Terraform formatting (#1265)

* Terraform formatting * include other enviroments --------- Co-authored-by: Automatic Update <[email protected]>
equinor · Mar 27, 2024 · 27da9ea · 27da9ea
1 parent bf54eab
commit 27da9ea
Show file tree

Hide file tree

Showing 26 changed files with 102 additions and 97 deletions.
diff --git a/terraform/subscriptions/modules/active-clusters/main.tf b/terraform/subscriptions/modules/active-clusters/main.tf
@@ -4,11 +4,11 @@ data "azapi_resource_list" "clusters" {
   response_export_values = ["*"]
 }
 output "ids" {
-  value    = { for k, v in jsondecode(data.azapi_resource_list.clusters.output).value : v.name => v.id }
+  value = { for k, v in jsondecode(data.azapi_resource_list.clusters.output).value : v.name => v.id }
 }
 output "oidc_issuer_url" {
-  value    = { for k, v in jsondecode(data.azapi_resource_list.clusters.output).value : v.name => v.properties.oidcIssuerProfile.issuerURL }
+  value = { for k, v in jsondecode(data.azapi_resource_list.clusters.output).value : v.name => v.properties.oidcIssuerProfile.issuerURL }
 }
 output "data" {
-  value    = { for k, v in jsondecode(data.azapi_resource_list.clusters.output).value : v.name => v }
+  value = { for k, v in jsondecode(data.azapi_resource_list.clusters.output).value : v.name => v }
 }
diff --git a/terraform/subscriptions/modules/config/main.tf b/terraform/subscriptions/modules/config/main.tf
@@ -48,6 +48,6 @@ output "policy_aks_diagnostics_cluster" {
 }
 
 output "grafana_ar_reader_display_name" {
-  value = "radix-ar-grafana-logreader-extmon"
+  value       = "radix-ar-grafana-logreader-extmon"
   description = "App Registration created in tenant/entra/grafana.tf. Used by grafana to query Log Analytics Workspaces"
 }
diff --git a/terraform/subscriptions/modules/mssqldatabase/main.tf b/terraform/subscriptions/modules/mssqldatabase/main.tf
@@ -67,10 +67,11 @@ data "azurerm_storage_account" "this" {
   resource_group_name = var.common_resource_group
 }
 resource "azurerm_mssql_server_extended_auditing_policy" "this" {
-  server_id              = azurerm_mssql_server.sqlserver.id
-  storage_endpoint       = data.azurerm_storage_account.this.primary_blob_endpoint
-  retention_in_days      = 7
-  log_monitoring_enabled = false
+  server_id                       = azurerm_mssql_server.sqlserver.id
+  storage_endpoint                = data.azurerm_storage_account.this.primary_blob_endpoint
+  retention_in_days               = 7
+  log_monitoring_enabled          = false
+  storage_account_subscription_id = var.subscription
 
   // Creating the policy will fail if the role assignment is not made yet
   depends_on = [azurerm_role_assignment.auditlog]

diff --git a/terraform/subscriptions/modules/mssqldatabase/variables.tf b/terraform/subscriptions/modules/mssqldatabase/variables.tf
@@ -1,9 +1,14 @@
+variable "subscription" {
+  description = "The subscription ID"
+  type        = string
+}
+
 variable "administrator_login" {
   default = ""
   type    = string
 }
 variable "administrator_password" {
-  type = string
+  type    = string
   default = ""
 }
 variable "admin_adgroup" {

diff --git a/terraform/subscriptions/modules/networkmanager/main.tf b/terraform/subscriptions/modules/networkmanager/main.tf
@@ -6,6 +6,6 @@ resource "azurerm_network_manager" "networkmanager" {
   description         = "${var.subscription_shortname}-Azure Network Mananger - ${var.location}"
 
   scope {
-    subscription_ids = [var.subscription]
+    subscription_ids = ["/subscriptions/${var.subscription}"]
   }
 }
diff --git a/terraform/subscriptions/modules/policyassignment/main.tf b/terraform/subscriptions/modules/policyassignment/main.tf
@@ -3,7 +3,7 @@ resource "azurerm_subscription_policy_assignment" "assignment" {
   name                 = "Kubernetes-vnets-in-${var.enviroment}"
   location             = var.location
   policy_definition_id = var.policy_id
-  subscription_id      = var.subscription
+  subscription_id      = "/subscriptions/${var.subscription}"
   parameters           = jsonencode({})
   identity {
     identity_ids = []

