This module is intended for one-shot deployments only!
This module provides a oneshot deployment for a new application landing zone. It creates the service connection, optionally moves the subscription to a new management group, creates a build validation policy and creates a new repository with the first pipeline settings and terraform files.
You need:
- Personal Access Token for the DevOps Organization to create service connections and repositories
- Project Admin on DevOps Project
- Admin User to create the service principal in the Customer Tenant. If you want to move the subscription into a new management group you need an admin user directly in the tenant. AOBO will not work.
| Name | Version |
|---|---|
| azuread | >=2.36.0 |
| azuredevops | >=0.4.0 |
| azurerm | >=3.46.0 |
| http-full | 1.3.1 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alerting | The alerting tag of the subscription. Can be enabled or disabled. |
string |
n/a | yes |
| application_name | The applicationname tag of subscription. |
string |
n/a | yes |
| business_service_number | The Business Service Number tag of subscription. |
string |
n/a | yes |
| devops_project_name | Name of the DevOps Project to create the service connections for. | string |
n/a | yes |
| devops_service_url | Azure DevOps organization url. | string |
n/a | yes |
| devops_subscription_id | Subscription ID of the DevOps Subscription. | string |
n/a | yes |
| env | The env tag of the subscription . Can be prd, dev, tst, qas, stg, int, or lab. |
string |
n/a | yes |
| iac | The iac tag of subscription. Set to true if the subscription is managed by Infrastructure as Code (IaC) and false otherwise |
bool |
n/a | yes |
| location | The default location used for resources in this Landing Zone. | string |
n/a | yes |
| managed_by | The managedby tag of the subscription. This should be the entity responsible for managing the infrastructure (e.g q.beyond). |
string |
n/a | yes |
| personal_access_token | Personal access token used for authentication to the Azure DevOps organization. Is only used during the oneshot deployment. You require the following scopes: Code=Full, Environment=Read & manage, Identity=Read & manage, Pipeline Resources=Use and manage, Project and Team=Read, write, & manage, Security=Manage, Service Connections=Read, query, & manage,Variable Groups=Read, create, & manage |
string |
n/a | yes |
| stage | Name of the current stage. | string |
n/a | yes |
| subscription_id | Subscription ID of the Landing Zone Subscription. | string |
n/a | yes |
| tenant_id | Tenant ID of the Customer. | string |
n/a | yes |
| terraform_state_config | The configuration of the Terraform state. The state will be saved in the given storage account in the DevOps subscription using the backend service connection. | object({ |
n/a | yes |
| additional_tags | A mapping of tags to add to the subscription in addition to the default tags. | map(string) |
{} |
no |
| create_virtual_machine_template | Set to true to create a template for creating a windows vm. | bool |
false |
no |
| management_group_id | Management Group ID where to move the subscription. Optional Parameter if association already done. | string |
"" |
no |
| skip_provider_registration | Allows you to skip the provider registration when initilizing the azurerm provider in this configuration and the created configuration. This is useful in development environments where not every provider can be registered. | bool |
false |
no |
| vnet_config | If you want to provide a virtual network, please provide the following values: |
object({ |
null |
no |
No outputs.
## Resource types
| Type | Used |
|------|-------|
| [azuredevops_branch_policy_build_validation](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/branch_policy_build_validation) | 1 |
| [azuredevops_build_definition](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/build_definition) | 1 |
| [azuredevops_environment](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/environment) | 1 |
| [azuredevops_git_repository](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository) | 1 |
| [azuredevops_git_repository_branch](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_branch) | 1 |
| [azuredevops_git_repository_file](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | 8 |
| [azuredevops_resource_authorization](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/resource_authorization) | 1 |
| [azurerm_management_group_subscription_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_subscription_association) | 1 |
| [azurerm_storage_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | 1 |
**`Used` only includes resource blocks.** `for_each` and `count` meta arguments, as well as resource blocks of modules are not considered.
| Name | Source | Version |
|---|---|---|
| service_connection_application | qbeyond/service-connection/azuredevops | 1.0.1 |
## Resources by Files
### build_validation.tf
| Name | Type |
|------|------|
| [azuredevops_branch_policy_build_validation.this](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/branch_policy_build_validation) | resource |
### main.tf
| Name | Type |
|------|------|
| [azurerm_management_group_subscription_association.target](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_subscription_association) | resource |
| [azurerm_storage_container.landing_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
| [azurerm_management_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/management_group) | data source |
| [azurerm_storage_account.terraform_state](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
### pipeline-permissions.tf
| Name | Type |
|------|------|
| [azuredevops_resource_authorization.service_connection_permission_alz](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/resource_authorization) | resource |
| [azuredevops_team.default](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/data-sources/team) | data source |
| [http-full_http.approval_and_check_alz](https://registry.terraform.io/providers/salrashid123/http-full/1.3.1/docs/data-sources/http) | data source |
| [http-full_http.environment_permission_alz](https://registry.terraform.io/providers/salrashid123/http-full/1.3.1/docs/data-sources/http) | data source |
| [http-full_http.environment_user_permission_alz](https://registry.terraform.io/providers/salrashid123/http-full/1.3.1/docs/data-sources/http) | data source |
### pipeline.tf
| Name | Type |
|------|------|
| [azuredevops_build_definition.this](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/build_definition) | resource |
| [azuredevops_environment.alz](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/environment) | resource |
### repository.tf
| Name | Type |
|------|------|
| [azuredevops_git_repository.landing_zone](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository) | resource |
| [azuredevops_git_repository_branch.init](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_branch) | resource |
| [azuredevops_git_repository_file.gitignore](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.locals](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.main](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.network](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.pipeline](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.tags](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.terraform](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
| [azuredevops_git_repository_file.virtual_machine](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/git_repository_file) | resource |
### terraform.tf
| Name | Type |
|------|------|
| [azuredevops_project.this](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/data-sources/project) | data source |
| [azurerm_subscription.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |