Terraform module for adding management locks to resources.
scope - the id (URN) wherefore to create the lock. This can be a subscription, resource group or resource.
name - name of the lock. Must be unique scope-wide, will be prefixed by lock-.
lock_level - lock level, defaults to CanNotDelete.
provider "azurerm" {
features {}
}
module "resource_deletion_locks" {
source = "[email protected]:dsb-norge/tf-mod-azure-mgmt-lock.git?ref=v0"
protected_resources = {
"scope-unique-resource-name" = {
"id" = provider_resource.my_resource.id
"name" = provider_resource.my_resource.name
"lock_level" = "CanNotDelete"
}
}
app_name = "CanNotDelete locks for k8s resources"
created_by = "https://github.com/my-org/my-tf-project"
}This module uses semantic versioning.
# Init project, run fmt and validate
terraform init -reconfigure
terraform fmt -check -recursive
terraform validate
# Lint with TFLint, calling script from https://github.com/dsb-norge/terraform-tflint-wrappers
alias lint='curl -s https://raw.githubusercontent.com/dsb-norge/terraform-tflint-wrappers/main/tflint_linux.sh | bash -s --'
lint# go1.17+
go install github.com/terraform-docs/[email protected]
export PATH=$PATH:$(go env GOPATH)/bin
terraform-docs markdown table --output-file README.md .After merge of PR to main use tags to release.
Use semantic versioning, see semver.org. Always push tags and add tag annotations.
Example of patch release v0.0.4:
git checkout origin/main
git pull origin main
git tag -a 'v0.0.4' # add patch tag, add change description
git tag -f -a 'v0.0' # move the minor tag, amend the change description
git tag -f -a 'v0' # move the major tag, amend the change description
git push -f --tags # force push the new tagsExample of major release v1.0.0:
git checkout origin/main
git pull origin main
git tag -a 'v1.0.0' # add patch tag, add your change description
git tag -a 'v1.0' # add minor tag, add your change description
git tag -a 'v0' # add major tag, add your change description
git push --tags # push the new tagsNote: If you are having problems pulling main after a release, try to force fetch the tags: git fetch --tags -f.
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| azurerm | >= 3.0.0, < 5.0.0 |
| Name | Version |
|---|---|
| azurerm | 4.0.1 |
No modules.
| Name | Type |
|---|---|
| azurerm_management_lock.protected_resource_lock | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app_name | Name of application/domain using resources | string |
n/a | yes |
| created_by | the tf project managing the lock(s) | string |
n/a | yes |
| protected_resources | map of scope (URN/ID) and name for resources that should have a CanNotDelete lock | map(object({ |
n/a | yes |
| Name | Description |
|---|---|
| management_lock_ids | ids of the the management locks created by this module |