efellowsbg · BorislavRaynov · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
@@ -0,0 +1,63 @@
+container_registries = {
+  acr_test_1 = {
+    resource_group_ref = "rg_test"
+    name               = "acrtestdevne01"
+    sku                = "Premium"
+
+    georeplications = {
+      georeplication_test_1 = {
+        location                = "West Europe"
+        zone_redundancy_enabled = true
+        tags                    = { Owner = "prod" }
+      }
+    }
+
+    private_endpoint = {
+      name       = "pe-acrtestdevne01"
+      subnet_ref = "vnet_test/snet_private_endpoint_1"
+
+      # This block is needed only if you need name different than the default
+      private_service_connection = {
+        name = "test-privateserviceconnection"
+      }
+
+      private_dns_zone_group_ref = "container_registries"
+    }
+  }
+}
+
+# pre-requisites
+resource_groups = {
+  rg_test = {
+    name     = "rg-test-dv-ne-01"
+    location = "northeurope"
+  }
+}
+
+private_dns_zones = {
+  container_registries = {
+    resource_kind      = "container_registries"
+    resource_group_ref = "rg_test"
+    vnet_ref           = ["vnet_test"]
+  }
+}
+
+virtual_networks = {
+  vnet_test = {
+    name               = "vnet-test-dv-ne-01"
+    resource_group_ref = "rg_test"
+    cidr               = ["10.10.10.0/24"]
+    subnets = {
+      snet_private_endpoint_1 = {
+        name              = "snet-private-endpoint_1"
+        cidr              = ["10.10.10.0/25"]
+        service_endpoints = ["Microsoft.ContainerRegistry"]
+      }
+      snet_private_endpoint_2 = {
+        name              = "snet-private-endpoint_2"
+        cidr              = ["10.10.10.128/25"]
+        service_endpoints = ["Microsoft.ContainerRegistry"]
+      }
+    }
+  }
+}
@@ -1,17 +1,19 @@
 variable "resource_groups" { default = {} }
 
-variable "managed_identities" { default = {} }
-
 variable "virtual_networks" { default = {} }
 
-variable "vnet_peerings" { default = {} }
+variable "container_registry" { default = {} }
 
-variable "local_network_gateways" { default = {} }
+variable "private_dns_zones" { default = {} }
+
+variable "keyvaults" { default = {} }
+
+variable "storage_accounts" { default = {} }
+
+variable "managed_identities" { default = {} }
 
 variable "virtual_network_gateways" { default = {} }
 
 variable "public_ips" { default = {} }
 
-variable "keyvaults" { default = {} }
-
-variable "storage_accounts" { default = {} }
+variable "local_network_gateways" { default = {} }
@@ -0,0 +1,13 @@
+module "container_registry" {
+  source   = "./modules/container_registry"
+  for_each = var.container_registry
+
+  settings        = each.value
+  global_settings = local.global_settings
+
+  resources = {
+    resource_groups   = module.resource_groups
+    virtual_networks  = module.virtual_networks
+    private_dns_zones = module.private_dns_zones
+  }
+}
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }
@@ -0,0 +1,32 @@
+locals {
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
+  resource_group_name = local.resource_group.name
+  location            = local.resource_group.location
+
+  vnet_ids = {
+    for vnet in var.settings.vnet_ref :
+    vnet => {
+      name = var.resources.virtual_networks[vnet].name
+      id   = var.resources.virtual_networks[vnet].id
+    }
+  }
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
+}
+
+locals {
+  # local object used to map possible private dns zoone names
+  zone_names = {
+    "storage_blob"         = "privatelink.blob.core.windows.net"
+    "storage_tables"       = "privatelink.table.core.windows.net"
+    "storage_queues"       = "privatelink.queue.core.windows.net"
+    "storage_files"        = "privatelink.file.core.windows.net"
+    "function_apps"        = "privatelink.azurewebsites.net"
+    "keyvaults"            = "privatelink.vaultcore.azure.net"
+    "container_registries" = "privatelink.azurecr.io"
+  }
+}
@@ -0,0 +1,7 @@
+output "id" {
+  value = azurerm_private_dns_zone.main.id
+}
+
+output "name" {
+  value = azurerm_private_dns_zone.main.name
+}
@@ -3,13 +3,9 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a storage account"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
-  type = object({
-    resource_groups  = map(any)
-    virtual_networks = map(any)
-  })
   description = "All required resources"
 }
@@ -0,0 +1,7 @@
+resource "azurerm_private_dns_zone_virtual_network_link" "main" {
+  for_each              = local.vnet_ids
+  name                  = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link"
+  private_dns_zone_name = azurerm_private_dns_zone.main.name
+  resource_group_name   = azurerm_private_dns_zone.main.resource_group_name
+  virtual_network_id    = each.value.id
+}
@@ -0,0 +1,5 @@
+resource "azurerm_private_dns_zone" "main" {
+  name                = try(local.zone_names[var.settings.resource_kind], var.settings.name)
+  resource_group_name = local.resource_group_name
+  tags                = try(local.tags, null)
+}
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }
@@ -4,4 +4,5 @@ resource "azurerm_public_ip" "main" {
   location            = local.location
   allocation_method   = try(var.settings.allocation_method, "Static")
   tags                = local.tags
+  zones               = try(var.settings.zones, null)
 }
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }
@@ -7,10 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups  = map(any)
-    virtual_networks = map(any)
-    public_ips       = map(any)
-  })
-  description = "All required resources"
+  description = "All the configuration for this resource"
 }
@@ -4,12 +4,12 @@ resource "azurerm_virtual_network_gateway" "main" {
   location            = local.location
   tags                = local.tags
 
