TES-307: Removed data sources

main.tf

@@ -67,45 +67,41 @@ module "address" {
   source = "./modules/address"
 
   resource_name_prefix = var.resource_name_prefix
+  location             = var.location
   resource_group_name  = azurerm_resource_group.graphdb.name
   zones                = var.zones
 
   tags = local.tags
-
-  depends_on = [azurerm_resource_group.graphdb]
 }
 
 # Creates a user assigned identity which will be provided to GraphDB VMs.
 module "identity" {
   source = "./modules/identity"
 
   resource_name_prefix = var.resource_name_prefix
+  location             = var.location
   resource_group_name  = azurerm_resource_group.graphdb.name
 
   tags = local.tags
-
-  depends_on = [azurerm_resource_group.graphdb]
 }
 
 # Creates Key Vault for secure storage of GraphDB configurations and secrets
 module "vault" {
   source = "./modules/vault"
 
   resource_name_prefix = var.resource_name_prefix
+  location             = var.location
   resource_group_name  = azurerm_resource_group.graphdb.name
 
   tags = local.tags
-
-  depends_on = [azurerm_resource_group.graphdb]
 }
 
 # Managed GraphDB configurations in the Key Vault
 module "configuration" {
   source = "./modules/configuration"
 
-  resource_group_name = azurerm_resource_group.graphdb.name
-  identity_name       = module.identity.identity_name
-  key_vault_name      = module.vault.key_vault_name
+  key_vault_id          = module.vault.key_vault_id
+  identity_principal_id = module.identity.identity_principal_id
 
   graphdb_license_path    = var.graphdb_license_path
   graphdb_cluster_token   = var.graphdb_cluster_token
@@ -114,52 +110,45 @@ module "configuration" {
 
   tags = local.tags
 
-  depends_on = [
-    azurerm_resource_group.graphdb,
-    # Wait for complete module creation
-    module.vault
-  ]
+  # Wait for role assignments
+  depends_on = [module.vault]
 }
 
 # Creates a TLS certificate secret in the Key Vault and related identity
 module "tls" {
   source = "./modules/tls"
 
   resource_name_prefix = var.resource_name_prefix
+  location             = var.location
   resource_group_name  = azurerm_resource_group.graphdb.name
 
-  key_vault_name           = module.vault.key_vault_name
+  key_vault_id             = module.vault.key_vault_id
   tls_certificate          = filebase64(var.tls_certificate_path)
   tls_certificate_password = var.tls_certificate_password
 
   tags = local.tags
 
-  depends_on = [azurerm_resource_group.graphdb, module.identity, module.vault]
+  # Wait for role assignments
+  depends_on = [module.identity, module.vault]
 }
 
 # Creates a public application gateway for forwarding internet traffic to the GraphDB proxies
 module "application_gateway" {
   source = "./modules/gateway"
 
-  resource_name_prefix   = var.resource_name_prefix
-  resource_group_name    = azurerm_resource_group.graphdb.name
-  network_interface_name = azurerm_virtual_network.graphdb.name
-
-  gateway_subnet_name = azurerm_subnet.graphdb-gateway.name
+  resource_name_prefix = var.resource_name_prefix
+  location             = var.location
+  resource_group_name  = azurerm_resource_group.graphdb.name
 
-  gateway_public_ip_name            = module.address.public_ip_address_name
-  gateway_identity_name             = module.tls.tls_identity_name
+  gateway_subnet_id                 = azurerm_subnet.graphdb-gateway.id
+  gateway_public_ip_id              = module.address.public_ip_address_id
+  gateway_identity_id               = module.tls.tls_identity_id
   gateway_tls_certificate_secret_id = module.tls.tls_certificate_key_vault_secret_id
 
   tags = local.tags
 
-  depends_on = [
-    azurerm_resource_group.graphdb,
-    azurerm_virtual_network.graphdb,
-    azurerm_subnet.graphdb-vmss,
-    module.address,
-    module.tls
-  ]
+  # Wait for role assignments
+  depends_on = [module.tls]
 }
 
 # Module for resolving the GraphDB shared image ID
@@ -177,36 +166,36 @@ module "bastion" {
   source = "./modules/bastion"
 
   resource_group_name           = azurerm_resource_group.graphdb.name
+  location                      = var.location
   virtual_network_name          = azurerm_virtual_network.graphdb.name
   resource_name_prefix          = var.resource_name_prefix
   bastion_subnet_address_prefix = var.bastion_subnet_address_prefix
 
   tags = local.tags
-
-  depends_on = [
-    azurerm_resource_group.graphdb,
-    azurerm_virtual_network.graphdb
-  ]
 }
 
