Merge branch 'main' into release/1-Oct-24-R1

DFE-Digital · Oct 8, 2024 · cade19d · cade19d
2 parents a325764 + b66769a
commit cade19d
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 16 deletions.
diff --git a/.github/workflows/tf-azure-deploy.yml b/.github/workflows/tf-azure-deploy.yml
@@ -44,6 +44,22 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      # Sets an environment variable to contain the current IP address
+      - name: IP address env
+        run: echo "CURRENT_IP=$(curl https://api.ipify.org)" >> $GITHUB_ENV
+
+      # Login to Azure using OIDC
+      - name: Login to Azure CLI
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      # Allows the current IP address access to the storage account for later terraform steps in the workflow
+      - name: Azure Storage IP access
+        run:  az storage account network-rule add -g ${{ vars.RESOURCE_NAME_PREFIX }}-rg --account-name ${{ vars.WEBAPP_STORAGE_ACCOUNT_NAME }} --ip-address $CURRENT_IP
+
       # Install the latest version of the Terraform CLI
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -13,6 +13,21 @@ provider "azurerm" {
   }
 }
 
+moved {
+  from = module.webapp.azurerm_key_vault_access_policy.webapp_kv_app_service_slot
+  to   = module.webapp.azurerm_key_vault_access_policy.webapp_kv_app_service_slot[0]
+}
+
+moved {
+  from = module.webapp.azurerm_monitor_diagnostic_setting.webapp_slot_logs_monitor
+  to   = module.webapp.azurerm_monitor_diagnostic_setting.webapp_slot_logs_monitor[0]
+}
+
+moved {
+  from = module.webapp.azurerm_monitor_diagnostic_setting.webapp_slot_logs_monitor
+  to   = module.webapp.azurerm_monitor_diagnostic_setting.webapp_slot_logs_monitor[0]
+}
+
 # Create Resource Group
 resource "azurerm_resource_group" "rg" {
   name     = "${var.resource_name_prefix}-rg"
@@ -56,11 +71,12 @@ module "network" {
 module "storage" {
   source = "./modules/azure-storage"
 
-  location         = var.azure_region
-  resource_group   = azurerm_resource_group.rg.name
-  kv_id            = module.network.kv_id
-  webapp_subnet_id = module.network.webapp_subnet_id
-  tags             = local.common_tags
+  location                    = var.azure_region
+  resource_group              = azurerm_resource_group.rg.name
+  webapp_storage_account_name = var.webapp_storage_account_name
+  kv_id                       = module.network.kv_id
+  webapp_subnet_id            = module.network.webapp_subnet_id
+  tags                        = local.common_tags
 }
 
 # Create web application resources

diff --git a/terraform/modules/azure-storage/storage.tf b/terraform/modules/azure-storage/storage.tf
@@ -1,11 +1,5 @@
-resource "random_string" "resource_code" {
-  length  = 5
-  special = false
-  upper   = false
-}
-
 resource "azurerm_storage_account" "sa" {
-  name                             = "eyqualwebapp${random_string.resource_code.result}sa"
+  name                             = var.webapp_storage_account_name
   resource_group_name              = var.resource_group
   location                         = var.location
   account_tier                     = "Standard"

diff --git a/terraform/modules/azure-storage/variables.tf b/terraform/modules/azure-storage/variables.tf
@@ -8,6 +8,11 @@ variable "resource_group" {
   type        = string
 }
 
+variable "webapp_storage_account_name" {
+  description = "Storage Account name"
+  type        = string
+}
+
 variable "kv_id" {
   description = "The ID of the Key Vault"
   type        = string

diff --git a/terraform/modules/azure-web/web-app.tf b/terraform/modules/azure-web/web-app.tf
@@ -151,7 +151,7 @@ resource "azurerm_linux_web_app" "webapp" {
 resource "azurerm_linux_web_app_slot" "webapp_slot" {
 
   count = var.environment != "development" ? 1 : 0
-  
+
   name                      = var.webapp_slot_name
   app_service_id            = azurerm_linux_web_app.webapp.id
   https_only                = true
@@ -206,7 +206,7 @@ resource "azurerm_linux_web_app_slot" "webapp_slot" {
 }
 
 resource "azurerm_monitor_diagnostic_setting" "webapp_logs_monitor" {
-  
+
   name                       = "${var.resource_name_prefix}-webapp-mon"
   target_resource_id         = azurerm_linux_web_app.webapp.id
   log_analytics_workspace_id = azurerm_log_analytics_workspace.webapp_logs.id
@@ -231,7 +231,7 @@ resource "azurerm_monitor_diagnostic_setting" "webapp_logs_monitor" {
 resource "azurerm_monitor_diagnostic_setting" "webapp_slot_logs_monitor" {
 
   count = var.environment != "development" ? 1 : 0
-  
+
   name                       = "${var.resource_name_prefix}-webapp-${var.webapp_slot_name}-mon"
   target_resource_id         = azurerm_linux_web_app_slot.webapp_slot.0.id
   log_analytics_workspace_id = azurerm_log_analytics_workspace.webapp_logs.id
@@ -412,7 +412,7 @@ resource "azurerm_key_vault_access_policy" "webapp_kv_app_service" {
 resource "azurerm_key_vault_access_policy" "webapp_kv_app_service_slot" {
 
   count = var.environment != "development" ? 1 : 0
-  
+
   key_vault_id            = var.kv_id
   tenant_id               = data.azurerm_client_config.az_config.tenant_id
   object_id               = azurerm_linux_web_app_slot.webapp_slot.0.identity.0.principal_id

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -83,6 +83,11 @@ variable "webapp_slot_name" {
   type        = string
 }
 
+variable "webapp_storage_account_name" {
+  description = "Storage Account name"
+  type        = string
+}
+
 variable "webapp_access_is_public" {
   description = "Web app service is public, and access is unchallenged"
   default     = false