AB#2579 Add constellation iam create command (#624)

2025-12-15 16:09:39 -05:00 · 2022-12-07 11:48:54 +01:00 · 2022-12-07 11:48:54 +01:00 · 286803fb97
commit 286803fb97
parent be01cf7129
38 changed files with 2029 additions and 108 deletions
--- a/hack/terraform/azure/iam/.terraform.lock.hcl
+++ b/hack/terraform/azure/iam/.terraform.lock.hcl
@ -1,62 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/azuread" {
-  version     = "2.31.0"
-  constraints = "2.31.0"
-  hashes = [
-    "h1:0D8+cQBlCyA50NiiTJwNDK9QjKfZsjuHgXTFRlhIZyg=",
-    "h1:6bwCuD30Fz9DCkg8aaiod3qVJ72nMJQfmiSMat1K2PQ=",
-    "h1:7vAGKxHE8I17dlZZQ3lnVaySilJH7m6fsOjiFH1yHLk=",
-    "h1:BJrmwBctF1fOk2U2O7YX1OyDPHcBoPn78PRsZRkY6xs=",
-    "h1:BWeCrUwFDA14mJO7UjhA8PfwaNUB/xuxAIJkMnMqjVc=",
-    "h1:Fl5ASgCAamGAcwb0+3C+SrU8JVlWjiThDR9wybvbHjs=",
-    "h1:M5ELmP8Qi/vGanQ5nYaD3AStPUh8xOof1QgqaUM6V1M=",
-    "h1:ONdNfK0goPkMBPVe7D/ne13M3ZiMe+AzhPVv98f2V40=",
-    "h1:kP4Zt6MO9CiQq57Lk1S4SWs11UVdwMSah8liskireLE=",
-    "h1:sUL16Z8OsgIgeVJAXp1IqEs4VYoB9U8Iu/FNISuGj8I=",
-    "h1:tH/R1ZHc+Vt0Kf51BLLsp/KhG/7K4v94LDbrzJZTp+c=",
-    "zh:02a64db03707cc6970ab28a1da00d7fa011cc54e8a7806209f31bd8aad1794e1",
-    "zh:077ffce8135a57544ec3c227bbe0ee5f6ca649223bd1dc0bbbd31d3fdf616830",
-    "zh:0a369de6132edb0f4a69f2aa472b23f9bb5c430a3d539146d1c18d4cc7b12c7f",
-    "zh:14bfc5f2354c1389eb7ed8bf5a5eaadc9940e18c2dd15058eb9b48ea5c37ae66",
-    "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
-    "zh:5629f020ac3409ad34a39e221fb2e63f82948c3eb936508331d5a7f870556e9d",
-    "zh:5b419eb59fa4e0b9c520c5cd5028f236bce6d9ab701c5ccca23cc040d3d690c4",
-    "zh:5e7e6207fd58a3e9ba54b7333169a3e3ea693c25c8f477622536600a8a09a3f1",
-    "zh:a9a552ad36d7a3db4554c6fbc716cf8631328331ea6188eddb4038b4c213ff46",
-    "zh:aee812d33916e5fdfb4d58ce74af0f3b2a7a58dbfb5ec8e0b42b5780ceff5414",
-    "zh:ce46738cd1909675b980bb90b9c3d919a4d1d655b4296082b86b6622ce818f7a",
-    "zh:db02dbe5ce139610688b354b15eb934f9f67ab32d6c5d63690dce6f9b8d90904",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/azurerm" {
-  version     = "3.34.0"
-  constraints = "3.34.0"
-  hashes = [
-    "h1:2FU6urJTxBaqA8KxC3rX1p+0bbJzDSYKPS+yPTF3cZU=",
-    "h1:7W2o3Hr5R6ZfD7J2ECOW4KHuIAY++GBg6aCKEtVSlo0=",
-    "h1:7x4Ov+xzUS4OiHrAhkG2y55VyJLKDZFCuyzfNAgQGoo=",
-    "h1:HA0WJNi5l9ZKN1mJrLfrJmP2Pe21Z0ugwyiCx7lKt8g=",
-    "h1:LR1I99AYQG8H4+RRmqDgqGqycDC7haqOChyMLBorkTA=",
-    "h1:XHe5dgOYCc1YNPGeffx98N/D+L4cjKpZb5tPaljor2M=",
-    "h1:ZiYxI829dERQ0Ytx8fwZNEIti74DsdCNEWHNvAJI+2s=",
-    "h1:pCUVVzQpBNUoPMyy0vwBeHwTL8GawDRfjSpZWVjX7WA=",
-    "h1:tYHnH0a3l3/IEqlYRjhx9NCPBMIZnFzDzVFLlMZw/FE=",
-    "h1:vLxp+DNhF9PsnbG/IFX2Vu3436Biit4s2mo5h2GPWqk=",
-    "h1:yf/fBkEZQU/fTXpkrZLkMtXr9VVrCl8zYxkpEgvHUJ0=",
-    "zh:04a3860959a9626469714a9986561ff04697fb6fe268cac6481ee570c3c20519",
-    "zh:3191647b011cd094c7db1f5709f46e0df7190ab8dad1896e15e763384273931c",
-    "zh:4428e5503fa614dec1ca3ea33d9479835a1c048a03cdec364ad8ad3340a3e137",
-    "zh:576df51dfba37c40983552f98077125c2eb12eb4e105bb805e935c75c73a7181",
-    "zh:5c1f4939a1e9ae96a977058c5056018f6b37220f1d0408531c89ea3295735f81",
-    "zh:644ebea720c22b3f665f9e087ad57122ce5727631b3d437a425fb97a44515a01",
-    "zh:87250563eed16db793ae9c309200f074f3b42acb4a44fdef4b26b9f7e988931e",
-    "zh:b8fff7fb51234eb13a8f3a0107ef6fc8033e28c3b4a1087fc837dfc7706d3274",
-    "zh:e21ecae5989348e9cbf07295f355a05dcae4758019d81c517f55b45e83a3e0e7",
-    "zh:ece35f508eda2edf5d4867a6e5ad2e24904278813cfce70e19063d310e66d790",
-    "zh:f421c6068713237fffce12f504fd5888b668352a22cb1075845fd612954ac3ec",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
--- a/hack/terraform/azure/iam/main.tf
+++ b/hack/terraform/azure/iam/main.tf
@ -1,84 +0,0 @@
-terraform {
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "3.34.0"
-    }
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "2.31.0"
-    }
-  }
-}
-
-# Configure Azure resource management provider
-provider "azurerm" {
-  features {}
-}
-
-# Configure Azure active directory provider
-provider "azuread" {
-  tenant_id = data.azurerm_subscription.current.tenant_id
-}
-
-# Access current subscription (available via Azure CLI)
-data "azurerm_subscription" "current" {}
-
-# # Access current AzureAD configuration
-data "azuread_client_config" "current" {}
-
-# Create base resource group
-resource "azurerm_resource_group" "base_resource_group" {
-  name     = var.resource_group_name
-  location = var.region
-}
-
-# Create identity resource group
-resource "azurerm_resource_group" "identity_resource_group" {
-  name     = "${var.resource_group_name}-identity"
-  location = var.region
-}
-
-# Create managed identity
-resource "azurerm_user_assigned_identity" "identity_uami" {
-  location            = var.region
-  name                = var.service_principal_name
-  resource_group_name = azurerm_resource_group.identity_resource_group.name
-}
-
-# Assign roles to managed identity
-resource "azurerm_role_assignment" "virtual_machine_contributor_role" {
-  scope                = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
-  role_definition_name = "Virtual Machine Contributor"
-  principal_id         = azurerm_user_assigned_identity.identity_uami.principal_id
-}
-
-resource "azurerm_role_assignment" "application_insights_component_contributor_role" {
-  scope                = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
-  role_definition_name = "Application Insights Component Contributor"
-  principal_id         = azurerm_user_assigned_identity.identity_uami.principal_id
-}
-
-# Create application registration
-resource "azuread_application" "base_application" {
-  display_name = "${var.resource_group_name}-application"
-  owners       = [data.azuread_client_config.current.object_id]
-}
-
-resource "azuread_service_principal" "application_principal" {
-  application_id               = azuread_application.base_application.application_id
-  app_role_assignment_required = false
-  owners                       = [data.azuread_client_config.current.object_id]
-}
-
-# Set identity as base resource group owner
-resource "azurerm_role_assignment" "owner_role" {
-  scope                = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
-  role_definition_name = "Owner"
-  principal_id         = azuread_service_principal.application_principal.object_id
-}
-
-# Create application secret (password)
-resource "azuread_application_password" "base_application_secret" {
-  application_object_id = azuread_application.base_application.object_id
-}
--- a/hack/terraform/azure/iam/output.tf
+++ b/hack/terraform/azure/iam/output.tf
@ -1,28 +0,0 @@
-output "subscription_id" {
-  value = data.azurerm_subscription.current.subscription_id
-}
-
-output "tenant_id" {
-  value = data.azurerm_subscription.current.tenant_id
-}
-
-output "region" {
-  value = var.region
-}
-
-output "base_resource_group_name" {
-  value = var.resource_group_name
-}
-
-output "application_id" {
-  value = azuread_application.base_application.application_id
-}
-
-output "uami_id" {
-  value = azurerm_user_assigned_identity.identity_uami.id
-}
-
-output "application_client_secret_value" {
-  value     = azuread_application_password.base_application_secret.value
-  sensitive = true
-}
--- a/hack/terraform/azure/iam/variables.tf
+++ b/hack/terraform/azure/iam/variables.tf
@ -1,14 +0,0 @@
-variable "resource_group_name" {
-  type        = string
-  description = "Resource group name"
-}
-
-variable "service_principal_name" {
-  type        = string
-  description = "Service principal name"
-}
-
-variable "region" {
-  type        = string
-  description = "Azure resource location"
-}