efellowsbg · BorislavRaynov · Jan 27, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/examples/virtual_machines.tfvars b/examples/virtual_machines.tfvars
@@ -0,0 +1,129 @@
+virtual_machines = {
+  machine_1 = {
+    type               = "windows"
+    name               = "vm-win-braytest-dv-ne-02"
+    resource_group_ref = "rg_test"
+    size               = "Standard_F2"
+    admin_username     = "adminuser"
+    admin_password     = "P@$$w0rd1234!"
+
+    os_disk = {
+      caching              = "ReadWrite"
+      storage_account_type = "Standard_LRS"
+    }
+
+    source_image_reference = {
+      publisher = "MicrosoftWindowsServer"
+      offer     = "WindowsServer"
+      sku       = "2016-Datacenter"
+      version   = "latest"
+    }
+
+    network_interfaces = {
+      nic_1 = {
+        name = "test_nic_1"
+        ip_configuration = {
+          name       = "int-01"
+          subnet_ref = "vnet_test/snet_app"
+        }
+      }
+
+      nic_2 = {
+        name = "test_nic_2"
+        ip_configuration = {
+          name       = "int-02"
+          subnet_ref = "vnet_test/snet_app"
+        }
+      }
+    }
+  }
+
+  machine_2 = {
+    type               = "linux"
+    name               = "vm-lin-braytest-dv-ne-02"
+    resource_group_ref = "rg_test"
+    size               = "Standard_F2"
+    admin_username     = "adminuser"
+    keyvault_ref       = "kv-test"
+
+    network_interfaces = {
+      nic_3 = {
+        name = "test_nic_3"
+        ip_configuration = {
+          name                          = "int-03"
+          subnet_ref                    = "vnet_test/snet_app"
+          private_ip_address_allocation = "Dynamic"
+        }
+      }
+
+      nic_4 = {
+        name = "test_nic_4"
+        ip_configuration = {
+          name       = "int-04"
+          subnet_ref = "vnet_test/snet_app"
+        }
+      }
+    }
+
+    public_key_openssh = {
+      test_key_1 = {
+        algorithm = "RSA"
+        rsa_bits  = 4096
+      }
+    }
+
+    admin_ssh_key = {
+      username       = "adminuser"
+      public_key_ref = "test_key_1"
+    }
+
+    os_disk = {
+      caching              = "ReadWrite"
+      storage_account_type = "Standard_LRS"
+    }
+
+    source_image_reference = {
+      publisher = "Canonical"
+      offer     = "0001-com-ubuntu-server-jammy"
+      sku       = "22_04-lts"
+      version   = "latest"
+    }
+  }
+}
+
+
+# pre-requisites
+resource_groups = {
+  rg_test = {
+    name     = "rg-braytest-dv-ne-02"
+    location = "northeurope"
+  }
+}
+
+virtual_networks = {
+  vnet_test = {
+    name               = "vnet-test-dv-ne-01"
+    resource_group_ref = "rg_test"
+    cidr               = ["10.0.0.0/16"]
+    subnets = {
+      snet_app = {
+        name              = "snet-test-dv-ne-01"
+        cidr              = ["10.0.0.128/25"]
+        service_endpoints = ["Microsoft.Storage"]
+      }
+    }
+  }
+}
+
+keyvaults = {
+  kv-test = {
+    name               = "kv-braytest-dv-ne-02"
+    resource_group_ref = "rg_test"
+
+    secrets = {
+      secret-test = {
+        ignore_changes = false
+      }
+    }
+  }
+}
diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf
@@ -16,6 +16,8 @@ variable "keyvaults" { default = {} }
 
 variable "storage_accounts" { default = {} }
 
+variable "virtual_machines" { default = {} }
+
 variable "private_dns_zones" { default = {} }
 
 variable "virtual_network_gateway_connections" { default = {} }

diff --git a/src/_variables.tf b/src/_variables.tf
@@ -9,7 +9,9 @@ variable "global_settings" {
   })
 
   default = {
-    tags                        = {}
+    tags = {
+
+    }
     inherit_resource_group_tags = false
   }
 }
diff --git a/src/keyvault.tf b/src/keyvault.tf
@@ -5,6 +5,7 @@ module "keyvaults" {
   settings        = each.value
   global_settings = local.global_settings
   resources = {
+    resource_groups    = module.resource_groups
     virtual_networks   = module.virtual_networks
     resource_groups    = module.resource_groups
     managed_identities = module.managed_identities

diff --git a/src/modules/_networking/virtual_network/_variables.tf b/src/modules/_networking/virtual_network/_variables.tf
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }
diff --git a/src/modules/_networking/virtual_network/virtual_network.tf b/src/modules/_networking/virtual_network/virtual_network.tf
@@ -5,5 +5,5 @@ resource "azurerm_virtual_network" "main" {
 
   address_space = var.settings.cidr
 
-  tags = try(local.tags, null)
+  tags = local.tags
 }
diff --git a/src/modules/compute/kubernetes/_outputs.tf b/src/modules/compute/kubernetes/_outputs.tf
@@ -1,3 +1,3 @@
 output "id" {
   value = module.kubernetes_cluster.id
-}
+}
diff --git a/src/modules/compute/kubernetes/aks.tf b/src/modules/compute/kubernetes/aks.tf
@@ -2,16 +2,16 @@ module "kubernetes_cluster" {
   source          = "./kubernetes_cluster"
   settings        = var.settings
   global_settings = var.global_settings
-  resources = var.resources
+  resources       = var.resources
 }
 
 module "kubernetes_cluster_node_pool" {
-  source          = "./kubernetes_cluster_node_pool"
+  source   = "./kubernetes_cluster_node_pool"
   for_each = var.settings.additional_node_pools
-  
-  cluster_id = module.kubernetes_cluster.id
-  all_settings = var.settings
+
+  cluster_id      = module.kubernetes_cluster.id
+  all_settings    = var.settings
   settings        = each.value
   global_settings = var.global_settings
-  resources = var.resources
+  resources       = var.resources
 }
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf b/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf
@@ -1,5 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
   subnet_ids = [
@@ -11,8 +11,8 @@ locals {
     var.resources.virtual_networks[split("/", var.settings.default_node_pool.subnet_ref)[0]].subnets[split("/", var.settings.default_node_pool.subnet_ref)[1]].id,
     null
   )
-  managed_identity    = can(var.resources.managed_identities[var.settings.identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.identity.managed_identity_ref] : null
-  kubelet_identity    = can(var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref] : null
+  managed_identity = can(var.resources.managed_identities[var.settings.identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.identity.managed_identity_ref] : null
+  kubelet_identity = can(var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref] : null
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
@@ -25,17 +25,17 @@ locals {
 
 locals {
   effective_network_profile = {
-    network_plugin       = try(var.settings.network_profile.network_plugin, "azure")
-    network_mode         = try(var.settings.network_profile.network_mode, "transparent")
-    network_policy       = try(var.settings.network_profile.network_policy, "calico")
-    load_balancer_sku    = try(var.settings.network_profile.load_balancer_sku, "standard")
-    network_data_plane   = try(var.settings.network_profile.network_data_plane, "azure")
-    network_plugin_mode  = try(var.settings.network_profile.network_plugin_mode, null)
-    outbound_type        = try(var.settings.network_profile.outbound_type, "loadBalancer")
-    dns_service_ip       = try(var.settings.network_profile.dns_service_ip, null)
-    service_cidr         = try(var.settings.network_profile.service_cidr, null)
-    service_cidrs        = try(var.settings.network_profile.service_cidrs, null)
-    pod_cidr             = try(var.settings.network_profile.pod_cidr, null)
+    network_plugin      = try(var.settings.network_profile.network_plugin, "azure")
+    network_mode        = try(var.settings.network_profile.network_mode, "transparent")
+    network_policy      = try(var.settings.network_profile.network_policy, "calico")
+    load_balancer_sku   = try(var.settings.network_profile.load_balancer_sku, "standard")
+    network_data_plane  = try(var.settings.network_profile.network_data_plane, "azure")
+    network_plugin_mode = try(var.settings.network_profile.network_plugin_mode, null)
+    outbound_type       = try(var.settings.network_profile.outbound_type, "loadBalancer")
+    dns_service_ip      = try(var.settings.network_profile.dns_service_ip, null)
+    service_cidr        = try(var.settings.network_profile.service_cidr, null)
+    service_cidrs       = try(var.settings.network_profile.service_cidrs, null)
+    pod_cidr            = try(var.settings.network_profile.pod_cidr, null)
   }
-validated_network_data_plane = local.effective_network_profile.network_policy == "cilium" && local.effective_network_profile.network_data_plane != "cilium" ? error("Error: When network_policy is set to 'cilium', the network_data_plane must also be set to 'cilium'.") : local.effective_network_profile.network_data_plane
-}
+  validated_network_data_plane = local.effective_network_profile.network_policy == "cilium" && local.effective_network_profile.network_data_plane != "cilium" ? error("Error: When network_policy is set to 'cilium', the network_data_plane must also be set to 'cilium'.") : local.effective_network_profile.network_data_plane
+}
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf
@@ -1,26 +1,26 @@
 resource "azurerm_kubernetes_cluster_node_pool" "main" {
-  name                        = var.settings.name
-  kubernetes_cluster_id       = var.cluster_id
-  vm_size                     = try(var.settings.vm_size, "Standard_DS2_v2")
-  node_count                  = try(var.settings.node_count, 1)
-  auto_scaling_enabled        = try(var.settings.auto_scaling_enabled, false)
-  min_count                   = try(var.settings.min_count, null)
-  max_count                   = try(var.settings.max_count, null)
-  max_pods                    = try(var.settings.max_pods, null)
-  zones                       = try(var.settings.zones, null)
-  node_labels                 = try(var.settings.node_labels, null)
-  node_taints                 = try(var.settings.node_taints, null)
-  os_disk_type                = try(var.settings.os_disk_type, null)
-  os_disk_size_gb             = try(var.settings.os_disk_size_gb, null)
-  os_sku                      = try(var.settings.os_sku, "Ubuntu")
-  pod_subnet_id               = try(var.settings.pod_subnet_id, null)
-  vnet_subnet_id              = try(local.vnet_subnet_id, null)
-  os_type                     = try(var.settings.os_type, null)
-  ultra_ssd_enabled           = try(var.settings.ultra_ssd_enabled, false)
-  tags                        = local.tags
-  fips_enabled             = try(var.settings.fips_enabled, false)
-  host_encryption_enabled = try(var.settings.host_encryption_enabled, false) 
-  kubelet_disk_type  = try(var.settings.kubelet_disk_type, "OS")
+  name                    = var.settings.name
+  kubernetes_cluster_id   = var.cluster_id
+  vm_size                 = try(var.settings.vm_size, "Standard_DS2_v2")
+  node_count              = try(var.settings.node_count, 1)
+  auto_scaling_enabled    = try(var.settings.auto_scaling_enabled, false)
+  min_count               = try(var.settings.min_count, null)
+  max_count               = try(var.settings.max_count, null)
+  max_pods                = try(var.settings.max_pods, null)
+  zones                   = try(var.settings.zones, null)
+  node_labels             = try(var.settings.node_labels, null)
+  node_taints             = try(var.settings.node_taints, null)
+  os_disk_type            = try(var.settings.os_disk_type, null)
+  os_disk_size_gb         = try(var.settings.os_disk_size_gb, null)
+  os_sku                  = try(var.settings.os_sku, "Ubuntu")
+  pod_subnet_id           = try(var.settings.pod_subnet_id, null)
+  vnet_subnet_id          = try(local.vnet_subnet_id, null)
+  os_type                 = try(var.settings.os_type, null)
+  ultra_ssd_enabled       = try(var.settings.ultra_ssd_enabled, false)
+  tags                    = local.tags
+  fips_enabled            = try(var.settings.fips_enabled, false)
+  host_encryption_enabled = try(var.settings.host_encryption_enabled, false)
+  kubelet_disk_type       = try(var.settings.kubelet_disk_type, "OS")
   node_public_ip_enabled  = try(var.settings.node_public_ip_enabled, false)
-  orchestrator_version =   try(var.settings.orchestrator_version, null)   
+  orchestrator_version    = try(var.settings.orchestrator_version, null)
 }
diff --git a/src/modules/keyvault/_variables.tf b/src/modules/keyvault/_variables.tf
@@ -6,14 +6,6 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
-
-
 variable "resources" {
-  type = object({
-    resource_groups    = map(any)
-    virtual_networks   = map(any)
-    managed_identities = map(any)
-    private_dns_zones  = map(any)
-  })
   description = "All required resources"
 }
diff --git a/src/modules/keyvault/access_policies.tf b/src/modules/keyvault/access_policies.tf
@@ -1,12 +1,12 @@
 module "initial_policy" {
   source          = "./keyvault_access_policy"
   for_each        = try(var.settings.access_policies, {})
-
   settings        = var.settings
+  global_settings = var.global_settings
+
   keyvault_id     = azurerm_key_vault.main.id
   access_policies = each.value
-  policy_name =     each.key
-  global_settings = var.global_settings
+  policy_name     = each.key
+
   resources = var.resources
 }
-
diff --git a/src/modules/keyvault/keyvault.tf b/src/modules/keyvault/keyvault.tf
@@ -3,14 +3,14 @@ resource "azurerm_key_vault" "main" {
   resource_group_name = local.resource_group_name
   location            = local.location
   tags                = local.tags
+  tenant_id           = var.global_settings.tenant_id
 
-  tenant_id = var.global_settings.tenant_id
-  sku_name  = try(var.settings.sku_name, "standard")
-
+  sku_name                    = try(var.settings.sku_name, "standard")
   enabled_for_disk_encryption = try(var.settings.enabled_for_disk_encryption, null)
   soft_delete_retention_days  = try(var.settings.soft_delete_retention_days, null)
   purge_protection_enabled    = try(var.settings.purge_protection_enabled, null)
   enable_rbac_authorization   = try(var.settings.enable_rbac_authorization, false)
+
   public_network_access_enabled = try(var.settings.public_network_access_enabled, false)
 
   network_acls {

diff --git a/src/modules/keyvault/keyvault_access_policy/_locals.tf b/src/modules/keyvault/keyvault_access_policy/_locals.tf
@@ -50,6 +50,6 @@ locals {
 
 
 locals {
-  debug_settings = var.settings
+  debug_settings    = var.settings
   has_logged_in_key = contains(keys(var.settings), "managed_identity")
 }