diff --git a/examples/virtual_machines.tfvars b/examples/virtual_machines.tfvars new file mode 100644 index 00000000..51a5a09c --- /dev/null +++ b/examples/virtual_machines.tfvars @@ -0,0 +1,129 @@ +virtual_machines = { + machine_1 = { + type = "windows" + name = "vm-win-braytest-dv-ne-02" + resource_group_ref = "rg_test" + size = "Standard_F2" + admin_username = "adminuser" + admin_password = "P@$$w0rd1234!" + + os_disk = { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference = { + publisher = "MicrosoftWindowsServer" + offer = "WindowsServer" + sku = "2016-Datacenter" + version = "latest" + } + + network_interfaces = { + nic_1 = { + name = "test_nic_1" + ip_configuration = { + name = "int-01" + subnet_ref = "vnet_test/snet_app" + } + } + + nic_2 = { + name = "test_nic_2" + ip_configuration = { + name = "int-02" + subnet_ref = "vnet_test/snet_app" + } + } + } + } + + machine_2 = { + type = "linux" + name = "vm-lin-braytest-dv-ne-02" + resource_group_ref = "rg_test" + size = "Standard_F2" + admin_username = "adminuser" + keyvault_ref = "kv-test" + + network_interfaces = { + nic_3 = { + name = "test_nic_3" + ip_configuration = { + name = "int-03" + subnet_ref = "vnet_test/snet_app" + private_ip_address_allocation = "Dynamic" + } + } + + nic_4 = { + name = "test_nic_4" + ip_configuration = { + name = "int-04" + subnet_ref = "vnet_test/snet_app" + } + } + } + + public_key_openssh = { + test_key_1 = { + algorithm = "RSA" + rsa_bits = 4096 + } + } + + admin_ssh_key = { + username = "adminuser" + public_key_ref = "test_key_1" + } + + os_disk = { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference = { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-lts" + version = "latest" + } + } +} + + +# pre-requisites +resource_groups = { + rg_test = { + name = "rg-braytest-dv-ne-02" + location = "northeurope" + } +} + +virtual_networks = { + vnet_test = { + name = "vnet-test-dv-ne-01" + resource_group_ref = "rg_test" + cidr = ["10.0.0.0/16"] + subnets = { + snet_app = { + name = "snet-test-dv-ne-01" + cidr = ["10.0.0.128/25"] + service_endpoints = ["Microsoft.Storage"] + } + } + } +} + +keyvaults = { + kv-test = { + name = "kv-braytest-dv-ne-02" + resource_group_ref = "rg_test" + + secrets = { + secret-test = { + ignore_changes = false + } + } + } +} diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 1dab9e15..5ddffebe 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -16,6 +16,8 @@ variable "keyvaults" { default = {} } variable "storage_accounts" { default = {} } +variable "virtual_machines" { default = {} } + variable "private_dns_zones" { default = {} } variable "virtual_network_gateway_connections" { default = {} } diff --git a/src/_variables.tf b/src/_variables.tf index c78f924b..d54d3f08 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -9,7 +9,9 @@ variable "global_settings" { }) default = { - tags = {} + tags = { + + } inherit_resource_group_tags = false } } diff --git a/src/keyvault.tf b/src/keyvault.tf index 2aa9e48e..b65a1f4e 100644 --- a/src/keyvault.tf +++ b/src/keyvault.tf @@ -5,6 +5,7 @@ module "keyvaults" { settings = each.value global_settings = local.global_settings resources = { + resource_groups = module.resource_groups virtual_networks = module.virtual_networks resource_groups = module.resource_groups managed_identities = module.managed_identities diff --git a/src/modules/_networking/virtual_network/_variables.tf b/src/modules/_networking/virtual_network/_variables.tf index 315edc56..6f1524d4 100644 --- a/src/modules/_networking/virtual_network/_variables.tf +++ b/src/modules/_networking/virtual_network/_variables.tf @@ -7,8 +7,5 @@ variable "settings" { } variable "resources" { - type = object({ - resource_groups = map(any) - }) description = "All required resources" } diff --git a/src/modules/_networking/virtual_network/virtual_network.tf b/src/modules/_networking/virtual_network/virtual_network.tf index b84425eb..7abc6302 100644 --- a/src/modules/_networking/virtual_network/virtual_network.tf +++ b/src/modules/_networking/virtual_network/virtual_network.tf @@ -5,5 +5,5 @@ resource "azurerm_virtual_network" "main" { address_space = var.settings.cidr - tags = try(local.tags, null) + tags = local.tags } diff --git a/src/modules/compute/kubernetes/_outputs.tf b/src/modules/compute/kubernetes/_outputs.tf index 7851f9b1..0891adc3 100644 --- a/src/modules/compute/kubernetes/_outputs.tf +++ b/src/modules/compute/kubernetes/_outputs.tf @@ -1,3 +1,3 @@ output "id" { value = module.kubernetes_cluster.id -} \ No newline at end of file +} diff --git a/src/modules/compute/kubernetes/aks.tf b/src/modules/compute/kubernetes/aks.tf index 2a85e5fa..7c0cb660 100644 --- a/src/modules/compute/kubernetes/aks.tf +++ b/src/modules/compute/kubernetes/aks.tf @@ -2,16 +2,16 @@ module "kubernetes_cluster" { source = "./kubernetes_cluster" settings = var.settings global_settings = var.global_settings - resources = var.resources + resources = var.resources } module "kubernetes_cluster_node_pool" { - source = "./kubernetes_cluster_node_pool" + source = "./kubernetes_cluster_node_pool" for_each = var.settings.additional_node_pools - - cluster_id = module.kubernetes_cluster.id - all_settings = var.settings + + cluster_id = module.kubernetes_cluster.id + all_settings = var.settings settings = each.value global_settings = var.global_settings - resources = var.resources + resources = var.resources } diff --git a/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf b/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf index 22eabf94..db6a076d 100644 --- a/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf +++ b/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf @@ -1,5 +1,5 @@ locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] resource_group_name = local.resource_group.name location = local.resource_group.location subnet_ids = [ @@ -11,8 +11,8 @@ locals { var.resources.virtual_networks[split("/", var.settings.default_node_pool.subnet_ref)[0]].subnets[split("/", var.settings.default_node_pool.subnet_ref)[1]].id, null ) - managed_identity = can(var.resources.managed_identities[var.settings.identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.identity.managed_identity_ref] : null - kubelet_identity = can(var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref] : null + managed_identity = can(var.resources.managed_identities[var.settings.identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.identity.managed_identity_ref] : null + kubelet_identity = can(var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref] : null tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, @@ -25,17 +25,17 @@ locals { locals { effective_network_profile = { - network_plugin = try(var.settings.network_profile.network_plugin, "azure") - network_mode = try(var.settings.network_profile.network_mode, "transparent") - network_policy = try(var.settings.network_profile.network_policy, "calico") - load_balancer_sku = try(var.settings.network_profile.load_balancer_sku, "standard") - network_data_plane = try(var.settings.network_profile.network_data_plane, "azure") - network_plugin_mode = try(var.settings.network_profile.network_plugin_mode, null) - outbound_type = try(var.settings.network_profile.outbound_type, "loadBalancer") - dns_service_ip = try(var.settings.network_profile.dns_service_ip, null) - service_cidr = try(var.settings.network_profile.service_cidr, null) - service_cidrs = try(var.settings.network_profile.service_cidrs, null) - pod_cidr = try(var.settings.network_profile.pod_cidr, null) + network_plugin = try(var.settings.network_profile.network_plugin, "azure") + network_mode = try(var.settings.network_profile.network_mode, "transparent") + network_policy = try(var.settings.network_profile.network_policy, "calico") + load_balancer_sku = try(var.settings.network_profile.load_balancer_sku, "standard") + network_data_plane = try(var.settings.network_profile.network_data_plane, "azure") + network_plugin_mode = try(var.settings.network_profile.network_plugin_mode, null) + outbound_type = try(var.settings.network_profile.outbound_type, "loadBalancer") + dns_service_ip = try(var.settings.network_profile.dns_service_ip, null) + service_cidr = try(var.settings.network_profile.service_cidr, null) + service_cidrs = try(var.settings.network_profile.service_cidrs, null) + pod_cidr = try(var.settings.network_profile.pod_cidr, null) } -validated_network_data_plane = local.effective_network_profile.network_policy == "cilium" && local.effective_network_profile.network_data_plane != "cilium" ? error("Error: When network_policy is set to 'cilium', the network_data_plane must also be set to 'cilium'.") : local.effective_network_profile.network_data_plane -} \ No newline at end of file + validated_network_data_plane = local.effective_network_profile.network_policy == "cilium" && local.effective_network_profile.network_data_plane != "cilium" ? error("Error: When network_policy is set to 'cilium', the network_data_plane must also be set to 'cilium'.") : local.effective_network_profile.network_data_plane +} diff --git a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf index 6103c4d9..26e81b6b 100644 --- a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf +++ b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf @@ -1,26 +1,26 @@ resource "azurerm_kubernetes_cluster_node_pool" "main" { - name = var.settings.name - kubernetes_cluster_id = var.cluster_id - vm_size = try(var.settings.vm_size, "Standard_DS2_v2") - node_count = try(var.settings.node_count, 1) - auto_scaling_enabled = try(var.settings.auto_scaling_enabled, false) - min_count = try(var.settings.min_count, null) - max_count = try(var.settings.max_count, null) - max_pods = try(var.settings.max_pods, null) - zones = try(var.settings.zones, null) - node_labels = try(var.settings.node_labels, null) - node_taints = try(var.settings.node_taints, null) - os_disk_type = try(var.settings.os_disk_type, null) - os_disk_size_gb = try(var.settings.os_disk_size_gb, null) - os_sku = try(var.settings.os_sku, "Ubuntu") - pod_subnet_id = try(var.settings.pod_subnet_id, null) - vnet_subnet_id = try(local.vnet_subnet_id, null) - os_type = try(var.settings.os_type, null) - ultra_ssd_enabled = try(var.settings.ultra_ssd_enabled, false) - tags = local.tags - fips_enabled = try(var.settings.fips_enabled, false) - host_encryption_enabled = try(var.settings.host_encryption_enabled, false) - kubelet_disk_type = try(var.settings.kubelet_disk_type, "OS") + name = var.settings.name + kubernetes_cluster_id = var.cluster_id + vm_size = try(var.settings.vm_size, "Standard_DS2_v2") + node_count = try(var.settings.node_count, 1) + auto_scaling_enabled = try(var.settings.auto_scaling_enabled, false) + min_count = try(var.settings.min_count, null) + max_count = try(var.settings.max_count, null) + max_pods = try(var.settings.max_pods, null) + zones = try(var.settings.zones, null) + node_labels = try(var.settings.node_labels, null) + node_taints = try(var.settings.node_taints, null) + os_disk_type = try(var.settings.os_disk_type, null) + os_disk_size_gb = try(var.settings.os_disk_size_gb, null) + os_sku = try(var.settings.os_sku, "Ubuntu") + pod_subnet_id = try(var.settings.pod_subnet_id, null) + vnet_subnet_id = try(local.vnet_subnet_id, null) + os_type = try(var.settings.os_type, null) + ultra_ssd_enabled = try(var.settings.ultra_ssd_enabled, false) + tags = local.tags + fips_enabled = try(var.settings.fips_enabled, false) + host_encryption_enabled = try(var.settings.host_encryption_enabled, false) + kubelet_disk_type = try(var.settings.kubelet_disk_type, "OS") node_public_ip_enabled = try(var.settings.node_public_ip_enabled, false) - orchestrator_version = try(var.settings.orchestrator_version, null) + orchestrator_version = try(var.settings.orchestrator_version, null) } diff --git a/src/modules/keyvault/_variables.tf b/src/modules/keyvault/_variables.tf index f98a0145..6f1524d4 100644 --- a/src/modules/keyvault/_variables.tf +++ b/src/modules/keyvault/_variables.tf @@ -6,14 +6,6 @@ variable "settings" { description = "All the configuration for this resource" } - - variable "resources" { - type = object({ - resource_groups = map(any) - virtual_networks = map(any) - managed_identities = map(any) - private_dns_zones = map(any) - }) description = "All required resources" } diff --git a/src/modules/keyvault/access_policies.tf b/src/modules/keyvault/access_policies.tf index 8d10e525..c322acf5 100644 --- a/src/modules/keyvault/access_policies.tf +++ b/src/modules/keyvault/access_policies.tf @@ -1,12 +1,12 @@ module "initial_policy" { source = "./keyvault_access_policy" for_each = try(var.settings.access_policies, {}) - settings = var.settings + global_settings = var.global_settings + keyvault_id = azurerm_key_vault.main.id access_policies = each.value - policy_name = each.key - global_settings = var.global_settings + policy_name = each.key + resources = var.resources } - diff --git a/src/modules/keyvault/keyvault.tf b/src/modules/keyvault/keyvault.tf index fbf10561..73847b67 100644 --- a/src/modules/keyvault/keyvault.tf +++ b/src/modules/keyvault/keyvault.tf @@ -3,14 +3,14 @@ resource "azurerm_key_vault" "main" { resource_group_name = local.resource_group_name location = local.location tags = local.tags + tenant_id = var.global_settings.tenant_id - tenant_id = var.global_settings.tenant_id - sku_name = try(var.settings.sku_name, "standard") - + sku_name = try(var.settings.sku_name, "standard") enabled_for_disk_encryption = try(var.settings.enabled_for_disk_encryption, null) soft_delete_retention_days = try(var.settings.soft_delete_retention_days, null) purge_protection_enabled = try(var.settings.purge_protection_enabled, null) enable_rbac_authorization = try(var.settings.enable_rbac_authorization, false) + public_network_access_enabled = try(var.settings.public_network_access_enabled, false) network_acls { diff --git a/src/modules/keyvault/keyvault_access_policy/_locals.tf b/src/modules/keyvault/keyvault_access_policy/_locals.tf index 8f902e38..82771146 100644 --- a/src/modules/keyvault/keyvault_access_policy/_locals.tf +++ b/src/modules/keyvault/keyvault_access_policy/_locals.tf @@ -50,6 +50,6 @@ locals { locals { - debug_settings = var.settings + debug_settings = var.settings has_logged_in_key = contains(keys(var.settings), "managed_identity") } diff --git a/src/modules/keyvault/keyvault_access_policy/access_policies.tf b/src/modules/keyvault/keyvault_access_policy/access_policies.tf index 39f1c954..7430a8bc 100644 --- a/src/modules/keyvault/keyvault_access_policy/access_policies.tf +++ b/src/modules/keyvault/keyvault_access_policy/access_policies.tf @@ -1,31 +1,29 @@ module "logged_in_user" { - source = "./access_policy" - count = var.policy_name == "logged_in_user" ? 1 : 0 - keyvault_id = var.keyvault_id - tenant_id = var.global_settings.tenant_id - access_policies = try(var.access_policies,null) - object_id = var.global_settings.object_id - key_permissions = local.all_key_permissions + source = "./access_policy" + count = var.policy_name == "logged_in_user" ? 1 : 0 + keyvault_id = var.keyvault_id + tenant_id = var.global_settings.tenant_id + access_policies = try(var.access_policies, null) + object_id = var.global_settings.object_id + key_permissions = local.all_key_permissions secret_permissions = local.all_secret_permissions } - module "managed_identities" { - source = "./access_policy" + source = "./access_policy" for_each = var.policy_name == "managed_identity" && length(try(var.access_policies.managed_identity_refs, [])) > 0 ? { for idx, ref in try(var.access_policies.managed_identity_refs, []) : idx => ref } : {} - keyvault_id = var.keyvault_id - access_policies = var.access_policies - tenant_id = var.global_settings.tenant_id - object_id = var.resources.managed_identities[each.value].principal_id - key_permissions = local.effective_key_permissions + keyvault_id = var.keyvault_id + access_policies = var.access_policies + tenant_id = var.global_settings.tenant_id + object_id = var.resources.managed_identities[each.value].principal_id + key_permissions = local.effective_key_permissions secret_permissions = local.effective_secret_permissions } module "object_ids" { - source = "./access_policy" - for_each = var.policy_name == "object_ids" && length(try(var.access_policies.object_ids, [])) > 0 ? { for idx, obj_id in try(var.access_policies.object_ids, []) : idx => obj_id } : {} - + source = "./access_policy" + for_each = var.policy_name == "object_ids" && length(try(var.access_policies.object_ids, [])) > 0 ? { for idx, obj_id in try(var.access_policies.object_ids, []) : idx => obj_id } : {} keyvault_id = var.keyvault_id access_policies = var.access_policies tenant_id = var.global_settings.tenant_id diff --git a/src/modules/keyvault/keyvault_access_policy/access_policy/access_policy.tf b/src/modules/keyvault/keyvault_access_policy/access_policy/access_policy.tf index b962091f..17b95dec 100644 --- a/src/modules/keyvault/keyvault_access_policy/access_policy/access_policy.tf +++ b/src/modules/keyvault/keyvault_access_policy/access_policy/access_policy.tf @@ -1,9 +1,7 @@ resource "azurerm_key_vault_access_policy" "main" { # Using the policy key in the resource name - key_vault_id = var.keyvault_id - - tenant_id = var.tenant_id - object_id = var.object_id - + key_vault_id = var.keyvault_id + tenant_id = var.tenant_id + object_id = var.object_id key_permissions = var.key_permissions secret_permissions = var.secret_permissions } diff --git