Merge pull request #1 from Think-Cube/develop

Develop

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+## code changes will send PR to following users
+* @Think-Cube/think-cube

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "terraform" 
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      timezone: "Europe/London"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "20:00"
+      timezone: "Europe/London"

.github/workflows/auto-merge-github-actions.yml

@@ -0,0 +1,25 @@
+name: Auto Merge GitHub Actions
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+permissions:
+  contents: write      
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.head.ref, 'dependabot/github_actions/')
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Auto approve
+        uses: hmarr/[email protected]
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+      - name: Merge pull request
+        uses: "pascalgn/[email protected]"
+        permissions:
+          contents: write
+        env:
+          GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"

.github/workflows/documentation.yml

@@ -0,0 +1,20 @@
+name: Generate terraform docs
+on:
+  - pull_request
+permissions:
+  contents: write  
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs inside the README.md and push changes back to PR branch
+      uses: terraform-docs/[email protected]
+      with:
+        working-dir: .
+        output-file: README.md
+        output-method: inject
+        git-push: "true"

.github/workflows/tfsec.yml

@@ -0,0 +1,27 @@
+name: tfsec
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '44 9 * * 1'
+jobs:
+  tfsec:
+    name: Run tfsec sarif report
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v4
+      - name: Run tfsec
+        uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608
+        with:
+          sarif_file: tfsec.sarif
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: tfsec.sarif

README.md

@@ -0,0 +1,54 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.3 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 3.100.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.100.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_app_configuration.main](https://registry.terraform.io/providers/hashicorp/azurerm/3.100.0/docs/resources/app_configuration) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/3.100.0/docs/data-sources/client_config) | data source |
+| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/3.100.0/docs/data-sources/resource_group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_app_configuration_local_auth_enabled"></a> [app\_configuration\_local\_auth\_enabled](#input\_app\_configuration\_local\_auth\_enabled) | Indicates whether local authentication methods are enabled for accessing the App Configuration. Defaults to true. | `bool` | `true` | no |
+| <a name="input_app_configuration_name"></a> [app\_configuration\_name](#input\_app\_configuration\_name) | The name of the App Configuration resource. Changing this will force a new resource to be created. | `string` | n/a | yes |
+| <a name="input_app_configuration_public_network_access"></a> [app\_configuration\_public\_network\_access](#input\_app\_configuration\_public\_network\_access) | Specifies the public network access setting for the App Configuration. Possible values are 'Enabled' and 'Disabled'. | `string` | `"Enabled"` | no |
+| <a name="input_app_configuration_purge_protection_enabled"></a> [app\_configuration\_purge\_protection\_enabled](#input\_app\_configuration\_purge\_protection\_enabled) | Indicates whether Purge Protection is enabled for the App Configuration. This feature is applicable only for the 'standard' SKU. Defaults to false. | `string` | `"false"` | no |
+| <a name="input_app_configuration_sku"></a> [app\_configuration\_sku](#input\_app\_configuration\_sku) | The SKU tier for the App Configuration, which determines the features available. Possible values are 'free' and 'standard'. | `string` | `"standard"` | no |
+| <a name="input_app_configuration_soft_delete_retention_days"></a> [app\_configuration\_soft\_delete\_retention\_days](#input\_app\_configuration\_soft\_delete\_retention\_days) | The retention period in days for soft-deleted items in the App Configuration. This feature is applicable only for the 'standard' SKU and can range from 1 to 7 days. Defaults to 7. Changing this will force a new resource to be created. | `number` | `7` | no |
+| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A mapping of key-value pairs representing tags to assign to the resources, useful for organization and cost tracking. | `map(any)` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment identifier for the backend container name key, used to distinguish between development, testing, and production stages. | `string` | `"dev"` | no |
+| <a name="input_region"></a> [region](#input\_region) | Specifies the geographical region where resources are deployed, impacting latency and compliance. | `string` | `"weu"` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | The geographical location/region where the resource group is created. Changing this forces a new resource to be created. | `string` | `"West Europe"` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the resources, adhering to naming conventions and uniqueness within the subscription. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | The URL of the App Configuration. |
+| <a name="output_id"></a> [id](#output\_id) | The App Configuration ID. |
+| <a name="output_identity"></a> [identity](#output\_identity) | An identity block as defined below. |
+| <a name="output_primary_read_key"></a> [primary\_read\_key](#output\_primary\_read\_key) | A primary\_read\_key block as defined below containing the primary read access key. |
+| <a name="output_primary_write_key"></a> [primary\_write\_key](#output\_primary\_write\_key) | A primary\_write\_key block as defined below containing the primary write access key. |
+| <a name="output_secondary_read_key"></a> [secondary\_read\_key](#output\_secondary\_read\_key) | A secondary\_read\_key block as defined below containing the secondary read access key. |
+| <a name="output_secondary_write_key"></a> [secondary\_write\_key](#output\_secondary\_write\_key) | A secondary\_write\_key block as defined below containing the secondary write access key. |
+<!-- END_TF_DOCS -->

