Azure · glennmusa · Mar 4, 2021 · Mar 3, 2021 · Mar 3, 2021 · Mar 3, 2021
@@ -15,7 +15,8 @@
  "extensions": [
  "hashicorp.terraform",
  "ms-vscode-remote.vscode-remote-extensionpack",
- "davidanson.vscode-markdownlint"
+ "davidanson.vscode-markdownlint",
+ "github.vscode-pull-request-github"
  ],
 
  // Additional args to pass to the 'docker run' command

@@ -6,7 +6,9 @@
 
  // List of extensions which should be recommended for users of this workspace.
  "recommendations": [
- "davidanson.vscode-markdownlint"
+ "ms-vscode-remote.vscode-remote-extensionpack",
+ "davidanson.vscode-markdownlint",
+ "github.vscode-pull-request-github",
  ],
  // List of extensions recommended by VS Code that should not be recommended for users of this workspace.
  "unwantedRecommendations": [

@@ -1,23 +1,27 @@
 # Mission LZ
 
-Terraform resources to deploy Tier 0, 1, and 2, and the components of a [SACA](https://docs.microsoft.com/en-us/azure/azure-government/compliance/secure-azure-computing-architecture).
+Terraform resources to deploy Tier 0, 1, and 2, and the components of a [SACA hub](https://docs.microsoft.com/en-us/azure/azure-government/compliance/secure-azure-computing-architecture).
 
 ## Getting Started
 
-To get started, you'll need to do 4 things:
+1. Log in using the Azure CLI
+
+ ```BASH
+ az login
+ ```
 
 1. [Prepare the Terraform provider cache](#Prepare-the-Terraform-provider-cache)
-2. [Configure the Terraform Backend](#Configure-the-Terraform-Backend)
-3. [Set Terraform Configuration Variables](#Set-Terraform-Configuration-Variables)
-4. [Deploy Terraform Configuration](#Deploy-Terraform-Configuration)
+1. [Configure the Terraform Backend](#Configure-the-Terraform-Backend)
+1. [Set Terraform Configuration Variables](#Set-Terraform-Configuration-Variables)
+1. [Deploy Terraform Configuration](#Deploy-Terraform-Configuration)
 
 ### Prepare the Terraform provider cache
 
 We source the terraform provider locally from this repository and circumvent the need to fetch it from the internet.
 
 This below script will unzip the provider from the /src/provider_archive folder and place the provider in the /src/provider_cache folder and set execute permissions for the current user.
 
-1. Execute `unzipprovider.sh`
+Execute `unzipprovider.sh`
 
 ```bash
 chmod u+x src/provider_archive/unzipprovider.sh
@@ -26,43 +30,59 @@ src/provider_archive/unzipprovider.sh
 
 ### Configure the Terraform Backend
 
-The MLZ deployment architecture uses a single Service Principal whose credentials are stored in a central "config" Key Vault. Terraform state storage is distributed into a seperate storage account for each tier. When deploying the MLZ architecture, all tiers can be deployed into a single subscription or each tier can be deployed into it's on subscription.
+The MLZ deployment architecture uses a single Service Principal whose credentials are stored in a central "config" Key Vault. Terraform state storage is distributed into a separate storage account for each tier. When deploying the MLZ architecture, all tiers can be deployed into a single subscription or each tier can be deployed into its own subscription.
+
+1. Create the `mlz_tf_cfg.var` file using the `mlz_tf_cfg.var.sample` as a template.
+
+ The information in the `mlz_tf_cfg.var` file, will be used by `mlz_tf_setup.sh` to create and populate a `config.vars` file for each tier and saved inside the deployment folder for each tier (example: \src\core\tier-0\config.vars).
+
+ For example:
 
-Create the `mlz_tf_cfg.var` file using the `mlz_tf_cfg.var.sample` as the template. The information in the `mlz_tf_cfg.var` file, along with the parameter values provided when executing the `mlz_tf_setup.sh` script will be used by the `mlz_tf_setup.sh` script to automatically create and populate the `config.vars` file for each tier. The `config.vars` files that get generated by executing the `mlz_tf_setup.sh` script will saved inside the deployment folder for each tier (example: \src\core\tier-0\config.vars).
+ ```plaintext
+ mlz_env_name="{MLZ_ENV_NAME}"
+ mlz_config_location="{MLZ_CONFIG_LOCATION}"
+ ```
+
+ Would become:
+
+ ```plaintext
+ mlz_env_name="dev"
+ mlz_config_location="eastus"
+ ```
 
 1. Run `mlz_tf_setup.sh` at [scripts/mlz_tf_setup.sh](scripts/mlz_tf_setup.sh) to create:
 
-- A config Resource Group to store the Key Vault
-- Resource Groups for each tier to store the Terraform state Storage Account
-- A Service Principal to execute terraform commands
-- An Azure Key Vault to store the Service Principal's client ID and client secret
-- A Storage Account and Container for each tier to store tier Terraform state files
-- Tier specific Terraform backend config files
+ - A config Resource Group to store the Key Vault
+ - Resource Groups for each tier to store the Terraform state Storage Account
+ - A Service Principal to execute terraform commands
+ - An Azure Key Vault to store the Service Principal's client ID and client secret
+ - A Storage Account and Container for each tier to store tier Terraform state files
+ - Tier specific Terraform backend config files
 
-```bash
-# usage mlz_tf_setup.sh: <mlz_tf_cfg.var path> <enclave name> <location>
+ ```bash
+ # usage mlz_tf_setup.sh: <mlz_tf_cfg.var path>
 
