From 0162c05919eed3d8de5cde760135a7f3a57811af Mon Sep 17 00:00:00 2001 From: Pranay Deokar Date: Thu, 4 Jan 2024 01:22:07 +0530 Subject: [PATCH] fix : added deprecated attributes, labels and output.tf --- .github/dependabot.yml | 13 +++ .github/workflows/tf-checks.yml | 5 + .pre-commit-config.yaml | 21 +++-- README.yaml | 4 +- .../{complete/main.tf => basic/example.tf} | 29 ++++-- _example/basic/outputs.tf | 14 +++ _example/basic/versions.tf | 13 +++ _example/complete/example.tf | 94 +++++++++++++++++++ _example/complete/outputs.tf | 28 +++--- main.tf | 71 ++++++-------- variables.tf | 35 ++++++- 11 files changed, 253 insertions(+), 74 deletions(-) rename _example/{complete/main.tf => basic/example.tf} (60%) create mode 100644 _example/basic/outputs.tf create mode 100644 _example/basic/versions.tf create mode 100644 _example/complete/example.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2e36505..2bd40f4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -42,4 +42,17 @@ updates: # Allow up to 3 open pull requests for pip dependencies open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values + directory: "/_example/basic" # Location of package manifests + schedule: + interval: "weekly" + # Add assignees + assignees: + - "clouddrove-ci" + # Add reviewer + reviewers: + - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 56012b7..6feaa0f 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -9,5 +9,10 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 with: working_directory: './_example/complete/' + + basic-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 + with: + working_directory: './_example/basic/' \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ddab84d..9e713a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,14 +1,21 @@ repos: - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.130.0 + + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases hooks: - - id: terraform_fmt - - id: terraform_tflint + - id: terraform-fmt + - id: shellcheck + - id: tflint - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.1.0 + - repo: git://github.com/pre-commit/pre-commit-hooks + rev: v4.0.1 # Use the ref you want to point at hooks: - - id: check-merge-conflict + - id: end-of-file-fixer - id: trailing-whitespace + - id: mixed-line-ending + - id: check-byte-order-marker + - id: check-executables-have-shebangs + - id: check-merge-conflict + - id: debug-statements - id: check-yaml - id: check-added-large-files diff --git a/README.yaml b/README.yaml index 9665a96..9334a49 100644 --- a/README.yaml +++ b/README.yaml @@ -47,7 +47,9 @@ usage: |- subnet_id = module.name_specific_subnet.specific_subnet_id[0] #### enable diagnostic setting - diagnostic_setting_enable = false + diagnostic_setting_enable = true log_analytics_workspace_id = "" } ``` + + diff --git a/_example/complete/main.tf b/_example/basic/example.tf similarity index 60% rename from _example/complete/main.tf rename to _example/basic/example.tf index 51e664b..3a0631b 100644 --- a/_example/complete/main.tf +++ b/_example/basic/example.tf @@ -2,16 +2,24 @@ provider "azurerm" { features {} } -module "resource_group" { - source = "clouddrove/resource-group/azure" - version = "1.0.2" +locals { + name = "app" + environment = "test" + label_order = ["name", "environment"] +} +module "resource_group" { + source = "clouddrove/resource-group/azure" + version = "1.0.2" name = "app" environment = "test" label_order = ["name", "environment"] location = "Canada Central" } +##----------------------------------------------------------------------------- +## Virtual Network module call. +##----------------------------------------------------------------------------- module "vnet" { source = "clouddrove/vnet/azure" version = "1.0.4" @@ -22,6 +30,9 @@ module "vnet" { address_spaces = ["10.0.0.0/16"] } +##----------------------------------------------------------------------------- +## Subnet module call. +##----------------------------------------------------------------------------- module "name_specific_subnet" { source = "clouddrove/subnet/azure" version = "1.0.2" @@ -38,7 +49,9 @@ module "name_specific_subnet" { enable_route_table = false } - +##----------------------------------------------------------------------------- +## Bastion module call. +##----------------------------------------------------------------------------- module "bastion" { depends_on = [module.resource_group] source = "./../../" @@ -49,7 +62,9 @@ module "bastion" { virtual_network_name = module.vnet.vnet_name subnet_id = module.name_specific_subnet.specific_subnet_id[0] - #### enable diagnostic setting - diagnostic_setting_enable = false - log_analytics_workspace_id = "" + ##----------------------------------------------------------------------------- + ## enable diagnostic setting + ##----------------------------------------------------------------------------- + diagnostic_setting_enable = false + } diff --git a/_example/basic/outputs.tf b/_example/basic/outputs.tf new file mode 100644 index 0000000..8356bbf --- /dev/null +++ b/_example/basic/outputs.tf @@ -0,0 +1,14 @@ +output "bastion_dns_name" { + value = join("", module.bastion.*.dns_name) + description = "Specifies the name of the bastion host" +} + +output "bastion_id" { + value = join("", module.bastion.