Update with quickstart example, make instance id a required variable.

.terraform-docs.yml

@@ -6,14 +6,14 @@ content: |-
   ## Requirements
 
   To run this module, you will need the following:
-  1. Product license key: Contact [email protected] for more information.
+  1. Product Licence Key & Instance ID: Contact [email protected] for more information.
   2. (Optional) IDP App configuration details: Wayfinder integrates with an IDP for managing user access. You will need a valid Client ID, Client Secret and Server URL (or Azure Tenant ID) for setup. This does not need to be defined initially within Terraform, and can also be setup within the product. Wayfinder can provision a `localadmin` user for initial access if no IDP details are provided.
   3. A public Azure DNS Zone: This module will create DNS records for the Wayfinder API and UI endpoints, and performs a DNS01 challenge via the LetsEncrypt Issuer for valid domain certificates.
   4. Existing Virtual Network and Subnet: This module will deploy an AKS Cluster and so requires an existing vnet with outbound internet connectivity.
 
   ## Deployment
 
-  Please see the [examples](./examples) directory to see how to deploy this module. To get up and running quickly with minimal pre-requisites, use the [no-idp](./examples/no-idp) example.
+  Please see the [examples](./examples) directory to see how to deploy this module. To get up and running quickly with minimal pre-requisites, use the [quickstart](./examples/quickstart) example.
 
   ### (Optional) Connecting to an Identity Provider
 

README.md

@@ -6,14 +6,14 @@ The "terraform-azure-wayfinder" Terraform Module can be used to provision and ma
 ## Requirements
 
 To run this module, you will need the following:
-1. Product license key: Contact [email protected] for more information.
+1. Product Licence Key & Instance ID: Contact [email protected] for more information.
 2. (Optional) IDP App configuration details: Wayfinder integrates with an IDP for managing user access. You will need a valid Client ID, Client Secret and Server URL (or Azure Tenant ID) for setup. This does not need to be defined initially within Terraform, and can also be setup within the product. Wayfinder can provision a `localadmin` user for initial access if no IDP details are provided.
 3. A public Azure DNS Zone: This module will create DNS records for the Wayfinder API and UI endpoints, and performs a DNS01 challenge via the LetsEncrypt Issuer for valid domain certificates.
 4. Existing Virtual Network and Subnet: This module will deploy an AKS Cluster and so requires an existing vnet with outbound internet connectivity.
 
 ## Deployment
 
-Please see the [examples](./examples) directory to see how to deploy this module. To get up and running quickly with minimal pre-requisites, use the [no-idp](./examples/no-idp) example.
+Please see the [examples](./examples) directory to see how to deploy this module. To get up and running quickly with minimal pre-requisites, use the [quickstart](./examples/quickstart) example.
 
 ### (Optional) Connecting to an Identity Provider
 
@@ -77,14 +77,13 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_enable_k8s_resources"></a> [enable\_k8s\_resources](#input\_enable\_k8s\_resources) | Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments) | `bool` | `true` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment in which the resources are deployed. | `string` | `"production"` | no |
 | <a name="input_location"></a> [location](#input\_location) | The Azure region to use. | `string` | `"uksouth"` | no |
-| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group in which to create the AKS cluster. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the AKS cluster. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to resources. | `map(string)` | `{}` | no |
 | <a name="input_wayfinder_domain_name_api"></a> [wayfinder\_domain\_name\_api](#input\_wayfinder\_domain\_name\_api) | The domain name to use for the Wayfinder API (e.g. api.wayfinder.example.com) | `string` | n/a | yes |
 | <a name="input_wayfinder_domain_name_ui"></a> [wayfinder\_domain\_name\_ui](#input\_wayfinder\_domain\_name\_ui) | The domain name to use for the Wayfinder UI (e.g. portal.wayfinder.example.com) | `string` | n/a | yes |
 | <a name="input_wayfinder_idp_details"></a> [wayfinder\_idp\_details](#input\_wayfinder\_idp\_details) | The IDP details to use for Wayfinder to enable SSO | <pre>object({<br>    type          = string<br>    clientId      = optional(string)<br>    clientSecret  = optional(string)<br>    serverUrl     = optional(string)<br>    azureTenantId = optional(string)<br>  })</pre> | <pre>{<br>  "azureTenantId": "",<br>  "clientId": null,<br>  "clientSecret": null,<br>  "serverUrl": "",<br>  "type": "none"<br>}</pre> | no |
-| <a name="input_wayfinder_instance_id"></a> [wayfinder\_instance\_id](#input\_wayfinder\_instance\_id) | The instance ID to use for Wayfinder. This can be left blank and will be autogenerated. | `string` | `""` | no |
-| <a name="input_wayfinder_license_key"></a> [wayfinder\_license\_key](#input\_wayfinder\_license\_key) | The license key to use for Wayfinder | `string` | n/a | yes |
+| <a name="input_wayfinder_instance_id"></a> [wayfinder\_instance\_id](#input\_wayfinder\_instance\_id) | The instance ID to use for Wayfinder. | `string` | n/a | yes |
+| <a name="input_wayfinder_licence_key"></a> [wayfinder\_licence\_key](#input\_wayfinder\_licence\_key) | The licence key to use for Wayfinder | `string` | n/a | yes |
 | <a name="input_wayfinder_release_channel"></a> [wayfinder\_release\_channel](#input\_wayfinder\_release\_channel) | The release channel to use for Wayfinder | `string` | `"wayfinder-releases"` | no |
 | <a name="input_wayfinder_version"></a> [wayfinder\_version](#input\_wayfinder\_version) | The version to use for Wayfinder | `string` | `"v2.3.3"` | no |
 
