From 13e42832e9ff9e9afdf7d731e01495a71c7a4987 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Thu, 21 Mar 2019 19:29:16 -0500 Subject: [PATCH 01/20] Add script to create ACR and related service principals. --- setup/acr-sp-init.sh | 124 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100755 setup/acr-sp-init.sh diff --git a/setup/acr-sp-init.sh b/setup/acr-sp-init.sh new file mode 100755 index 0000000..bdfe4df --- /dev/null +++ b/setup/acr-sp-init.sh @@ -0,0 +1,124 @@ +#!/bin/bash -e + +while getopts "c:l:" opt; do + case $opt in + c) + # Company name + company=$OPTARG + ;; + l) + # Location/region where resource group will deploy to + location=$OPTARG + ;; + esac +done + +# If user did not provide required parameters then show usage. +[[ $# -eq 0 || -z $company || -z $location ]] && +{ + echo "Usage:"; + echo " $0 -c -l "; + echo " Use \"az account list-locations --query '[].name'\" to list supported regions for a subscription.'" + echo ""; + echo "Example:"; + echo " $0 -c contoso -l eastus"; + exit 1; +} + +# Convert to lowercase, remove whitespace, and trim lenght if needed. +location=${location// /} +location=${location,,} + +company=${company// /} +company=${company,,} +company=${company:0:8} + +# Translate location to an abbreviated location code. +locationCode="" +declare -A locationCodes=( + # Asia + ["eastasia"]="asea" + ["southeastasia"]="assw" + + # Australia + ["australiaeast"]="auea" + ["australiasoutheast"]="ause" + + # Brazil + ["brazilsouth"]="brso" + + # Canada + ["canadacentral"]="cace" + ["canadaeast"]="caea" + ["uksouth"]="ukso" + ["ukwest"]="ukwe" + ["koreacentral"]="koce" + ["koreasouth"]="koso" + ["francecentral"]="frce" + ["francesouth"]="frso" + ["australiacentral"]="auce" + ["australiacentral2"]="auc2" + ["southafricanorth"]="sano" + ["southafricawest"]="sawe" + + # Europe + ["northeurope"]="euno" + ["westeurope"]="euwe" + + # India + ["southindia"]="inso" + ["centralindia"]="ince" + ["westindia"]="inwe" + + # Japan + ["japanwest"]="jawe" + ["japaneast"]="jaea" + + # US + ["centralus"]="usce" + ["eastus"]="usea" + ["eastus2"]="use2" + ["westus"]="uswe" + ["westus2"]="usw2" + ["northcentralus"]="usnc" + ["southcentralus"]="ussc" + ["westcentralus"]="uswc" +) + +locationCode=${locationCodes[$location]} + +[[ -z ${locationCode} ]] && { + echo "Invalid value '${location}' for location parameter."; + exit 1; +} + +# Authenticate user. +az login + +# Create the resource group. +rgName="acr-${locationCode}-${company}" +az group create --name $rgName --location $location + +# Create the container registry. +acrName=${rgName//-/} +acrId=$(az acr create --resource-group $rgName --name $acrName --sku Standard --query id) +acrId="${acrId//\"}" +# ToDo: Should parameterize 'sku' in the future + +# Create service principals and role assignments to ACR. +declare -A spAcrNameAndRole=( + ["http://acr-${company}-pull"]="AcrPull" + ["http://acr-${company}-push"]="AcrPush" +) + +for spName in ${!spAcrNameAndRole[@]} +do + echo "Creating service principal '${spName}'." + az ad sp create-for-rbac --name $spName --skip-assignment + + echo "Waiting for service principal '${spName}' to propagate in Azure AD." + sleep 15s + + echo "Creating role assignment for service principal '${spName}'." + az role assignment create --assignee $spName --scope $acrId --role AcrPull +done From 082a10bd83b0cd9fabb91ad10aafdc2106561b75 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Thu, 21 Mar 2019 19:41:02 -0500 Subject: [PATCH 02/20] Fixed service principal role assignment and increased wait time to 20 seconds to allow the service principal to propagate through AAD. --- setup/acr-sp-init.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/acr-sp-init.sh b/setup/acr-sp-init.sh index bdfe4df..79c7090 100755 --- a/setup/acr-sp-init.sh +++ b/setup/acr-sp-init.sh @@ -117,8 +117,8 @@ do az ad sp create-for-rbac --name $spName --skip-assignment echo "Waiting for service principal '${spName}' to propagate in Azure AD." - sleep 15s + sleep 20s echo "Creating role assignment for service principal '${spName}'." - az role assignment create --assignee $spName --scope $acrId --role AcrPull + az role assignment create --assignee $spName --scope $acrId --role ${spAcrNameAndRole[$spName]} done From 59c99fbf249733dc380032599027686fe78b126a Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Thu, 21 Mar 2019 20:20:01 -0500 Subject: [PATCH 03/20] Add logic to handle existing service principal and/or role assignment. --- setup/acr-sp-init.sh | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/setup/acr-sp-init.sh b/setup/acr-sp-init.sh index 79c7090..aec58d6 100755 --- a/setup/acr-sp-init.sh +++ b/setup/acr-sp-init.sh @@ -105,7 +105,7 @@ acrId=$(az acr create --resource-group $rgName --name $acrName --sku Standard -- acrId="${acrId//\"}" # ToDo: Should parameterize 'sku' in the future -# Create service principals and role assignments to ACR. +# Used to find/create service principals and role assignments to ACR. declare -A spAcrNameAndRole=( ["http://acr-${company}-pull"]="AcrPull" ["http://acr-${company}-push"]="AcrPush" @@ -113,12 +113,29 @@ declare -A spAcrNameAndRole=( for spName in ${!spAcrNameAndRole[@]} do - echo "Creating service principal '${spName}'." - az ad sp create-for-rbac --name $spName --skip-assignment - - echo "Waiting for service principal '${spName}' to propagate in Azure AD." - sleep 20s + # Get the appId of the service principal if it already exists. + spAppId="" + spAppId=$(az ad sp show --id ${spName} --query appId || true) + spAppId="${spAppId//\"}" - echo "Creating role assignment for service principal '${spName}'." - az role assignment create --assignee $spName --scope $acrId --role ${spAcrNameAndRole[$spName]} + # Create a new service principal if it doesn't already exist. + [[ -z ${spAppId} ]] && { + echo "Creating service principal '${spName}'." + az ad sp create-for-rbac --name $spName --skip-assignment + + echo "Waiting for service principal '${spName}' to propagate in Azure AD." + sleep 20s + } + + # Get the role assignment scoped to the ACR for the service principal if it already exists. + roleAssignment="" + roleAssignment=$(az role assignment list --assignee ${spName} --scope ${acrId} --role ${spAcrNameAndRole[$spName]}) + + # Create a new role assignment if it doesn't already exist. + [[ -z ${roleAssignment} ]] && { + echo "Creating role assignment for service principal '${spName}'." + az role assignment create --assignee $spName --scope $acrId --role ${spAcrNameAndRole[$spName]} + } done + +echo "Successfully completed" From 4a718dc9fe7cb2246b87934d91525384c63fac7b Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Thu, 21 Mar 2019 21:14:15 -0500 Subject: [PATCH 04/20] Fix logic to check for existing role assignment. --- setup/acr-sp-init.