*.id) + description = "Specifies the name of the bastion host" +} + + + + + diff --git a/_example/basic/versions.tf b/_example/basic/versions.tf new file mode 100644 index 0000000..6a65607 --- /dev/null +++ b/_example/basic/versions.tf @@ -0,0 +1,13 @@ +# Terraform version +terraform { + required_version = ">= 1.6.6" +} + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.85.0" + } + } +} \ No newline at end of file diff --git a/_example/complete/example.tf b/_example/complete/example.tf new file mode 100644 index 0000000..104608a --- /dev/null +++ b/_example/complete/example.tf @@ -0,0 +1,94 @@ +provider "azurerm" { + features {} +} + +locals { + name = "app" + environment = "test" + label_order = ["name", "environment"] +} + +##----------------------------------------------------------------------------- +## Resource Group module call +## Resource group in which all resources will be deployed. +##----------------------------------------------------------------------------- +module "resource_group" { + source = "clouddrove/resource-group/azure" + version = "1.0.2" + name = "app" + environment = "test" + label_order = ["name", "environment"] + location = "Canada Central" +} + +##----------------------------------------------------------------------------- +## Virtual Network module call. +##----------------------------------------------------------------------------- +module "vnet" { + source = "clouddrove/vnet/azure" + version = "1.0.4" + name = "app" + environment = "test" + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + address_spaces = ["10.0.0.0/16"] +} + +##----------------------------------------------------------------------------- +## Subnet module call. +##----------------------------------------------------------------------------- +module "name_specific_subnet" { + source = "clouddrove/subnet/azure" + version = "1.0.2" + name = "app" + environment = "test" + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + virtual_network_name = module.vnet.vnet_name + + #subnet + specific_name_subnet = true + specific_subnet_names = "AzureBastionSubnet" + subnet_prefixes = ["10.0.1.0/24"] + enable_route_table = false + +} + +##----------------------------------------------------------------------------- +## Log Analytics module call. +## Log analytics workspace in which storage diagnostic logs will be sent. +##----------------------------------------------------------------------------- +module "log-analytics" { + source = "clouddrove/log-analytics/azure" + version = "1.0.1" + name = local.name + environment = local.environment + label_order = local.label_order + create_log_analytics_workspace = true + log_analytics_workspace_sku = "PerGB2018" + daily_quota_gb = "-1" + internet_ingestion_enabled = true + internet_query_enabled = true + resource_group_name = module.resource_group.resource_group_name + log_analytics_workspace_location = module.resource_group.resource_group_location +} + +##----------------------------------------------------------------------------- +## Bastion module call. +##----------------------------------------------------------------------------- +module "bastion" { + depends_on = [module.resource_group] + source = "./../../" + name = "app" + environment = "test" + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + virtual_network_name = module.vnet.vnet_name + subnet_id = module.name_specific_subnet.specific_subnet_id[0] + + ##----------------------------------------------------------------------------- + ## enable diagnostic setting + ##----------------------------------------------------------------------------- + diagnostic_setting_enable = true + log_analytics_workspace_id = module.log-analytics.workspace_id +} diff --git a/_example/complete/outputs.tf b/_example/complete/outputs.tf index 54f0585..8356bbf 100644 --- a/_example/complete/outputs.tf +++ b/_example/complete/outputs.tf @@ -1,14 +1,14 @@ -#output "bastion_dns_name" { -# value = join("", module.bastion.*.dns_name) -# description = "Specifies the name of the bastion host" -#} -# -#output "bastion_id" { -# value = join("", module.bastion.*.id) -# description = "Specifies the name of the bastion host" -#} -# -# -# -# -# +output "bastion_dns_name" { + value = join("", module.bastion.*.dns_name) + description = "Specifies the name of the bastion host" +} + +output "bastion_id" { + value = join("", module.bastion.*.id) + description = "Specifies the name of the bastion host" +} + + + + + diff --git a/main.tf b/main.tf index bcb8b54..05d4cfb 100644 --- a/main.tf +++ b/main.tf @@ -25,7 +25,6 @@ resource "azurerm_public_ip" "pip" { tags = module.labels.tags } - #--------------------------------------------- # Azure Bastion Service host #--------------------------------------------- @@ -44,7 +43,6 @@ resource "azurerm_bastion_host" "main" { tunneling_enabled = var.bastion_host_sku == "Standard" ? var.enable_tunneling : null tags = module.labels.tags - ip_configuration { name = format("%s-network", module.labels.id) subnet_id = var.subnet_id @@ -53,10 +51,9 @@ resource "azurerm_bastion_host" "main" { } #--------------------------------------------- -# Azure Monitor Diagnostic Settings +# Azure Monitor Diagnostic Settings for Bastion #--------------------------------------------- - -resource "azurerm_monitor_diagnostic_setting" "main" { +resource "azurerm_monitor_diagnostic_setting" "bastion-diagnostic" { count = var.enabled && var.diagnostic_setting_enable ? 