Skip to content
/ tf-mod-azure-terraform-state-container Public

Terraform module to manage terraform state containers in Azure

www.dsb.no

License

ISC license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dsb-norge/tf-mod-azure-terraform-state-container

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.vscode
.vscode
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
renovate.json
renovate.json
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

tf-mod-azure-terraform-state-container

Terraform module to manage terraform state containers in Azure

Resources

Where possible the resources are declared with lifecycle.prevent_destroy = true to prevent accidental deletion of resources.

The module creates the following resource types in Azure:

Resource type Example name Tags
Resource group rg2-ss1-my-first-web-app-terraform-dev X
Storage account strg2ss1mwatfdev X
Storage account network rule - -
Storage container terraform-remote-backend-state -

Note: Example names are based on the basic example further down.

Tags

The resource are tagged as follows:

Tag Value
ApplicationName var.application_name
CreatedBy var.created_by_tag
Environment var.environment_name
Description Hardcoded with var.application_friendly_description appended

Usage

Basic example

Example with minimum set of input parameters.

provider "azurerm" {
  features {}
}
module "terraform_state_container" {
  source = "[email protected]:dsb-norge/tf-mod-azure-terraform-state-container.git?ref=v0"

  # minimum information necessary
  subscription_number              = 1
  environment_name                 = "dev"
  application_name                 = "my-web-first-app"
  application_name_short           = "mwa" # for storage account name
  application_friendly_description = "the first web app"
  created_by_tag                   = "Person or code repo"
}

Full example

Example with all possible set of input parameters.

provider "azurerm" {
  features {}
}
module "terraform_state_container" {
  source = "[email protected]:dsb-norge/tf-mod-azure-terraform-state-container.git?ref=v0"

  # minimum information necessary
  subscription_number              = 1
  environment_name                 = "dev"
  application_name                 = "my-web-first-app"
  application_name_short           = "mwa" # for storage account name
  application_friendly_description = "the first web app"
  created_by_tag                   = "Person or code repo"

  # optional parameters and their defaults
  azure_region         = "norwayeast"
  state_container_name = "terraform-remote-backend-state"
  network_rules = {
    default_action             = "Deny"
    bypass                     = null
    ip_rules                   = ["91.229.21.0/24"] # allow only DSB public IPs
    virtual_network_subnet_ids = null
  }
}

Development

Validate your code

  # Init project, run fmt and validate
  terraform init -reconfigure
  terraform fmt -check -recursive
  terraform validate

  # Lint with TFLint, calling script from https://github.com/dsb-norge/terraform-tflint-wrappers
  alias lint='curl -s https://raw.githubusercontent.com/dsb-norge/terraform-tflint-wrappers/main/tflint_linux.sh | bash -s --'
  lint

Generate and inject terraform-docs in README.md

# go1.17+
go install github.com/terraform-docs/[email protected]
export PATH=$PATH:$(go env GOPATH)/bin
terraform-docs markdown table --output-file README.md .

Release

After merge of PR to main use tags to release.

Use semantic versioning, see semver.org. Always push tags and add tag annotations.

Patch release

Example of patch release v1.0.1:

git checkout origin/main
git pull origin main
git tag --sort=-creatordate | head -n 5 # review latest release tag to determine which is the next one
git log v1..HEAD --pretty=format:"%s"   # output changes since last release
git tag -a 'v1.0.1'  # add patch tag, add change description
git tag -f -a 'v1.0' # move the minor tag, amend the change description
git tag -f -a 'v1'   # move the major tag, amend the change description
git push origin 'refs/tags/v1.0.1'  # push the new tag
git push -f origin 'refs/tags/v1.0' # force push moved tags
git push -f origin 'refs/tags/v1'   # force push moved tags

Major release

Same as patch release except that the major version tag is a new one. I.e. we do not need to force tag/push.

Example of major release v2.0.0:

git checkout origin/main
git pull origin main
git tag --sort=-creatordate | head -n 5 # review latest release tag to determine which is the next one
git log v1..HEAD --pretty=format:"%s"   # output changes since last release
git tag -a 'v2.0.0'  # add patch tag, add your change description
git tag -a 'v2.0'    # add minor tag, add your change description
git tag -a 'v0'      # add major tag, add your change description
git push --tags      # push the new tags

Note: If you are having problems pulling main after a release, try to force fetch the tags: git fetch --tags -f.

terraform-docs

Requirements

Name Version
terraform ~> 1.0
azurerm >= 3.0.0, < 5.0.0

Providers

Name Version
azurerm 4.3.0

Modules

No modules.

Resources

Name Type
azurerm_resource_group.tfstate resource
azurerm_storage_account.tfstate resource
azurerm_storage_account_network_rules.tfstate resource
azurerm_storage_container.tfstate resource

Inputs

Name Description Type Default Required
application_friendly_description Friendly description of the application to use when naming resources. string n/a yes
application_name Name of the application to use when naming resources. string n/a yes
application_name_short Short name of the application to use when naming resources eg. for storage account name. string n/a yes
azure_region Name of the Azure region to use when naming resources. string "norwayeast" no
costcenter_tag_value The value of the costCenter tag.
This is DSB mandatory tag identifying resource group cost center affiliation.
Default value is set to DSB IKT cost center.		 string "142" no
created_by_tag The value of createdBy Tag string n/a yes
environment_name Name of the environment to use when naming resources. string n/a yes
network_rules Network rules to apply to the terraform backend state storage account. 
object({
    default_action             = string
    bypass                     = list(string)
    ip_rules                   = list(string)
    virtual_network_subnet_ids = list(string)
  })
 
{
  "bypass": null,
  "default_action": "Deny",
  "ip_rules": [
    "91.229.21.0/24"
  ],
  "virtual_network_subnet_ids": null
}
 no
state_container_name Name of the state container to use when naming resources. string "terraform-remote-backend-state" no
subscription_number Subscription number to use when naming resources. number n/a yes

Outputs

Name Description
container_id The ID of the storage container created for terraform backend state.
container_name Name of the storage container created for terraform backend state.
container_resource_manager_id The Resource Manager ID of the storage container created for terraform backend state.
resource_group_name Name of the resource group created for terraform backend state.
storage_account_name Name of the storage account created for terraform backend state.

About

Terraform module to manage terraform state containers in Azure

www.dsb.no

Topics

dsb-terraform-module

Resources

Readme

License

ISC license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v1.2.1 Latest
Sep 24, 2024
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages