From 076646e83b92bdfb0324a39f6820e3482e3fc860 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 27 Mar 2025 12:12:03 +0545 Subject: [PATCH 1/4] Add pre-commit-config --- .pre-commit-config.yaml | 24 ++++++++++++++++++++++++ .tflint.hcl | 12 ++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .tflint.hcl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..d375b4a --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,24 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-case-conflict + - id: detect-private-key + + # - repo: https://github.com/terraform-docs/terraform-docs + # rev: "v0.19.0" + # hooks: + # - id: terraform-docs-go + # args: ["markdown", "table", "--output-file", "README-terraform.md", "./base-infrastructure/terraform"] + + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: "v1.98.0" + hooks: + - id: terraform_fmt + - id: terraform_tflint + - id: terraform_validate + # - id: terraform_trivy + # - id: infracost_breakdown diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..0af817a --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,12 @@ +tflint { + required_version = ">= 0.55" +} + +config { + format = "compact" +} + +plugin "azurerm" { + enabled = true + deprecated = true +} From 5c198f18562c9540f19c167e43c54aacfeae2a78 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 27 Mar 2025 12:12:54 +0545 Subject: [PATCH 2/4] Manual formatting fixes --- base-infrastructure/terraform/resources/aks.tf | 8 ++++---- base-infrastructure/terraform/resources/database.tf | 1 + .../terraform/resources/helm-provider.tf | 13 ++++++------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/base-infrastructure/terraform/resources/aks.tf b/base-infrastructure/terraform/resources/aks.tf index b8e6e39..86af951 100644 --- a/base-infrastructure/terraform/resources/aks.tf +++ b/base-infrastructure/terraform/resources/aks.tf @@ -53,10 +53,10 @@ resource "azurerm_role_assignment" "storage" { # create k8s configmaps and secrets provider "kubernetes" { - host = azurerm_kubernetes_cluster.ifrcgo.kube_config.0.host - client_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config.0.client_certificate) - client_key = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config.0.client_key) - cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config.0.cluster_ca_certificate) + host = azurerm_kubernetes_cluster.ifrcgo.kube_config[0].host + client_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].client_certificate) + client_key = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].client_key) + cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].cluster_ca_certificate) } # This ConfigMap stores configurations for resources created by Terraform which diff --git a/base-infrastructure/terraform/resources/database.tf b/base-infrastructure/terraform/resources/database.tf index 15401a3..09d1571 100644 --- a/base-infrastructure/terraform/resources/database.tf +++ b/base-infrastructure/terraform/resources/database.tf @@ -1,3 +1,4 @@ +# tflint-ignore: terraform_unused_declarations data "azurerm_postgresql_flexible_server" "ifrcgo" { name = var.environment == "staging" ? var.ifrcgo_test_resources_db_server : var.ifrcgo_prod_resources_db_server resource_group_name = data.azurerm_resource_group.ifrcgo.name diff --git a/base-infrastructure/terraform/resources/helm-provider.tf b/base-infrastructure/terraform/resources/helm-provider.tf index e14165f..c4c2686 100644 --- a/base-infrastructure/terraform/resources/helm-provider.tf +++ b/base-infrastructure/terraform/resources/helm-provider.tf @@ -1,10 +1,9 @@ provider "helm" { kubernetes { - host = azurerm_kubernetes_cluster.ifrcgo.kube_config.0.host - username = azurerm_kubernetes_cluster.ifrcgo.kube_config.0.username - password = azurerm_kubernetes_cluster.ifrcgo.kube_config.0.password - client_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config.0.client_certificate) - client_key = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config.0.client_key) - cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config.0.cluster_ca_certificate) + host = azurerm_kubernetes_cluster.ifrcgo.kube_config[0].host + username = azurerm_kubernetes_cluster.ifrcgo.kube_config[0].username + password = azurerm_kubernetes_cluster.ifrcgo.kube_config[0].password + client_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].client_certificate) + client_key = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].client_key) + cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].cluster_ca_certificate) } -} \ No newline at end of file From 6e45b7d0c1c5ac271a921c28d1ffe4ed2e46b73c Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 27 Mar 2025 12:13:12 +0545 Subject: [PATCH 3/4] Add CI to run pre-commit --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c961865 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,20 @@ +name: Pre-commit checks + +on: + push: + branches: + - develop + - master + pull_request: + +jobs: + pre_commit_checks: + name: Pre-Commit checks + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@main + - uses: hashicorp/setup-terraform@v3 + - uses: terraform-linters/setup-tflint@v4 + + - uses: pre-commit/action@main From 4cc47c6d561ae419f1f291bb20c3ab5bbf78b25c Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 27 Mar 2025 12:14:10 +0545 Subject: [PATCH 4/4] Auto pre-commit fixes --- README.md | 2 +- applications/argocd/README.md | 6 +- .../applications/alert-hub-backend.yaml | 2 +- .../applications/alert-hub-frontend.yaml | 4 +- .../production/platform/image-updater.yaml | 2 +- .../argocd/production/platform/reloader.yaml | 2 +- .../applications/alert-hub-backend.yaml | 2 +- .../applications/alert-hub-frontend.yaml | 2 +- .../staging/applications/montandon-etl.yaml | 2 +- .../staging/platform/image-updater.yaml | 2 +- .../argocd/staging/platform/reloader.yaml | 2 +- applications/go-api/azure-pipelines.yaml | 1 - .../terraform/app_resources.tf | 8 +- .../app_resources/.terraform.lock.hcl | 22 + .../terraform/app_resources/data.tf | 2 +- .../terraform/app_resources/database.tf | 2 +- .../terraform/app_resources/iam.tf | 2 +- .../terraform/app_resources/key-vault.tf | 2 +- .../terraform/app_resources/outputs.tf | 2 +- .../terraform/app_resources/providers.tf | 2 +- .../terraform/app_resources/secrets.tf | 2 +- .../app_resources/storage_containers.tf | 2 +- .../terraform/app_resources/variables.tf | 2 +- base-infrastructure/terraform/main.tf | 14 +- base-infrastructure/terraform/output.tf | 14 +- base-infrastructure/terraform/registry.tf | 2 +- .../terraform/registry/.terraform.lock.hcl | 22 + .../terraform/registry/ci_access.tf | 2 +- .../registry/cluster_access_principals.tf | 2 +- .../terraform/registry/data.tf | 2 +- .../terraform/registry/main.tf | 2 +- .../terraform/registry/outputs.tf | 2 +- .../terraform/registry/providers.tf | 2 +- .../terraform/registry/variables.tf | 2 +- .../terraform/resources/.terraform.lock.hcl | 82 ++++ .../terraform/resources/acr.tf | 2 +- .../terraform/resources/aks.tf | 22 +- .../terraform/resources/database.tf | 4 +- .../terraform/resources/disk.tf | 6 +- .../terraform/resources/helm-argocd.tf | 6 +- .../terraform/resources/helm-ifrcgo.tf | 400 +++++++++--------- .../terraform/resources/helm-ingress-nginx.tf | 10 +- .../terraform/resources/helm-loki.tf | 2 +- .../terraform/resources/helm-provider.tf | 1 + base-infrastructure/terraform/resources/ip.tf | 2 +- .../terraform/resources/output.tf | 14 +- .../terraform/resources/providers.tf | 8 +- base-infrastructure/terraform/resources/rg.tf | 4 +- .../terraform/resources/storage.tf | 6 +- .../terraform/resources/variables.tf | 40 +- .../terraform/resources/vnet.tf | 2 +- base-infrastructure/terraform/variables.tf | 8 +- 52 files changed, 444 insertions(+), 318 deletions(-) create mode 100644 base-infrastructure/terraform/app_resources/.terraform.lock.hcl create mode 100644 base-infrastructure/terraform/registry/.terraform.lock.hcl create mode 100644 base-infrastructure/terraform/resources/.terraform.lock.hcl diff --git a/README.md b/README.md index bfee9e1..0aab52c 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ The repository is structured as follows: - `base-infrastructure`: Contains the Terraform configuration files for deploying the Kubernetes clusters and other infrastructure components like managed databases, object storage etc on Azure. - `applications/go-api`: Contains the deployment scripts and Helm configurations for deploying Helm charts of IFRC GO ecosystem applications onto the Kubernetes clusters. -- `applications/argocd`: Contains the definitions of kubernetes resoures for managing applications whose deployment is managed by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/). +- `applications/argocd`: Contains the definitions of kubernetes resoures for managing applications whose deployment is managed by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/). diff --git a/applications/argocd/README.md b/applications/argocd/README.md index acaed70..8484330 100644 --- a/applications/argocd/README.md +++ b/applications/argocd/README.md @@ -51,9 +51,9 @@ Azure Key Vault is used to securely store and manage sensitive information such - Install the Secrets Store CSI Driver on your AKS cluster. For our cluster this is done through terraform with this config on the AKS cluster: ``` resource "azurerm_kubernetes_cluster" "ifrcgo" { - + ... other config .... - + key_vault_secrets_provider { secret_rotation_enabled = true secret_rotation_interval = var.secret_rotation_interval @@ -63,7 +63,7 @@ Azure Key Vault is used to securely store and manage sensitive information such } ``` The above configuration also enables the AKS cluster to check for secret changes after a fixed interval. - + - Ensure that the AKS cluster has the necessary permissions to access the Azure Key Vault. 2. **Create a `SecretProviderClass`**: diff --git a/applications/argocd/production/applications/alert-hub-backend.yaml b/applications/argocd/production/applications/alert-hub-backend.yaml index e994127..e42e22c 100644 --- a/applications/argocd/production/applications/alert-hub-backend.yaml +++ b/applications/argocd/production/applications/alert-hub-backend.yaml @@ -85,4 +85,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/argocd/production/applications/alert-hub-frontend.yaml b/applications/argocd/production/applications/alert-hub-frontend.yaml index 0dc6e52..dc6d4be 100644 --- a/applications/argocd/production/applications/alert-hub-frontend.yaml +++ b/applications/argocd/production/applications/alert-hub-frontend.yaml @@ -19,7 +19,7 @@ spec: value: nginx - name: ingress.tls.secretName value: "alerthub-helm-secret-cert" - - name: env.APP_GRAPHQL_API_ENDPOINT + - name: env.APP_GRAPHQL_API_ENDPOINT value: https://alerthub-api.ifrc.org/graphql/ valueFiles: - values.yaml @@ -32,4 +32,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/argocd/production/platform/image-updater.yaml b/applications/argocd/production/platform/image-updater.yaml index 2473a4f..4f00d73 100644 --- a/applications/argocd/production/platform/image-updater.yaml +++ b/applications/argocd/production/platform/image-updater.yaml @@ -25,4 +25,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/argocd/production/platform/reloader.yaml b/applications/argocd/production/platform/reloader.yaml index 21a4898..b89f199 100644 --- a/applications/argocd/production/platform/reloader.yaml +++ b/applications/argocd/production/platform/reloader.yaml @@ -17,4 +17,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/argocd/staging/applications/alert-hub-backend.yaml b/applications/argocd/staging/applications/alert-hub-backend.yaml index b165e7e..ba996fb 100644 --- a/applications/argocd/staging/applications/alert-hub-backend.yaml +++ b/applications/argocd/staging/applications/alert-hub-backend.yaml @@ -48,7 +48,7 @@ spec: aksSecretsProviderAvailable: true keyvault: name: "alert-hub-staging-kv" - clientId: "99dd63fe-721e-4abb-b30d-e2b782d2893d" + clientId: "99dd63fe-721e-4abb-b30d-e2b782d2893d" tenantId: "a2b53be5-734e-4e6c-ab0d-d184f60fd917" env: APP_FRONTEND_HOST: "https://alerthub-stage.ifrc.org" diff --git a/applications/argocd/staging/applications/alert-hub-frontend.yaml b/applications/argocd/staging/applications/alert-hub-frontend.yaml index a8b34bf..8f698ac 100644 --- a/applications/argocd/staging/applications/alert-hub-frontend.yaml +++ b/applications/argocd/staging/applications/alert-hub-frontend.yaml @@ -19,7 +19,7 @@ spec: value: nginx - name: ingress.tls.secretName value: "alerthub-helm-secret-cert" - - name: env.APP_GRAPHQL_API_ENDPOINT + - name: env.APP_GRAPHQL_API_ENDPOINT value: https://alerthub-stage-api.ifrc.org/graphql/ valueFiles: - values.yaml diff --git a/applications/argocd/staging/applications/montandon-etl.yaml b/applications/argocd/staging/applications/montandon-etl.yaml index ad56dd0..91f0f1a 100644 --- a/applications/argocd/staging/applications/montandon-etl.yaml +++ b/applications/argocd/staging/applications/montandon-etl.yaml @@ -79,4 +79,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/argocd/staging/platform/image-updater.yaml b/applications/argocd/staging/platform/image-updater.yaml index 2473a4f..4f00d73 100644 --- a/applications/argocd/staging/platform/image-updater.yaml +++ b/applications/argocd/staging/platform/image-updater.yaml @@ -25,4 +25,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/argocd/staging/platform/reloader.yaml b/applications/argocd/staging/platform/reloader.yaml index 21a4898..b89f199 100644 --- a/applications/argocd/staging/platform/reloader.yaml +++ b/applications/argocd/staging/platform/reloader.yaml @@ -17,4 +17,4 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/applications/go-api/azure-pipelines.yaml b/applications/go-api/azure-pipelines.yaml index 00ad8f1..bc86e27 100644 --- a/applications/go-api/azure-pipelines.yaml +++ b/applications/go-api/azure-pipelines.yaml @@ -197,4 +197,3 @@ jobs: OIDC_ENABLE: $(PRODUCTION_OIDC_ENABLE) OIDC_RSA_PRIVATE_KEY_BASE64_ENCODED: $(PRODUCTION_OIDC_RSA_PRIVATE_KEY_BASE64_ENCODED) OIDC_RSA_PUBLIC_KEY_BASE64_ENCODED: $(PRODUCTION_OIDC_RSA_PUBLIC_KEY_BASE64_ENCODED) - diff --git a/base-infrastructure/terraform/app_resources.tf b/base-infrastructure/terraform/app_resources.tf index 53bc5ca..2d3bba5 100644 --- a/base-infrastructure/terraform/app_resources.tf +++ b/base-infrastructure/terraform/app_resources.tf @@ -13,9 +13,9 @@ module "risk_module_resources" { } locals { - alerthub_db_name = "alerthubdb" - montandon_db_name = "montandondb" - sdt_db_name = "sdtdb" + alerthub_db_name = "alerthubdb" + montandon_db_name = "montandondb" + sdt_db_name = "sdtdb" montandon_eoapi_db_name = "montandoneoapidb" } @@ -194,4 +194,4 @@ module "montandon_eoapi_resources" { "c31baae7-afbf-4ad3-8e01-5abbd68adb16", "32053268-3970-48f3-9b09-c4280cd0b67d" ] -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/.terraform.lock.hcl b/base-infrastructure/terraform/app_resources/.terraform.lock.hcl new file mode 100644 index 0000000..6e8b87e --- /dev/null +++ b/base-infrastructure/terraform/app_resources/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.117.0" + constraints = "3.117.0" + hashes = [ + "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", + "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", + "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", + "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", + "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", + "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", + "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", + "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", + "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", + "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", + "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", + "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/base-infrastructure/terraform/app_resources/data.tf b/base-infrastructure/terraform/app_resources/data.tf index cc71cc4..cb2a605 100644 --- a/base-infrastructure/terraform/app_resources/data.tf +++ b/base-infrastructure/terraform/app_resources/data.tf @@ -3,4 +3,4 @@ data "azurerm_client_config" "current" { data "azurerm_resource_group" "app_rg" { name = var.resource_group_name -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/database.tf b/base-infrastructure/terraform/app_resources/database.tf index e4f3f74..c4a7d74 100644 --- a/base-infrastructure/terraform/app_resources/database.tf +++ b/base-infrastructure/terraform/app_resources/database.tf @@ -9,4 +9,4 @@ resource "azurerm_postgresql_flexible_server_database" "app" { lifecycle { prevent_destroy = true } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/iam.tf b/base-infrastructure/terraform/app_resources/iam.tf index 44c056d..bb88216 100644 --- a/base-infrastructure/terraform/app_resources/iam.tf +++ b/base-infrastructure/terraform/app_resources/iam.tf @@ -41,4 +41,4 @@ resource "azurerm_role_assignment" "key_vault_devs" { scope = azurerm_key_vault.app_kv.id role_definition_name = "Key Vault Administrator" principal_id = var.vault_admin_ids[count.index] -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/key-vault.tf b/base-infrastructure/terraform/app_resources/key-vault.tf index 5014937..7b0349d 100644 --- a/base-infrastructure/terraform/app_resources/key-vault.tf +++ b/base-infrastructure/terraform/app_resources/key-vault.tf @@ -24,4 +24,4 @@ resource "azurerm_key_vault" "app_kv" { ip_rules = var.key_vault_network_acls.ip_rules virtual_network_subnet_ids = var.key_vault_network_acls.virtual_network_subnet_ids } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/outputs.tf b/base-infrastructure/terraform/app_resources/outputs.tf index aad6bd2..688be93 100644 --- a/base-infrastructure/terraform/app_resources/outputs.tf +++ b/base-infrastructure/terraform/app_resources/outputs.tf @@ -24,4 +24,4 @@ output "workload_client_id" { output "workload_id" { value = azurerm_user_assigned_identity.workload.id -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/providers.tf b/base-infrastructure/terraform/app_resources/providers.tf index 7b0b103..c0a55c0 100644 --- a/base-infrastructure/terraform/app_resources/providers.tf +++ b/base-infrastructure/terraform/app_resources/providers.tf @@ -9,4 +9,4 @@ terraform { version = "=3.117.0" } } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/secrets.tf b/base-infrastructure/terraform/app_resources/secrets.tf index 371b500..53c7a7e 100644 --- a/base-infrastructure/terraform/app_resources/secrets.tf +++ b/base-infrastructure/terraform/app_resources/secrets.tf @@ -13,4 +13,4 @@ resource "azurerm_key_vault_secret" "secret_" { lifecycle { ignore_changes = all } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/storage_containers.tf b/base-infrastructure/terraform/app_resources/storage_containers.tf index