-
Notifications
You must be signed in to change notification settings - Fork 29
Expand file tree
/
Copy pathlocals.tf
More file actions
132 lines (113 loc) · 5.52 KB
/
locals.tf
File metadata and controls
132 lines (113 loc) · 5.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Resource Name Setup
locals {
resource_names = module.resource_names.resource_names
}
locals {
root_parent_management_group_id = var.root_parent_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_parent_management_group_id
}
locals {
enterprise_plan = "enterprise"
}
locals {
iac_terraform = "terraform"
}
locals {
use_private_networking = var.use_self_hosted_runners && var.use_private_networking
allow_storage_access_from_my_ip = local.use_private_networking && var.allow_storage_access_from_my_ip
}
locals {
use_runner_group = var.use_runner_group && module.github.organization_plan == local.enterprise_plan && var.use_self_hosted_runners
runner_organization_repository_url = local.use_runner_group ? local.github_organization_url : "${local.github_organization_url}/${module.github.repository_names.module}"
}
locals {
plan_key = "plan"
apply_key = "apply"
}
locals {
ci_template_file_name = "workflows/ci-template.yaml"
cd_template_file_name = "workflows/cd-template.yaml"
target_folder_name = ".github"
self_hosted_runner_name = local.use_runner_group ? "group: ${local.resource_names.version_control_system_runner_group}" : "self-hosted"
agent_pool_or_runner_configuration = var.use_self_hosted_runners ? local.self_hosted_runner_name : "ubuntu-latest"
pipeline_files_directory_path = "${path.module}/actions/${var.iac_type}/main"
pipeline_template_files_directory_path = "${path.module}/actions/${var.iac_type}/templates"
}
locals {
target_subscriptions = distinct([for v in values(var.subscription_ids) : v if v != null && v != ""])
}
locals {
environments = {
(local.plan_key) = local.resource_names.version_control_system_environment_plan
(local.apply_key) = local.resource_names.version_control_system_environment_apply
}
}
locals {
managed_identities = {
(local.plan_key) = local.resource_names.user_assigned_managed_identity_plan
(local.apply_key) = local.resource_names.user_assigned_managed_identity_apply
}
federated_credentials = { for key, value in module.github.subjects :
key => {
user_assigned_managed_identity_key = value.user_assigned_managed_identity_key
federated_credential_subject = value.subject
federated_credential_issuer = module.github.issuer
federated_credential_name = "${local.resource_names.user_assigned_managed_identity_federated_credentials_prefix}-${key}"
}
}
runner_container_instances = var.use_self_hosted_runners ? {
agent_01 = {
container_instance_name = local.resource_names.container_instance_01
agent_name = local.resource_names.runner_01
cpu = var.runner_container_cpu
memory = var.runner_container_memory
cpu_max = var.runner_container_cpu_max
memory_max = var.runner_container_memory_max
zones = var.runner_container_zone_support ? ["1"] : []
}
agent_02 = {
container_instance_name = local.resource_names.container_instance_02
agent_name = local.resource_names.runner_02
cpu = var.runner_container_cpu
memory = var.runner_container_memory
cpu_max = var.runner_container_cpu_max
memory_max = var.runner_container_memory_max
zones = var.runner_container_zone_support ? ["2"] : []
}
} : {}
}
locals {
starter_module_folder_path = var.module_folder_path_relative ? ("${path.module}/${var.module_folder_path}") : var.module_folder_path
}
locals {
runner_container_instance_dockerfile_url = "${var.runner_container_image_repository}#${var.runner_container_image_tag}:${var.runner_container_image_folder}"
}
locals {
custom_role_definitions_bicep_names = { for key, value in var.custom_role_definitions_bicep : "custom_role_definition_bicep_${key}" => value.name }
custom_role_definitions_terraform_names = { for key, value in var.custom_role_definitions_terraform : "custom_role_definition_terraform_${key}" => value.name }
custom_role_definitions_bicep_classic_names = { for key, value in var.custom_role_definitions_bicep_classic : "custom_role_definition_bicep_classic_${key}" => value.name }
custom_role_definitions_bicep = {
for key, value in var.custom_role_definitions_bicep : key => {
name = local.resource_names["custom_role_definition_bicep_${key}"]
description = value.description
permissions = value.permissions
}
}
custom_role_definitions_terraform = {
for key, value in var.custom_role_definitions_terraform : key => {
name = local.resource_names["custom_role_definition_terraform_${key}"]
description = value.description
permissions = value.permissions
}
}
custom_role_definitions_bicep_classic = {
for key, value in var.custom_role_definitions_bicep_classic : key => {
name = local.resource_names["custom_role_definition_bicep_classic_${key}"]
description = value.description
permissions = value.permissions
}
}
}
locals {
github_organization_url = "${var.github_organization_scheme}://${var.github_organization_domain_name}/${var.github_organization_name}"
github_api_base_url = var.github_api_domain_name == "" ? "${var.github_organization_scheme}://api.${var.github_organization_domain_name}/" : "${var.github_organization_scheme}://${var.github_api_domain_name}/"
}