From 885edc211b4826acd44aead98c2aaadc68de48ce Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 11:38:42 +0300 Subject: [PATCH 01/79] Added new module Application-gateway --- src/_variables.tf | 7 ++ .../application_gateway/_locals.tf | 14 ++++ .../_networking/application_gateway/main.tf | 80 +++++++++++++++++++ .../application_gateway/outputs.tf | 7 ++ .../application_gateway/variables.tf | 19 +++++ src/networking.tf | 26 ++++++ 6 files changed, 153 insertions(+) create mode 100644 src/modules/_networking/application_gateway/_locals.tf create mode 100644 src/modules/_networking/application_gateway/main.tf create mode 100644 src/modules/_networking/application_gateway/outputs.tf create mode 100644 src/modules/_networking/application_gateway/variables.tf diff --git a/src/_variables.tf b/src/_variables.tf index 34468cca..13f2301d 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -39,6 +39,13 @@ variable "global_settings" { } } +variable "application_gateways" { + type = any + description = "Map of Application Gateways to deploy" + default = {} +} + + variable "landingzone" { description = "Landing zone metadata and tfstate dependencies" type = object({ diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf new file mode 100644 index 00000000..a4a7c56b --- /dev/null +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -0,0 +1,14 @@ +locals { + resource_group = var.resources[ + try(var.settings.lz_key, var.client_config.landingzone_key) + ].resource_groups[var.settings.resource_group_ref] + + resource_group_name = local.resource_group.name + location = local.resource_group.location + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) +} diff --git a/src/modules/_networking/application_gateway/main.tf b/src/modules/_networking/application_gateway/main.tf new file mode 100644 index 00000000..409d07fe --- /dev/null +++ b/src/modules/_networking/application_gateway/main.tf @@ -0,0 +1,80 @@ +resource "azurerm_application_gateway" "main" { + name = var.settings.name + location = local.location + resource_group_name = local.resource_group_name + tags = local.tags + + sku { + name = var.settings.sku.name + tier = var.settings.sku.tier + capacity = var.settings.sku.capacity + } + + gateway_ip_configuration { + name = var.settings.gateway_ip_configuration.name + subnet_id = var.settings.gateway_ip_configuration.subnet_id + } + + frontend_ip_configuration { + name = var.settings.frontend_ip_configuration.name + public_ip_address_id = var.settings.frontend_ip_configuration.public_ip_address_id + } + + dynamic "frontend_port" { + for_each = try(var.settings.frontend_ports, []) + content { + name = frontend_port.value.name + port = frontend_port.value.port + } + } + + dynamic "backend_address_pool" { + for_each = try(var.settings.backend_address_pools, []) + content { + name = backend_address_pool.value.name + ip_addresses = try(backend_address_pool.value.ip_addresses, []) + } + } + + dynamic "backend_http_settings" { + for_each = try(var.settings.backend_http_settings_list, []) + content { + name = backend_http_settings.value.name + port = backend_http_settings.value.port + protocol = backend_http_settings.value.protocol + cookie_based_affinity = try(backend_http_settings.value.cookie_based_affinity, "Disabled") + request_timeout = try(backend_http_settings.value.request_timeout, 20) + } + } + + dynamic "http_listener" { + for_each = try(var.settings.http_listeners, []) + content { + name = http_listener.value.name + frontend_ip_configuration_name = http_listener.value.frontend_ip_configuration_name + frontend_port_name = http_listener.value.frontend_port_name + protocol = http_listener.value.protocol + host_name = try(http_listener.value.host_name, null) + } + } + + dynamic "request_routing_rule" { + for_each = try(var.settings.request_routing_rules, []) + content { + name = request_routing_rule.value.name + rule_type = request_routing_rule.value.rule_type + http_listener_name = request_routing_rule.value.http_listener_name + backend_address_pool_name = request_routing_rule.value.backend_address_pool_name + backend_http_settings_name = request_routing_rule.value.backend_http_settings_name + } + } + + dynamic "timeouts" { + for_each = can(var.settings.timeouts) ? [1] : [] + content { + create = try(var.settings.timeouts.create, null) + update = try(var.settings.timeouts.update, null) + delete = try(var.settings.timeouts.delete, null) + } + } +} diff --git a/src/modules/_networking/application_gateway/outputs.tf b/src/modules/_networking/application_gateway/outputs.tf new file mode 100644 index 00000000..be140896 --- /dev/null +++ b/src/modules/_networking/application_gateway/outputs.tf @@ -0,0 +1,7 @@ +output "name" { + value = azurerm_application_gateway.main.name +} + +output "id" { + value = azurerm_application_gateway.main.id +} diff --git a/src/modules/_networking/application_gateway/variables.tf b/src/modules/_networking/application_gateway/variables.tf new file mode 100644 index 00000000..cc2a100b --- /dev/null +++ b/src/modules/_networking/application_gateway/variables.tf @@ -0,0 +1,19 @@ +variable "settings" { + type = any +} + +variable "resources" { + type = any + description = "Resources provided by other modules" + default = {} +} + +variable "global_settings" { + type = any + description = "Global settings shared across modules" +} + +variable "client_config" { + type = any + description = "Client config object (landingzone key, etc.)" +} diff --git a/src/networking.tf b/src/networking.tf index 816b698c..fb862475 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -73,6 +73,32 @@ module "virtual_network_gateways" { landingzone_key = var.landingzone.key } } +module "application_gateways" { + source = "./modules/_networking/application_gateway" + for_each = var.application_gateways + + settings = each.value + global_settings = local.global_settings + + resources = merge( + { + (var.landingzone.key) = { + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + public_ips = module.public_ips + subnets = module.subnets + } + }, + { + for k, v in module.remote_states : k => v.outputs + } + ) + + client_config = { + landingzone_key = var.landingzone.key + } +} + module "public_ips" { source = "./modules/_networking/public_ip" From ec0eedfc0d01ee7b445d168df9cd72bfc0bc8e83 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 11:48:54 +0300 Subject: [PATCH 02/79] edited main.tf and locals.tf --- src/modules/_networking/application_gateway/_locals.tf | 3 +++ src/modules/_networking/application_gateway/main.tf | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index a4a7c56b..c35aa5f8 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -6,6 +6,9 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location + public_ip = var.resources[try(var.settings.lz_key, var.client_config.landingzone_key)].public_ips[var.settings.public_ip_key] + subnet = var.resources[try(var.settings.lz_key, var.client_config.landingzone_key)].subnets[var.settings.subnet_key] + tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, diff --git a/src/modules/_networking/application_gateway/main.tf b/src/modules/_networking/application_gateway/main.tf index 409d07fe..b93031a6 100644 --- a/src/modules/_networking/application_gateway/main.tf +++ b/src/modules/_networking/application_gateway/main.tf @@ -12,12 +12,12 @@ resource "azurerm_application_gateway" "main" { gateway_ip_configuration { name = var.settings.gateway_ip_configuration.name - subnet_id = var.settings.gateway_ip_configuration.subnet_id + subnet_id = local.subnet.id } frontend_ip_configuration { name = var.settings.frontend_ip_configuration.name - public_ip_address_id = var.settings.frontend_ip_configuration.public_ip_address_id + public_ip_address_id = local.public_ip.id } dynamic "frontend_port" { From 67839a92a528fdba82201ae63f2b73083114c069 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 12:40:21 +0300 Subject: [PATCH 03/79] removed subnets from networking.tf --- src/networking.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/networking.tf b/src/networking.tf index fb862475..439d0274 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -86,7 +86,6 @@ module "application_gateways" { resource_groups = module.resource_groups virtual_networks = module.virtual_networks public_ips = module.public_ips - subnets = module.subnets } }, { From efe4541f1cf409c18c3bf5982acf089d4235137d Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 12:44:54 +0300 Subject: [PATCH 04/79] updated _locals.tf --- src/modules/_networking/application_gateway/_locals.tf | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index c35aa5f8..707556a5 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -6,8 +6,13 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location - public_ip = var.resources[try(var.settings.lz_key, var.client_config.landingzone_key)].public_ips[var.settings.public_ip_key] - subnet = var.resources[try(var.settings.lz_key, var.client_config.landingzone_key)].subnets[var.settings.subnet_key] + public_ip = var.resources[ + try(var.settings.lz_key, var.client_config.landingzone_key) + ].public_ips[var.settings.public_ip_key] + + subnet = var.resources[ + try(var.settings.lz_key, var.client_config.landingzone_key) + ].virtual_networks[var.settings.vnet_key].subnets[var.settings.subnet_key] tags = merge( var.global_settings.tags, From bbd1eb4ab4af399e44d1682ce2f8616ff9d1ddc0 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 13:10:38 +0300 Subject: [PATCH 05/79] updated _locals --- .../_networking/application_gateway/_locals.tf | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index 707556a5..365deb50 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -1,18 +1,16 @@ locals { - resource_group = var.resources[ - try(var.settings.lz_key, var.client_config.landingzone_key) - ].resource_groups[var.settings.resource_group_ref] + lz_key = try(var.settings.lz_key, var.client_config.landingzone_key) + + resource_group = var.resources[local.lz_key].resource_groups[var.settings.resource_group_ref] resource_group_name = local.resource_group.name location = local.resource_group.location - public_ip = var.resources[ - try(var.settings.lz_key, var.client_config.landingzone_key) - ].public_ips[var.settings.public_ip_key] + public_ip = var.resources[local.lz_key].public_ips[var.settings.public_ip] - subnet = var.resources[ - try(var.settings.lz_key, var.client_config.landingzone_key) - ].virtual_networks[var.settings.vnet_key].subnets[var.settings.subnet_key] + subnet = var.resources[local.lz_key].virtual_networks[var.settings.virtual_network].subnets[ + split("/", var.settings.subnet_ref)[1] + ] tags = merge( var.global_settings.tags, From 291a572e19b3e14e91b84f948d2f71e4dac0e606 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 14:56:25 +0300 Subject: [PATCH 06/79] updated variables_resources --- src/_variables.resources.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 71cdc78b..0e2a9e23 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -73,3 +73,5 @@ variable "recovery_vaults" { default = {} } variable "disk_encryption_sets" { default = {} } variable "logic_apps_standard" { default = {} } + +variable "application_gateways" { default = {} } \ No newline at end of file From 20a185059d54a48d1c05380ca4e861977a08aeac Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:00:21 +0300 Subject: [PATCH 07/79] added dynamic gateway --- .../_networking/application_gateway/main.tf | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/modules/_networking/application_gateway/main.tf b/src/modules/_networking/application_gateway/main.tf index b93031a6..0151526c 100644 --- a/src/modules/_networking/application_gateway/main.tf +++ b/src/modules/_networking/application_gateway/main.tf @@ -10,10 +10,20 @@ resource "azurerm_application_gateway" "main" { capacity = var.settings.sku.capacity } - gateway_ip_configuration { - name = var.settings.gateway_ip_configuration.name - subnet_id = local.subnet.id + dynamic "gateway_ip_configuration" { + for_each = var.settings.gateway_ip_configuration + content { + name = gateway_ip_configuration.value.name + subnet_id = var.resources[ + try(var.settings.lz_key, var.client_config.landingzone_key) + ].virtual_networks[ + split("/", gateway_ip_configuration.value.subnet_ref)[0] + ].subnets[ + split("/", gateway_ip_configuration.value.subnet_ref)[1] + ].id } +} + frontend_ip_configuration { name = var.settings.frontend_ip_configuration.name From a9160168195b10357f96650e4325e989eba99e69 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:03:03 +0300 Subject: [PATCH 08/79] changed locals --- .../application_gateway/_locals.tf | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index 365deb50..6619e969 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -1,20 +1,20 @@ locals { - lz_key = try(var.settings.lz_key, var.client_config.landingzone_key) - - resource_group = var.resources[local.lz_key].resource_groups[var.settings.resource_group_ref] + resource_group = var.resources[ + try(var.settings.resource_group_lz_key, var.client_config.landingzone_key) + ].resource_groups[var.settings.resource_group_ref] resource_group_name = local.resource_group.name location = local.resource_group.location - public_ip = var.resources[local.lz_key].public_ips[var.settings.public_ip] + public_ip = var.resources[ + try(var.settings.public_ip_lz_key, var.client_config.landingzone_key) + ].public_ips[var.settings.public_ip] - subnet = var.resources[local.lz_key].virtual_networks[var.settings.virtual_network].subnets[ + subnet = var.resources[ + try(var.settings.subnet_lz_key, var.client_config.landingzone_key) + ].virtual_networks[ + var.settings.virtual_network + ].subnets[ split("/", var.settings.subnet_ref)[1] ] - - tags = merge( - var.global_settings.tags, - var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, - try(var.settings.tags, {}) - ) } From 74f01e6d8576bbae230720804ecd2bf68cd7603d Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:07:16 +0300 Subject: [PATCH 09/79] updated main.tf --- .../_networking/application_gateway/main.tf | 45 ++++++++++--------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/src/modules/_networking/application_gateway/main.tf b/src/modules/_networking/application_gateway/main.tf index 0151526c..7bb56157 100644 --- a/src/modules/_networking/application_gateway/main.tf +++ b/src/modules/_networking/application_gateway/main.tf @@ -11,27 +11,31 @@ resource "azurerm_application_gateway" "main" { } dynamic "gateway_ip_configuration" { - for_each = var.settings.gateway_ip_configuration - content { - name = gateway_ip_configuration.value.name - subnet_id = var.resources[ - try(var.settings.lz_key, var.client_config.landingzone_key) - ].virtual_networks[ - split("/", gateway_ip_configuration.value.subnet_ref)[0] - ].subnets[ - split("/", gateway_ip_configuration.value.subnet_ref)[1] - ].id + for_each = try(var.settings.gateway_ip_configuration, {}) + content { + name = gateway_ip_configuration.value.name + subnet_id = var.resources[ + try(gateway_ip_configuration.value.lz_key, var.client_config.landingzone_key) + ].virtual_networks[ + split("/", gateway_ip_configuration.value.subnet_ref)[0] + ].subnets[ + split("/", gateway_ip_configuration.value.subnet_ref)[1] + ].id + } } -} - - frontend_ip_configuration { - name = var.settings.frontend_ip_configuration.name - public_ip_address_id = local.public_ip.id + dynamic "frontend_ip_configuration" { + for_each = try(var.settings.frontend_ip_configuration, {}) + content { + name = frontend_ip_configuration.value.name + public_ip_address_id = var.resources[ + try(frontend_ip_configuration.value.lz_key, var.client_config.landingzone_key) + ].public_ips[frontend_ip_configuration.value.public_ip].id + } } dynamic "frontend_port" { - for_each = try(var.settings.frontend_ports, []) + for_each = try(var.settings.frontend_ports, {}) content { name = frontend_port.value.name port = frontend_port.value.port @@ -39,7 +43,7 @@ resource "azurerm_application_gateway" "main" { } dynamic "backend_address_pool" { - for_each = try(var.settings.backend_address_pools, []) + for_each = try(var.settings.backend_address_pools, {}) content { name = backend_address_pool.value.name ip_addresses = try(backend_address_pool.value.ip_addresses, []) @@ -47,7 +51,7 @@ resource "azurerm_application_gateway" "main" { } dynamic "backend_http_settings" { - for_each = try(var.settings.backend_http_settings_list, []) + for_each = try(var.settings.backend_http_settings_list, {}) content { name = backend_http_settings.value.name port = backend_http_settings.value.port @@ -58,7 +62,7 @@ resource "azurerm_application_gateway" "main" { } dynamic "http_listener" { - for_each = try(var.settings.http_listeners, []) + for_each = try(var.settings.http_listeners, {}) content { name = http_listener.value.name frontend_ip_configuration_name = http_listener.value.frontend_ip_configuration_name @@ -69,13 +73,14 @@ resource "azurerm_application_gateway" "main" { } dynamic "request_routing_rule" { - for_each = try(var.settings.request_routing_rules, []) + for_each = try(var.settings.request_routing_rules, {}) content { name = request_routing_rule.value.name rule_type = request_routing_rule.value.rule_type http_listener_name = request_routing_rule.value.http_listener_name backend_address_pool_name = request_routing_rule.value.backend_address_pool_name backend_http_settings_name = request_routing_rule.value.backend_http_settings_name + priority = try(request_routing_rule.value.priority, 100) } } From 2c473e6a51106c8e64a45d479a383b637834ce8b Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:13:07 +0300 Subject: [PATCH 10/79] updated tags --- src/modules/_networking/application_gateway/_locals.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index 6619e969..77c22965 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -17,4 +17,10 @@ locals { ].subnets[ split("/", var.settings.subnet_ref)[1] ] + + tags = merge( + var.global_settings.tags, + var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, + try(var.settings.tags, {}) + ) } From bbc4f602148c194e836a4a41dcb154044a3d2553 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:16:10 +0300 Subject: [PATCH 11/79] edited variables --- src/_variables.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/_variables.tf b/src/_variables.tf index 13f2301d..9203c9e7 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -39,12 +39,6 @@ variable "global_settings" { } } -variable "application_gateways" { - type = any - description = "Map of Application Gateways to deploy" - default = {} -} - variable "landingzone" { description = "Landing zone metadata and tfstate dependencies" From 931204f975f548c73b31e61f8dff5addfe2fc692 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:30:47 +0300 Subject: [PATCH 12/79] fixed locals.tf --- src/modules/_networking/application_gateway/_locals.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index 77c22965..c51d1a34 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -6,9 +6,13 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location + first_frontend_ip_key = keys(var.settings.frontend_ip_configuration)[0] + public_ip = var.resources[ - try(var.settings.public_ip_lz_key, var.client_config.landingzone_key) - ].public_ips[var.settings.public_ip] + try(var.settings.frontend_ip_configuration[local.first_frontend_ip_key].lz_key, var.client_config.landingzone_key) + ].public_ips[ + var.settings.frontend_ip_configuration[local.first_frontend_ip_key].public_ip + ] subnet = var.resources[ try(var.settings.subnet_lz_key, var.client_config.landingzone_key) From 786a3d4b15629aee0dafc39f61886256166620de Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Thu, 19 Jun 2025 15:33:26 +0300 Subject: [PATCH 13/79] updated locals --- src/modules/_networking/application_gateway/_locals.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/modules/_networking/application_gateway/_locals.tf b/src/modules/_networking/application_gateway/_locals.tf index c51d1a34..51f4ae40 100644 --- a/src/modules/_networking/application_gateway/_locals.tf +++ b/src/modules/_networking/application_gateway/_locals.tf @@ -6,14 +6,6 @@ locals { resource_group_name = local.resource_group.name location = local.resource_group.location - first_frontend_ip_key = keys(var.settings.frontend_ip_configuration)[0] - - public_ip = var.resources[ - try(var.settings.frontend_ip_configuration[local.first_frontend_ip_key].lz_key, var.client_config.landingzone_key) - ].public_ips[ - var.settings.frontend_ip_configuration[local.first_frontend_ip_key].public_ip - ] - subnet = var.resources[ try(var.settings.subnet_lz_key, var.client_config.landingzone_key) ].virtual_networks[ From e8d48787be4232cad3f24f18818e5c2b251a713f Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 09:42:24 +0300 Subject: [PATCH 14/79] removed app-gateway --- src/_variables.resources.tf | 2 +- src/networking.tf | 48 ++++++++++++++++++------------------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 0e2a9e23..a80aef3c 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -74,4 +74,4 @@ variable "disk_encryption_sets" { default = {} } variable "logic_apps_standard" { default = {} } -variable "application_gateways" { default = {} } \ No newline at end of file +#variable "application_gateways" { default = {} } \ No newline at end of file diff --git a/src/networking.tf b/src/networking.tf index 439d0274..91627f7b 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -73,30 +73,30 @@ module "virtual_network_gateways" { landingzone_key = var.landingzone.key } } -module "application_gateways" { - source = "./modules/_networking/application_gateway" - for_each = var.application_gateways - - settings = each.value - global_settings = local.global_settings - - resources = merge( - { - (var.landingzone.key) = { - resource_groups = module.resource_groups - virtual_networks = module.virtual_networks - public_ips = module.public_ips - } - }, - { - for k, v in module.remote_states : k => v.outputs - } - ) - - client_config = { - landingzone_key = var.landingzone.key - } -} +# module "application_gateways" { +# source = "./modules/_networking/application_gateway" +# for_each = var.application_gateways + +# settings = each.value +# global_settings = local.global_settings + +# resources = merge( +# { +# (var.landingzone.key) = { +# resource_groups = module.resource_groups +# virtual_networks = module.virtual_networks +# public_ips = module.public_ips +# } +# }, +# { +# for k, v in module.remote_states : k => v.outputs +# } +# ) + +# client_config = { +# landingzone_key = var.landingzone.key +# } +# } module "public_ips" { From e1c3ae2120a3c8168ec12aa24443087dbe592b80 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 10:13:55 +0300 Subject: [PATCH 15/79] reversed app-gateway --- src/_variables.resources.tf | 2 +- src/networking.tf | 48 ++++++++++++++++++------------------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index a80aef3c..0e2a9e23 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -74,4 +74,4 @@ variable "disk_encryption_sets" { default = {} } variable "logic_apps_standard" { default = {} } -#variable "application_gateways" { default = {} } \ No newline at end of file +variable "application_gateways" { default = {} } \ No newline at end of file diff --git a/src/networking.tf b/src/networking.tf index 91627f7b..439d0274 100644 --- a/src/networking.tf +++ b/src/networking.tf @@ -73,30 +73,30 @@ module "virtual_network_gateways" { landingzone_key = var.landingzone.key } } -# module "application_gateways" { -# source = "./modules/_networking/application_gateway" -# for_each = var.application_gateways - -# settings = each.value -# global_settings = local.global_settings - -# resources = merge( -# { -# (var.landingzone.key) = { -# resource_groups = module.resource_groups -# virtual_networks = module.virtual_networks -# public_ips = module.public_ips -# } -# }, -# { -# for k, v in module.remote_states : k => v.outputs -# } -# ) - -# client_config = { -# landingzone_key = var.landingzone.key -# } -# } +module "application_gateways" { + source = "./modules/_networking/application_gateway" + for_each = var.application_gateways + + settings = each.value + global_settings = local.global_settings + + resources = merge( + { + (var.landingzone.key) = { + resource_groups = module.resource_groups + virtual_networks = module.virtual_networks + public_ips = module.public_ips + } + }, + { + for k, v in module.remote_states : k => v.outputs + } + ) + + client_config = { + landingzone_key = var.landingzone.key + } +} module "public_ips" { From 22d660887e048d93c42c89134960c5315188c0b1 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:08:09 +0300 Subject: [PATCH 16/79] added azure_diagnostics --- src/_variables.resources.tf | 12 +++- .../monitoring/diagnostic_setting/_locals.tf | 4 ++ .../monitoring/diagnostic_setting/main.tf | 63 +++++++++++++++++++ .../monitoring/diagnostic_setting/outputs.tf | 4 ++ .../diagnostic_setting/variables.tf | 40 ++++++++++++ 5 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 src/modules/monitoring/diagnostic_setting/_locals.tf create mode 100644 src/modules/monitoring/diagnostic_setting/main.tf create mode 100644 src/modules/monitoring/diagnostic_setting/outputs.tf create mode 100644 src/modules/monitoring/diagnostic_setting/variables.tf diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 0e2a9e23..966fefce 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -74,4 +74,14 @@ variable "disk_encryption_sets" { default = {} } variable "logic_apps_standard" { default = {} } -variable "application_gateways" { default = {} } \ No newline at end of file +variable "application_gateways" { default = {} } + +variable "log_categories" { default = {} } + +variable "excluded_log_categories" { default = {} } + +variable "metric_categories" { default = {} } + +variable "logs_destination_ids" { default = {} } + +variable "log_analytics_destination_type" { default = {} } \ No newline at end of file diff --git a/src/modules/monitoring/diagnostic_setting/_locals.tf b/src/modules/monitoring/diagnostic_setting/_locals.tf new file mode 100644 index 00000000..ba57d37b --- /dev/null +++ b/src/modules/monitoring/diagnostic_setting/_locals.tf @@ -0,0 +1,4 @@ +locals { + use_storage = var.storage_account_id != null + use_law = var.log_analytics_workspace_id != null +} \ No newline at end of file diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf new file mode 100644 index 00000000..3408539b --- /dev/null +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -0,0 +1,63 @@ +resource "azurerm_monitor_diagnostic_setting" "main" { + name = var.diagnostic_name + target_resource_id = var.target_resource_id + + dynamic "log" { + for_each = var.logs + content { + category = log.value.category + enabled = log.value.enabled + + } + } + + dynamic "metric" { + for_each = var.metrics + content { + category = metric.value.category + enabled = metric.value.enabled + + } + } + + dynamic "log_analytics_workspace_id" { + for_each = var.log_analytics_workspace_id != null ? [1] : [] + content { + workspace_id = var.log_analytics_workspace_id + } + } + + dynamic "storage_account_id" { + for_each = var.storage_account_id != null ? [1] : [] + content { + storage_account_id = var.storage_account_id + } + } +} + + + + + + + +### tfvars example (Test 1 - Key Vault to Storage Account) + +# test-keyvault-to-storage.tfvars + +target_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-demo/providers/Microsoft.KeyVault/vaults/my-keyvault" + +diagnostic_name = "kv-diag" + +storage_account_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-demo/providers/Microsoft.Storage/storageAccounts/privatekvlogs" + +log_analytics_workspace_id = null + +logs = [ + { + category = "AuditEvent" + enabled = true + } +] + +metrics = [] diff --git a/src/modules/monitoring/diagnostic_setting/outputs.tf b/src/modules/monitoring/diagnostic_setting/outputs.tf new file mode 100644 index 00000000..e13069b5 --- /dev/null +++ b/src/modules/monitoring/diagnostic_setting/outputs.tf @@ -0,0 +1,4 @@ +output "diagnostic_setting_id" { + value = azurerm_monitor_diagnostic_setting.main.id + description = "The ID of the diagnostic setting." +} diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf new file mode 100644 index 00000000..991f73cf --- /dev/null +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -0,0 +1,40 @@ +variable "target_resource_id" { + description = "The ID of the resource to apply diagnostics to" + type = string +} + +variable "diagnostic_name" { + description = "The name of the diagnostic setting" + type = string + default = "default" +} + +variable "log_analytics_workspace_id" { + description = "Optional Log Analytics workspace ID" + type = string + default = null +} + +variable "storage_account_id" { + description = "Optional Storage Account ID for logs" + type = string + default = null +} + +variable "logs" { + description = "List of logs to collect" + type = list(object({ + category = string + enabled = bool + })) + default = [] +} + +variable "metrics" { + description = "List of metrics to collect" + type = list(object({ + category = string + enabled = bool + })) + default = [] +} \ No newline at end of file From fb894d4ca82c1e0f445d8b30bcb7bb9e8480c50f Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:15:29 +0300 Subject: [PATCH 17/79] updated files --- .../monitoring/diagnostic_setting/_locals.tf | 6 +- .../monitoring/diagnostic_setting/main.tf | 51 +++++--------- .../diagnostic_setting/variables.tf | 67 ++++++++----------- 3 files changed, 47 insertions(+), 77 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/_locals.tf b/src/modules/monitoring/diagnostic_setting/_locals.tf index ba57d37b..7f2a6af1 100644 --- a/src/modules/monitoring/diagnostic_setting/_locals.tf +++ b/src/modules/monitoring/diagnostic_setting/_locals.tf @@ -1,4 +1,4 @@ locals { - use_storage = var.storage_account_id != null - use_law = var.log_analytics_workspace_id != null -} \ No newline at end of file + use_storage = try(var.settings.storage_account_ref, null) != null + use_law = try(var.settings.log_analytics_workspace_ref, null) != null +} \ No newline at end of file diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 3408539b..10f4a732 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,63 +1,44 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - name = var.diagnostic_name - target_resource_id = var.target_resource_id + name = var.settings.name + target_resource_id = var.settings.target_resource_id dynamic "log" { - for_each = var.logs + for_each = try(var.settings.logs, {}) content { category = log.value.category enabled = log.value.enabled + retention_policy { + enabled = try(log.value.retention_policy.enabled, false) + days = try(log.value.retention_policy.days, 0) + } } } dynamic "metric" { - for_each = var.metrics + for_each = try(var.settings.metrics, {}) content { category = metric.value.category enabled = metric.value.enabled + retention_policy { + enabled = try(metric.value.retention_policy.enabled, false) + days = try(metric.value.retention_policy.days, 0) + } } } dynamic "log_analytics_workspace_id" { - for_each = var.log_analytics_workspace_id != null ? [1] : [] + for_each = try(var.settings.log_analytics_workspace_id, null) != null ? [1] : [] content { - workspace_id = var.log_analytics_workspace_id + workspace_id = var.settings.log_analytics_workspace_id } } dynamic "storage_account_id" { - for_each = var.storage_account_id != null ? [1] : [] + for_each = try(var.settings.storage_account_id, null) != null ? [1] : [] content { - storage_account_id = var.storage_account_id + storage_account_id = var.settings.storage_account_id } } } - - - - - - - -### tfvars example (Test 1 - Key Vault to Storage Account) - -# test-keyvault-to-storage.tfvars - -target_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-demo/providers/Microsoft.KeyVault/vaults/my-keyvault" - -diagnostic_name = "kv-diag" - -storage_account_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-demo/providers/Microsoft.Storage/storageAccounts/privatekvlogs" - -log_analytics_workspace_id = null - -logs = [ - { - category = "AuditEvent" - enabled = true - } -] - -metrics = [] diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index 991f73cf..cd169dd8 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -1,40 +1,29 @@ -variable "target_resource_id" { - description = "The ID of the resource to apply diagnostics to" - type = string +variable "settings" { + description = "Settings for diagnostic settings" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) } - -variable "diagnostic_name" { - description = "The name of the diagnostic setting" - type = string - default = "default" -} - -variable "log_analytics_workspace_id" { - description = "Optional Log Analytics workspace ID" - type = string - default = null -} - -variable "storage_account_id" { - description = "Optional Storage Account ID for logs" - type = string - default = null -} - -variable "logs" { - description = "List of logs to collect" - type = list(object({ - category = string - enabled = bool - })) - default = [] -} - -variable "metrics" { - description = "List of metrics to collect" - type = list(object({ - category = string - enabled = bool - })) - default = [] -} \ No newline at end of file From e26fc4276376dbc7a9b773bcc72f7363e771cf07 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:24:43 +0300 Subject: [PATCH 18/79] added dynamic grep --- src/_variables.resources.tf | 4 +++- src/_variables.tf | 4 ++++ .../monitoring/diagnostic_setting/main.tf | 22 ++++++++++--------- .../diagnostic_setting/variables.tf | 12 ++++++++++ 4 files changed, 31 insertions(+), 11 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 966fefce..ca630c53 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -84,4 +84,6 @@ variable "metric_categories" { default = {} } variable "logs_destination_ids" { default = {} } -variable "log_analytics_destination_type" { default = {} } \ No newline at end of file +variable "log_analytics_destination_type" { default = {} } + +variable "resources" { default = {} } \ No newline at end of file diff --git a/src/_variables.tf b/src/_variables.tf index 9203c9e7..015e3b35 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -51,3 +51,7 @@ variable "landingzone" { }))) }) } +variable "resources" { + description = "CAF resources map passed from root or higher-level module" + type = any +} diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 10f4a732..7a2393af 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,6 +1,8 @@ resource "azurerm_monitor_diagnostic_setting" "main" { name = var.settings.name - target_resource_id = var.settings.target_resource_id + target_resource_id = var.resources[ + try(var.settings.resource_lz_key, var.client_config.landingzone_key) + ][var.settings.resource_type][var.settings.resource_ref].id dynamic "log" { for_each = try(var.settings.logs, {}) @@ -21,24 +23,24 @@ resource "azurerm_monitor_diagnostic_setting" "main" { category = metric.value.category enabled = metric.value.enabled - retention_policy { - enabled = try(metric.value.retention_policy.enabled, false) - days = try(metric.value.retention_policy.days, 0) - } } } dynamic "log_analytics_workspace_id" { - for_each = try(var.settings.log_analytics_workspace_id, null) != null ? [1] : [] + for_each = try(var.settings.log_analytics_workspace_ref, null) != null ? [1] : [] content { - workspace_id = var.settings.log_analytics_workspace_id + workspace_id = var.resources[ + try(var.settings.log_analytics_lz_key, var.client_config.landingzone_key) + ].log_analytics[var.settings.log_analytics_workspace_ref].id } } dynamic "storage_account_id" { - for_each = try(var.settings.storage_account_id, null) != null ? [1] : [] + for_each = try(var.settings.storage_account_ref, null) != null ? [1] : [] content { - storage_account_id = var.settings.storage_account_id + storage_account_id = var.resources[ + try(var.settings.storage_account_lz_key, var.client_config.landingzone_key) + ].storage_accounts[var.settings.storage_account_ref].id } } -} +} \ No newline at end of file diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index cd169dd8..f1998e4b 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -27,3 +27,15 @@ variable "settings" { }))) }) } +variable "resources" { + description = "CAF resources map from root module" + type = any +} + +variable "client_config" { + description = "Client config including landingzone key" + type = object({ + landingzone_key = string + }) +} + From 835dd330ffef8b26a58a0081e44736dfe2623d59 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:38:42 +0300 Subject: [PATCH 19/79] edited variables --- src/_variables.resources.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index ca630c53..55fbd984 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -86,4 +86,6 @@ variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } -variable "resources" { default = {} } \ No newline at end of file +variable "resources" { default = {} } + +variable "settings" { default = {} } \ No newline at end of file From 5d4763e128da47ba0a586557dfec9ff46797f8b9 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:41:34 +0300 Subject: [PATCH 20/79] edited main.tf --- src/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main.tf b/src/main.tf index b5445eef..90b75352 100644 --- a/src/main.tf +++ b/src/main.tf @@ -11,3 +11,10 @@ module "resource_groups" { } } +module "diagnostic_settings" { + source = "./modules/diagnostic_settings" + settings = var.settings + resources = var.resources + client_config = var.client_config + global_settings = var.global_settings +} From fcb4ac9340114c9a799475030b3d3fad578336df Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:42:50 +0300 Subject: [PATCH 21/79] typo --- src/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.tf b/src/main.tf index 90b75352..1566c5db 100644 --- a/src/main.tf +++ b/src/main.tf @@ -11,7 +11,7 @@ module "resource_groups" { } } -module "diagnostic_settings" { +module "diagnostic_setting" { source = "./modules/diagnostic_settings" settings = var.settings resources = var.resources From fbc9681c37c333e20e190a1fc339c1ffc411b1d5 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:43:37 +0300 Subject: [PATCH 22/79] typo --- src/_variables.resources.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 55fbd984..10a75249 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -86,6 +86,4 @@ variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } -variable "resources" { default = {} } - variable "settings" { default = {} } \ No newline at end of file From 1e650bb439cebe350bf7eaf76dc193f63ce9206b Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:47:01 +0300 Subject: [PATCH 23/79] typo --- src/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.tf b/src/main.tf index 1566c5db..25bf3d42 100644 --- a/src/main.tf +++ b/src/main.tf @@ -12,7 +12,7 @@ module "resource_groups" { } module "diagnostic_setting" { - source = "./modules/diagnostic_settings" + source = "./modules/diagnostic_setting" settings = var.settings resources = var.resources client_config = var.client_config From ffbb125bfe14de43d33f58c58cc7261b29beff9a Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 11:55:45 +0300 Subject: [PATCH 24/79] edited variables, created diagnostic.tf --- src/diagnostic.tf | 11 +++++++++++ .../monitoring/diagnostic_setting/variables.tf | 7 +++++++ 2 files changed, 18 insertions(+) create mode 100644 src/diagnostic.tf diff --git a/src/diagnostic.tf b/src/diagnostic.tf new file mode 100644 index 00000000..35c9762b --- /dev/null +++ b/src/diagnostic.tf @@ -0,0 +1,11 @@ +module "diagnostic_setting" { + source = "./modules/monitoring/diagnostic_setting" + settings = var.settings + resources = var.resources + + client_config = { + landingzone_key = var.landingzone.key + } + + global_settings = var.global_settings +} diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index f1998e4b..86d8053f 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -39,3 +39,10 @@ variable "client_config" { }) } +variable "global_settings" { + description = "Global settings passed from root" + type = object({ + tags = map(string) + inherit_resource_group_tags = bool + }) +} From 6ac9d2fe3a1d6ceb35c77f679bdbc54a783680a9 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:19:44 +0300 Subject: [PATCH 25/79] updated main.tf --- src/diagnostic.tf | 2 +- src/main.tf | 9 +-------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 35c9762b..38ec70a4 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,5 +1,5 @@ module "diagnostic_setting" { - source = "./modules/monitoring/diagnostic_setting" + source = "../../modules/monitoring/diagnostic_setting" settings = var.settings resources = var.resources diff --git a/src/main.tf b/src/main.tf index 25bf3d42..7af3bac9 100644 --- a/src/main.tf +++ b/src/main.tf @@ -10,11 +10,4 @@ module "resource_groups" { landingzone_key = var.landingzone.key } -} -module "diagnostic_setting" { - source = "./modules/diagnostic_setting" - settings = var.settings - resources = var.resources - client_config = var.client_config - global_settings = var.global_settings -} +} \ No newline at end of file From f7004f27924c4675e926ac0f3200604592514509 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:22:13 +0300 Subject: [PATCH 26/79] updated diagnostic.tf --- src/diagnostic.