├── terraform ├── sample-secrets.tfvars ├── sample-backend-secrets.tfvars ├── iam.tf ├── locals.tf ├── providers.tf ├── main.tf ├── bastion.tf ├── dns.tf ├── certificate.tf ├── apim.tf ├── network.tf ├── .terraform.lock.hcl ├── keyvault.tf └── appgateway.tf ├── LICENSE ├── .github ├── actions │ └── prep-terraform │ │ └── action.yaml └── workflows │ ├── import-state.yaml │ └── pipeline.yaml ├── README.md ├── .devcontainer └── devcontainer.json └── .gitignore /terraform/sample-secrets.tfvars: -------------------------------------------------------------------------------- 1 | No secrets needed in this file if you're passing the variables via the command line. -------------------------------------------------------------------------------- /terraform/sample-backend-secrets.tfvars: -------------------------------------------------------------------------------- 1 | storage_account_name = "YOUR_STORAGE_ACCOUNT_NAME" 2 | container_name = "tfstatefiles" 3 | key = "state.tfstate" 4 | access_key = "YOUR_STORAGE_KEY_GOES_HERE" -------------------------------------------------------------------------------- /terraform/iam.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_user_assigned_identity" "appgwmsi" { 2 | name = "${var.base_name}-appgw" 3 | resource_group_name = azurerm_resource_group.rg.name 4 | location = azurerm_resource_group.rg.location 5 | } -------------------------------------------------------------------------------- /terraform/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | gateway_dns_prefix = "api" 3 | management_dns_prefix = "management" 4 | devportal_dns_prefix = "developer" 5 | scm_dns_prefix = "git" 6 | 7 | apim_gateway_dns_name = "${local.gateway_dns_prefix}.${var.root_dns_name}" 8 | apim_management_dns_name = "${local.management_dns_prefix}.${var.root_dns_name}" 9 | apim_devportal_dns_name = "${local.devportal_dns_prefix}.${var.root_dns_name}" 10 | apim_scm_dns_name = "${local.scm_dns_prefix}.${var.root_dns_name}" 11 | 12 | ssl_key_size = 2048 13 | ssl_key_type = "RSA" 14 | } -------------------------------------------------------------------------------- /terraform/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.1" 3 | 4 | backend "azurerm" { 5 | environment = "public" 6 | } 7 | 8 | required_providers { 9 | azurerm = { 10 | version = "~> 3.4" 11 | } 12 | 13 | acme = { 14 | source = "vancluever/acme" 15 | version = "~> 2.4" 16 | } 17 | 18 | tls = { 19 | source = "hashicorp/tls" 20 | version = "~> 3.1.0" 21 | } 22 | } 23 | } 24 | 25 | provider "azurerm" { 26 | 27 | features { 28 | key_vault { 29 | purge_soft_delete_on_destroy = true 30 | } 31 | } 32 | } 33 | 34 | provider "acme" { 35 | server_url = "https://acme-v02.api.letsencrypt.org/directory" 36 | } 37 | 38 | provider "tls" { 39 | 40 | } -------------------------------------------------------------------------------- /terraform/main.tf: -------------------------------------------------------------------------------- 1 | variable "base_name" { 2 | type = string 3 | description = "A base for the naming scheme as part of prefix-base-suffix." 4 | } 5 | 6 | variable "location" { 7 | type = string 8 | description = "The Azure region where the resources will be created." 9 | } 10 | 11 | variable "root_dns_name" { 12 | type = string 13 | description = "The root domain name to be used for exposing the APIM site." 14 | } 15 | 16 | variable "contact_name" { 17 | description = "Full name of the contact person for APIM and SSL certifiate." 18 | type = string 19 | } 20 | 21 | variable "contact_email" { 22 | description = "Email address for APIM and SSL renewal notifications." 23 | type = string 24 | } 25 | 26 | data "azurerm_client_config" "current" {} 27 | 28 | resource "azurerm_resource_group" "rg" { 29 | name = var.base_name 30 | location = var.location 31 | } -------------------------------------------------------------------------------- /terraform/bastion.tf: -------------------------------------------------------------------------------- 1 | # resource "azurerm_network_profile" "aciprofile" { 2 | # name = "${var.base_name}-profile" 3 | # resource_group_name = azurerm_resource_group.rg.name 4 | # location = azurerm_resource_group.rg.location 5 | 6 | # container_network_interface { 7 | # name = "eth0" 8 | 9 | # ip_configuration { 10 | # name = "ipconfigprofile" 11 | # subnet_id = azurerm_subnet.bastion.id 12 | # } 13 | # } 14 | # } 15 | 16 | # resource "azurerm_container_group" "bastion" { 17 | # name = "${var.base_name}-aci" 18 | # resource_group_name = azurerm_resource_group.rg.name 19 | # location = azurerm_resource_group.rg.location 20 | 21 | # ip_address_type = "Private" 22 | # os_type = "Linux" 23 | 24 | # network_profile_id = azurerm_network_profile.aciprofile.id 25 | 26 | # container { 27 | # name = "bastion" 28 | # image = "radial/busyboxplus:curl" 29 | # cpu = "0.5" 30 | # memory = "1.5" 31 | 32 | # ports { 33 | # port = 80 34 | # protocol = "TCP" 35 | # } 36 | # } 37 | # } 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Microsoft Azure - SW Region 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /terraform/dns.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_dns_zone" "dns" { 2 | name = var.root_dns_name 3 | resource_group_name = azurerm_resource_group.rg.name 4 | } 5 | 6 | resource "azurerm_dns_a_record" "gateway" { 7 | name = local.gateway_dns_prefix 8 | zone_name = azurerm_dns_zone.dns.name 9 | resource_group_name = azurerm_resource_group.rg.name 10 | ttl = 300 11 | records = [ azurerm_public_ip.ip.ip_address ] 12 | } 13 | 14 | resource "azurerm_dns_a_record" "management" { 15 | name = local.management_dns_prefix 16 | zone_name = azurerm_dns_zone.dns.name 17 | resource_group_name = azurerm_resource_group.rg.name 18 | ttl = 300 19 | records = [ azurerm_public_ip.ip.ip_address ] 20 | } 21 | 22 | resource "azurerm_dns_a_record" "devportal" { 23 | name = local.devportal_dns_prefix 24 | zone_name = azurerm_dns_zone.dns.name 25 | resource_group_name = azurerm_resource_group.rg.name 26 | ttl = 300 27 | records = [ azurerm_public_ip.ip.ip_address ] 28 | } 29 | 30 | resource "azurerm_dns_a_record" "scm" { 31 | name = local.scm_dns_prefix 32 | zone_name = azurerm_dns_zone.dns.name 33 | resource_group_name = azurerm_resource_group.rg.name 34 | ttl = 300 35 | records = [ azurerm_public_ip.ip.ip_address ] 36 | } -------------------------------------------------------------------------------- /.github/actions/prep-terraform/action.yaml: -------------------------------------------------------------------------------- 1 | # name: "Prepare Terraform" 2 | # description: "Executes Terraform install and init steps" 3 | 4 | # inputs: 5 | # code-path: 6 | # description: 'Location of Terraform directory' 7 | # required: true 8 | 9 | # env: 10 | 11 | # # Used by Terraform for Service Principal authentication 12 | # # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret#configuring-the-service-principal-in-terraform 13 | # ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }} 14 | # ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }} 15 | # ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }} 16 | # ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }} 17 | 18 | # runs: 19 | # using: "composite" 20 | # steps: 21 | # # Terraform Setup 22 | # - uses: hashicorp/setup-terraform@v1 23 | 24 | # # Terraform Init 25 | # - name: Terraform Init 26 | # shell: bash 27 | # working-directory: ${{ inputs.code-path }} 28 | # run: | 29 | # terraform init \ 30 | # -backend-config="storage_account_name=${{ secrets.TF_STATE_ACCOUNT }}" \ 31 | # -backend-config="container_name=${{ secrets.TF_STATE_CONTAINER }}" \ 32 | # -backend-config="access_key=${{ secrets.TF_STATE_SECRET }}" \ 33 | # -backend-config="key=${{ secrets.PARAM_BASE_NAME }}.tfstate" -------------------------------------------------------------------------------- /terraform/certificate.tf: -------------------------------------------------------------------------------- 1 | # Generate a private key for LetsEncrypt account 2 | resource "tls_private_key" "reg_private_key" { 3 | algorithm = local.ssl_key_type 4 | } 5 | 6 | # Create an LetsEncrypt registration 7 | resource "acme_registration" "reg" { 8 | account_key_pem = tls_private_key.reg_private_key.private_key_pem 9 | email_address = var.contact_email 10 | } 11 | 12 | # Generate LetsEncrypt certificates using Azure DNS 13 | resource "acme_certificate" "ssl" { 14 | account_key_pem = acme_registration.reg.account_key_pem 15 | common_name = var.root_dns_name 16 | key_type = local.ssl_key_size 17 | 18 | subject_alternative_names = [ 19 | local.apim_gateway_dns_name, 20 | local.apim_management_dns_name, 21 | local.apim_devportal_dns_name, 22 | local.apim_scm_dns_name 23 | ] 24 | 25 | min_days_remaining = 60 26 | 27 | dns_challenge { 28 | provider = "azure" 29 | 30 | config = { 31 | AZURE_RESOURCE_GROUP = azurerm_resource_group.rg.name 32 | 33 | # AZURE_TENANT_ID = data.azurerm_client_config.current.tenant_id 34 | # AZURE_SUBSCRIPTION_ID = data.azurerm_client_config.current.subscription_id 35 | # AZURE_CLIENT_ID = data.azurerm_client_config.current.client_id #var.az_sp_app_id 36 | # AZURE_CLIENT_SECRET = var.az_sp_app_secret 37 | } 38 | } 39 | } 40 | 41 | resource "azurerm_key_vault_certificate" "cert" { 42 | name = "${var.base_name}-cert" 43 | key_vault_id = azurerm_key_vault.kv.id 44 | 45 | certificate { 46 | contents = acme_certificate.ssl.certificate_p12 47 | password = "" 48 | } 49 | 50 | certificate_policy { 51 | issuer_parameters { 52 | name = "Unknown" 53 | } 54 | 55 | key_properties { 56 | exportable = true 57 | reuse_key = true 58 | key_size = local.ssl_key_size 59 | key_type = local.ssl_key_type 60 | } 61 | 62 | secret_properties { 63 | content_type = "application/x-pkcs12" 64 | } 65 | } 66 | } -------------------------------------------------------------------------------- /terraform/apim.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_api_management" "apim" { 2 | name = "${var.base_name}-apim" 3 | resource_group_name = azurerm_resource_group.rg.name 4 | location = azurerm_resource_group.rg.location 5 | 6 | publisher_name = var.contact_name 7 | publisher_email = var.contact_email 8 | 9 | sku_name = "Developer_1" 10 | 11 | virtual_network_type = "Internal" 12 | 13 | identity { 14 | type = "SystemAssigned" 15 | } 16 | 17 | # identity { 18 | # type = "UserAssigned" 19 | # identity_ids = [ 20 | # azurerm_user_assigned_identity.msi.id 21 | # ] 22 | # } 23 | 24 | virtual_network_configuration { 25 | subnet_id = azurerm_subnet.apim.id 26 | } 27 | 28 | # tags = { } 29 | } 30 | 31 | resource "azurerm_api_management_custom_domain" "apimdomain" { 32 | api_management_id = azurerm_api_management.apim.id 33 | 34 | management { 35 | # key_vault_id = azurerm_key_vault_certificate.cert.secret_id 36 | key_vault_id = "https://${azurerm_key_vault.kv.name}.vault.azure.net/secrets/${azurerm_key_vault_certificate.cert.name}" 37 | host_name = local.apim_management_dns_name 