Move core folder to root (#3016)

* move core folder to root

* fix paths

* fix letsencrypt lint errors

* Update core/terraform/destroy.sh

Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com>

* lint

Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com>

.devcontainer/devcontainer.json

@@ -174,7 +174,7 @@
           "console": "integratedTerminal",
           "preLaunchTask": "Install_resource_processor_dependencies",
           "cwd": "${workspaceFolder}/resource_processor",
-          "envFile": "${workspaceFolder}/templates/core/private.env",
+          "envFile": "${workspaceFolder}/core/private.env",
           "env": {
             "PYTHONPATH": "."
           }

.devcontainer/scripts/consolidate_env.sh

@@ -23,4 +23,4 @@ FORMAT_TO_ENV_FILE="to_entries| map(.key + \"=\" +  .value)|.[]"
 yq e "$GET_LEAF_KEYS|$UPCASE_KEYS| $FORMAT_TO_ENV_FILE" config.yaml > $FILE
 
 # shellcheck disable=SC2086
-cat $WORKDIR/templates/core/private.env >> $FILE
+cat $WORKDIR/core/private.env >> $FILE

.github/dependabot.yml

@@ -28,6 +28,6 @@ updates:
       interval: "monthly"
 
   - package-ecosystem: "terraform"
-    directory: "/templates/core/terraform"
+    directory: "/core/terraform"
     schedule:
       interval: "monthly"

.github/workflows/build_validation_develop.yml

@@ -34,9 +34,9 @@ jobs:
               # our Terraform uses more than just *.tf files, so need to check changes in the folder
               - '**/terraform/**/*'
             core:
-              - 'templates/core/**/*'
+              - 'core/**/*'
             core_version:
-              - 'templates/core/version.txt'
+              - 'core/version.txt'
             docs:
               - 'docs/**/*'
 

.gitignore

@@ -111,7 +111,7 @@ venv/
 ENV/
 env.bak/
 venv.bak/
-templates/core/tre.env
+core/tre.env
 devops/auth.env
 private.env
 
@@ -201,9 +201,9 @@ sample.dat
 .bash_history
 
 # lets encrypt
-templates/core/terraform/scripts/index.html
-templates/core/terraform/scripts/validation.txt
-templates/core/terraform/plan
+core/terraform/scripts/index.html
+core/terraform/scripts/validation.txt
+core/terraform/plan
 
 # Test results
 e2e_tests/pytest_e2e_*.xml

Makefile

@@ -96,7 +96,7 @@ push-airlock-processor:
 prepare-tf-state:
 	$(call target_title, "Preparing terraform state") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform > /dev/null && ../../shared_services/firewall/terraform/remove_state.sh && popd > /dev/null \
+	&& pushd ${MAKEFILE_DIR}/core/terraform > /dev/null && ../../shared_services/firewall/terraform/remove_state.sh && popd > /dev/null \
 	&& pushd ${MAKEFILE_DIR}/templates/shared_services/firewall/terraform > /dev/null && ./import_state.sh && popd > /dev/null
 # / End migration targets
 
@@ -104,16 +104,16 @@ deploy-core: tre-start
 	$(call target_title, "Deploying TRE") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
 	&& if [[ "$${TF_LOG}" == "DEBUG" ]]; \
-		then echo "TF DEBUG set - output supressed - see tflogs container for log file" && cd ${MAKEFILE_DIR}/templates/core/terraform/ \
+		then echo "TF DEBUG set - output supressed - see tflogs container for log file" && cd ${MAKEFILE_DIR}/core/terraform/ \
 			&& ./deploy.sh 1>/dev/null 2>/dev/null; \
-		else cd ${MAKEFILE_DIR}/templates/core/terraform/ && ./deploy.sh; fi;
+		else cd ${MAKEFILE_DIR}/core/terraform/ && ./deploy.sh; fi;
 
 letsencrypt:
 	$(call target_title, "Requesting LetsEncrypt SSL certificate") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,certbot,env \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
-	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/private.env \
-	&& ${MAKEFILE_DIR}/templates/core/terraform/scripts/letsencrypt.sh
+	&& pushd ${MAKEFILE_DIR}/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
+	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
+	&& ${MAKEFILE_DIR}/core/terraform/scripts/letsencrypt.sh
 
 tre-start:
 	$(call target_title, "Starting TRE") \
@@ -297,15 +297,15 @@ firewall-install:
 static-web-upload:
 	$(call target_title, "Uploading to static website") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
-	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/private.env \
+	&& pushd ${MAKEFILE_DIR}/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
+	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
 	&& ${MAKEFILE_DIR}/devops/scripts/upload_static_web.sh
 
 build-and-deploy-ui:
 	$(call target_title, "Build and deploy UI") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
-	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/private.env \
+	&& pushd ${MAKEFILE_DIR}/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
+	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
 	&& if [ "$${DEPLOY_UI}" != "false" ]; then ${MAKEFILE_DIR}/devops/scripts/build_deploy_ui.sh; else echo "UI Deploy skipped as DEPLOY_UI is false"; fi \
 
 prepare-for-e2e:
@@ -347,8 +347,8 @@ test-e2e-custom:
 setup-local-debugging:
 	$(call target_title,"Setting up the ability to debug the API and Resource Processor") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
-	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/private.env \
+	&& pushd ${MAKEFILE_DIR}/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
+	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
 	&& . ${MAKEFILE_DIR}/devops/scripts/setup_local_debugging.sh
 
 auth:
@@ -358,18 +358,18 @@ auth:
 
 show-core-output:
 	$(call target_title,"Display TRE core output") \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform/ > /dev/null && terraform show && popd > /dev/null
+	&& pushd ${MAKEFILE_DIR}/core/terraform/ > /dev/null && terraform show && popd > /dev/null
 
 api-healthcheck:
 	$(call target_title,"Checking API Health") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/private.env \
+	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
 	&& ${MAKEFILE_DIR}/devops/scripts/api_healthcheck.sh
 
 db-migrate: api-healthcheck
 	$(call target_title,"Migrating Cosmos Data") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& pushd ${MAKEFILE_DIR}/templates/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
-	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/private.env \
+	&& pushd ${MAKEFILE_DIR}/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
+	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/core/private.env \
 	&& . ${MAKEFILE_DIR}/devops/scripts/get_access_token.sh \
 	&& . ${MAKEFILE_DIR}/devops/scripts/migrate_state_store.sh --tre_url "$${TRE_URL:-https://$${TRE_ID}.$${LOCATION}.cloudapp.azure.com}" --insecure

core/terraform/airlock/airlock_processor.tf

@@ -1,5 +1,5 @@
 data "local_file" "airlock_processor_version" {
-  filename = "${path.root}/../../../airlock_processor/_version.py"
+  filename = "${path.root}/../../airlock_processor/_version.py"
 }
 
 locals {

core/terraform/api-webapp.tf

@@ -1,5 +1,5 @@
 data "local_file" "api_app_version" {
-  filename = "${path.root}/../../../api_app/_version.py"
+  filename = "${path.root}/../../api_app/_version.py"
 }
 
 locals {

core/terraform/compare_plans.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -e
+
+# if no arguments are provided, return usage function
+if [[ $# -ne 2 || -z $1 || -z $2 ]]; then
+    echo "Usage: $0 <left_plan_file> <right_plan_file>"
+    exit 1
+fi
+
+left_tfplan=$1
+right_tfplan=$2
+
+echo "Comparing ${left_tfplan} to ${right_tfplan}..."
+
+
+function plan_change() {
+  terraform show -json "$1" | jq -r '.resource_changes[] | select(.change.actions[] | contains("no-op") or contains("read") | not)' > "$1_filtered.json"
+}
+
+plan_change "${left_tfplan}"
+plan_change "${right_tfplan}"
+
+diff <(jq --sort-keys . "${left_tfplan}"_filtered.json) <(jq --sort-keys . "${right_tfplan}"_filtered.json)

core/terraform/deploy.sh

@@ -15,7 +15,7 @@ LOG_FILE="${TS}-tre-core.log"
 
 # This variables are loaded in for us
 # shellcheck disable=SC2154
-../../../devops/scripts/terraform_wrapper.sh \
+../../devops/scripts/terraform_wrapper.sh \
   -g "${TF_VAR_mgmt_resource_group_name}" \
   -s "${TF_VAR_mgmt_storage_account_name}" \
   -n "${TF_VAR_terraform_state_container_name}" \

core/terraform/destroy.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+# set -o xtrace
+
+# These variables are loaded in for us
+# shellcheck disable=SC2154
+../../devops/scripts/terraform_wrapper.sh -g "${TF_VAR_mgmt_resource_group_name}" \
+                                          -s "${TF_VAR_mgmt_storage_account_name}" \
+                                          -n "${TF_VAR_terraform_state_container_name}" \
+                                          -k "${TRE_ID}" -c "terraform destroy -auto-approve"

core/terraform/import.sh

@@ -9,7 +9,7 @@ export TF_LOG=""
 
