From 52e08f8009029582fae61841fb80e1caa2db8343 Mon Sep 17 00:00:00 2001 From: Svein-Petter Johnsen <83902071+sveinpj@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:09:05 +0100 Subject: [PATCH] StorageAccount module and dependencies (#1147) * StorageAccount module and dependencies * Richard format * move storageaccount name from key to object value * update --------- Co-authored-by: Automatic Update Co-authored-by: Richard Hagen --- .../modules/backupvaults/main.tf | 37 ++++++++ .../modules/backupvaults/output.tf | 7 ++ .../modules/backupvaults/variables.tf | 17 ++++ .../modules/key-vault/outputs.tf | 4 +- .../modules/log-analytics/main.tf | 3 + .../modules/network_publicipprefix/output.tf | 2 +- .../network_publicipprefix/variables.tf | 10 +-- .../networkmanager_connectivity/output.tf | 2 +- .../modules/networksecuritygroup/output.tf | 2 +- .../modules/networksecuritygroup/variables.tf | 14 +-- .../modules/policyassignment/output.tf | 2 +- .../modules/resourcegroups/output.tf | 2 +- .../modules/storageaccount/input.tf | 9 ++ .../modules/storageaccount/main.tf | 64 +++++++++++++ .../modules/storageaccount/output.tf | 4 + .../modules/storageaccount/variables.tf | 89 +++++++++++++++++++ .../subscriptions/s940/c2/key-vault/main.tf | 2 +- .../subscriptions/s941/dev/clusters/input.tf | 10 +-- .../subscriptions/s941/dev/clusters/main.tf | 10 +-- .../s941/dev/clusters/variables.tf | 14 +-- .../subscriptions/s941/dev/common/input.tf | 19 ++++ .../subscriptions/s941/dev/common/main.tf | 42 +++++++++ .../s941/dev/common/variables.tf | 31 +++++++ .../s941/dev/key-vault/inputs.tf | 2 +- .../subscriptions/s941/dev/key-vault/main.tf | 1 - .../s941/dev/networkmanager/inputs.tf | 4 +- .../s941/dev/userassignedidentity/main.tf | 2 +- terraform/subscriptions/s941/globals/input.tf | 2 +- .../s941/playground/common/input.tf | 19 ++++ .../s941/playground/common/main.tf | 6 ++ .../s941/playground/common/variables.tf | 4 + .../s941/playground/networkmanager/inputs.tf | 2 +- 32 files changed, 395 insertions(+), 43 deletions(-) create mode 100644 terraform/subscriptions/modules/backupvaults/main.tf create mode 100644 terraform/subscriptions/modules/backupvaults/output.tf create mode 100644 terraform/subscriptions/modules/backupvaults/variables.tf create mode 100644 terraform/subscriptions/modules/storageaccount/input.tf create mode 100644 terraform/subscriptions/modules/storageaccount/main.tf create mode 100644 terraform/subscriptions/modules/storageaccount/output.tf create mode 100644 terraform/subscriptions/modules/storageaccount/variables.tf create mode 100644 terraform/subscriptions/s941/dev/common/input.tf create mode 100644 terraform/subscriptions/s941/dev/common/main.tf create mode 100644 terraform/subscriptions/s941/dev/common/variables.tf create mode 100644 terraform/subscriptions/s941/playground/common/input.tf create mode 100644 terraform/subscriptions/s941/playground/common/main.tf create mode 100644 terraform/subscriptions/s941/playground/common/variables.tf diff --git a/terraform/subscriptions/modules/backupvaults/main.tf b/terraform/subscriptions/modules/backupvaults/main.tf new file mode 100644 index 000000000..10654abd8 --- /dev/null +++ b/terraform/subscriptions/modules/backupvaults/main.tf @@ -0,0 +1,37 @@ +####################################################################################### +### Protection Vault +### + +resource "azurerm_data_protection_backup_vault" "backupvault" { + name = var.name + resource_group_name = var.resource_group_name + location = var.location + datastore_type = "VaultStore" + redundancy = "LocallyRedundant" + + identity { + type = "SystemAssigned" + } +} + +####################################################################################### +### Protection Backup Policy +### + +resource "azurerm_data_protection_backup_policy_blob_storage" "policyblobstorage" { + name = var.policyblobstoragename + vault_id = azurerm_data_protection_backup_vault.backupvault.id + retention_duration = "P30D" +} + +####################################################################################### +### Lock +### + +resource "azurerm_management_lock" "backupvault" { + name = "${var.name}-lock" + scope = azurerm_data_protection_backup_vault.backupvault.id + lock_level = "CanNotDelete" + notes = "To prevent ${var.name} from being deleted" + depends_on = [azurerm_data_protection_backup_vault.backupvault] +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/backupvaults/output.tf b/terraform/subscriptions/modules/backupvaults/output.tf new file mode 100644 index 000000000..499b38fa8 --- /dev/null +++ b/terraform/subscriptions/modules/backupvaults/output.tf @@ -0,0 +1,7 @@ +output "data" { + description = "The ID of backupvaults." + value = { + "backupvault" = azurerm_data_protection_backup_vault.backupvault + "policyblobstorage" = azurerm_data_protection_backup_policy_blob_storage.policyblobstorage + } +} diff --git a/terraform/subscriptions/modules/backupvaults/variables.tf b/terraform/subscriptions/modules/backupvaults/variables.tf new file mode 100644 index 000000000..3a926c3d1 --- /dev/null +++ b/terraform/subscriptions/modules/backupvaults/variables.tf @@ -0,0 +1,17 @@ +variable "name" { + description = "Specifies the name of the Backup Vault" + type = string +} + +variable "resource_group_name" { + description = "The name of the Resource Group where the Backup Vault should exist" +} + +variable "location" { + description = "The Azure Region where the Backup Vault should exist." +} + +variable "policyblobstoragename" { + description = "he name which should be used for this Backup Policy Blob Storage." + +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/key-vault/outputs.tf b/terraform/subscriptions/modules/key-vault/outputs.tf index df2b2a09f..bbdc0a618 100644 --- a/terraform/subscriptions/modules/key-vault/outputs.tf +++ b/terraform/subscriptions/modules/key-vault/outputs.tf @@ -1,9 +1,9 @@ output "data" { description = "The ID of this Key vault." # value = azurerm_key_vault.this.id - value = { + value = { "vault_id" = module.kv.vault_id -} + } } # output "vault_name" { diff --git a/terraform/subscriptions/modules/log-analytics/main.tf b/terraform/subscriptions/modules/log-analytics/main.tf index 7b305eb52..c85a43d45 100644 --- a/terraform/subscriptions/modules/log-analytics/main.tf +++ b/terraform/subscriptions/modules/log-analytics/main.tf @@ -5,4 +5,7 @@ module "la" { location = var.location retention_in_days = var.retention_in_days local_authentication_disabled = var.local_authentication_disabled + } + + diff --git a/terraform/subscriptions/modules/network_publicipprefix/output.tf b/terraform/subscriptions/modules/network_publicipprefix/output.tf index 3ee6c2223..9ae06cd07 100644 --- a/terraform/subscriptions/modules/network_publicipprefix/output.tf +++ b/terraform/subscriptions/modules/network_publicipprefix/output.tf @@ -1,4 +1,4 @@ output "data" { description = "publicipprefix" - value = azurerm_public_ip_prefix.publicipprefix + value = azurerm_public_ip_prefix.publicipprefix } \ No newline at end of file diff --git a/terraform/subscriptions/modules/network_publicipprefix/variables.tf b/terraform/subscriptions/modules/network_publicipprefix/variables.tf index 2248168ff..360feab20 100644 --- a/terraform/subscriptions/modules/network_publicipprefix/variables.tf +++ b/terraform/subscriptions/modules/network_publicipprefix/variables.tf @@ -1,20 +1,20 @@ variable "resource_group_name" { description = "The name of the resource group in which to create the Public IP Prefix" - type = string + type = string } variable "publicipprefixname" { description = "Specifies the name of the Public IP Prefix resource" - type = string + type = string } variable "location" { description = "Specifies the supported Azure location where the resource exists." - type = string + type = string } variable "zones" { description = "Specifies a list of Availability Zones in which this Public IP Prefix should be located." - type = list(string) - default = [] + type = list(string) + default = [] } \ No newline at end of file diff --git a/terraform/subscriptions/modules/networkmanager_connectivity/output.tf b/terraform/subscriptions/modules/networkmanager_connectivity/output.tf index 5c852393c..67cb16cdb 100644 --- a/terraform/subscriptions/modules/networkmanager_connectivity/output.tf +++ b/terraform/subscriptions/modules/networkmanager_connectivity/output.tf @@ -1,4 +1,4 @@ output "data" { description = "Networkmanager connectivity" - value = azurerm_network_manager_connectivity_configuration.config + value = azurerm_network_manager_connectivity_configuration.config } \ No newline at end of file diff --git a/terraform/subscriptions/modules/networksecuritygroup/output.tf b/terraform/subscriptions/modules/networksecuritygroup/output.tf index b47d85267..d0110ffee 100644 --- a/terraform/subscriptions/modules/networksecuritygroup/output.tf +++ b/terraform/subscriptions/modules/networksecuritygroup/output.tf @@ -1,4 +1,4 @@ output "data" { description = "Networks securitygroup" - value = azurerm_network_security_group.networksecuritygroup + value = azurerm_network_security_group.networksecuritygroup } \ No newline at end of file diff --git a/terraform/subscriptions/modules/networksecuritygroup/variables.tf b/terraform/subscriptions/modules/networksecuritygroup/variables.tf index d5de0b012..a1a5c78f2 100644 --- a/terraform/subscriptions/modules/networksecuritygroup/variables.tf +++ b/terraform/subscriptions/modules/networksecuritygroup/variables.tf @@ -1,19 +1,19 @@ variable "resource_group_name" { - description = "The name of the resource group in which to create the network security group" - type = string + description = "The name of the resource group in which to create the network security group" + type = string } variable "location" { - description = "Specifies the supported Azure location where the resource exists" - type = string + description = "Specifies the supported Azure location where the resource exists" + type = string } variable "networksecuritygroupname" { - description = "Specifies the name of the network security group" - type = string + description = "Specifies the name of the network security group" + type = string } variable "destination_address_prefix" { description = "List of destination address prefixes." - type = string + type = string } \ No newline at end of file diff --git a/terraform/subscriptions/modules/policyassignment/output.tf b/terraform/subscriptions/modules/policyassignment/output.tf index da233df25..98477bb25 100644 --- a/terraform/subscriptions/modules/policyassignment/output.tf +++ b/terraform/subscriptions/modules/policyassignment/output.tf @@ -1,4 +1,4 @@ output "data" { description = "Policy Assignment" - value = azurerm_subscription_policy_assignment.assignment + value = azurerm_subscription_policy_assignment.assignment } \ No newline at end of file diff --git a/terraform/subscriptions/modules/resourcegroups/output.tf b/terraform/subscriptions/modules/resourcegroups/output.tf index 207502df3..a6d67972c 100644 --- a/terraform/subscriptions/modules/resourcegroups/output.tf +++ b/terraform/subscriptions/modules/resourcegroups/output.tf @@ -1,4 +1,4 @@ output "data" { description = "resourcegroup" - value = azurerm_resource_group.resourcegroup + value = azurerm_resource_group.resourcegroup } \ No newline at end of file diff --git a/terraform/subscriptions/modules/storageaccount/input.tf b/terraform/subscriptions/modules/storageaccount/input.tf new file mode 100644 index 000000000..86cee1ab8 --- /dev/null +++ b/terraform/subscriptions/modules/storageaccount/input.tf @@ -0,0 +1,9 @@ +locals { + flattened_config = { + for key, value in var.roleassignment : key => { + backup = value.backup + kind = var.kind + + } + } +} diff --git a/terraform/subscriptions/modules/storageaccount/main.tf b/terraform/subscriptions/modules/storageaccount/main.tf new file mode 100644 index 000000000..2da25d28d --- /dev/null +++ b/terraform/subscriptions/modules/storageaccount/main.tf @@ -0,0 +1,64 @@ +# ####################################################################################### +# ### Storage Account +# ### + +resource "azurerm_storage_account" "storageaccount" { + name = var.name + resource_group_name = var.resource_group_name + location = var.location + account_kind = var.kind + account_replication_type = var.account_replication_type + account_tier = var.tier + dynamic "blob_properties" { + for_each = var.kind == "BlobStorage" || var.kind == "Storage" ? [1] : [] + content { + change_feed_enabled = var.change_feed_enabled + versioning_enabled = var.versioning_enabled + change_feed_retention_in_days = var.change_feed_retention_in_days + + dynamic "container_delete_retention_policy" { + for_each = var.container_delete_retention_policy == true ? [30] : [] + content { + days = container_delete_retention_policy.value + } + } + } + } + + tags = { + environment = var.environment + } +} + +# ####################################################################################### +# ### Role assignment from Backup Vault to Storage Account +# ### + +resource "azurerm_role_assignment" "roleassignment" { + for_each = { + for key in compact([for key, value in local.flattened_config : value.backup && value.kind == "StorageV2" ? key : ""]) : key => + local.flattened_config[key] + } + scope = azurerm_storage_account.storageaccount.id + role_definition_name = each.key + principal_id = var.principal_id + depends_on = [azurerm_storage_account.storageaccount] +} + +###################################################################################### +## Blob Protection +## + +resource "azurerm_data_protection_backup_instance_blob_storage" "backupinstanceblobstorage" { + for_each = { + for key in compact([for key, value in local.flattened_config : value.backup && value.kind == "StorageV2" ? key : ""]) : key => + local.flattened_config[key] + } + name = azurerm_storage_account.storageaccount.name + vault_id = var.vault_id + location = var.location + storage_account_id = azurerm_storage_account.storageaccount.id + backup_policy_id = var.policyblobstorage_id + depends_on = [azurerm_role_assignment.roleassignment] +} + diff --git a/terraform/subscriptions/modules/storageaccount/output.tf b/terraform/subscriptions/modules/storageaccount/output.tf new file mode 100644 index 000000000..a8d4cdf63 --- /dev/null +++ b/terraform/subscriptions/modules/storageaccount/output.tf @@ -0,0 +1,4 @@ +output "data" { + description = "storageaccount" + value = azurerm_storage_account.storageaccount +} diff --git a/terraform/subscriptions/modules/storageaccount/variables.tf b/terraform/subscriptions/modules/storageaccount/variables.tf new file mode 100644 index 000000000..15ec60578 --- /dev/null +++ b/terraform/subscriptions/modules/storageaccount/variables.tf @@ -0,0 +1,89 @@ +variable "name" { + description = "Specifies the name of the storage account. Only lowercase Alphanumeric characters allowed" + type = string +} + +variable "resource_group_name" { + description = "The name of the resource group in which to create the storage account" + type = string +} + +variable "location" { + description = "Specifies the supported Azure location where the resource exists" + type = string +} + +variable "environment" { + description = "A mapping of tags to assign to the resource." +} + +variable "tier" { + description = "Defines the Tier to use for this storage account. Valid options are Standard and Premium" + type = string +} + +variable "account_replication_type" { + description = "Defines the type of replication to use for this storage account" + type = string +} + +variable "kind" { + description = "Defines the Kind of account" + type = string +} + +variable "change_feed_enabled" { + description = "Is the blob service properties for change feed events enabled?" + type = bool + default = false +} + +variable "versioning_enabled" { + description = " Is versioning enabled?" + type = bool + default = false +} + +variable "change_feed_retention_in_days" { + description = "The duration of change feed events retention in days" + type = number + default = 7 +} + +variable "container_delete_retention_policy" { + description = "Specifies the number of days that the container should be retained" + type = number + default = 30 +} + + +variable "principal_id" { + description = "The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to" + type = string +} + +variable "roleassignment" { + description = "Other role assignments to be added to this key vault" + type = map(object({ + backup = bool + })) + default = {} +} + +variable "backupinstanceblobstorage" { + description = "Other role assignments to be added to this key vault" + type = map(object({ + backup = bool + })) + default = {} +} + +variable "vault_id" { + description = "The ID of the Backup Vault" + type = string +} + +variable "policyblobstorage_id" { + description = "The ID of the Backup Policy." + type = string +} \ No newline at end of file diff --git a/terraform/subscriptions/s940/c2/key-vault/main.tf b/terraform/subscriptions/s940/c2/key-vault/main.tf index 31153905e..90a4773c2 100644 --- a/terraform/subscriptions/s940/c2/key-vault/main.tf +++ b/terraform/subscriptions/s940/c2/key-vault/main.tf @@ -21,7 +21,7 @@ module "keyvault" { network_acls_default_action = local.key_vault.network_acls_default_action access_policies = local.key_vault.access_policies depends_on = [module.loganalytics] - + } resource "azurerm_management_lock" "loganalytics" { diff --git a/terraform/subscriptions/s941/dev/clusters/input.tf b/terraform/subscriptions/s941/dev/clusters/input.tf index db45524f4..e5b596f9c 100644 --- a/terraform/subscriptions/s941/dev/clusters/input.tf +++ b/terraform/subscriptions/s941/dev/clusters/input.tf @@ -1,11 +1,11 @@ locals { - flattened_clusters = { for key, value in var.clusters : key => { - name = key - resource_group_name = value.resource_group_name + name = key + resource_group_name = value.resource_group_name + location = value.location + destination_address_prefix = value.destination_address_prefix } - } - + } } diff --git a/terraform/subscriptions/s941/dev/clusters/main.tf b/terraform/subscriptions/s941/dev/clusters/main.tf index 5f99f93f3..bee966ad1 100644 --- a/terraform/subscriptions/s941/dev/clusters/main.tf +++ b/terraform/subscriptions/s941/dev/clusters/main.tf @@ -1,8 +1,8 @@ module "nsg" { - source = "../../../modules/networksecuritygroup" - networksecuritygroupname = "nsg-weekly-50" - location = local.output.location - resource_group_name = local.output.resource_group - destination_address_prefix = "20.223.40.151" + for_each = local.flattened_clusters + networksecuritygroupname = "nsg-${each.key}" + location = each.value.location + resource_group_name = each.value.resource_group_name + destination_address_prefix = each.value.destination_address_prefix } diff --git a/terraform/subscriptions/s941/dev/clusters/variables.tf b/terraform/subscriptions/s941/dev/clusters/variables.tf index c84b6a36a..9a49cc5ae 100644 --- a/terraform/subscriptions/s941/dev/clusters/variables.tf +++ b/terraform/subscriptions/s941/dev/clusters/variables.tf @@ -1,13 +1,15 @@ variable "clusters" { type = map(object({ - resource_group_name = optional(string, "clusters") - #destination_address_prefix = string + resource_group_name = optional(string, "clusters") + location = optional(string, "northeurope") + destination_address_prefix = string })) default = { - weekly-50 = { - destination_address_prefix = "20.223.40.151" + weekly-52 = { + destination_address_prefix = "20.223.40.149" + } + weekly-01 = { + destination_address_prefix = "20.223.40.148" } - # , - # weekly-51 = {} } } diff --git a/terraform/subscriptions/s941/dev/common/input.tf b/terraform/subscriptions/s941/dev/common/input.tf new file mode 100644 index 000000000..48eae8277 --- /dev/null +++ b/terraform/subscriptions/s941/dev/common/input.tf @@ -0,0 +1,19 @@ +locals { + external_outputs = { + global = data.terraform_remote_state.global.outputs + } + + ## Backend Config + backend = { + resource_group_name = "s941-tfstate" + storage_account_name = "s941radixinfra" + container_name = "infrastructure" + } +} +### Remote States +data "terraform_remote_state" "global" { + backend = "azurerm" + config = merge( + local.backend, + { key = "dev/globals/terraform.tfstate" }) +} diff --git a/terraform/subscriptions/s941/dev/common/main.tf b/terraform/subscriptions/s941/dev/common/main.tf new file mode 100644 index 000000000..eeec4d390 --- /dev/null +++ b/terraform/subscriptions/s941/dev/common/main.tf @@ -0,0 +1,42 @@ +module "resourcegroups" { + for_each = toset(var.resource_groups) + source = "../../../modules/resourcegroups" + name = "${local.external_outputs.global.data.subscription_shortname}-${each.value}" + location = local.outputs.location +} + +module "loganalytics" { + source = "../../../modules/log-analytics" + workspace_name = "${local.external_outputs.global.data.subscription_shortname}-diagnostics-${local.outputs.enviroment_L}" + resource_group_name = "${local.external_outputs.global.data.subscription_shortname}-${local.outputs.enviroment_L}" + location = local.outputs.location + retention_in_days = 30 + local_authentication_disabled = false +} + +module "backupvault" { + source = "../../../modules/backupvaults" + name = "${local.external_outputs.global.data.subscription_shortname}-backupvault-${local.outputs.enviroment_L}" + resource_group_name = "${local.external_outputs.global.data.subscription_shortname}-${local.outputs.enviroment_L}" + location = local.outputs.location + policyblobstoragename = "${local.external_outputs.global.data.subscription_shortname}-backuppolicy-blob-${local.outputs.enviroment_L}" + depends_on = [module.resourcegroups] +} + +module "storageaccount" { + source = "../../../modules/storageaccount" + for_each = var.storageaccounts + name = "${local.external_outputs.global.data.subscription_shortname}${each.key}${local.outputs.enviroment_L}" + tier = each.value.account_tier + account_replication_type = each.value.account_replication_type + resource_group_name = each.value.resource_group_name + location = each.value.location + environment = local.outputs.enviroment_L + kind = each.value.kind + change_feed_enabled = each.value.change_feed_enabled + versioning_enabled = each.value.versioning_enabled + roleassignment = each.value.roleassignment + principal_id = module.backupvault.data.backupvault.identity[0].principal_id + vault_id = module.backupvault.data.backupvault.id + policyblobstorage_id = module.backupvault.data.policyblobstorage.id +} diff --git a/terraform/subscriptions/s941/dev/common/variables.tf b/terraform/subscriptions/s941/dev/common/variables.tf new file mode 100644 index 000000000..8c82285ca --- /dev/null +++ b/terraform/subscriptions/s941/dev/common/variables.tf @@ -0,0 +1,31 @@ +variable "resource_groups" { + type = list(string) + default = ["development"] +} + +variable "storageaccounts" { + type = map(object({ + name = string + resource_group_name = optional(string, "s941-development") + location = optional(string, "northeurope") + account_tier = optional(string, "Standard") + account_replication_type = optional(string, "LRS") + kind = optional(string, "StorageV2") + change_feed_enabled = optional(bool, false) + versioning_enabled = optional(bool, false) + enable_backup = optional(bool, false) + roleassignment = optional(map(object({ backup = optional(bool, false) }))) + principal_id = optional(string) + })) + default = { + diag = { + name = "diag" + enable_backup = true + roleassignment = { + "Storage Account Backup Contributor" = { + backup = true + } + } + } + } +} diff --git a/terraform/subscriptions/s941/dev/key-vault/inputs.tf b/terraform/subscriptions/s941/dev/key-vault/inputs.tf index 8dcbd1154..888f3b775 100644 --- a/terraform/subscriptions/s941/dev/key-vault/inputs.tf +++ b/terraform/subscriptions/s941/dev/key-vault/inputs.tf @@ -1,5 +1,5 @@ locals { - + log_analytics_workspace = { name = "log-key-vault" resource_group = "Logs-Dev" diff --git a/terraform/subscriptions/s941/dev/key-vault/main.tf b/terraform/subscriptions/s941/dev/key-vault/main.tf index 38cf3f3a4..faf1d91e6 100644 --- a/terraform/subscriptions/s941/dev/key-vault/main.tf +++ b/terraform/subscriptions/s941/dev/key-vault/main.tf @@ -7,7 +7,6 @@ module "loganalytics" { location = local.external_outputs.common.data.location