From 24741b69027b3306ef22fa2b4af67f56b71ebb73 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 16 Jan 2025 15:26:15 +0200 Subject: [PATCH 01/36] Add blank acr tfs --- src/modules/acr/_variables.tf | 0 src/modules/acr/acr.tf | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/modules/acr/_variables.tf create mode 100644 src/modules/acr/acr.tf diff --git a/src/modules/acr/_variables.tf b/src/modules/acr/_variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/src/modules/acr/acr.tf b/src/modules/acr/acr.tf new file mode 100644 index 00000000..e69de29b From feb9b171814a948fbad8b6aa2c4e4f251b2c37c6 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 16 Jan 2025 17:27:12 +0200 Subject: [PATCH 02/36] Add container registries module --- src/_variables.resources.tf | 2 ++ src/container_registries.tf | 12 ++++++++++++ src/modules/acr/_variables.tf | 0 src/modules/acr/acr.tf | 0 src/modules/container_registries/_locals.tf | 11 +++++++++++ .../container_registries/_variables.tf | 15 +++++++++++++++ .../container_registries.tf | 19 +++++++++++++++++++ 7 files changed, 59 insertions(+) create mode 100644 src/container_registries.tf delete mode 100644 src/modules/acr/_variables.tf delete mode 100644 src/modules/acr/acr.tf create mode 100644 src/modules/container_registries/_locals.tf create mode 100644 src/modules/container_registries/_variables.tf create mode 100644 src/modules/container_registries/container_registries.tf diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index a8ba337b..ba8fb59f 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -13,3 +13,5 @@ variable "virtual_network_gateways" { default = {} } variable "public_ips" { default = {} } variable "storage_accounts" { default = {} } + +variable "container_registries" { default = {} } diff --git a/src/container_registries.tf b/src/container_registries.tf new file mode 100644 index 00000000..f708a8d3 --- /dev/null +++ b/src/container_registries.tf @@ -0,0 +1,12 @@ +module "container_registries" { + source = "./modules/container_registries" + for_each = var.container_registries + + settings = each.value + global_settings = var.global_settings + + resources = { + resource_groups = module.resource_groups + # virtual_networks = module.virtual_networks + } +} diff --git a/src/modules/acr/_variables.tf b/src/modules/acr/_variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/src/modules/acr/acr.tf b/src/modules/acr/acr.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf new file mode 100644 index 00000000..b6c4756f --- /dev/null +++ b/src/modules/container_registries/_locals.tf @@ -0,0 +1,11 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/container_registries/_variables.tf b/src/modules/container_registries/_variables.tf new file mode 100644 index 00000000..51ff19dd --- /dev/null +++ b/src/modules/container_registries/_variables.tf @@ -0,0 +1,15 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for a azure container registry" +} + +variable "resources" { + type = object({ + resource_groups = map(any) + # virtual_networks = map(any) + }) + description = "All required resources" +} diff --git a/src/modules/container_registries/container_registries.tf b/src/modules/container_registries/container_registries.tf new file mode 100644 index 00000000..a09623a1 --- /dev/null +++ b/src/modules/container_registries/container_registries.tf @@ -0,0 +1,19 @@ +resource "azurerm_container_registry" "main" { + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + tags = local.tags + sku = var.settings.sku + + admin_enabled = try(var.settings.admin_enabled, false) + + dynamic "georeplications" { + for_each = var.settings.georeplications + + content { + location = georeplications.value.name + zone_redundancy_enabled = try(georeplications.value.zone_redundancy_enabled, false) + tags = try(georeplications.value.tags, null) + } + } +} From 9b1276986641d19978bb24492c8d5afaff2810dd Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 16 Jan 2025 17:37:11 +0200 Subject: [PATCH 03/36] Add ID in outputs.tf --- src/modules/container_registries/_outputs.tf | 3 +++ src/modules/container_registries/container_registries.tf | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 src/modules/container_registries/_outputs.tf diff --git a/src/modules/container_registries/_outputs.tf b/src/modules/container_registries/_outputs.tf new file mode 100644 index 00000000..ffcc4613 --- /dev/null +++ b/src/modules/container_registries/_outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_container_registry.main.id +} diff --git a/src/modules/container_registries/container_registries.tf b/src/modules/container_registries/container_registries.tf index a09623a1..3d3ff8f5 100644 --- a/src/modules/container_registries/container_registries.tf +++ b/src/modules/container_registries/container_registries.tf @@ -5,7 +5,8 @@ resource "azurerm_container_registry" "main" { tags = local.tags sku = var.settings.sku - admin_enabled = try(var.settings.admin_enabled, false) + public_network_access_enabled = try(var.settings.public_network_access_enabled, false) + admin_enabled = try(var.settings.admin_enabled, false) dynamic "georeplications" { for_each = var.settings.georeplications From 38338dd7404a46e073eec2c4d23af86717f04127 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 16 Jan 2025 17:41:42 +0200 Subject: [PATCH 04/36] Change georeplications location value --- src/modules/container_registries/container_registries.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/container_registries/container_registries.tf b/src/modules/container_registries/container_registries.tf index 3d3ff8f5..9a286510 100644 --- a/src/modules/container_registries/container_registries.tf +++ b/src/modules/container_registries/container_registries.tf @@ -12,7 +12,7 @@ resource "azurerm_container_registry" "main" { for_each = var.settings.georeplications content { - location = georeplications.value.name + location = georeplications.value.location zone_redundancy_enabled = try(georeplications.value.zone_redundancy_enabled, false) tags = try(georeplications.value.tags, null) } From 775dac0d6da4277196055bff029af5963538ef2b Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 10:35:24 +0200 Subject: [PATCH 05/36] Add private endpoint for container registry --- src/container_registries.tf | 4 ++-- src/modules/container_registries/_locals.tf | 6 ++++++ .../container_registries/_variables.tf | 4 ++-- .../container_registries/private_endpoint.tf | 19 +++++++++++++++++++ 4 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 src/modules/container_registries/private_endpoint.tf diff --git a/src/container_registries.tf b/src/container_registries.tf index f708a8d3..ea12bf25 100644 --- a/src/container_registries.tf +++ b/src/container_registries.tf @@ -6,7 +6,7 @@ module "container_registries" { global_settings = var.global_settings resources = { - resource_groups = module.resource_groups - # virtual_networks = module.virtual_networks + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks } } diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index b6c4756f..2abc9728 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -3,6 +3,12 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location + subnet_id = [ + for private_endpoint, config in try(var.settings.private_endpoints, {}) : ( + var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id + ) + ] + tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, diff --git a/src/modules/container_registries/_variables.tf b/src/modules/container_registries/_variables.tf index 51ff19dd..c07a6dce 100644 --- a/src/modules/container_registries/_variables.tf +++ b/src/modules/container_registries/_variables.tf @@ -8,8 +8,8 @@ variable "settings" { variable "resources" { type = object({ - resource_groups = map(any) - # virtual_networks = map(any) + resource_groups = map(any) + virtual_networks = map(any) }) description = "All required resources" } diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf new file mode 100644 index 00000000..fe96a586 --- /dev/null +++ b/src/modules/container_registries/private_endpoint.tf @@ -0,0 +1,19 @@ +resource "azurerm_private_endpoint" "example" { + for_each = try(var.settings.private_endpoints, {}) + + name = each.value.name + resource_group_name = local.resource_group_name + location = local.location + subnet_id = local.subnet_id + + tags = local.tags + + private_service_connection { + name = var.settings.private_service_connection.name + private_connection_resource_id = var.settings.private_service_connection.azurerm_container_registry.main.id + + is_manual_connection = try(var.settings.private_service_connection.is_manual_connection, false) + private_connection_resource_alias = try(var.settings.private_service_connection.private_connection_resource_alias, null) + subresource_names = try(var.settings.private_service_connection.subresource_names, null) + } +} From 2cb787f2953e30aa005c4153e73b2079c8dd3fb3 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 10:41:18 +0200 Subject: [PATCH 06/36] Refactor private_connection_resource_id value --- src/modules/container_registries/private_endpoint.