From 2c872cf4278a73fa92c7359273637fc8d3b87a45 Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Mon, 14 Aug 2023 15:04:31 +0100 Subject: [PATCH] Apply missing lifecycle blocks. (#3670) --- CHANGELOG.md | 3 +++ core/terraform/azure-monitor/query.tf | 2 ++ core/terraform/cosmos_mongo.tf | 2 ++ core/terraform/keyvault.tf | 10 ++++++++++ core/terraform/network/network_security_groups.tf | 6 ++++++ core/terraform/notebooks.tf | 2 ++ .../terraform/resource_processor/vmss_porter/main.tf | 2 ++ core/version.txt | 2 +- templates/shared_services/admin-vm/porter.yaml | 2 +- .../admin-vm/terraform/admin-jumpbox.tf | 8 ++++++++ templates/shared_services/cyclecloud/porter.yaml | 2 +- .../cyclecloud/terraform/cyclecloud.tf | 8 ++++++++ .../shared_services/cyclecloud/terraform/storage.tf | 2 ++ .../shared_services/databricks-auth/porter.yaml | 2 +- templates/shared_services/firewall/porter.yaml | 2 +- templates/shared_services/gitea/porter.yaml | 2 +- .../shared_services/gitea/terraform/gitea-webapp.tf | 2 ++ templates/shared_services/gitea/terraform/mysql.tf | 2 ++ .../shared_services/sonatype-nexus-vm/porter.yaml | 2 +- .../sonatype-nexus-vm/terraform/vm.tf | 12 ++++++++++++ templates/workspace_services/azureml/porter.yaml | 2 +- .../workspace_services/azureml/terraform/compute.tf | 2 ++ .../workspace_services/azureml/terraform/network.tf | 2 ++ .../workspace_services/azureml/terraform/storage.tf | 2 +- .../azureml/user_resources/aml_compute/porter.yaml | 2 +- .../user_resources/aml_compute/terraform/compute.tf | 2 ++ templates/workspace_services/databricks/porter.yaml | 2 +- templates/workspace_services/gitea/porter.yaml | 2 +- .../gitea/terraform/gitea-webapp.tf | 2 ++ .../workspace_services/gitea/terraform/mysql.tf | 2 ++ templates/workspace_services/guacamole/porter.yaml | 2 +- .../guacamole/terraform/web_app.tf | 2 ++ .../guacamole-azure-export-reviewvm/porter.yaml | 2 +- .../terraform/windowsvm.tf | 10 ++++++++++ .../guacamole-azure-import-reviewvm/porter.yaml | 2 +- .../terraform/windowsvm.tf | 8 ++++++++ .../guacamole-azure-linuxvm/porter.yaml | 2 +- .../guacamole-azure-linuxvm/terraform/linuxvm.tf | 6 ++++++ .../guacamole-azure-windowsvm/porter.yaml | 2 +- .../guacamole-azure-windowsvm/terraform/windowsvm.tf | 8 ++++++++ .../workspace_services/health-services/porter.yaml | 2 +- .../health-services/terraform/main.tf | 4 ++++ templates/workspace_services/innereye/porter.yaml | 2 +- .../workspace_services/innereye/terraform/compute.tf | 2 ++ .../workspace_services/innereye/terraform/web_app.tf | 4 ++++ templates/workspace_services/mlflow/porter.yaml | 2 +- .../mlflow/terraform/postgresql.tf | 6 ++++++ .../workspace_services/mlflow/terraform/web_app.tf | 2 ++ templates/workspace_services/mysql/porter.yaml | 2 +- .../workspace_services/mysql/terraform/mysql.tf | 2 ++ templates/workspace_services/ohdsi/porter.yaml | 2 +- .../ohdsi/terraform/atlas_database.tf | 8 ++++++++ .../ohdsi/terraform/atlas_security.tf | 2 ++ .../workspace_services/ohdsi/terraform/atlas_ui.tf | 4 ++++ .../ohdsi/terraform/ohdsi_web_api.tf | 8 ++++++++ .../workspaces/airlock-import-review/porter.yaml | 2 +- templates/workspaces/base/porter.yaml | 2 +- templates/workspaces/base/terraform/aad/aad.tf | 4 ++++ .../workspaces/base/terraform/appserviceplan.tf | 2 ++ .../base/terraform/azure-monitor/azure-monitor.tf | 4 ++++ templates/workspaces/base/terraform/keyvault.tf | 6 ++++++ templates/workspaces/unrestricted/porter.yaml | 2 +- 62 files changed, 188 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 193f08cae8..5f8e9bef3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,15 @@ ## 0.14.0 (Unreleased) + FEATURES: ENHANCEMENTS: BUG FIXES: +* Apply missing lifecycle blocks. ([#3670](https://github.com/microsoft/AzureTRE/issues/3670)) * Outputs of type boolean are stored as strings ([#3655](https://github.com/microsoft/AzureTRE/pulls/3655)) + ## 0.13.0 (August 9, 2023) BUG FIXES: diff --git a/core/terraform/azure-monitor/query.tf b/core/terraform/azure-monitor/query.tf index dc40fc4c41..7b37719836 100644 --- a/core/terraform/azure-monitor/query.tf +++ b/core/terraform/azure-monitor/query.tf @@ -3,6 +3,8 @@ resource "azurerm_log_analytics_query_pack" "tre" { resource_group_name = var.resource_group_name location = var.location tags = var.tre_core_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_log_analytics_query_pack_query" "rp_logs" { diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf index 2623afe28b..fdb90fbf17 100644 --- a/core/terraform/cosmos_mongo.tf +++ b/core/terraform/cosmos_mongo.tf @@ -99,4 +99,6 @@ resource "azurerm_key_vault_secret" "cosmos_mongo_connstr" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } diff --git a/core/terraform/keyvault.tf b/core/terraform/keyvault.tf index e8ec876194..7d84e9418b 100644 --- a/core/terraform/keyvault.tf +++ b/core/terraform/keyvault.tf @@ -70,6 +70,8 @@ resource "azurerm_key_vault_secret" "api_client_id" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "api_client_secret" { @@ -80,6 +82,8 @@ resource "azurerm_key_vault_secret" "api_client_secret" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "auth_tenant_id" { @@ -90,6 +94,8 @@ resource "azurerm_key_vault_secret" "auth_tenant_id" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "application_admin_client_id" { @@ -100,6 +106,8 @@ resource "azurerm_key_vault_secret" "application_admin_client_id" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "application_admin_client_secret" { @@ -110,6 +118,8 @@ resource "azurerm_key_vault_secret" "application_admin_client_secret" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_diagnostic_setting" "kv" { diff --git a/core/terraform/network/network_security_groups.tf b/core/terraform/network/network_security_groups.tf index d89d711d6b..50accf846b 100644 --- a/core/terraform/network/network_security_groups.tf +++ b/core/terraform/network/network_security_groups.tf @@ -101,6 +101,8 @@ resource "azurerm_network_security_group" "bastion" { source_address_prefix = "*" destination_address_prefix = "Internet" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet_network_security_group_association" "bastion" { @@ -141,6 +143,8 @@ resource "azurerm_network_security_group" "app_gw" { source_address_prefix = "Internet" destination_address_prefix = "*" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet_network_security_group_association" "app_gw" { @@ -156,6 +160,8 @@ resource "azurerm_network_security_group" "default_rules" { location = var.location resource_group_name = var.resource_group_name tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet_network_security_group_association" "shared" { diff --git a/core/terraform/notebooks.tf b/core/terraform/notebooks.tf index 23ab97fa33..37214c7748 100644 --- a/core/terraform/notebooks.tf +++ b/core/terraform/notebooks.tf @@ -12,4 +12,6 @@ resource "azurerm_application_insights_workbook" "firewall" { display_name = "Azure Firewall Workbook ${var.tre_id}" data_json = data.http.firewall_workbook_json.response_body tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/core/terraform/resource_processor/vmss_porter/main.tf b/core/terraform/resource_processor/vmss_porter/main.tf index 6c7f6c939e..a9599527d2 100644 --- a/core/terraform/resource_processor/vmss_porter/main.tf +++ b/core/terraform/resource_processor/vmss_porter/main.tf @@ -38,6 +38,8 @@ resource "azurerm_key_vault_secret" "resource_processor_vmss_password" { value = random_password.password.result key_vault_id = var.key_vault_id tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_user_assigned_identity" "vmss_msi" { diff --git a/core/version.txt b/core/version.txt index af46754d38..de77196f44 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.8.5" +__version__ = "0.8.6" diff --git a/templates/shared_services/admin-vm/porter.yaml b/templates/shared_services/admin-vm/porter.yaml index 4ee499acf7..a32187f47a 100644 --- a/templates/shared_services/admin-vm/porter.yaml +++ b/templates/shared_services/admin-vm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-admin-vm -version: 0.4.0 +version: 0.4.3 description: "An admin vm shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf index 8588111e34..3ef4b8734b 100644 --- a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf +++ b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "jumpbox_nic" { subnet_id = data.azurerm_subnet.shared.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_password" "password" { @@ -47,6 +49,8 @@ resource "azurerm_windows_virtual_machine" "jumpbox" { caching = "ReadWrite" storage_account_type = "Standard_LRS" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "jumpbox_credentials" { @@ -54,6 +58,8 @@ resource "azurerm_key_vault_secret" "jumpbox_credentials" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.keyvault.