1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
148 lines
3.7 KiB
HCL
148 lines
3.7 KiB
HCL
# Well-Architected Terraform Configuration
|
|
# Implements Microsoft Well-Architected Framework best practices
|
|
|
|
terraform {
|
|
required_version = ">= 1.0"
|
|
|
|
required_providers {
|
|
azurerm = {
|
|
source = "hashicorp/azurerm"
|
|
version = "~> 3.0"
|
|
}
|
|
}
|
|
|
|
backend "azurerm" {
|
|
# Backend configuration via environment variables
|
|
}
|
|
}
|
|
|
|
provider "azurerm" {
|
|
features {
|
|
resource_group {
|
|
prevent_deletion_if_contains_resources = true # Prevent accidental deletion
|
|
}
|
|
key_vault {
|
|
purge_soft_delete_on_destroy = false # Don't purge on destroy
|
|
}
|
|
}
|
|
}
|
|
|
|
# Variables
|
|
variable "environment" {
|
|
description = "Environment (prod, dev, test, staging)"
|
|
type = string
|
|
validation {
|
|
condition = contains(["prod", "dev", "test", "staging"], var.environment)
|
|
error_message = "Environment must be one of: prod, dev, test, staging"
|
|
}
|
|
}
|
|
|
|
variable "location" {
|
|
description = "Azure region"
|
|
type = string
|
|
default = "westeurope"
|
|
}
|
|
|
|
variable "project_name" {
|
|
description = "Project name"
|
|
type = string
|
|
default = "defi-oracle-mainnet"
|
|
}
|
|
|
|
variable "subscription_id" {
|
|
description = "Azure subscription ID"
|
|
type = string
|
|
}
|
|
|
|
# Data sources
|
|
data "azurerm_subscription" "current" {
|
|
subscription_id = var.subscription_id
|
|
}
|
|
|
|
# Get current client config for RBAC assignments
|
|
data "azurerm_client_config" "current" {}
|
|
|
|
# Resource Groups Module
|
|
module "resource_groups" {
|
|
source = "../modules/resource-groups"
|
|
|
|
environment = var.environment
|
|
location = var.location
|
|
project_name = var.project_name
|
|
|
|
tags = {
|
|
CostCenter = "Blockchain"
|
|
Owner = "DevOps Team"
|
|
ManagedBy = "Terraform"
|
|
}
|
|
}
|
|
|
|
# Enhanced Key Vault Module (in security resource group)
|
|
module "keyvault_enhanced" {
|
|
source = "../modules/keyvault-enhanced"
|
|
|
|
resource_group_name = module.resource_groups.security_rg_name
|
|
location = var.location
|
|
key_vault_name = "kv-${var.environment}-secrets-001"
|
|
environment = var.environment
|
|
|
|
enable_rbac = true
|
|
enable_private_endpoint = var.environment == "prod" ? true : false
|
|
|
|
# Network restrictions
|
|
allowed_subnet_ids = var.key_vault_allowed_subnet_ids
|
|
allowed_ip_ranges = var.key_vault_allowed_ip_ranges
|
|
private_endpoint_subnet_id = var.key_vault_private_endpoint_subnet_id
|
|
|
|
soft_delete_retention_days = var.environment == "prod" ? 90 : 7
|
|
purge_protection_enabled = var.environment == "prod" ? true : false
|
|
|
|
tags = merge(var.tags, {
|
|
CostCenter = "Blockchain"
|
|
Owner = "DevOps Team"
|
|
})
|
|
}
|
|
|
|
# Budget Module (for cost management)
|
|
module "budget" {
|
|
source = "../modules/budget"
|
|
|
|
subscription_id = var.subscription_id
|
|
budget_name = "budget-${var.environment}-001"
|
|
amount = var.budget_amount
|
|
time_grain = "Monthly"
|
|
start_date = "2024-01-01T00:00:00Z"
|
|
end_date = "2025-12-31T23:59:59Z"
|
|
|
|
notification_thresholds = [50, 80, 100]
|
|
contact_emails = length(var.budget_contact_emails) > 0 ? var.budget_contact_emails : ["devops@example.com"]
|
|
contact_roles = ["Owner", "Contributor"]
|
|
}
|
|
|
|
# Outputs
|
|
output "resource_groups" {
|
|
value = {
|
|
network = module.resource_groups.network_rg_name
|
|
compute = module.resource_groups.compute_rg_name
|
|
storage = module.resource_groups.storage_rg_name
|
|
security = module.resource_groups.security_rg_name
|
|
monitoring = module.resource_groups.monitoring_rg_name
|
|
identity = module.resource_groups.identity_rg_name
|
|
temp = module.resource_groups.temp_rg_name
|
|
}
|
|
}
|
|
|
|
output "key_vault" {
|
|
value = {
|
|
id = module.keyvault_enhanced.key_vault_id
|
|
uri = module.keyvault_enhanced.key_vault_uri
|
|
}
|
|
}
|
|
|
|
output "budget" {
|
|
value = {
|
|
id = module.budget.budget_id
|
|
}
|
|
}
|
|
|