Merge pull request #24 from ned1313/TFC-updates

Tfc updates

terraform_advanced/11-tfc_state_migration.md

@@ -1,6 +1,6 @@
 # Lab: Migrating State to Terraform Cloud
 
-In this lab you will create and deploy and Azure Virtual Network using Terraform, and then migrate the state data to Terraform Cloud. We will continue to use this configuration in the next lab.
+In this lab you will create and deploy an Azure Virtual Network using Terraform, and then migrate the state data to Terraform Cloud. We will continue to use this configuration in the next lab.
 
 Duration: 10 minutes
 

terraform_advanced/13-private_modules.md

@@ -8,44 +8,43 @@ In this challenge you will register some modules with your Private Module Regist
 
 ### Fork the Module Repositories
 
-You are going to fork the following repositories into your own GitHub account:
+You are going to fork this repository into your GitHub account.
 
-- https://github.com/azure-terraform-workshop/terraform-azurerm-networking.git
-- https://github.com/azure-terraform-workshop/terraform-azurerm-webserver.git
-- https://github.com/azure-terraform-workshop/terraform-azurerm-appserver.git
-- https://github.com/azure-terraform-workshop/terraform-azurerm-dataserver.git
+- https://github.com/ned1313/terraform-azurerm-networking
 
-Each of these repositories represents a module that can be developed and versioned independently.
+The repository represents a module that can be developed and versioned independently.
 
-### Add Modules
+### Create a VCS Connection
 
-We need to add these repositories into the Private Module Registry.
+In Terraform Cloud, navigate to "Settings" -> "Version Control" and click "Add a VCS Provider".
 
-Navigate back to Terraform Cloud and click the "Modules" menu at the top of the page. From there click the "+ Add Module" button.
+Select `GitHub.com (custom)` as the VCS connection type.
 
-![](img/tfe-add-module.png)
+Follow the directions to create an OAuth Application in GitHub.
 
-Select the networking repository you forked earlier.
+Once you're created the application in GitHub, copy the client ID to the Terraform Cloud form. And then generate a client secret and copy that to the Terraform Cloud form.
 
-![](img/tfe-select-module-repo.png)
+You can set a Name for the application if you want, but it's not required.
 
-> Note: You will see your github user name instead of 'azure-terraform-workshop/' since you forked this repo.
+Click on Authorize for Terraform Cloud.
 
-Click "Publish Module".
+### Add Modules
 
-This will query the repository for necessary files and tags used for versioning.
+We need to add the repository into the Private Module Registry.
 
-Congrats, you are done!
+In Terraform Cloud, go into Registry, and click the "Publish" menu and select "Module".
 
-Ok, not really...
+Select the networking repository you forked earlier.
 
-Repeat this step for the other three modules:
+> Note: You will see your github user name instead of 'ned1313/' since you forked this repo.
 
-- terraform-azurerm-appserver
-- terraform-azurerm-dataserver
-- terraform-azurerm-webserver
+Click "Publish Module".
 
-### Create a new github repository
+This will query the repository for necessary files and tags used for versioning.
+
+Congrats, you are done!
+
+### Create a new github repository to use the module
 
 In github, create a new public repository names "tfc-workspace-modules".
 
@@ -54,8 +53,6 @@ Create a single `main.tf` file with the following contents:
 ```hcl
 variable "name" {}
 variable "location" {}
-variable "username" {}
-variable "password" {}
 
 provider "azurerm" {
   features {}
@@ -71,7 +68,7 @@ variable "subnet_address_prefixes" {
 
 module "networking" {
   source  = "app.terraform.io/YOUR_ORG_NAME/networking/azurerm"
-  version = "0.12.0"
+  version = "~> 1.0"
 
   name                    = var.name
   location                = var.location
@@ -80,36 +77,24 @@ module "networking" {
 }
 ```
 
-Update the source arguments to your organization by replacing "YOUR_ORG_NAME" with your TFC organization name.
+Update the source argument for the networking module to your organization by replacing "YOUR_ORG_NAME" with your TFC organization name.
 
 Commit the file and check the code into github.
 
 ### Create a workspace
 
 Create a TFC workspace that uses the VCS connection to load this new repository.
 
-![](img/tfe-new-workspace.png)
-
 Select the repository and name the workspace the same thing "tfc-workspace-modules"
 
-![](img/tfe-new-workspace-final.png)
-
 ### Configure Workspace Variables
 
-Navigate back to your "tfc-workspace-modules" workspace.
+Fill out the variables for the workspace based on the following list:
 
 Set the Terraform Variables:
 
 - 'name' - A unique environment name such as `###env`
 - 'location' - An Azure region such as `eastus` or `centralus`
-- 'username' (sensitive) - A username for the VM's
-> Note: this can not be "admin"
-- 'password' (sensitive) - A password for the VM's
-> NOTE: password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following:
-> 1. Contains an uppercase character
-> 2. Contains a lowercase character
-> 3. Contains a numeric digit
-> 4. Contains a special character
 - 'vnet_address_spacing' (HCL) - The Vnet Address space
     ```hcl
     ["10.0.0.0/16"]
@@ -123,7 +108,17 @@ Set the Terraform Variables:
     ]
     ```
 
-Set Environment Variables for your Azure Service Principal (be sure check the 'sensitive' checkbox to hide these values):
+Click on Save variables.
+
+Do not start a new plan yet, instead click on `Go to workspace overview`.
+
+Set Environment Variables for your Azure Service Principal (be sure check the 'sensitive' checkbox to hide these values).
+
+You can get the current values using the following command from the lab environment:
+
+```bash
+env | grep ARM
+```
 
 - ARM_TENANT_ID
 - ARM_SUBSCRIPTION_ID
@@ -132,9 +127,9 @@ Set Environment Variables for your Azure Service Principal (be sure check the 's
 
 ### Run a Plan
 
-Click the "Queue Plan" button.
+Click the "Actions" button and select "Start new run".
 
-![](img/tfe-queue-plan.png)
+Select a "Plan and apply" run and click "Start run".
 
 Wait for the Plan to complete.
 
@@ -148,54 +143,6 @@ Watch the apply progress and complete.
 
 Login to the at Azure Portal to see your infrastructure.
 
-### Update a Module
-
-In the `tfc-workspace-modules` repository, navigate to the `main.tf` file.
-
-Add the following to deploy the rest of your application (again, be sure to update the source references):
-
-```hcl
-module "webserver" {
-  source  = "app.terraform.io/YOUR_ORG_NAME/webserver/azurerm"
-  version = "0.12.0"
-
-  name      = var.name
-  location  = var.location
-  subnet_id = module.networking.subnet-ids[0]
-  vm_count  = 1
-  username  = var.username
-  password  = var.password
-}
-
-module "appserver" {
-  source  = "app.terraform.io/YOUR_ORG_NAME/appserver/azurerm"
-  version = "0.12.0"
-
-  name      = var.name
-  location  = var.location
-  subnet_id = module.networking.subnet-ids[1]
-  vm_count  = 1
-  username  = var.username
-  password  = var.password
-}
-
-module "dataserver" {
-  source  = "app.terraform.io/YOUR_ORG_NAME/dataserver/azurerm"
-  version = "0.12.0"
-
-  name      = var.name
-  location  = var.location
-  subnet_id = module.networking.subnet-ids[2]
-  vm_count  = 1
-  username  = var.username
-  password  = var.password
-}
-```
-
-Commit your change and see what the changes show in the plan.
-
-If you are satisfied with the changes, apply the changes.
-
 ## Advanced areas to explore
 
 1. Make a change to a module repository and tag it in such a way that the change shows in your Private Module Registry.

terraform_advanced/15-tfc-teams-governance.md

@@ -2,7 +2,7 @@
 
 Terraform Cloud includes Teams and permissions that are set at the organization and workspace level. In this challenge, you will create teams in your TFC organization, add users, and assign teams permissions to workspaces.
 
-You will need to start a free trial of the Teams and Governance tier of TFC. The trial is good for 30 days, after which your organization will revert to the Free tier.
+You will need to upgrade to the Standard tier of TFC, which requires an HCP account. It comes with $50 in free credit. You can sign up for an HCP account [here](https://portal.cloud.hashicorp.com/signup).
 
 ## Tasks
 
@@ -25,11 +25,15 @@ Now that you have created teams you can invite some users to your organization.
 
 Invite a new user with an email you have access to and assign them to the org_admins group. You can also make up a fictitious email, although you won't be able to test permissions.
 
