Merge pull request #1127 from equinor/terraform-structure-take3

terraform-strucuture-take
equinor · Dec 13, 2023 · 5e6ca72 · 5e6ca72
2 parents 4b6312a + 50adb62
commit 5e6ca72
Show file tree

Hide file tree

Showing 24 changed files with 126 additions and 178 deletions.
diff --git a/terraform/subscriptions/modules/networkmanager/main.tf b/terraform/subscriptions/modules/networkmanager/main.tf
@@ -11,25 +11,3 @@ resource "azurerm_network_manager" "networkmanager" {
 }
 
 
-# resource "azurerm_network_manager_network_group" "group" {
-#   name               = var.enviroment
-#   network_manager_id = var.network_manager_id
-#   description        = "Network Group for ${var.enviroment} virtual networks"
-# }
-
-# resource "azurerm_network_manager_connectivity_configuration" "config" {
-#   name                  = "Hub-and-Spoke-${var.enviroment}"
-#   description           = "Hub-and-Spoke config"
-#   network_manager_id    = var.network_manager_id
-#   connectivity_topology = "HubAndSpoke"
-
-#   applies_to_group {
-#     group_connectivity = "None"
-#     network_group_id   = azurerm_network_manager_network_group.group.id
-#   }
-
-#   hub {
-#     resource_id   = var.vnethub_id
-#     resource_type = "Microsoft.Network/virtualNetworks"
-#   }
-# }
diff --git a/terraform/subscriptions/modules/networkmanager/variables.tf b/terraform/subscriptions/modules/networkmanager/variables.tf
@@ -17,18 +17,3 @@ variable "subscription" {
   description = "The subscription ID"
   type        = string
 }
-
-# variable "enviroment" {
-#   description = "Enviroment (dev/playground/prod/c2)"
-#   type        = string
-# }
-
-# variable "network_manager_id" {
-#   description = "Specifies the ID of the Network Manager"
-#   type        = string
-# }
-
-# variable "vnethub_id" {
-#   description = "Specifies the resource ID used as hub in Hub And Spoke"
-#   type        = string
-# }
diff --git a/terraform/subscriptions/s940/c2/clusters/outputs.tf b/terraform/subscriptions/s940/c2/clusters/outputs.tf
@@ -1,3 +1,3 @@
-output "clusters" {
+output "data" {
   value = local.output
 }
diff --git a/terraform/subscriptions/s940/c2/common/common.tf b/terraform/subscriptions/s940/c2/common/common.tf
@@ -0,0 +1,6 @@
+locals {
+  outputs = {
+    location                  = "westeurope"
+    resource_group            = "common-westeurope"
+  }
+}
diff --git a/terraform/subscriptions/s940/c2/common/outputs.tf b/terraform/subscriptions/s940/c2/common/outputs.tf
@@ -1,3 +1,3 @@
-output "shared" {
-  value = local.shared
+output "data" {
+  value = local.outputs
 }
diff --git a/terraform/subscriptions/s940/c2/common/shared.tf b/terraform/subscriptions/s940/c2/common/shared.tf
diff --git a/terraform/subscriptions/s940/c2/networkmanager/backend.tf b/terraform/subscriptions/s940/c2/networkmanager/backend.tf
@@ -18,7 +18,7 @@ terraform {
 }
 
 provider "azurerm" {
-  subscription_id = local.external_outputs.common.shared.subscription_id
+  subscription_id = local.external_outputs.global.data.subscription_id
   features {
   }
 }
diff --git a/terraform/subscriptions/s940/c2/networkmanager/inputs.tf b/terraform/subscriptions/s940/c2/networkmanager/inputs.tf
@@ -1,5 +1,6 @@
 locals {
   external_outputs = {
+    global         = data.terraform_remote_state.global.outputs
     common         = data.terraform_remote_state.common.outputs
     networkmanager = data.terraform_remote_state.networkmanager.outputs
     virtualnetwork = data.terraform_remote_state.virtualnetwork.outputs
@@ -43,3 +44,10 @@ data "terraform_remote_state" "clusters" {
     local.backend,
   { key = "c2/clusters/terraform.tfstate" })
 }
+
+data "terraform_remote_state" "global" {
+  backend = "azurerm"
+  config = merge(
+    local.backend,
+  { key = "prod/globals/terraform.tfstate" })
+}
diff --git a/terraform/subscriptions/s940/c2/networkmanager/main.tf b/terraform/subscriptions/s940/c2/networkmanager/main.tf
@@ -1,34 +1,25 @@
 
 data "azurerm_subscription" "current" {}
 
-resource "azurerm_network_manager_network_group" "group" {
-  name               = local.external_outputs.clusters.outputs.clusters.enviroment
-  network_manager_id = local.external_outputs.networkmanager.outputs.networkmanager_id
-  description        = "Network Group for ${local.external_outputs.clusters.outputs.clusters.enviroment} virtual networks"
+module "azurerm_network_manager_network_group" {
+  source             = "../../../modules/networkmanager_networkgroup"
+  enviroment         = local.external_outputs.clusters.data.enviroment
+  network_manager_id = local.external_outputs.networkmanager.data.id
 }
 
-resource "azurerm_network_manager_connectivity_configuration" "config" {
-  name                  = "Hub-and-Spoke-${local.external_outputs.clusters.outputs.clusters.enviroment}"
-  description           = "Hub-and-Spoke config"
-  network_manager_id    = local.external_outputs.networkmanager.outputs.networkmanager_id
-  connectivity_topology = "HubAndSpoke"
-
-  applies_to_group {
-    group_connectivity = "None"
-    network_group_id   = azurerm_network_manager_network_group.group.id
-  }
-
-  hub {
-    resource_id   = local.external_outputs.virtualnetwork.outputs.vnethub_id
-    resource_type = "Microsoft.Network/virtualNetworks"
-  }
+module "azurerm_network_manager_connectivity_configuration" {
+  source             = "../../../modules/networkmanager_connectivity"
+  enviroment         = local.external_outputs.clusters.data.enviroment
+  network_manager_id = local.external_outputs.networkmanager.data.id
+  network_group_id   = module.azurerm_network_manager_network_group.data.id
+  vnethub_id         = local.external_outputs.virtualnetwork.data.id
 }
 
 resource "azurerm_policy_definition" "policy" {
-  name         = "Kubernetes-vnets-in-${local.external_outputs.clusters.outputs.clusters.enviroment}"
+  name         = "Kubernetes-vnets-in-${local.external_outputs.clusters.data.enviroment}"
   policy_type  = "Custom"
   mode         = "Microsoft.Network.Data"
-  display_name = "Kubernetes vnets in ${local.external_outputs.clusters.outputs.clusters.enviroment}"
+  display_name = "Kubernetes vnets in ${local.external_outputs.clusters.data.enviroment}"
 
   metadata = <<METADATA
     {
@@ -49,15 +40,15 @@ METADATA
           "allOf": [
             {
               "value": "[resourceGroup().Name]",
-              "contains": "${local.external_outputs.clusters.outputs.clusters.resource_group}"
+              "contains": "${local.external_outputs.clusters.data.resource_group}"
             },
             {
               "field": "location",
-              "contains": "${local.external_outputs.clusters.outputs.clusters.location}"
+              "contains": "${local.external_outputs.clusters.data.location}"
             },
             {
               "field": "Name",
-              "contains": "${local.external_outputs.clusters.outputs.clusters.enviroment}"
+              "contains": "${local.external_outputs.clusters.data.enviroment}"
             }
           ]
         }
@@ -66,23 +57,18 @@ METADATA
     "then": {
       "effect": "addToNetworkGroup",
       "details": {
-        "networkGroupId": "/subscriptions/${local.external_outputs.common.shared.subscription_id}/resourceGroups/clusters/providers/Microsoft.Network/networkManagers/${local.external_outputs.common.shared.AZ_SUBSCRIPTION_SHORTNAME}-ANVM/networkGroups/${local.external_outputs.clusters.outputs.clusters.enviroment}"
+        "networkGroupId": "/subscriptions/${local.external_outputs.global.data.subscription_id}/resourceGroups/clusters/providers/Microsoft.Network/networkManagers/${local.external_outputs.global.data.subscription_shortname}-ANVM/networkGroups/${local.external_outputs.clusters.data.enviroment}"
       }
     }
   }
   POLICY_RULE
 }
 
