diff --git a/CHANGELOG.md b/CHANGELOG.md index da63beea9e..2a9b150380 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ ENHANCEMENTS: * Add Case Study Docs ([#1366](https://github.com/microsoft/AzureTRE/issues/1366)) * Ability to host TRE on a custom domain ([#4014](https://github.com/microsoft/AzureTRE/pull/4014)) * Remove AppServiceFileAuditLogs diagnostic setting ([#4033](https://github.com/microsoft/AzureTRE/issues/4033)) +* Update to the Airlock Notifier Shared Service ([#3909](https://github.com/microsoft/AzureTRE/issues/3909)) BUG FIXES: * Removed 429 Error (Costs API) form presenting in UI ([#3929](https://github.com/microsoft/AzureTRE/issues/3929)) diff --git a/Makefile b/Makefile index f450e2a36f..4053dc3f9a 100644 --- a/Makefile +++ b/Makefile @@ -144,6 +144,13 @@ terraform-deploy: && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${DIR}/.env \ && cd ${DIR}/terraform/ && ./deploy.sh +terraform-upgrade: + $(call target_title, "Upgrading ${DIR} with Terraform") \ + && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh env \ + && . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${DIR}/.env \ + && cd ${DIR}/terraform/ && ./upgrade.sh + terraform-import: $(call target_title, "Importing ${DIR} with Terraform") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh env \ diff --git a/core/terraform/network/network.tf b/core/terraform/network/network.tf index 4cac338e35..c57b673dce 100644 --- a/core/terraform/network/network.tf +++ b/core/terraform/network/network.tf @@ -111,6 +111,7 @@ resource "azurerm_subnet" "airlock_notification" { actions = ["Microsoft.Network/virtualNetworks/subnets/action"] } } + service_endpoints = ["Microsoft.ServiceBus"] } resource "azurerm_subnet" "airlock_storage" { diff --git a/core/terraform/network/outputs.tf b/core/terraform/network/outputs.tf index 5864bc529e..3e0aab407d 100644 --- a/core/terraform/network/outputs.tf +++ b/core/terraform/network/outputs.tf @@ -38,6 +38,10 @@ output "resource_processor_subnet_id" { value = azurerm_subnet.resource_processor.id } +output "airlock_notification_subnet_id" { + value = azurerm_subnet.airlock_notification.id +} + # DNS Zones output "azure_monitor_dns_zone_id" { diff --git a/core/terraform/servicebus.tf b/core/terraform/servicebus.tf index 231594596b..c357046dbb 100644 --- a/core/terraform/servicebus.tf +++ b/core/terraform/servicebus.tf @@ -23,6 +23,10 @@ resource "azurerm_servicebus_namespace" "sb" { subnet_id = module.network.airlock_events_subnet_id ignore_missing_vnet_service_endpoint = false } + network_rules { + subnet_id = module.network.airlock_notification_subnet_id + ignore_missing_vnet_service_endpoint = false + } } lifecycle { ignore_changes = [tags] } diff --git a/core/version.txt b/core/version.txt index a67aac0904..daecfa5151 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.10.5" +__version__ = "0.10.6" diff --git a/templates/shared_services/airlock_notifier/app/AirlockNotifier/workflow.json b/templates/shared_services/airlock_notifier/app/AirlockNotifier/workflow.json index 13c65a9964..9ea584c0a5 100644 --- a/templates/shared_services/airlock_notifier/app/AirlockNotifier/workflow.json +++ b/templates/shared_services/airlock_notifier/app/AirlockNotifier/workflow.json @@ -2,6 +2,23 @@ "definition": { "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", "actions": { + "Initialize_creator_variable": { + "inputs": { + "variables": [ + { + "name": "creator", + "type": "string", + "value": "@{body('Parse_JSON')?['data']?['request']?['created_by']?