State Storage Swapped from native tf due to https://github.com/hashicorp/terraform-provider-azurerm/issues/16335
This commit is contained in:
John Rampono
Родитель
f742feba45
Коммит
20224f0a71
|
|
@ -294,3 +294,4 @@ solution/FunctionApp/Patterns/pipeline/*/output/
|
|||
#test folders
|
||||
solution/DataFactory/Patterns/pipeline/*/functionapptests/tests/tests.json
|
||||
solution/Synapse/Patterns/pipeline/*/functionapptests/tests/tests.json
|
||||
solution/DeploymentV2/terraform_layer0/.terraform.lock.hcl
|
||||
|
|
|
|||
|
|
@ -643,6 +643,20 @@ local SecretFileSensitiveVars = { // Object comprehension.
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,25 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/azure/azapi" {
|
||||
version = "0.5.0"
|
||||
hashes = [
|
||||
"h1:0mmLkpn3qO9lEO9BGYpwifqJ7KLmNnrJL/5+EAn0sS4=",
|
||||
"zh:1bbd3e887b13085aa1d989f11e3fc7c8cf0d81cc8dcfeb58f7f752478f061001",
|
||||
"zh:2c52b4f0bd0e96d8f60c878947a63ae8ea08a735968d8603769f0da4654954b3",
|
||||
"zh:32837d15d002721c20f4561a1b2d44438b066f9812801295d864e0b4c93b6297",
|
||||
"zh:3e9fbb1137a36d782df4935acbf89e88f14e6672934ac03fd0226e5ddd4430e4",
|
||||
"zh:4ce3d703c596bc998f4392a9a177b75ee4d48181c09512fee67ef38aff7dd945",
|
||||
"zh:53ec2fcdb866b763cc05f8dbd6caf9320d86381c6083d69b4d838dc9bc8128cf",
|
||||
"zh:5aafa486486ec52d4ca621b490016fa7c022b3f5e3ac16b1dd3b01b98cd86a1c",
|
||||
"zh:83817bb7dc503254e93972464c496d0f9f4fc7499d294b74c7df9105100c41e7",
|
||||
"zh:9bce71b22b4700c625f8bd2dddd72e01470c410675fa5c2b014c71acfd7ecb3c",
|
||||
"zh:d7fc35384b21c0209575c74ae057061048ab342d0bf8d923ed44d83bd6670e42",
|
||||
"zh:df8e045e6fd72d94fa18c082989d69cd2c73d3b4ade008362ddb90dfcfa91ac7",
|
||||
"zh:f245a74fc9eca9b63ff0d6856da9d71ccab951b299d45af54e3d3b47bc5ef85f",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/azuread" {
|
||||
version = "2.22.0"
|
||||
constraints = "2.22.0"
|
||||
|
|
|
|||
|
|
@ -44,7 +44,10 @@ PrepareDeployment -gitDeploy $gitDeploy -deploymentFolderPath $deploymentFolderP
|
|||
# Main Terraform - Layer1
|
||||
#------------------------------------------------------------------------------------------------------------
|
||||
Write-Host "Starting Terraform Deployment- Layer 0"
|
||||
|
||||
if([string]::IsNullOrEmpty($env:TF_VAR_jumphost_password) -and ($gitDeploy -eq $false -or $null -eq $gitdeploy))
|
||||
{
|
||||
$env:TF_VAR_jumphost_password = Read-Host "Enter the Jumphost Password"
|
||||
}
|
||||
|
||||
$output = terragrunt init --terragrunt-config vars/$env:environmentName/terragrunt.hcl -reconfigure
|
||||
$output = terragrunt apply -auto-approve --terragrunt-config vars/$env:environmentName/terragrunt.hcl -json #-var synapse_sql_password=$env:TF_VAR_synapse_sql_password
|
||||
|
|
@ -52,6 +55,8 @@ $output = terragrunt apply -auto-approve --terragrunt-config vars/$env:environme
|
|||
ProcessTerraformApply -output $output -gitDeploy $gitDeploy
|
||||
|
||||
|
||||
|
||||
|
||||
#Update Values for variables in Environment
|
||||
#[Environment]::SetEnvironmentVariable("TF_VAR_state_storage_account_name", $Value)
|
||||
$tout_raw = ((az storage blob download -c "tstate" -n "terraform_layer2.tfstate" --account-name $env:TF_VAR_state_storage_account_name --auth-mode login) | ConvertFrom-Json).outputs
|
||||
|
|
|
|||
|
|
@ -40,7 +40,6 @@ locals {
|
|||
synapse_dwpool_name = (var.synapse_dwpool_name != "" ? var.synapse_dwpool_name : "${var.prefix}${var.environment_tag}syndp${var.app_name}")
|
||||
synapse_sppool_name = (var.synapse_sppool_name != "" ? var.synapse_sppool_name : "${var.prefix}${var.environment_tag}synsp${var.app_name}")
|
||||
synapse_resource_group_name = "managed-${module.naming.resource_group.name_unique}-synapse"
|
||||
synapse_sql_password = ((var.deploy_synapse && var.synapse_sql_password == null) ? "" : var.synapse_sql_password)
|
||||
selfhostedsqlvm_name = replace(module.naming.virtual_machine.name,"-vm-ads","-vm-sql")
|
||||
h2o-ai_name = replace(module.naming.virtual_machine.name,"-vm-ads","-vm-h2o")
|
||||
custom_vm_name = replace(module.naming.virtual_machine.name,"-vm-ads","-vm-custom")
|
||||
|
|
|
|||
|
|
@ -9,6 +9,9 @@ terraform {
|
|||
source = "hashicorp/azuread"
|
||||
version = "=2.22.0"
|
||||
}
|
||||
azapi = {
|
||||
source = "Azure/azapi"
|
||||
}
|
||||
random = {
|
||||
source = "hashicorp/random"
|
||||
version = "=3.3.0"
|
||||
|
|
@ -30,6 +33,11 @@ provider "azuread" {
|
|||
tenant_id = var.tenant_id
|
||||
}
|
||||
|
||||
|
||||
provider "azapi" {
|
||||
tenant_id = var.tenant_id
|
||||
}
|
||||
|
||||
data "azurerm_client_config" "current" {
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
output "private_dns_zone_dfs_id" {
|
||||
value = local.private_dns_zone_dfs_id
|
||||
}
|
||||
|
|
@ -0,0 +1,102 @@
|
|||
locals {
|
||||
stateaccountname = "gf6state"
|
||||
}
|
||||
|
||||
#note: Swapped from native tf due to https://github.com/hashicorp/terraform-provider-azurerm/issues/16335
|
||||
resource "azapi_resource" "adls_state" {
|
||||
type = "Microsoft.Storage/storageAccounts@2022-05-01"
|
||||
name = local.stateaccountname
|
||||
parent_id = "/subscriptions/${var.subscription_id}/resourceGroups/${var.resource_group_name}"
|
||||
location = var.resource_location
|
||||
|
||||
body = jsonencode({
|
||||
kind = "StorageV2"
|
||||
sku = {
|
||||
name = "Standard_GRS"
|
||||
}
|
||||
properties = {
|
||||
isHnsEnabled = true,
|
||||
minimumTlsVersion = "TLS1_2"
|
||||
publicNetworkAccess = var.is_vnet_isolated ? "Disabled" : "Enabled"
|
||||
networkAcls = {
|
||||
defaultAction = "Deny",
|
||||
bypass = "AzureServices,Metrics"
|
||||
ipRules = var.is_vnet_isolated ? [{value = var.ip_address, action = "Allow"}] : []
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
|
||||
resource "azurerm_role_assignment" "adls_state_deployment_agents" {
|
||||
for_each = {
|
||||
for ro in var.resource_owners : ro => ro
|
||||
}
|
||||
scope = azapi_resource.adls_state.id
|
||||
role_definition_name = "Storage Blob Data Contributor"
|
||||
principal_id = each.value
|
||||
}
|
||||
|
||||
resource "azurerm_private_endpoint" "adls_state_storage_private_endpoint_with_dns" {
|
||||
count = var.deploy_adls && var.is_vnet_isolated ? 1 : 0
|
||||
name = "${local.stateaccountname}-blob-plink"
|
||||
location = var.resource_location
|
||||
resource_group_name = var.resource_group_name
|
||||
subnet_id = local.plink_subnet_id
|
||||
|
||||
