diff --git a/terraform/subscriptions/modules/config/main.tf b/terraform/subscriptions/modules/config/main.tf index a2915b9b8..d27dc998c 100644 --- a/terraform/subscriptions/modules/config/main.tf +++ b/terraform/subscriptions/modules/config/main.tf @@ -22,7 +22,9 @@ output "cluster_resource_group" { value = "clusters-${local.config.environment}" } output "vnet_resource_group" { - value = "cluster-vnet-hub-${local.config.environment}" + # Todo: Create platform resources next time eu18 is recreated + # Todo: Also fix terraform/subscriptions/modules/mssqldatabase/networking.tf + value = "cluster-vnet-hub-${local.config.environment == "platform" ? "prod" : local.config.environment}" } output "key_vault_name" { value = "radix-keyv-${local.config.environment}" @@ -37,4 +39,4 @@ output "backend" { output "policy_aks_diagnostics_cluster" { value = "Radix-Enforce-Diagnostics-AKS-Clusters" -} \ No newline at end of file +} diff --git a/terraform/subscriptions/modules/mssqldatabase/iam.tf b/terraform/subscriptions/modules/mssqldatabase/iam.tf index 20498641d..6864936f1 100644 --- a/terraform/subscriptions/modules/mssqldatabase/iam.tf +++ b/terraform/subscriptions/modules/mssqldatabase/iam.tf @@ -4,7 +4,7 @@ data "azuread_group" "admin" { } resource "azurerm_user_assigned_identity" "admin" { - name = "mi-${var.server_name}-admin-${var.env}" + name = var.managed_identity_admin_name location = var.location resource_group_name = var.rg_name } diff --git a/terraform/subscriptions/modules/mssqldatabase/main.tf b/terraform/subscriptions/modules/mssqldatabase/main.tf index 4a89ce0d2..2c83f4a43 100644 --- a/terraform/subscriptions/modules/mssqldatabase/main.tf +++ b/terraform/subscriptions/modules/mssqldatabase/main.tf @@ -29,7 +29,7 @@ resource "azurerm_mssql_database" "mssql_database" { read_scale = var.read_scale sku_name = var.sku_name zone_redundant = var.zone_redundant - tags = var.tags + tags = var.database_tags depends_on = [azurerm_mssql_server.sqlserver] long_term_retention_policy { monthly_retention = "PT0S" diff --git a/terraform/subscriptions/modules/mssqldatabase/networking.tf b/terraform/subscriptions/modules/mssqldatabase/networking.tf index a84a150b5..54cfb0e74 100644 --- a/terraform/subscriptions/modules/mssqldatabase/networking.tf +++ b/terraform/subscriptions/modules/mssqldatabase/networking.tf @@ -1,15 +1,13 @@ - - data "azurerm_subnet" "subnet" { name = "private-links" virtual_network_name = var.virtual_network - resource_group_name = "cluster-vnet-hub-${var.env}" + resource_group_name = var.vnet_resource_group } resource "azurerm_private_endpoint" "endpoint" { name = "pe-${var.server_name}" location = var.location - resource_group_name = "cluster-vnet-hub-${var.env}" + resource_group_name = var.vnet_resource_group subnet_id = data.azurerm_subnet.subnet.id private_service_connection { @@ -22,12 +20,12 @@ resource "azurerm_private_endpoint" "endpoint" { data "azurerm_private_dns_zone" "dns_zone" { name = "privatelink.database.windows.net" - resource_group_name = "cluster-vnet-hub-${var.env}" + resource_group_name = var.vnet_resource_group } resource "azurerm_private_dns_a_record" "dns_record" { name = var.server_name zone_name = "privatelink.database.windows.net" - resource_group_name = "cluster-vnet-hub-${var.env}" + resource_group_name = var.vnet_resource_group ttl = 300 records = azurerm_private_endpoint.endpoint.custom_dns_configs[0].ip_addresses } diff --git a/terraform/subscriptions/modules/mssqldatabase/variables.tf b/terraform/subscriptions/modules/mssqldatabase/variables.tf index d34a8f600..26b4c5ac4 100644 --- a/terraform/subscriptions/modules/mssqldatabase/variables.tf +++ b/terraform/subscriptions/modules/mssqldatabase/variables.tf @@ -8,6 +8,9 @@ variable "administrator_password" { variable "admin_adgroup" { type = string } +variable "managed_identity_admin_name" { + type = string +} variable "location" { default = "northeurope" type = string @@ -38,7 +41,9 @@ variable "env" { type = string description = "dev, playground, c2 or prod" } - +variable "vnet_resource_group" { + type = string +} variable "database_name" { type = string @@ -67,6 +72,10 @@ variable "tags" { type = map(string) default = {} } +variable "database_tags" { + type = map(string) + default = {} +} variable "virtual_network" { type = string diff --git a/terraform/subscriptions/s940/c2/cost-allocation/backend.tf b/terraform/subscriptions/s940/c2/cost-allocation/backend.tf new file mode 100644 index 000000000..07dd5397d --- /dev/null +++ b/terraform/subscriptions/s940/c2/cost-allocation/backend.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<=3.69.0" + } + } + + backend "azurerm" { + tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + resource_group_name = "s940-tfstate" + storage_account_name = "s940radixinfra" + container_name = "infrastructure" + key = "c2/cost-allocation/terraform.tfstate" + } +} + +provider "azurerm" { + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + features { + } +} diff --git a/terraform/subscriptions/s940/c2/cost-allocation/main.tf b/terraform/subscriptions/s940/c2/cost-allocation/main.tf new file mode 100644 index 000000000..5336878bc --- /dev/null +++ b/terraform/subscriptions/s940/c2/cost-allocation/main.tf @@ -0,0 +1,55 @@ +module "config" { + source = "../../../modules/config" +} + +module "resourcegroup" { + source = "../../../modules/resourcegroups" + name = "cost-allocation-${module.config.environment}" + location = module.config.location +} +data "azurerm_key_vault" "keyvault" { + name = module.config.key_vault_name + resource_group_name = module.config.common_resource_group +} +data "azurerm_key_vault_secret" "keyvault_secrets" { + name = var.keyvault_dbadmin_secret_name + key_vault_id = data.azurerm_key_vault.keyvault.id # local.external_outputs.keyvault.vault_id +} + +# MS SQL Server +module "mssql-database" { + source = "../../../modules/mssqldatabase" + env = module.config.environment + managed_identity_admin_name = "radix-id-cost-allocation-admin-c2" + database_name = "sqldb-radix-cost-allocation" + server_name = "sql-radix-cost-allocation-${module.config.environment}-prod" # https://github.com/equinor/radix-platform/issues/1190 + admin_adgroup = var.admin-adgroup + administrator_login = "radix" + administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value + rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group + location = module.config.location + public_network_access_enabled = true + zone_redundant = false + tags = { + displayName = "SqlServer" + } + database_tags = { + displayName = "Database" + } + + admin_federated_credentials = { + github-master = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/master" + } + github-release = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/release" + } + } +} + +output "mi-client-id" { + value = module.mssql-database.mi-admin +} diff --git a/terraform/subscriptions/s940/c2/cost-allocation/variables.tf b/terraform/subscriptions/s940/c2/cost-allocation/variables.tf new file mode 100644 index 000000000..30a6bbff4 --- /dev/null +++ b/terraform/subscriptions/s940/c2/cost-allocation/variables.tf @@ -0,0 +1,9 @@ +variable "admin-adgroup" { + type = string + default = "Radix SQL server admin - c2" +} + +variable "keyvault_dbadmin_secret_name" { + type = string + default = "radix-cost-allocation-db-admin" +} diff --git a/terraform/subscriptions/s940/c2/vulnerability-scanner/backend.tf b/terraform/subscriptions/s940/c2/vulnerability-scanner/backend.tf new file mode 100644 index 000000000..cfc98cb67 --- /dev/null +++ b/terraform/subscriptions/s940/c2/vulnerability-scanner/backend.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<=3.69.0" + } + } + + backend "azurerm" { + tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + resource_group_name = "s940-tfstate" + storage_account_name = "s940radixinfra" + container_name = "infrastructure" + key = "c2/vulnerability-scan/terraform.tfstate" + } +} + +provider "azurerm" { + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + features { + } +} diff --git a/terraform/subscriptions/s940/c2/vulnerability-scanner/main.tf b/terraform/subscriptions/s940/c2/vulnerability-scanner/main.tf new file mode 100644 index 000000000..0b70e8dae --- /dev/null +++ b/terraform/subscriptions/s940/c2/vulnerability-scanner/main.tf @@ -0,0 +1,48 @@ +module "config" { + source = "../../../modules/config" +} +module "resourcegroup" { + source = "../../../modules/resourcegroups" + name = "vulnerability-scan-${module.config.environment}" + location = module.config.location +} +data "azurerm_key_vault" "keyvault" { + name = module.config.key_vault_name + resource_group_name = module.config.common_resource_group +} +data "azurerm_key_vault_secret" "keyvault_secrets" { + name = var.keyvault_dbadmin_secret_name + key_vault_id = data.azurerm_key_vault.keyvault.id +} + +# MS SQL Server +module "mssql-database" { + source = "../../../modules/mssqldatabase" + env = module.config.environment + managed_identity_admin_name = "radix-id-vulnerability-scan-admin-${module.config.environment}" + database_name = "radix-vulnerability-scan" + server_name = "sql-radix-vulnerability-scan-${module.config.environment}-prod" + admin_adgroup = var.admin-adgroup + administrator_login = "radix" + administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value + rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group + location = module.config.location + public_network_access_enabled = true + zone_redundant = false + + admin_federated_credentials = { + github-master = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-vulnerability-scanner:ref:refs/heads/master" + } + github-release = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-vulnerability-scanner:ref:refs/heads/release" + } + } +} + +output "mi-client-id" { + value = module.mssql-database.mi-admin +} diff --git a/terraform/subscriptions/s940/c2/vulnerability-scanner/variables.tf b/terraform/subscriptions/s940/c2/vulnerability-scanner/variables.tf new file mode 100644 index 000000000..56b4edea4 --- /dev/null +++ b/terraform/subscriptions/s940/c2/vulnerability-scanner/variables.tf @@ -0,0 +1,9 @@ +variable "admin-adgroup" { + type = string + default = "Radix SQL server admin - c2" +} + +variable "keyvault_dbadmin_secret_name" { + type = string + default = "radix-vulnerability-scan-db-admin" +} diff --git a/terraform/subscriptions/s940/prod/cost-allocation/backend.tf b/terraform/subscriptions/s940/prod/cost-allocation/backend.tf new file mode 100644 index 000000000..a815134a8 --- /dev/null +++ b/terraform/subscriptions/s940/prod/cost-allocation/backend.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<=3.69.0" + } + } + + backend "azurerm" { + tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + resource_group_name = "s940-tfstate" + storage_account_name = "s940radixinfra" + container_name = "infrastructure" + key = "prod/cost-allocation/terraform.tfstate" + } +} + +provider "azurerm" { + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + features { + } +} diff --git a/terraform/subscriptions/s940/prod/cost-allocation/main.tf b/terraform/subscriptions/s940/prod/cost-allocation/main.tf new file mode 100644 index 000000000..880e38b47 --- /dev/null +++ b/terraform/subscriptions/s940/prod/cost-allocation/main.tf @@ -0,0 +1,56 @@ +module "config" { + source = "../../../modules/config" +} + +module "resourcegroup" { + source = "../../../modules/resourcegroups" + name = "cost-allocation-${module.config.environment}" + location = module.config.location +} +data "azurerm_key_vault" "keyvault" { + name = module.config.key_vault_name + resource_group_name = module.config.common_resource_group +} +data "azurerm_key_vault_secret" "keyvault_secrets" { + name = var.keyvault_dbadmin_secret_name + key_vault_id = data.azurerm_key_vault.keyvault.id # local.external_outputs.keyvault.vault_id +} + +# MS SQL Server +module "mssql-database" { + source = "../../../modules/mssqldatabase" + env = module.config.environment + managed_identity_admin_name = "radix-id-cost-allocation-admin-platform" + database_name = "sqldb-radix-cost-allocation" + server_name = "sql-radix-cost-allocation-prod" # ${module.config.environment} # See https://github.com/equinor/radix-platform/issues/1186 + admin_adgroup = var.admin-adgroup + administrator_login = "radix" + administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value + rg_name = module.resourcegroup.data.name + location = module.config.location + vnet_resource_group = module.config.vnet_resource_group + sku_name = "S3" + public_network_access_enabled = false + zone_redundant = false + tags = { + displayName = "SqlServer" + } + database_tags = { + displayName = "Database" + } + + admin_federated_credentials = { + github-master = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/master" + } + github-release = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/release" + } + } +} + +output "mi-client-id" { + value = module.mssql-database.mi-admin +} diff --git a/terraform/subscriptions/s940/prod/cost-allocation/variables.tf b/terraform/subscriptions/s940/prod/cost-allocation/variables.tf new file mode 100644 index 000000000..5ed916f91 --- /dev/null +++ b/terraform/subscriptions/s940/prod/cost-allocation/variables.tf @@ -0,0 +1,9 @@ +variable "admin-adgroup" { + type = string + default = "Radix SQL server admin - platform" +} + +variable "keyvault_dbadmin_secret_name" { + type = string + default = "radix-cost-allocation-db-admin" +} diff --git a/terraform/subscriptions/s940/prod/vulnerability-scanner/backend.tf b/terraform/subscriptions/s940/prod/vulnerability-scanner/backend.tf new file mode 100644 index 000000000..c036dfcae --- /dev/null +++ b/terraform/subscriptions/s940/prod/vulnerability-scanner/backend.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<=3.69.0" + } + } + + backend "azurerm" { + tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + resource_group_name = "s940-tfstate" + storage_account_name = "s940radixinfra" + container_name = "infrastructure" + key = "prod/vulnerability-scan/terraform.tfstate" + } +} + +provider "azurerm" { + subscription_id = "ded7ca41-37c8-4085-862f-b11d21ab341a" + features { + } +} diff --git a/terraform/subscriptions/s940/prod/vulnerability-scanner/main.tf b/terraform/subscriptions/s940/prod/vulnerability-scanner/main.tf new file mode 100644 index 000000000..2b84ca371 --- /dev/null +++ b/terraform/subscriptions/s940/prod/vulnerability-scanner/main.tf @@ -0,0 +1,49 @@ +module "config" { + source = "../../../modules/config" +} +module "resourcegroup" { + source = "../../../modules/resourcegroups" + name = "vulnerability-scan-${module.config.environment}" + location = module.config.location +} +data "azurerm_key_vault" "keyvault" { + name = module.config.key_vault_name + resource_group_name = module.config.common_resource_group +} +data "azurerm_key_vault_secret" "keyvault_secrets" { + name = var.keyvault_dbadmin_secret_name + key_vault_id = data.azurerm_key_vault.keyvault.id # local.external_outputs.keyvault.vault_id +} + +# MS SQL Server +module "mssql-database" { + source = "../../../modules/mssqldatabase" + env = module.config.environment + database_name = "radix-vulnerability-scan" + server_name = "sql-radix-vulnerability-scan-prod" # ${module.config.environment} # Se https://github.com/equinor/radix-platform/issues/1187 + managed_identity_admin_name = "radix-id-vulnerability-scan-admin-${module.config.environment}" + admin_adgroup = var.admin-adgroup + administrator_login = "radix" + administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value + rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group + location = module.config.location + public_network_access_enabled = true + zone_redundant = false + sku_name = "S6" + + admin_federated_credentials = { + github-master = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-vulnerability-scanner:ref:refs/heads/master" + } + github-release = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-vulnerability-scanner:ref:refs/heads/release" + } + } +} + +output "mi-client-id" { + value = module.mssql-database.mi-admin +} diff --git a/terraform/subscriptions/s940/prod/vulnerability-scanner/variables.tf b/terraform/subscriptions/s940/prod/vulnerability-scanner/variables.tf new file mode 100644 index 000000000..058e077ea --- /dev/null +++ b/terraform/subscriptions/s940/prod/vulnerability-scanner/variables.tf @@ -0,0 +1,9 @@ +variable "admin-adgroup" { + type = string + default = "Radix SQL server admin - platform" +} + +variable "keyvault_dbadmin_secret_name" { + type = string + default = "radix-vulnerability-scan-db-admin" +} diff --git a/terraform/subscriptions/s941/dev/cost-allocation/backend.tf b/terraform/subscriptions/s941/dev/cost-allocation/backend.tf new file mode 100644 index 000000000..845eab635 --- /dev/null +++ b/terraform/subscriptions/s941/dev/cost-allocation/backend.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<=3.69.0" + } + } + + backend "azurerm" { + tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription_id = "16ede44b-1f74-40a5-b428-46cca9a5741b" + resource_group_name = "s941-tfstate" + storage_account_name = "s941radixinfra" + container_name = "infrastructure" + key = "dev/cost-allocation/terraform.tfstate" + } +} + +provider "azurerm" { + subscription_id = "16ede44b-1f74-40a5-b428-46cca9a5741b" + features { + } +} diff --git a/terraform/subscriptions/s941/dev/cost-allocation/main.tf b/terraform/subscriptions/s941/dev/cost-allocation/main.tf new file mode 100644 index 000000000..e815b5120 --- /dev/null +++ b/terraform/subscriptions/s941/dev/cost-allocation/main.tf @@ -0,0 +1,59 @@ +module "config" { + source = "../../../modules/config" +} + +module "resourcegroup" { + source = "../../../modules/resourcegroups" + name = "cost-allocation-${module.config.environment}" + location = module.config.location +} +data "azurerm_key_vault" "keyvault" { + name = module.config.key_vault_name + resource_group_name = module.config.common_resource_group +} +data "azurerm_key_vault_secret" "keyvault_secrets" { + name = var.keyvault_dbadmin_secret_name + key_vault_id = data.azurerm_key_vault.keyvault.id # local.external_outputs.keyvault.vault_id +} + +# MS SQL Server +module "mssql-database" { + source = "../../../modules/mssqldatabase" + env = module.config.environment + managed_identity_admin_name = "radix-id-cost-allocation-admin-${module.config.environment}" + database_name = "sqldb-radix-cost-allocation" + server_name = "sql-radix-cost-allocation-${module.config.environment}" + admin_adgroup = var.admin-adgroup + administrator_login = "radix" + administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value + rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group + location = module.config.location + public_network_access_enabled = true + zone_redundant = false + tags = { + displayName = "SqlServer" + } + database_tags = { + displayName = "Database" + } + + admin_federated_credentials = { + github-master = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/master" + } + github-release = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/release" + } + test = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:pull_request" + } + } +} + +output "mi-client-id" { + value = module.mssql-database.mi-admin +} diff --git a/terraform/subscriptions/s941/dev/cost-allocation/variables.tf b/terraform/subscriptions/s941/dev/cost-allocation/variables.tf new file mode 100644 index 000000000..b728d3bc1 --- /dev/null +++ b/terraform/subscriptions/s941/dev/cost-allocation/variables.tf @@ -0,0 +1,9 @@ +variable "admin-adgroup" { + type = string + default = "Radix SQL server admin - dev" +} + +variable "keyvault_dbadmin_secret_name" { + type = string + default = "radix-cost-allocation-db-admin" +} diff --git a/terraform/subscriptions/s941/dev/vulnerability-scanner/main.tf b/terraform/subscriptions/s941/dev/vulnerability-scanner/main.tf index 4682b5b17..d46334021 100644 --- a/terraform/subscriptions/s941/dev/vulnerability-scanner/main.tf +++ b/terraform/subscriptions/s941/dev/vulnerability-scanner/main.tf @@ -23,12 +23,14 @@ data "azurerm_key_vault_secret" "keyvault_secrets" { module "mssql-database" { source = "../../../modules/mssqldatabase" env = module.config.environment + managed_identity_admin_name = "radix-id-vulnerability-scan-admin-${module.config.environment}" database_name = "radix-vulnerability-scan" server_name = "sql-radix-vulnerability-scan-${module.config.environment}" admin_adgroup = var.admin-adgroup administrator_login = "radix" administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group location = module.config.location public_network_access_enabled = true zone_redundant = false diff --git a/terraform/subscriptions/s941/playground/cost-allocation/backend.tf b/terraform/subscriptions/s941/playground/cost-allocation/backend.tf new file mode 100644 index 000000000..c23cb31c3 --- /dev/null +++ b/terraform/subscriptions/s941/playground/cost-allocation/backend.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<=3.69.0" + } + } + + backend "azurerm" { + tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription_id = "16ede44b-1f74-40a5-b428-46cca9a5741b" + resource_group_name = "s941-tfstate" + storage_account_name = "s941radixinfra" + container_name = "infrastructure" + key = "playground/cost-allocation/terraform.tfstate" + } +} + +provider "azurerm" { + subscription_id = "16ede44b-1f74-40a5-b428-46cca9a5741b" + features { + } +} diff --git a/terraform/subscriptions/s941/playground/cost-allocation/main.tf b/terraform/subscriptions/s941/playground/cost-allocation/main.tf new file mode 100644 index 000000000..2d050d004 --- /dev/null +++ b/terraform/subscriptions/s941/playground/cost-allocation/main.tf @@ -0,0 +1,55 @@ +module "config" { + source = "../../../modules/config" +} + +module "resourcegroup" { + source = "../../../modules/resourcegroups" + name = "cost-allocation-${module.config.environment}" + location = module.config.location +} +data "azurerm_key_vault" "keyvault" { + name = module.config.key_vault_name + resource_group_name = module.config.common_resource_group +} +data "azurerm_key_vault_secret" "keyvault_secrets" { + name = var.keyvault_dbadmin_secret_name + key_vault_id = data.azurerm_key_vault.keyvault.id # local.external_outputs.keyvault.vault_id +} + +# MS SQL Server +module "mssql-database" { + source = "../../../modules/mssqldatabase" + env = module.config.environment + managed_identity_admin_name = "radix-id-cost-allocation-admin-${module.config.environment}" + database_name = "sqldb-radix-cost-allocation" + server_name = "sql-radix-cost-allocation-${module.config.environment}" + admin_adgroup = var.admin-adgroup + administrator_login = "radix" + administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value + rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group + location = module.config.location + public_network_access_enabled = false + zone_redundant = false + tags = { + displayName = "SqlServer" + } + database_tags = { + displayName = "Database" + } + + admin_federated_credentials = { + github-master = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/master" + } + github-release = { + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:equinor/radix-cost-allocation:ref:refs/heads/release" + } + } +} + +output "mi-client-id" { + value = module.mssql-database.mi-admin +} diff --git a/terraform/subscriptions/s941/playground/cost-allocation/variables.tf b/terraform/subscriptions/s941/playground/cost-allocation/variables.tf new file mode 100644 index 000000000..dd6f71010 --- /dev/null +++ b/terraform/subscriptions/s941/playground/cost-allocation/variables.tf @@ -0,0 +1,9 @@ +variable "admin-adgroup" { + type = string + default = "Radix SQL server admin - playground" +} + +variable "keyvault_dbadmin_secret_name" { + type = string + default = "radix-cost-allocation-db-admin" +} diff --git a/terraform/subscriptions/s941/playground/vulnerability-scanner/main.tf b/terraform/subscriptions/s941/playground/vulnerability-scanner/main.tf index c307e787d..d088dac22 100644 --- a/terraform/subscriptions/s941/playground/vulnerability-scanner/main.tf +++ b/terraform/subscriptions/s941/playground/vulnerability-scanner/main.tf @@ -21,12 +21,14 @@ data "azurerm_key_vault_secret" "keyvault_secrets" { module "mssql-database" { source = "../../../modules/mssqldatabase" env = module.config.environment + managed_identity_admin_name = "radix-id-vulnerability-scan-admin-${module.config.environment}" database_name = "radix-vulnerability-scan" server_name = "sql-radix-vulnerability-scan-${module.config.environment}" admin_adgroup = var.admin-adgroup