38 | } 39 | 40 | gateway { 41 | # key_vault_id = azurerm_key_vault_certificate.cert.secret_id 42 | key_vault_id = "https://${azurerm_key_vault.kv.name}.vault.azure.net/secrets/${azurerm_key_vault_certificate.cert.name}" 43 | host_name = local.apim_gateway_dns_name 44 | # default_ssl_binding = true 45 | } 46 | 47 | developer_portal { 48 | # key_vault_id = azurerm_key_vault_certificate.cert.secret_id 49 | key_vault_id = "https://${azurerm_key_vault.kv.name}.vault.azure.net/secrets/${azurerm_key_vault_certificate.cert.name}" 50 | host_name = local.apim_devportal_dns_name 51 | } 52 | 53 | scm { 54 | # key_vault_id = azurerm_key_vault_certificate.cert.secret_id 55 | key_vault_id = "https://${azurerm_key_vault.kv.name}.vault.azure.net/secrets/${azurerm_key_vault_certificate.cert.name}" 56 | host_name = local.apim_scm_dns_name 57 | } 58 | } -------------------------------------------------------------------------------- /.github/workflows/import-state.yaml: -------------------------------------------------------------------------------- 1 | name: "Import Resource Group State" 2 | 3 | on: 4 | workflow_dispatch 5 | 6 | jobs: 7 | terraform: 8 | name: Import Terraform State 9 | runs-on: ubuntu-latest 10 | 11 | env: 12 | 13 | # Used by Terraform for Service Principal authentication 14 | ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }} 15 | ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }} 16 | ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }} 17 | ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }} 18 | 19 | # Used locally below 20 | CODE_PATH: "./terraform" 21 | 22 | steps: 23 | # Download the code from the repo 24 | - name: Checkout 25 | uses: actions/checkout@v2 26 | 27 | # Log into Azure 28 | - name: Login to Azure 29 | uses: azure/login@v1 30 | with: 31 | creds: ${{ secrets.AZURE_CREDENTIALS }} 32 | 33 | # Terraform Setup 34 | - uses: hashicorp/setup-terraform@v1 35 | 36 | # Terraform Init 37 | - name: Terraform Init 38 | working-directory: ${{ env.CODE_PATH }} 39 | run: | 40 | terraform init \ 41 | -backend-config="storage_account_name=${{ secrets.TF_STATE_ACCOUNT }}" \ 42 | -backend-config="container_name=${{ secrets.TF_STATE_CONTAINER }}" \ 43 | -backend-config="access_key=${{ secrets.TF_STATE_SECRET }}" \ 44 | -backend-config="key=${{ secrets.PARAM_BASE_NAME }}.tfstate" 45 | 46 | # Terraform Import 47 | - name: Terraform Import 48 | working-directory: ${{ env.CODE_PATH }} 49 | env: 50 | TF_VAR_base_name: ${{ secrets.PARAM_BASE_NAME }} 51 | TF_VAR_location: ${{ secrets.PARAM_LOCATION }} 52 | TF_VAR_root_dns_name: ${{ secrets.PARAM_ROOT_DNS_NAME }} 53 | TF_VAR_contact_name: ${{ secrets.PARAM_CONTACT_NAME }} 54 | TF_VAR_contact_email: ${{ secrets.PARAM_CONTACT_EMAIL }} 55 | run: 56 | terraform import azurerm_resource_group.rg /subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$TF_VAR_base_name -------------------------------------------------------------------------------- /terraform/network.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_public_ip" "ip" { 2 | name = "${var.base_name}-ip" 3 | resource_group_name = azurerm_resource_group.rg.name 4 | location = azurerm_resource_group.rg.location 5 | domain_name_label = var.base_name 6 | allocation_method = "Static" 7 | sku = "Standard" 8 | } 9 | 10 | resource "azurerm_virtual_network" "vnet" { 11 | name = "${var.base_name}-vnet" 12 | resource_group_name = azurerm_resource_group.rg.name 13 | location = azurerm_resource_group.rg.location 14 | address_space = ["10.0.0.0/16"] 15 | } 16 | 17 | resource "azurerm_subnet" "ingress" { 18 | name = "ingress-subnet" 19 | resource_group_name = azurerm_resource_group.rg.name 20 | virtual_network_name = azurerm_virtual_network.vnet.name 21 | address_prefixes = ["10.0.1.0/24"] 22 | } 23 | 24 | resource "azurerm_subnet" "apim" { 25 | name = "apim-subnet" 26 | resource_group_name = azurerm_resource_group.rg.name 27 | virtual_network_name = azurerm_virtual_network.vnet.name 28 | address_prefixes = ["10.0.2.0/24"] 29 | } 30 | 31 | # resource "azurerm_subnet" "bastion" { 32 | # name = "bastion-subnet" 33 | # resource_group_name = azurerm_resource_group.rg.name 34 | # virtual_network_name = azurerm_virtual_network.vnet.name 35 | # address_prefixes = ["10.0.10.0/24"] 36 | # 37 | # delegation { 38 | # name = "aci-subnet-delegation" 39 | 40 | # service_delegation { 41 | # name = "Microsoft.ContainerInstance/containerGroups" 42 | # actions = ["Microsoft.Network/virtualNetworks/subnets/action"] 43 | # } 44 | # } 45 | # } 46 | 47 | # resource "azurerm_private_dns_zone" "apimdns" { 48 | # name = "azure-api.net" 49 | # resource_group_name = azurerm_resource_group.rg.name 50 | # } 51 | 52 | # resource "azurerm_private_dns_zone_virtual_network_link" "apimdnsvnetlink" { 53 | # name = "apimdnsvnetlink" 54 | # resource_group_name = azurerm_resource_group.rg.name 55 | # private_dns_zone_name = azurerm_private_dns_zone.apimdns.name 56 | # virtual_network_id = azurerm_virtual_network.vnet.id 57 | # } -------------------------------------------------------------------------------- /.github/workflows/pipeline.yaml: -------------------------------------------------------------------------------- 1 | name: "Build API Full Demo" 2 | 3 | on: 4 | workflow_dispatch 5 | 6 | jobs: 7 | terraform: 8 | name: Deploy with Terraform 9 | runs-on: ubuntu-latest 10 | 11 | env: 12 | 13 | # Used by Terraform for Service Principal authentication 14 | ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }} 