a/src/modules/keyvault/secrets.tf b/src/modules/keyvault/secrets.tf index dcc517be..893c82ed 100644 --- a/src/modules/keyvault/secrets.tf +++ b/src/modules/keyvault/secrets.tf @@ -1,8 +1,8 @@ module "secrets" { - source = "./keyvault_secret" + source = "./keyvault_secret" # Use for_each to iterate over the secrets map - for_each = try(var.settings.secrets, {}) + for_each = try(var.settings.secrets, {}) settings = var.settings keyvault_id = azurerm_key_vault.main.id diff --git a/src/modules/managed_identity/_variables.tf b/src/modules/managed_identity/_variables.tf index 315edc56..6f1524d4 100644 --- a/src/modules/managed_identity/_variables.tf +++ b/src/modules/managed_identity/_variables.tf @@ -7,8 +7,5 @@ variable "settings" { } variable "resources" { - type = object({ - resource_groups = map(any) - }) description = "All required resources" } diff --git a/src/modules/resource_group/_locals.tf b/src/modules/resource_group/_locals.tf new file mode 100644 index 00000000..bd0faa0c --- /dev/null +++ b/src/modules/resource_group/_locals.tf @@ -0,0 +1,6 @@ +locals { + tags = merge( + var.global_settings.tags, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/resource_group/main.tf b/src/modules/resource_group/main.tf index 908577de..e0101013 100644 --- a/src/modules/resource_group/main.tf +++ b/src/modules/resource_group/main.tf @@ -2,5 +2,5 @@ resource "azurerm_resource_group" "main" { name = var.settings.name location = var.settings.location - tags = try(var.settings.tags, {}) + tags = local.tags } diff --git a/src/modules/storage_account/_variables.tf b/src/modules/storage_account/_variables.tf index 4b379539..d72b17b4 100644 --- a/src/modules/storage_account/_variables.tf +++ b/src/modules/storage_account/_variables.tf @@ -7,9 +7,5 @@ variable "settings" { } variable "resources" { - type = object({ - resource_groups = map(any) - virtual_networks = map(any) - }) description = "All required resources" } diff --git a/src/modules/storage_account/storage_account.tf b/src/modules/storage_account/storage_account.tf index ef0fa1cd..289a6555 100644 --- a/src/modules/storage_account/storage_account.tf +++ b/src/modules/storage_account/storage_account.tf @@ -4,7 +4,7 @@ resource "azurerm_storage_account" "main" { location = local.location tags = local.tags - account_kind = try(var.settings.account_kind, null) # defaults to StorageV2 + account_kind = try(var.settings.account_kind, "StorageV2") account_tier = try(var.settings.account_tier, "Standard") account_replication_type = var.settings.account_replication_type @@ -28,7 +28,5 @@ resource "azurerm_storage_account" "main" { bypass = try(var.settings.network_rules.bypass, null) ip_rules = try(var.settings.network_rules.allowed_ips, null) virtual_network_subnet_ids = local.subnet_ids - - # TODO: private_link_access block } } diff --git a/src/modules/virtual_machines/_locals.tf b/src/modules/virtual_machines/_locals.tf new file mode 100644 index 00000000..e69de29b diff --git a/src/modules/virtual_machines/_outputs.tf b/src/modules/virtual_machines/_outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/src/modules/virtual_machines/_variables.tf b/src/modules/virtual_machines/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/virtual_machines/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf new file mode 100644 index 00000000..e0dc3347 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf @@ -0,0 +1,17 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + resource_group_name = local.resource_group.name + location = local.resource_group.location + + network_interface_ids = module.network_interface.ids + + key_vault_id = var.resources.keyvaults[var.settings.keyvault_ref].id + + public_key = tls_private_key.main[var.settings.admin_ssh_key.public_key_ref].public_key_openssh + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/_outputs.tf b/src/modules/virtual_machines/linux_virtual_machine/_outputs.tf new file mode 100644 index 00000000..13ab3947 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/_outputs.tf @@ -0,0 +1,11 @@ +output "id" { + value = azurerm_linux_virtual_machine.main.id +} + +output "private_ip_addresses" { + value = azurerm_linux_virtual_machine.main.private_ip_addresses +} + +output "public_ip_addresses" { + value = azurerm_linux_virtual_machine.main.public_ip_addresses +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/_variables.tf