Renew Lets Encrypt Certificates GitHub Action is broken

[jonnyry]

The Renew Lets Encrypt Certificates GitHub Action is broken...

1. Fails with AZURE_ENVIRONMENT: unbound variable

Fixing this by adding the following line to env vars on line 38 of the lets_encrypt.yml:

AZURE_ENVIRONMENT= ${{ vars.AZURE_ENVIRONMENT }}

Fixing the above then produces the next issue...

2. Fails on Azure login with tenant not found error

Looking more closely at the yaml, it looks like SUBCRIPTION_ID and TENANT_ID have their values mixed up:

AzureTRE/.github/workflows/lets_encrypt.yml

Lines 41 to 42 in 1ffb09b

	ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
	ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }}

Fixing the above then produces the next issue...

3. Fails to initialise terraform backend

The error above is produced by the following lines:

AzureTRE/core/terraform/outputs.sh

Lines 8 to 15 in 1ffb09b

	terraform init -input=false -backend=true -reconfigure \
	-backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
	-backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \
	-backend-config="container_name=$TF_VAR_terraform_state_container_name" \
	-backend-config="key=${TRE_ID}"
	# Convert the output to json
	terraform output -json > ../tre_output.json

Appears that the env vars and not making into the terraform initialize command...

TF_VAR_mgmt_resource_group_name
TF_VAR_mgmt_storage_account_name
TF_VAR_terraform_state_container_name

Changing the following lines in letsencrypt.yaml from:

AzureTRE/.github/workflows/lets_encrypt.yml

Lines 44 to 47 in 1ffb09b

	TERRAFORM_STATE_CONTAINER_NAME:
	${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
	MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
	MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}

to:

          TF_VAR_terraform_state_container_name: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
          TF_VAR_mgmt_resource_group_name: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
          TF_VAR_mgmt_storage_account_name: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}

fixes issue 3, and allows a certificate to be generated.

[jonnyry]

In summary the following fixes are required to lets_encrypt.yaml:

Make the following changes under the env section of the Renew Certificates job step:

1. Add the following line

AZURE_ENVIRONMENT= ${{ vars.AZURE_ENVIRONMENT }}

2. Change the following lines from:

ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} 
ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} 

To:

ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} 
ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} 

3. Change the following lines from:

TERRAFORM_STATE_CONTAINER_NAME: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}

To:

TF_VAR_terraform_state_container_name: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
TF_VAR_mgmt_resource_group_name: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
TF_VAR_mgmt_storage_account_name: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}