From 489f1e15efc208b5fd505a806185987afb7cc573 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kre=C5=A1imir=20=C5=A0utalo?= Date: Mon, 23 Sep 2024 12:18:11 +0200 Subject: [PATCH] fix: routes (#14) add: acr route already applied on dev. previously failing job: https://github.com/comsysto/wp10-image-factory/actions/runs/10973783705/attempts/2 now succeeded: https://github.com/comsysto/wp10-image-factory/actions/runs/10973783705 also added: - tags to all Azure resources - terraform README.md for every module --- .../README-terraform.md | 7 -- terraform-init/README.md | 40 ++++++++++++ terraform-init/modules.tf | 7 +- .../modules/state-storage/README.md | 44 ++++++++++++- .../modules/state-storage/output.tf | 9 ++- .../modules/state-storage/storage.tf | 18 +++-- .../modules/state-storage/variables.tf | 12 +++- terraform-init/outputs.tf | 9 ++- terraform-init/variables.tf | 19 ++++-- terraform/README.md | 49 ++++++++++++++ terraform/modules.tf | 10 +++ terraform/modules/acg/README.md | 39 +++++++++++ terraform/modules/acg/main.tf | 6 ++ terraform/modules/acg/outputs.tf | 4 +- terraform/modules/acg/variables.tf | 11 ++++ terraform/modules/acr/README.md | 43 ++++++++++++ terraform/modules/acr/main.tf | 25 +++++++ terraform/modules/acr/outputs.tf | 3 +- terraform/modules/acr/variables.tf | 20 ++++-- terraform/modules/firewall/README.md | 45 +++++++++++++ terraform/modules/firewall/firewall.tf | 25 +++++++ terraform/modules/firewall/variables.tf | 24 +++++-- terraform/modules/github_output/README.md | 45 +++++++++++++ terraform/modules/github_output/outputs.tf | 9 ++- terraform/modules/github_output/variables.tf | 10 +-- terraform/modules/network/README.md | 45 +++++++++++++ terraform/modules/network/network.tf | 15 +++++ terraform/modules/network/outputs.tf | 12 ++-- terraform/modules/network/variables.tf | 12 +++- terraform/modules/runner/README.md | 65 ++++++++++++++++++- terraform/modules/runner/jumphost.tf | 15 +++++ terraform/modules/runner/outputs.tf | 14 ++-- terraform/modules/runner/runner.tf | 20 ++++++ terraform/modules/runner/variables.tf | 26 +++++--- terraform/outputs.tf | 10 ++- terraform/variables.tf | 21 ++++-- 36 files changed, 707 insertions(+), 81 deletions(-) rename README-terraform.md => docs/README-terraform.md (86%) create mode 100644 terraform-init/README.md create mode 100644 terraform/README.md create mode 100644 terraform/modules/acg/README.md create mode 100644 terraform/modules/acr/README.md create mode 100644 terraform/modules/firewall/README.md create mode 100644 terraform/modules/github_output/README.md diff --git a/README-terraform.md b/docs/README-terraform.md similarity index 86% rename from README-terraform.md rename to docs/README-terraform.md index 06deaf20..6fec60bb 100644 --- a/README-terraform.md +++ b/docs/README-terraform.md @@ -1,10 +1,3 @@ -# wp10-image-factory -Frame Contract WP10 Image Factory - -# Contents -- `terraform-init` - terraform code for setting up an Azure Storage Account that can be used for saving the terraform state -- `terraform` - terraform modules for deploying the resource group, virtual network, subnet, VM - # Requirements - Access to Azure Resource Manager - `terraform >=1.0.0`, tested with `1.9.5` diff --git a/terraform-init/README.md b/terraform-init/README.md new file mode 100644 index 00000000..a1480e2c --- /dev/null +++ b/terraform-init/README.md @@ -0,0 +1,40 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.0 | +| [azurerm](#requirement\_azurerm) | ~>3.0 | +| [random](#requirement\_random) | ~>3.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [state\_storage](#module\_state\_storage) | ./modules/state-storage | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [prefix](#input\_prefix) | Prefix of the resource name | `string` | `"wp10"` | no | +| [state\_env\_tag](#input\_state\_env\_tag) | Environment tag applied to all created resources | `string` | `"dev"` | no | +| [state\_project\_tag](#input\_state\_project\_tag) | Project tag applied to all created resources | `string` | `"wp10"` | no | +| [state\_rg\_location](#input\_state\_rg\_location) | Location of the resource group | `string` | `"westeurope"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [resource\_group\_name](#output\_resource\_group\_name) | Name of the created resource group. Value needed for `config.azurerm.tfbackend` | +| [state\_container\_name](#output\_state\_container\_name) | Name of the storage account container used for the terraform state. Value needed for `config.azurerm.tfbackend` | +| [state\_storage\_account\_name](#output\_state\_storage\_account\_name) | Name of the storage account used for terraform state backend. Value needed for `config.azurerm.tfbackend` | + \ No newline at end of file diff --git a/terraform-init/modules.tf b/terraform-init/modules.tf index 0faba4b3..3b10dfc4 100644 --- a/terraform-init/modules.tf +++ b/terraform-init/modules.tf @@ -1,6 +1,9 @@ module "state_storage" { source = "./modules/state-storage" - - prefix = var.prefix + + prefix = var.prefix resource_group_location = var.state_rg_location + state_env_tag = var.state_env_tag + state_project_tag = var.state_project_tag + } \ No newline at end of file diff --git a/terraform-init/modules/state-storage/README.md b/terraform-init/modules/state-storage/README.md index 30404ce4..b1f0ce1d 100644 --- a/terraform-init/modules/state-storage/README.md +++ b/terraform-init/modules/state-storage/README.md @@ -1 +1,43 @@ -TODO \ No newline at end of file +TODO + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_resource_group.state_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_storage_account.tfstate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [azurerm_storage_container.tfstate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | +| [random_string.resource_code](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [prefix](#input\_prefix) | Prefix of the resource name. | `string` | n/a | yes | +| [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group. | `string` | n/a | yes | +| [state\_env\_tag](#input\_state\_env\_tag) | Environment tag applied to all created resources. | `string` | n/a | yes | +| [state\_project\_tag](#input\_state\_project\_tag) | Project tag applied to all created resources. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [resource\_group\_name](#output\_resource\_group\_name) | Name of the created resource group. Value needed for config.azurerm.tfbackend. | +| [state\_container\_name](#output\_state\_container\_name) | Name of the storage account container used for the terraform state. Value needed for config.azurerm.tfbackend. | +| [state\_storage\_account\_name](#output\_state\_storage\_account\_name) | Name of the storage account used for terraform state backend. Value needed for config.azurerm.tfbackend. | + \ No newline at end of file diff --git a/terraform-init/modules/state-storage/output.tf b/terraform-init/modules/state-storage/output.tf index d7c2c51b..3bdd123e 100644 --- a/terraform-init/modules/state-storage/output.tf +++ b/terraform-init/modules/state-storage/output.tf @@ -1,11 +1,14 @@ output "resource_group_name" { - value = azurerm_resource_group.state_rg.name + value = azurerm_resource_group.state_rg.name + description = "Name of the created resource group. Value needed for config.azurerm.tfbackend." } output "state_storage_account_name" { - value = azurerm_storage_account.tfstate.name + value = azurerm_storage_account.tfstate.name + description = "Name of the storage account used for terraform state backend. Value needed for config.azurerm.tfbackend." } output "state_container_name" { - value = azurerm_storage_container.tfstate.name + value = azurerm_storage_container.tfstate.name + description = "Name of the storage account container used for the terraform state. Value needed for config.azurerm.tfbackend." } diff --git a/terraform-init/modules/state-storage/storage.tf b/terraform-init/modules/state-storage/storage.tf index 0c6b4512..28a76522 100644 --- a/terraform-init/modules/state-storage/storage.tf +++ b/terraform-init/modules/state-storage/storage.tf @@ -1,18 +1,24 @@ resource "azurerm_resource_group" "state_rg" { location = var.resource_group_location name = "${var.prefix}-state-rg" + + tags = { + environment = var.state_env_tag + project = var.state_project_tag + } } resource "azurerm_storage_account" "tfstate" { - name = "tfstate${random_string.resource_code.result}" - resource_group_name = azurerm_resource_group.state_rg.name - location = azurerm_resource_group.state_rg.location - account_tier = "Standard" - account_replication_type = "LRS" + name = "tfstate${random_string.resource_code.result}" + resource_group_name = azurerm_resource_group.state_rg.name + location = azurerm_resource_group.state_rg.location + account_tier = "Standard" + account_replication_type = "LRS" allow_nested_items_to_be_public = false tags = { - environment = "staging" + environment = var.state_env_tag + project = var.state_project_tag } } diff --git a/terraform-init/modules/state-storage/variables.tf b/terraform-init/modules/state-storage/variables.tf index 74041fd1..b815898f 100644 --- a/terraform-init/modules/state-storage/variables.tf +++ b/terraform-init/modules/state-storage/variables.tf @@ -1,9 +1,19 @@ variable "prefix" { type = string - description = "Prefix of the resource name" + description = "Prefix of the resource name." } variable "resource_group_location" { type = string description = "Location of the resource group." +} + +variable "state_env_tag" { + type = string + description = "Environment tag applied to all created resources." +} + +variable "state_project_tag" { + type = string + description = "Project tag applied to all created resources." } \ No newline at end of file diff --git a/terraform-init/outputs.tf b/terraform-init/outputs.tf index d5326650..31cf0bb8 100644 --- a/terraform-init/outputs.tf +++ b/terraform-init/outputs.tf @@ -1,11 +1,14 @@ output "resource_group_name" { - value = module.state_storage.resource_group_name + value = module.state_storage.resource_group_name + description = "Name of the created resource group. Value needed for `config.azurerm.tfbackend`" } output "state_storage_account_name" { - value = module.state_storage.state_storage_account_name + value = module.state_storage.state_storage_account_name + description = "Name of the storage account used for terraform state backend. Value needed for `config.azurerm.tfbackend`" } output "state_container_name" { - value = module.state_storage.state_container_name + value = module.state_storage.state_container_name + description = "Name of the storage account container used for the terraform state. Value needed for `config.azurerm.tfbackend`" } \ No newline at end of file diff --git a/terraform-init/variables.tf b/terraform-init/variables.tf index 4c7a63aa..5c5fe131 100644 --- a/terraform-init/variables.tf +++ b/terraform-init/variables.tf @@ -1,11 +1,6 @@ variable "state_rg_location" { default = "westeurope" - description = "Location of the resource group." -} - -variable "resource_group_location" { - default = "westeurope" - description = "Location of the resource group." + description = "Location of the resource group" } variable "prefix" { @@ -14,3 +9,15 @@ variable "prefix" { description = "Prefix of the resource name" } +variable "state_env_tag" { + type = string + default = "dev" + description = "Environment tag applied to all created resources" +} + +variable "state_project_tag" { + type = string + default = "wp10" + description = "Project tag applied to all created resources" +} + diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 00000000..4bb0bbaf --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,49 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.0 | +| [azapi](#requirement\_azapi) | ~>1.15 | +| [azurerm](#requirement\_azurerm) | ~>3.0 | +| [external](#requirement\_external) | 2.3.4 | +| [github](#requirement\_github) | 6.3.0 | +| [random](#requirement\_random) | ~>3.