diff --git a/quickstart/301-service-fabric-apim/TestRecord.md b/quickstart/301-service-fabric-apim/TestRecord.md deleted file mode 100644 index d403dfbe6..000000000 --- a/quickstart/301-service-fabric-apim/TestRecord.md +++ /dev/null @@ -1,864 +0,0 @@ -## 07 Jan 24 00:15 UTC - -Success: false - -### Versions - -Terraform v1.6.3 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.47.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.6.0 - -### Error - - - ---- - -## 31 Dec 23 00:17 UTC - -Success: false - -### Versions - -Terraform v1.6.3 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.47.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.6.0 - -### Error - - - ---- - -## 24 Dec 23 00:18 UTC - -Success: false - -### Versions - -Terraform v1.6.3 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.47.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.6.0 - -### Error - - - ---- - -## 17 Dec 23 00:23 UTC - -Success: false - -### Versions - -Terraform v1.6.3 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.47.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.6.0 - -### Error - - - ---- - -## 10 Dec 23 00:23 UTC - -Success: false - -### Versions - -Terraform v1.6.2 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.46.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.6.0 - -### Error - - - ---- - -## 04 Dec 23 02:17 UTC - -Success: false - -### Versions - -Terraform v1.6.2 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.46.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 26 Nov 23 01:03 UTC - -Success: false - -### Versions - -Terraform v1.6.2 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.46.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 19 Nov 23 03:38 UTC - -Success: false - -### Versions - -Terraform v1.6.2 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.46.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 12 Nov 23 06:51 UTC - -Success: false - -### Versions - -Terraform v1.6.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.45.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 05 Nov 23 00:22 UTC - -Success: false - -### Versions - -Terraform v1.6.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.45.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 29 Oct 23 00:28 UTC - -Success: false - -### Versions - -Terraform v1.6.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.45.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 22 Oct 23 04:46 UTC - -Success: false - -### Versions - -Terraform v1.5.7 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.44.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 15 Oct 23 05:00 UTC - -Success: false - -### Versions - -Terraform v1.5.7 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.43.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 08 Oct 23 04:50 UTC - -Success: false - -### Versions - -Terraform v1.5.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.43.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 01 Oct 23 00:24 UTC - -Success: false - -### Versions - -Terraform v1.5.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.43.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 24 Sep 23 04:37 UTC - -Success: false - -### Versions - -Terraform v1.5.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.43.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 20 Sep 23 10:54 UTC - -Success: false - -### Versions - -Terraform v1.5.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.42.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 17 Sep 23 04:24 UTC - -Success: false - -### Versions - -Terraform v1.5.5 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.42.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 10 Sep 23 04:59 UTC - -Success: false - -### Versions - -Terraform v1.5.4 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 03 Sep 23 00:30 UTC - -Success: false - -### Versions - -Terraform v1.5.4 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 27 Aug 23 05:16 UTC - -Success: false - -### Versions - -Terraform v1.5.4 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 20 Aug 23 00:17 UTC - -Success: false - -### Versions - -Terraform v1.5.3 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 13 Aug 23 00:10 UTC - -Success: false - -### Versions - -Terraform v1.5.2 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 06 Aug 23 00:12 UTC - -Success: false - -### Versions - -Terraform v1.5.1 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 30 Jul 23 00:16 UTC - -Success: false - -### Versions - -Terraform v1.5.1 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.41.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 16 Jul 23 04:45 UTC - -Success: false - -### Versions - -Terraform v1.5.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.40.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 09 Jul 23 00:18 UTC - -Success: false - -### Versions - -Terraform v1.5.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 02 Jul 23 00:11 UTC - -Success: false - -### Versions - -Terraform v1.5.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 25 Jun 23 00:11 UTC - -Success: false - -### Versions - -Terraform v1.5.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 18 Jun 23 00:16 UTC - -Success: false - -### Versions - -Terraform v1.4.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 11 Jun 23 00:17 UTC - -Success: false - -### Versions - -Terraform v1.4.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 04 Jun 23 00:13 UTC - -Success: false - -### Versions - -Terraform v1.4.6 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 28 May 23 05:26 UTC - -Success: false - -### Versions - -Terraform v1.4.5 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 21 May 23 04:32 UTC - -Success: false - -### Versions - -Terraform v1.4.5 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 14 May 23 04:20 UTC - -Success: false - -### Versions - -Terraform v1.4.5 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.39.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 07 May 23 00:11 UTC - -Success: false - -### Versions - -Terraform v1.4.5 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.38.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 30 Apr 23 00:15 UTC - -Success: false - -### Versions - -Terraform v1.4.5 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.38.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 23 Apr 23 04:22 UTC - -Success: false - -### Versions - -Terraform v1.4.4 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.37.2 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 16 Apr 23 00:17 UTC - -Success: false - -### Versions - -Terraform v1.4.3 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.37.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.5.1 - -### Error - - - ---- - -## 09 Apr 23 00:16 UTC - -Success: false - -### Versions - -Terraform v1.4.2 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.36.