From b788a1c4d4b71db0d64237bbab85ae5860caa395 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 10:01:51 +0800 Subject: [PATCH 1/4] Fix 301-service-fabric --- quickstart/301-service-fabric/azuread.tf | 32 ++++++++++++++++-------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/quickstart/301-service-fabric/azuread.tf b/quickstart/301-service-fabric/azuread.tf index 2b9b78b23..bb2eb8ded 100644 --- a/quickstart/301-service-fabric/azuread.tf +++ b/quickstart/301-service-fabric/azuread.tf @@ -1,10 +1,10 @@ # Service Fabric Cluster resource "azuread_application" "cluster" { - name = "${var.name}-cluster-${var.environment}" + display_name = "${var.name}-cluster-${var.environment}" } resource "azuread_service_principal" "cluster" { - application_id = "${azuread_application.cluster.application_id}" + application_id = azuread_application.cluster.application_id } resource "random_string" "cluster_password" { @@ -13,35 +13,45 @@ resource "random_string" "cluster_password" { } resource "azuread_service_principal_password" "cluster" { - service_principal_id = "${azuread_service_principal.cluster.id}" - value = "${random_string.cluster_password.result}" + service_principal_id = azuread_service_principal.cluster.id + value = random_string.cluster_password.result end_date = "2099-01-01T01:00:00Z" } +resource "random_uuid" "admin" { +} + +resource "random_uuid" "reader" { +} + # Service Fabric Client resource "azuread_application" "client" { - name = "${var.name}-client-${var.environment}" - reply_urls = ["https://${azurerm_public_ip.sf.fqdn}:19080/Explorer/index.html"] + display_name = "${var.name}-client-${var.environment}" + redirect_uris = ["https://${azurerm_public_ip.sf.fqdn}:19080/Explorer/index.html"] app_role { + id = random_uuid.admin.result + allowed_member_types = [ "User", ] description = "Admins can manage roles and perform all task actions" display_name = "Admin" - is_enabled = true + enabled = true value = "Admin" } app_role { + id = random_uuid.reader.result + allowed_member_types = [ "User", ] description = "ReadOnly roles have limited query access" display_name = "ReadOnly" - is_enabled = true + enabled = true value = "User" } @@ -57,7 +67,7 @@ resource "azuread_application" "client" { } resource "azuread_service_principal" "client" { - application_id = "${azuread_application.client.application_id}" + application_id = azuread_application.client.application_id } resource "random_string" "client_password" { @@ -66,7 +76,7 @@ resource "random_string" "client_password" { } resource "azuread_service_principal_password" "client" { - service_principal_id = "${azuread_service_principal.client.id}" - value = "${random_string.client_password.result}" + service_principal_id = azuread_service_principal.client.id + value = random_string.client_password.result end_date = "2099-01-01T01:00:00Z" } From e6f71c853a067fb09f1e6c8e89872bd7df53ba1d Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:03:01 +0800 Subject: [PATCH 2/4] update code --- quickstart/301-service-fabric/azuread.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/quickstart/301-service-fabric/azuread.tf b/quickstart/301-service-fabric/azuread.tf index bb2eb8ded..fdca96e63 100644 --- a/quickstart/301-service-fabric/azuread.tf +++ b/quickstart/301-service-fabric/azuread.tf @@ -14,7 +14,6 @@ resource "random_string" "cluster_password" { resource "azuread_service_principal_password" "cluster" { service_principal_id = azuread_service_principal.cluster.id - value = random_string.cluster_password.result end_date = "2099-01-01T01:00:00Z" } @@ -26,8 +25,11 @@ resource "random_uuid" "reader" { # Service Fabric Client resource "azuread_application" "client" { - display_name = "${var.name}-client-${var.environment}" - redirect_uris = ["https://${azurerm_public_ip.sf.fqdn}:19080/Explorer/index.html"] + display_name = "${var.name}-client-${var.environment}" + + web { + redirect_uris = ["https://${azurerm_public_ip.sf.fqdn}:19080/Explorer/index.html"] + } app_role { id = random_uuid.admin.result @@ -77,6 +79,5 @@ resource "random_string" "client_password" { resource "azuread_service_principal_password" "client" { service_principal_id = azuread_service_principal.client.id - value = random_string.client_password.result end_date = "2099-01-01T01:00:00Z" } From e74b16553c0ad599d21367c886792665c88d518a Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 