15 | ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }} 16 | ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }} 17 | ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }} 18 | 19 | # Used locally below 20 | CODE_PATH: "./terraform" 21 | 22 | steps: 23 | # Download the code from the repo 24 | - name: Checkout 25 | uses: actions/checkout@v2 26 | 27 | # Log into Azure 28 | - name: Login to Azure 29 | uses: azure/login@v1 30 | with: 31 | creds: ${{ secrets.AZURE_CREDENTIALS }} 32 | 33 | # Terraform Setup 34 | - uses: hashicorp/setup-terraform@v1 35 | 36 | # Terraform Init 37 | - name: Terraform Init 38 | working-directory: ${{ env.CODE_PATH }} 39 | run: | 40 | terraform init \ 41 | -backend-config="storage_account_name=${{ secrets.TF_STATE_ACCOUNT }}" \ 42 | -backend-config="container_name=${{ secrets.TF_STATE_CONTAINER }}" \ 43 | -backend-config="access_key=${{ secrets.TF_STATE_SECRET }}" \ 44 | -backend-config="key=${{ secrets.PARAM_BASE_NAME }}.tfstate" 45 | 46 | # Terraform Plan 47 | - name: Terraform Plan 48 | working-directory: ${{ env.CODE_PATH }} 49 | env: 50 | TF_VAR_base_name: ${{ secrets.PARAM_BASE_NAME }} 51 | TF_VAR_location: ${{ secrets.PARAM_LOCATION }} 52 | TF_VAR_root_dns_name: ${{ secrets.PARAM_ROOT_DNS_NAME }} 53 | TF_VAR_contact_name: ${{ secrets.PARAM_CONTACT_NAME }} 54 | TF_VAR_contact_email: ${{ secrets.PARAM_CONTACT_EMAIL }} 55 | run: terraform plan -out out.tfplan 56 | 57 | # Terraform Apply 58 | - name: Terraform Apply 59 | working-directory: ${{ env.CODE_PATH }} 60 | run: terraform apply -auto-approve out.tfplan 61 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Full API Management Demo 2 | 3 | This demo uses Terraform to create an Azure API Management service internally in a VNET. Primary points of interest include 4 | generating SSL certificates on the fly wtih Let's Encrypt, and exposing the APIM service through an Application Gateway. 5 | 6 | ## Inner Loop Development 7 | 8 | ```bash 9 | 10 | cd terraform 11 | 12 | # Use remote storage 13 | terraform init --backend-config ./backend-secrets.tfvars 14 | 15 | # Run the plan to see the changes 16 | terraform plan \ 17 | -var 'base_name=cdw-apimdemo-20210608' \ 18 | -var 'location=westus2' \ 19 | -var 'root_dns_name=something.com' \ 20 | -var 'contact_name=John Doe' \ 21 | -var 'contact_email=someemail@something.com' #\ 22 | 23 | #--var-file=secrets.tfvars 24 | 25 | 26 | # Apply the script with the specified variable values 27 | terraform apply \ 28 | -var 'base_name=cdw-apimdemo-20210608' \ 29 | -var 'location=westus2' \ 30 | -var 'root_dns_name=something.com' \ 31 | -var 'contact_name=John Doe' \ 32 | -var 'contact_email=email@something.com' #\ 33 | 34 | #--var-file=secrets.tfvars 35 | 36 | ``` 37 | 38 | ## Automation with GitHub Actions 39 | 40 | ```bash 41 | 42 | # Create some variables for reuse 43 | AZURE_SUB_ID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX 44 | BASE_NAME=your-base-name 45 | LOCATION=westus2 46 | DNS_NAME=something.com 47 | CONTACT_NAME='John Doe' 48 | CONTACT_EMAIL=email@something.com 49 | 50 | # Log into Azure 51 | az login 52 | 53 | # Create a Resource Group 54 | az group create -n $BASE_NAME -l $LOCATION 55 | 56 | # Create an SP for the Resource Group 57 | AZURE_CREDS=$(az ad sp create-for-rbac \ 58 | --name $BASE_NAME-sp \ 59 | --role contributor \ 60 | --scopes /subscriptions/$AZURE_SUB_ID/resourceGroups/$BASE_NAME \ 61 | --sdk-auth) 62 | 63 | # Set the values into a GitHub secrets 64 | gh secret set AZURE_CREDENTIALS -b"$AZURE_CREDS" 65 | 66 | gh secret set TF_STATE_ACCOUNT -b"" 67 | gh secret set TF_STATE_CONTAINER -b"" 68 | gh secret set TF_STATE_SECRET -b"" 69 | 70 | gh secret set PARAM_BASE_NAME -b"$BASE_NAME" 71 | gh secret set PARAM_LOCATION -b"$LOCATION" 72 | gh secret set PARAM_ROOT_DNS_NAME -b"$DNS_NAME" 73 | gh secret set PARAM_CONTACT_NAME -b"$CONTACT_NAME" 74 | gh secret set PARAM_CONTACT_EMAIL -b"$CONTACT_EMAIL" 75 | 76 | ``` 77 | -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | // For format details, see https://aka.ms/vscode-remote/devcontainer.json or the definition README at 2 | // https://github.com/microsoft/vscode-dev-containers/tree/master/containers/azure-cli 3 | { 4 | "name": "My Dev Container", 5 | "image": "ateamsw/devcontainer:latest", 6 | 7 | // Uncomment the next line to have VS Code connect as an existing non-root user in the container. 8 | // On Linux, by default, the container user's UID/GID will be updated to match your local user. See 9 | // https://aka.ms/vscode-remote/containers/non-root for details on adding a non-root user if none exist. 10 | //"remoteUser": "vscode", 11 | 12 | // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust 13 | // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], 14 | 15 | // Use 'settings' to set *default* container specific settings.json values on container create. 16 | // You can edit these settings after create using File > Preferences > Settings > Remote. 17 | "settings": { 18 | "terminal.integrated.shell.linux": "/bin/bash" 19 | }, 20 | 21 | "mounts": [ 22 | "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind", 23 | 24 | "source=${localEnv:HOME}${localEnv:USERPROFILE}/.azure,target=/root/.azure,type=bind", 25 | "source=${localEnv:HOME}${localEnv:USERPROFILE}/.kube,target=/root/.kube,type=bind" 26 | 27 | // "source=${localEnv:HOME}${localEnv:USERPROFILE}/.azure,target=/home/vscode/.azure,type=bind", 28 | // "source=${localEnv:HOME}${localEnv:USERPROFILE}/.kube,target=/home/vscode/.kube,type=bind" 29 | ], 30 | 31 | // Use 'appPort' to create a container with published ports. If the port isn't working, be sure 32 | // your server accepts connections from all interfaces (0.0.0.0 or '*'), not just localhost. 33 | // "appPort": [], 34 | 35 | // Uncomment the next line to run commands after the container is created. 36 | // "postCreateCommand": "az --version", 37 | 38 | // Add the IDs of extensions you want installed when the container is created in the array below. 39 | "extensions": [ 40 | "ms-dotnettools.csharp", 41 | "ms-vscode.azurecli", 42 | "ms-azuretools.vscode-docker", 43 | "ms-azuretools.vscode-dapr", 44 | "ms-azuretools.vscode-azureterraform", 45 | "ms-azuretools.vscode-azurefunctions", 46 | "ms-kubernetes-tools.vscode-kubernetes-tools", 47 | "ms-azuretools.vscode-bicep", 48 | "hashicorp.terraform", 49 | "visualstudioexptteam.vscodeintellicode", 50 | "davidanson.vscode-markdownlint", 51 | "ms-mssql.mssql" 52 | ] 53 | } -------------------------------------------------------------------------------- /terraform/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/azurerm" { 5 | version = "3.4.0" 6 | constraints = "~> 3.4" 7 | hashes = [ 8 | "h1:h78yKGgOFrU/N5ntockxN7XF/ufv47j77+oauO2GKqk=", 9 | "zh:4e9913fc3378436d19150c334e5906eafb83a4af3a270423cb7cdda94b27371f", 10 | "zh:5b3d0cec2a600dc1f6633baa8fc36368c5c330fd7654861edcfa76f760a8f6a9", 11 | "zh:5e0e1f899027bc182f31d996c9611e5ba27a034c848d7b0519b39e559fc4f38d", 12 | "zh:66e3a1383ed6a0370989f6fd6abcfa63ccf6918ae535108595af57b9c20a9257", 13 | "zh:688493baf6a116a399b737d74c11080051aca1ab087e5cddd14cc683b7e45c76", 14 | "zh:9e471d85d52343e3ba778f3a94626d820fbec97bb589a3ac7a6a0939b9387770", 15 | "zh:be1e85635daca1768f26962a4cbbadbf7fd13d9da8f9f188e938beca542c2ad5", 16 | "zh:c00e14b6aa566eb9995cb0e1611a18fb8650d9f35c7636a7643a1b6e22660226", 17 | "zh:c40711e5021838fd879da4c9e6b8f7e72104ada2adf0f3ba22e1cc32c3c54086", 18 | "zh:cc62f8541de8d79577e57664e4f03c1fca893d455e5fb238d20668389c0f09ee", 19 | "zh:cd9cbb5c6e5ceb5fcc7c4d0cab516ff209667d1b539b8c7436bd5e452c6aba8f", 20 | "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", 21 | ] 22 | } 23 | 24 | provider "registry.terraform.io/hashicorp/tls" { 25 | version = "3.1.0" 26 | constraints = "~> 3.1.0" 27 | hashes = [ 28 | "h1:fUJX8Zxx38e2kBln+zWr1Tl41X+OuiE++REjrEyiOM4=", 29 | "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6", 30 | "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2", 31 | "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e", 32 | "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca", 33 | "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698", 34 | "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d", 35 | "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841", 36 | "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989", 37 | "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5", 38 | "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d", 39 | "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0", 40 | ] 41 | } 42 | 43 | provider "registry.terraform.io/vancluever/acme" { 44 | version = "2.8.0" 45 | constraints = "~> 2.8" 46 | hashes = [ 47 | "h1:sFh3I1dep+61pxGEHL37QoEc2xqetNXwjVCe/E/T4qE=", 48 | "zh:13f30b23ef8ea9d1e667b3f6873bbc1dd797e2023fde7dc44cda9aa062438d2c", 49 | "zh:157d340435aadb42908ecda1eb09b6a79b0250e3cd3ac5f3814bfea7626ffd67", 50 | "zh:1f6b01af36a756760d6f48af390bf0c8a3a8be78f734157526abdfb2b001b559", 51 | "zh:30c869ae00a5b78ce27067e5600430f10398832dc44af1ff001c101130884496", 52 | "zh:3547c069d678546b614f748dcdf65370032a577bc5696e8b242776dfc560a7fd", 53 | "zh:5a6c153eac6d2750b8f081eeeb753c5501b8bb9daed0af2aa23e48640ca436d6", 54 | "zh:679fb6533d95d02188a3eb9f764d5f3f25d7caede5883d4fa415ea1a955b8dda", 55 | "zh:8889ef3fac8975f89a715b8dab0d4c295d347dae4c167ca6b8b0b159476adac3", 56 | "zh:a1d8633f2532d1865464549d051b1e543a94a61e05a5613da971ab80fc90587b", 57 | "zh:c3303447088ac1d47e20466f91377079d92a373ae1b65448854e17b783c34160", 58 | "zh:ccfb3c9d9a29d2606eaebc35d15bd08958612aef56c6b4a226c92bf9a91dc2b7", 59 | "zh:d84adeeee2a851197166cbcb37ad4c9d3252c1b9917e826f5d8cb1ad446df347", 60 | "zh:f643542677d361cba77795ee52240cb25bbbe20e6ac583272c85d93d8c457e02", 61 | ] 62 | } 63 | -------------------------------------------------------------------------------- /terraform/keyvault.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_key_vault" "kv" { 2 | name = "${var.base_name}-kv" 3 | resource_group_name = azurerm_resource_group.rg.name 4 | location = azurerm_resource_group.rg.location 5 | 6 | tenant_id = data.azurerm_client_config.current.tenant_id 7 | sku_name = "standard" 8 | 9 | access_policy { 10 | tenant_id = data.azurerm_client_config.current.tenant_id 11 | object_id = data.azurerm_client_config.current.object_id 12 | 13 | certificate_permissions = [ 14 | "Create", 15 | "Delete", 16 | "DeleteIssuers", 17 | "Get", 18 | "DeleteIssuers", 19 | "Import", 20 | "List", 21 | "ListIssuers", 22 | "ManageContacts", 23 | "ManageIssuers", 24 | "Purge", 25 | "SetIssuers", 26 | "Update", 27 | ] 28 | 29 | key_permissions = [ 30 | "Backup", 31 | "Create", 32 | "Decrypt", 33 | "Delete", 34 | "Encrypt", 35 | "Get", 36 | "Import", 37 | "List", 38 | "Purge", 39 | "Recover", 40 | "Restore", 41 | "Sign", 42 | "UnwrapKey", 43 | "Update", 44 | "Verify", 45 | "WrapKey", 46 | ] 47 | 48 | secret_permissions = [ 49 | "Backup", 50 | "Delete", 51 | "Get", 52 | "List", 53 | "Purge", 54 | "Recover", 