169163334 - Adds more configuration elements per call with Dan

This adds the start of the identity module but also cleans up a bunch of
things like the LBs. Originally I was managing the LBs, but k8s manages
this for us so I disabled the LBs for now.

terraform/modules/keyvault/main.tf

@@ -1,7 +1,7 @@
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_resource_group" "keyvault" {
-  name     = "${var.name}-${var.environment}-rg"
+  name     = "${var.name}-${var.environment}-keyvault"
   location = var.region
 }
 

terraform/modules/lb/main.tf

@@ -19,4 +19,9 @@ resource "azurerm_lb" "lb" {
     name                 = "${var.name}-${var.environment}-ip"
     public_ip_address_id = azurerm_public_ip.lb.id
   }
+
+  tags = {
+    owner       = var.owner
+    environment = var.environment
+  }
 }

terraform/modules/managed_identity/main.tf

@@ -0,0 +1,11 @@
+resource "azurerm_resource_group" "identity" {
+  name     = "${var.name}-${var.environment}-${var.identity}"
+  location = var.region
+}
+
+resource "azurerm_user_assigned_identity" "identity" {
+  resource_group_name = azurerm_resource_group.identity.name
+  location            = azurerm_resource_group.identity.location
+
+  name = "${var.name}-${var.environment}-${var.identity}"
+}

terraform/modules/managed_identity/variables.tf

@@ -0,0 +1,24 @@
+variable "region" {
+  type        = string
+  description = "Region this module and resources will be created in"
+}
+
+variable "name" {
+  type        = string
+  description = "Unique name for the services in this module"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment these resources reside (prod, dev, staging, etc)"
+}
+
+variable "owner" {
+  type        = string
+  description = "Owner of the environment and resources created in this module"
+}
+
+variable "identity" {
+  type        = string
+  description = "Name of the managed identity to create"
+}

terraform/modules/postgres/variables.tf

@@ -54,7 +54,6 @@ variable "storage_mb" {
   default     = "5120"
 }
 
-
 variable "storage_backup_retention_days" {
   type        = string
   description = "Storage backup retention (days)"
@@ -76,7 +75,7 @@ variable "storage_auto_grow" {
 variable "administrator_login" {
   type        = string
   description = "Administrator login"
-  default     = "sqladmindude" # FIXME - Remove with wrapper using KeyVault
+  default     = "atat_master" # FIXME - Remove with wrapper using KeyVault
 }
 
 variable "administrator_login_password" {
@@ -85,11 +84,10 @@ variable "administrator_login_password" {
   default     = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
 }
 
-
 variable "postgres_version" {
   type        = string
   description = "Postgres version to use"
-  default     = "11"
+  default     = "10"
 }
 
 variable "ssl_enforcement" {

terraform/providers/dev/identities.tf

@@ -0,0 +1,8 @@
+module "keyvault_reader_identity" {
+  source      = "../../modules/managed_identity"
+  name        = var.name
+  owner       = var.owner
+  environment = var.environment
+  region      = var.region
+  identity    = "${var.name}-${var.environment}-vault-reader"
+}

terraform/providers/dev/k8s.tf

@@ -9,10 +9,18 @@ module "k8s" {
   vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map
 }
 
-module "lb" {
-  source      = "../../modules/lb"
-  region      = var.region
-  name        = var.name
-  environment = var.environment
-  owner       = var.owner
-}
+#module "main_lb" {
+#  source      = "../../modules/lb"
+#  region      = var.region
+#  name        = "main-${var.name}"
+#  environment = var.environment
+#  owner       = var.owner
+#}
+
+#module "auth_lb" {
+#  source      = "../../modules/lb"
+#  region      = var.region
+#  name        = "auth-${var.name}"
+#  environment = var.environment
+#  owner       = var.owner
+#}