diff --git a/.github/workflows/master-100.yaml b/.github/workflows/master-100.yaml
index 6f9a162f0f..0e86804c58 100755
--- a/.github/workflows/master-100.yaml
+++ b/.github/workflows/master-100.yaml
@@ -114,6 +114,10 @@ jobs:
"mysql_server/101-vnet-rule-mysql",
"mysql_server/102-private-endpoint-mysql",
"mysql_server/103-private-endpoint-with-fw-rule-mysql",
+ "networking/dns_zones/100-simple-dns_zone",
+ "networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns",
+ "networking/front_door/100-simple-front_door",
+ "networking/front_door/101-front_door_waf",
"networking/private_dns/100-private-dns-vnet-links",
"networking/private_links/endpoints/centralized",
"networking/virtual_network/100-subnet-delegation",
diff --git a/.github/workflows/master-standalone.yaml b/.github/workflows/master-standalone.yaml
index 9f55f62dd5..5a6447ca01 100755
--- a/.github/workflows/master-standalone.yaml
+++ b/.github/workflows/master-standalone.yaml
@@ -62,7 +62,7 @@ jobs:
"mariadb_server/102-private-endpoint-mariadb",
"mariadb_server/103-private-endpoint-with-fw-rule-mariadb",
"monitoring/100-service-health-alerts",
- "mssql_mi/200-mi",
+ # "mssql_mi/200-mi",
"mssql_server/elastic_pools",
"mssql_server/failover_groups",
"mysql_server/100-simple-mysql",
@@ -70,7 +70,10 @@ jobs:
"mysql_server/102-private-endpoint-mysql",
"mysql_server/103-private-endpoint-with-fw-rule-mysql",
"networking/express_routes",
+ "networking/dns_zones/100-simple-dns_zone",
"networking/firewall/100-simple-firewall-with-routes",
+ "networking/front_door/100-simple-front_door",
+ "networking/front_door/101-front_door_waf",
"networking/private_dns/100-private-dns-vnet-links",
"networking/virtual_network/100-simple-vnet-subnets-nsgs",
"networking/virtual_network/100-subnet-delegation",
diff --git a/aks_clusters.tf b/aks_clusters.tf
index 170021524a..bef0f31b10 100755
--- a/aks_clusters.tf
+++ b/aks_clusters.tf
@@ -1,6 +1,6 @@
output aks_clusters {
- value = module.aks_clusters
-
+ value = module.aks_clusters
+
}
module aks_clusters {
diff --git a/app_service_environments.tf b/app_service_environments.tf
index f34101709c..293bd82980 100755
--- a/app_service_environments.tf
+++ b/app_service_environments.tf
@@ -24,6 +24,6 @@ module "app_service_environments" {
output "app_service_environments" {
- value = module.app_service_environments
-
+ value = module.app_service_environments
+
}
\ No newline at end of file
diff --git a/app_service_plans.tf b/app_service_plans.tf
index 87ecfc1dc5..e6d8592b84 100755
--- a/app_service_plans.tf
+++ b/app_service_plans.tf
@@ -15,6 +15,6 @@ module "app_service_plans" {
}
output app_service_plans {
- value = module.app_service_plans
-
+ value = module.app_service_plans
+
}
diff --git a/application_gateways.tf b/application_gateways.tf
index 107c3d1464..25efc6686f 100644
--- a/application_gateways.tf
+++ b/application_gateways.tf
@@ -24,11 +24,11 @@ module application_gateways {
}
output application_gateways {
- value = module.application_gateways
-
+ value = module.application_gateways
+
}
output application_gateway_applications {
- value = local.networking.application_gateway_applications
-
+ value = local.networking.application_gateway_applications
+
}
diff --git a/automations.tf b/automations.tf
index bb726e2328..1f5b828055 100644
--- a/automations.tf
+++ b/automations.tf
@@ -12,6 +12,6 @@ module automations {
}
output automations {
- value = module.automations
-
+ value = module.automations
+
}
diff --git a/availability_sets.tf b/availability_sets.tf
index 0175ca907d..7e01699a16 100644
--- a/availability_sets.tf
+++ b/availability_sets.tf
@@ -18,6 +18,6 @@ module availability_sets {
output availability_sets {
- value = module.availability_sets
-
+ value = module.availability_sets
+
}
\ No newline at end of file
diff --git a/azuread.tf b/azuread.tf
index ed80eb04c0..a2fab66586 100755
--- a/azuread.tf
+++ b/azuread.tf
@@ -16,8 +16,8 @@ module azuread_applications {
}
output aad_apps {
- value = module.azuread_applications
-
+ value = module.azuread_applications
+
}
#
@@ -34,8 +34,8 @@ module azuread_groups {
}
output azuread_groups {
- value = module.azuread_groups
-
+ value = module.azuread_groups
+
}
module azuread_groups_members {
@@ -64,6 +64,6 @@ module azuread_users {
}
output azuread_users {
- value = module.azuread_users
-
+ value = module.azuread_users
+
}
\ No newline at end of file
diff --git a/azurerm_application_insights.tf b/azurerm_application_insights.tf
index b03ee802ed..392a9d33b7 100755
--- a/azurerm_application_insights.tf
+++ b/azurerm_application_insights.tf
@@ -18,6 +18,6 @@ module "azurerm_application_insights" {
}
output application_insights {
- value = module.azurerm_application_insights
-
+ value = module.azurerm_application_insights
+
}
\ No newline at end of file
diff --git a/container_registry.tf b/container_registry.tf
index f430691a55..2858fd3fea 100755
--- a/container_registry.tf
+++ b/container_registry.tf
@@ -22,7 +22,7 @@ module container_registry {
}
output azure_container_registries {
- value = module.container_registry
-
+ value = module.container_registry
+
}
diff --git a/cosmos_db.tf b/cosmos_db.tf
index 5b22edd332..d423030586 100644
--- a/cosmos_db.tf
+++ b/cosmos_db.tf
@@ -10,6 +10,6 @@ module cosmos_db {
}
output cosmos_db_id {
- value = module.cosmos_db
-
+ value = module.cosmos_db
+
}
\ No newline at end of file
diff --git a/databricks.tf b/databricks.tf
index e4aae33915..444a40c2c3 100644
--- a/databricks.tf
+++ b/databricks.tf
@@ -12,7 +12,7 @@ module databricks_workspaces {
}
output databricks_workspaces {
- value = module.databricks_workspaces
-
+ value = module.databricks_workspaces
+
}
diff --git a/diagnostics.tf b/diagnostics.tf
index ebaf0f455d..ad03463ca3 100644
--- a/diagnostics.tf
+++ b/diagnostics.tf
@@ -18,8 +18,8 @@ locals {
# Output diagnostics
output diagnostics {
- value = local.combined_diagnostics
-
+ value = local.combined_diagnostics
+
}
module diagnostic_storage_accounts {
diff --git a/examples/module.tf b/examples/module.tf
index 2160f06593..a1e7950941 100644
--- a/examples/module.tf
+++ b/examples/module.tf
@@ -40,6 +40,8 @@ module "caf" {
proximity_placement_groups = var.proximity_placement_groups
}
networking = {
+ domain_name_registrations = var.domain_name_registrations
+ dns_zone_records = var.dns_zone_records
vnets = var.vnets
network_security_group_definition = var.network_security_group_definition
public_ip_addresses = var.public_ip_addresses
@@ -72,7 +74,6 @@ module "caf" {
mssql_managed_instances = var.mssql_managed_instances
mssql_managed_instances_secondary = var.mssql_managed_instances_secondary
mssql_databases = var.mssql_databases
- mssql_managed_databases = var.mssql_managed_databases
mssql_managed_databases_restore = var.mssql_managed_databases_restore
mssql_managed_databases_backup_ltr = var.mssql_managed_databases_backup_ltr
mssql_elastic_pools = var.mssql_elastic_pools
@@ -86,8 +87,8 @@ module "caf" {
machine_learning_workspaces = var.machine_learning_workspaces
cosmos_dbs = var.cosmos_dbs
mariadb_servers = var.mariadb_servers
- mysql_servers = var.mysql_servers
- postgresql_servers = var.postgresql_servers
+ mysql_servers = var.mysql_servers
+ postgresql_servers = var.postgresql_servers
}
shared_services = {
monitoring = var.monitoring
@@ -96,11 +97,10 @@ module "caf" {
}
security = {
- dynamic_keyvault_secrets = var.dynamic_keyvault_secrets
- keyvault_keys = var.keyvault_keys
- keyvault_certificate_requests = var.keyvault_certificate_requests
dynamic_keyvault_secrets = var.dynamic_keyvault_secrets
+ keyvault_keys = var.keyvault_keys
keyvault_certificate_requests = var.keyvault_certificate_requests
+ keyvault_certificate_issuers = var.keyvault_certificate_issuers
}
remote_objects = {
diff --git a/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars b/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars
index 70d719e094..140cae982d 100644
--- a/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars
+++ b/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars
@@ -2,7 +2,6 @@ global_settings = {
default_region = "region1"
regions = {
region1 = "southeastasia"
- region2 = "eastasia"
}
}
@@ -16,23 +15,195 @@ resource_groups = {
dns_zones = {
dns_zone1 = {
name = "" // Set as empty for CI. this will creation a random_domain_name.com
- region = "region1"
resource_group_key = "dns_re1"
- contract = {
- name_first = "John"
- name_last = "Doe"
- email = "test@contoso.com"
- phone = "+65.12345678"
- organization = "Sandpit"
- job_title = "Engineer"
- address1 = "Singapore"
- address2 = ""
- postal_code = "018898"
- state = "Singapore"
- city = "Singapore"
- country = "SG"
- auto_renew = true
- }
+ # You can create dns records using the following nested structure
+ records = {
+ cname = {
+ www_com = {
+ name = "www"
+ record = "www.bing.com"
+ }
+ ftp_co_uk = {
+ name = "ftp"
+ record = "www.bing.co.uk"
+ tags = {
+ project = "prod_crm"
+ }
+ }
+ } //cname
+ } //records
+ } //dns_zone1
+
+ dns_zone2 = {
+ name = "" // Set as empty for CI. this will creation a random_domain_name.com
+ resource_group_key = "dns_re1"
+
+ records = {
+ cname = {
+ www_co_uk = {
+ name = "www"
+ record = "www.bing.co.uk"
+ }
+ www1 = {
+ name = "www1"
+ # You can also reference an alias resord set
+ resource_id = {
+ # to an existing zone recordset
+ dns_zone_record = {
+ key = "www_co_uk"
+ }
+ }
+ } //www1
+ } //cname
+
+ caa = {
+ test = {
+ name = "test"
+ ttl = 60
+ tags = {
+ project = "prod_crm"
+ }
+ records = {
+ 1 = {
+ flags = 0
+ tag = "issue"
+ value = "example.com"
+ }
+ 2 = {
+ flags = 0
+ tag = "issue"
+ value = "example.net"
+ }
+ 3 = {
+ flags = 1
+ tag = "iodef"
+ value = "mailto:terraform@nonexisting.tld"
+ }
+ }
+ }
+ } //caa
+
+
+
+ a = {
+ dns = {
+ name = "dns"
+ records = [
+ "10.10.1.1", "172.10.2.2"
+ ]
+ } //dns
+
+ dns1 = {
+ name = "dns1"
+ # You can also reference an alias resord set
+ resource_id = {
+ # to an existing zone recordset
+ dns_zone_record = {
+ key = "dns"
+ }
+ }
+ } //www1
+ } //a
+
+ srv = {
+ dc1 = {
+ name = "dc1"
+ records = {
+ target1 = {
+ priority = 1
+ weight = 5
+ port = 8080
+ target = "target1.contoso.com"
+ }
+ }
+ }
+ } //srv
+ } //records
+ } //dns_zone2
+}
+
+# If you need to reference an existing DNS Zone, the following structure must be used
+dns_zone_records = {
+ record1 = {
+ dns_zone = {
+ # name = "name of an existing dns_zone"
+ # resource_group_name = "set the name when the id is provided"
+ key = "dns_zone1"
+ # lz_key = "name of the remote landingzone"
+ } //dns_zone
+
+ records = {
+
+ cname = {
+ www_fr = {
+ name = "www-fr"
+ record = "www.bing.fr"
+ }
+ } //cname
+
+ a = {
+ dns = {
+ name = "dns"
+ records = [
+ "10.10.1.1", "172.10.2.2"
+ ]
+ }
+ } //a
+ } //records
+ } //record1
+
+ #
+ # Example to reference an existing dns_zone in the target subscription
+ #
+ # record2 = {
+ # dns_zone = {
+ # name = "sfjcnwejcwejvwe.com"
+ # resource_group_name = "example-resources"
+ # }
+
+ # records = {
+
+ # cname = {
+ # www_fr = {
+ # name = "www-fr"
+ # record = "www.bing.fr"
+ # }
+ # } //cname
+
+ # a = {
+ # dns = {
+ # name = "dns"
+ # records = [
+ # "10.10.1.1", "172.10.2.2"
+ # ]
+ # }
+ # } //a
+ # } //record2
+ # }
+}
+
+# IAM
+
+managed_identities = {
+ msi1 = {
+ name = "msi1"
+ resource_group_key = "dns_re1"
}
+}
+
+role_mapping = {
+ built_in_role_mapping = {
+ dns_zones = {
+ dns_zone1 = {
+ "DNS Zone Contributor" = {
+ managed_identities = {
+ keys = [
+ "msi1"
+ ]
+ } //managed_identities
+ } //"DNS Zone Contributor"
+ } //dns_zone1
+ } //dns_zones
+ } //built_in_role_mapping
}
\ No newline at end of file
diff --git a/examples/networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns/configuration.tfvars b/examples/networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns/configuration.tfvars
new file mode 100644
index 0000000000..c615a22b76
--- /dev/null
+++ b/examples/networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns/configuration.tfvars
@@ -0,0 +1,99 @@
+global_settings = {
+ default_region = "region1"
+ regions = {
+ region1 = "southeastasia"
+ }
+}
+
+resource_groups = {
+ rg1 = {
+ name = "dns-domain-registrar"
+ region = "region1"
+ }
+}
+
+dns_zones = {
+ dns_zone1 = {
+ name = "" // Set as empty for CI. this will creation a random_domain_name.com
+ resource_group_key = "rg1"
+
+ # You can create dns records using the following nested structure
+ records = {
+ cname = {
+ www_com = {
+ name = "www"
+ record = "www.bing.com"
+ }
+ ftp_co_uk = {
+ name = "ftp"
+ record = "www.bing.co.uk"
+ }
+ }
+ }
+ }
+ dns_zone2 = {
+ name = "" // Set as empty for CI. this will creation a random_domain_name.com
+ region = "region1"
+ resource_group_key = "rg1"
+
+ records = {
+ cname = {
+ www_co_uk = {
+ name = "www"
+ record = "www.bing.co.uk"
+ }
+ }
+ }
+ }
+}
+
+domain_name_registrations = {
+ #
+ # Register for a random domain name
+ # As dnsType as not be set
+ #
+ random_domain = {
+ name = "" // Set as empty for CI. this will creation a random_domain_name.com
+ resource_group_key = "rg1"
+
+ auto_renew = true
+ privacy = true
+ lock_resource = false
+ dns_zone = {
+ # Set the resource ID of the existing DNS zone
+ # id = "/subscriptions/[subscription_id]/resourceGroups/qaxu-rg-dns-domain-registrar/providers/Microsoft.Network/dnszones/ml0iaix4xgnz0jqd.com"
+ #
+ # or
+ #
+ # Set the 'key' of the dns_zone created in this deployment
+ # Set 'lz_key' if the DNS zone referenced by the key attribute has been created in a remote deployment
+ key = "dns_zone1"
+ }
+
+ contacts = {
+ contactAdmin = {
+ name_first = "John"
+ name_last = "Doe"
+ email = "test@contoso.com"
+ phone = "+65.12345678"
+ organization = "Sandpit"
+ job_title = "Engineer"
+ address1 = "Singapore"
+ address2 = ""
+ postal_code = "018898"
+ state = "Singapore"
+ city = "Singapore"
+ country = "SG"
+ }
+ contactBilling = {
+ same_as_admin = true
+ }
+ contactRegistrant = {
+ same_as_admin = true
+ }
+ contactTechnical = {
+ same_as_admin = true
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/networking/express_routes/standalone/output.tf b/examples/networking/express_routes/standalone/output.tf
index caa1531260..311b453849 100644
--- a/examples/networking/express_routes/standalone/output.tf
+++ b/examples/networking/express_routes/standalone/output.tf
@@ -1,11 +1,11 @@
output express_route_circuits {
- value = module.caf.express_route_circuits
-
+ value = module.caf.express_route_circuits
+
description = "Express Route Circuit output"
}
output express_route_circuit_authorizations {
- value = module.caf.express_route_circuit_authorizations
-
+ value = module.caf.express_route_circuit_authorizations
+
description = "Express Route Circuit Authorizations Keys output"
}
diff --git a/examples/networking/front_door/100-simple-front_door/front_doors.tfvars b/examples/networking/front_door/100-simple-front_door/front_doors.tfvars
index da68056b6f..e0ffeda5bb 100644
--- a/examples/networking/front_door/100-simple-front_door/front_doors.tfvars
+++ b/examples/networking/front_door/100-simple-front_door/front_doors.tfvars
@@ -100,14 +100,21 @@ front_doors = {
custom_https_configuration = {
certificate_source = "AzureKeyVault"
#If certificate source is AzureKeyVault the below are required:
- azure_key_vault_certificate_vault_id = "/subscriptions/fed745fc-818a-4b9f-8338-22368e098c5c/resourceGroups/inos-rg-front-door-rg-guinc/providers/Microsoft.KeyVault/vaults/kv-certsecrets-ccmcj"
- azure_key_vault_certificate_secret_name = "test"
- azure_key_vault_certificate_secret_version = "b672b38ce10245b8bd3ba75924c80d3d"
- # Or if created from CAF module
- # keyvault_certificate_key = ""
+ # azure_key_vault_certificate_vault_id = "/subscriptions/[subscription_id]/resourceGroups/[resource_group_name]/providers/Microsoft.KeyVault/vaults/kv-certsecrets-ccmcj"
+ # azure_key_vault_certificate_secret_name = "test"
+ # azure_key_vault_certificate_secret_version = "b672b38ce10245b8bd3ba75924c80d3d"
+ #
+ #### Or if created from CAF module
+ #
+ # certificate = {
+ # key = "sales_application"
+ # # lz_key = ""
+ # }
+ }
+ front_door_waf_policy = {
+ key = "wp1"
+ # lz_key = ""
}
- front_door_waf_policy_key = "wp1"
- lz_key = ""
}
}
diff --git a/examples/networking/front_door/100-simple-front_door/standalone/locals.tf b/examples/networking/front_door/100-simple-front_door/standalone/locals.tf
deleted file mode 100644
index 3ddc1bdf25..0000000000
--- a/examples/networking/front_door/100-simple-front_door/standalone/locals.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-locals {
- remote = {
- diagnostics = {
- # Get the diagnostics settings of services to create
- diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces
- diagnostic_log_analytics = var.diagnostic_log_analytics
- diagnostic_storage_accounts = var.diagnostic_storage_accounts
-
- # Combine the diagnostics definitions
- diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition)
- diagnostics_destinations = {
- event_hub_namespaces = merge(
- try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.event_hub_namespaces, {}),
- try(var.diagnostics_destinations.event_hub_namespaces, {})
- )
- log_analytics = merge(
- try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.log_analytics, {}),
- try(var.diagnostics_destinations.log_analytics, {})
- )
- storage = merge(
- try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.storage, {}),
- try(var.diagnostics_destinations.storage, {})
- )
- }
- # Get the remote existing diagnostics objects
- storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts
- log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics
- event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces
- }
-
- keyvaults = {
- for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.keyvaults[key], {}))
- }
- }
-}
\ No newline at end of file
diff --git a/examples/networking/front_door/100-simple-front_door/standalone/module.tf b/examples/networking/front_door/100-simple-front_door/standalone/module.tf
index 2e16a56702..15e249ebbe 100644
--- a/examples/networking/front_door/100-simple-front_door/standalone/module.tf
+++ b/examples/networking/front_door/100-simple-front_door/standalone/module.tf
@@ -6,7 +6,6 @@ module "caf" {
diagnostic_storage_accounts = var.diagnostic_storage_accounts
diagnostics_definition = var.diagnostics_definition
diagnostics_destinations = var.diagnostics_destinations
- keyvault_certificate_issuers = var.keyvault_certificate_issuers
keyvaults = var.keyvaults
networking = {
vnets = var.vnets
@@ -18,6 +17,7 @@ module "caf" {
}
security = {
dynamic_keyvault_secrets = var.dynamic_keyvault_secrets
+ keyvault_certificate_issuers = var.keyvault_certificate_issuers
keyvault_certificate_requests = var.keyvault_certificate_requests
}
}
diff --git a/examples/networking/front_door/101-front_door_waf/configuration.tfvars b/examples/networking/front_door/101-front_door_waf/configuration.tfvars
index 6528c0478f..abca1fae09 100644
--- a/examples/networking/front_door/101-front_door_waf/configuration.tfvars
+++ b/examples/networking/front_door/101-front_door_waf/configuration.tfvars
@@ -109,17 +109,19 @@ front_doors = {
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
custom_https_provisioning_enabled = false
- #Required if custom_https_provisioning_enabled is true
+ # Required if custom_https_provisioning_enabled is true
custom_https_configuration = {
certificate_source = "FrontDoor"
#If certificate source is AzureKeyVault the below are required:
- azure_key_vault_certificate_vault_id = ""
- azure_key_vault_certificate_secret_name = ""
- azure_key_vault_certificate_secret_version = ""
- lz_key = ""
+ # azure_key_vault_certificate_vault_id = ""
+ # azure_key_vault_certificate_secret_name = ""
+ # azure_key_vault_certificate_secret_version = ""
+ # lz_key = ""
+ }
+ front_door_waf_policy = {
+ key = "wp1"
+ # lz_key = ""
}
- web_application_firewall_policy_key = "wp1"
- lz_key = ""
}
}
diff --git a/examples/outputs.tf b/examples/outputs.tf
index 6f65476948..b13ec05bc2 100644
--- a/examples/outputs.tf
+++ b/examples/outputs.tf
@@ -3,11 +3,28 @@ output virtual_machines {
}
output mssql_managed_instances {
- value = module.caf.mssql_managed_instances
-
+ value = module.caf.mssql_managed_instances
+
+}
+
+output dns_zones {
+ value = module.caf.dns_zones
+}
+
+output dns_zone_records {
+ value = module.caf.dns_zone_records
+}
+
+output keyvault_certificates {
+ value = module.caf.keyvault_certificates
+}
+
+output keyvault_certificate_requests {
+ value = module.caf.keyvault_certificate_requests
}
output mssql_managed_instances_secondary {
value = module.caf.mssql_managed_instances_secondary
sensitive = false
}
+
diff --git a/examples/variables.tf b/examples/variables.tf
index 3f93224967..d9f1afd8dd 100644
--- a/examples/variables.tf
+++ b/examples/variables.tf
@@ -269,45 +269,44 @@ variable front_door_waf_policies {
variable dns_zones {
default = {}
}
-variable private_endpoints {
+variable dns_zone_records {
default = {}
}
-variable local_network_gateways {
+
+variable private_endpoints {
default = {}
}
-
-variable automations {
+variable local_network_gateways {
default = {}
}
-variable keyvault_access_policies_azuread_apps {
+variable domain_name_registrations {
default = {}
}
variable azuread_apps {
default = {}
+ type = map
}
-
variable azuread_users {
default = {}
+ type = map
}
-
variable custom_role_definitions {
default = {}
}
-
variable azurerm_firewalls {
default = {}
}
-
variable azurerm_firewall_network_rule_collection_definition {
default = {}
}
-
variable azurerm_firewall_application_rule_collection_definition {
default = {}
}
-
variable azurerm_firewall_nat_rule_collection_definition {
default = {}
+}
+variable automations {
+ default = {}
}
\ No newline at end of file
diff --git a/front_door_waf_policies.tf b/front_door_waf_policies.tf
index 5c8d73a462..bbaf10ee34 100644
--- a/front_door_waf_policies.tf
+++ b/front_door_waf_policies.tf
@@ -9,6 +9,6 @@ module "front_door_waf_policies" {
}
output front_door_waf_policies {
- value = module.front_door_waf_policies
-
+ value = module.front_door_waf_policies
+
}
\ No newline at end of file
diff --git a/front_doors.tf b/front_doors.tf
index 6819a4402c..66f3b93e26 100644
--- a/front_doors.tf
+++ b/front_doors.tf
@@ -2,12 +2,52 @@ module "front_doors" {
source = "./modules/networking/front_door"
for_each = local.networking.front_doors
- base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
- client_config = local.client_config
- diagnostics = local.combined_diagnostics
- front_door_waf_policies = local.combined_objects_front_door_waf_policies
- global_settings = local.global_settings
- keyvault_id = try(local.combined_objects_keyvaults[local.client_config.landingzone_key][each.value.keyvault_key].id, local.combined_objects_keyvaults[each.value.lz_key][each.value.keyvault_key].id)
- resource_group_name = module.resource_groups[each.value.resource_group_key].name
- settings = each.value
+ base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
+ client_config = local.client_config
+ diagnostics = local.combined_diagnostics
+ front_door_waf_policies = local.combined_objects_front_door_waf_policies
+ global_settings = local.global_settings
+ keyvault_id = try(each.value.keyvault_key, null) == null ? null : try(local.combined_objects_keyvaults[local.client_config.landingzone_key][each.value.keyvault_key].id, local.combined_objects_keyvaults[each.value.lz_key][each.value.keyvault_key].id)
+ keyvault_certificate_requests = local.combined_objects_keyvault_certificate_requests
+ resource_group_name = module.resource_groups[each.value.resource_group_key].name
+ settings = each.value
+}
+
+output front_doors {
+ value = module.front_doors
+}
+
+
+
+# Register Azure FrontDoor service in the directory.
+#
+locals {
+ front_door_application_id = "ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037"
+}
+
+# Execute the SP creation before from the AZ cli
+# It will register the Azure FrontDoor global application ID with a service principal into your azure AD tenant
+# "az ad sp create --id ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037"
+
+data "azuread_service_principal" "front_door" {
+ application_id = local.front_door_application_id
+}
+
+module front_doors_keyvault_access_policy {
+ source = "./modules/security/keyvault_access_policies"
+ for_each = {
+ for key, value in local.networking.front_doors : key => value
+ if try(value.keyvault_key, null) != null
+ }
+
+ client_config = local.client_config
+ keyvault_id = local.combined_objects_keyvaults[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.keyvault_key].id
+
+ access_policies = {
+ front_door_certificate = {
+ object_id = data.azuread_service_principal.front_door.object_id
+ certificate_permissions = ["Get"]
+ secret_permissions = ["Get"]
+ }
+ }
}
\ No newline at end of file
diff --git a/keyvault.tf b/keyvault.tf
index 8f589f765b..0abd542401 100755
--- a/keyvault.tf
+++ b/keyvault.tf
@@ -50,6 +50,6 @@ module "keyvault_access_policies_azuread_apps" {
output keyvaults {
- value = module.keyvaults
-
+ value = module.keyvaults
+
}
diff --git a/keyvault_certificate_issuers.tf b/keyvault_certificate_issuers.tf
index 1b46bb956e..20ffa607d6 100644
--- a/keyvault_certificate_issuers.tf
+++ b/keyvault_certificate_issuers.tf
@@ -1,7 +1,7 @@
module keyvault_certificate_issuers {
source = "./modules/security/keyvault_certificate_issuer"
depends_on = [module.keyvaults]
- for_each = var.keyvault_certificate_issuers
+ for_each = local.security.keyvault_certificate_issuers
resource_group_name = module.resource_groups[each.value.resource_group_key].name
location = module.resource_groups[each.value.resource_group_key].location
@@ -15,7 +15,7 @@ module keyvault_certificate_issuers {
data "azurerm_key_vault_secret" "certificate_issuer_password" {
depends_on = [module.dynamic_keyvault_secrets]
for_each = {
- for key, value in var.keyvault_certificate_issuers : key => value
+ for key, value in local.security.keyvault_certificate_issuers : key => value
if try(value.cert_password_key, null) != null
}
@@ -24,6 +24,6 @@ data "azurerm_key_vault_secret" "certificate_issuer_password" {
}
output keyvault_certificate_issuers {
- value = module.keyvault_certificate_issuers
-
+ value = module.keyvault_certificate_issuers
+
}
diff --git a/keyvault_certificate_requests.tf b/keyvault_certificate_requests.tf
index 3d421e2c02..5e45f17612 100644
--- a/keyvault_certificate_requests.tf
+++ b/keyvault_certificate_requests.tf
@@ -1,8 +1,17 @@
+#
+# Evolution of the keyvault_certificate module. Plan is to transition to this module over time.
