Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for deployment in Azure Government Cloud (lzs) #525

Merged
merged 24 commits into from
Jan 7, 2025
+181 −8
Merged

Support for deployment in Azure Government Cloud (lzs) #525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
e4a2a75
add configuration for azure environment
bennettn4 Oct 22, 2024
96f92ed
Update application.yml
bennettn4 Oct 22, 2024
ba0a805
spotless
jsaun Oct 22, 2024
9b24a8b
Update settings.gradle
jsaun Oct 22, 2024
1556167
Update build.gradle
bennettn4 Oct 23, 2024
313222f
maven local
bennettn4 Oct 23, 2024
7f52d67
Update build.gradle
bennettn4 Oct 23, 2024
5f75618
Update CreatePostgresqlDNSStep.java
bennettn4 Oct 29, 2024
3b017a8
Update CreateBatchLogSettingsStep.java
bennettn4 Oct 29, 2024
a7c7ef2
Update CreateBatchLogSettingsStep.java
bennettn4 Oct 29, 2024
e20b82e
Update CreateBatchLogSettingsStep.java
bennettn4 Oct 29, 2024
8250c40
Updates
jsaun Nov 12, 2024
d6ce418
update azure gov values
bennettn4 Nov 18, 2024
1a356c8
Include federated identity step
jsaun Nov 18, 2024
32a11ba
Fix
jsaun Nov 18, 2024
8db710c
Merge branch 'bennett/azure-gov-update' into jsaun/ref-lz-update
bennettn4 Nov 19, 2024
2e3557d
spotless
jsaun Nov 21, 2024
bd69ff6
Merge branch 'jsaun/ref-lz-update' of https://github.com/DataBiospher…
jsaun Nov 21, 2024
edf400b
Spotless again
jsaun Nov 21, 2024
6033a51
Update settings.gradle
jsaun Dec 17, 2024
aa1e0ba
Update CreateBatchLogSettingsStep.java
jsaun Dec 17, 2024
7ed15c2
Update CreatePostgresDNSStepTest.java
jsaun Dec 17, 2024
f1bb6b0
Update CreatePostgresDNSStepTest.java
jsaun Dec 17, 2024
3919e53
whitespace
jsaun Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions library/src/main/java/bio/terra/landingzone/common/utils/LandingZoneFlightBeanBag.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import bio.terra.landingzone.library.AzureCredentialsProvider;
import bio.terra.landingzone.library.LandingZoneManagerProvider;
import bio.terra.landingzone.library.configuration.AzureCustomerUsageConfiguration;
import bio.terra.landingzone.library.configuration.LandingZoneAzureConfiguration;
import bio.terra.landingzone.library.configuration.LandingZoneProtectedDataConfiguration;
import bio.terra.landingzone.library.configuration.LandingZoneTestingConfiguration;
import bio.terra.landingzone.service.bpm.LandingZoneBillingProfileManagerService;
Expand All @@ -28,6 +29,7 @@ public class LandingZoneFlightBeanBag {
private final ParametersResolverProvider parametersResolverProvider;
private final AzureCustomerUsageConfiguration azureCustomerUsageConfiguration;
private final AzureCredentialsProvider azureCredentialsProvider;
private final LandingZoneAzureConfiguration azureConfiguration;

@Lazy
@Autowired
Expand All @@ -42,6 +44,7 @@ public LandingZoneFlightBeanBag(
ParametersResolverProvider parametersResolverProvider,
AzureCustomerUsageConfiguration azureCustomerUsageConfiguration,
AzureCredentialsProvider azureCredentialsProvider,
LandingZoneAzureConfiguration azureConfiguration,
ObjectMapper objectMapper) {
this.landingZoneService = landingZoneService;
this.landingZoneDao = landingZoneDao;
Expand All @@ -53,6 +56,7 @@ public LandingZoneFlightBeanBag(
this.parametersResolverProvider = parametersResolverProvider;
this.azureCustomerUsageConfiguration = azureCustomerUsageConfiguration;
this.azureCredentialsProvider = azureCredentialsProvider;
this.azureConfiguration = azureConfiguration;
this.objectMapper = objectMapper;
}

