Skip to content

Add unattended terraform execution, centralize Service Principal check, exit on any errors#63

Merged
brooke-hamilton merged 9 commits intomainfrom
glennmusa/automatedtf
Mar 5, 2021
Merged

Add unattended terraform execution, centralize Service Principal check, exit on any errors#63
brooke-hamilton merged 9 commits intomainfrom
glennmusa/automatedtf

Conversation

@glennmusa
Copy link
Copy Markdown
Contributor

@glennmusa glennmusa commented Mar 5, 2021
edited
Loading

Description

See build/README.md on how to execute/demo this.

As of this writing, round-trip apply/destroy for everything under src/core takes ~35 minutes (most of it on Azure Firewall apply).

Changes:

  1. Adds apply_tf and destroy_tf

    These two scripts automate what a human currently does to deploy the terraform configurations at src/core in the repository.

    • The execution of these scripts assume that MLZ Configuration Resources have already been created as a MLZ Configuration file is passed as an argument. In a CI/CD scenario we would write this config file at execution time from known values.
    • The execution of these scripts require valid globals.tfvars and tier-X.tfvars as they are passed in as arguments. Today these are well known and stored outside of the repository. In a CI/CD scenario we would pull these files from some storage.

  2. Adds scripts/config/get_sp_identity.sh

    This script validates that Service Principal used by Terraform is available in the MLZ Configuration Resources Key Vault before attempting to use it to invoke terraform and deploy resources.

  3. Prepends all shell scripts in the solution with set -e

    • any error or non-zero exit code returned by scripts in this repo or any execution that this repo invokes (like Azure CLI and Terraform CLI) will exit the calling script immediately.

Issue reference

The issue this PR will close: #16, #62

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles or validates correctly
  • BASH scripts have been validated using shellcheck
  • All tests pass (manual and automated)
  • The documentation is updated to cover any new or changed features
  • Markdown files have been linted using the recommended linter. (See .vscode/extensions.json.)
  • Relevant issues are linked to this PR

brooke-hamilton
brooke-hamilton approved these changes Mar 5, 2021
View reviewed changes
Comment thread build/README.md
@brooke-hamilton brooke-hamilton merged commit dbbe8ba into main Mar 5, 2021
@brooke-hamilton brooke-hamilton deleted the glennmusa/automatedtf branch March 5, 2021 20:05
jwaltireland pushed a commit to ARPA-H/AzureMissionLZ that referenced this pull request Nov 14, 2024
@glennmusa
Add unattended terraform execution, centralize Service Principal chec…
4f8ba61 
…k, exit on any errors (Azure#63)

* add apply_tf and destroy_tf

* reverse order on apply

* use vars

* add helpers and refactor terraform commands

* exit if any subshell should error

* exit on errors

* add readme, shellcheck files

* clarify config generation

* Update README.md

Co-authored-by: Glenn Musa <glennmusa@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Breanna-Stryker Breanna-Stryker Awaiting requested review from Breanna-Stryker

@Phydeauxman Phydeauxman Awaiting requested review from Phydeauxman

1 more reviewer

@brooke-hamilton brooke-hamilton brooke-hamilton approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Users shouldn't be able to invoke scripts requiring AZ CLI if they cannot auth against it

2 participants

@glennmusa @brooke-hamilton