From 273257bf9cb8617026088e3d4ccd0f5a31c98aac Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Fri, 17 Jan 2025 13:14:07 +0200 Subject: [PATCH 1/4] TC-5 Add module for private dns zone with vnet links --- src/_variables.resources.tf | 2 ++ .../_networking/private_dns_zone/_locals.tf | 29 +++++++++++++++++++ .../_networking/private_dns_zone/_outputs.tf | 4 +++ .../private_dns_zone/_variables.tf | 15 ++++++++++ .../private_dns_zone/private_dns_vnet_link.tf | 7 +++++ .../private_dns_zone_group.tf | 7 +++++ src/networking.tf | 12 ++++++++ 7 files changed, 76 insertions(+) create mode 100644 src/modules/_networking/private_dns_zone/_locals.tf create mode 100644 src/modules/_networking/private_dns_zone/_outputs.tf create mode 100644 src/modules/_networking/private_dns_zone/_variables.tf create mode 100644 src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf create mode 100644 src/modules/_networking/private_dns_zone/private_dns_zone_group.tf diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index a8ba337b..3ee09146 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -13,3 +13,5 @@ variable "virtual_network_gateways" { default = {} } variable "public_ips" { default = {} } variable "storage_accounts" { default = {} } + +variable "private_dns_zone" { default = {} } diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf new file mode 100644 index 00000000..bb7ea943 --- /dev/null +++ b/src/modules/_networking/private_dns_zone/_locals.tf @@ -0,0 +1,29 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) + vnet_ids = { + for vnet in var.settings.vnet_ref : + vnet => { + name = var.resources.virtual_networks[vnet].name + id = var.resources.virtual_networks[vnet].id + } +} +} +locals { + # local object used to map possible private dns zoone names + zone_names = { + "storage_blob" = "privatelink.blob.core.windows.net" + "storage_tables" = "privatelink.table.core.windows.net" + "storage_queues" = "privatelink.queue.core.windows.net" + "storage_files" = "privatelink.file.core.windows.net" + "function_apps" = "privatelink.azurewebsites.net" + "keyvaults" = "privatelink.vaultcore.azure.net" + } +} diff --git a/src/modules/_networking/private_dns_zone/_outputs.tf b/src/modules/_networking/private_dns_zone/_outputs.tf new file mode 100644 index 00000000..95b1d87b --- /dev/null +++ b/src/modules/_networking/private_dns_zone/_outputs.tf @@ -0,0 +1,4 @@ +output "id" { + value = azurerm_private_dns_zone.main.id +} + diff --git a/src/modules/_networking/private_dns_zone/_variables.tf b/src/modules/_networking/private_dns_zone/_variables.tf new file mode 100644 index 00000000..9391fd43 --- /dev/null +++ b/src/modules/_networking/private_dns_zone/_variables.tf @@ -0,0 +1,15 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + type = object({ + resource_groups = map(any) + virtual_networks = map(any) + }) + description = "All required resources" +} diff --git a/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf new file mode 100644 index 00000000..57cc33fa --- /dev/null +++ b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf @@ -0,0 +1,7 @@ +resource "azurerm_private_dns_zone_virtual_network_link" "main" { + for_each = local.vnet_ids + name = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link" + private_dns_zone_name = azurerm_private_dns_zone.main.name + resource_group_name = azurerm_private_dns_zone.main.resource_group_name + virtual_network_id = each.value.id +} \ No newline at end of file diff --git a/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf new file mode 100644 index 00000000..03cc3eff --- /dev/null +++ b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf @@ -0,0 +1,7 @@ +resource "azurerm_private_dns_zone" "main" { + name = try(local.zone_names[var.settings.resource_kind], var.settings.name) + resource_group_name = local.resource_group_name + tags = try(local.tags, null) +} + + diff --git a/src/networking.tf b/src/networking.tf index bd9aadde..53990dd3 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -59,3 +59,15 @@ module "local_network_gateways" { resource_groups = module.resource_groups } } + +module "private_dns_zones" { + source = "./modules/_networking/private_dns_zone" + for_each = var.private_dns_zone + + global_settings = var.global_settings + settings = each.value + resources = { + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + } +} From ede7387c8b21ab121977564fe76f21efcd8a51be Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Fri, 17 Jan 2025 13:29:51 +0200 Subject: [PATCH 2/4] fix module name and variable name --- src/_variables.resources.tf | 2 +- src/networking.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index df108160..51727857 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -16,4 +16,4 @@ variable "keyvaults" { default = {} } variable "storage_accounts" { default = {} } -variable "private_dns_zone" { default = {} } +variable "private_dns_zones" { default = {} } diff --git a/src/networking.tf b/src/networking.tf index ea1b80d2..cf0b08f0 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -62,7 +62,7 @@ module "local_network_gateways" { module "private_dns_zones" { source = "./modules/_networking/private_dns_zone" - for_each = var.private_dns_zone + for_each = var.private_dns_zones global_settings = var.global_settings settings = each.value From 692b9aa419e69d26855d373b5cf0756055553236 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Fri, 17 Jan 2025 13:34:28 +0200 Subject: [PATCH 3/4] add example tfvars for private dns zone --- examples/private_dns_zones.tfvars | 44 +++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 examples/private_dns_zones.tfvars diff --git a/examples/private_dns_zones.tfvars b/examples/private_dns_zones.tfvars new file mode 100644 index 00000000..256cb2bd --- /dev/null +++ b/examples/private_dns_zones.tfvars @@ -0,0 +1,44 @@ +private_dns_zones = { + storage_account_blob = { + resource_kind = "storage_blob" + resource_group_ref = "rg_test" + vnet_ref = ["vnet_test", "vnet_test2"] + } +} + + + +# pre-requisites +resource_groups = { + rg_test = { + name = "rg-test-dv-ne-01" + location = "northeurope" + } +} + +virtual_networks = { + vnet_test = { + name = "vnet-test-dv-ne-01" + resource_group_ref = "rg_test" + cidr = ["10.0.0.0/16"] + subnets = { + snet_app = { + name = "snet-app" + cidr = ["10.0.0.128/25"] + service_endpoints = ["Microsoft.Storage"] + } + } + } + vnet_test2 = { + name = "vnet-test-dv-ne-02" + resource_group_ref = "rg_test" + cidr = ["10.1.0.0/16"] + subnets = { + snet_app_02 = { + name = "snet-app" + cidr = ["10.1.0.128/25"] + service_endpoints = ["Microsoft.Storage"] + } + } + } +} \ No newline at end of file From 3b7622def3c8ae3522a1bea3873d0ebd661fe127 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Fri, 17 Jan 2025 13:36:02 +0200 Subject: [PATCH 4/4] fix pre-commit --- examples/private_dns_zones.tfvars | 2 +- .../_networking/private_dns_zone/_locals.tf | 14 +++++++------- .../_networking/private_dns_zone/_outputs.tf | 1 - .../_networking/private_dns_zone/_variables.tf | 2 +- .../private_dns_zone/private_dns_vnet_link.tf | 6 +++--- .../private_dns_zone/private_dns_zone_group.tf | 6 ++---- src/networking.tf | 2 +- 7 files changed, 15 insertions(+), 18 deletions(-) diff --git a/examples/private_dns_zones.tfvars b/examples/private_dns_zones.tfvars index 256cb2bd..07744f46 100644 --- a/examples/private_dns_zones.tfvars +++ b/examples/private_dns_zones.tfvars @@ -41,4 +41,4 @@ virtual_networks = { } } } -} \ No newline at end of file +} diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf index bb7ea943..53c86680 100644 --- a/src/modules/_networking/private_dns_zone/_locals.tf +++ b/src/modules/_networking/private_dns_zone/_locals.tf @@ -10,20 +10,20 @@ locals { ) vnet_ids = { for vnet in var.settings.vnet_ref : - vnet => { + vnet => { name = var.resources.virtual_networks[vnet].name - id = var.resources.virtual_networks[vnet].id + id = var.resources.virtual_networks[vnet].id + } } } -} locals { # local object used to map possible private dns zoone names zone_names = { - "storage_blob" = "privatelink.blob.core.windows.net" + "storage_blob" = "privatelink.blob.core.windows.net" "storage_tables" = "privatelink.table.core.windows.net" "storage_queues" = "privatelink.queue.core.windows.net" - "storage_files" = "privatelink.file.core.windows.net" - "function_apps" = "privatelink.azurewebsites.net" - "keyvaults" = "privatelink.vaultcore.azure.net" + "storage_files" = "privatelink.file.core.windows.net" + "function_apps" = "privatelink.azurewebsites.net" + "keyvaults" = "privatelink.vaultcore.azure.net" } } diff --git a/src/modules/_networking/private_dns_zone/_outputs.tf b/src/modules/_networking/private_dns_zone/_outputs.tf index 95b1d87b..0d4f3d12 100644 --- a/src/modules/_networking/private_dns_zone/_outputs.tf +++ b/src/modules/_networking/private_dns_zone/_outputs.tf @@ -1,4 +1,3 @@ output "id" { value = azurerm_private_dns_zone.main.id } - diff --git a/src/modules/_networking/private_dns_zone/_variables.tf b/src/modules/_networking/private_dns_zone/_variables.tf index 9391fd43..4ee12d7c 100644 --- a/src/modules/_networking/private_dns_zone/_variables.tf +++ b/src/modules/_networking/private_dns_zone/_variables.tf @@ -8,7 +8,7 @@ variable "settings" { variable "resources" { type = object({ - resource_groups = map(any) + resource_groups = map(any) virtual_networks = map(any) }) description = "All required resources" diff --git a/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf index 57cc33fa..08444fe8 100644 --- a/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf +++ b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf @@ -1,7 +1,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "main" { for_each = local.vnet_ids - name = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link" + name = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link" private_dns_zone_name = azurerm_private_dns_zone.main.name - resource_group_name = azurerm_private_dns_zone.main.resource_group_name + resource_group_name = azurerm_private_dns_zone.main.resource_group_name virtual_network_id = each.value.id -} \ No newline at end of file +} diff --git a/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf index 03cc3eff..69fc0fb5 100644 --- a/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf +++ b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf @@ -1,7 +1,5 @@ resource "azurerm_private_dns_zone" "main" { - name = try(local.zone_names[var.settings.resource_kind], var.settings.name) + name = try(local.zone_names[var.settings.resource_kind], var.settings.name) resource_group_name = local.resource_group_name - tags = try(local.tags, null) + tags = try(local.tags, null) } - - diff --git a/src/networking.tf b/src/networking.tf index cf0b08f0..c4b9ff86 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -67,7 +67,7 @@ module "private_dns_zones" { global_settings = var.global_settings settings = each.value resources = { - resource_groups = module.resource_groups + resource_groups = module.resource_groups virtual_networks = module.virtual_networks } }