-chmod u+x scripts/mlz_tf_setup.sh
+ chmod u+x scripts/mlz_tf_setup.sh
 
-scripts/mlz_tf_setup.sh src/core/mlz_tf_cfg.var eastus public
-```
+ scripts/mlz_tf_setup.sh src/core/mlz_tf_cfg.var
+ ```
 
 ### Set Terraform Configuration Variables
 
-First, clone the *.tfvars.sample file for the global Terraform configuration (e.g. [src/globals.tfvars.sample](src/globals.tfvars.sample)) and substitute placeholders marked by curly braces "{" and "}" with the values of your choosing.
+First, clone the *.tfvars.sample file for the global Terraform configuration (e.g. [src/core/globals.tfvars.sample](src/core/globals.tfvars.sample)) and substitute placeholders marked by curly braces "{" and "}" with the values of your choosing.
 
 Then, repeat this process, cloning the *.tfvars.sample file for the Terraform configuration(s) you are deploying and substitute placeholders marked by curly braces "{" and "}" with the values of your choosing.
 
 For example:
 
 ```plaintext
-location="{MLZ_LOCATION}" # the templated value in src/globals.tfvars.sample
+location="{MLZ_LOCATION}" # the templated value in src/core/globals.tfvars.sample
 ```
 
 Would become:
 
