wip

Author: mrlockstar

.azuredevops/pipelines/hub-infrastructure-dev.yaml

@@ -36,22 +36,20 @@ stages:
       - job: init_and_plan
         displayName: Init, plan, store artifact
         steps:
-
           - checkout: self
           - checkout: dtos-devops-templates
-
-          - task: Bash@3
-            displayName: 'Debug Terraform directory'
-            inputs:
-              targetType: 'inline'
-              script: |
-                pwd
-                ls -la
-                echo "TF_DIRECTORY=$(TF_DIRECTORY)"
-                cd $(TF_DIRECTORY)
-                ls -ltr
-                find .
-                terraform --version || true
+          # - task: Bash@3
+          #   displayName: 'Debug Terraform directory'
+          #   inputs:
+          #     targetType: 'inline'
+          #     script: |
+          #       pwd
+          #       ls -la
+          #       echo "TF_DIRECTORY=$(TF_DIRECTORY)"
+          #       cd $(TF_DIRECTORY)
+          #       ls -ltr
+          #       find .
+          #       terraform --version || true
           - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
 
   - stage: terraform_apply

infrastructure/terraform/hub/dns_private.tf

@@ -12,7 +12,7 @@ resource "azurerm_resource_group" "private_dns_rg" {
 module "private_dns_resolver" {
   for_each = var.regions
 
-  source = "../../dtos-devops-templates/infrastructure/modules/private-dns-zone-resolver"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/private-dns-zone-resolver"
 
   name                = "${module.config[each.key].names.resource-application}-private-dns-zone-resolver"
   resource_group_name = azurerm_resource_group.private_dns_rg[each.key].name
@@ -69,7 +69,7 @@ locals {
 module "private_dns_zones" {
   for_each = local.private_dns_zones_map
 
-  source = "../../dtos-devops-templates/infrastructure/modules/private-dns-zone"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/private-dns-zone"
 
   name                = each.value.name
   resource_group_name = azurerm_resource_group.private_dns_rg[each.value.region].name
@@ -110,7 +110,7 @@ locals {
 module "private-dns-a-records" {
   for_each = local.private_dns_a_records_map
 
-  source = "../../dtos-devops-templates/infrastructure/modules/private-dns-a-record"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/private-dns-a-record"
 
   name                = each.value.name
   resource_group_name = resource.azurerm_resource_group.private_dns_rg[each.value.region].name

infrastructure/terraform/hub/dns_public.tf

@@ -13,7 +13,7 @@ module "appgw-dns-a-records" {
   # No region loop since public DNS is global. Traffic Manager will be required if an additional region is added.
   for_each = toset(local.appgw_public_listener_hostnames)
 
-  source = "../../../dtos-devops-templates/infrastructure/modules/dns-a-record"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/dns-a-record"
 
   name                = split(".", each.key)[0]
   resource_group_name = var.dns_zone_rg_name_public

infrastructure/terraform/hub/firewall.tf

@@ -1,7 +1,7 @@
 module "firewall" {
   for_each = var.regions
 
-  source = "./../../dtos-devops-templates/infrastructure/modules/firewall"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/firewall"
 
   firewall_name       = module.config[each.key].names.firewall
   resource_group_name = azurerm_resource_group.rg_hub[each.key].name
@@ -33,7 +33,7 @@ module "firewall" {
 module "public_ip" {
   for_each = local.public_ips_map
 
-  source = "../../dtos-devops-templates/infrastructure/modules/public-ip"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/public-ip"
 
   name                = "${module.config[each.value.region_key].names.public-ip-address}-${each.value.name_suffix}"
   resource_group_name = azurerm_resource_group.rg_hub[each.value.region_key].name

infrastructure/terraform/hub/variables.tf

@@ -15,11 +15,6 @@ variable "GITHUB_ORG_DATABASE_ID" {
   default     = "DEV"
 }
 
-variable "LETS_ENCRYPT_CONTACT_EMAIL" {
-  description = "Contact email address for certificate expiry notifications."
-  type        = string
-}
-
 variable "TARGET_SUBSCRIPTION_ID" {
   description = "ID of a subscription to deploy infrastructure"
   type        = string
@@ -31,20 +26,6 @@ variable "WAF_POLICY_ID_APIM_GATEWAY" {
   type        = string
 }
 
