Skip to content

Cosmo-Tech/terraform-azure-cosmotech-tenant

BranchesTags

Repository files navigation

Requirements

Name Version
terraform >= 1.3.9
azuread 2.48.0
azurerm ~>3.54.0
helm 2.9.0
http 3.4.0
kubectl 2.0.4
kubernetes 2.20.0

Providers

Name Version
azurerm ~>3.54.0

Modules

Name Source Version
azure-tenant-prerequisites ./azure-tenant-prerequisites n/a
azure-tenant-resources ./azure-tenant-resources n/a
create-vault-entries ./create-vault-entries n/a
platform-tenant-resources Cosmo-Tech/cosmotech-tenant/kubernetes 0.1.5

Resources

Name Type
azurerm_resource_group.tenant_rg resource
azurerm_kubernetes_cluster.current data source
azurerm_public_ip.current data source
azurerm_resource_group.current data source
azurerm_resource_group.tenant_rg data source
azurerm_virtual_network.current data source

Inputs

Name Description Type Default Required
api_dns_name n/a string n/a yes
cluster_name Cluster name string n/a yes
common_platform_object_id n/a string n/a yes
common_resource_group Existing Resource group which contain common platform resources string n/a yes
cosmotech_api_version n/a string n/a yes
dns_record The DNS zone name to create platform subdomain. Example: myplatform string n/a yes
kubernetes_tenant_namespace The kubernetes namespace to create string n/a yes
network_client_id n/a string n/a yes
owner_list List of mail addresses for App Registration owners list(string) n/a yes
project_name The project name any n/a yes
public_ip_name The public IP resource of the platform string n/a yes
publicip_resource_group n/a string n/a yes
subscription_id The subscription id any n/a yes
tenant_id The tenant id any n/a yes
tenant_resource_group Resource group to create which will contain created Azure resources for this tenant string n/a yes
vnet_name The virtual network of the platform common resources string n/a yes
vnet_resource_group n/a string n/a yes
adt_privatedns_zonename n/a string "privatelink.digitaltwins.azure.net" no
api_replicas n/a number 2 no
api_version_path The API version path string "v3-1" no
archive_ttl n/a string "3d" no
argo_minio_persistence_size n/a string "16Gi" no
argo_minio_requests_memory n/a string "2Gi" no
audience The App Registration audience type string "AzureADMultipleOrgs" no
auto_stop_kusto Specifies if the cluster could be automatically stopped bool false no
babylon_client_id n/a string "" no
babylon_client_secret n/a string "" no
babylon_sp_object_id n/a string "" no
blob_privatedns_zonename n/a string "privatelink.blob.core.windows.net" no
chart_package_version The version of the Cosmo Tech API chart to deploy string "3.1.2" no
client_id The client id string "" no
client_secret The client secret string "" no
cluster_issuer_name n/a string "letsencrypt-prod" no
cosmotech_api_ingress_enabled n/a bool true no
cosmotech_api_persistence_size n/a string "8Gi" no
cosmotech_api_persistence_storage_class n/a string "azurefile-csi" no
cost_center The value associated to a resource (tag) string "NA" no
create_adx Whether to create Azure digital explorer bool true no
create_babylon Create the Azure Active Directory Application for Babylon bool true no
create_cosmosdb Whether to create CosmosDB (only for API version < 2.4) bool false no
create_dnsrecord Create the DNS record bool false no
create_eventhub Whether to create Azure Event Hub resources bool true no
create_powerbi Create the Azure Active Directory Application for PowerBI bool false no
create_publicip Create the public IP for the platform bool false no
create_rabbitmq Whether to create RabbitMQ resources bool false no
create_restish Create the Azure Active Directory Application for Restish bool false no
create_secrets Create secrets for newly created app registrations bool true no
create_vault_entries Custom module used to automatically retrieve Cosmo Tech Platform values and fill Vault in order to be used by Babylon bool false no
create_webapp Create the Azure Active Directory Application for WebApp bool false no
customer_name The customer name string "cosmotech" no
customertag n/a string "" no
deployment_type Represents the kind of deployment. Currently two modes: ARM or Terraform string "Terraform" no
dns_zone_name The DNS zone name to create platform subdomain. Example: api.cosmotech.com string "api.cosmotech.com" no
dns_zone_rg The DNS zone resource group string "phoenix" no
eventhub_privatedns_zonename n/a string "privatelink.servicebus.windows.net" no
identifier_uri The platform identifier uri string "" no
image_path n/a string "./cosmotech.png" no
kubernetes_version Azure Kubernetes Service version string "1.26.6" no
kusto_instance_type n/a string "Standard_D12_v2" no
kusto_privatedns_zonename n/a string "privatelink.kusto.core.windows.net" no
kustonr_instances n/a number 2 no
list_apikey_allowed n/a 
list(object({
    name           = string
    apiKey         = string
    associatedRole = string
    securedUris    = list(string)
  }))
 