+# configuration breaking change when migration from module keyvault_certificate
+#
module keyvault_certificate_requests {
- source = "./modules/security/keyvault_certificate_request"
- for_each = local.security.keyvault_certificate_requests
+ depends_on = [module.keyvault_certificate_issuers]
+ source = "./modules/security/keyvault_certificate_request"
+ for_each = local.security.keyvault_certificate_requests
keyvault_id = try(local.combined_objects_keyvaults[each.value.lz_key][each.value.keyvault_key].id, local.combined_objects_keyvaults[local.client_config.landingzone_key][each.value.keyvault_key].id)
- certificate_issuers = module.keyvault_certificate_issuers
+ certificate_issuers = var.security.keyvault_certificate_issuers
settings = each.value
+}
+
+output keyvault_certificate_requests {
+ value = module.keyvault_certificate_requests
}
\ No newline at end of file
diff --git a/keyvault_certificates.tf b/keyvault_certificates.tf
index 7714781feb..d440335a5b 100644
--- a/keyvault_certificates.tf
+++ b/keyvault_certificates.tf
@@ -5,4 +5,8 @@ module keyvault_certificates {
settings = each.value
keyvault = try(local.combined_objects_keyvaults[local.client_config.landingzone_key][each.value.keyvault_key], local.combined_objects_keyvaults[each.value.lz_key][each.value.keyvault_key])
+}
+
+output keyvault_certificates {
+ value = module.keyvault_certificates
}
\ No newline at end of file
diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf
index 47eb168822..d28fcef329 100644
--- a/locals.combined_objects.tf
+++ b/locals.combined_objects.tf
@@ -1,36 +1,38 @@
locals {
# CAF landing zones can retrieve remote objects from a different landing zone and the
# combined_objects will merge it with the local objects
- combined_objects_aks_clusters = merge(map(local.client_config.landingzone_key, module.aks_clusters), try(var.remote_objects.aks_clusters, {}))
- combined_objects_app_service_environments = merge(map(local.client_config.landingzone_key, module.app_service_environments), try(var.remote_objects.app_service_environments, {}))
- combined_objects_app_service_plans = merge(map(local.client_config.landingzone_key, module.app_service_plans), try(var.remote_objects.app_service_plans, {}))
- combined_objects_app_services = merge(map(local.client_config.landingzone_key, module.app_services), try(var.remote_objects.app_services, {}))
- combined_objects_availability_sets = merge(map(local.client_config.landingzone_key, module.availability_sets), try(var.remote_objects.availability_sets, {}))
- combined_objects_azuread_applications = merge(map(local.client_config.landingzone_key, module.azuread_applications), try(var.remote_objects.azuread_applications, {}))
- combined_objects_azuread_groups = merge(map(local.client_config.landingzone_key, module.azuread_groups), try(var.remote_objects.azuread_groups, {}))
- combined_objects_azuread_users = merge(map(local.client_config.landingzone_key, module.azuread_users), try(var.remote_objects.azuread_users, {}))
- combined_objects_azure_container_registries = merge(map(local.client_config.landingzone_key, module.container_registry), try(var.remote_objects.container_registry, {}))
- combined_objects_azurerm_firewalls = merge(map(local.client_config.landingzone_key, module.azurerm_firewalls), try(var.remote_objects.azurerm_firewalls, {}))
- combined_objects_event_hub_namespaces = merge(map(local.client_config.landingzone_key, module.event_hub_namespaces), try(var.remote_objects.event_hub_namespaces, {}))
+ combined_objects_aks_clusters = merge(tomap({ (local.client_config.landingzone_key) = module.aks_clusters }), try(var.remote_objects.aks_clusters, {}))
+ combined_objects_app_service_environments = merge(tomap({ (local.client_config.landingzone_key) = module.app_service_environments }), try(var.remote_objects.app_service_environments, {}))
+ combined_objects_app_service_plans = merge(tomap({ (local.client_config.landingzone_key) = module.app_service_plans }), try(var.remote_objects.app_service_plans, {}))
+ combined_objects_app_services = merge(tomap({ (local.client_config.landingzone_key) = module.app_services }), try(var.remote_objects.app_services, {}))
+ combined_objects_availability_sets = merge(tomap({ (local.client_config.landingzone_key) = module.availability_sets }), try(var.remote_objects.availability_sets, {}))
+ combined_objects_azuread_applications = merge(tomap({ (local.client_config.landingzone_key) = module.azuread_applications }), try(var.remote_objects.azuread_applications, {}))
+ combined_objects_azuread_groups = merge(tomap({ (local.client_config.landingzone_key) = module.azuread_groups }), try(var.remote_objects.azuread_groups, {}))
+ combined_objects_azuread_users = merge(tomap({ (local.client_config.landingzone_key) = module.azuread_users }), try(var.remote_objects.azuread_users, {}))
+ combined_objects_azure_container_registries = merge(tomap({ (local.client_config.landingzone_key) = module.container_registry }), try(var.remote_objects.container_registry, {}))
+ combined_objects_azurerm_firewalls = merge(tomap({ (local.client_config.landingzone_key) = module.azurerm_firewalls }), try(var.remote_objects.azurerm_firewalls, {}))
+ combined_objects_dns_zones = merge(tomap({ (local.client_config.landingzone_key) = module.dns_zones }), try(var.remote_objects.dns_zones, {}))
+ combined_objects_event_hub_namespaces = merge(tomap({ (local.client_config.landingzone_key) = module.event_hub_namespaces }), try(var.remote_objects.event_hub_namespaces, {}))
combined_objects_front_door_waf_policies = merge(tomap({ (local.client_config.landingzone_key) = module.front_door_waf_policies }), try(var.remote_objects.front_door_waf_policies, {}))
- combined_objects_keyvaults = merge(map(local.client_config.landingzone_key, module.keyvaults), try(var.remote_objects.keyvaults, {}))
- combined_objects_keyvault_keys = merge(map(local.client_config.landingzone_key, module.keyvault_keys), try(var.remote_objects.keyvault_keys, {}))
- combined_objects_managed_identities = merge(map(local.client_config.landingzone_key, module.managed_identities), try(var.remote_objects.managed_identities, {}))
- combined_objects_mssql_servers = merge(map(local.client_config.landingzone_key, module.mssql_servers), try(var.remote_objects.mssql_servers, {}))
- combined_objects_mssql_databases = merge(map(local.client_config.landingzone_key, module.mssql_databases), try(var.remote_objects.mssql_databases, {}))
- combined_objects_mssql_managed_instances = merge(map(local.client_config.landingzone_key, module.mssql_managed_instances), try(var.remote_objects.mssql_managed_instances, {}))
- combined_objects_mssql_managed_instances_secondary = merge(map(local.client_config.landingzone_key, module.mssql_managed_instances_secondary), try(var.remote_objects.mssql_managed_instances_secondary, {}))
- combined_objects_mssql_managed_databases = merge(map(local.client_config.landingzone_key, module.mssql_managed_databases), try(var.remote_objects.mssql_managed_databases, {}))
- combined_objects_mssql_elastic_pools = merge(map(local.client_config.landingzone_key, module.mssql_elastic_pools), try(var.remote_objects.mssql_elastic_pools, {}))
+ combined_objects_keyvaults = merge(tomap({ (local.client_config.landingzone_key) = module.keyvaults }), try(var.remote_objects.keyvaults, {}))
+ combined_objects_keyvault_keys = merge(tomap({ (local.client_config.landingzone_key) = module.keyvault_keys }), try(var.remote_objects.keyvault_keys, {}))
+ combined_objects_keyvault_certificate_requests = merge(tomap({ (local.client_config.landingzone_key) = module.keyvault_certificate_requests }), try(var.remote_objects.keyvault_certificate_requests, {}))
+ combined_objects_managed_identities = merge(tomap({ (local.client_config.landingzone_key) = module.managed_identities }), try(var.remote_objects.managed_identities, {}))
+ combined_objects_mssql_databases = merge(tomap({ (local.client_config.landingzone_key) = module.mssql_databases }), try(var.remote_objects.mssql_databases, {}))
+ combined_objects_mssql_elastic_pools = merge(tomap({ (local.client_config.landingzone_key) = module.mssql_elastic_pools }), try(var.remote_objects.mssql_elastic_pools, {}))
+ combined_objects_mssql_managed_databases = merge(tomap({ (local.client_config.landingzone_key) = module.mssql_managed_databases }), try(var.remote_objects.mssql_managed_databases, {}))
+ combined_objects_mssql_managed_instances = merge(tomap({ (local.client_config.landingzone_key) = module.mssql_managed_instances }), try(var.remote_objects.mssql_managed_instances, {}))
+ combined_objects_mssql_managed_instances_secondary = merge(tomap({ (local.client_config.landingzone_key) = module.mssql_managed_instances_secondary }), try(var.remote_objects.mssql_managed_instances_secondary, {}))
+ combined_objects_mssql_servers = merge(tomap({ (local.client_config.landingzone_key) = module.mssql_servers }), try(var.remote_objects.mssql_servers, {}))
combined_objects_mysql_servers = merge(tomap({ (local.client_config.landingzone_key) = module.mysql_servers }), try(var.remote_objects.mysql_servers, {}))
+ combined_objects_networking = merge(tomap({ (local.client_config.landingzone_key) = module.networking }), try(var.remote_objects.vnets, {}))
+ combined_objects_network_watchers = merge(tomap({ (local.client_config.landingzone_key) = module.network_watchers }), try(var.remote_objects.network_watchers, {}))
combined_objects_postgresql_servers = merge(tomap({ (local.client_config.landingzone_key) = module.postgresql_servers }), try(var.remote_objects.postgresql_servers, {}))
- combined_objects_proximity_placement_groups = merge(map(local.client_config.landingzone_key, module.proximity_placement_groups), try(var.remote_objects.proximity_placement_groups, {}))
- combined_objects_networking = merge(map(local.client_config.landingzone_key, module.networking), try(var.remote_objects.vnets, {}))
- combined_objects_network_watchers = merge(map(local.client_config.landingzone_key, module.network_watchers), try(var.remote_objects.network_watchers, {}))
- combined_objects_public_ip_addresses = merge(map(local.client_config.landingzone_key, module.public_ip_addresses), try(var.remote_objects.public_ip_addresses, {}))
- combined_objects_private_dns = merge(map(local.client_config.landingzone_key, module.private_dns), try(var.remote_objects.private_dns, {}))
- combined_objects_recovery_vaults = merge(map(local.client_config.landingzone_key, module.recovery_vaults), try(var.remote_objects.recovery_vaults, {}))
- combined_objects_resource_groups = merge(map(local.client_config.landingzone_key, module.resource_groups), try(var.remote_objects.resource_groups, {}))
- combined_objects_storage_accounts = merge(map(local.client_config.landingzone_key, module.storage_accounts), try(var.remote_objects.storage_accounts, {}))
- combined_objects_synapse_workspaces = merge(map(local.client_config.landingzone_key, module.synapse_workspaces), try(var.remote_objects.synapse_workspaces, {}))
+ combined_objects_private_dns = merge(tomap({ (local.client_config.landingzone_key) = module.private_dns }), try(var.remote_objects.private_dns, {}))
+ combined_objects_proximity_placement_groups = merge(tomap({ (local.client_config.landingzone_key) = module.proximity_placement_groups }), try(var.remote_objects.proximity_placement_groups, {}))
+ combined_objects_public_ip_addresses = merge(tomap({ (local.client_config.landingzone_key) = module.public_ip_addresses }), try(var.remote_objects.public_ip_addresses, {}))
+ combined_objects_recovery_vaults = merge(tomap({ (local.client_config.landingzone_key) = module.recovery_vaults }), try(var.remote_objects.recovery_vaults, {}))
+ combined_objects_resource_groups = merge(tomap({ (local.client_config.landingzone_key) = module.resource_groups }), try(var.remote_objects.resource_groups, {}))
+ combined_objects_storage_accounts = merge(tomap({ (local.client_config.landingzone_key) = module.storage_accounts }), try(var.remote_objects.storage_accounts, {}))
+ combined_objects_synapse_workspaces = merge(tomap({ (local.client_config.landingzone_key) = module.synapse_workspaces }), try(var.remote_objects.synapse_workspaces, {}))
}
\ No newline at end of file
diff --git a/locals.tf b/locals.tf
index 6714b4206f..e97aee09cd 100644
--- a/locals.tf
+++ b/locals.tf
@@ -31,6 +31,7 @@ locals {
security = {
keyvault_certificates = try(var.security.keyvault_certificates, {})
keyvault_certificate_requests = try(var.security.keyvault_certificate_requests, {})
+ keyvault_certificate_issuers = try(var.security.keyvault_certificate_issuers, {})
keyvault_keys = try(var.security.keyvault_keys, {})
}
@@ -44,6 +45,8 @@ locals {
azurerm_routes = try(var.networking.azurerm_routes, {})
ddos_services = try(var.networking.ddos_services, {})
dns_zones = try(var.networking.dns_zones, {})
+ dns_zone_records = try(var.networking.dns_zone_records, {})
+ domain_name_registrations = try(var.networking.domain_name_registrations, {})
express_route_circuits = try(var.networking.express_route_circuits, {})
express_route_circuit_authorizations = try(var.networking.express_route_circuit_authorizations, {})
front_doors = try(var.networking.front_doors, {})
@@ -83,9 +86,9 @@ locals {
cosmos_dbs = try(var.database.cosmos_dbs, {})
mariadb_servers = try(var.database.mariadb_servers, {})
mariadb_databases = try(var.database.mariadb_databases, {})
- mysql_servers = try(var.database.mysql_servers, {})
- mysql_databases = try(var.database.mysql_databases, {})
- postgresql_servers = try(var.database.postgresql_servers, {})
+ mysql_servers = try(var.database.mysql_servers, {})
+ mysql_databases = try(var.database.mysql_databases, {})
+ postgresql_servers = try(var.database.postgresql_servers, {})
}
client_config = {
diff --git a/machine_learning.tf b/machine_learning.tf
index 093a6c6b33..b9b42d05a5 100644
--- a/machine_learning.tf
+++ b/machine_learning.tf
@@ -15,7 +15,7 @@ module machine_learning_workspaces {
}
output machine_learning_workspaces {
- value = module.machine_learning_workspaces
-
+ value = module.machine_learning_workspaces
+
}
diff --git a/managed_identities.tf b/managed_identities.tf
index 662833c18f..0b20a592b6 100755
--- a/managed_identities.tf
+++ b/managed_identities.tf
@@ -11,6 +11,6 @@ module managed_identities {
}
output managed_identities {
- value = module.managed_identities
-
+ value = module.managed_identities
+
}
diff --git a/mariadb_servers.tf b/mariadb_servers.tf
index f24f574f6c..2b8b21cac0 100644
--- a/mariadb_servers.tf
+++ b/mariadb_servers.tf
@@ -1,7 +1,7 @@
output mariadb_servers {
- value = module.mariadb_servers
-
+ value = module.mariadb_servers
+
}
module "mariadb_servers" {
diff --git a/modules/analytics/databricks_workspace/output.tf b/modules/analytics/databricks_workspace/output.tf
index 463ca9c17e..01da2b7731 100644
--- a/modules/analytics/databricks_workspace/output.tf
+++ b/modules/analytics/databricks_workspace/output.tf
@@ -1,23 +1,23 @@
output id {
description = "The ID of the Databricks Workspace in the Azure management plane."
value = azurerm_databricks_workspace.ws.id
-
+
}
output managed_resource_group_id {
description = "The ID of the Managed Resource Group created by the Databricks Workspace."
value = azurerm_databricks_workspace.ws.managed_resource_group_id
-
+
}
output workspace_url {
description = "The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'"
value = azurerm_databricks_workspace.ws.workspace_url
-
+
}
output workspace_id {
description = "The unique identifier of the databricks workspace in Databricks control plane."
value = azurerm_databricks_workspace.ws.workspace_id
-
+
}
\ No newline at end of file
diff --git a/modules/analytics/machine_learning/output.tf b/modules/analytics/machine_learning/output.tf
index c1343cb00f..703812922c 100644
--- a/modules/analytics/machine_learning/output.tf
+++ b/modules/analytics/machine_learning/output.tf
@@ -1,11 +1,11 @@
output id {
description = "The ID of the Machine Learning Workspace."
value = azurerm_machine_learning_workspace.ws.id
-
+
}
output identity {
description = "An identity block exports the following: - principal_id: The (Client) ID of the Service Principal, -tenant_id: The ID of the Tenant the Service Principal is assigned in."
value = azurerm_machine_learning_workspace.ws.identity
-
+
}
\ No newline at end of file
diff --git a/modules/analytics/synapse/output.tf b/modules/analytics/synapse/output.tf
index 0820764df7..b71dd986cc 100644
--- a/modules/analytics/synapse/output.tf
+++ b/modules/analytics/synapse/output.tf
@@ -6,7 +6,7 @@ output id {
output connectivity_endpoints {
description = "A list of Connectivity endpoints for this Synapse Workspace."
value = azurerm_synapse_workspace.ws.connectivity_endpoints
-
+
}
output managed_resource_group_name {
@@ -17,7 +17,7 @@ output managed_resource_group_name {
output identity {
description = "An identity block which contains the Managed Service Identity information for this Synapse Workspace. - type - The Identity Type for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. principal_id - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. tenant_id - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace."
value = azurerm_synapse_workspace.ws.identity
-
+
}
output spark_pool {
@@ -31,6 +31,6 @@ output sql_pool {
}
output rbac_id {
- value = azurerm_synapse_workspace.ws.identity[0].principal_id
-
+ value = azurerm_synapse_workspace.ws.identity[0].principal_id
+
}
\ No newline at end of file
diff --git a/modules/app_insights/output.tf b/modules/app_insights/output.tf
index db6bf3f889..a8912b787a 100644
--- a/modules/app_insights/output.tf
+++ b/modules/app_insights/output.tf
@@ -15,6 +15,6 @@ output instrumentation_key {
output connection_string {
description = "The Connection String for this Application Insights component. (Sensitive)"
-
- value = azurerm_application_insights.appinsights.connection_string
+
+ value = azurerm_application_insights.appinsights.connection_string
}
\ No newline at end of file
diff --git a/modules/azuread/applications/output.tf b/modules/azuread/applications/output.tf
index 80f50959b2..68234959c6 100755
--- a/modules/azuread/applications/output.tf
+++ b/modules/azuread/applications/output.tf
@@ -1,7 +1,7 @@
output tenant_id {
- value = var.client_config.tenant_id
-
+ value = var.client_config.tenant_id
+
}
output azuread_application {
@@ -11,7 +11,7 @@ output azuread_application {
application_id = azuread_application.app.application_id
name = azuread_application.app.name
}
-
+
}
output azuread_service_principal {
@@ -19,7 +19,7 @@ output azuread_service_principal {
id = azuread_service_principal.app.id
object_id = azuread_service_principal.app.object_id
}
-
+
}
output keyvaults {
diff --git a/modules/azuread/groups/output.tf b/modules/azuread/groups/output.tf
index 81b98853fd..5e40ee372b 100755
--- a/modules/azuread/groups/output.tf
+++ b/modules/azuread/groups/output.tf
@@ -1,23 +1,23 @@
output id {
description = "The ID of the group created."
value = azuread_group.group.id
-
+
}
output name {
description = "The name of the group created."
