SQLDBAWithABeard/using terraform locally.ps1

## using terraform locally.ps1
## DO NOT SAVE THE tfvars file with values in it

## I have added them to a local key vault following this blog post https://sqldbawithabeard.com/2020/07/18/good-bye-import-clixml-use-the-secrets-management-module-for-your-labs-and-demos/

# This file will enable you to run terraform plan or import resources into terraform state locally

# You will need to create a directory called ignorevariables and copy the dev-backend-config.tfvars into it

<#
The dev-backend-config.tfvars file should look like this with the required values set for the environment you are using

/*
this is a secret file so we can add the values
*/
# tfstate vars
resource_group_name  = ""
storage_account_name = ""

# Azure Subscription Id
azure-subscription-id = "" # NONE-PROD-Subscription-Id
# Azure Client Id/appId
azure-client-id = "" # AzureDevOps-UAT-client-id
# Azure Client Secret/password
azure-client-secret = ""  #  Get-Secret -Name AzureDevOps-UAT-client-secret
# Azure Tenant Id
azure-tenant-id = "" # NONE-PROD-Tenant-Id


# Key Vault vars

key_vault_resource_group_name = ""
key_vault_name = ""

## You can add the required values in for the resource group, keyvault and terraform names and the ids and secrets

## BUT DO NOT SAVE THE FILE WITH THEM IN

## I have added them to a local key vault following this blog post https://sqldbawithabeard.com/2020/07/18/good-bye-import-clixml-use-the-secrets-management-module-for-your-labs-and-demos/

#>

$ResourceGroupName = '' # Where the terraform state is
$storageaccountname = '' # Where the terraform state is

# Connect to Azure with the SPN
$clientid = Get-Secret -Name AzureDevOps-UAT-client-id -AsPlainText
$clientsecret = Get-Secret -Name AzureDevOps-UAT-client-secret
$tenantid = Get-Secret -Name NONE-PROD-Tenant-Id -AsPlainText
$pscredential = New-Object System.Management.Automation.PSCredential ($clientid,$clientsecret)
Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $tenantid

# Get the storage account key for the terraform state
$key=(Get-AzStorageAccountKey -ResourceGroupName $ResourceGroupName -AccountName $storageaccountname).Value[0]

$ENV:ARM_ACCESS_KEY = $key

cd Build

terraform init -backend-config="..\ignorevariables\dev-backend-config.tfvars"

terraform workspace select preprod

terraform import azurerm_private_endpoint.sql_server_private_endpoint /subscriptions/1ce00944-b7bb-4394-8303-8f43dba9e520/resourceGroups/eudl-ukgiaa-uat-rg/providers/Microsoft.Network/privateEndpoints/ukgiaa-uat-sda-pe
	## DO NOT SAVE THE tfvars file with values in it

	## I have added them to a local key vault following this blog post https://sqldbawithabeard.com/2020/07/18/good-bye-import-clixml-use-the-secrets-management-module-for-your-labs-and-demos/

	# This file will enable you to run terraform plan or import resources into terraform state locally

	# You will need to create a directory called ignorevariables and copy the dev-backend-config.tfvars into it

	<#
	The dev-backend-config.tfvars file should look like this with the required values set for the environment you are using

	/*
	this is a secret file so we can add the values
	*/
	# tfstate vars
	resource_group_name = ""
	storage_account_name = ""

	# Azure Subscription Id
	azure-subscription-id = "" # NONE-PROD-Subscription-Id
	# Azure Client Id/appId
	azure-client-id = "" # AzureDevOps-UAT-client-id
	# Azure Client Secret/password
	azure-client-secret = "" # Get-Secret -Name AzureDevOps-UAT-client-secret
	# Azure Tenant Id
	azure-tenant-id = "" # NONE-PROD-Tenant-Id


	# Key Vault vars

	key_vault_resource_group_name = ""
	key_vault_name = ""

	## You can add the required values in for the resource group, keyvault and terraform names and the ids and secrets

	## BUT DO NOT SAVE THE FILE WITH THEM IN

	## I have added them to a local key vault following this blog post https://sqldbawithabeard.com/2020/07/18/good-bye-import-clixml-use-the-secrets-management-module-for-your-labs-and-demos/

	#>

	$ResourceGroupName = '' # Where the terraform state is
	$storageaccountname = '' # Where the terraform state is

	# Connect to Azure with the SPN
	$clientid = Get-Secret -Name AzureDevOps-UAT-client-id -AsPlainText
	$clientsecret = Get-Secret -Name AzureDevOps-UAT-client-secret
	$tenantid = Get-Secret -Name NONE-PROD-Tenant-Id -AsPlainText
	$pscredential = New-Object System.Management.Automation.PSCredential ($clientid,$clientsecret)
	Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $tenantid

	# Get the storage account key for the terraform state
	$key=(Get-AzStorageAccountKey -ResourceGroupName $ResourceGroupName -AccountName $storageaccountname).Value[0]

	$ENV:ARM_ACCESS_KEY = $key

	cd Build

	terraform init -backend-config="..\ignorevariables\dev-backend-config.tfvars"

	terraform workspace select preprod

	terraform import azurerm_private_endpoint.sql_server_private_endpoint /subscriptions/1ce00944-b7bb-4394-8303-8f43dba9e520/resourceGroups/eudl-ukgiaa-uat-rg/providers/Microsoft.Network/privateEndpoints/ukgiaa-uat-sda-pe