Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure rm changes #32

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

Azure rm changes #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
9632f16
Azure rm changes
Mar 24, 2021
ca5f449
terraform added.
Mar 24, 2021
6f8e3ac
terraform added.
Mar 24, 2021
a2119d3
terraform added.
Mar 24, 2021
a505e58
terraform added.
Mar 24, 2021
31dc3a8
Azure rm upgraded.
Mar 25, 2021
f283331
Azure rm upgraded.
Mar 25, 2021
a8a1c50
Azure rm upgraded.
Mar 25, 2021
e7ea3b3
Azure rm upgraded.
Mar 25, 2021
df8c6a8
Syntax updated.
Mar 25, 2021
bcd2f91
Clean up.
Mar 25, 2021
565dbe0
Clean up.
Mar 25, 2021
cf8bd27
Clean up.
Mar 25, 2021
250a403
removed the alias.
Mar 25, 2021
9b39c62
Review comments fix.
Mar 31, 2021
62c9405
Removed unwanted providers
vijayrajagopalan-hmcts Mar 31, 2021
1053578
Added missing provider configuration
vijayrajagopalan-hmcts Mar 31, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .terraform-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0.14.9
2 changes: 1 addition & 1 deletion Jenkinsfile_CNP
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
//noinspection GroovyUnusedAssignment
@Library("Infrastructure") _

withInfraPipeline('payments') {}
withInfraPipeline('paymentsgw') {}
41 changes: 19 additions & 22 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
provider "azurerm" {
version = "1.36.1"
}
locals {
s2sUrl = "http://rpe-service-auth-provider-${var.env}.service.core-compute-${var.env}.internal"
# list of the thumbprints of the SSL certificates that should be accepted by the API (gateway)
Expand All @@ -11,47 +8,47 @@ locals {
dummy = "dummy"
}
data "azurerm_key_vault" "payment_key_vault" {
name = "ccpay-${var.env}"
resource_group_name = "ccpay-${var.env}"
name = join("-", [var.core_product, var.env])
resource_group_name = join("-", [var.core_product, var.env])
}

data "azurerm_key_vault_secret" "s2s_client_secret" {
name = "gateway-s2s-client-secret"
key_vault_id = "${data.azurerm_key_vault.payment_key_vault.id}"
key_vault_id = data.azurerm_key_vault.payment_key_vault.id
}

data "azurerm_key_vault_secret" "s2s_client_id" {
name = "gateway-s2s-client-id"
key_vault_id = "${data.azurerm_key_vault.payment_key_vault.id}"
key_vault_id = data.azurerm_key_vault.payment_key_vault.id
}

data "template_file" "policy_template" {
template = "${file("${path.module}/template/api-policy.xml")}"

vars {
allowed_certificate_thumbprints = "${local.thumbprints_in_quotes_str}"
s2s_client_id = "${data.azurerm_key_vault_secret.s2s_client_id.value}"
s2s_client_secret = "${data.azurerm_key_vault_secret.s2s_client_secret.value}"
s2s_base_url = "${local.s2sUrl}"
vars ={
allowed_certificate_thumbprints = local.thumbprints_in_quotes_str
s2s_client_id = data.azurerm_key_vault_secret.s2s_client_id.value
s2s_client_secret = data.azurerm_key_vault_secret.s2s_client_secret.value
s2s_base_url = local.s2sUrl
}
}

data "template_file" "api_template" {
template = "${file("${path.module}/template/api.json")}"
}
resource "azurerm_template_deployment" "api" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be using one of our terraform modules for api management not an arm template

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this causes the resource to be deleted, we cannot make this change.

template_body = "${data.template_file.api_template.rendered}"
name = "${var.product}-api-${var.env}"
template_body = data.template_file.api_template.rendered
name = join("-", [var.product, "api",var.env])
deployment_mode = "Incremental"
resource_group_name = "core-infra-${var.env}"
count = "${var.env != "preview" ? 1: 0}"
resource_group_name = join("-", ["core-infra", var.env])
count = var.env != "preview" ? 1: 0

parameters = {
apiManagementServiceName = "core-api-mgmt-${var.env}"
apiName = "${var.product}-api"
apiProductName = "${var.product}"
apiManagementServiceName = join("-", ["core-api-mgmt", var.env])
apiName = join("-", [var.product, "api"])
apiProductName = var.product
serviceUrl = "http://payment-api-${var.env}.service.core-compute-${var.env}.internal"
apiBasePath = "${local.api_base_path}"
policy = "${data.template_file.policy_template.rendered}"
apiBasePath = local.api_base_path
policy = data.template_file.policy_template.rendered
}
}
}
14 changes: 14 additions & 0 deletions state.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
provider "azurerm" {
features {}
}

terraform {
backend "azurerm" {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is what adds saving the state to azure, if it's not here then the state won't get saved to azure ever.

note that the state file is keyed by the 'product' var in your Jenkinsfile so you might want to change it to be more specific to your repo:

https://github.com/hmcts/ccpay-payment-api-gateway/blob/master/Jenkinsfile_CNP#L5

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the state config never existed before. But the last time the pipeline executed successfully on 12/10/2020, it was pointing at the state file in question now.

Will discuss with project team to change the product name. However, we need to import the existing resource.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the Jenkins file with new name.


required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 2.20.0"
}
}
}
17 changes: 13 additions & 4 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
variable "product" {
type = "string"
type = string
default = "payments"
}

variable "core_product" {
type = string
default = "ccpay"
}

variable "location" {
type = "string"
type = string
default = "UK South"
}

variable "env" {
type = "string"
type = string
}

variable "common_tags" {
type = map(string)
}

variable "tenant_id" {
Expand All @@ -22,7 +31,7 @@ variable "jenkins_AAD_objectId" {

# thumbprint of the SSL certificate for API gateway tests
variable api_gateway_test_certificate_thumbprints {
type = "list"
type = list(string)
# TODO: remove default and provide environment-specific values
default = []
}