feat: Feature adding top level management group name (#61)

* feat: Adding top level management group name * Fixing unused variables * terraform fmt --------- Co-authored-by: sdeguchi <[email protected]>
Azure · Dec 19, 2024 · 8ddc147 · 8ddc147
1 parent 2b3aa80
commit 8ddc147
Show file tree

Hide file tree

Showing 11 changed files with 116 additions and 35 deletions.
diff --git a/alz/azuredevops/main.tf b/alz/azuredevops/main.tf
@@ -8,10 +8,13 @@ module "resource_names" {
 }
 
 module "architecture_definition" {
-  count                        = local.has_architecture_definition ? 1 : 0
-  source                       = "../../modules/template_architecture_definition"
-  starter_module_folder_path   = local.starter_root_module_folder_path
-  architecture_definition_name = local.architecture_definition_name
+  count                                                     = local.has_architecture_definition ? 1 : 0
+  source                                                    = "../../modules/template_architecture_definition"
+  starter_module_folder_path                                = local.starter_root_module_folder_path
+  architecture_definition_name                              = local.architecture_definition_name
+  architecture_definition_template_path                     = var.architecture_definition_template_path
+  architecture_definition_override_path                     = var.architecture_definition_override_path
+  apply_alz_archetypes_via_architecture_definition_template = var.apply_alz_archetypes_via_architecture_definition_template
 }
 
 module "files" {

diff --git a/alz/azuredevops/variables.hidden.tf b/alz/azuredevops/variables.hidden.tf
@@ -419,3 +419,21 @@ variable "root_module_folder_relative_path" {
   description = "The root module folder path"
   default     = "."
 }
+
+variable "architecture_definition_template_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition template file to use."
+}
+
+variable "architecture_definition_override_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition file to use instead of the default."
+}
+
+variable "apply_alz_archetypes_via_architecture_definition_template" {
+  type        = bool
+  default     = true
+  description = "Toggles assignment of ALZ policies. True to deploy, otherwise false. (e.g true)"
+}
diff --git a/alz/github/main.tf b/alz/github/main.tf
@@ -8,10 +8,13 @@ module "resource_names" {
 }
 
 module "architecture_definition" {
-  count                        = local.has_architecture_definition ? 1 : 0
-  source                       = "../../modules/template_architecture_definition"
-  starter_module_folder_path   = local.starter_root_module_folder_path
-  architecture_definition_name = local.architecture_definition_name
+  count                                                     = local.has_architecture_definition ? 1 : 0
+  source                                                    = "../../modules/template_architecture_definition"
+  starter_module_folder_path                                = local.starter_root_module_folder_path
+  architecture_definition_name                              = local.architecture_definition_name
+  architecture_definition_template_path                     = var.architecture_definition_template_path
+  architecture_definition_override_path                     = var.architecture_definition_override_path
+  apply_alz_archetypes_via_architecture_definition_template = var.apply_alz_archetypes_via_architecture_definition_template
 }
 
 module "files" {

diff --git a/alz/github/variables.hidden.tf b/alz/github/variables.hidden.tf
@@ -419,3 +419,21 @@ variable "root_module_folder_relative_path" {
   description = "The root module folder path"
   default     = "."
 }
+
+variable "architecture_definition_template_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition template file to use."
+}
+
+variable "architecture_definition_override_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition file to use instead of the default."
+}
+
+variable "apply_alz_archetypes_via_architecture_definition_template" {
+  type        = bool
+  default     = true
+  description = "Toggles assignment of ALZ policies. True to deploy, otherwise false. (e.g true)"
+}
diff --git a/alz/local/main.tf b/alz/local/main.tf
@@ -8,10 +8,13 @@ module "resource_names" {
 }
 
 module "architecture_definition" {
-  count                        = local.has_architecture_definition ? 1 : 0
-  source                       = "../../modules/template_architecture_definition"
-  starter_module_folder_path   = local.starter_root_module_folder_path
-  architecture_definition_name = local.architecture_definition_name
+  count                                                     = local.has_architecture_definition ? 1 : 0
+  source                                                    = "../../modules/template_architecture_definition"
+  starter_module_folder_path                                = local.starter_root_module_folder_path
+  architecture_definition_name                              = local.architecture_definition_name
+  architecture_definition_template_path                     = var.architecture_definition_template_path
+  architecture_definition_override_path                     = var.architecture_definition_override_path
+  apply_alz_archetypes_via_architecture_definition_template = var.apply_alz_archetypes_via_architecture_definition_template
 }
 
