Skip to content

Implement Terraform #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sbathgate wants to merge 22 commits into
base: master
Choose a base branch
from
Open

Implement Terraform #512

Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
7f4f089
Update ghp-import from 0.5.5 to 0.6.0
pyup-bot Aug 10, 2020
af0e05d
Update isort from 5.2.2 to 5.3.2
pyup-bot Aug 10, 2020
09180b9
Update sendgrid from 6.4.4 to 6.4.5
pyup-bot Aug 10, 2020
d93bf06
Update kombu from 4.6.11 to 5.0.0
pyup-bot Aug 10, 2020
655455a
Ignore Kombu v5.0 update
Aug 13, 2020
d61bdee
Add Terraform IaC
Aug 13, 2020
35ff247
Update formatting, Update variables
Aug 13, 2020
0a1dfc3
Update random_id generator
Aug 13, 2020
85eca65
Add AKS configuration
Oct 28, 2020
e831f77
Add Cloudflare configuration
Oct 28, 2020
97e93d4
Add cloudflare terraform
Nov 6, 2020
5ed6970
Add Terraform to CI/CD
Nov 27, 2020
68db66f
Add tstate RG
Nov 27, 2020
dd13984
Clean up terraform configs
Nov 27, 2020
e21270d
Add AZURE_STORAGE_ACCOUNT env
Nov 27, 2020
650f6f8
Remove AKS and Cloudflare
Nov 27, 2020
f59d851
Add new line at end of file
Nov 27, 2020
e538831
Update working-directory, extract fmt
Dec 6, 2020
4d469dd
Add terraform fmt and validate
Dec 6, 2020
eeaf94e
Remove default values to make more readable
Dec 6, 2020
2f0184d
Update terraform file name
Dec 6, 2020
62d9e25
Update terraform file name
Dec 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,30 @@ on:
- created

jobs:
terraform:
runs-on: ubuntu-18.04

env:
ARM_CLIENT_ID: ${{secrets.SP_CLIENT}}
ARM_CLIENT_SECRET: ${{secrets.SP_PASSWORD}}
ARM_SUBSCRIPTION_ID: ${{secrets.SUBSCRIPTION_ID}}
ARM_TENANT_ID: ${{secrets.SP_TENANT}}
AZURE_STORAGE_ACCOUNT: "tstate31414"
TF_ACTION_WORKING_DIR: "./docker/setup/terraform"

steps:
- uses: actions/checkout@v2

- name: Setup Terraform
uses: hashicorp/setup-terraform@v1

- name: Terraform Init
run: terraform init

- name: Terraform Apply
run: terraform apply -auto-approve


release:
runs-on: ubuntu-18.04

Expand Down
26 changes: 26 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,29 @@ jobs:
ci build verify-build
- run: bash <(curl -s https://codecov.io/bash)
if: ${{ success() }}

terraform-plan:
runs-on: ubuntu-18.04

env:
ARM_CLIENT_ID: ${{secrets.SP_CLIENT}}
ARM_CLIENT_SECRET: ${{secrets.SP_PASSWORD}}
ARM_SUBSCRIPTION_ID: ${{secrets.SUBSCRIPTION_ID}}
ARM_TENANT_ID: ${{secrets.SP_TENANT}}
AZURE_STORAGE_ACCOUNT: "tstate31414"
TF_ACTION_WORKING_DIR: "./docker/setup/terraform"

steps:
- uses: actions/checkout@v2

- name: Setup Terraform
uses: hashicorp/setup-terraform@v1

- name: Terraform Init
run: terraform init

- name: Terraform Format
run: terraform fmt -check
Comment thread
sbathgate marked this conversation as resolved.
Outdated

- name: Terraform Plan
run: terraform plan
17 changes: 17 additions & 0 deletions docker/setup/terraform/01_provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Configure Azure storage to manage Terraform State
# ref: https://docs.microsoft.com/en-us/azure/developer/terraform/store-state-in-azure-storage
terraform {
backend "azurerm" {
resource_group_name = "tstate"
storage_account_name = "tstate31414"
container_name = "tstate"
key = "terraform.tfstate"
Copy link
Copy Markdown
Member

@c-w c-w Nov 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thoughts on making the key dynamic, e.g. based on branch name via the GITHUB_REF environment variable, so that we can run this potentially for multiple deployments (e.g. for work-in-progress code) without risking to override the production resources.

Copy link
Copy Markdown
Member Author

@sbathgate sbathgate Dec 6, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure can! That makes a lot of sense.