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 38ec70a4..93ccbe2b 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,5 +1,5 @@ module "diagnostic_setting" { - source = "../../modules/monitoring/diagnostic_setting" + source = "/modules/monitoring/diagnostic_setting" settings = var.settings resources = var.resources From 5fda5d3d37fa1ee7a7b40b8f2974b0f3cecd0bb3 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:26:14 +0300 Subject: [PATCH 27/79] updated variables.tf --- src/_variables.tf | 5 +++++ src/diagnostic.tf | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/_variables.tf b/src/_variables.tf index 015e3b35..84e6c187 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -55,3 +55,8 @@ variable "resources" { description = "CAF resources map passed from root or higher-level module" type = any } + +variable "diagnostic_setting" { + description = "Diagnostic settings for the monitored resource" + type = any +} diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 93ccbe2b..aecc8730 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,11 +1,12 @@ module "diagnostic_setting" { - source = "/modules/monitoring/diagnostic_setting" - settings = var.settings - resources = var.resources + source = "./modules/monitoring/diagnostic_setting" + + settings = var.diagnostic_setting + resources = var.resources client_config = { landingzone_key = var.landingzone.key } - global_settings = var.global_settings + global_settings = local.global_settings } From d629b7bda038be8c415cabb6f8dbc9ebb2700e39 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:30:28 +0300 Subject: [PATCH 28/79] edited variables --- src/_variables.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/_variables.tf b/src/_variables.tf index 84e6c187..4e16d963 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -60,3 +60,8 @@ variable "diagnostic_setting" { description = "Diagnostic settings for the monitored resource" type = any } +variable "settings" { + description = "Diagnostic settings for the monitored resource" + type = any +} + From a89114d18a70feca352b2b124a4ec9caacd07af3 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:34:14 +0300 Subject: [PATCH 29/79] updated main.tf --- src/modules/monitoring/diagnostic_setting/main.tf | 9 +++++---- src/modules/monitoring/diagnostic_setting/variables.tf | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 7a2393af..b238fcf5 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,8 +1,9 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - name = var.settings.name + name = var.diagnostic_setting.name target_resource_id = var.resources[ - try(var.settings.resource_lz_key, var.client_config.landingzone_key) - ][var.settings.resource_type][var.settings.resource_ref].id + try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) + ][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id + dynamic "log" { for_each = try(var.settings.logs, {}) @@ -43,4 +44,4 @@ resource "azurerm_monitor_diagnostic_setting" "main" { ].storage_accounts[var.settings.storage_account_ref].id } } -} \ No newline at end of file +} diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index 86d8053f..c96899cb 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -1,4 +1,4 @@ -variable "settings" { +variable "diagnostic_setting" { description = "Settings for diagnostic settings" type = object({ name = string From 57ee1196b08b3c553f73fc96e4abdb84e1f2cc34 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:37:20 +0300 Subject: [PATCH 30/79] updated var.resources --- src/_variables.resources.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 10a75249..fb3c58a4 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -86,4 +86,4 @@ variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } -variable "settings" { default = {} } \ No newline at end of file +variable "diagnostic_setting" { default = {} } \ No newline at end of file From 11080bd8e426c9df8d6710e874e7d222949d2edb Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:39:25 +0300 Subject: [PATCH 31/79] edited _variables --- src/_variables.tf | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/_variables.tf b/src/_variables.tf index 4e16d963..9ea79542 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -56,12 +56,5 @@ variable "resources" { type = any } -variable "diagnostic_setting" { - description = "Diagnostic settings for the monitored resource" - type = any -} -variable "settings" { - description = "Diagnostic settings for the monitored resource" - type = any -} + From 814ba8039dfd3bc3421c27805fd4d15a1d85be24 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:44:58 +0300 Subject: [PATCH 32/79] updated variables --- src/_variables.tf | 51 +++++++++++++++++++++++++++++++++++++++++++++++ src/diagnostic.tf | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/_variables.tf b/src/_variables.tf index 9ea79542..dddf64fd 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -55,6 +55,57 @@ variable "resources" { description = "CAF resources map passed from root or higher-level module" type = any } +variable "vm_password" { + description = "Password for the Linux VM. Must meet Azure's complexity requirements." + type = string + sensitive = true +} + +variable "location" { + description = "Azure region where resources will be created" + type = string + default = "West Europe" +} +variable "resource_group_name" { + description = "Name of the resource group" + type = string + default = "project-rg" +} + +variable "storage_account_name" { + description = "Globally unique name for the Azure Storage Account (3–24 lowercase letters/numbers)" + type = string + default = "projectstoragedemo" +} +variable "diagnostic_setting" { + description = "Diagnostic setting configuration passed to module" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) +} diff --git a/src/diagnostic.tf b/src/diagnostic.tf index aecc8730..c6c743f1 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,7 +1,7 @@ module "diagnostic_setting" { source = "./modules/monitoring/diagnostic_setting" - settings = var.diagnostic_setting + diagnostic_setting = var.diagnostic_setting resources = var.resources client_config = { From cfc6c43efe225a3d5a2ec7d3b49e7b6b43455955 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:47:00 +0300 Subject: [PATCH 33/79] updated variable --- src/_variables.resources.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index fb3c58a4..b18efdbb 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -86,4 +86,3 @@ variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } -variable "diagnostic_setting" { default = {} } \ No newline at end of file From fb9515f51e926348bcfaa620c47d1f9182917838 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:50:27 +0300 Subject: [PATCH 34/79] typos --- src/_variables.resources.tf | 29 +++++++++++++++++++++++++++++ src/_variables.tf | 30 ------------------------------ 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index b18efdbb..f564b19d 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -86,3 +86,32 @@ variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } +variable "diagnostic_setting" { + description = "Diagnostic setting configuration passed to module" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) +} \ No newline at end of file diff --git a/src/_variables.tf b/src/_variables.tf index dddf64fd..86274c07 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -79,33 +79,3 @@ variable "storage_account_name" { default = "projectstoragedemo" } -variable "diagnostic_setting" { - description = "Diagnostic setting configuration passed to module" - type = object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - }) -} - From e9b40fdcb7d30cc86b3ffb1b6fd101b10c665ad2 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:53:20 +0300 Subject: [PATCH 35/79] Updated variables --- src/_variables.resources.tf | 30 ------------------------------ src/_variables.tf | 29 +++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index f564b19d..bdf3d15f 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -85,33 +85,3 @@ variable "metric_categories" { default = {} } variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } - -variable "diagnostic_setting" { - description = "Diagnostic setting configuration passed to module" - type = object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - }) -} \ No newline at end of file diff --git a/src/_variables.tf b/src/_variables.tf index 86274c07..dcf9859b 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -79,3 +79,32 @@ variable "storage_account_name" { default = "projectstoragedemo" } +variable "diagnostic_setting" { + description = "Diagnostic setting configuration passed to module" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) +} \ No newline at end of file From b3292fc837591a6200a3a04d4518f99c8ce6710e Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 12:57:29 +0300 Subject: [PATCH 36/79] typos --- src/_variables.resources.tf | 30 ++++++++++++++++++++++++++++++ src/_variables.tf | 29 ----------------------------- 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index bdf3d15f..f564b19d 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -85,3 +85,33 @@ variable "metric_categories" { default = {} } variable "logs_destination_ids" { default = {} } variable "log_analytics_destination_type" { default = {} } + +variable "diagnostic_setting" { + description = "Diagnostic setting configuration passed to module" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) +} \ No newline at end of file diff --git a/src/_variables.tf b/src/_variables.tf index dcf9859b..86274c07 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -79,32 +79,3 @@ variable "storage_account_name" { default = "projectstoragedemo" } -variable "diagnostic_setting" { - description = "Diagnostic setting configuration passed to module" - type = object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - }) -} \ No newline at end of file From ea980290ab9b155d6605662b6adb998e2e15269c Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:05:33 +0300 Subject: [PATCH 37/79] changes on variables --- src/_variables.resources.tf | 32 +------------------------------- src/_variables.tf | 29 +++++++++++++++++++++++++++++ src/diagnostic.tf | 4 ++-- 3 files changed, 32 insertions(+), 33 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index f564b19d..966fefce 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -84,34 +84,4 @@ variable "metric_categories" { default = {} } variable "logs_destination_ids" { default = {} } -variable "log_analytics_destination_type" { default = {} } - -variable "diagnostic_setting" { - description = "Diagnostic setting configuration passed to module" - type = object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - }) -} \ No newline at end of file +variable "log_analytics_destination_type" { default = {} } \ No newline at end of file diff --git a/src/_variables.tf b/src/_variables.tf index 86274c07..34a3c1f5 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -79,3 +79,32 @@ variable "storage_account_name" { default = "projectstoragedemo" } +variable "diagnostic_setting" { + description = "Settings for the diagnostic_setting module" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) +} diff --git a/src/diagnostic.tf b/src/diagnostic.tf index c6c743f1..63658a18 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,8 +1,8 @@ module "diagnostic_setting" { source = "./modules/monitoring/diagnostic_setting" - diagnostic_setting = var.diagnostic_setting - resources = var.resources + settings = var.diagnostic_setting + resources = local.combined_resources client_config = { landingzone_key = var.landingzone.key From e2e32272fae12a0e2be61b689319ce1264a6847f Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:13:17 +0300 Subject: [PATCH 38/79] updated main.tf --- src/main.tf | 2 +- src/modules/monitoring/diagnostic_setting/main.tf | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main.tf b/src/main.tf index 7af3bac9..b5445eef 100644 --- a/src/main.tf +++ b/src/main.tf @@ -10,4 +10,4 @@ module "resource_groups" { landingzone_key = var.landingzone.key } -} \ No newline at end of file +} diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index b238fcf5..dee7bebc 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,9 +1,9 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - name = var.diagnostic_setting.name - target_resource_id = var.resources[ - try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) - ][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id + name = var.settings.name + target_resource_id = var.resources[ + try(var.settings.resource_lz_key, var.client_config.landingzone_key) + ][var.settings.resource_type][var.settings.resource_ref].id dynamic "log" { for_each = try(var.settings.logs, {}) From ef6d9cf2610eba17d6e98c54b00daf520df30881 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:26:31 +0300 Subject: [PATCH 39/79] major update of main and variables --- src/_variables.tf | 3 +- src/diagnostic.tf | 9 ++- src/main.tf | 12 ++++ .../monitoring/diagnostic_setting/main.tf | 9 +-- .../diagnostic_setting/variables.tf | 59 ++++++++++--------- 5 files changed, 53 insertions(+), 39 deletions(-) diff --git a/src/_variables.tf b/src/_variables.tf index 34a3c1f5..2458b9e5 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -80,7 +80,7 @@ variable "storage_account_name" { } variable "diagnostic_setting" { - description = "Settings for the diagnostic_setting module" + description = "Configuration for diagnostic settings" type = object({ name = string resource_type = string @@ -108,3 +108,4 @@ variable "diagnostic_setting" { }))) }) } + diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 63658a18..4431ad53 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,12 +1,11 @@ module "diagnostic_setting" { - source = "./modules/monitoring/diagnostic_setting" + source = "./modules/monitoring/diagnostic_setting" - settings = var.diagnostic_setting - resources = local.combined_resources + diagnostic_setting = var.diagnostic_setting + resources = var.resources + global_settings = local.global_settings client_config = { landingzone_key = var.landingzone.key } - - global_settings = local.global_settings } diff --git a/src/main.tf b/src/main.tf index b5445eef..e631905a 100644 --- a/src/main.tf +++ b/src/main.tf @@ -11,3 +11,15 @@ module "resource_groups" { } } +module "diagnostic_setting" { + source = "./modules/monitoring/diagnostic_setting" + + settings = var.diagnostic_setting + resources = var.resources + + client_config = { + landingzone_key = var.landingzone.key + } + + global_settings = local.global_settings +} diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index dee7bebc..c1590ac5 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,9 +1,10 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - name = var.settings.name +name = var.diagnostic_setting.name +target_resource_id = var.resources[ + try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) +][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id + - target_resource_id = var.resources[ - try(var.settings.resource_lz_key, var.client_config.landingzone_key) - ][var.settings.resource_type][var.settings.resource_ref].id dynamic "log" { for_each = try(var.settings.logs, {}) diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index c96899cb..d01ae0c8 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -1,32 +1,3 @@ -variable "diagnostic_setting" { - description = "Settings for diagnostic settings" - type = object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - }) -} variable "resources" { description = "CAF resources map from root module" type = any @@ -46,3 +17,33 @@ variable "global_settings" { inherit_resource_group_tags = bool }) } +variable "diagnostic_setting" { + description = "Diagnostic setting input" + type = object({ + name = string + resource_type = string + resource_ref = string + resource_lz_key = optional(string) + storage_account_ref = optional(string) + storage_account_lz_key = optional(string) + log_analytics_workspace_ref = optional(string) + log_analytics_lz_key = optional(string) + logs = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + metrics = optional(map(object({ + category = string + enabled = bool + retention_policy = optional(object({ + enabled = bool + days = number + })) + }))) + }) +} + From 288f0a87b045f5474aef85f30a89690285bbe64c Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:28:26 +0300 Subject: [PATCH 40/79] updated main --- src/main.tf | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/main.tf b/src/main.tf index e631905a..b5445eef 100644 --- a/src/main.tf +++ b/src/main.tf @@ -11,15 +11,3 @@ module "resource_groups" { } } -module "diagnostic_setting" { - source = "./modules/monitoring/diagnostic_setting" - - settings = var.diagnostic_setting - resources = var.resources - - client_config = { - landingzone_key = var.landingzone.key - } - - global_settings = local.global_settings -} From f7e38003c637a49bc708fdb2dfd4f155d92ad3e1 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:34:15 +0300 Subject: [PATCH 41/79] updated for each --- src/_variables.tf | 9 ++++----- src/diagnostic.tf | 5 +++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/_variables.tf b/src/_variables.tf index 2458b9e5..4c7ff79a 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -79,9 +79,9 @@ variable "storage_account_name" { default = "projectstoragedemo" } -variable "diagnostic_setting" { - description = "Configuration for diagnostic settings" - type = object({ +variable "diagnostic_settings" { + description = "Map of diagnostic settings" + type = map(object({ name = string resource_type = string resource_ref = string @@ -106,6 +106,5 @@ variable "diagnostic_setting" { days = number })) }))) - }) + })) } - diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 4431ad53..ac0d1a9d 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,7 +1,8 @@ module "diagnostic_setting" { - source = "./modules/monitoring/diagnostic_setting" + source = "./modules/monitoring/diagnostic_setting" + for_each = var.diagnostic_settings # This must be a map - diagnostic_setting = var.diagnostic_setting + diagnostic_setting = each.value resources = var.resources global_settings = local.global_settings From bebd3605043fc8bec800f135014284850ff2bcf2 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:35:01 +0300 Subject: [PATCH 42/79] updated main.tf --- .../monitoring/diagnostic_setting/main.tf | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index c1590ac5..1ac6275d 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,13 +1,12 @@ resource "azurerm_monitor_diagnostic_setting" "main" { -name = var.diagnostic_setting.name -target_resource_id = var.resources[ - try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) -][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id - + name = var.diagnostic_setting.name + target_resource_id = var.resources[ + try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) + ][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id dynamic "log" { - for_each = try(var.settings.logs, {}) + for_each = try(var.diagnostic_setting.logs, {}) content { category = log.value.category enabled = log.value.enabled @@ -20,7 +19,7 @@ target_resource_id = var.resources[ } dynamic "metric" { - for_each = try(var.settings.metrics, {}) + for_each = try(var.diagnostic_setting.metrics, {}) content { category = metric.value.category enabled = metric.value.enabled @@ -29,20 +28,20 @@ target_resource_id = var.resources[ } dynamic "log_analytics_workspace_id" { - for_each = try(var.settings.log_analytics_workspace_ref, null) != null ? [1] : [] + for_each = try(var.diagnostic_setting.log_analytics_workspace_ref, null) != null ? [1] : [] content { workspace_id = var.resources[ - try(var.settings.log_analytics_lz_key, var.client_config.landingzone_key) - ].log_analytics[var.settings.log_analytics_workspace_ref].id + try(var.diagnostic_setting.log_analytics_lz_key, var.client_config.landingzone_key) + ].log_analytics[var.diagnostic_setting.log_analytics_workspace_ref].id } } dynamic "storage_account_id" { - for_each = try(var.settings.storage_account_ref, null) != null ? [1] : [] + for_each = try(var.diagnostic_setting.storage_account_ref, null) != null ? [1] : [] content { storage_account_id = var.resources[ - try(var.settings.storage_account_lz_key, var.client_config.landingzone_key) - ].storage_accounts[var.settings.storage_account_ref].id + try(var.diagnostic_setting.storage_account_lz_key, var.client_config.landingzone_key) + ].storage_accounts[var.diagnostic_setting.storage_account_ref].id } } } From 281257b2556abc3c42af9022dc884e8c6f3c0936 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:40:52 +0300 Subject: [PATCH 43/79] update --- src/diagnostic.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index ac0d1a9d..ba15af7e 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,6 +1,7 @@ module "diagnostic_setting" { source = "./modules/monitoring/diagnostic_setting" - for_each = var.diagnostic_settings # This must be a map + for_each = var.diagnostic_settings + diagnostic_setting = each.value resources = var.resources From 6e0d5ae9dc0a0dcb1254750fc950b105dea10f9f Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:42:47 +0300 Subject: [PATCH 44/79] updated variables --- src/_variables.resources.tf | 3 ++- src/_variables.tf | 30 ------------------------------ 2 files changed, 2 insertions(+), 31 deletions(-) diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf index 966fefce..3aa2b5c6 100644 --- a/src/_variables.resources.tf +++ b/src/_variables.resources.tf @@ -84,4 +84,5 @@ variable "metric_categories" { default = {} } variable "logs_destination_ids" { default = {} } -variable "log_analytics_destination_type" { default = {} } \ No newline at end of file +variable "log_analytics_destination_type" { default = {} } +variable "diagnostic_settings" { default = {} } diff --git a/src/_variables.tf b/src/_variables.tf index 4c7ff79a..1793bfb1 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -78,33 +78,3 @@ variable "storage_account_name" { type = string default = "projectstoragedemo" } - -variable "diagnostic_settings" { - description = "Map of diagnostic settings" - type = map(object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - })) -} From 69f72e896a9792d16cfed25fb1c7262a1206890c Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 13:54:08 +0300 Subject: [PATCH 45/79] edited variables --- src/_variables.tf | 26 ------------------- src/diagnostic.tf | 18 ++++++++++--- .../monitoring/diagnostic_setting/main.tf | 4 --- 3 files changed, 15 insertions(+), 33 deletions(-) diff --git a/src/_variables.tf b/src/_variables.tf index 1793bfb1..dfcdb123 100644 --- a/src/_variables.tf +++ b/src/_variables.tf @@ -51,30 +51,4 @@ variable "landingzone" { }))) }) } -variable "resources" { - description = "CAF resources map passed from root or higher-level module" - type = any -} -variable "vm_password" { - description = "Password for the Linux VM. Must meet Azure's complexity requirements." - type = string - sensitive = true -} - -variable "location" { - description = "Azure region where resources will be created" - type = string - default = "West Europe" -} -variable "resource_group_name" { - description = "Name of the resource group" - type = string - default = "project-rg" -} - -variable "storage_account_name" { - description = "Globally unique name for the Azure Storage Account (3–24 lowercase letters/numbers)" - type = string - default = "projectstoragedemo" -} diff --git a/src/diagnostic.tf b/src/diagnostic.tf index ba15af7e..f29a30fe 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -1,11 +1,23 @@ module "diagnostic_setting" { source = "./modules/monitoring/diagnostic_setting" - for_each = var.diagnostic_settings + for_each = var.diagnostic_settings diagnostic_setting = each.value - resources = var.resources - global_settings = local.global_settings + resources = merge( + { + (var.landingzone.key) = { + resource_groups = module.resource_groups + storage_accounts = module.storage_accounts + log_analytics = module.log_analytics + + } + }, + { + for k, v in module.remote_states : k => v.outputs + } + ) + global_settings = local.global_settings client_config = { landingzone_key = var.landingzone.key diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 1ac6275d..7492feeb 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -11,10 +11,6 @@ resource "azurerm_monitor_diagnostic_setting" "main" { category = log.value.category enabled = log.value.enabled - retention_policy { - enabled = try(log.value.retention_policy.enabled, false) - days = try(log.value.retention_policy.days, 0) - } } } From c554c110ae4c72337169be40525d3a94260e9f35 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:08:24 +0300 Subject: [PATCH 46/79] updated locals --- src/diagnostic.tf | 3 +-- src/modules/monitoring/diagnostic_setting/_locals.tf | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index f29a30fe..cfc2891a 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -9,8 +9,7 @@ module "diagnostic_setting" { (var.landingzone.key) = { resource_groups = module.resource_groups storage_accounts = module.storage_accounts - log_analytics = module.log_analytics - + log_analytics = module.log_analytics } }, { diff --git a/src/modules/monitoring/diagnostic_setting/_locals.tf b/src/modules/monitoring/diagnostic_setting/_locals.tf index 7f2a6af1..5d86b2e8 100644 --- a/src/modules/monitoring/diagnostic_setting/_locals.tf +++ b/src/modules/monitoring/diagnostic_setting/_locals.tf @@ -1,4 +1,4 @@ locals { - use_storage = try(var.settings.storage_account_ref, null) != null - use_law = try(var.settings.log_analytics_workspace_ref, null) != null -} \ No newline at end of file + use_storage = try(var.diagnostic_setting.storage_account_ref, null) != null + use_law = try(var.diagnostic_setting.log_analytics_workspace_ref, null) != null +} From 44767b54a800aff4a95cac870fbcf9916d328141 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:10:48 +0300 Subject: [PATCH 47/79] updated diagnostic.tf --- src/diagnostic.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index cfc2891a..0dae17c5 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -9,7 +9,7 @@ module "diagnostic_setting" { (var.landingzone.key) = { resource_groups = module.resource_groups storage_accounts = module.storage_accounts - log_analytics = module.log_analytics + log_analytics = module.log_analytics_workspace_id } }, { From b937c5c74452359db8bdeb2f22a1878bb4688826 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:12:42 +0300 Subject: [PATCH 48/79] typo --- src/diagnostic.