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "antimalware" { @@ -68,4 +74,6 @@ resource "azurerm_virtual_machine_extension" "antimalware" { settings = jsonencode({ "AntimalwareEnabled" = true }) + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/shared_services/cyclecloud/porter.yaml b/templates/shared_services/cyclecloud/porter.yaml index 6a76e7b143..c6c6c0810d 100644 --- a/templates/shared_services/cyclecloud/porter.yaml +++ b/templates/shared_services/cyclecloud/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-cyclecloud -version: 0.5.2 +version: 0.5.4 description: "An Azure TRE Shared Service Template for Azure Cyclecloud" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/shared_services/cyclecloud/terraform/cyclecloud.tf b/templates/shared_services/cyclecloud/terraform/cyclecloud.tf index e89ee69a64..0ca360817b 100644 --- a/templates/shared_services/cyclecloud/terraform/cyclecloud.tf +++ b/templates/shared_services/cyclecloud/terraform/cyclecloud.tf @@ -79,6 +79,8 @@ resource "azurerm_key_vault_secret" "cyclecloud_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.core.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } data "azurerm_subscription" "primary" { @@ -102,6 +104,8 @@ resource "azurerm_network_interface" "cyclecloud" { subnet_id = data.azurerm_subnet.shared.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_zone" "cyclecloud" { @@ -118,6 +122,8 @@ resource "azurerm_private_dns_zone_virtual_network_link" "cyclecloud_core_vnet" private_dns_zone_name = azurerm_private_dns_zone.cyclecloud.name virtual_network_id = data.azurerm_virtual_network.core.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_a_record" "cyclecloud_vm" { @@ -127,5 +133,7 @@ resource "azurerm_private_dns_a_record" "cyclecloud_vm" { ttl = 300 records = [azurerm_network_interface.cyclecloud.private_ip_address] tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/shared_services/cyclecloud/terraform/storage.tf b/templates/shared_services/cyclecloud/terraform/storage.tf index 3c7e6f4429..c5f561a8dd 100644 --- a/templates/shared_services/cyclecloud/terraform/storage.tf +++ b/templates/shared_services/cyclecloud/terraform/storage.tf @@ -5,6 +5,8 @@ resource "azurerm_storage_account" "cyclecloud" { account_tier = "Standard" account_replication_type = "GRS" tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } data "azurerm_private_dns_zone" "blobcore" { diff --git a/templates/shared_services/databricks-auth/porter.yaml b/templates/shared_services/databricks-auth/porter.yaml index e0f13939bf..b14922cedc 100644 --- a/templates/shared_services/databricks-auth/porter.yaml +++ b/templates/shared_services/databricks-auth/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-databricks-private-auth -version: 0.1.3 +version: 0.1.5 description: "An Azure TRE shared service for Azure Databricks authentication." registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index c39c5b1297..880da4ac5a 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 1.1.1 +version: 1.1.3 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index bff8edd007..1f82da60ef 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 0.6.3 +version: 0.6.5 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index 0838b806bd..702c4d1288 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -168,6 +168,8 @@ resource "azurerm_key_vault_secret" "gitea_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_storage_share" "gitea" { diff --git a/templates/shared_services/gitea/terraform/mysql.tf b/templates/shared_services/gitea/terraform/mysql.tf index b457efa5db..42bea9c4ff 100644 --- a/templates/shared_services/gitea/terraform/mysql.tf +++ b/templates/shared_services/gitea/terraform/mysql.tf @@ -71,4 +71,6 @@ resource "azurerm_key_vault_secret" "db_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/shared_services/sonatype-nexus-vm/porter.yaml b/templates/shared_services/sonatype-nexus-vm/porter.yaml index 2a3e36c60a..085ef5bd57 100644 --- a/templates/shared_services/sonatype-nexus-vm/porter.yaml +++ b/templates/shared_services/sonatype-nexus-vm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-sonatype-nexus -version: 2.5.3 +version: 2.5.6 description: "A Sonatype Nexus shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf b/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf index dcfdafdabf..df274bab6e 100644 --- a/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf +++ b/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "nexus" { subnet_id = data.azurerm_subnet.shared.