From e7a709c9bef9f6add961ec71aaafc853bf3ab529 Mon Sep 17 00:00:00 2001 From: danielscholl Date: Mon, 11 Nov 2024 18:42:43 -0600 Subject: [PATCH] Updated --- bicep/main.bicep | 25 +++---- bicep/modules/blade_partition.bicep | 52 +++++++------- .../templates/storage-container-job.yaml | 12 +--- software/applications/osdu-core/base.yaml | 72 +++++++++---------- 4 files changed, 77 insertions(+), 84 deletions(-) diff --git a/bicep/main.bicep b/bicep/main.bicep index 27f1f903..dc0b73a0 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -948,18 +948,19 @@ module gitOpsUpload 'br/public:avm/res/resources/deployment-script:0.4.0' = [for } }] -module storageAcl 'modules/network_acl_storage.bicep' = { - name: '${configuration.name}-storage-acl' - params: { - storageName: storage.outputs.name - location: location - skuName: configuration.storage.sku - natClusterIP: clusterBlade.outputs.natClusterIP - } - dependsOn: [ - gitOpsUpload - ] -} +//TODO: This can't be done yet. +// module storageAcl 'modules/network_acl_storage.bicep' = { +// name: '${configuration.name}-storage-acl' +// params: { +// storageName: storage.outputs.name +// location: location +// skuName: configuration.storage.sku +// natClusterIP: clusterBlade.outputs.natClusterIP +// } +// dependsOn: [ +// gitOpsUpload +// ] +// } /* diff --git a/bicep/modules/blade_partition.bicep b/bicep/modules/blade_partition.bicep index efe84afe..8df7b7e9 100644 --- a/bicep/modules/blade_partition.bicep +++ b/bicep/modules/blade_partition.bicep @@ -671,34 +671,34 @@ module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.9.1' = [for // TODO: This should be moved to the Kubernetes Job. -// module blobUpload 'br/public:avm/res/resources/deployment-script:0.4.0' = [for (partition, index) in partitions: { -// name: '${bladeConfig.sectionName}-storage-blob-upload-${index}' -// params: { -// name: 'script-${storage[index].outputs.name}-Legal_COO' -// location: location -// cleanupPreference: 'Always' -// retentionInterval: 'PT1H' -// timeout: 'PT30M' -// runOnce: true +module blobUpload 'br/public:avm/res/resources/deployment-script:0.4.0' = [for (partition, index) in partitions: { + name: '${bladeConfig.sectionName}-storage-blob-upload-${index}' + params: { + name: 'script-${storage[index].outputs.name}-Legal_COO' + location: location + cleanupPreference: 'Always' + retentionInterval: 'PT1H' + timeout: 'PT30M' + runOnce: true -// managedIdentities: { -// userAssignedResourcesIds: [ -// stampIdentity.id -// ] -// } - -// kind: 'AzureCLI' -// azCliVersion: '2.63.0' + managedIdentities: { + userAssignedResourcesIds: [ + stampIdentity.id + ] + } + + kind: 'AzureCLI' + azCliVersion: '2.63.0' -// environmentVariables: [ -// { name: 'CONTENT', value: loadTextContent('./deploy-scripts/Legal_COO.json') } -// { name: 'FILE_NAME', value: 'Legal_COO.json' } -// { name: 'CONTAINER', value: 'legal-service-azure-configuration' } -// { name: 'AZURE_STORAGE_ACCOUNT', value: storage[index].outputs.name } -// ] -// scriptContent: loadTextContent('./deploy-scripts/blob_upload.sh') -// } -// }] + environmentVariables: [ + { name: 'CONTENT', value: loadTextContent('./deploy-scripts/Legal_COO.json') } + { name: 'FILE_NAME', value: 'Legal_COO.json' } + { name: 'CONTAINER', value: 'legal-service-azure-configuration' } + { name: 'AZURE_STORAGE_ACCOUNT', value: storage[index].outputs.name } + ] + scriptContent: loadTextContent('./deploy-scripts/blob_upload.sh') + } +}] // TODO: ACL can only be applied after the blob upload. diff --git a/charts/blob-upload/templates/storage-container-job.yaml b/charts/blob-upload/templates/storage-container-job.yaml index 71154081..c2f0e658 100644 --- a/charts/blob-upload/templates/storage-container-job.yaml +++ b/charts/blob-upload/templates/storage-container-job.yaml @@ -12,12 +12,6 @@ metadata: spec: ttlSecondsAfterFinished: 300 template: - metadata: - labels: - azure.workload.identity/use: "true" - annotations: - azure.workload.identity/client-id: {{ $.Values.azure.clientId | quote }} - azure.workload.identity/tenant-id: {{ $.Values.azure.tenantId | quote }} spec: serviceAccountName: workload-identity-sa containers: @@ -35,10 +29,7 @@ spec: curl -kso {{ .file }} "{{ .url }}" # Login using workload identity - az login --service-principal \ - --username {{ $.Values.azure.clientId }} \ - --tenant {{ $.Values.azure.tenantId }} \ - --identity + az login --identity # Upload directly to blob storage using Azure CLI az storage blob upload \ @@ -49,6 +40,7 @@ spec: --auth-mode login echo "File uploaded to container {{ $.Values.blobUpload.container }} in storage account {{ $value }}" + sleep 300000 restartPolicy: Never {{- end }} {{- $i = add $i 1 }} diff --git a/software/applications/osdu-core/base.yaml b/software/applications/osdu-core/base.yaml index 8466b94a..0741db96 100644 --- a/software/applications/osdu-core/base.yaml +++ b/software/applications/osdu-core/base.yaml @@ -33,39 +33,39 @@ spec: defaultCpuLimits: "2" defaultMemoryLimits: "4Gi" --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: blob-upload - namespace: default - annotations: - clusterconfig.azure.com/use-managed-source: "true" -spec: - dependsOn: - - name: osdu-developer-base-core - namespace: default - targetNamespace: osdu-core - chart: - spec: - chart: ./charts/blob-upload - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - interval: 5m0s - install: - remediation: - retries: 3 - valuesFrom: - - kind: ConfigMap - name: config-map-values - valuesKey: values.yaml - values: - global: - configmapNamespace: osdu-core - blobUpload: - enabled: true - items: - - name: legal - file: "Legal_COO.json" - url: "https://raw.githubusercontent.com/Azure/osdu-developer/refs/heads/main/bicep/modules/script-blob-upload/Legal_COO.json" +# apiVersion: helm.toolkit.fluxcd.io/v2beta1 +# kind: HelmRelease +# metadata: +# name: blob-upload +# namespace: default +# annotations: +# clusterconfig.azure.com/use-managed-source: "true" +# spec: +# dependsOn: +# - name: osdu-developer-base-core +# namespace: default +# targetNamespace: osdu-core +# chart: +# spec: +# chart: ./charts/blob-upload +# sourceRef: +# kind: GitRepository +# name: flux-system +# namespace: flux-system +# interval: 5m0s +# install: +# remediation: +# retries: 3 +# valuesFrom: +# - kind: ConfigMap +# name: config-map-values +# valuesKey: values.yaml +# values: +# global: +# configmapNamespace: osdu-core +# blobUpload: +# enabled: true +# items: +# - name: legal +# file: "Legal_COO.json" +# url: "https://raw.githubusercontent.com/Azure/osdu-developer/refs/heads/main/bicep/modules/script-blob-upload/Legal_COO.json"