Skip to content

feat: Adding precondition checks for management groups #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jaredfholgate merged 8 commits into from
Feb 18, 2025
Merged

feat: Adding precondition checks for management groups #69

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
351a0c8
feat: Adding precondition checks for management groups
Feb 4, 2025
30cbe7b
fix: removing extra try
Feb 4, 2025
6645252
feat: adding preprocessing for validation
Feb 4, 2025
22a2c83
fix: terraform fmt
Feb 4, 2025
bf64bbf
fix: update sandbox archetyps for latest ALZ lib
Feb 7, 2025
b960d9c
Merge branch 'main' into feature-add-arch-def-preconditions
jaredfholgate Feb 18, 2025
48dd296
fix: remove unneeded jsonencode
Feb 18, 2025
2090bf9
fix: updating json to hcl
Feb 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 70 additions & 43 deletions modules/template_architecture_definition/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ locals {
starter_module_tfvars = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json"))
default_prefix = try(local.starter_module_tfvars.default_prefix, "alz")
default_postfix = try(local.starter_module_tfvars.default_postfix, "")
management_group_configuration = local.starter_module_tfvars.management_group_configuration # this input is require, fail if incorrect configuration is provided
management_group_configuration = try(local.starter_module_tfvars.management_group_configuration, {})
platform_management_group_children = try(local.starter_module_tfvars.platform_management_group_children, {})
landing_zone_management_group_children = try(local.starter_module_tfvars.landing_zone_management_group_children, {})
default_template_file_path = "${path.module}/templates/architecture_definition.json.tftpl"
Expand All @@ -24,119 +24,146 @@ locals {
alz_corp_archtype = ["corp"]
alz_online_archtype = ["online"]

# Management group configuration archetypes
config_root_archtypes = try(local.management_group_configuration.root.archetypes, [])
config_platform_archtypes = try(local.management_group_configuration.platform.archetypes, [])
config_landingzones_archtypes = try(local.management_group_configuration.landingzones.archetypes, [])
config_decommissioned_archtypes = try(local.management_group_configuration.decommissioned.archetypes, [])
config_sandbox_archtypes = try(local.management_group_configuration.sandbox.archetypes, [])
config_management_archtypes = try(local.management_group_configuration.management.archetypes, [])
config_connectivity_archtypes = try(local.management_group_configuration.connectivity.archetypes, [])
config_identity_archtypes = try(local.management_group_configuration.identity.archetypes, [])
config_corp_archtypes = try(local.management_group_configuration.corp.archetypes, [])
config_online_archtypes = try(local.management_group_configuration.online.archetypes, [])
config_confidential_corp_archtypes = try(local.management_group_configuration.confidential_corp.archetypes, [])
config_confidential_online_archtypes = try(local.management_group_configuration.confidential_online.archetypes, [])

# management group layered archetypes
root_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_root_archtype, local.management_group_configuration.root.archetypes) : local.management_group_configuration.root.archetypes
platform_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_platform_archtype, local.management_group_configuration.platform.archetypes) : local.management_group_configuration.platform.archetypes
landingzones_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_landing_zone_archtype, local.management_group_configuration.landingzones.archetypes) : local.management_group_configuration.landingzones.archetypes
decommissioned_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_decommissioned_archtype, local.management_group_configuration.decommissioned.archetypes) : local.management_group_configuration.decommissioned.archetypes
sandbox_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_sandboxes_archtype, local.management_group_configuration.sandbox.archetypes) : local.management_group_configuration.sandbox.archetypes
management_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_management_archtype, local.management_group_configuration.management.archetypes) : local.management_group_configuration.management.archetypes
connectivity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_connectivity_archtype, local.management_group_configuration.connectivity.archetypes) : local.management_group_configuration.connectivity.archetypes
identity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_identity_archtype, local.management_group_configuration.identity.archetypes) : local.management_group_configuration.identity.archetypes
corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.management_group_configuration.corp.archetypes) : local.management_group_configuration.corp.archetypes
online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.management_group_configuration.online.archetypes) : local.management_group_configuration.online.archetypes
confidential_corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.management_group_configuration.confidential_corp.archetypes) : local.management_group_configuration.confidential_corp.archetypes
confidential_online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.management_group_configuration.confidential_online.archetypes) : local.management_group_configuration.confidential_online.archetypes
root_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_root_archtype, local.config_root_archtypes) : local.config_root_archtypes
platform_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_platform_archtype, local.config_platform_archtypes) : local.config_platform_archtypes
landingzones_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_landing_zone_archtype, local.config_landingzones_archtypes) : local.config_landingzones_archtypes
decommissioned_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_decommissioned_archtype, local.config_decommissioned_archtypes) : local.config_decommissioned_archtypes
sandbox_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_sandboxes_archtype, local.config_sandbox_archtypes) : local.config_sandbox_archtypes
management_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_management_archtype, local.config_management_archtypes) : local.config_management_archtypes
connectivity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_connectivity_archtype, local.config_connectivity_archtypes) : local.config_connectivity_archtypes
identity_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_identity_archtype, local.config_identity_archtypes) : local.config_identity_archtypes
corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.config_corp_archtypes) : local.config_corp_archtypes
online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.config_online_archtypes) : local.config_online_archtypes
confidential_corp_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.config_confidential_corp_archtypes) : local.config_confidential_corp_archtypes
confidential_online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.config_confidential_online_archtypes) : local.config_confidential_online_archtypes