[
  {
    "apiKey": "",
    "associatedRole": "",
    "name": "",
    "securedUris": []
  }
]
 no
location The Azure location string "West Europe" no
monitoring_enabled n/a string "true" no
monitoring_namespace n/a string "cosmotech-monitoring" no
network_client_secret n/a string "" no
network_sp_object_id The object id of the network service principal string "" no
organization_name n/a string "" no
platform_name The platform id for babylon v4 string "" no
platform_url The platform url string "" no
project_stage The platform stage string "Dev" no
public_network_access_enabled n/a bool false no
queue_privatedns_zonename n/a string "privatelink.queue.core.windows.net" no
redis_port n/a number 6379 no
storage_class_sku n/a string "Standard_LRS" no
storage_kind n/a string "StorageV2" no
table_privatedns_zonename n/a string "privatelink.table.core.windows.net" no
tenant_client_id n/a string "" no
tenant_client_secret n/a string "" no
tenant_group_id The object id of the platform group string "" no
tenant_sp_name The name of the platform on which we deploy the tenant string "" no
tenant_sp_object_id The object id of the platform service principal string "" no
tenant_virtual_network_address_prefix The Virtual Network IP range. Minimum /26 NetMaskLength string "10.40.0.0/16" no
tenant_virtual_subnet_network_address_prefix n/a string "10.40.0.0/24" no
tf_access_key Variable to be used with backend remote option :
First set necessary vars:
- export TF_VAR_tf_access_key="some_value"
Then call terraform init:
terraform init <br> -backend-config "resource_group_name=$TF_VAR_tf_resource_group_name" <br> -backend-config "storage_account_name=$TF_VAR_tf_storage_account_name" <br> -backend-config "container_name=$TF_VAR_tf_container_name" <br> -backend-config "key=$TF_VAR_tf_blob_name" <br> -backend-config "access_key=$TF_VAR_tf_access_key"		 string "" no
tf_blob_name_tenant Variable to be used with backend remote option :
First set necessary vars:
- export TF_VAR_tf_blob_name="some_value"
Then call terraform init:
terraform init <br> -backend-config "resource_group_name=$TF_VAR_tf_resource_group_name" <br> -backend-config "storage_account_name=$TF_VAR_tf_storage_account_name" <br> -backend-config "container_name=$TF_VAR_tf_container_name" <br> -backend-config "key=$TF_VAR_tf_blob_name" <br> -backend-config "access_key=$TF_VAR_tf_access_key"		 string "" no
tf_container_name Variable to be used with backend remote option :
First set necessary vars:
- export TF_VAR_tf_container_name="some_value"
Then call terraform init:
terraform init <br> -backend-config "resource_group_name=$TF_VAR_tf_resource_group_name" <br> -backend-config "storage_account_name=$TF_VAR_tf_storage_account_name" <br> -backend-config "container_name=$TF_VAR_tf_container_name" <br> -backend-config "key=$TF_VAR_tf_blob_name" <br> -backend-config "access_key=$TF_VAR_tf_access_key"		 string "" no
tf_resource_group_name Variable to be used with backend remote option :
First set necessary vars:
- export TF_VAR_tf_resource_group_name="some_value"
Then call terraform init:
terraform init <br> -backend-config "resource_group_name=$TF_VAR_tf_resource_group_name" <br> -backend-config "storage_account_name=$TF_VAR_tf_storage_account_name" <br> -backend-config "container_name=$TF_VAR_tf_container_name" <br> -backend-config "key=$TF_VAR_tf_blob_name" <br> -backend-config "access_key=$TF_VAR_tf_access_key"		 string "" no
tf_storage_account_name Variable to be used with backend remote option :
First set necessary vars:
- export TF_VAR_tf_storage_account_name="some_value"
Then call terraform init:
terraform init <br> -backend-config "resource_group_name=$TF_VAR_tf_resource_group_name" <br> -backend-config "storage_account_name=$TF_VAR_tf_storage_account_name" <br> -backend-config "container_name=$TF_VAR_tf_container_name" <br> -backend-config "key=$TF_VAR_tf_blob_name" <br> -backend-config "access_key=$TF_VAR_tf_access_key"		 string "" no
tls_certificate_custom_certificate n/a string "" no
tls_certificate_custom_key n/a string "" no
tls_certificate_type n/a string "let_s_encrypt" no
user_app_role App role for azuread_application 
list(object({
    description  = string
    display_name = string
    id           = string
    role_value   = string
  }))
 
