README.md 4.25 KB
Newer Older
Daniel Scholl's avatar
Daniel Scholl committed
1
2
3
4
5
6
# Azure OSDU MVC - Central Resources Configuration

The `osdu` - `central_resources` environment template is intended to provision to Azure resources for OSDU which are typically central to the architecture and can't be removed without destroying the entire OSDU deployment.

__PreRequisites__

7
> If you have run the `common_prepare.sh` scripts then jump down to the section called Manually Provision.
Daniel Scholl's avatar
Daniel Scholl committed
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

Requires the use of [direnv](https://direnv.net/) for environment variable management.

Requires a preexisting Service Principal to be created to be used for this OSDU Environment.

```bash
ENV=$USER  # This is helpful to set to your expected OSDU environment name.
NAME="osdu-mvp-$ENV-principal"

# Create a Service Principal
az ad sp create-for-rbac --name $NAME --skip-assignment -ojson

# Result
{
  "appId": "<guid>",                # -> Use this for TF_VAR_principal_appId
  "displayName": "<name>",          # -> Use this for TF_VAR_principal_name
  "name": "http://<name>",
  "password": "****************",   # -> Use this for TF_VAR_principal_password
  "tenant": "<ad_tenant>"
}

# Retrieve the AD Service Pricipal ID
az ad sp list --display-name $NAME --query [].objectId -ojson

# Result
[
  "<guid>"                          # -> Use this for TF_VAR_principal_objectId
]


# Assign API Permissions
# Microsoft Graph -- Application Permissions -- Directory.Read.All  ** GRANT ADMIN-CONSENT
adObjectId=$(az ad app list --display-name $NAME --query [].objectId -otsv)
graphId=$(az ad sp list --query "[?appDisplayName=='Microsoft Graph'].appId | [0]" --all -otsv)
directoryReadAll=$(az ad sp show --id $graphId --query "appRoles[?value=='Directory.Read.All'].id | [0]" -otsv)=Role

az ad app permission add --id $adObjectId --api $graphId --api-permissions $directoryReadAll

# Grant Admin Consent
# ** REQUIRES ADMIN AD ACCESS **
az ad app permission admin-consent --id $appId
```

Set up your local environment variables

*Note: environment variables are automatically sourced by direnv*

Required Environment Variables (.envrc)
```bash
export ARM_TENANT_ID=""
export ARM_SUBSCRIPTION_ID=""

# Terraform-Principal
export ARM_CLIENT_ID=""
export ARM_CLIENT_SECRET=""

# Terraform State Storage Account Key
export TF_VAR_remote_state_account=""
export TF_VAR_remote_state_container=""
export ARM_ACCESS_KEY=""

# Instance Variables
export TF_VAR_resource_group_location="centralus"
```

Navigate to the `terraform.tfvars` terraform file. Here's a sample of the terraform.tfvars file for this template.

```HCL
prefix                  = "osdu-mvp"

resource_tags = {
   contact = "<your_name>"
}
```

__Manually Provision__

Execute the following commands to set up your terraform workspace.

```bash
# This configures terraform to leverage a remote backend that will help you and your
# team keep consistent state
terraform init -backend-config "storage_account_name=${TF_VAR_remote_state_account}" -backend-config "container_name=${TF_VAR_remote_state_container}"

# This command configures terraform to use a workspace unique to you. This allows you to work
# without stepping over your teammate's deployments
Daniel Scholl's avatar
Daniel Scholl committed
94
TF_WORKSPACE="cr-${UNIQUE}"
Daniel Scholl's avatar
Daniel Scholl committed
95
96
97
terraform workspace new $TF_WORKSPACE || terraform workspace select $TF_WORKSPACE
```

98
99
100
> Manually create a custom variable file to use for template configuration and edit as appropriate and desired.

```bash
Asraful Chowdhury's avatar
Asraful Chowdhury committed
101
# File location : /infra-azure-provisioning/infra/templates/osdu-r3-mvp/central_resources
102
103
104
cp terraform.tfvars custom.tfvars
```

Daniel Scholl's avatar
Daniel Scholl committed
105
106
Execute the following commands to orchestrate a deployment.

107

Daniel Scholl's avatar
Daniel Scholl committed
108
109
```bash
# See what terraform will try to deploy without actually deploying
110
terraform plan -var-file custom.tfvars
Daniel Scholl's avatar
Daniel Scholl committed
111
112

# Execute a deployment
113
terraform apply -var-file custom.tfvars
Daniel Scholl's avatar
Daniel Scholl committed
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
```

Optionally execute the following command to teardown your deployment and delete your resources.

```bash
# Destroy resources and tear down deployment. Only do this if you want to destroy your deployment.
terraform destroy
```

## Testing

Please confirm that you've completed the `terraform apply` step before running the integration tests as we're validating the active terraform workspace.

Unit tests can be run using the following command:

```
go test -v $(go list ./... | grep "unit")
```

Integration tests can be run using the following command:

```
go test -v $(go list ./... | grep "integration")
```