Added Azure networking and domain zones modules (#28)

Added pre-commit hook to auto populate inputs and outputs in module README
Added GitHub Action that runs pre-commit

.github/workflows/pre-commit.yml

@@ -0,0 +1,26 @@
+---
+name: Run pre-commit
+on:
+  push:
+    branches: [develop, main]
+  pull_request:
+jobs:
+  pre-commit:
+    name: Run pre-commit
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+      - name: Install tools
+        shell: bash
+        run: |
+          bash -x ./scripts/github_actions-install_tools.sh
+      - name: run pre-commit
+        uses: pre-commit/[email protected]
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ github.token }}

.gitignore

@@ -6,4 +6,4 @@ terraform.tfvars
 
 # OS X files
 .history
-.DS_Store
+.DS_Store

.pre-commit-config.yaml

@@ -0,0 +1,36 @@
+---
+repos:
+  - repo: https://github.com/lyz-code/yamlfix/
+    rev: 1.9.0
+    hooks:
+      - id: yamlfix
+        exclude: (.*.*/templates/.*.yaml|kubernetes/helm/application-charts/test-oh-std-lib/values.yaml)
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: [--baseline, .secrets.baseline]
+        exclude: package.lock.json
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.79.1
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_tflint
+        args:
+          - --args=--minimum-failure-severity=notice
+          - --args=--config=.tflint.hcl
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: pretty-format-json
+        args: [--autofix]
+      - id: mixed-line-ending
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.34.0
+    hooks:
+      - id: markdownlint-fix

.secrets.baseline

@@ -0,0 +1,112 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2023-05-23T18:43:48Z"
+}

.tflint.hcl

@@ -0,0 +1,21 @@
+plugin "terraform" {
+  enabled = true
+}
+
+plugin "azurerm" {
+  enabled = true
+  version = "0.22.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.22.1"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "google" {
+    enabled = true
+    version = "0.23.1"
+    source  = "github.com/terraform-linters/tflint-ruleset-google"
+}

LICENSE

@@ -10,4 +10,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.

README.md

@@ -1,16 +1,20 @@
+# Terraform Modules
+
 [![Maintained by cloudkite.io](https://img.shields.io/badge/maintained%20by-cloudkite.io-%235849a6.svg)](https://cloudkite.io/)
 [![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/cloudkite-io/terraform-modules.svg?label=latest)](https://github.com/cloudkite-io/terraform-modules/releases/latest)
 ![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.12.9-blue.svg)
 
-# Terraform Modules
-
-This repo contains [Terraform](https://www.terraform.io/docs/configuration/modules.html) modules for building and maintaining cloud infrastructure.
+This repo contains
+[Terraform](https://www.terraform.io/docs/configuration/modules.html)
+modules for building and maintaining cloud infrastructure.
 
 These modules are opinionated based on what we consider good defaults.
 
 ## Repo content
 
-### Modules:
+<!-- markdownlint-disable MD013 -->
+
+### Modules
 
 * [cloud sql dashboard](https://github.com/cloudkite-io/terraform-modules/tree/master/modules/gcp/cloudsql-dashboard): GCP Cloudsql Dashboard
 * [gke](https://github.com/cloudkite-io/terraform-modules/tree/master/modules/gcp/gke): GKE module for Google Compute Platform

