ImIOImI/README.md

## README.md

      
    Raw
  

              README.md
            
          
Tagging

Env0 relies on git tags to version modules. By default the tag workflow automagically increments the release
patch version (so applying a tag to a PR is unecessary). Acceptable tags are

release:major
release:minor
release:patch
If more than one label is added, the behavior is undefined. For more information on tagging behavior see the
(tagging github action we use)[https://github.com/rymndhng/release-on-push-action]

Requirements


Name
Version


 terraform
>= 1.3.0


 azurerm
3.4.0


Providers


Name
Version


 azuread
n/a


 env0
n/a


Inputs


Name
Description
Type
Default
Required


 disable-destroy-environments
Disallow destroying environment in the project
bool
false
no


 env0-teams
a map of the everyone/deployer/
map(string)
{
  "planner": "Developers",
  "viewer": "All QuadPay Tenant Members"
}
no


 group-admin-name
Defaults to env0---admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project
string
""
no


 group-deployer-name
Defaults to env0---admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project
string
""
no


 include-cost-estimate
Enable cost estimation for the project
bool
false
no


 requires-approval-default
Requires approval default value when creating a new environment in the project
bool
false
no


 skip-apply-when-plan-is-empty
Skip apply when plan has no changes
bool
true
no


 skip-redundant-deployments
Skip apply when plan has no changes
bool
true
no


 team-name
This is the team name and will also be the name of the Env0 Project.
string
n/a
yes


Outputs


Name
Description


 group-admin-id
n/a


 group-admin-name
n/a


 group-deployer-id
n/a


 group-deployer-name
n/a


 project-id
n/a


## main.tf
terraform {
  required_providers {
    env0 = {
      source = "env0/env0"
    }
    azuread = {
      source = "hashicorp/azuread"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.4.0"
    }
  }

  required_version = ">= 1.3.0"
}

locals {
  name = replace(lower(var.team-name)," ","-")

  #policy stuff
  requires-approval-default     = var.requires-approval-default
  disable-destroy-environments  = var.disable-destroy-environments
  include-cost-estimation       = var.include-cost-estimate
  skip-apply-when-plan-is-empty = var.skip-apply-when-plan-is-empty
  skip-redundant-deployments    = var.skip-redundant-deployments

  #group stuff
  group-admin-name    = length(var.group-admin-name) > 0 ? var.group-admin-name : "env0-${local.name}-admin"
  group-deployer-name = length(var.group-deployer-name) > 0 ? var.group-deployer-name : "env0-${local.name}-deployer"
  planners = var.env0-teams["planner"]
  viewers = var.env0-teams["viewer"]
}

data "azuread_client_config" "current" {}

data env0_team "everyone" {
  name = local.viewers
}

data env0_team "developers" {
  name = local.planners
}

resource "azuread_group" "admin" {
  display_name     = local.group-admin-name
  owners           = [data.azuread_client_config.current.object_id]
  security_enabled = true
}

resource "azuread_group" "deployer" {
  display_name     = local.group-deployer-name
  owners           = [data.azuread_client_config.current.object_id]
  security_enabled = true
}

resource "env0_project" "project" {
  name        = local.name
  description = "Project for the ${local.name} service created via Terraform"
}

resource "env0_project_policy" "policy" {
  project_id = env0_project.project.id

  requires_approval_default     = local.requires-approval-default
  disable_destroy_environments  = local.disable-destroy-environments
  include_cost_estimation       = local.include-cost-estimation
  skip_apply_when_plan_is_empty = local.skip-apply-when-plan-is-empty
  skip_redundant_deployments    = local.skip-redundant-deployments
}

resource env0_team_project_assignment "everyone" {
  project_id = env0_project.project.id
  role       = "Viewer"
  team_id    = data.env0_team.everyone.id
}

resource env0_team_project_assignment "developers" {
  project_id = env0_project.project.id
  role       = "Planner"
  team_id    = data.env0_team.developers.id
}

resource "env0_team" "admin" {
  name        = local.group-admin-name
  description = "Admins for the ${local.name} service"
}

resource env0_team_project_assignment "admin" {
  project_id = env0_project.project.id
  role       = "Admin"
  team_id    = env0_team.admin.id
}

resource "env0_team" "deployer" {
  name        = local.group-deployer-name
  description = "Admins for the ${local.name} service"
}

resource env0_team_project_assignment "deployer" {
  project_id = env0_project.project.id
  role       = "Admin"
  team_id    = env0_team.deployer.id
}

resource "env0_configuration_variable" "api-key" {
  project_id = env0_project.project.id
  name       = "DD_API_KEY"
  value      = "$${azure:dd-api-key@qp-eastus-infra-kv}"
  type       = "environment"
}

resource "env0_configuration_variable" "app-key" {
  project_id = env0_project.project.id
  name       = "DD_APP_KEY"
  value      = "$${azure:dd-app-key@qp-eastus-infra-kv}"
  type       = "environment"
}

## output.tf
output "group-admin-name" {
  value = local.group-admin-name
}

output "group-admin-id" {
  value = azuread_group.admin.id
}

output "group-deployer-name" {
  value = local.group-deployer-name
}

output "group-deployer-id" {
  value = azuread_group.deployer.id
}

output "project-id" {
  value = env0_project.project.id
}

## variables.tf
variable "disable-destroy-environments" {
  type = bool
  default = false
  description = "Disallow destroying environment in the project"
}

variable "env0-teams" {
  type = map(string)
  default = {
    viewer = "All QuadPay Tenant Members"
    planner = "Developers"
  }
  description = "a map of the everyone/deployer/"
}

variable "group-admin-name" {
  type = string
  default = ""
  description = "Defaults to env0-<prefix>-<team name>-admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project"
}

variable "group-deployer-name" {
  type = string
  default = ""
  description = "Defaults to env0-<prefix>-<team name>-admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project"
}

variable "include-cost-estimate" {
  type = bool
  default = false
  description = "Enable cost estimation for the project"
}

variable "requires-approval-default" {
  type = bool
  default = false
  description = "Requires approval default value when creating a new environment in the project"
}

variable "skip-apply-when-plan-is-empty" {
  type = bool
  default = true
  description = "Skip apply when plan has no changes"
}

variable "skip-redundant-deployments" {
  type = bool
  default = true
  description = "Skip apply when plan has no changes"
}

variable "team-name" {
  type        = string
  description = "This is the team name and will also be the name of the Env0 Project."
}
Name	Description	Type	Default	Required
disable-destroy-environments	Disallow destroying environment in the project	`bool`	`false`	no
env0-teams	a map of the everyone/deployer/	`map(string)`	{ "planner": "Developers", "viewer": "All QuadPay Tenant Members" }	no
group-admin-name	Defaults to env0---admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project	`string`	`""`	no
group-deployer-name	Defaults to env0---admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project	`string`	`""`	no
include-cost-estimate	Enable cost estimation for the project	`bool`	`false`	no
requires-approval-default	Requires approval default value when creating a new environment in the project	`bool`	`false`	no
skip-apply-when-plan-is-empty	Skip apply when plan has no changes	`bool`	`true`	no
skip-redundant-deployments	Skip apply when plan has no changes	`bool`	`true`	no
team-name	This is the team name and will also be the name of the Env0 Project.	`string`	n/a	yes
Name	Description
group-admin-id	n/a
group-admin-name	n/a
group-deployer-id	n/a
group-deployer-name	n/a
project-id	n/a
	terraform {
	required_providers {
	env0 = {
	source = "env0/env0"
	}
	azuread = {
	source = "hashicorp/azuread"
	}
	azurerm = {
	source = "hashicorp/azurerm"
	version = "3.4.0"
	}
	}

	required_version = ">= 1.3.0"
	}

	locals {
	name = replace(lower(var.team-name)," ","-")

	#policy stuff
	requires-approval-default = var.requires-approval-default
	disable-destroy-environments = var.disable-destroy-environments
	include-cost-estimation = var.include-cost-estimate
	skip-apply-when-plan-is-empty = var.skip-apply-when-plan-is-empty
	skip-redundant-deployments = var.skip-redundant-deployments