 # This variables are loaded in for us
 # shellcheck disable=SC2154
-../../../devops/scripts/terraform_wrapper.sh \
+../../devops/scripts/terraform_wrapper.sh \
   -g "${TF_VAR_mgmt_resource_group_name}" \
   -s "${TF_VAR_mgmt_storage_account_name}" \
   -n "${TF_VAR_terraform_state_container_name}" \

core/terraform/migrate.sh

@@ -5,6 +5,8 @@ set -o pipefail
 set -o nounset
 # set -o xtrace
 
+terraform_wrapper_path="../../devops/scripts/terraform_wrapper.sh"
+
 # This variables are loaded in for us
 # shellcheck disable=SC2154
 terraform init -input=false -backend=true -reconfigure \
@@ -64,7 +66,7 @@ if [ -n "${app_insights_via_arm}" ]; then
 
   # This variables are loaded in for us
   # shellcheck disable=SC2154
-  ../../../devops/scripts/terraform_wrapper.sh \
+  "${terraform_wrapper_path}" \
     -g "${TF_VAR_mgmt_resource_group_name}" \
     -s "${TF_VAR_mgmt_storage_account_name}" \
     -n "${TF_VAR_terraform_state_container_name}" \
@@ -93,7 +95,7 @@ if [ -n "${core_plan}" ] && [ -n "${api_diag}" ]; then
 
     # This variables are loaded in for us
     # shellcheck disable=SC2154
-    ../../../devops/scripts/terraform_wrapper.sh \
+    "${terraform_wrapper_path}" \
       -g "${TF_VAR_mgmt_resource_group_name}" \
       -s "${TF_VAR_mgmt_storage_account_name}" \
       -n "${TF_VAR_terraform_state_container_name}" \
@@ -124,7 +126,7 @@ if [ -n "${airlock_vnet_integration}" ]; then
 
   # This variables are loaded in for us
   # shellcheck disable=SC2154
-  ../../../devops/scripts/terraform_wrapper.sh \
+  "${terraform_wrapper_path}" \
     -g "${TF_VAR_mgmt_resource_group_name}" \
     -s "${TF_VAR_mgmt_storage_account_name}" \
     -n "${TF_VAR_terraform_state_container_name}" \
@@ -146,7 +148,7 @@ if [ -n "${api_vnet_integration}" ]; then
 
   # This variables are loaded in for us
   # shellcheck disable=SC2154
-  ../../../devops/scripts/terraform_wrapper.sh \
+  "${terraform_wrapper_path}" \
     -g "${TF_VAR_mgmt_resource_group_name}" \
     -s "${TF_VAR_mgmt_storage_account_name}" \
     -n "${TF_VAR_terraform_state_container_name}" \

core/terraform/resource_processor/vmss_porter/data.tf

@@ -1,5 +1,5 @@
 data "local_file" "version" {
-  filename = "${path.module}/../../../../../resource_processor/_version.py"
+  filename = "${path.module}/../../../../resource_processor/_version.py"
 }
 
 data "azurerm_subscription" "current" {}

core/terraform/scripts/auth-hook.sh

@@ -4,6 +4,7 @@ cat << EOF > 'validation.txt'
 ${CERTBOT_VALIDATION}
 EOF
 
+# shellcheck disable=SC2016
 az storage blob upload \
     --account-name "${STORAGE_ACCOUNT}" \
     --auth-mode login \

core/terraform/scripts/letsencrypt.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-script_dir=$(realpath $(dirname "${BASH_SOURCE[0]}"))
+script_dir=$(realpath "$(dirname "${BASH_SOURCE[0]}")")
 
 if [[ -z ${STORAGE_ACCOUNT} ]]; then
   echo "STORAGE_ACCOUNT not set"
@@ -44,7 +44,7 @@ else
   az storage account network-rule add \
     --account-name "${STORAGE_ACCOUNT}" \
     --resource-group "${RESOURCE_GROUP_NAME}" \
-    --ip-address $IPADDR
+    --ip-address "$IPADDR"
 
 fi
 
@@ -60,6 +60,7 @@ cat << EOF > index.html
 <html lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta charset="utf-8"/><title></title></head><body></body></html>
 EOF
 
+# shellcheck disable=SC2016
 indexExists=$(az storage blob list -o json \
     --account-name "${STORAGE_ACCOUNT}" \
     --auth-mode login \
@@ -70,6 +71,7 @@ indexExists=$(az storage blob list -o json \
 if [[ ${indexExists} -lt 1 ]]; then
     echo "Uploading index.html file"
 