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 02 Apr 23 04:27 UTC - -Success: false - -### Versions - -Terraform v1.4.1 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.36.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 26 Mar 23 05:00 UTC - -Success: false - -### Versions - -Terraform v1.4.1 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.36.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 19 Mar 23 04:23 UTC - -Success: false - -### Versions - -Terraform v1.4.0 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.36.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 12 Mar 23 05:15 UTC - -Success: false - -### Versions - -Terraform v1.3.8 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.36.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 08 Mar 23 18:19 UTC - -Success: false - -### Versions - -Terraform v1.3.8 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.36.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 19 Feb 23 00:09 UTC - -Success: false - -### Versions - -Terraform v1.3.7 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.34.1 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 12 Feb 23 00:15 UTC - -Success: false - -### Versions - -Terraform v1.3.7 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.33.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - -## 05 Feb 23 00:26 UTC - -Success: false - -### Versions - -Terraform v1.3.7 -on linux_amd64 -+ provider registry.terraform.io/hashicorp/azuread v2.33.0 -+ provider registry.terraform.io/hashicorp/azurerm v1.36.1 -+ provider registry.terraform.io/hashicorp/random v3.4.3 - -### Error - - - ---- - diff --git a/quickstart/301-service-fabric-apim/apim.tf b/quickstart/301-service-fabric-apim/apim.tf deleted file mode 100644 index 15e9e426e..000000000 --- a/quickstart/301-service-fabric-apim/apim.tf +++ /dev/null @@ -1,58 +0,0 @@ -resource "azurerm_api_management" "default" { - name = "${var.dns_prefix}-${var.name}-${var.environment}-apim" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - publisher_name = "${var.api_publisher_name}" - publisher_email = "${var.api_publisher_email}" - - sku { - name = "Developer" - capacity = 1 - } - - # Ignore certificate changes in the future - lifecycle { - ignore_changes = [ - "certificate" - ] - } - - # certificate { - # encoded_certificate = "${base64encode(tls_private_key.client.private_key_pem)}" - # certificate_password = "" - # store_name = "Root" - # } -} - -resource "azurerm_api_management_api" "default" { - name = "demo" - resource_group_name = "${azurerm_resource_group.default.name}" - api_management_name = "${azurerm_api_management.default.name}" - revision = "1" - display_name = "Demo API" - path = "" - protocols = ["https"] -} - -resource "azurerm_api_management_backend" "sf" { - name = "service-fabric-backend" - resource_group_name = "${azurerm_resource_group.default.name}" - api_management_name = "${azurerm_api_management.default.name}" - protocol = "http" - url = "fabric:/fake/service" - resource_id = "${azurerm_service_fabric_cluster.default.management_endpoint}" - - service_fabric_cluster { - client_certificate_thumbprint = "${azurerm_key_vault_certificate.client.thumbprint}" - server_certificate_thumbprints = ["${azurerm_key_vault_certificate.cluster.thumbprint}"] - management_endpoints = ["${azurerm_service_fabric_cluster.default.management_endpoint}"] - max_partition_resolution_retries = 3 - } -} - -resource "azurerm_application_insights" "default" { - name = "${var.name}-${var.environment}-ai" - location = "West US 2" - resource_group_name = "${azurerm_resource_group.default.name}" - application_type = "web" -} \ No newline at end of file diff --git a/quickstart/301-service-fabric-apim/azuread.tf b/quickstart/301-service-fabric-apim/azuread.tf deleted file mode 100644 index 2b9b78b23..000000000 --- a/quickstart/301-service-fabric-apim/azuread.tf +++ /dev/null @@ -1,72 +0,0 @@ -# Service Fabric Cluster -resource "azuread_application" "cluster" { - name = "${var.name}-cluster-${var.environment}" -} - -resource "azuread_service_principal" "cluster" { - application_id = "${azuread_application.cluster.application_id}" -} - -resource "random_string" "cluster_password" { - length = 32 - special = true -} - -resource "azuread_service_principal_password" "cluster" { - service_principal_id = "${azuread_service_principal.cluster.id}" - value = "${random_string.cluster_password.result}" - end_date = "2099-01-01T01:00:00Z" -} - -# Service Fabric Client -resource "azuread_application" "client" { - name = "${var.name}-client-${var.environment}" - reply_urls = ["https://${azurerm_public_ip.sf.fqdn}:19080/Explorer/index.html"] - - app_role { - allowed_member_types = [ - "User", - ] - - description = "Admins can manage roles and perform all task actions" - display_name = "Admin" - is_enabled = true - value = "Admin" - } - - app_role { - allowed_member_types = [ - "User", - ] - - description = "ReadOnly roles have limited query access" - display_name = "ReadOnly" - is_enabled = true - value = "User" - } - - required_resource_access { - resource_app_id = "00000003-0000-0000-c000-000000000000" # Microsoft Graph API - - # DELEGATED PERMISSIONS: "Sign in and read user profile": - resource_access { - id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" - type = "Scope" - } - } -} - -resource "azuread_service_principal" "client" { - application_id = "${azuread_application.client.application_id}" -} - -resource "random_string" "client_password" { - length = 32 - special = true -} - -resource "azuread_service_principal_password" "client" { - service_principal_id = "${azuread_service_principal.client.id}" - value = "${random_string.client_password.result}" - end_date = "2099-01-01T01:00:00Z" -} diff --git a/quickstart/301-service-fabric-apim/keyvault.tf b/quickstart/301-service-fabric-apim/keyvault.tf deleted file mode 100644 index 36a78f312..000000000 --- a/quickstart/301-service-fabric-apim/keyvault.tf +++ /dev/null @@ -1,168 +0,0 @@ -resource "azurerm_key_vault" "cluster" { - name = "${var.dns_prefix}-${substr(var.name,0,12)}-${var.environment_short}-kv" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - tenant_id = "${data.azurerm_client_config.current.tenant_id}" - enabled_for_deployment = true - enabled_for_disk_encryption = true - enabled_for_template_deployment = true - sku_name = "standard" - - access_policy { - tenant_id = "${data.azurerm_subscription.current.tenant_id}" - object_id = "${var.client_object_id}" - - certificate_permissions = [ - "create", - "delete", - "deleteissuers", - "get", - "getissuers", - "import", - "list", - "listissuers", - "managecontacts", - "manageissuers", - "setissuers", - "update", - ] - - key_permissions = [ - "backup", - "create", - "decrypt", - "delete", - "encrypt", - "get", - "import", - "list", - "purge", - "recover", - "restore", - "sign", - "unwrapKey", - "update", - "verify", - "wrapKey", - ] - - secret_permissions = [ - "backup", - "delete", - "get", - "list", - "purge", - "recover", - "restore", - "set", - ] - } -} - -resource "azurerm_key_vault_certificate" "cluster" { - name = "service-fabric-cluster" - key_vault_id = "${azurerm_key_vault.cluster.id}" - - certificate_policy { - issuer_parameters { - name = "Self" - } - - key_properties { - exportable = true - key_size = 2048 - key_type = "RSA" - reuse_key = true - } - - lifetime_action { - action { - action_type = "AutoRenew" - } - - trigger { - days_before_expiry = 30 - } - } - - secret_properties { - content_type = "application/x-pkcs12" - } - - x509_certificate_properties { - # Server Authentication = 1.3.6.1.5.5.7.3.1 - # Client Authentication = 1.3.6.1.5.5.7.3.2 - extended_key_usage = ["1.3.6.1.5.5.7.3.1"] - - key_usage = [ - "cRLSign", - "dataEncipherment", - "digitalSignature", - "keyAgreement", - "keyCertSign", - "keyEncipherment", - ] - - subject_alternative_names { - dns_names = ["sfdemosandbox.denvermtc.net"] - } - - subject = "CN=mtcdenver" - validity_in_months = 12 - } - } -} - -resource "azurerm_key_vault_certificate" "client" { - name = "service-fabric-client" - key_vault_id = "${azurerm_key_vault.cluster.id}" - - certificate_policy { - issuer_parameters { - name = "Self" - } - - key_properties { - exportable = true - key_size = 2048 - key_type = "RSA" - reuse_key = true - } - - lifetime_action { - action { - action_type = "AutoRenew" - } - - trigger { - days_before_expiry = 30 - } - } - - secret_properties { - content_type = "application/x-pkcs12" - } - - x509_certificate_properties { - # Server Authentication = 1.3.6.1.5.5.7.3.1 - # Client Authentication = 1.3.6.1.5.5.7.3.2 - extended_key_usage = ["1.3.6.1.5.5.7.3.1"] - - key_usage = [ - "cRLSign", - "dataEncipherment", - "digitalSignature", - "keyAgreement", - "keyCertSign", - "keyEncipherment", - ] - - subject_alternative_names { - dns_names = ["sfdemosandbox.denvermtc.net"] - } - - subject = "CN=mtcdenver" - validity_in_months = 12 - } - } -} diff --git a/quickstart/301-service-fabric-apim/main.tf b/quickstart/301-service-fabric-apim/main.tf deleted file mode 100644 index 66ff3720b..000000000 --- a/quickstart/301-service-fabric-apim/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} - -provider "azurerm" { - version = "=1.36.1" -} - -resource "azurerm_resource_group" "default" { - name = "${var.name}-${var.environment}-rg" - location = "${var.location}" -} diff --git a/quickstart/301-service-fabric-apim/network.tf b/quickstart/301-service-fabric-apim/network.tf deleted file mode 100644 index 93ea4350e..000000000 --- a/quickstart/301-service-fabric-apim/network.tf +++ /dev/null @@ -1,100 +0,0 @@ -locals { - feip_config_name = "${var.name}-lb-fe-ipconfig" -} - -resource "azurerm_virtual_network" "default" { - name = "${var.name}-vnet" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" -} - -resource "azurerm_subnet" "default" { - name = "${var.name}-default-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - virtual_network_name = "${azurerm_virtual_network.default.name}" - address_prefix = "10.0.0.0/24" -} - -resource "azurerm_subnet" "sf" { - name = "${var.name}-sf-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - virtual_network_name = "${azurerm_virtual_network.default.name}" - address_prefix = "10.0.1.0/24" -} - -resource "azurerm_public_ip" "sf" { - name = "${var.name}-pip" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - allocation_method = "Dynamic" - domain_name_label = "${var.dns_prefix}-${var.name}-${var.environment_short}-sf" -} - -resource "azurerm_lb" "sf" { - name = "${var.name}-lb" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - - frontend_ip_configuration { - name = "${local.feip_config_name}" - public_ip_address_id = "${azurerm_public_ip.sf.id}" - } -} - -resource "azurerm_lb_nat_pool" "sf" { - name = "${var.name}-nat-pool" - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - count = "1" - protocol = "Tcp" - frontend_port_start = 3389 - frontend_port_end = 4500 - backend_port = 3389 - frontend_ip_configuration_name = "${local.feip_config_name}" -} - -resource "azurerm_lb_backend_address_pool" "sf" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - name = "ServiceFabricAddressPool" -} - -# Probes -resource "azurerm_lb_probe" "fabric_gateway" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - name = "${var.name}-probe-19000" - port = 19000 -} - -resource "azurerm_lb_probe" "http" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - name = "${var.name}-probe-19080" - port = 19080 -} - -resource "azurerm_lb_rule" "http" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - backend_address_pool_id = "${azurerm_lb_backend_address_pool.sf.id}" - probe_id = "${azurerm_lb_probe.http.id}" - name = "http" - protocol = "Tcp" - frontend_port = 19080 - backend_port = 19080 - frontend_ip_configuration_name = "${local.feip_config_name}" -} - -resource "azurerm_lb_rule" "fabric_gateway" { - resource_group_name = "${azurerm_resource_group.default.name}" - loadbalancer_id = "${azurerm_lb.sf.id}" - backend_address_pool_id = "${azurerm_lb_backend_address_pool.sf.id}" - probe_id = "${azurerm_lb_probe.fabric_gateway.id}" - name = "fabric_gateway" - protocol = "Tcp" - frontend_port = 19000 - backend_port = 19000 - frontend_ip_configuration_name = "${local.feip_config_name}" -} diff --git a/quickstart/301-service-fabric-apim/readme.md b/quickstart/301-service-fabric-apim/readme.md deleted file mode 100644 index 023796ce2..000000000 --- a/quickstart/301-service-fabric-apim/readme.md +++ /dev/null @@ -1,995 +0,0 @@ -# Service Fabric with APIM. - -This template deploys a fully operational Service Fabric cluster running on Windows Virtual Machines in a private Virtual Network. Azure API Management is deployed as a front end gateway with internal Service Fabric services as the backend. - -## Resources - -| Terraform Resource Type | Description | -| - | - | -| `azurerm_resource_group` | The resource group all resources are deployed into | -| `azuread_application` | The Service Fabric cluster application | -| `azuread_service_principal` | A Service Principal for the Service Fabric Client | -| `azuread_service_principal` | A Service principal for the Service Fabric Cluster | -| `azurerm_key_vault` | | -| `azurerm_key_vault_certificate` | The Cluster Management Certificate | -| `azurerm_key_vault_certificate` | The Client App Certificate | -| `azurerm_lb` | A load balancer that sits in from of the VMs | -| `azurerm_public_ip` | A public IP for the cluster | -| `azurerm_service_fabric_cluster` | The Service Fabric cluster | -| `azurerm_storage_account` | A storage Account for the cluster | -| `azurerm_storage_account` | A Storage Account for the cluster VMs | -| `azurerm_virtual_network` | A Virtual Network for the cluster Nodes | -| `azurerm_subnet` | A Subnet for the cluster nodes | -| `azurerm_subnet` | A