brentmcconnell/bootstrap

## bootstrap
# Bootstrap Project
Setup Resource Group, service principal and keyvault.  The service principal is created and has Owner on the resource group as well as the ability to read and write to the storage account.  This can be done manually but the follow gist can be used to perform these actions automatically if executed by someone who has the ability to create service principals and resource groups.  See (https://gist.github.com/brentmcconnell/d1bb14d31ab69578c5d9ef816015ddda).

Example execution (no arguments are required but for instance -r is recommended as eastus is the default
./az-terraform-basic -g name_of_rg_to_create (optional) -r region (eastus by default).

After this program executes you will have a resource group that contains a storage account and a keyvault.  These will be used by Azure DevOps to execute pipelines using the service principal's credentials in the keyvault.

### Steps performed by the script above.
1. Create Resource Group (take note of name will be used later)
2. Create SP with Owner on RG
3. Create KeyVault in RG (take note of name will be used later)
4. Create Storage Account in RG
    1. Create a container called tfstate in SA
5. Set policy on KV to allow SP access to secrets
6. Load SP values within KV (used by Terraform).  If you want everything to go smoothly use the names suggested below, otherwise you will need to modify many files.
    1. SP-CLIENTID
    2. SP-PASSWORD
    3. SP-TENANTID
    4. SP-SUBSCRIPTIONID
7. Load Access Key into KV (used by Terraform)
    1. SA-ACCESS_KEY

# Create ADO Project
The ADO project is the interface between users and Azure.  In this step you'll need to create an ADO project, Service Connection to Azure and link to the values in the Azure keyvault.
1. Create an ADO project
2. Create Service Connection (Azure Resource Manager type) in Project settings with SP values from the original keyvault.
    1. Service principal (manual)
    2. Enter SP info taken from KeyVault
        1. Scope “Subscription”
        2. Subscription id = SP-SUBSCRIPTIONID
        3. Subscription Name can be anything
        4. Service Principal Id = SP-CLIENTID
        5. Service principal key = SP-PASSWORD
        6. Tenant ID = SP-TENANTID
        7. Choose name for service connection.  Will be used later
        8. Grant access to all pipelines = checked
3. Create Variable Group called SP_VALUES under Pipelines -> Library and link to KeyVault in RG.
    1. Choose “Link secrets from an Azure key value as variables”
    2. Use the Service Connection Created Above under Azure Subscription
    3. Select the project key vault
    4. Select +Add
    5. Import all the values from the Keyvault
    6. Select “Save”
4. Create Variable Group under Pipelines -> Library names AZURE_INFO
    1. AZURE_LOCATION=Location for resources to be created
    2. AZURE_RESOURCE_GROUP=Resource Group from step #1
    3. AZURE_CLOUD=Public
    4. AZURE_KEYVAULT_NAME=KV name created in step #1
	# Bootstrap Project
	Setup Resource Group, service principal and keyvault. The service principal is created and has Owner on the resource group as well as the ability to read and write to the storage account. This can be done manually but the follow gist can be used to perform these actions automatically if executed by someone who has the ability to create service principals and resource groups. See (https://gist.github.com/brentmcconnell/d1bb14d31ab69578c5d9ef816015ddda).

	Example execution (no arguments are required but for instance -r is recommended as eastus is the default
	./az-terraform-basic -g name_of_rg_to_create (optional) -r region (eastus by default).

	After this program executes you will have a resource group that contains a storage account and a keyvault. These will be used by Azure DevOps to execute pipelines using the service principal's credentials in the keyvault.

	### Steps performed by the script above.
	1. Create Resource Group (take note of name will be used later)
	2. Create SP with Owner on RG
	3. Create KeyVault in RG (take note of name will be used later)
	4. Create Storage Account in RG
	1. Create a container called tfstate in SA
	5. Set policy on KV to allow SP access to secrets
	6. Load SP values within KV (used by Terraform). If you want everything to go smoothly use the names suggested below, otherwise you will need to modify many files.
	1. SP-CLIENTID
	2. SP-PASSWORD
	3. SP-TENANTID
	4. SP-SUBSCRIPTIONID
	7. Load Access Key into KV (used by Terraform)
	1. SA-ACCESS_KEY

	# Create ADO Project
	The ADO project is the interface between users and Azure. In this step you'll need to create an ADO project, Service Connection to Azure and link to the values in the Azure keyvault.
	1. Create an ADO project
	2. Create Service Connection (Azure Resource Manager type) in Project settings with SP values from the original keyvault.
	1. Service principal (manual)
	2. Enter SP info taken from KeyVault
	1. Scope “Subscription”
	2. Subscription id = SP-SUBSCRIPTIONID
	3. Subscription Name can be anything
	4. Service Principal Id = SP-CLIENTID
	5. Service principal key = SP-PASSWORD
	6. Tenant ID = SP-TENANTID
	7. Choose name for service connection. Will be used later
	8. Grant access to all pipelines = checked
	3. Create Variable Group called SP_VALUES under Pipelines -> Library and link to KeyVault in RG.
	1. Choose “Link secrets from an Azure key value as variables”
	2. Use the Service Connection Created Above under Azure Subscription
	3. Select the project key vault
	4. Select +Add
	5. Import all the values from the Keyvault
	6. Select “Save”
	4. Create Variable Group under Pipelines -> Library names AZURE_INFO
	1. AZURE_LOCATION=Location for resources to be created
	2. AZURE_RESOURCE_GROUP=Resource Group from step #1
	3. AZURE_CLOUD=Public
	4. AZURE_KEYVAULT_NAME=KV name created in step #1