Appgw - Initial commit to create an empty gateway (#40)

* FIX - Private DNS Link - Adding a new subnet to existing vnet does not destroy and recreate the vnet links * App Gateway - Initial commit to create an empty gateway
aztfmod · Sep 28, 2020 · b806036 · b806036
1 parent 41a721b
commit b806036
Show file tree

Hide file tree

Showing 10 changed files with 255 additions and 0 deletions.
diff --git a/application_gateways.tf b/application_gateways.tf
@@ -0,0 +1,15 @@
+module application_gateways {
+  source   = "./modules/networking/application_gateway"
+  for_each = local.networking.application_gateways
+
+  global_settings                  = local.global_settings
+  diagnostics                      = local.diagnostics
+  resource_group_name              = module.resource_groups[each.value.resource_group_key].name
+  location                         = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region]
+  settings                         = each.value
+  sku_name                         = each.value.sku_name
+  sku_tier                         = each.value.sku_tier
+  vnets                            = module.networking
+  public_ip_addresses              = module.public_ip_addresses
+  application_gateway_applications = local.networking.application_gateway_applications[each.key]
+}
diff --git a/main.tf b/main.tf
@@ -56,6 +56,8 @@ locals {
   }
 
   networking = {
+    application_gateways                                    = try(var.networking.application_gateways, {})
+    application_gateway_applications                        = try(var.networking.application_gateway_applications, {})
     network_security_group_definition                       = try(var.networking.network_security_group_definition, {})
     public_ip_addresses                                     = try(var.networking.public_ip_addresses, {})
     vnet_peerings                                           = try(var.networking.vnet_peerings, {})

diff --git a/modules/compute/virtual_machine/vm_linux.tf b/modules/compute/virtual_machine/vm_linux.tf
@@ -56,6 +56,7 @@ resource "azurerm_linux_virtual_machine" "vm" {
 
   allow_extension_operations      = try(each.value.allow_extension_operations, null)
   computer_name                   = azurecaf_name.linux_computer_name[each.key].result
+  eviction_policy                 = try(each.value.eviction_policy, null)
   max_bid_price                   = try(each.value.max_bid_price, null)
   priority                        = try(each.value.priority, null)
   provision_vm_agent              = try(each.value.provision_vm_agent, true)

diff --git a/modules/compute/virtual_machine/vm_windows.tf b/modules/compute/virtual_machine/vm_windows.tf
@@ -52,6 +52,7 @@ resource "azurerm_windows_virtual_machine" "vm" {
   enable_automatic_updates   = try(each.value.enable_automatic_updates, null)
   eviction_policy            = try(each.value.eviction_policy, null)
   max_bid_price              = try(each.value.max_bid_price, null)
+  priority                   = try(each.value.priority, null)
   license_type               = try(each.value.license_type, null)
   tags                       = try(each.value.tags, null)
   timezone                   = try(each.value.timezone, null)

