streamnative · freeznet · Dec 12, 2023 · Dec 4, 2023 · Dec 4, 2023 · Dec 5, 2023
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform_version: [1.0.x]
+        terraform_version: [1.3.x]
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -46,5 +46,8 @@ jobs:
       - name: Terraform GCP Validate Modules
         run: for module in modules/gcp/; do cd "${GITHUB_WORKSPACE}/${module}" && terraform init -backend=false && CLOUDSDK_COMPUTE_REGION=us-central1 terraform validate -no-color ; done
 
+      - name: Terraform Azure Validate Modules
+        run: for module in modules/azure/; do cd "${GITHUB_WORKSPACE}/${module}" && terraform init -backend=false && terraform validate -no-color ; done
+
       - name: Terraform Validate Examples
         run: for example in examples/*/; do cd "${GITHUB_WORKSPACE}/${example}" && terraform init -backend=false && AWS_REGION=us-east-1 terraform validate -no-color ; done
@@ -22,7 +22,7 @@ Previous versions of these modules can be found in the following locations:
 - [https://github.com/streamnative/terraform-aws-managed-cloud](https://github.com/streamnative/terraform-aws-managed-cloud): This repository contains an older AWS vendor access module, which has been deprecated and is no longer in use.
 
 ## Modules
-The modules are organized by Cloud Provider. For example, the AWS modules are in the `modules/aws` directory and the GCP modules (WIP) modules are in the `modules/gcp`, and so on.
+The modules are organized by Cloud Provider. For example, the AWS modules are in the `modules/aws` directory and the GCP modules (WIP) modules are in the `modules/gcp`, and for Azure the modules are in the `modules/azure` directory, and so on.
 
 ## Quickstart
 

@@ -0,0 +1,92 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "azurerm" {
+  features {
+
+  }
+}
+
+provider "azuread" {
+
+}
+
+module "azure-sn-cloud-manager" {
+  source = "../../modules/azure/sn-cloud-manager"
+
+  resource_group_location = "westus2"
+  streamnative_org_id     = "streamnative"
+}
+
+
+module "azure-managed-cloud" {
+  source = "../../modules/azure/vendor-access"
+
+  resource_group_name     = "azure-westus2-aks-test"
+  resource_group_location = "westus2"
+
+  streamnative_org_id        = "streamnative"
+  sn_automation_client_id    = module.azure-sn-cloud-manager.sn_automation_client_id
+  sn_support_client_id       = module.azure-sn-cloud-manager.sn_support_client_id
+  sn_automation_principal_id = module.azure-sn-cloud-manager.sn_automation_principal_id
+  sn_support_principal_id    = module.azure-sn-cloud-manager.sn_support_principal_id
+
+  depends_on = [module.azure-sn-cloud-manager]
+}
+
+
+output "additional_roles" {
+  value       = module.azure-managed-cloud.additional_roles
+  description = "The additional roles created by this module"
+}
+
+output "resource_group_name" {
+  value       = module.azure-managed-cloud.resource_group_name
+  description = "The name of the resource group where the AKS cluster will be created"
+}
+
+output "streamnative_org_id" {
+  value       = module.azure-managed-cloud.streamnative_org_id
+  description = "An external ID that correspond to your Organization within StreamNative Cloud, used for all managed identities created by the module. This will be the organization ID in the StreamNative console, e.g. \"o-xhopj\"."
