stash

Altinn · Sep 11, 2024 · 97292a6 · 97292a6
1 parent 32e3b45
commit 97292a6
Show file tree

Hide file tree

Showing 43 changed files with 671 additions and 158 deletions.
diff --git a/infrastructure/.gitignore → .gitignore b/infrastructure/.gitignore → .gitignore
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,35 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            // Use IntelliSense to find out which attributes exist for C# debugging
+            // Use hover for the description of the existing attributes
+            // For further information visit https://github.com/dotnet/vscode-csharp/blob/main/debugger-launchjson.md.
+            "name": ".NET Core Launch (web)",
+            "type": "coreclr",
+            "request": "launch",
+            "preLaunchTask": "build",
+            // If you have changed target frameworks, make sure to update the program path.
+            "program": "${workspaceFolder}/src/apps/Altinn.HelloWorld/src/Altinn.HelloWorld/bin/Debug/net8.0/Altinn.HelloWorld.dll",
+            "args": [],
+            "cwd": "${workspaceFolder}/src/apps/Altinn.HelloWorld/src/Altinn.HelloWorld",
+            "stopAtEntry": false,
+            // Enable launching a web browser when ASP.NET Core starts. For more information: https://aka.ms/VSCode-CS-LaunchJson-WebBrowser
+            "serverReadyAction": {
+                "action": "openExternally",
+                "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
+            },
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "Development"
+            },
+            "sourceFileMap": {
+                "/Views": "${workspaceFolder}/Views"
+            }
+        },
+        {
+            "name": ".NET Core Attach",
+            "type": "coreclr",
+            "request": "attach"
+        }
+    ]
+}
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -0,0 +1,41 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "build",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "build",
+                "${workspaceFolder}/src/apps/Altinn.HelloWorld/Altinn.HelloWorld.sln",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary;ForceNoAlign"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "publish",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "publish",
+                "${workspaceFolder}/src/apps/Altinn.HelloWorld/Altinn.HelloWorld.sln",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary;ForceNoAlign"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "watch",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "watch",
+                "run",
+                "--project",
+                "${workspaceFolder}/src/apps/Altinn.HelloWorld/Altinn.HelloWorld.sln"
+            ],
+            "problemMatcher": "$msCompile"
+        }
+    ]
+}
diff --git a/infrastructure/modules/app_configuration/main.tf b/infrastructure/modules/app_configuration/main.tf
@@ -0,0 +1,5 @@
+resource "azurerm_app_configuration" "app_configuration" {
+  name                = "appconf${var.metadata.suffix}"
+  resource_group_name = var.location
+  location            = var.location
+}
diff --git a/infrastructure/modules/app_configuration/variables.tf b/infrastructure/modules/app_configuration/variables.tf
@@ -0,0 +1,29 @@
+variable "metadata" {
+  type = object({
+    name         = string
+    environment  = string
+    instance     = string
+    suffix       = string
+    default_tags = map(string)
+  })
+}
+
+variable "resource_group_name" {
+  type = string
+}
+
+variable "location" {
+  type = string
+}
+
+variable "secrets" {
+
+}
+
+variable "variables" {
+
+}
+
+variable "feature_flags" {
+
+}
diff --git a/infrastructure/modules/application_insights/main.tf b/infrastructure/modules/application_insights/main.tf
@@ -1,18 +1,22 @@
-data "azurerm_resource_group" "rg" {
-  name = var.resource_group_name
-}
-
 resource "azurerm_log_analytics_workspace" "log" {
   name                = "log${var.metadata.suffix}"
-  resource_group_name = data.azurerm_resource_group.rg.name
-  location            = data.azurerm_resource_group.rg.location
+  resource_group_name = var.resource_group_name
+  location            = var.location
   sku                 = "PerGB2018"
   retention_in_days   = 30
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "azurerm_application_insights" "ai" {
   name                = "ai${var.metadata.suffix}"
   application_type    = "web"
-  resource_group_name = data.azurerm_resource_group.rg.name
-  location            = data.azurerm_resource_group.rg.location
+  resource_group_name = var.resource_group_name
+  location            = var.location
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
diff --git a/infrastructure/modules/application_insights/variables.tf b/infrastructure/modules/application_insights/variables.tf
@@ -11,3 +11,7 @@ variable "metadata" {
 variable "resource_group_name" {
   type = string
 }
+
+variable "location" {
+  type = string
+}
diff --git a/infrastructure/modules/container_app/main.tf b/infrastructure/modules/container_app/main.tf
@@ -4,6 +4,7 @@ resource "azurerm_container_app" "app" {
   container_app_environment_id = var.container_app_environment_id
   resource_group_name          = var.resource_group_name
   revision_mode                = "Single"
+  workload_profile_name        = "basic"
 
