Azure meshPlatform
Source code & Installation
The source code of this kit module can be found here
Run the following command to install the kit module:
collie kit import azure/meshplatform
1
This kit module integrates Azure into meshStack as a platform using the official terraform-azure-meshplatform module. This module sets up service principals and permissions required for meshStack. The output of this module is a set of credentials that need to be configured in meshStack as described in meshcloud public docs.
Requirements
No requirements.
Modules
| Name | Source | Version |
|---|---|---|
| meshplatform | registry.terraform.io/meshcloud/meshplatform/azure | 0.6.0 |
Resources
No resources.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_permissions | Additional Subscription-Level Permissions the Service Principal needs. | list(string) | [] | no |
| additional_required_resource_accesses | Additional AAD-Level Resource Accesses the replicator Service Principal needs. | list(object({ resource_app_id = string, resource_accesses = list(object({ id = string, type = string })) })) | [] | no |
| can_cancel_subscriptions_in_scopes | The scopes to which Service Principal cancel subscription permission is assigned to. List of management group id of form /providers/Microsoft.Management/managementGroups/<mgmtGroupId>/. | list(string) | [] | no |
| create_passwords | Create passwords for service principals. | bool | true | no |
| metering_assignment_scopes | Names or UUIDs of the Management Groups that kraken should collect costs for. | list(string) | n/a | yes |
| metering_enabled | Whether to create Metering Service Principal or not. | bool | true | no |
| metering_service_principal_name | Service principal for collecting cost data. Kraken ist the name of the meshStack component. Name must be unique per Entra ID. | string | "kraken" | no |
| replicator_assignment_scopes | Names or UUIDs of the Management Groups which replicator should manage. | list(string) | n/a | yes |
| replicator_custom_role_scope | Name or UUID of the Management Group of the replicator custom role definition. The custom role definition must be available for all assignment scopes. | string | "Tenant Root Group" | no |
| replicator_enabled | Whether to create replicator Service Principal or not. | bool | true | no |
| replicator_rg_enabled | Whether the created replicator Service Principal should be usable for Azure Resource Group based replication. Implicitly enables replicator_enabled if set to true. | bool | false | no |
| replicator_service_principal_name | Service principal for managing subscriptions. Replicator is the name of the meshStack component. Name must be unique per Entra ID. | string | "replicator" | no |
| sso_enabled | Whether to create SSO Service Principal or not. | bool | true | no |
| sso_meshstack_redirect_uri | Redirect URI that was provided by meshcloud. It is individual per meshStack. | string | "" | no |
| sso_service_principal_name | Service principal for Entra ID SSO. Name must be unique per Entra ID. | string | "sso" | no |
| workload_identity_federation | Enable workload identity federation instead of using a password by providing these additional settings. Usually you should receive the required settings when attempting to configure a platform with workload identity federation in meshStack. | object({ issuer = string, replicator_subject = string, kraken_subject = string }) | null | no |
Outputs
| Name | Description |
|---|---|
| azure_ad_tenant_id | The Azure AD tenant id. |
| documentation_md | n/a |
| meshplatform | n/a |
| metering_client_secret | Password for Metering Service Principal. |
| metering_credentials | Metering Service Principal. |
| replicator_client_secret | Password for Replicator Service Principal. |
| replicator_credentials | Replicator Service Principal. |