PR review comments

Author: mrlockstar

.azuredevops/pipelines/deploy.yml

@@ -57,21 +57,3 @@ stages:
                       export ARM_OIDC_TOKEN="$idToken"
                       export ARM_USE_OIDC=true
                       make ci ${{ parameters.environment }} terraform-apply DOCKER_IMAGE_TAG=git-sha-${{ parameters.commitSHA }} PR_NUMBER=${{ parameters.prNumber }}
-
-                # - task: AzureCLI@2
-                #   displayName: Run database setup
-                #   inputs:
-                #     azureSubscription: lungcs-${{ parameters.environment }}
-                #     scriptType: bash
-                #     scriptLocation: inlineScript
-                #     addSpnToEnvironment: true
-                #     inlineScript: make ci ${{ parameters.environment }} db-setup PR_NUMBER=${{ parameters.prNumber }}
-
-                # - task: AzureCLI@2
-                #   displayName: Run notifications smoke test
-                #   inputs:
-                #     azureSubscription: lungcs-${{ parameters.environment }}
-                #     scriptType: bash
-                #     scriptLocation: inlineScript
-                #     addSpnToEnvironment: true
-                #     inlineScript: make ci ${{ parameters.environment }} notifications-smoke-test PR_NUMBER=${{ parameters.prNumber }}

.azuredevops/pipelines/hub-infrastructure-dev.yaml

@@ -5,7 +5,6 @@ pr: none
 
 pool:
   name: private-pool-hub-nonlive-uks
-  # vmImage: ubuntu-latest
 
 resources:
   repositories:

.gitleaksignore

@@ -10,17 +10,8 @@ infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:32
 infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:33
 infrastructure/terraform/spoke/resource_group_init/storage.bicep:generic-api-key:59
 infrastructure/terraform/spoke/resource_group_init/keyVault.bicep:generic-api-key:10
-infrastructure/bootstrap/core.bicep:generic-api-key:10
-infrastructure/bootstrap/core.bicep:generic-api-key:11
-infrastructure/bootstrap/core.bicep:generic-api-key:12
-infrastructure/bootstrap/core.bicep:generic-api-key:13
-infrastructure/bootstrap/core.bicep:generic-api-key:14
 infrastructure/bootstrap/hub.bicep:generic-api-key:55
 infrastructure/bootstrap/hub.bicep:generic-api-key:56
-infrastructure/bootstrap/main.bicep:generic-api-key:29
-infrastructure/bootstrap/main.bicep:generic-api-key:30
-infrastructure/bootstrap/main.bicep:generic-api-key:31
-infrastructure/bootstrap/main.bicep:generic-api-key:32
 infrastructure/bootstrap/modules/storage.bicep:generic-api-key:59
 infrastructure/bootstrap/modules/keyVault.bicep:generic-api-key:10
 infrastructure/bootstrap/modules/storage.bicep:generic-api-key:59
@@ -29,8 +20,3 @@ infrastructure/terraform/hub/data.tf:generic-api-key:22
 infrastructure/terraform/resource_group_init/core.bicep:generic-api-key:11
 infrastructure/terraform/resource_group_init/keyVault.bicep:generic-api-key:10
 infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:30
-# infrastructure/bootstrap/hub.bicep:generic-api-key:57
-# infrastructure/bootstrap/hub.bicep:generic-api-key:58
-# infrastructure/bootstrap/hub.bicep:generic-api-key:59
-# infrastructure/bootstrap/hub.bicep:generic-api-key:60
-# infrastructure/bootstrap/hub.bicep:generic-api-key:61

infrastructure/bootstrap/environments/live/hub.bicepparam

@@ -5,4 +5,3 @@ param vnetAddressPrefixes = [
   '10.21.0.0/16'
 ]
 param devopsSubnetAddressPrefix = '10.21.1.0/24'
-//param devopsInfrastructureId = ''

infrastructure/bootstrap/environments/nonlive/hub.bicepparam

@@ -7,4 +7,3 @@ param vnetAddressPrefixes = [
 param devopsSubnetAddressPrefix = '10.11.1.0/24'
 param privateEndpointSubnetAddressPrefix = '10.11.2.0/24'
 param enableSoftDelete = true
-// param devopsInfrastructureId = ''

infrastructure/terraform/hub/azure_monitor_private_link_scope.tf

@@ -26,8 +26,6 @@ module "private_endpoint_ampls" {
       module.private_dns_zones["${each.key}-automation"].id,
       module.private_dns_zones["${each.key}-operations_data_store"].id,
       module.private_dns_zones["${each.key}-operations_management_suite"].id,
-      # created in the bootstrap
-      # module.private_dns_zones["${each.key}-storage_blob"].id
     ]
   }
 

infrastructure/terraform/hub/data.tf

@@ -9,10 +9,6 @@ data "azurerm_client_config" "current" {}
 #   display_name = var.avd_admins_group_name
 # }
 
