feature/azure uami vs spns by JohannesRudolph · Pull Request #176 · meshcloud/meshstack-hub

JohannesRudolph · 2026-05-20T07:45:41Z

feat: clarify use of UAMIs as preferred over SPNs
docs: document agent instructions for azure modules
feat: extend the scorecard with a category summary per module
fix(azure/budget-alert): migrate backplane to UAMI + WIF pattern
fix(azure/storage-account): migrate backplane to UAMI + WIF pattern
feat: deploy azure backplanes into named resource groups
fix: wait for tofu 1.12+ to enable const for hub module source variable

standardize on AGENTS.md format for all agent instructions, and add detailed conventions for Azure backplanes based on our learnings from the first few implementations. This includes the rationale for using UAMIs, the implementation pattern, required variables/outputs, wiring in `meshstack_integration.tf`, and a checklist for Azure backplanes.

this allows us to see maturity at a glance

- Replace azuread_application/service_principal with azurerm_user_assigned_identity - Replace azuread_application_federated_identity_credential with azurerm_federated_identity_credential - Remove azuread_application_password and directory role assignments - Remove create_service_principal_name/existing_principal_ids toggle pattern - Add location and resource_group_name variables for UAMI placement - Add identity output (client_id, principal_id, tenant_id) - Update meshstack_integration.tf: add const=true to hub var, use var.hub.git_ref in backplane source - Add azure_resource_group_name and azure_location integration variables - Fix ARM_CLIENT_ID to reference module.backplane.identity.client_id - Fix time provider version to ~> 0.11 in buildingblock/versions.tf - Remove azuread provider from integration and e2e - Add azure_resource_group_name to e2e test fixtures

- Replace azuread_application/service_principal with azurerm_user_assigned_identity - Replace azuread_application_federated_identity_credential with azurerm_federated_identity_credential - Remove azuread_application_password resources - Remove create_service_principal_name/existing_principal_ids toggle pattern - Add location and resource_group_name variables for UAMI placement - Add identity output (client_id, principal_id, tenant_id) - Update meshstack_integration.tf: add const=true to hub var, use var.hub.git_ref in backplane source - Add azure_resource_group_name integration variable - Fix ARM_CLIENT_ID to reference module.backplane.identity.client_id - Remove azuread provider from backplane/versions.tf, integration, and e2e - Add azure_resource_group_name to e2e test fixtures

Derive resource group names automatically from backplane name inputs. In e2e tests, this is automatically randomized by the test context name suffix.

github-actions · 2026-05-20T07:45:59Z

🎨 Missing Building Block Icons

Found 2 building block(s) without logo.png files.

Copy the AI Prompts below and use them with your favorite AI image generator (Gemini, DALL-E, Midjourney, Stable Diffusion, etc.).

Then follow the Post-Processing Steps to prepare the icons for upload.

Azure Virtual Machine Starterkit

Platform: azure

Path: /home/runner/work/meshstack-hub/meshstack-hub/modules/azure/azure-virtual-machine-starterkit/buildingblock/logo.png

AI Prompt (copy this to image generator)

Create a professional flat design icon for the meshcloud Building Block ecosystem.

Purpose: The Azure Virtual Machine Starterkit provides application teams with a pre-configured Azure environment. It includes a dedicated project, an Azure tenant, and a virtual machine for quick provisioning and testing.

Visual Style:
- Plain white background (#FFFFFF) for easy removal in post-processing
- Background will be converted to transparent (see post-processing steps)
- Use Azure colors: blue (#0078D4), cyan (#00BCF2), and light blue (#50E6FF) as accent colors
- Maximum 2-3 colors total
- Simple geometric shapes with clean lines
- Flat design (no gradients, shadows, or 3D effects)
- Minimalist, modern appearance

Composition:
- Square centered layout (NOT horizontal)
- Icon fills the entire canvas edge-to-edge (100% of area)
- No padding or margins around the icon
- Symmetrical arrangement
- Platform-appropriate symbol for AZURE (e.g., cloud, container, database, server, etc.)

Style: Enterprise professional, instantly recognizable at small sizes, similar to app icons or logos.
Dimensions: 800x800 pixels

Post-Processing Instructions

Step 1: Remove white background with GIMP (free)

a) Open image in GIMP
b) Right-click layer → "Add Alpha Channel"
c) Tools → "Select by Color" (Shift+O)
d) Click white background
e) Press Delete key
f) File → Export As → logo.png
g) Set Compression level to 9 → Export

Step 2: Resize to 800x800 pixels if needed

GIMP: Image → Scale Image → 800x800px
Or use any image editor

Step 3: Compress with pngquant (free command line tool)

Install: brew install pngquant (Mac) or apt install pngquant (Linux)
Run: pngquant --quality=20-30 logo.png --ext .png --force
This reduces file size by 60-80% while maintaining quality

Target specs: 800x800px PNG with transparent background, under 100KB

Kubernetes Manifest (Helm)

Platform: kubernetes

Path: /home/runner/work/meshstack-hub/meshstack-hub/modules/kubernetes/manifest/buildingblock/logo.png

AI Prompt (copy this to image generator)

Create a professional flat design icon for the meshcloud Building Block ecosystem.

Purpose: Deploys arbitrary Kubernetes manifests into a tenant namespace via a local Helm chart, with operator-supplied templates and user-provided values.

Visual Style:
- Plain white background (#FFFFFF) for easy removal in post-processing
- Background will be converted to transparent (see post-processing steps)
- Use Kubernetes colors: blue (#326CE5), cyan (#00D3E0), and light blue (#7AB8FF) as accent colors
- Maximum 2-3 colors total
- Simple geometric shapes with clean lines
- Flat design (no gradients, shadows, or 3D effects)
- Minimalist, modern appearance

Composition:
- Square centered layout (NOT horizontal)
- Icon fills the entire canvas edge-to-edge (100% of area)
- No padding or margins around the icon
- Symmetrical arrangement
- Platform-appropriate symbol for KUBERNETES (e.g., cloud, container, database, server, etc.)

Style: Enterprise professional, instantly recognizable at small sizes, similar to app icons or logos.
Dimensions: 800x800 pixels

Post-Processing Instructions

Step 1: Remove white background with GIMP (free)

a) Open image in GIMP
b) Right-click layer → "Add Alpha Channel"
c) Tools → "Select by Color" (Shift+O)
d) Click white background
e) Press Delete key
f) File → Export As → logo.png
g) Set Compression level to 9 → Export

Step 2: Resize to 800x800 pixels if needed

GIMP: Image → Scale Image → 800x800px
Or use any image editor

Step 3: Compress with pngquant (free command line tool)

Install: brew install pngquant (Mac) or apt install pngquant (Linux)
Run: pngquant --quality=20-30 logo.png --ext .png --force
This reduces file size by 60-80% while maintaining quality

Target specs: 800x800px PNG with transparent background, under 100KB

jannymeshi · 2026-05-20T07:46:43Z

📋 Janny has opened a Feature Shipping Tracker: Azure UAMI + WIF Pattern for Backplane Modules for this PR.

aws-amplify-eu-central-1 · 2026-05-20T07:49:38Z

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-176.d1o16zfeoh2slu.amplifyapp.com

…backplane' for consistency

…ount backplanes

not yet supported until we upgrade to tofu 1.12+

JohannesRudolph added 7 commits May 19, 2026 15:47

feat: clarify use of UAMIs as preferred over SPNs

5ebae67

feat: extend the scorecard with a category summary per module

25c9ddc

this allows us to see maturity at a glance

feat: deploy azure backplanes into named resource groups

dea865d

Derive resource group names automatically from backplane name inputs. In e2e tests, this is automatically randomized by the test context name suffix.

fix: wait for tofu 1.12+ to enable const for hub module source variable

869ea3f

JohannesRudolph added 4 commits May 20, 2026 09:55

refactor(azure/backplane): rename resources from 'buildingblock' to '…

f87c673

…backplane' for consistency

chore: remove outdated documentation for Budget Alert and Storage Acc…

800a56b

…ount backplanes

fix: comment out const variable in hub definition

90d7cb8

not yet supported until we upgrade to tofu 1.12+

docs: update README.md to remove documentation_md output

1e650a3

JohannesRudolph merged commit e0c48e1 into main May 20, 2026
4 checks passed

JohannesRudolph deleted the feature/azure-uami-vs-spns branch May 20, 2026 15:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feature/azure uami vs spns#176

feature/azure uami vs spns#176
JohannesRudolph merged 11 commits into
mainfrom
feature/azure-uami-vs-spns

JohannesRudolph commented May 20, 2026

Uh oh!

github-actions Bot commented May 20, 2026 •

edited

Loading

Uh oh!

jannymeshi commented May 20, 2026

Uh oh!

aws-amplify-eu-central-1 Bot commented May 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

JohannesRudolph commented May 20, 2026

Uh oh!

github-actions Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎨 Missing Building Block Icons

Azure Virtual Machine Starterkit

AI Prompt (copy this to image generator)

Post-Processing Instructions

Kubernetes Manifest (Helm)

AI Prompt (copy this to image generator)

Post-Processing Instructions

Uh oh!

jannymeshi commented May 20, 2026

Uh oh!

aws-amplify-eu-central-1 Bot commented May 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions Bot commented May 20, 2026 •

edited

Loading