hmcts · danielwilsonkainos · Sep 25, 2024 · Sep 6, 2024 · Sep 6, 2024 · Sep 6, 2024
@@ -28,12 +28,17 @@ A virtual machine or virtual machine scale set.
 |------|---------|
 | <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
 | <a name="provider_azurerm.cnp"></a> [azurerm.cnp](#provider\_azurerm.cnp) | n/a |
+| <a name="provider_azurerm.dcr"></a> [azurerm.dcr](#provider\_azurerm.dcr) | n/a |
 | <a name="provider_azurerm.soc"></a> [azurerm.soc](#provider\_azurerm.soc) | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [azurerm_monitor_data_collection_rule_association.linux_vm_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource |
+| [azurerm_monitor_data_collection_rule_association.linux_vmss_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource |
+| [azurerm_monitor_data_collection_rule_association.windows_vm_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource |
+| [azurerm_monitor_data_collection_rule_association.windows_vmss_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource |
 | [azurerm_virtual_machine_extension.azure_monitor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
 | [azurerm_virtual_machine_extension.azure_vm_run_command](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
 | [azurerm_virtual_machine_extension.custom_script](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
@@ -51,6 +56,9 @@ A virtual machine or virtual machine scale set.
 | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
+| [azurerm_monitor_data_collection_rule.linux_data_collection_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_data_collection_rule) | data source |
+| [azurerm_monitor_data_collection_rule.windows_data_collection_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_data_collection_rule) | data source |
+| [azurerm_resource_group.la_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 
 ## Inputs
 
@@ -81,6 +89,7 @@ A virtual machine or virtual machine scale set.
 | <a name="input_endpoint_protection_upgrade_minor_version"></a> [endpoint\_protection\_upgrade\_minor\_version](#input\_endpoint\_protection\_upgrade\_minor\_version) | Specifies if the platform deploys the latest minor version Endpoint Protection update to the type\_handler\_version specified. | `bool` | `true` | no |
 | <a name="input_env"></a> [env](#input\_env) | Environment name. | `string` | n/a | yes |
 | <a name="input_install_azure_monitor"></a> [install\_azure\_monitor](#input\_install\_azure\_monitor) | Install Azure Monitor Agent. | `bool` | `true` | no |
+| <a name="input_install_docker"></a> [install\_docker](#input\_install\_docker) | Should Docker and Docker Compose be installed -- Ubuntu only | `bool` | `false` | no |
 | <a name="input_install_dynatrace_oneagent"></a> [install\_dynatrace\_oneagent](#input\_install\_dynatrace\_oneagent) | Install Dynatrace OneAgent. | `bool` | `true` | no |
 | <a name="input_install_endpoint_protection"></a> [install\_endpoint\_protection](#input\_install\_endpoint\_protection) | Install Endpoint Protection. | `bool` | `true` | no |
 | <a name="input_install_nessus_agent"></a> [install\_nessus\_agent](#input\_install\_nessus\_agent) | Install Nessus Agent. | `bool` | `true` | no |

@@ -26,55 +26,56 @@ resource "azurerm_virtual_machine_extension" "azure_monitor" {
   tags = var.common_tags
 }
 
-# data "azurerm_resource_group" "la_rg" {
-#   name = "oms-automation"
-# }
-
-# data "azurerm_monitor_data_collection_rule" "linux_data_collection_rule" {
-#   provider            = azurerm.dcr
-#   name                = "ama-linux-vm-logs"
-#   resource_group_name = data.azurerm_resource_group.la_rg.name
-# }
-
-# data "azurerm_monitor_data_collection_rule" "windows_data_collection_rule" {
-#   provider            = azurerm.dcr
-#   name                = "ama-windows-vm-logs"
-#   resource_group_name = data.azurerm_resource_group.la_rg.name
-# }
-
-
-# resource "azurerm_monitor_data_collection_rule_association" "linux_vm_dcra" {
-#   count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vm" ? 1 : 0
-
-#   name                    = "vm-${local.vm_name}-dcra"
-#   target_resource_id      = var.virtual_machine_id
-#   data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id
-#   description             = "Association between a linux VM and the appropriate data collection rule."
-# }
-
-# resource "azurerm_monitor_data_collection_rule_association" "linux_vmss_dcra" {
-#   count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vmss" ? 1 : 0
-
-#   name                    = "vmss-${local.vmss_name}-dcra"
-#   target_resource_id      = var.virtual_machine_scale_set_id
-#   data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id
-#   description             = "Association between a linux VMSS and the appropriate data collection rule."
-# }
-
-# resource "azurerm_monitor_data_collection_rule_association" "windows_vm_dcra" {
-#   count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vm" ? 1 : 0
-
-#   name                    = "vm-${local.vm_name}-dcra"
-#   target_resource_id      = var.virtual_machine_id
-#   data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id
-#   description             = "Association between a windows VM and the appropriate data collection rule."
-# }
-
-# resource "azurerm_monitor_data_collection_rule_association" "windows_vmss_dcra" {
-#   count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vmss" ? 1 : 0
-
-#   name                    = "vmss-${local.vmss_name}-dcra"
-#   target_resource_id      = var.virtual_machine_scale_set_id
-#   data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id
-#   description             = "Association between a windows VMSS and the appropriate data collection rule."
-# }
+data "azurerm_resource_group" "la_rg" {
+  provider = azurerm.dcr
+  name     = "oms-automation"
+}
+
+data "azurerm_monitor_data_collection_rule" "linux_data_collection_rule" {
+  provider            = azurerm.dcr
+  name                = "ama-linux-vm-logs"
+  resource_group_name = data.azurerm_resource_group.la_rg.name
+}
+
+data "azurerm_monitor_data_collection_rule" "windows_data_collection_rule" {
+  provider            = azurerm.dcr
+  name                = "ama-windows-vm-logs"
+  resource_group_name = data.azurerm_resource_group.la_rg.name
+}
+
+
+resource "azurerm_monitor_data_collection_rule_association" "linux_vm_dcra" {
+  count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vm" ? 1 : 0
+
+  name                    = "vm-${local.vm_name}-dcra"
+  target_resource_id      = var.virtual_machine_id
+  data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id
+  description             = "Association between a linux VM and the appropriate data collection rule."
+}
+
+resource "azurerm_monitor_data_collection_rule_association" "linux_vmss_dcra" {
+  count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vmss" ? 1 : 0
+
+  name                    = "vmss-${local.vmss_name}-dcra"
+  target_resource_id      = var.virtual_machine_scale_set_id
+  data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id
+  description             = "Association between a linux VMSS and the appropriate data collection rule."
+}
+
+resource "azurerm_monitor_data_collection_rule_association" "windows_vm_dcra" {
+  count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vm" ? 1 : 0
+
+  name                    = "vm-${local.vm_name}-dcra"
+  target_resource_id      = var.virtual_machine_id
+  data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id
+  description             = "Association between a windows VM and the appropriate data collection rule."
+}
+
+resource "azurerm_monitor_data_collection_rule_association" "windows_vmss_dcra" {
+  count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vmss" ? 1 : 0
+
+  name                    = "vmss-${local.vmss_name}-dcra"
+  target_resource_id      = var.virtual_machine_scale_set_id
+  data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id
+  description             = "Association between a windows VMSS and the appropriate data collection rule."
+}
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source                = "hashicorp/azurerm"
-      configuration_aliases = [azurerm.cnp, azurerm.soc]
+      configuration_aliases = [azurerm.cnp, azurerm.soc, azurerm.dcr]
     }
   }
 }
@@ -13,14 +13,15 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command"
     RUN_XDR_COLLECTOR   = var.run_xdr_collector ? "true" : "false"
     RUN_XDR_AGENT       = var.run_xdr_agent ? "true" : "false"
     ENV                 = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
-    XDR_TAGS            = local.xdr_tags_list
+    XDR_TAGS            = lower(local.xdr_tags_list)
+    INSTALL_DOCKER      = var.install_docker ? "true" : "false"
     })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", {
       STORAGE_ACCOUNT_KEY = var.run_command_sa_key
       RUN_CIS             = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false"
       RUN_XDR_COLLECTOR   = var.run_xdr_collector ? "true" : "false"
       RUN_XDR_AGENT       = var.run_xdr_agent ? "true" : "false"
       ENV                 = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
-      XDR_TAGS            = local.xdr_tags_list
+      XDR_TAGS            = lower(local.xdr_tags_list)
     })]))
   })
 
@@ -43,14 +44,15 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" {
     RUN_XDR_COLLECTOR   = var.run_xdr_collector ? "true" : "false"
     RUN_XDR_AGENT       = var.run_xdr_agent ? "true" : "false"
     ENV                 = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
-    XDR_TAGS            = local.xdr_tags_list
+    XDR_TAGS            = lower(local.xdr_tags_list)
+    INSTALL_DOCKER      = var.install_docker ? "true" : "false"
     })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", {
       STORAGE_ACCOUNT_KEY = var.run_command_sa_key
       RUN_CIS             = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false"
       RUN_XDR_COLLECTOR   = var.run_xdr_collector ? "true" : "false"
       RUN_XDR_AGENT       = var.run_xdr_agent ? "true" : "false"
       ENV                 = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
-      XDR_TAGS            = local.xdr_tags_list
+      XDR_TAGS            = lower(local.xdr_tags_list)
     })]))
   })
 

@@ -1,8 +1,8 @@
 #!/bin/bash
     set -ex
-    
-   # Get OS type
-    
+
+# Get OS type
+
     if [ -f /etc/os-release ]; then
         . /etc/os-release
         OS=$ID
@@ -13,25 +13,25 @@
     # Run the command only if the OS is not Ubuntu
     if [ "$OS" != "ubuntu" ]; then
         echo "Running command on $OS"
-        
+
         sudo yum install redhat-lsb-core -y
     else
         echo "Skipping command on Ubuntu"
     fi
-    
+
     if command -v lsb_release &> /dev/null
     then
         OS_TYPE=$(lsb_release -a | grep "Description" | cut -f2 -d: | sed -e 's/^[[:space:]]*//')
     else
         echo "Operating System could not be determined."
     fi
 
-    STORAGE_ACCOUNT_NAME="cftptlintsvc"    
+    STORAGE_ACCOUNT_NAME="cftptlintsvc"
     CONTAINER_NAME="xdr-collectors"
 
 install_azcli() {
     # Install Azure CLI (if not already installed)
-    
+
     if ! command -v az &> /dev/null
     then
 
@@ -48,23 +48,23 @@ enabled=1
 gpgcheck=1
 gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo
 
-           sudo dnf clean all
-           sudo dnf -v install azure-cli -y
+            sudo dnf clean all
+            sudo dnf -v install azure-cli -y
         elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"8."* ]]; then
             sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm
 
             sudo dnf install azure-cli
         elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"9."* ]]; then
-           sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
+            sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
 
-           sudo dnf install azure-cli
+            sudo dnf install azure-cli
         else
             curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
         fi
     else
         echo "Azure CLI is already installed."
     fi
-    
+
 }
 
 install_agent() {
@@ -76,7 +76,7 @@ install_agent() {
         sudo apt-get update
         sudo apt-get install -y selinux-utils policycoreutils
     fi
-    
+
     local SA_KEY="$1"
     local ENV="$2"
     local XDR_TAGS="$3"
@@ -95,7 +95,7 @@ install_agent() {
         sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
+
         # Install agent
         local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm"
@@ -112,8 +112,8 @@ install_agent() {
         sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
-         # Install agent
+
+        # Install agent
         local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex-8.5.0.125392.deb"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.deb"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
@@ -126,7 +126,7 @@ install_agent() {
 
 install_collector() {
     echo "Info: Installing XDR Collectors"
-    
+
     if [ "$OS" != "ubuntu" ]; then
         sudo yum install -y selinux-policy-devel
     else
@@ -147,7 +147,7 @@ install_collector() {
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
+
         # Install collector
         local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm"
@@ -163,8 +163,8 @@ install_collector() {
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
-         # Install collector
+
+        # Install collector
         local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector-1.4.1.1089.deb"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.deb"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
@@ -184,16 +184,50 @@ download_blob(){
     az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH
 }
 
+install_docker(){
+
+    echo "Info: Installing Docker and Docker Compose"
+
+    if [ "$OS" == "ubuntu" ]; then
+
+        if ! command -v docker &>/dev/null; then
+            apt update
+            apt install -y apt-transport-https ca-certificates curl software-properties-common
+
+            curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+            echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list >/dev/null
+
+            apt update
+            apt install -y docker-ce
+        fi
+
+        DOCKER_PLUGINS_DIR="/usr/local/lib/docker/cli-plugins"
+
+        if [ ! -d "$DOCKER_PLUGINS_DIR" ]; then
+            mkdir -p "$DOCKER_PLUGINS_DIR"
+            if [ ! -f "$DOCKER_PLUGINS_DIR/docker-compose" ]; then
+                curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
+                chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+            fi
+        fi
+    fi
+}
 
 
 if [ "${RUN_XDR_AGENT}" = "true" ]
 then
-  install_azcli
-  install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}"
+    install_azcli
+    install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}"
 fi
 
 if [ "${RUN_XDR_COLLECTOR}" = "true" ]
 then
-  install_azcli
-  install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}"
+    install_azcli
+    install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}"
+fi
+
+if [ "${INSTALL_DOCKER}" = "true" ]
+then
+    install_docker
 fi
@@ -17,6 +17,13 @@ provider "azurerm" {
   skip_provider_registration = true
 }
 
+provider "azurerm" {
+  alias = "dcr"
+  features {}
+  subscription_id            = var.env=="prod" || var.env=="production" ? "8999dec3-0104-4a27-94ee-6588559729d1" : var.env=="sbox" || var.env=="sandbox" ? "bf308a5c-0624-4334-8ff8-8dca9fd43783" : "1c4f0704-a29e-403d-b719-b90c34ef14c9"
+  skip_provider_registration = true
+}
+
 # Default variables for this test
 variables {
   env                 = "nonprod"