Source MLZ config environment name and region from configuration file

README.md

@@ -4,12 +4,16 @@ Terraform resources to deploy Tier 0, 1, and 2, and the components of a [SACA](h
 
 ## Getting Started
 
-To get started, you'll need to do 4 things:
+1. Log in using the Azure CLI
+
+ ```BASH
+ az login
+ ```
 
 1. [Prepare the Terraform provider cache](#Prepare-the-Terraform-provider-cache)
-2. [Configure the Terraform Backend](#Configure-the-Terraform-Backend)
-3. [Set Terraform Configuration Variables](#Set-Terraform-Configuration-Variables)
-4. [Deploy Terraform Configuration](#Deploy-Terraform-Configuration)
+1. [Configure the Terraform Backend](#Configure-the-Terraform-Backend)
+1. [Set Terraform Configuration Variables](#Set-Terraform-Configuration-Variables)
+1. [Deploy Terraform Configuration](#Deploy-Terraform-Configuration)
 
 ### Prepare the Terraform provider cache
 
@@ -28,7 +32,23 @@ src/provider_archive/unzipprovider.sh
 
 The MLZ deployment architecture uses a single Service Principal whose credentials are stored in a central "config" Key Vault. Terraform state storage is distributed into a seperate storage account for each tier. When deploying the MLZ architecture, all tiers can be deployed into a single subscription or each tier can be deployed into it's on subscription.
 
-Create the `mlz_tf_cfg.var` file using the `mlz_tf_cfg.var.sample` as the template. The information in the `mlz_tf_cfg.var` file, along with the parameter values provided when executing the `mlz_tf_setup.sh` script will be used by the `mlz_tf_setup.sh` script to automatically create and populate the `config.vars` file for each tier. The `config.vars` files that get generated by executing the `mlz_tf_setup.sh` script will saved inside the deployment folder for each tier (example: \src\core\tier-0\config.vars).
+1. Create the `mlz_tf_cfg.var` file using the `mlz_tf_cfg.var.sample` as a template.
+
+The information in the `mlz_tf_cfg.var` file, will be used by `mlz_tf_setup.sh` to create and populate a `config.vars` file for each tier and saved inside the deployment folder for each tier (example: \src\core\tier-0\config.vars).
+
+For example:
+
+```plaintext
+mlz_env_name="{MLZ_ENV_NAME}"
+mlz_config_location="{MLZ_CONFIG_LOCATION}"
+```
+
+Would become:
+
+```plaintext
+mlz_env_name="dev"
+mlz_config_location="eastus"
+```
 
 1. Run `mlz_tf_setup.sh` at [scripts/mlz_tf_setup.sh](scripts/mlz_tf_setup.sh) to create:
 
@@ -40,11 +60,11 @@ Create the `mlz_tf_cfg.var` file using the `mlz_tf_cfg.var.sample` as the templa
 - Tier specific Terraform backend config files
 
 ```bash
-# usage mlz_tf_setup.sh: <mlz_tf_cfg.var path> <enclave name> <location>
+# usage mlz_tf_setup.sh: <mlz_tf_cfg.var path>
 
 chmod u+x scripts/mlz_tf_setup.sh
 
-scripts/mlz_tf_setup.sh src/core/mlz_tf_cfg.var eastus public
+scripts/mlz_tf_setup.sh src/core/mlz_tf_cfg.var
 ```
 
 ### Set Terraform Configuration Variables
@@ -112,7 +132,7 @@ For more endpoint mappings between AzureCloud and AzureUsGovernment: <https://do
 
 This project welcomes contributions and suggestions. Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+the rights to use your contribution. For details, visit <https://cla.opensource.microsoft.com/>.
 
 When you submit a pull request, a CLA bot will automatically determine whether you need to provide
 a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions

scripts/config/config_create.sh

@@ -14,20 +14,18 @@ error_log() {
 }
 
 usage() {
- echo "${0}: Create Terraform module config resources"
- error_log "usage: ${0} <mlz tf config vars> <enclave name> <location> <tf subscription id> <path to terraform module>"
+ echo "config_create.sh: Create Terraform module config resources"
+ error_log "usage: config_create.sh <mlz config> <tf subscription id> <path to terraform module>"
 }
 
-if [[ "$#" -lt 4 ]]; then
+if [[ "$#" -lt 3 ]]; then
  usage
  exit 1
 fi
 
 mlz_tf_cfg=$(realpath "${1}")
-enclave_name=$2
-location=$3
-tf_sub_id=$4
-tf_dir=$(realpath "${5}")
+tf_sub_id=$2
+tf_dir=$(realpath "${3}")
 
 # source MLZ config vars
 . "${mlz_tf_cfg}"
@@ -36,15 +34,15 @@ tf_dir=$(realpath "${5}")
 tf_name=$(basename "${tf_dir}")
 
 # generate names
-. "${BASH_SOURCE%/*}"/generate_names.sh "${tf_config_subid}" "${enclave_name}" "${tf_sub_id}" "${tf_name}"
+. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}"
 
 # create TF Resource Group and Storage Account for Terraform State files
 echo "Validating Resource Group for Terraform state..."
 if [[ -z $(az group show --name "${tf_rg_name}" --subscription "${tf_sub_id}" --query name --output tsv) ]];then
  echo "Resource Group does not exist...creating resource group ${tf_rg_name}"
  az group create \
  --subscription "${tf_sub_id}" \
- --location "${location}" \
+ --location "${mlz_config_location}" \
  --name "${tf_rg_name}"
 else
  echo "Resource Group already exists...getting resource group"
@@ -57,7 +55,7 @@ if [[ -z $(az storage account show --name "${tf_sa_name}" --subscription "${tf_s
  --name "${tf_sa_name}" \
  --subscription "${tf_sub_id}" \
  --resource-group "${tf_rg_name}" \
- --location "${location}" \
+ --location "${mlz_config_location}" \
  --sku Standard_LRS \
  --output none
 
@@ -81,4 +79,4 @@ else
 fi
 
 # generate a config.vars file
-. "${BASH_SOURCE%/*}"/generate_vars.sh "${tf_config_subid}" "${enclave_name}" "${tf_sub_id}" "${tf_name}" "${tf_dir}"
+. "${BASH_SOURCE%/*}"/generate_vars.sh "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}" "${tf_dir}"

scripts/config/config_validate.sh

@@ -10,11 +10,17 @@
 #
 # Validates the existence of resources required to run Terraform init and apply scripts
 
-PGM=$(basename "${0}")
+error_log() {
+ echo "${1}" 1>&2;
+}
+
+usage() {
+ echo "config_validate.sh : Validates the existence of resources required to run Terraform init and apply scripts"
+ error_log "usage: config_validate.sh <terraform configuration directory>"
+}
 
 if [[ "$#" -lt 1 ]]; then
- echo "${0}: Validates the existence of resources required to run Terraform init and apply scripts using a variables file for input"
- echo "usage: ${PGM} <terraform configuration directory>"
+ usage
  exit 1
 fi
 

scripts/config/generate_names.sh

@@ -3,44 +3,50 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 #
+# shellcheck disable=SC1090,SC1091,SC2154
+# SC1090: Can't follow non-constant source. Use a directive to specify location.
+# SC1091: Not following. Shellcheck can't follow non-constant source.
+# SC2154: "var is referenced but not assigned". These values come from an external file.
 #
+# Generate MLZ resource names
 
 error_log() {
  echo "${1}" 1>&2;
 }
 
 usage() {
- echo "${0}: Generate MLZ resource names"
- error_log "usage: ${0} <mlz config subscription ID> <enclave name> <optional tf sub id> <optional tf name>"
+ echo "generate_names.sh: Generate MLZ resource names"
+ error_log "usage: generate_names.sh <mlz config> <tf sub id> <tf name>"
 }
 
-if [[ "$#" -lt 2 ]]; then
+if [[ "$#" -lt 1 ]]; then
  usage
  exit 1
 fi
 
-mlz_sub_id_raw=$1
-mlz_enclave_name_raw=$2
+mlz_config=$(realpath "${1}")
+tf_sub_id_raw=${2:-notset}
+tf_name_raw=${3:-notset}
 
-tf_sub_id_raw=${3:-notset}
-tf_name_raw=${4:-notset}
+# source variables from MLZ config
+. "${mlz_config}"
 
 # remove hyphens for resource naming restrictions
 # in the future, do more cleansing
-mlz_sub_id_clean="${mlz_sub_id_raw//-}"
-mlz_enclave_name="${mlz_enclave_name_raw//-}"
+mlz_sub_id_clean="${mlz_config_subid//-}"
+mlz_env_name_clean="${mlz_env_name//-}"
 
 # Universal names
 export container_name="tfstate"
 
 # MLZ naming patterns
 mlz_prefix="mlz-tf"
-mlz_sp_name_full="sp-${mlz_prefix}-${mlz_enclave_name}"
-mlz_sa_name_full="mlztfsa${mlz_enclave_name}${mlz_sub_id_clean}"
-mlz_kv_name_full="mlzkv${mlz_enclave_name}${mlz_sub_id_clean}"
+mlz_sp_name_full="sp-${mlz_prefix}-${mlz_env_name_clean}"
+mlz_sa_name_full="mlztfsa${mlz_env_name_clean}${mlz_sub_id_clean}"
+mlz_kv_name_full="mlzkv${mlz_env_name_clean}${mlz_sub_id_clean}"
 
 # Name MLZ config resources
-export mlz_rg_name="rg-${mlz_prefix}-${mlz_enclave_name}"
+export mlz_rg_name="rg-${mlz_prefix}-${mlz_env_name_clean}"
 export mlz_sp_name="${mlz_sp_name_full}"
 export mlz_sp_kv_name="${mlz_sp_name_full}-clientid"
 export mlz_sp_kv_password="${mlz_sp_name_full}-pwd"
@@ -55,9 +61,9 @@ if [[ $tf_name_raw != "notset" ]]; then
 
  # TF naming patterns
  tf_prefix="tf-${tf_name}"
- tf_sa_name_full="tfsa${tf_name}${mlz_enclave_name}${tf_sub_id_clean}"
+ tf_sa_name_full="tfsa${tf_name}${mlz_env_name_clean}${tf_sub_id_clean}"
 
  # Name TF config resources
- export tf_rg_name="rg-${tf_prefix}-${mlz_enclave_name}"
+ export tf_rg_name="rg-${tf_prefix}-${mlz_env_name_clean}"
  export tf_sa_name="${tf_sa_name_full:0:24}" # take the 24 characters of the storage account name
 fi

scripts/config/generate_vars.sh

@@ -14,36 +14,34 @@ error_log() {
 }
 
 usage() {
- echo "${0}: Generate a config.vars file at a given Terraform directory"
- error_log "usage: ${0} <mlz config subscription ID> <enclave name> <tf sub id> <tf name> <tf dir>"
+ echo "generate_vars.sh: Generate a config.vars file at a given Terraform directory"
+ error_log "usage: generate_vars.sh <mlz config> <tf sub id> <tf name> <tf dir>"
 }
 
-if [[ "$#" -lt 5 ]]; then
+if [[ "$#" -lt 4 ]]; then
  usage
  exit 1
 fi
 
-mlz_sub_id=$1
-mlz_enclave_name=$2
-
-tf_sub_id=${3}
-tf_name=${4}
-tf_dir=$(realpath "${5}")
+mlz_tf_cfg=$1
+tf_sub_id=${2}
+tf_name=${3}
+tf_dir=$(realpath "${4}")
 
 # generate names
-. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_sub_id}" "${mlz_enclave_name}" "${tf_sub_id}" "${tf_name}"
+. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}"
 
 # generate a config.vars file
 config_vars="${tf_dir}/config.vars"
 rm -f "$config_vars"
 touch "$config_vars"
 {
  echo "tenant_id=${mlz_tenantid}"
- echo "mlz_cfg_sub_id=${tf_config_subid}"
+ echo "mlz_env_name=${mlz_env_name}"
+ echo "mlz_cfg_sub_id=${mlz_config_subid}"
  echo "mlz_cfg_kv_name=${mlz_kv_name}"
  echo "sub_id=${tf_sub_id}"
- echo "enclave=${mlz_enclave_name}"
- echo "location=${location}"
+ echo "location=${mlz_config_location}"
  echo "tf_be_rg_name=${tf_rg_name}"
  echo "tf_be_sa_name=${tf_sa_name}"
  echo "sp_client_id_secret_name=${mlz_sp_kv_name}"

scripts/config/mlz_config_create.sh

@@ -14,8 +14,8 @@ error_log() {
 }
 
 usage() {
- echo "${0}: Create MLZ config resources"
- error_log "usage: ${0} <mlz tf config vars> <enclave name> <location>"
+ echo "mlz_config_create.sh: Create MLZ config resources"
+ error_log "usage: mlz_config_create.sh <mlz config>"
 }
 
 if [[ "$#" -lt 3 ]]; then
@@ -24,14 +24,12 @@ if [[ "$#" -lt 3 ]]; then
 fi
 
 mlz_tf_cfg=$(realpath "${1}")
-enclave_name=$2
-location=$3
 
 # Source variables
 . "${mlz_tf_cfg}"
 
 # generate MLZ configuration names
-. "${BASH_SOURCE%/*}"/generate_names.sh "${tf_config_subid}" "${enclave_name}"
+. "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_tf_cfg}"
 
 # Create Azure AD application registration and Service Principal
 echo "Verifying Service Principal is unique (${mlz_sp_name})"
@@ -40,7 +38,7 @@ if [[ -z $(az ad sp list --filter "displayName eq '${mlz_sp_name}'" --query "[].
  sp_pwd=$(az ad sp create-for-rbac \
  --name "http://${mlz_sp_name}" \
  --role Contributor \
- --scopes "/subscriptions/${tf_config_subid}" "/subscriptions/${mlz_saca_subid}" "/subscriptions/${mlz_tier0_subid}" "/subscriptions/${mlz_tier1_subid}" "/subscriptions/${mlz_tier2_subid}" \
+ --scopes "/subscriptions/${mlz_config_subid}" "/subscriptions/${mlz_saca_subid}" "/subscriptions/${mlz_tier0_subid}" "/subscriptions/${mlz_tier1_subid}" "/subscriptions/${mlz_tier2_subid}" \
  --query password \
  --output tsv)
 else
@@ -61,24 +59,24 @@ sp_objid=$(az ad sp show \
  --output tsv)
 
 # Validate or create Terraform Config resource group
-if [[ -z $(az group show --name "${mlz_rg_name}" --subscription "${tf_config_subid}" --query name --output tsv) ]];then
+if [[ -z $(az group show --name "${mlz_rg_name}" --subscription "${mlz_config_subid}" --query name --output tsv) ]];then
  echo "Resource Group does not exist...creating resource group ${mlz_rg_name}"
  az group create \
- --subscription "${tf_config_subid}" \
- --location "${location}" \
+ --subscription "${mlz_config_subid}" \
+ --location "${mlz_config_location}" \
  --name "${mlz_rg_name}"
 else
  echo "Resource Group already exists...getting resource group"
 fi
 
 # Create Key Vault
-if [[ -z $(az keyvault show --name "${mlz_kv_name}" --subscription "${tf_config_subid}" --query name --output tsv) ]];then
+if [[ -z $(az keyvault show --name "${mlz_kv_name}" --subscription "${mlz_config_subid}" --query name --output tsv) ]];then
  echo "Key Vault ${mlz_kv_name} does not exist...creating Key Vault"
  az keyvault create \
  --name "${mlz_kv_name}" \
- --subscription "${tf_config_subid}" \
+ --subscription "${mlz_config_subid}" \
  --resource-group "${mlz_rg_name}" \
- --location "${location}" \
+ --location "${mlz_config_location}" \
  --output none
  echo "Key Vault ${mlz_kv_name} created!"
 fi
@@ -87,7 +85,7 @@ fi
 echo "Setting Access Policy for Service Principal..."
 az keyvault set-policy \
  --name "${mlz_kv_name}" \
- --subscription "${tf_config_subid}" \
+ --subscription "${mlz_config_subid}" \
  --resource-group "${mlz_rg_name}" \
  --object-id "${sp_objid}" \
  --secret-permissions get list set \
@@ -98,14 +96,14 @@ echo "Access Policy for Service Principal set!"
 echo "Updating KeyVault with Service Principal secrets..."
 az keyvault secret set \
  --name "${mlz_sp_kv_password}" \
- --subscription "${tf_config_subid}" \
+ --subscription "${mlz_config_subid}" \
  --vault-name "${mlz_kv_name}" \
  --value "${sp_pwd}" \
  --output none
 
 az keyvault secret set \
  --name "${mlz_sp_kv_name}" \
- --subscription "${tf_config_subid}" \
+ --subscription "${mlz_config_subid}" \
  --vault-name "${mlz_kv_name}" \
  --value "${sp_clientid}" \
  --output none