-# data "azuread_group" "avd_platform_users" {
-#   display_name = "DToS-platform-team-Dev"
-# }
-
 # This client id is the same for all Azure customers - it is not a secret.
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_certificate
 # data "azuread_service_principal" "MicrosoftAzureAppService" {
@@ -22,19 +18,3 @@ data "azurerm_client_config" "current" {}
 # data "azuread_service_principal" "MicrosoftAzureFrontDoorCdn" {
 #   client_id = "205478c0-bd83-4e1b-a9d6-db63a3e1e1c8"
 # }
-
-# data "azurerm_key_vault_secret" "object-id" {
-#   for_each     = var.regions
-#   name         = "dtos-apim-object-id"
-#   key_vault_id = module.key_vault[each.key].key_vault_id
-
-#   depends_on = [azurerm_key_vault_access_policy.terraform-mi]
-# }
-
-# data "azurerm_key_vault_secret" "secret" {
-#   for_each     = var.regions
-#   name         = "dtos-apim-secret"
-#   key_vault_id = module.key_vault[each.key].key_vault_id
-
-#   depends_on = [azurerm_key_vault_access_policy.terraform-mi]
-# }

infrastructure/terraform/hub/diagnostic_settings.tf

@@ -1,8 +1,4 @@
 locals {
-  # APIM
-  monitor_diagnostic_setting_apim_enabled_logs = ["GatewayLogs", "WebSocketConnectionLogs", "DeveloperPortalAuditLogs"]
-  monitor_diagnostic_setting_apim_metrics      = ["AllMetrics"]
-
   # FRONTDOOR
   monitor_diagnostic_setting_frontdoor_enabled_logs = ["FrontDoorAccessLog", "FrontDoorHealthProbeLog", "FrontDoorWebApplicationFirewallLog"]
   monitor_diagnostic_setting_frontdoor_metrics      = ["AllMetrics"]

infrastructure/terraform/hub/dns_private.tf

@@ -40,8 +40,6 @@ module "private_dns_resolver" {
 
 locals {
   private_dns_zones = {
-    # national_screening          = var.dns_zone_name_private.nationalscreening
-    # screening                   = var.dns_zone_name_private.screening
     container_registry          = "privatelink.azurecr.io"
     app_insights                = var.private_dns_zones.is_app_insights_private_dns_zone_enabled ? "privatelink.monitor.azure.com" : null
     automation                  = var.private_dns_zones.is_app_insights_private_dns_zone_enabled ? "privatelink.agentsvc.azure-automation.net" : null
@@ -52,8 +50,6 @@ locals {
     event_grid                  = var.private_dns_zones.is_event_grid_enabled_dns_zone_enabled ? "privatelink.eventgrid.azure.net" : null
     azure_sql                   = var.private_dns_zones.is_azure_sql_private_dns_zone_enabled ? "privatelink.database.windows.net" : null
     postgres_sql                = var.private_dns_zones.is_postgres_sql_private_dns_zone_enabled ? "privatelink.postgres.database.azure.com" : null
-    # key_vault                   = var.private_dns_zones.is_key_vault_private_dns_zone_enabled ? "privatelink.vaultcore.azure.net" : null
-    # storage_blob                = var.private_dns_zones.is_storage_private_dns_zone_enabled ? "privatelink.blob.core.windows.net" : null
     storage_queue               = var.private_dns_zones.is_storage_private_dns_zone_enabled ? "privatelink.queue.core.windows.net" : null
     storage_table               = var.private_dns_zones.is_storage_private_dns_zone_enabled ? "privatelink.table.core.windows.net" : null
     event_hub                   = var.private_dns_zones.is_event_hub_private_dns_zone_enabled ? "privatelink.servicebus.windows.net" : null

infrastructure/terraform/hub/firewall.tf

@@ -4,7 +4,6 @@ module "firewall" {
   source = "../../../../dtos-devops-templates/infrastructure/modules/firewall"
 
   firewall_name       = module.config[each.key].names.firewall
-  # resource_group_name = azurerm_resource_group.rg_hub[each.key].name
   resource_group_name = var.vnet_resource_group
   location            = each.key