diff --git a/modules/template_architecture_definition/locals.tf b/modules/template_architecture_definition/locals.tf index 14d8d78..bdf64c4 100644 --- a/modules/template_architecture_definition/locals.tf +++ b/modules/template_architecture_definition/locals.tf @@ -3,7 +3,7 @@ locals { starter_module_tfvars = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json")) default_prefix = try(local.starter_module_tfvars.default_prefix, "alz") default_postfix = try(local.starter_module_tfvars.default_postfix, "") - management_group_configuration = local.starter_module_tfvars.management_group_configuration # this input is require, fail if incorrect configuration is provided + management_group_configuration = try(local.starter_module_tfvars.management_group_configuration, {}) platform_management_group_children = try(local.starter_module_tfvars.platform_management_group_children, {}) landing_zone_management_group_children = try(local.starter_module_tfvars.landing_zone_management_group_children, {}) default_template_file_path = "${path.module}/templates/architecture_definition.json.tftpl" @@ -17,149 +17,176 @@ locals { alz_platform_archtype = ["platform"] alz_landing_zone_archtype = ["landing_zones"] alz_decommissioned_archtype = ["decommissioned"] - alz_sandboxes_archtype = ["sandboxes"] + alz_sandboxes_archtype = ["sandbox"] alz_management_archtype = ["management"] alz_connectivity_archtype = ["connectivity"] alz_identity_archtype = ["identity"] alz_corp_archtype = ["corp"] alz_online_archtype = ["online"] + # Management group configuration archetypes + config_root_archtypes = try(local.management_group_configuration.root.archetypes, []) + config_platform_archtypes = try(local.management_group_configuration.platform.archetypes, []) + config_landingzones_archtypes = try(local.management_group_configuration.landingzones.archetypes, []) + config_decommissioned_archtypes = try(local.management_group_configuration.decommissioned.archetypes, []) + config_sandbox_archtypes = try(local.management_group_configuration.sandbox.archetypes, []) + config_management_archtypes = try(local.management_group_configuration.management.archetypes, []) + config_connectivity_archtypes = try(local.management_group_configuration.connectivity.archetypes, []) + config_identity_archtypes = try(local.management_group_configuration.identity.archetypes, []) + config_corp_archtypes = try(local.management_group_configuration.corp.archetypes, []) + config_online_archtypes = try(local.management_group_configuration.online.archetypes, []) + config_confidential_corp_archtypes = try(local.management_group_configuration.confidential_corp.archetypes, []) + config_confidential_online_archtypes = try(local.management_group_configuration.confidential_online.archetypes, []) + # management group layered archetypes - root_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_root_archtype, local.management_group_configuration.root.archetypes) : local.management_group_configuration.root.archetypes - platform_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_platform_archtype, local.management_group_configuration.platform.archetypes) : local.management_group_configuration.platform.archetypes - landingzones_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_landing_zone_archtype, local.management_group_configuration.landingzones.archetypes) : local.management_group_configuration.landingzones.archetypes - decommissioned_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_decommissioned_archtype, local.management_group_configuration.decommissioned.archetypes) : local.management_group_configuration.decommissioned.archetypes - sandbox_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_sandboxes_archtype, local.management_group_configuration.sandbox.archetypes) : local.management_group_configuration.sandbox.archetypes - management_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_management_archtype, local.management_group_configuration.management.archetypes) : local.management_group_configuration.management.archetypes - connectivity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_connectivity_archtype, local.management_group_configuration.connectivity.archetypes) : local.management_group_configuration.connectivity.archetypes - identity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_identity_archtype, local.management_group_configuration.identity.archetypes) : local.management_group_configuration.identity.archetypes - corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.management_group_configuration.corp.archetypes) : local.management_group_configuration.corp.archetypes - online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.management_group_configuration.online.archetypes) : local.management_group_configuration.online.archetypes - confidential_corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.management_group_configuration.confidential_corp.archetypes) : local.management_group_configuration.confidential_corp.archetypes - confidential_online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.management_group_configuration.confidential_online.archetypes) : local.management_group_configuration.confidential_online.archetypes + root_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_root_archtype, local.config_root_archtypes) : local.config_root_archtypes + platform_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_platform_archtype, local.config_platform_archtypes) : local.config_platform_archtypes + landingzones_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_landing_zone_archtype, local.config_landingzones_archtypes) : local.config_landingzones_archtypes + decommissioned_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_decommissioned_archtype, local.config_decommissioned_archtypes) : local.config_decommissioned_archtypes + sandbox_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_sandboxes_archtype, local.config_sandbox_archtypes) : local.config_sandbox_archtypes + management_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_management_archtype, local.config_management_archtypes) : local.config_management_archtypes + connectivity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_connectivity_archtype, local.config_connectivity_archtypes) : local.config_connectivity_archtypes + identity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_identity_archtype, local.config_identity_archtypes) : local.config_identity_archtypes + corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.config_corp_archtypes) : local.config_corp_archtypes + online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.config_online_archtypes) : local.config_online_archtypes + confidential_corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.config_confidential_corp_archtypes) : local.config_confidential_corp_archtypes + confidential_online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.config_confidential_online_archtypes) : local.config_confidential_online_archtypes management_group_format_variables = { default_prefix = local.default_prefix default_postfix = local.default_postfix } - root_management_group_id = templatestring(local.management_group_configuration.root.id, local.management_group_format_variables) - platform_management_group_id = templatestring(local.management_group_configuration.platform.id, local.management_group_format_variables) - landing_zone_management_group_id = templatestring(local.management_group_configuration.landingzones.id, local.management_group_format_variables) - decommissioned_management_group_id = templatestring(local.management_group_configuration.decommissioned.id, local.management_group_format_variables) - sandbox_management_group_id = templatestring(local.management_group_configuration.sandbox.id, local.management_group_format_variables) - management_management_group_id = templatestring(local.management_group_configuration.management.id, local.management_group_format_variables) - connectivity_management_group_id = templatestring(local.management_group_configuration.connectivity.id, local.management_group_format_variables) - identity_management_group_id = templatestring(local.management_group_configuration.identity.id, local.management_group_format_variables) - corp_management_group_id = templatestring(local.management_group_configuration.corp.id, local.management_group_format_variables) - online_management_group_id = templatestring(local.management_group_configuration.online.id, local.management_group_format_variables) - confidential_corp_management_group_id = templatestring(local.management_group_configuration.confidential_corp.id, local.management_group_format_variables) - confidential_online_management_group_id = templatestring(local.management_group_configuration.confidential_online.id, local.management_group_format_variables) + root_management_group_id = try(templatestring(local.management_group_configuration.root.id, local.management_group_format_variables), "") + platform_management_group_id = try(templatestring(local.management_group_configuration.platform.id, local.management_group_format_variables), "") + landing_zone_management_group_id = try(templatestring(local.management_group_configuration.landingzones.id, local.management_group_format_variables), "") + decommissioned_management_group_id = try(templatestring(local.management_group_configuration.decommissioned.id, local.management_group_format_variables), "") + sandbox_management_group_id = try(templatestring(local.management_group_configuration.sandbox.id, local.management_group_format_variables), "") + management_management_group_id = try(templatestring(local.management_group_configuration.management.id, local.management_group_format_variables), "") + connectivity_management_group_id = try(templatestring(local.management_group_configuration.connectivity.id, local.management_group_format_variables), "") + identity_management_group_id = try(templatestring(local.management_group_configuration.identity.id, local.management_group_format_variables), "") + corp_management_group_id = try(templatestring(local.management_group_configuration.corp.id, local.management_group_format_variables), "") + online_management_group_id = try(templatestring(local.management_group_configuration.online.id, local.management_group_format_variables), "") + confidential_corp_management_group_id = try(templatestring(local.management_group_configuration.confidential_corp.id, local.management_group_format_variables), "") + confidential_online_management_group_id = try(templatestring(local.management_group_configuration.confidential_online.id, local.management_group_format_variables), "") + + root_display_name = try(local.management_group_configuration.root.display_name, "") + platform_display_name = try(local.management_group_configuration.platform.display_name, "") + landing_zone_display_name = try(local.management_group_configuration.landingzones.display_name, "") + decommissioned_display_name = try(local.management_group_configuration.decommissioned.display_name, "") + sandbox_display_name = try(local.management_group_configuration.sandbox.display_name, "") + management_display_name = try(local.management_group_configuration.management.display_name, "") + connectivity_display_name = try(local.management_group_configuration.connectivity.display_name, "") + identity_display_name = try(local.management_group_configuration.identity.display_name, "") + corp_display_name = try(local.management_group_configuration.corp.display_name, "") + online_display_name = try(local.management_group_configuration.online.display_name, "") + confidential_corp_display_name = try(local.management_group_configuration.confidential_corp.display_name, "") + confidential_online_display_name = try(local.management_group_configuration.confidential_online.display_name, "") alz_management_groups = [ { - "archetypes" : jsonencode(local.root_archtypes), - "display_name" : jsonencode(local.management_group_configuration.root.display_name), - "exists" : false, - "id" : jsonencode(local.root_management_group_id), - "parent_id" : jsonencode(null) + archetypes = jsonencode(local.root_archtypes) + display_name = local.root_display_name + exists = false + id = local.root_management_group_id + parent_id = jsonencode(null) }, { - "archetypes" : jsonencode(local.platform_archtypes), - "display_name" : jsonencode(local.management_group_configuration.platform.display_name), - "exists" : false, - "id" : jsonencode(local.platform_management_group_id), - "parent_id" : jsonencode(local.root_management_group_id) + archetypes = jsonencode(local.platform_archtypes) + display_name = local.platform_display_name + exists = false + id = local.platform_management_group_id + parent_id = jsonencode(local.root_management_group_id) }, { - "archetypes" : jsonencode(local.landingzones_archtypes), - "display_name" : jsonencode(local.management_group_configuration.landingzones.display_name), - "exists" : false, - "id" : jsonencode(local.landing_zone_management_group_id), - "parent_id" : jsonencode(local.root_management_group_id) + archetypes = jsonencode(local.landingzones_archtypes) + display_name = local.landing_zone_display_name + exists = false + id = local.landing_zone_management_group_id + parent_id = jsonencode(local.root_management_group_id) }, { - "archetypes" : jsonencode(local.sandbox_archtypes), - "display_name" : jsonencode(local.management_group_configuration.sandbox.display_name), - "exists" : false, - "id" : jsonencode(local.sandbox_management_group_id), - "parent_id" : jsonencode(local.root_management_group_id) + archetypes = jsonencode(local.sandbox_archtypes) + display_name = local.sandbox_display_name + exists = false + id = local.sandbox_management_group_id + parent_id = jsonencode(local.root_management_group_id) }, { - "archetypes" : jsonencode(local.decommissioned_archtypes), - "display_name" : jsonencode(local.management_group_configuration.decommissioned.display_name), - "exists" : false, - "id" : jsonencode(local.decommissioned_management_group_id), - "parent_id" : jsonencode(local.root_management_group_id) + archetypes = jsonencode(local.decommissioned_archtypes) + display_name = local.decommissioned_display_name + exists = false + id = local.decommissioned_management_group_id + parent_id = jsonencode(local.root_management_group_id) }, { - "archetypes" : jsonencode(local.management_archtypes), - "display_name" : jsonencode(local.management_group_configuration.management.display_name), - "exists" : false, - "id" : jsonencode(local.management_management_group_id), - "parent_id" : jsonencode(local.platform_management_group_id) + archetypes = jsonencode(local.management_archtypes) + display_name = local.management_display_name + exists = false + id = local.management_management_group_id + parent_id = jsonencode(local.platform_management_group_id) }, { - "archetypes" : jsonencode(local.connectivity_archtypes), - "display_name" : jsonencode(local.management_group_configuration.connectivity.display_name), - "exists" : false, - "id" : jsonencode(local.connectivity_management_group_id), - "parent_id" : jsonencode(local.platform_management_group_id) + archetypes = jsonencode(local.connectivity_archtypes) + display_name = local.connectivity_display_name + exists = false + id = local.connectivity_management_group_id + parent_id = jsonencode(local.platform_management_group_id) }, { - "archetypes" : jsonencode(local.identity_archtypes), - "display_name" : jsonencode(local.management_group_configuration.identity.display_name), - "exists" : false, - "id" : jsonencode(local.identity_management_group_id), - "parent_id" : jsonencode(local.platform_management_group_id) + archetypes = jsonencode(local.identity_archtypes) + display_name = local.identity_display_name + exists = false + id = local.identity_management_group_id + parent_id = jsonencode(local.platform_management_group_id) }, { - "archetypes" : jsonencode(local.corp_archtypes), - "display_name" : jsonencode(local.management_group_configuration.corp.display_name), - "exists" : false, - "id" : jsonencode(local.corp_management_group_id), - "parent_id" : jsonencode(local.landing_zone_management_group_id) + archetypes = jsonencode(local.corp_archtypes) + display_name = local.corp_display_name + exists = false + id = local.corp_management_group_id + parent_id = jsonencode(local.landing_zone_management_group_id) }, { - "archetypes" : jsonencode(local.online_archtypes), - "display_name" : jsonencode(local.management_group_configuration.online.display_name), - "exists" : false, - "id" : jsonencode(local.online_management_group_id), - "parent_id" : jsonencode(local.landing_zone_management_group_id) + archetypes = jsonencode(local.online_archtypes) + display_name = local.online_display_name + exists = false + id = local.online_management_group_id + parent_id = jsonencode(local.landing_zone_management_group_id) }, { - "archetypes" : jsonencode(local.confidential_corp_archtypes), - "display_name" : jsonencode(local.management_group_configuration.confidential_corp.display_name), - "exists" : false, - "id" : jsonencode(local.confidential_corp_management_group_id), - "parent_id" : jsonencode(local.landing_zone_management_group_id) + archetypes = jsonencode(local.confidential_corp_archtypes) + display_name = local.confidential_corp_display_name + exists = false + id = local.confidential_corp_management_group_id + parent_id = jsonencode(local.landing_zone_management_group_id) }, { - "archetypes" : jsonencode(local.confidential_online_archtypes), - "display_name" : jsonencode(local.management_group_configuration.confidential_online.display_name), - "exists" : false, - "id" : jsonencode(local.confidential_online_management_group_id), - "parent_id" : jsonencode(local.landing_zone_management_group_id) + archetypes = jsonencode(local.confidential_online_archtypes) + display_name = local.confidential_online_display_name + exists = false + id = local.confidential_online_management_group_id + parent_id = jsonencode(local.landing_zone_management_group_id) } ] platform_management_groups = [for k, v in local.platform_management_group_children : { - "archetypes" : jsonencode(v.archetypes), - "display_name" : jsonencode(v.display_name), - "exists" : false, - "id" : jsonencode(templatestring(v.id, local.management_group_format_variables)), - "parent_id" : jsonencode(local.platform_management_group_id) + archetypes = jsonencode(try(v.archetypes, [])) + display_name = try(v.display_name, "") + exists = false + id = try(templatestring(v.id, local.management_group_format_variables), "") + parent_id = jsonencode(local.platform_management_group_id) } ] landing_zone_management_groups = [for k, v in local.landing_zone_management_group_children : { - "archetypes" : jsonencode(v.archetypes), - "display_name" : jsonencode(v.display_name), - "exists" : false, - "id" : jsonencode(templatestring(v.id, local.management_group_format_variables)), - "parent_id" : jsonencode(local.landing_zone_management_group_id) + archetypes = jsonencode(try(v.archetypes, [])) + display_name = try(v.display_name, "") + exists = false + id = try(templatestring(v.id, local.management_group_format_variables), "") + parent_id = jsonencode(local.landing_zone_management_group_id) } ] @@ -171,4 +198,57 @@ locals { } template_file = templatefile(local.template_file_path, local.template_vars) + + # Validate management group configuration + management_groups_validation_map = { + root = { + id = local.root_management_group_id + display_name = local.root_display_name + } + platform = { + id = local.platform_management_group_id, + display_name = local.platform_display_name + } + landing_zone = { + id = local.landing_zone_management_group_id + display_name = local.landing_zone_display_name + } + decommissioned = { + id = local.decommissioned_management_group_id + display_name = local.decommissioned_display_name + } + sandbox = { + id = local.sandbox_management_group_id + display_name = local.sandbox_display_name + } + management = { + id = local.management_management_group_id + display_name = local.management_display_name + } + connectivity = { + id = local.connectivity_management_group_id + display_name = local.connectivity_display_name + } + identity = { + id = local.identity_management_group_id + display_name = local.identity_display_name + } + corp = { + id = local.corp_management_group_id + display_name = local.corp_display_name + } + online = { + id = local.online_management_group_id + display_name = local.online_display_name + } + confidential_corp = { + id = local.confidential_corp_management_group_id + display_name = local.confidential_corp_display_name + } + confidential_online = { + id = local.confidential_online_management_group_id + display_name = local.confidential_online_display_name + } + } + management_groups_validation = [for k, v in local.management_groups_validation_map : k if v.id == "" || v.display_name == ""] } diff --git a/modules/template_architecture_definition/outputs.tf b/modules/template_architecture_definition/outputs.tf index 7d7d511..5e5a148 100644 --- a/modules/template_architecture_definition/outputs.tf +++ b/modules/template_architecture_definition/outputs.tf @@ -1,3 +1,23 @@ output "architecture_definition_json" { value = local.has_architecture_definition_override ? data.local_file.architecture_definition_override_json[0].content : local.template_file + + precondition { + condition = length(local.management_group_configuration) != 0 + error_message = "The management group configuration is required" + } + + precondition { + condition = length(local.management_groups_validation) == 0 + error_message = format("Management group ID and display name are required for %s management group(s).", join(", ", local.management_groups_validation)) + } + + precondition { + condition = try([for k, v in local.platform_management_group_children : [v.id, v.display_name]], null) != null + error_message = "Management group ID and display name are required for platform management group children." + } + + precondition { + condition = try([for k, v in local.landing_zone_management_group_children : [v.id, v.display_name]], null) != null + error_message = "Management group ID and display name are required for landing zone management group children." + } } diff --git a/modules/template_architecture_definition/templates/architecture_definition.json.tftpl b/modules/template_architecture_definition/templates/architecture_definition.json.tftpl index 64ec1b2..b65e929 100644 --- a/modules/template_architecture_definition/templates/architecture_definition.json.tftpl +++ b/modules/template_architecture_definition/templates/architecture_definition.json.tftpl @@ -3,8 +3,8 @@ "management_groups": [ %{ for management_group in management_groups }{ "archetypes": ${management_group.archetypes}, - "display_name": ${management_group.display_name}, - "id": ${management_group.id}, + "display_name": "${management_group.display_name}", + "id": "${management_group.id}", "exists": ${management_group.exists}, "parent_id": ${management_group.parent_id} }%{ if management_group != management_groups[length(management_groups) - 1] && length(management_groups) != 0},