create terraform backends from the UI (#145)

Azure · Apr 7, 2021 · 4ef1f1f · 4ef1f1f
1 parent b528d42
commit 4ef1f1f
Show file tree

Hide file tree

Showing 22 changed files with 869 additions and 426 deletions.
diff --git a/src/build/front_wrapper.sh b/src/build/front_wrapper.sh
@@ -41,4 +41,17 @@ az login --service-principal \
   --allow-no-subscriptions \
   --output none
 
-. "${BASH_SOURCE%/*}/apply_tf.sh"  "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}"
+src_dir=$(dirname "$(realpath "${BASH_SOURCE%/*}")")
+
+# Create config resources given a subscription ID and terraform configuration folder path
+create_tf_config() {
+  . "${src_dir}/scripts/config/config_create.sh" "${mlz_config}" "${1}" "${2}"
+}
+
+# create backends for terraform modules
+create_tf_config "${mlz_saca_subid}" "${src_dir}/core/saca-hub"
+create_tf_config "${mlz_tier0_subid}" "${src_dir}/core/tier-0"
+create_tf_config "${mlz_tier1_subid}" "${src_dir}/core/tier-1"
+create_tf_config "${mlz_tier2_subid}" "${src_dir}/core/tier-2"
+
+. "${BASH_SOURCE%/*}/apply_tf.sh" "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}"
diff --git a/src/core/globals.front.json b/src/core/globals.front.json
@@ -5,7 +5,7 @@
 				"varname": "tf_environment",
 				"type": "text",
 				"default_val": "env:TF_ENV",
-				"description": "Terraform deployment Environment https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment",
+				"description": "Terraform azurerm environment (e.g. 'public') see: https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment",
 				"options": []
 			},
 			{
@@ -19,21 +19,21 @@
 				"varname": "mlz_tenantid",
 				"type": "text",
 				"default_val": "env:TENANT_ID",
-				"description": "Tenant ID where your subscriptions liv",
+				"description": "Tenant ID where your subscriptions live",
 				"options": []
 			},
 			{
 				"varname": "mlz_metadatahost",
 				"type": "text",
 				"default_val": "management.azure.com",
-				"description": "Host for azure metadata: e.g  'management.azure.com' or 'management.usgovcloudapi.net'",
+				"description": "Azure Metadata Service endpoint. (e.g 'management.azure.com' or 'management.usgovcloudapi.net')",
 				"options": []
 			},
 			{
 				"varname": "mlz_location",
 				"type": "text",
 				"default_val": "env:MLZ_LOCATION",
-				"description": "The location that you're deploying to.",
+				"description": "The location that you're deploying to (e.g. 'eastus')",
 				"options": []
 			}
 		]

diff --git a/src/core/saca-hub/saca-hub.front.json b/src/core/saca-hub/saca-hub.front.json
@@ -4,35 +4,35 @@
 			{
 				"varname": "deploymentname",
 				"type": "text",
-				"default_val": "mlzci",
+				"default_val": "mlz",
 				"description": "A unique name for your terraform deployment",
 				"options": []
 			},
 			{
 				"varname": "saca_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:HUB_SUBSCRIPTION_ID",
 				"description": "The subscription id where the SACA hub lives",
 				"options": []
 			},
 			{
 				"varname": "saca_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-sacaci",
+				"default_val": "rg-eastus-mlz-saca",
 				"description": "Resource group name",
 				"options": []
 			},
 			{
 				"varname": "saca_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-sacaci",
+				"default_val": "vn-eastus-mlz-saca",
 				"description": "Virtual Network Name",
 				"options": []
 			},
 			{
 				"varname": "saca_lawsname",
 				"type": "text",
-				"default_val": "laws-eastus-mlz-sacaci",
+				"default_val": "laws-eastus-mlz-saca",
 				"description": "Name for log analytic workspace",
 				"options": []
 			},
@@ -48,42 +48,42 @@
 			{
 				"varname": "tier0_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-t0ci",
+				"default_val": "rg-eastus-mlz-t0",
 				"description": "Tier 0 resource group name",
 				"options": []
 			},
 			{
 				"varname": "tier0_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-t0ci",
+				"default_val": "vn-eastus-mlz-t0",
 				"description": "Tier 0 virtual network name",
 				"options": []
 			},
 			{
 				"varname": "tier1_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-t1ci",
+				"default_val": "rg-eastus-mlz-t1",
 				"description": "Tier 1 resource group name",
 				"options": []
 			},
 			{
 				"varname": "tier1_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-t1ci",
+				"default_val": "vn-eastus-mlz-t1",
 				"description": "Tier one virtual network name",
 				"options": []
 			},
 			{
 				"varname": "tier2_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-t1ci",
+				"default_val": "rg-eastus-mlz-t2",
 				"description": "Tier 2 resource group name",
 				"options": []
 			},
 			{
 				"varname": "tier2_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-t2ci",
+				"default_val": "vn-eastus-mlz-t2",
 				"description": "Tier 2 virtual network name",
 				"options": []
 			},

diff --git a/src/core/tier-0/tier-0.front.json b/src/core/tier-0/tier-0.front.json
@@ -7,56 +7,56 @@
 			{
 				"varname": "saca_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:HUB_SUBSCRIPTION_ID",
 				"description": "Saca Hub Subscription ID",
 				"options": []
 			},
 			{
 				"varname": "saca_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-sacaci",
+				"default_val": "rg-eastus-mlz-saca",
 				"description": "Saca Hub Resource Group Name",
 				"options": []
 			},
 			{
 				"varname": "saca_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-sacaci",
+				"default_val": "vn-eastus-mlz-saca",
 				"description": "Saca Virtual Network Name",
 				"options": []
 			},
 			{
 				"varname": "saca_fwname",
 				"type": "text",
-				"default_val": "DemoFirewallci",
+				"default_val": "DemoFirewall",
 				"description": "Saca Firewall Name",
 				"options": []
 			},
 			{
 				"varname": "saca_lawsname",
 				"type": "text",
-				"default_val": "laws-eastus-mlz-sacaci",
+				"default_val": "laws-eastus-mlz-saca",
 				"description": "Saca Log Analytic Workspace Name",
 				"options": []
 			},
 			{
 				"varname": "tier0_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:TIER0_SUBSCRIPTION_ID",
 				"description": "Tier0 Subscription Id",
 				"options": []
 			},
 			{
 				"varname": "tier0_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-t0ci",
+				"default_val": "rg-eastus-mlz-t0",
 				"description": "Tier0 Resource Group Name",
 				"options": []
 			},
 			{
 				"varname": "tier0_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-t0ci",
+				"default_val": "vn-eastus-mlz-t0",
 				"description": "Tier0 Virtual Network Name",
 				"options": []
 			},
@@ -125,7 +125,7 @@
 			{
 				"varname": "subnets.{TIER0_SUBNETVM_NAME}.routetable_name",
 				"type": "text",
-				"default_val": "tier0vmsrtci",
+				"default_val": "tier0vmsrt",
 				"description": "Tier 0 Routeable Subnet Name",
 				"options": []
 			}