Expand Down Expand Up @@ -103,4 +107,8 @@ public AzureCustomerUsageConfiguration getAzureCustomerUsageConfiguration() {
public AzureCredentialsProvider getAzureCredentialsProvider() {
return azureCredentialsProvider;
}

public LandingZoneAzureConfiguration getAzureConfiguration() {
return azureConfiguration;
}
}
5 changes: 4 additions & 1 deletion library/src/main/java/bio/terra/landingzone/library/AzureCredentialsProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,15 @@ public TokenCredential getTokenCredential() {
&& Objects.nonNull(azureConfiguration.getManagedAppClientSecret())
&& Objects.nonNull(azureConfiguration.getManagedAppClientId())) {
return new ClientSecretCredentialBuilder()
.authorityHost(azureConfiguration.getAzureEnvironment().getActiveDirectoryEndpoint())
.clientId(azureConfiguration.getManagedAppClientId())
.clientSecret(azureConfiguration.getManagedAppClientSecret())
.tenantId(azureConfiguration.getManagedAppTenantId())
.build();
}

return new DefaultAzureCredentialBuilder().build();
return new DefaultAzureCredentialBuilder()
.authorityHost(azureConfiguration.getAzureEnvironment().getActiveDirectoryEndpoint())
.build();
}
}
9 changes: 6 additions & 3 deletions library/src/main/java/bio/terra/landingzone/library/LandingZoneManagerProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package bio.terra.landingzone.library;

import bio.terra.landingzone.library.configuration.AzureCustomerUsageConfiguration;
import bio.terra.landingzone.library.configuration.LandingZoneAzureConfiguration;
import bio.terra.landingzone.library.landingzones.management.LandingZoneManager;
import bio.terra.landingzone.model.LandingZoneTarget;
import com.azure.core.credential.TokenCredential;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.resourcemanager.AzureResourceManager;
import org.jetbrains.annotations.NotNull;
Expand All @@ -15,13 +15,16 @@
public class LandingZoneManagerProvider {
private AzureCustomerUsageConfiguration azureCustomerUsageConfiguration;
private final AzureCredentialsProvider azureCredentialsProvider;
private final LandingZoneAzureConfiguration azureConfiguration;

@Autowired
public LandingZoneManagerProvider(
AzureCustomerUsageConfiguration azureCustomerUsageConfiguration,
AzureCredentialsProvider azureCredentialsProvider) {
AzureCredentialsProvider azureCredentialsProvider,
LandingZoneAzureConfiguration azureConfiguration) {
this.azureCustomerUsageConfiguration = azureCustomerUsageConfiguration;
this.azureCredentialsProvider = azureCredentialsProvider;
this.azureConfiguration = azureConfiguration;
}

public LandingZoneManager createLandingZoneManager(LandingZoneTarget landingZoneTarget) {
Expand All @@ -38,7 +41,7 @@ public AzureProfile createAzureProfile(LandingZoneTarget landingZoneTarget) {
return new AzureProfile(
landingZoneTarget.azureTenantId(),
landingZoneTarget.azureSubscriptionId(),
AzureEnvironment.AZURE);
azureConfiguration.getAzureEnvironment());
}

public AzureResourceManager createAzureResourceManagerClient(
Expand Down
19 changes: 19 additions & 0 deletions .../main/java/bio/terra/landingzone/library/configuration/LandingZoneAzureConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package bio.terra.landingzone.library.configuration;

import com.azure.core.management.AzureEnvironment;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;

Expand All @@ -10,6 +11,7 @@ public class LandingZoneAzureConfiguration {
private String managedAppClientId;
private String managedAppClientSecret;
private String managedAppTenantId;
private String azureEnvironment;

public String getManagedAppClientId() {
return managedAppClientId;
Expand All @@ -34,4 +36,21 @@ public String getManagedAppTenantId() {
public void setManagedAppTenantId(String managedAppTenantId) {
this.managedAppTenantId = managedAppTenantId;
}

