inspec/test/integration/azure/build/azure.tf
Clinton Wolfe 118b8a9fc5 Various small fixes/adjustments to the integration tests for AWS and Azure (#2745)
* Fix formatting of iam user integration tests by placing them in controls
* Fix subnet AZ test by making it an attribute; can't hardcode it
* Fix VPC ID fixture export for subnet testing
* Rename Azure integration tasks to match AWS and allow on-demand attribute dump

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-26 16:37:36 -05:00

284 lines
8.8 KiB
HCL

# Configure variables
variable "storage_account_name" {}
variable "admin_password" {}
variable "subscription_id" {}
variable "client_id" {}
variable "client_secret" {}
variable "tenant_id" {}
# Set a unique string which will be appended to public facing items
# to ensure there are no clashes
variable "suffix" {}
variable "location" {
default = "West Europe"
}
# Output the sub ID so the fixture system has something to chew on
output "subscription_id" {
value = "${var.subscription_id}"
}
# Configure the Azure RM provider
provider "azurerm" {
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
}
# Create a resource group for the machine to be created in
resource "azurerm_resource_group" "rg" {
name = "Inspec-Azure"
location = "${var.location}"
tags {
CreatedBy = "Inspec Azure Integration Tests"
}
}
# Create the storage account to be used
resource "azurerm_storage_account" "sa" {
name = "${var.storage_account_name}"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
account_tier = "Standard"
account_replication_type = "LRS"
}
# Create the container in which the hard disks for the machine(s) will be stored
resource "azurerm_storage_container" "container" {
name = "vhds"
resource_group_name = "${azurerm_resource_group.rg.name}"
storage_account_name = "${azurerm_storage_account.sa.name}"
container_access_type = "private"
}
# Create a Public IP
resource "azurerm_public_ip" "public_ip_1" {
name = "Inspec-PublicIP-1"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
public_ip_address_allocation = "dynamic"
domain_name_label = "linux-external-1-${var.suffix}"
}
# Create a network security group so it can be tested
resource "azurerm_network_security_group" "nsg" {
name = "Inspec-NSG"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
security_rule {
name = "SSH-22"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
# Create the virtual network for the machines
resource "azurerm_virtual_network" "vnet" {
name = "Inspec-VNet"
address_space = ["10.1.1.0/24"]
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
}
# Create the subnet
resource "azurerm_subnet" "subnet" {
name = "Inspec-Subnet"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
address_prefix = "10.1.1.0/24"
# Attach the NSG to the subnet
network_security_group_id = "${azurerm_network_security_group.nsg.id}"
}
# Create the NIC for the internal machine
# Give the machine a static IP Address
resource "azurerm_network_interface" "nic1" {
name = "Inspec-NIC-1"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
ip_configuration {
name = "ipConfiguration1"
subnet_id = "${azurerm_subnet.subnet.id}"
private_ip_address_allocation = "static"
private_ip_address = "10.1.1.10"
}
}
resource "azurerm_network_interface" "nic2" {
name = "Inspec-NIC-2"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
ip_configuration {
name = "ipConfiguration1"
subnet_id = "${azurerm_subnet.subnet.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.public_ip_1.id}"
}
}
resource "azurerm_network_interface" "nic3" {
name = "Inspec-NIC-3"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
ip_configuration {
name = "ipConfiguration1"
subnet_id = "${azurerm_subnet.subnet.id}"
private_ip_address_allocation = "dynamic"
}
}
# Create the machine for testing
resource "azurerm_virtual_machine" "vm_linux_internal" {
name = "Linux-Internal-VM"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
network_interface_ids = ["${azurerm_network_interface.nic1.id}"]
vm_size = "Standard_DS2_v2"
# Configure machine with Ubuntu
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04.0-LTS"
version = "latest"
}
# Create the OS disk
storage_os_disk {
name = "Linux-Internal-OSDisk-MD"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
# Specify the name of the machine and the access credentials
os_profile {
computer_name = "linux-internal-1"
admin_username = "azure"
admin_password = "${var.admin_password}"
}
os_profile_linux_config {
disable_password_authentication = false
}
# Add boot diagnostics to the machine. These will be added to the
# created storage acccount
boot_diagnostics {
enabled = true
storage_uri = "${azurerm_storage_account.sa.primary_blob_endpoint}"
}
}
resource "azurerm_virtual_machine" "vm_linux_external" {
name = "Linux-External-VM"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
network_interface_ids = ["${azurerm_network_interface.nic2.id}"]
vm_size = "Standard_DS2_v2"
tags {
Description = "Externally facing Linux machine to be used as a web server"
}
# Configure machine with Ubuntu
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04.0-LTS"
version = "latest"
}
# Create the OS disk
storage_os_disk {
name = "linux-external-osdisk"
vhd_uri = "${azurerm_storage_account.sa.primary_blob_endpoint}${azurerm_storage_container.container.name}/linux-external-osdisk.vhd"
caching = "ReadWrite"
create_option = "FromImage"
}
# Create 1 data disk to be used for testing
storage_data_disk {
name = "linux-external-datadisk-1"
vhd_uri = "${azurerm_storage_account.sa.primary_blob_endpoint}${azurerm_storage_container.container.name}/linux-internal-datadisk-1.vhd"
disk_size_gb = 15
create_option = "empty"
lun = 0
}
# Specify the name of the machine and the access credentials
os_profile {
computer_name = "linux-external-1"
admin_username = "azure"
admin_password = "${var.admin_password}"
}
os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/azure/.ssh/authorized_keys"
key_data = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOxB7GqUxppqRBG5pB2fkkhlWkWUWmFjO3ZEc+VW70erOJWfUvhzBDDQziAOVKtNF2NsY0uyRJqwaP1idL0F7GDQtQl+HhkKW1gOCoTrNptJiYfIm05jTETRWObP0kGMPoAWlkWPBluUAI74B4nkvg7SKNpe36IZhuA8/kvVjxBfWy0r/b/dh+QEIb1eE8HfELAN8SrvrydT7My7g0YFT65V00A2HVa5X3oZaBXRKbmd5gZXBJXEbgHZqA9+NnIQkZXH0vkYYOQTANB8taVwjNVftpXzf2zEupONCYOOoIAep2tXuv2YmWuHr/Y5rCv2mK28ZVcM7W9UmwM0CMHZE7 azure@inspec.local"
}
}
}
resource "azurerm_virtual_machine" "vm_windows_internal" {
name = "Windows-Internal-VM"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
network_interface_ids = ["${azurerm_network_interface.nic3.id}"]
vm_size = "Standard_DS2_v2"
# Configure machine with Ubuntu
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
}
# Create the OS disk
storage_os_disk {
name = "Windows-Internal-OSDisk-MD"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
# Create 1 data disk to be used for testing
storage_data_disk {
name = "Windows-Internal-DataDisk-1-MD"
create_option = "Empty"
managed_disk_type = "Standard_LRS"
lun = 0
disk_size_gb = "1024"
}
# Specify the name of the machine and the access credentials
os_profile {
computer_name = "win-internal-1"
admin_username = "azure"
admin_password = "${var.admin_password}"
}
os_profile_windows_config {
provision_vm_agent = true
}
}