 ```plaintext
-location="eastus" # the value used by Terraform in src/globals.tfvars
+location="eastus" # the value used by Terraform in src/core/globals.tfvars
 ```
 
 ### Deploy Terraform Configuration
@@ -112,7 +132,7 @@ For more endpoint mappings between AzureCloud and AzureUsGovernment: <https://do
 
 This project welcomes contributions and suggestions. Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+the rights to use your contribution. For details, visit <https://cla.opensource.microsoft.com/>.
 
 When you submit a pull request, a CLA bot will automatically determine whether you need to provide
 a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions

@@ -14,20 +14,18 @@ error_log() {
 }
 
 usage() {
- echo "${0}: Create Terraform module config resources"
- error_log "usage: ${0} <mlz tf config vars> <enclave name> <location> <tf subscription id> <path to terraform module>"
+ echo "config_create.sh: Create Terraform module config resources"
+ error_log "usage: config_create.sh <mlz config> <tf subscription id> <path to terraform module>"
 }
 
-if [[ "$#" -lt 4 ]]; then
+if [[ "$#" -lt 3 ]]; then
  usage
  exit 1
 fi
 
 mlz_tf_cfg=$(realpath "${1}")
-enclave_name=$2
-location=$3
-tf_sub_id=$4
-tf_dir=$(realpath "${5}")
+tf_sub_id=$2
+tf_dir=$(realpath "${3}")
 
 # source MLZ config vars
 . "${mlz_tf_cfg}"
@@ -36,15 +34,15 @@ tf_dir=$(realpath "${5}")
 tf_name=$(basename "${tf_dir}")
 
 # generate names
-. "${BASH_SOURCE%/*}"/generate_names.sh "${tf_config_subid}" "${enclave_name}" "${tf_sub_id}" "${tf_name}"
+. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}"
 
 # create TF Resource Group and Storage Account for Terraform State files
 echo "Validating Resource Group for Terraform state..."
 if [[ -z $(az group show --name "${tf_rg_name}" --subscription "${tf_sub_id}" --query name --output tsv) ]];then
  echo "Resource Group does not exist...creating resource group ${tf_rg_name}"
  az group create \
  --subscription "${tf_sub_id}" \
- --location "${location}" \
+ --location "${mlz_config_location}" \
  --name "${tf_rg_name}"
 else
  echo "Resource Group already exists...getting resource group"
@@ -57,7 +55,7 @@ if [[ -z $(az storage account show --name "${tf_sa_name}" --subscription "${tf_s
  --name "${tf_sa_name}" \
  --subscription "${tf_sub_id}" \
  --resource-group "${tf_rg_name}" \
- --location "${location}" \
+ --location "${mlz_config_location}" \
  --sku Standard_LRS \
  --output none
 
@@ -81,4 +79,4 @@ else
 fi
 
 # generate a config.vars file
-. "${BASH_SOURCE%/*}"/generate_vars.sh "${tf_config_subid}" "${enclave_name}" "${tf_sub_id}" "${tf_name}" "${tf_dir}"
+. "${BASH_SOURCE%/*}"/generate_vars.sh "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}" "${tf_dir}"
@@ -10,11 +10,17 @@
 #
 # Validates the existence of resources required to run Terraform init and apply scripts
 
-PGM=$(basename "${0}")
+error_log() {
+ echo "${1}" 1>&2;
+}
+
+usage() {
+ echo "config_validate.sh : Validates the existence of resources required to run Terraform init and apply scripts"
+ error_log "usage: config_validate.sh <terraform configuration directory>"
+}
 
 if [[ "$#" -lt 1 ]]; then
- echo "${0}: Validates the existence of resources required to run Terraform init and apply scripts using a variables file for input"
- echo "usage: ${PGM} <terraform configuration directory>"
+ usage
  exit 1
 fi
 

@@ -3,44 +3,50 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 #
+# shellcheck disable=SC1090,SC1091,SC2154
+# SC1090: Can't follow non-constant source. Use a directive to specify location.
+# SC1091: Not following. Shellcheck can't follow non-constant source.
+# SC2154: "var is referenced but not assigned". These values come from an external file.
