Final fixes (hopefully)

cloudera-labs · Oct 25, 2023 · f424784 · f424784
1 parent 84f7157
commit f424784
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 14 deletions.
diff --git a/modules/terraform-cdp-azure-pre-reqs/README.md b/modules/terraform-cdp-azure-pre-reqs/README.md
@@ -78,9 +78,6 @@ In each directory an example `terraform.tfvars.sample` values file is included t
 |------|-------------|------|---------|:--------:|
 | <a name="input_deployment_template"></a> [deployment\_template](#input\_deployment\_template) | Deployment Pattern to use for Cloud resources and CDP | `string` | n/a | yes |
 | <a name="input_env_prefix"></a> [env\_prefix](#input\_env\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes |
-| <a name="input_nfs_file_share_name"></a> [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | n/a | yes |
-| <a name="input_nfs_storage_account_name"></a> [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes |
-| <a name="input_public_key_text"></a> [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | n/a | yes |
 | <a name="input_agent_source_tag"></a> [agent\_source\_tag](#input\_agent\_source\_tag) | Tag to identify deployment source | `map(any)` | <pre>{<br>  "agent_source": "tf-cdp-module"<br>}</pre> | no |
 | <a name="input_azure_region"></a> [azure\_region](#input\_azure\_region) | Region which Cloud resources will be created | `string` | `null` | no |
 | <a name="input_backup_storage"></a> [backup\_storage](#input\_backup\_storage) | Optional Backup location for CDP environment. If not provided follow the data\_storage variable | <pre>object({<br>    backup_storage_bucket = string<br>    backup_storage_object = string<br>  })</pre> | `null` | no |
@@ -89,7 +86,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t
 | <a name="input_cdp_subnet_names"></a> [cdp\_subnet\_names](#input\_cdp\_subnet\_names) | List of subnet names for CDP Resources. Required if create\_vnet is false. | `list(any)` | `null` | no |
 | <a name="input_cdp_subnet_range"></a> [cdp\_subnet\_range](#input\_cdp\_subnet\_range) | Size of each (internal) cluster subnet. Required if create\_vpc is true. | `number` | `19` | no |
 | <a name="input_cdp_vnet_name"></a> [cdp\_vnet\_name](#input\_cdp\_vnet\_name) | Pre-existing VNet Name for CDP environment. Required if create\_vnet is false. | `string` | `null` | no |
-| <a name="input_create_azure_cml_nfs"></a> [create\_azure\_cml\_nfs](#input\_create\_azure\_cml\_nfs) | Whether to create NFS for CML | `bool` | `true` | no |
+| <a name="input_create_azure_cml_nfs"></a> [create\_azure\_cml\_nfs](#input\_create\_azure\_cml\_nfs) | Whether to create NFS for CML | `bool` | `false` | no |
 | <a name="input_create_vm_mounting_nfs"></a> [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no |
 | <a name="input_create_vnet"></a> [create\_vnet](#input\_create\_vnet) | Flag to specify if the VNet should be created | `bool` | `true` | no |
 | <a name="input_data_storage"></a> [data\_storage](#input\_data\_storage) | Data storage locations for CDP environment | <pre>object({<br>    data_storage_bucket = string<br>    data_storage_object = string<br>  })</pre> | `null` | no |
@@ -106,7 +103,10 @@ In each directory an example `terraform.tfvars.sample` values file is included t
 | <a name="input_log_data_access_managed_identity_name"></a> [log\_data\_access\_managed\_identity\_name](#input\_log\_data\_access\_managed\_identity\_name) | Log Data Access Managed Identity name | `string` | `null` | no |
 | <a name="input_log_data_access_role_assignments"></a> [log\_data\_access\_role\_assignments](#input\_log\_data\_access\_role\_assignments) | List of Role Assignments for the Log Data Access Managed Identity. | <pre>list(object({<br>    role        = string<br>    description = string<br>    })<br>  )</pre> | <pre>[<br>  {<br>    "description": "Assign Storage Blob Data Contributor Role to Log Role at Logs and Backup Container level",<br>    "role": "Storage Blob Data Contributor"<br>  }<br>]</pre> | no |
 | <a name="input_log_storage"></a> [log\_storage](#input\_log\_storage) | Optional log locations for CDP environment. If not provided follow the data\_storage variable | <pre>object({<br>    log_storage_bucket = string<br>    log_storage_object = string<br>  })</pre> | `null` | no |
+| <a name="input_nfs_file_share_name"></a> [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | `null` | no |
 | <a name="input_nfs_file_share_size"></a> [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no |
+| <a name="input_nfs_storage_account_name"></a> [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | `null` | no |
+| <a name="input_public_key_text"></a> [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | `null` | no |
 | <a name="input_random_id_for_bucket"></a> [random\_id\_for\_bucket](#input\_random\_id\_for\_bucket) | Create a random suffix for the Storage Account names | `bool` | `true` | no |
 | <a name="input_ranger_audit_backup_container_role_assignments"></a> [ranger\_audit\_backup\_container\_role\_assignments](#input\_ranger\_audit\_backup\_container\_role\_assignments) | List of Role Assignments for the Ranger Audit Managed Identity assigned to the Backup Storage Container. | <pre>list(object({<br>    role        = string<br>    description = string<br>    })<br>  )</pre> | <pre>[<br>  {<br>    "description": "Assign Storage Blob Data Contributor Role to Ranger Audit Role at Backup Container level",<br>    "role": "Storage Blob Data Contributor"<br>  }<br>]</pre> | no |
 | <a name="input_ranger_audit_data_access_managed_identity_name"></a> [ranger\_audit\_data\_access\_managed\_identity\_name](#input\_ranger\_audit\_data\_access\_managed\_identity\_name) | Ranger Audit Managed Identity name | `string` | `null` | no |

diff --git a/modules/terraform-cdp-azure-pre-reqs/main.tf b/modules/terraform-cdp-azure-pre-reqs/main.tf
@@ -110,7 +110,9 @@ resource "random_id" "bucket_suffix" {
 
 resource "azurerm_storage_account" "cdp_storage_locations" {
   # Create buckets for the unique list of buckets in data and log storage
-  for_each = toset(concat([local.data_storage.data_storage_bucket], [local.log_storage.log_storage_bucket], [local.backup_storage.backup_storage_bucket]))
+  for_each = toset(concat([local.data_storage.data_storage_bucket], [local.log_storage.log_storage_bucket], [
+    local.backup_storage.backup_storage_bucket
+  ]))
 
   name                = "${each.value}${local.storage_suffix}"
   resource_group_name = local.cdp_resourcegroup_name
@@ -357,8 +359,10 @@ resource "azurerm_user_assigned_identity" "cdp_raz" {
 # Assign the required roles to the managed identity
 resource "azurerm_role_assignment" "cdp_raz_assign" {
 
-  for_each = { for idx, item in local.raz_storage_role_assignments : idx => item
-  if var.enable_raz == true }
+  for_each = {
+    for idx, item in local.raz_storage_role_assignments : idx => item
+    if var.enable_raz == true
+  }
 
   scope                = each.value.scope
   role_definition_name = each.value.role
@@ -371,12 +375,12 @@ module "azure_cml_nfs" {
   count  = var.create_azure_cml_nfs ? 1 : 0
   source = "../terraform-azure-nfs"
 
-  resourcegroup_name                       = local.resourcegroup_name
+  resourcegroup_name                       = local.cdp_resourcegroup_name
   azure_region                             = var.azure_region
   nfs_file_share_name                      = local.nfs_file_share_name
   nfs_file_share_size                      = var.nfs_file_share_size
   nfs_private_endpoint_target_subnet_names = local.cdp_subnet_names
-  vnet_name                                = local.vnet_name
+  vnet_name                                = local.cdp_vnet_name
   nfs_storage_account_name                 = local.nfs_storage_account_name
   source_address_prefixes                  = var.ingress_extra_cidrs_and_ports.cidrs
   nfsvm_nic_name                           = local.nfsvm_nic_name
@@ -387,4 +391,9 @@ module "azure_cml_nfs" {
   public_key_text                          = var.public_key_text
   private_endpoint_prefix                  = local.private_endpoint_prefix
   create_vm_mounting_nfs                   = var.create_vm_mounting_nfs
+
+  depends_on = [
+    azurerm_resource_group.cdp_rmgp,
+    module.azure_cdp_vnet
+  ]
 }
diff --git a/modules/terraform-cdp-azure-pre-reqs/outputs.tf b/modules/terraform-cdp-azure-pre-reqs/outputs.tf
@@ -165,21 +165,21 @@ output "azure_raz_identity_id" {
 
 
 output "nfs_file_share_url" {
-  value       = module.azure_cml_nfs[0].nfs_file_share_url
+  value       = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_file_share_url : null
   description = "NFS File Share Url"
 }
 
 output "nfs_vm_public_ip" {
-  value       = module.azure_cml_nfs[0].nfs_vm_public_ip
+  value       = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_public_ip : null
   description = "NFS VM Public IP"
 }
 
 output "nfs_vm_username" {
-  value       = module.azure_cml_nfs[0].nfs_vm_username
+  value       = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_username : null
   description = "NFS VM Admin Username"
 }
 
 output "nfs_vm_mount_path" {
-  value       = module.azure_cml_nfs[0].nfs_vm_mount_path
+  value       = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_mount_path : null
   description = "Path where NFS is mounted on the VM"
 }
diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf
@@ -446,7 +446,7 @@ variable "public_key_text" {
 variable "create_azure_cml_nfs" {
   type        = bool
   description = "Whether to create NFS for CML"
-  default     = true
+  default     = false
 }
 
 variable "nfs_file_share_name" {