55 | "Restore", 56 | "Set", 57 | ] 58 | } 59 | 60 | access_policy { 61 | tenant_id = data.azurerm_client_config.current.tenant_id 62 | object_id = azurerm_api_management.apim.identity[0].principal_id 63 | 64 | certificate_permissions = [ 65 | "List", 66 | "Get", 67 | ] 68 | 69 | secret_permissions = [ 70 | "List", 71 | "Get", 72 | ] 73 | } 74 | 75 | access_policy { 76 | tenant_id = data.azurerm_client_config.current.tenant_id 77 | object_id = azurerm_user_assigned_identity.appgwmsi.principal_id 78 | 79 | certificate_permissions = [ 80 | "List", 81 | "Get", 82 | ] 83 | 84 | secret_permissions = [ 85 | "List", 86 | "Get", 87 | ] 88 | } 89 | } 90 | 91 | /* 92 | resource "azurerm_key_vault_certificate" "cert" { 93 | name = "${var.base_name}-cert" 94 | key_vault_id = azurerm_key_vault.kv.id 95 | 96 | certificate_policy { 97 | issuer_parameters { 98 | name = "Self" 99 | } 100 | 101 | key_properties { 102 | exportable = true 103 | key_size = 2048 104 | key_type = "RSA" 105 | reuse_key = true 106 | } 107 | 108 | lifetime_action { 109 | action { 110 | action_type = "AutoRenew" 111 | } 112 | 113 | trigger { 114 | days_before_expiry = 30 115 | } 116 | } 117 | 118 | secret_properties { 119 | content_type = "application/x-pkcs12" 120 | } 121 | 122 | x509_certificate_properties { 123 | # Server Authentication = 1.3.6.1.5.5.7.3.1 124 | # Client Authentication = 1.3.6.1.5.5.7.3.2 125 | extended_key_usage = ["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"] 126 | 127 | key_usage = [ 128 | "cRLSign", 129 | "dataEncipherment", 130 | "digitalSignature", 131 | "keyAgreement", 132 | "keyCertSign", 133 | "keyEncipherment", 134 | ] 135 | 136 | subject_alternative_names { 137 | dns_names = [ 138 | local.apim_gateway_dns_name, 139 | local.apim_management_dns_name, 140 | local.apim_devportal_dns_name, 141 | local.apim_scm_dns_name 142 | ] 143 | } 144 | 145 | subject = "CN=${var.root_dns_name}" 146 | validity_in_months = 12 147 | } 148 | } 149 | } 150 | */ -------------------------------------------------------------------------------- /terraform/appgateway.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | app_gateway_name = "${var.base_name}-appgw" 3 | gateway_ip_config_name = "${local.app_gateway_name}-gwip" 4 | backend_address_pool_name = "${local.app_gateway_name}-beap" 5 | frontend_port_name = "${local.app_gateway_name}-feport" 6 | frontend_ip_configuration_name = "${local.app_gateway_name}-feip" 7 | http_setting_name = "${local.app_gateway_name}-be-htst" 8 | listener_name = "${local.app_gateway_name}-httplstn" 9 | request_routing_rule_name = "${local.app_gateway_name}-rqrt" 10 | probe_name = "${local.app_gateway_name}-probe" 11 | } 12 | 13 | resource "azurerm_application_gateway" "gateway" { 14 | name = local.app_gateway_name 15 | resource_group_name = azurerm_resource_group.rg.name 16 | location = azurerm_resource_group.rg.location 17 | 18 | sku { 19 | name = "Standard_v2" 20 | tier = "Standard_v2" 21 | capacity = 1 22 | } 23 | 24 | identity { 25 | type = "UserAssigned" 26 | identity_ids = [ 27 | azurerm_user_assigned_identity.appgwmsi.id 28 | ] 29 | } 30 | 31 | gateway_ip_configuration { 32 | name = local.gateway_ip_config_name 33 | subnet_id = azurerm_subnet.ingress.id 34 | } 35 | 36 | ssl_certificate { 37 | name = "${var.base_name}-ssl" 38 | key_vault_secret_id = azurerm_key_vault_certificate.cert.secret_id 39 | } 40 | 41 | # trusted_root_certificate { 42 | # name = "${var.base_name}-trc" 43 | # data = azurerm_key_vault_certificate.cert.certificate_data_base64 44 | # } 45 | 46 | frontend_ip_configuration { 47 | name = local.frontend_ip_configuration_name 48 | public_ip_address_id = azurerm_public_ip.ip.id 49 | } 50 | 51 | # frontend_port { 52 | # name = "${local.frontend_port_name}-http" 53 | # port = 80 54 | # } 55 | 56 | frontend_port { 57 | name = "${local.frontend_port_name}-https" 58 | port = 443 59 | } 60 | 61 | backend_address_pool { 62 | name = "${local.backend_address_pool_name}-apim" 63 | ip_addresses = [ 64 | azurerm_api_management.apim.private_ip_addresses[0] 65 | ] 66 | } 67 | 68 | http_listener { 69 | name = "${local.listener_name}-management" 70 | frontend_ip_configuration_name = local.frontend_ip_configuration_name 71 | frontend_port_name = "${local.frontend_port_name}-https" 72 | protocol = "Https" 73 | ssl_certificate_name = "${var.base_name}-ssl" 74 | host_names = [local.apim_management_dns_name] 75 | require_sni = true 76 | } 77 | 78 | http_listener { 79 | name = "${local.listener_name}-gateway" 80 | frontend_ip_configuration_name = local.frontend_ip_configuration_name 81 | frontend_port_name = "${local.frontend_port_name}-https" 82 | protocol = "Https" 83 | ssl_certificate_name = "${var.base_name}-ssl" 84 | host_names = [local.apim_gateway_dns_name] 85 | require_sni = true 86 | } 87 | 88 | http_listener { 89 | name = "${local.listener_name}-devportal" 90 | frontend_ip_configuration_name = local.frontend_ip_configuration_name 91 | frontend_port_name = "${local.frontend_port_name}-https" 92 | protocol = "Https" 93 | ssl_certificate_name = "${var.base_name}-ssl" 94 | host_names = [local.apim_devportal_dns_name] 95 | require_sni = true 96 | } 97 | 98 | backend_http_settings { 99 | name = "${local.http_setting_name}-management" 100 | cookie_based_affinity = "Disabled" 101 | port = 443 102 | protocol = "Https" 103 | path = "/" 104 | request_timeout = 180 105 | # trusted_root_certificate_names = ["${var.base_name}-trc"] 106 | probe_name = "${local.probe_name}-management" 107 | host_name = local.apim_management_dns_name 108 | } 109 | 110 | backend_http_settings { 111 | name = "${local.http_setting_name}-gateway" 112 | cookie_based_affinity = "Disabled" 113 | port = 443 114 | protocol = "Https" 115 | path = "/" 116 | request_timeout = 180 117 | # trusted_root_certificate_names = ["${var.base_name}-trc"] 118 | probe_name = "${local.probe_name}-gateway" 119 | host_name = local.apim_gateway_dns_name 120 | } 121 | 122 | backend_http_settings { 123 | name = "${local.http_setting_name}-devportal" 124 | cookie_based_affinity = "Disabled" 125 | port = 443 126 | protocol = "Https" 127 | path = "/" 128 | request_timeout = 180 129 | # trusted_root_certificate_names = ["${var.base_name}-trc"] 130 | probe_name = "${local.probe_name}-devportal" 131 | host_name = local.apim_devportal_dns_name 132 | } 133 | 134 | probe { 135 | name = "${local.probe_name}-management" 136 | protocol = "Https" 137 | path = "/ServiceStatus" 138 | interval = 30 139 | timeout = 120 140 | unhealthy_threshold = 8 141 | host = local.apim_management_dns_name 142 | } 143 | 144 | probe { 145 | name = "${local.probe_name}-gateway" 146 | protocol = "Https" 147 | path = "/status-0123456789abcdef" 148 | interval = 30 149 | timeout = 120 150 | unhealthy_threshold = 8 151 | host = local.apim_gateway_dns_name 152 | } 153 | 154 | probe { 155 | name = "${local.probe_name}-devportal" 156 | protocol = "Https" 157 | path = "/internal-status-0123456789abcdef" 158 | interval = 60 159 | timeout = 300 160 | unhealthy_threshold = 8 161 | host = local.apim_devportal_dns_name 162 | } 163 | 164 | request_routing_rule { 165 | name = "${local.request_routing_rule_name}-management" 166 | rule_type = "Basic" 167 | 168 | backend_address_pool_name = "${local.backend_address_pool_name}-apim" 169 | http_listener_name = "${local.listener_name}-management" 170 | backend_http_settings_name = "${local.http_setting_name}-management" 171 | } 172 | 173 | request_routing_rule { 174 | name = "${local.request_routing_rule_name}-gateway" 175 | rule_type = "Basic" 176 | 177 | backend_address_pool_name = "${local.backend_address_pool_name}-apim" 178 | http_listener_name = "${local.listener_name}-gateway" 179 | backend_http_settings_name = "${local.http_setting_name}-gateway" 180 | } 181 | 182 | request_routing_rule { 183 | name = "${local.request_routing_rule_name}-devportal" 184 | rule_type = "Basic" 185 | 186 | backend_address_pool_name = "${local.backend_address_pool_name}-apim" 187 | http_listener_name = "${local.listener_name}-devportal" 188 | backend_http_settings_name = "${local.http_setting_name}-devportal" 189 | } 190 | } 191 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Aa][Rr][Mm]/ 27 | [Aa][Rr][Mm]64/ 28 | bld/ 29 | [Bb]in/ 30 | [Oo]bj/ 31 | [Ll]og/ 32 | [Ll]ogs/ 33 | 34 | # Visual Studio 2015/2017 cache/options directory 35 | .vs/ 36 | # Uncomment if you have tasks that create the project's static files in wwwroot 37 | #wwwroot/ 38 | 39 | # Visual Studio 2017 auto generated files 40 | Generated\ Files/ 41 | 42 | # MSTest test Results 43 | [Tt]est[Rr]esult*/ 44 | [Bb]uild[Ll]og.* 45 | 46 | # NUnit 47 | *.VisualState.xml 48 | TestResult.xml 49 | nunit-*.xml 50 | 51 | # Build Results of an ATL Project 52 | [Dd]ebugPS/ 53 | [Rr]eleasePS/ 54 | dlldata.c 55 | 56 | # Benchmark Results 57 | BenchmarkDotNet.Artifacts/ 58 | 59 | # .NET Core 60 | project.lock.json 61 | project.fragment.lock.json 62 | artifacts/ 63 | 64 | # StyleCop 65 | StyleCopReport.xml 66 | 67 | # Files built by Visual Studio 68 | *_i.c 69 | *_p.c 70 | *_h.h 71 | *.ilk 72 | *.meta 73 | *.obj 74 | *.iobj 75 | *.pch 76 | *.pdb 77 | *.ipdb 78 | *.pgc 79 | *.pgd 80 | *.rsp 81 | *.sbr 82 | *.tlb 83 | *.tli 84 | *.tlh 85 | *.tmp 86 | *.tmp_proj 87 | *_wpftmp.csproj 88 | *.log 89 | *.vspscc 90 | *.vssscc 91 | .builds 92 | *.pidb 93 | *.svclog 94 | *.scc 95 | 96 | # Chutzpah Test files 97 | _Chutzpah* 98 | 99 | # Visual C++ cache files 100 | ipch/ 101 | *.aps 102 | *.ncb 103 | *.opendb 104 | *.opensdf 105 | *.sdf 106 | *.cachefile 107 | *.VC.db 108 | *.VC.VC.opendb 109 | 110 | # Visual Studio profiler 111 | *.psess 112 | *.vsp 113 | *.vspx 114 | *.sap 115 | 116 | # Visual Studio Trace Files 117 | *.e2e 118 | 119 | # TFS 2012 Local Workspace 120 | $tf/ 121 | 122 | # Guidance Automation Toolkit 123 | *.gpState 124 | 125 | # ReSharper is a .NET coding add-in 126 | _ReSharper*/ 127 | *.[Rr]e[Ss]harper 128 | *.DotSettings.user 129 | 130 | # TeamCity is a build add-in 131 | _TeamCity* 132 | 133 | # DotCover is a Code Coverage Tool 134 | *.dotCover 135 | 136 | # AxoCover is a Code Coverage Tool 137 | .axoCover/* 138 | !.axoCover/settings.json 139 | 140 | # Visual Studio code coverage results 141 | *.coverage 142 | *.coveragexml 143 | 144 | # NCrunch 145 | _NCrunch_* 146 | .*crunch*.local.xml 147 | nCrunchTemp_* 148 | 149 | # MightyMoose 150 | *.mm.* 151 | AutoTest.Net/ 152 | 153 | # Web workbench (sass) 154 | .sass-cache/ 155 | 156 | # Installshield output folder 157 | [Ee]xpress/ 158 | 159 | # DocProject is a documentation generator add-in 160 | DocProject/buildhelp/ 161 | DocProject/Help/*.HxT 162 | DocProject/Help/*.HxC 163 | DocProject/Help/*.hhc 164 | DocProject/Help/*.hhk 165 | DocProject/Help/*.hhp 166 | DocProject/Help/Html2 167 | DocProject/Help/html 168 | 169 | # Click-Once directory 170 | publish/ 171 | 172 | # Publish Web Output 173 | *.