+}
+
+output "sn_support_principal_id" {
+  value       = module.azure-managed-cloud.sn_support_principal_id
+  description = "The principal ID of the sn support service principal for StreamNative Cloud support access"
+}
+
+output "sn_automation_principal_id" {
+  value       = module.azure-managed-cloud.sn_automation_principal_id
+  description = "The principal ID of the sn support service principal for StreamNative Cloud support access"
+}
+
+output "sn_automation_client_id" {
+  value       = module.azure-managed-cloud.sn_automation_client_id
+  description = "The client ID of the sn automation service principal for StreamNative Cloud automation"
+}
+
+output "sn_support_client_id" {
+  value       = module.azure-managed-cloud.sn_support_client_id
+  description = "The client ID of the sn support service principal for StreamNative Cloud support access"
+}
+
+output "subscription_id" {
+  value       = module.azure-managed-cloud.subscription_id
+  description = "The subscription ID of the AKS cluster"
+}
+
+output "tenant_id" {
+  value       = module.azure-managed-cloud.tenant_id
+  description = "The tenant ID of the AKS cluster"
+}
@@ -0,0 +1,115 @@
+<!--
+  ~ Copyright 2023 StreamNative, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+-->
+
+# StreamNative Managed Cloud on Azure
+
+This repository contains Terraform modules for the management of StreamNative's vendor access to Azure.
+
+There are two modules in this repository:
+
+- [modules/azure/sn-cloud-manager](modules/azure/sn-cloud-manager): This module creates Microsoft Entra Application Registrations and related service principals within your Azure subscription & Microsoft Entra ID. These resources give StreamNative access only for the provisioning and management of StreamNative's Managed Cloud offering.
+- [modules/azure/vendor-access](modules/azure/vendor-access): This module creates an Azure Resource Group within your Azure subscription. The module also helps to configure the role assignments for the StreamNative Managed Cloud service principals created by `sn-cloud-manager` module.
+
+## Quickstart
+
+### Pre-requisites
+To use this module you must have [Terraform installed](https://learn.hashicorp.com/tutorials/terraform/install-cli) and be [familiar](https://developer.hashicorp.com/terraform/tutorials/azure-get-started) with its usage for Azure. It is recommended to securely store the Terraform configuration you create in source control, as well as use [Terraform's Remote State](https://www.terraform.io/language/state/remote) for storing the `*.tfstate` file.
+
+### Using `sn-cloud-manager` module
+
+For each Microsoft Entra ID, you will need to run this module once to create the `automation` and `support` Application Registrations and related service principals. Below is an example of how to use this module:
+
+```hcl
+provider "azurerm" {
+  features {
+
+  }
+}
+
+provider "azuread" {}
+
+module "azure-sn-cloud-manager" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/sn-cloud-manager?ref=master"
+
+  resource_group_location = "westus2"
+  streamnative_org_id = "o-12345"
+}
+```
+
+### Using `vendor-access` module
+
+For each AKS cluster, you will need to run this module once to create the Azure Resource Group and configure the role assignments for the StreamNative Managed Cloud service principals. Below is an example of how to use this module:
+
+```hcl
+provider "azurerm" {
+  features {
+
+  }
+}
+
+provider "azuread" {}
+
+module "azure-managed-cloud" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/vendor-access?ref=master"
+
+  resource_group_name     = "azure-westus2-aks-test"
+  resource_group_location = "westus2"
+
+  streamnative_org_id = "o-12345"
+}
+```
+
+### Using `sn-cloud-manager` and `vendor-access` modules together
+
+Below is an example of how to use both modules together:
+
+```hcl
+provider "azurerm" {
+  features {
+
+  }
+}
+
+provider "azuread" {}
+
+module "azure-sn-cloud-manager" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/sn-cloud-manager?ref=master"
+
+  resource_group_location = "westus2"
+  streamnative_org_id = "o-12345"
+}
+
+module "azure-managed-cloud" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/vendor-access?ref=master"
+
+  resource_group_name     = "azure-westus2-aks-test"
+  resource_group_location = "westus2"
+
+  streamnative_org_id = "o-12345"
+
+  depends_on = [
+    module.azure-sn-cloud-manager
+  ]
+}
+```
+
+To run the example, execute the following commands:
+
+```shell
+terraform init
+terraform plan
+terraform apply
+```
@@ -0,0 +1,87 @@
+<!--
+  ~ Copyright 2023 StreamNative, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+-->
+
+# StreamNative Cloud - Azure Cloud Manger Module
+
+This Terraform module creates Microsoft Entra Application Registrations and related service principals within your Azure subscription & Microsoft Entra ID. These resources give StreamNative access only for the provisioning and management of StreamNative's Managed Cloud offering.
