var.name - location = var.location - resource_group_name = var.resource_group_name - address_space = var.vlan_address_space - tags = var.tags -} - -resource "azurerm_subnet" "default" { - name = var.subnet_name - resource_group_name = var.resource_group_name - virtual_network_name = azurerm_virtual_network.vlan.name - address_prefixes = var.subnet_address_prefixes -} - -resource "azurerm_subnet_network_security_group_association" "nsg_assignment" { - subnet_id = azurerm_subnet.default.id - network_security_group_id = azurerm_network_security_group.nsg.id -} \ No newline at end of file diff --git a/infra/modules/azure/container_apps_vlan/outputs.tf b/infra/modules/azure/container_apps_vlan/outputs.tf deleted file mode 100644 index fe3c5c8..0000000 --- a/infra/modules/azure/container_apps_vlan/outputs.tf +++ /dev/null @@ -1,20 +0,0 @@ -output "id" { - value = azurerm_virtual_network.vlan.id - description = "Specifies the id of the virtual network" -} - -output "location" { - value = azurerm_virtual_network.vlan.location - description = "Specifies the location of the virtual network" -} - -output "network_security_group_id" { - value = azurerm_network_security_group.nsg.id - description = "Specifies the resource id of the network security group" -} - -output "subnet_id" { - value = azurerm_subnet.default.id - description = "Specifies the resource id of the default subnet" -} - diff --git a/infra/modules/azure/container_apps_vlan/variables.tf b/infra/modules/azure/container_apps_vlan/variables.tf deleted file mode 100644 index b3e88de..0000000 --- a/infra/modules/azure/container_apps_vlan/variables.tf +++ /dev/null @@ -1,37 +0,0 @@ -variable "name" { - description = "(Required) Specifies the name of the vlan" - type = string -} - -variable "resource_group_name" { - description = "(Required) Specifies the resource group name of the vlan" - type = string -} - -variable "location" { - description = "(Required) Specifies the location of the vlan" - type = string -} - -variable "tags" { - description = "(Optional) Specifies the tags of the vlan" - default = {} -} - -variable "vlan_address_space" { - description = "(Optional) Specifies the address space of the vlan" - type = list(string) - default = ["10.0.0.0/16"] -} - -variable "subnet_address_prefixes" { - description = "(Optional) Specifies the address prefixes of the default subnet" - type = list(string) - default = ["10.0.0.0/23"] -} - -variable "subnet_name" { - description = "(Optional) Specifies the name of the default subnet" - type = string - default = "default" -} \ No newline at end of file diff --git a/infra/modules/azure/front_door/main.tf b/infra/modules/azure/front_door/main.tf deleted file mode 100644 index 173a7bf..0000000 --- a/infra/modules/azure/front_door/main.tf +++ /dev/null @@ -1,85 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - azapi = { - source = "Azure/azapi" - version = "0.4.0" - } - } - experiments = [module_variable_optional_attrs] -} - -locals { - module_tag = { - "module" = basename(abspath(path.module)) - } - tags = merge(var.tags, local.module_tag) -} - -resource "azapi_resource" "frontdoor_profile" { - - name = var.name - location = "global" - parent_id = var.resource_group_id - type = "Microsoft.Cdn/profiles@2021-06-01" - tags = local.tags - - body = jsonencode({ - sku = { - name = var.sku - } - }) - - lifecycle { - ignore_changes = [ - tags - ] - } -} - -resource "azapi_resource" "frontdoor_endpoint" { - - name = var.endpoint_name - location = "global" - parent_id = azapi_resource.frontdoor_profile.id - type = "Microsoft.Cdn/profiles/afdEndpoints@2021-06-01" - tags = local.tags - - body = jsonencode({ - properties = { - enabledState = "Enabled" - } - }) - - lifecycle { - ignore_changes = [ - tags - ] - } -} - -resource "azapi_resource" "frontdoor_domain" { - name = "${replace(var.endpoint_domain_name,".","-")}" - parent_id = azapi_resource.frontdoor_profile.id - type = "Microsoft.Cdn/profiles/customdomains@2021-06-01" - - body = jsonencode({ - properties = { - hostName = var.endpoint_domain_name, - tlsSettings = { - certificateType = "ManagedCertificate" - minimumTlsVersion = "TLS12" - } - } - }) - - lifecycle { - ignore_changes = [ - tags - ] - } -} \ No newline at end of file diff --git a/infra/modules/azure/front_door/variables.tf b/infra/modules/azure/front_door/variables.tf deleted file mode 100644 index fa72773..0000000 --- a/infra/modules/azure/front_door/variables.tf +++ /dev/null @@ -1,37 +0,0 @@ -variable "resource_group_id" { - description = "(Required) The resource id of the resource group in which to create the resource. Changing this forces a new resource to be created." - type = string -} - -variable "tags" { - description = "(Optional) Specifies the tags of the log analytics workspace" - type = map(any) - default = {} -} - -variable "location" { - description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." - type = string -} - -variable "name" { - description = "(Required) Friendly name of azure frontdoor instance." - type = string -} - -variable "sku" { - description = "(Required) Friendly name of azure frontdoor instance." - type = string - default = "Standard_AzureFrontDoor" -} - -variable "endpoint_name" { - description = "(Required) Name of the default endpoint for the frontdoor" - type = string - default = "api" -} - -variable "endpoint_domain_name" { - description = "(Required) Name of the domain for the frontdoor endpoint" - type = string -} \ No newline at end of file diff --git a/infra/modules/azure/front_door_route/main.tf b/infra/modules/azure/front_door_route/main.tf deleted file mode 100644 index acee319..0000000 --- a/infra/modules/azure/front_door_route/main.tf +++ /dev/null @@ -1,237 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.3.0" - } - azapi = { - source = "Azure/azapi" - version = "0.4.0" - } - } - experiments = [module_variable_optional_attrs] -} - -locals { - module_tag = { - "module" = basename(abspath(path.module)) - } - tags = merge(var.tags, local.module_tag) - route_path = var.route_path == null ? "/${var.name}/*" : var.route_path - origin_path = var.origin_path == null ? "/" : var.origin_path -} - - -data "azapi_resource" "frontdoor_profile" { - name = var.front_door_name - parent_id = var.resource_group_id - type = "Microsoft.Cdn/profiles@2021-06-01" -} - -data "azapi_resource" "frontdoor_endpoint" { - name = var.endpoint_name - parent_id = data.azapi_resource.frontdoor_profile.id - type = "Microsoft.Cdn/profiles/afdEndpoints@2021-06-01" -} - -data "azapi_resource" "endpoint_domain" { - name = replace(var.endpoint_domain_name,".","-") - parent_id = data.azapi_resource.frontdoor_profile.id - type = "Microsoft.Cdn/profiles/customdomains@2021-06-01" -} - -data "azurerm_client_config" "current" {} - -resource "azapi_resource" "origin_group" { - - name = "${var.name}-origin-group" - parent_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Cdn/profiles/${var.front_door_name}" - #data.azapi_resource.frontdoor_profile.id - type = "Microsoft.Cdn/profiles/origingroups@2021-06-01" - - body = jsonencode({ - properties = { - healthProbeSettings = { - probePath = "/" - probeIntervalInSeconds = 255 - probeProtocol = "Https" - probeRequestType = "HEAD" - } - sessionAffinityState = "Enabled" - loadBalancingSettings = { - additionalLatencyInMilliseconds = 50 - successfulSamplesRequired = 3 - sampleSize = 4 - } - } - }) - - depends_on = [ - data.azapi_resource.frontdoor_profile - ] - -} - -resource "azapi_resource" "origin" { - - name = "${var.name}" - parent_id = azapi_resource.origin_group.id - type = "Microsoft.Cdn/profiles/origingroups/origins@2021-06-01" - - body = jsonencode({ - properties = { - # azureOrigin = { - # id = azapi_resource.origin_group.id - # } - hostName = var.origin_host - httpPort = 80 - httpsPort = 443 - originHostHeader = var.origin_host - enabledState = "Enabled" - priority = 1 - weight = 1000 - } - }) - - depends_on = [ - azapi_resource.origin_group - ] - -} - -# DOESN'T CURRENLTY WORK - Causes an error, presumably because this resource can't be looked up using the CLi -# resource "azapi_resource" "origin_route" { - -# name = "${var.name}" -# parent_id = "${data.azapi_resource.frontdoor_endpoint.id}" -# type = "Microsoft.Cdn/profiles/afdendpoints/routes@2021-06-01" - -# body = jsonencode({ -# properties = { -# originPath = "/" - -# # customDomains = [ -# # { -# # id = data.azapi_resource.endpoint_domain.id -# # } -# # ] -# originGroup = { -# id = azapi_resource.origin_group.id -# } -# supportedProtocols = [ -# "Http", -# "Https" -# ] -# patternsToMatch = [ -# local.route_path -# ] -# forwardingProtocol = "MatchRequest" -# linkToDefaultDomain = "Enabled" -# httpsRedirect = "Enabled" -# enabledState = "Enabled" -# } -# }) - -# # depends_on = [ -# # azapi_resource.origin_group, -# # ] - -# } - -resource "random_id" "id" { - byte_length = 8 -} - -resource "azurerm_resource_group_template_deployment" "origin_route" { - name = "${var.name}_deployment_${random_id.id.hex}" - resource_group_name = "${var.resource_group_name}" - deployment_mode = "Incremental" - parameters_content = jsonencode({ - "frontdoor_name" = { - value = var.front_door_name - } - "endpoint_name" = { - value = var.endpoint_name - } - "route_name" = { - value = var.name - } - "route_path" = { - value = local.route_path - } - "origin_path" = { - value = local.origin_path - } - "origin_group_name" = { - value = azapi_resource.origin_group.name - } - "endpoint_domain_name" = { - value = replace(var.endpoint_domain_name,".","-") - } - }) - template_content = <