management_group_format_variables = {
default_prefix = local.default_prefix
default_postfix = local.default_postfix
}

root_management_group_id = templatestring(local.management_group_configuration.root.id, local.management_group_format_variables)
platform_management_group_id = templatestring(local.management_group_configuration.platform.id, local.management_group_format_variables)
landing_zone_management_group_id = templatestring(local.management_group_configuration.landingzones.id, local.management_group_format_variables)
decommissioned_management_group_id = templatestring(local.management_group_configuration.decommissioned.id, local.management_group_format_variables)
sandbox_management_group_id = templatestring(local.management_group_configuration.sandbox.id, local.management_group_format_variables)
management_management_group_id = templatestring(local.management_group_configuration.management.id, local.management_group_format_variables)
connectivity_management_group_id = templatestring(local.management_group_configuration.connectivity.id, local.management_group_format_variables)
identity_management_group_id = templatestring(local.management_group_configuration.identity.id, local.management_group_format_variables)
corp_management_group_id = templatestring(local.management_group_configuration.corp.id, local.management_group_format_variables)
online_management_group_id = templatestring(local.management_group_configuration.online.id, local.management_group_format_variables)
confidential_corp_management_group_id = templatestring(local.management_group_configuration.confidential_corp.id, local.management_group_format_variables)
confidential_online_management_group_id = templatestring(local.management_group_configuration.confidential_online.id, local.management_group_format_variables)
root_management_group_id = try(templatestring(local.management_group_configuration.root.id, local.management_group_format_variables), "")
platform_management_group_id = try(templatestring(local.management_group_configuration.platform.id, local.management_group_format_variables), "")
landing_zone_management_group_id = try(templatestring(local.management_group_configuration.landingzones.id, local.management_group_format_variables), "")
decommissioned_management_group_id = try(templatestring(local.management_group_configuration.decommissioned.id, local.management_group_format_variables), "")
sandbox_management_group_id = try(templatestring(local.management_group_configuration.sandbox.id, local.management_group_format_variables), "")
management_management_group_id = try(templatestring(local.management_group_configuration.management.id, local.management_group_format_variables), "")
connectivity_management_group_id = try(templatestring(local.management_group_configuration.connectivity.id, local.management_group_format_variables), "")
identity_management_group_id = try(templatestring(local.management_group_configuration.identity.id, local.management_group_format_variables), "")
corp_management_group_id = try(templatestring(local.management_group_configuration.corp.id, local.management_group_format_variables), "")
online_management_group_id = try(templatestring(local.management_group_configuration.online.id, local.management_group_format_variables), "")
confidential_corp_management_group_id = try(templatestring(local.management_group_configuration.confidential_corp.id, local.management_group_format_variables), "")
confidential_online_management_group_id = try(templatestring(local.management_group_configuration.confidential_online.id, local.management_group_format_variables), "")

root_display_name = try(local.management_group_configuration.root.display_name, "")
platform_display_name = try(local.management_group_configuration.platform.display_name, "")
landing_zone_display_name = try(local.management_group_configuration.landingzones.display_name, "")
decommissioned_display_name = try(local.management_group_configuration.decommissioned.display_name, "")
sandbox_display_name = try(local.management_group_configuration.sandbox.display_name, "")
management_display_name = try(local.management_group_configuration.management.display_name, "")
connectivity_display_name = try(local.management_group_configuration.connectivity.display_name, "")
identity_display_name = try(local.management_group_configuration.identity.display_name, "")
corp_display_name = try(local.management_group_configuration.corp.display_name, "")
online_display_name = try(local.management_group_configuration.online.display_name, "")
confidential_corp_display_name = try(local.management_group_configuration.confidential_corp.display_name, "")
confidential_online_display_name = try(local.management_group_configuration.confidential_online.display_name, "")

alz_management_groups = [
{
"archetypes" : jsonencode(local.root_archtypes),
"display_name" : jsonencode(local.management_group_configuration.root.display_name),
"display_name" : jsonencode(local.root_display_name),
"exists" : false,
"id" : jsonencode(local.root_management_group_id),
"parent_id" : jsonencode(null)
},
{
"archetypes" : jsonencode(local.platform_archtypes),
"display_name" : jsonencode(local.management_group_configuration.platform.display_name),
"display_name" : jsonencode(local.platform_display_name, ""),
"exists" : false,
"id" : jsonencode(local.platform_management_group_id),
"parent_id" : jsonencode(local.root_management_group_id)
},
{
"archetypes" : jsonencode(local.landingzones_archtypes),
"display_name" : jsonencode(local.management_group_configuration.landingzones.display_name),
"display_name" : jsonencode(local.landing_zone_display_name),
"exists" : false,
"id" : jsonencode(local.landing_zone_management_group_id),
"parent_id" : jsonencode(local.root_management_group_id)
},
{
"archetypes" : jsonencode(local.sandbox_archtypes),
"display_name" : jsonencode(local.management_group_configuration.sandbox.display_name),
"display_name" : jsonencode(local.sandbox_display_name),
"exists" : false,
"id" : jsonencode(local.sandbox_management_group_id),
"parent_id" : jsonencode(local.root_management_group_id)
},
{
"archetypes" : jsonencode(local.decommissioned_archtypes),
"display_name" : jsonencode(local.management_group_configuration.decommissioned.display_name),
"display_name" : jsonencode(local.decommissioned_display_name),
"exists" : false,
"id" : jsonencode(local.decommissioned_management_group_id),
"parent_id" : jsonencode(local.root_management_group_id)
},
{
"archetypes" : jsonencode(local.management_archtypes),
"display_name" : jsonencode(local.management_group_configuration.management.display_name),
"display_name" : jsonencode(local.management_display_name),
"exists" : false,
"id" : jsonencode(local.management_management_group_id),
"parent_id" : jsonencode(local.platform_management_group_id)
},
{
"archetypes" : jsonencode(local.connectivity_archtypes),
"display_name" : jsonencode(local.management_group_configuration.connectivity.display_name),
"display_name" : jsonencode(local.connectivity_display_name),
"exists" : false,
"id" : jsonencode(local.connectivity_management_group_id),
"parent_id" : jsonencode(local.platform_management_group_id)
},
{
"archetypes" : jsonencode(local.identity_archtypes),
"display_name" : jsonencode(local.management_group_configuration.identity.display_name),
"display_name" : jsonencode(local.identity_display_name),
"exists" : false,
"id" : jsonencode(local.identity_management_group_id),
"parent_id" : jsonencode(local.platform_management_group_id)
},
{
"archetypes" : jsonencode(local.corp_archtypes),
"display_name" : jsonencode(local.management_group_configuration.corp.display_name),
"display_name" : jsonencode(local.corp_display_name),
"exists" : false,
"id" : jsonencode(local.corp_management_group_id),
"parent_id" : jsonencode(local.landing_zone_management_group_id)
},
{
"archetypes" : jsonencode(local.online_archtypes),
"display_name" : jsonencode(local.management_group_configuration.online.display_name),
"display_name" : jsonencode(local.online_display_name),
"exists" : false,
"id" : jsonencode(local.online_management_group_id),
"parent_id" : jsonencode(local.landing_zone_management_group_id)
},
{
"archetypes" : jsonencode(local.confidential_corp_archtypes),
"display_name" : jsonencode(local.management_group_configuration.confidential_corp.display_name),
"display_name" : jsonencode(local.confidential_corp_display_name),
"exists" : false,
"id" : jsonencode(local.confidential_corp_management_group_id),
"parent_id" : jsonencode(local.landing_zone_management_group_id)
},
{
"archetypes" : jsonencode(local.confidential_online_archtypes),
"display_name" : jsonencode(local.management_group_configuration.confidential_online.display_name),
"display_name" : jsonencode(local.confidential_online_display_name),
"exists" : false,
"id" : jsonencode(local.confidential_online_management_group_id),
"parent_id" : jsonencode(local.landing_zone_management_group_id)
Expand All @@ -145,20 +172,20 @@ locals {

platform_management_groups = [for k, v in local.platform_management_group_children :
{
"archetypes" : jsonencode(v.archetypes),
"display_name" : jsonencode(v.display_name),
"archetypes" : jsonencode(try(v.archetypes, [])),
"display_name" : jsonencode(try(v.display_name, "")),
"exists" : false,
"id" : jsonencode(templatestring(v.id, local.management_group_format_variables)),
"id" : jsonencode(try(templatestring(v.id, local.management_group_format_variables), "")),
"parent_id" : jsonencode(local.platform_management_group_id)
}
]

landing_zone_management_groups = [for k, v in local.landing_zone_management_group_children :
{
"archetypes" : jsonencode(v.archetypes),
"display_name" : jsonencode(v.display_name),
"archetypes" : jsonencode(try(v.archetypes, [])),
"display_name" : jsonencode(try(v.display_name, "")),
"exists" : false,
"id" : jsonencode(templatestring(v.id, local.management_group_format_variables)),
"id" : jsonencode(try(templatestring(v.id, local.management_group_format_variables), "")),
"parent_id" : jsonencode(local.landing_zone_management_group_id)
}
]
Expand Down
Loading
Loading