administrator_login = "radix" administrator_password = data.azurerm_key_vault_secret.keyvault_secrets.value rg_name = module.resourcegroup.data.name + vnet_resource_group = module.config.vnet_resource_group location = module.config.location public_network_access_enabled = false zone_redundant = false diff --git a/terraform/tenant/entra/main.tf b/terraform/tenant/entra/main.tf index 9ebef4765..808af0fce 100644 --- a/terraform/tenant/entra/main.tf +++ b/terraform/tenant/entra/main.tf @@ -7,22 +7,22 @@ data "azuread_group" "radix-platform-operators" { display_name = "Radix Platform Operators" security_enabled = true } -data "azurerm_subscription" "subscriptions" { - for_each = var.subscriptions +data "azurerm_subscription" "subscriptions" { + for_each = var.subscriptions subscription_id = each.value } resource "azurerm_role_assignment" "operator-roles" { for_each = var.operator-roles - principal_id = data.azuread_group.radix-platform-operators.id - scope = data.azurerm_subscription.subscriptions[each.value.subscription].id + principal_id = data.azuread_group.radix-platform-operators.id + scope = data.azurerm_subscription.subscriptions[each.value.subscription].id role_definition_name = each.value.role } resource "azurerm_role_assignment" "developer-roles" { for_each = var.developer-roles - principal_id = data.azuread_group.radix-platform-developers.id - scope = data.azurerm_subscription.subscriptions[each.value.subscription].id + principal_id = data.azuread_group.radix-platform-developers.id + scope = data.azurerm_subscription.subscriptions[each.value.subscription].id role_definition_name = each.value.role } diff --git a/terraform/tenant/entra/variables.tf b/terraform/tenant/entra/variables.tf index 20ba80a3f..aaa92a4f0 100644 --- a/terraform/tenant/entra/variables.tf +++ b/terraform/tenant/entra/variables.tf @@ -24,16 +24,16 @@ variable "subscriptions" { variable "operator-roles" { type = map(object({ - role = string + role = string subscription = string })) default = { - s940 = {role = "Key Vault Secrets Officer", subscription : "s940"} + s940 = { role = "Key Vault Secrets Officer", subscription : "s940" } } } variable "developer-roles" { type = map(object({ - role = string + role = string subscription = string })) default = { diff --git a/terraform/tenant/summary-tenant.sh b/terraform/tenant/summary-tenant.sh new file mode 100755 index 000000000..9e8231ad1 --- /dev/null +++ b/terraform/tenant/summary-tenant.sh @@ -0,0 +1,37 @@ +#!/bin/bash +red=$'\e[1;31m' +grn=$'\e[1;32m' +yel=$'\e[1;33m' +normal=$(tput sgr0) + +# Set the directory you want to search +directory="." + +for dir in "$directory"/*; do + if [ ! -d "$dir" ]; then continue; fi + + printf "%s► Execute %s%s\n" "${grn}" "$dir" "${normal}" + terraform -chdir="$dir" init &>/dev/null || echo "Error during terraform init in $dir" + terraform -chdir="$dir" plan -no-color -out=plan.out &>/dev/null || echo "Error during terraform plan in $dir" + + if [ ! -f "$dir/plan.out" ]; then + echo "plan.out was not created in $dir" + continue + fi + + cd "$dir" || exit + plan=$(terraform show -no-color "plan.out") + cd - >/dev/null || exit + + create=$(echo "$plan" | grep "will be created" | sed 's|# |+|g' | sed 's/^ *//g') + destroy=$(echo "$plan" | grep "will be destroyed" | sed 's|# |-|g' | sed 's/^ *//g') + update=$(echo "$plan" | grep "will be updated in-place" | sed 's|# |~|g' | sed 's/^ *//g') + replace=$(echo "$plan" | grep "must be replaced" | sed 's|# |-/+|g' | sed 's/^ *//g') + + if [ -n "$create" ]; then echo -e "The following resources will be created:\n ${grn}${create}${normal}\n"; fi + if [ -n "$destroy" ]; then echo -e "The following resources will be destroyed:\n ${red}${destroy}${normal}\n"; fi + if [ -n "$update" ]; then echo -e "The following resources will be updated:\n ${yel}${update}${normal}\n"; fi + if [ -n "$replace" ]; then echo -e "The following resources will be replaced:\n ${red}${replace}${normal}\n"; fi + if [ -z "$create$destroy$update$replace" ]; then echo -e "No changes. Your infrastructure matches the configuration.\n"; fi + rm "$dir/plan.out" +done