Merge pull request #212 from Barts-Life-Science/ohdsi-tf-provider

Update ODHSI workspace service to get newer terraform provider

templates/workspace_services/ohdsi/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-workspace-service-ohdsi
-version: 0.2.4
+version: 0.3.0
 description: "An OHDSI workspace service"
 registry: azuretre
 dockerfile: Dockerfile.tmpl
@@ -122,6 +122,8 @@ install:
         data_source_config: ${ bundle.parameters.data_source_config }
         data_source_daimons: ${ bundle.parameters.data_source_daimons }
       backendConfig:
+        use_azuread_auth: "true"
+        use_oidc: "true"
         resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
         storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
         container_name: ${ bundle.parameters.tfstate_container_name }
@@ -166,6 +168,8 @@ upgrade:
         data_source_config: ${ bundle.parameters.data_source_config }
         data_source_daimons: ${ bundle.parameters.data_source_daimons }
       backendConfig:
+        use_azuread_auth: "true"
+        use_oidc: "true"
         resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
         storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
         container_name: ${ bundle.parameters.tfstate_container_name }
@@ -188,6 +192,8 @@ uninstall:
         data_source_config: ${ bundle.parameters.data_source_config }
         data_source_daimons: ${ bundle.parameters.data_source_daimons }
       backendConfig:
+        use_azuread_auth: "true"
+        use_oidc: "true"
         resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
         storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
         container_name: ${ bundle.parameters.tfstate_container_name }

templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf

@@ -16,14 +16,10 @@ resource "azurerm_user_assigned_identity" "ohdsi_webapi_id" {
   lifecycle { ignore_changes = [tags] }
 }
 
-resource "azurerm_key_vault_access_policy" "ohdsi_webapi" {
-  key_vault_id = data.azurerm_key_vault.ws.id
-  tenant_id    = azurerm_user_assigned_identity.ohdsi_webapi_id.tenant_id
-  object_id    = azurerm_user_assigned_identity.ohdsi_webapi_id.principal_id
-
-  secret_permissions = [
-    "Get", "List"
-  ]
+resource "azurerm_role_assignment" "keyvault_ohdsi_ws_role" {
+  scope                = data.azurerm_key_vault.ws.id
+  role_definition_name = "Key Vault Secrets User"
+  principal_id         = azurerm_user_assigned_identity.ohdsi_webapi_id.principal_id
 }
 
 resource "azurerm_linux_web_app" "ohdsi_webapi" {

templates/workspace_services/ohdsi/terraform/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=3.58.0"
+      version = "=3.112.0"
     }
     local = {
       source  = "hashicorp/local"
@@ -32,6 +32,7 @@ provider "azurerm" {
       recover_soft_deleted_keys         = true
     }
   }
+  storage_use_azuread = true
 }
 
 module "terraform_azurerm_environment_configuration" {

templates/workspace_services/ohdsi/terraform/upgrade.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+# This script is used to install the bundle directly without having to interact with Porter
+
+# This script assumes you have created an .env from the sample and the variables
+# will come from there.
+# shellcheck disable=SC2154
+terraform init -upgrade -reconfigure -input=false -backend=true \
+    -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \
+    -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \
+    -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \
+    -backend-config="key=tre-workspace-service-ohdsi-${TF_VAR_tre_resource_id}"