diff --git a/terraform/subscriptions/modules/storageaccount/main.tf b/terraform/subscriptions/modules/storageaccount/main.tf
@@ -3,12 +3,12 @@
 # ###
 
 resource "azurerm_storage_account" "storageaccount" {
-  name                     = var.name
-  resource_group_name      = var.resource_group_name
-  location                 = var.location
-  account_kind             = var.kind
-  account_replication_type = var.account_replication_type
-  account_tier             = var.tier
+  name                            = var.name
+  resource_group_name             = var.resource_group_name
+  location                        = var.location
+  account_kind                    = var.kind
+  account_replication_type        = var.account_replication_type
+  account_tier                    = var.tier
   allow_nested_items_to_be_public = false
   default_to_oauth_authentication = true
 

diff --git a/terraform/subscriptions/modules/userassignedidentity/main.tf b/terraform/subscriptions/modules/userassignedidentity/main.tf
@@ -2,7 +2,7 @@ resource "azurerm_user_assigned_identity" "userassignedidentity" {
   name                = var.name
   location            = var.location
   resource_group_name = var.resource_group_name
-  tags = var.tags
+  tags                = var.tags
 }
 
 resource "azurerm_role_assignment" "this" {

diff --git a/terraform/subscriptions/modules/userassignedidentity/output.tf b/terraform/subscriptions/modules/userassignedidentity/output.tf
@@ -9,5 +9,5 @@ output "client-id" {
 }
 output "name" {
   description = "Name of the new user assigned identity"
-  value = azurerm_user_assigned_identity.userassignedidentity.name
+  value       = azurerm_user_assigned_identity.userassignedidentity.name
 }
diff --git a/terraform/subscriptions/modules/userassignedidentity/variables.tf b/terraform/subscriptions/modules/userassignedidentity/variables.tf
@@ -31,6 +31,6 @@ variable "federated_credentials" {
 }
 
 variable "tags" {
-  type = map(string)
+  type    = map(string)
   default = {}
 }
diff --git a/terraform/subscriptions/modules/virtualnetwork/main.tf b/terraform/subscriptions/modules/virtualnetwork/main.tf
@@ -10,7 +10,7 @@ resource "azurerm_subnet" "this" {
   resource_group_name  = "cluster-vnet-hub-${var.enviroment}"
   virtual_network_name = azurerm_virtual_network.vnet-hub.name
   address_prefixes     = ["10.0.0.0/18"]
-  service_endpoints    = ["Microsoft.Storage"]
+  service_endpoints    = ["Microsoft.Storage"] #["Microsoft.Storage"],"Microsoft.ContainerRegistry","Microsoft.KeyVault","Microsoft.Sql","Microsoft.Storage"]
 }
 
 resource "azurerm_private_dns_zone" "this" {

diff --git a/terraform/subscriptions/s940/c2/cost-allocation/main.tf b/terraform/subscriptions/s940/c2/cost-allocation/main.tf
@@ -26,6 +26,7 @@ module "mssql-database" {
   location                      = module.config.location
   public_network_access_enabled = true
   zone_redundant                = false
+  subscription                  = module.config.subscription
   tags = {
     displayName = "SqlServer"
   }
@@ -91,7 +92,7 @@ output "mi-client-id" {
 output "github-buildpush-workflow" {
   value = {
     client-id = module.github-workload-id.client-id
-    name = module.github-workload-id.name
+    name      = module.github-workload-id.name
   }
 }
 output "mi-writer" {

diff --git a/terraform/subscriptions/s940/c2/vulnerability-scanner/main.tf b/terraform/subscriptions/s940/c2/vulnerability-scanner/main.tf
@@ -24,6 +24,7 @@ module "mssql-database" {
   location                      = module.config.location
   public_network_access_enabled = true
   zone_redundant                = false
+  subscription                  = module.config.subscription
 
   admin_federated_credentials = {
     github-main = {
@@ -38,18 +39,18 @@ module "mssql-database" {
 }
 
 data "azurerm_container_registry" "acr" {
-  name = var.acr_name
+  name                = var.acr_name
   resource_group_name = "common-westeurope" # TODO: Fix module.config.common_resource_group
 }
 
