wbyc/terraform-datadog-users-sanoma
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
terraform-datadog-users-sanoma/README.md

206 lines
5.8 KiB
Markdown
Raw Blame History

# Terraform Datadog Users Sanoma Module
## Overview
Organization-specific user management module for Sanoma that uses the terraform-datadog-users base module for creating and managing Datadog user accounts.
## Features
- **Module Composition**: Uses terraform-datadog-users as a base module
- **Organization-Specific**: Configured for Sanoma email domains and structure
- **Scalable**: Easy to add new users via module calls
- **Standardized Roles**: All users assigned standard roles
- **EU Instance**: Configured for EU Datadog API
## Resources Created
Multiple `datadog_user` resources created via module calls to terraform-datadog-users.
## Requirements
| Name | Version |
|------|---------|
| terraform | >= 0.12 |
| datadog | >= 3.2.0 |
## Usage
This module is designed to be called from a root module with Sanoma-specific variables:
```hcl
module "sanoma_users" {
source = "./terraform-datadog-users-sanoma"
datadog_api_key = var.datadog_api_key
datadog_app_key = var.datadog_app_key
api_url = "https://api.datadoghq.eu"
}
```
## Inputs
| Name | Description | Type | Required | Default |
|------|-------------|------|----------|---------|
| `admin` | Is user an admin? | `bool` | no | `false` |
| `name` | Full name | `string` | no | `""` |
| `email` | Email address | `string` | no | `""` |
| `handle` | Handle/username | `string` | no | `""` |
| `roles` | Role type | `string` | no | `"standard"` |
| `datadog_api_key` | Datadog API key | `string` | yes | - |
| `datadog_app_key` | Datadog APP key | `string` | yes | - |
| `api_url` | Datadog API endpoint | `string` | no | `"https://api.datadoghq.eu"` |
| `http_client_retry_enabled` | Enable HTTP retries | `bool` | no | `true` |
| `http_client_retry_timeout` | HTTP retry timeout | `string` | no | `""` |
| `validate` | Validate credentials | `bool` | no | `true` |
## Outputs
Currently, all outputs are commented out. No outputs are exported.
## User Accounts
### Current Users (Configured)
The module includes user definitions for:
- Michiel van Wambeke
- David Kerremans
- Lukasz Mycek
### Work in Progress
Additional user groups defined in separate files:
- `user-accounts-vanin.tf`: Vanin CFA users
- `user-accounts-nowaera.tf`: NoWaEra CFA users
## Module Structure
```
terraform-datadog-users-sanoma/
├── provider.tf # Datadog provider configuration
├── backend.tf # Terraform state backend
├── versions.tf # Provider version constraints
├── variables.tf # Input variables
├── outputs.tf # Outputs (commented out)
├── user-accounts-vanin.tf # Vanin user definitions (WIP)
├── user-accounts-nowaera.tf # NoWaEra user definitions (WIP)
└── old-account-structure.tf # Legacy account definitions
```
## Adding New Users
To add a new user, create a module call in the appropriate file:
```hcl
module "new_user" {
source = "../terraform-datadog-users"
admin = false
name = "New User"
email = "new.user@sanoma.com"
handle = "new.user@sanoma.com"
roles = "standard"
datadog_api_key = var.datadog_api_key
datadog_app_key = var.datadog_app_key
}
```
## Provider Configuration
### EU Datadog Instance
- **API URL**: `https://api.datadoghq.eu`
- **Reason**: GDPR compliance for European data
- **Retry Enabled**: Yes (handles 429 and 5xx errors)
- **Validation**: API/APP keys validated on initialization
## Organization Structure
The module supports multiple CFAs (Customer Facing Applications):
- **Vanin**: Educational publishing
- **NoWaEra**: Digital platforms
Each CFA has separate user account files for organization.
## Best Practices
1. **Email Format**: Use Sanoma email domain (@sanoma.com)
2. **File Organization**: Group users by CFA or team
3. **Standard Roles**: Default to standard roles unless admin access required
4. **Handle Convention**: Use email as handle for consistency
## Example User Definitions
```hcl
# Standard user
module "developer" {
source = "../terraform-datadog-users"
admin = false
name = "John Developer"
email = "john.developer@sanoma.com"
handle = "john.developer@sanoma.com"
roles = "standard"
datadog_api_key = var.datadog_api_key
datadog_app_key = var.datadog_app_key
}
# Admin user
module "team_lead" {
source = "../terraform-datadog-users"
admin = true
name = "Jane Lead"
email = "jane.lead@sanoma.com"
handle = "jane.lead@sanoma.com"
roles = "admin"
datadog_api_key = var.datadog_api_key
datadog_app_key = var.datadog_app_key
}
```
## State Management
- Uses remote backend configuration (backend.tf)
- State should be stored securely (S3, Terraform Cloud, etc.)
- Enables team collaboration on user management
## Migration from Old Structure
The `old-account-structure.tf` file contains legacy user definitions. These should be:
1. Reviewed for current relevance
2. Migrated to new structure if still active
3. Removed if users are no longer with organization
## Notes
- All outputs are currently disabled (commented out in outputs.tf)
- Uses module composition pattern for DRY principles
- EU API endpoint for GDPR compliance
- HTTP retry enabled for reliability
- Credentials validated on provider initialization
## Maintenance
Regular tasks:
- Review and update user lists quarterly
- Remove users who have left the organization
- Audit role assignments
- Update to latest terraform-datadog-users module version
## Security Considerations
- API keys should be stored in secure variable storage
- Never commit API keys to version control
- Use Terraform variable files or environment variables
- Consider using Terraform Cloud for secure variable management
## License
Internal use only - Sanoma/WeBuildYourCloud
## Authors
Created and maintained by the Platform Engineering team at Sanoma.
Reference in New Issue View Git Blame Copy Permalink