app_configuration.tf

@@ -0,0 +1,11 @@
+resource "azurerm_app_configuration" "main" {
+  name                       = "${var.environment}-${var.app_configuration_name}-${var.region}-appcnf"
+  resource_group_name        = data.azurerm_resource_group.rg.name
+  location                   = data.azurerm_resource_group.rg.location
+  sku                        = var.app_configuration_sku
+  local_auth_enabled         = var.app_configuration_local_auth_enabled
+  public_network_access      = var.app_configuration_public_network_access
+  purge_protection_enabled   = var.app_configuration_purge_protection_enabled
+  soft_delete_retention_days = var.app_configuration_soft_delete_retention_days
+  tags                       = var.default_tags
+}

backend.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.100.0"
+    }
+  }
+  required_version = ">= 1.6.3"
+}

main.tf

@@ -0,0 +1,5 @@
+data "azurerm_client_config" "current" {}
+
+data "azurerm_resource_group" "rg" {
+  name = var.resource_group_name
+}

output.tf

@@ -0,0 +1,35 @@
+output "id" {
+  description = "The App Configuration ID."
+  value       = azurerm_app_configuration.main.id
+  sensitive   = false
+}
+output "endpoint" {
+  description = "The URL of the App Configuration."
+  value       = azurerm_app_configuration.main.endpoint
+  sensitive   = false
+}
+output "primary_read_key" {
+  description = "A primary_read_key block as defined below containing the primary read access key."
+  value       = azurerm_app_configuration.main.primary_read_key
+  sensitive   = true
+}
+output "primary_write_key" {
+  description = "A primary_write_key block as defined below containing the primary write access key."
+  value       = azurerm_app_configuration.main.primary_write_key
+  sensitive   = true
+}
+output "secondary_read_key" {
+  description = " A secondary_read_key block as defined below containing the secondary read access key."
+  value       = azurerm_app_configuration.main.secondary_read_key
+  sensitive   = true
+}
+output "secondary_write_key" {
+  description = "A secondary_write_key block as defined below containing the secondary write access key."
+  value       = azurerm_app_configuration.main.secondary_write_key
+  sensitive   = true
+}
+output "identity" {
+  description = "An identity block as defined below."
+  value       = azurerm_app_configuration.main.identity
+  sensitive   = true
+}

variables.tf

@@ -0,0 +1,70 @@
+###########################
+# Common vars
+###########################
+variable "environment" {
+  description = "The environment identifier for the backend container name key, used to distinguish between development, testing, and production stages."
+  type        = string
+  default     = "dev"
+}
+
+variable "default_tags" {
+  description = "A mapping of key-value pairs representing tags to assign to the resources, useful for organization and cost tracking."
+  type        = map(any)
+}
+
+variable "region" {
+  description = "Specifies the geographical region where resources are deployed, impacting latency and compliance."
+  type        = string
+  default     = "weu"
+}
+
+###########################
+# Resource groups vars
+###########################
+variable "resource_group_location" {
+  description = "The geographical location/region where the resource group is created. Changing this forces a new resource to be created."
+  default     = "West Europe"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group in which to create the resources, adhering to naming conventions and uniqueness within the subscription."
+  type        = string
+}
+###########################
+# App Configuration vars
+###########################
+variable "app_configuration_name" {
+  description = "The name of the App Configuration resource. Changing this will force a new resource to be created."
+  type        = string
+}
+
+variable "app_configuration_sku" {
+  description = "The SKU tier for the App Configuration, which determines the features available. Possible values are 'free' and 'standard'."
+  type        = string
+  default     = "standard"
+}
+
+variable "app_configuration_local_auth_enabled" {
+  description = "Indicates whether local authentication methods are enabled for accessing the App Configuration. Defaults to true."
+  type        = bool
+  default     = true
+}
+
+variable "app_configuration_public_network_access" {
+  description = "Specifies the public network access setting for the App Configuration. Possible values are 'Enabled' and 'Disabled'."
+  type        = string
+  default     = "Enabled"
+}
+
+variable "app_configuration_purge_protection_enabled" {
+  description = "Indicates whether Purge Protection is enabled for the App Configuration. This feature is applicable only for the 'standard' SKU. Defaults to false."
+  type        = string
+  default     = "false"
+}
+
+variable "app_configuration_soft_delete_retention_days" {
+  description = "The retention period in days for soft-deleted items in the App Configuration. This feature is applicable only for the 'standard' SKU and can range from 1 to 7 days. Defaults to 7. Changing this will force a new resource to be created."
+  type        = number
+  default     = 7
+}