feat: add support for 2nd app in container

Author: jacdavi

m365/image/run_container.ps1

@@ -73,9 +73,9 @@ Foreach ($tenantConfig in $(Get-ChildItem 'input\')) {
         Write-Output "Running ScubaGear for $($tenantConfig.BaseName)"
 
         $params = @{
-            CertificateThumbPrint = $CertificateThumbPrint; # Certificate Hash; Needed for SP auth
-            AppID = $Env:APP_ID; # App ID; Needed for Service Principal Auth
-            Organization = $org; # primary domain of the tenantConfig needed for Service Principal Auth
+            CertificateThumbPrint = if ($null -ne $Env:SECONDARY_APP_ID -and $org.EndsWith($Env:SECONDARY_APP_TLD)) {$CertificateThumbPrintSecondary} else {$CertificateThumbPrint};
+            AppID = if ($null -ne $Env:SECONDARY_APP_ID -and $org.EndsWith($Env:SECONDARY_APP_TLD)) {$Env:SECONDARY_APP_ID} else {$Env:APP_ID}; 
+            Organization = $org;
             OutPath = ".\reports\$($org)"; # The folder path where the output will be stored
             OPAPath = "."
             ConfigFilePath = $tenantConfig.FullName
@@ -91,7 +91,7 @@ Foreach ($tenantConfig in $(Get-ChildItem 'input\')) {
 
         Write-Output "  Starting Upload"
         $OutPath = "$($Env:REPORT_OUTPUT)/$($ResultsFile.Name)"
-        if ($Env:REPORT_SAS -ne $null -and $Env:REPORT_SAS -ne "") {
+        if ($null -ne $Env:REPORT_SAS -and $Env:REPORT_SAS -ne "") {
             $OutPath += "?$($Env:REPORT_SAS)"
         }
         .\azcopy copy $ResultsFile.FullName $OutPath --output-level essential

m365/terraform/main.tf

@@ -74,4 +74,5 @@ module "container" {
   container_memory_gb          = var.container_memory_gb
   cert_info                    = module.app.cert_info
   depends_on                   = [azurerm_resource_group_policy_assignment.tagging_assignments]
+  secondary_app_info           = var.secondary_app_info
 }

m365/terraform/modules/app/variables.tf

@@ -23,16 +23,6 @@ variable "contact_emails" {
   type        = list(string)
 }
 
-variable "certificate_rotation_period_days" {
-  type        = number
-  description = "How many days between when the certificate key should be rotated. Note: rotation requires running terraform"
-  default     = 30
-  validation {
-    condition     = var.certificate_rotation_period_days <= 60 && var.certificate_rotation_period_days >= 3
-    error_message = "Rotation period must be between 3 and 60 days"
-  }
-}
-
 variable "image_path" {
   type        = string
   description = "Path to image used for app logo. Displayed in Azure console on installed tenants. Only needed when create_app=true"

m365/terraform/modules/container/main.tf

@@ -69,6 +69,7 @@ resource "azurerm_container_group" "aci" {
     cpu    = "1"
     memory = var.container_memory_gb
     environment_variables = {
+      "DEBUG_LOG"       = "false"
       "RUN_TYPE"        = each.key
       "TENANT_ID"       = data.azurerm_client_config.current.tenant_id
       "APP_ID"          = var.application_client_id
@@ -78,8 +79,10 @@ resource "azurerm_container_group" "aci" {
       "IS_GOV"          = local.is_us_gov
       "VAULT_NAME"      = var.cert_info.vault_name
       "CERT_NAME"       = var.cert_info.cert_name
-      "DEBUG_LOG"       = "false"
       "MI_PRINCIPAL_ID" = azurerm_user_assigned_identity.container_mi.principal_id
+
+      "SECONDARY_APP_ID" = var.secondary_app_info == null ? null : var.secondary_app_info.app_id
+      "SECONDARY_APP_TLD" = var.secondary_app_info == null ? null : (var.secondary_app_info.environment_to_use == "commercial" ? "com" : "us")
     }
     secure_environment_variables = {
       "REPORT_SAS"      = var.output_storage_container_sas != null ? var.output_storage_container_sas : ""

m365/terraform/modules/container/variables.tf

@@ -107,9 +107,27 @@ variable "container_memory_gb" {
 }
 
 variable "cert_info" {
+  description = "Information for obtaining to app certificate"
   type = object({
     vault_id   = string
     vault_name = string
     cert_name  = string
   })
 }
+
+variable "secondary_app_info" {
+  description = <<EOF
+    Information for a secondary app. This can be used for one ScubaConnect instance to handle multiple environments (e.g., GCC and GCC High).
+    To use, manually create an app in the other environment and add the certificate created for the primary app to it.
+    Set `environment_to_use` to the environment the manual app is in, either "commericial" or "gcchigh"
+  EOF
+  type = object({
+    app_id = string
+    environment_to_use = string
+  })
+  default = null
+  validation {
+    condition = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
+    error_message = "Valid values for create_mode are (Default, PointInTimeRestore, Replica)"
+  }
+}

m365/terraform/variables.tf

@@ -142,4 +142,21 @@ variable "container_memory_gb" {
     condition     = var.container_memory_gb <= 16 && var.container_memory_gb >= 2
     error_message = "Container memory must be between 2GB and 16GB"
   }
+}
+
+variable "secondary_app_info" {
+  description = <<EOF
+    Information for a secondary app. This can be used for one ScubaConnect instance to handle multiple environments (e.g., GCC and GCC High).
+    To use, manually create an app in the other environment and add the certificate created for the primary app to it.
+    Set `environment_to_use` to the environment the manual app is in, either "commericial" or "gcchigh"
+  EOF
+  type = object({
+    app_id = string
+    environment_to_use = string
+  })
+  default = null
+  validation {
+    condition = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
+    error_message = "Valid values for create_mode are (Default, PointInTimeRestore, Replica)"
+  }
 }