@@ -97,10 +96,10 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="output_aks_client_key"></a> [aks\_client\_key](#output\_aks\_client\_key) | The `client_key` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. |
 | <a name="output_aks_cluster_ca_certificate"></a> [aks\_cluster\_ca\_certificate](#output\_aks\_cluster\_ca\_certificate) | The `cluster_ca_certificate` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. |
 | <a name="output_aks_kubeconfig_host"></a> [aks\_kubeconfig\_host](#output\_aks\_kubeconfig\_host) | The Kubernetes cluster server host. This is a Private Link address if 'disable\_internet\_access' is configured. |
-| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | The name of the Wayfinder AKS cluster |
-| <a name="output_wayfinder_admin_password"></a> [wayfinder\_admin\_password](#output\_wayfinder\_admin\_password) | The password for the Wayfinder local admin user |
-| <a name="output_wayfinder_admin_username"></a> [wayfinder\_admin\_username](#output\_wayfinder\_admin\_username) | The username for the Wayfinder local admin user |
-| <a name="output_wayfinder_api_url"></a> [wayfinder\_api\_url](#output\_wayfinder\_api\_url) | The URL for the Wayfinder API |
-| <a name="output_wayfinder_instance_id"></a> [wayfinder\_instance\_id](#output\_wayfinder\_instance\_id) | The unique identifier for the Wayfinder instance |
-| <a name="output_wayfinder_ui_url"></a> [wayfinder\_ui\_url](#output\_wayfinder\_ui\_url) | The URL for the Wayfinder UI |
+| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | The name of the Wayfinder AKS cluster. |
+| <a name="output_wayfinder_admin_password"></a> [wayfinder\_admin\_password](#output\_wayfinder\_admin\_password) | The password for the Wayfinder local admin user. |
+| <a name="output_wayfinder_admin_username"></a> [wayfinder\_admin\_username](#output\_wayfinder\_admin\_username) | The username for the Wayfinder local admin user. |
+| <a name="output_wayfinder_api_url"></a> [wayfinder\_api\_url](#output\_wayfinder\_api\_url) | The URL for the Wayfinder API. |
+| <a name="output_wayfinder_instance_id"></a> [wayfinder\_instance\_id](#output\_wayfinder\_instance\_id) | The unique identifier for the Wayfinder instance. |
+| <a name="output_wayfinder_ui_url"></a> [wayfinder\_ui\_url](#output\_wayfinder\_ui\_url) | The URL for the Wayfinder UI. |
 <!-- END_TF_DOCS -->

cert-manager.tf

@@ -1,7 +1,7 @@
 resource "azurerm_user_assigned_identity" "cert_manager" {
   location            = var.location
   resource_group_name = module.aks.node_resource_group
-  name                = "wf-admin-cert-manager-${local.wayfinder_instance_id}"
+  name                = "wf-admin-cert-manager-${var.wayfinder_instance_id}"
   tags                = var.tags
 }
 

