# Terraform Infrastructure

Terraform configuration for The Order infrastructure on Azure.

**Default Region**: West Europe (westeurope)  
**Policy**: No US Commercial or Government regions

## Structure

- `versions.tf` - Terraform and provider version constraints
- `main.tf` - Azure provider configuration
- `variables.tf` - Variable definitions
- `outputs.tf` - Output definitions
- `resource-groups.tf` - Resource group definitions
- `storage.tf` - Storage account definitions
- `modules/` - Reusable Terraform modules (to be created)
- `AZURE_RESOURCE_PROVIDERS.md` - Required resource providers documentation
- `EXECUTION_GUIDE.md` - Step-by-step execution guide

## Prerequisites

Before using Terraform:

1. **Run Azure setup scripts** (from project root):
   ```bash
   ./infra/scripts/azure-setup.sh
   ./infra/scripts/azure-register-providers.sh
   ```

2. **Verify Azure CLI is installed and logged in**:
   ```bash
   az --version
   az account show
   ```

3. **Ensure required resource providers are registered**:
   See `AZURE_RESOURCE_PROVIDERS.md` for complete list.

## Quick Start

```bash
# Navigate to Terraform directory
cd infra/terraform

# Initialize Terraform
terraform init

# Review what will be created
terraform plan

# Apply changes
terraform apply
```

## Detailed Execution

See `EXECUTION_GUIDE.md` for comprehensive step-by-step instructions.

## Environments

Environments are managed via the `environment` variable:

- `dev` - Development environment
- `stage` - Staging environment  
- `prod` - Production environment

```bash
# Deploy to specific environment
terraform plan -var="environment=dev"
terraform apply -var="environment=dev"
```

## Resources

### Currently Defined

- ✅ Resource Groups
- ✅ Storage Accounts (application data and Terraform state)
- ✅ Storage Containers

### To Be Created

- ⏳ Azure Kubernetes Service (AKS) cluster
- ⏳ Azure Database for PostgreSQL
- ⏳ Azure Key Vault
- ⏳ Azure Container Registry (ACR)
- ⏳ Virtual Networks and Subnets
- ⏳ Application Gateway / Load Balancer
- ⏳ Azure Monitor and Log Analytics

## Configuration

### Default Region

Default region is **West Europe (westeurope)**. US regions are not allowed.

To use a different region:
```bash
terraform plan -var="azure_region=northeurope"
```

### Variables

Key variables (see `variables.tf` for complete list):

- `azure_region` - Azure region (default: `westeurope`)
- `environment` - Environment name (`dev`, `stage`, `prod`)
- `project_name` - Project name (default: `the-order`)
- `create_terraform_state_storage` - Create state storage (default: `true`)

## Secrets Management

Secrets are managed using:
- Azure Key Vault (to be configured)
- External Secrets Operator for Kubernetes (to be configured)
- SOPS for local development (optional)

## State Management

Terraform state is stored in Azure Storage Account:

1. First deployment creates storage account locally
2. After creation, configure remote backend in `versions.tf`
3. Re-initialize with `terraform init -migrate-state`

See `EXECUTION_GUIDE.md` for detailed instructions.

## Outputs

Key outputs (see `outputs.tf` for complete list):

- `resource_group_name` - Main resource group name
- `storage_account_name` - Application data storage account
- `azure_region` - Azure region being used

View outputs:
```bash
terraform output
terraform output resource_group_name
```

## Best Practices

1. ✅ Always review `terraform plan` before applying
2. ✅ Use workspaces for multiple environments
3. ✅ Never commit `.tfstate` files
4. ✅ Use remote state backend
5. ✅ Enable versioning on storage accounts
6. ✅ Use `.tfvars` files for environment-specific values

## Troubleshooting

Common issues and solutions:

### Resource Provider Not Registered
```bash
./infra/scripts/azure-register-providers.sh
```

### Quota Exceeded
```bash
./infra/scripts/azure-check-quotas.sh
# Request quota increase in Azure Portal
```

### Invalid Region
- Ensure region doesn't start with `us`
- Default is `westeurope`
- See validation in `variables.tf`

See `EXECUTION_GUIDE.md` for more troubleshooting tips.

## Documentation

- **Execution Guide**: `EXECUTION_GUIDE.md` - Step-by-step deployment instructions
- **Resource Providers**: `AZURE_RESOURCE_PROVIDERS.md` - Required providers and registration
- **Setup Scripts**: `../scripts/README.md` - Azure CLI setup scripts
- **Deployment Review**: `../../docs/reports/DEPLOYMENT_READINESS_REVIEW.md` - Overall deployment status

## Next Steps

1. ✅ Run setup scripts to register providers
2. ✅ Initialize Terraform
3. ✅ Create initial infrastructure (resource groups, storage)
4. ⏳ Configure remote state backend
5. ⏳ Add additional resources (AKS, PostgreSQL, Key Vault, etc.)

---

**See `EXECUTION_GUIDE.md` for detailed step-by-step instructions.**