}
}

# Configure the Microsoft Azure Provider
provider "azurerm" {
version = "=2.23.0"

features {}
}
280 changes: 280 additions & 0 deletions docker/setup/terraform/02_data_rg.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,280 @@
# ------------------------------
# Data Resource Group
# ------------------------------

# Create a data resource group if it doesn't exist
resource "azurerm_resource_group" "data" {
name = "${var.RESOURCE_GROUP_NAME}data"
location = var.location

tags = {}
}

# Generate random text for a unique storage account name
resource "random_id" "randomId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = azurerm_resource_group.vm.name
}

byte_length = 3
}

# Create server table storage account if it doesn't exist
resource "azurerm_storage_account" "serverTablesName" {
name = "${var.serverTablesName}${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.data.name
location = azurerm_resource_group.data.location
account_kind = "Storage"
account_tier = "Standard"
account_replication_type = "GRS"
allow_blob_public_access = true
Comment thread
sbathgate marked this conversation as resolved.
Outdated
enable_https_traffic_only = false

network_rules {
default_action = "Allow"
bypass = ["AzureServices"]
ip_rules = []
}

tags = {}
Comment thread
sbathgate marked this conversation as resolved.
Outdated
}

# Create server blob storage account if it doesn't exist
resource "azurerm_storage_account" "serverBlobsName" {
name = "${var.serverBlobsName}${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.data.name
location = azurerm_resource_group.data.location
account_kind = "Storage"
account_tier = "Standard"
account_replication_type = "GRS"
allow_blob_public_access = true
enable_https_traffic_only = false

network_rules {
default_action = "Allow"
bypass = ["AzureServices"]
ip_rules = []
}

tags = {}
}

# Create client blob storage account if it doesn't exist
resource "azurerm_storage_account" "clientBlobsName" {
name = "${var.clientBlobsName}${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.data.name
location = azurerm_resource_group.data.location
account_kind = "Storage"
account_tier = "Standard"
account_replication_type = "GRS"
allow_blob_public_access = true
enable_https_traffic_only = false

network_rules {
default_action = "Allow"
bypass = ["AzureServices"]
ip_rules = []
}

tags = {}
}

resource "azurerm_storage_container" "clientsauth" {
name = "clientsauth"
storage_account_name = azurerm_storage_account.serverTablesName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "pendingemails" {
name = "pendingemails"
storage_account_name = azurerm_storage_account.serverTablesName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "users" {
name = "users"
storage_account_name = azurerm_storage_account.serverTablesName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "emails" {
name = "emails"
storage_account_name = azurerm_storage_account.serverBlobsName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "mailbox" {
name = "mailbox"
storage_account_name = azurerm_storage_account.serverBlobsName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "secretsopwencluster" {
name = "secretsopwencluster"
storage_account_name = azurerm_storage_account.serverBlobsName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "sendgridinboundemails" {
name = "sendgridinboundemails"
storage_account_name = azurerm_storage_account.serverBlobsName.name
container_access_type = "private"
}

resource "azurerm_storage_container" "compressedpackages" {
name = "compressedpackages"
storage_account_name = azurerm_storage_account.clientBlobsName.name
container_access_type = "private"
}

# Create a server queue if it doesn't exist
resource "azurerm_servicebus_namespace" "data" {
name = var.serverQueuesName
location = azurerm_resource_group.data.location
resource_group_name = azurerm_resource_group.data.name
sku = "Standard"
zone_redundant = false
}

resource "azurerm_servicebus_namespace_authorization_rule" "data" {
name = var.serverQueuesSasName
namespace_name = azurerm_servicebus_namespace.data.name
resource_group_name = azurerm_resource_group.data.name
send = true
listen = true
manage = true
}

resource "azurerm_servicebus_queue" "serverQueueSendgridMime" {
name = var.serverQueueSendgridMime
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 5120

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}

resource "azurerm_servicebus_queue" "serverQueueEmailSend" {
name = var.serverQueueEmailSend
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 5120

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}

resource "azurerm_servicebus_queue" "serverQueueClientPackage" {
name = var.serverQueueClientPackage
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 5120

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}

resource "azurerm_servicebus_queue" "mailboxreceived" {
name = "mailboxreceived"
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 1024

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}

resource "azurerm_servicebus_queue" "mailboxsent" {
name = "mailboxsent"
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 1024

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}

resource "azurerm_servicebus_queue" "register" {
name = "register"
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 1024

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}

resource "azurerm_servicebus_queue" "service" {
name = "service"
resource_group_name = azurerm_resource_group.data.name
namespace_name = azurerm_servicebus_namespace.data.name
max_size_in_megabytes = 1024

# Optional Values
lock_duration = "PT1M"
requires_duplicate_detection = false
requires_session = false
default_message_ttl = "P14D"
dead_lettering_on_message_expiration = false
duplicate_detection_history_time_window = "PT10M"
max_delivery_count = 10
status = "Active"
enable_partitioning = false
enable_express = false
}
11 changes: 11 additions & 0 deletions docker/setup/terraform/03_server_rg.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# ------------------------------
# Server Resource Group
# ------------------------------

# Create the server resource group if it doesn't exist
resource "azurerm_resource_group" "server" {
name = "${var.RESOURCE_GROUP_NAME}server"
location = var.location

tags = {}
}
Loading