Merge pull request #209 from aztfmod/privatelink-mssql

Add privatelink for mssql servers
aztfmod · Dec 21, 2020 · 1bf1fea · 1bf1fea
2 parents cbb56d3 + 7dd2571
commit 1bf1fea
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 5 deletions.
diff --git a/examples/networking/private_links/endpoints/centralized/mssql_servers.tfvars b/examples/networking/private_links/endpoints/centralized/mssql_servers.tfvars
@@ -0,0 +1,15 @@
+mssql_servers = {
+  sales_rg1 = {
+    name                          = "sales-rg1"
+    region                        = "region1"
+    resource_group_key            = "rg1"
+    version                       = "12.0"
+    administrator_login           = "sqlsalesadmin"
+    keyvault_key                  = "kv_rg1"
+    connection_policy             = "Default"
+    system_msi                    = true
+    public_network_access_enabled = false
+
+  }
+
+}
diff --git a/examples/networking/private_links/endpoints/centralized/private_dns.tfvars b/examples/networking/private_links/endpoints/centralized/private_dns.tfvars
@@ -10,11 +10,6 @@ private_dns = {
         vnet_key = "vnet_01"
       }
 
-      # launchpad = {
-      #   name     = "launchpad-devops_region1"
-      #   vnet_key = "devops_region1"
-      #   lz_key   = "launchpad"
-      # }
     }
   }
 }
diff --git a/examples/networking/private_links/endpoints/centralized/private_endpoints.tfvars b/examples/networking/private_links/endpoints/centralized/private_endpoints.tfvars
@@ -98,5 +98,19 @@ private_endpoints = {
         }
       }
     }
+
+    mssql_servers = {
+      sales_rg1 = {
+        private_service_connection = {
+          name = "psc-mssql"
+        }
+
+        private_dns = {
+          zone_group_name = "default"
+          # lz_key          = ""   # If the DNS keys are deployed in a remote landingzone
+          keys = ["dns1"]
+        }
+      }
+    }
   }
 }
diff --git a/modules/networking/private_links/endpoints/subnet/mssql_servers.tf b/modules/networking/private_links/endpoints/subnet/mssql_servers.tf
@@ -0,0 +1,16 @@
+module "mssql_servers" {
+  source   = "../private_endpoint"
+  for_each = try(var.private_endpoints.mssql_servers, {})
+
+  global_settings     = var.global_settings
+  client_config       = var.client_config
+  settings            = each.value
+  resource_id         = try(var.remote_objects.mssql_servers[each.value.lz_key][each.key].id, var.remote_objects.mssql_servers[var.client_config.landingzone_key][each.key].id)
+  subresource_names   = ["sqlServer"]
+  subnet_id           = var.subnet_id
+  private_dns         = var.private_dns
+  name                = try(each.value.name, each.key)
+  resource_group_name = try(var.resource_groups[each.value.resource_group_key].name, var.vnet_resource_group_name)
+  location            = var.vnet_location # The private endpoint must be deployed in the same region as the virtual network.
+  base_tags           = var.base_tags
+}
diff --git a/networking_private_links.tf b/networking_private_links.tf
@@ -17,6 +17,7 @@ module private_endpoints {
 
     event_hub_namespaces = local.combined_objects_event_hub_namespaces
     keyvaults            = local.combined_objects_keyvaults
+    mssql_servers        = local.combined_objects_mssql_servers
     networking           = local.combined_objects_networking
     recovery_vaults      = local.combined_objects_recovery_vaults
     storage_accounts     = local.combined_objects_storage_accounts