From 3a3e2c59284aa4f1f11de5bf75cdd85411dde5d1 Mon Sep 17 00:00:00 2001 From: Krishnadhas N K <108367225+githubofkrishnadhas@users.noreply.github.com> Date: Wed, 18 Dec 2024 01:24:12 +0530 Subject: [PATCH] Add module for user assigned managed identity and update the tags based on new policies (#12) * DEVOPS-289 added tags to API management module and did terraform fmt * DEVOPS-289 added tags tologanalytics ws module and did terraform fmt * DEVOPS-289 terraform fmt * DEVOPS-289 updated provider version to v4.0 azurerm * DEVOPS-289 added tags to storage accnt module and added temporarry and did terraform fmt * DEVOPS-289 did terraform fmt * DEVOPS-289 created user assigned man * terraform fmt and temporary tag DEVOPS-291 --- api-management/apim.tf | 15 +++++- api-management/output.tf | 12 ++--- api-management/variables.tf | 50 +++++++++++++++---- log-analytics-workspace/loganalytics.tf | 16 ++++-- log-analytics-workspace/output.tf | 10 ++-- log-analytics-workspace/variables.tf | 33 ++++++++---- storage-account/output.tf | 14 +++--- storage-account/providers.tf | 4 +- storage-account/storageaccount.tf | 30 ++++++----- storage-account/variables.tf | 36 ++++++++----- .../managed-identity.tf | 24 +++++++++ user-assigned-managed-identity/output.tf | 19 +++++++ user-assigned-managed-identity/providers.tf | 12 +++++ user-assigned-managed-identity/variables.tf | 46 +++++++++++++++++ virtual-network/variables.tf | 12 +++++ virtual-network/vnet.tf | 5 ++ vmss-linux/variables.tf | 11 ++++ vmss-linux/vmss.tf | 4 ++ 18 files changed, 281 insertions(+), 72 deletions(-) create mode 100644 user-assigned-managed-identity/managed-identity.tf create mode 100644 user-assigned-managed-identity/output.tf create mode 100644 user-assigned-managed-identity/providers.tf create mode 100644 user-assigned-managed-identity/variables.tf diff --git a/api-management/apim.tf b/api-management/apim.tf index 44b1dbd..ac7b336 100644 --- a/api-management/apim.tf +++ b/api-management/apim.tf @@ -1,6 +1,13 @@ resource "azurerm_resource_group" "rg" { name = var.resource_group_name location = var.location + tags = { + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.resource_group_name) + ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } resource "azurerm_api_management" "apim" { @@ -9,6 +16,12 @@ resource "azurerm_api_management" "apim" { resource_group_name = azurerm_resource_group.rg.name publisher_name = tostring(var.publisher_name) publisher_email = tostring(var.publisher_email) - sku_name = "${var.sku_name_part1}_${var.sku_name_part2}" + tags = { + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.resource_group_name) + ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } \ No newline at end of file diff --git a/api-management/output.tf b/api-management/output.tf index 3e39fa8..92d2cc1 100644 --- a/api-management/output.tf +++ b/api-management/output.tf @@ -1,29 +1,29 @@ output "azure_resource_group_name" { description = "Azure resource group name" - value = azurerm_resource_group.rg.name + value = azurerm_resource_group.rg.name } output "azure_api_management_name" { description = "Azure API management name" - value = azurerm_api_management.apim.name + value = azurerm_api_management.apim.name } output "azure_api_management_location" { description = "Azure API management location" - value = azurerm_api_management.apim.location + value = azurerm_api_management.apim.location } output "azure_api_management_publisher_name" { description = "Azure API management" - value = azurerm_api_management.apim.publisher_name + value = azurerm_api_management.apim.publisher_name } output "azure_api_management_publisher_emailids" { description = "Azure API management publisher emails" - value = azurerm_api_management.apim.publisher_email + value = azurerm_api_management.apim.publisher_email } output "azure_api_management_sku" { description = "Azure API management SKU" - value = azurerm_api_management.apim.sku_name + value = azurerm_api_management.apim.sku_name } \ No newline at end of file diff --git a/api-management/variables.tf b/api-management/variables.tf index 01a6366..a43d380 100644 --- a/api-management/variables.tf +++ b/api-management/variables.tf @@ -1,46 +1,74 @@ variable "resource_group_name" { - type = string + type = string description = "Azure Storage Account Rg" } variable "location" { - type = string + type = string description = "Azure storage