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index fe96a586..cb442255 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -10,7 +10,7 @@ resource "azurerm_private_endpoint" "example" { private_service_connection { name = var.settings.private_service_connection.name - private_connection_resource_id = var.settings.private_service_connection.azurerm_container_registry.main.id + private_connection_resource_id = azurerm_container_registry.main.id is_manual_connection = try(var.settings.private_service_connection.is_manual_connection, false) private_connection_resource_alias = try(var.settings.private_service_connection.private_connection_resource_alias, null) From 5bb89cc86515d77ab5a2d95a5444ed57b6f41aee Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 10:52:05 +0200 Subject: [PATCH 07/36] Refactor subnet id --- src/modules/container_registries/_locals.tf | 2 ++ src/modules/container_registries/private_endpoint.tf | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index 2abc9728..0c8467af 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -9,6 +9,8 @@ locals { ) ] + # subnet_id = var.settings.private_endpoints.var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id + tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index cb442255..41660693 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -1,10 +1,10 @@ -resource "azurerm_private_endpoint" "example" { +resource "azurerm_private_endpoint" "main" { for_each = try(var.settings.private_endpoints, {}) name = each.value.name resource_group_name = local.resource_group_name location = local.location - subnet_id = local.subnet_id + subnet_id = each.value tags = local.tags From a14d009d9dd7f6fe8f3da1a9ee2556106c6cc570 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 11:20:39 +0200 Subject: [PATCH 08/36] Refactor subnet_id --- src/modules/container_registries/_locals.tf | 12 ++++++------ src/modules/container_registries/private_endpoint.tf | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index 0c8467af..32f4c0c9 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -3,13 +3,13 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location - subnet_id = [ - for private_endpoint, config in try(var.settings.private_endpoints, {}) : ( - var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id - ) - ] + # subnet_id = [ + # for private_endpoint, config in try(var.settings.private_endpoints, {}) : ( + # var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id + # ) + # ] - # subnet_id = var.settings.private_endpoints.var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id + subnet_id = each.value.var.settings.private_endpoints.var.resources.virtual_networks[split("/", subnet_ref)[0]].subnets[split("/", subnet_ref)[1]].id tags = merge( var.global_settings.tags, diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index 41660693..22a2562f 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -4,7 +4,7 @@ resource "azurerm_private_endpoint" "main" { name = each.value.name resource_group_name = local.resource_group_name location = local.location - subnet_id = each.value + subnet_id = local.subnet_id tags = local.tags From 16cc9559d672f9da3e9a88d6f895ad4aaa0e92a4 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 11:32:29 +0200 Subject: [PATCH 09/36] Refactor subnet id locals --- src/modules/container_registries/_locals.tf | 2 +- src/modules/container_registries/private_endpoint.tf | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index 32f4c0c9..b976aee9 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -9,7 +9,7 @@ locals { # ) # ] - subnet_id = each.value.var.settings.private_endpoints.var.resources.virtual_networks[split("/", subnet_ref)[0]].subnets[split("/", subnet_ref)[1]].id + subnet_id = var.settings.private_endpoint.var.resources.virtual_networks[split("/", subnet_ref)[0]].subnets[split("/", subnet_ref)[1]].id tags = merge( var.global_settings.tags, diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index 22a2562f..6501710f 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -1,7 +1,5 @@ resource "azurerm_private_endpoint" "main" { - for_each = try(var.settings.private_endpoints, {}) - - name = each.value.name + name = var.settings.private_endpoint.name resource_group_name = local.resource_group_name location = local.location subnet_id = local.subnet_id @@ -9,11 +7,11 @@ resource "azurerm_private_endpoint" "main" { tags = local.tags private_service_connection { - name = var.settings.private_service_connection.name + name = var.settings.private_endpoint.private_service_connection.name private_connection_resource_id = azurerm_container_registry.main.id - is_manual_connection = try(var.settings.private_service_connection.is_manual_connection, false) - private_connection_resource_alias = try(var.settings.private_service_connection.private_connection_resource_alias, null) - subresource_names = try(var.settings.private_service_connection.subresource_names, null) + is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false) + private_connection_resource_alias = try(var.settings.private_endpoint.private_service_connection.private_connection_resource_alias, null) + subresource_names = try(var.settings.private_endpoint.private_service_connection.subresource_names, null) } } From 54ab05442909423baac180b53199fbc41eeb46b1 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 11:40:21 +0200 Subject: [PATCH 10/36] Refactor locals --- src/modules/container_registries/_locals.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index b976aee9..faff071a 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -9,7 +9,13 @@ locals { # ) # ] - subnet_id = var.settings.private_endpoint.var.resources.virtual_networks[split("/", subnet_ref)[0]].subnets[split("/", subnet_ref)[1]].id + # subnet_id = var.settings.private_endpoint.var.resources.virtual_networks[split("/", subnet_ref)[0]].subnets[split("/", subnet_ref)[1]].id + + subnet_id = var.resources.virtual_networks[ + split("/", var.settings.private_endpoint.subnet_ref)[0] + ].subnets[ + split("/", var.settings.private_endpoint.subnet_ref)[1] + ].id tags = merge( var.global_settings.tags, From 1f14b6497c2e5096a6094288fc9aad89f8060e27 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 17 Jan 2025 11:51:33 +0200 Subject: [PATCH 11/36] Add example for container registries --- examples/container_registries.tfvars | 56 +++++++++++++++++++++ src/modules/container_registries/_locals.tf | 8 --- 2 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 examples/container_registries.tfvars diff --git a/examples/container_registries.tfvars b/examples/container_registries.tfvars new file mode 100644 index 00000000..3eacdfa8 --- /dev/null +++ b/examples/container_registries.tfvars @@ -0,0 +1,56 @@ +container_registries = { + acr_test_1 = { + resource_group_ref = "rg_test" + name = "acrtestdevne01" + sku = "Premium" + + georeplications = { + georeplication_test_1 = { + location = "West Europe" + zone_redundancy_enabled = true + tags = { Owner = "prod" } + } + georeplication_test_2 = { + location = "East US" + zone_redundancy_enabled = true + } + } + + private_endpoint = { + name = "test-endpoint" + subnet_ref = "vnet_test/snet_private_endpoint_1" + private_service_connection = { + name = "test-privateserviceconnection" + is_manual_connection = true + } + } + } +} + +# pre-requisites +resource_groups = { + rg_test = { + name = "rg-test-dv-ne-01" + location = "northeurope" + } +} + +virtual_networks = { + vnet_test = { + name = "vnet-test-dv-ne-01" + resource_group_ref = "rg_test" + cidr = ["10.10.10.0/24"] + subnets = { + snet_private_endpoint_1 = { + name = "snet-private-endpoint_1" + cidr = ["10.10.10.0/25"] + service_endpoints = ["Microsoft.ContainerRegistry"] + } + snet_private_endpoint_2 = { + name = "snet-private-endpoint_2" + cidr = ["10.10.10.128/25"] + service_endpoints = ["Microsoft.ContainerRegistry"] + } + } + } +} diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index faff071a..4eefa4a6 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -3,14 +3,6 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location - # subnet_id = [ - # for private_endpoint, config in try(var.settings.private_endpoints, {}) : ( - # var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id - # ) - # ] - - # subnet_id = var.settings.private_endpoint.var.resources.virtual_networks[split("/", subnet_ref)[0]].subnets[split("/", subnet_ref)[1]].id - subnet_id = var.resources.virtual_networks[ split("/", var.settings.private_endpoint.subnet_ref)[0] ].subnets[ From 908040cea574859eff156ea1563928234e6733db Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 13:26:54 +0200 Subject: [PATCH 12/36] Add private dns zone module for the ACR mdoule --- src/_variables.resources.tf | 14 +----- src/container_registries.tf | 5 +- src/main.tf | 12 ----- .../local_network_gateway/_locals.tf | 12 ----- .../local_network_gateway/_outputs.tf | 3 -- .../local_network_gateway/_variables.tf | 14 ------ .../local_network_gateway.tf | 9 ---- .../_networking/private_dns_zone/_locals.tf | 30 ++++++++++++ .../_networking/private_dns_zone/_outputs.tf | 3 ++ .../_variables.tf | 1 - .../private_dns_zone/private_dns_vnet_link.tf | 7 +++ .../private_dns_zone_group.tf | 5 ++ src/modules/_networking/public_ip/_locals.tf | 12 ----- src/modules/_networking/public_ip/_outputs.tf | 7 --- .../_networking/public_ip/_variables.tf | 14 ------ src/modules/_networking/public_ip/main.tf | 7 --- .../virtual_network_gateway/_locals.tf | 12 ----- .../virtual_network_gateway/_outputs.tf | 3 -- .../virtual_network_gateway/main.tf | 25 ---------- .../_networking/vnet_peering/_locals.tf | 9 ---- .../_networking/vnet_peering/_outputs.tf | 6 --- .../_networking/vnet_peering/_variables.tf | 18 -------- src/modules/_networking/vnet_peering/main.tf | 17 ------- src/modules/container_registries/_locals.tf | 4 ++ .../container_registries/private_endpoint.tf | 12 +++-- src/modules/managed_identity/_locals.tf | 12 ----- src/modules/managed_identity/_variables.tf | 14 ------ src/modules/managed_identity/main.tf | 5 -- src/modules/storage_account/_locals.tf | 17 ------- src/modules/storage_account/_outputs.tf | 10 ---- src/modules/storage_account/_variables.tf | 15 ------ .../storage_account/storage_account.tf | 34 -------------- .../storage_account/storage_container.tf | 8 ---- src/networking.tf | 46 ++----------------- src/storage_account.tf | 12 ----- 35 files changed, 66 insertions(+), 368 deletions(-) delete mode 100644 src/modules/_networking/local_network_gateway/_locals.tf delete mode 100644 src/modules/_networking/local_network_gateway/_outputs.tf delete mode 100644 src/modules/_networking/local_network_gateway/_variables.tf delete mode 100644 src/modules/_networking/local_network_gateway/local_network_gateway.tf create mode 100644 src/modules/_networking/private_dns_zone/_locals.tf create mode 100644 src/modules/_networking/private_dns_zone/_outputs.tf rename src/modules/_networking/{virtual_network_gateway => private_dns_zone}/_variables.tf (90%) create mode 100644 src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf create mode 100644 src/modules/_networking/private_dns_zone/private_dns_zone_group.tf delete mode 100644 src/modules/_networking/public_ip/_locals.tf delete mode 100644 src/modules/_networking/public_ip/_outputs.tf delete mode 100644 src/modules/_networking/public_ip/_variables.tf delete mode 100644 src/modules/_networking/public_ip/main.tf delete mode 100644 src/modules/_networking/virtual_network_gateway/_locals.tf delete mode 100644 src/modules/_networking/virtual_network_gateway/_outputs.tf delete mode 100644 src/modules/_networking/virtual_network_gateway/main.tf delete mode 100644 src/modules/_networking/vnet_peering/_locals.tf delete mode 100644 src/modules/_networking/vnet_peering/_outputs.tf delete mode 100644 src/modules/_networking/vnet_peering/_variables.tf delete mode 100644 