value = azuread_group.group.name
-
+
}
output tenant_id {
description = "The tenand_id of the group created."
value = var.tenant_id
-
+
}
output rbac_id {
description = "This attribute is used to set the role assignment."
value = azuread_group.group.id
-
+
}
diff --git a/modules/compute/container_registry/output.tf b/modules/compute/container_registry/output.tf
index a3fd11b8ca..b34cf03fbc 100755
--- a/modules/compute/container_registry/output.tf
+++ b/modules/compute/container_registry/output.tf
@@ -1,9 +1,9 @@
output id {
- value = azurerm_container_registry.acr.id
-
+ value = azurerm_container_registry.acr.id
+
}
output login_server {
- value = azurerm_container_registry.acr.login_server
-
+ value = azurerm_container_registry.acr.login_server
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/cassandra_keyspace.tf b/modules/databases/cosmos_db/cassandra_keyspace.tf
index 0e65b444ac..57fbb1222d 100644
--- a/modules/databases/cosmos_db/cassandra_keyspace.tf
+++ b/modules/databases/cosmos_db/cassandra_keyspace.tf
@@ -10,6 +10,6 @@ module cassandra_keyspaces {
}
output cassandra_keyspaces {
- value = module.cassandra_keyspaces
-
+ value = module.cassandra_keyspaces
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/cassandra_keyspace/output.tf b/modules/databases/cosmos_db/cassandra_keyspace/output.tf
index db949a59a3..489ec186ab 100644
--- a/modules/databases/cosmos_db/cassandra_keyspace/output.tf
+++ b/modules/databases/cosmos_db/cassandra_keyspace/output.tf
@@ -1,5 +1,5 @@
output id {
description = "The ID of the CosmosDB Cassandra KeySpace."
value = azurerm_cosmosdb_cassandra_keyspace.keyspace.id
-
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/gremlin_database.tf b/modules/databases/cosmos_db/gremlin_database.tf
index 9fd6238a14..2dac2150fd 100644
--- a/modules/databases/cosmos_db/gremlin_database.tf
+++ b/modules/databases/cosmos_db/gremlin_database.tf
@@ -10,6 +10,6 @@ module gremlin_databases {
}
output gremlin_databases {
- value = module.gremlin_databases
-
+ value = module.gremlin_databases
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/gremlin_database/gremlin_database.tf b/modules/databases/cosmos_db/gremlin_database/gremlin_database.tf
index 9e3a4151e3..9088d2dc21 100644
--- a/modules/databases/cosmos_db/gremlin_database/gremlin_database.tf
+++ b/modules/databases/cosmos_db/gremlin_database/gremlin_database.tf
@@ -30,7 +30,7 @@ module gremlin_graphs {
}
output gremlin_graphs {
- value = module.gremlin_graphs
-
+ value = module.gremlin_graphs
+
}
diff --git a/modules/databases/cosmos_db/gremlin_database/output.tf b/modules/databases/cosmos_db/gremlin_database/output.tf
index 7c8454d29e..9db5d49ba2 100644
--- a/modules/databases/cosmos_db/gremlin_database/output.tf
+++ b/modules/databases/cosmos_db/gremlin_database/output.tf
@@ -1,5 +1,5 @@
output id {
description = "The ID of the CosmosDB Gremlin Database."
value = azurerm_cosmosdb_gremlin_database.database.id
-
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/mongo_database.tf b/modules/databases/cosmos_db/mongo_database.tf
index 53d443641d..25f54b1cc9 100644
--- a/modules/databases/cosmos_db/mongo_database.tf
+++ b/modules/databases/cosmos_db/mongo_database.tf
@@ -9,6 +9,6 @@ module mongo_databases {
}
output mongo_databases {
- value = module.mongo_databases
-
+ value = module.mongo_databases
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/mongo_database/mongo_database.tf b/modules/databases/cosmos_db/mongo_database/mongo_database.tf
index 4a4644c1f2..2f5697407a 100644
--- a/modules/databases/cosmos_db/mongo_database/mongo_database.tf
+++ b/modules/databases/cosmos_db/mongo_database/mongo_database.tf
@@ -30,6 +30,6 @@ module mongo_collections {
}
output mongo_collections {
- value = module.mongo_collections
-
+ value = module.mongo_collections
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/mongo_database/output.tf b/modules/databases/cosmos_db/mongo_database/output.tf
index d7eae147ad..5754bc75a2 100644
--- a/modules/databases/cosmos_db/mongo_database/output.tf
+++ b/modules/databases/cosmos_db/mongo_database/output.tf
@@ -1,5 +1,5 @@
output id {
description = "The ID of the Cosmos DB Mongo Database."
value = azurerm_cosmosdb_mongo_database.database.id
-
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/output.tf b/modules/databases/cosmos_db/output.tf
index 2098b4c106..3866ca0e8c 100644
--- a/modules/databases/cosmos_db/output.tf
+++ b/modules/databases/cosmos_db/output.tf
@@ -1,4 +1,4 @@
output cosmos_account {
- value = azurerm_cosmosdb_account.cosmos_account.id
-
+ value = azurerm_cosmosdb_account.cosmos_account.id
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/sql_database.tf b/modules/databases/cosmos_db/sql_database.tf
index 5081aa9d75..70a44146a3 100644
--- a/modules/databases/cosmos_db/sql_database.tf
+++ b/modules/databases/cosmos_db/sql_database.tf
@@ -10,6 +10,6 @@ module sql_databases {
}
output sql_databases {
- value = module.sql_databases
-
+ value = module.sql_databases
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/table.tf b/modules/databases/cosmos_db/table.tf
index 3dc72d091b..5f84c4228b 100644
--- a/modules/databases/cosmos_db/table.tf
+++ b/modules/databases/cosmos_db/table.tf
@@ -10,6 +10,6 @@ module tables {
}
output tables {
- value = module.tables
-
+ value = module.tables
+
}
\ No newline at end of file
diff --git a/modules/databases/cosmos_db/table/output.tf b/modules/databases/cosmos_db/table/output.tf
index bfcf0a717d..f95d1406f6 100644
--- a/modules/databases/cosmos_db/table/output.tf
+++ b/modules/databases/cosmos_db/table/output.tf
@@ -1,5 +1,5 @@
output id {
description = "The ID of the CosmosDB Table."
value = azurerm_cosmosdb_table.table.id
-
+
}
\ No newline at end of file
diff --git a/modules/event_hub_namespaces/output.tf b/modules/event_hub_namespaces/output.tf
index 288fda60c8..af3f150342 100755
--- a/modules/event_hub_namespaces/output.tf
+++ b/modules/event_hub_namespaces/output.tf
@@ -1,17 +1,17 @@
output id {
description = "The EventHub Namespace ID."
value = azurerm_eventhub_namespace.evh.id
-
+
}
output name {
description = "The EventHub Namespace name."
value = azurerm_eventhub_namespace.evh.name
-
+
}
output location {
description = "The EventHub Namespace location."
value = azurerm_eventhub_namespace.evh.location
-
+
}
\ No newline at end of file
diff --git a/modules/log_analytics/output.tf b/modules/log_analytics/output.tf
index ace12781b5..cf9f10e22f 100755
--- a/modules/log_analytics/output.tf
+++ b/modules/log_analytics/output.tf
@@ -1,24 +1,24 @@
output id {
- value = azurerm_log_analytics_workspace.law.id
-
+ value = azurerm_log_analytics_workspace.law.id
+
}
output location {
- value = azurerm_log_analytics_workspace.law.location
-
+ value = azurerm_log_analytics_workspace.law.location
+
}
output name {
- value = azurerm_log_analytics_workspace.law.name
-
+ value = azurerm_log_analytics_workspace.law.name
+
}
output resource_group_name {
- value = azurerm_log_analytics_workspace.law.resource_group_name
-
+ value = azurerm_log_analytics_workspace.law.resource_group_name
+
}
output workspace_id {
- value = azurerm_log_analytics_workspace.law.workspace_id
-
+ value = azurerm_log_analytics_workspace.law.workspace_id
+
}
diff --git a/modules/networking/application_gateway/output.tf b/modules/networking/application_gateway/output.tf
index 2f5da11653..3402ed0b85 100644
--- a/modules/networking/application_gateway/output.tf
+++ b/modules/networking/application_gateway/output.tf
@@ -1,6 +1,6 @@
output id {
- value = azurerm_application_gateway.agw.id
-
+ value = azurerm_application_gateway.agw.id
+
}
output private_ip_address {
diff --git a/modules/networking/dns_zone/arm_domain.json b/modules/networking/dns_zone/arm_domain.json
deleted file mode 100644
index b30c62bb24..0000000000
--- a/modules/networking/dns_zone/arm_domain.json
+++ /dev/null
@@ -1,177 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "Name": {
- "type": "string"
- },
- "key1": {
- "type": "string",
- "defaultValue": "DNRA"
- },
- "key2": {
- "type": "string",
- "defaultValue": "DNRA"
- },
- "AgreedBy": {
- "type": "string"
- },
- "AgreedAt": {
- "type": "string"
- },
- "Address1": {
- "type": "string"
- },
- "Address2": {
- "type": "string"
- },
- "City": {
- "type": "string"
- },
- "Country": {
- "type": "string"
- },
- "PostalCode": {
- "type": "string"
- },
- "State": {
- "type": "string"
- },
- "Email": {
- "type": "string"
- },
- "Fax": {
- "type": "string"
- },
- "JobTitle": {
- "type": "string"
- },
- "NameFirst": {
- "type": "string"
- },
- "NameLast": {
- "type": "string"
- },
- "NameMiddle": {
- "type": "string",
- "defaultValue": ""
- },
- "Organization": {
- "type": "string"
- },
- "Phone": {
- "type": "string"
- },
- "autoRenew": {
- "type": "string"
- },
- "targetDnsType": {
- "type": "string",
- "defaultValue": "AzureDns"
- },
- "dnsZoneId": {
- "type": "string"
- }
- },
- "resources": [
- {
- "type": "Microsoft.DomainRegistration/domains",
- "apiVersion": "2019-08-01",
- "name": "[parameters('Name')]",
- "location": "global",
- "Properties": {
- "Consent": {
- "AgreementKeys": [
- "[parameters('key1')]",
- "[parameters('key2')]"
- ],
- "AgreedBy": "[parameters('AgreedBy')]",
- "AgreedAt": "[parameters('AgreedAt')]"
- },
- "ContactAdmin": {
- "AddressMailing": {
- "Address1": "[parameters('Address1')]",
- "Address2": "[parameters('Address2')]",
- "City": "[parameters('City')]",
- "Country": "[parameters('Country')]",
- "PostalCode": "[parameters('PostalCode')]",
- "State": "[parameters('State')]"
- },
- "Email": "[parameters('Email')]",
- "Fax": "[parameters('Fax')]",
- "JobTitle": "[parameters('JobTitle')]",
- "NameFirst": "[parameters('NameFirst')]",
- "NameLast": "[parameters('NameLast')]",
- "NameMiddle": "[parameters('NameMiddle')]",
- "Organization": "[parameters('Organization')]",
- "Phone": "[parameters('Phone')]"
- },
- "ContactBilling": {
- "AddressMailing": {
- "Address1": "[parameters('Address1')]",
- "Address2": "[parameters('Address2')]",
- "City": "[parameters('City')]",
- "Country": "[parameters('Country')]",
- "PostalCode": "[parameters('PostalCode')]",
- "State": "[parameters('State')]"
- },
- "Email": "[parameters('Email')]",
- "Fax": "[parameters('Fax')]",
- "JobTitle": "[parameters('JobTitle')]",
- "NameFirst": "[parameters('NameFirst')]",
- "NameLast": "[parameters('NameLast')]",
- "NameMiddle": "[parameters('NameMiddle')]",
- "Organization": "[parameters('Organization')]",
- "Phone": "[parameters('Phone')]"
- },
- "ContactRegistrant": {
- "AddressMailing": {
- "Address1": "[parameters('Address1')]",
- "Address2": "[parameters('Address2')]",
- "City": "[parameters('City')]",
- "Country": "[parameters('Country')]",
- "PostalCode": "[parameters('PostalCode')]",
- "State": "[parameters('State')]"
- },
- "Email": "[parameters('Email')]",
- "Fax": "[parameters('Fax')]",
- "JobTitle": "[parameters('JobTitle')]",
- "NameFirst": "[parameters('NameFirst')]",
- "NameLast": "[parameters('NameLast')]",
- "NameMiddle": "[parameters('NameMiddle')]",
- "Organization": "[parameters('Organization')]",
- "Phone": "[parameters('Phone')]"
- },
- "ContactTech": {
- "AddressMailing": {
- "Address1": "[parameters('Address1')]",
- "Address2": "[parameters('Address2')]",
- "City": "[parameters('City')]",
- "Country": "[parameters('Country')]",
- "PostalCode": "[parameters('PostalCode')]",
- "State": "[parameters('State')]"
- },
- "Email": "[parameters('Email')]",
- "Fax": "[parameters('Fax')]",
- "JobTitle": "[parameters('JobTitle')]",
- "NameFirst": "[parameters('NameFirst')]",
- "NameLast": "[parameters('NameLast')]",
- "NameMiddle": "[parameters('NameMiddle')]",
- "Organization": "[parameters('Organization')]",
- "Phone": "[parameters('Phone')]"
- },
- "privacy": true,
- "autoRenew": "[bool(parameters('autoRenew'))]",
- "targetDnsType": "[parameters('targetDnsType')]",
- "dnsZoneId": "[parameters('dnsZoneId')]"
- }
- }
-
- ],
- "outputs": {
- "resourceID": {
- "type": "string",
- "value": "[resourceId('Microsoft.DomainRegistration/domains', parameters('name'))]"
- }
- }
-}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/dns_zone.tf b/modules/networking/dns_zone/dns_zone.tf
deleted file mode 100644
index d0a3f0ab22..0000000000
--- a/modules/networking/dns_zone/dns_zone.tf
+++ /dev/null
@@ -1,79 +0,0 @@
-resource "random_string" "domain_zone_name" {
- count = var.settings.name == "" ? 1 : 0
- length = 16
- special = false
- upper = false
-}
-
-locals {
- domain_zone_name = var.settings.name == "" ? format("%s.com", random_string.domain_zone_name[0].result) : var.settings.name
-}
-
-
-resource "azurerm_dns_zone" "domain_zone" {
- name = local.domain_zone_name
- resource_group_name = var.resource_group_name
- tags = local.tags
-}
-
-resource "azurerm_template_deployment" "domain" {
- name = local.domain_zone_name
- resource_group_name = var.resource_group_name
- template_body = file(local.arm_filename)
- lifecycle {
- ignore_changes = [parameters]
- }
- parameters = {
- "Name" = local.domain_zone_name
- "key1" = lookup(var.settings.contract, "agreement_key1", "DNRA"),
- "key2" = lookup(var.settings.contract, "agreement_key2", "DNRA"),
- "AgreedBy" = lookup(var.settings.contract, "agree_by", "100.5.150.200:52212"), #Change to DevOps Agent IP
- "AgreedAt" = timestamp(),
- "Address1" = lookup(var.settings.contract, "address1", ""),
- "Address2" = lookup(var.settings.contract, "address2", ""),
- "City" = lookup(var.settings.contract, "city", ""),
- "Country" = lookup(var.settings.contract, "country", ""),
- "PostalCode" = lookup(var.settings.contract, "postal_code", ""),
- "State" = lookup(var.settings.contract, "state", ""),
- "Email" = lookup(var.settings.contract, "email", ""),
- "Fax" = lookup(var.settings.contract, "fax", ""),
- "JobTitle" = lookup(var.settings.contract, "job_title", ""),
- "NameFirst" = lookup(var.settings.contract, "name_first", ""),
- "NameLast" = lookup(var.settings.contract, "name_last", ""),
- "NameMiddle" = lookup(var.settings.contract, "name_middle", ""),
- "Organization" = lookup(var.settings.contract, "organization", ""),
- "Phone" = lookup(var.settings.contract, "phone", ""),
- "autoRenew" = lookup(var.settings.contract, "auto_renew", false),
- "targetDnsType" = lookup(var.settings.contract, "target_dnstype", "AzureDns"),
- "dnsZoneId" = azurerm_dns_zone.domain_zone.id
- }
-
- deployment_mode = "Incremental"
- depends_on = [azurerm_dns_zone.domain_zone]
-}
-
-resource "azurerm_management_lock" "lock_zone" {
- count = try(var.settings.lock_zone, false) ? 1 : 0
- name = "${local.domain_zone_name}-lock-zone"
- scope = azurerm_dns_zone.domain_zone.id
- lock_level = "CanNotDelete"
- notes = "Deleting a domain will make it unavailable to purchase for 60 days. Please remove the lock before deleting this domain."
