radix-platform
radix-platform copied to clipboard
equinor
Radix Terraform Provider
Make it easier to deploy radix application in their existing Infrastructure as Code (IaC) tooling. Might be an option to avoid managing azure resources ourselves, or in combination
- Register Application (insert users deploy key / webhook secret)
- Configure workload identities
- Approve private links?
- Configure/Override Secrets (restart after update)?
- Configure/Override Variables (restart after update)?
- target cluster
- Read public deploy key, webhook secret, oidc issuers
https://www.hashicorp.com/blog/writing-custom-terraform-providers
data radix_cluster this {
id = weekly-38
#name = dev / playground / platform / c2
}
# Generate an ssh key using provider "hashicorp/tls"
resource "tls_private_key" "example_repository_deploy_key" {
algorithm = "ED25519"
}
# Add the ssh key as a deploy key
resource "github_repository_deploy_key" "example_repository_deploy_key" {
title = "Repository test key"
repository = "test-repo"
key = tls_private_key.example_repository_deploy_key.public_key_openssh
read_only = true
}
resource radix_registration this {
cluster = data.radix_cluster.this.id
name = myapp
github_repository = "github.com/foo.git"
github_branch = "main"
radix_config = "radixconfig.yaml"
configuration_item = 123456
administrators = ["sosj", "rihag"]
deploy_key = tls_private_key.example_repository_deploy_key.public_key_openssh
webhook_secret = data.azurerm_keyvault_secret.webhook_secret.value
build_deploy_on_create = true
}
resource radix_secret my_pass {
application = radix_registration.this.id
environment = dev
name = my_pass
secret = data.azurerm_keyvault_secret.password.value
restart_on_change = false
}
resource radix_variable my_var {
application = radix_registration.this.id
environment = dev
name = my_var
value = data.radix_cluster.this.oidc_issuer[0]
restart_on_change = true
}
resource "azurerm_user_assigned_identity" "main" {
name = local.managed_id_name
location = azurerm_servicebus_namespace.main.location
resource_group_name = azurerm_servicebus_namespace.main.resource_group_name
}
resource "azurerm_federated_identity_credential" "web" {
for_each = data.radix_cluster.this.radix_oidc_issuer_urls
audience = ["api://AzureADTokenExchange"]
issuer = each.value
name = "${each.key}_web"
resource_group_name = azurerm_servicebus_namespace.main.resource_group_name
subject = "system:serviceaccount:${radix_registration.this.name}-dev:web-sa"
parent_id = azurerm_user_assigned_identity.main.id
}
output "client_id" {
value = azurerm_user_assigned_identity.main.client_id
}
package main
import (
"github.com/hashicorp/terraform/helper/schema"
)
func main() {
plugin.Serve(&plugin.ServeOpts{
ProviderFunc: func() *schema.Provider {
return Provider()
},
})
}
func Provider() *schema.Provider {
return &schema.Provider{
ResourcesMap: map[string]*schema.Resource{
"radix_application": radixApplicationResource(),
},
}
}
func radixApplicationResource() *schema.Resource {
return &schema.Resource{
Create: applicationCreate,
Read: resourceServerRead,
Update: resourceServerUpdate,
Delete: resourceServerDelete,
Schema: map[string]*schema.Schema{
"address": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
}
}
func applicationCreate(d *schema.ResourceData, m interface{}) error {
return nil
}
func applicationRead(d *schema.ResourceData, m interface{}) error {
return nil
}
func applicationUpdate(d *schema.ResourceData, m interface{}) error {
return nil
}
func aapplicationDelete(d *schema.ResourceData, m interface{}) error {
return nil
}
