Consolidate upgrade scripts for Terraform (#4126)

.github/workflows/build_validation_develop.yml

@@ -52,6 +52,11 @@ jobs:
             terraform_workspace_services:
               - templates/workspace_services/**/terraform/**/*.tf
 
+      - uses: hashicorp/setup-terraform@v3
+        if: ${{ steps.filter.outputs.terraform == 'true' }}
+        with:
+          terraform_version: "1.9.8"
+
       - name: Terraform format check
         if: ${{ steps.filter.outputs.terraform == 'true' }}
         run: terraform fmt -check -recursive

.github/workflows/codeql-analysis.yml

@@ -29,7 +29,7 @@ concurrency:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       actions: read
       contents: read

CHANGELOG.md

@@ -14,6 +14,7 @@ ENHANCEMENTS:
 * Split log entries with [Log chunk X of Y] for better readability. ([#3992](https://github.com/microsoft/AzureTRE/issues/3992))
 * Expose APP_SERVICE_SKU build variable to allow enablement of App Gateway WAF ([#4111](https://github.com/microsoft/AzureTRE/pull/4111))
 * Update Terraform to use Azure AD authentication rather than storage account keys ([#4103](https://github.com/microsoft/AzureTRE/issues/4103))
+* Consolidate Terraform upgrade scripts ([#4099](https://github.com/microsoft/AzureTRE/issues/4099))
 * Storage accounts should use infrastructure encryption ([#4001](https://github.com/microsoft/AzureTRE/issues/4001))
 * Update obsolete Terraform properties ([#4136](https://github.com/microsoft/AzureTRE/issues/4136))
 * Update Guacamole version and dependencies ([#4140](https://github.com/microsoft/AzureTRE/issues/4140))

Makefile

@@ -149,7 +149,7 @@ terraform-upgrade:
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh env \
 	&& . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \
 	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${DIR}/.env \
-	&& cd ${DIR}/terraform/ && ./upgrade.sh
+	&& ./devops/scripts/upgrade.sh ${DIR}
 
 terraform-import:
 	$(call target_title, "Importing ${DIR} with Terraform") \

core/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TF_VAR_tre_resource_id}-core"

core/version.txt

@@ -1 +1 @@
-__version__ = "0.11.15"
+__version__ = "0.11.16"

devops/scripts/upgrade.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+set -e
+
+# This script is used to upgrade terraform providers in a specified directory
+
+# Usage: ./upgrade.sh <directory>
+
+DIR=$1
+
+# Load environment variables from .env file
+if [ -f "$DIR/.env" ]; then
+  set -a
+  # shellcheck source=/dev/null
+  . "$DIR/.env"
+  set +a
+fi
+
+# Ensure TF_VAR_mgmt_resource_group_name is set
+if [ -z "${TF_VAR_mgmt_resource_group_name}" ]; then
+  echo "Error: TF_VAR_mgmt_resource_group_name is not set."
+  exit 1
+fi
+
+# Ensure TF_VAR_mgmt_storage_account_name is set
+if [ -z "${TF_VAR_mgmt_storage_account_name}" ]; then
+  echo "Error: TF_VAR_mgmt_storage_account_name is not set."
+  exit 1
+fi
+
+# Ensure TF_VAR_terraform_state_container_name is set
+if [ -z "${TF_VAR_terraform_state_container_name}" ]; then
+  echo "Error: TF_VAR_terraform_state_container_name is not set."
+  exit 1
+fi
+
+# Ensure TRE_ID is set
+if [ -z "${TRE_ID}" ]; then
+  echo "Error: TRE_ID is not set."
+  exit 1
+fi
+
+# Infer the key from the directory names
+PARENT_DIR=$(basename "$(dirname "$DIR")")
+GRANDPARENT_DIR=$(basename "$(dirname "$(dirname "$DIR")")")
+
+if [[ "$GRANDPARENT_DIR" == "workspaces" || "$GRANDPARENT_DIR" == "shared_services" ]]; then
+  KEY="${TRE_ID?}_${TF_VAR_id?}_${PARENT_DIR}"
+elif [[ "$GRANDPARENT_DIR" == "workspace_services" ]]; then
+  KEY="${TRE_ID?}_${TF_VAR_workspace_id?}_${TF_VAR_id?}_${PARENT_DIR}"
+elif [[ "$GRANDPARENT_DIR" == "user_resources" ]]; then
+  KEY="${TRE_ID?}_${TF_VAR_workspace_id?}_${TF_VAR_workspace_service_id?}_${TF_VAR_id?}_${PARENT_DIR}"
+else
+  KEY="${TRE_ID?}_${PARENT_DIR}"
+fi
+
+# Run terraform init with upgrade and reconfigure options
+terraform -chdir="$DIR/terraform" init -upgrade -reconfigure -input=false -backend=true \
+    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
+    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
+    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
+    -backend-config="key=${KEY}"

devops/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TF_VAR_tre_resource_id}-devops"

templates/shared_services/admin-vm/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TF_VAR_tre_resource_id}-shared-adminvm"

templates/shared_services/airlock_notifier/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TF_VAR_tre_resource_id}-shared-airlock-notifier"

templates/shared_services/certs/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}-certs"

templates/shared_services/cyclecloud/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TF_VAR_tre_resource_id}-${ID}"

templates/shared_services/databricks-auth/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}"

templates/shared_services/firewall/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}-shared-service-firewall"

templates/shared_services/gitea/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}-gitea"

templates/shared_services/sonatype-nexus-vm/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID:?}-shared-service-sonatype-nexus"

templates/workspace_services/databricks/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}"

templates/workspace_services/gitea/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}"

templates/workspace_services/guacamole/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}${TF_VAR_workspace_id}guacamole"

templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}${TF_VAR_workspace_id}${TF_VAR_parent_service_id}guacamolewindowsvm"

templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}${TF_VAR_workspace_id}${TF_VAR_parent_service_id}guacamolewindowsvm"

templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TF_VAR_tre_id}${TF_VAR_workspace_id}${TF_VAR_parent_service_id}guacamolelinuxvm"

templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/upgrade.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script is used to install the bundle directly without having to interact with Porter
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-terraform init -upgrade -reconfigure -input=false -backend=true \
-    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
-    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
-    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
-    -backend-config="key=${TRE_ID}${TF_VAR_workspace_id}${TF_VAR_parent_service_id}guacamolewindowsvm"