// AzureCloud or AzureUSGovernmentCloud
public AzureEnvironment getAzureEnvironment() {
switch (azureEnvironment) {
case "AzureCloud":
return AzureEnvironment.AZURE;
case "AzureUSGovernmentCloud":
return AzureEnvironment.AZURE_US_GOVERNMENT;
default:
throw new IllegalArgumentException(
String.format("Unknown Azure environment: %s", azureEnvironment));
}
}

public void setAzureEnvironment(String azureEnvironment) {
this.azureEnvironment = azureEnvironment;
}
}
8 changes: 7 additions & 1 deletion ...brary/landingzones/definition/factories/ReferencedLandingZoneStepsDefinitionProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,12 @@ public List<Pair<Step, RetryRule>> get(
Pair.of(new ReferencedBatchStep(armManagers), RetryRules.cloud()),
Pair.of(new ReferencedStorageStep(armManagers), RetryRules.cloud()),
Pair.of(new ReferencedRelayNamespaceStep(armManagers), RetryRules.cloud()),
Pair.of(new ReferencedAppInsightsStep(armManagers), RetryRules.cloud()));
Pair.of(new ReferencedManagedIdentityStep(armManagers), RetryRules.cloud()),
Pair.of(new ReferencedPostgresqlServerStep(armManagers), RetryRules.cloud()),
Pair.of(new ReferencedAppInsightsStep(armManagers), RetryRules.cloud()),
Pair.of(
new CreateLandingZoneFederatedIdentityStep(
armManagers, new KubernetesClientProviderImpl()),
RetryRules.cloud()));
}
}
3 changes: 1 addition & 2 deletions ...y/src/main/java/bio/terra/landingzone/stairway/flight/create/CreateLandingZoneFlight.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
import bio.terra.landingzone.stairway.flight.exception.LandingZoneCreateException;
import bio.terra.profile.model.ProfileModel;
import bio.terra.stairway.*;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import java.util.UUID;

Expand Down Expand Up @@ -112,7 +111,7 @@ protected ArmManagers getArmManagers(
new AzureProfile(
landingZoneTarget.azureTenantId(),
landingZoneTarget.azureSubscriptionId(),
AzureEnvironment.AZURE);
flightBeanBag.getAzureConfiguration().getAzureEnvironment());
return LandingZoneManager.createArmManagers(
flightBeanBag.getAzureCredentialsProvider().getTokenCredential(),
azureProfile,
Expand Down
2 changes: 2 additions & 0 deletions ...bio/terra/landingzone/stairway/flight/create/reference/resource/step/ArmResourceType.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ public enum ArmResourceType {
POSTGRES_FLEXIBLE("Microsoft.DBforPostgreSQL/flexibleServers"),
BATCH("Microsoft.Batch/batchAccounts"),
APP_INSIGHTS("Microsoft.Insights/components"),
MANAGED_IDENTITY("Microsoft.ManagedIdentity/userAssignedIdentities"),
PRIVATE_DNS_ZONE("Microsoft.Network/privateDnsZones"),
RELAY_NAMESPACE("Microsoft.Relay/namespaces");

private final String value;
Expand Down
5 changes: 5 additions & 0 deletions ...andingzone/stairway/flight/create/reference/resource/step/BaseReferencedResourceStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,10 +96,15 @@ private void tagReferencedResourceAndSetContext(FlightContext context) {
getArmResourceType(), getMRGName(context))));

setLandingZoneResourceTags(context, resource);
updateWorkingMap(context, armManagers, resource.id());

context.getWorkingMap().put(REFERENCED_RESOURCE_ID, resource.id());
}

// Optional hook for subclasses
protected void updateWorkingMap(
FlightContext context, ArmManagers armManagers, String resourceId) {}

private void setLandingZoneResourceTags(FlightContext context, GenericResource genericResource) {