account location" } variable "api_management_name" { description = "Azure api management name" - type = string + type = string } variable "publisher_name" { description = "Publisher of API" - type = list(string) + type = list(string) validation { - condition = can(index(var.publisher_name, 0)) + condition = can(index(var.publisher_name, 0)) error_message = "A value is required for Publisher name." } } variable "publisher_email" { description = "Email ID of API publishers" - type = list(string) + type = list(string) validation { condition = can(index(var.publisher_email, 0)) - error_message = "At least one Publisher email is required." + error_message = "At least one Publisher email is required." } } variable "sku_name_part1" { description = "SKU name of API management " - type = string + type = string validation { - condition = contains(["Consumption","Developer","Basic","Standard", "Premium"], var.sku_name_part1) + condition = contains(["Consumption", "Developer", "Basic", "Standard", "Premium"], var.sku_name_part1) error_message = "SKU name should be one among Consumption, Developer,Basic,Standard,Premium." - } + } } variable "sku_name_part2" { description = "Sku capacity part" - type = string + type = string +} + + +variable "temporary" { + default = "TRUE" + description = "Temporary tag value in Azure" + type = string + validation { + condition = contains(["TRUE", "FALSE"], upper(var.temporary)) + error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'." + } + +} + +variable "application_name" { + default = "" + description = "Azure application name tag" + type = string +} + +variable "environment" { + default = "" + description = "Environment tag value in Azure" + type = string + validation { + condition = contains(["DEV", "QA", "UAT", "PROD"], var.environment) + error_message = "Environment value should be one among DEV or QA or UAT or PROD." + } } \ No newline at end of file diff --git a/log-analytics-workspace/loganalytics.tf b/log-analytics-workspace/loganalytics.tf index 844aeaa..b8b66be 100644 --- a/log-analytics-workspace/loganalytics.tf +++ b/log-analytics-workspace/loganalytics.tf @@ -6,13 +6,21 @@ resource "azurerm_resource_group" "rg" { Orchestrator = "Terraform" DisplayName = upper(var.resource_group_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) } } resource "azurerm_log_analytics_workspace" "loganalytics_ws" { - name = upper(var.loganalytics_workspace_name) - sku = var.loganalytics_sku + name = upper(var.loganalytics_workspace_name) + sku = var.loganalytics_sku resource_group_name = azurerm_resource_group.rg.name - location = var.location - retention_in_days = var.loganalytics_retention_period + location = var.location + retention_in_days = var.loganalytics_retention_period + tags = { + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.resource_group_name) + ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } diff --git a/log-analytics-workspace/output.tf b/log-analytics-workspace/output.tf index 56738eb..5cae6a2 100644 --- a/log-analytics-workspace/output.tf +++ b/log-analytics-workspace/output.tf @@ -1,19 +1,19 @@ output "loganalytics_workspace_name" { - value = azurerm_log_analytics_workspace.loganalytics_ws.name + value = azurerm_log_analytics_workspace.loganalytics_ws.name description = "Azure Log analytics workspace name" } output "loganalytics_workspace_resource_group" { - value = azurerm_log_analytics_workspace.loganalytics_ws.resource_group_name - description = "Azure Log analytics workspace resource group name" + value = azurerm_log_analytics_workspace.loganalytics_ws.resource_group_name + description = "Azure Log analytics workspace resource group name" } output "loganalytics_retention_period" { - value = azurerm_log_analytics_workspace.loganalytics_ws.retention_in_days + value = azurerm_log_analytics_workspace.loganalytics_ws.retention_in_days description = "Azure loganalytics data retention in days" } output "loganalytics_sku" { - value = azurerm_log_analytics_workspace.loganalytics_ws.sku + value = azurerm_log_analytics_workspace.loganalytics_ws.sku description = "Azure loganalytics SKU" } diff --git a/log-analytics-workspace/variables.tf b/log-analytics-workspace/variables.tf index d01e1d0..6a8911b 100644 --- a/log-analytics-workspace/variables.tf +++ b/log-analytics-workspace/variables.tf @@ -1,27 +1,27 @@ variable "resource_group_name" { - default = "" + default = "" description = "Azure resource group name to create log analytics workspace" - type = string + type = string } variable "location" { - default = "" + default = "" description = "Azure location" - type = string + type = string } variable "loganalytics_workspace_name" { - default = "" - type = string + default = "" + type = string description = "Loganalytics workspace name" } variable "loganalytics_retention_period" { - default = 7 + default = 7 description = "Loganalytics logs retention period" - type = number + type = number validation { - condition = var.loganalytics_retention_period == 7 || (var.loganalytics_retention_period >= 30 && var.loganalytics_retention_period <= 730) + condition = var.loganalytics_retention_period == 7 || (var.loganalytics_retention_period >= 30 && var.loganalytics_retention_period <= 730) error_message = "The workspace data retention in days. Possible values are either 7 (Free Tier only) or range between 30 and 730." } @@ -44,8 +44,8 @@ variable "environment" { } variable "loganalytics_sku" { - default = "PerGB2018" - type = string + default = "PerGB2018" + type = string description = "Specifies the SKU of the Log Analytics Workspace" validation { condition = contains(["PerNode", "Premium", "Standard", "Standalone", "Unlimited", "CapacityReservation", "PerGB2018"], var.loganalytics_sku) @@ -53,3 +53,14 @@ variable "loganalytics_sku" { } } +variable "temporary" { + default = "TRUE" + description = "Temporary tag value in Azure" + type = string + validation { + condition = contains(["TRUE", "FALSE"], upper(var.temporary)) + error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'." + } + +} + diff --git a/storage-account/output.tf b/storage-account/output.tf index 26b910d..090faa9 100644 --- a/storage-account/output.tf +++ b/storage-account/output.tf @@ -1,34 +1,34 @@ output "azurerm_resource_group" { description = "Azure resource group name" - value = azurerm_resource_group.storage_rg.name + value = azurerm_resource_group.storage_rg.name } output "storage_account_name" { description = "Azure storage account name" - value = azurerm_storage_account.storage.name + value = azurerm_storage_account.storage.name } output "storage_account_location" { description = "Azure storage account location" - value = azurerm_storage_account.storage.location + value = azurerm_storage_account.storage.location } output "storage_account_delete_retention_policy" { description = "Azure blob retention policy" - value = azurerm_storage_account.storage.blob_properties[0].delete_retention_policy + value = azurerm_storage_account.storage.blob_properties[0].delete_retention_policy } output "storage_account_tier" { description = "Azure storage account tier" - value = azurerm_storage_account.storage.access_tier + value = azurerm_storage_account.storage.access_tier } output "storage_account_replication_type" { description = "Azure storage account replication type" - value = azurerm_storage_account.storage.account_replication_type + value = azurerm_storage_account.storage.account_replication_type } output "storage_account_tags" { description = "Azure storage account tags" - value = azurerm_storage_account.storage.tags + value = azurerm_storage_account.storage.tags } \ No newline at end of file diff --git a/storage-account/providers.tf b/storage-account/providers.tf index 636dd9d..70b5c40 100644 --- a/storage-account/providers.tf +++ b/storage-account/providers.tf @@ -3,13 +3,13 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.0" + version = "<= 4.0" } random = { source = "hashicorp/random" version = ">= 3.1" } - } + } } provider "azurerm" { features {} diff --git a/storage-account/storageaccount.tf b/storage-account/storageaccount.tf index 740f370..865c969 100644 --- a/storage-account/storageaccount.tf +++ b/storage-account/storageaccount.tf @@ -2,22 +2,24 @@ resource "azurerm_resource_group" "storage_rg" { name = var.resource_group_name location = var.location tags = { - Environment = upper(var.environment) - Orchestrator = "Terraform" - DisplayName = upper(var.resource_group_name) + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.resource_group_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } resource "azurerm_storage_account" "storage" { - name = var.storage_account_name - resource_group_name = azurerm_resource_group.storage_rg.name - location = azurerm_resource_group.storage_rg.location - account_tier = var.account_tier - account_replication_type = var.account_replication_type - account_kind = var.account_kind + name = var.storage_account_name + resource_group_name = azurerm_resource_group.storage_rg.name + location = azurerm_resource_group.storage_rg.location + account_tier = var.account_tier + account_replication_type = var.account_replication_type + account_kind = var.account_kind cross_tenant_replication_enabled = var.cross_tenant_replication_enabled - public_network_access_enabled = var.public_network_access_enabled + public_network_access_enabled = var.public_network_access_enabled blob_properties { delete_retention_policy { @@ -26,9 +28,11 @@ resource "azurerm_storage_account" "storage" { } tags = { - Environment = upper(var.environment) - Orchestrator = "Terraform" - DisplayName = upper(var.storage_account_name) + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.storage_account_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } \ No newline at end of file diff --git a/storage-account/variables.tf b/storage-account/variables.tf index 66afe71..a1c8962 100644 --- a/storage-account/variables.tf +++ b/storage-account/variables.tf @@ -1,56 +1,68 @@ variable "resource_group_name" { - type = string + type = string description = "Azure Storage Account Rg" } variable "location" { - type = string + type = string description = "Azure storage account location" - default = "" + default = "" } variable "storage_account_name" { description = "Azure Storage Account name" - type = string + type = string } variable "account_tier" { - default = "Standard" + default = "Standard" description = "Tier to use for this storage account. Valid options are Standard and Premium" } variable "account_kind" { - default = "StorageV2" + default = "StorageV2" description = "Kind of account. Valid options are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2" } variable "account_replication_type" { description = "type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS" - default = "LRS" + default = "LRS" } variable "cross_tenant_replication_enabled" { - default = false + default = false description = "Should cross Tenant replication be enabled" } variable "public_network_access_enabled" { - default = true + default = true description = "Whether the public network access is enabled" } variable "delete_retention_policy" { - default = 10 + default = 10 description = "Specifies the number of days that the blob should be retained" } variable "environment" { - default = "DEV" + default = "DEV" description = "Environment tag value in Azure" } variable "application_name" { - default = "devwithkrishna" + default = "devwithkrishna" description = "Azure application name tag" +} + + +variable "temporary" { + default = "TRUE" + description = "Temporary tag value in Azure" + type = string + validation { + condition = contains(["TRUE", "FALSE"], upper(var.temporary)) + error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'." + } + } \ No newline at end of file diff --git a/user-assigned-managed-identity/managed-identity.tf b/user-assigned-managed-identity/managed-identity.tf new file mode 100644 index 0000000..8a64e02 --- /dev/null +++ b/user-assigned-managed-identity/managed-identity.tf @@ -0,0 +1,24 @@ +resource "azurerm_resource_group" "rg" { + name = upper(var.resource_group_name) + location = var.location + tags = { + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.resource_group_name) + ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } +} + +resource "azurerm_user_assigned_identity" "managed_identity" { + name = upper(var.managed_identity_name) + location = var.location + resource_group_name = azurerm_resource_group.rg.name + tags = { + Environment = upper(var.environment) + Orchestrator = "Terraform" + DisplayName = upper(var.resource_group_name) + ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } +} diff --git a/user-assigned-managed-identity/output.tf b/user-assigned-managed-identity/output.tf new file mode 100644 index 0000000..a3bb2f1 --- /dev/null +++ b/user-assigned-managed-identity/output.tf @@ -0,0 +1,19 @@ +output "id_of_user_assigned_managed_identity" { + value = azurerm_user_assigned_identity.managed_identity.id + description = "Id of the user assigned managed identity" +} + +output "client_id_of_user_assigned_managed_identity" { + value = azurerm_user_assigned_identity.managed_identity.client_id + description = "Id of the service principal associated to the Identity" +} + +output "principal_id_of_user_assigned_managed_identity" { + value = azurerm_user_assigned_identity.managed_identity.principal_id + description = "Id of the service principal associated with the managed identity" +} + +output "tenanat_id_of_user_assigned_managed_identity" { + value = azurerm_user_assigned_identity.managed_identity.tenant_id + description = "Id of the tenant in which managed identity is created" +} diff --git a/user-assigned-managed-identity/providers.tf b/user-assigned-managed-identity/providers.tf new file mode 100644 index 0000000..45f79e0 --- /dev/null +++ b/user-assigned-managed-identity/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_version = "~> 1.3" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<= 4.0" + } + } +} +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/user-assigned-managed-identity/variables.tf b/user-assigned-managed-identity/variables.tf new file mode 100644 index 0000000..c40d07e --- /dev/null +++ b/user-assigned-managed-identity/variables.tf @@ -0,0 +1,46 @@ +variable "resource_group_name" { + default = "testrg" + description = "Azure resource group name to create managed identity" + type = string +} + +variable "managed_identity_name" { + default = "test" + description = "Name of user assigned managed identity in Azure" + type = string +} + +variable "location" { + default = "centralindia" + description = "Azure location" + type = string +} + + +variable "application_name" { + default = "devwithkrishna" + description = "Azure application name tag value" + type = string +} + +variable "environment" { + default = "DEV" + description = "Environment tag value in Azure" + type = string + validation { + condition = contains(["DEV", "QA", "UAT", "PROD"], var.environment) + error_message = "Environment value should be one among DEV or QA or UAT or PROD." + } +} + +variable "temporary" { + default = "TRUE" + description = "Temporary tag value in Azure" + type = string + validation { + condition = contains(["TRUE", "FALSE"], upper(var.temporary)) + error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'." + } + +} + diff --git a/virtual-network/variables.tf b/virtual-network/variables.tf index 2a2e7ad..b1e046b 100644 --- a/virtual-network/variables.tf +++ b/virtual-network/variables.tf @@ -52,3 +52,15 @@ variable "subnet_cidrs" { } } + +variable "temporary" { + default = "TRUE" + description = "Temporary tag value in Azure" + type = string + validation { + condition = contains(["TRUE", "FALSE"], upper(var.temporary)) + error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'." + } + +} + diff --git a/virtual-network/vnet.tf b/virtual-network/vnet.tf index ad4d492..d4f2dc5 100644 --- a/virtual-network/vnet.tf +++ b/virtual-network/vnet.tf @@ -6,6 +6,7 @@ resource "azurerm_resource_group" "rg" { Orchestrator = "Terraform" DisplayName = upper(var.resource_group_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) } } @@ -19,6 +20,8 @@ resource "azurerm_network_security_group" "nsg" { Orchestrator = "Terraform" DisplayName = upper(var.resource_group_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } @@ -33,6 +36,8 @@ resource "azurerm_virtual_network" "vnet" { Orchestrator = "Terraform" DisplayName = upper(var.resource_group_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } diff --git a/vmss-linux/variables.tf b/vmss-linux/variables.tf index c60443c..09ccc6c 100644 --- a/vmss-linux/variables.tf +++ b/vmss-linux/variables.tf @@ -156,3 +156,14 @@ variable "protocol" { } } + +variable "temporary" { + default = "TRUE" + description = "Temporary tag value in Azure" + type = string + validation { + condition = contains(["TRUE", "FALSE"], upper(var.temporary)) + error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'." + } + +} diff --git a/vmss-linux/vmss.tf b/vmss-linux/vmss.tf index 677d9e8..70a226a 100644 --- a/vmss-linux/vmss.tf +++ b/vmss-linux/vmss.tf @@ -6,6 +6,8 @@ resource "azurerm_resource_group" "rg" { Orchestrator = "Terraform" DisplayName = upper(var.resource_group_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } } @@ -35,6 +37,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "vmss" { Orchestrator = "Terraform" DisplayName = upper(var.vmss_name) ApplicationName = lower(var.application_name) + Temporary = upper(var.temporary) + } os_disk { caching = "ReadWrite"