From ec5c3e0ce07a519a5f7272f3459cdb6f01e78543 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Fri, 20 Dec 2019 15:10:57 -0500 Subject: [PATCH] 169163334 - Adds more configuration elements per call with Dan This adds the start of the identity module but also cleans up a bunch of things like the LBs. Originally I was managing the LBs, but k8s manages this for us so I disabled the LBs for now. --- terraform/modules/keyvault/main.tf | 2 +- terraform/modules/lb/main.tf | 5 ++++ terraform/modules/managed_identity/main.tf | 11 +++++++++ terraform/modules/managed_identity/outputs.tf | 0 .../modules/managed_identity/variables.tf | 24 +++++++++++++++++++ terraform/modules/postgres/variables.tf | 6 ++--- terraform/providers/dev/identities.tf | 8 +++++++ terraform/providers/dev/k8s.tf | 22 +++++++++++------ terraform/providers/dev/secrets-tool.log | 0 9 files changed, 66 insertions(+), 12 deletions(-) create mode 100644 terraform/modules/managed_identity/main.tf create mode 100644 terraform/modules/managed_identity/outputs.tf create mode 100644 terraform/modules/managed_identity/variables.tf create mode 100644 terraform/providers/dev/identities.tf create mode 100644 terraform/providers/dev/secrets-tool.log diff --git a/terraform/modules/keyvault/main.tf b/terraform/modules/keyvault/main.tf index d4208e36..5df79ab3 100644 --- a/terraform/modules/keyvault/main.tf +++ b/terraform/modules/keyvault/main.tf @@ -1,7 +1,7 @@ data "azurerm_client_config" "current" {} resource "azurerm_resource_group" "keyvault" { - name = "${var.name}-${var.environment}-rg" + name = "${var.name}-${var.environment}-keyvault" location = var.region } diff --git a/terraform/modules/lb/main.tf b/terraform/modules/lb/main.tf index 1c9acace..4e22e48d 100644 --- a/terraform/modules/lb/main.tf +++ b/terraform/modules/lb/main.tf @@ -19,4 +19,9 @@ resource "azurerm_lb" "lb" { name = "${var.name}-${var.environment}-ip" public_ip_address_id = azurerm_public_ip.lb.id } + + tags = { + owner = var.owner + environment = var.environment + } } diff --git a/terraform/modules/managed_identity/main.tf b/terraform/modules/managed_identity/main.tf new file mode 100644 index 00000000..84e186ce --- /dev/null +++ b/terraform/modules/managed_identity/main.tf @@ -0,0 +1,11 @@ +resource "azurerm_resource_group" "identity" { + name = "${var.name}-${var.environment}-${var.identity}" + location = var.region +} + +resource "azurerm_user_assigned_identity" "identity" { + resource_group_name = azurerm_resource_group.identity.name + location = azurerm_resource_group.identity.location + + name = "${var.name}-${var.environment}-${var.identity}" +} \ No newline at end of file diff --git a/terraform/modules/managed_identity/outputs.tf b/terraform/modules/managed_identity/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/terraform/modules/managed_identity/variables.tf b/terraform/modules/managed_identity/variables.tf new file mode 100644 index 00000000..f2a1a758 --- /dev/null +++ b/terraform/modules/managed_identity/variables.tf @@ -0,0 +1,24 @@ +variable "region" { + type = string + description = "Region this module and resources will be created in" +} + +variable "name" { + type = string + description = "Unique name for the services in this module" +} + +variable "environment" { + type = string + description = "Environment these resources reside (prod, dev, staging, etc)" +} + +variable "owner" { + type = string + description = "Owner of the environment and resources created in this module" +} + +variable "identity" { + type = string + description = "Name of the managed identity to create" +} diff --git a/terraform/modules/postgres/variables.tf b/terraform/modules/postgres/variables.tf index 3346ff8f..3dc19af2 100644 --- a/terraform/modules/postgres/variables.tf +++ b/terraform/modules/postgres/variables.tf @@ -54,7 +54,6 @@ variable "storage_mb" { default = "5120" } - variable "storage_backup_retention_days" { type = string description = "Storage backup retention (days)" @@ -76,7 +75,7 @@ variable "storage_auto_grow" { variable "administrator_login" { type = string description = "Administrator login" - default = "sqladmindude" # FIXME - Remove with wrapper using KeyVault + default = "atat_master" # FIXME - Remove with wrapper using KeyVault } variable "administrator_login_password" { @@ -85,11 +84,10 @@ variable "administrator_login_password" { default = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault } - variable "postgres_version" { type = string description = "Postgres version to use" - default = "11" + default = "10" } variable "ssl_enforcement" { diff --git a/terraform/providers/dev/identities.tf b/terraform/providers/dev/identities.tf new file mode 100644 index 00000000..0def7ce6 --- /dev/null +++ b/terraform/providers/dev/identities.tf @@ -0,0 +1,8 @@ +module "keyvault_reader_identity" { + source = "../../modules/managed_identity" + name = var.name + owner = var.owner + environment = var.environment + region = var.region + identity = "${var.name}-${var.environment}-vault-reader" +} diff --git a/terraform/providers/dev/k8s.tf b/terraform/providers/dev/k8s.tf index 22120c93..4515f35f 100644 --- a/terraform/providers/dev/k8s.tf +++ b/terraform/providers/dev/k8s.tf @@ -9,10 +9,18 @@ module "k8s" { vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map } -module "lb" { - source = "../../modules/lb" - region = var.region - name = var.name - environment = var.environment - owner = var.owner -} +#module "main_lb" { +# source = "../../modules/lb" +# region = var.region +# name = "main-${var.name}" +# environment = var.environment +# owner = var.owner +#} + +#module "auth_lb" { +# source = "../../modules/lb" +# region = var.region +# name = "auth-${var.name}" +# environment = var.environment +# owner = var.owner +#} diff --git a/terraform/providers/dev/secrets-tool.log b/terraform/providers/dev/secrets-tool.log new file mode 100644 index 00000000..e69de29b