DTSPO-18399 - add plan and apply for ptlsbox

azure-pipelines.yml

@@ -12,6 +12,21 @@ variables:
   agentPool: 'ubuntu-latest'
   action:
 
+parameters:
+  - name: environment_components
+    type: object
+    default:
+    - environment: 'ptlsbox'
+      service_connection: 'DTS-CFTSBOX-INTSVC'
+      storage_account_rg: 'core-infra-intsvc-rg'
+      storage_account_name: 'cftsboxintsvc'
+      tfvarsFile: 'ptlsbox.tfvars'
+    - environment: 'ptl'
+      service_connection: 'DTS-CFTPTL-INTSVC'
+      storage_account_rg: 'core-infra-intsvc-rg'
+      storage_account_name: 'cftptlintsvc'
+      tfvarsFile: 'ptl.tfvars'
+
 stages:
   - stage: GetArtifacts
     jobs:
@@ -37,50 +52,53 @@ stages:
               failTaskOnFailedTests: true
             condition: always()
 
-  - stage: PlanResponse
-    displayName: "Plan Response - PTL"
-    dependsOn: GetArtifacts
-    jobs:
-      - template: pipeline-templates/terraform-plan.yaml
-        parameters:
-          environment: 'ptl'
-          component: 'response'
-          service_connection: 'DTS-CFTPTL-INTSVC'
-          storage_account_rg: 'core-infra-intsvc-rg'
-          storage_account_name: 'cftptlintsvc'
-          build: $(Build.BuildNumber)
-          agentPool: ${{ variables.agentPool }}
-          terraformVersion: ${{ variables.terraformVersion }}
-          builtFrom: $(Build.Repository.Name)
-      - job: Archive
-        dependsOn: Plan_ptl_response
-        pool:
-          vmImage: ${{ variables.agentPool }}
-        steps:
-          - task: CopyFiles@2
-            displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
-            inputs:
-              Contents: |
-                *.tf
-                *.tfvars
-                *tfplan
-              TargetFolder: '$(Build.ArtifactStagingDirectory)'
+  - ${{ each component in parameters.environment_components }}:
+    - stage: PlanResponse_${{ component.environment }}
+      displayName: "Plan Response - ${{ component.environment }}"
+      dependsOn: GetArtifacts
+      jobs:
+        - template: pipeline-templates/terraform-plan.yaml
+          parameters:
+            environment: ${{ component.environment }}
+            component: 'response'
+            service_connection: ${{ component.service_connection }}
+            storage_account_rg: ${{ component.storage_account_rg }}
+            storage_account_name: ${{ component.storage_account_name }}
+            build: $(Build.BuildNumber)
+            agentPool: ${{ variables.agentPool }}
+            terraformVersion: ${{ variables.terraformVersion }}
+            builtFrom: $(Build.Repository.Name)
+            tfvarsFile: ${{ component.tfvarsFile }}
+        - job: Archive
+          dependsOn: Plan_${{ component.environment }}_response
+          pool:
+            vmImage: ${{ variables.agentPool }}
+          steps:
+            - task: CopyFiles@2
+              displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
+              inputs:
+                Contents: |
+                  *.tf
+                  *.tfvars
+                  *tfplan
+                TargetFolder: '$(Build.ArtifactStagingDirectory)'
 
-          - task: PublishBuildArtifacts@1
-            displayName: 'Publish Artifact: drop'
+            - task: PublishBuildArtifacts@1
+              displayName: 'Publish Artifact: drop'
 