retention_in_days = 30 local_authentication_disabled = false - } module "keyvault" { source = "../../../modules/key-vault" diff --git a/terraform/subscriptions/s941/dev/networkmanager/inputs.tf b/terraform/subscriptions/s941/dev/networkmanager/inputs.tf index 5983fbba7..426a8c5ba 100644 --- a/terraform/subscriptions/s941/dev/networkmanager/inputs.tf +++ b/terraform/subscriptions/s941/dev/networkmanager/inputs.tf @@ -1,12 +1,12 @@ locals { policy_notcontains_name = "playground" flattened_publicipprefix = { - for key, value in var.publicipprefix : key => { + for key, value in var.publicipprefix : key => { name = key zones = value.zones } } - + external_outputs = { global = data.terraform_remote_state.global.outputs common = data.terraform_remote_state.common.outputs diff --git a/terraform/subscriptions/s941/dev/userassignedidentity/main.tf b/terraform/subscriptions/s941/dev/userassignedidentity/main.tf index 44fc4e763..30e3eb2ff 100644 --- a/terraform/subscriptions/s941/dev/userassignedidentity/main.tf +++ b/terraform/subscriptions/s941/dev/userassignedidentity/main.tf @@ -1,6 +1,6 @@ locals { aad_radix_group = local.external_outputs.global.data.aad_radix_group - gh_repo_branch_combinations = local.external_outputs.global.data.gh_repo_branch_combinations + gh_repo_branch_combinations = local.external_outputs.global.data.gh_repo_branch_combinations gh_repos = local.external_outputs.global.data.gh_repos location = local.external_outputs.common.data.location resource_group = local.external_outputs.common.data.resource_group diff --git a/terraform/subscriptions/s941/globals/input.tf b/terraform/subscriptions/s941/globals/input.tf index 54a266fd7..015acc15d 100644 --- a/terraform/subscriptions/s941/globals/input.tf +++ b/terraform/subscriptions/s941/globals/input.tf @@ -2,7 +2,7 @@ locals { gh_repos = { "radix-canary" : ["release", "master"] } - + flattened_resource_groups = { for key, value in var.resource_groups : key => { name = key diff --git a/terraform/subscriptions/s941/playground/common/input.tf b/terraform/subscriptions/s941/playground/common/input.tf new file mode 100644 index 000000000..48eae8277 --- /dev/null +++ b/terraform/subscriptions/s941/playground/common/input.tf @@ -0,0 +1,19 @@ +locals { + external_outputs = { + global = data.terraform_remote_state.global.outputs + } + + ## Backend Config + backend = { + resource_group_name = "s941-tfstate" + storage_account_name = "s941radixinfra" + container_name = "infrastructure" + } +} +### Remote States +data "terraform_remote_state" "global" { + backend = "azurerm" + config = merge( + local.backend, + { key = "dev/globals/terraform.tfstate" }) +} diff --git a/terraform/subscriptions/s941/playground/common/main.tf b/terraform/subscriptions/s941/playground/common/main.tf new file mode 100644 index 000000000..a99dc8353 --- /dev/null +++ b/terraform/subscriptions/s941/playground/common/main.tf @@ -0,0 +1,6 @@ +module "resourcegroups" { + for_each = toset(var.resource_groups) + source = "../../../modules/resourcegroups" + name = "${local.external_outputs.global.data.subscription_shortname}-${each.value}" + location = local.outputs.location +} \ No newline at end of file diff --git a/terraform/subscriptions/s941/playground/common/variables.tf b/terraform/subscriptions/s941/playground/common/variables.tf new file mode 100644 index 000000000..45f7e6b5b --- /dev/null +++ b/terraform/subscriptions/s941/playground/common/variables.tf @@ -0,0 +1,4 @@ +variable "resource_groups" { + type = list(string) + default = ["playground"] +} \ No newline at end of file diff --git a/terraform/subscriptions/s941/playground/networkmanager/inputs.tf b/terraform/subscriptions/s941/playground/networkmanager/inputs.tf index 9ffa22d08..88c3a4822 100644 --- a/terraform/subscriptions/s941/playground/networkmanager/inputs.tf +++ b/terraform/subscriptions/s941/playground/networkmanager/inputs.tf @@ -1,6 +1,6 @@ locals { flattened_publicipprefix = { - for key, value in var.publicipprefix : key => { + for key, value in var.publicipprefix : key => { name = key zones = value.zones }