Default subnet for other endpoints that may talk with the cluster | `azurerm_subnet` | A subnet for APIM endpoints | -| `azurerm_virtual_machine_scale_set` | The actual cluster nodes | -| `random_string` | The client certificate password | -| `random_string` | The cluster certificate passwords | -| `azurerm_api_management` | The APIM instnace | -| `azurerm_application_insights` | Application Insights for APIM | - -## Variables - -| Name | Description | -|-|-| -| `name` | Name of the deployment | -| `environment` | The depolyment environment name (used for postfixing resource names) | -| `environment_short` | A 3 or 4 letter string to represent the environment | -| `dns_prefix` | A prefix for globally-unique dns-based resources | -| `cluster_size` | How many nodes to deploy | -| `admin_username` | The Administrator username for the nodes | -| `admin_password` | The Administrator password for the nodes | -| `client_object_id` | A pre-created Client for SF from AAD | -| `api_publisher_name` | The listed APIM publisher name | -| `api_publisher_email` | he listed APIM publisher email | - -## Notes - - On first run you will have to add yourself to the access policy for keyvault as terraform has no way to know what your client ID is to create the policy dynamically unless you're running as a service principal (which I don't have currently configured to look for). Just go to KeyVault, add an access policy for yourself, and run terraform apply again. - - NOTE: Vnet support in terraform for APIm does not yet exist - this script creates the network but you must manually join it to the vnet after - - Cert references between KeyVault and APIM are not automatic since the format is different. Download client cert from keyvault and do the following to add a password to the key so you can import from the APIM portal: - ``` - openssl pkcs12 -in mycert.pfx -out temp.pem - openssl pkcs12 -export -out mycert2.pfx -in temp.pem - -## Example - -```bash -> terraform plan -Refreshing Terraform state in-memory prior to plan... -The refreshed state will be used to calculate this plan, but will not be -persisted to local or remote state storage. - -data.azurerm_client_config.current: Refreshing state... -data.azurerm_subscription.current: Refreshing state... - ------------------------------------------------------------------------- - -An execution plan has been generated and is shown below. -Resource actions are indicated with the following symbols: - + create - -Terraform will perform the following actions: - - # azuread_application.client will be created - + resource "azuread_application" "client" { - + application_id = (known after apply) - + homepage = (known after apply) - + id = (known after apply) - + identifier_uris = (known after apply) - + name = "demo-tfquickstart-client-sandbox" - + object_id = (known after apply) - + public_client = (known after apply) - + reply_urls = (known after apply) - + type = "webapp/api" - - + app_role { - + allowed_member_types = [ - + "User", - ] - + description = "Admins can manage roles and perform all task actions" - + display_name = "Admin" - + id = (known after apply) - + is_enabled = true - + value = "Admin" - } - + app_role { - + allowed_member_types = [ - + "User", - ] - + description = "ReadOnly roles have limited query access" - + display_name = "ReadOnly" - + id = (known after apply) - + is_enabled = true - + value = "User" - } - - + oauth2_permissions { - + admin_consent_description = (known after apply) - + admin_consent_display_name = (known after apply) - + id = (known after apply) - + is_enabled = (known after apply) - + type = (known after apply) - + user_consent_description = (known after apply) - + user_consent_display_name = (known after apply) - + value = (known after apply) - } - - + required_resource_access { - + resource_app_id = "00000003-0000-0000-c000-000000000000" - - + resource_access { - + id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" - + type = "Scope" - } - } - } - - # azuread_application.cluster will be created - + resource "azuread_application" "cluster" { - + application_id = (known after apply) - + homepage = (known after apply) - + id = (known after apply) - + identifier_uris = (known after apply) - + name = "demo-tfquickstart-cluster-sandbox" - + object_id = (known after apply) - + public_client = (known after apply) - + reply_urls = (known after apply) - + type = "webapp/api" - - + oauth2_permissions { - + admin_consent_description = (known after apply) - + admin_consent_display_name = (known after apply) - + id = (known after apply) - + is_enabled = (known after apply) - + type = (known after apply) - + user_consent_description = (known after apply) - + user_consent_display_name = (known after apply) - + value = (known after apply) - } - } - - # azuread_service_principal.client will be created - + resource "azuread_service_principal" "client" { - + application_id = (known after apply) - + display_name = (known after apply) - + id = (known after apply) - + object_id = (known after apply) - - + oauth2_permissions { - + admin_consent_description = (known after apply) - + admin_consent_display_name = (known after apply) - + id = (known after apply) - + is_enabled = (known after apply) - + type = (known after apply) - + user_consent_description = (known after apply) - + user_consent_display_name = (known after apply) - + value = (known after apply) - } - } - - # azuread_service_principal.cluster will be created - + resource "azuread_service_principal" "cluster" { - + application_id = (known after apply) - + display_name = (known after apply) - + id = (known after apply) - + object_id = (known after apply) - - + oauth2_permissions { - + admin_consent_description = (known after apply) - + admin_consent_display_name = (known after apply) - + id = (known after apply) - + is_enabled = (known after apply) - + type = (known after apply) - + user_consent_description = (known after apply) - + user_consent_display_name = (known after apply) - + value = (known after apply) - } - } - - # azuread_service_principal_password.client will be created - + resource "azuread_service_principal_password" "client" { - + end_date = "2099-01-01T01:00:00Z" - + id = (known after apply) - + key_id = (known after apply) - + service_principal_id = (known after apply) - + start_date = (known after apply) - + value = (sensitive value) - } - - # azuread_service_principal_password.cluster will be created - + resource "azuread_service_principal_password" "cluster" { - + end_date = "2099-01-01T01:00:00Z" - + id = (known after apply) - + key_id = (known after apply) - + service_principal_id = (known after apply) - + start_date = (known after apply) - + value = (sensitive value) - } - - # azurerm_key_vault.cluster will be created - + resource "azurerm_key_vault" "cluster" { - + access_policy = [ - + { - + application_id = null - + certificate_permissions = [ - + "create", - + "delete", - + "deleteissuers", - + "get", - + "getissuers", - + "import", - + "list", - + "listissuers", - + "managecontacts", - + "manageissuers", - + "setissuers", - + "update", - ] - + key_permissions = [ - + "backup", - + "create", - + "decrypt", - + "delete", - + "encrypt", - + "get", - + "import", - + "list", - + "purge", - + "recover", - + "restore", - + "sign", - + "unwrapKey", - + "update", - + "verify", - + "wrapKey", - ] - + object_id = "0938d8bc-3351-4bcc-ddb5-113c2218ff0d" - + secret_permissions = [ - + "backup", - + "delete", - + "get", - + "list", - + "purge", - + "recover", - + "restore", - + "set", - ] - + storage_permissions = null - + tenant_id = "72f988bf-86f1-41af-91ab-2d7cd011db47" - }, - ] - + enabled_for_deployment = true - + enabled_for_disk_encryption = true - + enabled_for_template_deployment = true - + id = (known after apply) - + location = "westus2" - + name = "tfq-demo-tfquick-sbx-kv" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + sku_name = "standard" - + tags = (known after apply) - + tenant_id = "72f988bf-86f1-41af-91ab-2d7cd011db47" - + vault_uri = (known after apply) - - + sku { - + name = (known after apply) - } - } - - # azurerm_key_vault_certificate.client will be created - + resource "azurerm_key_vault_certificate" "client" { - + certificate_data = (known after apply) - + id = (known after apply) - + key_vault_id = (known after apply) - + name = "service-fabric-client" - + secret_id = (known after apply) - + tags = (known after apply) - + thumbprint = (known after apply) - + vault_uri = (known after apply) - + version = (known after apply) - - + certificate_policy { - + issuer_parameters { - + name = "Self" - } - - + key_properties { - + exportable = true - + key_size = 2048 - + key_type = "RSA" - + reuse_key = true - } - - + lifetime_action { - + action { - + action_type = "AutoRenew" - } - - + trigger { - + days_before_expiry = 30 - } - } - - + secret_properties { - + content_type = "application/x-pkcs12" - } - - + x509_certificate_properties { - + extended_key_usage = [ - + "1.3.6.1.5.5.7.3.1", - ] - + key_usage = [ - + "cRLSign", - + "dataEncipherment", - + "digitalSignature", - + "keyAgreement", - + "keyCertSign", - + "keyEncipherment", - ] - + subject = "CN=mtcdenver" - + validity_in_months = 12 - - + subject_alternative_names { - + dns_names = [ - + "sfdemosandbox.denvermtc.net", - ] - } - } - } - } - - # azurerm_key_vault_certificate.cluster will be created - + resource "azurerm_key_vault_certificate" "cluster" { - + certificate_data = (known after apply) - + id = (known after apply) - + key_vault_id = (known after apply) - + name = "service-fabric-cluster" - + secret_id = (known after apply) - + tags = (known after apply) - + thumbprint = (known after apply) - + vault_uri = (known after apply) - + version = (known after apply) - - + certificate_policy { - + issuer_parameters { - + name = "Self" - } - - + key_properties { - + exportable = true - + key_size = 2048 - + key_type = "RSA" - + reuse_key = true - } - - + lifetime_action { - + action { - + action_type = "AutoRenew" - } - - + trigger { - + days_before_expiry = 30 - } - } - - + secret_properties { - + content_type = "application/x-pkcs12" - } - - + x509_certificate_properties { - + extended_key_usage = [ - + "1.3.6.1.5.5.7.3.1", - ] - + key_usage = [ - + "cRLSign", - + "dataEncipherment", - + "digitalSignature", - + "keyAgreement", - + "keyCertSign", - + "keyEncipherment", - ] - + subject = "CN=mtcdenver" - + validity_in_months = 12 - - + subject_alternative_names { - + dns_names = [ - + "sfdemosandbox.denvermtc.net", - ] - } - } - } - } - - # azurerm_lb.sf will be created - + resource "azurerm_lb" "sf" { - + id = (known after apply) - + location = "westus2" - + name = "demo-tfquickstart-lb" - + private_ip_address = (known after apply) - + private_ip_addresses = (known after apply) - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + sku = "Basic" - + tags = (known after apply) - - + frontend_ip_configuration { - + inbound_nat_rules = (known after apply) - + load_balancer_rules = (known after apply) - + name = "demo-tfquickstart-lb-fe-ipconfig" - + outbound_rules = (known after apply) - + private_ip_address = (known after apply) - + private_ip_address_allocation = (known after apply) - + public_ip_address_id = (known after apply) - + public_ip_prefix_id = (known after apply) - + subnet_id = (known after apply) - } - } - - # azurerm_lb_backend_address_pool.sf will be created - + resource "azurerm_lb_backend_address_pool" "sf" { - + backend_ip_configurations = (known after apply) - + id = (known after apply) - + load_balancing_rules = (known after apply) - + loadbalancer_id = (known after apply) - + name = "ServiceFabricAddressPool" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - } - - # azurerm_lb_nat_pool.sf[0] will be created - + resource "azurerm_lb_nat_pool" "sf" { - + backend_port = 3389 - + frontend_ip_configuration_id = (known after apply) - + frontend_ip_configuration_name = "demo-tfquickstart-lb-fe-ipconfig" - + frontend_port_end = 4500 - + frontend_port_start = 3389 - + id = (known after apply) - + loadbalancer_id = (known after apply) - + name = "demo-tfquickstart-nat-pool" - + protocol = "tcp" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - } - - # azurerm_lb_probe.fabric_gateway will be created - + resource "azurerm_lb_probe" "fabric_gateway" { - + id = (known after apply) - + interval_in_seconds = 15 - + load_balancer_rules = (known after apply) - + loadbalancer_id = (known after apply) - + name = "demo-tfquickstart-probe-19000" - + number_of_probes = 2 - + port = 19000 - + protocol = (known after apply) - + resource_group_name = "demo-tfquickstart-sandbox-rg" - } - - # azurerm_lb_probe.http will be created - + resource "azurerm_lb_probe" "http" { - + id = (known after apply) - + interval_in_seconds = 15 - + load_balancer_rules = (known after apply) - + loadbalancer_id = (known after apply) - + name = "demo-tfquickstart-probe-19080" - + number_of_probes = 2 - + port = 19080 - + protocol = (known after apply) - + resource_group_name = "demo-tfquickstart-sandbox-rg" - } - - # azurerm_lb_rule.fabric_gateway will be created - + resource "azurerm_lb_rule" "fabric_gateway" { - + backend_address_pool_id = (known after apply) - + backend_port = 19000 - + disable_outbound_snat = false - + enable_floating_ip = false - + frontend_ip_configuration_id = (known after apply) - + frontend_ip_configuration_name = "demo-tfquickstart-lb-fe-ipconfig" - + frontend_port = 19000 - + id = (known after apply) - + idle_timeout_in_minutes = (known after apply) - + load_distribution = (known after apply) - + loadbalancer_id = (known after apply) - + name = "fabric_gateway" - + probe_id = (known after apply) - + protocol = "tcp" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - } - - # azurerm_lb_rule.http will be created - + resource "azurerm_lb_rule" "http" { - + backend_address_pool_id = (known