diff --git a/src/core/tier-1/tier-1.front.json b/src/core/tier-1/tier-1.front.json
@@ -7,56 +7,56 @@
 			{
 				"varname": "saca_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:HUB_SUBSCRIPTION_ID",
 				"description": "Saca Hub Subscription ID",
 				"options": []
 			},
 			{
 				"varname": "saca_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-sacaci",
+				"default_val": "rg-eastus-mlz-saca",
 				"description": "Saca Hub Resource Group Name",
 				"options": []
 			},
 			{
 				"varname": "saca_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-sacaci",
+				"default_val": "vn-eastus-mlz-saca",
 				"description": "Saca Virtual Network Name",
 				"options": []
 			},
 			{
 				"varname": "saca_fwname",
 				"type": "text",
-				"default_val": "DemoFirewallci",
+				"default_val": "DemoFirewall",
 				"description": "Saca Firewall Name",
 				"options": []
 			},
 			{
 				"varname": "saca_lawsname",
 				"type": "text",
-				"default_val": "laws-eastus-mlz-sacaci",
+				"default_val": "laws-eastus-mlz-saca",
 				"description": "Saca Log Analytic Workspace Name",
 				"options": []
 			},
 			{
 				"varname": "tier1_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:TIER1_SUBSCRIPTION_ID",
 				"description": "Tier0 Subscription Id",
 				"options": []
 			},
 			{
 				"varname": "tier1_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-t1ci",
+				"default_val": "rg-eastus-mlz-t1",
 				"description": "Tier0 Resource Group Name",
 				"options": []
 			},
 			{
 				"varname": "tier1_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-t1ci",
+				"default_val": "vn-eastus-mlz-t1",
 				"description": "Tier0 Virtual Network Name",
 				"options": []
 			},
@@ -125,7 +125,7 @@
 			{
 				"varname": "subnets.{TIER1_SUBNETVM_NAME}.routetable_name",
 				"type": "text",
-				"default_val": "tier1vmsrtci",
+				"default_val": "tier1vmsrt",
 				"description": "Tier 0 Routeable Subnet Name",
 				"options": []
 			}

diff --git a/src/core/tier-2/tier-2.front.json b/src/core/tier-2/tier-2.front.json
@@ -7,56 +7,56 @@
 			{
 				"varname": "saca_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:HUB_SUBSCRIPTION_ID",
 				"description": "Saca Hub Subscription ID",
 				"options": []
 			},
 			{
 				"varname": "saca_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-sacaci",
+				"default_val": "rg-eastus-mlz-saca",
 				"description": "Saca Hub Resource Group Name",
 				"options": []
 			},
 			{
 				"varname": "saca_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-sacaci",
+				"default_val": "vn-eastus-mlz-saca",
 				"description": "Saca Virtual Network Name",
 				"options": []
 			},
 			{
 				"varname": "saca_fwname",
 				"type": "text",
-				"default_val": "DemoFirewallci",
+				"default_val": "DemoFirewall",
 				"description": "Saca Firewall Name",
 				"options": []
 			},
 			{
 				"varname": "saca_lawsname",
 				"type": "text",
-				"default_val": "laws-eastus-mlz-sacaci",
+				"default_val": "laws-eastus-mlz-saca",
 				"description": "Saca Log Analytic Workspace Name",
 				"options": []
 			},
 			{
 				"varname": "tier2_subid",
 				"type": "text",
-				"default_val": "env:SUBSCRIPTION_ID",
+				"default_val": "env:TIER2_SUBSCRIPTION_ID",
 				"description": "Tier0 Subscription Id",
 				"options": []
 			},
 			{
 				"varname": "tier2_rgname",
 				"type": "text",
-				"default_val": "rg-eastus-mlz-t2ci",
+				"default_val": "rg-eastus-mlz-t2",
 				"description": "Tier2 Resource Group Name",
 				"options": []
 			},
 			{
 				"varname": "tier2_vnetname",
 				"type": "text",
-				"default_val": "vn-eastus-mlz-t2ci",
+				"default_val": "vn-eastus-mlz-t2",
 				"description": "Tier2 Virtual Network Name",
 				"options": []
 			},
@@ -125,7 +125,7 @@
 			{
 				"varname": "subnets.{TIER2_SUBNETVM_NAME}.routetable_name",
 				"type": "text",
-				"default_val": "tier2vmsrtci",
+				"default_val": "tier2vmsrt",
 				"description": "Tier 0 Routeable Subnet Name",
 				"options": []
 			}

diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md
@@ -48,7 +48,7 @@ The MLZ deployment architecture uses a single Service Principal whose credential
 
     chmod u+x src/scripts/mlz_tf_setup.sh
 
-    src/scripts/mlz_tf_setup.sh src/core/mlz_tf_cfg.var
+    src/scripts/mlz_tf_setup.sh src/mlz_tf_cfg.var
     ```
 
 ### Set Terraform Configuration Variables