diff --git a/modules/networking/application_gateway/application_gateway.tf b/modules/networking/application_gateway/application_gateway.tf
@@ -0,0 +1,143 @@
+resource "azurecaf_name" "agw" {
+  name          = var.settings.name
+  resource_type = "azurerm_application_gateway"
+  prefixes      = [var.global_settings.prefix]
+  random_length = var.global_settings.random_length
+  clean_input   = true
+  passthrough   = var.global_settings.passthrough
+}
+
+resource "azurerm_application_gateway" "agw" {
+  name                = azurecaf_name.agw.result
+  resource_group_name = var.resource_group_name
+  location            = var.location
+
+  zones              = try(var.settings.zones, null)
+  enable_http2       = try(var.settings.enable_http2, true)
+  tags               = try(var.settings.tags, null)
+  firewall_policy_id = try(var.settings.firewall_policy_id, null)
+
+  sku {
+    name     = var.sku_name
+    tier     = var.sku_tier
+    capacity = try(var.settings.capacity.autoscale, null) == null ? var.settings.capacity.scale_unit : null
+  }
+
+  gateway_ip_configuration {
+    name      = var.settings.name
+    subnet_id = var.vnets[var.settings.vnet_key].subnets[var.settings.subnet_key].id
+  }
+
+  dynamic autoscale_configuration {
+    for_each = try(var.settings.capacity.autoscale, null) == null ? [] : [1]
+
+    content {
+      min_capacity = var.settings.capacity.autoscale.minimum_scale_unit
+      max_capacity = var.settings.capacity.autoscale.maximum_scale_unit
+    }
+  }
+
+  dynamic frontend_ip_configuration {
+    for_each = var.settings.front_end_ip_configurations
+
+    content {
+      name                          = frontend_ip_configuration.value.name
+      public_ip_address_id          = try(frontend_ip_configuration.value.public_ip_key, null) == null ? null : var.public_ip_addresses[frontend_ip_configuration.value.public_ip_key].id
+      private_ip_address            = try(frontend_ip_configuration.value.public_ip_key, null) == null ? cidrhost(var.vnets[frontend_ip_configuration.value.vnet_key].subnets[frontend_ip_configuration.value.subnet_key].cidr[frontend_ip_configuration.value.subnet_cidr_index], frontend_ip_configuration.value.private_ip_offset) : null
+      private_ip_address_allocation = try(frontend_ip_configuration.value.public_ip_key, null) == null ? frontend_ip_configuration.value.private_ip_address_allocation : null
+      subnet_id                     = try(frontend_ip_configuration.value.public_ip_key, null) == null ? var.vnets[frontend_ip_configuration.value.vnet_key].subnets[frontend_ip_configuration.value.subnet_key].id : null
+    }
+  }
+
+  dynamic frontend_port {
+    for_each = var.settings.front_end_ports
+
+    content {
+      name = frontend_port.value.name
+      port = frontend_port.value.port
+    }
+  }
+
+  dynamic http_listener {
+    for_each = var.application_gateway_applications.listeners
+
+    content {
+      name                           = http_listener.value.name
+      frontend_ip_configuration_name = var.settings.front_end_ip_configurations[http_listener.value.front_end_ip_configuration_key].name
+      frontend_port_name             = var.settings.front_end_ports[http_listener.value.front_end_port_key].name
+      protocol                       = var.settings.front_end_ports[http_listener.value.front_end_port_key].protocol
+    }
+  }
+
+  dynamic request_routing_rule {
+    for_each = var.application_gateway_applications.request_routing_rules
+
+    content {
+      name               = request_routing_rule.value.name
+      rule_type          = request_routing_rule.value.rule_type
+      http_listener_name = var.application_gateway_applications.listeners[request_routing_rule.value.http_listener_key].name
+      backend_http_settings_name = var.application_gateway_applications.backend_http_settings[request_routing_rule.value.backend_http_settings_key].name
+      backend_address_pool_name = var.application_gateway_applications.backend_pools[request_routing_rule.value.backend_pool_key].name
+    }
+  }
+
+  dynamic backend_http_settings {
+    for_each = var.application_gateway_applications.backend_http_settings
+
+    content {
+      name                  = backend_http_settings.value.name
+      cookie_based_affinity = try(backend_http_settings.value.cookie_based_affinity, "Disabled")
+      port                  = backend_http_settings.value.port
+      protocol              = backend_http_settings.value.protocol
+      request_timeout       = try(backend_http_settings.value.request_timeout, 30)
+    }
+  }
+
+  dynamic backend_address_pool {
+    for_each = var.application_gateway_applications.backend_pools
+
+    content {
+      name = backend_address_pool.value.name
+    }
+  }
+
+
+
+
+  # identity {
+
+  # }
+  # authentication_certificate {
+
+  # }
+
+  # trusted_root_certificate {
+
+  # }
+
+  # ssl_policy {
