diff --git a/src/_provider.tf b/src/_provider.tf index 440df980..c055825a 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -4,6 +4,10 @@ terraform { source = "hashicorp/azurerm" version = "4.33.0" } + azapi = { + source = "Azure/azapi" + version = "2.5.0" // version + } } } @@ -15,3 +19,7 @@ provider "azurerm" { tenant_id = var.tenant_id subscription_id = var.subscription_id } + +provider "azapi" { + # Configuration options +} diff --git a/src/modules/_networking/public_ip/main.tf b/src/modules/_networking/public_ip/main.tf index 43fe1e55..48a06bd0 100644 --- a/src/modules/_networking/public_ip/main.tf +++ b/src/modules/_networking/public_ip/main.tf @@ -5,4 +5,7 @@ resource "azurerm_public_ip" "main" { allocation_method = try(var.settings.allocation_method, "Static") tags = local.tags zones = try(var.settings.zones, null) + sku = try(var.settings.sku, null) + sku_tier = try(var.settings.sku_tier, null) + domain_name_label = try(var.settings.domain_name_label, null) } diff --git a/src/modules/_networking/vnet_peering/_locals.tf b/src/modules/_networking/vnet_peering/_locals.tf index 161842cf..048bb3e4 100644 --- a/src/modules/_networking/vnet_peering/_locals.tf +++ b/src/modules/_networking/vnet_peering/_locals.tf @@ -17,6 +17,7 @@ locals { direction = try(var.settings.direction, "<->") target = local.direction == "target" source = local.direction == "source" + custom = local.direction == "custom" # These use regex to simulate startswith/endswith peer_left_to_right = can(regex("->$", local.direction)) diff --git a/src/modules/_networking/vnet_peering/_variables.tf b/src/modules/_networking/vnet_peering/_variables.tf index a4d1170f..5856fe33 100644 --- a/src/modules/_networking/vnet_peering/_variables.tf +++ b/src/modules/_networking/vnet_peering/_variables.tf @@ -6,8 +6,8 @@ variable "settings" { description = "All the configuration for this resource" validation { - condition = contains(["<-", "->", "<->", "target", "source"], try(var.settings.direction, "<->")) - error_message = "Allowed values for 'direction' are '<-', '->', '<->', 'target', or 'source'. Defaults to '<->' if not set." + condition = contains(["<-", "->", "<->", "target", "source", "custom"], try(var.settings.direction, "<->")) + error_message = "Allowed values for 'direction' are '<-', '->', '<->', 'target', 'source' or 'custom' . Defaults to '<->' if not set." } } diff --git a/src/modules/_networking/vnet_peering/main.tf b/src/modules/_networking/vnet_peering/main.tf index dc0f227f..71ab2145 100644 --- a/src/modules/_networking/vnet_peering/main.tf +++ b/src/modules/_networking/vnet_peering/main.tf @@ -28,6 +28,19 @@ resource "azurerm_virtual_network_peering" "target" { use_remote_gateways = true } +resource "azurerm_virtual_network_peering" "custom" { + count = local.custom ? 1 : 0 + + name = try(var.settings.custom_name, "peering-${local.vnet_right.name}") + resource_group_name = local.vnet_right.resource_group_name + virtual_network_name = local.vnet_right.name + remote_virtual_network_id = try(var.settings.remote_vnet_id, local.vnet_left.id) + allow_virtual_network_access = try(var.settings.allow_virtual_network_access, false) + allow_forwarded_traffic = try(var.settings.allow_forwarded_traffic, false) + use_remote_gateways = try(var.settings.use_remote_gateways, false) + allow_gateway_transit = try(var.settings.allow_gateway_transit, false) +} + resource "azurerm_virtual_network_peering" "source" { count = local.source ? 1 : 0 diff --git a/src/modules/storage_account/storage_account.tf b/src/modules/storage_account/storage_account.tf index fd2d0e56..0babdd8e 100644 --- a/src/modules/storage_account/storage_account.tf +++ b/src/modules/storage_account/storage_account.tf @@ -49,6 +49,7 @@ resource "azurerm_storage_account" "main" { for_each = can(var.settings.blob_properties) ? [1] : [] content { + versioning_enabled = try(var.settings.blob_properties.versioning_enabled, false) dynamic "cors_rule" { for_each = can(var.settings.blob_properties.cors_rule) ? [1] : [] diff --git a/src/modules/storage_account/storage_container.tf b/src/modules/storage_account/storage_container.tf index b490d093..5e4c102d 100644 --- a/src/modules/storage_account/storage_container.tf +++ b/src/modules/storage_account/storage_container.tf @@ -6,3 +6,31 @@ resource "azurerm_storage_container" "main" { container_access_type = try(each.value.access_type, null) } + + +resource "azapi_resource" "main" { + for_each = try(var.settings.api_containers, {}) + + type = "Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01" + name = each.value.name + parent_id = "${azurerm_storage_account.main.id}/blobServices/default" + body = { + properties = { + defaultEncryptionScope = try(each.value.default_encryption_scope, "$account-encryption-key") + denyEncryptionScopeOverride = try(each.value.deny_encryption_scope_override, false) + immutableStorageWithVersioning = { + enabled = try(each.value.enable_versioning, true) + } + publicAccess = try(each.value.public_access, "None") + } + } +} + + +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf index 7716b3d9..c26b1b4a 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf @@ -7,18 +7,21 @@ locals { network_interface_ids = module.network_interface.ids - key_vault_id = var.resources[ + key_vault_id = try(var.resources[ try(var.settings.keyvault_lz_key, var.client_config.landingzone_key) ].keyvaults[ var.settings.keyvault_ref - ].id + ].id, null) - vm_keys = { for key, ssh_key in var.settings.admin_ssh_key : + vm_keys = { + for key, ssh_key in try(var.settings.admin_ssh_key, {}) : key => tls_private_key.main[ssh_key.public_key_ref] } + private_keys_pem = { for key, value in local.vm_keys : key => value.private_key_pem } public_keys_openssh = { for key, value in local.vm_keys : key => value.public_key_openssh } + tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, diff --git a/src/modules/virtual_machines/linux_virtual_machine/agreement.tf b/src/modules/virtual_machines/linux_virtual_machine/agreement.tf new file mode 100644 index 00000000..9aa3aa30 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/agreement.tf @@ -0,0 +1,6 @@ +resource "azurerm_marketplace_agreement" "main" { + count = try(var.settings.marketplace_agreement, null) == null ? 0 : 1 + publisher = var.settings.marketplace_agreement.publisher + offer = var.settings.marketplace_agreement.offer + plan = var.settings.marketplace_agreement.plan +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf new file mode 100644 index 00000000..4af1d8ee --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf @@ -0,0 +1,9 @@ +resource "azurerm_availability_set" "main" { + count = try(var.settings.availability_set, null) == null ? 0 : 1 + name = try(var.settings.availability_set.name) + location = local.location + resource_group_name = local.resource_group_name + platform_fault_domain_count = try(var.settings.availability_set.platform_fault_domain_count, null) + platform_update_domain_count = try(var.settings.availability_set.platform_update_domain_count, null) + tags = local.tags +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index 556ed72d..34c7a263 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -1,10 +1,15 @@ resource "azurerm_linux_virtual_machine" "main" { - name = var.settings.name - resource_group_name = local.resource_group_name - location = local.location - admin_username = var.settings.admin_username - size = var.settings.size - network_interface_ids = local.network_interface_ids + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + admin_username = var.settings.admin_username + admin_password = try(random_password.admin[0].result, null) + size = var.settings.size + network_interface_ids = local.network_interface_ids + encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled, null) + disable_password_authentication = try(var.settings.disable_password_authentication, null) + availability_set_id = try(one(azurerm_availability_set.main[*].id), null) + tags = local.tags @@ -15,6 +20,14 @@ resource "azurerm_linux_virtual_machine" "main" { public_key = tls_private_key.main[admin_ssh_key.value.public_key_ref].public_key_openssh } } + dynamic "plan" { + for_each = can(var.settings.plan) ? [1] : [] + content { + name = var.settings.plan.name + product = var.settings.plan.product + publisher = var.settings.plan.publisher + } + } os_disk { caching = var.settings.os_disk.caching diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf index 1dcecc71..e47b23e9 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf @@ -11,3 +11,23 @@ resource "azurerm_key_vault_secret" "public_keys" { value = each.value key_vault_id = local.key_vault_id } + + +resource "random_password" "admin" { + count = try(var.settings.disable_password_authentication, false) ? 0 : 1 + length = 18 + min_upper = 2 + min_lower = 2 + min_special = 2 + numeric = true + special = true + override_special = "!@#$%&" +} + + +resource "azurerm_key_vault_secret" "admin_password" { + count = try(var.settings.disable_password_authentication, false) ? 0 : 1 + name = "${var.settings.name}-${var.settings.admin_username}" + value = random_password.admin[0].result + key_vault_id = local.key_vault_id +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf index ec38c336..29dcc678 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf @@ -1,5 +1,5 @@ resource "tls_private_key" "main" { - for_each = var.settings.public_key_openssh + for_each = try(var.settings.public_key_openssh, {}) algorithm = each.value.algorithm rsa_bits = each.value.rsa_bits diff --git a/src/modules/virtual_machines/network_interface/main.tf b/src/modules/virtual_machines/network_interface/main.tf index bc88bb8f..82529720 100644 --- a/src/modules/virtual_machines/network_interface/main.tf +++ b/src/modules/virtual_machines/network_interface/main.tf @@ -1,8 +1,10 @@ resource "azurerm_network_interface" "main" { - for_each = var.settings.network_interfaces - name = each.value.name - resource_group_name = local.resource_group_name - location = local.location + for_each = var.settings.network_interfaces + name = each.value.name + resource_group_name = local.resource_group_name + location = local.location + accelerated_networking_enabled = try(each.value.accelerated_networking_enabled, false) + ip_forwarding_enabled = try(each.value.ip_forwarding_enabled, false) tags = local.tags