[Pp]ublish.xml 174 | *.azurePubxml 175 | # Note: Comment the next line if you want to checkin your web deploy settings, 176 | # but database connection strings (with potential passwords) will be unencrypted 177 | *.pubxml 178 | *.publishproj 179 | 180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 181 | # checkin your Azure Web App publish settings, but sensitive information contained 182 | # in these scripts will be unencrypted 183 | PublishScripts/ 184 | 185 | # NuGet Packages 186 | *.nupkg 187 | # NuGet Symbol Packages 188 | *.snupkg 189 | # The packages folder can be ignored because of Package Restore 190 | **/[Pp]ackages/* 191 | # except build/, which is used as an MSBuild target. 192 | !**/[Pp]ackages/build/ 193 | # Uncomment if necessary however generally it will be regenerated when needed 194 | #!**/[Pp]ackages/repositories.config 195 | # NuGet v3's project.json files produces more ignorable files 196 | *.nuget.props 197 | *.nuget.targets 198 | 199 | # Microsoft Azure Build Output 200 | csx/ 201 | *.build.csdef 202 | 203 | # Microsoft Azure Emulator 204 | ecf/ 205 | rcf/ 206 | 207 | # Windows Store app package directories and files 208 | AppPackages/ 209 | BundleArtifacts/ 210 | Package.StoreAssociation.xml 211 | _pkginfo.txt 212 | *.appx 213 | *.appxbundle 214 | *.appxupload 215 | 216 | # Visual Studio cache files 217 | # files ending in .cache can be ignored 218 | *.[Cc]ache 219 | # but keep track of directories ending in .cache 220 | !?*.[Cc]ache/ 221 | 222 | # Others 223 | ClientBin/ 224 | ~$* 225 | *~ 226 | *.dbmdl 227 | *.dbproj.schemaview 228 | *.jfm 229 | *.pfx 230 | *.publishsettings 231 | orleans.codegen.cs 232 | 233 | # Including strong name files can present a security risk 234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 235 | #*.snk 236 | 237 | # Since there are multiple workflows, uncomment next line to ignore bower_components 238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 239 | #bower_components/ 240 | 241 | # RIA/Silverlight projects 242 | Generated_Code/ 243 | 244 | # Backup & report files from converting an old project file 245 | # to a newer Visual Studio version. Backup files are not needed, 246 | # because we have git ;-) 247 | _UpgradeReport_Files/ 248 | Backup*/ 249 | UpgradeLog*.XML 250 | UpgradeLog*.htm 251 | ServiceFabricBackup/ 252 | *.rptproj.bak 253 | 254 | # SQL Server files 255 | *.mdf 256 | *.ldf 257 | *.ndf 258 | 259 | # Business Intelligence projects 260 | *.rdl.data 261 | *.bim.layout 262 | *.bim_*.settings 263 | *.rptproj.rsuser 264 | *- [Bb]ackup.rdl 265 | *- [Bb]ackup ([0-9]).rdl 266 | *- [Bb]ackup ([0-9][0-9]).rdl 267 | 268 | # Microsoft Fakes 269 | FakesAssemblies/ 270 | 271 | # GhostDoc plugin setting file 272 | *.GhostDoc.xml 273 | 274 | # Node.js Tools for Visual Studio 275 | .ntvs_analysis.dat 276 | node_modules/ 277 | 278 | # Visual Studio 6 build log 279 | *.plg 280 | 281 | # Visual Studio 6 workspace options file 282 | *.opt 283 | 284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 285 | *.vbw 286 | 287 | # Visual Studio LightSwitch build output 288 | **/*.HTMLClient/GeneratedArtifacts 289 | **/*.DesktopClient/GeneratedArtifacts 290 | **/*.DesktopClient/ModelManifest.xml 291 | **/*.Server/GeneratedArtifacts 292 | **/*.Server/ModelManifest.xml 293 | _Pvt_Extensions 294 | 295 | # Paket dependency manager 296 | .paket/paket.exe 297 | paket-files/ 298 | 299 | # FAKE - F# Make 300 | .fake/ 301 | 302 | # CodeRush personal settings 303 | .cr/personal 304 | 305 | # Python Tools for Visual Studio (PTVS) 306 | __pycache__/ 307 | *.pyc 308 | 309 | # Cake - Uncomment if you are using it 310 | # tools/** 311 | # !tools/packages.config 312 | 313 | # Tabs Studio 314 | *.tss 315 | 316 | # Telerik's JustMock configuration file 317 | *.jmconfig 318 | 319 | # BizTalk build output 320 | *.btp.cs 321 | *.btm.cs 322 | *.odx.cs 323 | *.xsd.cs 324 | 325 | # OpenCover UI analysis results 326 | OpenCover/ 327 | 328 | # Azure Stream Analytics local run output 329 | ASALocalRun/ 330 | 331 | # MSBuild Binary and Structured Log 332 | *.binlog 333 | 334 | # NVidia Nsight GPU debugger configuration file 335 | *.nvuser 336 | 337 | # MFractors (Xamarin productivity tool) working folder 338 | .mfractor/ 339 | 340 | # Local History for Visual Studio 341 | .localhistory/ 342 | 343 | # BeatPulse healthcheck temp database 344 | healthchecksdb 345 | 346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 347 | MigrationBackup/ 348 | 349 | # Ionide (cross platform F# VS Code tools) working folder 350 | .ionide/ 351 | 352 | # Local .terraform directories 353 | **/.terraform/* 354 | 355 | # .tfstate files 356 | *.tfstate 357 | *.tfstate.* 358 | 359 | # Crash log files 360 | crash.log 361 | 362 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 363 | # .tfvars files are managed as part of configuration and so should be included in 364 | # version control. 365 | # 366 | # example.tfvars 367 | 368 | # Ignore override files as they are usually used to override resources locally and so 369 | # are not checked in 370 | override.tf 371 | override.tf.json 372 | *_override.tf 373 | *_override.tf.json 374 | 375 | # Include override files you do wish to add to version control using negated pattern 376 | # 377 | # !example_override.tf 378 | 379 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 380 | # example: *tfplan* 381 | 382 | # secret.tfvars files 383 | **/*secret*.tfvars 384 | !**/sample-secrets.tfvars 385 | !**/sample-backend-secrets.tfvars 386 | 387 | scratch.txt --------------------------------------------------------------------------------