Auto-read from user's configuration so no variables are required on deploy

CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED]
 
+
+### Changed
+
+- Read id's from user's config instead of input (no more required args)
+- Update executor config output, remove unused
+- Make `owners` var optional
+- Conform to 'alphanumeric chars only' rule for resource names
+- Use `templatefile` instead of `template_file` (MacOS compatibility)
+
 ## [0.17.0] - 2024-01-17
 
 ### Added

covalent_azurebatch_plugin/assets/infra/azurebatch.conf.tftpl

@@ -1,7 +1,6 @@
 [azurebatch]
 tenant_id = ${tenant_id}
-client_id = ${client_id}
-client_secret = ${client_secret}
+subscription_id = ${subscription_id}
 batch_account_url = ${batch_account_url}
 batch_account_domain = ${batch_account_domain}
 storage_account_name = ${storage_account_name}

covalent_azurebatch_plugin/assets/infra/iam.tf

@@ -19,19 +19,19 @@
 #########################################
 
 resource "azurerm_user_assigned_identity" "batch" {
-  name                = "${var.prefix}covalentbatch"
+  name                = "${var.prefix}batch"
   resource_group_name = var.create_batch_account ? azurerm_resource_group.batch[0].name : data.azurerm_resource_group.batch[0].name
   location            = var.region
 }
 
 resource "azurerm_role_assignment" "batch_to_acr" {
-  scope                = "/subscriptions/${var.subscription_id}"
+  scope                = "/subscriptions/${local.subscription_id}"
   principal_id         = azurerm_user_assigned_identity.batch.principal_id
   role_definition_name = "AcrPull"
 }
 
 resource "azurerm_role_assignment" "batch_to_storage" {
-  scope                = "/subscriptions/${var.subscription_id}"
+  scope                = "/subscriptions/${local.subscription_id}"
   principal_id         = azurerm_user_assigned_identity.batch.principal_id
   role_definition_name = "Storage Blob Data Contributor"
 }
@@ -43,16 +43,16 @@ resource "azurerm_role_assignment" "batch_to_storage" {
 resource "azuread_application" "batch" {
   description  = "Covalent Azure Batch Plugin"
   display_name = "CovalentBatchPlugin"
-  owners       = var.owners
+  owners       = local.owners
 }
 
 resource "azuread_service_principal" "batch" {
   client_id = azuread_application.batch.client_id
-  owners    = var.owners
+  owners    = local.owners
 }
 
 resource "azurerm_role_assignment" "covalent_plugin_storage" {
-  scope                = "/subscriptions/${var.subscription_id}"
+  scope                = "/subscriptions/${local.subscription_id}"
   principal_id         = azuread_service_principal.batch.id
   role_definition_name = "Storage Blob Data Contributor"
 }
@@ -63,8 +63,8 @@ resource "azuread_service_principal_password" "covalent_plugin" {
 }
 
 resource "azurerm_role_definition" "covalent_batch" {
-  name        = "${var.prefix}covalentbatch"
-  scope       = "/subscriptions/${var.subscription_id}"
+  name        = "${var.prefix}batch"
+  scope       = "/subscriptions/${local.subscription_id}"
   description = "Covalent Azure Batch Permissions"
   permissions {
     actions = [
@@ -73,9 +73,8 @@ resource "azurerm_role_definition" "covalent_batch" {
     not_actions = []
   }
 }
-
 resource "azurerm_role_assignment" "covalent_plugin_batch" {
-  scope                = "/subscriptions/${var.subscription_id}"
+  scope                = "/subscriptions/${local.subscription_id}"
   principal_id         = azuread_service_principal.batch.id
   role_definition_name = azurerm_role_definition.covalent_batch.name
 }

covalent_azurebatch_plugin/assets/infra/main.tf

@@ -15,8 +15,6 @@
 # limitations under the License.
 
 provider "azurerm" {
-  tenant_id       = var.tenant_id
-  subscription_id = var.subscription_id
 
   features {
     resource_group {
@@ -25,19 +23,27 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
+
+locals {
+  tenant_id       = coalesce(var.tenant_id, data.azurerm_client_config.current.tenant_id)
+  subscription_id = coalesce(var.subscription_id, data.azurerm_client_config.current.subscription_id)
+  owners          = coalesce(var.owners, [data.azurerm_client_config.current.object_id])
+}
+
 resource "azurerm_resource_group" "batch" {
-  name     = "${var.prefix}-covalent-batch"
+  name     = "${var.prefix}-batch"
   count    = var.create_batch_account ? 1 : 0
   location = var.region
 }
 
 data "azurerm_resource_group" "batch" {
-  name =  var.batch_resource_group
+  name  = var.batch_resource_group
   count = var.create_batch_account ? 0 : 1
 }
 
 resource "azurerm_batch_account" "covalent" {
-  name                = "${var.prefix}covalentbatch"
+  name                = "${var.prefix}batch"
   count               = var.create_batch_account ? 1 : 0
   resource_group_name = azurerm_resource_group.batch[0].name
   location            = azurerm_resource_group.batch[0].location
@@ -99,25 +105,17 @@ EOF
   }
 }
 
-data "template_file" "executor_config" {
-  template = file("${path.module}/azurebatch.conf.tftpl")
-
-  vars = {
-    subscription_id        = var.subscription_id
-    tenant_id              = var.tenant_id
-    client_id              = "${azuread_application.batch.client_id}"
-    client_secret          = "${azuread_service_principal_password.covalent_plugin.value}"
+resource "local_file" "executor_config" {
+  filename = "${path.module}/azurebatch.conf"
+  content = templatefile("${path.module}/azurebatch.conf.tftpl", {
+    tenant_id              = "${local.tenant_id}"
+    subscription_id        = "${local.subscription_id}"
     batch_account_url      = var.create_batch_account ? "https://${azurerm_batch_account.covalent[0].account_endpoint}" : "https://${data.azurerm_batch_account.covalent[0].account_endpoint}"
     batch_account_domain   = "batch.core.windows.net"
     storage_account_name   = "${azurerm_storage_account.batch.name}"
     storage_account_domain = "blob.core.windows.net"
     pool_id                = "${azurerm_batch_pool.covalent.name}"
     retries                = 3
-    base_image_uri         = "${azurerm_container_registry.batch.login_server}/covalent-executor-base:latest"
-  }
-}
-
-resource "local_file" "executor_config" {
-  content  = data.template_file.executor_config.rendered
-  filename = "${path.module}/azurebatch.conf"
+    base_image_uri         = "${azurerm_container_registry.batch.login_server}/covalent-executor-base"
+  })
 }

covalent_azurebatch_plugin/assets/infra/outputs.tf

@@ -14,6 +14,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+data "azuread_user" "current" {
+  object_id = data.azurerm_client_config.current.object_id
+}
+
 output "acr_login_server" {
   value = azurerm_container_registry.batch.login_server
 }
@@ -23,7 +27,7 @@ output "user_identity_resource_id" {
 }
 
 output "plugin_client_username" {
-  value = azuread_application.batch.client_id
+  value = data.azuread_user.current.user_principal_name
 }
 
 output "plugin_client_secret" {
@@ -34,8 +38,8 @@ output "plugin_client_secret" {
 output "covalent_azurebatch_object" {
   value = <<EOT
     executor = ct.executor.AzureBatchExecutor(
-        tenant_id="${var.tenant_id}",
-        client_id="${azuread_application.batch.application_id}",
+        tenant_id="${local.tenant_id}",
+        client_id="${data.azurerm_client_config.current.client_id}",
         client_secret=plugin_client_secret,
         batch_account_url="https://${var.create_batch_account ? azurerm_batch_account.covalent[0].account_endpoint : data.azurerm_batch_account.covalent[0].account_endpoint}",
         storage_account_name="${azurerm_storage_account.batch.name}",

covalent_azurebatch_plugin/assets/infra/storage.tf

@@ -15,7 +15,7 @@
 # limitations under the License.
 
 resource "azurerm_container_registry" "batch" {
-  name                = "${var.prefix}covalentbatch"
+  name                = "${var.prefix}batch"
   resource_group_name = var.create_batch_account ? azurerm_resource_group.batch[0].name : data.azurerm_resource_group.batch[0].name
   location            = var.region
 
@@ -25,15 +25,15 @@ resource "azurerm_container_registry" "batch" {
     interpreter = ["/bin/bash", "-c"]
     command     = <<EOL
       set -eu -o pipefail
-      docker build --no-cache --build-arg COVALENT_BASE_IMAGE=python:3.8-slim-bullseye --build-arg COVALENT_PACKAGE_VERSION=${var.covalent_package_version} --tag ${self.login_server}/covalent-executor-base:latest .
+      docker buildx build . --platform linux/amd64 --no-cache --build-arg COVALENT_BASE_IMAGE=python:3.8-slim-bullseye --build-arg COVALENT_PACKAGE_VERSION="${var.covalent_package_version}" --tag ${self.login_server}/covalent-executor-base:latest
       az acr login --name ${self.name}
       docker push -a ${self.login_server}/covalent-executor-base
     EOL
   }
 }
 
 resource "azurerm_storage_account" "batch" {
-  name                = "${var.prefix}covalentbatch"
+  name                = "${var.prefix}batch"
   resource_group_name = var.create_batch_account ? azurerm_resource_group.batch[0].name : data.azurerm_resource_group.batch[0].name
   location            = var.region
 

covalent_azurebatch_plugin/assets/infra/variables.tf

@@ -30,17 +30,19 @@ variable "environment" {
 }
 
 variable "tenant_id" {
+  default     = ""
   description = "Azure tenant ID"
 }
 
 variable "subscription_id" {
+  default     = ""
   description = "Azure subscription ID"
 }
 
 variable "owners" {
+  default     = null
   description = "List of owner IDs for the service principal credentials"
   type        = list(string)
-  default     = []
 }
 
 variable "vm_name" {

covalent_azurebatch_plugin/azurebatch.py

@@ -65,9 +65,9 @@ class ExecutorInfraDefaults(BaseModel):
     Configuration values for provisioning Azure Batch cloud infrastructure
     """
 
-    prefix: Optional[str] = "covalent-batch"
+    prefix: Optional[str] = "covalent"
     subscription_id: str
-    owners: List[str] = []
+    owners: Optional[List[str]] = None
     tenant_id: str
     client_id: str = ""
     client_secret: str = ""
@@ -91,7 +91,7 @@ class ExecutorInfraDefaults(BaseModel):
 
 EXECUTOR_PLUGIN_NAME = "AzureBatchExecutor"
 
-_EXECUTOR_PLUGIN_DEFAULTS = ExecutorPluginDefaults().dict()
+_EXECUTOR_PLUGIN_DEFAULTS = ExecutorPluginDefaults().model_dump()
 
 FUNC_FILENAME = "func-{dispatch_id}-{node_id}.pkl"
 RESULT_FILENAME = "result-{dispatch_id}-{node_id}.pkl"