Scholz Azure Terraform
Configuration
Create the file secret/main.json
with the following content:
{
"tenant_id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"client_id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"client_secret": "xxxxxxxxxxxxxxxxx"
}
The "tenant_id" property corresponds to the Azure AD tenant ID. Specify the value of the client properties as described in the following section.
Authentication
The Terraform projects makes use of one Azure Service Principal account for authenticating to Azure.
- Create the Azure Service Principal account in Azure.
- Generate the secret for the Azure Service Principal account in Azure.
- Insert the "client_id" and "client_secret" values into the
secret/main.json
file. - Assign the "Contributor" and "Resource Policy Contributor" RBAC roles on the "Scholz Recycling" Management Group to the Service Principal account.
Terraform State
The Terraform state of the Terraform projects are stored into an Azure Storage account.
- Create the Azure Storage account, and the blob container.
- Configure the Terraform provider "azurerm" in every Terraform project.
Terraform Project Initialization
For each Terraform project, initialize the Terraform project. This procedure have to be done the first time the Terraform project is created.
For example, run the following commands for the Terraform project of the Management subscription:
cd management/westeurope
terraform init -backend-config="secret/main.json" -reconfigure
Development
The last version of the Terraform state can be updated using the following command:
terraform state pull
Changes on the Terraform code can be verified and applied using the following Terraform commands:
cd management/westeurope
terraform plan -var-file="secret/main.json"
terraform apply -var-file="secret/main.json" -auto-approve
Format Terraform Code
find . -not -path "./migration/*" -type f -name '*.tf' -print | uniq | xargs -n1 terraform fmt
Terraform Import
one example --> creating new RG inside the azoure and import it to the terraform state first you need to create the RG inside Azure Then create the related module terraform.exe init -backend-config="secret/main.json" -reconfigure -lock=false terraform.exe plan -var-file="secret/main.json"
terraform.exe import -var-file="secret/main.json" <the resource name from terraform plan> <Resource ID from azure>
### Git Commands
git status
git checkout master
git pull origin master
git checkout -b "<Branch Name>"
git add .
git commit -m "<message>"
git push