From 687ad3663b58dc0d11456527f8032d68b3482ae2 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Mon, 13 May 2024 11:07:51 +0100 Subject: [PATCH 1/5] feat: container run as current user --- avm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm b/avm index 69f9ce0..17f91ae 100755 --- a/avm +++ b/avm @@ -18,4 +18,4 @@ if [ -z "$1" ]; then exit 1 fi -$CONTAINER_RUNTIME run --pull always --rm -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" +$CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" From 08ea089c94916ca5ea51bf04a379ee16bc5ff45d Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Tue, 14 May 2024 15:09:03 +0100 Subject: [PATCH 2/5] feat: add group mount --- avm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm b/avm index 17f91ae..bd4ec6b 100755 --- a/avm +++ b/avm @@ -18,4 +18,4 @@ if [ -z "$1" ]; then exit 1 fi -$CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" +$CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" From 6571e91b1cd16fbfa66852bd3d4d540d848269ed Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 15 May 2024 13:06:45 +0100 Subject: [PATCH 3/5] feat: detect if in container Allows use of avm script when running in a codespace/devcontainer --- avm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/avm b/avm index bd4ec6b..6b7bf20 100755 --- a/avm +++ b/avm @@ -18,4 +18,8 @@ if [ -z "$1" ]; then exit 1 fi -$CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" +if [ -z "$AVM_IN_CONTAINER" ]; then + $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" +else + make "$1" +fi From 179ac18f56c40dbfb98a8eaa4ef4187ba880a6f2 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Thu, 16 May 2024 11:03:34 +0100 Subject: [PATCH 4/5] style: comments --- avm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/avm b/avm index 6b7bf20..6668be7 100755 --- a/avm +++ b/avm @@ -18,6 +18,8 @@ if [ -z "$1" ]; then exit 1 fi +# Check if we are running in a container +# If we are then just run make directly if [ -z "$AVM_IN_CONTAINER" ]; then $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" else From 483669fbbad3c8140beca5f0143fba209a503df1 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Thu, 16 May 2024 11:52:49 +0100 Subject: [PATCH 5/5] feat: add lcoation var and tidy --- locals.tf | 4 ---- variables.tf | 15 +++++++-------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/locals.tf b/locals.tf index 04b8074..73fc331 100644 --- a/locals.tf +++ b/locals.tf @@ -1,6 +1,5 @@ # TODO: insert locals here. locals { - managed_identities = { system_assigned_user_assigned = (var.managed_identities.system_assigned || length(var.managed_identities.user_assigned_resource_ids) > 0) ? { this = { @@ -20,7 +19,6 @@ locals { } } : {} } - # Private endpoint application security group associations. # We merge the nested maps from private endpoints and application security group associations into a single map. private_endpoint_application_security_group_associations = { for assoc in flatten([ @@ -32,7 +30,5 @@ locals { } ] ]) : "${assoc.pe_key}-${assoc.asg_key}" => assoc } - role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions" - } diff --git a/variables.tf b/variables.tf index 5722d2d..26ed91b 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,9 @@ +variable "location" { + type = string + description = "Azure region where the resource should be deployed." + nullable = false +} + variable "name" { type = string description = "The name of the this resource." @@ -94,12 +100,6 @@ If it is set to false, then no telemetry will be collected. DESCRIPTION } -variable "location" { - type = string - nullable = false - description = "Azure region where the resource should be deployed." -} - variable "lock" { type = object({ kind = string @@ -195,8 +195,8 @@ DESCRIPTION variable "private_endpoints_manage_dns_zone_group" { type = bool default = true - nullable = false description = "Whether to manage private DNS zone groups with this module. If set to false, you must manage private DNS zone groups externally, e.g. using Azure Policy." + nullable = false } variable "role_assignments" { @@ -225,7 +225,6 @@ DESCRIPTION nullable = false } - # tflint-ignore: terraform_unused_declarations variable "tags" { type = map(string)