updating codebase and stalling... thanks to Azure

Author: damienjburks

terraform/acr_aks.tf

@@ -1,5 +1,3 @@
-
-
 resource "azurerm_resource_group" "this_resource_group" {
   name     = var.resource_group_name
   location = var.location
@@ -14,31 +12,31 @@ resource "azurerm_container_registry" "this_container_registry" {
   depends_on = [azurerm_resource_group.this_resource_group]
 }
 
-resource "azurerm_kubernetes_cluster" "this_aks_cluster" {
-  name                = var.aks_name
-  location            = var.location
-  resource_group_name = azurerm_resource_group.this_resource_group.name
-  dns_prefix          = "DevSecOps-Blueprint"
-
-
-  default_node_pool {
-    name       = "default"
-    node_count = 1
-    vm_size    = "Standard_A2_v2"
-  }
-
-  identity {
-    type         = "UserAssigned"
-    identity_ids = [azurerm_user_assigned_identity.this_uaid.id]
-  }
-
-  tags = {
-    Environment = "Production"
-  }
-  depends_on = [
-    azurerm_role_assignment.uaid_contributor,
-    azurerm_role_assignment.acr_pull,
-    azurerm_role_assignment.acr_push
-  ]
-}
+# resource "azurerm_kubernetes_cluster" "this_aks_cluster" {
+#   name                = var.aks_name
+#   location            = var.location
+#   resource_group_name = azurerm_resource_group.this_resource_group.name
+#   dns_prefix          = "DSB"
+
+
+#   default_node_pool {
+#     name       = "default"
+#     node_count = 1
+#     vm_size    = "Standard_A2_v2"
+#   }
+
+#   identity {
+#     type         = "UserAssigned"
+#     identity_ids = [azurerm_user_assigned_identity.this_uaid.id]
+#   }
+
+#   tags = {
+#     Environment = "Production"
+#   }
+#   depends_on = [
+#     azurerm_role_assignment.uaid_contributor,
+#     azurerm_role_assignment.acr_pull,
+#     azurerm_role_assignment.acr_push
+#   ]
+# }
 

terraform/main.tf

@@ -3,8 +3,8 @@ data "azuread_client_config" "current" {}
 
 ### Create a new Azure DevOps project
 resource "azuredevops_project" "this_project" {
-  name               = var.project_name
-  visibility         = "public"
+  name               = "python-fastapi"
+  visibility         = "private"
   version_control    = "Git"
   work_item_template = "Agile"
   description        = "This project is managed and Created by Terraform"
@@ -14,7 +14,6 @@ resource "azuredevops_project" "this_project" {
     boards       = "disabled"
     pipelines    = "enabled"
     repositories = "enabled"
-
   }
 }
 
@@ -43,7 +42,6 @@ resource "azuredevops_git_repository" "fast_api_git_repo" {
     init_type   = "Import"
     source_type = "Git"
     source_url  = var.fast_api_git_repo
-    # service_connection_id = azuredevops_serviceendpoint_github.this_github.id
   }
 
 }
@@ -64,7 +62,7 @@ resource "azuredevops_build_definition" "this_definition" {
   repository {
     repo_type   = "TfsGit"
     repo_id     = azuredevops_git_repository.infra_git_repo.id
-    branch_name = "testing"
+    branch_name = "main"
     yml_path    = ".azdo-pipelines/azure-pipelines.yml"
   }
 
@@ -79,12 +77,6 @@ resource "azuredevops_build_definition" "this_definition" {
     value = "FastAPI"
 
   }
-
-  variable {
-    name  = "ProjetName"
-    value = "Smooth-Project-Name"
-
-  }
 }
 
 ### Create Federated identity for Azure DevOps Pipeline ###
@@ -112,12 +104,6 @@ resource "azurerm_role_assignment" "uaid_contributor" {
   scope                = azurerm_container_registry.this_container_registry.id
 }
 
