Skip to content

Commit

Permalink
fix: Cdn migrate from v2 (#28)
Browse files Browse the repository at this point in the history 
* chenged folder name

* cdn: fix storage module

* minor fix

* removed lock for storage

* removed lock_enabled

* force depends on

* force depends on

* changed host_name to fqdn

* updated docs

* pre-commit fixs
  • Loading branch information
@diegolagospagopa
diegolagospagopa authored Jan 9, 2023
1 parent 217b27f commit 80d2f69
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 193 deletions.
2 changes: 1 addition & 1 deletion application_insights_web_test_preview/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,13 @@ No modules.
|------|------|
| [azurerm_monitor_metric_alert.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_template_deployment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/template_deployment) | resource |
| [azurerm_application_insights.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_actions"></a> [actions](#input\_actions) | n/a | <pre>list(object({<br> action_group_id = string<br> }))</pre> | n/a | yes |
| <a name="input_application_insight_id"></a> [application\_insight\_id](#input\_application\_insight\_id) | Application insight id. | `string` | n/a | yes |
| <a name="input_application_insight_name"></a> [application\_insight\_name](#input\_application\_insight\_name) | Application insight instance name. | `string` | n/a | yes |
| <a name="input_auto_mitigate"></a> [auto\_mitigate](#input\_auto\_mitigate) | (Optional) Should the alerts in this Metric Alert be auto resolved? Defaults to false. | `bool` | `false` | no |
| <a name="input_content_validation"></a> [content\_validation](#input\_content\_validation) | Required text that should appear in the response for this WebTest. | `string` | `"null"` | no |
Expand Down
19 changes: 16 additions & 3 deletions cdn/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,20 @@ resource "azurerm_key_vault_secret" "selc_web_storage_blob_connection_string" {

```

## Migration from v2

Due to drift into the state, is possible that you need to delete the state linked to this resource and re-import the resource