-  - stage: ApplyResponse
-    displayName: "Apply Response - PTL"
-    dependsOn: PlanResponse
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
-    jobs:
-      - template: pipeline-templates/terraform-apply.yaml
-        parameters:
-          environment: 'ptl'
-          component: 'response'
-          service_connection: 'DTS-CFTPTL-INTSVC'
-          storage_account_rg: 'core-infra-intsvc-rg'
-          storage_account_name: 'cftptlintsvc'
-          build: $(Build.BuildNumber)
-          agentPool: ${{ variables.agentPool }}
-          terraformVersion: ${{ variables.terraformVersion }}
+    - stage: ApplyResponse_${{ component.environment }}
+      displayName: "Apply Response - ${{ component.environment }}"
+      dependsOn: PlanResponse_${{ component.environment }}
+      condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
+      jobs:
+        - template: pipeline-templates/terraform-apply.yaml
+          parameters:
+            environment: ${{ component.environment }}
+            component: 'response'
+            service_connection: ${{ component.service_connection }}
+            storage_account_rg: ${{ component.storage_account_rg }}
+            storage_account_name: ${{ component.storage_account_name }}
+            build: $(Build.BuildNumber)
+            agentPool: ${{ variables.agentPool }}
+            terraformVersion: ${{ variables.terraformVersion }}
+            tfvarsFile: ${{ component.tfvarsFile }}

main.tf

@@ -4,14 +4,15 @@ resource "azurerm_resource_group" "rg" {
 }
 
 data "azurerm_key_vault" "ptl" {
-  name                = "cftptl-intsvc"
+  name                = var.keyvault_data_name
   resource_group_name = "core-infra-intsvc-rg"
 }
 
 module "postgresql_flexible" {
   providers = {
     azurerm.postgres_network = azurerm.postgres_network
   }
+  count = var.create_postgres ? 1 : 0
 
   source                        = "git::https://github.com/hmcts/terraform-module-postgresql-flexible?ref=master"
   env                           = var.env
@@ -36,7 +37,9 @@ module "postgresql_flexible" {
 }
 
 resource "azurerm_key_vault_secret" "response-db-secret-v14" {
+  count = var.create_postgres ? 1 : 0
+
   name         = "response-db-password-v14"
-  value        = module.postgresql_flexible.password
+  value        = module.postgresql_flexible[0].password
   key_vault_id = data.azurerm_key_vault.ptl.id
 }

pipeline-templates/terraform-apply.yaml

@@ -39,6 +39,6 @@ jobs:
               displayName: Apply - ${{ parameters.environment }} - ${{ parameters.component }}
               inputs:
                 command: 'apply'
-                commandOptions: '${{ parameters.environment }}${{ parameters.component }}${{ parameters.build }}plan'
+                commandOptions: 'var-file=${{ parameters.tfvarsFile }} ${{ parameters.environment }}${{ parameters.component }}${{ parameters.build }}plan'
                 environmentServiceName: '${{ parameters.service_connection }}'
                 workingDirectory: '$(Pipeline.Workspace)/drop'

pipeline-templates/terraform-plan.yaml

@@ -22,7 +22,7 @@ jobs:
         displayName: Plan - ${{ parameters.environment }} - ${{ parameters.component }}
         inputs:
           command: 'plan'
-          commandOptions: '-var builtFrom=${{ parameters.builtFrom }} -out=${{ parameters.environment }}${{ parameters.component }}${{ parameters.build }}plan'
+          commandOptions: '-var-file=${{ parameters.tfvarsFile }} -var builtFrom=${{ parameters.builtFrom }} -out=${{ parameters.environment }}${{ parameters.component }}${{ parameters.build }}plan'
           workingDirectory: '$(System.DefaultWorkingDirectory)'
           environmentServiceName: '${{ parameters.service_connection }}'
       - task: Bash@3

ptl.tfvars

@@ -0,0 +1,4 @@
+env                = "ptl"
+mi_env             = "cftptl-intsvc"
+create_postgres    = true
+keyvault_data_name = "cftptl-intsvc"

ptlsbox.tfvars

@@ -0,0 +1,4 @@
+env                = "sandbox"
+mi_env             = "cftsbox-intsvc"
+create_postgres    = false
+keyvault_data_name = "cftsbox-intsvc"

variables.tf

@@ -1,5 +1,4 @@
 variable "env" {
-  default = "ptl"
 }
 
 variable "product" {
@@ -21,5 +20,13 @@ variable "component" {
 }
 
 variable "mi_env" {
-  default = "cftptl-intsvc"
+}
+
+variable "create_postgres" {
+  description = "Whether to create the PostgreSQL server"
+  type        = bool
+  default     = true
+}
+
+variable "keyvault_data_name" {
 }