From 4608c6d4261316908e19405519cd83be7f42f9ce Mon Sep 17 00:00:00 2001
From: fortinm <mathieu.fortin@autodesk.com>
Date: Sat, 8 Jun 2024 23:03:18 -0400
Subject: [PATCH 1/2] Udpdate terraform code to use unique identifiers

Signed-off-by: fortinm <mathieu.fortin@autodesk.com>
---
 main.tf | 134 +++++++++++++++++++++++++-------------------------------
 vars.tf |   6 +++
 2 files changed, 66 insertions(+), 74 deletions(-)

diff --git a/main.tf b/main.tf
index dc53074..12dd7a8 100644
--- a/main.tf
+++ b/main.tf
@@ -5,70 +5,60 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~> 2.65"
     }
-    random = {
-      source  = "hashicorp/random"
-      version = "~>3.5"
-    }
-    tls = {
-      source = "hashicorp/tls"
-      version = "~>4.0"
+    local = {
+      source = "hashicorp/local"
+      version = "~> 2.5"
     }
   }
   required_version = ">= 1.1.0"
 }
 
-provider "azurerm" {
-  features {}
+locals {
+  name_prefix = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-${var.run_job_id}"
+  # Read Username and password from file
+  win_crendentials = jsondecode(file("sensitive_info.json"))
+  tags = {
+    Environment = var.tagname
+    Name        = "${var.OS_version}-${var.benchmark_type}"
+    Repository  = var.repository
+  }
 }
 
-#Read Username and password from file
-data "external" "win_account" {
-  program = ["cat", "./sensitive_info.json"]
+provider "azurerm" {
+  features {}
 }
 
 resource "azurerm_resource_group" "main" {
-  name     = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-RG"
+  name     = "${local.name_prefix}-RG"
   location = var.location
-  tags = {
-    Environment = "${var.tagname}"
-    Name        = "${var.OS_version}-${var.benchmark_type}"
-    Repository  = "${var.repository}"
-  }
+  tags     = local.tags
 }
 
 resource "azurerm_virtual_network" "main" {
-  name                = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-network"
+  name                = "${local.name_prefix}-network"
   address_space       = ["172.16.0.0/16"]
   location            = azurerm_resource_group.main.location
   resource_group_name = azurerm_resource_group.main.name
-  tags = {
-    Environment = "${var.tagname}"
-    Name        = "${var.OS_version}-${var.benchmark_type}"
-    Repository  = "${var.repository}"
-  }
+  tags                = local.tags
 }
 
 resource "azurerm_subnet" "internal" {
-  name                 = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-intip"
+  name                 = "${local.name_prefix}-intip"
   resource_group_name  = azurerm_resource_group.main.name
   virtual_network_name = azurerm_virtual_network.main.name
   address_prefixes     = ["172.16.101.0/24"]
 }
 
 resource "azurerm_public_ip" "main" {
-  name                = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-pubip"
+  name                = "${local.name_prefix}-pubip"
   location            = var.location
   resource_group_name = azurerm_resource_group.main.name
   allocation_method   = "Static"
-  tags = {
-    Environment = "${var.tagname}"
-    Name        = "${var.OS_version}-${var.benchmark_type}"
-    Repository  = "${var.repository}"
-  }
+  tags                = local.tags
 }
 
 resource "azurerm_network_interface" "main" {
-  name                = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-nic"
+  name                = "${local.name_prefix}-nic"
   resource_group_name = azurerm_resource_group.main.name
   location            = azurerm_resource_group.main.location
 
@@ -79,15 +69,11 @@ resource "azurerm_network_interface" "main" {
     public_ip_address_id          = azurerm_public_ip.main.id
   }
 
-  tags = {
-    Environment = "${var.tagname}"
-    Name        = "${var.OS_version}-${var.benchmark_type}"
-    Repository  = "${var.repository}"
-  }
+  tags = local.tags
 }
 
 resource "azurerm_network_security_group" "secgroup" {
-  name                = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-secgroup"
+  name                = "${local.name_prefix}-secgroup"
   resource_group_name = azurerm_resource_group.main.name
   location            = azurerm_resource_group.main.location
   security_rule {
@@ -112,11 +98,7 @@ resource "azurerm_network_security_group" "secgroup" {
     source_address_prefix      = "Internet"
     destination_address_prefix = "*"
   }
-  tags = {
-    Environment = "${var.tagname}"
-    Name        = "${var.OS_version}-${var.benchmark_type}"
-    Repository  = "${var.repository}"
-  }
+  tags = local.tags
 }
 
 # Associate subnet and network security group
@@ -126,12 +108,12 @@ resource "azurerm_subnet_network_security_group_association" "secgroup-assoc" {
 }
 
 resource "azurerm_windows_virtual_machine" "main" {
-  name                = "${var.hostname}-${var.OS_version}-${var.benchmark_type}"
+  name                = local.name_prefix
   resource_group_name = azurerm_resource_group.main.name
   location            = azurerm_resource_group.main.location
   size                = var.system_size
-  admin_username      = data.external.win_account.result.username
-  admin_password      = data.external.win_account.result.password
+  admin_username      = local.win_crendentials["username"]
+  admin_password      = local.win_crendentials["password"]
   network_interface_ids = [
     azurerm_network_interface.main.id,
   ]
@@ -148,11 +130,7 @@ resource "azurerm_windows_virtual_machine" "main" {
     caching              = "ReadWrite"
   }
 
