Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add unattended terraform execution, centralize Service Principal check, exit on any errors #63

Merged
merged 9 commits into from
Mar 5, 2021
Merged

Add unattended terraform execution, centralize Service Principal check, exit on any errors #63

merged 9 commits into from
Mar 5, 2021

Conversation

glennmusa
Copy link
Contributor

@glennmusa glennmusa commented Mar 5, 2021
edited
Loading

Description

See build/README.md on how to execute/demo this.

As of this writing, round-trip apply/destroy for everything under src/core takes ~35 minutes (most of it on Azure Firewall apply).

Changes:

  1. Adds apply_tf and destroy_tf

    These two scripts automate what a human currently does to deploy the terraform configurations at src/core in the repository.

    • The execution of these scripts assume that MLZ Configuration Resources have already been created as a MLZ Configuration file is passed as an argument. In a CI/CD scenario we would write this config file at execution time from known values.
    • The execution of these scripts require valid globals.tfvars and tier-X.tfvars as they are passed in as arguments. Today these are well known and stored outside of the repository. In a CI/CD scenario we would pull these files from some storage.

  2. Adds scripts/config/get_sp_identity.sh

    This script validates that Service Principal used by Terraform is available in the MLZ Configuration Resources Key Vault before attempting to use it to invoke terraform and deploy resources.

  3. Prepends all shell scripts in the solution with set -e

    • any error or non-zero exit code returned by scripts in this repo or any execution that this repo invokes (like Azure CLI and Terraform CLI) will exit the calling script immediately.

Issue reference

The issue this PR will close: #16, #62

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles or validates correctly
  • BASH scripts have been validated using shellcheck
  • All tests pass (manual and automated)
  • The documentation is updated to cover any new or changed features
  • Markdown files have been linted using the recommended linter. (See .vscode/extensions.json.)
  • Relevant issues are linked to this PR

brooke-hamilton
brooke-hamilton approved these changes Mar 5, 2021
View reviewed changes
build/README.md Show resolved Hide resolved
@brooke-hamilton brooke-hamilton merged commit dbbe8ba into main Mar 5, 2021
@brooke-hamilton brooke-hamilton deleted the glennmusa/automatedtf branch March 5, 2021 20:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brooke-hamilton brooke-hamilton brooke-hamilton approved these changes

@Breanna-Stryker Breanna-Stryker Awaiting requested review from Breanna-Stryker

@Phydeauxman Phydeauxman Awaiting requested review from Phydeauxman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Users shouldn't be able to invoke scripts requiring AZ CLI if they cannot auth against it
2 participants
@glennmusa @brooke-hamilton