```sh
terraform state rm module.devopslab_cdn.azurerm_cdn_endpoint.this
```

🆕 To use this module you need to use change this variables/arguments:

❌ Don't use this variables:

* `lock_enabled` -> don't use any more, the locks are managed outside

<!-- markdownlint-disable -->
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Storage account
Expand All @@ -302,14 +316,14 @@ Storage account

| Name | Version |
|------|---------|
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.38.0 |
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.36.0 |
| <a name="provider_null"></a> [null](#provider\_null) | 3.2.1 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_cdn_storage_account"></a> [cdn\_storage\_account](#module\_cdn\_storage\_account) | git::https://github.com/pagopa/azurerm.git//storage_account | v2.7.0 |
| <a name="module_cdn_storage_account"></a> [cdn\_storage\_account](#module\_cdn\_storage\_account) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v3.5.1 |

## Resources

Expand Down Expand Up @@ -343,7 +357,6 @@ Storage account
| <a name="input_keyvault_subscription_id"></a> [keyvault\_subscription\_id](#input\_keyvault\_subscription\_id) | Key vault subscription id | `string` | n/a | yes |
| <a name="input_keyvault_vault_name"></a> [keyvault\_vault\_name](#input\_keyvault\_vault\_name) | Key vault name | `string` | n/a | yes |
| <a name="input_location"></a> [location](#input\_location) | n/a | `string` | n/a | yes |
| <a name="input_lock_enabled"></a> [lock\_enabled](#input\_lock\_enabled) | n/a | `bool` | n/a | yes |
| <a name="input_name"></a> [name](#input\_name) | n/a | `string` | n/a | yes |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
| <a name="input_querystring_caching_behaviour"></a> [querystring\_caching\_behaviour](#input\_querystring\_caching\_behaviour) | n/a | `string` | `"IgnoreQueryString"` | no |
Expand Down
49 changes: 25 additions & 24 deletions cdn/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,36 +3,29 @@
**/
module "cdn_storage_account" {

source = "git::https://github.com/pagopa/azurerm.git//storage_account?ref=v2.7.0"

name = replace(format("%s-%s-sa", var.prefix, var.name), "-", "")
versioning_name = format("%s-%s-sa-versioning", var.prefix, var.name)

account_kind = var.storage_account_kind
account_tier = var.storage_account_tier
account_replication_type = var.storage_account_replication_type
access_tier = var.storage_access_tier
enable_versioning = true
resource_group_name = var.resource_group_name
location = var.location
allow_blob_public_access = true
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v3.5.1"

name = replace("${var.prefix}-${var.name}-sa", "-", "")
account_kind = var.storage_account_kind
account_tier = var.storage_account_tier
account_replication_type = var.storage_account_replication_type
access_tier = var.storage_access_tier
blob_versioning_enabled = true
resource_group_name = var.resource_group_name
location = var.location
allow_nested_items_to_be_public = true

index_document = var.index_document
error_404_document = var.error_404_document

lock_enabled = var.lock_enabled
lock_name = format("%s-%s-sa-lock", var.prefix, var.name)
lock_level = "CanNotDelete"
lock_notes = null

tags = var.tags
}

/**
* cdn profile
**/
resource "azurerm_cdn_profile" "this" {
name = format("%s-%s-cdn-profile", var.prefix, var.name)
name = "${var.prefix}-${var.name}-cdn-profile"
resource_group_name = var.resource_group_name
location = var.location
sku = "Standard_Microsoft"
Expand All @@ -41,7 +34,7 @@ resource "azurerm_cdn_profile" "this" {
}

resource "azurerm_cdn_endpoint" "this" {
name = format("%s-%s-cdn-endpoint", var.prefix, var.name)
name = "${var.prefix}-${var.name}-cdn-endpoint"
resource_group_name = var.resource_group_name
location = var.location
profile_name = azurerm_cdn_profile.this.name
Expand Down Expand Up @@ -548,7 +541,7 @@ resource "null_resource" "custom_domain" {

# record APEX https://docs.microsoft.com/it-it/azure/dns/dns-zones-records#record-names
resource "azurerm_dns_a_record" "hostname" {
# create this iff DNS zone name equal to HOST NAME azurerm_cdn_endpoint.this.host_name
# create this iff DNS zone name equal to HOST NAME azurerm_cdn_endpoint.this.fqdn
count = var.dns_zone_name == var.hostname ? 1 : 0

name = "@"
Expand All @@ -562,7 +555,7 @@ resource "azurerm_dns_a_record" "hostname" {

# record A
resource "azurerm_dns_a_record" "hostname_a" {
# create this iff DNS zone name equal to HOST NAME azurerm_cdn_endpoint.this.host_name
# create this iff DNS zone name equal to HOST NAME azurerm_cdn_endpoint.this.fqdn
# true if ex: dns_zone_name = dev.pagopa.it, hostname = west.dev.pagopa.it
count = length(split(var.dns_zone_name, var.hostname)) > 1 ? 1 : 0

Expand All @@ -583,9 +576,13 @@ resource "azurerm_dns_cname_record" "cdnverify" {
zone_name = var.dns_zone_name
resource_group_name = var.dns_zone_resource_group_name
ttl = 3600
record = "cdnverify.${azurerm_cdn_endpoint.this.host_name}"
record = "cdnverify.${azurerm_cdn_endpoint.this.fqdn}"

tags = var.tags

depends_on = [
azurerm_cdn_endpoint.this
]
}

resource "azurerm_dns_cname_record" "custom_subdomain" {
Expand All @@ -596,8 +593,12 @@ resource "azurerm_dns_cname_record" "custom_subdomain" {
zone_name = var.dns_zone_name
resource_group_name = var.dns_zone_resource_group_name
ttl = 3600
record = azurerm_cdn_endpoint.this.host_name
record = azurerm_cdn_endpoint.this.fqdn

tags = var.tags

depends_on = [
azurerm_cdn_endpoint.this
]
}

4 changes: 0 additions & 4 deletions cdn/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,10 +298,6 @@ variable "hostname" {
type = string
}

variable "lock_enabled" {
type = bool
}

variable "index_document" {
type = string
}
Expand Down
167 changes: 6 additions & 161 deletions storage_account/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,169 +42,14 @@ module "diego_storage_account" {
❌ Don't use this variables:

* `enable_https_traffic_only` -> don't use any more, now default is true and mandatory
* `enable_versioning`
* `versioning_name`

🔥 State manual changes

Is possible that you need to removed manually this resources:

* `allow_blob_public_access`