[
  {
    "description": "Workspace Writer",
    "display_name": "Workspace Writer",
    "id": "3f7ba86c-9940-43c8-a54d-0bfb706da136",
    "role_value": "Workspace.Writer"
  },
  {
    "description": "Workspace Reader",
    "display_name": "Workspace Reader",
    "id": "73ce2073-d918-4fe1-bc24-a4e69db07db8",
    "role_value": "Workspace.Reader"
  },
  {
    "description": "Solution Writer",
    "display_name": "Solution Writer",
    "id": "4f6e62a3-7f0a-4396-9620-ab465cd6577b",
    "role_value": "Solution.Writer"
  },
  {
    "description": "Solution Reader",
    "display_name": "Solution Reader",
    "id": "cf1a8625-38d9-417b-a5b9-a27c0014e740",
    "role_value": "Solution.Reader"
  },
  {
    "description": "ScenarioRun Writer",
    "display_name": "ScenarioRun Writer",
    "id": "ca8a2a19-3e09-48cc-976b-85ec9de4f68a",
    "role_value": "ScenarioRun.Writer"
  },
  {
    "description": "ScenarioRun Reader",
    "display_name": "ScenarioRun Reader",
    "id": "bdc8fe2a-73a8-477d-9efa-d8a37a4eb0f7",
    "role_value": "ScenarioRun.Reader"
  },
  {
    "description": "Scenario Writer",
    "display_name": "Scenario Writer",
    "id": "8fb9d03e-c46d-4003-a2a6-34d8b506e4e7",
    "role_value": "Scenario.Writer"
  },
  {
    "description": "Scenario Reader",
    "display_name": "Scenario Reader",
    "id": "e07dab65-4200-4502-8e36-79ca687320d9",
    "role_value": "Scenario.Reader"
  },
  {
    "description": "Organization Writer",
    "display_name": "Organization Writer",
    "id": "89d74995-095c-442f-bfda-06a77d3dbaa4",
    "role_value": "Organization.Writer"
  },
  {
    "description": "Organization Reader",
    "display_name": "Organization Reader",
    "id": "96213509-202a-497c-9f60-53c5f85268ec",
    "role_value": "Organization.Reader"
  },
  {
    "description": "Dataset Writer",
    "display_name": "Dataset Writer",
    "id": "c6e5d483-ec2c-4710-bf0c-78b0fda611dc",
    "role_value": "Dataset.Writer"
  },
  {
    "description": "Dataset Reader",
    "display_name": "Dataset Reader",
    "id": "454dc3f5-3012-45b3-bad6-975dae94338c",
    "role_value": "Dataset.Reader"
  },
  {
    "description": "Ability to write connectors",
    "display_name": "Connector Writer",
    "id": "e150953f-4835-4502-b95e-81d9ce97f591",
    "role_value": "Connector.Writer"
  },
  {
    "description": "Organization Viewer",
    "display_name": "Organization Viewer",
    "id": "ec5fdd3c-4df0-4c2f-bdad-0495a49f6e90",
    "role_value": "Organization.Viewer"
  },
  {
    "description": "Organization User",
    "display_name": "Organization User",
    "id": "bb9ffb73-997e-4320-8625-cfe45469aa3c",
    "role_value": "Organization.User"
  },
  {
    "description": "Organization Modeler",
    "display_name": "Organization Modeler",
    "id": "adcdb0a1-1588-4d2b-8657-364e544ac7e1",
    "role_value": "Organization.Modeler"
  },
  {
    "description": "Organization Administrator",
    "display_name": "Organization Admin",
    "id": "04b96a76-d77e-4a9d-967f-c55c857c478c",
    "role_value": "Organization.Admin"
  },
  {
    "description": "Organization Collaborator",
    "display_name": "Organization Collaborator",
    "id": "6f5ec4e3-1f2d-4502-837e-5d9754ea8acb",
    "role_value": "Organization.Collaborator"
  },
  {
    "description": "Ability to develop connectors",
    "display_name": "Connector Developer",
    "id": "428ab58e-ab61-4621-907c-d7908be72df7",
    "role_value": "Connector.Developer"
  },
  {
    "description": "Ability to read connectors",
    "display_name": "Connector Reader",
    "id": "2cd74037-3ccd-4ab7-929d-4afce87be2e4",
    "role_value": "Connector.Reader"
  },
  {
    "description": "Platform Administrator",
    "display_name": "Platform Admin",
    "id": "bb49d61f-8b6a-4a19-b5bd-06a29d6b8e60",
    "role_value": "Platform.Admin"
  }
]
 no
vault_addr The address of the Vault to save current platform configuration values string "" no
vault_token The token of the Vault to save current platform configuration values string "" no
webapp_url The Web Application URL string "" no

Outputs

Name Description
out_acr_login_server n/a
out_adx_uri n/a
out_babylon_client_id n/a
out_babylon_client_secret n/a
out_babylon_principal_id n/a
out_cluster_adx_name n/a
out_cluster_adx_principal_id n/a
out_cosmos_api_scope n/a
out_cosmos_api_url n/a
out_cosmos_api_version_path n/a
out_resource_location n/a
out_storage_account_name n/a
out_storage_account_secret n/a
out_subscription_id n/a
out_tenant_resource_group_name n/a
out_tenant_sp_client_id n/a
out_tenant_sp_object_id n/a

About

No description or website provided.

Topics

devops devops-tools

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 39

1.3.0 Latest
Jul 12, 2024
+ 38 releases

Packages

No packages published

Contributors 10

Languages