Merge pull request #569 from microsoft/dayland/add-tf-state-support-f…

…or-us-gov-pipelines Add Azure Government Cloud support and update login credentials
microsoft · Mar 18, 2024 · b405d09 · b405d09
2 parents f02c82f + 6a68a55
commit b405d09
Show file tree

Hide file tree

Showing 12 changed files with 47 additions and 9 deletions.
diff --git a/Makefile b/Makefile
@@ -54,7 +54,7 @@ take-dir-ownership:
 	@sudo chown -R vscode .
 
 terraform-remote-backend:
-	@mv ./infra/backend.tf.ci ./infra/backend.tf
+	@./scripts/terraform-remote-backend.sh
 
 infrastructure-remote-backend: terraform-remote-backend infrastructure
 

diff --git a/infra/backend.tf.ci b/infra/backend.tf.ci
@@ -1,5 +1,6 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 0.15.3"
   backend "azurerm" {
+    environment = "public"
   }
 }
diff --git a/infra/backend.tf.us.ci b/infra/backend.tf.us.ci
@@ -0,0 +1,6 @@
+terraform {
+  required_version = ">= 0.15.3"
+  backend "azurerm" {
+    environment = "usgovernment"
+  }
+}
diff --git a/scripts/check-subscription.sh b/scripts/check-subscription.sh
@@ -16,7 +16,7 @@ figlet Check Subscription
 if [ -n "${IN_AUTOMATION}" ]
 then
 
-    if [ -n "${AZURE_ENVIRONMENT}" ] && [ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]; then
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
         az cloud set --name AzureUSGovernment 
     fi
 

diff --git a/scripts/deploy-enrichment-webapp.sh b/scripts/deploy-enrichment-webapp.sh
@@ -38,7 +38,7 @@ fi
 if [ -n "${IN_AUTOMATION}" ]
 then
 
-    if [ -n "${AZURE_ENVIRONMENT}" ] && $AZURE_ENVIRONMENT == "AzureUSGovernment"; then
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
         az cloud set --name AzureUSGovernment 
     fi
 

diff --git a/scripts/deploy-functions.sh b/scripts/deploy-functions.sh
@@ -17,7 +17,7 @@ cd $BINARIES_OUTPUT_PATH
 if [ -n "${IN_AUTOMATION}" ]
 then
 
-    if [ -n "${AZURE_ENVIRONMENT}" ] && $AZURE_ENVIRONMENT == "AzureUSGovernment"; then
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
         az cloud set --name AzureUSGovernment 
     fi
 

diff --git a/scripts/deploy-search-indexes.sh b/scripts/deploy-search-indexes.sh
@@ -14,7 +14,7 @@ source "${DIR}/environments/infrastructure.env"
 if [ -n "${IN_AUTOMATION}" ]
 then
 
-    if [ -n "${AZURE_ENVIRONMENT}" ] && $AZURE_ENVIRONMENT == "AzureUSGovernment"; then
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
         az cloud set --name AzureUSGovernment 
     fi
 

diff --git a/scripts/deploy-webapp.sh b/scripts/deploy-webapp.sh
@@ -38,7 +38,7 @@ fi
 if [ -n "${IN_AUTOMATION}" ]
 then
 
-    if [ -n "${AZURE_ENVIRONMENT}" ] && $AZURE_ENVIRONMENT == "AzureUSGovernment"; then
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
         az cloud set --name AzureUSGovernment 
     fi
 

diff --git a/scripts/inf-create.sh b/scripts/inf-create.sh
@@ -49,6 +49,17 @@ if [ -n "${IN_AUTOMATION}" ]; then
   export TF_VAR_aadMgmtClientSecret=$aadMgmtAppSecret
 fi
 
+if [ -n "${IN_AUTOMATION}" ]
+then
+
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
+        az cloud set --name AzureUSGovernment 
+    fi
+
+    az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID"
+    az account set -s "$ARM_SUBSCRIPTION_ID"
+fi
+
 # Create our application configuration file before starting infrastructure
 ${DIR}/configuration-create.sh
 

diff --git a/scripts/inf-destroy.sh b/scripts/inf-destroy.sh
@@ -16,7 +16,7 @@ if [ -n "${IN_AUTOMATION}" ]
 then
     echo "Delete the resource group $RG_NAME, but don't wait (fire and forget)"
 
-    if [ -n "${AZURE_ENVIRONMENT}" ] && $AZURE_ENVIRONMENT == "AzureUSGovernment"; then
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ $AZURE_ENVIRONMENT == "AzureUSGovernment" ]]; then
         az cloud set --name AzureUSGovernment 
     fi
 

diff --git a/scripts/terraform-init.sh b/scripts/terraform-init.sh
@@ -59,11 +59,20 @@ trap finish EXIT
 
 if [ -n "${IN_AUTOMATION}" ]
 then
-    terraform init -backend-config="resource_group_name=$TF_BACKEND_RESOURCE_GROUP" \
+    if [ -n "${AZURE_ENVIRONMENT}" ] && [[ "$AZURE_ENVIRONMENT" == "AzureUSGovernment" ]]; then
+        terraform init -backend-config="resource_group_name=$TF_BACKEND_RESOURCE_GROUP" \
+        -backend-config="storage_account_name=$TF_BACKEND_STORAGE_ACCOUNT" \
+        -backend-config="container_name=$TF_BACKEND_CONTAINER" \
+        -backend-config="access_key=$TF_BACKEND_ACCESS_KEY" \
+        -backend-config="key=$TF_BACKEND_STATE_KEY" \
+        -backend-config="environment=usgovernment"
+    else
+        terraform init -backend-config="resource_group_name=$TF_BACKEND_RESOURCE_GROUP" \
         -backend-config="storage_account_name=$TF_BACKEND_STORAGE_ACCOUNT" \
         -backend-config="container_name=$TF_BACKEND_CONTAINER" \
         -backend-config="access_key=$TF_BACKEND_ACCESS_KEY" \
         -backend-config="key=$TF_BACKEND_STATE_KEY"
+    fi
 else
     terraform init -upgrade
 fi

diff --git a/scripts/terraform-remote-backend.sh b/scripts/terraform-remote-backend.sh
@@ -0,0 +1,11 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+
+#!/bin/bash
+set -e
+
+if [ -n "${AZURE_ENVIRONMENT}" ] && [[ "$AZURE_ENVIRONMENT" == "AzureUSGovernment" ]]; then
+    mv ./infra/backend.tf.us.ci ./infra/backend.tf
+else
+    mv ./infra/backend.tf.ci ./infra/backend.tf
+fi