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_zone_virtual_network_link" "nexus_core_vnet" { @@ -17,6 +19,8 @@ resource "azurerm_private_dns_zone_virtual_network_link" "nexus_core_vnet" { private_dns_zone_name = data.azurerm_private_dns_zone.nexus.name virtual_network_id = data.azurerm_virtual_network.core.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_a_record" "nexus_vm" { @@ -26,6 +30,8 @@ resource "azurerm_private_dns_a_record" "nexus_vm" { ttl = 300 records = [azurerm_linux_virtual_machine.nexus.private_ip_address] tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "random_password" "nexus_vm_password" { @@ -59,6 +65,8 @@ resource "azurerm_key_vault_secret" "nexus_vm_password" { value = random_password.nexus_vm_password.result key_vault_id = data.azurerm_key_vault.kv.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "nexus_admin_password" { @@ -66,6 +74,8 @@ resource "azurerm_key_vault_secret" "nexus_admin_password" { value = random_password.nexus_admin_password.result key_vault_id = data.azurerm_key_vault.kv.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_user_assigned_identity" "nexus_msi" { @@ -222,4 +232,6 @@ resource "azurerm_virtual_machine_extension" "keyvault" { "msiClientId" : azurerm_user_assigned_identity.nexus_msi.client_id } }) + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index 7c5df991b7..1d4b45d7b8 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.8.8 +version: 0.8.10 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/terraform/compute.tf b/templates/workspace_services/azureml/terraform/compute.tf index 37ad8bc8c9..549995e6ab 100644 --- a/templates/workspace_services/azureml/terraform/compute.tf +++ b/templates/workspace_services/azureml/terraform/compute.tf @@ -16,6 +16,8 @@ resource "azurerm_key_vault_secret" "aml_password" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 8ebc8146f3..9c11677381 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -56,6 +56,8 @@ resource "azapi_resource" "aml_service_endpoint_policy" { ] } }) + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet" "aml" { diff --git a/templates/workspace_services/azureml/terraform/storage.tf b/templates/workspace_services/azureml/terraform/storage.tf index 1e58029a03..b85acf5bd8 100644 --- a/templates/workspace_services/azureml/terraform/storage.tf +++ b/templates/workspace_services/azureml/terraform/storage.tf @@ -9,7 +9,7 @@ resource "azurerm_storage_account" "aml" { default_action = "Deny" } - + lifecycle { ignore_changes = [tags] } } data "azurerm_private_dns_zone" "blobcore" { diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml index c9c4455bd0..c9f57c6283 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml +++ b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-user-resource-aml-compute-instance -version: 0.5.5 +version: 0.5.7 description: "Azure Machine Learning Compute Instance" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf index 5ff10ccdfe..f00afd5ec0 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf @@ -26,4 +26,6 @@ resource "azapi_resource" "compute_instance" { } } }) + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/databricks/porter.yaml b/templates/workspace_services/databricks/porter.yaml index 4f02892eb7..d54a446c1f 100644 --- a/templates/workspace_services/databricks/porter.yaml +++ b/templates/workspace_services/databricks/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-databricks -version: 1.0.1 +version: 1.0.3 description: "An Azure TRE service for Azure Databricks." registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index d09390602a..8bce9f56e4 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 0.8.3 +version: 0.8.5 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/gitea/terraform/gitea-webapp.tf b/templates/workspace_services/gitea/terraform/gitea-webapp.tf index fa942280e7..899f7e7921 100644 --- a/templates/workspace_services/gitea/terraform/gitea-webapp.tf +++ b/templates/workspace_services/gitea/terraform/gitea-webapp.tf @@ -176,6 +176,8 @@ resource "azurerm_key_vault_secret" "gitea_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_role_assignment" "gitea_acrpull_role" { diff --git a/templates/workspace_services/gitea/terraform/mysql.tf b/templates/workspace_services/gitea/terraform/mysql.tf index 8d13cc658f..ddd855edf4 100644 --- a/templates/workspace_services/gitea/terraform/mysql.tf +++ b/templates/workspace_services/gitea/terraform/mysql.tf @@ -71,4 +71,6 @@ resource "azurerm_key_vault_secret" "db_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/guacamole/porter.yaml