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/acr-sp-init.sh b/setup/acr-sp-init.sh index aec58d6..42f13c9 100755 --- a/setup/acr-sp-init.sh +++ b/setup/acr-sp-init.sh @@ -129,10 +129,10 @@ do # Get the role assignment scoped to the ACR for the service principal if it already exists. roleAssignment="" - roleAssignment=$(az role assignment list --assignee ${spName} --scope ${acrId} --role ${spAcrNameAndRole[$spName]}) + roleAssignment=$(az role assignment list --assignee ${spName} --scope ${acrId} --role ${spAcrNameAndRole[$spName]} --query 'length(@)') # Create a new role assignment if it doesn't already exist. - [[ -z ${roleAssignment} ]] && { + [[ $roleAssignment -eq 0 ]] && { echo "Creating role assignment for service principal '${spName}'." az role assignment create --assignee $spName --scope $acrId --role ${spAcrNameAndRole[$spName]} } From 47fbc1adf058c67f729cf01ebd2a4112f33d9926 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Fri, 22 Mar 2019 10:04:20 -0400 Subject: [PATCH 05/20] #30 Adding TF for local app developer --- app/README.md | 33 ++++++++++++++++++ app/azure/provider/main.tf | 11 ++++++ app/deploy.sh | 70 ++++++++++++++++++++++++++++++++++++++ app/main.tf | 24 +++++++++++++ app/variables.tf | 17 +++++++++ 5 files changed, 155 insertions(+) create mode 100644 app/README.md create mode 100644 app/azure/provider/main.tf create mode 100644 app/deploy.sh create mode 100644 app/main.tf create mode 100644 app/variables.tf diff --git a/app/README.md b/app/README.md new file mode 100644 index 0000000..367671c --- /dev/null +++ b/app/README.md @@ -0,0 +1,33 @@ +# App deployment + +## Requirements + +- Azure Subscription +- Service Principal +- [Terraform](https://www.terraform.io/downloads.html) + +## Resources + +The following respources will be deployed +- Azure Resource Group + +## Deployment + +``` bash +$ sh ./deploy.sh +``` + +To stop the command line from prompting questions use a .env file with the following environmental variables: + +``` +export SUBSCRIPTION_ID=41e239-xxxx-xxxx-xxxx-dff8b1089s65a +export APP_ID=faxxxx-1fec-xxxx-xxxx-9845414d7214 +export APP_SECRET=fxxxxxxxxxqZ3too7ahZ3HRZWx3joEh7uA= +export TENANT_ID=7xxxx-86f1-41af-91ab-2d7cd011db47 +export DEBUG=false +export DEPLOYMENT_NAME=mydeployment +export TF_VAR_app_name=cblt +export TF_VAR_org=cse +export TF_VAR_env=dev +export TF_VAR_location=eastus +``` diff --git a/app/azure/provider/main.tf b/app/azure/provider/main.tf new file mode 100644 index 0000000..0143636 --- /dev/null +++ b/app/azure/provider/main.tf @@ -0,0 +1,11 @@ +provider "azurerm" { + version = "~>1.21.0" +} + +provider "null" { + version = "~>2.0.0" +} + +terraform { + required_version = "~> 0.11.11" +} diff --git a/app/deploy.sh b/app/deploy.sh new file mode 100644 index 0000000..d801a99 --- /dev/null +++ b/app/deploy.sh @@ -0,0 +1,70 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# -e: immediately exit if any command has a non-zero exit status +# -o: prevents errors in a pipeline from being masked +# IFS new value is less likely to cause confusing bugs when looping arrays or arguments (e.g. $@) + +usage() { echo "Usage: $0 -i -n -l " 1>&2; exit 1; } + +declare APP_ID=${APP_ID:=""} +declare APP_SECRET=${APP_SECRET:=""} +declare TENANT_ID=${TENANT_ID:=""} + +# Initialize parameters specified from command line +while getopts ":i:n:l:" arg; do + case "${arg}" in + i) + APP_ID=${OPTARG} + ;; + n) + APP_SECRET=${OPTARG} + ;; + l) + TENANT_ID=${OPTARG} + ;; + esac +done +shift $((OPTIND-1)) + +#Prompt for parameters is some required parameters are missing +if [[ -z "$APP_ID" ]]; then + echo "Enter your Application ID:" + read APP_ID + [[ "${APP_ID:?}" ]] +fi + +if [[ -z "$APP_SECRET" ]]; then + echo "Enter Application secret:" + read APP_SECRET +fi + +if [[ -z "$TENANT_ID" ]]; then + echo "Please enter your Tenant ID" + read TENANT_ID + [[ "${TENANT_ID:?}" ]] +fi + +if [[ (-z "$APP_ID") && (-z "$APP_SECRET") && (-z "$TENANT_ID") ]]; then + echo "Either one of Application ID or Application secret or Tenant ID is empty" + usage +fi + +#Login to azure using your credentials +echo "Login to Azure..." +az login --service-principal -u $APP_ID -p $APP_SECRET --tenant $TENANT_ID +set +e + +#Start deployment +echo "Starting deployment..." +( + [ "$DEBUG" == 'true' ] && set -x + terraform init + terraform apply +) + +if [ $? == 0 ]; + then + echo "Terraform Template has been successfully deployed" +fi diff --git a/app/main.tf b/app/main.tf new file mode 100644 index 0000000..eed62b9 --- /dev/null +++ b/app/main.tf @@ -0,0 +1,24 @@ +module "azure-provider" { + source = "./azure/provider" +} + +locals { + location_suffixes = { + centralus = "cus" + eastus = "eus" + eastus2 = "eus2" + westus = "wus" + northcentralus = "ncus" + southcentralus = "scus" + westcentralus = "wcus" + westus2 = "wus2" + } + + location_suffix = "${local.location_suffixes[var.location]}" + suffix = "${var.app_name}-${var.env}-${local.location_suffix}-${var.org}" +} + +resource "azurerm_resource_group" "rg_core" { + name = "rg-${local.suffix}" + location = "${var.location}" +} \ No newline at end of file diff --git a/app/variables.tf b/app/variables.tf new file mode 100644 index 0000000..be5e404 --- /dev/null +++ b/app/variables.tf @@ -0,0 +1,17 @@ +variable "location" { + type = "string" + description = "The name of the target location" +} +variable "env" { + type = "string", + description = "The short name of the target env (i.e. dev, staging, or prod)" +} +variable "org" { + type = "string", + description = "The short name of the organization" +} +variable "app_name" { + type = "string", + description = "The short name of the application" +} + From 41333f619b243515e9ad705ccebe6e973ec070b1 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Fri, 22 Mar 2019 10:28:36 -0400 Subject: [PATCH 06/20] #30 Adding AutoApprove --- app/deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/deploy.sh b/app/deploy.sh index d801a99..7fd86d7 100644 --- a/app/deploy.sh +++ b/app/deploy.sh @@ -61,7 +61,7 @@ echo "Starting deployment..." ( [ "$DEBUG" == 'true' ] && set -x terraform init - terraform apply + terraform apply -auto-approve ) if [ $? == 0 ]; From a79abab4c4873fcc7bdd2c9843e28d5eb977952d Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Fri, 22 Mar 2019 13:31:04 -0400 Subject: [PATCH 07/20] added link to the readme inside /app --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 29f7ebd..a08465b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,11 @@ -# Contributing +# Enterprise AppServicec Containers + +## Deployment Information + +- [App Service deployment](http://./app/README.md) + +## Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us From 0f08d4251da09164a98e3fbe1f192a628f6a370c Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Fri, 22 Mar 2019 16:05:14 -0500 Subject: [PATCH 08/20] Updated README to include instructions for setting up ACR and service principals. --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/README.md b/README.md index 29f7ebd..77a5d65 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,32 @@ +# Setup + +The artifacts used to deploy this project include bash scripts and Terraform templates. The sections below provide guidance to deploy this project into your Azure environment. + +> The setup instructions below assume the following requirements: +> - bash v4.0 (or newer) +> - Terraform v0.11.13 (or newer) + + +## Setup the Azure Container Registry and Service Principals + +1. Open a bash command prompt. +2. Navigate to the `./setup` folder. +3. Run `acr-sp-init.sh`. For example, the command below will provdision an Azure Container Registry (ACR) in East US and configure the two service principals in Azure Active Directory; one with AcrPush permission and another with AcrPull permission scoped to the ACR. The company name parameter ( `-c` ) is used to construct the name of the resource group, ACR, and service principals. + + ``` bash + $ ./acr-sp-init.sh -c Cobalt -l eastus + ``` + +## Setup Shared / Core Infrastructure + +> Coming soon! + +## Setup Application Infrastructure + +> Coming soon! + + # Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a From 861a1faf4e2c8afdf15e2a41aa5b89e943116318 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Fri, 22 Mar 2019 16:18:34 -0500 Subject: [PATCH 09/20] Added note to README regarding elevated permissions. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 77a5d65..736a359 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,9 @@ The artifacts used to deploy this project include bash scripts and Terraform tem $ ./acr-sp-init.sh -c Cobalt -l eastus ``` + > Note: The script configures service principals in Azure AD and therefore requires elevated privileges. As such, it is recommended that an interactive user with permissions to configure Azure AD run the script. + + ## Setup Shared / Core Infrastructure > Coming soon! From 74a26c574bd7b0bd7ace8ccbedab73164f030564 Mon Sep 17 00:00:00 2001 From: Charles Zipp Date: Mon, 25 Mar 2019 12:49:09 -0500 Subject: [PATCH 10/20] #31 added note to update bash on mac --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 736a359..00a0c1f 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ The artifacts used to deploy this project include bash scripts and Terraform tem > The setup instructions below assume the following requirements: > - bash v4.0 (or newer) +> - **NOTE FOR MAC!** The default version of bash installed on Mac is older than 4.0. Be sure to update bash using brew before executing the script. Instructions to update bash can be found [here](http://macappstore.org/bash/). > - Terraform v0.11.13 (or newer) From 56f8fe5cef36d7fc3ad5074b4e0ceecbcdbe21e8 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Mon, 25 Mar 2019 14:27:02 -0400 Subject: [PATCH 11/20] PR updates --- azure-pipelines.yml | 20 ------ cluster/README.md | 18 ----- cluster/azure/container_registry/main.tf | 18 ----- cluster/azure/container_registry/output.tf | 20 ------ cluster/azure/container_registry/variables.tf | 19 ----- cluster/azure/keyvault/main.tf | 26 ------- cluster/azure/keyvault/output.tf | 15 ---- cluster/azure/keyvault/variables.tf | 19 ----- cluster/azure/keyvault_permissions/main.tf | 25 ------- .../azure/keyvault_permissions/variables.tf | 58 --------------- cluster/azure/keyvault_policy/main.tf | 10 --- cluster/azure/keyvault_policy/outputs.tf | 3 - cluster/azure/keyvault_policy/variables.tf | 25 ------- cluster/azure/provider/main.tf | 11 --- cluster/deploy.sh | 70 ------------------- cluster/main.tf | 28 -------- cluster/variables.tf | 12 ---- {app => shared}/README.md | 2 +- {app => shared}/azure/provider/main.tf | 0 {app => shared}/deploy.sh | 0 {app => shared}/main.tf | 0 {app => shared}/variables.tf | 0 22 files changed, 1 insertion(+), 398 deletions(-) delete mode 100644 azure-pipelines.yml delete mode 100644 cluster/README.md delete mode 100644 cluster/azure/container_registry/main.tf delete mode 100644 cluster/azure/container_registry/output.tf delete mode 100644 cluster/azure/container_registry/variables.tf delete mode 100644 cluster/azure/keyvault/main.tf delete mode 100644 cluster/azure/keyvault/output.tf delete mode 100644 cluster/azure/keyvault/variables.tf delete mode 100644 cluster/azure/keyvault_permissions/main.tf delete mode 100644 cluster/azure/keyvault_permissions/variables.tf delete mode 100644 cluster/azure/keyvault_policy/main.tf delete mode 100644 cluster/azure/keyvault_policy/outputs.tf delete mode 100644 cluster/azure/keyvault_policy/variables.tf delete mode 100644 cluster/azure/provider/main.tf delete mode 100644 cluster/deploy.sh delete mode 100644 cluster/main.tf delete mode 100644 cluster/variables.tf rename {app => shared}/README.md (97%) rename {app => shared}/azure/provider/main.tf (100%) rename {app => shared}/deploy.sh (100%) rename {app => shared}/main.tf (100%) rename {app => shared}/variables.tf (100%) diff --git a/azure-pipelines.yml b/azure-pipelines.yml deleted file mode 100644 index 0c90e4e..0000000 --- a/azure-pipelines.