WIP

frontierhq · Dec 22, 2023 · e31f204 · e31f204
1 parent 0d446e9
commit e31f204
Show file tree

Hide file tree

Showing 32 changed files with 687 additions and 0 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{json,yaml,yml}]
+indent_size = 2
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+* text=auto
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,39 @@
+---
+name: CI
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Configure git
+        run: |
+          git config --global url."https://x-oauth-basic:${{ secrets.GITHUB_TOKEN }}@github.com/frontierdigital".insteadOf https://github.com/frontierdigital
+      - id: get_python_version
+        name: Get Python version
+        run: |
+          set -euo pipefail
+
+          python_version=$(cat ${GITHUB_WORKSPACE}/.python-version)
+          echo "Python version: ${python_version}"
+          echo "python_version=$python_version" >> "$GITHUB_OUTPUT"
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ steps.get_python_version.outputs.python_version }}
+      - name: Setup pipenv
+        run: python -m pip install --upgrade pipenv wheel
+      - id: cache-pipenv
+        uses: actions/cache@v3
+        with:
+          path: ~/.local/share/virtualenvs
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }}-ci
+      - name: Install
+        if: steps.cache-pipenv.outputs.cache-hit != 'true'
+        run: make install_ci
+      - name: Test
+        run: make test
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,12 @@
+# ide
+.env
+.vscode
+
+# python
+.venv
+__pycache__
+
+# terraform
+.terraform
+
+# other
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,16 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: check-added-large-files
+      - id: detect-private-key
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+  - repo: https://[email protected]/frontierdigital/Shared/_git/pre-commit-hooks
+    rev: "1"
+    hooks:
+      - id: pipenv-verify
+      - id: make-test
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.11
diff --git a/.tfswitchrc b/.tfswitchrc
@@ -0,0 +1 @@
+1.5.5
diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -0,0 +1,9 @@
+---
+extends: default
+
+ignore:
+  - .venv/
+
+rules:
+  line-length: false
+  truthy: false
diff --git a/Makefile b/Makefile
@@ -0,0 +1,18 @@
+clean:
+	pipenv run python -c "import shutil; shutil.rmtree('test/.terraform')"
+
+install:
+	pipenv install --dev
+	pipenv run pre-commit install
+
+install_ci:
+	pipenv sync
+
+test: test.lint test.script
+
+test.lint:
+	pipenv run flake8 scripts
+	pipenv run yamllint .
+
+test.script:
+	pipenv run python scripts/test.py
diff --git a/Pipfile b/Pipfile
@@ -0,0 +1,15 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+python-terraform = "~=0.10.1"
+
+[dev-packages]
+flake8 = "~=6.1.0"
+yamllint = "~=1.32.0"
+pre-commit = "~=3.4.0"
+
+[requires]
+python_version = "3.11"
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/README.rst b/README.rst
diff --git a/modules/key-vault/VERSION b/modules/key-vault/VERSION
@@ -0,0 +1 @@
+1.0
diff --git a/modules/key-vault/src/locals.tf b/modules/key-vault/src/locals.tf
@@ -0,0 +1,15 @@
+locals {
+  identifier = replace(lower(var.identifier), "/[^a-z1-9]/", "")
+
+  short_locations = {
+    "uksouth" = "uks"
+    "ukwest"  = "ukw"
+  }
+
+  tags = {
+    Environment     = var.environment
+    WorkloadName    = var.workload_name
+    WorkloadType    = var.workload_type
+    WorkloadVersion = var.workload_version
+  }
+}
diff --git a/modules/key-vault/src/main.tf b/modules/key-vault/src/main.tf
@@ -0,0 +1,34 @@
+resource "azurerm_key_vault" "main" {
+  name                = "kv-${var.zone}-${var.environment}-${lookup(local.short_locations, var.location)}-${local.identifier}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  enable_rbac_authorization  = true
+  sku_name                   = var.sku_name
+  tenant_id                  = var.tenant_id
+  purge_protection_enabled   = var.purge_protection_enabled
+  soft_delete_retention_days = var.soft_delete_retention_days
+
+  network_acls {
+    bypass                     = var.bypass
+    default_action             = var.default_action
+    ip_rules                   = var.ip_rules
+    virtual_network_subnet_ids = var.virtual_network_subnet_ids
+  }
+
+  tags = merge(var.tags, local.tags)
+}
+
+resource "azurerm_monitor_diagnostic_setting" "main" {
+  name                       = "log-analytics"
+  target_resource_id         = azurerm_key_vault.main.id
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+
+  enabled_log {
+    category_group = "audit"
+  }
+
+  metric {
+    category = "AllMetrics"
+  }
+}
diff --git a/modules/key-vault/src/outputs.tf b/modules/key-vault/src/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+  value = azurerm_key_vault.main.id
+}
+
+output "name" {
+  value = azurerm_key_vault.main.name
+}