Update terraform config with agency-specific variables

thekaveman commented 1 year ago

The following Terraform config files reference MST Courtesy Cards, but should use a variable instead, e.g. ${local.agency_card_name}

So we could have something like:

resource "azurerm_linux_web_app" "main" {
  # name needs to be globally unique and is more specific because it's used in the app URL
- name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
+ name = "${local.agency_card_name}-eligibility-server-${local.env_name}"
  #  etc...
}

`app_service.tf`

[x] azurerm_linux_web_app.main.name

resource "azurerm_linux_web_app" "main" {
  # name needs to be globally unique and is more specific because it's used in the app URL
  name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
  #  etc...
}

`environment.tf`

[x] azurerm_resource_group.main.name

data "azurerm_resource_group" "main" {
  name = "courtesy-cards-eligibility-${local.env_name}"
}

`front_door.tf`

[x] azurerm_cdn_frontdoor_endpoint.main.name

resource "azurerm_cdn_frontdoor_endpoint" "main" {
  # used in the front door URL
  name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
  # ...
}

`main.tf`

[x] terraform.azurerm.resource_group_name
[x] terraform.azurerm.storage_account_name

terraform {
  # ...
  backend "azurerm" {
    # needs to match pipeline/azure-pipelines.yml
    resource_group_name  = "courtesy-cards-eligibility-terraform"
    storage_account_name = "courtesycardsterraform"
    # ...
  }
}

`roles.tf`

[x] azurerm_role_assignment.velocity_etl (make this name more generic? agency_card_data_etl?)
[x] azurerm_role_assignment.velocity_etl.principal_id
[x] [Microsoft.Storage/storageAccounts/blobServices/containers/blobs:path] StringLike 'velocity.csv'

resource "azurerm_role_assignment" "velocity_etl" {
  # ...
  principal_id = var.VELOCITY_ETL_APP_OBJECT_ID
  condition = <<EOF
(
 (
  @Resource[Microsoft.Storage/storageAccounts/blobServices/containers/blobs:path] StringLike 'velocity.csv'
 )
)
EOF
   # ...
}

`storage.tf`

[x] azurerm_storage_account.main.name

resource "azurerm_storage_account" "main" {
  # name needs to be unique per subscription
  name = "mstcceligibility${local.env_name}"
 # ...
}

`uptime.tf`

[x] healthcheck.name

module "healthcheck" {
  # ...
  name = "mst-courtesy-cards-eligibility-server-${local.env_name}-healthcheck"
}

`variables.tf`

[x] VELOCITY_ETL_APP_OBJECT_ID (need a more generic name for variable)

variable "VELOCITY_ETL_APP_OBJECT_ID" {
  description = "Object ID from the registered application for the Velocity server ETL uploading: https://cloudsight.zendesk.com/hc/en-us/articles/360016785598-Azure-finding-your-service-principal-object-ID"
  type = string
}

`init.sh`

[x] Require an arg for the Subscription to init with

echo "Setting the subscription for the Azure CLI..."
az account set --subscription="MST IT"

thekaveman commented 10 months ago

Backend configuration in main.tf cannot use variables. Need to figure out how to specify a different backend config per agency (multiple main.tf files in subdirectories per-agency?)

angela-tran commented 10 months ago

Backend configuration in main.tf cannot use variables. Need to figure out how to specify a different backend config per agency (multiple main.tf files in subdirectories per-agency?)

We realized that the pipeline gets its backend resource group and storage account config through the TerraformTask configuration. For local development, we can get our backend config through command-line options.

Therefore, we were able to remove resource group and storage account from being specified in the backend block; see https://github.com/cal-itp/eligibility-server/pull/343/commits/3803ffa222bfa0be8585eeebdc40ee40c13fc402 and https://github.com/cal-itp/eligibility-server/pull/343/commits/8af3d3252eab1b35e78375e94fc44a7760089157

cal-itp / eligibility-server