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [acg](#module\_acg) | ./modules/acg | n/a | +| [acr](#module\_acr) | ./modules/acr | n/a | +| [firewall](#module\_firewall) | ./modules/firewall | n/a | +| [github\_output](#module\_github\_output) | ./modules/github_output | n/a | +| [network](#module\_network) | ./modules/network | n/a | +| [runner](#module\_runner) | ./modules/runner | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | `"dev"` | no | +| [local\_development](#input\_local\_development) | Development purposes only: set to 'true' when running terraform apply locally. Outputs SSH private key to the terraform directory | `bool` | `false` | no | +| [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | `"wp10"` | no | +| [repository](#input\_repository) | Repository in which to save output secrets | `string` | `"wp10-image-factory"` | no | +| [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group | `string` | `"westeurope"` | no | +| [runner\_image\_id](#input\_runner\_image\_id) | Shared Image Gallery ID of the runner VM image | `string` | `"/subscriptions/218f1214-da01-4678-8025-4e14a989e315/resourceGroups/wp10-tf-dev-rg/providers/Microsoft.Compute/galleries/wp10ImageFactoryGallery/images/image-factory-vm/versions/1.0.34"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [network\_name](#output\_network\_name) | Name of the created resource group. | +| [runner\_data](#output\_runner\_data) | Prints out runner data if `local_development` is set to `true`. | + \ No newline at end of file diff --git a/terraform/modules.tf b/terraform/modules.tf index fd7cf94e..4ce25171 100644 --- a/terraform/modules.tf +++ b/terraform/modules.tf @@ -3,6 +3,8 @@ module "network" { prefix = local.prefix resource_group_location = var.resource_group_location + env_tag = var.env_tag + project_tag = var.project_tag } module "runner" { @@ -15,6 +17,8 @@ module "runner" { public_subnet_id = module.network.public_subnet.id private_subnet_id = module.network.private_subnet.id runner_image_id = var.runner_image_id + env_tag = var.env_tag + project_tag = var.project_tag } @@ -26,6 +30,8 @@ module "acr" { resource_group_name = module.network.resource_group.name virtual_network = module.network.azurerm_virtual_network subnet_id = module.network.private_subnet.id + env_tag = var.env_tag + project_tag = var.project_tag } module "acg" { @@ -36,6 +42,8 @@ module "acg" { resource_group_name = module.network.resource_group.name subnet_id = module.network.private_subnet.id virtual_network = module.network.azurerm_virtual_network + env_tag = var.env_tag + project_tag = var.project_tag } module "firewall" { @@ -47,6 +55,8 @@ module "firewall" { public_subnet_id = module.network.public_subnet.id private_subnet_id = module.network.private_subnet.id virtual_network = module.network.azurerm_virtual_network.name + env_tag = var.env_tag + project_tag = var.project_tag } module "github_output" { diff --git a/terraform/modules/acg/README.md b/terraform/modules/acg/README.md new file mode 100644 index 00000000..d86e07bf --- /dev/null +++ b/terraform/modules/acg/README.md @@ -0,0 +1,39 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_shared_image_gallery.factory_image_gallery](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | n/a | yes | +| [prefix](#input\_prefix) | Prefix of the resource name | `string` | n/a | yes | +| [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | n/a | yes | +| [resource\_group\_location](#input\_resource\_group\_location) | Azure region | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the existing resource group | `string` | n/a | yes | +| [subnet\_id](#input\_subnet\_id) | Private endpoint subnet | `string` | n/a | yes | +| [virtual\_network](#input\_virtual\_network) | Virtual network | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [gallery\_id](#output\_gallery\_id) | Shared Image Gallery ID | + \ No newline at end of file diff --git a/terraform/modules/acg/main.tf b/terraform/modules/acg/main.tf index d79b8d1d..e3981c2b 100644 --- a/terraform/modules/acg/main.tf +++ b/terraform/modules/acg/main.tf @@ -6,4 +6,10 @@ resource "azurerm_shared_image_gallery" "factory_image_gallery" { resource_group_name = var.resource_group_name location = var.resource_group_location description = "Gallery for storing golden images" + + tags = { + environment = var.env_tag + project = var.project_tag + } } + diff --git a/terraform/modules/acg/outputs.tf b/terraform/modules/acg/outputs.tf index 18e5f6e8..614416fa 100644 --- a/terraform/modules/acg/outputs.tf +++ b/terraform/modules/acg/outputs.tf @@ -1,4 +1,4 @@ -# Export Outputs output "gallery_id" { - value = azurerm_shared_image_gallery.factory_image_gallery.id + value = azurerm_shared_image_gallery.factory_image_gallery.id + description = "Shared Image Gallery ID" } diff --git a/terraform/modules/acg/variables.tf b/terraform/modules/acg/variables.tf index 