From 95d631f674558ae62c960ea3442b51ad10ee3164 Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Tue, 2 Mar 2021 20:27:31 -0500 Subject: [PATCH] Generate configuration names and config.vars files (#53) * add a config folder to centralize generation --- README.md | 14 +- scripts/apply_terraform.sh | 4 +- scripts/config/config_create.sh | 84 ++++ .../config_validate.sh} | 2 +- scripts/config/generate_names.sh | 63 +++ scripts/config/generate_vars.sh | 53 +++ scripts/config/mlz_config_create.sh | 112 +++++ scripts/destroy_terraform.sh | 4 +- scripts/init_terraform.sh | 2 +- scripts/mlz_tf_setup.sh | 386 +----------------- 10 files changed, 341 insertions(+), 383 deletions(-) create mode 100755 scripts/config/config_create.sh rename scripts/{mlz_config_validate.sh => config/config_validate.sh} (95%) mode change 100644 => 100755 create mode 100755 scripts/config/generate_names.sh create mode 100755 scripts/config/generate_vars.sh create mode 100755 scripts/config/mlz_config_create.sh mode change 100644 => 100755 scripts/init_terraform.sh mode change 100644 => 100755 scripts/mlz_tf_setup.sh diff --git a/README.md b/README.md index 80452b6ec..670152e3c 100644 --- a/README.md +++ b/README.md @@ -39,14 +39,12 @@ Create the `mlz_tf_cfg.var` file using the `mlz_tf_cfg.var.sample` as the templa - A Storage Account and Container for each tier to store tier Terraform state files - Tier specific Terraform backend config files -Usage: ./mlz_tf_setup.sh +```bash +# usage mlz_tf_setup.sh: -NOTE: While the field is analogous to the "--name" parameter in Azure CLI (az cloud set --name), the values aren't always the same. As an example, For Azure Commercial the `--name` value is AzureCloud while the Terraform value would be public +chmod u+x scripts/mlz_tf_setup.sh -```bash -cd scripts -chmod u+x mlz_tf_setup.sh -./mlz_tf_setup.sh dev eastus public +scripts/mlz_tf_setup.sh src/core/mlz_tf_cfg.var eastus public ``` ### Set Terraform Configuration Variables @@ -126,8 +124,8 @@ contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additio ## Trademarks -This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft -trademarks or logos is subject to and must follow +This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft +trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies. diff --git a/scripts/apply_terraform.sh b/scripts/apply_terraform.sh index 863f60414..158dd2eb2 100644 --- a/scripts/apply_terraform.sh +++ b/scripts/apply_terraform.sh @@ -30,7 +30,7 @@ plugin_dir="$(dirname "$(dirname "$(realpath "$0")")")/src/provider_cache" . "${BASH_SOURCE%/*}"/util/checkforterraform.sh # Validate necessary Azure resources exist -. "${BASH_SOURCE%/*}"/mlz_config_validate.sh "${tf_dir}" +. "${BASH_SOURCE%/*}"/config/config_validate.sh "${tf_dir}" # Get the .tfvars file matching the terraform directory name if [[ ! -f "${tfvars}" ]] @@ -114,4 +114,4 @@ terraform apply \ -var-file="${globalvars}" \ -var-file="${tfvars}" \ -var "mlz_clientid=${client_id}" \ - -var "mlz_clientsecret=${client_secret}" \ No newline at end of file + -var "mlz_clientsecret=${client_secret}" diff --git a/scripts/config/config_create.sh b/scripts/config/config_create.sh new file mode 100755 index 000000000..c00d3c1d9 --- /dev/null +++ b/scripts/config/config_create.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# shellcheck disable=SC1090,SC1091,SC2154 +# SC1090: Can't follow non-constant source. Use a directive to specify location. +# SC2154: "var is referenced but not assigned". These values come from an external file. +# +# Create Terraform module backend config resources + +error_log() { + echo "${1}" 1>&2; +} + +usage() { + echo "${0}: Create Terraform module config resources" + error_log "usage: ${0} " +} + +if [[ "$#" -lt 4 ]]; then + usage + exit 1 +fi + +mlz_tf_cfg=$(realpath "${1}") +enclave_name=$2 +location=$3 +tf_sub_id=$4 +tf_dir=$(realpath "${5}") + +# source MLZ config vars +. "${mlz_tf_cfg}" + +# derive TF names from the terraform directory +tf_name=$(basename "${tf_dir}") + +# generate names +. "${BASH_SOURCE%/*}"/generate_names.sh "${tf_config_subid}" "${enclave_name}" "${tf_sub_id}" "${tf_name}" + +# create TF Resource Group and Storage Account for Terraform State files +echo "Validating Resource Group for Terraform state..." +if [[ -z $(az group show --name "${tf_rg_name}" --subscription "${tf_sub_id}" --query name --output tsv) ]];then + echo "Resource Group does not exist...creating resource group ${tf_rg_name}" + az group create \ + --subscription "${tf_sub_id}" \ + --location "${location}" \ + --name "${tf_rg_name}" +else + echo "Resource Group already exists...getting resource group" +fi + +echo "Validating Storage Account for Terraform state..." +if [[ -z $(az storage account show --name "${tf_sa_name}" --subscription "${tf_sub_id}" --query name --output tsv) ]];then + echo "Storage Account does not exist...creating storage account ${tf_sa_name}" + az storage account create \ + --name "${tf_sa_name}" \ + --subscription "${tf_sub_id}" \ + --resource-group "${tf_rg_name}" \ + --location "${location}" \ + --sku Standard_LRS \ + --output none + + sa_key=$(az storage account keys list \ + --account-name "${tf_sa_name}" \ + --subscription "${tf_sub_id}" \ + --resource-group "${tf_rg_name}" \ + --query "[?keyName=='key1'].value" \ + --output tsv) + + az storage container create \ + --name "${container_name}" \ + --subscription "${tf_sub_id}" \ + --resource-group "${tf_rg_name}" \ + --account-name "${tf_sa_name}" \ + --account-key "${sa_key}" \ + --output none + echo "Storage account and container for Terraform state created!" +else + echo "Storage Account already exists" +fi + +# generate a config.vars file +. "${BASH_SOURCE%/*}"/generate_vars.sh "${tf_config_subid}" "${enclave_name}" "${tf_sub_id}" "${tf_name}" "${tf_dir}" diff --git a/scripts/mlz_config_validate.sh b/scripts/config/config_validate.sh old mode 100644 new mode 100755 similarity index 95% rename from scripts/mlz_config_validate.sh rename to scripts/config/config_validate.sh index 0f4ce73c8..53b1ad3d3 --- a/scripts/mlz_config_validate.sh +++ b/scripts/config/config_validate.sh @@ -12,7 +12,7 @@ PGM=$(basename "${0}") -if [[ "${PGM}" == "mlz_config_validate" && "$#" -lt 1 ]]; then +if [[ "$#" -lt 1 ]]; then echo "${0}: Validates the existence of resources required to run Terraform init and apply scripts using a variables file for input" echo "usage: ${PGM} " exit 1 diff --git a/scripts/config/generate_names.sh b/scripts/config/generate_names.sh new file mode 100755 index 000000000..2c612fa8e --- /dev/null +++ b/scripts/config/generate_names.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# + +error_log() { + echo "${1}" 1>&2; +} + +usage() { + echo "${0}: Generate MLZ resource names" + error_log "usage: ${0} " +} + +if [[ "$#" -lt 2 ]]; then + usage + exit 1 +fi + +mlz_sub_id_raw=$1 +mlz_enclave_name_raw=$2 + +tf_sub_id_raw=${3:-notset} +tf_name_raw=${4:-notset} + +# remove hyphens for resource naming restrictions +# in the future, do more cleansing +mlz_sub_id_clean="${mlz_sub_id_raw//-}" +mlz_enclave_name="${mlz_enclave_name_raw//-}" + +# Universal names +export container_name="tfstate" + +# MLZ naming patterns +mlz_prefix="mlz-tf" +mlz_sp_name_full="sp-${mlz_prefix}-${mlz_enclave_name}" +mlz_sa_name_full="mlztfsa${mlz_enclave_name}${mlz_sub_id_clean}" +mlz_kv_name_full="mlzkv${mlz_enclave_name}${mlz_sub_id_clean}" + +# Name MLZ config resources +export mlz_rg_name="rg-${mlz_prefix}-${mlz_enclave_name}" +export mlz_sp_name="${mlz_sp_name_full}" +export mlz_sp_kv_name="${mlz_sp_name_full}-clientid" +export mlz_sp_kv_password="${mlz_sp_name_full}-pwd" +export mlz_sa_name="${mlz_sa_name_full:0:24}" # take the 24 characters of the storage account name +export mlz_kv_name="${mlz_kv_name_full:0:24}" # take the 24 characters of the key vault name + +if [[ $tf_name_raw != "notset" ]]; then + # remove hyphens for resource naming restrictions + # in the future, do more cleansing + tf_sub_id_clean="${tf_sub_id_raw//-}" + tf_name="${tf_name_raw//-}" + + # TF naming patterns + tf_prefix="tf-${tf_name}" + tf_sa_name_full="tfsa${tf_name}${mlz_enclave_name}${tf_sub_id_clean}" + + # Name TF config resources + export tf_rg_name="rg-${tf_prefix}-${mlz_enclave_name}" + export tf_sa_name="${tf_sa_name_full:0:24}" # take the 24 characters of the storage account name +fi diff --git a/scripts/config/generate_vars.sh b/scripts/config/generate_vars.sh new file mode 100755 index 000000000..b0210ca0d --- /dev/null +++ b/scripts/config/generate_vars.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# shellcheck disable=SC1090,SC1091,SC2154 +# SC1090: Can't follow non-constant source. Use a directive to specify location. +# SC2154: "var is referenced but not assigned". These values come from an external file. +# +# Generate a config.vars file at a given Terraform directory + +error_log() { + echo "${1}" 1>&2; +} + +usage() { + echo "${0}: Generate a config.vars file at a given Terraform directory" + error_log "usage: ${0} " +} + +if [[ "$#" -lt 5 ]]; then + usage + exit 1 +fi + +mlz_sub_id=$1 +mlz_enclave_name=$2 + +tf_sub_id=${3} +tf_name=${4} +tf_dir=$(realpath "${5}") + +# generate names +. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_sub_id}" "${mlz_enclave_name}" "${tf_sub_id}" "${tf_name}" + +# generate a config.vars file +config_vars="${tf_dir}/config.vars" +rm -f "$config_vars" +touch "$config_vars" +{ + echo "tenant_id=${mlz_tenantid}" + echo "mlz_cfg_sub_id=${tf_config_subid}" + echo "mlz_cfg_kv_name=${mlz_kv_name}" + echo "sub_id=${tf_sub_id}" + echo "enclave=${mlz_enclave_name}" + echo "location=${location}" + echo "tf_be_rg_name=${tf_rg_name}" + echo "tf_be_sa_name=${tf_sa_name}" + echo "sp_client_id_secret_name=${mlz_sp_kv_name}" + echo "sp_client_pwd_secret_name=${mlz_sp_kv_password}" + echo "environment=${tf_environment}" + echo "container_name=${container_name}" +} >> "$config_vars" diff --git a/scripts/config/mlz_config_create.sh b/scripts/config/mlz_config_create.sh new file mode 100755 index 000000000..04435ace8 --- /dev/null +++ b/scripts/config/mlz_config_create.sh @@ -0,0 +1,112 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# shellcheck disable=SC1090,SC1091,SC2154 +# SC1090: Can't follow non-constant source. Use a directive to specify location. +# SC2154: "var is referenced but not assigned". These values come from an external file. +# +# Create MLZ backend config resources + +error_log() { + echo "${1}" 1>&2; +} + +usage() { + echo "${0}: Create MLZ config resources" + error_log "usage: ${0} " +} + +if [[ "$#" -lt 3 ]]; then + usage + exit 1 +fi + +mlz_tf_cfg=$(realpath "${1}") +enclave_name=$2 +location=$3 + +# Source variables +. "${mlz_tf_cfg}" + +# generate MLZ configuration names +. "${BASH_SOURCE%/*}"/generate_names.sh "${tf_config_subid}" "${enclave_name}" + +# Create Azure AD application registration and Service Principal +echo "Verifying Service Principal is unique (${mlz_sp_name})" +if [[ -z $(az ad sp list --filter "displayName eq '${mlz_sp_name}'" --query "[].displayName" -o tsv) ]];then + echo "Service Principal does not exist...creating" + sp_pwd=$(az ad sp create-for-rbac \ + --name "http://${mlz_sp_name}" \ + --role Contributor \ + --scopes "/subscriptions/${tf_config_subid}" "/subscriptions/${mlz_saca_subid}" "/subscriptions/${mlz_tier0_subid}" "/subscriptions/${mlz_tier1_subid}" "/subscriptions/${mlz_tier2_subid}" \ + --query password \ + --output tsv) +else + error_log "Service Principal named ${mlz_sp_name} already exists. This must be a unique Service Principal for your use only. Try again with a new enclave name. Exiting script." + exit 1 +fi + +# Get Service Principal AppId +sp_clientid=$(az ad sp show \ + --id "http://${mlz_sp_name}" \ + --query appId \ + --output tsv) + +# Get Service Principal ObjectId +sp_objid=$(az ad sp show \ + --id "http://${mlz_sp_name}" \ + --query objectId \ + --output tsv) + +# Validate or create Terraform Config resource group +if [[ -z $(az group show --name "${mlz_rg_name}" --subscription "${tf_config_subid}" --query name --output tsv) ]];then + echo "Resource Group does not exist...creating resource group ${mlz_rg_name}" + az group create \ + --subscription "${tf_config_subid}" \ + --location "${location}" \ + --name "${mlz_rg_name}" +else + echo "Resource Group already exists...getting resource group" +fi + +# Create Key Vault +if [[ -z $(az keyvault show --name "${mlz_kv_name}" --subscription "${tf_config_subid}" --query name --output tsv) ]];then + echo "Key Vault ${mlz_kv_name} does not exist...creating Key Vault" + az keyvault create \ + --name "${mlz_kv_name}" \ + --subscription "${tf_config_subid}" \ + --resource-group "${mlz_rg_name}" \ + --location "${location}" \ + --output none + echo "Key Vault ${mlz_kv_name} created!" +fi + +# Create Key Vault Access Policy for Service Principal +echo "Setting Access Policy for Service Principal..." +az keyvault set-policy \ + --name "${mlz_kv_name}" \ + --subscription "${tf_config_subid}" \ + --resource-group "${mlz_rg_name}" \ + --object-id "${sp_objid}" \ + --secret-permissions get list set \ + --output none +echo "Access Policy for Service Principal set!" + +# Set Key Vault Secrets +echo "Updating KeyVault with Service Principal secrets..." +az keyvault secret set \ + --name "${mlz_sp_kv_password}" \ + --subscription "${tf_config_subid}" \ + --vault-name "${mlz_kv_name}" \ + --value "${sp_pwd}" \ + --output none + +az keyvault secret set \ + --name "${mlz_sp_kv_name}" \ + --subscription "${tf_config_subid}" \ + --vault-name "${mlz_kv_name}" \ + --value "${sp_clientid}" \ + --output none +echo "KeyVault updated with Service Principal secrets!" diff --git a/scripts/destroy_terraform.sh b/scripts/destroy_terraform.sh index 5adf4c9b3..cd684aeb1 100644 --- a/scripts/destroy_terraform.sh +++ b/scripts/destroy_terraform.sh @@ -30,7 +30,7 @@ plugin_dir="$(dirname "$(dirname "$(realpath "$0")")")/src/provider_cache" . "${BASH_SOURCE%/*}"/util/checkforterraform.sh # Validate necessary Azure resources exist -. "${BASH_SOURCE%/*}"/mlz_config_validate.sh "${tf_dir}" +. "${BASH_SOURCE%/*}"/config/config_validate.sh "${tf_dir}" # Get the .tfvars file matching the terraform directory name if [[ ! -f "${tfvars}" ]] @@ -114,4 +114,4 @@ terraform destroy \ -var-file="${globalvars}" \ -var-file="${tfvars}" \ -var "mlz_clientid=${client_id}" \ - -var "mlz_clientsecret=${client_secret}" \ No newline at end of file + -var "mlz_clientsecret=${client_secret}" diff --git a/scripts/init_terraform.sh b/scripts/init_terraform.sh old mode 100644 new mode 100755 index 18bd22d79..df578bbfd --- a/scripts/init_terraform.sh +++ b/scripts/init_terraform.sh @@ -29,7 +29,7 @@ plugin_dir="$(dirname "$(dirname "$(realpath "$0")")")/src/provider_cache" . "${BASH_SOURCE%/*}"/util/checkforterraform.sh # Validate necessary Azure resources exist -. "${BASH_SOURCE%/*}"/mlz_config_validate.sh "${tf_dir}" +. "${BASH_SOURCE%/*}"/config/config_validate.sh "${tf_dir}" # Get the .tfvars file matching the terraform directory name if [[ ! -f "${tfvars}" ]] diff --git a/scripts/mlz_tf_setup.sh b/scripts/mlz_tf_setup.sh old mode 100644 new mode 100755 index f13a77025..dec0bcfac --- a/scripts/mlz_tf_setup.sh +++ b/scripts/mlz_tf_setup.sh @@ -3,28 +3,29 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # -# shellcheck disable=SC1090,SC1091 +# shellcheck disable=SC1090,SC1091,SC2154 # SC1090: Can't follow non-constant source. Use a directive to specify location. # SC1091: Not following. Shellcheck can't follow non-constant source. +# SC2154: Referenced but not assigned. These arguments come sourced from other scripts. # # A script to configure a resource group that contains Terraform state and a secret store. PGM=$(basename "${0}") if [[ "$#" -lt 3 ]]; then - echo "usage: ${PGM} " + echo "usage: ${PGM} " exit 1 fi -enclave=$1 -location=$2 -tf_environment=$3 +mlz_tf_cfg=$(realpath "${1}") +enclave=$2 +location=$3 # Check for dependencies . "${BASH_SOURCE%/*}"/util/checkforazcli.sh # Source variables -source "$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/mlz_tf_cfg.var +. "${mlz_tf_cfg}" ################################################## # @@ -32,101 +33,8 @@ source "$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/mlz_ # ################################################## -# MLZ Terraform Names -tfCfgSubId="${tf_config_subid//-}" # remove hyphens in subscription ID for resource naming conventions -safeEnclave="${enclave//-}" -deployTfRgName=rg-mlz-tf_cfg-${safeEnclave} - -rgName=rg-mlz-cfg-${safeEnclave} - -spName=sp-tf-mlz-${safeEnclave} -spNameSecret=sp-tf-mlz-${safeEnclave}-clientid -spPwdSecret=sp-tf-mlz-${safeEnclave}-pwd - -saNameByConvention=tfsa${safeEnclave}${tfCfgSubId} -saName=${saNameByConvention:0:24} # take the 24 characters of the storage account name -containerName=tfstate - -kvNameByConvention=kvmlz${safeEnclave}${tfCfgSubId} -kvName=${kvNameByConvention:0:24} # take the 24 characters of the key vault name - -# Create Azure AD application registration and Service Principal -echo "Verifying Service Principal is unique (${spName})" -if [[ -z $(az ad sp list --filter "displayName eq '${spName}'" --query "[].displayName" -o tsv) ]];then - echo "Service Principal does not exist...creating" - spPwd=$(az ad sp create-for-rbac \ - --name "http://${spName}" \ - --role Contributor \ - --scopes "/subscriptions/${tf_config_subid}" "/subscriptions/${mlz_saca_subid}" "/subscriptions/${mlz_tier0_subid}" "/subscriptions/${mlz_tier1_subid}" "/subscriptions/${mlz_tier2_subid}" \ - --query password \ - --output tsv) -else - echo "Service Principal named ${spName} already exists. This must be a unique Service Principal for your use only. Try again with a new enclave name. Exiting script." - exit -fi - -# Get Service Principal AppId -spClientId=$(az ad sp show \ - --id "http://${spName}" \ - --query appId \ - --output tsv) - -# Get Service Principal ObjectId -spObjectId=$(az ad sp show \ - --id "http://${spName}" \ - --query objectId \ - --output tsv) - -# Validate or create Terraform Config resource group -if [[ -z $(az group show --name "${deployTfRgName}" --subscription "${tf_config_subid}" --query name --output tsv) ]];then - echo "Resource Group does not exist...creating resource group ${deployTfRgName}" - az group create \ - --subscription "${tf_config_subid}" \ - --location "${location}" \ - --name "${deployTfRgName}" -else - echo "Resource Group already exsits...getting resource group" -fi - -# Create Key Vault -if [[ -z $(az keyvault show --name "${kvName}" --subscription "${tf_config_subid}" --query name --output tsv) ]];then - echo "Key Vault ${kvName} does not exist...creating Key Vault" - az keyvault create \ - --name "${kvName}" \ - --subscription "${tf_config_subid}" \ - --resource-group "${deployTfRgName}" \ - --location "${location}" \ - --output none - echo "Key Vault ${kvName} created!" -fi - -# Create Key Vault Access Policy for Service Principal -echo "Setting Access Policy for Service Principal..." -az keyvault set-policy \ - --name "${kvName}" \ - --subscription "${tf_config_subid}" \ - --resource-group "${deployTfRgName}" \ - --object-id "${spObjectId}" \ - --secret-permissions get list set \ - --output none -echo "Access Policy for Service Principal set!" - -# Set Key Vault Secrets -echo "Updating KeyVault with Service Principal secrets..." -az keyvault secret set \ - --name "${spPwdSecret}" \ - --subscription "${tf_config_subid}" \ - --vault-name "${kvName}" \ - --value "${spPwd}" \ - --output none - -az keyvault secret set \ - --name "${spNameSecret}" \ - --subscription "${tf_config_subid}" \ - --vault-name "${kvName}" \ - --value "${spClientId}" \ - --output none -echo "KeyVault updated with Service Principal secrets!" +# generate MLZ configuration resources +. "${BASH_SOURCE%/*}"/config/mlz_config_create.sh "${mlz_tf_cfg}" "${enclave}" "${location}" ################################################## # @@ -134,73 +42,8 @@ echo "KeyVault updated with Service Principal secrets!" # ################################################## -# SACA-hub Terraform Names -sacaSubId="${mlz_saca_subid//-}" # remove hyphens in subscription ID for resource naming conventions -sacaTfRgName=rg-mlz-tf_saca-${enclave} -sacasaNameByConvention=tfsasaca${enclave}${sacaSubId} -sacasaName=${sacasaNameByConvention:0:24} # take the 24 characters of the storage account name -containerName=tfstate - -# Create SACA-hub Resource Group and Storage Account for Terraform State files -echo "Validating Resource Group for Terraform state..." -if [[ -z $(az group show --name "${sacaTfRgName}" --subscription "${mlz_saca_subid}" --query name --output tsv) ]];then - echo "Resource Group does not exist...creating resource group ${sacaTfRgName}" - az group create \ - --subscription "${mlz_saca_subid}" \ - --location "${location}" \ - --name "${sacaTfRgName}" -else - echo "Resource Group already exsits...getting resource group" -fi - -echo "Validating Storage Account for Terraform state..." -if [[ -z $(az storage account show --name "${sacasaName}" --subscription "${mlz_saca_subid}" --query name --output tsv) ]];then - echo "Storage Account does not exist...creating storage account ${sacasaName}" - az storage account create \ - --name "${sacasaName}" \ - --subscription "${mlz_saca_subid}" \ - --resource-group "${sacaTfRgName}" \ - --location "${location}" \ - --sku Standard_LRS \ - --output none - - sacasaKey=$(az storage account keys list \ - --account-name "${sacasaName}" \ - --subscription "${mlz_saca_subid}" \ - --resource-group "${sacaTfRgName}" \ - --query "[?keyName=='key1'].value" \ - --output tsv) - - az storage container create \ - --name "${containerName}" \ - --subscription "${mlz_saca_subid}" \ - --resource-group "${sacaTfRgName}" \ - --account-name "${sacasaName}" \ - --account-key "${sacasaKey}" \ - --output none - echo "Storage account and container for Terraform state created!" -else - echo "Storage Account already exsits" -fi - -# Create SACA-hub config.vars file -configvars="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/saca-hub/config.vars -rm -f "$configvars" -touch "$configvars" -{ - echo "tenant_id=${mlz_tenantid}" - echo "mlz_cfg_sub_id=${tf_config_subid}" - echo "sub_id=${mlz_saca_subid}" - echo "enclave=${enclave}" - echo "location=${location}" - echo "tf_be_rg_name=${sacaTfRgName}" - echo "tf_be_sa_name=${sacasaName}" - echo "mlz_cfg_kv_name=${kvName}" - echo "sp_client_id_secret_name=${spNameSecret}" - echo "sp_client_pwd_secret_name=${spPwdSecret}" - echo "environment=${tf_environment}" - echo "container_name=tfstate" -} >> "$configvars" +saca_path="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/saca-hub +. "${BASH_SOURCE%/*}"/config/config_create.sh "${mlz_tf_cfg}" "${enclave}" "${location}" "${mlz_saca_subid}" "${saca_path}" ################################################## # @@ -208,73 +51,8 @@ touch "$configvars" # ################################################## -# Tier-0 Terraform Names -tier0SubId="${mlz_tier0_subid//-}" # remove hyphens in subscription ID for resource naming conventions -tier0TfRgName=rg-mlz-tf_tier0-${enclave} -t0saNameByConvention=tfsatier0${enclave}${tier0SubId} -t0saName=${t0saNameByConvention:0:24} # take the 24 characters of the storage account name -containerName=tfstate - -# Create Tier-0 Resource Group and Storage Account for Terraform State files -echo "Validating Resource Group for Terraform state..." -if [[ -z $(az group show --name "${tier0TfRgName}" --subscription "${mlz_tier0_subid}" --query name --output tsv) ]];then - echo "Resource Group does not exist...creating resource group ${tier0TfRgName}" - az group create \ - --subscription "${mlz_tier0_subid}" \ - --location "${location}" \ - --name "${tier0TfRgName}" -else - echo "Resource Group already exsits...getting resource group" -fi - -echo "Validating Storage Account for Terraform state..." -if [[ -z $(az storage account show --name "${t0saName}" --subscription "${mlz_tier0_subid}" --query name --output tsv) ]];then - echo "Storage Account does not exist...creating storage account ${t0saName}" - az storage account create \ - --name "${t0saName}" \ - --subscription "${mlz_tier0_subid}" \ - --resource-group "${tier0TfRgName}" \ - --location "${location}" \ - --sku Standard_LRS \ - --output none - - t0saKey=$(az storage account keys list \ - --account-name "${t0saName}" \ - --subscription "${mlz_tier0_subid}" \ - --resource-group "${tier0TfRgName}" \ - --query "[?keyName=='key1'].value" \ - --output tsv) - - az storage container create \ - --name "${containerName}" \ - --subscription "${mlz_tier0_subid}" \ - --resource-group "${tier0TfRgName}" \ - --account-name "${t0saName}" \ - --account-key "${t0saKey}" \ - --output none - echo "Storage account and container for Terraform state created!" -else - echo "Storage Account already exsits" -fi - -# Create Tier-0 config.vars file -configvars="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/tier-0/config.vars -rm -f "$configvars" -touch "$configvars" -{ - echo "tenant_id=${mlz_tenantid}" - echo "mlz_cfg_sub_id=${tf_config_subid}" - echo "sub_id=${mlz_tier0_subid}" - echo "enclave=${enclave}" - echo "location=${location}" - echo "tf_be_rg_name=${tier0TfRgName}" - echo "tf_be_sa_name=${t0saName}" - echo "mlz_cfg_kv_name=${kvName}" - echo "sp_client_id_secret_name=${spNameSecret}" - echo "sp_client_pwd_secret_name=${spPwdSecret}" - echo "environment=${tf_environment}" - echo "container_name=tfstate" -} >> "$configvars" +tier0_path="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/tier-0 +. "${BASH_SOURCE%/*}"/config/config_create.sh "${mlz_tf_cfg}" "${enclave}" "${location}" "${mlz_tier0_subid}" "${tier0_path}" ################################################## # @@ -282,73 +60,8 @@ touch "$configvars" # ################################################## -# Tier-1 Terraform Names -tier1SubId="${mlz_tier1_subid//-}" # remove hyphens in subscription ID for resource naming conventions -tier1TfRgName=rg-mlz-tf_tier1-${enclave} -t1saNameByConvention=tfsatier1${enclave}${tier1SubId} -t1saName=${t1saNameByConvention:0:24} # take the 24 characters of the storage account name -containerName=tfstate - -# Create Tier-1 Resource Group and Storage Account for Terraform State files -echo "Validating Resource Group for Terraform state..." -if [[ -z $(az group show --name "${tier1TfRgName}" --subscription "${mlz_tier1_subid}" --query name --output tsv) ]];then - echo "Resource Group does not exist...creating resource group ${tier1TfRgName}" - az group create \ - --subscription "${mlz_tier1_subid}" \ - --location "${location}" \ - --name "${tier1TfRgName}" -else - echo "Resource Group already exsits...getting resource group" -fi - -echo "Validating Storage Account for Terraform state..." -if [[ -z $(az storage account show --name "${t1saName}" --subscription "${mlz_tier1_subid}" --query name --output tsv) ]];then - echo "Storage Account does not exist...creating storage account ${t1saName}" - az storage account create \ - --name "${t1saName}" \ - --subscription "${mlz_tier1_subid}" \ - --resource-group "${tier1TfRgName}" \ - --location "${location}" \ - --sku Standard_LRS \ - --output none - - t1saKey=$(az storage account keys list \ - --account-name "${t1saName}" \ - --subscription "${mlz_tier1_subid}" \ - --resource-group "${tier1TfRgName}" \ - --query "[?keyName=='key1'].value" \ - --output tsv) - - az storage container create \ - --name "${containerName}" \ - --subscription "${mlz_tier1_subid}" \ - --resource-group "${tier1TfRgName}" \ - --account-name "${t1saName}" \ - --account-key "${t1saKey}" \ - --output none - echo "Storage account and container for Terraform state created!" -else - echo "Storage Account already exsits" -fi - -# Create Tier-1 config.vars file -configvars="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/tier-1/config.vars -rm -f "$configvars" -touch "$configvars" -{ - echo "tenant_id=${mlz_tenantid}" - echo "mlz_cfg_sub_id=${tf_config_subid}" - echo "sub_id=${mlz_tier1_subid}" - echo "enclave=${enclave}" - echo "location=${location}" - echo "tf_be_rg_name=${tier1TfRgName}" - echo "tf_be_sa_name=${t1saName}" - echo "mlz_cfg_kv_name=${kvName}" - echo "sp_client_id_secret_name=${spNameSecret}" - echo "sp_client_pwd_secret_name=${spPwdSecret}" - echo "environment=${tf_environment}" - echo "container_name=tfstate" -} >> "$configvars" +tier1_path="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/tier-1 +. "${BASH_SOURCE%/*}"/config/config_create.sh "${mlz_tf_cfg}" "${enclave}" "${location}" "${mlz_tier1_subid}" "${tier1_path}" ################################################## # @@ -356,70 +69,5 @@ touch "$configvars" # ################################################## -# Tier-2 Terraform Names -tier2SubId="${mlz_tier2_subid//-}" # remove hyphens in subscription ID for resource naming conventions -tier2TfRgName=rg-mlz-tf_tier2-${enclave} -t2saNameByConvention=tfsatier2${enclave}${tier2SubId} -t2saName=${t2saNameByConvention:0:24} # take the 24 characters of the storage account name -containerName=tfstate - -# Create Tier-2 Resource Group and Storage Account for Terraform State files -echo "Validating Resource Group for Terraform state..." -if [[ -z $(az group show --name "${tier2TfRgName}" --subscription "${mlz_tier2_subid}" --query name --output tsv) ]];then - echo "Resource Group does not exist...creating resource group ${tier2TfRgName}" - az group create \ - --subscription "${mlz_tier2_subid}" \ - --location "${location}" \ - --name "${tier2TfRgName}" -else - echo "Resource Group already exsits...getting resource group" -fi - -echo "Validating Storage Account for Terraform state..." -if [[ -z $(az storage account show --name "${t2saName}" --subscription "${mlz_tier2_subid}" --query name --output tsv) ]];then - echo "Storage Account does not exist...creating storage account ${t2saName}" - az storage account create \ - --name "${t2saName}" \ - --subscription "${mlz_tier2_subid}" \ - --resource-group "${tier2TfRgName}" \ - --location "${location}" \ - --sku Standard_LRS \ - --output none - - t2saKey=$(az storage account keys list \ - --account-name "${t2saName}" \ - --subscription "${mlz_tier2_subid}" \ - --resource-group "${tier2TfRgName}" \ - --query "[?keyName=='key1'].value" \ - --output tsv) - - az storage container create \ - --name "${containerName}" \ - --subscription "${mlz_tier2_subid}" \ - --resource-group "${tier2TfRgName}" \ - --account-name "${t2saName}" \ - --account-key "${t2saKey}" \ - --output none - echo "Storage account and container for Terraform state created!" -else - echo "Storage Account already exsits" -fi - -# Create Tier-2 config.vars file -configvars="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/tier-2/config.vars -rm -f "$configvars" -touch "$configvars" -{ - echo "tenant_id=${mlz_tenantid}" - echo "mlz_cfg_sub_id=${tf_config_subid}" - echo "sub_id=${mlz_tier2_subid}" - echo "enclave=${enclave}" - echo "location=${location}" - echo "tf_be_rg_name=${tier2TfRgName}" - echo "tf_be_sa_name=${t2saName}" - echo "mlz_cfg_kv_name=${kvName}" - echo "sp_client_id_secret_name=${spNameSecret}" - echo "sp_client_pwd_secret_name=${spPwdSecret}" - echo "environment=${tf_environment}" - echo "container_name=tfstate" -} >> "$configvars" \ No newline at end of file +tier2_path="$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")"/src/core/tier-2 +. "${BASH_SOURCE%/*}"/config/config_create.sh "${mlz_tf_cfg}" "${enclave}" "${location}" "${mlz_tier2_subid}" "${tier2_path}"