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 0dae17c5..3cb15826 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -8,8 +8,7 @@ module "diagnostic_setting" { { (var.landingzone.key) = { resource_groups = module.resource_groups - storage_accounts = module.storage_accounts - log_analytics = module.log_analytics_workspace_id + storage_accounts = module.storage_accounts } }, { From 7b91c7a6de4f72170056690004594c4eac5c5ad0 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:15:34 +0300 Subject: [PATCH 49/79] updated main.tf --- .../monitoring/diagnostic_setting/main.tf | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 7492feeb..05d05f88 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,6 +1,5 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - name = var.diagnostic_setting.name - + name = var.diagnostic_setting.name target_resource_id = var.resources[ try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) ][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id @@ -11,6 +10,10 @@ resource "azurerm_monitor_diagnostic_setting" "main" { category = log.value.category enabled = log.value.enabled + retention_policy { + enabled = try(log.value.retention_policy.enabled, false) + days = try(log.value.retention_policy.days, 0) + } } } @@ -23,21 +26,21 @@ resource "azurerm_monitor_diagnostic_setting" "main" { } } - dynamic "log_analytics_workspace_id" { - for_each = try(var.diagnostic_setting.log_analytics_workspace_ref, null) != null ? [1] : [] - content { - workspace_id = var.resources[ - try(var.diagnostic_setting.log_analytics_lz_key, var.client_config.landingzone_key) - ].log_analytics[var.diagnostic_setting.log_analytics_workspace_ref].id - } - } + # Only include if log_analytics_workspace_ref is not null + log_analytics_workspace_id = ( + try(var.diagnostic_setting.log_analytics_workspace_ref, null) != null ? + var.resources[ + try(var.diagnostic_setting.log_analytics_lz_key, var.client_config.landingzone_key) + ].log_analytics[var.diagnostic_setting.log_analytics_workspace_ref].id : + null + ) - dynamic "storage_account_id" { - for_each = try(var.diagnostic_setting.storage_account_ref, null) != null ? [1] : [] - content { - storage_account_id = var.resources[ - try(var.diagnostic_setting.storage_account_lz_key, var.client_config.landingzone_key) - ].storage_accounts[var.diagnostic_setting.storage_account_ref].id - } - } + # Only include if storage_account_ref is not null + storage_account_id = ( + try(var.diagnostic_setting.storage_account_ref, null) != null ? + var.resources[ + try(var.diagnostic_setting.storage_account_lz_key, var.client_config.landingzone_key) + ].storage_accounts[var.diagnostic_setting.storage_account_ref].id : + null + ) } From e96c455ff6d69ab9f445d29228cd8ae75411046f Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:19:59 +0300 Subject: [PATCH 50/79] updated main --- .../monitoring/diagnostic_setting/main.tf | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 05d05f88..15c881d2 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,11 +1,13 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - name = var.diagnostic_setting.name + for_each = var.diagnostic_setting + + name = each.value.name target_resource_id = var.resources[ - try(var.diagnostic_setting.resource_lz_key, var.client_config.landingzone_key) - ][var.diagnostic_setting.resource_type][var.diagnostic_setting.resource_ref].id + try(each.value.resource_lz_key, var.client_config.landingzone_key) + ][each.value.resource_type][each.value.resource_ref].id dynamic "log" { - for_each = try(var.diagnostic_setting.logs, {}) + for_each = try(each.value.logs, {}) content { category = log.value.category enabled = log.value.enabled @@ -18,29 +20,28 @@ resource "azurerm_monitor_diagnostic_setting" "main" { } dynamic "metric" { - for_each = try(var.diagnostic_setting.metrics, {}) + for_each = try(each.value.metrics, {}) content { category = metric.value.category enabled = metric.value.enabled + } } - # Only include if log_analytics_workspace_ref is not null log_analytics_workspace_id = ( - try(var.diagnostic_setting.log_analytics_workspace_ref, null) != null ? + try(each.value.log_analytics_workspace_ref, null) != null ? var.resources[ - try(var.diagnostic_setting.log_analytics_lz_key, var.client_config.landingzone_key) - ].log_analytics[var.diagnostic_setting.log_analytics_workspace_ref].id : + try(each.value.log_analytics_lz_key, var.client_config.landingzone_key) + ].log_analytics[each.value.log_analytics_workspace_ref].id : null ) - # Only include if storage_account_ref is not null storage_account_id = ( - try(var.diagnostic_setting.storage_account_ref, null) != null ? + try(each.value.storage_account_ref, null) != null ? var.resources[ - try(var.diagnostic_setting.storage_account_lz_key, var.client_config.landingzone_key) - ].storage_accounts[var.diagnostic_setting.storage_account_ref].id : + try(each.value.storage_account_lz_key, var.client_config.landingzone_key) + ].storage_accounts[each.value.storage_account_ref].id : null ) } From e89f71d6d20bca370c8dbbeb13ab2f599771c67c Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:24:20 +0300 Subject: [PATCH 51/79] updated main --- src/modules/monitoring/diagnostic_setting/main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 15c881d2..3db9591e 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -12,10 +12,6 @@ resource "azurerm_monitor_diagnostic_setting" "main" { category = log.value.category enabled = log.value.enabled - retention_policy { - enabled = try(log.value.retention_policy.enabled, false) - days = try(log.value.retention_policy.days, 0) - } } } @@ -25,7 +21,6 @@ resource "azurerm_monitor_diagnostic_setting" "main" { category = metric.value.category enabled = metric.value.enabled - } } From f7435ed2c48bcb708fd2fb86c1b986e28317f216 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:29:19 +0300 Subject: [PATCH 52/79] updated main --- src/modules/monitoring/diagnostic_setting/main.tf | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 3db9591e..e56ed7bc 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -7,7 +7,11 @@ resource "azurerm_monitor_diagnostic_setting" "main" { ][each.value.resource_type][each.value.resource_ref].id dynamic "log" { - for_each = try(each.value.logs, {}) + for_each = [for k, v in try(each.value.logs, {}) : { + category = v.category + enabled = v.enabled + + }] content { category = log.value.category enabled = log.value.enabled @@ -16,11 +20,13 @@ resource "azurerm_monitor_diagnostic_setting" "main" { } dynamic "metric" { - for_each = try(each.value.metrics, {}) + for_each = [for k, v in try(each.value.metrics, {}) : { + category = v.category + enabled = v.enabled + }] content { category = metric.value.category enabled = metric.value.enabled - } } From f5505c131bbd255ae81ea6aced19dbfe9f53c29b Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:35:53 +0300 Subject: [PATCH 53/79] main update --- src/modules/monitoring/diagnostic_setting/main.tf | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index e56ed7bc..3db9591e 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -7,11 +7,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { ][each.value.resource_type][each.value.resource_ref].id dynamic "log" { - for_each = [for k, v in try(each.value.logs, {}) : { - category = v.category - enabled = v.enabled - - }] + for_each = try(each.value.logs, {}) content { category = log.value.category enabled = log.value.enabled @@ -20,13 +16,11 @@ resource "azurerm_monitor_diagnostic_setting" "main" { } dynamic "metric" { - for_each = [for k, v in try(each.value.metrics, {}) : { - category = v.category - enabled = v.enabled - }] + for_each = try(each.value.metrics, {}) content { category = metric.value.category enabled = metric.value.enabled + } } From 2ca72da5a9686e15a23687b66486ee3846928c8b Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:39:42 +0300 Subject: [PATCH 54/79] udapted main --- src/modules/monitoring/diagnostic_setting/main.tf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 3db9591e..602bdb06 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -6,21 +6,23 @@ resource "azurerm_monitor_diagnostic_setting" "main" { try(each.value.resource_lz_key, var.client_config.landingzone_key) ][each.value.resource_type][each.value.resource_ref].id - dynamic "log" { + dynamic "enabled_log" { for_each = try(each.value.logs, {}) content { - category = log.value.category - enabled = log.value.enabled + category = enabled_log.value.category } } - dynamic "metric" { + dynamic "enabled_metric" { for_each = try(each.value.metrics, {}) content { - category = metric.value.category - enabled = metric.value.enabled + category = enabled_metric.value.category + retention_policy { + enabled = try(enabled_metric.value.retention_policy.enabled, false) + days = try(enabled_metric.value.retention_policy.days, 0) + } } } From 747f5b1ff748732d01bdf8a102fe0428b3e14066 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:41:10 +0300 Subject: [PATCH 55/79] removed retention policy --- src/modules/monitoring/diagnostic_setting/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 602bdb06..0957f007 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -19,10 +19,6 @@ resource "azurerm_monitor_diagnostic_setting" "main" { content { category = enabled_metric.value.category - retention_policy { - enabled = try(enabled_metric.value.retention_policy.enabled, false) - days = try(enabled_metric.value.retention_policy.days, 0) - } } } From a2afc02e097cac3d6c01fb01593b041cf52cbae6 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:43:01 +0300 Subject: [PATCH 56/79] updated outputs --- src/modules/monitoring/diagnostic_setting/outputs.tf | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/outputs.tf b/src/modules/monitoring/diagnostic_setting/outputs.tf index e13069b5..8dbc5b05 100644 --- a/src/modules/monitoring/diagnostic_setting/outputs.tf +++ b/src/modules/monitoring/diagnostic_setting/outputs.tf @@ -1,4 +1,7 @@ -output "diagnostic_setting_id" { - value = azurerm_monitor_diagnostic_setting.main.id - description = "The ID of the diagnostic setting." +output "diagnostic_setting_ids" { + description = "Map of all diagnostic setting resource IDs" + value = { + for key, setting in azurerm_monitor_diagnostic_setting.main : + key => setting.id + } } From c1297b5784f56d6362bfb1153bcc86ce46b645b4 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:46:50 +0300 Subject: [PATCH 57/79] updated main --- src/modules/monitoring/diagnostic_setting/main.tf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 0957f007..3db9591e 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -6,18 +6,20 @@ resource "azurerm_monitor_diagnostic_setting" "main" { try(each.value.resource_lz_key, var.client_config.landingzone_key) ][each.value.resource_type][each.value.resource_ref].id - dynamic "enabled_log" { + dynamic "log" { for_each = try(each.value.logs, {}) content { - category = enabled_log.value.category + category = log.value.category + enabled = log.value.enabled } } - dynamic "enabled_metric" { + dynamic "metric" { for_each = try(each.value.metrics, {}) content { - category = enabled_metric.value.category + category = metric.value.category + enabled = metric.value.enabled } } From cc7eb54a0efdf90c56f74d2ddb8a3a22e05dbca6 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 14:59:44 +0300 Subject: [PATCH 58/79] updated variables --- src/modules/monitoring/diagnostic_setting/main.tf | 2 +- src/modules/monitoring/diagnostic_setting/variables.tf | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 3db9591e..1ca6a843 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,5 +1,5 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - for_each = var.diagnostic_setting + for_each = var.diagnostic_settings name = each.value.name target_resource_id = var.resources[ diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index d01ae0c8..f6e170ef 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -17,9 +17,8 @@ variable "global_settings" { inherit_resource_group_tags = bool }) } -variable "diagnostic_setting" { - description = "Diagnostic setting input" - type = object({ +variable "diagnostic_settings" { + type = map(object({ name = string resource_type = string resource_ref = string @@ -44,6 +43,7 @@ variable "diagnostic_setting" { days = number })) }))) - }) + })) } + From b9794f23db749cf6bd5b6843a4e69cf118ec0b22 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 15:02:34 +0300 Subject: [PATCH 59/79] typo --- src/diagnostic.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 3cb15826..ca239cbd 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -3,7 +3,7 @@ module "diagnostic_setting" { for_each = var.diagnostic_settings - diagnostic_setting = each.value + diagnostic_settings = each.value resources = merge( { (var.landingzone.key) = { From 124c0ef90a0a01a91ecb3597dbfd802434f1eb08 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 15:05:11 +0300 Subject: [PATCH 60/79] updated locals --- src/modules/monitoring/diagnostic_setting/_locals.