https://github.com/truefoundry/terraform-azure-truefoundry-platform-features
https://github.com/truefoundry/terraform-azure-truefoundry-platform-features
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/truefoundry/terraform-azure-truefoundry-platform-features
- Owner: truefoundry
- License: apache-2.0
- Created: 2024-03-01T05:29:25.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-12-31T11:57:00.000Z (6 months ago)
- Last Synced: 2026-02-13T08:05:10.365Z (5 months ago)
- Language: HCL
- Size: 53.7 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# truefoundry-azure-platform-features
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.4 |
| [azuread](#requirement\_azuread) | ~> 3.0 |
| [azurerm](#requirement\_azurerm) | ~> 3.107 |
## Providers
| Name | Version |
|------|---------|
| [azuread](#provider\_azuread) | ~> 3.0 |
| [azurerm](#provider\_azurerm) | ~> 3.107 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azuread_application.truefoundry_platform_features_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application) | resource |
| [azuread_service_principal.truefoundry_platform_features_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal) | resource |
| [azuread_service_principal_password.truefoundry_platform_features_service_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password) | resource |
| [azurerm_container_registry.truefoundry_container_registry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry) | resource |
| [azurerm_role_assignment.truefoundry_cluster_operator_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_assignment.truefoundry_diagnostic_settings_read_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_assignment.truefoundry_reader_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_storage_account.truefoundry_platform_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
| [azurerm_storage_container.truefoundry_platform_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [blob\_container\_enable\_override](#input\_blob\_container\_enable\_override) | Enable overriding the name of container. This will only be used if feature\_blob\_storage\_enabled is true. You need to pass container\_override\_name to pass the container name | `bool` | `false` | no |
| [blob\_container\_override\_name](#input\_blob\_container\_override\_name) | Container name. Only used if container\_enable\_override is true | `string` | `""` | no |
| [blob\_storage\_account\_account\_tier](#input\_blob\_storage\_account\_account\_tier) | Account tier of the storage account | `string` | `"Standard"` | no |
| [blob\_storage\_account\_enable\_override](#input\_blob\_storage\_account\_enable\_override) | Enable overriding the name of storage account. This will only be used if feature\_blob\_storage\_enabled is true. You need to pass blob\_storage\_account\_override\_name to pass the storage account name | `bool` | `false` | no |
| [blob\_storage\_account\_exposed\_headers](#input\_blob\_storage\_account\_exposed\_headers) | List of exposed headers for CORS origins of storage account | `list(string)` |
[
"Etag"
]
| no |
| [blob\_storage\_account\_override\_name](#input\_blob\_storage\_account\_override\_name) | Storage account name. Only used if blob\_storage\_account\_enable\_override is true | `string` | `""` | no |
| [blob\_storage\_account\_replication\_type](#input\_blob\_storage\_account\_replication\_type) | Replication type of storage account | `string` | `"GRS"` | no |
| [blob\_storage\_cors\_allowed\_headers](#input\_blob\_storage\_cors\_allowed\_headers) | List of allowed headers for CORS of storage account | `list(string)` | [
"*"
]
| no |
| [blob\_storage\_cors\_allowed\_maxage](#input\_blob\_storage\_cors\_allowed\_maxage) | List of allowed maxage for CORS of storage account | `number` | `3000` | no |
| [blob\_storage\_cors\_allowed\_methods](#input\_blob\_storage\_cors\_allowed\_methods) | List of allowed methods for CORS of storage account | `list(string)` | [
"GET",
"POST",
"PUT"
]
| no |
| [blob\_storage\_cors\_allowed\_origins](#input\_blob\_storage\_cors\_allowed\_origins) | List of allowed origin for CORS of storage account | `list(string)` | [
"*"
]
| no |
| [cluster\_id](#input\_cluster\_id) | ID of the AKS cluster | `string` | n/a | yes |
| [cluster\_integration\_azuread\_application\_enable\_override](#input\_cluster\_integration\_azuread\_application\_enable\_override) | Enable overriding the name of azuread application. This will only be used if feature\_cluster\_integration\_azuread\_application\_enabled is true. You need to pass cluster\_integration\_azuread\_application\_override\_name to pass the azuread application name | `bool` | `false` | no |
| [cluster\_integration\_azuread\_application\_override\_name](#input\_cluster\_integration\_azuread\_application\_override\_name) | Azuread application name. Only used if cluster\_integration\_azuread\_application\_enable\_override is true | `string` | `""` | no |
| [cluster\_integration\_cluster\_operator\_role](#input\_cluster\_integration\_cluster\_operator\_role) | Role that will be assigned to the service principal on AKS cluster for cluster operator | `string` | `"Azure Kubernetes Service Contributor Role"` | no |
| [cluster\_integration\_diagnostic\_settings\_role](#input\_cluster\_integration\_diagnostic\_settings\_role) | Role that will be assigned to the service principal on AKS cluster for diagnostic settings | `string` | `"Monitoring Reader"` | no |
