docs

pagopa · Sep 27, 2023 · f10cf31 · f10cf31
1 parent f81c6f6
commit f10cf31
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 21 deletions.
diff --git a/azure_devops_agent_custom_image/README.md b/azure_devops_agent_custom_image/README.md
@@ -10,16 +10,9 @@ Install packer [here](https://developer.hashicorp.com/packer/tutorials/docker-ge
 
 This module must be runned manually to create the image that will be later used
 
-This module uses interactive authentication to access your target subscription. While running terraform be sure to check for the authentication code and link to enable packer to access your subscription
-you will be prompted with a message like the following
+The final image is built in a temporary resource group, named after the build resource group name passed in input, combined with a random code. This resource group, for technical limitations, is kept in the subscription and deleted upon the next image build (the image name/version has to change in order to trigger the deletion)
 
-```
-module.azdoa_custom_image.null_resource.build_packer_image (local-exec): ==> azure-arm.ubuntu: Microsoft Azure: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CTJELKS6T to authenticate.
-```
-
-you will be asked for auth access two times at the beginning of the build
-
-Then, you can simply pick up the built image name from the log, and configure it to be used as base image for your vm or scale set
+Once done, you can simply pick up the built image name from the log, and configure it to be used as base image for your vm or scale set
 The image name will be found in the logs, in the following line
 
 ```
@@ -41,6 +34,9 @@ module "azdoa_custom_image" {
   image_name          = "my_image_name"
   image_version       = "v1"
   subscription_id     = data.azurerm_subscription.current.subscription_id
+  prefix              = "devopla"
+  
+  tags = var.tags
 }
 
 ```
@@ -64,7 +60,18 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [azuread_application.packer_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application) | resource |
+| [azuread_application_password.velero_application_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_password) | resource |
+| [azuread_service_principal.packer_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal) | resource |
+| [azuread_service_principal_password.packer_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password) | resource |
+| [azurerm_resource_group.build_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_role_assignment.packer_sp_build_rg_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.packer_sp_rg_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.packer_sp_sub_reader_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [null_resource.build_packer_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [random_id.rg_randomizer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [azuread_client_config.current](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/client_config) | data source |
+| [azurerm_resource_group.target_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 
 ## Inputs
 
@@ -74,10 +81,12 @@ No modules.
 | <a name="input_base_image_publisher"></a> [base\_image\_publisher](#input\_base\_image\_publisher) | (Optional) - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set#source_image_reference | `string` | `"Canonical"` | no |
 | <a name="input_base_image_sku"></a> [base\_image\_sku](#input\_base\_image\_sku) | (Optional) - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set#source_image_reference | `string` | `"22_04-lts-gen2"` | no |
 | <a name="input_base_image_version"></a> [base\_image\_version](#input\_base\_image\_version) | (Optional) - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set#source_image_reference | `string` | `"latest"` | no |
+| <a name="input_build_rg_name"></a> [build\_rg\_name](#input\_build\_rg\_name) | (Optional) Packer build temporary resource group name | `string` | `"tmp-packer-build"` | no |
 | <a name="input_force_replacement"></a> [force\_replacement](#input\_force\_replacement) | (Optional) Wheather if the image should be deleted and recreated even if already existing | `bool` | `false` | no |
 | <a name="input_image_name"></a> [image\_name](#input\_image\_name) | (Required) name assigned to the generated image. Note that the pair <image\_name, image\_version> must be unique and not already existing | `string` | n/a | yes |
 | <a name="input_image_version"></a> [image\_version](#input\_image\_version) | (Required) Version assigned to the generated image. Note that the pair <image\_name, image\_version> must be unique and not already existing | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | (Required) prefix used in resource creation | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the Resource Group in which the custom image will be created | `string` | n/a | yes |
 | <a name="input_subscription_id"></a> [subscription\_id](#input\_subscription\_id) | (Required) Azure subscription id | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | n/a | yes |

diff --git a/azure_devops_agent_custom_image/main.tf b/azure_devops_agent_custom_image/main.tf
@@ -11,7 +11,7 @@ data "azurerm_resource_group" "target_resource_group" {
 
 resource "random_id" "rg_randomizer" {
   keepers = {
-    image_name = var.image_name
+    image_name    = var.image_name
     image_version = var.image_version
   }
   byte_length = 8
@@ -51,10 +51,10 @@ resource "azurerm_role_assignment" "packer_sp_rg_role" {
 
 resource "azurerm_resource_group" "build_rg" {
   location = var.location
-  name     = "${var.tmp_rg_name}-${random_id.rg_randomizer.hex}"
+  name     = "${var.build_rg_name}-${random_id.rg_randomizer.hex}"
 }
 
-resource "azurerm_role_assignment" "packer_sp_tmp_rg_role" {
+resource "azurerm_role_assignment" "packer_sp_build_rg_role" {
   scope                = azurerm_resource_group.build_rg.id
   role_definition_name = "Owner"
   principal_id         = azuread_service_principal.packer_sp.object_id
@@ -76,7 +76,7 @@ resource "null_resource" "build_packer_image" {
   }
 
   depends_on = [
-    azurerm_role_assignment.packer_sp_tmp_rg_role,
+    azurerm_role_assignment.packer_sp_build_rg_role,
     azurerm_resource_group.build_rg,
     azuread_application.packer_application
   ]
@@ -105,7 +105,7 @@ resource "null_resource" "build_packer_image" {
     -var "location=${var.location}" \
     -var "client_id=${azuread_application.packer_application.application_id}" \
     -var "client_secret=${azuread_application_password.velero_application_password.value}" \
-    -var "tmp_rg_name=${azurerm_resource_group.build_rg.name}" \
+    -var "build_rg_name=${azurerm_resource_group.build_rg.name}" \
     .
     EOT
   }

diff --git a/azure_devops_agent_custom_image/packer/azdo-agent.pkr.hcl b/azure_devops_agent_custom_image/packer/azdo-agent.pkr.hcl
@@ -21,7 +21,7 @@ source "azure-arm" "ubuntu" {
   managed_image_name                = "${var.target_image_name}"
   managed_image_resource_group_name = var.target_resource_group_name
 
-  build_resource_group_name          = var.tmp_rg_name
+  build_resource_group_name          = var.build_rg_name
 
 #  location                          = var.location
   ssh_username                      = "packer"

diff --git a/azure_devops_agent_custom_image/packer/variables.pkr.hcl b/azure_devops_agent_custom_image/packer/variables.pkr.hcl
@@ -56,7 +56,7 @@ variable "client_secret" {
   description = "(Required) service principal client secret"
 }
 
-variable "tmp_rg_name" {
+variable "build_rg_name" {
   type        = string
   description = "(Required) temporary build resource group name"
 }

diff --git a/azure_devops_agent_custom_image/variables.tf b/azure_devops_agent_custom_image/variables.tf
@@ -46,6 +46,7 @@ variable "base_image_sku" {
   default     = "22_04-lts-gen2"
   description = "(Optional) - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set#source_image_reference"
 }
+
 variable "base_image_version" {
   type        = string
   default     = "latest"
@@ -62,13 +63,13 @@ variable "tags" {
   type = map(any)
 }
 
-
 variable "prefix" {
-  type = string
+  type        = string
   description = "(Required) prefix used in resource creation"
 }
-variable "tmp_rg_name" {
-  type = string
+
+variable "build_rg_name" {
+  type        = string
   description = "(Optional) Packer build temporary resource group name"
-  default = "tmp-packer-build"
+  default     = "tmp-packer-build"
 }