Logo

dev-resources.site

for different kinds of informations.

Building Terraform Quick Start repo part 3 – Azure DevOps API

Published at
4/3/2022
Categories
azure
devops
terraform
Author
Timur Kh
Categories
3 categories in total
azure
open
devops
open
terraform
open
Building Terraform Quick Start repo part 3 – Azure DevOps API

Now that we’ve got the Terraform part sorted, we’d like to take this project to a logical conclusion and build a reusable template for our future endeavors.

Compile or script?

Our initial idea was to write a small console app that would gather parameters and make all API calls. But this repository got us thinking, that it’s way more efficient to be able to just run the script off GitHub. So, we went to the drawing board and ended up with a Bash script. It ain’t much but it’s honest work.

Ultimately the script goes to create an ADO Project, imports its own GitHub repo into a newly created project and proceeds to set up the pipeline.

Streamlining process

With this tooling, we can now automate most of our process. We’d start by obtaining the parameters and setting up required credentials:

  1. In ADO we’ll need to create and grab a PAT of a user with permissions to manage the organization

Azure DevOps Personal Access Token setup2. In target Azure environment we need to start with finding the tenant id

  1. While we’re collecting intel, we’d also grab target Subscription Name and Id.
  2. Next step would be creating a Service Principal for Terraform.

creating Azure AD Service Principal5. By default, the principal has no permissions, so we’ll need to give it something like Contributor access on a subscription we want to manage

assigning role to Service Principal6. Finally, it’s good practice to name Azure resources in such a way that it makes sense later. We come up with a distinct prefix for Terraform state storage account. Since storage accounts have strict naming policies, our prefix must be 2-13 characters long and must only contain alphanumerics.

Once all prep work is done, running script should produce an ADO project:

ADO project build viewAnd running a default pipeline there should deploy Terraform management resource group (this is where state file will sit) and an actual workload – in our case it’s a Static Web App

deployed resources in AzureConclusion

This repository gives us a good starting point in our engagements with clients using ADO. As more clients start to pick GitHub as their platform of choice, we may have to upgrade it to use Actions. Until then, happy infrastructure-as-coding!

Featured ones: