feat: add managed devops pool and dev center

data-platform-hq · Dec 5, 2024 · 5f53154 · 5f53154
1 parent 1c8b6a2
commit 5f53154
Show file tree

Hide file tree

Showing 6 changed files with 167 additions and 0 deletions.
diff --git a/data.tf b/data.tf
@@ -0,0 +1,19 @@
+data "azurerm_client_config" "this" {}
+
+data "azuredevops_client_config" "this" {}
+
+data "azurerm_subscription" "current" {}
+
+data "azurerm_resource_group" "this" {
+  name = var.resource_group
+}
+
+data "azuredevops_project" "this" {
+  name = var.ado_project_name
+}
+
+data "azuredevops_agent_queue" "this" {
+  project_id = data.azuredevops_project.this.project_id
+  name       = module.managed_devops_pool.name
+  depends_on = [module.managed_devops_pool]
+}
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,4 @@
+locals {
+  ado_organization_name = split("/",
+  data.azuredevops_client_config.this.organization_url)[3]
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,53 @@
+resource "azurerm_dev_center" "this" {
+  location            = var.location
+  name                = var.dev_center_name
+  resource_group_name = var.resource_group
+}
+
+resource "azurerm_dev_center_project" "this" {
+  dev_center_id       = azurerm_dev_center.this.id
+  location            = var.location
+  name                = var.dev_center_project_name
+  resource_group_name = var.resource_group
+}
+
+resource "azurerm_role_assignment" "net-contrib" {
+  scope                = data.azurerm_subscription.current.id
+  role_definition_name = "Network Contributor"
+  principal_id         = var.aad_sp_devopsinfrastructure_id
+}
+
+resource "azurerm_role_assignment" "reader" {
+  scope                = data.azurerm_subscription.current.id
+  role_definition_name = "Reader"
+  principal_id         = var.aad_sp_devopsinfrastructure_id
+}
+
+resource "azuredevops_pipeline_authorization" "this" {
+  project_id  = data.azuredevops_project.this.project_id
+  resource_id = data.azuredevops_agent_queue.this.id
+  type        = "queue"
+  depends_on  = [module.managed_devops_pool]
+}
+
+module "managed_devops_pool" {
+  source                         = "Azure/avm-res-devopsinfrastructure-pool/azurerm"
+  resource_group_name            = var.resource_group
+  location                       = var.location
+  name                           = var.devops_pool_name
+  dev_center_project_resource_id = azurerm_dev_center_project.this.id
+  subnet_id                      = var.subnet_id
+  organization_profile = {
+    organizations = [{
+      name     = local.ado_organization_name
+      projects = [var.ado_project_name]
+    }]
+    permission_profile = {
+      kind = "Inherit"
+    }
+  }
+  maximum_concurrency = var.devops_pool_max_concurrency
+  enable_telemetry    = var.enable_telemetry
+  depends_on          = [azurerm_role_assignment.reader, azurerm_role_assignment.net-contrib]
+}
+
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,4 @@
+# output "devops_pool_resource_id" {
+#   value = module.managed_devops_pool.resource_id
+#   description = "Resource ID of managed DevOps pool"
+# }
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,57 @@
+variable "resource_group" {
+  description = "The name of the resource group."
+  type        = string
+}
+
+variable "location" {
+  description = "The Azure Region in which all resources in this example should be created."
+  type        = string
+}
+
+variable "ado_project_name" {
+  description = "Target Azure DevOps Project name where VMSS agent pool would be provisioned"
+  type        = string
+}
+
+variable "dev_center_name" {
+  description = "Name of DevCenter in which managed DevOps pool will be created"
+  type        = string
+}
+
+variable "dev_center_project_name" {
+  description = "Name of DevCenter project where managed DevOps pool will be created"
+  type        = string
+}
+
+variable "aad_sp_devopsinfrastructure_id" {
+  description = "Object ID of Entra ID service principal named DevOpsInfrastructure"
+  type        = string
+  default     = "72055c5c-4353-4d6d-8838-bacee04b729d"
+}
+
+variable "devops_pool_name" {
+  description = "Name of managed DevOps pool"
+  type        = string
+}
+
+variable "devops_pool_max_concurrency" {
+  description = "Maximum number of nodes in DevOps pool's VMSS"
+  type        = number
+  default     = 3
+}
+
+variable "subnet_id" {
+  description = "Subnet where VM Scale Sets would be provisioned"
+  type        = string
+}
+
+variable "vnet_id" {
+  description = "Resource ID of virtual network where subnet delegated for DevOps pool will be located"
+  type        = string
+}
+
+variable "enable_telemetry" {
+  description = "Boolean flag that determines whether telemetry should be enabled"
+  type        = bool
+  default     = false
+}
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,30 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.104.2, >=4.0.1"
+    }
+    azuredevops = {
+      source  = "microsoft/azuredevops"
+      version = ">= 1.1.1"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "=4.0.5"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.6"
+    }
+    azapi = {
+      source  = "Azure/azapi"
+      version = "~> 1.15"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "3.0.2"
+    }
+  }
+}