Add AAD app for external connections

[tanya-borisova]

What is being addressed

Adds a new AAD app, flowehr-external-${suffix}, that is used to connect FlowEHR with downstream systems.

The specific way we want to use this app is to assign it roles to resources in TRE workspaces, so that Databricks Pipelines can use credentials from this one single app, rather than having to manipulate credential per each workspace and resource.

How is this addressed

• Added a new AAD app, flowehr_external_connection, added corresponding service principal and a secret
• Create secrets in Databricks for this app
• Push the secrets to keyvault
• Refactor all AAD apps in Transform to live in auth.tf file

[damoodamoo]

like it, refactoring is neater too 👍

[damoodamoo]

/test

[jjgriff93]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/UCLH-Foundry/FlowEHR/actions/runs/6071183535 (with refid 0667af66)

(in response to this comment from @damoodamoo)

[jjgriff93]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/UCLH-Foundry/FlowEHR/actions/runs/6071183535 (with refid 0667af66)

(in response to this comment from @damoodamoo)

[tanya-borisova]

/test-destroy-env

[jjgriff93]

🤖 pr-bot 🤖

/test-destroy-env is not recognised as a valid command.

You can use the following commands:
    /test - deploy any modified modules and destroy
    /test-all - deploy everything (ignoring path filters) and destroy
    /test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
    /destroy - delete the PR environment (e.g. to enable testing a deployment from a clean start after previous tests)
    /destroy-no-terraform - delete the PR environment without terraform
    /help - show this help

(in response to this comment from @tanya-borisova)

[tanya-borisova]

/destroy

[jjgriff93]

🤖 pr-bot 🤖

Destroying environment (with refid 0667af66)

(in response to this comment from @tanya-borisova)

[tanya-borisova]

/test

[jjgriff93]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/UCLH-Foundry/FlowEHR/actions/runs/6072118095 (with refid 0667af66)

(in response to this comment from @tanya-borisova)

[tanya-borisova]

/destroy-no-terraform

[jjgriff93]

🤖 pr-bot 🤖

Destroying environment no terraform (with refid 0667af66). :warning: This will leave orphaned resources

(in response to this comment from @tanya-borisova)

[tanya-borisova]

/test

[jjgriff93]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/UCLH-Foundry/FlowEHR/actions/runs/6073232663 (with refid 0667af66)

(in response to this comment from @tanya-borisova)

[tanya-borisova]

/test-force-approve

I didn't manage to run tests in the environment unfortunately, but I can confirm that it works in my dev environment

[jjgriff93]

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 7055d04)

(in response to this comment from @tanya-borisova)

[jjgriff93]

Looks great!

[tanya-borisova]

/test

[jjgriff93]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/UCLH-Foundry/FlowEHR/actions/runs/6086972839 (with refid 0667af66)

(in response to this comment from @tanya-borisova)

[tanya-borisova]

/test-force-approve (as above)

[jjgriff93]

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 526b011)

(in response to this comment from @tanya-borisova)