['name']}" + } + ] + }, + "runAfter": { + "Initialize_workspace_variable": [ + "SUCCEEDED" + ] + }, + "type": "InitializeVariable" + }, "Initialize_message_variable": { "inputs": { "variables": [ @@ -27,9 +44,26 @@ } ] }, + "runAfter": { + "Initialize_creator_variable": [ + "SUCCEEDED" + ] + }, + "type": "InitializeVariable" + }, + "Initialize_workspace_variable": { + "inputs": { + "variables": [ + { + "name": "workspace", + "type": "string", + "value": "@body('Parse_JSON')?['data']?['workspace']?['display_name']" + } + ] + }, "runAfter": { "Initialize_message_variable": [ - "Succeeded" + "SUCCEEDED" ] }, "type": "InitializeVariable" @@ -44,45 +78,49 @@ "event_type": { "type": "string" }, + "recipient_emails_by_role": { + "properties": { + "airlock_manager": { + "items": { + "type": "string" + }, + "type": "array" + }, + "workspace_owner": { + "items": { + "type": "string" + }, + "type": "array" + }, + "workspace_researcher": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "request": { - "type": "object", "properties": { - "id": { + "business_justification": { "type": "string" }, - "createdWhen": { - "type": "number" - }, "createdBy": { - "type": "object", "properties": { - "name": { - "type": "string" - }, "email": { "type": "string" - } - } - }, - "updatedWhen": { - "type": "number" - }, - "updatedBy": { - "type": "object", - "properties": { - "name": { - "type": "string" }, - "email": { + "name": { "type": "string" } - } + }, + "type": "object" }, - "requestType": { - "type": "string" + "createdWhen": { + "type": "number" }, "files": { - "type": "array", "items": { "name": { "type": "string" @@ -90,52 +128,48 @@ "size": { "type": "number" } - } + }, + "type": "array" }, - "status": { + "id": { "type": "string" }, - "business_justification": { + "requestType": { + "type": "string" + }, + "status": { "type": "string" + }, + "updatedBy": { + "properties": { + "email": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "updatedWhen": { + "type": "number" } - } + }, + "type": "object" }, "workspace": { - "type": "object", "properties": { - "id": { + "description": { "type": "string" }, "display_name": { "type": "string" }, - "description": { + "id": { "type": "string" } - } - }, - "recipient_emails_by_role": { - "type": "object", - "properties": { - "workspace_researcher": { - "type": "array", - "items": { - "type": "string" - } - }, - "workspace_owner": { - "type": "array", - "items": { - "type": "string" - } - }, - "airlock_manager": { - "type": "array", - "items": { - "type": "string" - } - } - } + }, + "type": "object" } }, "type": "object" @@ -150,10 +184,11 @@ "Send_Email_with_SMTP": { "inputs": { "parameters": { - "body": "View the request", + "body": " @{variables('message')} @{variables('message')} ", "from": "@parameters('smtp_from_email')", "importance": "Normal", - "subject": "@variables('message')", + "isHTML": true, + "subject": "@replace(replace(variables('message'), '', ''), '', '')", "to": "@{join(variables('recipients'), ';')}" }, "serviceProviderConfiguration": { @@ -187,7 +222,7 @@ "Set_approved_message": { "inputs": { "name": "message", - "value": "Your Airlock request was approved" + "value": "Your Airlock request in @{variables('workspace')} workspace was approved" }, "runAfter": { "Set_recipients_as_researchers_emails": [ @@ -201,7 +236,6 @@ "name": "recipients", "value": "@body('Parse_JSON')?['data']?['recipient_emails_by_role']?['workspace_researcher']" }, - "runAfter": {}, "type": "SetVariable" } }, @@ -212,7 +246,7 @@ "Set_in_review_message": { "inputs": { "name": "message", - "value": "An Airlock request needs your review" + "value": "An Airlock request in @{variables('workspace')} workspace by @{variables('creator')} needs your review" }, "runAfter": { "Set_recipients_as_owners_emails": [ @@ -226,7 +260,6 @@ "name": "recipients", "value": "@body('Parse_JSON')?['data']?['recipient_emails_by_role']?