13:45:38 +0800 Subject: [PATCH 3/4] update code --- quickstart/301-service-fabric/keyvault.tf | 88 +++++++++++------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/quickstart/301-service-fabric/keyvault.tf b/quickstart/301-service-fabric/keyvault.tf index 36a78f312..fc1b7d543 100644 --- a/quickstart/301-service-fabric/keyvault.tf +++ b/quickstart/301-service-fabric/keyvault.tf @@ -1,67 +1,67 @@ resource "azurerm_key_vault" "cluster" { - name = "${var.dns_prefix}-${substr(var.name,0,12)}-${var.environment_short}-kv" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - tenant_id = "${data.azurerm_client_config.current.tenant_id}" + name = "${var.dns_prefix}-${substr(var.name, 0, 12)}-${var.environment_short}-kv" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + tenant_id = data.azurerm_client_config.current.tenant_id enabled_for_deployment = true enabled_for_disk_encryption = true enabled_for_template_deployment = true sku_name = "standard" access_policy { - tenant_id = "${data.azurerm_subscription.current.tenant_id}" - object_id = "${var.client_object_id}" + tenant_id = data.azurerm_subscription.current.tenant_id + object_id = var.client_object_id certificate_permissions = [ - "create", - "delete", - "deleteissuers", - "get", - "getissuers", - "import", - "list", - "listissuers", - "managecontacts", - "manageissuers", - "setissuers", - "update", + "Create", + "Delete", + "DeleteIssuers", + "Get", + "GetIssuers", + "Import", + "List", + "ListIssuers", + "ManageContacts", + "ManageIssuers", + "SetIssuers", + "Update", ] key_permissions = [ - "backup", - "create", - "decrypt", - "delete", - "encrypt", - "get", - "import", - "list", - "purge", - "recover", - "restore", - "sign", - "unwrapKey", - "update", - "verify", - "wrapKey", + "Backup", + "Create", + "Decrypt", + "Delete", + "Encrypt", + "Get", + "Import", + "List", + "Purge", + "Recover", + "Restore", + "Sign", + "UnwrapKey", + "Update", + "Verify", + "WrapKey", ] secret_permissions = [ - "backup", - "delete", - "get", - "list", - "purge", - "recover", - "restore", - "set", + "Backup", + "Delete", + "Get", + "List", + "Purge", + "Recover", + "Restore", + "Set", ] } } resource "azurerm_key_vault_certificate" "cluster" { name = "service-fabric-cluster" - key_vault_id = "${azurerm_key_vault.cluster.id}" + key_vault_id = azurerm_key_vault.cluster.id certificate_policy { issuer_parameters { @@ -115,7 +115,7 @@ resource "azurerm_key_vault_certificate" "cluster" { resource "azurerm_key_vault_certificate" "client" { name = "service-fabric-client" - key_vault_id = "${azurerm_key_vault.cluster.id}" + key_vault_id = azurerm_key_vault.cluster.id certificate_policy { issuer_parameters { From 09663cd09f7409570e3100c1fc610b62ea596168 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 20 Nov 2023 10:19:09 +0800 Subject: [PATCH 4/4] update code --- quickstart/301-service-fabric/keyvault.tf | 8 ++- quickstart/301-service-fabric/network.tf | 70 ++++++++++--------- .../301-service-fabric/service_fabric.tf | 37 ++++++---- quickstart/301-service-fabric/vmss.tf | 31 ++++---- 4 files changed, 86 insertions(+), 60 deletions(-) diff --git a/quickstart/301-service-fabric/keyvault.tf b/quickstart/301-service-fabric/keyvault.tf index fc1b7d543..95ef09d3f 100644 --- a/quickstart/301-service-fabric/keyvault.tf +++ b/quickstart/301-service-fabric/keyvault.tf @@ -1,5 +1,11 @@ +resource "random_string" "kv_name_prefix" { + length = 21 + special = false + numeric = false +} + resource "azurerm_key_vault" "cluster" { - name = "${var.dns_prefix}-${substr(var.name, 0, 12)}-${var.environment_short}-kv" + name = "${random_string.kv_name_prefix.result}-kv" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name tenant_id = data.azurerm_client_config.current.tenant_id diff --git a/quickstart/301-service-fabric/network.tf b/quickstart/301-service-fabric/network.tf index 93ea4350e..525bea241 100644 --- a/quickstart/301-service-fabric/network.tf +++ b/quickstart/301-service-fabric/network.tf @@ -5,96 +5,102 @@ locals { resource "azurerm_virtual_network" "default" { name = "${var.name}-vnet" address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name } resource "azurerm_subnet" "default" { name = "${var.name}-default-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - virtual_network_name = "${azurerm_virtual_network.default.name}" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name address_prefix = "10.0.0.0/24" } resource "azurerm_subnet" "sf" { name = "${var.name}-sf-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - virtual_network_name = "${azurerm_virtual_network.default.name}" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name address_prefix = "10.0.1.0/24" } +resource "random_string" "pip_name_prefix" { + length = 17 + special = false + numeric = false +} + resource "azurerm_public_ip" "sf" { - name = "${var.name}-pip" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + name = "${random_string.pip_name_prefix.result}-pip" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name allocation_method = "Dynamic" domain_name_label = "${var.dns_prefix}-${var.name}-${var.environment_short}-sf" } resource "azurerm_lb" "sf" { name = "${var.name}-lb" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name frontend_ip_configuration { - name = "${local.feip_config_name}" - public_ip_address_id = "${azurerm_public_ip.sf.id}" + name = local.feip_config_name + public_ip_address_id = azurerm_public_ip.sf.id } } resource "azurerm_lb_nat_pool" "sf" { name = "${var.name}-nat-pool" - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" + resource_group_name = azurerm_resource_group.default.name + loadbalancer_id = azurerm_lb.sf.id count = "1" protocol = "Tcp" frontend_port_start = 3389 frontend_port_end = 4500 backend_port = 3389 - frontend_ip_configuration_name = "${local.feip_config_name}" + frontend_ip_configuration_name = local.feip_config_name } resource "azurerm_lb_backend_address_pool" "sf" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" + resource_group_name = azurerm_resource_group.default.name + loadbalancer_id = azurerm_lb.sf.id name = "ServiceFabricAddressPool" } # Probes resource "azurerm_lb_probe" "fabric_gateway" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" + resource_group_name = azurerm_resource_group.default.name + loadbalancer_id = azurerm_lb.sf.id name = "${var.name}-probe-19000" port = 19000 } resource "azurerm_lb_probe" "http" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" + resource_group_name = azurerm_resource_group.default.name + loadbalancer_id = azurerm_lb.sf.id name = "${var.name}-probe-19080" port = 19080 } resource "azurerm_lb_rule" "http" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - backend_address_pool_id = "${azurerm_lb_backend_address_pool.sf.id}" - probe_id = "${azurerm_lb_probe.http.id}" + resource_group_name = azurerm_resource_group.default.name + loadbalancer_id = azurerm_lb.sf.id + backend_address_pool_id = azurerm_lb_backend_address_pool.sf.id + probe_id = azurerm_lb_probe.http.id name = "http" protocol = "Tcp" frontend_port = 19080 backend_port = 19080 - frontend_ip_configuration_name = "${local.feip_config_name}" + frontend_ip_configuration_name = local.feip_config_name } resource "azurerm_lb_rule" "fabric_gateway" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - backend_address_pool_id = "${azurerm_lb_backend_address_pool.sf.id}" - probe_id = "${azurerm_lb_probe.fabric_gateway.id}" + resource_group_name = azurerm_resource_group.default.name + loadbalancer_id = azurerm_lb.sf.id + backend_address_pool_id = azurerm_lb_backend_address_pool.sf.id + probe_id = azurerm_lb_probe.fabric_gateway.id name = "fabric_gateway" protocol = "Tcp" frontend_port = 19000 backend_port = 19000 - frontend_ip_configuration_name = "${local.feip_config_name}" + frontend_ip_configuration_name = local.feip_config_name } diff --git a/quickstart/301-service-fabric/service_fabric.tf b/quickstart/301-service-fabric/service_fabric.tf index affb76b9a..c115cfbd9 100644 --- a/quickstart/301-service-fabric/service_fabric.tf +++ b/quickstart/301-service-fabric/service_fabric.tf @@ -1,15 +1,22 @@ +resource "random_string" "sf_name_prefix" { + length = 22 + special = false + numeric = false + upper = false +} + resource "azurerm_storage_account" "sf" { - name = "${var.dns_prefix}${substr(replace(var.name, "-", ""), 0, 16)}sf${var.environment_short}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" + name = "${random_string.sf_name_prefix.result}sf" + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location account_tier = "Standard" account_replication_type = "LRS" } resource "azurerm_service_fabric_cluster" "default" { name = "${var.name}-sf" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location reliability_level = "Bronze" vm_image = "Windows" management_endpoint = "https://${azurerm_public_ip.sf.fqdn}:19080" @@ -36,9 +43,9 @@ resource "azurerm_service_fabric_cluster" "default" { } azure_active_directory { - tenant_id = "${data.azurerm_subscription.current.tenant_id}" - cluster_application_id = "${azuread_application.client.application_id}" - client_application_id = "${azuread_application.cluster.application_id}" + tenant_id = data.azurerm_subscription.current.tenant_id + cluster_application_id = azuread_application.client.application_id + client_application_id = azuread_application.cluster.application_id } fabric_settings { @@ -58,21 +65,21 @@ resource "azurerm_service_fabric_cluster" "default" { } certificate { - thumbprint = "${azurerm_key_vault_certificate.cluster.thumbprint}" - thumbprint_secondary = "${azurerm_key_vault_certificate.cluster.thumbprint}" + thumbprint = azurerm_key_vault_certificate.cluster.thumbprint + thumbprint_secondary = azurerm_key_vault_certificate.cluster.thumbprint x509_store_name = "My" } client_certificate_thumbprint { - thumbprint = "${azurerm_key_vault_certificate.client.thumbprint}" + thumbprint = azurerm_key_vault_certificate.client.thumbprint is_admin = true } diagnostics_config { - storage_account_name = "${azurerm_storage_account.sf.name}" + storage_account_name = azurerm_storage_account.sf.name protected_account_key_name = "StorageAccountKey1" - blob_endpoint = "${azurerm_storage_account.sf.primary_blob_endpoint}" - queue_endpoint = "${azurerm_storage_account.sf.primary_queue_endpoint}" - table_endpoint = "${azurerm_storage_account.sf.primary_table_endpoint}" + blob_endpoint = azurerm_storage_account.sf.primary_blob_endpoint + queue_endpoint = azurerm_storage_account.sf.primary_queue_endpoint + table_endpoint = azurerm_storage_account.sf.primary_table_endpoint } } diff --git a/quickstart/301-service-fabric/vmss.tf b/quickstart/301-service-fabric/vmss.tf index c20134fef..70d283325 100644 --- a/quickstart/301-service-fabric/vmss.tf +++ b/quickstart/301-service-fabric/vmss.tf @@ -1,7 +1,14 @@ +resource "random_string" "vmss_name_prefix" { + length = 20 + special = false + numeric = false + upper = false +} + resource "azurerm_storage_account" "vmss" { - name = "${var.dns_prefix}${substr(replace(var.name, "-", ""), 0, 12)}vmss${var.environment_short}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" + name = "${random_string.vmss_name_prefix.result}vmss" + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location account_tier = "Standard" account_replication_type = "LRS" } @@ -9,15 +16,15 @@ resource "azurerm_storage_account" "vmss" { # Vm Scale Set resource "azurerm_virtual_machine_scale_set" "default" { name = "${var.name}-vmss" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name upgrade_policy_mode = "Automatic" overprovision = false sku { name = "Standard_D1_v2" tier = "Standard" - capacity = "${var.cluster_size}" + capacity = var.cluster_size } storage_profile_image_reference { @@ -43,12 +50,12 @@ resource "azurerm_virtual_machine_scale_set" "default" { os_profile { computer_name_prefix = "sfvm" - admin_username = "${var.admin_username}" - admin_password = "${var.admin_password}" + admin_username = var.admin_username + admin_password = var.admin_password } os_profile_secrets { - source_vault_id = "${azurerm_key_vault.cluster.id}" + source_vault_id = azurerm_key_vault.cluster.id vault_certificates { certificate_url = "${azurerm_key_vault.cluster.vault_uri}secrets/${azurerm_key_vault_certificate.cluster.name}/${azurerm_key_vault_certificate.cluster.version}" @@ -63,8 +70,8 @@ resource "azurerm_virtual_machine_scale_set" "default" { } boot_diagnostics { - enabled = true - storage_uri = "${azurerm_storage_account.vmss.primary_blob_endpoint}" + enabled = true + storage_uri = azurerm_storage_account.vmss.primary_blob_endpoint } network_profile { @@ -74,7 +81,7 @@ resource "azurerm_virtual_machine_scale_set" "default" { ip_configuration { primary = true name = "IPConfiguration" - subnet_id = "${azurerm_subnet.sf.id}" + subnet_id = azurerm_subnet.sf.id load_balancer_backend_address_pool_ids = ["${azurerm_lb_backend_address_pool.sf.id}"] load_balancer_inbound_nat_rules_ids = ["${azurerm_lb_nat_pool.sf[0].id}"] }