-
Notifications
You must be signed in to change notification settings - Fork 29
Expand file tree
/
Copy pathmain.tf
More file actions
125 lines (121 loc) · 9.99 KB
/
main.tf
File metadata and controls
125 lines (121 loc) · 9.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
module "resource_names" {
source = "../../modules/resource_names"
azure_location = var.bootstrap_location
environment_name = var.environment_name
service_name = var.service_name
postfix_number = var.postfix_number
resource_names = merge(var.resource_names, local.custom_role_definitions_bicep_names, local.custom_role_definitions_terraform_names, local.custom_role_definitions_bicep_classic_names)
}
module "files" {
source = "../../modules/files"
starter_module_folder_path = local.starter_module_folder_path
additional_files = var.additional_files
configuration_file_path = var.configuration_file_path
built_in_configuration_file_names = var.built_in_configuration_file_names
additional_folders_path = var.additional_folders_path
}
module "azure" {
source = "../../modules/azure"
user_assigned_managed_identities = local.managed_identities
federated_credentials = local.federated_credentials
resource_group_identity_name = local.resource_names.resource_group_identity
resource_group_state_name = local.resource_names.resource_group_state
resource_group_agents_name = local.resource_names.resource_group_agents
resource_group_network_name = local.resource_names.resource_group_network
create_storage_account = var.iac_type == local.iac_terraform
storage_account_name = local.resource_names.storage_account
storage_container_name = local.resource_names.storage_container
azure_location = var.bootstrap_location
target_subscriptions = local.target_subscriptions
root_parent_management_group_id = local.root_parent_management_group_id
agent_container_instances = local.runner_container_instances
agent_container_instance_managed_identity_name = local.resource_names.container_instance_managed_identity
agent_organization_url = local.runner_organization_repository_url
agent_token = var.github_runners_personal_access_token
agent_organization_environment_variable = var.runner_organization_environment_variable
agent_pool_name = local.resource_names.version_control_system_runner_group
agent_pool_environment_variable = var.runner_group_environment_variable
agent_name_environment_variable = var.runner_name_environment_variable
use_agent_pool_environment_variable = local.use_runner_group
agent_token_environment_variable = var.runner_token_environment_variable
virtual_network_name = local.resource_names.virtual_network
virtual_network_subnet_name_container_instances = local.resource_names.subnet_container_instances
virtual_network_subnet_name_private_endpoints = local.resource_names.subnet_private_endpoints
storage_account_private_endpoint_name = local.resource_names.storage_account_private_endpoint
use_private_networking = local.use_private_networking
allow_storage_access_from_my_ip = local.allow_storage_access_from_my_ip
virtual_network_address_space = var.virtual_network_address_space
virtual_network_subnet_address_prefix_container_instances = var.virtual_network_subnet_address_prefix_container_instances
virtual_network_subnet_address_prefix_private_endpoints = var.virtual_network_subnet_address_prefix_private_endpoints
storage_account_replication_type = var.storage_account_replication_type
public_ip_name = local.resource_names.public_ip
nat_gateway_name = local.resource_names.nat_gateway
use_self_hosted_agents = var.use_self_hosted_runners
container_registry_name = local.resource_names.container_registry
container_registry_private_endpoint_name = local.resource_names.container_registry_private_endpoint
container_registry_image_name = local.resource_names.container_image_name
container_registry_image_tag = var.runner_container_image_tag
container_registry_dockerfile_name = var.runner_container_image_dockerfile
container_registry_dockerfile_repository_folder_url = local.runner_container_instance_dockerfile_url
custom_role_definitions = var.iac_type == "terraform" ? local.custom_role_definitions_terraform : (var.iac_type == "bicep" ? local.custom_role_definitions_bicep : local.custom_role_definitions_bicep_classic)
role_assignments = var.iac_type == "terraform" ? var.role_assignments_terraform : var.role_assignments_bicep
storage_account_blob_soft_delete_enabled = var.storage_account_blob_soft_delete_enabled
storage_account_blob_soft_delete_retention_days = var.storage_account_blob_soft_delete_retention_days
storage_account_blob_versioning_enabled = var.storage_account_blob_versioning_enabled
storage_account_container_soft_delete_enabled = var.storage_account_container_soft_delete_enabled
storage_account_container_soft_delete_retention_days = var.storage_account_container_soft_delete_retention_days
tenant_role_assignment_enabled = var.iac_type == "bicep" && var.bicep_tenant_role_assignment_enabled
tenant_role_assignment_role_definition_name = var.bicep_tenant_role_assignment_role_definition_name
}
module "github" {
source = "../../modules/github"
domain_name = var.github_organization_domain_name
organization_name = var.github_organization_name
environments = local.environments
repository_name = local.resource_names.version_control_system_repository
use_template_repository = var.use_separate_repository_for_templates
repository_name_templates = local.resource_names.version_control_system_repository_templates
repository_files = module.file_manipulation.repository_files
template_repository_files = module.file_manipulation.template_repository_files
workflows = local.workflows
managed_identity_client_ids = module.azure.user_assigned_managed_identity_client_ids
azure_tenant_id = data.azurerm_client_config.current.tenant_id
azure_subscription_id = var.subscription_ids["management"]
backend_azure_resource_group_name = local.resource_names.resource_group_state
backend_azure_storage_account_name = local.resource_names.storage_account
backend_azure_storage_account_container_name = local.resource_names.storage_container
approvers = var.apply_approvers
create_team = var.apply_approval_team_creation_enabled
existing_team_name = var.apply_approval_existing_team_name
team_name = local.resource_names.version_control_system_team
runner_group_name = local.resource_names.version_control_system_runner_group
use_runner_group = local.use_runner_group
default_runner_group_name = var.default_runner_group_name
use_self_hosted_runners = var.use_self_hosted_runners
create_branch_policies = var.create_branch_policies
create_storage_account_variables = var.iac_type == "terraform"
}
module "file_manipulation" {
source = "../../modules/file_manipulation"
vcs_type = "github"
files = module.files.files
use_self_hosted_agents_runners = var.use_self_hosted_runners
resource_names = local.resource_names
use_separate_repository_for_templates = var.use_separate_repository_for_templates
iac_type = var.iac_type
module_folder_path = local.starter_module_folder_path
bicep_config_file_path = var.bicep_config_file_path
starter_module_name = var.starter_module_name
project_or_organization_name = var.github_organization_name
root_module_folder_relative_path = var.root_module_folder_relative_path
on_demand_folder_repository = var.on_demand_folder_repository
on_demand_folder_artifact_name = var.on_demand_folder_artifact_name
ci_template_file_name = local.ci_template_file_name
cd_template_file_name = local.cd_template_file_name
pipeline_target_folder_name = local.target_folder_name
bicep_parameters_file_path = var.bicep_parameters_file_path
agent_pool_or_runner_configuration = local.agent_pool_or_runner_configuration
pipeline_files_directory_path = local.pipeline_files_directory_path
pipeline_template_files_directory_path = local.pipeline_template_files_directory_path
concurrency_value = local.resource_names.storage_container
}