Merge branch 'add-var-to-tf' into reusable-gha-tf-deploy

CDCgov · Oct 11, 2024 · cb0f281 · cb0f281
2 parents 1fdc4db + 57f567d
commit cb0f281
Show file tree

Hide file tree

Showing 24 changed files with 106 additions and 71 deletions.
diff --git a/ops/terraform/config/dev.config b/ops/terraform/config/dev.config
@@ -0,0 +1,3 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev.terraform.tfstate"
diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config
@@ -0,0 +1,3 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev2.terraform.tfstate"
diff --git a/ops/terraform/config/dev3.config b/ops/terraform/config/dev3.config
@@ -0,0 +1,3 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev3.terraform.tfstate"
diff --git a/ops/terraform/config/dev4.config b/ops/terraform/config/dev4.config
@@ -0,0 +1,3 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev4.terraform.tfstate"
diff --git a/ops/terraform/config/dev5.config b/ops/terraform/config/dev5.config
@@ -0,0 +1,3 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev5.terraform.tfstate"
diff --git a/ops/terraform/config/dev6.config b/ops/terraform/config/dev6.config
@@ -0,0 +1,3 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev6.terraform.tfstate"
diff --git a/ops/terraform/data.tf b/ops/terraform/data.tf
@@ -1,3 +1,3 @@
-data "azurerm_resource_group" "dev" {
+data "azurerm_resource_group" "rg" {
   name = var.resource_group_name
 }
diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf
@@ -2,7 +2,6 @@ locals {
   environment = "${terraform.workspace}"
   init = {
     environment         = local.environment
-    resource_group_name = "reportvision-rg-${terraform.workspace}"
     location            = "eastus2"
   }
   network = {

diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf
@@ -1,7 +1,7 @@
 locals {
   management_tags = {
     environment    = local.environment
-    resource_group = data.azurerm_resource_group.dev.name
+    resource_group = data.azurerm_resource_group.rg.name
   }
 }
 
@@ -10,8 +10,9 @@ locals {
 ##########
 module "networking" {
   source         = "./modules/network"
-  location       = data.azurerm_resource_group.dev.location
-  resource_group = data.azurerm_resource_group.dev.name
+  name           = var.name
+  location       = data.azurerm_resource_group.rg.location
+  resource_group = data.azurerm_resource_group.rg.name
   vnetcidr       = local.network.config.vnetcidr
   websubnetcidr  = local.network.config.websubnetcidr
   appsubnetcidr  = local.network.config.appsubnetcidr
@@ -26,8 +27,9 @@ module "networking" {
 
 module "securitygroup" {
   source         = "./modules/security"
-  location       = data.azurerm_resource_group.dev.location
-  resource_group = data.azurerm_resource_group.dev.name
+  name           = var.name
+  location       = data.azurerm_resource_group.rg.location
+  resource_group = data.azurerm_resource_group.rg.name
   web_subnet_id  = module.networking.websubnet_id
   app_subnet_id  = module.networking.appsubnet_id
   db_subnet_id   = module.networking.dbsubnet_id
@@ -37,8 +39,9 @@ module "securitygroup" {
 
 module "app_gateway" {
   source                  = "./modules/app_gateway"
-  resource_group_location = data.azurerm_resource_group.dev.location
-  resource_group_name     = data.azurerm_resource_group.dev.name
+  name                    = var.name
+  resource_group_location = data.azurerm_resource_group.rg.location
+  resource_group_name     = data.azurerm_resource_group.rg.name
 
   blob_endpoint = module.storage.primary_web_host
   web-subnet    = module.networking.lbsubnet_id
@@ -55,8 +58,9 @@ module "app_gateway" {
 
 module "storage" {
   source          = "./modules/storage"
-  location        = data.azurerm_resource_group.dev.location
-  resource_group  = data.azurerm_resource_group.dev.name
+  name            = var.name
+  location        = data.azurerm_resource_group.rg.location
+  resource_group  = data.azurerm_resource_group.rg.name
   env             = local.environment
   management_tags = local.management_tags
   app_gateway_ip  = module.app_gateway.app_gateway_ip
@@ -68,18 +72,22 @@ module "storage" {
 ##########
 
 module "ocr_api" {
-  source         = "./modules/app_service"
-  location       = local.init.location
-  resource_group = data.azurerm_resource_group.dev.name
-  app_subnet_id  = module.networking.lbsubnet_id
-  env            = local.environment
-  vnet           = module.networking.network_name
+  source               = "./modules/app_service"
+  name                 = var.name
+  location             = local.init.location
+  resource_group       = data.azurerm_resource_group.rg.name
+  docker_tag           = var.docker_tag
+  docker_registry_path = var.docker_registry_path
+  docker_registry_url  = var.docker_registry_url
+  app_subnet_id        = module.networking.lbsubnet_id
+  env                  = local.environment
+  vnet                 = module.networking.network_name
 }
 
 # module "compute" {
 #   source         = "./modules/container_instances"
-#   location       = data.azurerm_resource_group.test.location
-#   resource_group = data.azurerm_resource_group.test.name
+#   location       = data.azurerm_resource_group.rg.location
+#   resource_group = data.azurerm_resource_group.rg.name
 #   environment    = local.environment
 #   app_subnet     = module.networking.appsubnet_id
 #   # web_subnet_id   = module.networking.websubnet_id

diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf
@@ -1,5 +1,5 @@
 resource "azurerm_public_ip" "lb-pip" {
-  name                = "reportvision-pip-lb-${var.env}"
+  name                = "${var.name}-pip-lb-${var.env}"
   resource_group_name = var.resource_group_name
   location            = var.resource_group_location
   allocation_method   = "Static"
@@ -10,25 +10,25 @@ resource "azurerm_public_ip" "lb-pip" {
 
 # since these variables are re-used - a locals block makes this more maintainable
 locals {
-  backend_address_pool_name_static = "${var.vnet-name}-beap-static"
-  backend_address_pool_name_api    = "${var.vnet-name}-beap-api"
-  frontend_port_name_api           = "${var.vnet-name}-feport-api"
-  frontend_port_name_static        = "${var.vnet-name}-feport-static"
-  frontend_ip_configuration_name   = "${var.vnet-name}-feip"
-  http_setting_name_static         = "${var.vnet-name}-be-htst-static"
-  http_setting_name_api            = "${var.vnet-name}-be-htst-api"
-  listener_name_static             = "${var.vnet-name}-httplstn-static"
-  listener_name_api                = "${var.vnet-name}-httplstn-api"
-  request_routing_rule_name_api    = "${var.vnet-name}-rqrt-api"
-  request_routing_rule_name_static = "${var.vnet-name}-rqrt-static"
-  redirect_configuration_name      = "${var.vnet-name}-rdrcfg"
-  static_probe_name_app            = "${var.vnet-name}-be-probe-app-static"
-  api_probe_name_app               = "${var.vnet-name}-be-probe-app-api"
-  redirect_rule                    = "${var.vnet-name}-redirect"
+  backend_address_pool_name_static = "${var.name}-${var.env}-beap-static"
+  backend_address_pool_name_api    = "${var.name}-${var.env}-beap-api"
+  frontend_port_name_api           = "${var.name}-${var.env}-feport-api"
+  frontend_port_name_static        = "${var.name}-${var.env}-feport-static"
+  frontend_ip_configuration_name   = "${var.name}-${var.env}-feip"
+  http_setting_name_static         = "${var.name}-${var.env}-be-htst-static"
+  http_setting_name_api            = "${var.name}-${var.env}-be-htst-api"
+  listener_name_static             = "${var.name}-${var.env}-httplstn-static"
+  listener_name_api                = "${var.name}-${var.env}-httplstn-api"
+  request_routing_rule_name_api    = "${var.name}-${var.env}-rqrt-api"
+  request_routing_rule_name_static = "${var.name}-${var.env}-rqrt-static"
+  redirect_configuration_name      = "${var.name}-${var.env}-rdrcfg"
+  static_probe_name_app            = "${var.name}-${var.env}-be-probe-app-static"
+  api_probe_name_app               = "${var.name}-${var.env}-be-probe-app-api"
+  redirect_rule                    = "${var.name}-${var.env}-redirect"
 }
 
 resource "azurerm_application_gateway" "load_balancer" {
-  name                = "reportvision-appgateway-${var.env}"
+  name                = "${var.name}-appgateway-${var.env}"
   resource_group_name = var.resource_group_name
   location            = var.resource_group_location
 
@@ -39,7 +39,7 @@ resource "azurerm_application_gateway" "load_balancer" {
   }
 
   gateway_ip_configuration {
-    name      = "reportvision-gateway-ip-configuration"
+    name      = "${var.name}-gateway-ip-configuration"
     subnet_id = var.web-subnet
   }
 
@@ -84,7 +84,7 @@ resource "azurerm_application_gateway" "load_balancer" {
     port                                = 80
     protocol                            = "Http"
     request_timeout                     = 120
-    path                                = "/api"
+    path                                = "/"
     pick_host_name_from_backend_address = true
     probe_name                          = local.api_probe_name_app
   }
@@ -154,31 +154,31 @@ resource "azurerm_application_gateway" "load_balancer" {
 
 
   url_path_map {
-    name                               = "${var.vnet-name}-urlmap"
+    name                               = "${var.name}-${var.env}-urlmap"
     default_backend_address_pool_name  = local.backend_address_pool_name_static
     default_backend_http_settings_name = local.http_setting_name_static
-    default_rewrite_rule_set_name      = "mde-routing"
+    default_rewrite_rule_set_name      = "${var.name}-routing"
 
     path_rule {
       name                       = "api"
-      paths                      = ["/api/*", "/api"]
+      paths                      = ["/*", "/"]
       backend_address_pool_name  = local.backend_address_pool_name_api
       backend_http_settings_name = local.http_setting_name_api
       // this is the default, why would we set it again?
       // because if we don't do this we get 404s on API calls
-      rewrite_rule_set_name = "mde-routing"
+      rewrite_rule_set_name = "${var.name}-routing"
     }
   }
   rewrite_rule_set {
-    name = "mde-routing"
+    name = "${var.name}-routing"
 
     rewrite_rule {
       name          = "api-wildcard"
       rule_sequence = 101
       condition {
         ignore_case = true
         negate      = false
-        pattern     = ".*api/(.*)"
+        pattern     = "./(.*)"
         variable    = "var_uri_path"
       }
 

diff --git a/ops/terraform/modules/app_gateway/variables.tf b/ops/terraform/modules/app_gateway/variables.tf
@@ -1,7 +1,4 @@
-variable "vnet-name" {
-  type    = string
-  default = "reportvision-dev"
-}
+variable "name" {}
 variable "resource_group_name" {}
 variable "resource_group_location" {}
 variable "web-subnet" {}

diff --git a/ops/terraform/modules/app_service/main.tf b/ops/terraform/modules/app_service/main.tf
@@ -3,15 +3,15 @@ locals {
 }
 
 resource "azurerm_service_plan" "asp" {
-  name                = "${var.name_ocr}-appserviceplan-${var.env}"
+  name                = "${var.name}-ocr-appserviceplan-${var.env}"
   location            = var.location
   os_type             = "Linux"
   resource_group_name = var.resource_group
   sku_name            = var.sku_name
 }
 
 resource "azurerm_linux_web_app" "linux_webapp" {
-  name                          = "${var.name_ocr}-${var.env}"
+  name                          = "${var.name}-ocr-${var.env}"
   https_only                    = var.https_only
   location                      = var.location
   resource_group_name           = var.resource_group
@@ -33,10 +33,10 @@ resource "azurerm_linux_web_app" "linux_webapp" {
     ftps_state                        = "Disabled"
     vnet_route_all_enabled            = false
 
-    # application_stack {
-    #   docker_image_name   = "cdcgov/reportvision-ocr-api:derek-main-dev"
-    #   docker_registry_url = "https://ghcr.io"
-    # }
+    application_stack {
+      docker_image_name   = "${var.docker_registry_path}:${var.docker_tag}"
+      docker_registry_url = var.docker_registry_url
+    }
 
     ip_restriction {
       virtual_network_subnet_id = var.app_subnet_id

diff --git a/ops/terraform/modules/app_service/variables.tf b/ops/terraform/modules/app_service/variables.tf
@@ -1,23 +1,22 @@
 variable "env" {}
+variable "name" {}
 variable "resource_group" {}
 variable "location" {}
-variable "name_ocr" {
-  default = "reportvision-ocr-api"
-}
+
 variable "app_subnet_id" {}
 variable "sku_name" {
   default = "P1v3"
 }
 
