1*c5ef7ff6SChris Fraire/* 2*c5ef7ff6SChris Fraire * Licensed under the Apache License, Version 2.0 (the "License"); 3*c5ef7ff6SChris Fraire * you may not use this file except in compliance with the License. 4*c5ef7ff6SChris Fraire * You may obtain a copy of the License at 5*c5ef7ff6SChris Fraire * 6*c5ef7ff6SChris Fraire * http://www.apache.org/licenses/LICENSE-2.0 7*c5ef7ff6SChris Fraire * 8*c5ef7ff6SChris Fraire * Unless required by applicable law or agreed to in writing, software 9*c5ef7ff6SChris Fraire * distributed under the License is distributed on an "AS IS" BASIS, 10*c5ef7ff6SChris Fraire * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11*c5ef7ff6SChris Fraire * See the License for the specific language governing permissions and 12*c5ef7ff6SChris Fraire * limitations under the License. 13*c5ef7ff6SChris Fraire */ 14*c5ef7ff6SChris Fraire 15*c5ef7ff6SChris Fraire/* 16*c5ef7ff6SChris Fraire * This is derived from Hashicat main.tf just for testing OpenGrok's Terraform 17*c5ef7ff6SChris Fraire * handling and modified arbitrarily to test other Terraform or HCL syntax. 18*c5ef7ff6SChris Fraire */ 19*c5ef7ff6SChris Fraire 20*c5ef7ff6SChris Fraireprovider "azurerm" { 21*c5ef7ff6SChris Fraire version = "=1.44.0" 22*c5ef7ff6SChris Fraire} 23*c5ef7ff6SChris Fraire 24*c5ef7ff6SChris Fraireresource "azurerm_resource_group" "myresourcegroup" { 25*c5ef7ff6SChris Fraire name = "${var.prefix}-workshop" 26*c5ef7ff6SChris Fraire location = var.location 27*c5ef7ff6SChris Fraire} 28*c5ef7ff6SChris Fraire 29*c5ef7ff6SChris Fraireresource "azurerm_virtual_network" "vnet" { 30*c5ef7ff6SChris Fraire name = "${var.prefix}-vnet" 31*c5ef7ff6SChris Fraire location = azurerm_resource_group.myresourcegroup.location 32*c5ef7ff6SChris Fraire address_space = [var.address_space] 33*c5ef7ff6SChris Fraire resource_group_name = azurerm_resource_group.myresourcegroup.name 34*c5ef7ff6SChris Fraire} 35*c5ef7ff6SChris Fraire 36*c5ef7ff6SChris Fraireresource "azurerm_subnet" "subnet" { 37*c5ef7ff6SChris Fraire name = "${var.prefix}-subnet" 38*c5ef7ff6SChris Fraire virtual_network_name = azurerm_virtual_network.vnet.name 39*c5ef7ff6SChris Fraire resource_group_name = azurerm_resource_group.myresourcegroup.name 40*c5ef7ff6SChris Fraire address_prefix = var.subnet_prefix 41*c5ef7ff6SChris Fraire} 42*c5ef7ff6SChris Fraire 43*c5ef7ff6SChris Fraireresource "azurerm_network_security_group" "catapp-sg" { 44*c5ef7ff6SChris Fraire name = "${var.prefix}-sg" 45*c5ef7ff6SChris Fraire location = var.location 46*c5ef7ff6SChris Fraire resource_group_name = azurerm_resource_group.myresourcegroup.name 47*c5ef7ff6SChris Fraire 48*c5ef7ff6SChris Fraire security_rule { 49*c5ef7ff6SChris Fraire name = "HTTP" 50*c5ef7ff6SChris Fraire priority = 100 51*c5ef7ff6SChris Fraire direction = "Inbound" 52*c5ef7ff6SChris Fraire access = "Allow" 53*c5ef7ff6SChris Fraire protocol = "Tcp" 54*c5ef7ff6SChris Fraire source_port_range = "*" 55*c5ef7ff6SChris Fraire destination_port_range = "80" 56*c5ef7ff6SChris Fraire source_address_prefix = "*" 57*c5ef7ff6SChris Fraire destination_address_prefix = "*" 58*c5ef7ff6SChris Fraire } 59*c5ef7ff6SChris Fraire 60*c5ef7ff6SChris Fraire security_rule { 61*c5ef7ff6SChris Fraire name = "HTTPS" 62*c5ef7ff6SChris Fraire priority = 102 63*c5ef7ff6SChris Fraire direction = "Inbound" 64*c5ef7ff6SChris Fraire access = "Allow" 65*c5ef7ff6SChris Fraire protocol = "Tcp" 66*c5ef7ff6SChris Fraire source_port_range = "*" 67*c5ef7ff6SChris Fraire destination_port_range = "443" 68*c5ef7ff6SChris Fraire source_address_prefix = "*" 69*c5ef7ff6SChris Fraire destination_address_prefix = "*" 70*c5ef7ff6SChris Fraire } 71*c5ef7ff6SChris Fraire 72*c5ef7ff6SChris Fraire security_rule { 73*c5ef7ff6SChris Fraire name = "SSH" 74*c5ef7ff6SChris Fraire priority = 101 75*c5ef7ff6SChris Fraire direction = "Inbound" 76*c5ef7ff6SChris Fraire access = "Allow" 77*c5ef7ff6SChris Fraire protocol = "Tcp" 78*c5ef7ff6SChris Fraire source_port_range = "*" 79*c5ef7ff6SChris Fraire destination_port_range = "22" 80*c5ef7ff6SChris Fraire source_address_prefix = "*" 81*c5ef7ff6SChris Fraire destination_address_prefix = "*" 82*c5ef7ff6SChris Fraire } 83*c5ef7ff6SChris Fraire} 84*c5ef7ff6SChris Fraire 85*c5ef7ff6SChris Fraireresource "azurerm_network_interface" "catapp-nic" { 86*c5ef7ff6SChris Fraire name = "${var.prefix}-catapp-nic" 87*c5ef7ff6SChris Fraire location = var.location 88*c5ef7ff6SChris Fraire resource_group_name = azurerm_resource_group.myresourcegroup.name 89*c5ef7ff6SChris Fraire network_security_group_id = azurerm_network_security_group.catapp-sg.id 90*c5ef7ff6SChris Fraire 91*c5ef7ff6SChris Fraire ip_configuration { 92*c5ef7ff6SChris Fraire name = "${var.prefix}ipconfig" 93*c5ef7ff6SChris Fraire subnet_id = azurerm_subnet.subnet.id 94*c5ef7ff6SChris Fraire private_ip_address_allocation = "Dynamic" 95*c5ef7ff6SChris Fraire public_ip_address_id = azurerm_public_ip.catapp-pip.id 96*c5ef7ff6SChris Fraire } 97*c5ef7ff6SChris Fraire} 98*c5ef7ff6SChris Fraire 99*c5ef7ff6SChris Fraireresource "azurerm_public_ip" "catapp-pip" { 100*c5ef7ff6SChris Fraire name = "${var.prefix}-ip" 101*c5ef7ff6SChris Fraire location = var.location 102*c5ef7ff6SChris Fraire resource_group_name = azurerm_resource_group.myresourcegroup.name 103*c5ef7ff6SChris Fraire allocation_method = "Dynamic" 104*c5ef7ff6SChris Fraire domain_name_label = "${var.prefix}-meow" 105*c5ef7ff6SChris Fraire} 106*c5ef7ff6SChris Fraire 107*c5ef7ff6SChris Fraireresource "azurerm_virtual_machine" "catapp" { 108*c5ef7ff6SChris Fraire name = "${var.prefix}-meow" 109*c5ef7ff6SChris Fraire location = var.location 110*c5ef7ff6SChris Fraire resource_group_name = azurerm_resource_group.myresourcegroup.name 111*c5ef7ff6SChris Fraire vm_size = var.vm_size 112*c5ef7ff6SChris Fraire 113*c5ef7ff6SChris Fraire network_interface_ids = [azurerm_network_interface.catapp-nic.id] 114*c5ef7ff6SChris Fraire delete_os_disk_on_termination = "true" 115*c5ef7ff6SChris Fraire 116*c5ef7ff6SChris Fraire storage_image_reference { 117*c5ef7ff6SChris Fraire publisher = var.image_publisher 118*c5ef7ff6SChris Fraire offer = var.image_offer 119*c5ef7ff6SChris Fraire sku = var.image_sku 120*c5ef7ff6SChris Fraire version = var.image_version 121*c5ef7ff6SChris Fraire } 122*c5ef7ff6SChris Fraire 123*c5ef7ff6SChris Fraire storage_os_disk { 124*c5ef7ff6SChris Fraire name = "${var.prefix}-osdisk" 125*c5ef7ff6SChris Fraire managed_disk_type = "Standard_LRS" 126*c5ef7ff6SChris Fraire caching = "ReadWrite" 127*c5ef7ff6SChris Fraire create_option = "FromImage" 128*c5ef7ff6SChris Fraire } 129*c5ef7ff6SChris Fraire 130*c5ef7ff6SChris Fraire os_profile { 131*c5ef7ff6SChris Fraire computer_name = var.prefix 132*c5ef7ff6SChris Fraire admin_username = var.admin_username 133*c5ef7ff6SChris Fraire admin_password = var.admin_password 134*c5ef7ff6SChris Fraire } 135*c5ef7ff6SChris Fraire 136*c5ef7ff6SChris Fraire os_profile_linux_config { 137*c5ef7ff6SChris Fraire disable_password_authentication = false 138*c5ef7ff6SChris Fraire } 139*c5ef7ff6SChris Fraire} 140*c5ef7ff6SChris Fraire 141*c5ef7ff6SChris Fraire# We're using a little trick here so we can run the provisioner without 142*c5ef7ff6SChris Fraire# destroying the VM. Do not do this in production. 143*c5ef7ff6SChris Fraire 144*c5ef7ff6SChris Fraire# If you need ongoing management (Day N) of your virtual machines a tool such 145*c5ef7ff6SChris Fraire# as Chef or Puppet is a better choice. These tools track the state of 146*c5ef7ff6SChris Fraire# individual files and can keep them in the correct configuration. 147*c5ef7ff6SChris Fraire 148*c5ef7ff6SChris Fraire# Here we do the following steps: 149*c5ef7ff6SChris Fraire# Sync everything in files/ to the remote VM. 150*c5ef7ff6SChris Fraire# Set up some environment variables for our script. 151*c5ef7ff6SChris Fraire# Add execute permissions to our scripts. 152*c5ef7ff6SChris Fraire# Run the deploy_app.sh script. 153*c5ef7ff6SChris Fraireresource "null_resource" "configure-cat-app" { 154*c5ef7ff6SChris Fraire depends_on = [ 155*c5ef7ff6SChris Fraire azurerm_virtual_machine.catapp, 156*c5ef7ff6SChris Fraire ] 157*c5ef7ff6SChris Fraire 158*c5ef7ff6SChris Fraire # Terraform 0.11 159*c5ef7ff6SChris Fraire # triggers { 160*c5ef7ff6SChris Fraire # build_number = "${timestamp()}" 161*c5ef7ff6SChris Fraire # } 162*c5ef7ff6SChris Fraire 163*c5ef7ff6SChris Fraire # Terraform 0.12 164*c5ef7ff6SChris Fraire triggers = { 165*c5ef7ff6SChris Fraire build_number = timestamp() 166*c5ef7ff6SChris Fraire } 167*c5ef7ff6SChris Fraire 168*c5ef7ff6SChris Fraire provisioner "file" { 169*c5ef7ff6SChris Fraire source = "files/" 170*c5ef7ff6SChris Fraire destination = "/home/${var.admin_username}/" 171*c5ef7ff6SChris Fraire 172*c5ef7ff6SChris Fraire connection { 173*c5ef7ff6SChris Fraire type = "ssh" 174*c5ef7ff6SChris Fraire user = var.admin_username 175*c5ef7ff6SChris Fraire password = var.admin_password 176*c5ef7ff6SChris Fraire host = azurerm_public_ip.catapp-pip.fqdn 177*c5ef7ff6SChris Fraire } 178*c5ef7ff6SChris Fraire } 179*c5ef7ff6SChris Fraire 180*c5ef7ff6SChris Fraire provisioner "remote-exec" { 181*c5ef7ff6SChris Fraire inline = [ 182*c5ef7ff6SChris Fraire "sudo apt -y update", 183*c5ef7ff6SChris Fraire "sudo apt -y install apache2", 184*c5ef7ff6SChris Fraire "sudo systemctl start apache2", 185*c5ef7ff6SChris Fraire "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", 186*c5ef7ff6SChris Fraire "chmod +x *.sh", 187*c5ef7ff6SChris Fraire "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", 188*c5ef7ff6SChris Fraire ] 189*c5ef7ff6SChris Fraire 190*c5ef7ff6SChris Fraire connection { 191*c5ef7ff6SChris Fraire type = "ssh" 192*c5ef7ff6SChris Fraire user = var.admin_username 193*c5ef7ff6SChris Fraire password = var.admin_password 194*c5ef7ff6SChris Fraire host = azurerm_public_ip.catapp-pip.fqdn 195*c5ef7ff6SChris Fraire } 196*c5ef7ff6SChris Fraire } 197*c5ef7ff6SChris Fraire} 198*c5ef7ff6SChris Fraire 199*c5ef7ff6SChris Fraireresource "no-interp-here-${var.admin_username}" { 200*c5ef7ff6SChris Fraire doc1 = <<END 201*c5ef7ff6SChris Fraire ${var.val1} 202*c5ef7ff6SChris Fraire ${local.val2} 203*c5ef7ff6SChris Fraire ${module.val3} 204*c5ef7ff6SChris Fraire ${data.val4} 205*c5ef7ff6SChris Fraire ${path.cwd} 206*c5ef7ff6SChris Fraire END (ineligible END) 207*c5ef7ff6SChris FraireEND 208*c5ef7ff6SChris Fraire 209*c5ef7ff6SChris Fraire doc2 = <<- END 210*c5ef7ff6SChris Fraire ${path.other_value} 211*c5ef7ff6SChris Fraire Now is the winter of our discontent. 212*c5ef7ff6SChris Fraire END 213*c5ef7ff6SChris Fraire 214*c5ef7ff6SChris Fraire value1 = terraform.workspace 215*c5ef7ff6SChris Fraire} 216