An open API service indexing awesome lists of open source software.

https://github.com/launchbynttdata/tf-azurerm-module_reference-app_configuration


https://github.com/launchbynttdata/tf-azurerm-module_reference-app_configuration

azure infrastructure-as-code platform-automation reference terraform

Last synced: 13 days ago
JSON representation

Awesome Lists containing this project

README

          

# Your Module Name

[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)

## Overview

This terraform module provisions an Azure App Configuration with all its dependencies.

This reference module is built as a wrapper around the primitive module tf-azurerm-module_primitive-app_configuration

## Pre-Commit hooks

[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.

`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:

- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).
- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).
- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.
footers other than BREAKING CHANGE: may be provided and follow a convention similar to git trailer format.
- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
- **chore**: a commit of the type `chore` adds changes that don't modify src or test files
- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
- **docs**: a commit of the type `docs` adds documentation only changes
- **perf**: a commit of the type `perf` adds code change that improves performance
- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature
- **revert**: a commit of the type `revert` reverts a previous commit
- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
- **test**: a commit of the type `test` adds missing tests or correcting existing tests

Base configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)

If you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.

`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS

In order for `pre-commit` hooks to work properly

- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.
- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below

```
pre-commit install --hook-type commit-msg
```

## To test the resource group module locally

1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.

```
make configure
```

This adds in several files and directories that are ignored by `git`. They expose many new Make targets.

2. _THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP._ The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.

`make configure` command will bring down `azure_env.sh` file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.

These environment variables are used by `terratest` integration suit.

Service principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.

```
"Microsoft.Resources/subscriptions/resourceGroups/write"
"Microsoft.Resources/subscriptions/resourceGroups/read"
"Microsoft.Resources/subscriptions/resourceGroups/delete"
```

Then run this make target to set the environment variables on developer workstation.

```
make env
```

3. The first target you care about is `check`.

**Pre-requisites**
Before running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `azure` specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.

- A file named `provider.tf` with contents below

```
provider "azurerm" {
features {}
}
```

- A file named `terraform.tfvars` which contains key value pair of variables used.

Note that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.

After creating these files, for running tests associated with the primitive/segment, run

```
make check
```

If `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.

`make check` target

- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.
- runs `conftests`. `conftests` make sure `policy` checks are successful.
- runs `terratest`. This is integration test suit.
- runs `opa` tests

## Requirements

| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.0 |
| [azurerm](#requirement\_azurerm) | ~> 3.117 |

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| [resource\_names](#module\_resource\_names) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~> 2.0 |
| [resource\_group](#module\_resource\_group) | terraform.registry.launch.nttdata.com/module_primitive/resource_group/azurerm | ~> 1.1 |
| [app\_configuration](#module\_app\_configuration) | terraform.registry.launch.nttdata.com/module_primitive/app_configuration/azurerm | ~> 1.0 |
| [app\_configuration\_data](#module\_app\_configuration\_data) | terraform.registry.launch.nttdata.com/module_primitive/app_configuration_data/azurerm | ~> 1.0 |
| [private\_endpoint](#module\_private\_endpoint) | terraform.registry.launch.nttdata.com/module_primitive/private_endpoint/azurerm | ~> 1.0 |

## Resources

No resources.

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [resource\_names\_map](#input\_resource\_names\_map) | A map of key to resource\_name that will be used by tf-launch-module\_library-resource\_name to generate resource names |