-variable "acme_certificates" {
-  # https://registry.terraform.io/providers/vancluever/acme/latest/docs/resources/certificate
-  type = map(object({
-    common_name                 = string
-    subject_alternative_names   = optional(list(string))
-    dns_cname_zone_name         = optional(string) # CNAME for redirecting DNS-01 challenges
-    dns_private_cname_zone_name = optional(string) # CNAME for redirecting DNS-01 challenges
-    dns_challenge_zone_name     = string
-    dns_challenge_zone_rg_name  = optional(string)
-    key_type                    = optional(string, "P256") # Follow certbot default of ECDSA P256
-  }))
-  description = "Map of ACME certificates to be requested"
-}
-
 variable "apim_config" {
   description = "Configuration for API Management"
   type = object({
@@ -217,52 +198,6 @@ variable "env_type" {
   type        = string
 }
 
-variable "event_grid_configs" {
-  type    = map(any) # needs to be a loose type definition to allow merging of var.event_grid_configs
-  default = {}
-}
-
-variable "event_grid_defaults" {
-  description = "Default configuration for the Event Grid resource"
-  type = object({
-    identity_ids  = list(string)
-    identity_type = string
-    inbound_ip_rules = list(object({
-      ip_mask = string
-      action  = string
-    }))
-    input_schema                  = map(string)
-    local_auth_enabled            = bool
-    public_network_access_enabled = bool
-  })
-}
-
-variable "eventhub_namespaces" {
-  description = "A map of Event Hub Namespaces and contained Event Hubs."
-  type = map(object({
-    auto_inflate             = optional(bool, false)
-    capacity                 = optional(number)
-    sku                      = optional(string, "Standard")
-    minimum_tls_version      = optional(string)
-    maximum_throughput_units = optional(number)
-
-    public_network_access_enabled = optional(bool, false)
-
-    auth_rule = object({
-      listen = optional(bool, true)
-      send   = optional(bool, false)
-      manage = optional(bool, false)
-    })
-
-    event_hubs = optional(map(object({
-      name              = optional(string)
-      consumer_group    = optional(string)
-      partition_count   = optional(number, 2)
-      message_retention = optional(number, 1)
-    })))
-  }))
-  default = {}
-}
 
 variable "features" {
   description = "Feature flags for the deployment"
@@ -370,22 +305,6 @@ variable "projects" {
   }))
 }
 
-variable "regions" {
-  type = map(object({
-    address_space     = string
-    is_primary_region = bool
-    subnets = map(object({
-      cidr_newbits               = string
-      cidr_offset                = string
-      create_nsg                 = optional(bool)   # defaults to true
-      name                       = optional(string) # Optional name override
-      delegation_name            = optional(string)
-      service_delegation_name    = optional(string)
-      service_delegation_actions = optional(list(string))
-    }))
-  }))
-}
-
 variable "storage_accounts" {
   description = "Configuration for the Storage Account, currently used for Function Apps"
   type = map(object({

infrastructure/terraform/hub/virtual_desktop.tf

@@ -31,7 +31,7 @@ resource "azurerm_resource_group" "avd" {
 module "virtual-desktop" {
   for_each = (local.deploy_blue_avd ? var.regions : {})
 
-  source = "./../../dtos-devops-templates/infrastructure/modules/virtual-desktop"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/virtual-desktop"
 
   custom_rdp_properties = "drivestoredirect:s:*;audiomode:i:0;videoplaybackmode:i:1;redirectclipboard:i:1;redirectprinters:i:1;devicestoredirect:s:*;redirectcomports:i:1;redirectsmartcards:i:1;usbdevicestoredirect:s:*;enablecredsspsupport:i:1;redirectwebauthn:i:1;use multimon:i:1;enablerdsaadauth:i:1;"
   computer_name_prefix  = "avd${var.env_type}"
@@ -80,7 +80,7 @@ resource "azurerm_resource_group" "avd-v2" {
 module "virtual-desktop-v2" {
   for_each = (local.deploy_green_avd ? var.regions : {})
 
-  source = "../../dtos-devops-templates/infrastructure/modules/virtual-desktop"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/virtual-desktop"
 
   custom_rdp_properties = "drivestoredirect:s:*;audiomode:i:0;videoplaybackmode:i:1;redirectclipboard:i:1;redirectprinters:i:1;devicestoredirect:s:*;redirectcomports:i:1;redirectsmartcards:i:1;usbdevicestoredirect:s:*;enablecredsspsupport:i:1;redirectwebauthn:i:1;use multimon:i:1;enablerdsaadauth:i:1;"
   computer_name_prefix  = "av4${var.env_type}"
@@ -120,7 +120,7 @@ module "virtual-desktop-v2" {
 module "route-table-virtual-desktop" {
   for_each = var.regions
 
-  source = "../../dtos-devops-templates/infrastructure/modules/route-table"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/route-table"
 
   name                = "${module.config[each.key].names.route-table}-virtual-desktop"
   resource_group_name = azurerm_resource_group.rg_hub[each.key].name