terraform: align infrastructure module attributes (#2703)

* all vars have snail_case * make iam schema consistent * infrastructure schema * terraform: update AWS infrastructure module * fix ci * terraform: update AWS infrastructure module * terraform: update AWS IAM module * terraform: update Azure Infrastructure module inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update Azure IAM module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update GCP infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update GCP IAM module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update OpenStack Infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update QEMU Infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform-module: fix input name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: tidy * cli: ignore whitespace in Terraform variable tests * terraform-module: fix AWS output names * terraform-module: fix output references Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: rename `api_server_cert_sans` * Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix self-managed * terraform: revert AWS modules output file renaming * terraform: remove duplicate varable declaration * terraform: rename Azure location field * ci: adjust output name in self-managed e2e test * e2e: continuously print output in upgrade test * e2e: write to output variables * cli: migrate IAM variable names * cli: make `location` field optional --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-11-13 00:50:38 -05:00 · 2023-12-15 10:36:58 +01:00 · 2023-12-15 10:36:58 +01:00 · 9667dfff58
commit 9667dfff58
parent 6f6f28b8cc
76 changed files with 745 additions and 767 deletions
--- a/terraform/infrastructure/iam/azure/README.md
+++ b/terraform/infrastructure/iam/azure/README.md
@ -1,32 +0,0 @@
-# Terraform Azure IAM creation
-
-This terraform configuration creates the necessary Azure resources that need to be available to host a Constellation cluster.
-
-You can create the resources with the following commands:
-
-```sh
-mkdir constellation_azure_iam
-cd constellation_azure_iam
-curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/azure/iam/{main.tf,output.tf,variables.tf,.terraform.lock.hcl}
-terraform init
-terraform apply
-```
-
-The following terraform output values are available (with their corresponding keys in the Constellation configuration file):
-
- `subscription_id` (subscription)
- `tenant_id` (tenant)
- `uami_id` (userAssignedIdentity)
-
-You can either get the profile names from the Terraform output and manually add them to your Constellation configuration file according to our [Documentation](https://docs.edgeless.systems/constellation/getting-started/first-steps).
-Or you can do this with a `yq` command:
-
-```sh
-yq -i "
-  .provider.azure.subscription = $(terraform output subscription_id) |
-  .provider.azure.tenant = $(terraform output tenant_id) |
-  .provider.azure.userAssignedIdentity = $(terraform output uami_id) |
-  " path/to/constellation-conf.yaml
-```
-
-Where `path/to/constellation-conf.yaml` is the path to your Constellation configuration file.
--- a/terraform/infrastructure/iam/azure/main.tf
+++ b/terraform/infrastructure/iam/azure/main.tf
@ -28,24 +28,24 @@ provider "azuread" {
 # Access current subscription (available via Azure CLI)
 data "azurerm_subscription" "current" {}

-# # Access current AzureAD configuration
+# Access current AzureAD configuration
 data "azuread_client_config" "current" {}

 # Create base resource group
 resource "azurerm_resource_group" "base_resource_group" {
  name     = var.resource_group_name
-  location = var.region
+  location = var.location
 }

 # Create identity resource group
 resource "azurerm_resource_group" "identity_resource_group" {
  name     = "${var.resource_group_name}-identity"
-  location = var.region
+  location = var.location
 }

 # Create managed identity
 resource "azurerm_user_assigned_identity" "identity_uami" {
-  location            = var.region
+  location            = var.location
  name                = var.service_principal_name
  resource_group_name = azurerm_resource_group.identity_resource_group.name
 }
--- a/terraform/infrastructure/iam/azure/outputs.tf
+++ b/terraform/infrastructure/iam/azure/outputs.tf
@ -1,16 +1,19 @@
 output "subscription_id" {
-  value = data.azurerm_subscription.current.subscription_id
+  value       = data.azurerm_subscription.current.subscription_id
+  description = "ID of the Azure subscription."
 }

 output "tenant_id" {
-  value = data.azurerm_subscription.current.tenant_id
+  value       = data.azurerm_subscription.current.tenant_id
+  description = "ID of the Azure tenant."
 }

 output "uami_id" {
-  description = "Outputs the id in the format: /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME. Not to be confused with the client_id"
  value       = azurerm_user_assigned_identity.identity_uami.id
+  description = "Resource ID of the UAMI in the format: /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME. Not to be confused with the Client ID of the UAMI."
 }

 output "base_resource_group" {
-  value = azurerm_resource_group.base_resource_group.name
+  value       = azurerm_resource_group.base_resource_group.name
+  description = "Name of the resource group."
 }
--- a/terraform/infrastructure/iam/azure/variables.tf
+++ b/terraform/infrastructure/iam/azure/variables.tf
@ -1,14 +1,14 @@
 variable "resource_group_name" {
  type        = string
-  description = "Resource group name"
+  description = "Name for the resource group the cluster should reside in."
 }

 variable "service_principal_name" {
  type        = string
-  description = "Service principal name"
+  description = "Name for the service principal used within the cluster."
 }

-variable "region" {
+variable "location" {
  type        = string
-  description = "Azure resource location"
+  description = "Azure location the cluster should reside in."
 }