	#group stuff
	group-admin-name = length(var.group-admin-name) > 0 ? var.group-admin-name : "env0-${local.name}-admin"
	group-deployer-name = length(var.group-deployer-name) > 0 ? var.group-deployer-name : "env0-${local.name}-deployer"
	planners = var.env0-teams["planner"]
	viewers = var.env0-teams["viewer"]
	}

	data "azuread_client_config" "current" {}

	data env0_team "everyone" {
	name = local.viewers
	}

	data env0_team "developers" {
	name = local.planners
	}

	resource "azuread_group" "admin" {
	display_name = local.group-admin-name
	owners = [data.azuread_client_config.current.object_id]
	security_enabled = true
	}

	resource "azuread_group" "deployer" {
	display_name = local.group-deployer-name
	owners = [data.azuread_client_config.current.object_id]
	security_enabled = true
	}

	resource "env0_project" "project" {
	name = local.name
	description = "Project for the ${local.name} service created via Terraform"
	}

	resource "env0_project_policy" "policy" {
	project_id = env0_project.project.id

	requires_approval_default = local.requires-approval-default
	disable_destroy_environments = local.disable-destroy-environments
	include_cost_estimation = local.include-cost-estimation
	skip_apply_when_plan_is_empty = local.skip-apply-when-plan-is-empty
	skip_redundant_deployments = local.skip-redundant-deployments
	}

	resource env0_team_project_assignment "everyone" {
	project_id = env0_project.project.id
	role = "Viewer"
	team_id = data.env0_team.everyone.id
	}

	resource env0_team_project_assignment "developers" {
	project_id = env0_project.project.id
	role = "Planner"
	team_id = data.env0_team.developers.id
	}

	resource "env0_team" "admin" {
	name = local.group-admin-name
	description = "Admins for the ${local.name} service"
	}

	resource env0_team_project_assignment "admin" {
	project_id = env0_project.project.id
	role = "Admin"
	team_id = env0_team.admin.id
	}

	resource "env0_team" "deployer" {
	name = local.group-deployer-name
	description = "Admins for the ${local.name} service"
	}

	resource env0_team_project_assignment "deployer" {
	project_id = env0_project.project.id
	role = "Admin"
	team_id = env0_team.deployer.id
	}

	resource "env0_configuration_variable" "api-key" {
	project_id = env0_project.project.id
	name = "DD_API_KEY"
	value = "$${azure:dd-api-key@qp-eastus-infra-kv}"
	type = "environment"
	}

	resource "env0_configuration_variable" "app-key" {
	project_id = env0_project.project.id
	name = "DD_APP_KEY"
	value = "$${azure:dd-app-key@qp-eastus-infra-kv}"
	type = "environment"
	}
	output "group-admin-name" {
	value = local.group-admin-name
	}

	output "group-admin-id" {
	value = azuread_group.admin.id
	}

	output "group-deployer-name" {
	value = local.group-deployer-name
	}

	output "group-deployer-id" {
	value = azuread_group.deployer.id
	}

	output "project-id" {
	value = env0_project.project.id
	}
	variable "disable-destroy-environments" {
	type = bool
	default = false
	description = "Disallow destroying environment in the project"
	}

	variable "env0-teams" {
	type = map(string)
	default = {
	viewer = "All QuadPay Tenant Members"
	planner = "Developers"
	}
	description = "a map of the everyone/deployer/"
	}

	variable "group-admin-name" {
	type = string
	default = ""
	description = "Defaults to env0-<prefix>-<team name>-admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project"
	}

	variable "group-deployer-name" {
	type = string
	default = ""
	description = "Defaults to env0-<prefix>-<team name>-admin, but can be supplied with an alternate AD group name. To supply an alternate name at least one user MUST have logged in via SSO to Env0 with that group on their account BEFORE running the Env0 project"
	}

	variable "include-cost-estimate" {
	type = bool
	default = false
	description = "Enable cost estimation for the project"
	}

	variable "requires-approval-default" {
	type = bool
	default = false
	description = "Requires approval default value when creating a new environment in the project"
	}

	variable "skip-apply-when-plan-is-empty" {
	type = bool
	default = true
	description = "Skip apply when plan has no changes"
	}

	variable "skip-redundant-deployments" {
	type = bool
	default = true
	description = "Skip apply when plan has no changes"
	}

	variable "team-name" {
	type = string
	description = "This is the team name and will also be the name of the Env0 Project."
	}