 # Creates a VM scale set for GraphDB and GraphDB cluster proxies
 module "vm" {
   source = "./modules/vm"
 
-  resource_name_prefix   = var.resource_name_prefix
-  resource_group_name    = azurerm_resource_group.graphdb.name
-  network_interface_name = azurerm_virtual_network.graphdb.name
-  zones                  = var.zones
+  resource_name_prefix = var.resource_name_prefix
+  location             = var.location
+  resource_group_name  = azurerm_resource_group.graphdb.name
+  resource_group_id    = azurerm_resource_group.graphdb.id
+  zones                = var.zones
+
+  graphdb_subnet_id   = azurerm_subnet.graphdb-vmss.id
+  graphdb_subnet_cidr = one(azurerm_subnet.graphdb-vmss.address_prefixes)
 
-  graphdb_subnet_name                          = azurerm_subnet.graphdb-vmss.name
+  identity_id                                  = module.identity.identity_id
+  identity_principal_id                        = module.identity.identity_principal_id
   application_gateway_backend_address_pool_ids = [module.application_gateway.gateway_backend_address_pool_id]
-  identity_name                                = module.identity.identity_name
-  key_vault_name                               = module.vault.key_vault_name
 
+  # Configurations for the user data script
   graphdb_external_address_fqdn = module.address.public_ip_address_fqdn
-
-  data_disk_performance_tier = var.data_disk_performance_tier
-  disk_size_gb               = var.disk_size_gb
+  key_vault_name                = module.vault.key_vault_name
+  data_disk_performance_tier    = var.data_disk_performance_tier
+  disk_size_gb                  = var.disk_size_gb
 
   instance_type     = var.instance_type
   image_id          = module.graphdb_image.image_id
@@ -218,11 +207,6 @@ module "vm" {
 
   tags = local.tags
 
-  depends_on = [
-    azurerm_resource_group.graphdb,
-    azurerm_virtual_network.graphdb,
-    azurerm_subnet.graphdb-vmss,
-    # Needed because the license is being created at the same time as the machines.
-    module.configuration
-  ]
+  # Wait for configurations to be created in the key vault and roles to be assigned
+  depends_on = [module.configuration]
 }

modules/address/main.tf

@@ -1,12 +1,3 @@
-data "azurerm_resource_group" "graphdb" {
-  name = var.resource_group_name
-}
-
-locals {
-  resource_group = data.azurerm_resource_group.graphdb.name
-  location       = data.azurerm_resource_group.graphdb.location
-}
-
 resource "random_string" "fqdn" {
   length  = 6
   special = false
@@ -16,8 +7,8 @@ resource "random_string" "fqdn" {
 
 resource "azurerm_public_ip" "graphdb-public-ip-address" {
   name                = "${var.resource_name_prefix}-public-address"
-  resource_group_name = local.resource_group
-  location            = local.location
+  resource_group_name = var.resource_group_name
+  location            = var.location
 
   sku               = "Standard"
   allocation_method = "Static"

modules/address/outputs.tf

@@ -3,6 +3,11 @@ output "public_ip_address_name" {
   value       = azurerm_public_ip.graphdb-public-ip-address.name
 }
 
+output "public_ip_address_id" {
+  description = "Name of the public IP address"
+  value       = azurerm_public_ip.graphdb-public-ip-address.id
+}
+
 output "public_ip_address_fqdn" {
   description = "The assigned FQDN of the public IP address"
   value       = azurerm_public_ip.graphdb-public-ip-address.fqdn

modules/address/variables.tf

@@ -5,6 +5,11 @@ variable "resource_name_prefix" {
   type        = string
 }
 
+variable "location" {
+  description = "Azure geographical location where resources will be deployed"
+  type        = string
+}
+
 variable "zones" {
   description = "Availability zones for the public IP address."
   type        = list(number)

modules/bastion/README.md

@@ -0,0 +1 @@
+# GraphDB Bastion Module

modules/bastion/main.tf

@@ -1,37 +1,29 @@
-data "azurerm_resource_group" "graphdb" {
-  name = var.resource_group_name
-}
-
-data "azurerm_virtual_network" "graphdb" {
-  name                = var.virtual_network_name
-  resource_group_name = data.azurerm_resource_group.graphdb.name
-}
-
-resource "azurerm_subnet" "subnet" {
+resource "azurerm_subnet" "graphdb-bastion-subnet" {
   name                 = "AzureBastionSubnet"
-  resource_group_name  = data.azurerm_resource_group.graphdb.name
-  virtual_network_name = data.azurerm_virtual_network.graphdb.name
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = var.virtual_network_name
   address_prefixes     = var.bastion_subnet_address_prefix
 }
 
-resource "azurerm_public_ip" "publicIP" {
+resource "azurerm_public_ip" "graphdb-bastion-public-ip" {
   name                = "${var.resource_name_prefix}_bastion_publicIP"
-  location            = data.azurerm_resource_group.graphdb.location
-  resource_group_name = data.azurerm_resource_group.graphdb.name
+  location            = var.location
+  resource_group_name = var.resource_group_name
   allocation_method   = "Static"
   sku                 = "Standard"
   tags                = var.tags
 }
 
