chore: bump tf providers (#959)

rubberdok · Oct 9, 2024 · b5bda2c · b5bda2c
1 parent aa335ec
commit b5bda2c
Show file tree

Hide file tree

Showing 10 changed files with 303 additions and 165 deletions.
diff --git a/infrastructure/modules/vnet/providers.tf b/infrastructure/modules/vnet/providers.tf
@@ -2,7 +2,7 @@ terraform {
  required_providers {
  azurerm = {
  source = "hashicorp/azurerm"
- version = ">= 3.50.0"
+ version = "~> 4.4.0"
  }
  }
 }
diff --git a/infrastructure/server/environments/dev/.terraform.lock.hcl b/infrastructure/server/environments/dev/.terraform.lock.hcl
diff --git a/infrastructure/server/environments/dev/github.tf b/infrastructure/server/environments/dev/github.tf
@@ -8,14 +8,3 @@ resource "github_repository_environment" "this" {
  repository = local.repository_name
 }
 
-resource "github_actions_environment_variable" "this" {
- for_each = {
- "azure_client_id" = module.server.managed_identity.client_id,
- "azure_tenant_id" = module.server.managed_identity.tenant_id,
- "azure_subscription_id" = data.azurerm_client_config.current.subscription_id,
- }
- repository = local.repository_name
- variable_name = upper(each.key)
- environment = github_repository_environment.this.environment
- value = each.value
-}
diff --git a/infrastructure/server/environments/dev/main.tf b/infrastructure/server/environments/dev/main.tf
@@ -2,15 +2,15 @@ terraform {
  required_providers {
  azurerm = {
  source = "hashicorp/azurerm"
- version = "~> 3.54.0"
+ version = "~> 4.4.0"
  }
  github = {
  source = "integrations/github"
- version = "~> 5.24.0"
+ version = "~> 6.3.0"
  }
  time = {
  source = "hashicorp/time"
- version = "~> 0.9.0"
+ version = "~> 0.12.1"
  }
  }
  backend "azurerm" {
@@ -48,9 +48,15 @@ module "server" {
  source = "../../../modules/server"
  suffix = random_string.resource_code.result
 
- environment_variables = var.environment_variables
+ environment_variables = concat(var.environment_variables, [{
+ name = "SENTRY_RELEASE",
+ value = var.git_sha
+ }])
+
  docker_registry_password = var.docker_registry_password
  environment = var.environment
+ image_tag = var.image_tag
+ blob_storage = var.blob_storage
 
  postgres = {
  sku_name = "B_Standard_B1ms"

diff --git a/infrastructure/server/environments/dev/terraform.tfvars b/infrastructure/server/environments/dev/terraform.tfvars
@@ -1,15 +1,25 @@
+/*
+--- IMPORTANT ---
+This file MUST NOT contain any secrets.
+It is checked into version control and is therefore public.
+
+Secrets should be stored in the Azure Key Vault and inject into the containers at runtime.
+See `infrastucture/modules/server/server_app.tf` and `infrastucture/modules/server/secrets.tf`
+on how to do this.
+*/
+
 environment_variables = [
  {
  name = "CORS_ORIGINS"
- value = "https://indokntnu.no"
+ value = "https://client.canary.indokntnu.no"
  },
  {
  name = "CORS_CREDENTIALS"
  value = "true"
  },
  {
  name = "NODE_ENV"
- value = "development"
+ value = "production"
  },
  {
  name = "NO_REPLY_EMAIL"
@@ -20,12 +30,12 @@ environment_variables = [
  value = 4000
  },
  {
- name = "FEIDE_CLIENT_ID"
- value = "fcaa9e30-a6d3-4809-8fea-cdd7b3de1c98"
+ name = "SERVER_URL"
+ value = "https://canary.indokntnu.no"
  },
  {
- name = "FEIDE_REDIRECT_URI"
- value = "https://indokntnu.no/api/auth/feide/callback"
+ name = "FEIDE_CLIENT_ID"
+ value = "fcaa9e30-a6d3-4809-8fea-cdd7b3de1c98"
  },
  {
  name = "FEIDE_BASE_URL"
@@ -37,21 +47,57 @@ environment_variables = [
  },
  {
  name = "SESSION_COOKIE_DOMAIN"
- value = "yellowflower-e949ae00.norwayeast.azurecontainerapps.io"
+ value = "indokntnu.no"
  },
  {
  name = "SESSION_COOKIE_HTTP_ONLY"
  value = "true"
  },
+ {
+ name = "SESSION_COOKIE_SAME_SITE"
+ value = "lax"
+ },
  {
  name = "SESSION_COOKIE_SECURE"
  value = "true"
  },
  {
  name = "SENTRY_DSN"
  value = "https://[email protected]/6553834"
+ },
+ {
+ name = "TRUST_PROXY"
+ value = "true"
+ },
+ {
+ name = "RATE_LIMIT_MAX",
+ value = 1000
+ },
+ {
+ name = "REDIRECT_ORIGINS",
+ value = "https://client.canary.indokntnu.no,https://canary.indokntnu.no,https://indokntnu.no,https://indøkntnu.no"
+ },
+ {
+ name = "FEIDE_GROUPS_API",
+ value = "https://groups-api.dataporten.no/groups/me/groups"
+ },
+ {
+ name = "VIPPS_TEST_MODE",
+ value = "true"
+ },
+ {
+ name = "CONTACT_EMAIL",
+ value = "[email protected]"
+ },
+ {
+ name = "CLIENT_URL",
+ value = "https://client.canary.indokntnu.no"
  }
 ]
 
+blob_storage = {
+ allowed_origins = ["https://client.canary.indokntnu.no", "https://canary.indokntnu.no", "https://*.indokntnu.no", "canary.indokntnu.no", "client.canary.indokntnu.no"]
+}
+
 
 environment = "development"
diff --git a/infrastructure/server/environments/dev/variables.tf b/infrastructure/server/environments/dev/variables.tf
@@ -24,3 +24,19 @@ variable "docker_registry_password" {
 variable "environment" {
  type = string
 }
+
+variable "git_sha" {
+ type = string
+ default = null
+}
+
+variable "image_tag" {
+ type = string
+ default = "ghcr.io/rubberdok/server:latest"
+}
+
+variable "blob_storage" {
+ type = object({
+ allowed_origins = list(string)
+ })
+}