-}
-
-resource "azurerm_management_lock" "lock_domain" {
- count = try(var.settings.lock_domain, false) ? 1 : 0
- name = "${local.domain_zone_name}-lock-domain"
- scope = azurerm_template_deployment.domain.outputs.resourceID
- lock_level = "CanNotDelete"
- notes = "Deleting a domain will make it unavailable to purchase for 60 days. Please remove the lock before deleting this domain."
-}
-
-resource "azurerm_dns_cname_record" "cname_records" {
- for_each = try(var.settings.records.cname_records, {})
-
- name = each.value.name
- zone_name = azurerm_dns_zone.domain_zone.name
- resource_group_name = var.resource_group_name
- ttl = each.value.ttl
- record = each.value.records
-}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/module.tf b/modules/networking/dns_zone/module.tf
new file mode 100644
index 0000000000..4eaa693da6
--- /dev/null
+++ b/modules/networking/dns_zone/module.tf
@@ -0,0 +1,22 @@
+#
+# If the name is not provided, we are generating a random .com domain.
+# Mainly used for CI environments
+#
+resource "random_string" "dns_zone_name" {
+ count = var.settings.name == "" ? 1 : 0
+ length = 32
+ special = false
+ upper = false
+}
+
+locals {
+ dns_zone_name = var.settings.name == "" ? format("%s.com", random_string.dns_zone_name[0].result) : var.settings.name
+}
+
+
+resource "azurerm_dns_zone" "dns_zone" {
+ name = local.dns_zone_name
+ resource_group_name = var.resource_group_name
+ tags = local.tags
+}
+
diff --git a/modules/networking/dns_zone/output.tf b/modules/networking/dns_zone/output.tf
index afcb428ff8..7baaa47aa7 100644
--- a/modules/networking/dns_zone/output.tf
+++ b/modules/networking/dns_zone/output.tf
@@ -1,19 +1,36 @@
-output "dns_zone_name" {
- description = "DNS Zone name"
- value = azurerm_dns_zone.domain_zone.name
+output "id" {
+ description = "DNS Zone resource ID."
+ value = azurerm_dns_zone.dns_zone.id
}
-output "dns_zone_id" {
- description = "DNS Zone resource ID"
- value = azurerm_dns_zone.domain_zone.id
+output "name" {
+ description = "The fully qualified domain name of the Record Set."
+
+ # This regex remove the last dot as the end
+ value = regex("(.+).", azurerm_dns_zone.dns_zone.soa_record[0].fqdn)[0]
}
-output "dns_zone_object" {
- description = "DNS Zone resource object"
-
- value = azurerm_dns_zone.domain_zone
+output resource_group_name {
+ value = var.resource_group_name
+ description = "Resource group name of the dns_zone"
}
-output "domain_id" {
- value = azurerm_template_deployment.domain.outputs.resourceID
-}
\ No newline at end of file
+
+output "max_number_of_record_sets" {
+ description = "Maximum number of Records in the zone."
+ value = azurerm_dns_zone.dns_zone.max_number_of_record_sets
+}
+
+output "name_servers" {
+ description = "A list of values that make up the NS record for the zone."
+ value = azurerm_dns_zone.dns_zone.name_servers
+}
+
+output "soa_record" {
+ description = "The SOA record."
+ value = azurerm_dns_zone.dns_zone.soa_record
+}
+
+output "records" {
+ value = module.records
+}
diff --git a/modules/networking/dns_zone/records.tf b/modules/networking/dns_zone/records.tf
new file mode 100644
index 0000000000..29c1172195
--- /dev/null
+++ b/modules/networking/dns_zone/records.tf
@@ -0,0 +1,10 @@
+module records {
+ source = "./records"
+ count = try(var.settings.records, null) == null ? 0 : 1
+ depends_on = [azurerm_dns_zone.dns_zone]
+
+ base_tags = var.base_tags
+ resource_group_name = var.resource_group_name
+ records = var.settings.records
+ zone_name = local.dns_zone_name
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/output.tf b/modules/networking/dns_zone/records/output.tf
new file mode 100644
index 0000000000..7642684e26
--- /dev/null
+++ b/modules/networking/dns_zone/records/output.tf
@@ -0,0 +1,44 @@
+output a {
+ value = merge(
+ azurerm_dns_a_record.a,
+ azurerm_dns_a_record.a_dns_zone_record
+ )
+}
+
+output aaaa {
+ value = merge(
+ azurerm_dns_aaaa_record.aaaa,
+ azurerm_dns_aaaa_record.aaaa_dns_zone_record
+ )
+}
+
+output caa {
+ value = azurerm_dns_caa_record.caa
+}
+
+output cname {
+ value = merge(
+ azurerm_dns_cname_record.cname,
+ azurerm_dns_cname_record.cname_dns_zone_record
+ )
+}
+
+output mx {
+ value = azurerm_dns_mx_record.mx
+}
+
+output ns {
+ value = azurerm_dns_ns_record.ns
+}
+
+output ptr {
+ value = azurerm_dns_ptr_record.ptr
+}
+
+output srv {
+ value = azurerm_dns_srv_record.srv
+}
+
+output txt {
+ value = azurerm_dns_txt_record.txt
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_a.tf b/modules/networking/dns_zone/records/record_a.tf
new file mode 100644
index 0000000000..002faa61a9
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_a.tf
@@ -0,0 +1,27 @@
+resource "azurerm_dns_a_record" "a" {
+ for_each = {
+ for key, value in try(var.records.a, {}) : key => value
+ if try(value.resource_id, null) == null
+ }
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ records = try(each.value.records, null)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+}
+
+resource "azurerm_dns_a_record" "a_dns_zone_record" {
+ for_each = {
+ for key, value in try(var.records.a, {}) : key => value
+ if try(value.resource_id.dns_zone_record, null) != null
+ }
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = 300 # Looks like cannot set another value than 300 when using target_resource_id
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+ target_resource_id = azurerm_dns_a_record.a[each.value.resource_id.dns_zone_record.key].id
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_aaaa.tf b/modules/networking/dns_zone/records/record_aaaa.tf
new file mode 100644
index 0000000000..3ebdd6d0bf
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_aaaa.tf
@@ -0,0 +1,27 @@
+resource "azurerm_dns_aaaa_record" "aaaa" {
+ for_each = {
+ for key, value in try(var.records.aaaa, {}) : key => value
+ if try(value.resource_id, null) == null
+ }
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ records = try(each.value.records, null)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+}
+
+resource "azurerm_dns_aaaa_record" "aaaa_dns_zone_record" {
+ for_each = {
+ for key, value in try(var.records.aaaa, {}) : key => value
+ if try(value.resource_id.dns_zone_record, null) != null
+ }
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = 300 # Looks like cannot set another value than 300 when using target_resource_id
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+ target_resource_id = azurerm_dns_aaaa_record.aaaa[each.value.resource_id.dns_zone_record.key].id
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_caa.tf b/modules/networking/dns_zone/records/record_caa.tf
new file mode 100644
index 0000000000..db4dbfa03d
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_caa.tf
@@ -0,0 +1,19 @@
+resource "azurerm_dns_caa_record" "caa" {
+ for_each = try(var.records.caa, {})
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+
+ dynamic "record" {
+ for_each = each.value.records
+
+ content {
+ flags = record.value.flags
+ tag = record.value.tag
+ value = record.value.value
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_cname.tf b/modules/networking/dns_zone/records/record_cname.tf
new file mode 100644
index 0000000000..8ade10313f
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_cname.tf
@@ -0,0 +1,27 @@
+resource "azurerm_dns_cname_record" "cname" {
+ for_each = {
+ for key, value in try(var.records.cname, {}) : key => value
+ if try(value.resource_id, null) == null
+ }
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ record = try(each.value.record, null)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+}
+
+resource "azurerm_dns_cname_record" "cname_dns_zone_record" {
+ for_each = {
+ for key, value in try(var.records.cname, {}) : key => value
+ if try(value.resource_id.dns_zone_record, null) != null
+ }
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = 300 # Looks like cannot set another value than 300 when using target_resource_id
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+ target_resource_id = azurerm_dns_cname_record.cname[each.value.resource_id.dns_zone_record.key].id
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_mx.tf b/modules/networking/dns_zone/records/record_mx.tf
new file mode 100644
index 0000000000..3e6c220920
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_mx.tf
@@ -0,0 +1,18 @@
+resource "azurerm_dns_mx_record" "mx" {
+ for_each = try(var.records.mx, {})
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+
+ dynamic "record" {
+ for_each = each.value.records
+
+ content {
+ preference = record.value.preference
+ exchange = record.value.exchange
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_ns.tf b/modules/networking/dns_zone/records/record_ns.tf
new file mode 100644
index 0000000000..5d6c85eaa0
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_ns.tf
@@ -0,0 +1,10 @@
+resource "azurerm_dns_ns_record" "ns" {
+ for_each = try(var.records.ns, {})
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ records = each.value.records
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+}
diff --git a/modules/networking/dns_zone/records/record_ptr.tf b/modules/networking/dns_zone/records/record_ptr.tf
new file mode 100644
index 0000000000..d63f9634c6
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_ptr.tf
@@ -0,0 +1,10 @@
+resource "azurerm_dns_ptr_record" "ptr" {
+ for_each = try(var.records.ptr, {})
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ records = each.value.records
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+}
diff --git a/modules/networking/dns_zone/records/record_srv.tf b/modules/networking/dns_zone/records/record_srv.tf
new file mode 100644
index 0000000000..301f789ea6
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_srv.tf
@@ -0,0 +1,20 @@
+resource "azurerm_dns_srv_record" "srv" {
+ for_each = try(var.records.srv, {})
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+
+ dynamic "record" {
+ for_each = each.value.records
+
+ content {
+ priority = record.value.priority
+ weight = record.value.weight
+ port = record.value.port
+ target = record.value.target
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/record_txt.tf b/modules/networking/dns_zone/records/record_txt.tf
new file mode 100644
index 0000000000..521b6b6ef9
--- /dev/null
+++ b/modules/networking/dns_zone/records/record_txt.tf
@@ -0,0 +1,17 @@
+resource "azurerm_dns_txt_record" "txt" {
+ for_each = try(var.records.txt, {})
+
+ name = each.value.name
+ zone_name = var.zone_name
+ resource_group_name = var.resource_group_name
+ ttl = try(each.value.ttl, 300)
+ tags = merge(try(each.value.tags, {}), var.base_tags)
+
+ dynamic "record" {
+ for_each = each.value.records
+
+ content {
+ value = record.value.value
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/records/variables.tf b/modules/networking/dns_zone/records/variables.tf
new file mode 100644
index 0000000000..b0d8f92f21
--- /dev/null
+++ b/modules/networking/dns_zone/records/variables.tf
@@ -0,0 +1,9 @@
+variable base_tags {
+ default = {}
+}
+variable resource_group_name {}
+variable records {}
+variable target_resources {
+ default = {}
+}
+variable zone_name {}
\ No newline at end of file
diff --git a/modules/networking/dns_zone/variables.tf b/modules/networking/dns_zone/variables.tf
index 169e65150d..1bd0f75a15 100644
--- a/modules/networking/dns_zone/variables.tf
+++ b/modules/networking/dns_zone/variables.tf
@@ -2,10 +2,6 @@ variable resource_group_name {
description = "(Required) The name of the resource group where to create the resource."
type = string
}
-variable location {
- description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created."
- type = string
-}
variable settings {}
variable global_settings {
description = "Global settings object (see module README.md)"
@@ -13,4 +9,4 @@ variable global_settings {
variable base_tags {
description = "Base tags for the resource to be inherited from the resource group."
