adding terraform stacks demo files

azure_identity_tf/README.md

@@ -0,0 +1 @@
+# Terraform-Stacks-On-Azure

azure_identity_tf/main.tf

@@ -0,0 +1,65 @@
+# data about the current subscription
+data "azurerm_subscription" "current" {}
+
+# create an app registration
+resource "azuread_application" "hcp_terraform" {
+  display_name = "hcp-terraform-azure"
+}
+
+# create a service principal for the app
+resource "azuread_service_principal" "hcp_terraform" {
+  client_id = azuread_application.hcp_terraform.client_id
+}
+
+# assign the contributor role for the service principal
+resource "azurerm_role_assignment" "contributor" {
+  scope                = data.azurerm_subscription.current.id
+  principal_id         = azuread_service_principal.hcp_terraform.object_id
+  role_definition_name = "Contributor"
+}
+
+# create federated identity credentials for **plan** operations
+# for each deployment name
+resource "azuread_application_federated_identity_credential" "plan" {
+  for_each       = toset(var.deployment_names)
+  application_id = azuread_application.hcp_terraform.id
+  display_name   = "stack-deployment-${each.value}-plan"
+  audiences      = ["api://AzureADTokenExchange"]
+  issuer         = "https://app.terraform.io"
+  description    = "Plan operation for deployment '${each.value}'"
+  subject = join(":", [
+    "organization",
+    var.organization_name,
+    "project",
+    var.project_name,
+    "stack",
+    var.stack_name,
+    "deployment",
+    each.value,
+    "operation",
+    "plan"
+  ])
+}
+
+# create federated identity credentials for **apply** operations
+# for each deployment name
+resource "azuread_application_federated_identity_credential" "apply" {
+  for_each       = toset(var.deployment_names)
+  application_id = azuread_application.hcp_terraform.id
+  display_name   = "stack-deployment-${each.value}-apply"
+  audiences      = ["api://AzureADTokenExchange"]
+  issuer         = "https://app.terraform.io"
+  description    = "Apply operation for deployment '${each.value}'"
+  subject = join(":", [
+    "organization",
+    var.organization_name,
+    "project",
+    var.project_name,
+    "stack",
+    var.stack_name,
+    "deployment",
+    each.value,
+    "operation",
+    "apply"
+  ])
+}

azure_identity_tf/outputs.tf

@@ -0,0 +1,7 @@
+output "configuration" {
+  value = {
+    client_id       = azuread_service_principal.hcp_terraform.client_id
+    tenant_id       = data.azurerm_subscription.current.tenant_id
+    subscription_id = data.azurerm_subscription.current.subscription_id
+  }
+}

azure_identity_tf/providers.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 3.0.2"
+    }
+
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 4.0"
+    }
+  }
+}
+
+provider "azuread" {}
+
+provider "azurerm" {
+  subscription_id = "e8760043-8652-49f9-b487-4b27daf3ec7a"
+  features {}
+}

azure_identity_tf/variables.tf

@@ -0,0 +1,19 @@
+variable "deployment_names" {
+  type        = list(string)
+  description = "List of Terraform stack deployment names"
+}
+
+variable "organization_name" {
+  type        = string
+  description = "HCP Terraform organization name"
+}
+
+variable "project_name" {
+  type        = string
+  description = "HCP Terraform project name"
+}
+
+variable "stack_name" {
+  type        = string
+  description = "Terraform stack name"
+}

components.tfstack.hcl

@@ -0,0 +1,48 @@
+component "demo_infra_stack_01" {
+  source = "./stacks/infrastructure_compute"
+
+  inputs = {
+    demo_compute_resource_group = {
+      environment = var.central_variables.environment
+      location    = var.central_variables.location
+      tags = var.central_variables.tags
+    }
+
+    demo_storage_account = {
+      account_tier   = var.demo_storage_account.account_tier
+      account_replication_type = var.demo_storage_account.account_replication_type
+    }
+  }
+
+  providers = {
+    azurerm = provider.azurerm.this
+    random = provider.random.this
+  }
+}
+
+component "demo_networking_stack_01" {
+  source = "./stacks/networking"
+
+  inputs = {
+    demo_networking_resource_group = {
+      environment = var.central_variables.environment
+      location    = var.central_variables.location
+      tags = var.central_variables.tags
+    }
+
+    demo_virtual_network = {
+      cidr_range = var.demo_virtual_network.cidr_range
+      tags = var.central_variables.tags
+
+    }
+
+    demo_subnet_01 = {
+      address_prefixes = var.demo_subnet_01.address_prefixes
+    }
+  }
+
+  providers = {
+    azurerm = provider.azurerm.this
+  }
+}
+

