Radix Terraform Provider

[Richard87]

Make it easier to deploy radix application in their existing Infrastructure as Code (IaC) tooling. Might be an option to avoid managing azure resources ourselves, or in combination

• Register Application (insert users deploy key / webhook secret)
• Configure workload identities
• Approve private links?
• Configure/Override Secrets (restart after update)?
• Configure/Override Variables (restart after update)?
• target cluster
• Read public deploy key, webhook secret, oidc issuers

https://www.hashicorp.com/blog/writing-custom-terraform-providers

data radix_cluster this {
  id    =  weekly-38
  #name =  dev  / playground / platform / c2
}

# Generate an ssh key using provider "hashicorp/tls"
resource "tls_private_key" "example_repository_deploy_key" {
  algorithm = "ED25519"
}

# Add the ssh key as a deploy key
resource "github_repository_deploy_key" "example_repository_deploy_key" {
  title      = "Repository test key"
  repository = "test-repo"
  key        = tls_private_key.example_repository_deploy_key.public_key_openssh
  read_only  = true
}
resource radix_registration this {
  cluster                =  data.radix_cluster.this.id
  name                   =  myapp
  github_repository      = "github.com/foo.git"
  github_branch          = "main"
  radix_config           = "radixconfig.yaml"
  configuration_item     = 123456
  administrators         = ["sosj", "rihag"]
  deploy_key             = tls_private_key.example_repository_deploy_key.public_key_openssh
  webhook_secret         = data.azurerm_keyvault_secret.webhook_secret.value
  build_deploy_on_create = true
}
resource radix_secret my_pass {
    application = radix_registration.this.id
    environment = dev
    name        =  my_pass
    secret       =  data.azurerm_keyvault_secret.password.value

   restart_on_change = false
}

resource radix_variable my_var {
    application = radix_registration.this.id
    environment = dev
    name        =  my_var 
    value       =  data.radix_cluster.this.oidc_issuer[0]

   restart_on_change = true
}

resource "azurerm_user_assigned_identity" "main" {
  name                = local.managed_id_name
  location            = azurerm_servicebus_namespace.main.location
  resource_group_name = azurerm_servicebus_namespace.main.resource_group_name
}
resource "azurerm_federated_identity_credential" "web" {
  for_each            = data.radix_cluster.this.radix_oidc_issuer_urls

  audience            = ["api://AzureADTokenExchange"]
  issuer              = each.value
  name                = "${each.key}_web"
  resource_group_name = azurerm_servicebus_namespace.main.resource_group_name
  subject             = "system:serviceaccount:${radix_registration.this.name}-dev:web-sa"
  parent_id           = azurerm_user_assigned_identity.main.id
}

output "client_id" {
  value = azurerm_user_assigned_identity.main.client_id
}

package main

import (
    "github.com/hashicorp/terraform/helper/schema"
)

func main() {
	plugin.Serve(&plugin.ServeOpts{
		ProviderFunc: func() *schema.Provider {
			return Provider()
		},
	})
}

func Provider() *schema.Provider {
    return &schema.Provider{
        ResourcesMap: map[string]*schema.Resource{
            "radix_application": radixApplicationResource(),
        },
    }
}

func radixApplicationResource() *schema.Resource {
    return &schema.Resource{
        Create: applicationCreate,
        Read:   resourceServerRead,
        Update: resourceServerUpdate,
        Delete: resourceServerDelete,

        Schema: map[string]*schema.Schema{
            "address": &schema.Schema{
                Type:     schema.TypeString,
                Required: true,
            },
        },
    }
}

func applicationCreate(d *schema.ResourceData, m interface{}) error {
    return nil
}

func applicationRead(d *schema.ResourceData, m interface{}) error {
    return nil
}

func applicationUpdate(d *schema.ResourceData, m interface{}) error {
    return nil
}

func aapplicationDelete(d *schema.ResourceData, m interface{}) error {
    return nil
}