src/modules/_networking/vnet_peering/main.tf delete mode 100644 src/modules/managed_identity/_locals.tf delete mode 100644 src/modules/managed_identity/_variables.tf delete mode 100644 src/modules/managed_identity/main.tf delete mode 100644 src/modules/storage_account/_locals.tf delete mode 100644 src/modules/storage_account/_outputs.tf delete mode 100644 src/modules/storage_account/_variables.tf delete mode 100644 src/modules/storage_account/storage_account.tf delete mode 100644 src/modules/storage_account/storage_container.tf delete mode 100644 src/storage_account.tf diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index ba8fb59f..e88f1860 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -1,17 +1,7 @@ variable "resource_groups" { default = {} } -variable "managed_identities" { default = {} } - variable "virtual_networks" { default = {} } -variable "vnet_peerings" { default = {} } - -variable "local_network_gateways" { default = {} } - -variable "virtual_network_gateways" { default = {} } - -variable "public_ips" { default = {} } - -variable "storage_accounts" { default = {} } - variable "container_registries" { default = {} } + +variable "private_dns_zones" { default = {} } diff --git a/src/container_registries.tf b/src/container_registries.tf index ea12bf25..67348fe5 100644 --- a/src/container_registries.tf +++ b/src/container_registries.tf @@ -6,7 +6,8 @@ module "container_registries" { global_settings = var.global_settings resources = { - resource_groups = module.resource_groups - virtual_networks = module.virtual_networks + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + private_dns_zones = module.private_dns_zones } } diff --git a/src/main.tf b/src/main.tf index f70c5648..9031a045 100644 --- a/src/main.tf +++ b/src/main.tf @@ -5,15 +5,3 @@ module "resource_groups" { settings = each.value global_settings = var.global_settings } - -module "managed_identities" { - source = "./modules/managed_identity" - for_each = var.managed_identities - - settings = each.value - global_settings = var.global_settings - - resources = { - resource_groups = module.resource_groups - } -} diff --git a/src/modules/_networking/local_network_gateway/_locals.tf b/src/modules/_networking/local_network_gateway/_locals.tf deleted file mode 100644 index 687c6aaa..00000000 --- a/src/modules/_networking/local_network_gateway/_locals.tf +++ /dev/null @@ -1,12 +0,0 @@ -locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] - - resource_group_name = local.resource_group.name - location = local.resource_group.location - - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) -} diff --git a/src/modules/_networking/local_network_gateway/_outputs.tf b/src/modules/_networking/local_network_gateway/_outputs.tf deleted file mode 100644 index a497d716..00000000 --- a/src/modules/_networking/local_network_gateway/_outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "id" { - value = azurerm_local_network_gateway.main.id -} diff --git a/src/modules/_networking/local_network_gateway/_variables.tf b/src/modules/_networking/local_network_gateway/_variables.tf deleted file mode 100644 index 315edc56..00000000 --- a/src/modules/_networking/local_network_gateway/_variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "global_settings" { - description = "Global settings for tinycaf" -} - -variable "settings" { - description = "All the configuration for this resource" -} - -variable "resources" { - type = object({ - resource_groups = map(any) - }) - description = "All required resources" -} diff --git a/src/modules/_networking/local_network_gateway/local_network_gateway.tf b/src/modules/_networking/local_network_gateway/local_network_gateway.tf deleted file mode 100644 index e956bc66..00000000 --- a/src/modules/_networking/local_network_gateway/local_network_gateway.tf +++ /dev/null @@ -1,9 +0,0 @@ -resource "azurerm_local_network_gateway" "main" { - name = var.settings.name - location = local.location - resource_group_name = local.resource_group_name - address_space = var.settings.cidr - - gateway_address = try(var.settings.gateway_address, null) - gateway_fqdn = try(var.settings.gateway_fqdn, null) -} diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf new file mode 100644 index 00000000..e448ae87 --- /dev/null +++ b/src/modules/_networking/private_dns_zone/_locals.tf @@ -0,0 +1,30 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) + vnet_ids = { + for vnet in var.settings.vnet_ref : + vnet => { + name = var.resources.virtual_networks[vnet].name + id = var.resources.virtual_networks[vnet].id + } + } +} +locals { + # local object used to map possible private dns zoone names + zone_names = { + "storage_blob" = "privatelink.blob.core.windows.net" + "storage_tables" = "privatelink.table.core.windows.net" + "storage_queues" = "privatelink.queue.core.windows.net" + "storage_files" = "privatelink.file.core.windows.net" + "function_apps" = "privatelink.azurewebsites.net" + "keyvaults" = "privatelink.vaultcore.azure.net" + "container_registries" = "privatelink.azurecr.io" + } +} diff --git a/src/modules/_networking/private_dns_zone/_outputs.tf b/src/modules/_networking/private_dns_zone/_outputs.tf new file mode 100644 index 00000000..0d4f3d12 --- /dev/null +++ b/src/modules/_networking/private_dns_zone/_outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_private_dns_zone.main.id +} diff --git a/src/modules/_networking/virtual_network_gateway/_variables.tf b/src/modules/_networking/private_dns_zone/_variables.tf similarity index 90% rename from src/modules/_networking/virtual_network_gateway/_variables.tf rename to src/modules/_networking/private_dns_zone/_variables.tf index 8cf17357..4ee12d7c 100644 --- a/src/modules/_networking/virtual_network_gateway/_variables.tf +++ b/src/modules/_networking/private_dns_zone/_variables.tf @@ -10,7 +10,6 @@ variable "resources" { type = object({ resource_groups = map(any) virtual_networks = map(any) - public_ips = map(any) }) description = "All required resources" } diff --git a/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf new file mode 100644 index 00000000..08444fe8 --- /dev/null +++ b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf @@ -0,0 +1,7 @@ +resource "azurerm_private_dns_zone_virtual_network_link" "main" { + for_each = local.vnet_ids + name = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link" + private_dns_zone_name = azurerm_private_dns_zone.main.name + resource_group_name = azurerm_private_dns_zone.main.resource_group_name + virtual_network_id = each.value.id +} diff --git a/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf new file mode 100644 index 00000000..69fc0fb5 --- /dev/null +++ b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf @@ -0,0 +1,5 @@ +resource "azurerm_private_dns_zone" "main" { + name = try(local.zone_names[var.settings.resource_kind], var.settings.name) + resource_group_name = local.resource_group_name + tags = try(local.tags, null) +} diff --git a/src/modules/_networking/public_ip/_locals.tf b/src/modules/_networking/public_ip/_locals.tf deleted file mode 100644 index 687c6aaa..00000000 --- a/src/modules/_networking/public_ip/_locals.tf +++ /dev/null @@ -1,12 +0,0 @@ -locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] - - resource_group_name = local.resource_group.name - location = local.resource_group.location - - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) -} diff --git a/src/modules/_networking/public_ip/_outputs.tf b/src/modules/_networking/public_ip/_outputs.tf deleted file mode 100644 index 1ea5d765..00000000 --- a/src/modules/_networking/public_ip/_outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "id" { - value = azurerm_public_ip.main.id -} - -output "ip_address" { - value = azurerm_public_ip.main.ip_address -} diff --git a/src/modules/_networking/public_ip/_variables.tf b/src/modules/_networking/public_ip/_variables.tf deleted file mode 100644 index 315edc56..00000000 --- a/src/modules/_networking/public_ip/_variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "global_settings" { - description = "Global settings for tinycaf" -} - -variable "settings" { - description = "All the configuration for this resource" -} - -variable "resources" { - type = object({ - resource_groups = map(any) - }) - description = "All required resources" -} diff --git a/src/modules/_networking/public_ip/main.tf b/src/modules/_networking/public_ip/main.tf deleted file mode 100644 index 753d0e8b..00000000 --- a/src/modules/_networking/public_ip/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "azurerm_public_ip" "main" { - name = var.settings.name - resource_group_name = local.resource_group_name - location = local.location - allocation_method = try(var.settings.allocation_method, "Static") - tags = local.tags -} diff --git a/src/modules/_networking/virtual_network_gateway/_locals.tf b/src/modules/_networking/virtual_network_gateway/_locals.tf deleted file mode 100644 index 687c6aaa..00000000 --- a/src/modules/_networking/virtual_network_gateway/_locals.tf +++ /dev/null @@ -1,12 +0,0 @@ -locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] - - resource_group_name = local.resource_group.name - location = local.resource_group.location - - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) -} diff --git a/src/modules/_networking/virtual_network_gateway/_outputs.tf b/src/modules/_networking/virtual_network_gateway/_outputs.tf deleted file mode 100644 index be756085..00000000 --- a/src/modules/_networking/virtual_network_gateway/_outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "id" { - value = azurerm_virtual_network_gateway.main.id -} diff --git a/src/modules/_networking/virtual_network_gateway/main.tf b/src/modules/_networking/virtual_network_gateway/main.tf deleted file mode 100644 index d371a671..00000000 --- a/src/modules/_networking/virtual_network_gateway/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -resource "azurerm_virtual_network_gateway" "main" { - name = var.settings.name - resource_group_name = local.resource_group_name - location = local.location - tags = local.tags - - sku = var.settings.sku - type = try(var.settings.type, "Vpn") - - generation = try(var.settings.generation, null) - vpn_type = try(var.settings.vpn_type, null) - active_active = try(var.settings.active_active, null) - enable_bgp = try(var.settings.enable_bgp, null) - - dynamic "ip_configuration" { - for_each = var.settings.ip_configurations - - content { - name = ip_configuration.value.name - private_ip_address_allocation = try(ip_configuration.value.private_ip_address_allocation, null) - public_ip_address_id = var.resources.public_ips[ip_configuration.value.public_ip_address_ref].id - subnet_id = var.resources.virtual_networks[split("/", ip_configuration.value.subnet_ref)[0]].subnets[split("/", ip_configuration.value.subnet_ref)[1]].id - } - } -} diff --git a/src/modules/_networking/vnet_peering/_locals.tf b/src/modules/_networking/vnet_peering/_locals.tf deleted file mode 100644 index 92ffed7c..00000000 --- a/src/modules/_networking/vnet_peering/_locals.tf +++ /dev/null @@ -1,9 +0,0 @@ -locals { - vnet_left = var.resources.virtual_networks[var.settings.vnet_left_ref] - vnet_right = var.resources.virtual_networks[var.settings.vnet_right_ref] - - direction = try(var.settings.direction, "<->") - - peer_left_to_right = endswith(local.direction, "->") - peer_right_to_left = startswith(local.direction, "<-") -} diff --git a/src/modules/_networking/vnet_peering/_outputs.tf b/src/modules/_networking/vnet_peering/_outputs.tf deleted file mode 100644 index c7505a22..00000000 --- a/src/modules/_networking/vnet_peering/_outputs.tf +++ /dev/null @@ -1,6 +0,0 @@ -output "id" { - value = { - "left_to_right" = local.peer_left_to_right ? azurerm_virtual_network_peering.left_to_right[0].id : null - "right_to_left" = local.peer_right_to_left ? azurerm_virtual_network_peering.right_to_left[0].id : null - } -} diff --git a/src/modules/_networking/vnet_peering/_variables.tf b/src/modules/_networking/vnet_peering/_variables.tf deleted file mode 100644 index cc077015..00000000 --- a/src/modules/_networking/vnet_peering/_variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "global_settings" { - description = "Global settings for tinycaf" -} - -variable "settings" { - description = "All the configuration for this resource" - validation { - condition = contains(["<-", "->", "<->"], try(var.settings.direction, "<->")) - error_message = "Allowed values for direction are '<-', '->', or '<->'. Defaults to '<->' if not set." - } -} - -variable "resources" { - type = object({ - virtual_networks = map(any) - }) - description = "All required resources" -} diff --git a/src/modules/_networking/vnet_peering/main.tf b/src/modules/_networking/vnet_peering/main.tf deleted file mode 100644 index a8d4b025..00000000 --- a/src/modules/_networking/vnet_peering/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "azurerm_virtual_network_peering" "left_to_right" { - count = local.peer_left_to_right ? 1 : 0 - - name = "peering-${local.vnet_left.name}-to-${local.vnet_right.name}" - resource_group_name = local.vnet_left.resource_group_name - virtual_network_name = local.vnet_left.name - remote_virtual_network_id = local.vnet_right.id -} - -resource "azurerm_virtual_network_peering" "right_to_left" { - count = local.peer_right_to_left ? 1 : 0 - - name = "peering-${local.vnet_right.name}-to-${local.vnet_left.name}" - resource_group_name = local.vnet_right.resource_group_name - virtual_network_name = local.vnet_right.name - remote_virtual_network_id = local.vnet_left.id -} diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index 4eefa4a6..6337c62c 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -3,6 +3,10 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location + dns_zone_group = var.resources.private_dns_zones[var.settings.private_endpoint.private_dns_zone_group_ref] + dns_zone_group_name = dns_zone_group.name + private_dns_zone_ids = [dns_zone_group.name.id] + subnet_id = var.resources.virtual_networks[ split("/", var.settings.private_endpoint.subnet_ref)[0] ].subnets[ diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index 6501710f..03261464 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -7,11 +7,15 @@ resource "azurerm_private_endpoint" "main" { tags = local.tags private_service_connection { - name = var.settings.private_endpoint.private_service_connection.name - private_connection_resource_id = azurerm_container_registry.main.id - - is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false) + name = var.settings.private_endpoint.private_service_connection.name + private_connection_resource_id = azurerm_container_registry.main.id + is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, true) private_connection_resource_alias = try(var.settings.private_endpoint.private_service_connection.private_connection_resource_alias, null) subresource_names = try(var.settings.private_endpoint.private_service_connection.subresource_names, null) } + + private_dns_zone_group { + name = local.dns_zone_group_name + private_dns_zone_ids = local.private_dns_zone_ids + } } diff --git a/src/modules/managed_identity/_locals.tf b/src/modules/managed_identity/_locals.tf deleted file mode 100644 index 687c6aaa..00000000 --- a/src/modules/managed_identity/_locals.tf +++ /dev/null @@ -1,12 +0,0 @@ -locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] - - resource_group_name = local.resource_group.name - location = local.resource_group.location - - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) -} diff --git a/src/modules/managed_identity/_variables.tf b/src/modules/managed_identity/_variables.tf deleted file mode 100644 index 315edc56..00000000 --- a/src/modules/managed_identity/_variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "global_settings" { - description = "Global settings for tinycaf" -} - -variable "settings" { - description = "All the configuration for this resource" -} - -variable "resources" { - type = object({ - resource_groups = map(any) - }) - description = "All required resources" -} diff --git a/src/modules/managed_identity/main.tf b/src/modules/managed_identity/main.tf deleted file mode 100644 index 39654afe..00000000 --- a/src/modules/managed_identity/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "azurerm_user_assigned_identity" "main" { - name = var.settings.name - resource_group_name = local.resource_group_name - location = local.location -} diff --git a/src/modules/storage_account/_locals.tf b/src/modules/storage_account/_locals.tf deleted file mode 100644 index af37c82b..00000000 --- a/src/modules/storage_account/_locals.tf +++ /dev/null @@ -1,17 +0,0 @@ -locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] - resource_group_name = local.resource_group.name - location = local.resource_group.location - - subnet_ids = [ - for network_rule_ref, config in try(var.settings.network_rules.subnets, {}) : ( - var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id - ) - ] - - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) -} diff --git a/src/modules/storage_account/_outputs.tf b/src/modules/storage_account/_outputs.tf deleted file mode 100644 index 4761ad59..00000000 --- a/src/modules/storage_account/_outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -output "id" { - value = azurerm_storage_account.main.id -} - -output "containers" { - value = { - for container_ref, _ in try(var.settings.containers) : - container_ref => azurerm_storage_container.main[container_ref] - } -} diff --git a/src/modules/storage_account/_variables.tf b/src/modules/storage_account/_variables.tf deleted file mode 100644 index 4b379539..00000000 --- a/src/modules/storage_account/_variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "global_settings" { - description = "Global settings for tinycaf" -} - -variable "settings" { - description = "All the configuration for a storage account" -} - -variable "resources" { - type = object({ - resource_groups = map(any) - virtual_networks = map(any) - }) - description = "All required resources" -} diff --git a/src/modules/storage_account/storage_account.tf b/src/modules/storage_account/storage_account.tf deleted file mode 100644 index ef0fa1cd..00000000 --- a/src/modules/storage_account/storage_account.tf +++ /dev/null @@ -1,34 +0,0 @@ -resource "azurerm_storage_account" "main" { - name = var.settings.name - resource_group_name = local.resource_group_name - location = local.location - tags = local.tags - - account_kind = try(var.settings.account_kind, null) # defaults to StorageV2 - account_tier = try(var.settings.account_tier, "Standard") - account_replication_type = var.settings.account_replication_type - - cross_tenant_replication_enabled = try(var.settings.cross_tenant_replication_enabled, null) - large_file_share_enabled = try(var.settings.large_file_share_enabled, null) - infrastructure_encryption_enabled = try(var.settings.infrastructure_encryption_enabled, null) - - is_hns_enabled = try(var.settings.is_hns_enabled, null) - sftp_enabled = try(var.settings.sftp_enabled, null) - nfsv3_enabled = try(var.settings.nfsv3_enabled, null) - - # TODO: identity block - # TODO: blob properties block - # TODO: share_properties - # TODO: azure_files_authentication block - # TODO: routing block - # TODO: sas_policy block - - network_rules { - default_action = try(var.settings.network_rules.default_action, "Deny") - bypass = try(var.settings.network_rules.bypass, null) - ip_rules = try(var.settings.network_rules.allowed_ips, null) - virtual_network_subnet_ids = local.subnet_ids - - # TODO: private_link_access block - } -} diff --git a/src/modules/storage_account/storage_container.tf b/src/modules/storage_account/storage_container.tf deleted file mode 100644 index b490d093..00000000 --- a/src/modules/storage_account/storage_container.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "azurerm_storage_container" "main" { - for_each = try(var.settings.containers, {}) - - name = each.value.name - storage_account_id = azurerm_storage_account.main.id - - container_access_type = try(each.value.access_type, null) -} diff --git a/src/networking.tf b/src/networking.tf index bd9aadde..a72c6b47 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -10,52 +10,14 @@ module "virtual_networks" { } } -module "vnet_peerings" { - source = "./modules/_networking/vnet_peering" - for_each = var.vnet_peerings +module "private_dns_zones" { + source = "./modules/_networking/private_dns_zone" + for_each = var.private_dns_zones global_settings = var.global_settings settings = each.value - - resources = { - virtual_networks = module.virtual_networks - } -} - -module "public_ips" { - source = "./modules/_networking/public_ip" - for_each = var.public_ips - - global_settings = var.global_settings - settings = each.value - - resources = { - resource_groups = module.resource_groups - } -} - -module "virtual_network_gateways" { - source = "./modules/_networking/virtual_network_gateway" - for_each = var.virtual_network_gateways - - global_settings = var.global_settings - settings = each.value - resources = { - virtual_networks = module.virtual_networks - public_ips = module.public_ips resource_groups = module.resource_groups - } -} - -module "local_network_gateways" { - source = "./modules/_networking/local_network_gateway" - for_each = var.local_network_gateways - - global_settings = var.global_settings - settings = each.value - - resources = { - resource_groups = module.resource_groups + virtual_networks = module.virtual_networks } } diff --git a/src/storage_account.tf b/src/storage_account.tf deleted file mode 100644 index b595afc5..00000000 --- a/src/storage_account.tf +++ /dev/null @@ -1,12 +0,0 @@ -module "storage_accounts" { - source = "./modules/storage_account" - for_each = var.storage_accounts - - settings = each.value - global_settings = var.global_settings - - resources = { - resource_groups = module.resource_groups - virtual_networks = module.virtual_networks - } -} From 956f782a2fb172eaca5fbb2375003b69f7d59ff7 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 13:37:16 +0200 Subject: [PATCH 13/36] Remove resource variable --- src/modules/_networking/virtual_network/_variables.