Skip to content

Commit

Permalink
[CES-21] Refactoring resource groups in Core configuration (#1179)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Krusty93
Krusty93 authored Sep 30, 2024
1 parent 9a6bb85 commit 3d2e7f8
Show file tree
Hide file tree
Showing 19 changed files with 238 additions and 102 deletions.
6 changes: 1 addition & 5 deletions src/core/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,6 @@
| [azurerm_key_vault_secret.appinsights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_monitor_metric_alert.cosmos_api_throttling_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.default_roleassignment_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_external](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_api_management.trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
Expand Down Expand Up @@ -112,6 +107,7 @@
| [azurerm_private_dns_zone.privatelink_table_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
| [azurerm_resource_group.lollipop_function_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.notifications_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_storage_account.locked_profiles_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
Expand Down
2 changes: 1 addition & 1 deletion src/core/_modules/container_registry/acr.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
resource "azurerm_container_registry" "this" {
name = local.nonstandard[var.location_short].acr
resource_group_name = azurerm_resource_group.container_registry.name
resource_group_name = var.resource_group_name
location = var.location
sku = "Premium"
admin_enabled = false
Expand Down
6 changes: 0 additions & 6 deletions src/core/_modules/container_registry/resource_groups.tf
View file

This file was deleted.

5 changes: 5 additions & 0 deletions src/core/_modules/container_registry/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,8 @@ variable "tags" {
type = map(any)
description = "Resource tags"
}

variable "resource_group_name" {
type = string
description = "Resource group where create resources"
}
4 changes: 2 additions & 2 deletions src/core/_modules/key_vaults/kv.tf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
resource "azurerm_key_vault" "kv" {
name = local.nonstandard[var.location_short].kv
location = azurerm_resource_group.sec.location
resource_group_name = azurerm_resource_group.sec.name
location = var.location
resource_group_name = var.resource_group_name
tenant_id = var.tenant_id
sku_name = "standard"

Expand Down
6 changes: 0 additions & 6 deletions src/core/_modules/key_vaults/resource_groups.tf
View file

This file was deleted.

5 changes: 5 additions & 0 deletions src/core/_modules/key_vaults/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ variable "location_short" {
description = "Azure region short name"
}

variable "resource_group_name" {
type = string
description = "Resource group where create resources"
}

variable "tags" {
type = map(any)
description = "Resource tags"
Expand Down
23 changes: 10 additions & 13 deletions src/core/data.tf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
resource "azurerm_resource_group" "data" {
name = format("%s-data-rg", local.project)
location = var.location

tags = var.tags
}

data "azurerm_cosmosdb_account" "cosmos_api" {
name = format("%s-cosmos-api", local.project)
resource_group_name = format("%s-rg-internal", local.project)
Expand All @@ -15,12 +8,16 @@ data "azurerm_cosmosdb_account" "cosmos_remote_content" {
resource_group_name = "io-p-messages-data-rg"
}

data "azurerm_resource_group" "rg_common" {
name = "io-p-rg-common"
}

#
# APIM
#
data "azurerm_subnet" "apim" {
name = "apimv2api"
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
virtual_network_name = data.azurerm_virtual_network.common.name
}

Expand Down Expand Up @@ -271,7 +268,7 @@ data "azurerm_linux_function_app" "citizen_func_02" {

data "azurerm_subnet" "function_let_snet" {
name = "fn3eltout"
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
virtual_network_name = data.azurerm_virtual_network.common.name
}

Expand All @@ -281,14 +278,14 @@ data "azurerm_subnet" "function_let_snet" {

data "azurerm_subnet" "admin_snet" {
name = format("%s-admin-snet", local.project)
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
virtual_network_name = data.azurerm_virtual_network.common.name
}

data "azurerm_subnet" "services_snet" {
count = var.function_services_count
name = format("%s-services-snet-%d", local.project, count.index + 1)
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
virtual_network_name = data.azurerm_virtual_network.common.name
}

Expand Down Expand Up @@ -427,7 +424,7 @@ data "azurerm_dns_a_record" "api_io_italia_it" {

data "azurerm_subnet" "appgateway_snet" {
name = "${local.project}-appgateway-snet"
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
virtual_network_name = data.azurerm_virtual_network.common.name
}

Expand All @@ -437,6 +434,6 @@ data "azurerm_subnet" "appgateway_snet" {

data "azurerm_subnet" "azdoa_snet" {
name = "azure-devops"
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
virtual_network_name = data.azurerm_virtual_network.common.name
}
7 changes: 0 additions & 7 deletions src/core/default.tf
View file

This file was deleted.

2 changes: 1 addition & 1 deletion src/core/keyvault.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ data "azurerm_key_vault" "key_vault" {

data "azurerm_key_vault" "key_vault_common" {
name = format("%s-kv-common", local.project)
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
}

data "azurerm_resource_group" "sec_rg" {
Expand Down
4 changes: 2 additions & 2 deletions src/core/monitor.tf
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
data "azurerm_application_insights" "application_insights" {
name = format("%s-ai-common", local.project)
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
}

data "azurerm_monitor_action_group" "error_action_group" {
name = "${var.prefix}${var.env_short}error"
resource_group_name = azurerm_resource_group.rg_common.name
resource_group_name = data.azurerm_resource_group.rg_common.name
}
15 changes: 12 additions & 3 deletions src/core/prod/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,21 @@

| Name | Type |
|------|------|
| [azurerm_resource_group.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.acr_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.assets_cdn_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.common_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.common_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.dashboards_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.external_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.github_managed_identity_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.internal_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.linux_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.role_assignment_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.sec_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_service_principal.platform_iac_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_resource_group.common_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
| [azurerm_user_assigned_identity.managed_identity_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source |
| [azurerm_user_assigned_identity.managed_identity_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source |
Expand All @@ -43,7 +52,7 @@ No inputs.

| Name | Description |
|------|-------------|
| <a name="output_azure_devops_agent"></a> [azure\_devops\_agent](#output\_azure\_devops\_agent) | n/a |
| <a name="output_key_vault"></a> [key\_vault](#output\_key\_vault) | n/a |
| <a name="output_networking"></a> [networking](#output\_networking) | n/a |
| <a name="output_resource_groups"></a> [resource\_groups](#output\_resource\_groups) | n/a |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
27 changes: 27 additions & 0 deletions src/core/prod/import.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
import {
to = azurerm_resource_group.internal_weu
id = "/subscriptions/ec285037-c673-4f58-b594-d7c480da4e8b/resourceGroups/io-p-rg-internal"
}

import {
to = azurerm_resource_group.external_weu
id = "/subscriptions/ec285037-c673-4f58-b594-d7c480da4e8b/resourceGroups/io-p-rg-external"
}

import {
to = azurerm_resource_group.common_weu
id = "/subscriptions/ec285037-c673-4f58-b594-d7c480da4e8b/resourceGroups/io-p-rg-common"
}


import {
to = azurerm_resource_group.sec_weu
id = "/subscriptions/ec285037-c673-4f58-b594-d7c480da4e8b/resourceGroups/io-p-sec-rg"
}

removed {
from = module.key_vault_weu.azurerm_resource_group.sec
lifecycle {
destroy = false
}
}
13 changes: 3 additions & 10 deletions src/core/prod/italynorth.tf
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,9 @@
resource "azurerm_resource_group" "vnet" {
name = "${local.project_itn}-common-rg-01"
location = "italynorth"

tags = local.tags
}

module "networking_itn" {
source = "../_modules/networking"

location = azurerm_resource_group.vnet.location
location_short = local.location_short[azurerm_resource_group.vnet.location]
resource_group_name = azurerm_resource_group.vnet.name
location = azurerm_resource_group.common_itn.location
location_short = local.location_short[azurerm_resource_group.common_itn.location]
resource_group_name = azurerm_resource_group.common_itn.name
project = local.project_itn

vnet_cidr_block = "10.20.0.0/16"
Expand Down
22 changes: 18 additions & 4 deletions src/core/prod/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,23 @@ output "key_vault" {
}
}

output "azure_devops_agent" {
output "resource_groups" {
value = {
weu = module.azdoa_weu
itn = null
italynorth = {
location_short = "itn"
common = azurerm_resource_group.common_itn.name
dashboards = azurerm_resource_group.dashboards_itn.name
github_id = azurerm_resource_group.github_managed_identity_itn.name
}
westeurope = {
location_short = "weu"
common = azurerm_resource_group.common_weu.name
internal = azurerm_resource_group.internal_weu.name
external = azurerm_resource_group.external_weu.name
sec = azurerm_resource_group.sec_weu.name
acr = azurerm_resource_group.acr_weu.name
assets_cdn = azurerm_resource_group.assets_cdn_weu.name
linux = azurerm_resource_group.linux_weu.name
}
}
}
}
97 changes: 97 additions & 0 deletions src/core/prod/resource_groups.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
resource "azurerm_resource_group" "common_itn" {
name = "${local.project_itn}-common-rg-01"
location = "italynorth"

tags = local.tags
}

moved {
from = azurerm_resource_group.vnet
to = azurerm_resource_group.common_itn
}

resource "azurerm_resource_group" "dashboards_itn" {
name = "${local.project_itn}-common-dashboards-rg-01"
location = "italynorth"

tags = local.tags
}

# Important: do not create any resource inside this resource group
resource "azurerm_resource_group" "role_assignment_itn" {
name = "default-roleassignment-rg"
location = "italynorth"

tags = local.tags
}

resource "azurerm_resource_group" "github_managed_identity_itn" {
name = "${local.project_itn}-github-id-rg-01"
location = "italynorth"

tags = local.tags
}

resource "azurerm_resource_group" "internal_weu" {
name = format("%s-rg-internal", local.project_weu_legacy)
location = "westeurope"

tags = local.tags
}

resource "azurerm_resource_group" "external_weu" {
name = format("%s-rg-external", local.project_weu_legacy)
location = "westeurope"

tags = local.tags
}

resource "azurerm_resource_group" "common_weu" {
name = format("%s-rg-common", local.project_weu_legacy)
location = "westeurope"

tags = local.tags
}

resource "azurerm_resource_group" "sec_weu" {
name = format("%s-sec-rg", local.project_weu_legacy)
location = "westeurope"

tags = local.tags
}

resource "azurerm_resource_group" "acr_weu" {
name = format("%s-container-registry-rg", local.project_weu_legacy)
location = "westeurope"

tags = local.tags
}

moved {
from = module.container_registry.azurerm_resource_group.container_registry
to = azurerm_resource_group.acr_weu
}

resource "azurerm_resource_group" "assets_cdn_weu" {
name = format("%s-assets-cdn-rg", local.project_weu_legacy)
location = "westeurope"

tags = local.tags
}

import {
id = "/subscriptions/ec285037-c673-4f58-b594-d7c480da4e8b/resourceGroups/io-p-assets-cdn-rg"
to = azurerm_resource_group.assets_cdn_weu
}

resource "azurerm_resource_group" "linux_weu" {
name = "${local.project_weu_legacy}-rg-linux"
location = "westeurope"

tags = local.tags
}

import {
id = "/subscriptions/ec285037-c673-4f58-b594-d7c480da4e8b/resourceGroups/io-p-rg-linux"
to = azurerm_resource_group.linux_weu
}
Loading

0 comments on commit 3d2e7f8

Please sign in to comment.