examples/complete/README.md

@@ -21,19 +21,20 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_aks_api_server_authorized_ip_ranges"></a> [aks\_api\_server\_authorized\_ip\_ranges](#input\_aks\_api\_server\_authorized\_ip\_ranges) | The list of authorized IP ranges to contact the Wayfinder Management AKS Cluster API server. | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
-| <a name="input_aks_rbac_aad_admin_groups"></a> [aks\_rbac\_aad\_admin\_groups](#input\_aks\_rbac\_aad\_admin\_groups) | Map of Azure AD Groups and their Object IDs that will be set as cluster admin. | `map(string)` | `{}` | no |
-| <a name="input_clusterissuer_email"></a> [clusterissuer\_email](#input\_clusterissuer\_email) | The email address to use for the cert-manager cluster issuer | `string` | n/a | yes |
-| <a name="input_create_localadmin_user"></a> [create\_localadmin\_user](#input\_create\_localadmin\_user) | Whether to create a localadmin user for access to the Wayfinder Portal and API | `bool` | `false` | no |
-| <a name="input_disable_internet_access"></a> [disable\_internet\_access](#input\_disable\_internet\_access) | Whether to disable internet access for AKS and the Wayfinder ingress controller | `bool` | `false` | no |
+| <a name="input_aks_rbac_aad_admin_groups"></a> [aks\_rbac\_aad\_admin\_groups](#input\_aks\_rbac\_aad\_admin\_groups) | Map of Azure AD Groups and their Object IDs that will be set as cluster admin. | `map(string)` | n/a | yes |
+| <a name="input_clusterissuer_email"></a> [clusterissuer\_email](#input\_clusterissuer\_email) | The email address to use for the cert-manager cluster issuer. | `string` | n/a | yes |
+| <a name="input_create_localadmin_user"></a> [create\_localadmin\_user](#input\_create\_localadmin\_user) | Whether to create a localadmin user for access to the Wayfinder Portal and API. | `bool` | `false` | no |
+| <a name="input_disable_internet_access"></a> [disable\_internet\_access](#input\_disable\_internet\_access) | Whether to disable internet access for AKS and the Wayfinder ingress controller. | `bool` | `false` | no |
 | <a name="input_dns_resource_group_name"></a> [dns\_resource\_group\_name](#input\_dns\_resource\_group\_name) | The name of the resource group where the DNS Zone exists. | `string` | n/a | yes |
 | <a name="input_dns_zone_name"></a> [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to use for wayfinder. | `string` | n/a | yes |
-| <a name="input_enable_k8s_resources"></a> [enable\_k8s\_resources](#input\_enable\_k8s\_resources) | Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments) | `bool` | `true` | no |
-| <a name="input_environment"></a> [environment](#input\_environment) | The environment in which the resources are deployed. | `string` | n/a | yes |
-| <a name="input_location"></a> [location](#input\_location) | The Azure region in which to create the resources. | `string` | n/a | yes |
+| <a name="input_enable_k8s_resources"></a> [enable\_k8s\_resources](#input\_enable\_k8s\_resources) | Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments). | `bool` | `true` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment in which the resources are deployed. | `string` | `"production"` | no |
+| <a name="input_location"></a> [location](#input\_location) | The Azure region in which to create the resources. | `string` | `"uksouth"` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the AKS cluster. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `{}` | no |
-| <a name="input_wayfinder_idp_details"></a> [wayfinder\_idp\_details](#input\_wayfinder\_idp\_details) | The IDP details to use for Wayfinder to enable SSO | <pre>object({<br>    type          = string<br>    clientId      = string<br>    clientSecret  = string<br>    serverUrl     = optional(string)<br>    azureTenantId = optional(string)<br>  })</pre> | n/a | yes |
-| <a name="input_wayfinder_license_key"></a> [wayfinder\_license\_key](#input\_wayfinder\_license\_key) | The license key to use for Wayfinder | `string` | n/a | yes |
+| <a name="input_wayfinder_idp_details"></a> [wayfinder\_idp\_details](#input\_wayfinder\_idp\_details) | The IDP details to use for Wayfinder to enable SSO. | <pre>object({<br>    type          = string<br>    clientId      = string<br>    clientSecret  = string<br>    serverUrl     = optional(string)<br>    azureTenantId = optional(string)<br>  })</pre> | n/a | yes |
+| <a name="input_wayfinder_instance_id"></a> [wayfinder\_instance\_id](#input\_wayfinder\_instance\_id) | The instance ID to use for Wayfinder. | `string` | n/a | yes |
+| <a name="input_wayfinder_licence_key"></a> [wayfinder\_licence\_key](#input\_wayfinder\_licence\_key) | The licence key to use for Wayfinder. | `string` | n/a | yes |
 
 ## Outputs
 

examples/complete/data.tf

@@ -2,7 +2,3 @@ data "azurerm_dns_zone" "wayfinder" {
   name                = var.dns_zone_name
   resource_group_name = var.dns_resource_group_name
 }
-
-data "azurerm_resource_group" "wayfinder" {
-  name = var.resource_group_name
-}

examples/complete/main.tf

@@ -11,10 +11,10 @@ module "wayfinder" {
   dns_zone_name                       = var.dns_zone_name
   enable_k8s_resources                = var.enable_k8s_resources
   environment                         = var.environment
-  resource_group_id                   = data.azurerm_resource_group.wayfinder.id
-  resource_group_name                 = data.azurerm_resource_group.wayfinder.name
+  resource_group_name                 = var.resource_group_name
   wayfinder_domain_name_api           = "api.${var.dns_zone_name}"
   wayfinder_domain_name_ui            = "portal.${var.dns_zone_name}"
   wayfinder_idp_details               = var.wayfinder_idp_details
-  wayfinder_license_key               = var.wayfinder_license_key
+  wayfinder_instance_id               = var.wayfinder_instance_id
+  wayfinder_licence_key               = var.wayfinder_licence_key
 }

examples/complete/terraform.tfvars.sample

@@ -2,26 +2,19 @@ aks_rbac_aad_admin_groups = {
   "my-aad-aks-admin-group" = "c0e0b0f0-0000-0000-0000-000000000000"
 }
 clusterissuer_email     = "[email protected]"
-create_localadmin_user  = false
-location                = "uksouth"
-disable_internet_access = false
 dns_resource_group_name = "wayfinder-rg"
 dns_zone_name           = "wf.example.com"
-environment             = "prod"
 resource_group_name     = "wayfinder-rg"
 tags = {
-  BusinessCriticality = "High"
-  Environment         = "Production"
-  Owner               = "SupportTeam"
-  Project             = "Operations"
-  Repository          = "Your Repository URL"
-  Provisioner         = "Terraform"
+  Repository  = "Your Repository URL"
+  Provisioner = "Terraform"
 }
-wayfinder_license_key = "wayfinder-license-key"
 wayfinder_idp_details = {
   type          = "aad"
   clientId      = "AZURE-AD-APPLICATION-ID"
   clientSecret  = "AZURE-AD-APPLICATION-CLIENT-SECRET-VALUE"
   azureTenantId = "AZURE-TENANT-ID"
   serverUrl     = ""
 }
+wayfinder_instance_id = "your-wayfinder-instance-id"
+wayfinder_licence_key = "wayfinder-licence-key"

examples/complete/variables.tf

@@ -7,22 +7,21 @@ variable "aks_api_server_authorized_ip_ranges" {
 variable "aks_rbac_aad_admin_groups" {
   description = "Map of Azure AD Groups and their Object IDs that will be set as cluster admin."
   type        = map(string)
-  default     = {}
 }
 
 variable "clusterissuer_email" {
-  description = "The email address to use for the cert-manager cluster issuer"
+  description = "The email address to use for the cert-manager cluster issuer."
   type        = string
 }
 
 variable "create_localadmin_user" {
-  description = "Whether to create a localadmin user for access to the Wayfinder Portal and API"
+  description = "Whether to create a localadmin user for access to the Wayfinder Portal and API."
   type        = bool
   default     = false
 }
 
 variable "disable_internet_access" {
-  description = "Whether to disable internet access for AKS and the Wayfinder ingress controller"
+  description = "Whether to disable internet access for AKS and the Wayfinder ingress controller."
   type        = bool
   default     = false
 }
@@ -38,19 +37,21 @@ variable "dns_zone_name" {
 }
 
 variable "enable_k8s_resources" {
-  description = "Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments)"
+  description = "Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments)."
   type        = bool
   default     = true
 }
 
 variable "environment" {
   description = "The environment in which the resources are deployed."
   type        = string
+  default     = "production"
 }
 
 variable "location" {
   description = "The Azure region in which to create the resources."
   type        = string
+  default     = "uksouth"
 }
 
 variable "resource_group_name" {
@@ -65,7 +66,7 @@ variable "tags" {
 }
 
 variable "wayfinder_idp_details" {
-  description = "The IDP details to use for Wayfinder to enable SSO"
+  description = "The IDP details to use for Wayfinder to enable SSO."
   type = object({
     type          = string
     clientId      = string
@@ -87,8 +88,13 @@ variable "wayfinder_idp_details" {
   }
 }
 
-variable "wayfinder_license_key" {
-  description = "The license key to use for Wayfinder"
+variable "wayfinder_instance_id" {
+  description = "The instance ID to use for Wayfinder."
+  type        = string
+}
+
+variable "wayfinder_licence_key" {
+  description = "The licence key to use for Wayfinder."
   type        = string
   sensitive   = true
 }

examples/complete/vnet.tf

@@ -1,14 +1,14 @@
 resource "azurerm_virtual_network" "wayfinder" {
   name                = "wayfinder-${var.environment}-vnet"
   address_space       = ["10.0.0.0/22"]
-  location            = data.azurerm_resource_group.wayfinder.location
-  resource_group_name = data.azurerm_resource_group.wayfinder.name
+  location            = var.location
+  resource_group_name = var.resource_group_name
   tags                = var.tags
 }
 
 resource "azurerm_subnet" "aks_nodes" {
   name                 = "aks-nodes"
   address_prefixes     = ["10.0.1.0/24"]
-  resource_group_name  = data.azurerm_resource_group.wayfinder.name
+  resource_group_name  = var.resource_group_name
   virtual_network_name = azurerm_virtual_network.wayfinder.name
 }