-resource "azurerm_bastion_host" "bastionHost" {
+resource "azurerm_bastion_host" "graphdb-bastion-host" {
   name                = "${var.resource_name_prefix}_bastion"
-  location            = data.azurerm_resource_group.graphdb.location
-  resource_group_name = data.azurerm_resource_group.graphdb.name
-  tags                = var.tags
+  location            = var.location
+  resource_group_name = var.resource_group_name
 
   ip_configuration {
     name                 = "configuration"
-    subnet_id            = azurerm_subnet.subnet.id
-    public_ip_address_id = azurerm_public_ip.publicIP.id
+    subnet_id            = azurerm_subnet.graphdb-bastion-subnet.id
+    public_ip_address_id = azurerm_public_ip.graphdb-bastion-public-ip.id
   }
+
+  tags = var.tags
 }

modules/bastion/variables.tf

@@ -1,12 +1,12 @@
 # Common configurations
 
-variable "resource_group_name" {
-  description = "Name of the resource group where Bastion will be deployed."
+variable "resource_name_prefix" {
+  description = "Resource name prefix"
   type        = string
 }
 
-variable "resource_name_prefix" {
-  description = "Resource name prefix"
+variable "location" {
+  description = "Azure geographical location where resources will be deployed"
   type        = string
 }
 
@@ -16,6 +16,11 @@ variable "tags" {
   default     = {}
 }
 
+variable "resource_group_name" {
+  description = "Name of the resource group where Bastion will be deployed."
+  type        = string
+}
+
 # Networking
 
 variable "virtual_network_name" {

modules/configuration/main.tf

@@ -1,13 +1,3 @@
-data "azurerm_user_assigned_identity" "graphdb-instances" {
-  name                = var.identity_name
-  resource_group_name = var.resource_group_name
-}
-
-data "azurerm_key_vault" "graphdb" {
-  name                = var.key_vault_name
-  resource_group_name = var.resource_group_name
-}
-
 resource "random_password" "graphdb-cluster-token" {
   count   = var.graphdb_cluster_token != null ? 0 : 1
   length  = 16
@@ -19,7 +9,7 @@ locals {
 }
 
 resource "azurerm_key_vault_secret" "graphdb-license" {
-  key_vault_id = data.azurerm_key_vault.graphdb.id
+  key_vault_id = var.key_vault_id
 
   name  = var.graphdb_license_secret_name
   value = filebase64(var.graphdb_license_path)
@@ -28,7 +18,7 @@ resource "azurerm_key_vault_secret" "graphdb-license" {
 }
 
 resource "azurerm_key_vault_secret" "graphdb-cluster-token" {
-  key_vault_id = data.azurerm_key_vault.graphdb.id
+  key_vault_id = var.key_vault_id
 
   name  = var.graphdb_cluster_token_name
   value = base64encode(local.graphdb_cluster_token)
@@ -39,7 +29,7 @@ resource "azurerm_key_vault_secret" "graphdb-cluster-token" {
 resource "azurerm_key_vault_secret" "graphdb-properties" {
   count = var.graphdb_properties_path != null ? 1 : 0
 
-  key_vault_id = data.azurerm_key_vault.graphdb.id
+  key_vault_id = var.key_vault_id
 
   name  = var.graphdb_properties_secret_name
   value = filebase64(var.graphdb_properties_path)
@@ -50,7 +40,7 @@ resource "azurerm_key_vault_secret" "graphdb-properties" {
 resource "azurerm_key_vault_secret" "graphdb-java-options" {
   count = var.graphdb_java_options != null ? 1 : 0
 
-  key_vault_id = data.azurerm_key_vault.graphdb.id
+  key_vault_id = var.key_vault_id
 
   name  = var.graphdb_java_options_secret_name
   value = base64encode(var.graphdb_java_options)
@@ -63,14 +53,14 @@ resource "azurerm_key_vault_secret" "graphdb-java-options" {
 
 # Give rights to the provided identity to be able to read it from the vault
 resource "azurerm_role_assignment" "graphdb-license-reader" {
-  principal_id         = data.azurerm_user_assigned_identity.graphdb-instances.principal_id
-  scope                = data.azurerm_key_vault.graphdb.id
+  principal_id         = var.identity_principal_id
+  scope                = var.key_vault_id
   role_definition_name = "Key Vault Reader"
 }
 
 # Give rights to the provided identity to actually get the secret value
 resource "azurerm_role_assignment" "graphdb-license-secret-reader" {
-  principal_id         = data.azurerm_user_assigned_identity.graphdb-instances.principal_id
-  scope                = data.azurerm_key_vault.graphdb.id
+  principal_id         = var.identity_principal_id
+  scope                = var.key_vault_id
   role_definition_name = "Key Vault Secrets User"
 }