type = map
-}
\ No newline at end of file
+}
diff --git a/modules/networking/domain_name_registrations/arm_domain.json b/modules/networking/domain_name_registrations/arm_domain.json
new file mode 100644
index 0000000000..a7e8236887
--- /dev/null
+++ b/modules/networking/domain_name_registrations/arm_domain.json
@@ -0,0 +1,122 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "dnsZoneId": {
+ "type": "string",
+ "defaultValue": "${dnsZoneId}"
+ },
+ "targetDnsType": {
+ "type": "string",
+ "defaultValue": "${targetDnsType}"
+ },
+ "dnsType": {
+ "type": "string",
+ "defaultValue": "${dnsType}"
+ }
+ },
+ "variables": {
+ "empty": []
+ },
+ "resources": [
+ {
+ "type": "Microsoft.DomainRegistration/domains",
+ "apiVersion": "2019-08-01",
+ "name": "${name}",
+ "location": "global",
+ "properties": {
+ "consent": {
+ "agreementKeys": [
+ "${consent.agreementKeys[0]}",
+ "${consent.agreementKeys[1]}"
+ ],
+ "agreedAt": "${consent.agreedAt}",
+ "agreedBy": "${consent.agreedBy}"
+ },
+ "privacy": ${privacy},
+ "autoRenew": ${autoRenew},
+ "targetDnsType": "[if(empty(parameters('targetDnsType')), variables('empty'), parameters('targetDnsType'))]",
+ "dnsType": "[if(empty(parameters('dnsType')), variables('empty'), parameters('dnsType'))]",
+ "dnsZoneId": "[if(empty(parameters('dnsZoneId')), variables('empty'), parameters('dnsZoneId'))]",
+ "contactAdmin": {
+ "addressMailing": {
+ "address1": "${contactAdmin.address1}",
+ "address2": "${contactAdmin.address2}",
+ "city": "${contactAdmin.city}",
+ "country": "${contactAdmin.country}",
+ "postalCode": "${contactAdmin.postalCode}",
+ "state": "${contactAdmin.state}"
+ },
+ "email": "${contactAdmin.email}",
+ "fax": "${contactAdmin.fax}",
+ "jobTitle": "${contactAdmin.jobTitle}",
+ "nameFirst": "${contactAdmin.nameFirst}",
+ "nameLast": "${contactAdmin.nameLast}",
+ "nameMiddle": "${contactAdmin.nameMiddle}",
+ "organization": "${contactAdmin.organization}",
+ "phone": "${contactAdmin.phone}"
+ },
+ "contactBilling": {
+ "addressMailing": {
+ "address1": "${contactBilling.address1}",
+ "address2": "${contactBilling.address2}",
+ "city": "${contactBilling.city}",
+ "country": "${contactBilling.country}",
+ "postalCode": "${contactBilling.postalCode}",
+ "state": "${contactBilling.state}"
+ },
+ "email": "${contactBilling.email}",
+ "fax": "${contactBilling.fax}",
+ "jobTitle": "${contactBilling.jobTitle}",
+ "nameFirst": "${contactBilling.nameFirst}",
+ "nameLast": "${contactBilling.nameLast}",
+ "nameMiddle": "${contactBilling.nameMiddle}",
+ "organization": "${contactBilling.organization}",
+ "phone": "${contactBilling.phone}"
+ },
+ "contactRegistrant": {
+ "addressMailing": {
+ "address1": "${contactRegistrant.address1}",
+ "address2": "${contactRegistrant.address2}",
+ "city": "${contactRegistrant.city}",
+ "country": "${contactRegistrant.country}",
+ "postalCode": "${contactRegistrant.postalCode}",
+ "state": "${contactRegistrant.state}"
+ },
+ "email": "${contactRegistrant.email}",
+ "fax": "${contactRegistrant.fax}",
+ "jobTitle": "${contactRegistrant.jobTitle}",
+ "nameFirst": "${contactRegistrant.nameFirst}",
+ "nameLast": "${contactRegistrant.nameLast}",
+ "nameMiddle": "${contactRegistrant.nameMiddle}",
+ "organization": "${contactRegistrant.organization}",
+ "phone": "${contactRegistrant.phone}"
+ },
+ "contactTech": {
+ "addressMailing": {
+ "address1": "${contactTechnical.address1}",
+ "address2": "${contactTechnical.address2}",
+ "city": "${contactTechnical.city}",
+ "country": "${contactTechnical.country}",
+ "postalCode": "${contactTechnical.postalCode}",
+ "state": "${contactTechnical.state}"
+ },
+ "email": "${contactTechnical.email}",
+ "fax": "${contactTechnical.fax}",
+ "jobTitle": "${contactTechnical.jobTitle}",
+ "nameFirst": "${contactTechnical.nameFirst}",
+ "nameLast": "${contactTechnical.nameLast}",
+ "nameMiddle": "${contactTechnical.nameMiddle}",
+ "organization": "${contactTechnical.organization}",
+ "phone": "${contactTechnical.phone}"
+ }
+ }
+ }
+ ],
+ "outputs": {
+ "id": {
+ "type": "string",
+ "value": "[resourceId('Microsoft.DomainRegistration/domains', '${name}')]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/networking/domain_name_registrations/main.tf b/modules/networking/domain_name_registrations/main.tf
new file mode 100644
index 0000000000..c1d10a1deb
--- /dev/null
+++ b/modules/networking/domain_name_registrations/main.tf
@@ -0,0 +1,16 @@
+terraform {
+ required_providers {
+ azurecaf = {
+ source = "aztfmod/azurecaf"
+ }
+ }
+ required_version = ">= 0.13"
+}
+
+locals {
+ module_tag = {
+ "module" = basename(abspath(path.module))
+ }
+ arm_filename = "${path.module}/arm_domain.json"
+ tags = merge(local.module_tag, try(var.settings.tags, null), var.base_tags)
+}
diff --git a/modules/networking/domain_name_registrations/module.tf b/modules/networking/domain_name_registrations/module.tf
new file mode 100644
index 0000000000..9347dd6d98
--- /dev/null
+++ b/modules/networking/domain_name_registrations/module.tf
@@ -0,0 +1,126 @@
+resource "random_string" "domain_zone_name" {
+ length = 16
+ special = false
+ upper = false
+}
+
+locals {
+ dns_domain_name = var.name == "" ? format("%s.com", random_string.domain_zone_name.result) : var.name
+}
+
+resource "azurerm_resource_group_template_deployment" "domain" {
+ name = local.dns_domain_name
+ resource_group_name = var.resource_group_name
+ lifecycle {
+ ignore_changes = [
+ template_content,
+ name
+ ]
+ }
+ template_content = templatefile(
+ local.arm_filename,
+ {
+ "name" = local.dns_domain_name
+
+ "consent" = {
+ # https://docs.microsoft.com/en-us/rest/api/appservice/topleveldomains/listagreements#examples
+ "agreementKeys" = [
+ try(var.settings.consent.agreement_key1, "DNRA"),
+ try(var.settings.consent.agreement_key2, "DNRA")
+ ]
+ "agreedAt" = timestamp()
+ "agreedBy" = try(var.settings.consent.agreed_by, "100.5.150.200:52212")
+ }
+
+ "privacy" = lookup(var.settings, "privacy", true)
+ "autoRenew" = lookup(var.settings, "auto_renew", false)
+ "dnsType" = lookup(var.settings, "dnsType", var.existingDnsType)
+ "targetDnsType" = lookup(var.settings, "target_dnstype", var.targetDnsType)
+ "dnsZoneId" = try(var.settings.dns_zone.id, var.dns_zone_id)
+
+ # Admin Contact
+ "contactAdmin" = {
+ "address1" = lookup(var.settings.contacts.contactAdmin, "address1", "")
+ "address2" = lookup(var.settings.contacts.contactAdmin, "address2", "")
+ "city" = lookup(var.settings.contacts.contactAdmin, "city", "")
+ "country" = lookup(var.settings.contacts.contactAdmin, "country", "")
+ "postalCode" = lookup(var.settings.contacts.contactAdmin, "postal_code", "")
+ "state" = lookup(var.settings.contacts.contactAdmin, "state", "")
+ "email" = var.settings.contacts.contactAdmin.email,
+ "fax" = lookup(var.settings.contacts.contactAdmin, "fax", "")
+ "jobTitle" = lookup(var.settings.contacts.contactAdmin, "job_title", "")
+ "nameFirst" = var.settings.contacts.contactAdmin.name_first
+ "nameLast" = var.settings.contacts.contactAdmin.name_last
+ "nameMiddle" = lookup(var.settings.contacts.contactAdmin, "name_middle", "")
+ "organization" = lookup(var.settings.contacts.contactAdmin, "organization", "")
+ "phone" = var.settings.contacts.contactAdmin.phone
+ }
+
+ # Billing Contact
+ "contactBilling" = {
+ "address1" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.address1, "") : try(var.settings.contacts.contactBilling.address1, "")
+ "address2" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.address2, "") : try(var.settings.contacts.contactBilling.address2, "")
+ "city" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.city, "") : try(var.settings.contacts.contactBilling.city, "")
+ "country" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.country, "") : try(var.settings.contacts.contactBilling.country, "")
+ "postalCode" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.postal_code, "") : try(var.settings.contacts.contactBilling.postal_code, "")
+ "state" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.state, "") : try(var.settings.contacts.contactBilling.state, "")
+ "email" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? var.settings.contacts.contactAdmin.email : try(var.settings.contacts.contactBilling.email, "")
+ "fax" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.fax, "") : try(var.settings.contacts.contactBilling.fax, "")
+ "jobTitle" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.job_title, "") : try(var.settings.contacts.contactBilling.job_title, "")
+ "nameFirst" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? var.settings.contacts.contactAdmin.name_first : try(var.settings.contacts.contactBilling.name_first, "")
+ "nameLast" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? var.settings.contacts.contactAdmin.name_last : try(var.settings.contacts.contactBilling.name_last, "")
+ "nameMiddle" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.name_middle, "") : try(var.settings.contacts.contactBilling.name_middle, "")
+ "organization" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.organization, "") : try(var.settings.contacts.contactBilling.organization, "")
+ "phone" = try(var.settings.contacts.contactBilling.same_as_admin, false) ? var.settings.contacts.contactAdmin.phone : try(var.settings.contacts.contactBilling.phone, "")
+ }
+
+ # # Registrant Contact
+ "contactRegistrant" = {
+ "address1" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.address1, "") : try(var.settings.contacts.contactRegistrant.address1, "")
+ "address2" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.address2, "") : try(var.settings.contacts.contactRegistrant.address2, "")
+ "city" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.city, "") : try(var.settings.contacts.contactRegistrant.city, "")
+ "country" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.country, "") : try(var.settings.contacts.contactRegistrant.country, "")
+ "postalCode" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.postal_code, "") : try(var.settings.contacts.contactRegistrant.postal_code, "")
+ "state" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.state, "") : try(var.settings.contacts.contactRegistrant.state, "")
+ "email" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? var.settings.contacts.contactAdmin.email : try(var.settings.contacts.contactRegistrant.email, ""),
+ "fax" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.fax, "") : try(var.settings.contacts.contactRegistrant.fax, "")
+ "jobTitle" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.job_title, "") : try(var.settings.contacts.contactRegistrant.job_title, "")
+ "nameFirst" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? var.settings.contacts.contactAdmin.name_first : try(var.settings.contacts.contactRegistrant.name_first, "")
+ "nameLast" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? var.settings.contacts.contactAdmin.name_last : try(var.settings.contacts.contactRegistrant.name_last, "")
+ "nameMiddle" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.name_middle, "") : try(var.settings.contacts.contactRegistrant.name_middle, "")
+ "organization" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.organization, "") : try(var.settings.contacts.contactRegistrant.organization, "")
+ "phone" = try(var.settings.contacts.contactRegistrant.same_as_admin, false) ? var.settings.contacts.contactAdmin.phone : try(var.settings.contacts.contactRegistrant.phone, "")
+ }
+
+ # Technical Contact
+ "contactTechnical" = {
+ "address1" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.address1, "") : try(var.settings.contacts.contactTechnical.address1, "")
+ "address2" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.address2, "") : try(var.settings.contacts.contactTechnical.address2, "")
+ "city" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.city, "") : try(var.settings.contacts.contactTechnical.city, "")
+ "country" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.country, "") : try(var.settings.contacts.contactTechnical.country, "")
+ "postalCode" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.postal_code, "") : try(var.settings.contacts.contactTechnical.postal_code, "")
+ "state" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.state, "") : try(var.settings.contacts.contactTechnical.state, "")
+ "email" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? var.settings.contacts.contactAdmin.email : try(var.settings.contacts.contactTechnical.email, ""),
+ "fax" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.fax, "") : try(var.settings.contacts.contactTechnical.fax, "")
+ "jobTitle" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.job_title, "") : try(var.settings.contacts.contactTechnical.job_title, "")
+ "nameFirst" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? var.settings.contacts.contactAdmin.name_first : try(var.settings.contacts.contactTechnical.name_first, "")
+ "nameLast" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? var.settings.contacts.contactAdmin.name_last : try(var.settings.contacts.contactTechnical.name_last, "")
+ "nameMiddle" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.name_middle, "") : try(var.settings.contacts.contactTechnical.name_middle, "")
+ "organization" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? try(var.settings.contacts.contactAdmin.organization, "") : try(var.settings.contacts.contactTechnical.organization, "")
+ "phone" = try(var.settings.contacts.contactTechnical.same_as_admin, false) ? var.settings.contacts.contactAdmin.phone : try(var.settings.contacts.contactTechnical.phone, "")
+ }
+
+ }
+ )
+
+
+ deployment_mode = "Incremental"
+}
+
+resource "azurerm_management_lock" "lock_domain" {
+ count = try(var.settings.lock_resource, false) ? 1 : 0
+ name = "${local.dns_domain_name}-lock-domain"
+ scope = jsondecode(azurerm_resource_group_template_deployment.domain.output_content).id.value
+ lock_level = "CanNotDelete"
+ notes = "Deleting a domain will make it unavailable to purchase for 60 days. Please remove the lock before deleting this domain."
+}
diff --git a/modules/networking/domain_name_registrations/output.tf b/modules/networking/domain_name_registrations/output.tf
new file mode 100644
index 0000000000..56fd47b669
--- /dev/null
+++ b/modules/networking/domain_name_registrations/output.tf
@@ -0,0 +1,9 @@
+output "dns_domain_registration_name" {
+ description = "DNS domain name purchased"
+ value = local.dns_domain_name
+}
+
+output "dns_domain_registration_id" {
+ description = "DNS domain name resource ID"
+ value = jsondecode(azurerm_resource_group_template_deployment.domain.output_content).id.value
+}
\ No newline at end of file
diff --git a/modules/networking/domain_name_registrations/variables.tf b/modules/networking/domain_name_registrations/variables.tf
new file mode 100644
index 0000000000..32b99188b3
--- /dev/null
+++ b/modules/networking/domain_name_registrations/variables.tf
@@ -0,0 +1,19 @@
+variable resource_group_name {}
+variable settings {}
+variable base_tags {}
+variable dns_zone_id {
+ description = "Resource ID of the Azure DNS global zone."
+ default = ""
+}
+variable targetDnsType {
+ description = "Target DNS type (would be used for migration). - AzureDns or DefaultDomainRegistrarDns. Set a value if this is a new domain."
+ default = "DefaultDomainRegistrarDns"
+}
+variable existingDnsType {
+ description = "Target DNS type (would be used to migrate from). - AzureDns or DefaultDomainRegistrarDns. Set to '' if this is a new domain."
+ default = ""
+}
+variable name {
+ description = "Name of the domain to purchase. When set to '' a random name is generated (recommended for CI)."
+ default = ""
+}
\ No newline at end of file
diff --git a/modules/networking/express_route_circuit/output.tf b/modules/networking/express_route_circuit/output.tf
index 015f8bc157..a2bc21c1c6 100644
--- a/modules/networking/express_route_circuit/output.tf
+++ b/modules/networking/express_route_circuit/output.tf
@@ -1,25 +1,25 @@
output id {
- value = azurerm_express_route_circuit.circuit.id
-
+ value = azurerm_express_route_circuit.circuit.id
+
description = "Express Route Circuit ID"
}
output service_key {
- value = azurerm_express_route_circuit.circuit.service_key
-
+ value = azurerm_express_route_circuit.circuit.service_key
+
description = "The string needed by the service provider to provision the ExpressRoute circuit."
}
output service_provider_provisioning_state {
- value = azurerm_express_route_circuit.circuit.service_provider_provisioning_state
-
+ value = azurerm_express_route_circuit.circuit.service_provider_provisioning_state
+
description = "The ExpressRoute circuit provisioning state from your chosen service provider."
}
output resource_group_name {
- value = var.resource_group_name
-
+ value = var.resource_group_name
+
description = "The Express Route circuit resource group name."
}
output name {
- value = azurerm_express_route_circuit.circuit.name
-
+ value = azurerm_express_route_circuit.circuit.name
+
description = "Name of the Express Route Circuit."
}
\ No newline at end of file
diff --git a/modules/networking/express_route_circuit_authorization/output.tf b/modules/networking/express_route_circuit_authorization/output.tf
index e02cf55f65..727e8486f9 100644
--- a/modules/networking/express_route_circuit_authorization/output.tf
+++ b/modules/networking/express_route_circuit_authorization/output.tf
@@ -1,15 +1,15 @@
output id {
- value = azurerm_express_route_circuit_authorization.circuitauth.id
-
+ value = azurerm_express_route_circuit_authorization.circuitauth.id
+
description = "Express Route Circuit Authorization ID"
}
output authorization_key {
- value = azurerm_express_route_circuit_authorization.circuitauth.authorization_key
-
+ value = azurerm_express_route_circuit_authorization.circuitauth.authorization_key
+
description = "The authorization key"
}
output authorization_use_status {
- value = azurerm_express_route_circuit_authorization.circuitauth.authorization_use_status
-
+ value = azurerm_express_route_circuit_authorization.circuitauth.authorization_use_status
+
description = "The authorization use status."