b/templates/workspace_services/guacamole/porter.yaml index 67461f341d..5904433a8a 100644 --- a/templates/workspace_services/guacamole/porter.yaml +++ b/templates/workspace_services/guacamole/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole -version: 0.9.5 +version: 0.9.7 description: "An Azure TRE service for Guacamole" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/terraform/web_app.tf b/templates/workspace_services/guacamole/terraform/web_app.tf index 01c598eeae..1642dbcfd1 100644 --- a/templates/workspace_services/guacamole/terraform/web_app.tf +++ b/templates/workspace_services/guacamole/terraform/web_app.tf @@ -148,6 +148,8 @@ resource "azurerm_private_endpoint" "guacamole" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_access_policy" "guacamole_policy" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml index 43a4a446b7..e6bb291784 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-export-reviewvm -version: 0.1.5 +version: 0.1.7 description: "An Azure TRE User Resource Template for reviewing Airlock export requests" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf index 7780f6f3f3..9efc1661f2 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_network_security_group" "vm_nsg" { @@ -16,6 +18,8 @@ resource "azurerm_network_security_group" "vm_nsg" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_network_security_rule" "allow_outbound_airlock_exip_storage_pe" { @@ -146,6 +150,8 @@ resource "azurerm_windows_virtual_machine" "windowsvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "config_script" { @@ -161,6 +167,8 @@ resource "azurerm_virtual_machine_extension" "config_script" { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/configure.ps1; c:/azuredata/configure.ps1 \"" } PROT + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "windowsvm_password" { @@ -168,6 +176,8 @@ resource "azurerm_key_vault_secret" "windowsvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "template_file" "download_review_data_script" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml index ec705b6519..2df4c94418 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-import-reviewvm -version: 0.2.5 +version: 0.2.7 description: "An Azure TRE User Resource Template for reviewing Airlock import requests" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf index a064f987f4..75891d5018 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_string" "username" { @@ -69,6 +71,8 @@ resource "azurerm_windows_virtual_machine" "windowsvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "config_script" { @@ -84,6 +88,8 @@ resource "azurerm_virtual_machine_extension" "config_script" { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/configure.ps1; c:/azuredata/configure.ps1 \"" } PROT + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "windowsvm_password" { @@ -91,6 +97,8 @@ resource "azurerm_key_vault_secret" "windowsvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "template_file" "download_review_data_script" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml index 62e2f209e9..437e196282 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-linuxvm -version: 0.6.6 +version: 0.6.8 description: "An Azure TRE User Resource Template for Guacamole (Linux)" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf index d03476ce1a..247c4f77e0 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf @@ -8,6 +8,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_string" "username" { @@ -68,6 +70,8 @@ resource "azurerm_linux_virtual_machine" "linuxvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "template_cloudinit_config" "config" { @@ -135,6 +139,8 @@ resource "azurerm_key_vault_secret" "linuxvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "azurerm_storage_account" "stg" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml index f426c7508c..67997dd161 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-windowsvm -version: 0.7.6 +version: 0.7.8 description: "An Azure TRE User Resource Template for Guacamole (Windows 10)" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf index 699f92487e..575f8a7efd 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_string" "username" { @@ -79,6 +81,8 @@ resource "azurerm_windows_virtual_machine" "windowsvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "config_script" { @@ -94,6 +98,8 @@ resource "azurerm_virtual_machine_extension" "config_script" { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/configure.ps1; c:/azuredata/configure.ps1 \"" } PROT + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "windowsvm_password" { @@ -101,4 +107,6 @@ resource "azurerm_key_vault_secret" "windowsvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/health-services/porter.yaml b/templates/workspace_services/health-services/porter.yaml index dd063e3a21..e944335d12 100644 --- a/templates/workspace_services/health-services/porter.yaml +++ b/templates/workspace_services/health-services/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-health -version: 0.2.2 +version: 0.2.4 description: "An Azure Data Health Services workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/health-services/terraform/main.tf b/templates/workspace_services/health-services/terraform/main.tf index ecd68dabf5..0189b5e456 100644 --- a/templates/workspace_services/health-services/terraform/main.tf +++ b/templates/workspace_services/health-services/terraform/main.tf @@ -25,6 +25,8 @@ resource "azurerm_healthcare_fhir_service" "fhir" { type = "SystemAssigned" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_healthcare_dicom_service" "dicom" { @@ -37,6 +39,8 @@ resource "azurerm_healthcare_dicom_service" "dicom" { identity { type = "SystemAssigned" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_endpoint" "health_services_private_endpoint" { diff --git a/templates/workspace_services/innereye/porter.yaml b/templates/workspace_services/innereye/porter.yaml index b41860ba41..9c5b9133fc 100644 --- a/templates/workspace_services/innereye/porter.yaml +++ b/templates/workspace_services/innereye/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-innereye -version: 0.6.2 +version: 0.6.4 description: "An Azure TRE service for InnerEye Deep Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/innereye/terraform/compute.tf b/templates/workspace_services/innereye/terraform/compute.tf index 5e83dc2cee..6953569913 100644 --- a/templates/workspace_services/innereye/terraform/compute.tf +++ b/templates/workspace_services/innereye/terraform/compute.tf @@ -46,6 +46,8 @@ resource "azurerm_resource_group_template_deployment" "deploy_compute_cluster" { }) deployment_mode = "Incremental" + + lifecycle { ignore_changes = [tags] } } data "azurerm_container_registry" "aml" { diff --git a/templates/workspace_services/innereye/terraform/web_app.tf b/templates/workspace_services/innereye/terraform/web_app.tf index a177af4221..137d61a649 100644 --- a/templates/workspace_services/innereye/terraform/web_app.tf +++ b/templates/workspace_services/innereye/terraform/web_app.tf @@ -47,6 +47,8 @@ resource "azurerm_app_service" "inference" { type = "Custom" value = random_uuid.inference_auth_key.result } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_app_service_virtual_network_swift_connection" "inference" { @@ -77,4 +79,6 @@ resource "azurerm_private_endpoint" "inference" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/mlflow/porter.yaml b/templates/workspace_services/mlflow/porter.yaml index cc1b8bfa63..8b8939133a 100644 --- a/templates/workspace_services/mlflow/porter.yaml +++ b/templates/workspace_services/mlflow/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-mlflow -version: 0.7.3 +version: 0.7.5 description: "An Azure TRE service for MLflow machine learning lifecycle" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/mlflow/terraform/postgresql.tf b/templates/workspace_services/mlflow/terraform/postgresql.tf index b45d31cfb9..a71d4acb7a 100644 --- a/templates/workspace_services/mlflow/terraform/postgresql.tf +++ b/templates/workspace_services/mlflow/terraform/postgresql.tf @@ -25,6 +25,8 @@ resource "azurerm_key_vault_secret" "postgresql_admin_username" { value = random_string.username.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "postgresql_admin_password" { @@ -32,6 +34,8 @@ resource "azurerm_key_vault_secret" "postgresql_admin_password" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_postgresql_server" "mlflow" { @@ -54,6 +58,8 @@ resource "azurerm_postgresql_server" "mlflow" { public_network_access_enabled = false ssl_enforcement_enabled = true ssl_minimal_tls_version_enforced = "TLS1_2" + + lifecycle { ignore_changes = [tags] } } resource "azurerm_postgresql_database" "mlflow" { diff --git a/templates/workspace_services/mlflow/terraform/web_app.tf b/templates/workspace_services/mlflow/terraform/web_app.tf index a65f35057b..553e82a431 100644 --- a/templates/workspace_services/mlflow/terraform/web_app.tf +++ b/templates/workspace_services/mlflow/terraform/web_app.tf @@ -132,6 +132,8 @@ resource "azurerm_private_endpoint" "mlflow" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_access_policy" "mlflow" { diff --git a/templates/workspace_services/mysql/porter.yaml b/templates/workspace_services/mysql/porter.yaml index 0fcd98d0ee..643c340d7d 100644 --- a/templates/workspace_services/mysql/porter.yaml +++ b/templates/workspace_services/mysql/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-mysql -version: 0.4.2 +version: 0.4.4 description: "A MySQL workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/mysql/terraform/mysql.tf b/templates/workspace_services/mysql/terraform/mysql.tf index 8ea87e00c9..9c0f387392 100644 --- a/templates/workspace_services/mysql/terraform/mysql.tf +++ b/templates/workspace_services/mysql/terraform/mysql.tf @@ -62,4 +62,6 @@ resource "azurerm_key_vault_secret" "db_password" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.workspace_service_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/ohdsi/porter.yaml b/templates/workspace_services/ohdsi/porter.yaml index 8c8cdfd51d..855fb19b18 100644 --- a/templates/workspace_services/ohdsi/porter.yaml +++ b/templates/workspace_services/ohdsi/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-ohdsi -version: 0.2.1 +version: 0.2.3 description: "An OHDSI workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/ohdsi/terraform/atlas_database.tf b/templates/workspace_services/ohdsi/terraform/atlas_database.tf index 8dc7b059e5..fbbd4e46bb 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_database.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_database.tf @@ -18,6 +18,8 @@ resource "azurerm_key_vault_secret" "postgres_admin_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.postgres_admin_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "postgres_webapi_admin_password" { @@ -25,6 +27,8 @@ resource "azurerm_key_vault_secret" "postgres_webapi_admin_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.postgres_webapi_admin_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "postgres_webapi_app_password" { @@ -32,6 +36,8 @@ resource "azurerm_key_vault_secret" "postgres_webapi_app_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.postgres_webapi_app_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_network_security_group" "postgres" { @@ -161,6 +167,8 @@ resource "azurerm_postgresql_flexible_server" "postgres" { depends_on = [ terraform_data.postgres_subnet_wait, ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_postgresql_flexible_server_database" "db" { diff --git a/templates/workspace_services/ohdsi/terraform/atlas_security.tf b/templates/workspace_services/ohdsi/terraform/atlas_security.tf index 131a7b9efd..0dd1fc3083 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_security.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_security.tf @@ -8,6 +8,8 @@ resource "azurerm_key_vault_secret" "atlas_security_admin_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.atlas_security_admin_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "terraform_data" "deployment_atlas_security" { diff --git a/templates/workspace_services/ohdsi/terraform/atlas_ui.tf b/templates/workspace_services/ohdsi/terraform/atlas_ui.tf index e15b643015..d4e4c38eea 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_ui.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_ui.tf @@ -71,6 +71,8 @@ resource "azurerm_linux_web_app" "atlas_ui" { ] tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_endpoint" "atlas_ui_private_endpoint" { @@ -91,6 +93,8 @@ resource "azurerm_private_endpoint" "atlas_ui_private_endpoint" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_diagnostic_setting" "atlas_ui" { diff --git a/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf b/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf index 534f880980..6e1d96c35e 100644 --- a/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf +++ b/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf @@ -3,6 +3,8 @@ resource "azurerm_key_vault_secret" "jdbc_connection_string_webapi_admin" { key_vault_id = data.azurerm_key_vault.ws.id value = "jdbc:postgresql://${azurerm_postgresql_flexible_server.postgres.fqdn}:5432/${local.postgres_webapi_database_name}?user=${local.postgres_webapi_admin_username}&password=${azurerm_key_vault_secret.postgres_webapi_admin_password.value}&sslmode=require" tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_user_assigned_identity" "ohdsi_webapi_id" { @@ -10,6 +12,8 @@ resource "azurerm_user_assigned_identity" "ohdsi_webapi_id" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_access_policy" "ohdsi_webapi" { @@ -112,6 +116,8 @@ resource "azurerm_linux_web_app" "ohdsi_webapi" { depends_on = [ terraform_data.deployment_ohdsi_webapi_init ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_endpoint" "webapi_private_endpoint" { @@ -132,6 +138,8 @@ resource "azurerm_private_endpoint" "webapi_private_endpoint" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_diagnostic_setting" "ohdsi_webapi" { diff --git a/templates/workspaces/airlock-import-review/porter.yaml b/templates/workspaces/airlock-import-review/porter.yaml index e22cc54c05..94a55488bf 100644 --- a/templates/workspaces/airlock-import-review/porter.yaml +++ b/templates/workspaces/airlock-import-review/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-airlock-import-review -version: 0.11.4 +version: 0.11.6 description: "A workspace to do Airlock Data Import Reviews for Azure TRE" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 8fc148e2d3..9156afe8ed 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-base -version: 1.4.5 +version: 1.4.7 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspaces/base/terraform/aad/aad.tf b/templates/workspaces/base/terraform/aad/aad.tf index ca6c26b8af..031f32b5a0 100644 --- a/templates/workspaces/base/terraform/aad/aad.tf +++ b/templates/workspaces/base/terraform/aad/aad.tf @@ -110,6 +110,8 @@ resource "azurerm_key_vault_secret" "client_id" { value = azuread_application.workspace.application_id key_vault_id = var.key_vault_id tags = var.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "client_secret" { @@ -117,6 +119,8 @@ resource "azurerm_key_vault_secret" "client_secret" { value = azuread_service_principal_password.workspace.value key_vault_id = var.key_vault_id tags = var.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } } resource "azuread_app_role_assignment" "workspace_owner" { diff --git a/templates/workspaces/base/terraform/appserviceplan.tf b/templates/workspaces/base/terraform/appserviceplan.tf index 5cbafd84c6..f3c1c51423 100644 --- a/templates/workspaces/base/terraform/appserviceplan.tf +++ b/templates/workspaces/base/terraform/appserviceplan.tf @@ -7,4 +7,6 @@ resource "azurerm_service_plan" "workspace" { os_type = "Linux" sku_name = var.app_service_plan_sku tags = local.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf b/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf index 88ee111771..49acc8a4fe 100644 --- a/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf +++ b/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf @@ -73,6 +73,8 @@ resource "azapi_resource" "ampls_workspace" { "id" ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_private_link_scoped_service" "ampls_log_anaytics" { @@ -124,6 +126,8 @@ resource "azapi_resource" "appinsights" { "id", "properties.ConnectionString", ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_private_link_scoped_service" "ampls_app_insights" { diff --git a/templates/workspaces/base/terraform/keyvault.tf b/templates/workspaces/base/terraform/keyvault.tf index 0441c45f01..6f74b4b974 100644 --- a/templates/workspaces/base/terraform/keyvault.tf +++ b/templates/workspaces/base/terraform/keyvault.tf @@ -118,6 +118,8 @@ resource "azurerm_key_vault_secret" "aad_tenant_id" { azurerm_key_vault_access_policy.resource_processor, terraform_data.wait_for_dns_vault ] + + lifecycle { ignore_changes = [tags] } } # This secret only gets written if Terraform is not responsible for @@ -133,6 +135,8 @@ resource "azurerm_key_vault_secret" "client_id" { azurerm_key_vault_access_policy.resource_processor, terraform_data.wait_for_dns_vault ] + + lifecycle { ignore_changes = [tags] } } data "azurerm_key_vault_secret" "client_secret" { @@ -154,4 +158,6 @@ resource "azurerm_key_vault_secret" "client_secret" { azurerm_key_vault_access_policy.resource_processor, terraform_data.wait_for_dns_vault ] + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspaces/unrestricted/porter.yaml b/templates/workspaces/unrestricted/porter.yaml index 0fda4d5266..1c0b9b553f 100644 --- a/templates/workspaces/unrestricted/porter.yaml +++ b/templates/workspaces/unrestricted/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-unrestricted -version: 0.10.3 +version: 0.10.4 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre