Feat/dtoss 5412 create azure resources and deployment pipelines in az…

…ure dev ops for team analyses (#54)

* DTOSS-5412: Create Azure resource and deployement pipelines

* DTOSS-5412: Create Dev Audit root module

* PR stuff

.azuredevops/pipelines/cd-infrastructure-dev-audit.yaml

@@ -0,0 +1,65 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+
+trigger:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - infrastructure/*
+
+pool:
+  vmImage: ubuntu-latest
+  # name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: 6698a57ef95f35661bb668e1b929e6894a554ac6
+      endpoint: NHSDigital
+
+variables:
+  - group: DEV_audit_backend
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
+  - name: TF_VERSION
+    value: 1.9.2
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_audit_DEV
+  - name: ENVIRONMENT
+    value: development
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates

.azuredevops/pipelines/cd-infrastructure-dev-core.yaml

@@ -0,0 +1,66 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+
+trigger:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - infrastructure/*
+
+pool:
+  #vmImage: ubuntu-latest
+  name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: 6698a57ef95f35661bb668e1b929e6894a554ac6
+      endpoint: NHSDigital
+
+variables:
+  - group: DEV_core_backend
+  - group: DEV_audit_backend_remote_state
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-core
+  - name: TF_VERSION
+    value: 1.9.2
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_core_DEV
+  - name: ENVIRONMENT
+    value: development
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates

.env.template

@@ -15,7 +15,3 @@ MESHSHAREDKEY="" #Shared Key for the MESH Mailbox, For local sandbox this is set
 MESHKEYPASSPHRASE="" #Passpharse for the private key for authenticating against the MESH Mailbox, for the local sandbox this is defined when creating the private key and certificate, production and integration this will be issues when provisining the environment.
 MESHAPIBASEURL=http://localhost:8700/messageexchange #Mesh mailbox URL host.docker.internal for mac and localhost for windows
 BSSMAILBOX=X26ABC1 #Mesh mailbox name
-
-
-
-

.gitignore

@@ -6,6 +6,7 @@
 *vulnerabilities*report*.json
 *report*json.zip
 .version
+.DS_Store
 
 *.code-workspace
 !project.code-workspace

.gitmodules

@@ -1,3 +1,5 @@
 [submodule "src/Shared/dotnet-mesh-client"]
+	# path = src/Shared/dotnet-mesh-client
 	path = src/Shared/dotnet-mesh-client
 	url = https://github.com/NHSDigital/dotnet-mesh-client
+	branch = main

compose.yaml

@@ -189,21 +189,18 @@ services:
       - ASPNETCORE_URLS=http://*:6070
       - ServiceInsightsDbConnectionString=Server=${DB_CONNECTION},1433;Database=${DB_NAME};User Id=SA;Password=${PASSWORD};TrustServerCertificate=True
 
-  # update-episode:
-  #   container_name: update-episode
-  #   restart: always
-  #   build:
-  #     context: ./src/
-  #     dockerfile: ./EpisodeDataService/UpdateEpisode/Dockerfile
-  #   networks:
-  #     - app-network
-  #   ports:
-  #     - "7777:7777"
-  #   environment:
-  #     - ASPNETCORE_ENVIRONMENT=Development
-  #     - FUNCTIONS_WORKER_RUNTIME=dotnet-isolated
-  #     - ASPNETCORE_URLS=http://*:7777
-  #     - ServiceInsightsDbConnectionString=Server=${DB_CONNECTION},1433;Database=${DB_NAME};User Id=SA;Password=${PASSWORD};TrustServerCertificate=True
+  update-episode:
+    container_name: update-episode
+    network_mode: host
+    build:
+      context: ./src/
+      dockerfile: ./EpisodeDataService/UpdateEpisode/Dockerfile
+    ports:
+      - "7777:7777"
+    environment:
+      - FUNCTIONS_WORKER_RUNTIME=dotnet-isolated
+      - ASPNETCORE_URLS=http://*:7777
+      - ServiceInsightsDbConnectionString=Server=127.0.0.1,1433;Database=${DB_NAME};User Id=SA;Password=${PASSWORD};TrustServerCertificate=True
 