-  sku  = var.settings.sku
+  sku  = try(var.settings.sku, "VpnGw1")
   type = try(var.settings.type, "Vpn")
 
   generation    = try(var.settings.generation, null)
   vpn_type      = try(var.settings.vpn_type, null)
-  active_active = try(var.settings.active_active, null)
+  active_active = try(var.settings.active_active, false)
   enable_bgp    = try(var.settings.enable_bgp, null)
 
   dynamic "ip_configuration" {

@@ -11,8 +11,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    virtual_networks = map(any)
-  })
   description = "All required resources"
 }
@@ -0,0 +1,21 @@
+locals {
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
+  resource_group_name = local.resource_group.name
+  location            = local.resource_group.location
+
+  dns_zone_group       = var.resources.private_dns_zones[var.settings.private_endpoint.private_dns_zone_group_ref]
+  dns_zone_group_name  = local.dns_zone_group.name
+  private_dns_zone_ids = [local.dns_zone_group.id]
+
+  subnet_id = try(var.resources.virtual_networks[
+    split("/", var.settings.private_endpoint.subnet_ref)[0]
+    ].subnets[
+    split("/", var.settings.private_endpoint.subnet_ref)[1]
+  ].id, null)
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
+}
@@ -0,0 +1,3 @@
+output "id" {
+  value = azurerm_container_registry.main.id
+}
@@ -0,0 +1,11 @@
+variable "global_settings" {
+  description = "Global settings for tinycaf"
+}
+
+variable "settings" {
+  description = "All the configuration for a azure container registry"
+}
+
+variable "resources" {
+  description = "All required resources"
+}
@@ -0,0 +1,20 @@
+resource "azurerm_container_registry" "main" {
+  name                = var.settings.name
+  resource_group_name = local.resource_group_name
+  location            = local.location
+  tags                = local.tags
+  sku                 = var.settings.sku
+
+  public_network_access_enabled = try(var.settings.public_network_access_enabled, false)
+  admin_enabled                 = try(var.settings.admin_enabled, false)
+
+  dynamic "georeplications" {
+    for_each = var.settings.georeplications
+
+    content {
+      location                = georeplications.value.location
+      zone_redundancy_enabled = try(georeplications.value.zone_redundancy_enabled, false)
+      tags                    = try(georeplications.value.tags, null)
+    }
+  }
+}
@@ -0,0 +1,20 @@
+resource "azurerm_private_endpoint" "main" {
+  name                = "pe-${var.settings.name}"
+  resource_group_name = local.resource_group_name
+  location            = local.location
+  subnet_id           = local.subnet_id
+
+  tags = local.tags
+
+  private_service_connection {
+    name                           = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}")
+    private_connection_resource_id = azurerm_container_registry.main.id
+    is_manual_connection           = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false)
+    subresource_names              = ["registry"]
+  }
+
+  private_dns_zone_group {
+    name                 = local.dns_zone_group_name
+    private_dns_zone_ids = local.private_dns_zone_ids
+  }
+}
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }