feat: Add Atlantis resources (#1)

.gitignore

@@ -29,3 +29,7 @@ override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 #
 # !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+*tfplan*

examples/complete/Makefile

@@ -0,0 +1,11 @@
+init:
+	terraform init
+
+plan:
+	terraform plan -var-file fixtures.west-europe.tfvars -out tfplan
+
+apply:
+	terraform apply tfplan
+
+destroy:
+	terraform destroy -var-file fixtures.west-europe.tfvars

examples/complete/README.md

@@ -0,0 +1,61 @@
+# Complete Example
+
+```terraform
+resource "random_id" "this" {
+  keepers = {
+    namespace   = module.this.namespace
+    tenant      = module.this.tenant
+    environment = module.this.environment
+    stage       = module.this.stage
+    attributes  = join("", module.this.attributes)
+  }
+
+  byte_length = 3
+}
+
+module "resource_group" {
+  source  = "getindata/resource-group/azurerm"
+  version = "1.2.0"
+
+  context = module.this.context
+
+  name     = var.resource_group_name
+  location = var.location
+}
+
+module "this_atlantis" {
+  source  = "../../"
+
+  context = module.this.context
+
+  resource_group_name = module.resource_group.name
+  location            = module.resource_group.location
+
+  attributes = [random_id.this.hex]
+
+  atlantis_server_config = var.atlantis_server_config
+  atlantis_repo_config   = var.atlantis_repo_config
+
+  secure_environment_variables = var.secure_environment_variables
+
+  identity = {}
+}
+```
+
+## Usage
+
+1. Create `terraform.tfvars` file
+2. Populate it with:
+   ```terraform
+   secure_environment_variables = {
+     ATLANTIS_GITLAB_TOKEN          = ""
+     ATLANTIS_GITLAB_USER           = ""
+     ATLANTIS_GITLAB_WEBHOOK_SECRET = ""
+   }
+   ```
+3. Run the commands from below:
+    ```
+    terraform init
+    terraform plan -var-file fixtures.west-europe.tfvars -out tf.plan
+    terraform apply tf.plan
+    ```

examples/complete/fixtures.west-europe.tfvars

@@ -0,0 +1,31 @@
+namespace           = "getindata"
+environment         = "example"
+location            = "West Europe"
+resource_group_name = "atlantis-example"
+
+descriptor_formats = {
+  resource-group = {
+    labels = ["name"]
+    format = "%v-rg"
+  }
+  container-group = {
+    labels = ["namespace", "environment", "stage", "name", "attributes"]
+    format = "%v-%v-%v-%v-%v-aci"
+  }
+}
+
+tags = {
+  Terraform = "True"
+}
+
+atlantis_server_config = {
+  repo_allowlist = "gitlab.com/getindata/*"
+}
+
+repo_config_repos = [
+  {
+    id                     = "/.*/"
+    allowed_overrides      = ["workflow", "apply_requirements", "delete_source_branch_on_merge"]
+    allow_custom_workflows = true
+  }
+]

examples/complete/main.tf

@@ -0,0 +1,39 @@
+resource "random_id" "this" {
+  keepers = {
+    namespace   = module.this.namespace
+    tenant      = module.this.tenant
+    environment = module.this.environment
+    stage       = module.this.stage
+    attributes  = join("", module.this.attributes)
+  }
+
+  byte_length = 3
+}
+
+module "resource_group" {
+  source  = "getindata/resource-group/azurerm"
+  version = "1.2.0"
+
+  context = module.this.context
+
+  name     = var.resource_group_name
+  location = var.location
+}
+
+module "this_atlantis" {
+  source = "../../"
+
+  context = module.this.context
+
+  resource_group_name = module.resource_group.name
+  location            = module.resource_group.location
+
+  attributes = [random_id.this.hex]
+
+  atlantis_server_config = var.atlantis_server_config
+  repo_config_repos      = var.repo_config_repos
+
+  secure_environment_variables = var.secure_environment_variables
+
+  identity = {}
+}

examples/complete/outputs.tf

@@ -0,0 +1,4 @@
+output "atlantis_outputs" {
+  description = "Atlantis outputs"
+  value       = module.this_atlantis
+}