-# resource "azuread_application" "this_app" {
-#   display_name     = "Az-DevSecOps-App"
-#   owners           = [data.azuread_client_config.current.object_id]
-# }
-
-
 resource "azurerm_federated_identity_credential" "ado_fed-id" {
   name                = "DevSecOps-Fed-Identity"
   resource_group_name = azurerm_resource_group.this_resource_group.name
@@ -147,9 +133,4 @@ resource "azuredevops_serviceendpoint_azurecr" "acr_registry_endpoint" {
   credentials {
     serviceprincipalid = azurerm_user_assigned_identity.this_uaid.client_id
   }
-
-
-
-
-}
-
+}

terraform/providers.tf

@@ -26,12 +26,16 @@ terraform {
 
 
 provider "azuredevops" {
-  org_service_url = var.org_service_url
+  org_service_url       = var.TFC_AZ_DEVOPS_ORG_SERVICE_URL
+  personal_access_token = var.TFC_AZ_DEVOPS_PAT
 }
 
 provider "azuread" {
-  tenant_id = "233318cd-0fbb-44eb-9437-4e2681adf87e"
+  tenant_id     = var.TFC_AZ_TENANT_ID
+  client_id     = var.TFC_AZ_CLIENT_ID
+  client_secret = var.TFC_AZ_CLIENT_PASSWORD
 
+  use_cli = false
 }
 
 provider "azurerm" {
@@ -41,10 +45,9 @@ provider "azurerm" {
     }
   }
 
-  use_cli              = false
-  use_oidc             = true
-  client_id_file_path  = var.tfc_azure_dynamic_credentials.default.client_id_file_path
-  oidc_token_file_path = var.tfc_azure_dynamic_credentials.default.oidc_token_file_path
-  subscription_id      = "9e3af6ab-6e22-4d23-a3ef-a6e883abe616"
-  tenant_id            = "233318cd-0fbb-44eb-9437-4e2681adf87e"
+  use_cli         = false
+  subscription_id = var.TFC_AZ_SUBSCRIPTION_ID
+  tenant_id       = var.TFC_AZ_TENANT_ID
+  client_id       = var.TFC_AZ_CLIENT_ID
+  client_secret   = var.TFC_AZ_CLIENT_PASSWORD
 }

terraform/variable-group.tf

@@ -15,9 +15,8 @@ resource "azuredevops_variable_group" "infra_variable_group" {
     name         = "ACR_SERVICE_CONNECTION"
     secret_value = azuredevops_serviceendpoint_azurecr.acr_registry_endpoint.id
     is_secret    = true
-
   }
- 
+
   variable {
     name         = "image_repo"
     secret_value = var.fast_api_git_repo
@@ -50,5 +49,4 @@ resource "azuredevops_variable_group" "image_repo_variable" {
     value = ""
 
   }
-
 }

terraform/variables.tf

@@ -1,17 +1,10 @@
-
-variable "tfc_azure_dynamic_credentials" {
-  description = "Object containing Azure dynamic credentials configuration"
-  type = object({
-    default = object({
-      client_id_file_path  = string
-      oidc_token_file_path = string
-    })
-    aliases = map(object({
-      client_id_file_path  = string
-      oidc_token_file_path = string
-    }))
-  })
-}
+# Default Variables
+variable "TFC_AZ_CLIENT_ID" {}
+variable "TFC_AZ_CLIENT_PASSWORD" {}
+variable "TFC_AZ_TENANT_ID" {}
+variable "TFC_AZ_SUBSCRIPTION_ID" {}
+variable "TFC_AZ_DEVOPS_ORG_SERVICE_URL" {}
+variable "TFC_AZ_DEVOPS_PAT" {}
 
 ### Resource Group Variables ###
 
@@ -31,18 +24,17 @@ variable "location" {
 ### Repo Variables ###
 variable "infra_git_repo" {
   type        = string
-  description = " of the infra git repo"
-  default     = "https://github.com/thogue12/azure-devsecops-pipeline.git"
-
+  description = "name of the infra git repo"
+  default     = "https://github.com/devsecblueprint/azure-devsecops-pipeline.git"
 }
 
 variable "fast_api_git_repo" {
   type        = string
-  description = "name of the infra git repo"
-  default     = "https://github.com/thogue12/python-fastapi.git"
+  description = "name of the fast api git repo"
+  default     = "https://github.com/devsecblueprint/azure-python-fastapi.git"
 }
-#### Azure Container Registry and Kubernetes Variables  ###
 
+#### Azure Container Registry and Kubernetes Variables  ###
 variable "acr_name" {
   type        = string
   description = "name of the Azure Container Registry"
@@ -65,17 +57,6 @@ variable "uaid_name" {
 }
 
 ### Azure DevOps Variables ###
-variable "project_name" {
-  description = "The name of the Azure DevOps project to create."
-  type        = string
-  default     = "DevSecOps-FastApi"
-
-}
-
-variable "org_service_url" {
-  type      = string
-  sensitive = true
-}
 
 variable "use_yaml" {
   description = "Bolean to determine if the pipeline should use the trigger defined in the yaml file or not"