Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update terraform config with agency-specific variables #292

Closed
12 tasks done
Tracked by #295
thekaveman opened this issue Aug 15, 2023 · 2 comments · Fixed by #346
Closed
12 tasks done
Tracked by #295

Update terraform config with agency-specific variables #292

thekaveman opened this issue Aug 15, 2023 · 2 comments · Fixed by #346
Labels
infrastructure Terraform, Azure, etc.
Milestone
SBMTD Mobility Pass

Comments

@thekaveman
Copy link
Member

thekaveman commented Aug 15, 2023
edited by angela-tran
Loading

The following Terraform config files reference MST Courtesy Cards, but should use a variable instead, e.g. ${local.agency_card_name}

So we could have something like:

resource "azurerm_linux_web_app" "main" {
  # name needs to be globally unique and is more specific because it's used in the app URL
- name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
+ name = "${local.agency_card_name}-eligibility-server-${local.env_name}"
  #  etc...
}

app_service.tf

  • azurerm_linux_web_app.main.name
resource "azurerm_linux_web_app" "main" {
  # name needs to be globally unique and is more specific because it's used in the app URL
  name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
  #  etc...
}

environment.tf

  • azurerm_resource_group.main.name
data "azurerm_resource_group" "main" {
  name = "courtesy-cards-eligibility-${local.env_name}"
}

front_door.tf

  • azurerm_cdn_frontdoor_endpoint.main.name
resource "azurerm_cdn_frontdoor_endpoint" "main" {
  # used in the front door URL
  name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
  # ...
}

main.tf

  • terraform.azurerm.resource_group_name
  • terraform.azurerm.storage_account_name
terraform {
  # ...
  backend "azurerm" {
    # needs to match pipeline/azure-pipelines.yml
    resource_group_name  = "courtesy-cards-eligibility-terraform"
    storage_account_name = "courtesycardsterraform"
    # ...
  }
}

roles.tf

  • azurerm_role_assignment.velocity_etl (make this name more generic? agency_card_data_etl?)
  • azurerm_role_assignment.velocity_etl.principal_id
  • [Microsoft.Storage/storageAccounts/blobServices/containers/blobs:path] StringLike 'velocity.csv'
resource "azurerm_role_assignment" "velocity_etl" {
  # ...
  principal_id = var.VELOCITY_ETL_APP_OBJECT_ID
  condition = <<EOF
(
 (
  @Resource[Microsoft.Storage/storageAccounts/blobServices/containers/blobs:path] StringLike 'velocity.csv'
 )
)
EOF
   # ...
}

storage.tf

  • azurerm_storage_account.main.name
resource "azurerm_storage_account" "main" {
  # name needs to be unique per subscription
  name = "mstcceligibility${local.env_name}"
 # ...
}

uptime.tf

  • healthcheck.name
module "healthcheck" {
  # ...
  name = "mst-courtesy-cards-eligibility-server-${local.env_name}-healthcheck"
}

variables.tf

  • VELOCITY_ETL_APP_OBJECT_ID (need a more generic name for variable)
variable "VELOCITY_ETL_APP_OBJECT_ID" {
  description = "Object ID from the registered application for the Velocity server ETL uploading: https://cloudsight.zendesk.com/hc/en-us/articles/360016785598-Azure-finding-your-service-principal-object-ID"
  type = string
}

init.sh

  • Require an arg for the Subscription to init with
echo "Setting the subscription for the Azure CLI..."
az account set --subscription="MST IT"
@thekaveman thekaveman added the infrastructure Terraform, Azure, etc. label Aug 15, 2023
@thekaveman thekaveman added this to the SBMTD milestone Aug 15, 2023
@thekaveman thekaveman changed the title Update terraform confirm with agency-specific variables Update terraform config with agency-specific variables Aug 15, 2023
This was referenced Aug 15, 2023
Closed
Closed
Closed
@thekaveman thekaveman mentioned this issue Aug 31, 2023
Merged
1 task
@thekaveman thekaveman moved this from Todo to Stretch in Digital Services Sep 18, 2023
@thekaveman thekaveman moved this from Stretch to Todo in Digital Services Sep 18, 2023
@thekaveman
Copy link
Member Author

Backend configuration in main.tf cannot use variables. Need to figure out how to specify a different backend config per agency (multiple main.tf files in subdirectories per-agency?)

@thekaveman thekaveman moved this from Todo to In Progress in Digital Services Oct 3, 2023
@angela-tran
Copy link
Member

Backend configuration in main.tf cannot use variables. Need to figure out how to specify a different backend config per agency (multiple main.tf files in subdirectories per-agency?)

We realized that the pipeline gets its backend resource group and storage account config through the TerraformTask configuration. For local development, we can get our backend config through command-line options.

Therefore, we were able to remove resource group and storage account from being specified in the backend block; see 3803ffa and 8af3d32

@angela-tran angela-tran mentioned this issue Oct 10, 2023
Merged
@thekaveman thekaveman mentioned this issue Oct 10, 2023
Closed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Digital Services Oct 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
infrastructure Terraform, Azure, etc.
Projects
Digital Services
Status: Done
Milestone
SBMTD Mobility Pass
Development

Successfully merging a pull request may close this issue.

Feat: agency-specific Terraform variables cal-itp/eligibility-server
2 participants
@thekaveman @angela-tran