   ingress {
     allow_insecure_connections = false
@@ -15,19 +16,13 @@ resource "azurerm_container_app" "app" {
     }
   }
 
-  registry {
-    server = "docker.io"
-  }
-
   template {
     container {
-      name   = "test"
-      image  = "hello-world:latest"
+      name   = "yolo"
+      image  = "docker.io/boxboat/hello-world-webapp:latest"
       cpu    = 0.25
       memory = "0.5Gi"
     }
   }
-
-  tags = var.metadata.default_tags
 }
 
diff --git a/infrastructure/modules/container_app/variables.tf b/infrastructure/modules/container_app/variables.tf
@@ -1,14 +1,4 @@
 
-variable "metadata" {
-  type = object({
-    name         = string
-    environment  = string
-    instance     = string
-    suffix       = string
-    default_tags = map(string)
-  })
-}
-
 variable "resource_group_name" {
   type = string
 }

diff --git a/infrastructure/modules/container_app_environment/main.tf b/infrastructure/modules/container_app_environment/main.tf
@@ -1,15 +1,10 @@
-data "azurerm_resource_group" "rg" {
-  name = var.resource_group_name
-}
-
 resource "azurerm_container_app_environment" "environment" {
   name                       = "caenv${var.metadata.suffix}"
-  resource_group_name        = data.azurerm_resource_group.rg.name
-  location                   = data.azurerm_resource_group.rg.location
+  resource_group_name        = var.resource_group_name
+  location                   = var.location
   log_analytics_workspace_id = var.log_analytics_workspace_id
 
-  internal_load_balancer_enabled = true
-  infrastructure_subnet_id       = var.subnet_id
+  infrastructure_subnet_id = var.subnet_id
 
   workload_profile {
     name                  = "basic"
@@ -19,4 +14,8 @@ resource "azurerm_container_app_environment" "environment" {
   }
 
   tags = var.metadata.default_tags
+
+  lifecycle {
+    # prevent_destroy = true
+  }
 }
diff --git a/infrastructure/modules/container_app_environment/variables.tf b/infrastructure/modules/container_app_environment/variables.tf
@@ -12,6 +12,10 @@ variable "resource_group_name" {
   type = string
 }
 
+variable "location" {
+  type = string
+}
+
 variable "subnet_id" {
   type = string
 }

diff --git a/infrastructure/modules/container_registry/main.tf b/infrastructure/modules/container_registry/main.tf
@@ -1,13 +1,9 @@
-data "azurerm_resource_group" "rg" {
-  name = var.resource_group_name
-}
-
 resource "azurerm_container_registry" "acr" {
   name                = "acr${var.metadata.suffix}"
   resource_group_name = var.resource_group_name
-  location            = data.azurerm_resource_group.rg.location
-  sku                 = "Standard"
-  admin_enabled       = false
+  location            = var.location
+  sku                 = "Premium"
+  admin_enabled       = true
 
   anonymous_pull_enabled        = false
   public_network_access_enabled = true

diff --git a/infrastructure/modules/container_registry/variables.tf b/infrastructure/modules/container_registry/variables.tf
@@ -12,3 +12,7 @@ variable "resource_group_name" {
   type = string
 }
 