 resource "local_file" "architecture_definition_file" {

diff --git a/alz/local/variables.hidden.tf b/alz/local/variables.hidden.tf
@@ -312,3 +312,21 @@ variable "root_module_folder_relative_path" {
   description = "The root module folder path"
   default     = "."
 }
+
+variable "architecture_definition_template_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition template file to use."
+}
+
+variable "architecture_definition_override_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition file to use instead of the default."
+}
+
+variable "apply_alz_archetypes_via_architecture_definition_template" {
+  type        = bool
+  default     = true
+  description = "Toggles assignment of ALZ policies. True to deploy, otherwise false. (e.g true)"
+}
diff --git a/modules/template_architecture_definition/data.tf b/modules/template_architecture_definition/data.tf
@@ -1,4 +1,4 @@
 data "local_file" "architecture_definition_override_json" {
   count    = local.has_architecture_definition_override ? 1 : 0
-  filename = local.architecture_definition_override_path
+  filename = var.architecture_definition_override_path
 }
diff --git a/modules/template_architecture_definition/locals.tf b/modules/template_architecture_definition/locals.tf
@@ -1,15 +1,14 @@
 locals {
   # Determine template architecture definition inputs from starter module tfvars
-  starter_module_tfvars                 = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json"))
-  default_prefix                        = local.starter_module_tfvars.default_prefix
-  default_postfix                       = local.starter_module_tfvars.default_postfix
-  enable_alz                            = local.starter_module_tfvars.apply_alz_archetypes_via_architecture_definition_template
-  architecture_definition_override_path = local.starter_module_tfvars.architecture_definition_override_path
-  default_template_file_path            = "${path.module}/templates/${var.architecture_definition_name}.alz_architecture_definition.json.tftpl"
-  template_file_path                    = local.starter_module_tfvars.architecture_definition_template_path != "" ? local.starter_module_tfvars.architecture_definition_template_path : local.default_template_file_path
+  starter_module_tfvars           = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json"))
+  default_prefix                  = local.starter_module_tfvars.default_prefix
+  default_postfix                 = local.starter_module_tfvars.default_postfix
+  top_level_management_group_name = local.starter_module_tfvars.top_level_management_group_name
+  default_template_file_path      = "${path.module}/templates/${var.architecture_definition_name}.alz_architecture_definition.json.tftpl"
+  template_file_path              = var.architecture_definition_template_path != "" ? var.architecture_definition_template_path : local.default_template_file_path
 
   # Customer has provided a custom architecture definition
-  has_architecture_definition_override = local.architecture_definition_override_path != ""
+  has_architecture_definition_override = var.architecture_definition_override_path != ""
 
   # ALZ archetypes
   alz_root           = ["\"root\""]
@@ -24,21 +23,22 @@ locals {
   alz_identity       = ["\"identity\""]
 
   # management group layered archetypes
-  root                = local.enable_alz ? local.alz_root : []
-  platform            = local.enable_alz ? local.alz_platform : []
-  landing_zone        = local.enable_alz ? local.alz_landing_zone : []
-  decommissioned      = local.enable_alz ? local.alz_decommissioned : []
-  sandboxes           = local.enable_alz ? local.alz_sandboxes : []
-  corp                = local.enable_alz ? local.alz_corp : []
-  online              = local.enable_alz ? local.alz_online : []
-  management          = local.enable_alz ? local.alz_management : []
-  connectivity        = local.enable_alz ? local.alz_connectivity : []
-  identity            = local.enable_alz ? local.alz_identity : []
-  confidential_corp   = local.enable_alz ? local.alz_corp : []
-  confidential_online = local.enable_alz ? local.alz_online : []
+  root                = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_root : []
+  platform            = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_platform : []
+  landing_zone        = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_landing_zone : []
+  decommissioned      = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_decommissioned : []
+  sandboxes           = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_sandboxes : []
+  corp                = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_corp : []
+  online              = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_online : []
+  management          = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_management : []
+  connectivity        = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_connectivity : []
+  identity            = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_identity : []
+  confidential_corp   = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_corp : []
+  confidential_online = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_online : []
 
   template_vars = {
     architecture_definition_name            = var.architecture_definition_name
+    top_level_management_group_name         = local.top_level_management_group_name
     root_management_group_id                = "${local.default_prefix}${local.default_postfix}"
     platform_management_group_id            = "${local.default_prefix}-platform${local.default_postfix}"
     landing_zone_management_group_id        = "${local.default_prefix}-landingzones${local.default_postfix}"

diff --git a/...les/template_architecture_definition/templates/fsi.alz_architecture_definition.json.tftpl b/...les/template_architecture_definition/templates/fsi.alz_architecture_definition.json.tftpl
@@ -3,7 +3,7 @@
   "management_groups": [
     {
       "archetypes": [${root_archetypes}, "fsi_root", "tr_01_logging", "re_01_zonal_residency", "so_04_cmk", "so_01_data_residency"],
-      "display_name": "FSI Landing Zone",
+      "display_name": "${top_level_management_group_name}",
       "exists": false,
       "id": "${root_management_group_id}",
       "parent_id": null

diff --git a/...les/template_architecture_definition/templates/slz.alz_architecture_definition.json.tftpl b/...les/template_architecture_definition/templates/slz.alz_architecture_definition.json.tftpl
@@ -3,7 +3,7 @@
   "management_groups": [
     {
       "archetypes": [${root_archetypes}, "global"],
-      "display_name": "Sovereign Landing Zone",
+      "display_name": "${top_level_management_group_name}",
       "exists": false,
       "id": "${root_management_group_id}",
       "parent_id": null

diff --git a/modules/template_architecture_definition/variables.tf b/modules/template_architecture_definition/variables.tf
@@ -7,3 +7,21 @@ variable "architecture_definition_name" {
   type        = string
   description = "Name of the architecture definition"
 }
+
+variable "architecture_definition_template_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition template file to use."
+}
+
+variable "architecture_definition_override_path" {
+  type        = string
+  default     = ""
+  description = "The path to the architecture definition file to use instead of the default."
+}
+
+variable "apply_alz_archetypes_via_architecture_definition_template" {
+  type        = bool
+  default     = true
+  description = "Toggles assignment of ALZ policies. True to deploy, otherwise false. (e.g true)"
+}