map(object({
name = string
max_length = optional(number, 60)
}))
|
{
"app_configuration": {
"max_length": 80,
"name": "appcs"
},
"key_vault": {
"max_length": 24,
"name": "kv"
},
"private_endpoint": {
"max_length": 80,
"name": "pe"
},
"private_service_connection": {
"max_length": 80,
"name": "pesc"
},
"resource_group": {
"max_length": 80,
"name": "rg"
}
}
| no |
| [instance\_env](#input\_instance\_env) | Number that represents the instance of the environment. | `number` | `0` | no |
| [instance\_resource](#input\_instance\_resource) | Number that represents the instance of the resource. | `number` | `0` | no |
| [logical\_product\_family](#input\_logical\_product\_family) | (Required) Name of the product family for which the resource is created.
Example: org\_name, department\_name. | `string` | `"launch"` | no |
| [logical\_product\_service](#input\_logical\_product\_service) | (Required) Name of the product service for which the resource is created.
For example, backend, frontend, middleware etc. | `string` | `"appcs"` | no |
| [class\_env](#input\_class\_env) | (Required) Environment where resource is going to be deployed. For example. dev, qa, uat | `string` | `"dev"` | no |
| [location](#input\_location) | target resource group resource mask | `string` | `"eastus"` | no |
| [resource\_group\_name](#input\_resource\_group\_name) | Resource group name | `string` | `null` | no |
| [use\_azure\_region\_abbr](#input\_use\_azure\_region\_abbr) | Use Azure region abbreviation in resource names | `bool` | `true` | no |
| [tags](#input\_tags) | Custom tags for the deployment | `map(string)` | `{}` | no |
| [customer\_managed\_encryption\_key](#input\_customer\_managed\_encryption\_key) | The customer managed encryption key configuration
Requires a user assigned identity with read access to the desired key.
The user assigned identity must be provided in the `identity_ids` variable. |
object({
key_vault_key_id = string
identity_client_id = string
})
| `null` | no |
| [local\_auth\_enabled](#input\_local\_auth\_enabled) | Whether local authentication methods is enabled. | `bool` | `true` | no |
| [public\_network\_access](#input\_public\_network\_access) | Whether public network access is enabled. Possible values are 'Enabled' and 'Disabled'. | `string` | `"Enabled"` | no |
| [purge\_protection\_enabled](#input\_purge\_protection\_enabled) | Whether purge protection is enabled. | `bool` | `false` | no |
| [replicas](#input\_replicas) | Locations to replicate the App configuration store | `map(string)` | `null` | no |
| [sku](#input\_sku) | The SKU of the App Configuration. Possible values are 'free' and 'standard'. | `string` | `"free"` | no |
| [soft\_delete\_retention\_days](#input\_soft\_delete\_retention\_days) | The number of days that items should be retained for once soft-deleted. | `number` | `7` | no |
| [identity\_ids](#input\_identity\_ids) | Specifies a list of user managed identity ids to be assigned. | `list(string)` | `null` | no |
| [keys](#input\_keys) | map(object({
content\_type = content type of the configuration key
label = label (partition) of the app configuration store
value = value of the configuration key
locked = whether the key is locked to prevent changes
type = type of the configuration key, `kv` or `vault` (key vault reference)
vault\_key\_reference = id of the vault secret this key refers to
tags = custom tags to assign
})) |
map(object({
content_type = optional(string)
label = optional(string)
value = optional(string)
locked = optional(bool)
type = optional(string)
vault_key_reference = optional(string)
tags = optional(map(string))
}))
| `{}` | no |
| [features](#input\_features) | map(object({
name = name of the feature flag
description = description of the feature
enabled = status of the feature, defaults to false
label = label (partition) of the app configuration store
locked = whether the feature is locked to prevent changes

targeting\_filter = optional(object({
default\_rollout\_percentage = default percentage of the user base for which to enable the feature
groups = map of groups and their rollout percentages (groups defined in the application logic)
users = list of users to target (users defined in the application logic)
}))

timewindow\_filter = optional(object({
start = the earliest timestamp the feature is enabled, RFC3339 format
end = the latest timestamp the feature is enabled, RFC3339 format
}))
})) |
map(object({
name = string
description = optional(string)
enabled = optional(bool)
label = optional(string)
locked = optional(bool)

targeting_filter = optional(object({
default_rollout_percentage = number
groups = optional(map(number))
users = optional(list(string))
}))

timewindow_filter = optional(object({
start = optional(string)
end = optional(string)
}))
}))
| `{}` | no |
| [private\_dns\_zone\_ids](#input\_private\_dns\_zone\_ids) | A list of private DNS zone IDs to link to the azure app configuration and only available
when `public_network_access` is set to 'Disabled' | `list(string)` | `[]` | no |
| [private\_endpoint\_subnet\_id](#input\_private\_endpoint\_subnet\_id) | ID of the subnet where the private endpoint should be deployed
Required when `public_network_access` is set to 'Disabled' | `string` | `null` | no |

## Outputs

| Name | Description |
|------|-------------|
| [app\_configuration\_id](#output\_app\_configuration\_id) | n/a |
| [app\_configuration\_name](#output\_app\_configuration\_name) | n/a |
| [app\_configuration\_endpoint](#output\_app\_configuration\_endpoint) | n/a |
| [app\_configuration\_primary\_read\_key](#output\_app\_configuration\_primary\_read\_key) | n/a |
| [app\_configuration\_primary\_write\_key](#output\_app\_configuration\_primary\_write\_key) | n/a |
| [app\_configuration\_secondary\_read\_key](#output\_app\_configuration\_secondary\_read\_key) | n/a |
| [app\_configuration\_secondary\_write\_key](#output\_app\_configuration\_secondary\_write\_key) | n/a |
| [app\_configuration\_identity](#output\_app\_configuration\_identity) | n/a |
| [app\_configuration\_replica](#output\_app\_configuration\_replica) | n/a |
| [app\_configuration\_keys](#output\_app\_configuration\_keys) | n/a |
| [app\_configuration\_features](#output\_app\_configuration\_features) | n/a |