deployments.tfdeploy.hcl

@@ -0,0 +1,70 @@
+identity_token "azurerm" {
+  audience = [ "api://AzureADTokenExchange" ]
+}
+
+deployment "development" {
+  inputs = {
+
+    central_variables = {
+      environment = "dev"
+      location = "canadacentral"
+      tags = {
+        environment = "development"
+      }
+    }
+
+    demo_storage_account = {
+      account_tier = "Standard"
+      account_replication_type = "LRS"
+    }
+
+
+    demo_virtual_network = {
+      cidr_range = "10.0.0.0/16"
+    }
+
+    demo_subnet_01 = {
+      address_prefixes = ["10.0.16.0/20"]
+    }
+
+    azurerm_provider = {
+      identity_token = identity_token.azurerm.jwt
+      client_id = "1a493a19-46a6-44d0-8033-43530f6b6823"
+      subscription_id = "e8760043-8652-49f9-b487-4b27daf3ec7a"
+      tenant_id = "1a93b615-8d62-418a-ac28-22501cf1f978"
+    }
+  }
+}
+
+deployment "production" {
+  inputs = {
+    central_variables = {
+      environment = "prod"
+      location = "canadacentral"
+      tags = {
+        environment = "production"
+      }
+    }
+
+    demo_storage_account = {
+      account_tier = "Standard"
+      account_replication_type = "GZRS"
+    }
+
+
+    demo_virtual_network = {
+      cidr_range = "10.0.0.0/17"
+    }
+
+    demo_subnet_01 = {
+      address_prefixes = ["10.0.16.0/21"]
+    }
+
+    azurerm_provider = {
+      identity_token = identity_token.azurerm.jwt
+      client_id = "1a493a19-46a6-44d0-8033-43530f6b6823"
+      subscription_id = "cfd475e4-2732-4ec6-b819-5580d3656b25"
+      tenant_id = "1a93b615-8d62-418a-ac28-22501cf1f978"
+    }
+  }
+}

modules/resource_group/local.tf

@@ -0,0 +1,18 @@
+locals {
+  location_map = {
+    "Canada Central" = "Canada Central"
+    "canadacentral"  = "Canada Central"
+    "Canada East"    = "Canada East"
+    "canadaeast"     = "Canada East"
+  }
+
+  location_code_map = {
+    "Canada Central" = "cc"
+    "canadacentral"  = "cc"
+    "Canada East"    = "ce"
+    "canadaeast"     = "ce"
+  }
+
+  location      = local.location_map[var.location]
+  location_code = local.location_code_map[var.location]
+}

modules/resource_group/main.tf

@@ -0,0 +1,6 @@
+resource "azurerm_resource_group" "resource_group" {
+  name     = var.name_override == null ? lower(format("rg-%s-%s-%s", local.location_code, var.environment, var.workload)) : var.name_override
+  location = var.location
+  tags     = var.tags
+}
+

modules/resource_group/outputs.tf

@@ -0,0 +1,16 @@
+output "name" {
+  value = azurerm_resource_group.resource_group.name
+}
+
+output "id" {
+  value = azurerm_resource_group.resource_group.id
+}
+
+output "location" {
+  value = azurerm_resource_group.resource_group.location
+}
+
+
+output "environment" {
+  value = var.environment
+}

modules/resource_group/variables.tf

@@ -0,0 +1,34 @@
+variable "name_override" {
+  type        = string
+  description = "Name override for the resource group"
+  default     = null
+
+}
+variable "workload" {
+  type        = string
+  description = "Resource type to be stored in the resource group"
+
+}
+variable "location" {
+  type        = string
+  description = "Azure location"
+  validation {
+    condition     = contains(["canadacentral", "canadaeast"], var.location)
+    error_message = "Location must be canadacentral or canadaeast"
+  }
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment for the resources"
+  validation {
+    condition     = contains(["dev", "prod"], var.environment)
+    error_message = "Environment must be dev or prod"
+  }
+
+}
+variable "tags" {
+  type        = map(string)
+  description = "Tags for the resources"
+
+}

modules/storage_account/locals.tf

@@ -0,0 +1,18 @@
+locals {
+  location_map = {
+    "Canada Central" = "Canada Central"
+    "canadacentral"  = "Canada Central"
+    "Canada East"    = "Canada East"
+    "canadaeast"     = "Canada East"
+  }
+
+  location_code_map = {
+    "Canada Central" = "cc"
+    "canadacentral"  = "cc"
+    "Canada East"    = "ce"
+    "canadaeast"     = "ce"
+  }
+
+  location      = local.location_map[var.location]
+  location_code = local.location_code_map[var.location]
+}

modules/storage_account/main.tf

@@ -0,0 +1,9 @@
+resource "azurerm_storage_account" "this" {
+  name                = var.name_override == null ? lower(format("st%s%s%s", local.location_code, var.environment, var.workload)) : var.name_override
+  resource_group_name = var.resource_group_name
+  location            = var.location
+
+  access_tier              = var.access_tier
+  account_tier             = var.account_tier
+  account_replication_type = var.account_replication_type
+}

modules/storage_account/variables.tf

@@ -0,0 +1,42 @@
+variable "environment" {
+  type        = string
+  description = "Prefix for the resources"
+
+}
+variable "name_override" {
+  type        = string
+  description = "Name override for the resource group"
+  default     = null
+
+}
+
+variable "workload" {
+  type        = string
+  description = "Resource type to be stored in the resource group"
+
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Name of the resource group"
+}
+
+variable "location" {
+  type        = string
+  description = "Azure location for the resources"
+}
+
+variable "access_tier" {
+  type        = string
+  description = "Access tier for the storage account"
+}
+
+variable "account_tier" {
+  type        = string
+  description = "Account tier for the storage account"
+}
+
+variable "account_replication_type" {
+  type        = string
+  description = "Replication type for the storage account"
+}