UUID lzId = getLandingZoneId(context);
Expand Down
27 changes: 27 additions & 0 deletions ...o/terra/landingzone/stairway/flight/create/reference/resource/step/ReferencedAksStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
package bio.terra.landingzone.stairway.flight.create.reference.resource.step;

import static bio.terra.landingzone.stairway.flight.create.resource.step.CreateAksStep.AKS_OIDC_ISSUER_URL;
import static bio.terra.landingzone.stairway.flight.create.resource.step.CreateAksStep.AKS_RESOURCE_KEY;

import bio.terra.landingzone.library.landingzones.definition.ArmManagers;
import bio.terra.landingzone.service.landingzone.azure.model.LandingZoneResource;
import bio.terra.stairway.FlightContext;

public class ReferencedAksStep extends SharedReferencedResourceStep {

Expand All @@ -12,4 +17,26 @@ public ReferencedAksStep(ArmManagers armManagers) {
protected ArmResourceType getArmResourceType() {
return ArmResourceType.AKS;
}

@Override
protected void updateWorkingMap(
FlightContext context, ArmManagers armManagers, String resourceId) {
var aks = armManagers.azureResourceManager().kubernetesClusters().getById(resourceId);

context
.getWorkingMap()
.put(AKS_OIDC_ISSUER_URL, aks.innerModel().oidcIssuerProfile().issuerUrl());

context
.getWorkingMap()
.put(
AKS_RESOURCE_KEY,
LandingZoneResource.builder()
.resourceId(aks.id())
.resourceType(aks.type())
.tags(aks.tags())
.region(aks.regionName())
.resourceName(aks.name())
.build());
}
}
39 changes: 39 additions & 0 deletions ...ingzone/stairway/flight/create/reference/resource/step/ReferencedManagedIdentityStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package bio.terra.landingzone.stairway.flight.create.reference.resource.step;

import static bio.terra.landingzone.stairway.flight.create.resource.step.CreateLandingZoneIdentityStep.LANDING_ZONE_IDENTITY_CLIENT_ID;
import static bio.terra.landingzone.stairway.flight.create.resource.step.CreateLandingZoneIdentityStep.LANDING_ZONE_IDENTITY_RESOURCE_KEY;

import bio.terra.landingzone.library.landingzones.definition.ArmManagers;
import bio.terra.landingzone.service.landingzone.azure.model.LandingZoneResource;
import bio.terra.stairway.FlightContext;

public class ReferencedManagedIdentityStep extends SharedReferencedResourceStep {
public ReferencedManagedIdentityStep(ArmManagers armManagers) {
super(armManagers);
}

@Override
protected ArmResourceType getArmResourceType() {
return ArmResourceType.MANAGED_IDENTITY;
}

@Override
protected void updateWorkingMap(
FlightContext context, ArmManagers armManagers, String resourceId) {
var uami = armManagers.azureResourceManager().identities().getById(resourceId);

context.getWorkingMap().put(LANDING_ZONE_IDENTITY_CLIENT_ID, uami.clientId());

context
.getWorkingMap()
.put(
LANDING_ZONE_IDENTITY_RESOURCE_KEY,
LandingZoneResource.builder()
.resourceId(uami.id())
.resourceType(uami.type())
.tags(uami.tags())
.region(uami.regionName())
.resourceName(uami.name())
.build());
}
}
14 changes: 14 additions & 0 deletions ...ngzone/stairway/flight/create/reference/resource/step/ReferencedPostgresqlServerStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package bio.terra.landingzone.stairway.flight.create.reference.resource.step;

import bio.terra.landingzone.library.landingzones.definition.ArmManagers;

public class ReferencedPostgresqlServerStep extends SharedReferencedResourceStep {
public ReferencedPostgresqlServerStep(ArmManagers armManagers) {
super(armManagers);
}

@Override
protected ArmResourceType getArmResourceType() {
return ArmResourceType.POSTGRES_FLEXIBLE;
}
}
14 changes: 14 additions & 0 deletions .../landingzone/stairway/flight/create/reference/resource/step/ReferencedPrivateDNSStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package bio.terra.landingzone.stairway.flight.create.reference.resource.step;

import bio.terra.landingzone.library.landingzones.definition.ArmManagers;

public class ReferencedPrivateDNSStep extends SharedReferencedResourceStep {
public ReferencedPrivateDNSStep(ArmManagers armManagers) {
super(armManagers);
}