+
+For more information about StreamNative and our managed offerings for Apache Pulsar, visit our [website](https://streamnative.io/streamnativecloud/).
+
+## Module Overview
+
+This module creates the following resources:
+
+- Microsoft Entra Application Registration `automation` for StreamNative Managed Cloud resources
+  - Service Principal for `automation` Application Registration
+  - Access configuration for `automation` Application Registration
+- Microsoft Entra Application Registration `support` for StreamNative Managed Cloud resources
+  - Service Principal for `support` Application Registration
+  - Access configuration for `support` Application Registration
+
+## Usage
+
+To use this module you must have [Terraform installed](https://learn.hashicorp.com/tutorials/terraform/install-cli) and be [familiar](https://developer.hashicorp.com/terraform/tutorials/azure-get-started) with its usage for Azure. It is recommended to securely store the Terraform configuration you create in source control, as well as use [Terraform's Remote State](https://www.terraform.io/language/state/remote) for storing the `*.tfstate` file.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.3.0 |
+| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | < 3.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | < 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.83.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_federated_identity_credential.sn_automation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/federated_identity_credential) | resource |
+| [azurerm_federated_identity_credential.sn_support](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/federated_identity_credential) | resource |
+| [azurerm_resource_group.manager](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_role_assignment.subscription_rbac_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_user_assigned_identity.sn_automation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [azurerm_user_assigned_identity.sn_support](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_additional_tags"></a> [additional\_tags](#input\_additional\_tags) | Additional tags to be added to the resources created by this module. | `map(any)` | `{}` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | The location of the resource group where the cloud manager IAMs will be created | `string` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where the cloud manager IAMs will be created | `string` | `""` | no |
+| <a name="input_streamnative_automation_gsa_ids"></a> [streamnative\_automation\_gsa\_ids](#input\_streamnative\_automation\_gsa\_ids) | The GSAs will be used to provisioning StreamnNative cloud. | `map(string)` | <pre>{<br>  "cloud_manager_sncloud_test_iam_gserviceaccount_com": "103687585001802233900",<br>  "cloud_support_general_sncloud_test_iam_gserviceaccount_com": "103182365501883681520",<br>  "pool_automation_sncloud_test_iam_gserviceaccount_com": "101134291802756860252"<br>}</pre> | no |
+| <a name="input_streamnative_org_id"></a> [streamnative\_org\_id](#input\_streamnative\_org\_id) | Your Organization ID within StreamNative Cloud, used for all resources created by the module. This will be the organization ID in the StreamNative console, e.g. "o-xhopj". | `string` | n/a | yes |
+| <a name="input_streamnative_support_access_gsa_ids"></a> [streamnative\_support\_access\_gsa\_ids](#input\_streamnative\_support\_access\_gsa\_ids) | The GSA will be used by StreamnNative support team. | `map(string)` | <pre>{<br>  "cloud_support_general_sncloud_test_iam_gserviceaccount_com": "103182365501883681520"<br>}</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | The name of the resource group where the cloud manager IAMs will be created |
+| <a name="output_sn_automation_client_id"></a> [sn\_automation\_client\_id](#output\_sn\_automation\_client\_id) | The client ID of the sn automation service principal for StreamNative Cloud automation |
+| <a name="output_sn_automation_principal_id"></a> [sn\_automation\_principal\_id](#output\_sn\_automation\_principal\_id) | The principal ID of the sn automation service principal for StreamNative Cloud automation |
+| <a name="output_sn_support_client_id"></a> [sn\_support\_client\_id](#output\_sn\_support\_client\_id) | The client ID of the sn support service principal for StreamNative Cloud support access |
+| <a name="output_sn_support_principal_id"></a> [sn\_support\_principal\_id](#output\_sn\_support\_principal\_id) | The principal ID of the sn support service principal for StreamNative Cloud support access |