-  tags = {
-    Environment = "${var.tagname}"
-    Name        = "${var.OS_version}-${var.benchmark_type}"
-    Repository  = "${var.repository}"
-  }
+  tags = local.tags
 }
 
 ## Install the custom script VM extension to each VM. When the VM comes up,
@@ -166,12 +144,14 @@ resource "azurerm_virtual_machine_extension" "enablewinrm" {
   type                       = "CustomScriptExtension" ## az vm extension image list --location eastus Only use CustomScriptExtension here
   type_handler_version       = "1.10"                  ## az vm extension image list --location eastus
   auto_upgrade_minor_version = true
-  settings                   = <<SETTINGS
+  settings                   = jsonencode(
     {
-      "fileUris": ["https://raw.githubusercontent.com/ansible-lockdown/github_windows_IaC/devel/scripts/ConfigureRemotingForAnsible.ps1"],
-      "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1"
+      fileUris = [
+        "https://raw.githubusercontent.com/ansible-lockdown/github_windows_IaC/devel/scripts/ConfigureRemotingForAnsible.ps1"
+      ]
+      commandToExecute = "powershell -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1"
     }
-SETTINGS
+  )
 }
 
 // generate inventory file
@@ -179,23 +159,29 @@ resource "local_file" "inventory" {
   filename             = "./hosts.yml"
   directory_permission = "0755"
   file_permission      = "0644"
-  content              = <<EOF
-    # benchmark host
-    all:
-      hosts:
-        ${var.hostname}:
-          ansible_host: ${azurerm_public_ip.main.ip_address}
-      vars:
-        ansible_user: "${data.external.win_account.result.username}"
-        ansible_password: "${data.external.win_account.result.password}"
-        setup_audit: true
-        run_audit: true
-        system_is_ec2: true
-        audit_git_version: devel
-        win_skip_for_test: true
-        ansible_connection: winrm
-        ansible_winrm_server_cert_validation: ignore
-        ansible_winrm_operation_timeout_sec: 120
-        ansible_winrm_read_timeout_sec: 180
-    EOF
+  content              = yamlencode(
+    {
+      # benchmark host
+      all = {
+        hosts = {
+          (var.hostname) = {
+            ansible_host = azurerm_public_ip.main.ip_address
+          }
+        }
+        vars = {
+          ansible_user                         = local.win_crendentials["username"]
+          ansible_password                     = local.win_crendentials["password"]
+          setup_audit                          = true
+          run_audit                            = true
+          system_is_ec2                        = true
+          audit_git_version                    = "devel"
+          win_skip_for_test                    = true
+          ansible_connection                   = "winrm"
+          ansible_winrm_server_cert_validation = "ignore"
+          ansible_winrm_operation_timeout_sec  = 120
+          ansible_winrm_read_timeout_sec       = 180
+        }
+      }
+    }
+  )
 }
diff --git a/vars.tf b/vars.tf
index 19368ff..daf6eb6 100644
--- a/vars.tf
+++ b/vars.tf
@@ -56,3 +56,9 @@ variable "repository" {
   description = "The repository thats being tested"
   type        = string
 }
+
+variable "run_job_id" {
+  description = "The Run Job ID from Github"
+  type        = string
+  default     = "0"
+}
\ No newline at end of file

From 0051ed5aefdd1ef59ca05c49066ce8ed7aa68802 Mon Sep 17 00:00:00 2001
From: fortinm <mathieu.fortin@autodesk.com>
Date: Sat, 8 Jun 2024 23:05:03 -0400
Subject: [PATCH 2/2] typo

Signed-off-by: fortinm <mathieu.fortin@autodesk.com>
---
 main.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index 12dd7a8..7982a1e 100644
--- a/main.tf
+++ b/main.tf
@@ -16,7 +16,7 @@ terraform {
 locals {
   name_prefix = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-${var.run_job_id}"
   # Read Username and password from file
-  win_crendentials = jsondecode(file("sensitive_info.json"))
+  win_credentials = jsondecode(file("sensitive_info.json"))
   tags = {
     Environment = var.tagname
     Name        = "${var.OS_version}-${var.benchmark_type}"
@@ -112,8 +112,8 @@ resource "azurerm_windows_virtual_machine" "main" {
   resource_group_name = azurerm_resource_group.main.name
   location            = azurerm_resource_group.main.location
   size                = var.system_size
-  admin_username      = local.win_crendentials["username"]
-  admin_password      = local.win_crendentials["password"]
+  admin_username      = local.win_credentials["username"]
+  admin_password      = local.win_credentials["password"]
   network_interface_ids = [
     azurerm_network_interface.main.id,
   ]
@@ -169,8 +169,8 @@ resource "local_file" "inventory" {
           }
         }
         vars = {
-          ansible_user                         = local.win_crendentials["username"]
-          ansible_password                     = local.win_crendentials["password"]
+          ansible_user                         = local.win_credentials["username"]
+          ansible_password                     = local.win_credentials["password"]
           setup_audit                          = true
           run_audit                            = true
           system_is_ec2                        = true