['airlock_manager']" }, - "runAfter": {}, "type": "SetVariable" } }, @@ -239,7 +272,6 @@ "inputs": { "runStatus": "Cancelled" }, - "runAfter": {}, "type": "Terminate" } } diff --git a/templates/shared_services/airlock_notifier/app/connections.json b/templates/shared_services/airlock_notifier/app/connections.json index 56cd1dd9ad..b467a295b2 100644 --- a/templates/shared_services/airlock_notifier/app/connections.json +++ b/templates/shared_services/airlock_notifier/app/connections.json @@ -1,13 +1,17 @@ { "serviceProviderConnections": { "serviceBus": { + "displayName": "core-service-bus", + "parameterSetName": "ManagedServiceIdentity", "parameterValues": { - "connectionString": "@appsetting('serviceBus_connectionString')" + "authProvider": { + "Type": "ManagedServiceIdentity" + }, + "fullyQualifiedNamespace": "@appsetting('serviceBus_fullyQualifiedNamespace')" }, "serviceProvider": { "id": "/serviceProviders/serviceBus" - }, - "displayName": "core-service-bus" + } }, "Smtp": { "displayName": "smtp", @@ -22,19 +26,5 @@ "id": "/serviceProviders/Smtp" } } - }, - "managedApiConnections": { - "smtp": { - "api": { - "id": "/subscriptions/@appsetting('subscription')/providers/Microsoft.Web/locations/westeurope/managedApis/smtp" - }, - "connection": { - "id": "/subscriptions/@appsetting('subscription')/resourceGroups/@appsetting('resource_group')/providers/Microsoft.Web/connections/smtp" - }, - "authentication": { - "type": "ManagedServiceIdentity" - }, - "connectionRuntimeUrl": "@appsetting('smtp_connection_runtime_url')" - } } } diff --git a/templates/shared_services/airlock_notifier/app/host.json b/templates/shared_services/airlock_notifier/app/host.json index 89ab59eca1..c7f5bba4c3 100644 --- a/templates/shared_services/airlock_notifier/app/host.json +++ b/templates/shared_services/airlock_notifier/app/host.json @@ -2,6 +2,6 @@ "version": "2.0", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle.Workflows", - "version": "[1.*, 2.0.0)" + "version": "[4.0.0, 5.0.0)" } } diff --git a/templates/shared_services/airlock_notifier/porter.yaml b/templates/shared_services/airlock_notifier/porter.yaml index c287b8677c..500cd3cc86 100644 --- a/templates/shared_services/airlock_notifier/porter.yaml +++ b/templates/shared_services/airlock_notifier/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-airlock-notifier -version: 0.9.0 +version: 1.0.1 description: "A shared service notifying on Airlock Operations" registry: azuretre dockerfile: Dockerfile.tmpl @@ -149,11 +149,73 @@ install: upgrade: + - terraform: + description: "Update shared service" + vars: + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + tre_url: ${ bundle.parameters.tre_url } + smtp_server_address: ${ bundle.parameters.smtp_server_address } + smtp_server_port: ${ bundle.parameters.smtp_server_port } + smtp_username: ${ bundle.parameters.smtp_username } + smtp_password: ${ bundle.parameters.smtpPassword } + smtp_server_enable_ssl: ${ bundle.parameters.smtp_server_enable_ssl } + smtp_from_email: ${ bundle.parameters.smtp_from_email } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-airlock-notifier + outputs: + - name: airlock_notifier_logic_app_name + - name: airlock_notifier_logic_app_resource_group_name + + - az: + description: "Set Azure Cloud Environment" + arguments: + - cloud + - set + flags: + name: ${ bundle.parameters.azure_environment } + + - az: + description: "Login to Azure" + arguments: + - login + flags: + identity: + username: ${ bundle.credentials.azure_client_id } + + - az: + arguments: + - resource + - update + flags: + resource-group: ${ bundle.outputs.airlock_notifier_logic_app_resource_group_name } + name: scm + namespace: Microsoft.Web + resource-type: basicPublishingCredentialsPolicies + parent: sites/${ bundle.outputs.airlock_notifier_logic_app_name } + set: "properties.allow=true" + - exec: - description: "Upgrade shared service" - command: echo + description: Wait for SCM Auth settings to kick in + command: sleep + arguments: + - "60" + + - az: + description: "Deploy logic app update" arguments: - - "This shared service does not implement upgrade action" + - functionapp + - deployment + - source + - config-zip + flags: + name: ${ bundle.outputs.airlock_notifier_logic_app_name } + resource-group: ${ bundle.outputs.airlock_notifier_logic_app_resource_group_name } + subscription: ${ bundle.credentials.azure_subscription_id } + src: /cnab/app/LogicApp.zip uninstall: diff --git a/templates/shared_services/airlock_notifier/template_schema.json b/templates/shared_services/airlock_notifier/template_schema.json index 251f8ee7e4..fb22366da2 100644 --- a/templates/shared_services/airlock_notifier/template_schema.json +++ b/templates/shared_services/airlock_notifier/template_schema.json @@ -6,6 +6,20 @@ "description": "A shared service notifying on Airlock operations", "required": ["smtp_server_address", "smtp_username", "smtpPassword", "smtp_from_email"], "properties": { + "display_name": { + "type": "string", + "title": "Name for the workspace service", + "description": "The name of the workspace service to be displayed to users", + "default": "Airlock Notifier", + "updateable": true + }, + "description": { + "type": "string", + "title": "Description of the workspace service", + "description": "Description of the workspace service", + "default": "A shared service notifying on Airlock operations", + "updateable": true + }, "smtp_server_address": { "$id": "#/properties/smtp_server_address", "type": "string", @@ -77,5 +91,13 @@ "stepId": "main" } ] + }, + "uiSchema": { + "smtpPassword" : { + "ui:widget": "password" + }, + "smtp_from_email" : { + "ui:widget": "email" + } } } diff --git a/templates/shared_services/airlock_notifier/terraform/.terraform.lock.hcl b/templates/shared_services/airlock_notifier/terraform/.terraform.lock.hcl index 7ff7df02ee..91cd480c91 100644 --- a/templates/shared_services/airlock_notifier/terraform/.terraform.lock.hcl +++ b/templates/shared_services/airlock_notifier/terraform/.terraform.lock.hcl @@ -1,42 +1,42 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.57.0" - constraints = "3.57.0" +provider "registry.terraform.io/azure/azapi" { + version = "1.14.0" + constraints = "1.14.0" hashes = [ - "h1:SOBKU/ioGnpuQpAx6dgaD0EzfAM2W+uS9e6p59viSxs=", - "zh:028202b0ae01f1262dac076b383cb68b5dd624977669b6db833418c215eb8401", - "zh:26fcf9e9b73cb3bbf87a048361a89050d2e52bdc91190a305e624a62be26a3f4", - "zh:2f381103953e4513068eee62089a0ec8c60a18ecef2235138b6c29a45920d6a2", - "zh:376f016f4b449b2cf38f75e27e7a9157fdcfc925f28198124a30e316abb54f3d", - "zh:7d491bab94d5aba91cd9c307dbd4b655dcdc0a6212541e7800b9a902be98befe", - "zh:85fa7d8339efd15494f947cda02e9ed127eafa32652e568f54261b2e97d2b3ee", - "zh:950e079e55a7e321adbd2f6a0639a4b3b0fac47d2e4bb3a12791e0817b694238", - "zh:975260e09379c5c97cad3171327db2f0b4914909861d4c24ab784b0ecd79c54a", - "zh:a26bb67ab2d2f20e5fee4d41110584af17357f4b4266d80f9debfad61fa0a4fd", - "zh:da0e5d1ec301c69b6fae684e55059fc5e1b91699ed3696229f599d558401556b", - "zh:ea11e62ce53caec240cb3a1da25d248805387fa246314001ed3e07e9105f6e12", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "h1:D8AhiIgpSH6pG05WuslOg3XS0O9I5VxOoD3W3i8N+Xo=", + "zh:083709be750b878dfb33747ba1d326d23619a0ed654f95bce9c808e424923c90", + "zh:261b5060297b732d97b4363ad753355bfee00e93d773fd329023a5619b964c39", + "zh:51adfdaeb1b2c3d9e7aeba97c9c73d469712223dd125b14d90377d445d1cd3df", + "zh:5bcbedc9eeefa5e6267042604af20f93cadceba41d8d90a91040f60f6c5e38a9", + "zh:6da127f306083e740767f53dd0cc8787166a8af4f44519873dd8775ca981ddef", + "zh:7604cf377b8ea31a5a44db5b8566f5eea4d73acdfaaeb8ba10fcac46cbf4a738", + "zh:77789ef8906acabbf7eb55378e1f9c407499bb765811f193d256897d2925d66d", + "zh:8a333c53279b3b0b65519191dbba8ef7dc390f5d96216e4e6f165cac8b3e5dc2", + "zh:8c0dfe57dc2c29f8953db3037144d2254ce28bfa55dae537707ae4bdb4460f64", + "zh:debdeabcbcb6b421c2cdf2093d520c67e75a11d28d357b0ba32dd748105a5460", + "zh:e252ee062513904836fcc5e6548243429819e68aa7cfaeac7da8d816c4c4d1e8", + "zh:f48d1fd67b463d2121516911b5d20f8a72217e43e7740bb74929a17dbd43bb59", ] } -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" - constraints = "2.4.0" +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.113.0" + constraints = "3.113.0" hashes = [ - "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", + "h1:eEUtt0lrLdpVaF6FiDq8BGQPgEcykmhj0aNIL7hTOGw=", + "zh:12479f5664288943400447b55e50df675c28ae82ad8d373cc2e5682f3a3411f0", + "zh:1b42a14e80e568429d3b55fed753ca3ef0df9dcdfa107890d7264599c020940f", + "zh:381be6ca617f848de3baa3985a6e1788e91a803afe04a3c5c727453528b6310d", + "zh:3e70e2e07b6db1c363de3e5d0ca47f27fc956473df03329c7d2e54d3ac29176b", + "zh:87c7633aeaa828098c6055da9e67d4acaf4b46748b6b3f0267e105e55f05de25", + "zh:8d0d98226901f874770dd5220d4701a12ae8bd586994615aa7dcba12b9736bec", + "zh:9fd913acd42a60c3a90a18ce803567ef861db8779a59aacced91f2cbd86de9d9", + "zh:b6f3f7ae0a055437fb36c139af9bb3135e7f4dad172157ae1eb0177dc74d703f", + "zh:b927027ba2bf40d34e03d742fd2b6c5299023b5ab8e6f05e50aac76a46ad1094", + "zh:ceb5187b9d2a439f4e48944f3ffeeeaf47a03dbe6f3325ea1775bf659ce0aa88", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb9d78dfeca7489bffca9b1a1f3abee7f16dbbcba31388aea1102062c1d6dce8", ] } diff --git a/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf b/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf index 5e495a920d..b17a9a06b2 100644 --- a/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf +++ b/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf @@ -2,9 +2,10 @@ resource "azurerm_service_plan" "notifier_plan" { name = "airlock-notifier-plan-${var.tre_id}" resource_group_name = data.azurerm_resource_group.core.name location = data.azurerm_resource_group.core.location - sku_name = "WS1" os_type = "Windows" - tags = local.tre_shared_service_tags + sku_name = "WS1" + + tags = local.tre_shared_service_tags lifecycle { ignore_changes = [tags] } } @@ -28,6 +29,12 @@ resource "azurerm_eventgrid_event_subscription" "airlock_notification" { } } +resource "azurerm_role_assignment" "servicebus_logic_app" { + scope = data.azurerm_servicebus_namespace.core.id + role_definition_name = "Azure Service Bus Data Owner" + principal_id = azurerm_logic_app_standard.logic_app.identity[0].principal_id +} + resource "azurerm_logic_app_standard" "logic_app" { name = "airlock-notifier-app-${var.tre_id}" location = data.azurerm_resource_group.core.location @@ -36,11 +43,16 @@ resource "azurerm_logic_app_standard" "logic_app" { storage_account_name = data.azurerm_storage_account.storage.name storage_account_access_key = data.azurerm_storage_account.storage.primary_access_key virtual_network_subnet_id = data.azurerm_subnet.airlock_notification.id + version = "~4" + bundle_version = "[1.