ef6013b..89cfcb1 100644 --- a/base-infrastructure/terraform/app_resources/storage_containers.tf +++ b/base-infrastructure/terraform/app_resources/storage_containers.tf @@ -14,4 +14,4 @@ resource "azurerm_role_assignment" "storage_blob_reader" { scope = "${var.storage_config.storage_account_id}/blobServices/default/containers/${azurerm_storage_container.app_container[count.index].name}" role_definition_name = "Storage Blob Data Contributor" principal_id = azurerm_user_assigned_identity.workload.principal_id -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/app_resources/variables.tf b/base-infrastructure/terraform/app_resources/variables.tf index 95dfa60..5cdc8fc 100644 --- a/base-infrastructure/terraform/app_resources/variables.tf +++ b/base-infrastructure/terraform/app_resources/variables.tf @@ -105,4 +105,4 @@ variable "vault_admin_ids" { description = "the Azure principals that shall have access to the vault" type = list(string) default = [] -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/main.tf b/base-infrastructure/terraform/main.tf index a3ca15c..d567020 100644 --- a/base-infrastructure/terraform/main.tf +++ b/base-infrastructure/terraform/main.tf @@ -1,9 +1,9 @@ module "resources" { - source = "./resources/" - environment = var.environment - subscriptionId = var.subscriptionId - REGION = var.REGION - RESOURCES_DB_NAME = var.RESOURCES_DB_NAME + source = "./resources/" + environment = var.environment + subscriptionId = var.subscriptionId + REGION = var.REGION + RESOURCES_DB_NAME = var.RESOURCES_DB_NAME RESOURCES_DB_SERVER = var.RESOURCES_DB_SERVER } @@ -14,11 +14,11 @@ terraform { container_name = "terraform" # this is meant to be replaced in base-infrastructure/scripts/setup-infra.sh # so that the correct environment is deployed - key = "ENVIRONMENT_TO_REPLACE" + key = "ENVIRONMENT_TO_REPLACE" } } output "resources" { value = module.resources sensitive = true -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/output.tf b/base-infrastructure/terraform/output.tf index 146d8f3..6777d26 100644 --- a/base-infrastructure/terraform/output.tf +++ b/base-infrastructure/terraform/output.tf @@ -20,21 +20,21 @@ output "risk_module_app_resource_details" { output "sdt_app_resource_details" { value = { - key_vault_name = module.sdt_resources.key_vault_name - workload_id = module.sdt_resources.workload_client_id + key_vault_name = module.sdt_resources.key_vault_name + workload_id = module.sdt_resources.workload_client_id } } output "motandon_etl_app_resource_details" { value = { - key_vault_name = module.montandon_etl_resources.key_vault_name - workload_id = module.montandon_etl_resources.workload_client_id + key_vault_name = module.montandon_etl_resources.key_vault_name + workload_id = module.montandon_etl_resources.workload_client_id } } output "motandon_eoapi_app_resource_details" { value = { - key_vault_name = module.montandon_eoapi_resources.key_vault_name - workload_id = module.montandon_eoapi_resources.workload_client_id + key_vault_name = module.montandon_eoapi_resources.key_vault_name + workload_id = module.montandon_eoapi_resources.workload_client_id } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry.tf b/base-infrastructure/terraform/registry.tf index 36a728c..fb7af59 100644 --- a/base-infrastructure/terraform/registry.tf +++ b/base-infrastructure/terraform/registry.tf @@ -10,4 +10,4 @@ module "go_shared_registry" { registry_sku = "Standard" resource_group_name = module.resources.resource_group -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/.terraform.lock.hcl b/base-infrastructure/terraform/registry/.terraform.lock.hcl new file mode 100644 index 0000000..6e8b87e --- /dev/null +++ b/base-infrastructure/terraform/registry/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.117.0" + constraints = "3.117.0" + hashes = [ + "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", + "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", + "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", + "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", + "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", + "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", + "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", + "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", + "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", + "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", + "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", + "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/base-infrastructure/terraform/registry/ci_access.tf b/base-infrastructure/terraform/registry/ci_access.tf index a0081d4..cba167c 100644 --- a/base-infrastructure/terraform/registry/ci_access.tf +++ b/base-infrastructure/terraform/registry/ci_access.tf @@ -57,4 +57,4 @@ resource "azurerm_role_assignment" "acr_token_password_access" { scope = azurerm_container_registry.shared.id role_definition_id = azurerm_role_definition.acr_token_password_reader.role_definition_resource_id principal_id = data.azurerm_client_config.current.object_id -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/cluster_access_principals.tf b/base-infrastructure/terraform/registry/cluster_access_principals.tf index 8f9894a..5ef0c9f 100644 --- a/base-infrastructure/terraform/registry/cluster_access_principals.tf +++ b/base-infrastructure/terraform/registry/cluster_access_principals.tf @@ -4,4 +4,4 @@ resource "azurerm_role_assignment" "acr_pull" { scope = azurerm_container_registry.shared.id role_definition_name = "AcrPull" # Grants the "ACR pull" permission principal_id = var.pull_principal_ids[count.index] -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/data.tf b/base-infrastructure/terraform/registry/data.tf index 9468628..fe09814 100644 --- a/base-infrastructure/terraform/registry/data.tf +++ b/base-infrastructure/terraform/registry/data.tf @@ -4,4 +4,4 @@ data "azurerm_resource_group" "app_rg" { } data "azurerm_client_config" "current" { -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/main.tf b/base-infrastructure/terraform/registry/main.tf index 75a8ed1..d55fd7e 100644 --- a/base-infrastructure/terraform/registry/main.tf +++ b/base-infrastructure/terraform/registry/main.tf @@ -4,4 +4,4 @@ resource "azurerm_container_registry" "shared" { location = data.azurerm_resource_group.app_rg.location sku = var.registry_sku admin_enabled = var.admin_enabled -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/outputs.tf b/base-infrastructure/terraform/registry/outputs.tf index acdc1e6..8451d95 100644 --- a/base-infrastructure/terraform/registry/outputs.tf +++ b/base-infrastructure/terraform/registry/outputs.tf @@ -10,4 +10,4 @@ output "acr_token_password" { output "registry_server" { value = azurerm_container_registry.shared.login_server -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/providers.tf b/base-infrastructure/terraform/registry/providers.tf index 7b0b103..c0a55c0 100644 --- a/base-infrastructure/terraform/registry/providers.tf +++ b/base-infrastructure/terraform/registry/providers.tf @@ -9,4 +9,4 @@ terraform { version = "=3.117.0" } } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/registry/variables.tf b/base-infrastructure/terraform/registry/variables.tf index c0070d5..0d6e402 100644 --- a/base-infrastructure/terraform/registry/variables.tf +++ b/base-infrastructure/terraform/registry/variables.tf @@ -23,4 +23,4 @@ variable "registry_sku" { variable "resource_group_name" { type = string -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/.terraform.lock.hcl b/base-infrastructure/terraform/resources/.terraform.lock.hcl new file mode 100644 index 0000000..65e6f85 --- /dev/null +++ b/base-infrastructure/terraform/resources/.terraform.lock.hcl @@ -0,0 +1,82 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.117.0" + constraints = "3.117.0" + hashes = [ + "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", + "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", + "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", + "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", + "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", + "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", + "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", + "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", + "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", + "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", + "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", + "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.5.1" + constraints = "2.5.1" + hashes = [ + "h1:NasRPC0qqlpGqcF3dsSoOFu7uc5hM+zJm+okd8FgrnQ=", + "zh:140b9748f0ad193a20d69e59d672f3c4eda8a56cede56a92f931bd3af020e2e9", + "zh:17ae319466ed6538ad49e011998bb86565fe0e97bc8b9ad7c8dda46a20f90669", + "zh:3a8bd723c21ba70e19f0395ed7096fc8e08bfc23366f1c3f06a9107eb37c572c", + "zh:3aae3b82adbe6dca52f1a1c8cf51575446e6b0f01f1b1f3b30de578c9af4a933", + "zh:3f65221f40148df57d2888e4f31ef3bf430b8c5af41de0db39a2b964e1826d7c", + "zh:650c74c4f46f5eb01df11d8392bdb7ebee3bba59ac0721000a6ad731ff0e61e2", + "zh:930fb8ab4cd6634472dfd6aa3123f109ef5b32cbe6ef7b4695fae6751353e83f", + "zh:ae57cd4b0be4b9ca252bc5d347bc925e35b0ed74d3dcdebf06c11362c1ac3436", + "zh:d15b1732a8602b6726eac22628b2f72f72d98b75b9c6aabceec9fd696fda696a", + "zh:d730ede1656bd193e2aea5302acec47c4905fe30b96f550196be4a0ed5f41936", + "zh:f010d4f9d8cd15936be4df12bf256cb2175ca1dedb728bd3a866c03d2ee7591f", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.24.0" + constraints = "2.24.0" + hashes = [ + "h1:u9lRMCdNXcB5/WQTZVMvGhNliW2pKOzj3SOVbu9yPpg=", + "zh:0ed83ec390a7e75c4990ebce698f14234de2b6204ed9a01cd042bb7ea5f26564", + "zh:195150e4fdab259c70088528006f4604557a051e037ebe8de64e92840f27e40a", + "zh:1a334af55f7a74adf033eb871c9fe7e9e648b41ab84321114ef4ca0e7a34fba6", + "zh:1ef68c3832691de21a61bf1a4e268123f3e08850712eda0b893cac908a0d1bc1", + "zh:44a1c58e5a6646e62b0bad653319c245f3b635dd03554dea2707a38f553e4a52", + "zh:54b5b374c4386f7f05b3fe986f9cb57bde4beab3bdf6ee33444f2b9a81b8af64", + "zh:aa8c2687ab784b72f8cdad8d3c3673dea83b33561e7b3f2d287ef0d06ff2a9e5", + "zh:e6ecba0503052ef3ad49ad56e17b2a73d9b55e30fcb82b040189d281e25e1a3b", + "zh:f105393f6487d3eb1f1636ba42d10c82950ddfef852244c1bca8d526fa23a9a3", + "zh:f17a8f1914ec66d80ccacecd40123362cf093abee3d3aa1ff9f8f687d8736f85", + "zh:f394b12ef01fa0bdf666a43ad152eb3890134f35e635ea056b18771c292de46e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + constraints = "~> 3.5.1" + hashes = [ + "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +} diff --git a/base-infrastructure/terraform/resources/acr.tf b/base-infrastructure/terraform/resources/acr.tf index bfcc36e..1b958d2 100644 --- a/base-infrastructure/terraform/resources/acr.tf +++ b/base-infrastructure/terraform/resources/acr.tf @@ -9,4 +9,4 @@ resource "azurerm_role_assignment" "attach_acr" { scope = data.azurerm_container_registry.ifrcgo.id role_definition_name = "AcrPull" principal_id = azurerm_kubernetes_cluster.ifrcgo.kubelet_identity[0].object_id -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/aks.tf b/base-infrastructure/terraform/resources/aks.tf index 86af951..69868c7 100644 --- a/base-infrastructure/terraform/resources/aks.tf +++ b/base-infrastructure/terraform/resources/aks.tf @@ -1,8 +1,8 @@ resource "azurerm_kubernetes_cluster" "ifrcgo" { -# lifecycle { -# ignore_changes = all -# } - + # lifecycle { + # ignore_changes = all + # } + name = "${local.prefix}-cluster" location = data.azurerm_resource_group.ifrcgo.location resource_group_name = data.azurerm_resource_group.ifrcgo.name @@ -10,12 +10,12 @@ resource "azurerm_kubernetes_cluster" "ifrcgo" { kubernetes_version = "1.28.3" default_node_pool { - name = "nodepool1" - vm_size = "Standard_DS3_v2" - vnet_subnet_id = azurerm_subnet.aks.id - enable_auto_scaling = true - min_count = 1 - max_count = 5 + name = "nodepool1" + vm_size = "Standard_DS3_v2" + vnet_subnet_id = azurerm_subnet.aks.id + enable_auto_scaling = true + min_count = 1 + max_count = 5 temporary_name_for_rotation = "nodepooltemp" } @@ -59,7 +59,7 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].cluster_ca_certificate) } -# This ConfigMap stores configurations for resources created by Terraform which +# This ConfigMap stores configurations for resources created by Terraform which # are later referenced in the go-api Helm chart. Values from this ConfigMap # are either directly utilized in Kubernetes resource definitions or provided # as parameters to the Helm chart. diff --git a/base-infrastructure/terraform/resources/database.tf b/base-infrastructure/terraform/resources/database.tf index 09d1571..a6e017f 100644 --- a/base-infrastructure/terraform/resources/database.tf +++ b/base-infrastructure/terraform/resources/database.tf @@ -54,7 +54,7 @@ resource "azurerm_postgresql_flexible_server_configuration" "extensions" { resource "azurerm_postgresql_flexible_server_configuration" "alerthub_postgres_config" { for_each = { # effective_cache_size = "12288000" # 12GB - About 75% of total RAM - # shared_buffers = "2097152" # 2GB + # shared_buffers = "2097152" # 2GB # work_mem = "65536" # 64MB # maintenance_work_mem = "1048576" # 1GB - About 6.4% of RAM # random_page_cost = "1.1" # Lower value for SSD storage @@ -217,4 +217,4 @@ resource "azurerm_postgresql_flexible_server_configuration" "montandon_eoapi_db_ name = "azure.extensions" server_id = azurerm_postgresql_flexible_server.montandon_eoapi.id value = "POSTGIS" -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/disk.tf b/base-infrastructure/terraform/resources/disk.tf index 9f3f207..cad5ba0 100644 --- a/base-infrastructure/terraform/resources/disk.tf +++ b/base-infrastructure/terraform/resources/disk.tf @@ -1,7 +1,7 @@ resource "azurerm_managed_disk" "ifrcgo" { name = "${local.prefix}-disk001" - resource_group_name = data.azurerm_resource_group.ifrcgo.name - location = data.azurerm_resource_group.ifrcgo.location + resource_group_name = data.azurerm_resource_group.ifrcgo.name + location = data.azurerm_resource_group.ifrcgo.location storage_account_type = "StandardSSD_LRS" create_option = "Empty" disk_size_gb = "20" @@ -11,4 +11,4 @@ resource "azurerm_role_assignment" "disk" { scope = azurerm_managed_disk.ifrcgo.id role_definition_name = "Contributor" principal_id = azurerm_kubernetes_cluster.ifrcgo.identity[0].principal_id -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/helm-argocd.tf b/base-infrastructure/terraform/resources/helm-argocd.tf index cb8089a..ced433d 100644 --- a/base-infrastructure/terraform/resources/helm-argocd.tf +++ b/base-infrastructure/terraform/resources/helm-argocd.tf @@ -15,10 +15,10 @@ resource "helm_release" "argo-cd" { yamlencode({ configs = { cm = { - "timeout.reconciliation": "60s" - "timeout.hard.reconciliation": "90s" + "timeout.reconciliation" : "60s" + "timeout.hard.reconciliation" : "90s" } } }) ] -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/helm-ifrcgo.tf b/base-infrastructure/terraform/resources/helm-ifrcgo.tf index 6ec5c46..7293d79 100644 --- a/base-infrastructure/terraform/resources/helm-ifrcgo.tf +++ b/base-infrastructure/terraform/resources/helm-ifrcgo.tf @@ -5,7 +5,7 @@ resource "helm_release" "ifrcgo" { name = "ifrcgo-helm" chart = "../helm/ifrcgo-helm" - wait = true + wait = true depends_on = [ helm_release.ifrcgo-ingress-nginx, helm_release.ifrcgo-cert-manager @@ -16,203 +16,203 @@ resource "helm_release" "ifrcgo" { # file("${path.root}/../helm/ifrcgo-helm/values-${var.environment}.yaml"), # ] -# set { -# name = "env.DJANGO_SECRET_KEY" -# value = var.DJANGO_SECRET_KEY -# } - -# set { -# name = "env.DJANGO_DB_USER" -# value = var.DJANGO_DB_USER -# } - -# set { -# name = "env.DJANGO_DB_PASS" -# value = var.DJANGO_DB_PASS -# } - -# set { -# name = "env.DJANGO_DB_HOST" -# value = var.DJANGO_DB_HOST -# } - -# set { -# name = "env.DJANGO_DB_PORT" -# value = var.DJANGO_DB_PORT -# } - -# # set { -# # name = "env.AZURE_STORAGE_ACCOUNT" -# # value = azurerm_storage_account.ifrcgo.id -# # } -# # -# # set { -# # name = "env.AZURE_STORAGE_KEY" -# # value = azurerm_storage_account.ifrcgo.primary_access_key -# # } - -# set { -# name = "env.AZURE_STORAGE_ACCOUNT" -# value = var.AZURE_STORAGE_ACCOUNT -# } - -# set { -# name = "env.AZURE_STORAGE_KEY" -# value = var.AZURE_STORAGE_KEY -# } - -# set { -# name = "env.EMAIL_API_ENDPOINT" -# value = var.EMAIL_API_ENDPOINT -# } - -# set { -# name = "env.EMAIL_HOST" -# value = var.EMAIL_HOST -# } - -# set { -# name = "env.EMAIL_PORT" -# value = var.EMAIL_PORT -# } - -# set { -# name = "env.EMAIL_USER" -# value = var.EMAIL_USER -# } - -# set { -# name = "env.EMAIL_PASS" -# value = var.EMAIL_PASS -# } - -# set { -# name = "env.TEST_EMAILS" -# value = var.TEST_EMAILS -# } - -# set { -# name = "env.AWS_TRANSLATE_ACCESS_KEY" -# value = var.AWS_TRANSLATE_ACCESS_KEY -# } - -# set { -# name = "env.AWS_TRANSLATE_SECRET_KEY" -# value = var.AWS_TRANSLATE_SECRET_KEY -# } - -# set { -# name = "env.AWS_TRANSLATE_REGION" -# value = var.AWS_TRANSLATE_REGION -# } - -# set { -# name = "env.MOLNIX_API_BASE" -# value = var.MOLNIX_API_BASE -# } - -# set { -# name = "env.MOLNIX_USERNAME" -# value = var.MOLNIX_USERNAME -# } - -# set { -# name = "env.MOLNIX_PASSWORD" -# value = var.MOLNIX_PASSWORD -# } - -# set { -# name = "env.ERP_API_ENDPOINT" -# value = var.ERP_API_ENDPOINT -# } - -# set { -# name = "env.ERP_API_SUBSCRIPTION_KEY" -# value = var.ERP_API_SUBSCRIPTION_KEY -# } - -# set { -# name = "env.FDRS_APIKEY" -# value = var.FDRS_APIKEY -# } - -# set { -# name = "env.FDRS_CREDENTIAL" -# value = var.FDRS_CREDENTIAL -# } - -# set { -# name = "env.HPC_CREDENTIAL" -# value = var.HPC_CREDENTIAL -# } - -# set { -# name = "env.APPLICATION_INSIGHTS_INSTRUMENTATION_KEY" -# value = var.APPLICATION_INSIGHTS_INSTRUMENTATION_KEY -# } - -# set { -# name = "env.GO_FTPHOST" -# value = var.GO_FTPHOST -# } - -# set { -# name = "env.GO_FTPUSER" -# value = var.GO_FTPUSER -# } - -# set { -# name = "env.GO_FTPPASS" -# value = var.GO_FTPPASS -# } - -# set { -# name = "env.GO_DBPASS" -# value = var.GO_DBPASS -# } - -# set { -# name = "env.APPEALS_USER" -# value = var.APPEALS_USER -# } - -# set { -# name = "env.APPEALS_PASS" -# value = var.APPEALS_PASS -# } - -# set { -# name = "env.IFRC_TRANSLATION_HEADER_API_KEY" -# value = var.IFRC_TRANSLATION_HEADER_API_KEY -# } - -# set { -# name = "elasticsearch.disk.name" -# value = "${local.prefix}-disk" -# } - -# set { -# name = "elasticsearch.disk.uri" -# value = azurerm_managed_disk.ifrcgo.id -# } - -# set { -# name = "secrets.API_TLS_CRT" -# value = var.API_TLS_CRT -# } - -# set { -# name = "secrets.API_TLS_KEY" -# value = var.API_TLS_KEY -# } - -# set { -# name = "secrets.API_ADDITIONAL_DOMAIN_TLS_CRT" -# value = var.API_ADDITIONAL_DOMAIN_TLS_CRT -# } - -# set { -# name = "secrets.API_ADDITIONAL_DOMAIN_TLS_KEY" -# value = var.API_ADDITIONAL_DOMAIN_TLS_KEY -# } + # set { + # name = "env.DJANGO_SECRET_KEY" + # value = var.DJANGO_SECRET_KEY + # } + + # set { + # name = "env.DJANGO_DB_USER" + # value = var.DJANGO_DB_USER + # } + + # set { + # name = "env.DJANGO_DB_PASS" + # value = var.DJANGO_DB_PASS + # } + + # set { + # name = "env.DJANGO_DB_HOST" + # value = var.DJANGO_DB_HOST + # } + + # set { + # name = "env.DJANGO_DB_PORT" + # value = var.DJANGO_DB_PORT + # } + + # # set { + # # name = "env.AZURE_STORAGE_ACCOUNT" + # # value = azurerm_storage_account.ifrcgo.id + # # } + # # + # # set { + # # name = "env.AZURE_STORAGE_KEY" + # # value = azurerm_storage_account.ifrcgo.primary_access_key + # # } + + # set { + # name = "env.AZURE_STORAGE_ACCOUNT" + # value = var.AZURE_STORAGE_ACCOUNT + # } + + # set { + # name = "env.AZURE_STORAGE_KEY" + # value = var.AZURE_STORAGE_KEY + # } + + # set { + # name = "env.EMAIL_API_ENDPOINT" + # value = var.EMAIL_API_ENDPOINT + # } + + # set { + # name = "env.EMAIL_HOST" + # value = var.EMAIL_HOST + # } + + # set { + # name = "env.EMAIL_PORT" + # value = var.EMAIL_PORT + # } + + # set { + # name = "env.EMAIL_USER" + # value = var.EMAIL_USER + # } + + # set { + # name = "env.EMAIL_PASS" + # value = var.EMAIL_PASS + # } + + # set { + # name = "env.TEST_EMAILS" + # value = var.TEST_EMAILS + # } + + # set { + # name = "env.AWS_TRANSLATE_ACCESS_KEY" + # value = var.AWS_TRANSLATE_ACCESS_KEY + # } + + # set { + # name = "env.AWS_TRANSLATE_SECRET_KEY" + # value = var.AWS_TRANSLATE_SECRET_KEY + # } + + # set { + # name = "env.AWS_TRANSLATE_REGION" + # value = var.AWS_TRANSLATE_REGION + # } + + # set { + # name = "env.MOLNIX_API_BASE" + # value = var.MOLNIX_API_BASE + # } + + # set { + # name = "env.MOLNIX_USERNAME" + # value = var.MOLNIX_USERNAME + # } + + # set { + # name = "env.MOLNIX_PASSWORD" + # value = var.MOLNIX_PASSWORD + # } + + # set { + # name = "env.ERP_API_ENDPOINT" + # value = var.ERP_API_ENDPOINT + # } + + # set { + # name = "env.ERP_API_SUBSCRIPTION_KEY" + # value = var.ERP_API_SUBSCRIPTION_KEY + # } + + # set { + # name = "env.FDRS_APIKEY" + # value = var.FDRS_APIKEY + # } + + # set { + # name = "env.FDRS_CREDENTIAL" + # value = var.FDRS_CREDENTIAL + # } + + # set { + # name = "env.HPC_CREDENTIAL" + # value = var.HPC_CREDENTIAL + # } + + # set { + # name = "env.APPLICATION_INSIGHTS_INSTRUMENTATION_KEY" + # value = var.APPLICATION_INSIGHTS_INSTRUMENTATION_KEY + # } + + # set { + # name = "env.GO_FTPHOST" + # value = var.GO_FTPHOST + # } + + # set { + # name = "env.GO_FTPUSER" + # value = var.GO_FTPUSER + # } + + # set { + # name = "env.GO_FTPPASS" + # value = var.GO_FTPPASS + # } + + # set { + # name = "env.GO_DBPASS" + # value = var.GO_DBPASS + # } + + # set { + # name = "env.APPEALS_USER" + # value = var.APPEALS_USER + # } + + # set { + # name = "env.APPEALS_PASS" + # value = var.APPEALS_PASS + # } + + # set { + # name = "env.IFRC_TRANSLATION_HEADER_API_KEY" + # value = var.IFRC_TRANSLATION_HEADER_API_KEY + # } + + # set { + # name = "elasticsearch.disk.name" + # value = "${local.prefix}-disk" + # } + + # set { + # name = "elasticsearch.disk.uri" + # value = azurerm_managed_disk.ifrcgo.id + # } + + # set { + # name = "secrets.API_TLS_CRT" + # value = var.API_TLS_CRT + # } + + # set { + # name = "secrets.API_TLS_KEY" + # value = var.API_TLS_KEY + # } + + # set { + # name = "secrets.API_ADDITIONAL_DOMAIN_TLS_CRT" + # value = var.API_ADDITIONAL_DOMAIN_TLS_CRT + # } + + # set { + # name = "secrets.API_ADDITIONAL_DOMAIN_TLS_KEY" + # value = var.API_ADDITIONAL_DOMAIN_TLS_KEY + # } } diff --git a/base-infrastructure/terraform/resources/helm-ingress-nginx.tf b/base-infrastructure/terraform/resources/helm-ingress-nginx.tf index a6ac308..11545d5 100644 --- a/base-infrastructure/terraform/resources/helm-ingress-nginx.tf +++ b/base-infrastructure/terraform/resources/helm-ingress-nginx.tf @@ -5,7 +5,7 @@ resource "helm_release" "ifrcgo-ingress-nginx" { namespace = "ingress-nginx" version = "4.12.1" create_namespace = true - depends_on = [ + depends_on = [ azurerm_public_ip.ifrcgo ] @@ -15,19 +15,19 @@ resource "helm_release" "ifrcgo-ingress-nginx" { } set { - name = "controller.service.externalTrafficPolicy" + name = "controller.service.externalTrafficPolicy" value = "Local" } set { - name = "controller.replicaCount" + name = "controller.replicaCount" value = 1 } set { - name = "controller.service.loadBalancerIP" + name = "controller.service.loadBalancerIP" value = azurerm_public_ip.ifrcgo.ip_address } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/helm-loki.tf b/base-infrastructure/terraform/resources/helm-loki.tf index 8889635..d95b135 100644 --- a/base-infrastructure/terraform/resources/helm-loki.tf +++ b/base-infrastructure/terraform/resources/helm-loki.tf @@ -30,4 +30,4 @@ resource "helm_release" "ifrcgo-loki-stack" { value = "true" } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/helm-provider.tf b/base-infrastructure/terraform/resources/helm-provider.tf index c4c2686..b213186 100644 --- a/base-infrastructure/terraform/resources/helm-provider.tf +++ b/base-infrastructure/terraform/resources/helm-provider.tf @@ -7,3 +7,4 @@ provider "helm" { client_key = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].client_key) cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.ifrcgo.kube_config[0].cluster_ca_certificate) } +} diff --git a/base-infrastructure/terraform/resources/ip.tf b/base-infrastructure/terraform/resources/ip.tf index 946b3a8..330ecf6 100644 --- a/base-infrastructure/terraform/resources/ip.tf +++ b/base-infrastructure/terraform/resources/ip.tf @@ -11,4 +11,4 @@ resource "azurerm_public_ip" "ifrcgo" { tags = { Environment = var.environment } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/output.tf b/base-infrastructure/terraform/resources/output.tf index fe754e9..cad40eb 100644 --- a/base-infrastructure/terraform/resources/output.tf +++ b/base-infrastructure/terraform/resources/output.tf @@ -3,7 +3,7 @@ output "alert_hub_db_admin_password" { } output "alert_hub_db_server_id" { - value = azurerm_postgresql_flexible_server.alerthub.id + value = azurerm_postgresql_flexible_server.alerthub.id } output "environment" { @@ -56,11 +56,11 @@ output "montandon_db_host" { } output "montandon_db_server_id" { - value = azurerm_postgresql_flexible_server.montandon.id + value = azurerm_postgresql_flexible_server.montandon.id } output "montandon_storage_account_id" { - value = azurerm_storage_account.montandon.id + value = azurerm_storage_account.montandon.id } output "montandon_storage_account_name" { @@ -90,11 +90,11 @@ output "sdt_db_host" { } output "sdt_db_server_id" { - value = azurerm_postgresql_flexible_server.sdt.id + value = azurerm_postgresql_flexible_server.sdt.id } output "sdt_storage_account_id" { - value = azurerm_storage_account.sdt.id + value = azurerm_storage_account.sdt.id } output "sdt_storage_account_name" { @@ -102,9 +102,9 @@ output "sdt_storage_account_name" { } output "storage_account_name" { - value = azurerm_storage_account.ifrcgo.name + value = azurerm_storage_account.ifrcgo.name } output "storage_account_id" { value = azurerm_storage_account.ifrcgo.id -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/providers.tf b/base-infrastructure/terraform/resources/providers.tf index e8ebc8d..626dd72 100644 --- a/base-infrastructure/terraform/resources/providers.tf +++ b/base-infrastructure/terraform/resources/providers.tf @@ -1,4 +1,4 @@ -provider azurerm { +provider "azurerm" { features {} } @@ -9,11 +9,11 @@ terraform { version = "=3.117.0" } helm = { - source = "hashicorp/helm" + source = "hashicorp/helm" version = "=2.5.1" } kubernetes = { - source = "hashicorp/kubernetes" + source = "hashicorp/kubernetes" version = "=2.24.0" } random = { @@ -21,4 +21,4 @@ terraform { version = "~> 3.5.1" } } -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/rg.tf b/base-infrastructure/terraform/resources/rg.tf index b753aa4..ed1363e 100644 --- a/base-infrastructure/terraform/resources/rg.tf +++ b/base-infrastructure/terraform/resources/rg.tf @@ -1,3 +1,3 @@ data "azurerm_resource_group" "ifrcgo" { - name = "${local.prefix}002rg" -} \ No newline at end of file + name = "${local.prefix}002rg" +} diff --git a/base-infrastructure/terraform/resources/storage.tf b/base-infrastructure/terraform/resources/storage.tf index 62766ad..f11054b 100644 --- a/base-infrastructure/terraform/resources/storage.tf +++ b/base-infrastructure/terraform/resources/storage.tf @@ -1,5 +1,5 @@ resource "azurerm_storage_account" "ifrcgo" { - name = "${local.storage}" + name = local.storage resource_group_name = data.azurerm_resource_group.ifrcgo.name location = data.azurerm_resource_group.ifrcgo.location account_tier = "Standard" @@ -28,7 +28,7 @@ resource "azurerm_storage_account" "sdt" { cors_rule { allowed_headers = ["*"] allowed_methods = ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"] - allowed_origins = ["*"] # Allow all origins + allowed_origins = ["*"] # Allow all origins exposed_headers = ["*"] max_age_in_seconds = 3600 } @@ -46,4 +46,4 @@ resource "azurerm_storage_account" "montandon" { location = data.azurerm_resource_group.ifrcgo.location account_tier = "Standard" account_replication_type = "LRS" -} \ No newline at end of file +} diff --git a/base-infrastructure/terraform/resources/variables.tf b/base-infrastructure/terraform/resources/variables.tf index fb1dcf2..fe6eee9 100644 --- a/base-infrastructure/terraform/resources/variables.tf +++ b/base-infrastructure/terraform/resources/variables.tf @@ -7,17 +7,17 @@ variable "subscriptionId" { } variable "REGION" { - type = string + type = string default = "" } variable "RESOURCES_DB_NAME" { - type = string + type = string default = "" } variable "RESOURCES_DB_SERVER" { - type = string + type = string default = "" } @@ -40,7 +40,7 @@ variable "secret_rotation_interval" { ### Staging Resources variable "ifrcgo_test_resources_rg" { - type = string + type = string default = "ifrctgo002rg" } @@ -50,19 +50,19 @@ variable "ifrcgo_test_resources_acr" { } variable "ifrcgo_test_resources_db_server" { - type = string - default = "" + type = string + default = "" } variable "ifrcgo_test_resources_db" { - type = string - default = "" + type = string + default = "" } ### Production Resources variable "ifrcgo_prod_resources_rg" { - type = string + type = string default = "ifrcpgo002rg" } @@ -72,28 +72,28 @@ variable "ifrcgo_prod_resources_acr" { } variable "ifrcgo_prod_resources_db_server" { - type = string - default = "" + type = string + default = "" } variable "ifrcgo_prod_resources_db" { - type = string - default = "" + type = string + default = "" } # ----------------- # Local variables locals { - stack_id = "ifrcgo" - location = lower(replace(var.REGION, " ", "")) - prefix = var.environment == "staging" ? "ifrctgo" : "ifrcpgo" + stack_id = "ifrcgo" + location = lower(replace(var.REGION, " ", "")) + prefix = var.environment == "staging" ? "ifrctgo" : "ifrcpgo" # prefixnodashes = "${local.stack_id}${var.environment}" - storage = "${local.prefix}" - deploy_secrets_prefix = "${local.prefix}" + storage = local.prefix + deploy_secrets_prefix = local.prefix ifrcgo_test_resources_db_server = var.RESOURCES_DB_SERVER ifrcgo_prod_resources_db_server = var.RESOURCES_DB_SERVER - ifrcgo_test_resources_db = var.RESOURCES_DB_NAME - ifrcgo_prod_resources_db = var.RESOURCES_DB_NAME + ifrcgo_test_resources_db = var.RESOURCES_DB_NAME + ifrcgo_prod_resources_db = var.RESOURCES_DB_NAME } diff --git a/base-infrastructure/terraform/resources/vnet.tf b/base-infrastructure/terraform/resources/vnet.tf index 3f3f1b7..9515f3a 100644 --- a/base-infrastructure/terraform/resources/vnet.tf +++ b/base-infrastructure/terraform/resources/vnet.tf @@ -26,7 +26,7 @@ resource "azurerm_subnet" "postgres" { name = "delegation" service_delegation { - name = "Microsoft.DBforPostgreSQL/flexibleServers" + name = "Microsoft.DBforPostgreSQL/flexibleServers" actions = [ "Microsoft.Network/virtualNetworks/subnets/join/action", ] diff --git a/base-infrastructure/terraform/variables.tf b/base-infrastructure/terraform/variables.tf index 43c7b47..c3472d4 100644 --- a/base-infrastructure/terraform/variables.tf +++ b/base-infrastructure/terraform/variables.tf @@ -1,5 +1,5 @@ variable "environment" { - type = string + type = string default = "staging" } @@ -8,16 +8,16 @@ variable "subscriptionId" { } variable "REGION" { - type = string + type = string default = "west europe" } variable "RESOURCES_DB_NAME" { - type = string + type = string default = "" } variable "RESOURCES_DB_SERVER" { - type = string + type = string default = "" }