+variable "location" {
+  type = string
+}
+
diff --git a/infrastructure/modules/dns/main.tf b/infrastructure/modules/dns/main.tf
@@ -9,26 +9,30 @@ locals {
   })
 }
 
-data "azurerm_resource_group" "rg" {
-  name = var.resource_group_name
-}
-
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone
 resource "azurerm_private_dns_zone" "dns" {
   name                = each.value
-  resource_group_name = data.azurerm_resource_group.rg.name
+  resource_group_name = var.resource_group_name
+
+  lifecycle {
+    prevent_destroy = true
+  }
 
   for_each = local.zones
 }
 
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link
 resource "azurerm_private_dns_zone_virtual_network_link" "dns" {
   name                  = each.key
+  resource_group_name   = var.resource_group_name
   private_dns_zone_name = azurerm_private_dns_zone.dns[each.key].name
 
   virtual_network_id   = var.vnet_id
-  resource_group_name  = data.azurerm_resource_group.rg.name
   registration_enabled = false
 
+  lifecycle {
+    prevent_destroy = true
+  }
+
   for_each = local.zones
 }
diff --git a/infrastructure/modules/key_vault/main.tf b/infrastructure/modules/key_vault/main.tf
@@ -1,29 +1,25 @@
 data "azurerm_client_config" "current" {}
 
-# https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#security
-data "azurerm_role_definition" "key_vault_administrator" {
-  role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483"
-}
-
-data "azurerm_resource_group" "rg" {
-  name = var.resource_group_name
-}
-
 resource "random_string" "key_vault_name_prefix" {
   length  = 4
   lower   = true
   numeric = false
   upper   = false
   special = false
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault
 resource "azurerm_key_vault" "key_vault" {
-  name                      = "kv${random_string.key_vault_name_prefix.result}${var.metadata.suffix}"
-  resource_group_name       = data.azurerm_resource_group.rg.name
-  tenant_id                 = data.azurerm_client_config.current.tenant_id
+  name                = "kv${random_string.key_vault_name_prefix.result}${var.metadata.suffix}"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  tenant_id           = var.tenant_id
+
   sku_name                  = "standard"
-  location                  = data.azurerm_resource_group.rg.location
   enable_rbac_authorization = true
   purge_protection_enabled  = true
 
@@ -34,23 +30,31 @@ resource "azurerm_key_vault" "key_vault" {
     bypass         = "AzureServices"
     default_action = "Allow"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment
 resource "azurerm_role_assignment" "key_vault_administrator" {
   scope                = azurerm_key_vault.key_vault.id
   principal_id         = data.azurerm_client_config.current.object_id
-  role_definition_name = data.azurerm_role_definition.key_vault_administrator.name
+  role_definition_name = "Key Vault Administrator" # https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#security
 }
 
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint
 resource "azurerm_private_endpoint" "key_vault" {
   name                          = "pe${azurerm_key_vault.key_vault.name}"
-  location                      = data.azurerm_resource_group.rg.location
-  resource_group_name           = data.azurerm_resource_group.rg.name
+  location                      = var.location
+  resource_group_name           = var.resource_group_name
   subnet_id                     = var.subnet_id
   custom_network_interface_name = "nic${azurerm_key_vault.key_vault.name}"
 
+  lifecycle {
+    prevent_destroy = true
+  }
+
   private_service_connection {
     name                           = azurerm_key_vault.key_vault.name
     private_connection_resource_id = azurerm_key_vault.key_vault.id

diff --git a/infrastructure/modules/key_vault/variables.tf b/infrastructure/modules/key_vault/variables.tf
@@ -12,6 +12,14 @@ variable "resource_group_name" {
   type = string
 }
 
+variable "location" {
+  type = string
+}
+
+variable "tenant_id" {
+  type = string
+}
+
 variable "subnet_id" {
   type = string
 }