Before this commit, if a portfolio wasn't present in the spending fixture
data, the reporting screen would be empty -- even if the portfolio had
applications and environments associated with it on the database. Now,
0s appear if an application and / or environment isn't present in the
fixture data.
Specifying the node count breaks the autoscaling min/max. When this
happens, the k8s cluster needs to be manually reconfigured. Terraform
does not remove the node count even when the node count option is
removed. The k8s cluster resource needed to be destroyed and re-created
in order to resolve the issue with node count and min/max options being
specified at the same time.
This adds the start of the identity module but also cleans up a bunch of
things like the LBs. Originally I was managing the LBs, but k8s manages
this for us so I disabled the LBs for now.
This removes all error-catching from the test scripts. If unit tests
fail, the script will exit immediately. The error catching functionality
was not working correctly using the sh shell in Alpine inside the
containers, and so CI was allowed to continue after test failures.
The implementation here is meant to wrap a library of JSON policy
documents. Policies should be added to directories corresponding to
where they will be defined (portfolio, application, environment).
Functionality for parsing portfolio policy definitions is included. When
the policies need to be defined on a management group, the
AzureCloudProvider can iterate the appropriate tier of the policy
manager and add those definitions.
This adds some initial example policies:
- One for region restrictions
- One for service restrictions
Note that the MS ARM team has said that region restrictions may be
controlled by ARM, so that policy might prove unnecessary. The
parameters list for the service restrictions is stubbed for now, pending
the full list.
I also added an internal method for adding policy definitions to a
management group. This method is agnostic about what tier of management
group the policy is being defined at. It requires that a dictionary
representing the properties section of a valid Azure JSON policy
definition be passed as an argument.
The Virtual Network Gateway is required for OpenVPN connectivity. The
change to the VPC module also adds a subnet which is exclusively used
for the Gateway.