+    # shellcheck disable=SC2016
     az storage blob upload \
         --account-name "${STORAGE_ACCOUNT}" \
         --auth-mode login \
@@ -92,14 +94,14 @@ mkdir -p "${ledir}/logs"
 
 # Initiate the ACME challange
 /opt/certbot/bin/certbot certonly \
-    --config-dir ${ledir} \
-    --work-dir ${ledir} \
-    --logs-dir ${ledir}/logs \
+    --config-dir "${ledir}" \
+    --work-dir "${ledir}" \
+    --logs-dir "${ledir}"/logs \
     --manual \
     --preferred-challenges=http \
-    --manual-auth-hook ${script_dir}/auth-hook.sh \
-    --manual-cleanup-hook ${script_dir}/cleanup-hook.sh \
-    --domain $FQDN \
+    --manual-auth-hook "${script_dir}"/auth-hook.sh \
+    --manual-cleanup-hook "${script_dir}"/cleanup-hook.sh \
+    --domain "$FQDN" \
     --non-interactive \
     --agree-tos \
     --register-unsafely-without-email
@@ -116,7 +118,7 @@ openssl pkcs12 -export \
 if [[ -n ${KEYVAULT} ]]; then
     sid=$(az keyvault certificate import \
         -o json \
-        --vault-name ${KEYVAULT} \
+        --vault-name "${KEYVAULT}" \
         --name 'letsencrypt' \
         --file "${CERT_DIR}/aci.pfx" \
         --password "${CERT_PASSWORD}" \
@@ -148,8 +150,8 @@ else
 
   echo "Ressetting network rule on storage account (removing $IPADDR from allow list)"
   az storage account network-rule remove \
-    --account-name ${STORAGE_ACCOUNT} \
+    --account-name "${STORAGE_ACCOUNT}" \
     --resource-group "${RESOURCE_GROUP_NAME}" \
-    --ip-address ${IPADDR}
+    --ip-address "${IPADDR}"
 
 fi

devops/scripts/list_versions.sh

@@ -23,7 +23,7 @@ function component_version () {
 echo -e "| name | version |\n| ----- | ----- |"
 
 component_version "devops" "devops/version.txt"
-component_version "core" "templates/core/version.txt"
+component_version "core" "core/version.txt"
 
 find . -type f -name "porter.yaml" -not -path "*/.cnab/*" -print0 | sort | while read -r -d $'\0' file
 do

devops/scripts/setup_local_debugging.sh

@@ -1,16 +1,18 @@
 #!/bin/bash
 set -e
 
+private_env_path="./core/private.env"
+
 : "${TRE_ID?"You have not set your TRE_ID in ./config_yaml"}"
-: "${RESOURCE_GROUP_NAME?"Check RESOURCE_GROUP_NAME is defined in ./templates/core/private.env"}"
-: "${SERVICE_BUS_RESOURCE_ID?"Check SERVICE_BUS_RESOURCE_ID is defined in ./templates/core/private.env"}"
-: "${STATE_STORE_RESOURCE_ID?"Check STATE_STORE_RESOURCE_ID is defined in ./templates/core/private.env"}"
-: "${COSMOSDB_MONGO_RESOURCE_ID?"Check COSMOSDB_MONGO_RESOURCE_ID is defined in ./templates/core/private.env"}"
-: "${COSMOSDB_ACCOUNT_NAME?"Check COSMOSDB_ACCOUNT_NAME is defined in ./templates/core/private.env"}"
-: "${COSMOSDB_MONGO_ACCOUNT_NAME?"Check COSMOSDB_MONGO_ACCOUNT_NAME is defined in ./templates/core/private.env"}"
-: "${AZURE_SUBSCRIPTION_ID?"Check AZURE_SUBSCRIPTION_ID is defined in ./templates/core/private.env"}"
-: "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID?"Check EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID is defined in ./templates/core/private.env"}"
-: "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ./templates/core/private.env"}"
+: "${RESOURCE_GROUP_NAME?"Check RESOURCE_GROUP_NAME is defined in ${private_env_path}"}"
+: "${SERVICE_BUS_RESOURCE_ID?"Check SERVICE_BUS_RESOURCE_ID is defined in ${private_env_path}"}"
+: "${STATE_STORE_RESOURCE_ID?"Check STATE_STORE_RESOURCE_ID is defined in ${private_env_path}"}"
+: "${COSMOSDB_MONGO_RESOURCE_ID?"Check COSMOSDB_MONGO_RESOURCE_ID is defined in ${private_env_path}"}"
+: "${COSMOSDB_ACCOUNT_NAME?"Check COSMOSDB_ACCOUNT_NAME is defined in ${private_env_path}"}"
+: "${COSMOSDB_MONGO_ACCOUNT_NAME?"Check COSMOSDB_MONGO_ACCOUNT_NAME is defined in ${private_env_path}"}"
+: "${AZURE_SUBSCRIPTION_ID?"Check AZURE_SUBSCRIPTION_ID is defined in ${private_env_path}"}"
+: "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID?"Check EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
+: "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
 
 set -o pipefail
 set -o nounset
@@ -115,11 +117,11 @@ az role assignment create \
 