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/_locals.tf b/src/modules/monitoring/diagnostic_setting/_locals.tf index 5d86b2e8..3a0842f6 100644 --- a/src/modules/monitoring/diagnostic_setting/_locals.tf +++ b/src/modules/monitoring/diagnostic_setting/_locals.tf @@ -1,4 +1,4 @@ locals { - use_storage = try(var.diagnostic_setting.storage_account_ref, null) != null - use_law = try(var.diagnostic_setting.log_analytics_workspace_ref, null) != null + use_storage = try(var.diagnostic_settings.storage_account_ref, null) != null + use_law = try(var.diagnostic_settings.log_analytics_workspace_ref, null) != null } From ff2217283c3640867ecc3d007f4fac47effb8caa Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 15:13:05 +0300 Subject: [PATCH 61/79] update on main --- src/diagnostic.tf | 2 +- .../monitoring/diagnostic_setting/main.tf | 34 +++++++++---------- .../diagnostic_setting/variables.tf | 30 ++-------------- 3 files changed, 19 insertions(+), 47 deletions(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index ca239cbd..2cba6ebb 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -3,7 +3,7 @@ module "diagnostic_setting" { for_each = var.diagnostic_settings - diagnostic_settings = each.value + settings = each.value resources = merge( { (var.landingzone.key) = { diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 1ca6a843..e16a01ed 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -1,42 +1,40 @@ resource "azurerm_monitor_diagnostic_setting" "main" { - for_each = var.diagnostic_settings - name = each.value.name + + name = var.settings.name target_resource_id = var.resources[ - try(each.value.resource_lz_key, var.client_config.landingzone_key) - ][each.value.resource_type][each.value.resource_ref].id + try(var.settings.resource_lz_key, var.client_config.landingzone_key) + ][var.settings.resource_type][var.set.resource_ref].id - dynamic "log" { - for_each = try(each.value.logs, {}) + dynamic "enabled_log" { + for_each = try(var.settings.enabled_log, {}) content { - category = log.value.category - enabled = log.value.enabled + category = each.value.category } } - dynamic "metric" { - for_each = try(each.value.metrics, {}) + dynamic "enabled_metric" { + for_each = try(var.settings.enabled_metric, {}) content { - category = metric.value.category - enabled = metric.value.enabled + category = each.value.category } } log_analytics_workspace_id = ( - try(each.value.log_analytics_workspace_ref, null) != null ? + try(var.settings.log_analytics_workspace_ref, null) != null ? var.resources[ - try(each.value.log_analytics_lz_key, var.client_config.landingzone_key) - ].log_analytics[each.value.log_analytics_workspace_ref].id : + try(var.settings.log_analytics_lz_key, var.client_config.landingzone_key) + ].log_analytics[var.settings.log_analytics_workspace_ref].id : null ) storage_account_id = ( - try(each.value.storage_account_ref, null) != null ? + try(var.settings.storage_account_ref, null) != null ? var.resources[ - try(each.value.storage_account_lz_key, var.client_config.landingzone_key) - ].storage_accounts[each.value.storage_account_ref].id : + try(var.settings.storage_account_lz_key, var.client_config.landingzone_key) + ].storage_accounts[var.settings.storage_account_ref].id : null ) } diff --git a/src/modules/monitoring/diagnostic_setting/variables.tf b/src/modules/monitoring/diagnostic_setting/variables.tf index f6e170ef..080eca09 100644 --- a/src/modules/monitoring/diagnostic_setting/variables.tf +++ b/src/modules/monitoring/diagnostic_setting/variables.tf @@ -17,33 +17,7 @@ variable "global_settings" { inherit_resource_group_tags = bool }) } -variable "diagnostic_settings" { - type = map(object({ - name = string - resource_type = string - resource_ref = string - resource_lz_key = optional(string) - storage_account_ref = optional(string) - storage_account_lz_key = optional(string) - log_analytics_workspace_ref = optional(string) - log_analytics_lz_key = optional(string) - logs = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - metrics = optional(map(object({ - category = string - enabled = bool - retention_policy = optional(object({ - enabled = bool - days = number - })) - }))) - })) +variable "settings" { + default = {} } - From 7079525eacd2a6d8c649f53e03eafe611e2cac30 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 15:15:38 +0300 Subject: [PATCH 62/79] updated vars --- src/modules/monitoring/diagnostic_setting/_locals.tf | 4 ++-- src/modules/monitoring/diagnostic_setting/main.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/_locals.tf b/src/modules/monitoring/diagnostic_setting/_locals.tf index 3a0842f6..eac36619 100644 --- a/src/modules/monitoring/diagnostic_setting/_locals.tf +++ b/src/modules/monitoring/diagnostic_setting/_locals.tf @@ -1,4 +1,4 @@ locals { - use_storage = try(var.diagnostic_settings.storage_account_ref, null) != null - use_law = try(var.diagnostic_settings.log_analytics_workspace_ref, null) != null + use_storage = try(var.settings, null) != null + use_law = try(var.settings, null) != null } diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index e16a01ed..b069a08d 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -4,7 +4,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { name = var.settings.name target_resource_id = var.resources[ try(var.settings.resource_lz_key, var.client_config.landingzone_key) - ][var.settings.resource_type][var.set.resource_ref].id + ][var.settings.resource_type][var.settings.resource_ref].id dynamic "enabled_log" { for_each = try(var.settings.enabled_log, {}) From 51b82d6c283aa31fa830ac26a08ba67f1aed8ba8 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 15:24:02 +0300 Subject: [PATCH 63/79] push diagnostic.tf --- src/diagnostic.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index 2cba6ebb..f1cf2fb9 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -7,8 +7,9 @@ module "diagnostic_setting" { resources = merge( { (var.landingzone.key) = { - resource_groups = module.resource_groups + resource_groups = module.resource_groups storage_accounts = module.storage_accounts + keyvaults = module.keyvaults } }, { From 652c772ca63616f62e4c958709fe096035313122 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 15:27:06 +0300 Subject: [PATCH 64/79] small typo --- src/modules/monitoring/diagnostic_setting/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index b069a08d..f96bf778 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -9,7 +9,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { dynamic "enabled_log" { for_each = try(var.settings.enabled_log, {}) content { - category = each.value.category + category = enabled_log.value.category } } From 5837d49d3f19165f03b4d3f2f594c87a3b7461be Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 16:00:58 +0300 Subject: [PATCH 65/79] minor output update --- src/modules/monitoring/diagnostic_setting/outputs.tf | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/outputs.tf b/src/modules/monitoring/diagnostic_setting/outputs.tf index 8dbc5b05..73e8fff0 100644 --- a/src/modules/monitoring/diagnostic_setting/outputs.tf +++ b/src/modules/monitoring/diagnostic_setting/outputs.tf @@ -1,7 +1,3 @@ -output "diagnostic_setting_ids" { - description = "Map of all diagnostic setting resource IDs" - value = { - for key, setting in azurerm_monitor_diagnostic_setting.main : - key => setting.id - } -} +output "id" { + value = azurerm_monitor_diagnostic_setting.main.id +} \ No newline at end of file From ae0dfa1f37dad6d8dceab621d2b8c34f22f6e1fc Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 17:08:08 +0300 Subject: [PATCH 66/79] updated main.tf --- src/diagnostic.tf | 2 ++ src/modules/monitoring/diagnostic_setting/main.tf | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/diagnostic.tf b/src/diagnostic.tf index f1cf2fb9..890b094f 100644 --- a/src/diagnostic.tf +++ b/src/diagnostic.tf @@ -10,6 +10,8 @@ module "diagnostic_setting" { resource_groups = module.resource_groups storage_accounts = module.storage_accounts keyvaults = module.keyvaults + log_analytics_workspaces = module.log_analytics_workspaces + } }, { diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index f96bf778..44734862 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -26,7 +26,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { try(var.settings.log_analytics_workspace_ref, null) != null ? var.resources[ try(var.settings.log_analytics_lz_key, var.client_config.landingzone_key) - ].log_analytics[var.settings.log_analytics_workspace_ref].id : + ].log_analytics_workspaces[var.settings.log_analytics_workspace_ref].id : null ) From e23e45e9e93cf661dbceee670890827702fdc150 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 17:11:11 +0300 Subject: [PATCH 67/79] small typo --- src/modules/monitoring/diagnostic_setting/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 44734862..1277d0a9 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -9,7 +9,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { dynamic "enabled_log" { for_each = try(var.settings.enabled_log, {}) content { - category = enabled_log.value.category + category = each.value.category } } From 135bf0b4104edfb251278511d34f1f34576e3147 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Fri, 20 Jun 2025 17:13:06 +0300 Subject: [PATCH 68/79] added value --- src/modules/monitoring/diagnostic_setting/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index 1277d0a9..fe2d3dd6 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -9,7 +9,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { dynamic "enabled_log" { for_each = try(var.settings.enabled_log, {}) content { - category = each.value.category + category = enabled_log.value.category } } @@ -17,7 +17,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { dynamic "enabled_metric" { for_each = try(var.settings.enabled_metric, {}) content { - category = each.value.category + category = enabled_metric.value.category } } From 9d649fd47ac1019d446b66567d6bb0e1594bfb38 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Mon, 23 Jun 2025 09:53:34 +0300 Subject: [PATCH 69/79] added network_rule_set to container registry module --- .../container_registry/container_registry.tf | 26 ++++++++++++++++--- .../monitoring/diagnostic_setting/main.tf | 4 +-- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/modules/container_registry/container_registry.tf b/src/modules/container_registry/container_registry.tf index 5fdc4d13..44fe908f 100644 --- a/src/modules/container_registry/container_registry.tf +++ b/src/modules/container_registry/container_registry.tf @@ -9,24 +9,26 @@ resource "azurerm_container_registry" "main" { admin_enabled = try(var.settings.admin_enabled, false) dynamic "georeplications" { - for_each = can(var.settings.georeplications) ? [1] : [] + for_each = try(length(var.settings.georeplications) > 0 ? [1] : [], []) content { - location = try(georeplications.value.location, null) + location = try(georeplications.value.location, null) zone_redundancy_enabled = try(georeplications.value.zone_redundancy_enabled, false) tags = try(georeplications.value.tags, null) } } + dynamic "identity" { - for_each = can(var.settings.identity) ? [1] : [] + for_each = try(length(var.settings.identity) > 0 ? [1] : [], []) content { type = var.settings.identity.type identity_ids = try(local.identity_ids, null) } } + dynamic "encryption" { - for_each = can(var.settings.encryption) ? [1] : [] + for_each = try(length(var.settings.encryption) > 0 ? [1] : [], []) content { key_vault_key_id = try( @@ -43,6 +45,22 @@ resource "azurerm_container_registry" "main" { null ) } + } + + dynamic "network_rule_set" { + for_each = try(length(var.settings.network_rule_set) > 0 ? [1] : [], []) + content { + default_action = try(var.settings.network_rule_set[0].default_action, "Allow") + + dynamic "ip_rule" { + for_each = try(var.settings.network_rule_set[0].ip_rule, []) + + content { + action = try(ip_rule.value.action, "Allow") + ip_range = ip_rule.value.ip_range + } + } + } } } diff --git a/src/modules/monitoring/diagnostic_setting/main.tf b/src/modules/monitoring/diagnostic_setting/main.tf index fe2d3dd6..1277d0a9 100644 --- a/src/modules/monitoring/diagnostic_setting/main.tf +++ b/src/modules/monitoring/diagnostic_setting/main.tf @@ -9,7 +9,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { dynamic "enabled_log" { for_each = try(var.settings.enabled_log, {}) content { - category = enabled_log.value.category + category = each.value.category } } @@ -17,7 +17,7 @@ resource "azurerm_monitor_diagnostic_setting" "main" { dynamic "enabled_metric" { for_each = try(var.settings.enabled_metric, {}) content { - category = enabled_metric.value.category + category = each.value.category } } From 1cd74b54cbdf593d883f74af8f3b9c1bb14608ec Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Mon, 23 Jun 2025 10:11:00 +0300 Subject: [PATCH 70/79] added keyvault_client_password and secret --- src/modules/azuread_service_principal/_locals.tf | 11 +++++++++++ .../azuread_service_principal_password.tf | 11 ++++------- .../keyvault_client_secret.tf | 9 +++++++++ 3 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 src/modules/azuread_service_principal/keyvault_client_secret.tf diff --git a/src/modules/azuread_service_principal/_locals.tf b/src/modules/azuread_service_principal/_locals.tf index 697ce08a..cc0c1123 100644 --- a/src/modules/azuread_service_principal/_locals.tf +++ b/src/modules/azuread_service_principal/_locals.tf @@ -10,4 +10,15 @@ locals { var.global_settings.tags, try(var.settings.tags, {}) ) + + + key_vault_id = var.resources[ + try(var.settings.keyvault_lz_key, var.client_config.landingzone_key) + ].key_vaults[var.settings.keyvault_ref].id + + keyvault_secret_name = try(var.settings.keyvault_secret_name, "client-secret") + + + + } diff --git a/src/modules/azuread_service_principal/azuread_service_principal_password.tf b/src/modules/azuread_service_principal/azuread_service_principal_password.tf index 959c1cff..dd965053 100644 --- a/src/modules/azuread_service_principal/azuread_service_principal_password.tf +++ b/src/modules/azuread_service_principal/azuread_service_principal_password.tf @@ -1,10 +1,7 @@ -# resource "time_rotating" "main" { -# rotation_days = 7 -# } - resource "azuread_service_principal_password" "main" { service_principal_id = azuread_service_principal.main.id - # rotate_when_changed = { - # rotation = time_rotating.main.id - # } + + display_name = var.settings.password_display_name + start_date = try(var.settings.password_start_date, null) + end_date = try(var.settings.password_end_date, null) } diff --git a/src/modules/azuread_service_principal/keyvault_client_secret.tf b/src/modules/azuread_service_principal/keyvault_client_secret.tf new file mode 100644 index 00000000..20da4272 --- /dev/null +++ b/src/modules/azuread_service_principal/keyvault_client_secret.tf @@ -0,0 +1,9 @@ +resource "azurerm_key_vault_secret" "client_secret" { + count = try(var.settings.use_keyvault, false) ? 1 : 0 + + name = local.keyvault_secret_name + value = azuread_service_principal_password.main.value + key_vault_id = local.key_vault_id + + tags = try(local.tags, null) +} From 0f16a75bab0291a534c9942378c1328b733d08c7 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Mon, 23 Jun 2025 10:45:00 +0300 Subject: [PATCH 71/79] added data.tf and locals.tf --- .../role_assignments/built_in_role/data.tf | 9 ++++++ .../role_assignments/built_in_role/locals.tf | 22 ++++++++++++++ .../role_assignments/built_in_role/main.tf | 30 ++++--------------- .../role_assignments/custom_role/main.tf | 3 +- 4 files changed, 38 insertions(+), 26 deletions(-) create mode 100644 src/modules/role_assignments/built_in_role/data.tf create mode 100644 src/modules/role_assignments/built_in_role/locals.tf diff --git a/src/modules/role_assignments/built_in_role/data.tf b/src/modules/role_assignments/built_in_role/data.tf new file mode 100644 index 00000000..488c9d9b --- /dev/null +++ b/src/modules/role_assignments/built_in_role/data.tf @@ -0,0 +1,9 @@ +data "azuread_group" "by_name" { + for_each = { + for k, v in local.computed_role_assignments : + k => v + if v.principal_type == "group_names" + } + + display_name = each.value.principal +} diff --git a/src/modules/role_assignments/built_in_role/locals.tf b/src/modules/role_assignments/built_in_role/locals.tf new file mode 100644 index 00000000..23b452f4 --- /dev/null +++ b/src/modules/role_assignments/built_in_role/locals.tf @@ -0,0 +1,22 @@ +locals { + computed_role_assignments = tomap({ + for item in flatten([ + for role_definition_name, resources in var.settings : [ + for resource_key, resource_details in resources : [ + for principal_type, principals in try(resource_details, {}) : [ + for principal in ( + can(principals) && length(principals) > 0 ? principals : [] + ) : { + role_definition_name = role_definition_name + resource_key = resource_key + resource_type = var.resource_type + principal_type = principal_type + principal = principal + } + ] + ] + ] + ]) : + "${item.role_definition_name}-${item.resource_key}-${item.principal_type}-${item.principal}" => item + }) +} diff --git a/src/modules/role_assignments/built_in_role/main.tf b/src/modules/role_assignments/built_in_role/main.tf index e30c9685..9b259c4b 100644 --- a/src/modules/role_assignments/built_in_role/main.tf +++ b/src/modules/role_assignments/built_in_role/main.tf @@ -1,26 +1,5 @@ resource "azurerm_role_assignment" "main" { - for_each = tomap({ - for item in flatten([ - for role_definition_name, resources in var.settings : [ - for resource_key, resource_details in resources : [ - for principal_type, principals in try(resource_details, {}) : [ - for principal in( - # Handle cases where the principal is a list (like object_ids) or a single value - can(principals) && length(principals) > 0 ? principals : [] - ) : { - role_definition_name = role_definition_name - resource_key = resource_key - resource_type = var.resource_type - principal_type = principal_type - principal = principal - } - ] - ] - ] - ]) : - # Ensure unique keys for each role assignment - "${item.role_definition_name}-${item.resource_key}-${item.principal_type}-${item.principal}" => item - }) + for_each = local.computed_role_assignments scope = try( var.resources[each.value.resource_type][each.value.resource_key].id, @@ -28,10 +7,11 @@ resource "azurerm_role_assignment" "main" { ) principal_id = try( - # If principal is directly an ID (like object_ids), use it. Otherwise, resolve via var.resources. each.value.principal_type == "object_ids" - ? each.value.principal - : var.resources[each.value.principal_type][each.value.principal].principal_id, + ? each.value.principal : + each.value.principal_type == "group_names" + ? data.azuread_group.by_name[each.key].id : + var.resources[each.value.principal_type][each.value.principal].principal_id, null ) diff --git a/src/modules/role_assignments/custom_role/main.tf b/src/modules/role_assignments/custom_role/main.tf index 5bd99073..e59710f2 100644 --- a/src/modules/role_assignments/custom_role/main.tf +++ b/src/modules/role_assignments/custom_role/main.tf @@ -27,6 +27,7 @@ resource "azurerm_role_assignment" "main" { null ) + principal_id = try( # If principal is directly an ID (like object_ids), use it. Otherwise, resolve via var.resources. each.value.principal_type == "object_ids" @@ -36,4 +37,4 @@ resource "azurerm_role_assignment" "main" { ) role_definition_id = try(var.resources.role_definitions[each.value.role_definition_name].role_definition_resource_id, null) -} +} \ No newline at end of file From bbbc15cff47dc02e915286f599d8871c01b02263 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Mon, 23 Jun 2025 11:00:47 +0300 Subject: [PATCH 72/79] updated object_id --- src/modules/role_assignments/built_in_role/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/role_assignments/built_in_role/main.tf b/src/modules/role_assignments/built_in_role/main.tf index 9b259c4b..13493726 100644 --- a/src/modules/role_assignments/built_in_role/main.tf +++ b/src/modules/role_assignments/built_in_role/main.tf @@ -10,7 +10,7 @@ resource "azurerm_role_assignment" "main" { each.value.principal_type == "object_ids" ? each.value.principal : each.value.principal_type == "group_names" - ? data.azuread_group.by_name[each.key].id : + ? data.azuread_group.by_name[each.key].object_id : var.resources[each.value.principal_type][each.value.principal].principal_id, null ) From 58438e31bdb78b4776428f58f70a0dc8dafd0c20 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 23 Jun 2025 13:49:38 +0300 Subject: [PATCH 73/79] fix --- src/modules/role_assignments/built_in_role/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/role_assignments/built_in_role/main.tf b/src/modules/role_assignments/built_in_role/main.tf index 13493726..3d7e7d44 100644 --- a/src/modules/role_assignments/built_in_role/main.tf +++ b/src/modules/role_assignments/built_in_role/main.tf @@ -10,7 +10,7 @@ resource "azurerm_role_assignment" "main" { each.value.principal_type == "object_ids" ? each.value.principal : each.value.principal_type == "group_names" - ? data.azuread_group.by_name[each.key].object_id : + ? data.azuread_group.by_name[each.value.principal].object_id : var.resources[each.value.principal_type][each.value.principal].principal_id, null ) From 19a45687b485b772783a0e8ed43b8a44746c9562 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 23 Jun 2025 13:54:20 +0300 Subject: [PATCH 74/79] fix --- src/modules/role_assignments/subscription/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/modules/role_assignments/subscription/main.tf b/src/modules/role_assignments/subscription/main.tf index e7714b3a..94af6b6f 100644 --- a/src/modules/role_assignments/subscription/main.tf +++ b/src/modules/role_assignments/subscription/main.tf @@ -36,3 +36,9 @@ resource "azurerm_role_assignment" "assignments" { role_definition_name = each.value.role scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}" } + + +data "azuread_group" "test" { + display_name = "Dev_Owners" + security_enabled = true +} \ No newline at end of file From 47b85ca2dc33f12d947a8e85610d0e0a8a1349f7 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 23 Jun 2025 15:43:54 +0300 Subject: [PATCH 75/79] fix --- src/modules/role_assignments/subscription/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/modules/role_assignments/subscription/main.tf b/src/modules/role_assignments/subscription/main.tf index 94af6b6f..ff592f5e 100644 --- a/src/modules/role_assignments/subscription/main.tf +++ b/src/modules/role_assignments/subscription/main.tf @@ -41,4 +41,11 @@ resource "azurerm_role_assignment" "assignments" { data "azuread_group" "test" { display_name = "Dev_Owners" security_enabled = true +} + +resource "azurerm_role_assignment" "grouptest" { + + principal_id = data.azuread_group.test.object_id + role_definition_name = "Contributor" + scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}" } \ No newline at end of file From 8283b4fec5701568129b3706fdbbd2e123ceff63 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 23 Jun 2025 15:51:26 +0300 Subject: [PATCH 76/79] revert --- src/modules/role_assignments/subscription/main.tf | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/modules/role_assignments/subscription/main.tf b/src/modules/role_assignments/subscription/main.tf index ff592f5e..0d9d543f 100644 --- a/src/modules/role_assignments/subscription/main.tf +++ b/src/modules/role_assignments/subscription/main.tf @@ -35,17 +35,4 @@ resource "azurerm_role_assignment" "assignments" { principal_id = data.azuread_user.users[each.value.user].object_id role_definition_name = each.value.role scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}" -} - - -data "azuread_group" "test" { - display_name = "Dev_Owners" - security_enabled = true -} - -resource "azurerm_role_assignment" "grouptest" { - - principal_id = data.azuread_group.test.object_id - role_definition_name = "Contributor" - scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}" } \ No newline at end of file From aa639611f8d516d7b854d21a9eb74d9d26444f85 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 23 Jun 2025 15:57:51 +0300 Subject: [PATCH 77/79] fix --- src/modules/role_assignments/built_in_role/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/role_assignments/built_in_role/main.tf b/src/modules/role_assignments/built_in_role/main.tf index 3d7e7d44..4670fef2 100644 --- a/src/modules/role_assignments/built_in_role/main.tf +++ b/src/modules/role_assignments/built_in_role/main.tf @@ -10,7 +10,7 @@ resource "azurerm_role_assignment" "main" { each.value.principal_type == "object_ids" ? each.value.principal : each.value.principal_type == "group_names" - ? data.azuread_group.by_name[each.value.principal].object_id : + ? data.azuread_group.by_name.object_id : var.resources[each.value.principal_type][each.value.principal].principal_id, null ) From d87b6b34e973f1dacb0bfe04f20e2096d4f5f667 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 23 Jun 2025 16:04:01 +0300 Subject: [PATCH 78/79] fix --- .../role_assignments/built_in_role/data.tf | 16 +++++++++------- .../role_assignments/built_in_role/main.tf | 2 +- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/modules/role_assignments/built_in_role/data.tf b/src/modules/role_assignments/built_in_role/data.tf index 488c9d9b..c2e4bd1c 100644 --- a/src/modules/role_assignments/built_in_role/data.tf +++ b/src/modules/role_assignments/built_in_role/data.tf @@ -1,9 +1,11 @@ data "azuread_group" "by_name" { - for_each = { - for k, v in local.computed_role_assignments : - k => v - if v.principal_type == "group_names" - } - - display_name = each.value.principal + for_each = local.group_names + display_name = each.key } + +locals { + group_names = toset([ + for ra in local.computed_role_assignments : ra.principal + if ra.principal_type == "group_names" + ]) +} \ No newline at end of file diff --git a/src/modules/role_assignments/built_in_role/main.tf b/src/modules/role_assignments/built_in_role/main.tf index 4670fef2..3d7e7d44 100644 --- a/src/modules/role_assignments/built_in_role/main.tf +++ b/src/modules/role_assignments/built_in_role/main.tf @@ -10,7 +10,7 @@ resource "azurerm_role_assignment" "main" { each.value.principal_type == "object_ids" ? each.value.principal : each.value.principal_type == "group_names" - ? data.azuread_group.by_name.object_id : + ? data.azuread_group.by_name[each.value.principal].object_id : var.resources[each.value.principal_type][each.value.principal].principal_id, null ) From d89a0c15c521c95b068fd4a1231f64377454d200 Mon Sep 17 00:00:00 2001 From: Kiril Kirilov Date: Mon, 23 Jun 2025 16:13:54 +0300 Subject: [PATCH 79/79] added by user --- src/modules/role_assignments/built_in_role/data.tf | 14 ++++++++++++-- src/modules/role_assignments/built_in_role/main.tf | 14 +++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/modules/role_assignments/built_in_role/data.tf b/src/modules/role_assignments/built_in_role/data.tf index c2e4bd1c..76a4f0fe 100644 --- a/src/modules/role_assignments/built_in_role/data.tf +++ b/src/modules/role_assignments/built_in_role/data.tf @@ -1,11 +1,21 @@ data "azuread_group" "by_name" { - for_each = local.group_names + for_each = local.group_names display_name = each.key } +data "azuread_user" "by_name" { + for_each = local.user_names + user_principal_name = each.key +} + locals { group_names = toset([ for ra in local.computed_role_assignments : ra.principal if ra.principal_type == "group_names" ]) -} \ No newline at end of file + + user_names = toset([ + for ra in local.computed_role_assignments : ra.principal + if ra.principal_type == "user_names" + ]) +} diff --git a/src/modules/role_assignments/built_in_role/main.tf b/src/modules/role_assignments/built_in_role/main.tf index 3d7e7d44..3bb3493f 100644 --- a/src/modules/role_assignments/built_in_role/main.tf +++ b/src/modules/role_assignments/built_in_role/main.tf @@ -7,13 +7,13 @@ resource "azurerm_role_assignment" "main" { ) principal_id = try( - each.value.principal_type == "object_ids" - ? each.value.principal : - each.value.principal_type == "group_names" - ? data.azuread_group.by_name[each.value.principal].object_id : - var.resources[each.value.principal_type][each.value.principal].principal_id, - null - ) + each.value.principal_type == "object_ids" ? each.value.principal : + each.value.principal_type == "group_names" ? data.azuread_group.by_name[each.value.principal].object_id : + each.value.principal_type == "user_names" ? data.azuread_user.by_name[each.value.principal].object_id : + var.resources[each.value.principal_type][each.value.principal].principal_id, + null +) + role_definition_name = each.value.role_definition_name }