Skip to content

[TC-5] Add module for private dns zone with vnet links #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lyudmililchev92 wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[TC-5] Add module for private dns zone with vnet links #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
273257b
TC-5 Add module for private dns zone with vnet links
lyudmililchev92 Jan 17, 2025
4afb629
Merge remote-tracking branch 'origin/main' into TC-05
lyudmililchev92 Jan 17, 2025
ede7387
fix module name and variable name
lyudmililchev92 Jan 17, 2025
692b9aa
add example tfvars for private dns zone
lyudmililchev92 Jan 17, 2025
3b7622d
fix pre-commit
lyudmililchev92 Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions examples/private_dns_zones.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
private_dns_zones = {
storage_account_blob = {
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename to pdns_storage_account_blob

resource_kind = "storage_blob"
resource_group_ref = "rg_test"
vnet_ref = ["vnet_test", "vnet_test2"]
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename to vnet_refs. Also the vnet object is not a child of the private dns zone. Rename this field to something that reflects the fact that we're linking with the vnets.

}
}



# pre-requisites
resource_groups = {
rg_test = {
name = "rg-test-dv-ne-01"
location = "northeurope"
}
}

virtual_networks = {
vnet_test = {
name = "vnet-test-dv-ne-01"
resource_group_ref = "rg_test"
cidr = ["10.0.0.0/16"]
subnets = {
snet_app = {
name = "snet-app"
cidr = ["10.0.0.128/25"]
service_endpoints = ["Microsoft.Storage"]
}
}
}
vnet_test2 = {
name = "vnet-test-dv-ne-02"
resource_group_ref = "rg_test"
cidr = ["10.1.0.0/16"]
subnets = {
snet_app_02 = {
name = "snet-app"
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example will not work if the subnets are named the same :)

cidr = ["10.1.0.128/25"]
service_endpoints = ["Microsoft.Storage"]
}
}
}
}
2 changes: 2 additions & 0 deletions src/_variables.resources.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,5 @@ variable "public_ips" { default = {} }
variable "keyvaults" { default = {} }

variable "storage_accounts" { default = {} }

variable "private_dns_zones" { default = {} }
29 changes: 29 additions & 0 deletions src/modules/_networking/private_dns_zone/_locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
locals {
resource_group = var.resources.resource_groups[var.settings.resource_group_ref]

resource_group_name = local.resource_group.name
location = local.resource_group.location
tags = merge(
var.global_settings.tags,
var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
try(var.settings.tags, {})
)
vnet_ids = {
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This object is called vnet_ids but it holds names and ids. Reconsider.

for vnet in var.settings.vnet_ref :
vnet => {
name = var.resources.virtual_networks[vnet].name
id = var.resources.virtual_networks[vnet].id
}
}
}
locals {
# local object used to map possible private dns zoone names
zone_names = {
"storage_blob" = "privatelink.blob.core.windows.net"
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

storage_blob is the only name in this map that is not plural. Consistency is key. Reconsider.

"storage_tables" = "privatelink.table.core.windows.net"
"storage_queues" = "privatelink.queue.core.windows.net"
"storage_files" = "privatelink.file.core.windows.net"
"function_apps" = "privatelink.azurewebsites.net"
"keyvaults" = "privatelink.vaultcore.azure.net"
}
}
3 changes: 3 additions & 0 deletions src/modules/_networking/private_dns_zone/_outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "id" {
value = azurerm_private_dns_zone.main.id
}
15 changes: 15 additions & 0 deletions src/modules/_networking/private_dns_zone/_variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
variable "global_settings" {
description = "Global settings for tinycaf"
}

variable "settings" {
description = "All the configuration for this resource"
}

variable "resources" {
type = object({
resource_groups = map(any)
virtual_networks = map(any)
})
description = "All required resources"
}
7 changes: 7 additions & 0 deletions src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "azurerm_private_dns_zone_virtual_network_link" "main" {
for_each = local.vnet_ids
name = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link"
private_dns_zone_name = azurerm_private_dns_zone.main.name
resource_group_name = azurerm_private_dns_zone.main.resource_group_name
virtual_network_id = each.value.id
}
5 changes: 5 additions & 0 deletions src/modules/_networking/private_dns_zone/private_dns_zone_group.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resource "azurerm_private_dns_zone" "main" {
name = try(local.zone_names[var.settings.resource_kind], var.settings.name)
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Experience shows that the name field is not used in practice. I recommend relying completely on the local object instead. We'll modify the module to be able to override the name, once such a case emerges.

resource_group_name = local.resource_group_name
tags = try(local.tags, null)
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will never fail. local.tags is enough.

}
12 changes: 12 additions & 0 deletions src/networking.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,15 @@ module "local_network_gateways" {
resource_groups = module.resource_groups
}
}

module "private_dns_zones" {
source = "./modules/_networking/private_dns_zone"
for_each = var.private_dns_zones

global_settings = var.global_settings
Copy link
Member

@mitiko mitiko Jan 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this must be local.global_settings for consistency with the rest of the modules

settings = each.value
resources = {
resource_groups = module.resource_groups
virtual_networks = module.virtual_networks
}
}
Loading