Infra migrate

.gitignore

-.envrc
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+.envrc*
+*.output
+
+output
+
+.ssh
+
+# Go files
+vendor/
+_vendor-*/
+*.exe
+*.lock
+*.toml
+
+# Terraform
+.terraform/
+**/.terraform/
+**/terraform.tfstate.*
+**/terraform.tfstate
+**/.terraform.tfstate.lock.info
+**/*.plan
+**/output/
+**/*-aks-flux/
+
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+**/Properties/launchSettings.json
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# JetBrains Rider
+.idea/
+*.sln.iml
+
+# CodeRush
+.cr/
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# VSCode Files
+.vscode*
+
+# ENV files
+**/.env
+
+# Exclude local build directory
+build/
+# For Mac OS user files
+**/.DS_Store
+# For Mac OS user files
+**/.DS_Store
+
+# Dep files
+*.toml
+*.lock

infra/modules/magefile.go

+//+build mage
+
+// osdu-infrastructure task runner.
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/magefile/mage/mg"
+	"github.com/magefile/mage/sh"
+)
+
+// A build step that runs all tests.
+func All() {
+	mg.Deps(TestModules)
+}
+
+// Execute Module Tests and fail if a test fails. Only executes tests in 'test' directories.
+func TestModules() error {
+	mg.Deps(Clean)
+	mg.Deps(Check)
+	fmt.Println("INFO: Running unit tests...")
+	return FindAndRunTests("testing")
+}
+
+// Validate both Terraform code and Go code.
+func Check() {
+	mg.Deps(LintTF)
+	mg.Deps(LintGO)
+}
+
+// Lint check Go and fail if files are not not formatted properly.
+func LintGO() error {
+	fmt.Println("INFO: Checking format for Go files...")
+	return verifyRunsQuietly("Run `go fmt ./...` to fix", "go", "fmt", "./...")
+}
+
+// Lint check Terraform and fail if files are not formatted properly.
+func LintTF() error {
+	fmt.Println("INFO: Checking format for Terraform files...")
+	return verifyRunsQuietly("Run `terraform fmt --check --recursive` to fix the offending files", "terraform", "fmt")
+}
+
+// Remove temporary build and test files.
+func Clean() error {
+	fmt.Println("INFO: Cleaning...")
+	return filepath.Walk("./", func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() && info.Name() == "vendor" {
+			return filepath.SkipDir
+		}
+		if info.IsDir() && info.Name() == ".terraform" {
+			os.RemoveAll(path)
+			fmt.Printf("Removed \"%v\"\n", path)
+			return filepath.SkipDir
+		}
+		if info.IsDir() && info.Name() == "terraform.tfstate.d" {
+			os.RemoveAll(path)
+			fmt.Printf("Removed \"%v\"\n", path)
+			return filepath.SkipDir
+		}
+		if !info.IsDir() && (info.Name() == "terraform.tfstate" ||
+			info.Name() == "terraform.tfplan" ||
+			info.Name() == "terraform.tfstate.backup") {
+			os.Remove(path)
+			fmt.Printf("Removed \"%v\"\n", path)
+		}
+		return nil
+	})
+}
+
+//-------------------------------
+// GO UTILITY FUNCTIONS
+//-------------------------------
+
+// runs a command and ensures that the exit code indicates success and that there is no output to stdout
+func verifyRunsQuietly(instructionsToFix string, cmd string, args ...string) error {
+	output, err := sh.Output(cmd, args...)
+
+	if err != nil {
+		return err
+	}
+
+	if len(output) == 0 {
+		return nil
+	}
+
+	return fmt.Errorf("ERROR: command '%s' with arguments %s failed. Output was: '%s'. %s", cmd, args, output, instructionsToFix)
+}
+
+// FindAndRunTests finds all tests with a given path suffix and runs them using `go test`
+func FindAndRunTests(pathSuffix string) error {
+	goModules, err := sh.Output("go", "list", "./...")
+	if err != nil {
+		return err
+	}
+
+	testTargetModules := make([]string, 0)
+	for _, module := range strings.Fields(goModules) {
+		if strings.HasSuffix(module, pathSuffix) {
+			testTargetModules = append(testTargetModules, module)
+		}
+	}
+
+	if len(testTargetModules) == 0 {
+		return fmt.Errorf("No modules found for testing prefix '%s'", pathSuffix)
+	}
+
+	cmdArgs := []string{"test"}
+	cmdArgs = append(cmdArgs, testTargetModules...)
+	cmdArgs = append(cmdArgs, "-v", "-timeout", "7200s")
+	return sh.RunV("go", cmdArgs...)
+}

infra/modules/providers/azure/.gitignore

+testing.tfvars

infra/modules/providers/azure/README.md

+
+
+## License
+Copyright © Microsoft Corporation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at 
+
+[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file

infra/modules/providers/azure/ad-application/README.md

+# Module ad-application
+
+Module for managing an Azure Active Directory Application with the following characteristics:
+
+- Create an application and optionally assign roles to it..
+
+> __This module requires the Terraform Principal to have Azure Active Directory Graph - `Application.ReadWrite.OwnedBy` Permissions.__
+
+
+## Usage
+
+```
+locals {
+  name = "iac-osdu"
+}
+
+resource "random_id" "main" {
+  keepers = {
+    name = local.name
+  }
+
+  byte_length = 8
+}
+
+
+module "ad-application" {
+  source = "https://github.com/azure/osdu-infrastructure/infra/modules/providers/azure/ad-application"
+
+  name = format("${local.name}-%s-ad-app-management", random_id.main.hex)
+
+  reply_urls = [
+    "https://iac-osdu.com",
+    "https://iac-osdu.com/.auth/login/aad/callback"
+  ]
+
+  api_permissions = [
+    {
+      name = "Microsoft Graph"
+      oauth2_permissions = [
+        "User.Read"
+      ]
+    }
+  ]
+
+  app_roles = [
+    {
+      name        = "test"
+      description = "test"
+      member_types = [
+        "Application"
+      ]
+    }
+  ]
+}
+```
+
+## Inputs
+
+| Variable Name | Type       | Description                          | 
+| ------------- | ---------- | ------------------------------------ |
+| `name`        | _string_   | The name of the application.         |
+| `homepage`    | _string_   | The URL of the application's homepage. |
+| `reply_urls`  | _list_     | A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. Default: `[]` |
+| `identifier_uris` | _string_ | A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant Default: `null`. |
+| `oauth2_allow_implicit_flow` | _bool_ | Does this ad application allow oauth2 implicit flow tokens? |
+| `available_to_other_tenants` | _bool_ | Is this ad application available to other tenants? |
+| `group_membership_claims` | _bool_ | Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Default: `SecurityGroup` |
+| `password` | _string_ | The application password (aka client secret). If empty, Terraform will generate a password. |
+| `end_date` | _string_ | The date after which the password expire. This can either be relative duration or RFC3339 date. Default: `1Y`. |
+| `api_permissions` | _list_ | List of API permissions. |
+| `app_roles` | _list_ | List of App roles. |
+
+
+
+## Outputs
+
+Once the deployments are completed successfully, the output for the current module will be in the format mentioned below:
+
+- `name`: The name of the application.
+- `id`: The name of the application.
+- `object_id`:  The object ID of the application.
+- `roles`:  The application roles.
+- `password`:  The password for the application.
+
+## License
+Copyright © Microsoft Corporation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at 
+
+[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file

infra/modules/providers/azure/ad-application/main.tf

+//  Copyright © Microsoft Corporation
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+data "azuread_service_principal" "main" {
+  count        = length(local.api_names)
+  display_name = local.api_names[count.index]
+}
+
+resource "azuread_application" "main" {
+  name                       = var.name
+  homepage                   = coalesce(var.homepage, local.homepage)
+  identifier_uris            = local.identifier_uris
+  reply_urls                 = var.reply_urls
+  available_to_other_tenants = var.available_to_other_tenants
+  public_client              = local.public_client
+  oauth2_allow_implicit_flow = var.oauth2_allow_implicit_flow
+  group_membership_claims    = var.group_membership_claims