first commit

canada-ca-terraform-modules · Feb 7, 2025 · cd0fe28 · cd0fe28
commit cd0fe28
Show file tree

Hide file tree

Showing 9 changed files with 235 additions and 0 deletions.
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -0,0 +1,27 @@
+name: Generate terraform docs
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - master
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs inside the README.md and push changes back to PR branch
+        uses: terraform-docs/[email protected]
+        with:
+          working-dir: .
+          output-file: README.md
+          output-method: inject
+          git-push: "true"
diff --git a/ESLZ/app_registrationV2.tf b/ESLZ/app_registrationV2.tf
@@ -0,0 +1,16 @@
+variable "app_registrationsV2" {
+  description = "List of AAD App Registrations to create"
+  type        = any
+  default     = {}
+}
+
+module "app_registrationsV2" {
+  for_each = var.app_registrationsV2
+  source   = "github.com/canada-ca-terraform-modules/terraform-azurerm-caf-app_registrationV2?ref=v1.0.0"
+
+  env               = var.env
+  group             = var.group
+  project           = var.project
+  app_registrations = each.value
+  userDefinedString = each.key
+}
diff --git a/ESLZ/app_registrationV2.tfvars b/ESLZ/app_registrationV2.tfvars
@@ -0,0 +1,17 @@
+app_registrationsV2 = {
+  test = {
+    description             = "Test App Registration" # (Required) Description of the app registration
+    owners                  = []                      # (Optional) List of User UPNs that will be the initial owners of the app registration. Only used on 1st deployment of App Reg du to life_cycle
+    prevent_duplicate_names = true                    # (Optional) Prevents duplicate names of the app registration. Default is true
+
+    app_role_assignment_required = false # (Optional) Determines if app role assignment is required. Default is false
+
+    # Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified
+    # using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by
+    # the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also
+    # propagate to this service principal.
+    tags = [
+      "HideApp",
+    ]
+  }
+}
diff --git a/README.md b/README.md
@@ -0,0 +1,59 @@
+# AzureRM App Registration V2
+
+## Terraform variables for this module
+
+[./ESLZ/app_registrationV2.tfvars](./ESLZ/app_registrationV2.tfvars)
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_boot_diagnostic_storage"></a> [boot\_diagnostic\_storage](#module\_boot\_diagnostic\_storage) | github.com/canada-ca-terraform-modules/terraform-azurerm-caf-storage_accountV2.git | v1.0.3 |
+| <a name="module_load_balancer"></a> [load\_balancer](#module\_load\_balancer) | github.com/canada-ca-terraform-modules/terraform-azurerm-caf-load_balancer.git | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_key_vault_secret.vm-admin-password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_role_assignment.vmss_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_user_assigned_identity.user_assigned_identity_vmss_windows](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [azurerm_windows_virtual_machine_scale_set.vmss_windows](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine_scale_set) | resource |
+| [random_password.vm-admin-password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+| [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_custom_data"></a> [custom\_data](#input\_custom\_data) | (Optional) The Base64-Encoded Custom Data which should be used for this Virtual Machine Scale Set. | `string` | `null` | no |
+| <a name="input_env"></a> [env](#input\_env) | (Required) 4 character string defining the environment name prefix for the VM | `string` | n/a | yes |
+| <a name="input_group"></a> [group](#input\_group) | (Required) Character string defining the group for the target subscription | `string` | n/a | yes |
+| <a name="input_location"></a> [location](#input\_location) | Azure location for the VM | `string` | `"canadacentral"` | no |
+| <a name="input_project"></a> [project](#input\_project) | (Required) Character string defining the project for the target subscription | `string` | n/a | yes |
+| <a name="input_resource_groups"></a> [resource\_groups](#input\_resource\_groups) | (Required) Resource group object for the VM | `any` | `{}` | no |
+| <a name="input_subnets"></a> [subnets](#input\_subnets) | (Required) List of subnet objects for the VM | `any` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags that will be applied to every associated VM resource | `map(string)` | `{}` | no |
+| <a name="input_userDefinedString"></a> [userDefinedString](#input\_userDefinedString) | (Required) User defined portion value for the name of the VM. | `string` | n/a | yes |
+| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) The Base64-Encoded User Data which should be used for this Virtual Machine Scale Set. | `string` | `null` | no |
+| <a name="input_vmss"></a> [vmss](#input\_vmss) | Details about vmss config | `any` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_loaddbalancer"></a> [loaddbalancer](#output\_loaddbalancer) | The availability\_set object |
+| <a name="output_vmss_windows"></a> [vmss\_windows](#output\_vmss\_windows) | VMSS Windows object |
+<!-- END_TF_DOCS -->
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,3 @@
+locals {
+
+}
diff --git a/module.tf b/module.tf
@@ -0,0 +1,30 @@
+data "azurerm_client_config" "current" {}
+
+data "azuread_user" "owners" {
+  for_each = toset(try(var.app_registrations.owners, []))
+
+  user_principal_name = each.value
+}
+
+resource "azuread_application" "aad_app" {
+  display_name            = "${var.env}_${var.group}_${var.project}_${var.userDefinedString}_sp"
+  owners                  = try(var.app_registrations.owners, []) == [] ? [data.azurerm_client_config.current.object_id] : distinct(flatten([data.azurerm_client_config.current.object_id, data.azuread_user.owners[*].object_id]))
+  description             = "${var.env}-${var.group}-${var.project} ${var.app_registrations.description}"
+  prevent_duplicate_names = try(var.app_registrations.prevent_duplicate_names, true)
+
+  lifecycle {
+    ignore_changes = [owners]
+  }
+}
+
+resource "azuread_service_principal" "aad_sp" {
+  client_id                    = azuread_application.aad_app.client_id
+  app_role_assignment_required = try(var.app_registrations.app_role_assignment_required, false)
+  owners                       = try(var.app_registrations.owners, []) == [] ? [data.azurerm_client_config.current.object_id] : distinct(flatten([data.azurerm_client_config.current.object_id, data.azuread_user.owners[*].object_id]))
+  description                  = "${var.env}-${var.group}-${var.project} ${var.app_registrations.description}"
+  tags = try(var.app_registrations.tags, [])
+
+  lifecycle {
+    ignore_changes = [owners]
+  }
+}
diff --git a/name.tf b/name.tf
@@ -0,0 +1,8 @@
+locals {
+  # vmss_windows_regex   = "/[//\"'\\[\\]:|<>+=;,?*@&]/" # Can't include those characters in windows_virtual_machine name: \/"'[]:|<>+=;,?*@&
+  # env_4                = substr(var.env, 0, 4)
+  # serverType_3         = "SWG"
+  # postfix_3            = substr(var.vmss.postfix, 0, 3)
+  # userDefinedString_54 = substr(var.userDefinedString, 0, 54 - length(local.postfix_3))
+  # vmss_name            = replace("${local.env_4}${local.serverType_3}-${local.userDefinedString_54}${local.postfix_3}", local.vmss_windows_regex, "")
+}
diff --git a/output.tf b/output.tf
@@ -0,0 +1,9 @@
+output "aad_app_object" {
+  value       = azuread_application.aad_app
+  description = "Azure AD Application object"
+}
+
+output "aad_sp_object" {
+  value       = azuread_service_principal.aad_sp
+  description = "Azure AD Service Principal object"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,66 @@
+variable "location" {
+  description = "Azure location for the VM"
+  type        = string
+  default     = "canadacentral"
+}
+
+variable "tags" {
+  description = "Tags that will be applied to every associated VM resource"
+  type        = map(string)
+  default     = {}
+}
+
+variable "env" {
+  description = "(Required) 4 character string defining the environment name prefix for the VM"
+  type        = string
+}
+
+variable "group" {
+  description = "(Required) Character string defining the group for the target subscription"
+  type        = string
+}
+
+variable "project" {
+  description = "(Required) Character string defining the project for the target subscription"
+  type        = string
+}
+
+variable "app_registrations" {
+  description = "List of AAD App Registrations to create"
+  type        = any
+  default     = {}
+}
+
+variable "userDefinedString" {
+  description = "(Required) User defined portion value for the name of the App Registration."
+  type        = string
+}
+
+# variable "vmss" {
+#   description = "Details about vmss config"
+#   type        = any
+#   default     = {}
+# }
+
+# variable "resource_groups" {
+#   description = "(Required) Resource group object for the VM"
+#   type        = any
+#   default     = {}
+# }
+
+# variable "subnets" {
+#   description = "(Required) List of subnet objects for the VM"
+#   type        = any
+# }
+
+# variable "custom_data" {
+#   description = "(Optional) The Base64-Encoded Custom Data which should be used for this Virtual Machine Scale Set."
+#   type        = string
+#   default     = null
+# }
+
+# variable "user_data" {
+#   description = "(Optional) The Base64-Encoded User Data which should be used for this Virtual Machine Scale Set."
+#   type        = string
+#   default     = null
+# }