b/src/modules/virtual_machines/linux_virtual_machine/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf new file mode 100644 index 00000000..75488d97 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -0,0 +1,30 @@ +resource "azurerm_linux_virtual_machine" "main" { + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + admin_username = var.settings.admin_username + size = var.settings.size + network_interface_ids = local.network_interface_ids + + tags = local.tags + + dynamic "admin_ssh_key" { + for_each = try(var.settings.admin_ssh_key[*], {}) + content { + username = try(admin_ssh_key.value.username, null) + public_key = try(admin_ssh_key.value.public_key, null) + } + } + + os_disk { + caching = var.settings.os_disk.caching + storage_account_type = var.settings.os_disk.storage_account_type + } + + source_image_reference { + publisher = var.settings.source_image_reference.publisher + offer = var.settings.source_image_reference.offer + sku = var.settings.source_image_reference.sku + version = var.settings.source_image_reference.version + } +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/network_interface.tf b/src/modules/virtual_machines/linux_virtual_machine/network_interface.tf new file mode 100644 index 00000000..5e307460 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/network_interface.tf @@ -0,0 +1,7 @@ +module "network_interface" { + source = "../network_interface" + global_settings = var.global_settings + settings = var.settings + + resources = var.resources +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf new file mode 100644 index 00000000..1471855e --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf @@ -0,0 +1,5 @@ +resource "azurerm_key_vault_secret" "main" { + name = "${var.settings.name}-ssh-private-key" + value = local.public_key + key_vault_id = local.key_vault_id +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf new file mode 100644 index 00000000..ec38c336 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf @@ -0,0 +1,6 @@ +resource "tls_private_key" "main" { + for_each = var.settings.public_key_openssh + + algorithm = each.value.algorithm + rsa_bits = each.value.rsa_bits +} diff --git a/src/modules/virtual_machines/network_interface/_locals.tf b/src/modules/virtual_machines/network_interface/_locals.tf new file mode 100644 index 00000000..b6c4756f --- /dev/null +++ b/src/modules/virtual_machines/network_interface/_locals.tf @@ -0,0 +1,11 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/virtual_machines/network_interface/_ouputs.tf b/src/modules/virtual_machines/network_interface/_ouputs.tf new file mode 100644 index 00000000..0f5f626c --- /dev/null +++ b/src/modules/virtual_machines/network_interface/_ouputs.tf @@ -0,0 +1,3 @@ +output "ids" { + value = [for nic in azurerm_network_interface.main : nic.id] +} diff --git a/src/modules/virtual_machines/network_interface/_variables.tf b/src/modules/virtual_machines/network_interface/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/virtual_machines/network_interface/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/virtual_machines/network_interface/network_interface.tf b/src/modules/virtual_machines/network_interface/network_interface.tf new file mode 100644 index 00000000..51851ab0 --- /dev/null +++ b/src/modules/virtual_machines/network_interface/network_interface.tf @@ -0,0 +1,14 @@ +resource "azurerm_network_interface" "main" { + for_each = var.settings.network_interfaces + name = each.value.name + resource_group_name = local.resource_group_name + location = local.location + + tags = local.tags + + ip_configuration { + name = each.value.ip_configuration.name + subnet_id = try(var.resources.virtual_networks[split("/", each.value.ip_configuration.subnet_ref)[0]].subnets[split("/", each.value.ip_configuration.subnet_ref)[1]].id, null) + private_ip_address_allocation = try(each.value.ip_configuration.private_ip_address_allocation, "Dynamic") + } +} diff --git a/src/modules/virtual_machines/virtual_machines.tf b/src/modules/virtual_machines/virtual_machines.tf new file mode 100644 index 00000000..2bc83027 --- /dev/null +++ b/src/modules/virtual_machines/virtual_machines.tf @@ -0,0 +1,17 @@ +module "linux_virtual_machine" { + source = "./linux_virtual_machine" + + count = var.settings.type == "linux" ? 