chore: adding files to modules

florianow · florianow · commit dadec5d897b6 · 2025-06-20T15:59:21.000+02:00
chore: adding files to modules

chore: adding files to modules

chore: adding files to modules

chore: adding files to modules

chore: adding files to modules

chore: adding files to modules

chore: adding files to modules
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -3,7 +3,7 @@ repos:
     hooks:
       - id: check-terraform-structure
         name: Check Terraform module structure
-        entry: bash ci/check_tf_structure.sh
+        entry: bash ci/check_tf_structure.sh modules/**/{backplane,buildingblock}
         language: system
         pass_filenames: false
   - repo: local
@@ -23,9 +23,11 @@ repos:
       - id: terraform_fmt
       - id: terragrunt_fmt
       - id: terraform_validate
+        exclude:
+          #some of the validation have to be excluded because the provider.tf cant be validated
+          ^modules/(github/repository|aks/(github-connector|postgresql))/buildingblock/
+
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0  # Use the ref you want to point at
     hooks:
       - id: trailing-whitespace
-        exclude: "^compliance/"
-
diff --git a/check_tf_structure.sh b/check_tf_structure.sh
diff --git a/ci/check_tf_structure.sh b/ci/check_tf_structure.sh
@@ -1,25 +1,42 @@
 #!/bin/bash
-
 set -e
 
 warnings=()
-recommended_tf_files=("main.tf" "variables.tf" "outputs.tf" "provider.tf" "versions.tf")
 
-# Nur Verzeichnisse prüfen, in denen mindestens eine .tf-Datei liegt
-for buildingblock_path in $(find . -type f -name "*.tf" -exec dirname {} \; | sort -u); do
-  for tf_file in "${recommended_tf_files[@]}"; do
-    if [[ ! -f "$buildingblock_path/$tf_file" ]]; then
-      warnings+=("⚠️  '$tf_file' fehlt in $buildingblock_path")
+# Required Terraform files
+common_tf_files=("main.tf" "variables.tf" "outputs.tf" "provider.tf" "versions.tf")
+readme_file="APP_TEAM_README.md"
+
+# Find relevant module directories
+mapfile -t paths_to_check < <(find modules/ -type d \( -path "*/buildingblock" -o -path "*/backplane" \))
+
+if [ "${#paths_to_check[@]}" -eq 0 ]; then
+  echo "❌ No Terraform module folders found."
+  exit 1
+fi
+
+# Check each directory silently unless a file is missing
+for path in "${paths_to_check[@]}"; do
+  for tf_file in "${common_tf_files[@]}"; do
+    if [[ ! -f "$path/$tf_file" ]]; then
+      warnings+=("⚠️  '$tf_file' is missing in $path")
     fi
   done
+
+  if [[ "$(basename "$path")" == "buildingblock" ]]; then
+    if [[ ! -f "$path/$readme_file" ]]; then
+      warnings+=("⚠️  '$readme_file' is missing in $path")
+    fi
+  fi
 done
 