after apply) - + backend_port = 19080 - + disable_outbound_snat = false - + enable_floating_ip = false - + frontend_ip_configuration_id = (known after apply) - + frontend_ip_configuration_name = "demo-tfquickstart-lb-fe-ipconfig" - + frontend_port = 19080 - + id = (known after apply) - + idle_timeout_in_minutes = (known after apply) - + load_distribution = (known after apply) - + loadbalancer_id = (known after apply) - + name = "http" - + probe_id = (known after apply) - + protocol = "tcp" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - } - - # azurerm_public_ip.sf will be created - + resource "azurerm_public_ip" "sf" { - + allocation_method = "Dynamic" - + domain_name_label = "tfq-demo-tfquickstart-sbx-sf" - + fqdn = (known after apply) - + id = (known after apply) - + idle_timeout_in_minutes = 4 - + ip_address = (known after apply) - + ip_version = "IPv4" - + location = "westus2" - + name = "demo-tfquickstart-pip" - + public_ip_address_allocation = (known after apply) - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + sku = "Basic" - + tags = (known after apply) - } - - # azurerm_resource_group.default will be created - + resource "azurerm_resource_group" "default" { - + id = (known after apply) - + location = "westus2" - + name = "demo-tfquickstart-sandbox-rg" - + tags = (known after apply) - } - - # azurerm_service_fabric_cluster.default will be created - + resource "azurerm_service_fabric_cluster" "default" { - + add_on_features = [ - + "DnsService", - ] - + cluster_code_version = (known after apply) - + cluster_endpoint = (known after apply) - + id = (known after apply) - + location = "westus2" - + management_endpoint = (known after apply) - + name = "demo-tfquickstart-sf" - + reliability_level = "Bronze" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + tags = (known after apply) - + upgrade_mode = "Automatic" - + vm_image = "Windows" - - + azure_active_directory { - + client_application_id = (known after apply) - + cluster_application_id = (known after apply) - + tenant_id = "72f988bf-86f1-41af-91ab-2d7cd011db47" - } - - + certificate { - + thumbprint = (known after apply) - + thumbprint_secondary = (known after apply) - + x509_store_name = "My" - } - - + client_certificate_thumbprint { - + is_admin = true - + thumbprint = (known after apply) - } - - + diagnostics_config { - + blob_endpoint = (known after apply) - + protected_account_key_name = "StorageAccountKey1" - + queue_endpoint = (known after apply) - + storage_account_name = "tfqdemotfquickstartsfsbx" - + table_endpoint = (known after apply) - } - - + fabric_settings { - + name = "Security" - + parameters = { - + "ClusterProtectionLevel" = "EncryptAndSign" - } - } - + fabric_settings { - + name = "ClusterManager" - + parameters = { - + "EnableDefaultServicesUpgrade" = "True" - } - } - - + node_type { - + client_endpoint_port = 19000 - + durability_level = "Bronze" - + http_endpoint_port = 19080 - + instance_count = 3 - + is_primary = true - + name = "default" - - + application_ports { - + end_port = 30000 - + start_port = 20000 - } - - + ephemeral_ports { - + end_port = 65534 - + start_port = 49152 - } - } - } - - # azurerm_storage_account.sf will be created - + resource "azurerm_storage_account" "sf" { - + access_tier = (known after apply) - + account_encryption_source = "Microsoft.Storage" - + account_kind = "Storage" - + account_replication_type = "LRS" - + account_tier = "Standard" - + account_type = (known after apply) - + enable_advanced_threat_protection = false - + enable_blob_encryption = true - + enable_file_encryption = true - + id = (known after apply) - + is_hns_enabled = false - + location = "westus2" - + name = "tfqdemotfquickstartsfsbx" - + primary_access_key = (sensitive value) - + primary_blob_connection_string = (sensitive value) - + primary_blob_endpoint = (known after apply) - + primary_blob_host = (known after apply) - + primary_connection_string = (sensitive value) - + primary_dfs_endpoint = (known after apply) - + primary_dfs_host = (known after apply) - + primary_file_endpoint = (known after apply) - + primary_file_host = (known after apply) - + primary_location = (known after apply) - + primary_queue_endpoint = (known after apply) - + primary_queue_host = (known after apply) - + primary_table_endpoint = (known after apply) - + primary_table_host = (known after apply) - + primary_web_endpoint = (known after apply) - + primary_web_host = (known after apply) - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + secondary_access_key = (sensitive value) - + secondary_blob_connection_string = (sensitive value) - + secondary_blob_endpoint = (known after apply) - + secondary_blob_host = (known after apply) - + secondary_connection_string = (sensitive value) - + secondary_dfs_endpoint = (known after apply) - + secondary_dfs_host = (known after apply) - + secondary_file_endpoint = (known after apply) - + secondary_file_host = (known after apply) - + secondary_location = (known after apply) - + secondary_queue_endpoint = (known after apply) - + secondary_queue_host = (known after apply) - + secondary_table_endpoint = (known after apply) - + secondary_table_host = (known after apply) - + secondary_web_endpoint = (known after apply) - + secondary_web_host = (known after apply) - + tags = (known after apply) - - + identity { - + principal_id = (known after apply) - + tenant_id = (known after apply) - + type = (known after apply) - } - - + network_rules { - + bypass = (known after apply) - + default_action = (known after apply) - + ip_rules = (known after apply) - + virtual_network_subnet_ids = (known after apply) - } - - + queue_properties { - + cors_rule { - + allowed_headers = (known after apply) - + allowed_methods = (known after apply) - + allowed_origins = (known after apply) - + exposed_headers = (known after apply) - + max_age_in_seconds = (known after apply) - } - - + hour_metrics { - + enabled = (known after apply) - + include_apis = (known after apply) - + retention_policy_days = (known after apply) - + version = (known after apply) - } - - + logging { - + delete = (known after apply) - + read = (known after apply) - + retention_policy_days = (known after apply) - + version = (known after apply) - + write = (known after apply) - } - - + minute_metrics { - + enabled = (known after apply) - + include_apis = (known after apply) - + retention_policy_days = (known after apply) - + version = (known after apply) - } - } - } - - # azurerm_storage_account.vmss will be created - + resource "azurerm_storage_account" "vmss" { - + access_tier = (known after apply) - + account_encryption_source = "Microsoft.Storage" - + account_kind = "Storage" - + account_replication_type = "LRS" - + account_tier = "Standard" - + account_type = (known after apply) - + enable_advanced_threat_protection = false - + enable_blob_encryption = true - + enable_file_encryption = true - + id = (known after apply) - + is_hns_enabled = false - + location = "westus2" - + name = "tfqdemotfquicksvmsssbx" - + primary_access_key = (sensitive value) - + primary_blob_connection_string = (sensitive value) - + primary_blob_endpoint = (known after apply) - + primary_blob_host = (known after apply) - + primary_connection_string = (sensitive value) - + primary_dfs_endpoint = (known after apply) - + primary_dfs_host = (known after apply) - + primary_file_endpoint = (known after apply) - + primary_file_host = (known after apply) - + primary_location = (known after apply) - + primary_queue_endpoint = (known after apply) - + primary_queue_host = (known after apply) - + primary_table_endpoint = (known after apply) - + primary_table_host = (known after apply) - + primary_web_endpoint = (known after apply) - + primary_web_host = (known after apply) - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + secondary_access_key = (sensitive value) - + secondary_blob_connection_string = (sensitive value) - + secondary_blob_endpoint = (known after apply) - + secondary_blob_host = (known after apply) - + secondary_connection_string = (sensitive value) - + secondary_dfs_endpoint = (known after apply) - + secondary_dfs_host = (known after apply) - + secondary_file_endpoint = (known after apply) - + secondary_file_host = (known after apply) - + secondary_location = (known after apply) - + secondary_queue_endpoint = (known after apply) - + secondary_queue_host = (known after apply) - + secondary_table_endpoint = (known after apply) - + secondary_table_host = (known after apply) - + secondary_web_endpoint = (known after apply) - + secondary_web_host = (known after apply) - + tags = (known after apply) - - + identity { - + principal_id = (known after apply) - + tenant_id = (known after apply) - + type = (known after apply) - } - - + network_rules { - + bypass = (known after apply) - + default_action = (known after apply) - + ip_rules = (known after apply) - + virtual_network_subnet_ids = (known after apply) - } - - + queue_properties { - + cors_rule { - + allowed_headers = (known after apply) - + allowed_methods = (known after apply) - + allowed_origins = (known after apply) - + exposed_headers = (known after apply) - + max_age_in_seconds = (known after apply) - } - - + hour_metrics { - + enabled = (known after apply) - + include_apis = (known after apply) - + retention_policy_days = (known after apply) - + version = (known after apply) - } - - + logging { - + delete = (known after apply) - + read = (known after apply) - + retention_policy_days = (known after apply) - + version = (known after apply) - + write = (known after apply) - } - - + minute_metrics { - + enabled = (known after apply) - + include_apis = (known after apply) - + retention_policy_days = (known after apply) - + version = (known after apply) - } - } - } - - # azurerm_subnet.apim will be created - + resource "azurerm_subnet" "apim" { - + address_prefix = "10.0.2.0/24" - + id = (known after apply) - + ip_configurations = (known after apply) - + name = "demo-tfquickstart-apim-subnet" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + virtual_network_name = "demo-tfquickstart-vnet" - } - - # azurerm_subnet.default will be created - + resource "azurerm_subnet" "default" { - + address_prefix = "10.0.0.0/24" - + id = (known after apply) - + ip_configurations = (known after apply) - + name = "demo-tfquickstart-default-subnet" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + virtual_network_name = "demo-tfquickstart-vnet" - } - - # azurerm_subnet.sf will be created - + resource "azurerm_subnet" "sf" { - + address_prefix = "10.0.1.0/24" - + id = (known after apply) - + ip_configurations = (known after apply) - + name = "demo-tfquickstart-sf-subnet" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + virtual_network_name = "demo-tfquickstart-vnet" - } - - # azurerm_virtual_machine_scale_set.default will be created - + resource "azurerm_virtual_machine_scale_set" "default" { - + automatic_os_upgrade = false - + id = (known after apply) - + license_type = (known after apply) - + location = "westus2" - + name = "demo-tfquickstart-vmss" - + overprovision = false - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + single_placement_group = true - + tags = (known after apply) - + upgrade_policy_mode = "Automatic" - - + boot_diagnostics { - + enabled = true - + storage_uri = (known after apply) - } - - + extension { - + name = "ServiceFabricNodeVmExt_vmDefault" - + protected_settings = (sensitive value) - + provision_after_extensions = [] - + publisher = "Microsoft.Azure.ServiceFabric" - + settings = (known after apply) - + type = "ServiceFabricNode" - + type_handler_version = "1.0" - } - - + identity { - + identity_ids = (known after apply) - + principal_id = (known after apply) - + type = (known after apply) - } - - + network_profile { - + ip_forwarding = false - + name = "NetworkProfile" - + primary = true - - + ip_configuration { - + application_gateway_backend_address_pool_ids = [] - + application_security_group_ids = [] - + load_balancer_backend_address_pool_ids = (known after apply) - + load_balancer_inbound_nat_rules_ids = (known after apply) - + name = "IPConfiguration" - + primary = true - + subnet_id = (known after apply) - } - } - - + os_profile { - + admin_password = (sensitive value) - + admin_username = "tfquickstart" - + computer_name_prefix = "sfvm" - } - - + os_profile_linux_config { - + disable_password_authentication = (known after apply) - - + ssh_keys { - + key_data = (known after apply) - + path = (known after apply) - } - } - - + os_profile_secrets { - + source_vault_id = (known after apply) - - + vault_certificates { - + certificate_store = "My" - + certificate_url = (known after apply) - } - } - - + os_profile_windows_config { - + enable_automatic_upgrades = true - + provision_vm_agent = true - } - - + sku { - + capacity = 3 - + name = "Standard_D1_v2" - + tier = "Standard" - } - - + storage_profile_data_disk { - + caching = "ReadWrite" - + create_option = "Empty" - + disk_size_gb = 10 - + lun = 0 - + managed_disk_type = (known after apply) - } - - + storage_profile_image_reference { - + offer = "WindowsServer" - + publisher = "MicrosoftWindowsServer" - + sku = "2019-Datacenter-with-Containers" - + version = "latest" - } - - + storage_profile_os_disk { - + caching = "ReadWrite" - + create_option = "FromImage" - + managed_disk_type = "Standard_LRS" - + vhd_containers = [] - } - } - - # azurerm_virtual_network.default will be created - + resource "azurerm_virtual_network" "default" { - + address_space = [ - + "10.0.0.0/16", - ] - + id = (known after apply) - + location = "westus2" - + name = "demo-tfquickstart-vnet" - + resource_group_name = "demo-tfquickstart-sandbox-rg" - + tags = (known after apply) - - + subnet { - + address_prefix = (known after apply) - + id = (known after apply) - + name = (known after apply) - + security_group = (known after apply) - } - } - - # random_string.client_password will be created - + resource "random_string" "client_password" { - + id = (known after apply) - + length = 32 - + lower = true - + min_lower = 0 - + min_numeric = 0 - + min_special = 0 - + min_upper = 0 - + number = true - + result = (known after apply) - + special = true - + upper = true - } - - # random_string.cluster_password will be created - + resource "random_string" "cluster_password" { - + id = (known after apply) - + length = 32 - + lower = true - + min_lower = 0 - + min_numeric = 0 - + min_special = 0 - + min_upper = 0 - + number = true - + result = (known after apply) - + special = true - + upper = true - } - -Plan: 28 to add, 0 to change, 0 to destroy. - ------------------------------------------------------------------------- -``` diff --git a/quickstart/301-service-fabric-apim/service_fabric.tf b/quickstart/301-service-fabric-apim/service_fabric.tf deleted file mode 100644 index affb76b9a..000000000 --- a/quickstart/301-service-fabric-apim/service_fabric.tf +++ /dev/null @@ -1,78 +0,0 @@ -resource "azurerm_storage_account" "sf" { - name = "${var.dns_prefix}${substr(replace(var.name, "-", ""), 0, 16)}sf${var.environment_short}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" - account_tier = "Standard" - account_replication_type = "LRS" -} - -resource "azurerm_service_fabric_cluster" "default" { - name = "${var.name}-sf" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" - reliability_level = "Bronze" - vm_image = "Windows" - management_endpoint = "https://${azurerm_public_ip.sf.fqdn}:19080" - upgrade_mode = "Automatic" - - add_on_features = ["DnsService"] - - node_type { - name = "default" - instance_count = 3 - is_primary = true - client_endpoint_port = 19000 - http_endpoint_port = 19080 - - application_ports { - start_port = 20000 - end_port = 30000 - } - - ephemeral_ports { - start_port = 49152 # possibly open client ports - end_port = 65534 - } - } - - azure_active_directory { - tenant_id = "${data.azurerm_subscription.current.tenant_id}" - cluster_application_id = "${azuread_application.client.application_id}" - client_application_id = "${azuread_application.cluster.application_id}" - } - - fabric_settings { - name = "Security" - - parameters = { - "ClusterProtectionLevel" = "EncryptAndSign" - } - } - - fabric_settings { - name = "ClusterManager" - - parameters = { - EnableDefaultServicesUpgrade = "True" - } - } - - certificate { - thumbprint = "${azurerm_key_vault_certificate.cluster.thumbprint}" - thumbprint_secondary = "${azurerm_key_vault_certificate.cluster.thumbprint}" - x509_store_name = "My" - } - - client_certificate_thumbprint { - thumbprint = "${azurerm_key_vault_certificate.client.thumbprint}" - is_admin = true - } - - diagnostics_config { - storage_account_name = "${azurerm_storage_account.sf.name}" - protected_account_key_name = "StorageAccountKey1" - blob_endpoint = "${azurerm_storage_account.sf.primary_blob_endpoint}" - queue_endpoint = "${azurerm_storage_account.sf.primary_queue_endpoint}" - table_endpoint = "${azurerm_storage_account.sf.primary_table_endpoint}" - } -} diff --git a/quickstart/301-service-fabric-apim/variables.tf b/quickstart/301-service-fabric-apim/variables.tf deleted file mode 100644 index 67f251a05..000000000 --- a/quickstart/301-service-fabric-apim/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -# ---------------------- -# General Settings -# ---------------------- -variable "name" { - default = "demo-tfquickstart" -} - -variable "location" { - default = "West US 2" -} - -variable "dns_prefix" { - default = "tfq" -} - -variable "environment" { - default = "sandbox" -} - -variable "environment_short" { - default = "sbx" -} - -# ---------------------- -# Service Fabric Cluster Settings -# ---------------------- -variable "cluster_size" { - default = 3 -} - -variable "admin_username" { - default = "tfquickstart" -} - -variable "admin_password" { - default = "password.1!" -} - -# Your object_id in Azure Active Directory. -# Has to be manually provided when deploying with azure-cli auth. -# Used in creating KeyVault Access Policies -variable "client_object_id" { - default = "0938d8bc-3351-4bcc-ddb5-113c2218ff0d" -} - -# ---------------------- -# API Management -# ---------------------- -variable "api_publisher_name" { - default = "Terraform Quickstarts" -} - -variable "api_publisher_email" { - default = "tfquickstart@example.com" -} \ No newline at end of file diff --git a/quickstart/301-service-fabric-apim/vmss.tf b/quickstart/301-service-fabric-apim/vmss.tf deleted file mode 100644 index c20134fef..000000000 --- a/quickstart/301-service-fabric-apim/vmss.tf +++ /dev/null @@ -1,111 +0,0 @@ -resource "azurerm_storage_account" "vmss" { - name = "${var.dns_prefix}${substr(replace(var.name, "-", ""), 0, 12)}vmss${var.environment_short}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" - account_tier = "Standard" - account_replication_type = "LRS" -} - -# Vm Scale Set -resource "azurerm_virtual_machine_scale_set" "default" { - name = "${var.name}-vmss" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - upgrade_policy_mode = "Automatic" - overprovision = false - - sku { - name = "Standard_D1_v2" - tier = "Standard" - capacity = "${var.cluster_size}" - } - - storage_profile_image_reference { - publisher = "MicrosoftWindowsServer" - offer = "WindowsServer" - sku = "2019-Datacenter-with-Containers" - version = "latest" - } - - storage_profile_os_disk { - name = "" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } - - storage_profile_data_disk { - lun = 0 - caching = "ReadWrite" - create_option = "Empty" - disk_size_gb = 10 - } - - os_profile { - computer_name_prefix = "sfvm" - admin_username = "${var.admin_username}" - admin_password = "${var.admin_password}" - } - - os_profile_secrets { - source_vault_id = "${azurerm_key_vault.cluster.id}" - - vault_certificates { - certificate_url = "${azurerm_key_vault.cluster.vault_uri}secrets/${azurerm_key_vault_certificate.cluster.name}/${azurerm_key_vault_certificate.cluster.version}" - certificate_store = "My" - } - } - - # These default to on if not specified, causing terraform to always want to make changes - os_profile_windows_config { - enable_automatic_upgrades = true - provision_vm_agent = true - } - - boot_diagnostics { - enabled = true - storage_uri = "${azurerm_storage_account.vmss.primary_blob_endpoint}" - } - - network_profile { - name = "NetworkProfile" - primary = true - - ip_configuration { - primary = true - name = "IPConfiguration" - subnet_id = "${azurerm_subnet.sf.id}" - load_balancer_backend_address_pool_ids = ["${azurerm_lb_backend_address_pool.sf.id}"] - load_balancer_inbound_nat_rules_ids = ["${azurerm_lb_nat_pool.sf[0].id}"] - } - } - - extension { - name = "ServiceFabricNodeVmExt_vmDefault" # This extension connects vms to the cluster. - publisher = "Microsoft.Azure.ServiceFabric" - type = "ServiceFabricNode" - type_handler_version = "1.0" - - settings = <