-resource "azurerm_subscription_policy_assignment" "assignment" {
-  display_name         = "Kubernetes-vnets-in-${local.external_outputs.clusters.outputs.clusters.enviroment}"
-  name                 = "8fc02786d3ad4dd7aa06e254"
-  location             = "eastus"
-  policy_definition_id = azurerm_policy_definition.policy.id
-  subscription_id      = data.azurerm_subscription.current.id
-  parameters           = jsonencode({})
-  identity {
-    identity_ids = []
-    type         = "SystemAssigned"
-  }
-
+module "azurerm_subscription_policy_assignment" {
+  source       = "../../../modules/policyassignment"
+  enviroment   = local.external_outputs.clusters.data.enviroment
+  location     = local.external_outputs.common.data.location
+  policy_id    = azurerm_policy_definition.policy.id
+  subscription = data.azurerm_subscription.current.id
 }
+
diff --git a/terraform/subscriptions/s940/c2/virtualnetwork/backend.tf b/terraform/subscriptions/s940/c2/virtualnetwork/backend.tf
@@ -18,7 +18,7 @@ terraform {
 }
 
 provider "azurerm" {
-  subscription_id = local.external_outputs.common.shared.subscription_id
+  subscription_id = local.external_outputs.global.data.subscription_id
   features {
   }
 }
diff --git a/terraform/subscriptions/s940/c2/virtualnetwork/input.tf b/terraform/subscriptions/s940/c2/virtualnetwork/input.tf
@@ -1,5 +1,6 @@
 locals {
   external_outputs = {
+    global   = data.terraform_remote_state.global.outputs
     common = data.terraform_remote_state.common.outputs
     clusters = data.terraform_remote_state.clusters.outputs
   }
@@ -25,4 +26,11 @@ data "terraform_remote_state" "clusters" {
   config = merge(
     local.backend,
   { key = "c2/clusters/terraform.tfstate" })
+}
+
+data "terraform_remote_state" "global" {
+  backend = "azurerm"
+  config = merge(
+    local.backend,
+  { key = "prod/globals/terraform.tfstate" })
 }
diff --git a/terraform/subscriptions/s940/c2/virtualnetwork/main.tf b/terraform/subscriptions/s940/c2/virtualnetwork/main.tf
@@ -1,5 +1,6 @@
 module "azurerm_virtual_network" {
   source     = "../../../modules/virtualnetwork"
-  location   = local.external_outputs.clusters.outputs.clusters.location
-  enviroment = local.external_outputs.clusters.outputs.clusters.enviroment
+  location   = local.external_outputs.clusters.data.location
+  enviroment = local.external_outputs.clusters.data.enviroment
 }
+
diff --git a/terraform/subscriptions/s940/common/backend.tf b/terraform/subscriptions/s940/common/backend.tf
diff --git a/terraform/subscriptions/s940/common/inputs.tf b/terraform/subscriptions/s940/common/inputs.tf
diff --git a/terraform/subscriptions/s940/common/outputs.tf b/terraform/subscriptions/s940/common/outputs.tf
diff --git a/terraform/subscriptions/s940/common/shared.tf b/terraform/subscriptions/s940/common/shared.tf
diff --git a/terraform/subscriptions/s940/prod/clusters/outputs.tf b/terraform/subscriptions/s940/prod/clusters/outputs.tf
@@ -1,3 +1,3 @@
-output "clusters" {
+output "data" {
   value = local.output
 }
diff --git a/terraform/subscriptions/s940/prod/networkmanager/backend.tf b/terraform/subscriptions/s940/prod/networkmanager/backend.tf
@@ -18,7 +18,7 @@ terraform {
 }
 
 provider "azurerm" {
-  subscription_id = local.external_outputs.common.shared.subscription_id
+  subscription_id = local.external_outputs.global.data.subscription_id
   features {
   }
 }
diff --git a/terraform/subscriptions/s940/prod/networkmanager/inputs.tf b/terraform/subscriptions/s940/prod/networkmanager/inputs.tf
@@ -2,6 +2,7 @@ locals {
   policy_notcontains_name = "c2"
 
   external_outputs = {
+    global   = data.terraform_remote_state.global.outputs
     common = data.terraform_remote_state.common.outputs
     networkmanager = data.terraform_remote_state.networkmanager.outputs
     virtualnetwork = data.terraform_remote_state.virtualnetwork.outputs
@@ -46,3 +47,10 @@ data "terraform_remote_state" "clusters" {
     local.backend,
   { key = "prod/clusters/terraform.tfstate" })
 }
+
+data "terraform_remote_state" "global" {
+  backend = "azurerm"
+  config = merge(
+    local.backend,
+  { key = "prod/globals/terraform.tfstate" })
+}