1/* 2 * Licensed under the Apache License, Version 2.0 (the "License"); 3 * you may not use this file except in compliance with the License. 4 * You may obtain a copy of the License at 5 * 6 * http://www.apache.org/licenses/LICENSE-2.0 7 * 8 * Unless required by applicable law or agreed to in writing, software 9 * distributed under the License is distributed on an "AS IS" BASIS, 10 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 * See the License for the specific language governing permissions and 12 * limitations under the License. 13 */ 14 15/* 16 * This is derived from Hashicat main.tf just for testing OpenGrok's Terraform 17 * handling and modified arbitrarily to test other Terraform or HCL syntax. 18 */ 19 20provider "azurerm" { 21 version = "=1.44.0" 22} 23 24resource "azurerm_resource_group" "myresourcegroup" { 25 name = "${var.prefix}-workshop" 26 location = var.location 27} 28 29resource "azurerm_virtual_network" "vnet" { 30 name = "${var.prefix}-vnet" 31 location = azurerm_resource_group.myresourcegroup.location 32 address_space = [var.address_space] 33 resource_group_name = azurerm_resource_group.myresourcegroup.name 34} 35 36resource "azurerm_subnet" "subnet" { 37 name = "${var.prefix}-subnet" 38 virtual_network_name = azurerm_virtual_network.vnet.name 39 resource_group_name = azurerm_resource_group.myresourcegroup.name 40 address_prefix = var.subnet_prefix 41} 42 43resource "azurerm_network_security_group" "catapp-sg" { 44 name = "${var.prefix}-sg" 45 location = var.location 46 resource_group_name = azurerm_resource_group.myresourcegroup.name 47 48 security_rule { 49 name = "HTTP" 50 priority = 100 51 direction = "Inbound" 52 access = "Allow" 53 protocol = "Tcp" 54 source_port_range = "*" 55 destination_port_range = "80" 56 source_address_prefix = "*" 57 destination_address_prefix = "*" 58 } 59 60 security_rule { 61 name = "HTTPS" 62 priority = 102 63 direction = "Inbound" 64 access = "Allow" 65 protocol = "Tcp" 66 source_port_range = "*" 67 destination_port_range = "443" 68 source_address_prefix = "*" 69 destination_address_prefix = "*" 70 } 71 72 security_rule { 73 name = "SSH" 74 priority = 101 75 direction = "Inbound" 76 access = "Allow" 77 protocol = "Tcp" 78 source_port_range = "*" 79 destination_port_range = "22" 80 source_address_prefix = "*" 81 destination_address_prefix = "*" 82 } 83} 84 85resource "azurerm_network_interface" "catapp-nic" { 86 name = "${var.prefix}-catapp-nic" 87 location = var.location 88 resource_group_name = azurerm_resource_group.myresourcegroup.name 89 network_security_group_id = azurerm_network_security_group.catapp-sg.id 90 91 ip_configuration { 92 name = "${var.prefix}ipconfig" 93 subnet_id = azurerm_subnet.subnet.id 94 private_ip_address_allocation = "Dynamic" 95 public_ip_address_id = azurerm_public_ip.catapp-pip.id 96 } 97} 98 99resource "azurerm_public_ip" "catapp-pip" { 100 name = "${var.prefix}-ip" 101 location = var.location 102 resource_group_name = azurerm_resource_group.myresourcegroup.name 103 allocation_method = "Dynamic" 104 domain_name_label = "${var.prefix}-meow" 105} 106 107resource "azurerm_virtual_machine" "catapp" { 108 name = "${var.prefix}-meow" 109 location = var.location 110 resource_group_name = azurerm_resource_group.myresourcegroup.name 111 vm_size = var.vm_size 112 113 network_interface_ids = [azurerm_network_interface.catapp-nic.id] 114 delete_os_disk_on_termination = "true" 115 116 storage_image_reference { 117 publisher = var.image_publisher 118 offer = var.image_offer 119 sku = var.image_sku 120 version = var.image_version 121 } 122 123 storage_os_disk { 124 name = "${var.prefix}-osdisk" 125 managed_disk_type = "Standard_LRS" 126 caching = "ReadWrite" 127 create_option = "FromImage" 128 } 129 130 os_profile { 131 computer_name = var.prefix 132 admin_username = var.admin_username 133 admin_password = var.admin_password 134 } 135 136 os_profile_linux_config { 137 disable_password_authentication = false 138 } 139} 140 141# We're using a little trick here so we can run the provisioner without 142# destroying the VM. Do not do this in production. 143 144# If you need ongoing management (Day N) of your virtual machines a tool such 145# as Chef or Puppet is a better choice. These tools track the state of 146# individual files and can keep them in the correct configuration. 147 148# Here we do the following steps: 149# Sync everything in files/ to the remote VM. 150# Set up some environment variables for our script. 151# Add execute permissions to our scripts. 152# Run the deploy_app.sh script. 153resource "null_resource" "configure-cat-app" { 154 depends_on = [ 155 azurerm_virtual_machine.catapp, 156 ] 157 158 # Terraform 0.11 159 # triggers { 160 # build_number = "${timestamp()}" 161 # } 162 163 # Terraform 0.12 164 triggers = { 165 build_number = timestamp() 166 } 167 168 provisioner "file" { 169 source = "files/" 170 destination = "/home/${var.admin_username}/" 171 172 connection { 173 type = "ssh" 174 user = var.admin_username 175 password = var.admin_password 176 host = azurerm_public_ip.catapp-pip.fqdn 177 } 178 } 179 180 provisioner "remote-exec" { 181 inline = [ 182 "sudo apt -y update", 183 "sudo apt -y install apache2", 184 "sudo systemctl start apache2", 185 "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", 186 "chmod +x *.sh", 187 "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", 188 ] 189 190 connection { 191 type = "ssh" 192 user = var.admin_username 193 password = var.admin_password 194 host = azurerm_public_ip.catapp-pip.fqdn 195 } 196 } 197} 198 199resource "no-interp-here-${var.admin_username}" { 200 doc1 = <<END 201 ${var.val1} 202 ${local.val2} 203 ${module.val3} 204 ${data.val4} 205 ${path.cwd} 206 END (ineligible END) 207END 208 209 doc2 = <<- END 210 ${path.other_value} 211 Now is the winter of our discontent. 212 END 213 214 value1 = terraform.workspace 215} 216