```json

{
"module": "module.devopslab_cdn.module.cdn_storage_account",
"mode": "managed",
"type": "azurerm_storage_account",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]",
"instances": [
{
"schema_version": 2,
"attributes": {
"access_tier": "Hot",
"account_kind": "StorageV2",
"account_replication_type": "GRS",
"account_tier": "Standard",
"allow_blob_public_access": true, <-- REMOVE THIS ONE <<
"azure_files_authentication": [],
"blob_properties": [
{
"change_feed_enabled": false,
"container_delete_retention_policy": [],
"cors_rule": [],
"default_service_version": "",
"delete_retention_policy": [],
"last_access_time_enabled": false,
"versioning_enabled": true
}
],
"custom_domain": [],
"customer_managed_key": [],
"enable_https_traffic_only": true,
"id": "xxx",
"identity": [],
"infrastructure_encryption_enabled": false,
"is_hns_enabled": false,
"large_file_share_enabled": null,
"location": "northeurope",
"min_tls_version": "TLS1_2",
"name": "dvopladdevopslabsa",
"network_rules": [
{
"bypass": [
"AzureServices"
],
"default_action": "Allow",
"ip_rules": [],
"private_link_access": [],
"virtual_network_subnet_ids": []
}
],
"nfsv3_enabled": false,
"primary_access_key": "xxx",
"primary_blob_connection_string": "xxx",
"primary_blob_endpoint": "https://dvopladdevopslabsa.blob.core.windows.net/",
"primary_blob_host": "dvopladdevopslabsa.blob.core.windows.net",
"primary_connection_string": "xxx",
"primary_dfs_endpoint": "https://dvopladdevopslabsa.dfs.core.windows.net/",
"primary_dfs_host": "dvopladdevopslabsa.dfs.core.windows.net",
"primary_file_endpoint": "https://dvopladdevopslabsa.file.core.windows.net/",
"primary_file_host": "dvopladdevopslabsa.file.core.windows.net",
"primary_location": "northeurope",
"primary_queue_endpoint": "https://dvopladdevopslabsa.queue.core.windows.net/",
"primary_queue_host": "dvopladdevopslabsa.queue.core.windows.net",
"primary_table_endpoint": "https://dvopladdevopslabsa.table.core.windows.net/",
"primary_table_host": "dvopladdevopslabsa.table.core.windows.net",
"primary_web_endpoint": "https://dvopladdevopslabsa.z16.web.core.windows.net/",
"primary_web_host": "dvopladdevopslabsa.z16.web.core.windows.net",
"queue_encryption_key_type": "Service",
"queue_properties": [
{
"cors_rule": [],
"hour_metrics": [
{
"enabled": true,
"include_apis": true,
"retention_policy_days": 7,
"version": "1.0"
}
],
"logging": [
{
"delete": false,
"read": false,
"retention_policy_days": 0,
"version": "1.0",
"write": false
}
],
"minute_metrics": [
{
"enabled": false,
"include_apis": false,
"retention_policy_days": 0,
"version": "1.0"
}
]
}
],
"resource_group_name": "dvopla-d-selfcare-fe-rg",
"routing": [],
"secondary_access_key": "xxx",
"secondary_blob_connection_string": "",
"secondary_blob_endpoint": null,
"secondary_blob_host": null,
"secondary_connection_string": "xxx",
"secondary_dfs_endpoint": null,
"secondary_dfs_host": null,
"secondary_file_endpoint": null,
"secondary_file_host": null,
"secondary_location": "westeurope",
"secondary_queue_endpoint": null,
"secondary_queue_host": null,
"secondary_table_endpoint": null,
"secondary_table_host": null,
"secondary_web_endpoint": null,
"secondary_web_host": null,
"share_properties": [
{
"cors_rule": [],
"retention_policy": [
{
"days": 7
}
],
"smb": []
}
],
"shared_access_key_enabled": true,
"static_website": [
{
"error_404_document": "404.html",
"index_document": "index.html"
}
],
"table_encryption_key_type": "Service",
"tags": {
"CostCenter": "TS310 - PAGAMENTI \u0026 SERVIZI",
"CreatedBy": "Terraform",
"Environment": "Lab",
"Owner": "DevOps",
"Source": "https://github.com/pagopa/devopslab-infra"
},
"timeouts": null
},
"sensitive_attributes": [],
"private": "xxx",
"dependencies": [
"azurerm_resource_group.devopslab_cdn_rg"
]
}
]
},
```
❌ Don't use locks because are managed outside of the module:

* `lock_enabled`
* `lock_name`
* `lock_level`
* `lock_notes`

🔥 Broken compatibility and destroied resources

Expand Down

0 comments on commit 80d2f69

Please sign in to comment.