Merge remote-tracking branch 'origin/revise-postgresdb-and-add-middle…

…ware-connection' into test-deploy-middleware

ops/terraform/main.tf

@@ -20,6 +20,11 @@ module "networking" {
   middlewaresubnetcidr = local.workspace["middlewaresubnetcidr"]
   dbsubnetcidr         = local.workspace["dbsubnetcidr"]
   env                  = local.environment
+
+  # The DNS zone and DNS link are managed inside the networking module.
+  postgres_server_id = module.database.postgres_server_id
+
+
 }
 
 module "securitygroup" {
@@ -69,11 +74,15 @@ module "middleware_api" {
   app_subnet_id  = module.networking.middlewaresubnet_id
 
   app_settings = {
-    WEBSITES_PORT = "8081"
+    WEBSITES_PORT     = "8081"
+    POSTGRES_HOST     = module.database.postgres_fqdn
+    POSTGRES_DB       = module.database.postgres_db_name
+    POSTGRES_USER     = module.database.postgres_user
+    POSTGRES_PASSWORD = module.vault.postgres_password
   }
 
   lb_subnet_id = module.networking.lbsubnet_id
-  health_path = "/actuator/health"
+  health_path  = "/actuator/health"
   env          = local.environment
   vnet         = module.networking.network_name
   sku_name     = var.sku_name
@@ -93,12 +102,12 @@ module "ocr_api" {
     WEBSITES_PORT = "8000"
   }
 
-  lb_subnet_id   = module.networking.middlewaresubnet_id
-  env            = local.environment
-  vnet           = module.networking.network_name
-  sku_name       = var.sku_name
-  https_only     = true
-  depends_on     = [module.networking.ocrsubnet_id, module.networking.middlewaresubnet_id]
+  lb_subnet_id = module.networking.middlewaresubnet_id
+  env          = local.environment
+  vnet         = module.networking.network_name
+  sku_name     = var.sku_name
+  https_only   = true
+  depends_on   = [module.networking.ocrsubnet_id, module.networking.middlewaresubnet_id]
 }
 
 module "ocr_autoscale" {

ops/terraform/modules/app_service/variables.tf

@@ -9,7 +9,6 @@ variable "sku_name" {
 }
 variable "service" {}
 
-
 variable "https_only" {
   type    = bool
   default = false
@@ -22,4 +21,4 @@ variable "app_settings" {
 }
 variable "health_path" {
   default = "/"
-}
+}

ops/terraform/modules/database/outputs.tf

@@ -1,9 +1,9 @@
 output "postgres_server_id" {
-  value = azurerm_postgresql_flexible_server.postgres_flexible_server
+  value = azurerm_postgresql_flexible_server.postgres_flexible_server.id
 }
 
 output "postgres_fqdn" {
-  value       = azurerm_postgresql_flexible_server.postgres_flexible_server
+  value       = azurerm_postgresql_flexible_server.postgres_flexible_server.fqdn
   description = "The fully qualified domain name (FQDN) of the PostgreSQL flexible server"
 }
 
@@ -12,6 +12,7 @@ output "postgres_user" {
   description = "User name for the Application's PostgreSQL flexible server database"
 }
 
+
 output "postgres_db_name" {
-  value = var.db_username
+  value = azurerm_postgresql_flexible_server.postgres_flexible_server.name
 }

ops/terraform/modules/network/main.tf

@@ -61,17 +61,19 @@ resource "azurerm_subnet" "middleware-subnet" {
   }
 }
 
-
 resource "azurerm_subnet" "db-subnet" {
   name                 = "${var.name}-db-subnet-${var.env}"
   virtual_network_name = azurerm_virtual_network.vnet.name
   resource_group_name  = var.resource_group
   address_prefixes     = [var.dbsubnetcidr]
 
   delegation {
-    name = "postgresql-delegation"
+    name = "postgresql-fs-delegation"
     service_delegation {
       name = "Microsoft.DBforPostgreSQL/flexibleServers"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/join/action",
+      ]
     }
   }
 }
@@ -87,4 +89,25 @@ resource "azurerm_private_dns_zone_virtual_network_link" "dns_link" {
   resource_group_name   = var.resource_group
   private_dns_zone_name = azurerm_private_dns_zone.postgresql_dns_zone.name
   virtual_network_id    = azurerm_virtual_network.vnet.id
+  depends_on            = [azurerm_subnet.db-subnet]
+}
+
+# Create private endpoint for SQL server
+resource "azurerm_private_endpoint" "psql_db_pivate_endpoint" {
+  name                = "psql-private-endpoint-${var.env}"
+  location            = var.location
+  resource_group_name = var.resource_group
+  subnet_id           = azurerm_subnet.db-subnet.id
+
+  private_service_connection {
+    name                           = "psql-private-serviceconnection-${var.env}"
+    private_connection_resource_id = var.postgres_server_id
+    subresource_names              = ["psqlServer"]
+    is_manual_connection           = false
+  }
+
+  private_dns_zone_group {
+    name                 = "dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.postgresql_dns_zone.id]
+  }
 }

ops/terraform/modules/network/variables.tf

@@ -11,3 +11,8 @@ variable "dbsubnetcidr" {}
 variable "location" {
   default = "eastus2"
 }
+
+variable "postgres_server_id" {
+  description = "The ID of the PostgreSQL server"
+  type        = string
+}

ops/terraform/modules/vault/main.tf

@@ -31,7 +31,7 @@ resource "random_string" "postgres_password" {
   override_special = "_!@#-$%^&*()[]{}" # excluded characters
 }
 
-resource "azurerm_key_vault_secret" "postgres_db_secret" {
+resource "azurerm_key_vault_secret" "postgres_db_password" {
   name         = "reportvision-postgres-db-password"
   value        = random_string.postgres_password.result
   key_vault_id = azurerm_key_vault.this.id

ops/terraform/modules/vault/outputs.tf

@@ -1,4 +1,5 @@
 output "postgres_password" {
-  value     = random_string.postgres_password.result
-  sensitive = true
+  value       = random_string.postgres_password.result
+  sensitive   = true
+  description = "The randomly generated password for the PostgreSQL database"
 }

ops/terraform/variables.tf

@@ -1,12 +1,16 @@
 variable "client_id" {}
 variable "name" {}
+variable "postgres_server_id" {}
 variable "object_id" {}
 variable "tenant_id" {}
+
 variable "sku_name" {
   type        = string
   description = "The Azure Stock Keep Unit (SKU) version"
 }
+
 variable "subscription_id" {}
+
 variable "resource_group_name" {
   description = "value of the Azure resource group to deploy to"
 }