+
+  # }
+
+  # probe {
+
+  # }
+
+  # ssl_certificate {
+
+  # }
+
+  # url_path_map {}
+
+  # waf_configuration {}
+
+  # custom_error_configuration {}
+
+  # redirect_configuration {}
+
+  # autoscale_configuration {}
+
+  # rewrite_rule_set {}
+
+
+}
diff --git a/modules/networking/application_gateway/diagnostics.tf b/modules/networking/application_gateway/diagnostics.tf
@@ -0,0 +1,8 @@
+module diagnostics {
+  source = "../../diagnostics"
+
+  resource_id       = azurerm_application_gateway.agw.id
+  resource_location = var.location
+  diagnostics       = var.diagnostics
+  profiles          = try(var.settings.diagnostic_profiles, {})
+}
diff --git a/modules/networking/application_gateway/main.tf b/modules/networking/application_gateway/main.tf
@@ -0,0 +1,14 @@
+locals {
+  module_tag = {
+    "module" = basename(abspath(path.module))
+  }
+  tags = merge(try(var.settings.tags, {}), local.module_tag)
+}
+
+terraform {
+  required_providers {
+    azurecaf = {
+      source = "aztfmod/azurecaf"
+    }
+  }
+}
diff --git a/modules/networking/application_gateway/private_dns_records.tf b/modules/networking/application_gateway/private_dns_records.tf
@@ -0,0 +1,34 @@
+# resource "azurerm_private_dns_a_record" "a_records" {
+#   depends_on = [
+#     azurerm_template_deployment.ase
+#   ]
+#   for_each = try(var.settings.private_dns_records.a_records, {})
+
+#   name                = each.value.name
+#   resource_group_name = lookup(each.value, "remote_tfstate", null) == null ? var.private_dns[each.value.private_dns_key].resource_group_name : data.terraform_remote_state.ase_vnet_dns[each.key].outputs[each.value.remote_tfstate.output_key][each.value.private_dns_key].resource_group_name
+#   zone_name           = lookup(each.value, "remote_tfstate", null) == null ? var.private_dns[each.value.private_dns_key].name : data.terraform_remote_state.ase_vnet_dns[each.key].outputs[each.value.remote_tfstate.output_key][each.value.private_dns_key].name
+#   ttl                 = each.value.ttl
+#   records             = [data.external.ase_ilb_ip.result.internalIpAddress]
+#   tags                = try(each.value.tags, {})
+# }
+
+# #
+# # Get remote ase vnet
+# #
+# data "terraform_remote_state" "vnet_dns" {
+#   for_each = {
+#     for key, value in var.settings.private_dns_records.a_records : key => value
+#     if try(value.remote_tfstate, null) != null
+#   }
+
+#   backend = "azurerm"
+#   config = {
+#     storage_account_name = var.tfstates[each.value.remote_tfstate.tfstate_key].storage_account_name
+#     container_name       = var.tfstates[each.value.remote_tfstate.tfstate_key].container_name
+#     resource_group_name  = var.tfstates[each.value.remote_tfstate.tfstate_key].resource_group_name
+#     key                  = var.tfstates[each.value.remote_tfstate.tfstate_key].key
+#     use_msi              = var.use_msi
+#     subscription_id      = var.use_msi ? var.tfstates[each.value.remote_tfstate.tfstate_key].subscription_id : null
+#     tenant_id            = var.use_msi ? var.tfstates[each.value.remote_tfstate.tfstate_key].tenant_id : null
+#   }
+# }
diff --git a/modules/networking/application_gateway/variable.tf b/modules/networking/application_gateway/variable.tf
@@ -0,0 +1,32 @@
+variable settings {}
+variable global_settings {}
+variable diagnostics {}
+variable resource_group_name {}
+variable location {}
+variable public_ip_addresses {}
+variable application_gateway_applications {}
+variable vnets {}
+
+variable sku_name {
+  type        = string
+  default     = "Standard_v2"
+  description = "(Optional) (Default = Standard_v2) The Name of the SKU to use for this Application Gateway. Possible values are Standard_Small, Standard_Medium, Standard_Large, Standard_v2, WAF_Medium, WAF_Large, and WAF_v2."
+
+  validation {
+    condition     = contains(["Standard_Small", "Standard_Medium", "Standard_Large", "Standard_v2", "WAF_Medium", "WAF_Large", "WAF_v2"], var.sku_name)
+    error_message = "Provide an allowed value as defined in https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html#sku."
+  }
+}
+
+variable sku_tier {
+  type        = string
+  default     = "Standard_v2"
+  description = "(Optional) (Default = Standard_v2) (Required) The Tier of the SKU to use for this Application Gateway. Possible values are Standard, Standard_v2, WAF and WAF_v2."
+
+  validation {
+    condition     = contains(["Standard", "Standard_v2", "WAF ", "WAF_v2"], var.sku_tier)
+    error_message = "Provide an allowed value as defined in https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html#sku."
+  }
+}
+
+
diff --git a/modules/networking/virtual_network/subnet/output.tf b/modules/networking/virtual_network/subnet/output.tf
@@ -8,3 +8,8 @@ output name {
   value     = azurerm_subnet.subnet.name
   sensitive = true
 }
+
+output cidr {
+  value     = var.address_prefixes
+  sensitive = true
+}