Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dsb-norge/tf-mod-azure-mgmt-lock

Terraform module to create management locks for resources
https://github.com/dsb-norge/tf-mod-azure-mgmt-lock

dsb-terraform-module

Last synced: 21 days ago
JSON representation

Terraform module to create management locks for resources

Host: GitHub
URL: https://github.com/dsb-norge/tf-mod-azure-mgmt-lock
Owner: dsb-norge
License: isc
Created: 2022-11-15T09:32:26.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-02-19T23:34:29.000Z (10 months ago)
Last Synced: 2024-02-20T00:36:07.315Z (10 months ago)
Topics: dsb-terraform-module
Language: HCL
Homepage: https://www.dsb.no
Size: 21.5 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # tf-mod-azure-mgmt-lock

Terraform module for adding [management locks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) to resources.

## required arguments

`scope` - the id (URN) wherefore to create the lock. This can be a subscription, resource group or resource.

`name` - name of the lock. Must be unique scope-wide, will be prefixed by `lock-`.

## optional arguments

`lock_level` - [lock level](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock#lock_level), defaults to `CanNotDelete`.

## Example

```hcl

provider "azurerm" {

  features {}

}

module "resource_deletion_locks" {

  source              = "[email protected]:dsb-norge/tf-mod-azure-mgmt-lock.git?ref=v0"

  protected_resources = {

    "scope-unique-resource-name" = {

      "id"         = provider_resource.my_resource.id

      "name"       = provider_resource.my_resource.name

      "lock_level" = "CanNotDelete"

    }

  }

  app_name   = "CanNotDelete locks for k8s resources"

  created_by = "https://github.com/my-org/my-tf-project"

}

```

## Versioning

This module uses [semantic versioning](https://semver.org).

## Development

### Validate your code

```shell

  # Init project, run fmt and validate

  terraform init -reconfigure

  terraform fmt -check -recursive

  terraform validate

  # Lint with TFLint, calling script from https://github.com/dsb-norge/terraform-tflint-wrappers

  alias lint='curl -s https://raw.githubusercontent.com/dsb-norge/terraform-tflint-wrappers/main/tflint_linux.sh | bash -s --'

  lint

```

### Generate and inject terraform-docs in README.md

```shell

# go1.17+

go install github.com/terraform-docs/[email protected]

export PATH=$PATH:$(go env GOPATH)/bin

terraform-docs markdown table --output-file README.md .

```

### Release

After merge of PR to main use tags to release.

Use semantic versioning, see [semver.org](https://semver.org/). Always push tags and add tag annotations.

Example of patch release `v0.0.4`:

```bash

git checkout origin/main

git pull origin main

git tag -a 'v0.0.4'  # add patch tag, add change description

git tag -f -a 'v0.0' # move the minor tag, amend the change description

git tag -f -a 'v0'   # move the major tag, amend the change description

git push -f --tags   # force push the new tags

```

Example of major release `v1.0.0`:

```bash

git checkout origin/main

git pull origin main

git tag -a 'v1.0.0'  # add patch tag, add your change description

git tag -a 'v1.0'    # add minor tag, add your change description

git tag -a 'v0'      # add major tag, add your change description

git push --tags      # push the new tags

```

**Note:** If you are having problems pulling main after a release, try to force fetch the tags: `git fetch --tags -f`.

## terraform-docs

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | ~> 1.0 |

|  [azurerm](#requirement\_azurerm) | >= 3.0.0, < 5.0.0 |

## Providers

| Name | Version |

|------|---------|

|  [azurerm](#provider\_azurerm) | 4.0.1 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [azurerm_management_lock.protected_resource_lock](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) | resource |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [app\_name](#input\_app\_name) | Name of application/domain using resources | `string` | n/a | yes |

|  [created\_by](#input\_created\_by) | the tf project managing the lock(s) | `string` | n/a | yes |

|  [protected\_resources](#input\_protected\_resources) | map of scope (URN/ID) and name for resources that should have a CanNotDelete lock | 
map(object({
    id : string,
    name : string,
    lock_level : optional(string),
  }))
 | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [management\_lock\_ids](#output\_management\_lock\_ids) | ids of the the management locks created by this module |