}
\ No newline at end of file
diff --git a/modules/networking/front_door/front_door.tf b/modules/networking/front_door/front_door.tf
index 35a62869bd..d2b985a2d5 100644
--- a/modules/networking/front_door/front_door.tf
+++ b/modules/networking/front_door/front_door.tf
@@ -1,11 +1,11 @@
resource "azurecaf_name" "frontdoor" {
name = var.settings.name
resource_type = "azurerm_frontdoor"
- prefixes = [var.global_settings.prefix]
- random_length = var.global_settings.random_length
+ prefixes = [try(var.settings.global_settings.prefix, var.global_settings.prefix)]
+ random_length = try(var.settings.global_settings.random_lenght, var.global_settings.random_length)
clean_input = true
- passthrough = var.global_settings.passthrough
- use_slug = var.global_settings.use_slug
+ passthrough = try(var.settings.global_settings.passthrough, var.global_settings.passthrough)
+ use_slug = try(var.settings.global_settings.use_slug, var.global_settings.use_slug)
}
resource "azurerm_frontdoor" "frontdoor" {
@@ -112,19 +112,19 @@ resource "azurerm_frontdoor" "frontdoor" {
content {
name = frontend_endpoint.value.name
- host_name = format("%s.azurefd.net", azurecaf_name.frontdoor.result)
+ host_name = try(frontend_endpoint.value.host_name, format("%s.azurefd.net", azurecaf_name.frontdoor.result))
session_affinity_enabled = frontend_endpoint.value.session_affinity_enabled
session_affinity_ttl_seconds = frontend_endpoint.value.session_affinity_ttl_seconds
- custom_https_provisioning_enabled = frontend_endpoint.value.custom_https_provisioning_enabled
- web_application_firewall_policy_link_id = try(var.front_door_waf_policies[var.client_config.landingzone_key][frontend_endpoint.value.front_door_waf_policy_key].id, var.front_door_waf_policies[frontend_endpoint.value.lz_key][frontend_endpoint.value.front_door_waf_policy_key].id)
+ custom_https_provisioning_enabled = try(frontend_endpoint.value.custom_https_provisioning_enabled, false)
+ web_application_firewall_policy_link_id = try(frontend_endpoint.value.front_door_waf_policy.key, null) == null ? null : var.front_door_waf_policies[try(frontend_endpoint.value.front_door_waf_policy.lz_key, var.client_config.landingzone_key)][frontend_endpoint.value.front_door_waf_policy.key].id
dynamic "custom_https_configuration" {
- for_each = frontend_endpoint.value.custom_https_provisioning_enabled == true ? [frontend_endpoint.value.custom_https_configuration] : []
+ for_each = try(frontend_endpoint.value.custom_https_provisioning_enabled, false) == true ? [frontend_endpoint.value.custom_https_configuration] : []
content {
certificate_source = custom_https_configuration.value.certificate_source
- azure_key_vault_certificate_vault_id = custom_https_configuration.value.azure_key_vault_certificate_vault_id
- azure_key_vault_certificate_secret_name = custom_https_configuration.value.azure_key_vault_certificate_secret_name
- azure_key_vault_certificate_secret_version = custom_https_configuration.value.azure_key_vault_certificate_secret_version
+ azure_key_vault_certificate_vault_id = lookup(custom_https_configuration.value, "azure_key_vault_certificate_vault_id", null) == null ? try(var.keyvault_certificate_requests[var.client_config.landingzone_key][custom_https_configuration.value.certificate.key].keyvault_id, var.keyvault_certificate_requests[custom_https_configuration.value.certificate.lz_key][custom_https_configuration.value.certificate.key].keyvault_id) : custom_https_configuration.value.azure_key_vault_certificate_vault_id
+ azure_key_vault_certificate_secret_name = lookup(custom_https_configuration.value, "azure_key_vault_certificate_secret_name", null) == null ? try(var.keyvault_certificate_requests[var.client_config.landingzone_key][custom_https_configuration.value.certificate.key].name, var.keyvault_certificate_requests[custom_https_configuration.value.certificate.lz_key][custom_https_configuration.value.certificate.key].name) : custom_https_configuration.value.azure_key_vault_certificate_secret_name
+ azure_key_vault_certificate_secret_version = lookup(custom_https_configuration.value, "azure_key_vault_certificate_secret_version", null) == null ? try(var.keyvault_certificate_requests[var.client_config.landingzone_key][custom_https_configuration.value.certificate.key].version, var.keyvault_certificate_requests[custom_https_configuration.value.certificate.lz_key][custom_https_configuration.value.certificate.key].version) : custom_https_configuration.value.azure_key_vault_certificate_secret_version
}
}
diff --git a/modules/networking/front_door/keyvault_permissions.tf b/modules/networking/front_door/keyvault_permissions.tf
index 1848f07060..45789eede5 100644
--- a/modules/networking/front_door/keyvault_permissions.tf
+++ b/modules/networking/front_door/keyvault_permissions.tf
@@ -1,34 +1,30 @@
-# Register Azure FrontDoor service in the directory.
-#
-locals {
- front_door_application_id = "ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037"
-}
-
-
-resource "null_resource" "front_door_service_principal" {
-
- provisioner "local-exec" {
- command = format("az ad sp create --id %s", local.front_door_application_id)
- on_failure = continue
- }
-}
-
-data "azuread_service_principal" "front_door" {
- application_id = local.front_door_application_id
-}
-
-module access_policy {
- source = "../../security/keyvault_access_policies"
-
- client_config = var.client_config
- keyvault_id = var.keyvault_id
-
- access_policies = {
- front_door_certificate = {
- object_id = data.azuread_service_principal.front_door.object_id
- certificate_permissions = ["Get"]
- secret_permissions = ["Get"]
- }
- }
-}
\ No newline at end of file
+# # Register Azure FrontDoor service in the directory.
+# #
+# locals {
+# front_door_application_id = "ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037"
+# }
+
+# # Execute the SP creation before from the AZ cli
+# # It will register the Azure FrontDoor global application ID with a service principal into your azure AD tenant
+# # "az ad sp create --id ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037"
+
+# data "azuread_service_principal" "front_door" {
+# application_id = local.front_door_application_id
+# }
+
+# module access_policy {
+# source = "../../security/keyvault_access_policies"
+# count = var.keyvault_id == null ? 0 : 1
+
+# client_config = var.client_config
+# keyvault_id = var.keyvault_id
+
+# access_policies = {
+# front_door_certificate = {
+# object_id = data.azuread_service_principal.front_door.object_id
+# certificate_permissions = ["Get"]
+# secret_permissions = ["Get"]
+# }
+# }
+# }
\ No newline at end of file
diff --git a/modules/networking/front_door/variables.tf b/modules/networking/front_door/variables.tf
index c9012b91e9..ed2a96a139 100644
--- a/modules/networking/front_door/variables.tf
+++ b/modules/networking/front_door/variables.tf
@@ -13,12 +13,12 @@ variable global_settings {
description = "Global settings object (see module README.md)"
}
variable keyvault_id {
- default = {}
+ default = null
}
-variable resource_group_name {
- description = "(Required) The name of the resource group where to create the resource."
- type = string
+variable keyvault_certificate_requests {
+ default = {}
}
+variable resource_group_name {}
variable settings {}
variable tags {
default = {}
diff --git a/modules/networking/private-dns/output.tf b/modules/networking/private-dns/output.tf
index 4b1d3d2da0..ca0ad6fd01 100644
--- a/modules/networking/private-dns/output.tf
+++ b/modules/networking/private-dns/output.tf
@@ -1,14 +1,14 @@
output id {
- value = azurerm_private_dns_zone.private_dns.id
-
+ value = azurerm_private_dns_zone.private_dns.id
+
}
output name {
- value = azurerm_private_dns_zone.private_dns.name
-
+ value = azurerm_private_dns_zone.private_dns.name
+
}
output resource_group_name {
- value = var.resource_group_name
-
+ value = var.resource_group_name
+
}
\ No newline at end of file
diff --git a/modules/networking/private_endpoint/output.tf b/modules/networking/private_endpoint/output.tf
index 82803cb7c4..527cf30f04 100755
--- a/modules/networking/private_endpoint/output.tf
+++ b/modules/networking/private_endpoint/output.tf
@@ -1,14 +1,14 @@
output id {
- value = azurerm_private_endpoint.pep.id
-
+ value = azurerm_private_endpoint.pep.id
+
}
output private_dns_zone_group {
- value = azurerm_private_endpoint.pep.private_dns_zone_group
-
+ value = azurerm_private_endpoint.pep.private_dns_zone_group
+
}
output private_dns_zone_configs {
- value = azurerm_private_endpoint.pep.private_dns_zone_configs
-
+ value = azurerm_private_endpoint.pep.private_dns_zone_configs
+
}
\ No newline at end of file
diff --git a/modules/networking/public_ip_addresses/output.tf b/modules/networking/public_ip_addresses/output.tf
index 7f8dac80b9..7bb1d9857b 100755
--- a/modules/networking/public_ip_addresses/output.tf
+++ b/modules/networking/public_ip_addresses/output.tf
@@ -1,14 +1,14 @@
output id {
- value = azurerm_public_ip.pip.id
-
+ value = azurerm_public_ip.pip.id
+
}
output ip_address {
- value = azurerm_public_ip.pip.ip_address
-
+ value = azurerm_public_ip.pip.ip_address
+
}
output fqdn {
- value = azurerm_public_ip.pip.fqdn
-
+ value = azurerm_public_ip.pip.fqdn
+
}
diff --git a/modules/networking/route_tables/output.tf b/modules/networking/route_tables/output.tf
index b8dd3f1847..6953093549 100755
--- a/modules/networking/route_tables/output.tf
+++ b/modules/networking/route_tables/output.tf
@@ -1,10 +1,10 @@
output id {
- value = azurerm_route_table.rt.id
-
+ value = azurerm_route_table.rt.id
+
}
output name {
- value = azurerm_route_table.rt.name
-
+ value = azurerm_route_table.rt.name
+
}
diff --git a/modules/networking/virtual_network/nsg/output.tf b/modules/networking/virtual_network/nsg/output.tf
index c0a7a0ba15..10dd136be7 100644
--- a/modules/networking/virtual_network/nsg/output.tf
+++ b/modules/networking/virtual_network/nsg/output.tf
@@ -1,9 +1,9 @@
output "nsg_ids" {
- value = azurerm_network_security_group.nsg_obj.*
-
+ value = azurerm_network_security_group.nsg_obj.*
+
}
output "nsg_obj" {
- value = azurerm_network_security_group.nsg_obj
-
+ value = azurerm_network_security_group.nsg_obj
+
}
diff --git a/modules/networking/virtual_network/output.tf b/modules/networking/virtual_network/output.tf
index da9089cc67..f395dcd0e0 100644
--- a/modules/networking/virtual_network/output.tf
+++ b/modules/networking/virtual_network/output.tf
@@ -22,7 +22,7 @@ output dns_servers {
output resource_group_name {
value = azurerm_virtual_network.vnet.resource_group_name
description = "Virutal Network resource_group_name"
-
+
}
output location {
@@ -33,5 +33,5 @@ output location {
output "subnets" {
description = "Returns all the subnets objects in the Virtual Network. As a map of keys, ID"
value = merge(module.special_subnets, module.subnets)
-
+
}
diff --git a/modules/networking/virtual_network/subnet/output.tf b/modules/networking/virtual_network/subnet/output.tf
index 1c6f30d9aa..38538de8c4 100644
--- a/modules/networking/virtual_network/subnet/output.tf
+++ b/modules/networking/virtual_network/subnet/output.tf
@@ -1,15 +1,15 @@
output id {
- value = azurerm_subnet.subnet.id
-
+ value = azurerm_subnet.subnet.id
+
}
output name {
- value = azurerm_subnet.subnet.name
-
+ value = azurerm_subnet.subnet.name
+
}
output cidr {
- value = var.address_prefixes
-
+ value = var.address_prefixes
+
}
\ No newline at end of file
diff --git a/modules/networking/virtual_network_gateway_connections/output.tf b/modules/networking/virtual_network_gateway_connections/output.tf
index a0b2997a89..91c707be26 100644
--- a/modules/networking/virtual_network_gateway_connections/output.tf
+++ b/modules/networking/virtual_network_gateway_connections/output.tf
@@ -1,5 +1,5 @@
output id {
- value = azurerm_virtual_network_gateway_connection.vngw_connection.id
-
+ value = azurerm_virtual_network_gateway_connection.vngw_connection.id
+
}
diff --git a/modules/networking/virtual_network_gateways/output.tf b/modules/networking/virtual_network_gateways/output.tf
index c7059da943..e24139a63f 100644
--- a/modules/networking/virtual_network_gateways/output.tf
+++ b/modules/networking/virtual_network_gateways/output.tf
@@ -1,5 +1,5 @@
output id {
- value = azurerm_virtual_network_gateway.vngw.id
-
+ value = azurerm_virtual_network_gateway.vngw.id
+
}
diff --git a/modules/networking/virtual_wan/virtual_wan.tf b/modules/networking/virtual_wan/virtual_wan.tf
index a373a7bb10..e67f880795 100644
--- a/modules/networking/virtual_wan/virtual_wan.tf
+++ b/modules/networking/virtual_wan/virtual_wan.tf
@@ -35,14 +35,14 @@ module hubs {
}
output virtual_hubs {
- value = module.hubs
-
+ value = module.hubs
+
description = "Virtual Hubs object"
}
output virtual_wan {
- value = azurerm_virtual_wan.vwan
-
+ value = azurerm_virtual_wan.vwan
+
description = "Virtual WAN object"
}
diff --git a/modules/resource_group/output.tf b/modules/resource_group/output.tf
index f2c6b5fbe7..6457b8e0f4 100644
--- a/modules/resource_group/output.tf
+++ b/modules/resource_group/output.tf
@@ -1,16 +1,16 @@
output name {
- value = azurerm_resource_group.rg.name
-
+ value = azurerm_resource_group.rg.name
+
}
output location {
- value = azurerm_resource_group.rg.location
-
+ value = azurerm_resource_group.rg.location
+
}
output tags {
- value = azurerm_resource_group.rg.tags
-
+ value = azurerm_resource_group.rg.tags
+
}
output rbac_id {
diff --git a/modules/roles/custom_roles/output.tf b/modules/roles/custom_roles/output.tf
index f35161e533..20510f0a80 100755
--- a/modules/roles/custom_roles/output.tf
+++ b/modules/roles/custom_roles/output.tf
@@ -1,9 +1,9 @@
output id {
- value = azurerm_role_definition.custom_role.id
-
+ value = azurerm_role_definition.custom_role.id
+
}
output role_definition_resource_id {
- value = azurerm_role_definition.custom_role.role_definition_resource_id
-
+ value = azurerm_role_definition.custom_role.role_definition_resource_id
+
}
\ No newline at end of file
diff --git a/modules/security/dynamic_keyvault_secrets/keyvault.tf b/modules/security/dynamic_keyvault_secrets/keyvault.tf
index b87536cd9b..1ea785a08a 100644
--- a/modules/security/dynamic_keyvault_secrets/keyvault.tf
+++ b/modules/security/dynamic_keyvault_secrets/keyvault.tf
@@ -1,5 +1,5 @@
module secret {
- source = "./secret"
+ source = "./secret"
for_each = {
for key, value in var.settings : key => value
if try(value.value, null) == null
@@ -11,7 +11,7 @@ module secret {
}
module secret_value {
- source = "./secret"
+ source = "./secret"
for_each = {
for key, value in var.settings : key => value
if try(value.value, null) != null && try(value.value, null) != ""
@@ -23,7 +23,7 @@ module secret_value {
}
module secret_immutable {
- source = "./secret_immutable"
+ source = "./secret_immutable"
for_each = {
for key, value in var.settings : key => value
if try(value.value, null) == ""
diff --git a/modules/security/keyvault/output.tf b/modules/security/keyvault/output.tf
index 506264653e..7de3e3736a 100755
--- a/modules/security/keyvault/output.tf
+++ b/modules/security/keyvault/output.tf
@@ -16,6 +16,6 @@ output rbac_id {
}
output base_tags {
- value = var.base_tags
-
+ value = var.base_tags
+
}
\ No newline at end of file
diff --git a/modules/security/keyvault_certificate/output.tf b/modules/security/keyvault_certificate/output.tf
index 9369c0e8bf..3e3061ee33 100644
--- a/modules/security/keyvault_certificate/output.tf
+++ b/modules/security/keyvault_certificate/output.tf
@@ -1,3 +1,23 @@
output secret_id {
value = azurerm_key_vault_certificate.cert.secret_id
}
+
+output id {
+ value = azurerm_key_vault_certificate.cert.id
+}
+