private_service_connection {
|
||||
name = "${local.stateaccountname}-blob-plink-conn"
|
||||
private_connection_resource_id = azapi_resource.adls_state.id
|
||||
is_manual_connection = false
|
||||
subresource_names = ["blob"]
|
||||
}
|
||||
|
||||
private_dns_zone_group {
|
||||
name = "privatednszonegroupstorageblob"
|
||||
private_dns_zone_ids = [local.private_dns_zone_blob_id]
|
||||
}
|
||||
|
||||
depends_on = [
|
||||
azapi_resource.adls_state
|
||||
]
|
||||
|
||||
tags = local.tags
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
tags
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_private_endpoint" "adls_dfs_state_storage_private_endpoint_with_dns" {
|
||||
count = var.deploy_adls && var.is_vnet_isolated ? 1 : 0
|
||||
name = "${local.stateaccountname}-dfs-plink"
|
||||
location = var.resource_location
|
||||
resource_group_name = var.resource_group_name
|
||||
subnet_id = local.plink_subnet_id
|
||||
|
||||
private_service_connection {
|
||||
name = "${local.stateaccountname}-dfs-plink-conn"
|
||||
private_connection_resource_id = azapi_resource.adls_state.id
|
||||
is_manual_connection = false
|
||||
subresource_names = ["dfs"]
|
||||
}
|
||||
|
||||
private_dns_zone_group {
|
||||
name = "privatednszonegroupstoragedfs"
|
||||
private_dns_zone_ids = [local.private_dns_zone_dfs_id]
|
||||
}
|
||||
|
||||
depends_on = [
|
||||
azapi_resource.adls_state
|
||||
]
|
||||
|
||||
tags = local.tags
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
tags
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -96,11 +96,6 @@ variable "synapse_sql_login" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "synapse_sql_password" {
|
||||
description = "Password for the Azure Synapse SQL admin"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "allow_public_access_to_synapse_studio" {
|
||||
description = "Should the synapse studio allow access to public IPs"
|
||||
type = bool
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
sudo apt-get update && \
|
||||
sudo apt-get install -y wget apt-transport-https software-properties-common && \
|
||||
wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb && \
|
||||
sudo dpkg -i packages-microsoft-prod.deb && \
|
||||
sudo apt-get update && \
|
||||
sudo apt-get install -y powershell && \
|
||||
rm ./packages-microsoft-prod.deb && \
|
||||
wget -q https://github.com/PowerShell/PowerShell/releases/download/v7.2.5/powershell-lts_7.2.5-1.deb_amd64.deb && \
|
||||
sudo dpkg -i powershell-lts_7.2.5-1.deb_amd64.deb && \
|
||||
rm ./powershell-lts_7.2.5-1.deb_amd64.deb && \
|
||||
sudo apt install -y dotnet-sdk-6.0 && \
|
||||
wget https://github.com/google/go-jsonnet/releases/download/v0.17.0/jsonnet-go_0.17.0_linux_amd64.deb && \
|
||||
sudo dpkg -i jsonnet-go_0.17.0_linux_amd64.deb && \
|
||||
|
|
@ -16,4 +14,4 @@ wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.35.14/terra
|
|||
sudo mv terragrunt_linux_amd64 terragrunt && \
|
||||
sudo chmod u+x terragrunt && \
|
||||
sudo mv terragrunt /usr/local/bin/terragrunt && \
|
||||
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bashaz
|
||||
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
|
||||
Загрузка…
Ссылка в новой задаче