| [cluster\_integration\_service\_principal\_password\_expiry\_end\_date](#input\_cluster\_integration\_service\_principal\_password\_expiry\_end\_date) | End date post which service principal password would expire | `string` | `"2124-02-12T09:42:53Z"` | no |
| [cluster\_integration\_service\_principal\_role](#input\_cluster\_integration\_service\_principal\_role) | Role that will be assigned to the service principal on AKS cluster | `string` | `"Reader"` | no |
| [cluster\_integration\_sign\_in\_audience](#input\_cluster\_integration\_sign\_in\_audience) | sign\_in\_audience of the cluster integration | `string` | `"AzureADMyOrg"` | no |
| [cluster\_name](#input\_cluster\_name) | Name of the AKS cluster | `string` | n/a | yes |
| [container\_registry\_admin\_enabled](#input\_container\_registry\_admin\_enabled) | Enable admin for the docker registry | `bool` | `true` | no |
| [container\_registry\_enable\_override](#input\_container\_registry\_enable\_override) | Enable overriding the name of container registry. This will only be used if feature\_container\_registry\_enabled is true. You need to pass container\_registry\_override\_name to pass the container registry name | `bool` | `false` | no |
| [container\_registry\_override\_name](#input\_container\_registry\_override\_name) | Container registry name. Only used if container\_registry\_enable\_override is true | `string` | `""` | no |
| [container\_registry\_public\_network\_access\_enabled](#input\_container\_registry\_public\_network\_access\_enabled) | Whether public network access is allowed for the container registry | `bool` | `true` | no |
| [container\_registry\_sku](#input\_container\_registry\_sku) | SKU of the docker registry | `string` | `"Standard"` | no |
| [feature\_blob\_storage\_enabled](#input\_feature\_blob\_storage\_enabled) | Enable blob storage feature in the platform | `bool` | `true` | no |
| [feature\_cluster\_integration\_enabled](#input\_feature\_cluster\_integration\_enabled) | Enable the support of cluster integration | `bool` | `true` | no |
| [feature\_container\_registry\_enabled](#input\_feature\_container\_registry\_enabled) | Enable docker registry feature in the platform | `bool` | `true` | no |
| [location](#input\_location) | Location of the storage account and container registry. This should be kept similar to resource group for ideal performance. | `string` | n/a | yes |
| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | n/a | yes |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
## Outputs
| Name | Description |
|------|-------------|
| [truefoundry\_blob\_container\_id](#output\_truefoundry\_blob\_container\_id) | Storage account container ID |
| [truefoundry\_blob\_storage\_account\_enabled](#output\_truefoundry\_blob\_storage\_account\_enabled) | Flag to enable blob storage account |
| [truefoundry\_blob\_storage\_account\_id](#output\_truefoundry\_blob\_storage\_account\_id) | Storage account id |
| [truefoundry\_blob\_storage\_account\_primary\_blob\_host](#output\_truefoundry\_blob\_storage\_account\_primary\_blob\_host) | Storage account primary blob host |
| [truefoundry\_blob\_storage\_account\_primary\_connection\_string](#output\_truefoundry\_blob\_storage\_account\_primary\_connection\_string) | Storage account primary connection string |
| [truefoundry\_blob\_storage\_account\_primary\_location](#output\_truefoundry\_blob\_storage\_account\_primary\_location) | Storage account primary location |
| [truefoundry\_blob\_storage\_account\_primary\_web\_host](#output\_truefoundry\_blob\_storage\_account\_primary\_web\_host) | Storage account primary web host url |
| [truefoundry\_blob\_storage\_root\_url](#output\_truefoundry\_blob\_storage\_root\_url) | Storage account root URL for blob storage |
| [truefoundry\_cluster\_integrations\_azuread\_application\_client\_id](#output\_truefoundry\_cluster\_integrations\_azuread\_application\_client\_id) | Azure AD application client ID |
| [truefoundry\_cluster\_integrations\_azuread\_application\_id](#output\_truefoundry\_cluster\_integrations\_azuread\_application\_id) | Azure AD application ID |
| [truefoundry\_cluster\_integrations\_azuread\_application\_name](#output\_truefoundry\_cluster\_integrations\_azuread\_application\_name) | n/a |
| [truefoundry\_cluster\_integrations\_enabled](#output\_truefoundry\_cluster\_integrations\_enabled) | Flag to enable cluster integrations |
| [truefoundry\_cluster\_integrations\_service\_principal\_name](#output\_truefoundry\_cluster\_integrations\_service\_principal\_name) | n/a |
| [truefoundry\_cluster\_integrations\_service\_principal\_password](#output\_truefoundry\_cluster\_integrations\_service\_principal\_password) | n/a |
| [truefoundry\_cluster\_integrations\_service\_principal\_tenant\_id](#output\_truefoundry\_cluster\_integrations\_service\_principal\_tenant\_id) | n/a |
| [truefoundry\_container\_registry\_admin\_password](#output\_truefoundry\_container\_registry\_admin\_password) | Container registry admin password |
| [truefoundry\_container\_registry\_admin\_username](#output\_truefoundry\_container\_registry\_admin\_username) | Container registry admin username |
| [truefoundry\_container\_registry\_enabled](#output\_truefoundry\_container\_registry\_enabled) | Flag to enable container registry |
| [truefoundry\_container\_registry\_id](#output\_truefoundry\_container\_registry\_id) | Container registry ID |
| [truefoundry\_container\_registry\_login\_server](#output\_truefoundry\_container\_registry\_login\_server) | Container registry login server url |