Set Azure subscription ID when applying Terraform files

Signed-off-by: Daniel Weiße <[email protected]>
edgelesssys · Aug 27, 2024 · 239b83e · 239b83e
1 parent 5579578
commit 239b83e
Show file tree

Hide file tree

Showing 12 changed files with 55 additions and 2 deletions.
diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml
@@ -305,11 +305,24 @@ jobs:
         run: |
           cat >> _override.tf <<EOF
           locals {
+            subscription_id = $(az account show --query id --output tsv)
             instance_type = "Standard_DC4es_v5"
           }
           EOF
           cat _override.tf
 
+      - name: Create Azure SEV-SNP Terraform overrides
+        if: inputs.attestationVariant == 'azure-sev-snp'
+        working-directory: ${{ github.workspace }}/cluster
+        shell: bash
+        run: |
+          cat >> _override.tf <<EOF
+          locals {
+            subscription_id = $(az account show --query id --output tsv)
+          }
+          EOF
+          cat _override.tf
+
       - name: Copy example Terraform file
         working-directory: ${{ github.workspace }}
         shell: bash

diff --git a/cli/internal/cloudcmd/tfvars.go b/cli/internal/cloudcmd/tfvars.go
@@ -147,6 +147,7 @@ func azureTerraformVars(conf *config.Config, imageRef string) (*terraform.AzureC
 		}
 	}
 	vars := &terraform.AzureClusterVariables{
+		SubscriptionID:       conf.Provider.Azure.SubscriptionID,
 		Name:                 conf.Name,
 		NodeGroups:           nodeGroups,
 		Location:             conf.Provider.Azure.Location,

diff --git a/cli/internal/terraform/variables.go b/cli/internal/terraform/variables.go
@@ -193,6 +193,8 @@ func (v *GCPIAMVariables) String() string {
 
 // AzureClusterVariables is user configuration for creating a cluster with Terraform on Azure.
 type AzureClusterVariables struct {
+	// SubscriptionID is the Azure subscription ID to use.
+	SubscriptionID string `hcl:"subscription_id" cty:"subscription_id"`
 	// Name of the cluster.
 	Name string `hcl:"name" cty:"name"`
 	// ImageID is the ID of the Azure image to use.

diff --git a/dev-docs/howto/vpn/on-prem-terraform/main.tf b/dev-docs/howto/vpn/on-prem-terraform/main.tf
@@ -13,6 +13,10 @@ terraform {
 
 provider "azurerm" {
   features {}
+  subscription_id = var.subscription_id
+  # This enables all resource providers.
+  # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need.
+  resource_provider_registrations = "all"
 }
 
 locals {

diff --git a/dev-docs/howto/vpn/on-prem-terraform/variables.tf b/dev-docs/howto/vpn/on-prem-terraform/variables.tf
@@ -1,3 +1,9 @@
+variable "subscription_id" {
+  type        = string
+  description = "Azure subscription ID. This can also be sourced from the AZURE_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id"
+  default     = ""
+}
+
 variable "resource_group_location" {
   type        = string
   default     = "westeurope"

diff --git a/dev-docs/miniconstellation/azure-terraform/main.tf b/dev-docs/miniconstellation/azure-terraform/main.tf
@@ -22,6 +22,9 @@ terraform {
 provider "azurerm" {
   use_oidc = true
   features {}
+  # This enables all resource providers.
+  # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need.
+  resource_provider_registrations = "all"
 }
 
 provider "tls" {}

diff --git a/e2e/miniconstellation/main.tf b/e2e/miniconstellation/main.tf
@@ -22,6 +22,9 @@ terraform {
 provider "azurerm" {
   use_oidc = true
   features {}
+  # This enables all resource providers.
+  # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need.
+  resource_provider_registrations = "all"
 }
 
 provider "tls" {}

diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf
@@ -17,6 +17,10 @@ provider "azurerm" {
       prevent_deletion_if_contains_resources = false
     }
   }
+  subscription_id = var.subscription_id
+  # This enables all resource providers.
+  # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need.
+  resource_provider_registrations = "all"
 }
 
 locals {
@@ -266,8 +270,8 @@ module "scale_set_group" {
   marketplace_image         = var.marketplace_image
 
   # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been
-  # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not 
-  # our Constellation update). 
+  # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not
+  # our Constellation update).
   # TODO(@3u13r): Remove this dependency after v2.18.0 has been released.
   depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all]
 }

diff --git a/terraform/infrastructure/azure/modules/scale_set/main.tf b/terraform/infrastructure/azure/modules/scale_set/main.tf
@@ -45,6 +45,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "scale_set" {
   provision_vm_agent              = false
   vtpm_enabled                    = true
   disable_password_authentication = false
+  extension_operations_enabled    = false
   upgrade_mode                    = "Manual"
   secure_boot_enabled             = var.secure_boot
   # specify the image id only if a non-marketplace image is used

diff --git a/terraform/infrastructure/azure/variables.tf b/terraform/infrastructure/azure/variables.tf
@@ -46,6 +46,12 @@ variable "internal_load_balancer" {
 
 # Azure-specific variables
 
+variable "subscription_id" {
+  type        = string
+  description = "Azure subscription ID. This can also be sourced from the AZURE_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id"
+  default     = ""
+}
+
 variable "location" {
   type        = string
   description = "Azure location to deploy the cluster in."

diff --git a/terraform/infrastructure/iam/azure/main.tf b/terraform/infrastructure/iam/azure/main.tf
@@ -18,6 +18,10 @@ provider "azurerm" {
       prevent_deletion_if_contains_resources = false
     }
   }
+  subscription_id = var.subscription_id
+  # This enables all resource providers.
+  # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need.
+  resource_provider_registrations = "all"
 }
 
 # Configure Azure active directory provider

diff --git a/terraform/infrastructure/iam/azure/variables.tf b/terraform/infrastructure/iam/azure/variables.tf
@@ -1,3 +1,9 @@
+variable "subscription_id" {
+  type        = string
+  description = "Azure subscription ID. This can also be sourced from the AZURE_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id"
+  default     = ""
+}
+
 variable "resource_group_name" {
   type        = string
   description = "Name for the resource group the cluster should reside in."