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Starter pipeline -# Start with a minimal pipeline that you can customize to build and deploy your code. -# Add steps that build, run tests, deploy, and more: -# https://aka.ms/yaml - -trigger: -- tfglobal - -pool: - vmImage: 'Ubuntu-16.04' - -steps: -- script: echo Hello, world! - displayName: 'Run a one-line script' - -- script: | - echo Add other tasks to build, test, and deploy your project. - echo See https://aka.ms/yaml - displayName: 'Run a multi-line script' - diff --git a/cluster/README.md b/cluster/README.md deleted file mode 100644 index 9d43665..0000000 --- a/cluster/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Cluster deployment - -``` bash -$ cd cluster -$ sh ./deploy.sh -``` - -To stop the command line from prompting questions use a .env file with the following environmental variables: - -``` -export SUBSCRIPTION_ID=41e239-xxxx-xxxx-xxxx-dff8b1089s65a -export APP_ID=faxxxx-1fec-xxxx-xxxx-9845414d7214 -export APP_SECRET=fdwqwe131stuvqZ3too7ahZ3HRZWx3joEh7uA= -export TENANT_ID=7xxxx-86f1-41af-91ab-2d7cd011db47 -export RESOURCE_GROUP_LOCATON=eastus -export DEBUG=false -export DEPLOYMENT_NAME=mydeployment -``` diff --git a/cluster/azure/container_registry/main.tf b/cluster/azure/container_registry/main.tf deleted file mode 100644 index 788113c..0000000 --- a/cluster/azure/container_registry/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -module "azure-provider" { - source = "../provider" -} - -resource "azurerm_resource_group" "container_registry" { - name = "${var.resource_group_name}" - location = "${var.location}" -} - -resource "azurerm_container_registry" "container_registry" { - name = "${var.container_registry_name}" - location = "${azurerm_resource_group.container_registry.location}" - resource_group_name = "${azurerm_resource_group.container_registry.name}" - admin_enabled = true - sku { - name = "${var.container_registry_sku}" - } -} diff --git a/cluster/azure/container_registry/output.tf b/cluster/azure/container_registry/output.tf deleted file mode 100644 index e5a5881..0000000 --- a/cluster/azure/container_registry/output.tf +++ /dev/null @@ -1,20 +0,0 @@ - -output "container_registry_id" { - description = "The id of the Container Registry" - value = "${azurerm_container_registry.container_registry.id}" -} - -output "container_registry_login_server" { - description = "The login server of the Container Registry" - value = "${azurerm_container_registry.container_registry.login_server}" -} - -output "container_registry_admin_username" { - description = "The Username  of the Container Registry" - value = "${azurerm_container_registry.container_registry.admin_username}" -} - -output "container_registry_admin_password" { - description = "The password of the Container Registry" - value = "${azurerm_container_registry.container_registry.admin_password}" -} \ No newline at end of file diff --git a/cluster/azure/container_registry/variables.tf b/cluster/azure/container_registry/variables.tf deleted file mode 100644 index 66eec4a..0000000 --- a/cluster/azure/container_registry/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "container_registry_name" { - description = "Name of the Azure Container Registry to be created" - default = "acctcontainer_registry" -} - -variable "container_registry_sku" { - description = "SKU of the Azure Container Registry to create" - default = "Basic" -} - -variable "resource_group_name" { - description = "Default resource group name that the network will be created in." - default = "myapp-rg" -} - -variable "location" { - description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions" - type = "string" -} diff --git a/cluster/azure/keyvault/main.tf b/cluster/azure/keyvault/main.tf deleted file mode 100644 index 19a586f..0000000 --- a/cluster/azure/keyvault/main.tf +++ /dev/null @@ -1,26 +0,0 @@ -module "azure-provider" { - source = "../provider" -} - -resource "azurerm_resource_group" "keyvault" { - name = "${var.resource_group_name}" - location = "${var.location}" -} - -data "azurerm_client_config" "current" {} - -resource "azurerm_key_vault" "keyvault" { - name = "${var.keyvault_name}" - location = "${azurerm_resource_group.keyvault.location}" - resource_group_name = "${azurerm_resource_group.keyvault.name}" - tenant_id = "${data.azurerm_client_config.current.tenant_id}" - - sku { - name = "${var.keyvault_sku}" - } - - network_acls { - default_action = "Allow" - bypass = "AzureServices" - } -} diff --git a/cluster/azure/keyvault/output.tf b/cluster/azure/keyvault/output.tf deleted file mode 100644 index c53d257..0000000 --- a/cluster/azure/keyvault/output.tf +++ /dev/null @@ -1,15 +0,0 @@ - -output "keyvault_id" { - description = "The id of the Keyvault" - value = "${azurerm_key_vault.keyvault.id}" -} - -output "keyvault_uri" { - description = "The uri of the keyvault" - value = "${azurerm_key_vault.keyvault.vault_uri}" -} - -output "keyvault_name" { - description = "The name of the Keyvault" - value = "${azurerm_key_vault.keyvault.name}" -} \ No newline at end of file diff --git a/cluster/azure/keyvault/variables.tf b/cluster/azure/keyvault/variables.tf deleted file mode 100644 index 741bb86..0000000 --- a/cluster/azure/keyvault/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "keyvault_name" { - description = "Name of the keyvault to create" - default = "acctkeyvault" -} - -variable "keyvault_sku" { - description = "SKU of the keyvault to create" - default = "standard" -} - -variable "resource_group_name" { - description = "Default resource group name that the network will be created in." - default = "myapp-rg" -} - -variable "location" { - description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions" - type = "string" -} diff --git a/cluster/azure/keyvault_permissions/main.tf b/cluster/azure/keyvault_permissions/main.tf deleted file mode 100644 index 851d315..0000000 --- a/cluster/azure/keyvault_permissions/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -provider "null" { - version = "~>2.0.0" -} - -data "azuread_service_principal" "user" { - application_id = "${var.service_principal_id}" -} - -resource "azurerm_role_assignment" "user" { - principal_id = "${data.azuread_service_principal.user.id}" - role_definition_name = "${var.user_role_assignment_role}" - scope = "/subscriptions/${var.subscription_id}/resourcegroups/${var.resource_group_name}/providers/Microsoft.KeyVault/vaults/${var.keyvault_name}" -} - -resource "azurerm_key_vault_access_policy" "user" { - vault_name = "${var.keyvault_name}" - resource_group_name = "${var.resource_group_name}" - - tenant_id = "${var.tenant_id}" - object_id = "${data.azuread_service_principal.user.id}" - - key_permissions = "${var.user_keyvault_key_permissions}" - secret_permissions = "${var.user_keyvault_secret_permissions}" - certificate_permissions = "${var.user_keyvault_certificate_permissions}" -} diff --git a/cluster/azure/keyvault_permissions/variables.tf b/cluster/azure/keyvault_permissions/variables.tf deleted file mode 100644 index 61a8431..0000000 --- a/cluster/azure/keyvault_permissions/variables.tf +++ /dev/null @@ -1,58 +0,0 @@ -variable "resource_group_name" { - type = "string" -} - -variable "service_principal_id" { - type = "string" -} - -variable "service_principal_secret" { - type = "string" -} - -variable "tenant_id" { - type = "string" -} - -variable "subscription_id" { - type = "string" -} - -variable "user_role_assignment_role" { - description = "The role to give the Azure service principal to access the keyvault" - type = "string" - default = "Reader" -} - -variable "user_keyvault_key_permissions" { - description = "Permissions that the Azure cluster has for accessing keys from KeyVault" - type = "list" - default = ["create", "delete", "get"] -} - -variable "user_keyvault_secret_permissions" { - description = "Permissions that the Azure cluster has for accessing secrets from KeyVault" - type = "list" - default = ["set", "delete", "get"] -} - -variable "user_keyvault_certificate_permissions" { - description = "Permissions that the Azure cluster has for accessing certificates from KeyVault" - type = "list" - default = ["create", "delete", "get"] -} - -variable "output_directory" { - type = "string" - default = "./output" -} - -variable "keyvault_name" { - description = "The name of the keyvault that will be associated with the flex volume." - type = "string" -} - -variable "keyvault_id" { - description = "The id of the keyvault that will be associated with the flex volume." - type = "string" -} diff --git a/cluster/azure/keyvault_policy/main.tf b/cluster/azure/keyvault_policy/main.tf deleted file mode 100644 index 675124d..0000000 --- a/cluster/azure/keyvault_policy/main.tf +++ /dev/null @@ -1,10 +0,0 @@ -resource "azurerm_key_vault_access_policy" "keyvault" { - vault_name = "${var.vault_name}" - resource_group_name = "${var.resource_group_name}" - - tenant_id = "${var.tenant_id}" - object_id = "${var.object_id}" - - key_permissions = "${var.key_permissions}" - secret_permissions = "${var.secret_permissions}" -} \ No newline at end of file diff --git a/cluster/azure/keyvault_policy/outputs.tf b/cluster/azure/keyvault_policy/outputs.tf deleted file mode 100644 index f7c80f9..0000000 --- a/cluster/azure/keyvault_policy/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "id" { - value = "${azurerm_key_vault_access_policy.keyvault.id}" -} \ No newline at end of file diff --git a/cluster/azure/keyvault_policy/variables.tf b/cluster/azure/keyvault_policy/variables.tf deleted file mode 100644 index 190687f..0000000 --- a/cluster/azure/keyvault_policy/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "vault_name" { - type = "string" -} - -variable "resource_group_name" { - type = "string" -} - -variable "tenant_id" { - type = "string" -} - -variable "object_id" { - type = "string" -} - -variable "key_permissions" { - type = "list" - default = ["create", "delete", "get"] -} - -variable "secret_permissions" { - type = "list" - default = ["delete", "get", "set"] -} \ No newline at end of file diff --git a/cluster/azure/provider/main.tf b/cluster/azure/provider/main.tf deleted file mode 100644 index 0143636..0000000 --- a/cluster/azure/provider/main.tf +++ /dev/null @@ -1,11 +0,0 @@ -provider "azurerm" { - version = "~>1.21.0" -} - -provider "null" { - version = "~>2.0.0" -} - -terraform { - required_version = "~> 0.11.11" -} diff --git a/cluster/deploy.sh b/cluster/deploy.sh deleted file mode 100644 index d801a99..0000000 --- a/cluster/deploy.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -set -euo pipefail -IFS=$'\n\t' - -# -e: immediately exit if any command has a non-zero exit status -# -o: prevents errors in a pipeline from being masked -# IFS new value is less likely to cause confusing bugs when looping arrays or arguments (e.g. $@) - -usage() { echo "Usage: $0 -i -n -l " 1>&2; exit 1; } - -declare APP_ID=${APP_ID:=""} -declare APP_SECRET=${APP_SECRET:=""} -declare TENANT_ID=${TENANT_ID:=""} - -# Initialize parameters specified from command line -while getopts ":i:n:l:" arg; do - case "${arg}" in - i) - APP_ID=${OPTARG} - ;; - n) - APP_SECRET=${OPTARG} - ;; - l) - TENANT_ID=${OPTARG} - ;; - esac -done -shift $((OPTIND-1)) - -#Prompt for parameters is some required parameters are missing -if [[ -z "$APP_ID" ]]; then - echo "Enter your Application ID:" - read APP_ID - [[ "${APP_ID:?}" ]] -fi - -if [[ -z "$APP_SECRET" ]]; then - echo "Enter Application secret:" - read APP_SECRET -fi - -if [[ -z "$TENANT_ID" ]]; then - echo "Please enter your Tenant ID" - read TENANT_ID - [[ "${TENANT_ID:?}" ]] -fi - -if [[ (-z "$APP_ID") && (-z "$APP_SECRET") && (-z "$TENANT_ID") ]]; then - echo "Either one of Application ID or Application secret or Tenant ID is empty" - usage -fi - -#Login to azure using your credentials -echo "Login to Azure..." -az login --service-principal -u $APP_ID -p $APP_SECRET --tenant $TENANT_ID -set +e - -#Start deployment -echo "Starting deployment..." -( - [ "$DEBUG" == 'true' ] && set -x - terraform init - terraform apply -) - -if [ $? == 0 ]; - then - echo "Terraform Template has been successfully deployed" -fi diff --git a/cluster/main.tf b/cluster/main.tf deleted file mode 100644 index cb41a6a..0000000 --- a/cluster/main.tf +++ /dev/null @@ -1,28 +0,0 @@ -module "azure-provider" { - source = "./azure/provider" -} - -# terraform { -# backend "azurerm" {} -# } - -locals { - location_suffixes = { - centralus = "cus" - eastus = "eus" - eastus2 = "eus2" - westus = "wus" - northcentralus = "ncus" - southcentralus = "scus" - westcentralus = "wcus" - westus2 = "wus2" - } - - location_suffix = "${local.location_suffixes[var.location]}" - suffix = "-core-${var.env}-${local.location_suffix}-${var.org}" -} - -resource "azurerm_resource_group" "rg_core" { - name = "rg${local.suffix}" - location = "${var.location}" -} \ No newline at end of file diff --git a/cluster/variables.tf b/cluster/variables.tf deleted file mode 100644 index be28765..0000000 --- a/cluster/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "location" { - type = "string" - description = "The name of the target location" -} -variable "env" { - type = "string", - description = "The short name of the target env (i.e. dev, staging, or prod)" -} -variable "org" { - type = "string", - description = "The short name of the organization" -} diff --git a/app/README.md b/shared/README.md similarity index 97% rename from app/README.md rename to shared/README.md index 367671c..f6bd916 100644 --- a/app/README.md +++ b/shared/README.md @@ -14,7 +14,7 @@ The following respources will be deployed ## Deployment ``` bash -$ sh ./deploy.sh +$ ./deploy.sh ``` To stop the command line from prompting questions use a .env file with the following environmental variables: diff --git a/app/azure/provider/main.tf b/shared/azure/provider/main.tf similarity index 100% rename from app/azure/provider/main.tf rename to shared/azure/provider/main.tf diff --git a/app/deploy.sh b/shared/deploy.sh similarity index 100% rename from app/deploy.sh rename to shared/deploy.sh diff --git a/app/main.tf b/shared/main.tf similarity index 100% rename from app/main.tf rename to shared/main.tf diff --git a/app/variables.tf b/shared/variables.tf similarity index 100% rename from app/variables.tf rename to shared/variables.tf From f933fb75892944f7003cfff63ddaf1c7475b7b68 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Mon, 25 Mar 2019 15:12:45 -0400 Subject: [PATCH 12/20] added new naming conventions --- shared/main.tf | 41 ++++++++++++++++++++++++++++++++--------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/shared/main.tf b/shared/main.tf index eed62b9..63327f2 100644 --- a/shared/main.tf +++ b/shared/main.tf @@ -4,16 +4,39 @@ module "azure-provider" { locals { location_suffixes = { - centralus = "cus" - eastus = "eus" - eastus2 = "eus2" - westus = "wus" - northcentralus = "ncus" - southcentralus = "scus" - westcentralus = "wcus" - westus2 = "wus2" + eastasia = "asea", + southeastasia = "assw", + centralus = "usce", + eastus = "usea", + eastus2 = "use2", + westus = "uswe", + westus2 = "usw2", + northcentralus = "usnc", + southcentralus = "ussc", + westcentralus = "uswc", + northeurope = "euno", + westeurope = "euwe", + japanwest = "jawe", + japaneast = "jaea", + brazilsouth = "brso", + australiaeast = "auea", + australiasoutheast = "ause", + southindia = "inso", + centralindia = "ince", + westindia = "inwe", + canadacentral = "cace", + canadaeast = "caea", + uksouth = "ukso", + ukwest = "ukwe", + koreacentral = "koce", + koreasouth = "koso", + francecentral = "frce", + francesouth = "frso", + australiacentral = "auce", + australiacentral2 = "auc2", + southafricanorth= "sano", + southafricawest = "sawe", } - location_suffix = "${local.location_suffixes[var.location]}" suffix = "${var.app_name}-${var.env}-${local.location_suffix}-${var.org}" } From 830561ca9894dde08bfa780efee0a0e08da93543 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Mon, 25 Mar 2019 15:15:46 -0400 Subject: [PATCH 13/20] Adding permissions to deploy.sh --- shared/deploy.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 shared/deploy.sh diff --git a/shared/deploy.sh b/shared/deploy.sh old mode 100644 new mode 100755 From ee151da4c88b5f5ff67bb103a2e2c59fccbf1603 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Mon, 25 Mar 2019 15:28:40 -0400 Subject: [PATCH 14/20] Removed the ./README.md --- README.md | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 README.md diff --git a/README.md b/README.md deleted file mode 100644 index a08465b..0000000 --- a/README.md +++ /dev/null @@ -1,20 +0,0 @@ - -# Enterprise AppServicec Containers - -## Deployment Information - -- [App Service deployment](http://./app/README.md) - -## Contributing - -This project welcomes contributions and suggestions. Most contributions require you to agree to a -Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us -the rights to use your contribution. For details, visit https://cla.microsoft.com. - -When you submit a pull request, a CLA-bot will automatically determine whether you need to provide -a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions -provided by the bot. You will only need to do this once across all repos using our CLA. - -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). -For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or -contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. From 9c9c7d8c154424c88a48c4655aae0e1910545c2f Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Mon, 25 Mar 2019 17:13:59 -0400 Subject: [PATCH 15/20] Update to Readme.md --- shared/README.md | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/shared/README.md b/shared/README.md index f6bd916..614b12e 100644 --- a/shared/README.md +++ b/shared/README.md @@ -1,9 +1,8 @@ -# App deployment +# Infrastructure deployment ## Requirements -- Azure Subscription -- Service Principal +- Azure Subscription User (with deployment rights) - [Terraform](https://www.terraform.io/downloads.html) ## Resources @@ -13,21 +12,37 @@ The following respources will be deployed ## Deployment +1. Authenticate using your Azure Principal or an Azure account with privileges to deploy resource groups. + ``` bash -$ ./deploy.sh +$ az login ``` +2. Execute the following commands: + +``` bash +$ cd ./shared +$ terraform init +$ terraform apply +``` + +## Environmental Variables + To stop the command line from prompting questions use a .env file with the following environmental variables: ``` -export SUBSCRIPTION_ID=41e239-xxxx-xxxx-xxxx-dff8b1089s65a -export APP_ID=faxxxx-1fec-xxxx-xxxx-9845414d7214 -export APP_SECRET=fxxxxxxxxxqZ3too7ahZ3HRZWx3joEh7uA= -export TENANT_ID=7xxxx-86f1-41af-91ab-2d7cd011db47 -export DEBUG=false -export DEPLOYMENT_NAME=mydeployment export TF_VAR_app_name=cblt export TF_VAR_org=cse export TF_VAR_env=dev export TF_VAR_location=eastus ``` + +Alternative use the variable.tf files in the directories and add the default key on the file as shown on the example below: + +``` json +variable "location" { + type = "string" + description = "The name of the target location" + default = "eastus" +} +``` \ No newline at end of file From 39918c43e2050de9acb7697d1943ddc66178a8f5 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Mon, 25 Mar 2019 17:16:39 -0400 Subject: [PATCH 16/20] removed deploy.sh on ./shared --- shared/deploy.sh | 70 ------------------------------------------------ 1 file changed, 70 deletions(-) delete mode 100755 shared/deploy.sh diff --git a/shared/deploy.sh b/shared/deploy.sh deleted file mode 100755 index 7fd86d7..0000000 --- a/shared/deploy.