hotfix(ci.jenkins.io) migrate controller RG to the module (jenkins-in…

…fra#593) Fixup of jenkins-infra#583 This PR migrates the explicit RG definition for ci.jenkins.io controller in the sponsored subscription into the new module introduced in jenkins-infra#583 It also updates, along the way, references to new (properly named) module output `controller_service_principal_id` instead of `controler_service_principal_id` Signed-off-by: Damien Duportal <[email protected]>
jayfranco999 · Jan 22, 2024 · 4aea994 · 4aea994
1 parent e2982f3
commit 4aea994
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 18 deletions.
diff --git a/.shared-tools b/.shared-tools
diff --git a/cert.ci.jenkins.io.tf b/cert.ci.jenkins.io.tf
@@ -50,7 +50,7 @@ module "cert_ci_jenkins_io_azurevm_agents" {
   ephemeral_agents_subnet_name     = data.azurerm_subnet.cert_ci_jenkins_io_ephemeral_agents.name
   controller_rg_name               = module.cert_ci_jenkins_io.controller_resourcegroup_name
   controller_ips                   = compact([module.cert_ci_jenkins_io.controller_public_ipv4])
-  controller_service_principal_id  = module.cert_ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id  = module.cert_ci_jenkins_io.controller_service_principal_id
   default_tags                     = local.default_tags
   jenkins_infra_ips = {
     privatevpn_subnet = data.azurerm_subnet.private_vnet_data_tier.address_prefixes
@@ -78,7 +78,7 @@ resource "azurerm_role_assignment" "cert_controller_vnet_reader" {
   provider           = azurerm.jenkins-sponsorship
   scope              = data.azurerm_virtual_network.cert_ci_jenkins_io_sponsorship.id
   role_definition_id = azurerm_role_definition.cert_ci_jenkins_io_controller_vnet_sponsorship_reader.role_definition_resource_id
-  principal_id       = module.cert_ci_jenkins_io.controler_service_principal_id
+  principal_id       = module.cert_ci_jenkins_io.controller_service_principal_id
 }
 module "cert_ci_jenkins_io_azurevm_agents_jenkins_sponsorship" {
   providers = {
@@ -93,7 +93,7 @@ module "cert_ci_jenkins_io_azurevm_agents_jenkins_sponsorship" {
   ephemeral_agents_subnet_name     = data.azurerm_subnet.cert_ci_jenkins_io_sponsorship_ephemeral_agents.name
   controller_rg_name               = azurerm_resource_group.cert_ci_jenkins_io_controller_jenkins_sponsorship.name
   controller_ips                   = compact([module.cert_ci_jenkins_io.controller_public_ipv4])
-  controller_service_principal_id  = module.cert_ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id  = module.cert_ci_jenkins_io.controller_service_principal_id
   default_tags                     = local.default_tags
   storage_account_name             = "certciagentssub" # Max 24 chars
 

diff --git a/ci.jenkins.io.tf b/ci.jenkins.io.tf
@@ -92,7 +92,7 @@ module "ci_jenkins_io_azurevm_agents" {
   ephemeral_agents_subnet_name     = data.azurerm_subnet.ci_jenkins_io_ephemeral_agents.name
   controller_rg_name               = module.ci_jenkins_io.controller_resourcegroup_name
   controller_ips                   = compact([module.ci_jenkins_io.controller_private_ipv4, module.ci_jenkins_io.controller_public_ipv4])
-  controller_service_principal_id  = module.ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id  = module.ci_jenkins_io.controller_service_principal_id
   default_tags                     = local.default_tags
 
   jenkins_infra_ips = {
@@ -101,14 +101,12 @@ module "ci_jenkins_io_azurevm_agents" {
 }
 
 ## Sponsorship subscription specific resources for controller
-resource "azurerm_resource_group" "controller_jenkins_sponsorship" {
-  provider = azurerm.jenkins-sponsorship
-  name     = module.ci_jenkins_io.controller_resourcegroup_name # Same name on both subscriptions
-  location = var.location
-  tags     = local.default_tags
+moved {
+  from = azurerm_resource_group.controller_jenkins_sponsorship
+  to   = module.ci_jenkins_io_sponsorship.azurerm_resource_group.controller
 }
 
