Updated

Azure · Nov 12, 2024 · e7a709c · e7a709c
1 parent e892552
commit e7a709c
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 84 deletions.
diff --git a/bicep/main.bicep b/bicep/main.bicep
@@ -948,18 +948,19 @@ module gitOpsUpload 'br/public:avm/res/resources/deployment-script:0.4.0' = [for
   }
 }]
 
-module storageAcl 'modules/network_acl_storage.bicep' = {
-  name: '${configuration.name}-storage-acl'
-  params: {
-    storageName: storage.outputs.name
-    location: location
-    skuName: configuration.storage.sku
-    natClusterIP: clusterBlade.outputs.natClusterIP
-  }
-  dependsOn: [
-    gitOpsUpload
-  ]
-}
+//TODO: This can't be done yet.
+// module storageAcl 'modules/network_acl_storage.bicep' = {
+//   name: '${configuration.name}-storage-acl'
+//   params: {
+//     storageName: storage.outputs.name
+//     location: location
+//     skuName: configuration.storage.sku
+//     natClusterIP: clusterBlade.outputs.natClusterIP
+//   }
+//   dependsOn: [
+//     gitOpsUpload
+//   ]
+// }
 
 
 /*

diff --git a/bicep/modules/blade_partition.bicep b/bicep/modules/blade_partition.bicep
@@ -671,34 +671,34 @@ module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.9.1' = [for
 
 
 // TODO: This should be moved to the Kubernetes Job.
-// module blobUpload 'br/public:avm/res/resources/deployment-script:0.4.0' = [for (partition, index) in partitions: {
-//   name: '${bladeConfig.sectionName}-storage-blob-upload-${index}'
-//   params: {
-//     name: 'script-${storage[index].outputs.name}-Legal_COO'
-//     location: location
-//     cleanupPreference: 'Always'
-//     retentionInterval: 'PT1H'
-//     timeout: 'PT30M'
-//     runOnce: true
+module blobUpload 'br/public:avm/res/resources/deployment-script:0.4.0' = [for (partition, index) in partitions: {
+  name: '${bladeConfig.sectionName}-storage-blob-upload-${index}'
+  params: {
+    name: 'script-${storage[index].outputs.name}-Legal_COO'
+    location: location
+    cleanupPreference: 'Always'
+    retentionInterval: 'PT1H'
+    timeout: 'PT30M'
+    runOnce: true
 
-//     managedIdentities: {
-//       userAssignedResourcesIds: [
-//         stampIdentity.id
-//       ]
-//     }    
-
-//     kind: 'AzureCLI'
-//     azCliVersion: '2.63.0'
+    managedIdentities: {
+      userAssignedResourcesIds: [
+        stampIdentity.id
+      ]
+    }    
+
+    kind: 'AzureCLI'
+    azCliVersion: '2.63.0'
 
-//     environmentVariables: [
-//       { name: 'CONTENT', value: loadTextContent('./deploy-scripts/Legal_COO.json') }
-//       { name: 'FILE_NAME', value: 'Legal_COO.json' }
-//       { name: 'CONTAINER', value: 'legal-service-azure-configuration' }
-//       { name: 'AZURE_STORAGE_ACCOUNT', value: storage[index].outputs.name }
-//     ]
-//     scriptContent: loadTextContent('./deploy-scripts/blob_upload.sh')
-//   }
-// }]
+    environmentVariables: [
+      { name: 'CONTENT', value: loadTextContent('./deploy-scripts/Legal_COO.json') }
+      { name: 'FILE_NAME', value: 'Legal_COO.json' }
+      { name: 'CONTAINER', value: 'legal-service-azure-configuration' }
+      { name: 'AZURE_STORAGE_ACCOUNT', value: storage[index].outputs.name }
+    ]
+    scriptContent: loadTextContent('./deploy-scripts/blob_upload.sh')
+  }
+}]
 
 
 // TODO: ACL can only be applied after the blob upload.

diff --git a/charts/blob-upload/templates/storage-container-job.yaml b/charts/blob-upload/templates/storage-container-job.yaml
@@ -12,12 +12,6 @@ metadata:
 spec:
   ttlSecondsAfterFinished: 300
   template:
-    metadata:
-      labels:
-        azure.workload.identity/use: "true"
-      annotations:
-        azure.workload.identity/client-id: {{ $.Values.azure.clientId | quote }}
-        azure.workload.identity/tenant-id: {{ $.Values.azure.tenantId | quote }}
     spec:
       serviceAccountName: workload-identity-sa
       containers:
@@ -35,10 +29,7 @@ spec:
               curl -kso {{ .file }} "{{ .url }}"
               
               # Login using workload identity
-              az login --service-principal \
-                --username {{ $.Values.azure.clientId }} \
-                --tenant {{ $.Values.azure.tenantId }} \
-                --identity
+              az login --identity
               
               # Upload directly to blob storage using Azure CLI
               az storage blob upload \
@@ -49,6 +40,7 @@ spec:
                 --auth-mode login
               
               echo "File uploaded to container {{ $.Values.blobUpload.container }} in storage account {{ $value }}"
+              sleep 300000
       restartPolicy: Never
 {{- end }}
 {{- $i = add $i 1 }}

diff --git a/software/applications/osdu-core/base.yaml b/software/applications/osdu-core/base.yaml
@@ -33,39 +33,39 @@ spec:
       defaultCpuLimits: "2"
       defaultMemoryLimits: "4Gi"
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: blob-upload
-  namespace: default
-  annotations:
-    clusterconfig.azure.com/use-managed-source: "true"
-spec:
-  dependsOn:
-    - name: osdu-developer-base-core
-      namespace: default
-  targetNamespace: osdu-core
-  chart:
-    spec:
-      chart: ./charts/blob-upload
-      sourceRef:
-        kind: GitRepository
-        name: flux-system
-        namespace: flux-system
-  interval: 5m0s
-  install:
-    remediation:
-      retries: 3
-  valuesFrom:
-    - kind: ConfigMap
-      name: config-map-values
-      valuesKey: values.yaml
-  values:
-    global:
-      configmapNamespace: osdu-core
-    blobUpload:
-      enabled: true
-      items:
-        - name: legal
-          file: "Legal_COO.json"
-          url: "https://raw.githubusercontent.com/Azure/osdu-developer/refs/heads/main/bicep/modules/script-blob-upload/Legal_COO.json"
+# apiVersion: helm.toolkit.fluxcd.io/v2beta1
+# kind: HelmRelease
+# metadata:
+#   name: blob-upload
+#   namespace: default
+#   annotations:
+#     clusterconfig.azure.com/use-managed-source: "true"
+# spec:
+#   dependsOn:
+#     - name: osdu-developer-base-core
+#       namespace: default
+#   targetNamespace: osdu-core
+#   chart:
+#     spec:
+#       chart: ./charts/blob-upload
+#       sourceRef:
+#         kind: GitRepository
+#         name: flux-system
+#         namespace: flux-system
+#   interval: 5m0s
+#   install:
+#     remediation:
+#       retries: 3
+#   valuesFrom:
+#     - kind: ConfigMap
+#       name: config-map-values
+#       valuesKey: values.yaml
+#   values:
+#     global:
+#       configmapNamespace: osdu-core
+#     blobUpload:
+#       enabled: true
+#       items:
+#         - name: legal
+#           file: "Legal_COO.json"
+#           url: "https://raw.githubusercontent.com/Azure/osdu-developer/refs/heads/main/bicep/modules/script-blob-upload/Legal_COO.json"