   # Episode Integration Service
   receive-data:
@@ -317,3 +314,20 @@ services:
       - ASPNETCORE_ENVIRONMENT=Development
       - FUNCTIONS_WORKER_RUNTIME=dotnet-isolated
       - ASPNETCORE_URLS=http://*:7074
+
+  # Reference Data Service
+  get-organisation-data:
+    container_name: get-organisation-data
+    restart: always
+    build:
+      context: ./src/
+      dockerfile: ./ReferenceDataService/GetReferenceData/Dockerfile
+    networks:
+      - app-network
+    ports:
+      - "6081:6081"
+    environment:
+      - ASPNETCORE_ENVIRONMENT=Development
+      - FUNCTIONS_WORKER_RUNTIME=dotnet-isolated
+      - ASPNETCORE_URLS=http://*:6081
+      - ServiceInsightsDbConnectionString=Server=${DB_CONNECTION},1433;Database=${DB_NAME};User Id=SA;Password=${PASSWORD};TrustServerCertificate=True

infrastructure/.gitignore

@@ -3,21 +3,11 @@
 # Local .terraform directories
 **/.terraform/*
 
-# .tfstate files
-*.tfstate
-*.tfstate.*
 
 # Crash log files
 crash.log
 crash.*.log
 
-# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version
-# control as they are data points which are potentially sensitive and subject
-# to change depending on the environment.
-*.tfvars
-*.tfvars.json
-
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf

infrastructure/tf-audit/app_insights.tf

@@ -0,0 +1,15 @@
+module "app_insights_audit" {
+  for_each = { for key, val in var.regions : key => val if val.is_primary_region }
+
+  source = "../../../dtos-devops-templates/infrastructure/modules/app-insights"
+
+  name             = module.regions_config[each.key].names.app-insights
+  location         = each.key
+  appinsights_type = var.app_insights.appinsights_type
+
+  log_analytics_workspace_id = module.log_analytics_workspace_audit[each.key].id
+
+  resource_group_name = azurerm_resource_group.audit[each.key].name
+  tags                = var.tags
+
+}

infrastructure/tf-audit/config.tf

@@ -0,0 +1,21 @@
+resource "azurerm_resource_group" "audit" {
+  for_each = { for key, val in var.regions : key => val if val.is_primary_region }
+
+  name     = "${module.regions_config[each.key].names.resource-group}-audit"
+  location = each.key
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
+}
+
+module "regions_config" {
+  for_each = var.regions
+
+  source = "../../../dtos-devops-templates/infrastructure/modules/shared-config"
+
+  location    = each.key
+  application = var.application
+  env         = var.environment
+  tags        = var.tags
+}

infrastructure/tf-audit/data.tf

@@ -0,0 +1,12 @@
+data "azurerm_client_config" "current" {}
+
+data "terraform_remote_state" "hub" {
+  backend = "azurerm"
+  config = {
+    subscription_id      = var.HUB_SUBSCRIPTION_ID
+    storage_account_name = var.HUB_BACKEND_AZURE_STORAGE_ACCOUNT_NAME
+    container_name       = var.HUB_BACKEND_AZURE_STORAGE_ACCOUNT_CONTAINER_NAME
+    key                  = var.HUB_BACKEND_AZURE_STORAGE_ACCOUNT_KEY
+    resource_group_name  = var.HUB_BACKEND_AZURE_RESOURCE_GROUP_NAME
+  }
+}

infrastructure/tf-audit/environments/development.tfvars

@@ -0,0 +1,53 @@
+application           = "serins"
+application_full_name = "service-insights"
+environment           = "DEV"
+
+features = {
+  private_endpoints_enabled            = true
+  private_service_connection_is_manual = false
+  public_network_access_enabled        = false
+}
+
+tags = {
+  Project = "Service-Insights"
+}
+
+regions = {
+  uksouth = {
+    is_primary_region = true
+    address_space     = "10.114.0.0/16"
+    connect_peering   = true
+    subnets = {
+      # apps = {
+      #   cidr_newbits               = 8
+      #   cidr_offset                = 2
+      #   delegation_name            = "Microsoft.Web/serverFarms"
+      #   service_delegation_name    = "Microsoft.Web/serverFarms"
+      #   service_delegation_actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+      # }
+      pep = {
+        cidr_newbits = 8
+        cidr_offset  = 1
+      }
+    }
+  }
+}
+
+app_insights = {
+  appinsights_type = "web"
+}
+
+law = {
+  law_sku        = "PerGB2018"
+  retention_days = 30
+}
+
+storage_accounts = {
+  fnapp = {
+    name_suffix                   = "sqllogs"
+    account_tier                  = "Standard"
+    replication_type              = "LRS"
+    public_network_access_enabled = false
+    containers                    = {}
+  }
+}

infrastructure/tf-audit/log_analytics_workspace.tf

@@ -0,0 +1,15 @@
+module "log_analytics_workspace_audit" {
+  for_each = { for key, val in var.regions : key => val if val.is_primary_region }
+
+  source = "../../../dtos-devops-templates/infrastructure/modules/log-analytics-workspace"
+
+  name     = module.regions_config[each.key].names.log-analytics-workspace
+  location = each.key
+
+  law_sku        = var.law.law_sku
+  retention_days = var.law.retention_days
+
+  resource_group_name = azurerm_resource_group.audit[each.key].name
+
+  tags = var.tags
+}