Adding module to create open-ai keys

.devcontainer/devcontainer.json

@@ -0,0 +1,47 @@
+{
+	"image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04@sha256:167e522ad50971b29dda8c09faac30562fce5a7596f1aba765995728985184b8",
+	"features": {
+		"ghcr.io/devcontainers/features/azure-cli:1": {
+			"installBicep": true
+		},
+		"ghcr.io/devcontainers/features/terraform:1": {
+			"installTFsec": true,
+			"installTerraformDocs": true
+		},
+		"ghcr.io/devcontainers-contrib/features/checkov:1": {
+			"version": "latest"
+		}
+	},
+	"customizations": {
+		// Configure properties specific to VS Code.
+		"vscode": {		
+			// Add the IDs of extensions you want installed when the container is created.
+			"extensions": [
+				"ms-vscode.azurecli",
+				"hashicorp.terraform",
+				"github.copilot",
+				"ms-azuretools.vscode-bicep",
+				"msazurermtools.azurerm-vscode-tools",
+				"mhutchie.git-graph",
+				"eamodio.gitlens",
+				"esbenp.prettier-vscode",
+				"timonwong.shellcheck",
+				"GitHub.copilot-chat",
+				"hashicorp.hcl"
+			],
+			// Set *default* container specific settings.json values on container create.
+			"settings": {
+				"terminal.integrated.defaultProfile.linux": "zsh", 
+				"terminal.integrated.profiles.linux": {
+					"zsh": {
+						"path": "/bin/zsh"
+					}
+				},
+				"[terraform]": {
+					"editor.formatOnSave": true
+				}
+			}
+		}
+	},
+	"postCreateCommand": "zsh .devcontainer/postCreateCommand.sh"
+}

.devcontainer/postCreateCommand.sh

@@ -0,0 +1,11 @@
+#!/bin/zsh
+
+touch /home/vscode/.zshrc 
+echo 'complete -C /usr/local/bin/terraform terraform' >> /home/vscode/.zshrc 
+echo 'complete -C /usr/local/bin/terraform terragrunt' >> /home/vscode/.zshrc 
+echo 'alias tf=\"terraform\"' >> /home/vscode/.zshrc 
+echo 'alias tg=\"terragrunt\"' >> /home/vscode/.zshrc 
+echo 'alias ll=\"ls -la\"' >> /home/vscode/.zshrc
+
+# Azure CLI login
+az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID

.github/workflows/tf_apply.yml

@@ -0,0 +1,47 @@
+name: "Terraform apply"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "terragrunt/**"
+      - ".github/workflows/**"
+env:
+  TERRAFORM_VERSION: 1.9.8
+  TERRAGRUNT_VERSION: 0.68.2
+  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID}}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_TF_STATE_SUBSCRIPTION_ID}}
+  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  AZURE_RESOURCES_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCES_RESOURCE_GROUP_NAME}}
+  AZURE_RESOURCES_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_RESOURCES_STORAGE_ACCOUNT_NAME}}
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terragrunt-apply:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Terraform Tools
+        uses: cds-snc/terraform-tools-setup@v1
+
+        # Log into Azure
+      - name: Azure Login using OIDC
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
+        with:
+          tenant-id: ${{ env.ARM_TENANT_ID }}
+          client-id: ${{ env.ARM_CLIENT_ID }}
+          subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
+
+      - name: Apply Terraform 
+        working-directory: terragrunt 
+        env:
+          ARM_USE_OIDC: true
+        run: |
+          terragrunt run-all init --terragrunt-non-interactive
+          terragrunt apply --terragrunt-non-interactive -auto-approve