 # Write the appId and secret to the private.env file which is used for RP debugging
 # First check if the env vars are there already and delete them
-sed -i '/ARM_CLIENT_ID/d' ./templates/core/private.env
-sed -i '/ARM_CLIENT_SECRET/d' ./templates/core/private.env
+sed -i '/ARM_CLIENT_ID/d' "${private_env_path}"
+sed -i '/ARM_CLIENT_SECRET/d' "${private_env_path}"
 
 # Append them to the TRE file so that the Resource Processor can use them
-tee -a ./templates/core/private.env <<EOF
+tee -a "${private_env_path}" <<EOF
 ARM_CLIENT_ID=${RP_TESTING_SP_APP_ID}
 ARM_CLIENT_SECRET=${RP_TESTING_SP_PASSWORD}
 EOF

docs/azure-tre-overview/networking.md

@@ -40,13 +40,13 @@ The explicitly allowed egress traffic is described here:
 
 ## Azure Monitor
 
-Azure Monitor resources are secured using [Azure Monitor Private Link Scope (AMPLS)](https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security) keeping all traffic inside the Microsoft Azure backbone network. The Azure Monitor resources and their network configuration is defined in `/templates/core/terraform/azure-monitor` folder and the required private DNS zones in file `/templates/core/terraform/network/dns_zones.tf`.
+Azure Monitor resources are secured using [Azure Monitor Private Link Scope (AMPLS)](https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security) keeping all traffic inside the Microsoft Azure backbone network. The Azure Monitor resources and their network configuration is defined in `/core/terraform/azure-monitor` folder and the required private DNS zones in file `/core/terraform/network/dns_zones.tf`.
 
 ## Network security groups
 
 ### TRE Core
 
-Network security groups (NSG), and their security rules for TRE core resources are defined in `/templates/core/terraform/network/network_security_groups.tf`.
+Network security groups (NSG), and their security rules for TRE core resources are defined in `/core/terraform/network/network_security_groups.tf`.
 
 | Network security group | Associated subnet(s) |
 | ---------------------- | -------------------- |

docs/tre-developers/end-to-end-tests.md

@@ -23,4 +23,4 @@ Use the "Run and Debug" panel within Visual Studio Code, select "E2E Extended",
 
 - This will copy `config.yaml` settings to `/workspaces/AzureTRE/e2e_tests/.env` for you which supplies your authentciation details
 
-- This will also use `/workspaces/AzureTRE/templates/core/private.env` file for other values.
+- This will also use `/workspaces/AzureTRE/core/private.env` file for other values.

templates/core/terraform/compare_plans.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-set -e
-
-# if no arguments are provided, return usage function
-if [[ $# -ne 2 || -z $1 || -z $2 ]]; then
-    echo "Usage: $0 <left_plan_file> <right_plan_file>"
-    exit 1
-fi
-
-left_tfplan=$1
-right_tfplan=$2
-
-echo "Comparing ${left_tfplan} to ${right_tfplan}..."
-
-
-function plan_change() {
-  terraform show -json $1 | jq -r '.resource_changes[] | select(.change.actions[] | contains("no-op") or contains("read") | not)' > "$1_filtered.json"
-}
-
-plan_change ${left_tfplan}
-plan_change ${right_tfplan}
-
-diff <(jq --sort-keys . ${left_tfplan}_filtered.json) <(jq --sort-keys . ${right_tfplan}_filtered.json)

templates/core/terraform/destroy.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -o errexit
-set -o pipefail
-set -o nounset
-# set -o xtrace
-
-# This variables are loaded in for us
-# shellcheck disable=SC2154
-../../../devops/scripts/terraform_wrapper.sh -g "${TF_VAR_mgmt_resource_group_name}" \
-                                             -s "${TF_VAR_mgmt_storage_account_name}" \
-                                             -n "${TF_VAR_terraform_state_container_name}" \
-                                             -k "${TRE_ID}" -c "terraform destroy -auto-approve"