 #
+# Generate MLZ resource names
 
 error_log() {
  echo "${1}" 1>&2;
 }
 
 usage() {
- echo "${0}: Generate MLZ resource names"
- error_log "usage: ${0} <mlz config subscription ID> <enclave name> <optional tf sub id> <optional tf name>"
+ echo "generate_names.sh: Generate MLZ resource names"
+ error_log "usage: generate_names.sh <mlz config> <tf sub id> <tf name>"
 }
 
-if [[ "$#" -lt 2 ]]; then
+if [[ "$#" -lt 1 ]]; then
  usage
  exit 1
 fi
 
-mlz_sub_id_raw=$1
-mlz_enclave_name_raw=$2
+mlz_config=$(realpath "${1}")
+tf_sub_id_raw=${2:-notset}
+tf_name_raw=${3:-notset}
 
-tf_sub_id_raw=${3:-notset}
-tf_name_raw=${4:-notset}
+# source variables from MLZ config
+. "${mlz_config}"
 
 # remove hyphens for resource naming restrictions
 # in the future, do more cleansing
-mlz_sub_id_clean="${mlz_sub_id_raw//-}"
-mlz_enclave_name="${mlz_enclave_name_raw//-}"
+mlz_sub_id_clean="${mlz_config_subid//-}"
+mlz_env_name_clean="${mlz_env_name//-}"
 
 # Universal names
 export container_name="tfstate"
 
 # MLZ naming patterns
 mlz_prefix="mlz-tf"
-mlz_sp_name_full="sp-${mlz_prefix}-${mlz_enclave_name}"
-mlz_sa_name_full="mlztfsa${mlz_enclave_name}${mlz_sub_id_clean}"
-mlz_kv_name_full="mlzkv${mlz_enclave_name}${mlz_sub_id_clean}"
+mlz_sp_name_full="sp-${mlz_prefix}-${mlz_env_name_clean}"
+mlz_sa_name_full="mlztfsa${mlz_env_name_clean}${mlz_sub_id_clean}"
+mlz_kv_name_full="mlzkv${mlz_env_name_clean}${mlz_sub_id_clean}"
 
 # Name MLZ config resources
-export mlz_rg_name="rg-${mlz_prefix}-${mlz_enclave_name}"
+export mlz_rg_name="rg-${mlz_prefix}-${mlz_env_name_clean}"
 export mlz_sp_name="${mlz_sp_name_full}"
 export mlz_sp_kv_name="${mlz_sp_name_full}-clientid"
 export mlz_sp_kv_password="${mlz_sp_name_full}-pwd"
@@ -55,9 +61,9 @@ if [[ $tf_name_raw != "notset" ]]; then
 
  # TF naming patterns
  tf_prefix="tf-${tf_name}"
- tf_sa_name_full="tfsa${tf_name}${mlz_enclave_name}${tf_sub_id_clean}"
+ tf_sa_name_full="tfsa${tf_name}${mlz_env_name_clean}${tf_sub_id_clean}"
 
  # Name TF config resources
- export tf_rg_name="rg-${tf_prefix}-${mlz_enclave_name}"
+ export tf_rg_name="rg-${tf_prefix}-${mlz_env_name_clean}"
  export tf_sa_name="${tf_sa_name_full:0:24}" # take the 24 characters of the storage account name
 fi
@@ -14,36 +14,34 @@ error_log() {
 }
 
 usage() {
- echo "${0}: Generate a config.vars file at a given Terraform directory"
- error_log "usage: ${0} <mlz config subscription ID> <enclave name> <tf sub id> <tf name> <tf dir>"
+ echo "generate_vars.sh: Generate a config.vars file at a given Terraform directory"
+ error_log "usage: generate_vars.sh <mlz config> <tf sub id> <tf name> <tf dir>"
 }
 
-if [[ "$#" -lt 5 ]]; then
+if [[ "$#" -lt 4 ]]; then
  usage
  exit 1
 fi
 
-mlz_sub_id=$1
-mlz_enclave_name=$2
-
-tf_sub_id=${3}
-tf_name=${4}
-tf_dir=$(realpath "${5}")
+mlz_tf_cfg=$1
+tf_sub_id=${2}
+tf_name=${3}
+tf_dir=$(realpath "${4}")
 
 # generate names
-. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_sub_id}" "${mlz_enclave_name}" "${tf_sub_id}" "${tf_name}"
+. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}"
 
 # generate a config.vars file
 config_vars="${tf_dir}/config.vars"
 rm -f "$config_vars"
 touch "$config_vars"
 {
  echo "tenant_id=${mlz_tenantid}"
- echo "mlz_cfg_sub_id=${tf_config_subid}"
+ echo "mlz_env_name=${mlz_env_name}"
+ echo "mlz_cfg_sub_id=${mlz_config_subid}"
  echo "mlz_cfg_kv_name=${mlz_kv_name}"
  echo "sub_id=${tf_sub_id}"
- echo "enclave=${mlz_enclave_name}"
- echo "location=${location}"
+ echo "location=${mlz_config_location}"
  echo "tf_be_rg_name=${tf_rg_name}"
  echo "tf_be_sa_name=${tf_sa_name}"
  echo "sp_client_id_secret_name=${mlz_sp_kv_name}"