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/modules/_networking/virtual_network/_variables.tf b/src/modules/_networking/virtual_network/_variables.tf index 315edc56..6f1524d4 100644 --- a/src/modules/_networking/virtual_network/_variables.tf +++ b/src/modules/_networking/virtual_network/_variables.tf @@ -7,8 +7,5 @@ variable "settings" { } variable "resources" { - type = object({ - resource_groups = map(any) - }) description = "All required resources" } From 5032e350edf9aca52cb9f92f1f706d3cdf1fba60 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 13:43:36 +0200 Subject: [PATCH 14/36] Refactor locals --- src/modules/container_registries/_locals.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registries/_locals.tf index 6337c62c..f5ac4110 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registries/_locals.tf @@ -4,8 +4,8 @@ locals { location = local.resource_group.location dns_zone_group = var.resources.private_dns_zones[var.settings.private_endpoint.private_dns_zone_group_ref] - dns_zone_group_name = dns_zone_group.name - private_dns_zone_ids = [dns_zone_group.name.id] + dns_zone_group_name = local.dns_zone_group.name + private_dns_zone_ids = [local.dns_zone_group.id] subnet_id = var.resources.virtual_networks[ split("/", var.settings.private_endpoint.subnet_ref)[0] From cdac962680663077809335135a1239d8090df897 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 14:07:36 +0200 Subject: [PATCH 15/36] Remove resources from pDNS module --- src/modules/_networking/private_dns_zone/_variables.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/modules/_networking/private_dns_zone/_variables.tf b/src/modules/_networking/private_dns_zone/_variables.tf index 4ee12d7c..6f1524d4 100644 --- a/src/modules/_networking/private_dns_zone/_variables.tf +++ b/src/modules/_networking/private_dns_zone/_variables.tf @@ -7,9 +7,5 @@ variable "settings" { } variable "resources" { - type = object({ - resource_groups = map(any) - virtual_networks = map(any) - }) description = "All required resources" } From e9f9eab957b65322e330f6308ad6c54537860a00 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 14:11:43 +0200 Subject: [PATCH 16/36] Remove resources from variables in ACR module --- src/modules/container_registries/_variables.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/modules/container_registries/_variables.tf b/src/modules/container_registries/_variables.tf index c07a6dce..23af81a0 100644 --- a/src/modules/container_registries/_variables.tf +++ b/src/modules/container_registries/_variables.tf @@ -7,9 +7,5 @@ variable "settings" { } variable "resources" { - type = object({ - resource_groups = map(any) - virtual_networks = map(any) - }) description = "All required resources" } From 7f91eec81896dc8ffbcbd951def4cd7173b53440 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 14:16:05 +0200 Subject: [PATCH 17/36] Add pDNS name export --- src/modules/_networking/private_dns_zone/_outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/modules/_networking/private_dns_zone/_outputs.tf b/src/modules/_networking/private_dns_zone/_outputs.tf index 0d4f3d12..86b619a2 100644 --- a/src/modules/_networking/private_dns_zone/_outputs.tf +++ b/src/modules/_networking/private_dns_zone/_outputs.tf @@ -1,3 +1,7 @@ output "id" { value = azurerm_private_dns_zone.main.id } + +output "name" { + value = azurerm_private_dns_zone.main.name +} From c0c69cf193926347e19125ba3fb23ea3cbe19516 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 14:36:54 +0200 Subject: [PATCH 18/36] Change namings in privae endpoint --- src/modules/container_registries/private_endpoint.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index 03261464..c6335727 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -1,5 +1,5 @@ resource "azurerm_private_endpoint" "main" { - name = var.settings.private_endpoint.name + name = "pe-${var.settings.name}" resource_group_name = local.resource_group_name location = local.location subnet_id = local.subnet_id @@ -7,7 +7,7 @@ resource "azurerm_private_endpoint" "main" { tags = local.tags private_service_connection { - name = var.settings.private_endpoint.private_service_connection.name + name = "psc-${var.settings.name}" private_connection_resource_id = azurerm_container_registry.main.id is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, true) private_connection_resource_alias = try(var.settings.private_endpoint.private_service_connection.private_connection_resource_alias, null) From 4a57f76ae4fa621c766368cf804d6452e92de386 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Thu, 23 Jan 2025 16:51:30 +0200 Subject: [PATCH 19/36] Add example for container registrie --- examples/container_registries.tfvars | 17 ++++++++++++++--- .../container_registries/private_endpoint.tf | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/examples/container_registries.tfvars b/examples/container_registries.tfvars index 3eacdfa8..83675f07 100644 --- a/examples/container_registries.tfvars +++ b/examples/container_registries.tfvars @@ -17,12 +17,15 @@ container_registries = { } private_endpoint = { - name = "test-endpoint" + name = "pe-acrtestdevne01" subnet_ref = "vnet_test/snet_private_endpoint_1" + + # This block is needed only if you need name different than the default private_service_connection = { - name = "test-privateserviceconnection" - is_manual_connection = true + name = "test-privateserviceconnection" } + + private_dns_zone_group_ref = "container_registries" } } } @@ -35,6 +38,14 @@ resource_groups = { } } +private_dns_zones = { + container_registries = { + resource_kind = "container_registries" + resource_group_ref = "rg_test" + vnet_ref = ["vnet_test"] + } +} + virtual_networks = { vnet_test = { name = "vnet-test-dv-ne-01" diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registries/private_endpoint.tf index c6335727..35aee8ff 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registries/private_endpoint.tf @@ -7,7 +7,7 @@ resource "azurerm_private_endpoint" "main" { tags = local.tags private_service_connection { - name = "psc-${var.settings.name}" + name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") private_connection_resource_id = azurerm_container_registry.main.id is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, true) private_connection_resource_alias = try(var.settings.private_endpoint.private_service_connection.private_connection_resource_alias, null) From b02cc5c06cda0b035fa305715d3d14113f457ba4 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 11:04:54 +0200 Subject: [PATCH 20/36] Refactor code according to the PR's comments --- ...gistries.tfvars => container_registry.tfvars} | 2 +- src/_locals.tf | 8 ++++++++ src/_variables.resources.tf | 2 +- ...ainer_registries.tf => container_registry.tf} | 8 ++++---- .../_networking/private_dns_zone/_locals.tf | 16 +++++++++------- .../_locals.tf | 4 ++-- .../_outputs.tf | 0 .../_variables.tf | 0 .../container_registry.tf} | 0 .../private_endpoint.tf | 4 ++-- 10 files changed, 27 insertions(+), 17 deletions(-) rename examples/{container_registries.tfvars => container_registry.tfvars} (97%) create mode 100644 src/_locals.tf rename src/{container_registries.tf => container_registry.tf} (56%) rename src/modules/{container_registries => container_registry}/_locals.tf (91%) rename src/modules/{container_registries => container_registry}/_outputs.tf (100%) rename src/modules/{container_registries => container_registry}/_variables.tf (100%) rename src/modules/{container_registries/container_registries.tf => container_registry/container_registry.tf} (100%) rename src/modules/{container_registries => container_registry}/private_endpoint.tf (73%) diff --git a/examples/container_registries.tfvars b/examples/container_registry.tfvars similarity index 97% rename from examples/container_registries.tfvars rename to examples/container_registry.tfvars index 83675f07..89ef8ad4 100644 --- a/examples/container_registries.tfvars +++ b/examples/container_registry.tfvars @@ -11,7 +11,7 @@ container_registries = { tags = { Owner = "prod" } } georeplication_test_2 = { - location = "East US" + location = "Nort Europe" zone_redundancy_enabled = true } } diff --git a/src/_locals.tf b/src/_locals.tf new file mode 100644 index 00000000..d073b772 --- /dev/null +++ b/src/_locals.tf @@ -0,0 +1,8 @@ +locals { + global_settings = merge(var.global_settings, { + object_id = data.azurerm_client_config.current.object_id + subscription_id = data.azurerm_client_config.current.subscription_id + tenant_id = data.azurerm_client_config.current.tenant_id + client_id = data.azurerm_client_config.current.client_id + }) +} diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index e88f1860..58962886 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -2,6 +2,6 @@ variable "resource_groups" { default = {} } variable "virtual_networks" { default = {} } -variable "container_registries" { default = {} } +variable "container_registry" { default = {} } variable "private_dns_zones" { default = {} } diff --git a/src/container_registries.tf b/src/container_registry.tf similarity index 56% rename from src/container_registries.tf rename to src/container_registry.tf index 67348fe5..eb92cffd 100644 --- a/src/container_registries.tf +++ b/src/container_registry.tf @@ -1,9 +1,9 @@ -module "container_registries" { - source = "./modules/container_registries" - for_each = var.container_registries +module "container_registry" { + source = "./modules/container_registry" + for_each = var.container_registry settings = each.value - global_settings = var.global_settings + global_settings = local.global_settings resources = { resource_groups = module.resource_groups diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf index e448ae87..d5dd2830 100644 --- a/src/modules/_networking/private_dns_zone/_locals.tf +++ b/src/modules/_networking/private_dns_zone/_locals.tf @@ -1,13 +1,8 @@ locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] - + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] resource_group_name = local.resource_group.name location = local.resource_group.location - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) + vnet_ids = { for vnet in var.settings.vnet_ref : vnet => { @@ -15,7 +10,14 @@ locals { id = var.resources.virtual_networks[vnet].id } } + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) } + locals { # local object used to map possible private dns zoone names zone_names = { diff --git a/src/modules/container_registries/_locals.tf b/src/modules/container_registry/_locals.tf similarity index 91% rename from src/modules/container_registries/_locals.tf rename to src/modules/container_registry/_locals.tf index f5ac4110..2dd3c7fd 100644 --- a/src/modules/container_registries/_locals.tf +++ b/src/modules/container_registry/_locals.tf @@ -7,11 +7,11 @@ locals { dns_zone_group_name = local.dns_zone_group.name private_dns_zone_ids = [local.dns_zone_group.id] - subnet_id = var.resources.virtual_networks[ + subnet_id = try(var.resources.virtual_networks[ split("/", var.settings.private_endpoint.subnet_ref)[0] ].subnets[ split("/", var.settings.private_endpoint.subnet_ref)[1] - ].id + ].id, null) tags = merge( var.global_settings.tags, diff --git a/src/modules/container_registries/_outputs.tf b/src/modules/container_registry/_outputs.tf similarity index 100% rename from src/modules/container_registries/_outputs.tf rename to src/modules/container_registry/_outputs.tf diff --git a/src/modules/container_registries/_variables.tf b/src/modules/container_registry/_variables.tf similarity index 100% rename from src/modules/container_registries/_variables.tf rename to src/modules/container_registry/_variables.tf diff --git a/src/modules/container_registries/container_registries.tf b/src/modules/container_registry/container_registry.tf similarity index 100% rename from src/modules/container_registries/container_registries.tf rename to src/modules/container_registry/container_registry.tf diff --git a/src/modules/container_registries/private_endpoint.tf b/src/modules/container_registry/private_endpoint.tf similarity index 73% rename from src/modules/container_registries/private_endpoint.tf rename to src/modules/container_registry/private_endpoint.tf index 35aee8ff..a7f38a6d 100644 --- a/src/modules/container_registries/private_endpoint.tf +++ b/src/modules/container_registry/private_endpoint.tf @@ -10,8 +10,8 @@ resource "azurerm_private_endpoint" "main" { name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") private_connection_resource_id = azurerm_container_registry.main.id is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, true) - private_connection_resource_alias = try(var.settings.private_endpoint.private_service_connection.private_connection_resource_alias, null) - subresource_names = try(var.settings.private_endpoint.private_service_connection.subresource_names, null) + private_connection_resource_alias = var.settings.private_endpoint.private_service_connection.private_connection_resource_alias + subresource_names = var.settings.private_endpoint.private_service_connection.subresource_names } private_dns_zone_group { From a985bee00b09d77d68264a3f69d1bcc07bf9649c Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 11:17:11 +0200 Subject: [PATCH 21/36] Add resources to _variables.resources --- src/_variables.resources.tf | 8 ++++++++ src/networking.tf | 1 + 2 files changed, 9 insertions(+) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 56503c9d..0acc47bd 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -9,3 +9,11 @@ variable "private_dns_zones" { default = {} } variable "keyvaults" { default = {} } variable "storage_accounts" { default = {} } + +variable "managed_identities" { default = {} } + +variable "virtual_network_gateways" { default = {} } + +variable "public_ips" { default = {} } + +variable "local_network_gateways" { default = {} } diff --git a/src/networking.tf b/src/networking.tf index a19318b0..b4285d4a 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -19,6 +19,7 @@ module "private_dns_zones" { resources = { resource_groups = module.resource_groups virtual_networks = module.virtual_networks + } } module "virtual_network_gateways" { From 20141b416659fe96f3a891566f5421fe7bfc7fcd Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 11:30:47 +0200 Subject: [PATCH 22/36] Sync with main --- .../local_network_gateway/_locals.tf | 12 +++++++++ .../local_network_gateway/_outputs.tf | 3 +++ .../local_network_gateway/_variables.tf | 11 ++++++++ .../local_network_gateway.tf.tf | 9 +++++++ src/modules/_networking/public_ip/_locals.tf | 12 +++++++++ src/modules/_networking/public_ip/_outputs.tf | 7 ++++++ .../_networking/public_ip/_variables.tf | 11 ++++++++ src/modules/_networking/public_ip/main.tf | 8 ++++++ .../virtual_network_gateway/_locals.tf | 12 +++++++++ .../virtual_network_gateway/_outputs.tf | 3 +++ .../virtual_network_gateway/_variables.tf | 11 ++++++++ .../virtual_network_gateway/main.tf | 25 +++++++++++++++++++ .../_networking/vnet_peering/_locals.tf | 9 +++++++ .../_networking/vnet_peering/_outputs.tf | 6 +++++ .../_networking/vnet_peering/_variables.tf | 15 +++++++++++ src/modules/_networking/vnet_peering/main.tf | 17 +++++++++++++ 16 files changed, 171 insertions(+) create mode 100644 src/modules/_networking/local_network_gateway/_locals.tf create mode 100644 src/modules/_networking/local_network_gateway/_outputs.tf create mode 100644 src/modules/_networking/local_network_gateway/_variables.tf create mode 100644 src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf create mode 100644 src/modules/_networking/public_ip/_locals.tf create mode 100644 src/modules/_networking/public_ip/_outputs.tf create mode 100644 src/modules/_networking/public_ip/_variables.tf create mode 100644 src/modules/_networking/public_ip/main.tf create mode 100644 src/modules/_networking/virtual_network_gateway/_locals.tf create mode 100644 src/modules/_networking/virtual_network_gateway/_outputs.tf create mode 100644 src/modules/_networking/virtual_network_gateway/_variables.tf create mode 100644 src/modules/_networking/virtual_network_gateway/main.tf create mode 100644 src/modules/_networking/vnet_peering/_locals.tf create mode 100644 src/modules/_networking/vnet_peering/_outputs.tf create mode 100644 src/modules/_networking/vnet_peering/_variables.tf create mode 100644 src/modules/_networking/vnet_peering/main.tf diff --git a/src/modules/_networking/local_network_gateway/_locals.tf b/src/modules/_networking/local_network_gateway/_locals.tf new file mode 100644 index 00000000..687c6aaa --- /dev/null +++ b/src/modules/_networking/local_network_gateway/_locals.tf @@ -0,0 +1,12 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/_networking/local_network_gateway/_outputs.tf b/src/modules/_networking/local_network_gateway/_outputs.tf new file mode 100644 index 00000000..a497d716 --- /dev/null +++ b/src/modules/_networking/local_network_gateway/_outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_local_network_gateway.main.id +} diff --git a/src/modules/_networking/local_network_gateway/_variables.tf b/src/modules/_networking/local_network_gateway/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/_networking/local_network_gateway/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf b/src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf new file mode 100644 index 00000000..e956bc66 --- /dev/null +++ b/src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf @@ -0,0 +1,9 @@ +resource "azurerm_local_network_gateway" "main" { + name = var.settings.name + location = local.location + resource_group_name = local.resource_group_name + address_space = var.settings.cidr + + gateway_address = try(var.settings.gateway_address, null) + gateway_fqdn = try(var.settings.gateway_fqdn, null) +} diff --git a/src/modules/_networking/public_ip/_locals.tf b/src/modules/_networking/public_ip/_locals.tf new file mode 100644 index 00000000..687c6aaa --- /dev/null +++ b/src/modules/_networking/public_ip/_locals.tf @@ -0,0 +1,12 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/_networking/public_ip/_outputs.tf b/src/modules/_networking/public_ip/_outputs.tf new file mode 100644 index 00000000..1ea5d765 --- /dev/null +++ b/src/modules/_networking/public_ip/_outputs.tf @@ -0,0 +1,7 @@ +output "id" { + value = azurerm_public_ip.main.id +} + +output "ip_address" { + value = azurerm_public_ip.main.ip_address +} diff --git a/src/modules/_networking/public_ip/_variables.tf b/src/modules/_networking/public_ip/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/_networking/public_ip/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/_networking/public_ip/main.tf b/src/modules/_networking/public_ip/main.tf new file mode 100644 index 00000000..43fe1e55 --- /dev/null +++ b/src/modules/_networking/public_ip/main.tf @@ -0,0 +1,8 @@ +resource "azurerm_public_ip" "main" { + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + allocation_method = try(var.settings.allocation_method, "Static") + tags = local.tags + zones = try(var.settings.zones, null) +} diff --git a/src/modules/_networking/virtual_network_gateway/_locals.tf b/src/modules/_networking/virtual_network_gateway/_locals.tf new file mode 100644 index 00000000..687c6aaa --- /dev/null +++ b/src/modules/_networking/virtual_network_gateway/_locals.tf @@ -0,0 +1,12 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/_networking/virtual_network_gateway/_outputs.tf b/src/modules/_networking/virtual_network_gateway/_outputs.tf new file mode 100644 index 00000000..be756085 --- /dev/null +++ b/src/modules/_networking/virtual_network_gateway/_outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_virtual_network_gateway.main.id +} diff --git a/src/modules/_networking/virtual_network_gateway/_variables.tf b/src/modules/_networking/virtual_network_gateway/_variables.tf new file mode 100644 index 