-# Required to allow controller to check for subnets inside the sponsorship network
+# Required to allow (non sponsorship) controller to check for subnets inside the sponsorship network
 resource "azurerm_role_definition" "controller_vnet_sponsorship_reader" {
   provider = azurerm.jenkins-sponsorship
   name     = "Read-ci-jenkins-io-sponsorship-VNET"
@@ -136,9 +134,9 @@ module "ci_jenkins_io_azurevm_agents_jenkins_sponsorship" {
   ephemeral_agents_network_rg_name = data.azurerm_subnet.ci_jenkins_io_ephemeral_agents_jenkins_sponsorship.resource_group_name
   ephemeral_agents_network_name    = data.azurerm_subnet.ci_jenkins_io_ephemeral_agents_jenkins_sponsorship.virtual_network_name
   ephemeral_agents_subnet_name     = data.azurerm_subnet.ci_jenkins_io_ephemeral_agents_jenkins_sponsorship.name
-  controller_rg_name               = azurerm_resource_group.controller_jenkins_sponsorship.name
+  controller_rg_name               = module.ci_jenkins_io_sponsorship.controller_resourcegroup_name
   controller_ips                   = compact([module.ci_jenkins_io.controller_private_ipv4, module.ci_jenkins_io.controller_public_ipv4])
-  controller_service_principal_id  = module.ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id  = module.ci_jenkins_io.controller_service_principal_id
   default_tags                     = local.default_tags
   storage_account_name             = "cijenkinsioagentssub" # Max 24 chars
 
@@ -152,7 +150,7 @@ module "ci_jenkins_io_aci_agents" {
 
   role_name                       = "${module.ci_jenkins_io.service_short_stripped_name}-ACI-Contributor"
   aci_agents_resource_group_name  = module.ci_jenkins_io_azurevm_agents.ephemeral_agents_resource_group_name
-  controller_service_principal_id = module.ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id = module.ci_jenkins_io.controller_service_principal_id
 }
 
 module "ci_jenkins_io_aci_agents_sponsorship" {
@@ -163,7 +161,7 @@ module "ci_jenkins_io_aci_agents_sponsorship" {
 
   role_name                       = "${module.ci_jenkins_io.service_short_stripped_name}-ACI-Contributor-sponsorship"
   aci_agents_resource_group_name  = module.ci_jenkins_io_azurevm_agents_jenkins_sponsorship.ephemeral_agents_resource_group_name
-  controller_service_principal_id = module.ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id = module.ci_jenkins_io.controller_service_principal_id
 }
 
 ## Service DNS records

diff --git a/trusted.ci.jenkins.io.tf b/trusted.ci.jenkins.io.tf
@@ -66,7 +66,7 @@ module "trusted_ci_jenkins_io_azurevm_agents" {
   ephemeral_agents_subnet_name     = data.azurerm_subnet.trusted_ci_jenkins_io_ephemeral_agents.name
   controller_rg_name               = module.trusted_ci_jenkins_io.controller_resourcegroup_name
   controller_ips                   = compact([module.trusted_ci_jenkins_io.controller_public_ipv4])
-  controller_service_principal_id  = module.trusted_ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id  = module.trusted_ci_jenkins_io.controller_service_principal_id
   default_tags                     = local.default_tags
   jenkins_infra_ips = {
     privatevpn_subnet = data.azurerm_subnet.private_vnet_data_tier.address_prefixes
@@ -113,7 +113,7 @@ resource "azurerm_role_assignment" "trusted_controller_vnet_reader" {
   provider           = azurerm.jenkins-sponsorship
   scope              = data.azurerm_virtual_network.trusted_ci_jenkins_io_sponsorship.id
   role_definition_id = azurerm_role_definition.trusted_ci_jenkins_io_controller_vnet_sponsorship_reader.role_definition_resource_id
-  principal_id       = module.trusted_ci_jenkins_io.controler_service_principal_id
+  principal_id       = module.trusted_ci_jenkins_io.controller_service_principal_id
 }
 module "trusted_ci_jenkins_io_azurevm_agents_jenkins_sponsorship" {
   providers = {
@@ -128,7 +128,7 @@ module "trusted_ci_jenkins_io_azurevm_agents_jenkins_sponsorship" {
   ephemeral_agents_subnet_name     = data.azurerm_subnet.trusted_ci_jenkins_io_sponsorship_ephemeral_agents.name
   controller_rg_name               = azurerm_resource_group.trusted_ci_jenkins_io_controller_jenkins_sponsorship.name
   controller_ips                   = compact([module.trusted_ci_jenkins_io.controller_public_ipv4])
-  controller_service_principal_id  = module.trusted_ci_jenkins_io.controler_service_principal_id
+  controller_service_principal_id  = module.trusted_ci_jenkins_io.controller_service_principal_id
   default_tags                     = local.default_tags
   storage_account_name             = "trustedciagentssub" # Max 24 chars