1 : 0 name = format("%s-bastion-diagnostic-log", module.labels.id) target_resource_id = azurerm_bastion_host.main[0].id @@ -65,29 +62,28 @@ resource "azurerm_monitor_diagnostic_setting" "main" { eventhub_authorization_rule_id = var.eventhub_authorization_rule_id log_analytics_workspace_id = var.log_analytics_workspace_id log_analytics_destination_type = var.log_analytics_destination_type - metric { - category = "AllMetrics" - enabled = var.Metric_enable - retention_policy { - enabled = var.retention_policy_enabled - days = var.diagnostic_log_days + dynamic "enabled_log" { + for_each = var.log_enabled ? ["allLogs"] : [] + content { + category_group = enabled_log.value } } - log { - category = var.category - category_group = "AllLogs" - retention_policy { - enabled = var.retention_policy_enabled - days = var.diagnostic_log_days + dynamic "metric" { + for_each = var.metric_enabled ? ["AllMetrics"] : [] + content { + category = metric.value + enabled = true } - enabled = var.log_enabled } lifecycle { ignore_changes = [log_analytics_destination_type] } } -resource "azurerm_monitor_diagnostic_setting" "pip_bastion" { +#--------------------------------------------- +# Azure Monitor Diagnostic Settings for public +#--------------------------------------------- +resource "azurerm_monitor_diagnostic_setting" "pip_diagnostic" { count = var.enabled && var.diagnostic_setting_enable ? 1 : 0 name = format("%s-bastion-pip-diagnostic-log", module.labels.id) target_resource_id = azurerm_public_ip.pip[0].id @@ -96,34 +92,27 @@ resource "azurerm_monitor_diagnostic_setting" "pip_bastion" { eventhub_authorization_rule_id = var.eventhub_authorization_rule_id log_analytics_workspace_id = var.log_analytics_workspace_id log_analytics_destination_type = var.log_analytics_destination_type - metric { - category = "AllMetrics" - enabled = var.Metric_enable - retention_policy { - enabled = var.retention_policy_enabled - days = var.diagnostic_log_days + dynamic "metric" { + for_each = var.metric_enabled ? ["AllMetrics"] : [] + content { + category = metric.value + enabled = true } } - log { - category = var.category - category_group = "AllLogs" - retention_policy { - enabled = var.retention_policy_enabled - days = var.diagnostic_log_days + dynamic "enabled_log" { + for_each = var.pip_logs.enabled ? var.pip_logs.category != null ? var.pip_logs.category : var.pip_logs.category_group : [] + content { + category = var.pip_logs.category != null ? enabled_log.value : null + category_group = var.pip_logs.category == null ? enabled_log.value : null } - enabled = var.log_enabled } - log { - category = var.category - category_group = "Audit" - retention_policy { - enabled = var.retention_policy_enabled - days = var.diagnostic_log_days - } - enabled = var.log_enabled - } lifecycle { ignore_changes = [log_analytics_destination_type] } } + + + + + diff --git a/variables.tf b/variables.tf index 862263c..8897779 100644 --- a/variables.tf +++ b/variables.tf @@ -146,38 +146,42 @@ variable "domain_name_label" { description = "The domain name label for the Azure Bastion Service host. Leave empty for no label." } - variable "subnet_id" { type = string default = null description = "The ID of the Subnet where this Network Interface should be located in." } -#### enable diagnostic setting +## enable diagnostic setting variable "log_analytics_destination_type" { type = string default = "AzureDiagnostics" description = "Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table." } + variable "retention_policy_enabled" { type = bool default = false description = "Is this Retention Policy enabled?" } + variable "diagnostic_log_days" { type = number default = "90" description = " The number of days for which this Retention Policy should apply." } + variable "Metric_enable" { type = bool default = true description = "Is this Diagnostic Metric enabled? Defaults to true." } + variable "diagnostic_setting_enable" { type = bool - default = false + default = true } + variable "log_analytics_workspace_id" { type = string default = null @@ -188,23 +192,46 @@ variable "category" { default = null description = " The name of a Diagnostic Log Category Group for this Resource." } + variable "log_enabled" { type = string default = true description = " Is this Diagnostic Log enabled? Defaults to true." } + variable "storage_account_id" { type = string default = null description = "The ID of the Storage Account where logs should be sent." } + variable "eventhub_name" { type = string default = null description = "Specifies the name of the Event Hub where Diagnostics Data should be sent." } + variable "eventhub_authorization_rule_id" { type = string default = null - description = "Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data." + description = "Specifies the ID of an vent Hub Namespace Authorization Rule used to send Diagnostics Data." +} + +variable "metric_enabled" { + type = bool + default = true + description = "Is this Diagnostic Metric enabled? Defaults to True." +} + +variable "pip_logs" { + type = object({ + enabled = bool + category = optional(list(string)) + category_group = optional(list(string)) + }) + + default = { + enabled = true + category_group = ["AllLogs"] + } }