.github/workflows/tf_plan.yml

@@ -0,0 +1,52 @@
+name: "Terraform plan"
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - "terragrunt/**"
+      - ".github/workflows/**"
+env:
+  TERRAFORM_VERSION: 1.9.8
+  TERRAGRUNT_VERSION: 0.68.2
+  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID}}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_TF_STATE_SUBSCRIPTION_ID}}
+  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  AZURE_RESOURCES_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCES_RESOURCE_GROUP_NAME}}
+  AZURE_RESOURCES_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_RESOURCES_STORAGE_ACCOUNT_NAME}}
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  terraform-plan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Terraform
+        uses: cds-snc/terraform-tools-setup@v1
+
+        # Log into Azure
+      - name: Azure Login using OIDC
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
+        with:
+          tenant-id: ${{ env.ARM_TENANT_ID }}
+          client-id: ${{ env.ARM_CLIENT_ID }}
+          subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
+
+      - name: Terraform plan
+        uses: cds-snc/terraform-plan@8986e57fae5b6758df6b977b9813b11622eac395 #v3.3.1
+        env:
+          ARM_USE_OIDC: true
+          RESOURCE_GROUP_NAME: ${{ env.AZURE_RESOURCES_RESOURCE_GROUP_NAME}}
+          STORAGE_ACCOUNT_NAME: ${{ env.AZURE_RESOURCES_STORAGE_ACCOUNT_NAME}}
+        with:
+          comment-delete: true
+          comment-title: Terraform Plan
+          plan-character-limit: 100000
+          directory: ./terragrunt
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          terragrunt: true

.gitignore

@@ -0,0 +1,75 @@
+# Source for .gitignore file: https://www.gitignore.io/api/terraform
+
+.*.sw?
+.idea
+terragrunt.iml
+vendor
+.terraform
+.vscode
+*.tfstate
+*.tfstate.backup
+*.out
+.terragrunt-cache
+.bundle
+.ruby-version
+.terraform.lock.hcl
+.DS_Store
+mocks/
+.go-version
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+!terragrunt/terraform.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+!example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+*/**/backend.tf
+backend.tf
+common_variables.tf
+provider.tf
+!terragrunt/common/provider.tf
+!terragrunt/common/common_variables.tf
+
+secrets.auto.tfvars
+debug.log
+creds.sh
+
+.tool-versions
+.DS_Store
+
+__pycache__
+
+local

README.md

@@ -1,10 +1,9 @@
-# Generic Project Template
+# CDS Repo to host terraform modules related to managing our azure infrastructure
 
-This repository provides some base files for setting up a repository at
-CDS. Plan is to create more project template for specific technologies:
+This repo is a collection of terraform modules and instantiations that are used to manage our azure infrastructure. 
 
-- project-template-terraform
-- project-template-python
-- project-template-nodejs
+Examples of the modules include:
+- gh_oidc - A module that creates an Azure AD application that can be used to authenticate users with GitHub using OIDC.
+- openai-azure - A module that creates and deploys the OpenAI GPT-4 API on it.
 
-Note that default community health files are maintained at https://github.com/cds-snc/.github 
+More documenation and resources coming up soon.

terragrunt/common/common_variables.tf

@@ -0,0 +1,26 @@
+variable "root_id" {
+  type    = string
+  default = "cds-snc"
+}
+
+variable "root_name" {
+  type    = string
+  default = "CDS-SNC"
+}
+
+variable "region" {
+  type    = string
+  default = "canadacentral"
+}
+
+variable "primary_location" {
+  type        = string
+  description = "Sets the location for \"primary\" resources to be created in."
+  default     = "canadacentral"
+}
+
+variable "secondary_location" {
+  type        = string
+  description = "Sets the location for \"secondary\" resources to be created in."
+  default     = "canadaeast"
+}

terragrunt/common/providers.tf

@@ -0,0 +1,66 @@
+# # terraform {
+# #   required_providers {
+# #     azurerm = {
+# #       source  = "hashicorp/azurerm"
+# #       version = "~>3.0"
+# #     }
+# #     random = {
+# #       source  = "hashicorp/random"
+# #       version = "~>3.0"
+# #     }
+# #   }
+# # }
+
+# # provider "azurerm" {
+# #   features {}
+# # }
+
+# terraform {
+#   required_providers {
+
+#     azuread = {
+#       source  = "hashicorp/azuread"
+#       version = "2.53.1"
+#     }
+
+#   }
+
+# }
+
+
+# provider "azuread" {
+#   tenant_id = local.tenant_id
+# }
+
+# provider "azurerm" {
+#   features {
+#     resource_group {
+#       prevent_deletion_if_contains_resources = true
+#     }
+#     template_deployment {
+#       delete_nested_items_during_deletion = false
+#     }
+#   }
+# }
+
+# data "azuread_client_config" "current" {}
+
+# data "azurerm_client_config" "current" {
+# }
+
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.107"
+    }
+    azapi = {
+      source  = "Azure/azapi"
+      version = ">= 1.13.1"
+    }
+  }
+}
+
+provider "azapi" {
+  use_msi = false
+}