Skip to content

Commit

Permalink
readme: copy existing content
Browse files Browse the repository at this point in the history
  • Loading branch information
@julie-ng
julie-ng committed Aug 28, 2020
1 parent d2bfd17 commit 6b405b1
Showing 1 changed file with 50 additions and 5 deletions.
55 changes: 50 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,54 @@ _Credit: [icons by Smashicons](https://www.flaticon.com/authors/smashicons)_
## Prerequisites

- An Azure subscription
- Logged in via `az login`
- `Owner` rights on your subscription
- An Azure DevOps Organization
- Terraform

### Warning - run locally only!

⚠️ Run this *only locally* on your machine. It outputs service principal secrets, which you will need for CI/CD workflows

## Usage

To run the demo, follow these steps:
### Configure Azure Backend for Terraform

#### 1. Create Storage Account

We will save our Terraform state in Azure Blob Storage

1. Create a storage account to hold Terraform state for this project. Be sure to [disable public read access](https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal).
1. Generate [SAS token](https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature) for this storage account
1. Create [Blob Storage container](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction#containers), e.g. `workspaces`, `projects`

#### 2. Configure Terraform

Create an `azure.conf` file, using `azure.conf.sample` as a template, filling in the placeholders iwth your values.

```
storage_account_name="azurestorageaccountname"
container_name="storagecontainername"
key="project.tfstate"
sas_token="?sv=2019-12-12…"
```

#### 3. Terraform Init with Config

Run `init` with our config.

```
terraform init -backend-config=./azure.conf
```

#### 4. Happy Terraforming


```
terraform plan
terraform apply
```

1.
2.
3.

## Resources

Expand All @@ -50,4 +87,12 @@ This demo was created with ♥ by the FastTrack engineer [julie-ng](https:/

## Code of Conduct

If you want to contribute, please first read the Microsoft [Code of Conduct →](./.github/CODE_OF_CONDUCT.md)
If you want to contribute, please first read the Microsoft [Code of Conduct →](./.github/CODE_OF_CONDUCT.md)


## Todo

- [ ] Save service principal secrets to Key Vault instead of outputting them
- [ ] Create custom "Terraform Contributor" role for service principal so that it can also assign RBAC. Example use case is AAD Pod Identity
- [ ] Create `.azcli` account for setting up intiial Storage container for Terraform state file
- [ ] Add instructions to run locally without remote state file

0 comments on commit 6b405b1

Please sign in to comment.