*, 2.0.0)" app_settings = { "FUNCTIONS_WORKER_RUNTIME" = "node" - "WEBSITE_NODE_DEFAULT_VERSION" = "~12" + "WEBSITE_NODE_DEFAULT_VERSION" = "~20" "serviceBus_connectionString" = data.azurerm_servicebus_namespace.core.default_primary_connection_string + "serviceBus_fullyQualifiedNamespace" = data.azurerm_servicebus_namespace.core.endpoint + "serviceBus_queueName" = azurerm_servicebus_queue.notifications_queue.name "subscription" = data.azurerm_subscription.current.subscription_id + "location" = data.azurerm_resource_group.core.location "resource_group" = data.azurerm_resource_group.core.name "smtp_server_address" = var.smtp_server_address "smtp_server_port" = var.smtp_server_port @@ -52,9 +64,10 @@ resource "azurerm_logic_app_standard" "logic_app" { "APPLICATIONINSIGHTS_CONNECTION_STRING" = data.azurerm_application_insights.core.connection_string } site_config { - ftps_state = "Disabled" - vnet_route_all_enabled = true - elastic_instance_minimum = 1 + ftps_state = "Disabled" + vnet_route_all_enabled = true + elastic_instance_minimum = 1 + runtime_scale_monitoring_enabled = true } identity { type = "SystemAssigned" diff --git a/templates/shared_services/airlock_notifier/terraform/data.tf b/templates/shared_services/airlock_notifier/terraform/data.tf index 88d69fbf85..c70fd542fa 100644 --- a/templates/shared_services/airlock_notifier/terraform/data.tf +++ b/templates/shared_services/airlock_notifier/terraform/data.tf @@ -8,7 +8,6 @@ data "azurerm_servicebus_namespace" "core" { resource_group_name = local.core_resource_group_name } - data "azurerm_storage_account" "storage" { name = local.storage_account_name resource_group_name = local.core_resource_group_name @@ -46,3 +45,15 @@ data "azurerm_ip_group" "resource_processor" { name = "ipg-resource-processor" resource_group_name = local.core_resource_group_name } + +# tflint-ignore: terraform_unused_declarations +data "azurerm_managed_api" "servicebus" { + name = "servicebus" + location = data.azurerm_resource_group.core.location +} + +# tflint-ignore: terraform_unused_declarations +data "azurerm_managed_api" "smtp" { + name = "smtp" + location = data.azurerm_resource_group.core.location +} diff --git a/templates/shared_services/airlock_notifier/terraform/providers.tf b/templates/shared_services/airlock_notifier/terraform/providers.tf index 4de8a68839..7cb01d360f 100644 --- a/templates/shared_services/airlock_notifier/terraform/providers.tf +++ b/templates/shared_services/airlock_notifier/terraform/providers.tf @@ -3,14 +3,9 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.57.0" - } - local = { - source = "hashicorp/local" - version = "=2.4.0" + version = "=3.113.0" } } - backend "azurerm" {} } diff --git a/templates/shared_services/airlock_notifier/terraform/rules.tf b/templates/shared_services/airlock_notifier/terraform/rules.tf index 32723c675a..371ce07bb6 100644 --- a/templates/shared_services/airlock_notifier/terraform/rules.tf +++ b/templates/shared_services/airlock_notifier/terraform/rules.tf @@ -14,7 +14,10 @@ resource "azurerm_firewall_policy_rule_collection_group" "core_airlock_notifier" "TCP" ] destination_addresses = [ - "AppService" + "AppService", + "AzureConnectors", + "LogicApps", + "LogicAppsManagement" ] destination_ports = [ "443" diff --git a/templates/shared_services/airlock_notifier/terraform/upgrade.sh b/templates/shared_services/airlock_notifier/terraform/upgrade.sh new file mode 100755 index 0000000000..72785516f5 --- /dev/null +++ b/templates/shared_services/airlock_notifier/terraform/upgrade.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -e + +# This script is used to install the bundle directly without having to interact with Porter + +# This script assumes you have created an .env from the sample and the variables +# will come from there. +# shellcheck disable=SC2154 +terraform init -upgrade -reconfigure -input=false -backend=true \ + -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \ + -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \ + -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \ + -backend-config="key=${TF_VAR_tre_resource_id}-shared-airlock-notifier"