wip

Author: mrlockstar

.azuredevops/pipelines/hub-infrastructure-dev.yaml

@@ -39,7 +39,7 @@ variables:
   - name: TF_PLAN_ARTIFACT
     value: tf_plan_hub_art_NONLIVE_dev
   - name: ENVIRONMENT
-    value: non-live-hub
+    value: nonlive-hub
 
 stages:
   - stage: terraform_plan

.gitleaksignore

@@ -21,6 +21,7 @@ infrastructure/bootstrap/hub.bicep:generic-api-key:56
 infrastructure/bootstrap/hub.bicep:generic-api-key:57
 infrastructure/bootstrap/hub.bicep:generic-api-key:58
 infrastructure/bootstrap/hub.bicep:generic-api-key:59
+infrastructure/bootstrap/hub.bicep:generic-api-key:60
 infrastructure/bootstrap/main.bicep:generic-api-key:29
 infrastructure/bootstrap/main.bicep:generic-api-key:30
 infrastructure/bootstrap/main.bicep:generic-api-key:31

infrastructure/bootstrap/environments/nonlive/variables.sh

@@ -1,4 +1,4 @@
-# AZURE_SUBSCRIPTION="Lung Cancer Risk Check - Non-live hub"
-AZURE_SUBSCRIPTION="Lung Cancer Screening - Dev"
+AZURE_SUBSCRIPTION="Lung Cancer Risk Check - Non-live hub"
+# AZURE_SUBSCRIPTION="Lung Cancer Screening - Dev"
 BOOTSTRAP=hub
 HUB_TYPE=nonlive

infrastructure/bootstrap/hub.bicep

@@ -31,8 +31,8 @@ param enableSoftDelete bool
 // var keyVaultName = 'kv-lungcs-${envConfig}-inf'
 
 // removed when generalised
-// var appShortName = 'lungcs'
-var appShortName = 'lungal'
+var appShortName = 'lungcs'
+//var appShortName = 'lungal'
 
 var devCenterSuffix = substring(uniqueString(subscription().id), 0, 3)
 var devCenterName = 'devc-hub-${hubType}-${regionShortName}-${devCenterSuffix}'
@@ -58,6 +58,7 @@ var roleID = {
   networkContributor: '4d97b98b-1d4f-4787-a291-c67834d212e7'
   rbacAdmin: 'f58310d9-a9f6-439a-9e8d-f62e7b41a168'
   reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
+  contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
 }
 
 
@@ -181,6 +182,16 @@ resource CDNContributorAssignment 'Microsoft.Authorization/roleAssignments@2022-
   }
 }
 
+@description('Let the managed identity configure terraform')
+resource TerraformContributorAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().subscriptionId, hubType, 'TerraformContributor')
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleID.contributor)
+    principalId: managedIdentiyADOtoAZ.outputs.miPrincipalID
+    description: '${miADOtoAZname} Terraform Contributor access to subscription'
+  }
+}
+
 @description('Create the managed identity assumed by Github actions to trigger Azure devops pipelines')
 module managedIdentiyGHtoADO 'modules/managedIdentity.bicep' = {
   scope: managedIdentityRG

infrastructure/bootstrap/modules/managedDevopsPool.bicep

@@ -12,7 +12,8 @@ param devopsSubnetName string
 param devopsSubnetAddressPrefix string
 param virtualNetworkName string
 
-param fabricProfileSkuName string = 'Standard_D2ads_v5'
+// param fabricProfileSkuName string = 'Standard_D2ads_v5'
+param fabricProfileSkuName string = 'Standard_D2as_v5'
 //param fabricProfileSkuName string = 'Standard_D2ldsv6'
 //param fabricProfileSkuName string = 'Standard_B4ms'
 

infrastructure/environments/non-live-hub/variables.sh

@@ -0,0 +1,8 @@
+ENVIRONMENT=nonlive-hub
+ENV_CONFIG=nonlive-hub
+AZURE_SUBSCRIPTION="Lung Cancer Risk Check - Non-live hub"
+HUB_SUBSCRIPTION="Lung Cancer Risk Check - Non-live hub"
+STORAGE_ACCOUNT_RG=rg-tfstate-nonlive-hub-uks
+TERRAFORM_MODULES_REF=main
+# ENABLE_SOFT_DELETE=false
+# DOCKER_IMAGE=ghcr.io/nhsdigital/lung_cancer_screening

infrastructure/environments/nonlive-hub/variables.sh

@@ -1,6 +1,6 @@
 REGION=uksouth
-# APP_SHORT_NAME=lungcs
-APP_SHORT_NAME=lungal
+APP_SHORT_NAME=lungcs
+# APP_SHORT_NAME=lungal
 bootstrap:
 	az deployment sub create --confirm-with-what-if \
 		--subscription ${AZURE_SUBSCRIPTION} \