modules/azure/domain_zones/README.md

@@ -0,0 +1,69 @@
+# Terraform Azure Domain Zones
+
+This Terraform module creates public Azure Domain Zones, `A` and `CNAME` records.
+
+<!-- markdownlint-disable MD013 MD033 -->
+
+```shell
+module "domain_zones" {
+  source              = "[email protected]:cloudkite-io/terraform-modules.git//modules/azure/domain_zones?ref=v0.1.5"
+  resource_group_name = "sample-resource-group"
+  dns_domain_zones    = ["example.com", "sub.example.com"]
+  dns_a_records       = {
+    "*" = {
+      records = ["0.0.0.0"]
+      zone    = "sub.example.com"
+    }
+  }
+  dns_cname_records   = {
+    "something" = {
+      record = "_424c7224e9b0146f9a8808af955727d0.acm-validations.aws." # Example from: https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
+      zone   = "example.com"
+    }
+  }
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.3.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >=3.53.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >=3.53.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_dns_a_record.dns_a_records](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
+| [azurerm_dns_cname_record.dns_cname_records](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource |
+| [azurerm_dns_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dns_a_records"></a> [dns\_a\_records](#input\_dns\_a\_records) | Map with dns A records to create and their configurations | <pre>map(object({<br>    zone    = string<br>    records = list(string)<br>  }))</pre> | n/a | yes |
+| <a name="input_dns_cname_records"></a> [dns\_cname\_records](#input\_dns\_cname\_records) | Map with dns CNAME records to create and their configurations | <pre>map(object({<br>    zone   = string<br>    record = string<br>  }))</pre> | n/a | yes |
+| <a name="input_dns_domain_zones"></a> [dns\_domain\_zones](#input\_dns\_domain\_zones) | List of Top level domains to create | `list(string)` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Azure resource group name | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_dns_a_records"></a> [dns\_a\_records](#output\_dns\_a\_records) | The properties of DNS A records created by this module |
+| <a name="output_dns_cname_records"></a> [dns\_cname\_records](#output\_dns\_cname\_records) | The properties of DNS CNAME records created by this module |
+| <a name="output_domain_zones"></a> [domain\_zones](#output\_domain\_zones) | The properties for domain zones created by this module |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/azure/domain_zones/main.tf

@@ -0,0 +1,29 @@
+resource "azurerm_dns_zone" "domain_zone" {
+  for_each            = toset(var.dns_domain_zones)
+  name                = each.key
+  resource_group_name = var.resource_group_name
+}
+
+resource "azurerm_dns_a_record" "dns_a_records" {
+  for_each            = var.dns_a_records
+  name                = each.key
+  zone_name           = each.value.zone
+  resource_group_name = var.resource_group_name
+  ttl                 = 300
+  records             = each.value.records
+  depends_on = [
+    azurerm_dns_zone.domain_zone
+  ]
+}
+
+resource "azurerm_dns_cname_record" "dns_cname_records" {
+  for_each            = var.dns_cname_records
+  name                = each.key
+  zone_name           = each.value.zone
+  resource_group_name = var.resource_group_name
+  ttl                 = 300
+  record              = "${each.key}.${each.value.record}"
+  depends_on = [
+    azurerm_dns_zone.domain_zone
+  ]
+}

modules/azure/domain_zones/outputs.tf

@@ -0,0 +1,14 @@
+output "domain_zones" {
+  description = "The properties for domain zones created by this module"
+  value       = azurerm_dns_zone.domain_zone
+}
+
+output "dns_a_records" {
+  description = "The properties of DNS A records created by this module"
+  value       = azurerm_dns_a_record.dns_a_records
+}
+
+output "dns_cname_records" {
+  description = "The properties of DNS CNAME records created by this module"
+  value       = azurerm_dns_cname_record.dns_cname_records
+}

modules/azure/domain_zones/variables.tf

@@ -0,0 +1,25 @@
+variable "resource_group_name" {
+  description = "Azure resource group name"
+  type        = string
+}
+
+variable "dns_domain_zones" {
+  description = "List of Top level domains to create"
+  type        = list(string)
+}
+
+variable "dns_a_records" {
+  description = "Map with dns A records to create and their configurations"
+  type = map(object({
+    zone    = string
+    records = list(string)
+  }))
+}
+
+variable "dns_cname_records" {
+  description = "Map with dns CNAME records to create and their configurations"
+  type = map(object({
+    zone   = string
+    record = string
+  }))
+}

modules/azure/domain_zones/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">=1.3.0"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.53.0"
+    }
+  }
+}