00000000..4c20a831 --- /dev/null +++ b/src/modules/_networking/virtual_network_gateway/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All the configuration for this resource" +} diff --git a/src/modules/_networking/virtual_network_gateway/main.tf b/src/modules/_networking/virtual_network_gateway/main.tf new file mode 100644 index 00000000..a04a5641 --- /dev/null +++ b/src/modules/_networking/virtual_network_gateway/main.tf @@ -0,0 +1,25 @@ +resource "azurerm_virtual_network_gateway" "main" { + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + tags = local.tags + + sku = try(var.settings.sku, "VpnGw1") + type = try(var.settings.type, "Vpn") + + generation = try(var.settings.generation, null) + vpn_type = try(var.settings.vpn_type, null) + active_active = try(var.settings.active_active, false) + enable_bgp = try(var.settings.enable_bgp, null) + + dynamic "ip_configuration" { + for_each = var.settings.ip_configurations + + content { + name = ip_configuration.value.name + private_ip_address_allocation = try(ip_configuration.value.private_ip_address_allocation, null) + public_ip_address_id = var.resources.public_ips[ip_configuration.value.public_ip_address_ref].id + subnet_id = var.resources.virtual_networks[split("/", ip_configuration.value.subnet_ref)[0]].subnets[split("/", ip_configuration.value.subnet_ref)[1]].id + } + } +} diff --git a/src/modules/_networking/vnet_peering/_locals.tf b/src/modules/_networking/vnet_peering/_locals.tf new file mode 100644 index 00000000..92ffed7c --- /dev/null +++ b/src/modules/_networking/vnet_peering/_locals.tf @@ -0,0 +1,9 @@ +locals { + vnet_left = var.resources.virtual_networks[var.settings.vnet_left_ref] + vnet_right = var.resources.virtual_networks[var.settings.vnet_right_ref] + + direction = try(var.settings.direction, "<->") + + peer_left_to_right = endswith(local.direction, "->") + peer_right_to_left = startswith(local.direction, "<-") +} diff --git a/src/modules/_networking/vnet_peering/_outputs.tf b/src/modules/_networking/vnet_peering/_outputs.tf new file mode 100644 index 00000000..c7505a22 --- /dev/null +++ b/src/modules/_networking/vnet_peering/_outputs.tf @@ -0,0 +1,6 @@ +output "id" { + value = { + "left_to_right" = local.peer_left_to_right ? azurerm_virtual_network_peering.left_to_right[0].id : null + "right_to_left" = local.peer_right_to_left ? azurerm_virtual_network_peering.right_to_left[0].id : null + } +} diff --git a/src/modules/_networking/vnet_peering/_variables.tf b/src/modules/_networking/vnet_peering/_variables.tf new file mode 100644 index 00000000..4e8c0d49 --- /dev/null +++ b/src/modules/_networking/vnet_peering/_variables.tf @@ -0,0 +1,15 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" + validation { + condition = contains(["<-", "->", "<->"], try(var.settings.direction, "<->")) + error_message = "Allowed values for direction are '<-', '->', or '<->'. Defaults to '<->' if not set." + } +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/_networking/vnet_peering/main.tf b/src/modules/_networking/vnet_peering/main.tf new file mode 100644 index 00000000..a8d4b025 --- /dev/null +++ b/src/modules/_networking/vnet_peering/main.tf @@ -0,0 +1,17 @@ +resource "azurerm_virtual_network_peering" "left_to_right" { + count = local.peer_left_to_right ? 1 : 0 + + name = "peering-${local.vnet_left.name}-to-${local.vnet_right.name}" + resource_group_name = local.vnet_left.resource_group_name + virtual_network_name = local.vnet_left.name + remote_virtual_network_id = local.vnet_right.id +} + +resource "azurerm_virtual_network_peering" "right_to_left" { + count = local.peer_right_to_left ? 1 : 0 + + name = "peering-${local.vnet_right.name}-to-${local.vnet_left.name}" + resource_group_name = local.vnet_right.resource_group_name + virtual_network_name = local.vnet_right.name + remote_virtual_network_id = local.vnet_left.id +} From 05df04810b7789358d15b011e9d7c06659e0a3dd Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 11:39:16 +0200 Subject: [PATCH 23/36] Sync with main branch --- src/modules/managed_identity/_locals.tf | 12 ++++++++++++ src/modules/managed_identity/_variables.tf | 11 +++++++++++ src/modules/managed_identity/main.tf | 5 +++++ 3 files changed, 28 insertions(+) create mode 100644 src/modules/managed_identity/_locals.tf create mode 100644 src/modules/managed_identity/_variables.tf create mode 100644 src/modules/managed_identity/main.tf diff --git a/src/modules/managed_identity/_locals.tf b/src/modules/managed_identity/_locals.tf new file mode 100644 index 00000000..687c6aaa --- /dev/null +++ b/src/modules/managed_identity/_locals.tf @@ -0,0 +1,12 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/managed_identity/_variables.tf b/src/modules/managed_identity/_variables.tf new file mode 100644 index 00000000..6f1524d4 --- /dev/null +++ b/src/modules/managed_identity/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for this resource" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/managed_identity/main.tf b/src/modules/managed_identity/main.tf new file mode 100644 index 00000000..39654afe --- /dev/null +++ b/src/modules/managed_identity/main.tf @@ -0,0 +1,5 @@ +resource "azurerm_user_assigned_identity" "main" { + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location +} From cd4c6c740ebeb61e6c7477dc4a3b46baa16d92f3 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 13:30:12 +0200 Subject: [PATCH 24/36] Remove allias from private service connection --- src/modules/container_registry/private_endpoint.tf | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/modules/container_registry/private_endpoint.tf b/src/modules/container_registry/private_endpoint.tf index a7f38a6d..a3d7b729 100644 --- a/src/modules/container_registry/private_endpoint.tf +++ b/src/modules/container_registry/private_endpoint.tf @@ -7,11 +7,10 @@ resource "azurerm_private_endpoint" "main" { tags = local.tags private_service_connection { - name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") - private_connection_resource_id = azurerm_container_registry.main.id - is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, true) - private_connection_resource_alias = var.settings.private_endpoint.private_service_connection.private_connection_resource_alias - subresource_names = var.settings.private_endpoint.private_service_connection.subresource_names + name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") + private_connection_resource_id = azurerm_container_registry.main.id + is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, null) + subresource_names = var.settings.private_endpoint.private_service_connection.subresource_names } private_dns_zone_group { From 0c012721d8a9240c36eacafb063236ecd981ffa8 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 13:33:34 +0200 Subject: [PATCH 25/36] Refactor psc manual connection value --- src/modules/container_registry/private_endpoint.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/container_registry/private_endpoint.tf b/src/modules/container_registry/private_endpoint.tf index a3d7b729..60bf14f1 100644 --- a/src/modules/container_registry/private_endpoint.tf +++ b/src/modules/container_registry/private_endpoint.tf @@ -9,7 +9,7 @@ resource "azurerm_private_endpoint" "main" { private_service_connection { name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") private_connection_resource_id = azurerm_container_registry.main.id - is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, null) + is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false) subresource_names = var.settings.private_endpoint.private_service_connection.subresource_names } From d62bcebfc803d8e663fded97025fce76332716fd Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 13:55:05 +0200 Subject: [PATCH 26/36] Removing optional blocks in psc block --- src/modules/container_registry/private_endpoint.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/modules/container_registry/private_endpoint.tf b/src/modules/container_registry/private_endpoint.tf index 60bf14f1..47f9400c 100644 --- a/src/modules/container_registry/private_endpoint.tf +++ b/src/modules/container_registry/private_endpoint.tf @@ -10,7 +10,6 @@ resource "azurerm_private_endpoint" "main" { name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") private_connection_resource_id = azurerm_container_registry.main.id is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false) - subresource_names = var.settings.private_endpoint.private_service_connection.subresource_names } private_dns_zone_group { From 6e2c05cf2cf8f2bdca7500f656dc99f6e95ca5fe Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 14:09:31 +0200 Subject: [PATCH 27/36] Add "registry" as a soubresource names value --- src/modules/container_registry/private_endpoint.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/modules/container_registry/private_endpoint.tf b/src/modules/container_registry/private_endpoint.tf index 47f9400c..3d9521e1 100644 --- a/src/modules/container_registry/private_endpoint.tf +++ b/src/modules/container_registry/private_endpoint.tf @@ -10,6 +10,7 @@ resource "azurerm_private_endpoint" "main" { name = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}") private_connection_resource_id = azurerm_container_registry.main.id is_manual_connection = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false) + subresource_names = ["registry"] } private_dns_zone_group { From c8164590bdb54ba0f5c16ef2d524aa2fc9bc91ac Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 14:19:16 +0200 Subject: [PATCH 28/36] Refactor example --- examples/container_registry.tfvars | 4 ---- 1 file changed, 4 deletions(-) diff --git a/examples/container_registry.tfvars b/examples/container_registry.tfvars index 89ef8ad4..f7369d56 100644 --- a/examples/container_registry.tfvars +++ b/examples/container_registry.tfvars @@ -10,10 +10,6 @@ container_registries = { zone_redundancy_enabled = true tags = { Owner = "prod" } } - georeplication_test_2 = { - location = "Nort Europe" - zone_redundancy_enabled = true - } } private_endpoint = { From 855cbaa6ec5ff46409f2d02ffe32b6ebf713ab72 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 15:14:20 +0200 Subject: [PATCH 29/36] Add readme example --- examples/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 examples/README.md diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..48392b0f --- /dev/null +++ b/examples/README.md @@ -0,0 +1 @@ +All the examples for CAF modules. From c9dc2840ab97f751a4a26ee50b59d608d0b9950f Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 15:30:42 +0200 Subject: [PATCH 30/36] Fix linting --- src/modules/_networking/private_dns_zone/_locals.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf index bc6bd95c..d5dd2830 100644 --- a/src/modules/_networking/private_dns_zone/_locals.tf +++ b/src/modules/_networking/private_dns_zone/_locals.tf @@ -1,5 +1,4 @@ locals { - resource_group = var.resources.resource_groups[var.settings.resource_group_ref] resource_group_name = local.resource_group.name location = local.resource_group.location @@ -11,7 +10,7 @@ locals { id = var.resources.virtual_networks[vnet].id } } - + tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, From d7071343a57d77ad2880fc61ed81e0dfe919ca1b Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 15:32:18 +0200 Subject: [PATCH 31/36] Fix linting --- examples/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/README.md b/examples/README.md index 48392b0f..a34b2b20 100644 --- a/examples/README.md +++ b/examples/README.md @@ -1 +1,2 @@ All the examples for CAF modules. +# From e29fda505a273fa8cd90e61097122605e0a241cd Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 15:38:49 +0200 Subject: [PATCH 32/36] Remove VNG from requierd resources --- src/networking.tf | 7 +++---- src/role_assignments.tf | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/networking.tf b/src/networking.tf index 2ea0e101..08595986 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -79,10 +79,9 @@ module "virtual_network_gateway_connections" { global_settings = var.global_settings settings = each.value resources = { - resource_groups = module.resource_groups - virtual_networks = module.virtual_networks - keyvaults = module.keyvaults + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + keyvaults = module.keyvaults local_network_gateways = module.local_network_gateways - virtual_network_gateways = module.virtual_network_gateways } } diff --git a/src/role_assignments.tf b/src/role_assignments.tf index e53c1092..f52f1fb6 100644 --- a/src/role_assignments.tf +++ b/src/role_assignments.tf @@ -6,9 +6,9 @@ module "role_assignments" { global_settings = local.global_settings resources = { - resource_groups = module.resource_groups - keyvaults = module.keyvaults - managed_identities = module.managed_identities + resource_groups = module.resource_groups + keyvaults = module.keyvaults + managed_identities = module.managed_identities kubernetes_clusters = module.kubernetes_clusters } } From f950a2030f6b57a4b1e23b40bd50e0032de1fd11 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 17:08:57 +0200 Subject: [PATCH 33/36] Add ACR variable --- src/_variables.resources.tf | 18 +++++++++--------- .../container_registry/container_registry.tf | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 57c8a4f9..b92cd784 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -1,22 +1,20 @@ variable "resource_groups" { default = {} } -variable "virtual_networks" { default = {} } - -variable "container_registry" { default = {} } - -variable "private_dns_zones" { default = {} } +variable "managed_identities" { default = {} } -variable "keyvaults" { default = {} } +variable "virtual_networks" { default = {} } -variable "storage_accounts" { default = {} } +variable "vnet_peerings" { default = {} } -variable "managed_identities" { default = {} } +variable "local_network_gateways" { default = {} } variable "virtual_network_gateways" { default = {} } variable "public_ips" { default = {} } -variable "local_network_gateways" { default = {} } +variable "keyvaults" { default = {} } + +variable "storage_accounts" { default = {} } variable "virtual_machines" { default = {} } @@ -27,3 +25,5 @@ variable "virtual_network_gateway_connections" { default = {} } variable "kubernetes_clusters" { default = {} } variable "role_assignments" { default = {} } + +variable "container_registry" { default = {} } diff --git a/src/modules/container_registry/container_registry.tf b/src/modules/container_registry/container_registry.tf index 9a286510..f45bf231 100644 --- a/src/modules/container_registry/container_registry.tf +++ b/src/modules/container_registry/container_registry.tf @@ -9,10 +9,10 @@ resource "azurerm_container_registry" "main" { admin_enabled = try(var.settings.admin_enabled, false) dynamic "georeplications" { - for_each = var.settings.georeplications + for_each = try(var.settings.georeplications, null) content { - location = georeplications.value.location + location = try(georeplications.value.location, null) zone_redundancy_enabled = try(georeplications.value.zone_redundancy_enabled, false) tags = try(georeplications.value.tags, null) } From 9c11b970c9fbe6cf4e27f63a81a3cf623c114142 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 17:16:39 +0200 Subject: [PATCH 34/36] Add storage account module --- src/modules/storage_account/_locals.tf | 17 +++++++++++++++++ src/modules/storage_account/_outputs.tf | 10 ++++++++++ src/modules/storage_account/_variables.tf | 11 +++++++++++ .../storage_account/storage_container.tf | 8 ++++++++ src/storage_account.tf | 12 ++++++++++++ 5 files changed, 58 insertions(+) create mode 100644 src/modules/storage_account/_locals.tf create mode 100644 src/modules/storage_account/_outputs.tf create mode 100644 src/modules/storage_account/_variables.tf create mode 100644 src/modules/storage_account/storage_container.tf create mode 100644 src/storage_account.tf diff --git a/src/modules/storage_account/_locals.tf b/src/modules/storage_account/_locals.tf new file mode 100644 index 00000000..af37c82b --- /dev/null +++ b/src/modules/storage_account/_locals.tf @@ -0,0 +1,17 @@ +locals { + resource_group = var.resources.resource_groups[var.settings.resource_group_ref] + resource_group_name = local.resource_group.name + location = local.resource_group.location + + subnet_ids = [ + for network_rule_ref, config in try(var.settings.network_rules.subnets, {}) : ( + var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id + ) + ] + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/storage_account/_outputs.tf b/src/modules/storage_account/_outputs.tf new file mode 100644 index 00000000..4761ad59 --- /dev/null +++ b/src/modules/storage_account/_outputs.tf @@ -0,0 +1,10 @@ +output "id" { + value = azurerm_storage_account.main.id +} + +output "containers" { + value = { + for container_ref, _ in try(var.settings.containers) : + container_ref => azurerm_storage_container.main[container_ref] + } +} diff --git a/src/modules/storage_account/_variables.tf b/src/modules/storage_account/_variables.tf new file mode 100644 index 00000000..d72b17b4 --- /dev/null +++ b/src/modules/storage_account/_variables.tf @@ -0,0 +1,11 @@ +variable "global_settings" { + description = "Global settings for tinycaf" +} + +variable "settings" { + description = "All the configuration for a storage account" +} + +variable "resources" { + description = "All required resources" +} diff --git a/src/modules/storage_account/storage_container.tf b/src/modules/storage_account/storage_container.tf new file mode 100644 index 00000000..b490d093 --- /dev/null +++ b/src/modules/storage_account/storage_container.tf @@ -0,0 +1,8 @@ +resource "azurerm_storage_container" "main" { + for_each = try(var.settings.containers, {}) + + name = each.value.name + storage_account_id = azurerm_storage_account.main.id + + container_access_type = try(each.value.access_type, null) +} diff --git a/src/storage_account.tf b/src/storage_account.tf new file mode 100644 index 00000000..b595afc5 --- /dev/null +++ b/src/storage_account.tf @@ -0,0 +1,12 @@ +module "storage_accounts" { + source = "./modules/storage_account" + for_each = var.storage_accounts + + settings = each.value + global_settings = var.global_settings + + resources = { + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + } +} From 78cb2cffcf17b99a13b9d7fbceb12a0bc6c0398c Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 17:21:15 +0200 Subject: [PATCH 35/36] Add vnet peering to var.resources --- src/networking.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/networking.tf b/src/networking.tf index b200c10f..e3ee9759 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -10,14 +10,14 @@ module "virtual_networks" { } } -module "private_dns_zones" { - source = "./modules/_networking/private_dns_zone" - for_each = var.private_dns_zones +module "vnet_peerings" { + source = "./modules/_networking/vnet_peering" + for_each = var.vnet_peerings - global_settings = local.global_settings settings = each.value + global_settings = local.global_settings + resources = { - resource_groups = module.resource_groups virtual_networks = module.virtual_networks } } From d58a8089a05baf3cd23332d290c779ff2a3b89a1 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Mon, 27 Jan 2025 17:50:21 +0200 Subject: [PATCH 36/36] Resolve comments --- src/_variables.resources.tf | 2 +- src/container_registry.tf | 4 ++-- src/modules/container_registry/_locals.tf | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index b92cd784..573c0a77 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -26,4 +26,4 @@ variable "kubernetes_clusters" { default = {} } variable "role_assignments" { default = {} } -variable "container_registry" { default = {} } +variable "container_registries" { default = {} } diff --git a/src/container_registry.tf b/src/container_registry.tf index eb92cffd..eebcb974 100644 --- a/src/container_registry.tf +++ b/src/container_registry.tf @@ -1,6 +1,6 @@ -module "container_registry" { +module "container_registries" { source = "./modules/container_registry" - for_each = var.container_registry + for_each = var.container_registries settings = each.value global_settings = local.global_settings diff --git a/src/modules/container_registry/_locals.tf b/src/modules/container_registry/_locals.tf index 2dd3c7fd..f6c460f6 100644 --- a/src/modules/container_registry/_locals.tf +++ b/src/modules/container_registry/_locals.tf @@ -3,9 +3,9 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location - dns_zone_group = var.resources.private_dns_zones[var.settings.private_endpoint.private_dns_zone_group_ref] - dns_zone_group_name = local.dns_zone_group.name - private_dns_zone_ids = [local.dns_zone_group.id] + dns_zone_group = try(var.resources.private_dns_zones[var.settings.private_endpoint.private_dns_zone_group_ref], null) + dns_zone_group_name = try(local.dns_zone_group.name, null) + private_dns_zone_ids = try([local.dns_zone_group.id], null) subnet_id = try(var.resources.virtual_networks[ split("/", var.settings.private_endpoint.subnet_ref)[0]