#2 - add support for private registry (#5)

Azure · Jul 28, 2020 · b2c1abc · b2c1abc
1 parent d6360df
commit b2c1abc
Show file tree

Hide file tree

Showing 7 changed files with 165 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@ logs/
 
 # Variable files
 terraform.tfvars
+local.tfvars
 
 # .tfstate files
 *.tfstate

diff --git a/README.md b/README.md
@@ -192,6 +192,52 @@ You can destroy everything using `terraform destroy`:
 terraform destroy
 ```
 
+#### Terraform ACI DevOps Agents - Use a private Docker image registry
+
+This module allows to download the Docker images to use for the agents from a private Docker images registry, like Azure Container Registry. It can be done like below:
+
+```hcl
+module "aci-devops-agent" {
+  source                  = "Azure/aci-devops-agent/azurerm"
+  resource_group_name     = "rg-linux-devops-agents"
+  location                = "westeurope"
+  enable_vnet_integration = false
+  create_resource_group   = true
+
+  linux_agents_configuration = {
+    agent_name_prefix = "linux-agent"
+    agent_pool_name   = "DEVOPS_POOL_NAME"
+    count             = 2,
+    docker_image      = "jcorioland.azurecr.io/azure-devops/aci-devops-agent"
+    docker_tag        = "0.2-linux"
+    cpu               = 1
+    memory            = 4
+  }
+  azure_devops_org_name              = "DEVOPS_ORG_NAME"
+  azure_devops_personal_access_token = "DEVOPS_PERSONAL_ACCESS_TOKEN"
+
+  image_registry_credential = {
+    username = "DOCKER_PRIVATE_REGISTRY_USERNAME"
+    password = "DOCKER_PRIVATE_REGISTRY_PASSWORD"
+    server   = "jcorioland.azurecr.io"
+  }
+}
+```
+
+Then, you can just Terraform it:
+
+```bash
+terraform init
+terraform plan -out aci-linux-devops-agents.plan
+terraform apply "aci-linux-devops-agents.plan"
+```
+
+You can destroy everything using `terraform destroy`:
+
+```bash
+terraform destroy
+```
+
 ## Test
 
 ### Configurations

diff --git a/main.tf b/main.tf
@@ -65,6 +65,16 @@ resource "azurerm_container_group" "linux-container-group" {
       AZP_AGENT_NAME = "${var.linux_agents_configuration.agent_name_prefix}-${count.index}"
     }
   }
+
+  # if an image registry server has been specified, then generate the image_registry_credential block.
+  dynamic "image_registry_credential" {
+    for_each = var.image_registry_credential.server == "" ? [] : [1]
+    content {
+      username = var.image_registry_credential.username
+      password = var.image_registry_credential.password
+      server   = var.image_registry_credential.server
+    }
+  }
 }
 
 # Windows Agents - deployed only if variable windows_agents_configuration.count > 0
@@ -113,4 +123,14 @@ resource "azurerm_container_group" "windows-container-group" {
       AZP_AGENT_NAME = "${var.windows_agents_configuration.agent_name_prefix}-${count.index}"
     }
   }
+
+  # if an image registry server has been specified, then generate the image_registry_credential block.
+  dynamic "image_registry_credential" {
+    for_each = var.image_registry_credential.server == "" ? [] : [1]
+    content {
+      username = var.image_registry_credential.username
+      password = var.image_registry_credential.password
+      server   = var.image_registry_credential.server
+    }
+  }
 }
diff --git a/test/fixture/linux-agents-private-registry/main.tf b/test/fixture/linux-agents-private-registry/main.tf
@@ -0,0 +1,23 @@
+module "aci-devops-agent" {
+  source                  = "../../../"
+  enable_vnet_integration = false
+  create_resource_group   = true
+  linux_agents_configuration = {
+    agent_name_prefix = "linuxagent-${var.random_suffix}"
+    count             = var.agents_count
+    docker_image      = var.agent_docker_image
+    docker_tag        = var.agent_docker_tag
+    agent_pool_name   = var.azure_devops_pool_name
+    cpu               = 1
+    memory            = 4
+  }
+  image_registry_credential = {
+    username = var.docker_registry_username
+    password = var.docker_registry_password
+    server   = var.docker_registry_url
+  }
+  resource_group_name                = "rg-terraform-azure-devops-agents-e2e-tests-${var.random_suffix}"
+  location                           = var.location
+  azure_devops_org_name              = var.azure_devops_org_name
+  azure_devops_personal_access_token = var.azure_devops_personal_access_token
+}
diff --git a/test/fixture/linux-agents-private-registry/provider.tf b/test/fixture/linux-agents-private-registry/provider.tf
@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}
diff --git a/test/fixture/linux-agents-private-registry/variables.tf b/test/fixture/linux-agents-private-registry/variables.tf
@@ -0,0 +1,58 @@
+variable azure_devops_org_name {
+  type        = string
+  description = "The name of the Azure DevOps organization in which the containerized agents will be deployed (e.g. https://dev.azure.com/YOUR_ORGANIZATION_NAME, must exist)"
+}
+
+variable azure_devops_pool_name {
+  type        = string
+  description = "The name of the Azure DevOps agent pool in which the containerized agents will be deployed (must exist)"
+}
+
+variable azure_devops_personal_access_token {
+  type        = string
+  description = "The personal access token to use to connect to Azure DevOps (see https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#permissions)"
+}
+
+variable location {
+  type        = string
+  description = "The Azure location to use"
+  default     = "westeurope"
+}
+
+variable agent_docker_image {
+  type        = string
+  description = "The Docker image to use for the Linux agent"
+  default     = "jcorioland/aci-devops-agent"
+}
+
+variable agent_docker_tag {
+  type        = string
+  description = "The Docker tag to use for the Linux agent"
+  default     = "0.2-linux"
+}
+
+variable agents_count {
+  type        = number
+  description = "The number of agents to create"
+  default     = 2
+}
+
+variable random_suffix {
+  type        = number
+  description = "A random suffix for resources generated during the test"
+}
+
+variable docker_registry_url {
+  type        = string
+  description = "The server URL of the Docker private registry"
+}
+
+variable docker_registry_username {
+  type        = string
+  description = "The username of the Docker private registry"
+}
+
+variable docker_registry_password {
+  type        = string
+  description = "The password of the Docker private registry"
+}
diff --git a/variables.tf b/variables.tf
@@ -90,4 +90,18 @@ variable windows_agents_configuration {
     cpu               = "1",
     memory            = "2"
   }
+}
+
+variable image_registry_credential {
+  type = object({
+    username = string,
+    password = string,
+    server   = string
+  })
+  description = "(Optional) The credentials to use to connect to the Docker private registry where agent images are stored."
+  default = {
+    username = "",
+    password = "",
+    server   = ""
+  }
 }