-# Ausgabe & Exit-Code
+# Output only if something's wrong
 if [ "${#warnings[@]}" -gt 0 ]; then
+  echo "❌ Issues detected:"
   for warn in "${warnings[@]}"; do
     echo "$warn"
   done
   exit 1
 else
-  echo "✅ Alle empfohlenen Terraform-Dateien sind vorhanden."
+  exit 0
 fi
diff --git a/modules/aks/github-connector/backplane/outputs.tf b/modules/aks/github-connector/backplane/outputs.tf
diff --git a/modules/aks/github-connector/backplane/provider.tf b/modules/aks/github-connector/backplane/provider.tf
@@ -0,0 +1,7 @@
+provider "azurerm" {
+  features {}
+}
+
+provider "azuread" {}
+
+provider "kubernetes" {}
diff --git a/modules/aks/postgresql/backplane/provider.tf b/modules/aks/postgresql/backplane/provider.tf
@@ -0,0 +1,7 @@
+provider "azurerm" {
+  features {}
+}
+
+provider "azuread" {}
+
+provider "kubernetes" {}
diff --git a/modules/aks/postgresql/buildingblock/provider.tf b/modules/aks/postgresql/buildingblock/provider.tf
@@ -0,0 +1,7 @@
+provider "azurerm" {
+  features {}
+}
+
+provider "azuread" {}
+
+provider "kubernetes" {}
diff --git a/modules/aws/budget-alert/backplane/provider.tf b/modules/aws/budget-alert/backplane/provider.tf
@@ -0,0 +1,7 @@
+provider "aws" {
+  alias = "management"
+}
+
+provider "aws" {
+  alias = "backplane"
+}
diff --git a/modules/aws/s3_bucket/backplane/README.md b/modules/aws/s3_bucket/backplane/README.md
@@ -34,7 +34,10 @@ No modules.
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_s3_iam_user"></a> [aws\_s3\_iam\_user](#input\_aws\_s3\_iam\_user) | The IAM user to use for the S3 bucket | `string` | `"buildingblock-s3-user"` | no |
+| <a name="input_location"></a> [location](#input\_location) | The location of the S3 bucket | `string` | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/aws/s3_bucket/backplane/main.tf b/modules/aws/s3_bucket/backplane/main.tf
@@ -1,7 +1,7 @@
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_user" "buildingblock_s3_user" {
-  name = "buildingblock-s3-user"
+  name = var.aws_s3_iam_user
 }
 
 data "aws_iam_policy_document" "s3_full_access" {
diff --git a/modules/aws/s3_bucket/backplane/provider.tf b/modules/aws/s3_bucket/backplane/provider.tf
@@ -0,0 +1 @@
+provider "aws" {}
diff --git a/modules/aws/s3_bucket/backplane/variables.tf b/modules/aws/s3_bucket/backplane/variables.tf
@@ -0,0 +1,10 @@
+variable "aws_s3_iam_user" {
+  description = "The IAM user to use for the S3 bucket"
+  default     = "buildingblock-s3-user"
+  type        = string
+}
+
+variable "location" {
+  description = "The location of the S3 bucket"
+  type        = string
+}
diff --git a/modules/aws/s3_bucket/buildingblock/README.md b/modules/aws/s3_bucket/buildingblock/README.md
@@ -26,9 +26,7 @@ terraform {
   }
 }
 
-provider "aws" {
-  region = var.region
-}
+provider "aws" {}
 ````
 
 <!-- BEGIN_TF_DOCS -->
diff --git a/modules/aws/s3_bucket/buildingblock/provider.tf b/modules/aws/s3_bucket/buildingblock/provider.tf
@@ -1,3 +1 @@
-provider "aws" {
-  region = var.region
-}
+provider "aws" {}
diff --git a/modules/azure/budget-alert/backplane/provider.tf b/modules/azure/budget-alert/backplane/provider.tf
@@ -0,0 +1,4 @@
+provider "azurerm" {
+  features {}
+  # Configuration options
+}
diff --git a/modules/azure/key-vault/backplane/provider.tf b/modules/azure/key-vault/backplane/provider.tf
@@ -0,0 +1,4 @@
+provider "azurerm" {
+  features {}
+  # Configuration options
+}
diff --git a/modules/azure/postgresql/backplane/provider.tf b/modules/azure/postgresql/backplane/provider.tf
@@ -0,0 +1,6 @@
+provider "azurerm" {
+  features {}
+}
+
+provider "azuread" {
+}
diff --git a/modules/azure/postgresql/buildingblock/APP_TEAM_README.md b/modules/azure/postgresql/buildingblock/APP_TEAM_README.md
@@ -0,0 +1,39 @@
+# Azure PostgreSQL Database
+
+## Description
+This building block provisions a managed Azure PostgreSQL server and database via Terraform. It enables application teams to create secure, scalable relational databases with configurable performance settings, high availability, and built-in encryption.
+
+## Usage Motivation
+This building block is ideal for teams needing a fully managed PostgreSQL database within their Azure subscription. Use cases include:
+
+- Hosting application databases (e.g., for web apps or microservices)
+- Running analytics workloads
+- Powering content management systems, e-commerce platforms, etc.
+
+## Usage Examples
+
+- A team deploys a PostgreSQL server with high availability for production workloads.
+- A SaaS team provisions a developer database for testing.
+- An analytics platform sets up a read-only reporting database.
+
+## Shared Responsibility
+
+| Responsibility                                                       | Platform Team | Application Team |
+|----------------------------------------------------------------------|---------------|------------------|
+| Provisioning and maintaining the PostgreSQL building block automation | ✅            | ❌               |
+| Securing server (network, encryption, authentication)               | ✅            | ❌               |
+| Configuring performance (compute tier, storage size, HA)            | ✅¹           | ✅               |
+| Managing connection strings and credentials                         | ❌            | ✅               |
+| Designing and maintaining database schema                           | ❌            | ✅               |
+| Data seeding, migration, backups, and disaster recovery             | ❌            | ✅               |
+
+¹ Databases are created using recommended defaults; teams should adjust via variable overrides.
+
+## Configuration Recommendations
+
+- **Enable high-availability** for production workloads.
+- **Use private endpoint** to restrict network access.
+- **Configure PostgreSQL version** and compute tier based on workload demands.
+- **Use Azure Key Vault** or managed identities for secure credential storage.
+- **Apply retention and backup policies** via Terraform flags (`backup_retention_days`).
+- **Tag resources** properly for cost center, environment, and project traceability.
diff --git a/modules/gcp/budget-alert/backplane/README.md b/modules/gcp/budget-alert/backplane/README.md
@@ -33,6 +33,7 @@ No modules.
 | <a name="input_backplane_project_id"></a> [backplane\_project\_id](#input\_backplane\_project\_id) | The project hosting the building block backplane resources | `string` | n/a | yes |
 | <a name="input_backplane_service_account_name"></a> [backplane\_service\_account\_name](#input\_backplane\_service\_account\_name) | The name of the service account to be created for the backplane | `string` | `"building-block-budget-alert"` | no |
 | <a name="input_billing_account_id"></a> [billing\_account\_id](#input\_billing\_account\_id) | The billing account ID where budget permissions will be granted | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The region where the backplane resources will be deployed | `string` | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/gcp/budget-alert/backplane/provider.tf b/modules/gcp/budget-alert/backplane/provider.tf
@@ -0,0 +1,4 @@
+provider "google" {
+  project = var.backplane_project_id
+  region  = var.region
+}
diff --git a/modules/gcp/budget-alert/backplane/variables.tf b/modules/gcp/budget-alert/backplane/variables.tf
@@ -13,4 +13,9 @@ variable "backplane_service_account_name" {
   type        = string
   description = "The name of the service account to be created for the backplane"
   default     = "building-block-budget-alert"
-}
+}
+
+variable "region" {
+  type        = string
+  description = "The region where the backplane resources will be deployed"
+}
diff --git a/modules/gcp/budget-alert/backplane/versions.tf b/modules/gcp/budget-alert/backplane/versions.tf
diff --git a/modules/gcp/budget-alert/buildingblock/provider.tf b/modules/gcp/budget-alert/buildingblock/provider.tf
@@ -0,0 +1 @@
+provider "google" {}
diff --git a/modules/github/repository/buildingblock/provider.tf b/modules/github/repository/buildingblock/provider.tf
@@ -1,12 +1,3 @@
-terraform {
-  required_providers {
-    github = {
-      source  = "integrations/github"
-      version = "6.6.0"
-    }
-  }
-}
-
 provider "github" {
   app_auth {}
 }
diff --git a/modules/github/repository/buildingblock/versions.tf b/modules/github/repository/buildingblock/versions.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "6.6.0"
+    }
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`data "aws_caller_identity" "current" {}`
`2`	`2`
`3`	`3`	`resource "aws_iam_user" "buildingblock_s3_user" {`
`4`		`- name = "buildingblock-s3-user"`
	`4`	`+ name = var.aws_s3_iam_user`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`data "aws_iam_policy_document" "s3_full_access" {`