 module "github-workload-id" {
-  source = "../../../modules/userassignedidentity"
-  name = "radix-id-vulnerability-scan-github-${module.config.environment}"
+  source              = "../../../modules/userassignedidentity"
+  name                = "radix-id-vulnerability-scan-github-${module.config.environment}"
   resource_group_name = module.resourcegroup.data.name
-  location = module.resourcegroup.data.location
+  location            = module.resourcegroup.data.location
   roleassignments = {
     contributor = {
-      role = "Contributor" # Needed to open firewall
+      role     = "Contributor" # Needed to open firewall
       scope_id = data.azurerm_container_registry.acr.id
     },
   }
@@ -83,7 +84,7 @@ output "mi-client-id" {
 output "github-buildpush-workflow" {
   value = {
     client-id = module.github-workload-id.client-id
-    name = module.github-workload-id.name
+    name      = module.github-workload-id.name
   }
 }
 output "mi-writer" {

diff --git a/terraform/subscriptions/s940/extmon/post-clusters/backend.tf b/terraform/subscriptions/s940/extmon/post-clusters/backend.tf
@@ -10,7 +10,7 @@ terraform {
   }
 
   backend "azurerm" {
-    tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
+    tenant_id       = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a"
     #client_id            = "043e5510-738f-4c30-8b9d-ee32578c7fe8"
     resource_group_name  = "s940-tfstate"

diff --git a/terraform/subscriptions/s940/prod/clusters/main.tf b/terraform/subscriptions/s940/prod/clusters/main.tf
@@ -43,16 +43,6 @@ module "radix_id_external_secrets_operator_mi" {
   }
 }
 
-module "policyassignment_resourcegroup" {
-  for_each             = module.resourcegroups
-  source               = "../../../modules/policyassignment_resourcegroup"
-  policy_name          = "Radix-Enforce-Diagnostics-AKS-Clusters"
-  location             = each.value["data"].location
-  resource_group_id    = each.value["data"].id
-  policy_definition_id = data.azurerm_policy_definition.policy_aks_cluster.id
-  identity_ids         = data.azurerm_user_assigned_identity.infrastructure_id.id
-  workspaceId          = data.azurerm_log_analytics_workspace.workspace.id
-}
 
 module "nsg" {
   source                     = "../../../modules/networksecuritygroup"

diff --git a/terraform/subscriptions/s940/prod/common/main.tf b/terraform/subscriptions/s940/prod/common/main.tf
@@ -60,3 +60,11 @@ module "storageaccount" {
   lifecyclepolicy          = each.value.lifecyclepolicy
 }
 
+output "mi_id" {
+  value = module.mi.data.id
+}
+
+output "workspace_id" {
+  value = module.loganalytics.workspace_id
+}
+
diff --git a/terraform/subscriptions/s940/prod/common/outputs.tf b/terraform/subscriptions/s940/prod/common/outputs.tf
diff --git a/terraform/subscriptions/s940/prod/cost-allocation/main.tf b/terraform/subscriptions/s940/prod/cost-allocation/main.tf
@@ -27,6 +27,7 @@ module "mssql-database" {
   public_network_access_enabled = true
   sku_name                      = "S3"
   zone_redundant                = false
+  subscription                  = module.config.subscription
   tags = {
     displayName = "SqlServer"
   }
@@ -92,7 +93,7 @@ output "mi-client-id" {
 output "github-buildpush-workflow" {
   value = {
     client-id = module.github-workload-id.client-id
-    name = module.github-workload-id.name
+    name      = module.github-workload-id.name
   }
 }
 output "mi-writer" {

diff --git a/terraform/subscriptions/s940/prod/networkmanager/main.tf b/terraform/subscriptions/s940/prod/networkmanager/main.tf
@@ -1,5 +1,12 @@
+module "config" {
+  source = "../../../modules/config"
+}
+
 
-data "azurerm_subscription" "current" {}
+data "azurerm_virtual_network" "this" {
+  name                = "vnet-hub"
+  resource_group_name = "cluster-vnet-hub-prod"
+}
 
 # resource "azurerm_network_manager" "networkmanager" {
 #   name                = "${local.external_outputs.common.shared.AZ_SUBSCRIPTION_SHORTNAME}-ANVM"
@@ -16,30 +23,30 @@ data "azurerm_subscription" "current" {}
 module "azurerm_network_manager" {
   source                 = "../../../modules/networkmanager"
   subscription_shortname = local.external_outputs.global.data.subscription_shortname
-  location               = local.external_outputs.common.data.location
-  resource_group         = local.external_outputs.clusters.data.resource_group
-  subscription           = data.azurerm_subscription.current.id
+  location               = module.config.location
+  resource_group         = "clusters"
+  subscription           = module.config.subscription
 }
 
 module "azurerm_network_manager_network_group" {
   source             = "../../../modules/networkmanager_networkgroup"
-  enviroment         = local.external_outputs.clusters.data.enviroment
+  enviroment         = "prod"
   network_manager_id = module.azurerm_network_manager.data.id
 }
 
 module "azurerm_network_manager_connectivity_configuration" {
   source             = "../../../modules/networkmanager_connectivity"
-  enviroment         = local.external_outputs.clusters.data.enviroment
-  network_manager_id = local.external_outputs.networkmanager.data.id
+  enviroment         = "prod"
+  network_manager_id = module.azurerm_network_manager.data.id
   network_group_id   = module.azurerm_network_manager_network_group.data.id
-  vnethub_id         = local.external_outputs.virtualnetwork.data.vnet_hub.id
+  vnethub_id         = data.azurerm_virtual_network.this.id
 }
 
 resource "azurerm_policy_definition" "policy" {
-  name         = "Kubernetes-vnets-in-${local.external_outputs.clusters.data.enviroment}"
+  name         = "Kubernetes-vnets-in-prod"
   policy_type  = "Custom"
   mode         = "Microsoft.Network.Data"
-  display_name = "Kubernetes vnets in ${local.external_outputs.clusters.data.enviroment}"
+  display_name = "Kubernetes vnets in prod"
 
   metadata = <<METADATA
     {
@@ -60,15 +67,11 @@ METADATA
           "allOf": [
             {
               "value": "[resourceGroup().Name]",
-              "contains": "${local.external_outputs.clusters.data.resource_group}"
+              "contains": "clusters"
             },
             {
               "field": "location",
-              "contains": "${local.external_outputs.clusters.data.location}"
-            },
-            {
-              "field": "Name",
-              "notcontains": "${local.policy_notcontains_name}"
+              "contains": "${module.config.location}"
             }
           ]
         }
@@ -77,7 +80,7 @@ METADATA
     "then": {
       "effect": "addToNetworkGroup",
       "details": {
-        "networkGroupId": "/subscriptions/${local.external_outputs.global.data.subscription_id}/resourceGroups/clusters/providers/Microsoft.Network/networkManagers/${local.external_outputs.global.data.subscription_shortname}-ANVM/networkGroups/${local.external_outputs.clusters.data.enviroment}"
+        "networkGroupId": "/subscriptions/${module.config.subscription}/resourceGroups/clusters/providers/Microsoft.Network/networkManagers/S940-ANVM/networkGroups/prod"
       }
     }
   }
@@ -86,10 +89,8 @@ METADATA
 
 module "azurerm_subscription_policy_assignment" {
   source       = "../../../modules/policyassignment"
-  enviroment   = local.external_outputs.clusters.data.enviroment
-  location     = local.external_outputs.common.data.location
+  enviroment   = "prod"
+  location     = module.config.location
   policy_id    = azurerm_policy_definition.policy.id
-  subscription = data.azurerm_subscription.current.id
-}
-
-
+  subscription = module.config.subscription
+}
diff --git a/terraform/subscriptions/s940/prod/virtualnetwork/main.tf b/terraform/subscriptions/s940/prod/virtualnetwork/main.tf
@@ -1,13 +1,20 @@
+module "config" {
+  source = "../../../modules/config"
+}
+
 module "resourcegroups" {
-  for_each = toset(var.resource_groups)
   source   = "../../../modules/resourcegroups"
-  name     = "${each.value}-${local.external_outputs.common.data.enviroment}"
-  location = local.external_outputs.common.data.location
+  name     = "cluster-vnet-hub-prod"
+  location = module.config.location
 }
 
 module "azurerm_virtual_network" {
   source     = "../../../modules/virtualnetwork"
-  location   = local.external_outputs.common.data.location
-  enviroment = local.external_outputs.common.data.enviroment
+  location   = module.config.location
+  enviroment = "prod"
   depends_on = [module.resourcegroups]
 }
+
+output "vnet_hub_id" {
+  value = module.azurerm_virtual_network.data.vnet_hub.id
+}
diff --git a/terraform/subscriptions/s940/prod/virtualnetwork/outputs.tf b/terraform/subscriptions/s940/prod/virtualnetwork/outputs.tf