Commit e48cc11f authored by Daniel Scholl's avatar Daniel Scholl
Browse files

Infra migrate

parent b2974de4
.envrc
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
.envrc*
*.output
output
.ssh
# Go files
vendor/
_vendor-*/
*.exe
*.lock
*.toml
# Terraform
.terraform/
**/.terraform/
**/terraform.tfstate.*
**/terraform.tfstate
**/.terraform.tfstate.lock.info
**/*.plan
**/output/
**/*-aks-flux/
# User-specific files
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
**/Properties/launchSettings.json
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
# CodeRush
.cr/
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# VSCode Files
.vscode*
# ENV files
**/.env
# Exclude local build directory
build/
# For Mac OS user files
**/.DS_Store
# For Mac OS user files
**/.DS_Store
# Dep files
*.toml
*.lock
//+build mage
// osdu-infrastructure task runner.
package main
import (
"fmt"
"os"
"path/filepath"
"strings"
"github.com/magefile/mage/mg"
"github.com/magefile/mage/sh"
)
// A build step that runs all tests.
func All() {
mg.Deps(TestModules)
}
// Execute Module Tests and fail if a test fails. Only executes tests in 'test' directories.
func TestModules() error {
mg.Deps(Clean)
mg.Deps(Check)
fmt.Println("INFO: Running unit tests...")
return FindAndRunTests("testing")
}
// Validate both Terraform code and Go code.
func Check() {
mg.Deps(LintTF)
mg.Deps(LintGO)
}
// Lint check Go and fail if files are not not formatted properly.
func LintGO() error {
fmt.Println("INFO: Checking format for Go files...")
return verifyRunsQuietly("Run `go fmt ./...` to fix", "go", "fmt", "./...")
}
// Lint check Terraform and fail if files are not formatted properly.
func LintTF() error {
fmt.Println("INFO: Checking format for Terraform files...")
return verifyRunsQuietly("Run `terraform fmt --check --recursive` to fix the offending files", "terraform", "fmt")
}
// Remove temporary build and test files.
func Clean() error {
fmt.Println("INFO: Cleaning...")
return filepath.Walk("./", func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if info.IsDir() && info.Name() == "vendor" {
return filepath.SkipDir
}
if info.IsDir() && info.Name() == ".terraform" {
os.RemoveAll(path)
fmt.Printf("Removed \"%v\"\n", path)
return filepath.SkipDir
}
if info.IsDir() && info.Name() == "terraform.tfstate.d" {
os.RemoveAll(path)
fmt.Printf("Removed \"%v\"\n", path)
return filepath.SkipDir
}
if !info.IsDir() && (info.Name() == "terraform.tfstate" ||
info.Name() == "terraform.tfplan" ||
info.Name() == "terraform.tfstate.backup") {
os.Remove(path)
fmt.Printf("Removed \"%v\"\n", path)
}
return nil
})
}
//-------------------------------
// GO UTILITY FUNCTIONS
//-------------------------------
// runs a command and ensures that the exit code indicates success and that there is no output to stdout
func verifyRunsQuietly(instructionsToFix string, cmd string, args ...string) error {
output, err := sh.Output(cmd, args...)
if err != nil {
return err
}
if len(output) == 0 {
return nil
}
return fmt.Errorf("ERROR: command '%s' with arguments %s failed. Output was: '%s'. %s", cmd, args, output, instructionsToFix)
}
// FindAndRunTests finds all tests with a given path suffix and runs them using `go test`
func FindAndRunTests(pathSuffix string) error {
goModules, err := sh.Output("go", "list", "./...")
if err != nil {
return err
}
testTargetModules := make([]string, 0)
for _, module := range strings.Fields(goModules) {
if strings.HasSuffix(module, pathSuffix) {
testTargetModules = append(testTargetModules, module)
}
}
if len(testTargetModules) == 0 {
return fmt.Errorf("No modules found for testing prefix '%s'", pathSuffix)
}
cmdArgs := []string{"test"}
cmdArgs = append(cmdArgs, testTargetModules...)
cmdArgs = append(cmdArgs, "-v", "-timeout", "7200s")
return sh.RunV("go", cmdArgs...)
}
## License
Copyright © Microsoft Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
\ No newline at end of file
# Module ad-application
Module for managing an Azure Active Directory Application with the following characteristics:
- Create an application and optionally assign roles to it..
> __This module requires the Terraform Principal to have Azure Active Directory Graph - `Application.ReadWrite.OwnedBy` Permissions.__
## Usage
```
locals {
name = "iac-osdu"
}
resource "random_id" "main" {
keepers = {
name = local.name
}
byte_length = 8
}
module "ad-application" {
source = "https://github.com/azure/osdu-infrastructure/infra/modules/providers/azure/ad-application"
name = format("${local.name}-%s-ad-app-management", random_id.main.hex)
reply_urls = [
"https://iac-osdu.com",
"https://iac-osdu.com/.auth/login/aad/callback"
]
api_permissions = [
{
name = "Microsoft Graph"
oauth2_permissions = [
"User.Read"
]
}
]
app_roles = [
{
name = "test"
description = "test"
member_types = [
"Application"
]
}
]
}
```
## Inputs
| Variable Name | Type | Description |
| ------------- | ---------- | ------------------------------------ |
| `name` | _string_ | The name of the application. |
| `homepage` | _string_ | The URL of the application's homepage. |
| `reply_urls` | _list_ | A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. Default: `[]` |
| `identifier_uris` | _string_ | A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant Default: `null`. |
| `oauth2_allow_implicit_flow` | _bool_ | Does this ad application allow oauth2 implicit flow tokens? |
| `available_to_other_tenants` | _bool_ | Is this ad application available to other tenants? |
| `group_membership_claims` | _bool_ | Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Default: `SecurityGroup` |
| `password` | _string_ | The application password (aka client secret). If empty, Terraform will generate a password. |
| `end_date` | _string_ | The date after which the password expire. This can either be relative duration or RFC3339 date. Default: `1Y`. |
| `api_permissions` | _list_ | List of API permissions. |
| `app_roles` | _list_ | List of App roles. |
## Outputs
Once the deployments are completed successfully, the output for the current module will be in the format mentioned below:
- `name`: The name of the application.
- `id`: The name of the application.
- `object_id`: The object ID of the application.
- `roles`: The application roles.
- `password`: The password for the application.
## License
Copyright © Microsoft Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
\ No newline at end of file
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
data "azuread_service_principal" "main" {
count = length(local.api_names)
display_name = local.api_names[count.index]
}
resource "azuread_application" "main" {
name = var.name
homepage = coalesce(var.homepage, local.homepage)
identifier_uris = local.identifier_uris
reply_urls = var.reply_urls
available_to_other_tenants = var.available_to_other_tenants
public_client = local.public_client
oauth2_allow_implicit_flow = var.oauth2_allow_implicit_flow
group_membership_claims = var.group_membership_claims