From b8060364d971f8d2b79ad4449111b58525f1c273 Mon Sep 17 00:00:00 2001 From: lolorol Date: Mon, 28 Sep 2020 14:07:40 +0800 Subject: [PATCH] Appgw - Initial commit to create an empty gateway (#40) * FIX - Private DNS Link - Adding a new subnet to existing vnet does not destroy and recreate the vnet links * App Gateway - Initial commit to create an empty gateway --- application_gateways.tf | 15 ++ main.tf | 2 + modules/compute/virtual_machine/vm_linux.tf | 1 + modules/compute/virtual_machine/vm_windows.tf | 1 + .../application_gateway.tf | 143 ++++++++++++++++++ .../application_gateway/diagnostics.tf | 8 + .../networking/application_gateway/main.tf | 14 ++ .../private_dns_records.tf | 34 +++++ .../application_gateway/variable.tf | 32 ++++ .../virtual_network/subnet/output.tf | 5 + 10 files changed, 255 insertions(+) create mode 100644 application_gateways.tf create mode 100644 modules/networking/application_gateway/application_gateway.tf create mode 100755 modules/networking/application_gateway/diagnostics.tf create mode 100644 modules/networking/application_gateway/main.tf create mode 100644 modules/networking/application_gateway/private_dns_records.tf create mode 100644 modules/networking/application_gateway/variable.tf diff --git a/application_gateways.tf b/application_gateways.tf new file mode 100644 index 0000000000..536e47701e --- /dev/null +++ b/application_gateways.tf @@ -0,0 +1,15 @@ +module application_gateways { + source = "./modules/networking/application_gateway" + for_each = local.networking.application_gateways + + global_settings = local.global_settings + diagnostics = local.diagnostics + resource_group_name = module.resource_groups[each.value.resource_group_key].name + location = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region] + settings = each.value + sku_name = each.value.sku_name + sku_tier = each.value.sku_tier + vnets = module.networking + public_ip_addresses = module.public_ip_addresses + application_gateway_applications = local.networking.application_gateway_applications[each.key] +} \ No newline at end of file diff --git a/main.tf b/main.tf index d450088f02..ef186d8d05 100755 --- a/main.tf +++ b/main.tf @@ -56,6 +56,8 @@ locals { } networking = { + application_gateways = try(var.networking.application_gateways, {}) + application_gateway_applications = try(var.networking.application_gateway_applications, {}) network_security_group_definition = try(var.networking.network_security_group_definition, {}) public_ip_addresses = try(var.networking.public_ip_addresses, {}) vnet_peerings = try(var.networking.vnet_peerings, {}) diff --git a/modules/compute/virtual_machine/vm_linux.tf b/modules/compute/virtual_machine/vm_linux.tf index bfc9206919..0c579b7f54 100755 --- a/modules/compute/virtual_machine/vm_linux.tf +++ b/modules/compute/virtual_machine/vm_linux.tf @@ -56,6 +56,7 @@ resource "azurerm_linux_virtual_machine" "vm" { allow_extension_operations = try(each.value.allow_extension_operations, null) computer_name = azurecaf_name.linux_computer_name[each.key].result + eviction_policy = try(each.value.eviction_policy, null) max_bid_price = try(each.value.max_bid_price, null) priority = try(each.value.priority, null) provision_vm_agent = try(each.value.provision_vm_agent, true) diff --git a/modules/compute/virtual_machine/vm_windows.tf b/modules/compute/virtual_machine/vm_windows.tf index 07c2c715c2..13ed373259 100644 --- a/modules/compute/virtual_machine/vm_windows.tf +++ b/modules/compute/virtual_machine/vm_windows.tf @@ -52,6 +52,7 @@ resource "azurerm_windows_virtual_machine" "vm" { enable_automatic_updates = try(each.value.enable_automatic_updates, null) eviction_policy = try(each.value.eviction_policy, null) max_bid_price = try(each.value.max_bid_price, null) + priority = try(each.value.priority, null) license_type = try(each.value.license_type, null) tags = try(each.value.tags, null) timezone = try(each.value.timezone, null) diff --git a/modules/networking/application_gateway/application_gateway.tf b/modules/networking/application_gateway/application_gateway.tf new file mode 100644 index 0000000000..a3097c95e2 --- /dev/null +++ b/modules/networking/application_gateway/application_gateway.tf @@ -0,0 +1,143 @@ +resource "azurecaf_name" "agw" { + name = var.settings.name + resource_type = "azurerm_application_gateway" + prefixes = [var.global_settings.prefix] + random_length = var.global_settings.random_length + clean_input = true + passthrough = var.global_settings.passthrough +} + +resource "azurerm_application_gateway" "agw" { + name = azurecaf_name.agw.result + resource_group_name = var.resource_group_name + location = var.location + + zones = try(var.settings.zones, null) + enable_http2 = try(var.settings.enable_http2, true) + tags = try(var.settings.tags, null) + firewall_policy_id = try(var.settings.firewall_policy_id, null) + + sku { + name = var.sku_name + tier = var.sku_tier + capacity = try(var.settings.capacity.autoscale, null) == null ? var.settings.capacity.scale_unit : null + } + + gateway_ip_configuration { + name = var.settings.name + subnet_id = var.vnets[var.settings.vnet_key].subnets[var.settings.subnet_key].id + } + + dynamic autoscale_configuration { + for_each = try(var.settings.capacity.autoscale, null) == null ? [] : [1] + + content { + min_capacity = var.settings.capacity.autoscale.minimum_scale_unit + max_capacity = var.settings.capacity.autoscale.maximum_scale_unit + } + } + + dynamic frontend_ip_configuration { + for_each = var.settings.front_end_ip_configurations + + content { + name = frontend_ip_configuration.value.name + public_ip_address_id = try(frontend_ip_configuration.value.public_ip_key, null) == null ? null : var.public_ip_addresses[frontend_ip_configuration.value.public_ip_key].id + private_ip_address = try(frontend_ip_configuration.value.public_ip_key, null) == null ? cidrhost(var.vnets[frontend_ip_configuration.value.vnet_key].subnets[frontend_ip_configuration.value.subnet_key].cidr[frontend_ip_configuration.value.subnet_cidr_index], frontend_ip_configuration.value.private_ip_offset) : null + private_ip_address_allocation = try(frontend_ip_configuration.value.public_ip_key, null) == null ? frontend_ip_configuration.value.private_ip_address_allocation : null + subnet_id = try(frontend_ip_configuration.value.public_ip_key, null) == null ? var.vnets[frontend_ip_configuration.value.vnet_key].subnets[frontend_ip_configuration.value.subnet_key].id : null + } + } + + dynamic frontend_port { + for_each = var.settings.front_end_ports + + content { + name = frontend_port.value.name + port = frontend_port.value.port + } + } + + dynamic http_listener { + for_each = var.application_gateway_applications.listeners + + content { + name = http_listener.value.name + frontend_ip_configuration_name = var.settings.front_end_ip_configurations[http_listener.value.front_end_ip_configuration_key].name + frontend_port_name = var.settings.front_end_ports[http_listener.value.front_end_port_key].name + protocol = var.settings.front_end_ports[http_listener.value.front_end_port_key].protocol + } + } + + dynamic request_routing_rule { + for_each = var.application_gateway_applications.request_routing_rules + + content { + name = request_routing_rule.value.name + rule_type = request_routing_rule.value.rule_type + http_listener_name = var.application_gateway_applications.listeners[request_routing_rule.value.http_listener_key].name + backend_http_settings_name = var.application_gateway_applications.backend_http_settings[request_routing_rule.value.backend_http_settings_key].name + backend_address_pool_name = var.application_gateway_applications.backend_pools[request_routing_rule.value.backend_pool_key].name + } + } + + dynamic backend_http_settings { + for_each = var.application_gateway_applications.backend_http_settings + + content { + name = backend_http_settings.value.name + cookie_based_affinity = try(backend_http_settings.value.cookie_based_affinity, "Disabled") + port = backend_http_settings.value.port + protocol = backend_http_settings.value.protocol + request_timeout = try(backend_http_settings.value.request_timeout, 30) + } + } + + dynamic backend_address_pool { + for_each = var.application_gateway_applications.backend_pools + + content { + name = backend_address_pool.value.name + } + } + + + + + # identity { + + # } + # authentication_certificate { + + # } + + # trusted_root_certificate { + + # } + + # ssl_policy { + + # } + + # probe { + + # } + + # ssl_certificate { + + # } + + # url_path_map {} + + # waf_configuration {} + + # custom_error_configuration {} + + # redirect_configuration {} + + # autoscale_configuration {} + + # rewrite_rule_set {} + + +} \ No newline at end of file diff --git a/modules/networking/application_gateway/diagnostics.tf b/modules/networking/application_gateway/diagnostics.tf new file mode 100755 index 0000000000..7877e24610 --- /dev/null +++ b/modules/networking/application_gateway/diagnostics.tf @@ -0,0 +1,8 @@ +module diagnostics { + source = "../../diagnostics" + + resource_id = azurerm_application_gateway.agw.id + resource_location = var.location + diagnostics = var.diagnostics + profiles = try(var.settings.diagnostic_profiles, {}) +} \ No newline at end of file diff --git a/modules/networking/application_gateway/main.tf b/modules/networking/application_gateway/main.tf new file mode 100644 index 0000000000..27540f8b3f --- /dev/null +++ b/modules/networking/application_gateway/main.tf @@ -0,0 +1,14 @@ +locals { + module_tag = { + "module" = basename(abspath(path.module)) + } + tags = merge(try(var.settings.tags, {}), local.module_tag) +} + +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} \ No newline at end of file diff --git a/modules/networking/application_gateway/private_dns_records.tf b/modules/networking/application_gateway/private_dns_records.tf new file mode 100644 index 0000000000..e50ca5ef45 --- /dev/null +++ b/modules/networking/application_gateway/private_dns_records.tf @@ -0,0 +1,34 @@ +# resource "azurerm_private_dns_a_record" "a_records" { +# depends_on = [ +# azurerm_template_deployment.ase +# ] +# for_each = try(var.settings.private_dns_records.a_records, {}) + +# name = each.value.name +# resource_group_name = lookup(each.value, "remote_tfstate", null) == null ? var.private_dns[each.value.private_dns_key].resource_group_name : data.terraform_remote_state.ase_vnet_dns[each.key].outputs[each.value.remote_tfstate.output_key][each.value.private_dns_key].resource_group_name +# zone_name = lookup(each.value, "remote_tfstate", null) == null ? var.private_dns[each.value.private_dns_key].name : data.terraform_remote_state.ase_vnet_dns[each.key].outputs[each.value.remote_tfstate.output_key][each.value.private_dns_key].name +# ttl = each.value.ttl +# records = [data.external.ase_ilb_ip.result.internalIpAddress] +# tags = try(each.value.tags, {}) +# } + +# # +# # Get remote ase vnet +# # +# data "terraform_remote_state" "vnet_dns" { +# for_each = { +# for key, value in var.settings.private_dns_records.a_records : key => value +# if try(value.remote_tfstate, null) != null +# } + +# backend = "azurerm" +# config = { +# storage_account_name = var.tfstates[each.value.remote_tfstate.tfstate_key].storage_account_name +# container_name = var.tfstates[each.value.remote_tfstate.tfstate_key].container_name +# resource_group_name = var.tfstates[each.value.remote_tfstate.tfstate_key].resource_group_name +# key = var.tfstates[each.value.remote_tfstate.tfstate_key].key +# use_msi = var.use_msi +# subscription_id = var.use_msi ? var.tfstates[each.value.remote_tfstate.tfstate_key].subscription_id : null +# tenant_id = var.use_msi ? var.tfstates[each.value.remote_tfstate.tfstate_key].tenant_id : null +# } +# } diff --git a/modules/networking/application_gateway/variable.tf b/modules/networking/application_gateway/variable.tf new file mode 100644 index 0000000000..d365877195 --- /dev/null +++ b/modules/networking/application_gateway/variable.tf @@ -0,0 +1,32 @@ +variable settings {} +variable global_settings {} +variable diagnostics {} +variable resource_group_name {} +variable location {} +variable public_ip_addresses {} +variable application_gateway_applications {} +variable vnets {} + +variable sku_name { + type = string + default = "Standard_v2" + description = "(Optional) (Default = Standard_v2) The Name of the SKU to use for this Application Gateway. Possible values are Standard_Small, Standard_Medium, Standard_Large, Standard_v2, WAF_Medium, WAF_Large, and WAF_v2." + + validation { + condition = contains(["Standard_Small", "Standard_Medium", "Standard_Large", "Standard_v2", "WAF_Medium", "WAF_Large", "WAF_v2"], var.sku_name) + error_message = "Provide an allowed value as defined in https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html#sku." + } +} + +variable sku_tier { + type = string + default = "Standard_v2" + description = "(Optional) (Default = Standard_v2) (Required) The Tier of the SKU to use for this Application Gateway. Possible values are Standard, Standard_v2, WAF and WAF_v2." + + validation { + condition = contains(["Standard", "Standard_v2", "WAF ", "WAF_v2"], var.sku_tier) + error_message = "Provide an allowed value as defined in https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html#sku." + } +} + + diff --git a/modules/networking/virtual_network/subnet/output.tf b/modules/networking/virtual_network/subnet/output.tf index 82719b63d7..5d93db71fc 100644 --- a/modules/networking/virtual_network/subnet/output.tf +++ b/modules/networking/virtual_network/subnet/output.tf @@ -8,3 +8,8 @@ output name { value = azurerm_subnet.subnet.name sensitive = true } + +output cidr { + value = var.address_prefixes + sensitive = true +} \ No newline at end of file