1 : 0 + settings = var.settings + global_settings = var.global_settings + resources = var.resources +} + +module "windows_virtual_machine" { + source = "./windows_virtual_machine" + + count = var.settings.type == "windows" ? 1 : 0 + settings = var.settings + global_settings = var.global_settings + resources = var.resources +} diff --git a/src/modules/virtual_machines/windows_virtual_machine/_locals.tf b/src/modules/virtual_machines/windows_virtual_machine/_locals.tf new file mode 100644 index 00000000..2b702764 --- /dev/null +++ b/src/modules/virtual_machines/windows_virtual_machine/_locals.tf @@ -0,0 +1,13 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + resource_group_name = local.resource_group.name + location = local.resource_group.location + + network_interface_ids = module.network_interface.ids + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/virtual_machines/windows_virtual_machine/_ouputs.tf b/src/modules/virtual_machines/windows_virtual_machine/_ouputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/src/modules/virtual_machines/windows_virtual_machine/_variables.tf b/src/modules/virtual_machines/windows_virtual_machine/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/virtual_machines/windows_virtual_machine/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/virtual_machines/windows_virtual_machine/network_interface.tf b/src/modules/virtual_machines/windows_virtual_machine/network_interface.tf new file mode 100644 index 00000000..5e307460 --- /dev/null +++ b/src/modules/virtual_machines/windows_virtual_machine/network_interface.tf @@ -0,0 +1,7 @@ +module "network_interface" { + source = "../network_interface" + global_settings = var.global_settings + settings = var.settings + + resources = var.resources +} diff --git a/src/modules/virtual_machines/windows_virtual_machine/windows_virtual_macine.tf b/src/modules/virtual_machines/windows_virtual_machine/windows_virtual_macine.tf new file mode 100644 index 00000000..6422b4f8 --- /dev/null +++ b/src/modules/virtual_machines/windows_virtual_machine/windows_virtual_macine.tf @@ -0,0 +1,23 @@ +resource "azurerm_windows_virtual_machine" "main" { + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + admin_username = var.settings.admin_username + admin_password = var.settings.admin_password + size = var.settings.size + network_interface_ids = local.network_interface_ids + + tags = local.tags + + os_disk { + caching = var.settings.os_disk.caching + storage_account_type = var.settings.os_disk.storage_account_type + } + + source_image_reference { + publisher = var.settings.source_image_reference.publisher + offer = var.settings.source_image_reference.offer + sku = var.settings.source_image_reference.sku + version = var.settings.source_image_reference.version + } +} diff --git a/src/networking.tf b/src/networking.tf index e9c65bc2..e3ee9759 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -79,10 +79,10 @@ module "virtual_network_gateway_connections" { global_settings = var.global_settings settings = each.value resources = { - resource_groups = module.resource_groups - virtual_networks = module.virtual_networks - keyvaults = module.keyvaults - local_network_gateways = module.local_network_gateways + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + keyvaults = module.keyvaults + local_network_gateways = module.local_network_gateways virtual_network_gateways = module.virtual_network_gateways } } diff --git a/src/role_assignments.tf b/src/role_assignments.tf index e53c1092..f52f1fb6 100644 --- a/src/role_assignments.tf +++ b/src/role_assignments.tf @@ -6,9 +6,9 @@ module "role_assignments" { global_settings = local.global_settings resources = { - resource_groups = module.resource_groups - keyvaults = module.keyvaults - managed_identities = module.managed_identities + resource_groups = module.resource_groups + keyvaults = module.keyvaults + managed_identities = module.managed_identities kubernetes_clusters = module.kubernetes_clusters } } diff --git a/src/virtual_machines.tf b/src/virtual_machines.tf new file mode 100644 index 00000000..82630bdd --- /dev/null +++ b/src/virtual_machines.tf @@ -0,0 +1,13 @@ +module "virtual_machines" { + for_each = var.virtual_machines + source = "./modules/virtual_machines" + + settings = each.value + global_settings = var.global_settings + + resources = { + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + keyvaults = module.keyvaults + } +}