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -set -euo pipefail -IFS=$'\n\t' - -# -e: immediately exit if any command has a non-zero exit status -# -o: prevents errors in a pipeline from being masked -# IFS new value is less likely to cause confusing bugs when looping arrays or arguments (e.g. $@) - -usage() { echo "Usage: $0 -i -n -l " 1>&2; exit 1; } - -declare APP_ID=${APP_ID:=""} -declare APP_SECRET=${APP_SECRET:=""} -declare TENANT_ID=${TENANT_ID:=""} - -# Initialize parameters specified from command line -while getopts ":i:n:l:" arg; do - case "${arg}" in - i) - APP_ID=${OPTARG} - ;; - n) - APP_SECRET=${OPTARG} - ;; - l) - TENANT_ID=${OPTARG} - ;; - esac -done -shift $((OPTIND-1)) - -#Prompt for parameters is some required parameters are missing -if [[ -z "$APP_ID" ]]; then - echo "Enter your Application ID:" - read APP_ID - [[ "${APP_ID:?}" ]] -fi - -if [[ -z "$APP_SECRET" ]]; then - echo "Enter Application secret:" - read APP_SECRET -fi - -if [[ -z "$TENANT_ID" ]]; then - echo "Please enter your Tenant ID" - read TENANT_ID - [[ "${TENANT_ID:?}" ]] -fi - -if [[ (-z "$APP_ID") && (-z "$APP_SECRET") && (-z "$TENANT_ID") ]]; then - echo "Either one of Application ID or Application secret or Tenant ID is empty" - usage -fi - -#Login to azure using your credentials -echo "Login to Azure..." -az login --service-principal -u $APP_ID -p $APP_SECRET --tenant $TENANT_ID -set +e - -#Start deployment -echo "Starting deployment..." -( - [ "$DEBUG" == 'true' ] && set -x - terraform init - terraform apply -auto-approve -) - -if [ $? == 0 ]; - then - echo "Terraform Template has been successfully deployed" -fi From 22adc02f67ae6783ab3620594f9ca852d9c16300 Mon Sep 17 00:00:00 2001 From: Julio Colon Date: Tue, 26 Mar 2019 13:35:17 -0400 Subject: [PATCH 17/20] Added .env loading command and tf vars sample --- shared/README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/shared/README.md b/shared/README.md index 614b12e..0459001 100644 --- a/shared/README.md +++ b/shared/README.md @@ -37,6 +37,12 @@ export TF_VAR_env=dev export TF_VAR_location=eastus ``` +After saving the file set environment using: + +``` bash +. .env +``` + Alternative use the variable.tf files in the directories and add the default key on the file as shown on the example below: ``` json @@ -45,4 +51,20 @@ variable "location" { description = "The name of the target location" default = "eastus" } +variable "env" { + type = "string", + description = "The short name of the target env (i.e. dev, staging, or prod)" + defailt = "dev" +} +variable "org" { + type = "string", + description = "The short name of the organization" + default = "cse" +} +variable "app_name" { + type = "string", + description = "The short name of the application" + default = "cblt" +} + ``` \ No newline at end of file From e236c038d58812af0bfab179db5a79b8852a9ed7 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Wed, 27 Mar 2019 11:14:11 -0500 Subject: [PATCH 18/20] resolve merge conflict --- README.md | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..ee40f4a --- /dev/null +++ b/README.md @@ -0,0 +1,113 @@ + +# Setup + +The artifacts used to deploy this project include bash scripts and Terraform templates. The sections below provide guidance to deploy this project into your Azure environment. + +> The setup instructions below assume the following requirements: +> - bash v4.0 (or newer) +> - **NOTE FOR MAC!** The default version of bash installed on Mac is older than 4.0. Be sure to update bash using brew before executing the script. Instructions to update bash can be found [here](http://macappstore.org/bash/). +> - Terraform v0.11.13 (or newer) + + +## Setup the Azure Container Registry and Service Principals + +1. Open a bash command prompt. +2. Navigate to the `./setup` folder. +3. Run `acr-sp-init.sh`. For example, the command below will provdision an Azure Container Registry (ACR) in East US and configure the two service principals in Azure Active Directory; one with AcrPush permission and another with AcrPull permission scoped to the ACR. The company name parameter ( `-c` ) is used to construct the name of the resource group, ACR, and service principals. + + ``` bash + $ ./acr-sp-init.sh -c Cobalt -l eastus + ``` + + > Note: The script configures service principals in Azure AD and therefore requires elevated privileges. As such, it is recommended that an interactive user with permissions to configure Azure AD run the script. + + +## Setup Shared / Core Infrastructure + +### Requirements + +- Azure Subscription User (with deployment rights) +- [Terraform](https://www.terraform.io/downloads.html) + +### Resources + +The following respources will be deployed +- Azure Resource Group + +### Deployment + +1. Authenticate using your Azure Principal or an Azure account with privileges to deploy resource groups. + +``` bash +$ az login +``` + +2. Execute the following commands: + +``` bash +$ cd ./shared +$ terraform init +$ terraform apply +``` + +### Environmental Variables + +To stop the command line from prompting questions use a .env file with the following environmental variables: + +``` +export TF_VAR_app_name=cblt +export TF_VAR_org=cse +export TF_VAR_env=dev +export TF_VAR_location=eastus +``` + +After saving the file set environment using: + +``` bash +. .env +``` + +Alternative use the variable.tf files in the directories and add the default key on the file as shown on the example below: + +``` json +variable "location" { + type = "string" + description = "The name of the target location" + default = "eastus" +} +variable "env" { + type = "string", + description = "The short name of the target env (i.e. dev, staging, or prod)" + defailt = "dev" +} +variable "org" { + type = "string", + description = "The short name of the organization" + default = "cse" +} +variable "app_name" { + type = "string", + description = "The short name of the application" + default = "cblt" +} + +``` + +## Setup Application Infrastructure + +> Coming soon! + + +# Contributing + +This project welcomes contributions and suggestions. Most contributions require you to agree to a +Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us +the rights to use your contribution. For details, visit https://cla.microsoft.com. + +When you submit a pull request, a CLA-bot will automatically determine whether you need to provide +a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions +provided by the bot. You will only need to do this once across all repos using our CLA. + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or +contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. \ No newline at end of file From 16a2e7430d5ee4557f3876cca0db7ab40a05c3ce Mon Sep 17 00:00:00 2001 From: manojvazirani Date: Thu, 28 Mar 2019 11:17:08 -0400 Subject: [PATCH 19/20] Integrate review comment for new naming convention --- shared/README.md | 7 ++----- shared/cluster.tfvars | 5 ++--- shared/main.tf | 13 ++++++------- shared/variables.tf | 11 +++-------- 4 files changed, 13 insertions(+), 23 deletions(-) diff --git a/shared/README.md b/shared/README.md index 8fdeff7..fd6fb08 100644 --- a/shared/README.md +++ b/shared/README.md @@ -12,8 +12,6 @@ The following respources will be deployed - Azure Resource Group - Azure KeyVault - - ## Deployment 1. Authenticate using your Azure Principal or an Azure account with privileges to deploy resource groups. @@ -33,7 +31,6 @@ $ terraform apply To stop the command line from prompting questions use a .env file with the following environmental variables: ``` -export TF_VAR_resource_group_location=eastus -export TF_VAR_env=prod -export TF_VAR_org=myorg +export TF_VAR_location=eastus +export TF_VAR_company=myCompany ``` diff --git a/shared/cluster.tfvars b/shared/cluster.tfvars index 937b0ef..ccd240f 100644 --- a/shared/cluster.tfvars +++ b/shared/cluster.tfvars @@ -1,4 +1,3 @@ -resource_group_location="" -env="" -org="" +location="" +company="" keyvault_sku="" diff --git a/shared/main.tf b/shared/main.tf index 34ea41e..b3f09f3 100644 --- a/shared/main.tf +++ b/shared/main.tf @@ -42,21 +42,20 @@ locals { southafricawest = "sawe", } - location_suffix = "${local.location_suffixes[var.resource_group_location]}" - suffix = "-infra-${var.env}-${local.location_suffix}-${var.org}" + location_suffix = "${local.location_suffixes[var.location]}" } resource "azurerm_resource_group" "rg_core" { - name = "rg${local.suffix}" - location = "${var.resource_group_location}" + name = "core-${local.location_suffix}-rg-${var.company}" + location = "${var.location}" } data "azurerm_client_config" "current" {} resource "azurerm_key_vault" "keyvault" { - name = "kv${local.suffix}" - location = "${var.resource_group_location}" - resource_group_name = "rg${local.suffix}" + name = "core-${local.location_suffix}-kv-${var.company}" + location = "${var.location}" + resource_group_name = "${azurerm_resource_group.rg_core.name}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" depends_on = ["azurerm_resource_group.rg_core"] diff --git a/shared/variables.tf b/shared/variables.tf index 4f86ceb..5be65be 100644 --- a/shared/variables.tf +++ b/shared/variables.tf @@ -1,16 +1,11 @@ -variable "resource_group_location" { +variable "location" { type = "string" description = "The name of the target location" default = "eastus" } -variable "env" { +variable "company" { type = "string", - description = "The short name of the target env (i.e. dev, staging, or prod)" - default = "dev" -} -variable "org" { - type = "string", - description = "The short name of the organization" + description = "The short name of the company/app" default = "msft" } From 1cc4e0ccc52e13652e670eea7d93f58bbcbb3252 Mon Sep 17 00:00:00 2001 From: manojvazirani Date: Fri, 29 Mar 2019 11:25:02 -0400 Subject: [PATCH 20/20] Integrate review comments for spacing --- shared/main.tf | 64 +++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/shared/main.tf b/shared/main.tf index ed2c856..ac37742 100644 --- a/shared/main.tf +++ b/shared/main.tf @@ -8,45 +8,45 @@ terraform { locals { location_suffixes = { - eastasia = "asea", - southeastasia = "assw", - centralus = "usce", - eastus = "usea", - eastus2 = "use2", - westus = "uswe", - westus2 = "usw2", - northcentralus = "usnc", - southcentralus = "ussc", - westcentralus = "uswc", - northeurope = "euno", - westeurope = "euwe", - japanwest = "jawe", - japaneast = "jaea", - brazilsouth = "brso", - australiaeast = "auea", + eastasia = "asea", + southeastasia = "assw", + centralus = "usce", + eastus = "usea", + eastus2 = "use2", + westus = "uswe", + westus2 = "usw2", + northcentralus = "usnc", + southcentralus = "ussc", + westcentralus = "uswc", + northeurope = "euno", + westeurope = "euwe", + japanwest = "jawe", + japaneast = "jaea", + brazilsouth = "brso", + australiaeast = "auea", australiasoutheast = "ause", - southindia = "inso", - centralindia = "ince", - westindia = "inwe", - canadacentral = "cace", - canadaeast = "caea", - uksouth = "ukso", - ukwest = "ukwe", - koreacentral = "koce", - koreasouth = "koso", - francecentral = "frce", - francesouth = "frso", - australiacentral = "auce", - australiacentral2 = "auc2", - southafricanorth= "sano", - southafricawest = "sawe", + southindia = "inso", + centralindia = "ince", + westindia = "inwe", + canadacentral = "cace", + canadaeast = "caea", + uksouth = "ukso", + ukwest = "ukwe", + koreacentral = "koce", + koreasouth = "koso", + francecentral = "frce", + francesouth = "frso", + australiacentral = "auce", + australiacentral2 = "auc2", + southafricanorth = "sano", + southafricawest = "sawe", } location_suffix = "${local.location_suffixes[var.location]}" } resource "azurerm_resource_group" "rg_core" { - name = "core-${local.location_suffix}-rg-${var.company}" + name = "core-${local.location_suffix}-rg-${var.company}" location = "${var.location}" }