-variable "az_account" {
-  default = "reportvision"
-}
 
 variable "https_only" {
   type    = bool
   default = false
 }
 variable "vnet" {}
+variable "docker_tag" {}
+variable "docker_registry_path" {}
+variable "docker_registry_url" {}
 variable "app_settings" {
   type        = map(string)
   default     = {}

diff --git a/ops/terraform/modules/compute/variables.tf b/ops/terraform/modules/compute/variables.tf
@@ -1,4 +1,5 @@
 variable "resource_group" {}
+variable "name" {}
 variable "location" {}
 variable "web_subnet_id" {}
 variable "app_subnet_id" {}

diff --git a/ops/terraform/modules/container_instances/main.tf b/ops/terraform/modules/container_instances/main.tf
@@ -1,5 +1,5 @@
 resource "azurerm_container_group" "example" {
-  name                = "reportvision-ocr"
+  name                = "${var.name}-cg"
   location            = var.location
   resource_group_name = var.resource_group
   ip_address_type     = "Private"

diff --git a/ops/terraform/modules/container_instances/variables.tf b/ops/terraform/modules/container_instances/variables.tf
@@ -1,4 +1,5 @@
 variable "environment" {}
+variable "name" {}
 variable "resource_group" {}
 variable "location" {}
 variable "app_subnet" {}
diff --git a/ops/terraform/modules/network/main.tf b/ops/terraform/modules/network/main.tf
@@ -1,12 +1,12 @@
 resource "azurerm_virtual_network" "vnet" {
-  name                = "reportvision-vnet-${var.env}"
+  name                = "${var.name}-vnet-${var.env}"
   resource_group_name = var.resource_group
   location            = var.location
   address_space       = [var.vnetcidr]
 }
 
 resource "azurerm_subnet" "web-subnet" {
-  name                 = "reportvision-web-subnet-${var.env}"
+  name                 = "${var.name}-web-subnet-${var.env}"
   virtual_network_name = azurerm_virtual_network.vnet.name
   resource_group_name  = var.resource_group
   address_prefixes     = [var.websubnetcidr]
@@ -15,7 +15,7 @@ resource "azurerm_subnet" "web-subnet" {
 }
 
 resource "azurerm_subnet" "app-subnet" {
-  name                 = "reportvision-app-subnet-${var.env}"
+  name                 = "${var.name}-app-subnet-${var.env}"
   virtual_network_name = azurerm_virtual_network.vnet.name
   resource_group_name  = var.resource_group
   address_prefixes     = [var.appsubnetcidr]
@@ -31,15 +31,15 @@ resource "azurerm_subnet" "app-subnet" {
 }
 
 resource "azurerm_subnet" "lb-subnet" {
-  name                 = "reportvision-lb-subnet-${var.env}"
+  name                 = "${var.name}-lb-subnet-${var.env}"
   virtual_network_name = azurerm_virtual_network.vnet.name
   resource_group_name  = var.resource_group
   address_prefixes     = [var.lbsubnetcidr]
   depends_on           = [azurerm_virtual_network.vnet]
 }
 
 resource "azurerm_subnet" "db-subnet" {
-  name                 = "reportvision-db-subnet-${var.env}"
+  name                 = "${var.name}-db-subnet-${var.env}"
   virtual_network_name = azurerm_virtual_network.vnet.name
   resource_group_name  = var.resource_group
   address_prefixes     = [var.dbsubnetcidr]

diff --git a/ops/terraform/modules/network/variables.tf b/ops/terraform/modules/network/variables.tf
@@ -1,4 +1,5 @@
 variable "resource_group" {}
+variable "name" {}
 variable "location" {}
 variable "vnetcidr" {}
 variable "websubnetcidr" {}

diff --git a/ops/terraform/modules/security/main.tf b/ops/terraform/modules/security/main.tf
@@ -1,5 +1,5 @@
 resource "azurerm_network_security_group" "web-nsg" {
-  name                = "reportvision-web-nsg-${var.env}"
+  name                = "${var.name}-web-nsg-${var.env}"
   location            = var.location
   resource_group_name = var.resource_group
 

diff --git a/ops/terraform/modules/security/variables.tf b/ops/terraform/modules/security/variables.tf
@@ -1,4 +1,5 @@
 variable "location" {}
+variable "name" {}
 variable "env" {}
 variable "resource_group" {}
 variable "web_subnet_id" {}

diff --git a/ops/terraform/modules/storage/main.tf b/ops/terraform/modules/storage/main.tf
@@ -4,7 +4,7 @@ resource "azurerm_storage_account" "frontend" {
   account_kind               = "StorageV2"
   location                   = var.location
   resource_group_name        = var.resource_group
-  name                       = "reportvisionfrontend${var.env}"
+  name                       = "${var.name}frontend${var.env}"
   https_traffic_only_enabled = false
 
   static_website {