kewalaka · January 1, 2025 02:49
diff --git a/create-resources.ps1 b/create-resources.ps1
 # This will help you create the necessary resources - you need permission to create a resource group & service principal.
 # We log in as the service principal to test the minimum amount of privileges.  
 # In a production environment, OIDC or managed identities are preferred.

 # make sure you can log in.
 az login --tenant $env:ARM_TENANT_ID
 az account set --subscription $env:ARM_SUBSCRIPTION_ID

 # make a resource group, storage account, and service principal for Terraform state
 $random_suffix = -join ((97..122) | Get-Random -Count 12 | ForEach {[char]$_})
 $resource_group_name="rg-$random_suffix"
 $storage_account_name="st$random_suffix"
 $container_name="tfstate"
 $location="eastus"
 $identity_name="sp-tfstate-identity-testing"

 az group create --name $resource_group_name --location $location
 $sa = $(az storage account create --name $storage_account_name --resource-group $resource_group_name --location $location --sku Standard_LRS) | ConvertFrom-Json

 $key=$(az storage account keys list --resource-group $resource_group_name --account-name $storage_account_name --query '[0].value' -o tsv)
 az storage container create --name $container_name --account-name $storage_account_name --account-key $key

 $id = $(az ad sp create-for-rbac --name $identity_name) | ConvertFrom-Json

 # create a backend.tf file for Terraform
 $backend_config = @"
 terraform {
  backend "azurerm" {
    resource_group_name   = "$resource_group_name"
    storage_account_name  = "$storage_account_name"
    container_name        = "$container_name"
    key                   = "terraform.tfstate"
    use_azuread_auth      = true
  }
 }
 "@ | Out-File -FilePath "backend.tf" -Encoding utf8

 # now set up Terraform environment variables
 $env:ARM_CLIENT_ID = $id.appId
 $env:ARM_TENANT_ID = $id.tenant
 $env:ARM_CLIENT_SECRET = $id.password
 $env:ARM_SUBSCRIPTION_ID = $($sa.id -split "/")[2] # might be needed if the person using this doesn't set the environment vars.

 # tidy up
 # az ad sp delete --id $id.appid
 # az group delete --name $resource_group_name --yes --no-wait
diff --git a/main.helloworld.tf b/main.helloworld.tf
 terraform {
  required_version = ">= 1.4.0"
 }

 resource "terraform_data" "something_to_say" {
  input = "world!"
 }

 output "the_message" {
  value = "Hello ${terraform_data.something_to_say.output}"
 }
	# This will help you create the necessary resources - you need permission to create a resource group & service principal.
	# We log in as the service principal to test the minimum amount of privileges.
	# In a production environment, OIDC or managed identities are preferred.

	# make sure you can log in.
	az login --tenant $env:ARM_TENANT_ID
	az account set --subscription $env:ARM_SUBSCRIPTION_ID

	# make a resource group, storage account, and service principal for Terraform state
	$random_suffix = -join ((97..122) \| Get-Random -Count 12 \| ForEach {[char]$_})
	$resource_group_name="rg-$random_suffix"
	$storage_account_name="st$random_suffix"
	$container_name="tfstate"
	$location="eastus"
	$identity_name="sp-tfstate-identity-testing"

	az group create --name $resource_group_name --location $location
	$sa = $(az storage account create --name $storage_account_name --resource-group $resource_group_name --location $location --sku Standard_LRS) \| ConvertFrom-Json

	$key=$(az storage account keys list --resource-group $resource_group_name --account-name $storage_account_name --query '[0].value' -o tsv)
	az storage container create --name $container_name --account-name $storage_account_name --account-key $key

	$id = $(az ad sp create-for-rbac --name $identity_name) \| ConvertFrom-Json

	# create a backend.tf file for Terraform
	$backend_config = @"
	terraform {
	backend "azurerm" {
	resource_group_name = "$resource_group_name"
	storage_account_name = "$storage_account_name"
	container_name = "$container_name"
	key = "terraform.tfstate"
	use_azuread_auth = true
	}
	}
	"@ \| Out-File -FilePath "backend.tf" -Encoding utf8

	# now set up Terraform environment variables
	$env:ARM_CLIENT_ID = $id.appId
	$env:ARM_TENANT_ID = $id.tenant
	$env:ARM_CLIENT_SECRET = $id.password
	$env:ARM_SUBSCRIPTION_ID = $($sa.id -split "/")[2] # might be needed if the person using this doesn't set the environment vars.

	# tidy up
	# az ad sp delete --id $id.appid
	# az group delete --name $resource_group_name --yes --no-wait
	terraform {
	required_version = ">= 1.4.0"
	}

	resource "terraform_data" "something_to_say" {
	input = "world!"
	}

	output "the_message" {
	value = "Hello ${terraform_data.something_to_say.output}"
	}