@Override
protected ArmResourceType getArmResourceType() {
return ArmResourceType.PRIVATE_DNS_ZONE;
}
}
12 changes: 12 additions & 0 deletions ...io/terra/landingzone/stairway/flight/create/resource/step/CreateBatchLogSettingsStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import bio.terra.landingzone.stairway.flight.ResourceNameRequirements;
import bio.terra.stairway.FlightContext;
import bio.terra.stairway.StepResult;
import com.azure.resourcemanager.monitor.models.DiagnosticSettingsCategory;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
Expand Down Expand Up @@ -37,6 +38,17 @@ protected void createResource(FlightContext context, ArmManagers armManagers) {
String.class);

var batchLogSettingsName = resourceNameProvider.getName(getResourceType());

for (DiagnosticSettingsCategory diagnosticSettingsCategory :
armManagers
.monitorManager()
.diagnosticSettings()
.listCategoriesByResource(batchAccountId)) {
logger.info(
"Currently valid diagnostic settings category for batch in current azure Environment :"
+ diagnosticSettingsCategory.name());
}

var batchLogSettings =
armManagers
.monitorManager()
Expand Down
14 changes: 13 additions & 1 deletion ...ra/landingzone/stairway/flight/create/resource/step/postgres/CreatePostgresqlDNSStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package bio.terra.landingzone.stairway.flight.create.resource.step.postgres;

import bio.terra.landingzone.common.utils.LandingZoneFlightBeanBag;
import bio.terra.landingzone.library.landingzones.definition.ArmManagers;
import bio.terra.landingzone.library.landingzones.definition.ResourceNameGenerator;
import bio.terra.landingzone.library.landingzones.deployment.LandingZoneTagKeys;
Expand All @@ -9,6 +10,7 @@
import bio.terra.landingzone.stairway.flight.ResourceNameRequirements;
import bio.terra.landingzone.stairway.flight.create.resource.step.BaseResourceCreateStep;
import bio.terra.stairway.FlightContext;
import com.azure.core.management.AzureEnvironment;
import java.util.List;
import java.util.Map;
import java.util.Optional;
Expand All @@ -21,6 +23,8 @@ public class CreatePostgresqlDNSStep extends BaseResourceCreateStep {
public static final String POSTGRESQL_DNS_ID = "POSTGRESQL_DNS_ID";
public static final String POSTGRESQL_DNS_RESOURCE_KEY = "POSTGRESQL_DNS";
public static final String POSTGRES_DNS_SUFFIX = ".private.postgres.database.azure.com";
public static final String POSTGRES_DNS_SUFFIX_GOV =
".private.postgres.database.usgovcloudapi.net";

public CreatePostgresqlDNSStep(
ArmManagers armManagers, ResourceNameProvider resourceNameProvider) {
Expand All @@ -29,17 +33,25 @@ public CreatePostgresqlDNSStep(

@Override
protected void createResource(FlightContext context, ArmManagers armManagers) {
var beanBag = LandingZoneFlightBeanBag.getFromObject(context.getApplicationContext());
var azureEnvironment = beanBag.getAzureConfiguration().getAzureEnvironment();

var landingZoneId =
getParameterOrThrow(
context.getInputParameters(), LandingZoneFlightMapKeys.LANDING_ZONE_ID, UUID.class);

var dnsZoneName = resourceNameProvider.getName(getResourceType());

String postgresDnsSuffixForEnvironment =
azureEnvironment == AzureEnvironment.AZURE_US_GOVERNMENT
? POSTGRES_DNS_SUFFIX_GOV
: POSTGRES_DNS_SUFFIX;

var dns =
armManagers
.azureResourceManager()
.privateDnsZones()
.define(dnsZoneName + POSTGRES_DNS_SUFFIX)
.define(dnsZoneName + postgresDnsSuffixForEnvironment)
.withExistingResourceGroup(getMRGName(context))
.withTags(
Map.of(LandingZoneTagKeys.LANDING_ZONE_ID.toString(), landingZoneId.toString()))
Expand Down
Loading
Loading