+If you are using Gmail or Exchange, you can create an email address that follows the format `your_email+tfc@gmail.com`. This will allow you to create a new email address that will be delivered to your inbox, but will be unique to TFC.
+
+For example, if your Gmail address is `john.smith@gmail.com`, you can use the address `john.smith+tfc@gmail.com` for your new user.
+
 ## Assign teams to workspaces with permissions
 
 Next, assign access rights to the an existing workspace. Go into the **Team Access** page of the workspace settings. If you don't see the Team Access link you might need to log out and back into Terraform Cloud.
 
 You'll want to click the "Add team and permissions" button and then click the "Select team" button next to each team to which you wish to grant workspace access. Then click the "Assign permissions" button for the desired permission.
 
 - Give the **web_app_devs** group plan level access.
-- Give the **managers** group read level access.
+- Give the **managers** group read level access.

terraform_advanced/16-vcs-code-promote.md

@@ -26,9 +26,11 @@ In the `tfc-azure-example` github repository, create a `development` branch if o
 
 Create a new TFC workspace named `web-net-dev` that is tied to the `tfc-azure-example` github repo by choosing a VCS Control workflow. In the advanced settings under *VCS Branch*, configure it to watch the development branch.
 
-In the workspace, add a Terraform variable called `prefix` and set it to `dev`.
+In the next screen, set the Terraform variable called `prefix` to `dev`, and click on "Save variables".
 
-Click on `Settings` at the top of the UI and then select *Variable sets* from the left side menu.
+You are going to use the same Azure credentials for each environment. It's easier to create a variable set that can be shared across workspaces.
+
+Click on `Settings` and then select *Variable sets* from the left side menu.
 
 Create a new variable set called `azure-creds` and make it available to all workspaces. Add four **environment** variables to the variable set:
 
@@ -41,7 +43,7 @@ Use the values from your workstation. You can find them by running `env | grep A
 
 Click on **Create variable set** to complete the process.
 
-Back in the `web-net-dev` workspace, kick off a run and approve it.
+Back in the `web-net-dev` workspace, kick off a run and approve it once the plan completes.
 
 ## Task 3: Create a `web-net-prod` workspace
 
@@ -53,24 +55,36 @@ Run a plan and approve it to create the base infrastructure for the production e
 
 ## Task 4: Perform and update on your development branch to validate
 
-On the development branch, add the following to the `main.tf` file:
+On the development branch, add an `owners` tag to the resource group in the `main.tf` file:
 
 ```hcl
-locals {
-  change = "trigger a change"
+resource "azurerm_resource_group" "web" {
+  name     = local.base_name
+  location = var.location
+  
+  tags = {
+    "environment" = var.prefix
+    "owner" = "clippy"
+  }
 }
 ```
 
+Commit the changes directly to the `development` branch.
+
 This will trigger a Terraform run that is tied to the last commit on your `development` branch. Since there was no change to the infrastructure, there will be no option to approve the plan.
 
 ## Task 5: Merge Change into `main` branch
 
-Once the `web-server-dev` TFC workspace completes its run, perform a pull request to merge the change into the `main` branch.
+Once the `web-server-dev` TFC workspace completes its run, create a pull request to merge the change into the `main` branch.
+
+The GitOps workflow allows code to be merged into another branch via a pull request. Terraform Cloud's VCS control workflow integrates into this process showing if the deployment into the `web-server-dev` workspace was successful.
+
+This allows the pull request approver to have visibility that the code change was successful in the `development` environment, and view the details of the change within Terraform Cloud.
 
-The GitOps workflow allows code to be merged into another branch via a merge request. Terraform Cloud's VCS control workflow integrates into this process showing if the deployment into the `web-server-dev` workspace was successful.
+The pull request will automatically kick off a speculative plan in the `web-server-prod` workspace. You can view the results from the task's **Details** link in the pull request.
 
-This allows the merge request approver to have visibility that the code change was successful in the `development` environment, and view the details of the change within Terraform Cloud.
+Once the speculative plan completes, you can approve the pull request.
 
-When the Merge is approved this will automatically trigger the deployment of the code into the `web-server-prod` workspace.
+When the Merge is approved this will automatically trigger the deployment of the code into the `web-server-prod` workspace. From the workspace, approve the planned changes.
 
 We have successfully now made changes into the development environment and promoted those changes into production via a GitOps workflow.