3676143f..914ea0de 100644 --- a/terraform/modules/acg/variables.tf +++ b/terraform/modules/acg/variables.tf @@ -21,3 +21,14 @@ variable "subnet_id" { variable "virtual_network" { description = "Virtual network" } + + +variable "env_tag" { + type = string + description = "Environment tag applied to all created resources" +} + +variable "project_tag" { + type = string + description = "Project tag applied to all created resources" +} \ No newline at end of file diff --git a/terraform/modules/acr/README.md b/terraform/modules/acr/README.md new file mode 100644 index 00000000..5bb64af7 --- /dev/null +++ b/terraform/modules/acr/README.md @@ -0,0 +1,43 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry) | resource | +| [azurerm_private_dns_a_record.acr_a_record](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | +| [azurerm_private_dns_zone.acr_private_dns](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.acr_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.acr_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | n/a | yes | +| [prefix](#input\_prefix) | Prefix for all resources | `string` | n/a | yes | +| [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | n/a | yes | +| [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | n/a | yes | +| [subnet\_id](#input\_subnet\_id) | Id of the subnet where the private endpoint should be created | `string` | n/a | yes | +| [virtual\_network](#input\_virtual\_network) | Virtual network for the private DNS zone | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [acr\_private\_ip](#output\_acr\_private\_ip) | Private IP address of the ACR private endpoint | + \ No newline at end of file diff --git a/terraform/modules/acr/main.tf b/terraform/modules/acr/main.tf index db4161bf..8093af9a 100644 --- a/terraform/modules/acr/main.tf +++ b/terraform/modules/acr/main.tf @@ -4,12 +4,22 @@ resource "azurerm_container_registry" "acr" { location = var.resource_group_location sku = "Premium" admin_enabled = true + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Private DNS Zone for ACR resource "azurerm_private_dns_zone" "acr_private_dns" { name = "privatelink.azurecr.io" resource_group_name = var.resource_group_name + + tags = { + environment = var.env_tag + project = var.project_tag + } } # TODO #name = "{regionName}.data.privatelink.azurecr.io" @@ -20,6 +30,11 @@ resource "azurerm_private_dns_zone_virtual_network_link" "acr_vnet_link" { resource_group_name = var.resource_group_name private_dns_zone_name = azurerm_private_dns_zone.acr_private_dns.name virtual_network_id = var.virtual_network.id + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Private Endpoints for ACR @@ -35,6 +50,11 @@ resource "azurerm_private_endpoint" "acr_private_endpoint" { subresource_names = ["registry"] is_manual_connection = false } + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Private DNS A Record for ACR @@ -44,6 +64,11 @@ resource "azurerm_private_dns_a_record" "acr_a_record" { resource_group_name = var.resource_group_name ttl = 300 records = [azurerm_private_endpoint.acr_private_endpoint.private_service_connection[0].private_ip_address] + + tags = { + environment = var.env_tag + project = var.project_tag + } } diff --git a/terraform/modules/acr/outputs.tf b/terraform/modules/acr/outputs.tf index 0657bd13..ae255cda 100644 --- a/terraform/modules/acr/outputs.tf +++ b/terraform/modules/acr/outputs.tf @@ -1,3 +1,4 @@ output "acr_private_ip" { - value = azurerm_private_endpoint.acr_private_endpoint.private_service_connection[0].private_ip_address + value = azurerm_private_endpoint.acr_private_endpoint.private_service_connection[0].private_ip_address + description = "Private IP address of the ACR private endpoint" } \ No newline at end of file diff --git a/terraform/modules/acr/variables.tf b/terraform/modules/acr/variables.tf index 3ba8c27f..e36bcaea 100644 --- a/terraform/modules/acr/variables.tf +++ b/terraform/modules/acr/variables.tf @@ -1,23 +1,33 @@ variable "resource_group_location" { type = string - description = "Location of the resource group." + description = "Location of the resource group" } variable "resource_group_name" { type = string - description = "Name of the resource group." + description = "Name of the resource group" } variable "prefix" { type = string - description = "Prefix for all resources." + description = "Prefix for all resources" } variable "virtual_network" { - description = "Virtual network output." + description = "Virtual network for the private DNS zone" } variable "subnet_id" { type = string - description = "Id of the subnet." + description = "Id of the subnet where the private endpoint should be created" +} + +variable "env_tag" { + type = string + description = "Environment tag applied to all created resources" +} + +variable "project_tag" { + type = string + description = "Project tag applied to all created resources" } \ No newline at end of file diff --git a/terraform/modules/firewall/README.md b/terraform/modules/firewall/README.md new file mode 100644 index 00000000..e1d865ab --- /dev/null +++ b/terraform/modules/firewall/README.md @@ -0,0 +1,45 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_firewall.fw](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) | resource | +| [azurerm_firewall_policy.azfw_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy) | resource | +| [azurerm_firewall_policy_rule_collection_group.prcg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group) | resource | +| [azurerm_public_ip.pip_azfw](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_route_table.rt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource | +| [azurerm_subnet.azfw_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet_route_table_association.runner_subnet_rt_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | n/a | yes | +| [firewall\_sku\_tier](#input\_firewall\_sku\_tier) | Firewall SKU. Premium is required for DNS whitelisting features | `string` | `"Premium"` | no | +| [prefix](#input\_prefix) | Prefix for all resources | `string` | n/a | yes | +| [private\_subnet\_id](#input\_private\_subnet\_id) | Id of private subnet for the route table association | `string` | n/a | yes | +| [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | n/a | yes | +| [public\_subnet\_id](#input\_public\_subnet\_id) | Id of public subnet for the firewall | `string` | n/a | yes | +| [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | n/a | yes | +| [virtual\_network](#input\_virtual\_network) | Virtual network object output from the `network` module | `any` | n/a | yes | + +## Outputs + +No outputs. + \ No newline at end of file diff --git a/terraform/modules/firewall/firewall.tf b/terraform/modules/firewall/firewall.tf index faa2a177..80e19777 100644 --- a/terraform/modules/firewall/firewall.tf +++ b/terraform/modules/firewall/firewall.tf @@ -11,6 +11,11 @@ resource "azurerm_public_ip" "pip_azfw" { resource_group_name = var.resource_group_name allocation_method = "Static" sku = "Standard" + + tags = { + environment = var.env_tag + project = var.project_tag + } } resource "azurerm_firewall" "fw" { @@ -25,6 +30,11 @@ resource "azurerm_firewall" "fw" { public_ip_address_id = azurerm_public_ip.pip_azfw.id } firewall_policy_id = azurerm_firewall_policy.azfw_policy.id + + tags = { + environment = var.env_tag + project = var.project_tag + } } resource "azurerm_firewall_policy" "azfw_policy" { @@ -33,6 +43,11 @@ resource "azurerm_firewall_policy" "azfw_policy" { location = var.resource_group_location sku = var.firewall_sku_tier threat_intelligence_mode = "Alert" + + tags = { + environment = var.env_tag + project = var.project_tag + } } @@ -71,6 +86,16 @@ resource "azurerm_route_table" "rt" { next_hop_type = "VirtualAppliance" next_hop_in_ip_address = azurerm_firewall.fw.ip_configuration[0].private_ip_address } + route { + name = "${var.prefix}-acrRoute" + address_prefix = "10.0.2.0/24" + next_hop_type = "VnetLocal" + } + + tags = { + environment = var.env_tag + project = var.project_tag + } } resource "azurerm_subnet_route_table_association" "runner_subnet_rt_association" { diff --git a/terraform/modules/firewall/variables.tf b/terraform/modules/firewall/variables.tf index 61c0b3ca..a5db3e17 100644 --- a/terraform/modules/firewall/variables.tf +++ b/terraform/modules/firewall/variables.tf @@ -1,19 +1,19 @@ variable "resource_group_location" { type = string - description = "Location of the resource group." + description = "Location of the resource group" } variable "resource_group_name" { type = string - description = "Name of the resource group." + description = "Name of the resource group" } variable "prefix" { type = string - description = "Prefix for all resources." + description = "Prefix for all resources" } variable "firewall_sku_tier" { type = string - description = "Firewall SKU." + description = "Firewall SKU. Premium is required for DNS whitelisting features" default = "Premium" # Valid values are Standard and Premium validation { condition = contains(["Standard", "Premium"], var.firewall_sku_tier) @@ -23,14 +23,24 @@ variable "firewall_sku_tier" { variable "public_subnet_id" { type = string - description = "Id of public subnet for the firewall." + description = "Id of public subnet for the firewall" } variable "private_subnet_id" { type = string - description = "Id of private subnet for the route table association." + description = "Id of private subnet for the route table association" } variable "virtual_network" { - description = "Virtual network" + description = "Virtual network object output from the `network` module" +} + +variable "env_tag" { + type = string + description = "Environment tag applied to all created resources" +} + +variable "project_tag" { + type = string + description = "Project tag applied to all created resources" } \ No newline at end of file diff --git a/terraform/modules/github_output/README.md b/terraform/modules/github_output/README.md new file mode 100644 index 00000000..d8b37aef --- /dev/null +++ b/terraform/modules/github_output/README.md @@ -0,0 +1,45 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [external](#provider\_external) | n/a | +| [github](#provider\_github) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [github_actions_secret.jumphost_ip_gh_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | +| [github_actions_secret.runner_host_ip_gh_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | +| [github_actions_secret.ssh_key_gh_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | +| [external_external.encrypt_jumphost_ip](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | +| [external_external.encrypt_runner_host_ip](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | +| [external_external.encrypt_ssh_key](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | +| [github_actions_public_key.wp10](https://registry.terraform.io/providers/hashicorp/github/latest/docs/data-sources/actions_public_key) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [jumphost\_ip](#input\_jumphost\_ip) | Public IP address of the jumphost VM | `string` | n/a | yes | +| [repository](#input\_repository) | Repository in which to save output secrets | `string` | `"wp10-image-factory"` | no | +| [runner\_host\_ip](#input\_runner\_host\_ip) | Private IP address of the runner host VM | `string` | n/a | yes | +| [ssh\_key](#input\_ssh\_key) | Private SSH key created during VM deployment | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [jumphost\_ip\_encrypted](#output\_jumphost\_ip\_encrypted) | Encrypted Jumphost IP. For development purposes | +| [private\_key\_encrypted](#output\_private\_key\_encrypted) | Encrypted VM private key. For development purposes | +| [runner\_host\_ip\_encrypted](#output\_runner\_host\_ip\_encrypted) | Encrypted Runner host IP. For development purposes | + \ No newline at end of file diff --git a/terraform/modules/github_output/outputs.tf b/terraform/modules/github_output/outputs.tf index ce9b9d3e..f60d841f 100644 --- a/terraform/modules/github_output/outputs.tf +++ b/terraform/modules/github_output/outputs.tf @@ -1,9 +1,12 @@ output "private_key_encrypted" { - value = data.external.encrypt_ssh_key.result + value = data.external.encrypt_ssh_key.result + description = "Encrypted VM private key. For development purposes" } output "jumphost_ip_encrypted" { - value = data.external.encrypt_jumphost_ip.result + value = data.external.encrypt_jumphost_ip.result + description = "Encrypted Jumphost IP. For development purposes" } output "runner_host_ip_encrypted" { - value = data.external.encrypt_runner_host_ip.result + value = data.external.encrypt_runner_host_ip.result + description = "Encrypted Runner host IP. For development purposes" } \ No newline at end of file diff --git a/terraform/modules/github_output/variables.tf b/terraform/modules/github_output/variables.tf index 59245005..9e59c3f7 100644 --- a/terraform/modules/github_output/variables.tf +++ b/terraform/modules/github_output/variables.tf @@ -1,21 +1,21 @@ variable "repository" { default = "wp10-image-factory" type = string - description = "Repository in which to save output secrets." + description = "Repository in which to save output secrets" } variable "ssh_key" { type = string - description = "Private SSH key created during VM deployment." + description = "Private SSH key created during VM deployment" } variable "jumphost_ip" { type = string - description = "Public IP address of the jumphost VM." + description = "Public IP address of the jumphost VM" } variable "runner_host_ip" { type = string - description = "Private IP address of the runner host VM." -} + description = "Private IP address of the runner host VM" +} \ No newline at end of file diff --git a/terraform/modules/network/README.md b/terraform/modules/network/README.md index e69de29b..694c674a 100644 --- a/terraform/modules/network/README.md +++ b/terraform/modules/network/README.md @@ -0,0 +1,45 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_network_security_group.ssh](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_rule.ssh_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_resource_group.wp10_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_subnet.wp10_private_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.wp10_public_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet_network_security_group_association.private_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_virtual_network.wp10_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | n/a | yes | +| [prefix](#input\_prefix) | Prefix of the resource name | `string` | n/a | yes | +| [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | n/a | yes | +| [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [azurerm\_virtual\_network](#output\_azurerm\_virtual\_network) | Virtual network output | +| [private\_subnet](#output\_private\_subnet) | Private subnet output | +| [public\_subnet](#output\_public\_subnet) | Public subnet output | +| [resource\_group](#output\_resource\_group) | Resource group output | + \ No newline at end of file diff --git a/terraform/modules/network/network.tf b/terraform/modules/network/network.tf index 29883306..5ae99caa 100644 --- a/terraform/modules/network/network.tf +++ b/terraform/modules/network/network.tf @@ -1,6 +1,11 @@ resource "azurerm_resource_group" "wp10_rg" { location = var.resource_group_location name = "${var.prefix}-rg" + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Create virtual network @@ -9,6 +14,11 @@ resource "azurerm_virtual_network" "wp10_vnet" { address_space = ["10.0.0.0/16"] location = azurerm_resource_group.wp10_rg.location resource_group_name = azurerm_resource_group.wp10_rg.name + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Create subnet @@ -34,6 +44,11 @@ resource "azurerm_network_security_group" "ssh" { name = "${var.prefix}-ssh-nsg" location = azurerm_resource_group.wp10_rg.location resource_group_name = azurerm_resource_group.wp10_rg.name + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Create an NSG rule to allow SSH communication diff --git a/terraform/modules/network/outputs.tf b/terraform/modules/network/outputs.tf index 34bc2465..977817ea 100644 --- a/terraform/modules/network/outputs.tf +++ b/terraform/modules/network/outputs.tf @@ -1,13 +1,17 @@ output "resource_group" { - value = azurerm_resource_group.wp10_rg + value = azurerm_resource_group.wp10_rg + description = "Resource group output" } output "azurerm_virtual_network" { - value = azurerm_virtual_network.wp10_vnet + value = azurerm_virtual_network.wp10_vnet + description = "Virtual network output" } output "public_subnet" { - value = azurerm_subnet.wp10_public_subnet + value = azurerm_subnet.wp10_public_subnet + description = "Public subnet output" } output "private_subnet" { - value = azurerm_subnet.wp10_private_subnet + value = azurerm_subnet.wp10_private_subnet + description = "Private subnet output" } diff --git a/terraform/modules/network/variables.tf b/terraform/modules/network/variables.tf index 74041fd1..508e4a6f 100644 --- a/terraform/modules/network/variables.tf +++ b/terraform/modules/network/variables.tf @@ -5,5 +5,15 @@ variable "prefix" { variable "resource_group_location" { type = string - description = "Location of the resource group." + description = "Location of the resource group" +} + +variable "env_tag" { + type = string + description = "Environment tag applied to all created resources" +} + +variable "project_tag" { + type = string + description = "Project tag applied to all created resources" } \ No newline at end of file diff --git a/terraform/modules/runner/README.md b/terraform/modules/runner/README.md index f87f5c14..4c75a166 100644 --- a/terraform/modules/runner/README.md +++ b/terraform/modules/runner/README.md @@ -1 +1,64 @@ -# TODO \ No newline at end of file +# TODO + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.0 | +| [azapi](#requirement\_azapi) | ~>1.15 | + +## Providers + +| Name | Version | +|------|---------| +| [azapi](#provider\_azapi) | ~>1.15 | +| [azurerm](#provider\_azurerm) | n/a | +| [local](#provider\_local) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azapi_resource.ssh_public_key](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) | resource | +| [azapi_resource_action.ssh_public_key_gen](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource_action) | resource | +| [azurerm_linux_virtual_machine.jumphost](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource | +| [azurerm_linux_virtual_machine.runner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource | +| [azurerm_network_interface.jumphost_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | +| [azurerm_network_interface.runner_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | +| [azurerm_network_interface_security_group_association.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource | +| [azurerm_network_security_group.ssh_nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_public_ip.development_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_storage_account.boot_diagnostics_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [local_sensitive_file.private_key](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource | +| [random_id.random_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | n/a | yes | +| [prefix](#input\_prefix) | Prefix of the resource name | `string` | n/a | yes | +| [private\_subnet\_id](#input\_private\_subnet\_id) | Id of the private subnet | `string` | n/a | yes | +| [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | n/a | yes | +| [public\_subnet\_id](#input\_public\_subnet\_id) | Id of the public subnet | `string` | n/a | yes | +| [resource\_group\_id](#input\_resource\_group\_id) | Id of the resource group | `string` | n/a | yes | +| [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | n/a | yes | +| [runner\_image\_id](#input\_runner\_image\_id) | Shared Image Gallery ID of the runner VM image | `string` | n/a | yes | +| [ssh\_key\_name](#input\_ssh\_key\_name) | File name of the generated SSH key for the VM. Development purposes only | `string` | `"runnersshkey"` | no | +| [username](#input\_username) | The username for the default admin account that will be created on the new VM | `string` | `"azureadmin"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [key\_data](#output\_key\_data) | Public key of the generated SSH key | +| [private\_ip\_address](#output\_private\_ip\_address) | Private IP address of the Runner host | +| [private\_key](#output\_private\_key) | (Sensitive) Generated private SSH key | +| [public\_ip\_address](#output\_public\_ip\_address) | Public IP address of the jumphost | + \ No newline at end of file diff --git a/terraform/modules/runner/jumphost.tf b/terraform/modules/runner/jumphost.tf index 3d55a706..d9848d65 100644 --- a/terraform/modules/runner/jumphost.tf +++ b/terraform/modules/runner/jumphost.tf @@ -4,6 +4,11 @@ resource "azurerm_public_ip" "development_public_ip" { location = var.resource_group_location resource_group_name = var.resource_group_name allocation_method = "Dynamic" + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Create network interface @@ -18,6 +23,11 @@ resource "azurerm_network_interface" "jumphost_nic" { private_ip_address_allocation = "Dynamic" public_ip_address_id = azurerm_public_ip.development_public_ip.id } + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Jumphost @@ -51,4 +61,9 @@ resource "azurerm_linux_virtual_machine" "jumphost" { boot_diagnostics { storage_account_uri = azurerm_storage_account.boot_diagnostics_storage_account.primary_blob_endpoint } + + tags = { + environment = var.env_tag + project = var.project_tag + } } \ No newline at end of file diff --git a/terraform/modules/runner/outputs.tf b/terraform/modules/runner/outputs.tf index c61a0f70..838e4e66 100644 --- a/terraform/modules/runner/outputs.tf +++ b/terraform/modules/runner/outputs.tf @@ -1,16 +1,20 @@ output "public_ip_address" { - value = azurerm_linux_virtual_machine.jumphost.public_ip_address + value = azurerm_linux_virtual_machine.jumphost.public_ip_address + description = "Public IP address of the jumphost" } output "private_ip_address" { - value = azurerm_linux_virtual_machine.runner.private_ip_address + value = azurerm_linux_virtual_machine.runner.private_ip_address + description = "Private IP address of the Runner host" } output "key_data" { - value = azapi_resource_action.ssh_public_key_gen.output.publicKey + value = azapi_resource_action.ssh_public_key_gen.output.publicKey + description = "Public key of the generated SSH key" } output "private_key" { - value = azapi_resource_action.ssh_public_key_gen.output.privateKey - sensitive = true + value = azapi_resource_action.ssh_public_key_gen.output.privateKey + sensitive = true + description = "(Sensitive) Generated private SSH key" } \ No newline at end of file diff --git a/terraform/modules/runner/runner.tf b/terraform/modules/runner/runner.tf index 1f1243bd..966ae58b 100644 --- a/terraform/modules/runner/runner.tf +++ b/terraform/modules/runner/runner.tf @@ -9,6 +9,11 @@ resource "azurerm_network_interface" "runner_nic" { subnet_id = var.private_subnet_id private_ip_address_allocation = "Dynamic" } + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Create virtual machine @@ -37,6 +42,11 @@ resource "azurerm_linux_virtual_machine" "runner" { boot_diagnostics { storage_account_uri = azurerm_storage_account.boot_diagnostics_storage_account.primary_blob_endpoint } + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Create storage account for boot diagnostics @@ -46,6 +56,11 @@ resource "azurerm_storage_account" "boot_diagnostics_storage_account" { resource_group_name = var.resource_group_name account_tier = "Standard" account_replication_type = "LRS" + + tags = { + environment = var.env_tag + project = var.project_tag + } } resource "random_id" "random_id" { @@ -74,6 +89,11 @@ resource "azurerm_network_security_group" "ssh_nsg" { source_address_prefix = "*" destination_address_prefix = "*" } + + tags = { + environment = var.env_tag + project = var.project_tag + } } # Connect the security group to the network interface diff --git a/terraform/modules/runner/variables.tf b/terraform/modules/runner/variables.tf index 61a70981..32de8eea 100644 --- a/terraform/modules/runner/variables.tf +++ b/terraform/modules/runner/variables.tf @@ -5,43 +5,53 @@ variable "prefix" { variable "resource_group_location" { type = string - description = "Location of the resource group." + description = "Location of the resource group" } variable "resource_group_name" { type = string - description = "Name of the resource group." + description = "Name of the resource group" } variable "resource_group_id" { type = string - description = "Id of the resource group." + description = "Id of the resource group" } variable "public_subnet_id" { type = string - description = "Id of the subnet." + description = "Id of the public subnet" } variable "private_subnet_id" { type = string - description = "Id of the subnet." + description = "Id of the private subnet" } variable "username" { type = string - description = "The username for the local account that will be created on the new VM." + description = "The username for the default admin account that will be created on the new VM" default = "azureadmin" } variable "ssh_key_name" { type = string - description = "Name of the generated SSH key for the VM." + description = "File name of the generated SSH key for the VM. Development purposes only" default = "runnersshkey" } variable "runner_image_id" { type = string - description = "Shared Image Gallery ID of the runner VM image." + description = "Shared Image Gallery ID of the runner VM image" +} + +variable "env_tag" { + type = string + description = "Environment tag applied to all created resources" +} + +variable "project_tag" { + type = string + description = "Project tag applied to all created resources" } \ No newline at end of file diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 97845be4..741094e2 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -1,11 +1,9 @@ output "network_name" { - value = module.network.resource_group.name + value = module.network.resource_group.name + description = "Name of the created resource group." } output "runner_data" { - value = (var.local_development == true ? module.runner : null) -} - -output "encrypted_gh_secrets" { - value = (var.local_development == true ? module.github_output : null) + value = (var.local_development == true ? module.runner : null) + description = "Prints out runner data if `local_development` is set to `true`." } \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 54f9ac67..697c804d 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -5,22 +5,35 @@ locals { variable "resource_group_location" { default = "westeurope" - description = "Location of the resource group." + description = "Location of the resource group" } variable "repository" { default = "wp10-image-factory" - description = "Repository in which to save output secrets." + description = "Repository in which to save output secrets" } variable "local_development" { type = bool default = false - description = "Development purposes only: set to 'true' when running terraform apply locally. Outputs SSH private key to the terraform directory." + description = "Development purposes only: set to 'true' when running terraform apply locally. Outputs SSH private key to the terraform directory" } variable "runner_image_id" { type = string default = "/subscriptions/218f1214-da01-4678-8025-4e14a989e315/resourceGroups/wp10-tf-dev-rg/providers/Microsoft.Compute/galleries/wp10ImageFactoryGallery/images/image-factory-vm/versions/1.0.34" - description = "Shared Image Gallery ID of the runner VM image." + description = "Shared Image Gallery ID of the runner VM image" +} + + +variable "env_tag" { + type = string + default = "dev" + description = "Environment tag applied to all created resources" +} + +variable "project_tag" { + type = string + default = "wp10" + description = "Project tag applied to all created resources" } \ No newline at end of file