examples/complete/providers.tf

@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}

examples/complete/variables.tf

@@ -0,0 +1,57 @@
+variable "location" {
+  type        = string
+  description = "The Azure Region where the Resource Group should exist"
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Resource group name"
+}
+
+variable "atlantis_server_config" {
+  description = "Atlantis server config. If any option is not available here, it can be passed by `environment_variables` variable"
+  type = object({
+    repo_config_json = optional(string)
+    repo_allowlist   = optional(string)
+  })
+  default = {}
+}
+
+variable "repo_config_repos" {
+  description = "Map of repositories and their configs. Refer to https://www.runatlantis.io/docs/server-side-repo-config.html#example-server-side-repo"
+  type = list(object({
+    id                            = optional(string, "/.*/")
+    branch                        = optional(string)
+    apply_requirements            = optional(list(string))
+    allowed_overrides             = optional(list(string))
+    allowed_workflows             = optional(list(string))
+    allow_custom_workflows        = optional(bool)
+    delete_source_branch_on_merge = optional(bool)
+    pre_workflow_hooks = optional(list(object({
+      run = string
+    })))
+    post_workflow_hooks = optional(list(object({
+      run = string
+    })))
+    workflow = optional(string)
+    ######### Helpers #########
+    allow_all_server_side_workflows = optional(bool, false)
+    terragrunt_atlantis_config = optional(object({
+      enabled              = optional(bool, false)
+      output               = optional(string, "atlantis.yaml")
+      automerge            = optional(bool)
+      autoplan             = optional(bool)
+      parallel             = optional(bool)
+      cascade_dependencies = optional(bool)
+      filter               = optional(string)
+      use_project_markers  = optional(bool)
+    }), {})
+  }))
+  default = []
+}
+
+variable "secure_environment_variables" {
+  description = "A list of sensitive environment variables to be set on the container"
+  type        = map(string)
+  default     = {}
+}

examples/complete/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0"
+    }
+  }
+}

locals.tf

@@ -1,7 +1,18 @@
 locals {
-  # Get a name from the descriptor. If not available, use default naming convention.
-  # Trim and replace function are used to avoid bare delimiters on both ends of the name and situation of adjacent delimiters.
-  name_from_descriptor = trim(replace(
-    lookup(module.this.descriptors, "module-resource-name", module.this.id), "/${module.this.delimiter}${module.this.delimiter}+/", ""
-  ), module.this.delimiter)
+  atlantis_environment_variables_from_terraform_config = { for k in keys(var.atlantis_server_config) :
+  "ATLANTIS_${upper(replace(k, "-", "_"))}" => var.atlantis_server_config[k] }
+  atlantis_environment_variables_msi = merge(
+    var.identity != null ? { ARM_USE_MSI = "true" } : {},
+    try(length(var.identity.system_assigned_identity_role_assignments), 0) > 0 ? { ARM_CLIENT_ID = one(var.identity.system_assigned_identity_role_assignments) } : {},
+  )
+  atlantis_environment_variables = merge(
+    local.atlantis_environment_variables_msi,
+    local.atlantis_environment_variables_from_terraform_config,
+    { ATLANTIS_REPO_CONFIG_JSON = coalesce(
+      lookup(local.atlantis_environment_variables_from_terraform_config, "ATLANTIS_REPO_CONFIG_JSON", null),
+      module.atlantis_repo_config.repos_config_json
+    ) },
+    var.environment_variables
+  )
+  atlantis_secure_environment_variables = merge(var.secure_environment_variables)
 }

main.tf

@@ -1,13 +1,49 @@
-# Example resource that outputs the input value and 
-# echoes it's base64 encoded version locally 
+module "atlantis_repo_config" {
+  source  = "getindata/atlantis-repo-config/null"
+  version = "1.1.0"
 
-resource "null_resource" "output_input" {
-  triggers = {
-    name  = local.name_from_descriptor
-    input = var.example_var
-  }
+  repos               = var.repo_config_repos
+  repos_common_config = var.repo_config_repos_common_config
+
+  workflows                = var.repo_config_workflows
+  use_predefined_workflows = var.repo_config_use_predefined_workflows
+
+  repo_config_file = var.repo_config_file
+}
+
+module "azure_container_group" {
+  source  = "getindata/container-group/azurerm"
+  version = "1.1.0"
 
-  provisioner "local-exec" {
-    command = "echo ${var.example_var} | base64"
+  context = module.this.context
+
+  resource_group_name = var.resource_group_name
+  location            = var.location
+
+  name = coalesce(var.name, "atlantis")
+
+  containers = {
+    atlantis = {
+      image  = var.image
+      cpu    = var.cpu
+      memory = var.memory
+      ports = [
+        {
+          port = var.port
+        }
+      ]
+      commands                                    = ["atlantis", "server"]
+      environment_variables                       = local.atlantis_environment_variables
+      secure_environment_variables                = local.atlantis_secure_environment_variables
+      secure_environment_variables_from_key_vault = var.secure_environment_variables_from_key_vault
+    }
   }
+
+  subnet_ids                          = var.subnet_ids
+  dns_name_label                      = var.dns_name_label
+  dns_name_servers                    = var.dns_name_servers
+  identity                            = var.identity
+  image_registry_credential           = var.image_registry_credential
+  container_diagnostics_log_analytics = var.container_diagnostics_log_analytics
+  container_group_diagnostics_setting = var.container_group_diagnostics_setting
 }

outputs.tf

@@ -1,6 +1,14 @@
-# Example output from the module
+output "container_group_id" {
+  description = "ID of the container group"
+  value       = module.azure_container_group.id
+}
+
+output "container_group_name" {
+  description = "Name of the container group"
+  value       = module.azure_container_group.name
+}
 
-output "example_output" {
-  description = "Example output of the module"
-  value       = var.example_var
+output "atlantis_webhook_url" {
+  description = "Url of the Atlantis webhook used by git platforms like GitLab or GitHub"
+  value       = format("http://%s:%s/events", module.azure_container_group.fqdn, var.port)
 }