+output version {
+ value = azurerm_key_vault_certificate.cert.version
+}
+
+output name {
+ value = azurerm_key_vault_certificate.cert.name
+}
+
+output thumbprint {
+ value = azurerm_key_vault_certificate.cert.thumbprint
+}
+
+output certificate_attribute {
+ value = azurerm_key_vault_certificate.cert.certificate_attribute
+}
\ No newline at end of file
diff --git a/modules/security/keyvault_certificate_request/GlobalSign_GetCertificateOrders.tpl b/modules/security/keyvault_certificate_request/GlobalSign_GetCertificateOrders.tpl
new file mode 100644
index 0000000000..d0744af83d
--- /dev/null
+++ b/modules/security/keyvault_certificate_request/GlobalSign_GetCertificateOrders.tpl
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
+ ${UserName}
+ ${Password}
+
+
+ ${FQDN}
+
+
+
+
diff --git a/modules/security/keyvault_certificate_request/GlobalSign_cancel_order.tpl b/modules/security/keyvault_certificate_request/GlobalSign_cancel_order.tpl
new file mode 100644
index 0000000000..81ec129d44
--- /dev/null
+++ b/modules/security/keyvault_certificate_request/GlobalSign_cancel_order.tpl
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+
+ ${UserName}
+ ${Password}
+
+
+ #{order}
+ CANCEL
+
+
+
+
\ No newline at end of file
diff --git a/modules/security/keyvault_certificate_request/global_sign.tf b/modules/security/keyvault_certificate_request/global_sign.tf
new file mode 100644
index 0000000000..d49d3f12b3
--- /dev/null
+++ b/modules/security/keyvault_certificate_request/global_sign.tf
@@ -0,0 +1,46 @@
+data "azurerm_key_vault_secret" "password" {
+ count = lower(var.settings.certificate_policy.issuer_key_or_name) == "self" ? 0 : 1
+ name = var.certificate_issuers[var.settings.certificate_policy.issuer_key_or_name].cert_password_key
+ key_vault_id = var.keyvault_id
+}
+
+locals {
+ soap_get_certificate_orders = lower(var.settings.certificate_policy.issuer_key_or_name) == "self" ? null : templatefile(
+ format("%s/GlobalSign_GetCertificateOrders.tpl", path.module),
+ {
+ UserName = var.certificate_issuers[var.settings.certificate_policy.issuer_key_or_name].account_id,
+ Password = data.azurerm_key_vault_secret.password[0].value,
+ FQDN = regex("[^CN=]+", var.settings.certificate_policy.x509_certificate_properties.subject) # regex("[^CN=]+", "CN=crm.test.com") ==> crm.test.com
+ }
+ )
+
+ soap_cancel_order = lower(var.settings.certificate_policy.issuer_key_or_name) == "self" ? null : templatefile(
+ format("%s/GlobalSign_cancel_order.tpl", path.module),
+ {
+ UserName = var.certificate_issuers[var.settings.certificate_policy.issuer_key_or_name].account_id,
+ Password = data.azurerm_key_vault_secret.password[0].value
+ }
+ )
+}
+
+# When canceled within 7 days, the certificate is not invoiced
+resource "null_resource" "cancel_order_global_sign" {
+ count = try(var.certificate_issuers[var.settings.certificate_policy.issuer_key_or_name].provider_name, null) == "GlobalSign" ? 1 : 0
+
+ triggers = {
+ SOAP_GET_ORDERS = local.soap_get_certificate_orders
+ SOAP_CANCEL_ORDER = local.soap_cancel_order
+ }
+
+ provisioner "local-exec" {
+ command = format("%s/scripts/GlobalSign_cancel_orders.sh", path.module)
+ when = destroy
+ interpreter = ["/bin/bash"]
+ on_failure = continue
+
+ environment = {
+ SOAP_GET_ORDERS = self.triggers.SOAP_GET_ORDERS
+ SOAP_CANCEL_ORDER_TPL = self.triggers.SOAP_CANCEL_ORDER
+ }
+ }
+}
diff --git a/modules/security/keyvault_certificate_request/module.tf b/modules/security/keyvault_certificate_request/module.tf
index 361f480003..e04c50eb2e 100644
--- a/modules/security/keyvault_certificate_request/module.tf
+++ b/modules/security/keyvault_certificate_request/module.tf
@@ -4,7 +4,7 @@ resource "azurerm_key_vault_certificate" "csr" {
certificate_policy {
issuer_parameters {
- name = try(var.certificate_issuers[var.settings.certificate_policy.issuer_key_or_name].name, var.settings.certificate_policy.issuer_key_or_name)
+ name = try(var.certificate_issuers[var.settings.certificate_policy.issuer_key_or_name].issuer_name, var.settings.certificate_policy.issuer_key_or_name)
}
key_properties {
exportable = var.settings.certificate_policy.exportable
diff --git a/modules/security/keyvault_certificate_request/output.tf b/modules/security/keyvault_certificate_request/output.tf
index 2c2691ee85..6318c9a208 100644
--- a/modules/security/keyvault_certificate_request/output.tf
+++ b/modules/security/keyvault_certificate_request/output.tf
@@ -1,18 +1,21 @@
output id {
value = azurerm_key_vault_certificate.csr.id
}
+output keyvault_id {
+ value = var.keyvault_id
+}
output secret_id {
value = azurerm_key_vault_certificate.csr.secret_id
}
output version {
value = azurerm_key_vault_certificate.csr.version
}
-output certificate_data {
- value = azurerm_key_vault_certificate.csr.certificate_data
-}
output thumbprint {
value = azurerm_key_vault_certificate.csr.thumbprint
}
output certificate_attribute {
value = azurerm_key_vault_certificate.csr.certificate_attribute
}
+output name {
+ value = azurerm_key_vault_certificate.csr.name
+}
\ No newline at end of file
diff --git a/modules/security/keyvault_certificate_request/scripts/GlobalSign_cancel_orders.sh b/modules/security/keyvault_certificate_request/scripts/GlobalSign_cancel_orders.sh
new file mode 100755
index 0000000000..594f32da80
--- /dev/null
+++ b/modules/security/keyvault_certificate_request/scripts/GlobalSign_cancel_orders.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Get the orders from Global Sign
+orders=$(curl -sb -X POST https://system.globalsign.com/kb/ws/v1/GASService -H "Content-Type: text/xml;charset=UTF-8" -d "${SOAP_GET_ORDERS}")
+
+function cancel_order {
+ SOAP_CANCEL_ORDER=$(echo $SOAP_CANCEL_ORDER_TPL | sed "s/#{order}/${1}/g")
+ curl -sb -X POST https://system.globalsign.com/kb/ws/v2/ManagedSSLService -H "Content-Type: text/xml;charset=UTF-8" -d "${SOAP_CANCEL_ORDER}"
+}
+
+# Get the orders that have not been canceled (OrderStatus=5 for canceled-issued and 3 canceled-non-issued)
+orderIDs=$(echo ${orders} | xq -r '."soap:Envelope"."soap:Body"."ns2:GetCertificateOrdersResponse".Response.SearchOrderDetails.SearchOrderDetail | if type == "array" then .[] else . end | select( .OrderStatus != "3" and .OrderStatus != "5") | .OrderID' 2>/dev/null)
+
+if [[ ! -z "${orderIDs}" ]]; then
+
+ # Process the order cancellation
+ for orderID in ${orderIDs}; do
+ echo "Cancelling orderID: ${orderID}"
+ cancel_order ${orderID}
+ done
+else
+ echo "No order to cancel"
+fi
diff --git a/modules/storage_account/output.tf b/modules/storage_account/output.tf
index 2b840f8269..5ecfcb3a60 100755
--- a/modules/storage_account/output.tf
+++ b/modules/storage_account/output.tf
@@ -1,26 +1,26 @@
output id {
- value = azurerm_storage_account.stg.id
-
+ value = azurerm_storage_account.stg.id
+
}
output name {
- value = azurerm_storage_account.stg.name
-
+ value = azurerm_storage_account.stg.name
+
}
output location {
- value = var.location
-
+ value = var.location
+
}
output resource_group_name {
- value = var.resource_group_name
-
+ value = var.resource_group_name
+
}
output primary_blob_endpoint {
- value = azurerm_storage_account.stg.primary_blob_endpoint
-
+ value = azurerm_storage_account.stg.primary_blob_endpoint
+
}
output containers {
diff --git a/mssql_databases.tf b/mssql_databases.tf
index 658c895017..99a45d299e 100755
--- a/mssql_databases.tf
+++ b/mssql_databases.tf
@@ -1,7 +1,7 @@
output mssql_databases {
- value = module.mssql_databases
-
+ value = module.mssql_databases
+
}
module "mssql_databases" {
diff --git a/mssql_elastic_pools.tf b/mssql_elastic_pools.tf
index b8a61fbc45..4540ae43a2 100755
--- a/mssql_elastic_pools.tf
+++ b/mssql_elastic_pools.tf
@@ -1,7 +1,7 @@
output mssql_elastic_pools {
- value = module.mssql_elastic_pools
-
+ value = module.mssql_elastic_pools
+
}
module "mssql_elastic_pools" {
diff --git a/mssql_servers.tf b/mssql_servers.tf
index ff07c0c286..a0532b834c 100755
--- a/mssql_servers.tf
+++ b/mssql_servers.tf
@@ -1,7 +1,7 @@
output mssql_servers {
- value = module.mssql_servers
-
+ value = module.mssql_servers
+
}
module "mssql_servers" {
diff --git a/msssql_managed_databases.tf b/msssql_managed_databases.tf
index 48eafb9e2d..3ec707495d 100644
--- a/msssql_managed_databases.tf
+++ b/msssql_managed_databases.tf
@@ -1,7 +1,7 @@
output mssql_managed_databases {
- value = module.mssql_managed_databases
-
+ value = module.mssql_managed_databases
+
}
module "mssql_managed_databases" {
diff --git a/msssql_managed_instances.tf b/msssql_managed_instances.tf
index 24bc639f84..151d2e55c6 100644
--- a/msssql_managed_instances.tf
+++ b/msssql_managed_instances.tf
@@ -1,7 +1,7 @@
output mssql_managed_instances {
- value = module.mssql_managed_instances
-
+ value = module.mssql_managed_instances
+
}
output mssql_managed_instances_secondary {
value = module.mssql_managed_instances_secondary
diff --git a/mysql_servers.tf b/mysql_servers.tf
index f5648f49d3..5d648f0eb3 100644
--- a/mysql_servers.tf
+++ b/mysql_servers.tf
@@ -1,7 +1,7 @@
output mysql_servers {
- value = module.mysql_servers
-
+ value = module.mysql_servers
+
}
module "mysql_servers" {
diff --git a/networking.tf b/networking.tf
index e8c66b9b17..89439420d1 100755
--- a/networking.tf
+++ b/networking.tf
@@ -1,12 +1,12 @@
output vnets {
depends_on = [azurerm_virtual_network_peering.peering]
value = module.networking
-
+
}
output public_ip_addresses {
- value = module.public_ip_addresses
-
+ value = module.public_ip_addresses
+
}
diff --git a/networking_dns_zones.tf b/networking_dns_zones.tf
index b5fa838375..b1a4c2619d 100644
--- a/networking_dns_zones.tf
+++ b/networking_dns_zones.tf
@@ -2,11 +2,31 @@ module dns_zones {
source = "./modules/networking/dns_zone"
for_each = try(local.networking.dns_zones, {})
- settings = each.value
+ base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
global_settings = local.global_settings
- location = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region]
resource_group_name = module.resource_groups[each.value.resource_group_key].name
- base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
+ settings = each.value
+}
+
+output dns_zones {
+ value = module.dns_zones
+}
+
+#
+# Create records on remote DNS zones
+#
+module dns_zone_records {
+ source = "./modules/networking/dns_zone/records"
+ for_each = try(local.networking.dns_zone_records, {})
+ depends_on = [module.dns_zones]
+
+ base_tags = {}
+ resource_group_name = try(each.value.dns_zone.resource_group_name, null) == null ? local.combined_objects_dns_zones[lookup(each.value.dns_zone, "lz_key", local.client_config.landingzone_key)][each.value.dns_zone.key].resource_group_name : each.value.dns_zone.resource_group_name
+ records = each.value.records
+ zone_name = try(each.value.dns_zone.name, null) == null ? local.combined_objects_dns_zones[lookup(each.value.dns_zone, "lz_key", local.client_config.landingzone_key)][each.value.dns_zone.key].name : each.value.dns_zone.name
}
+output dns_zone_records {
+ value = module.dns_zone_records
+}
\ No newline at end of file
diff --git a/networking_domain_name_registrations.tf b/networking_domain_name_registrations.tf
new file mode 100644
index 0000000000..7c0beaef3d
--- /dev/null
+++ b/networking_domain_name_registrations.tf
@@ -0,0 +1,15 @@
+module domain_name_registrations {
+ source = "./modules/networking/domain_name_registrations"
+ for_each = try(local.networking.domain_name_registrations, {})
+
+ base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
+ dns_zone_id = try(each.value.dns_zone.lz_key, null) == null ? local.combined_objects_dns_zones[local.client_config.landingzone_key][each.value.dns_zone.key].id : local.combined_objects_dns_zones[each.value.dns_zone.lz_key][each.value.dns_zone.key].id
+ name = try(each.value.name, "") == "" ? try(local.combined_objects_dns_zones[local.client_config.landingzone_key][each.value.dns_zone.key].name, local.combined_objects_dns_zones[each.value.dns_zone.lz_key][each.value.dns_zone.key].name) : ""
+ resource_group_name = module.resource_groups[each.value.resource_group_key].name
+ settings = each.value
+}
+
+output domain_name_registrations {
+ value = module.domain_name_registrations
+}
+
diff --git a/networking_express_route.tf b/networking_express_route.tf
index a47dceeb7e..f9319d3cdc 100644
--- a/networking_express_route.tf
+++ b/networking_express_route.tf
@@ -34,13 +34,13 @@ module express_route_circuit_authorizations {
# Outputs
output express_route_circuits {
- value = module.express_route_circuits
-
+ value = module.express_route_circuits
+
description = "Express Route Circuit output"
}
output express_route_circuit_authorizations {
- value = module.express_route_circuit_authorizations
-
+ value = module.express_route_circuit_authorizations
+
description = "Express Route Circuit Authorizations Keys output"
}
diff --git a/networking_firewall.tf b/networking_firewall.tf
index 6f9f4eb16f..8f5b0c0fec 100755
--- a/networking_firewall.tf
+++ b/networking_firewall.tf
@@ -61,6 +61,6 @@ module azurerm_firewall_nat_rule_collections {
}
output azurerm_firewalls {
- value = module.azurerm_firewalls
-
+ value = module.azurerm_firewalls
+
}
diff --git a/networking_virtual_wan.tf b/networking_virtual_wan.tf
index 3c2587fc7e..1ff80370eb 100644
--- a/networking_virtual_wan.tf
+++ b/networking_virtual_wan.tf
@@ -37,7 +37,7 @@ resource "azurerm_virtual_hub_connection" "vhub_connection" {
# Outputs
output virtual_wans {
- value = module.virtual_wans
-
+ value = module.virtual_wans
+
description = "Virtual WAN output"
}
diff --git a/output.tf b/output.tf
index b93713b330..bd2a291b9b 100755
--- a/output.tf
+++ b/output.tf
@@ -5,5 +5,5 @@ output client_config {
subscription_id = local.client_config.subscription_id
landingzone_key = local.client_config.landingzone_key
}
-
+
}
\ No newline at end of file
diff --git a/postgresql_servers.tf b/postgresql_servers.tf
index 8f01747591..8419f806a7 100644
--- a/postgresql_servers.tf
+++ b/postgresql_servers.tf
@@ -1,7 +1,7 @@
output postgresql_servers {
- value = module.postgresql_servers
-
+ value = module.postgresql_servers
+
}
module "postgresql_servers" {
diff --git a/proximity_placement_groups.tf b/proximity_placement_groups.tf
index bc7cff1422..143f545400 100644
--- a/proximity_placement_groups.tf
+++ b/proximity_placement_groups.tf
@@ -14,6 +14,6 @@ module proximity_placement_groups {
output proximity_placement_groups {
- value = module.proximity_placement_groups
-
+ value = module.proximity_placement_groups
+
}
diff --git a/recovery_vaults.tf b/recovery_vaults.tf
index 6cda98c330..a7de39b988 100644
--- a/recovery_vaults.tf
+++ b/recovery_vaults.tf
@@ -18,6 +18,6 @@ module recovery_vaults {
}
output recovery_vaults {
- value = module.recovery_vaults
-
+ value = module.recovery_vaults
+
}
diff --git a/resource_groups.tf b/resource_groups.tf
index 3b7e5b24de..c025b5cd54 100755
--- a/resource_groups.tf
+++ b/resource_groups.tf
@@ -10,6 +10,6 @@ module resource_groups {
}
output resource_groups {
- value = module.resource_groups
-
+ value = module.resource_groups
+
}
\ No newline at end of file
diff --git a/roles.tf b/roles.tf
index 60bee53b9d..7f000f7f8b 100755
--- a/roles.tf
+++ b/roles.tf
@@ -40,6 +40,7 @@ locals {
azuread_groups = local.combined_objects_azuread_groups
azuread_apps = local.combined_objects_azuread_applications
azuread_users = local.combined_objects_azuread_users
+ dns_zones = local.combined_objects_dns_zones
azurerm_firewalls = local.combined_objects_azurerm_firewalls
event_hub_namespaces = local.combined_objects_event_hub_namespaces
keyvaults = local.combined_objects_keyvaults
diff --git a/storage_account_blobs.tf b/storage_account_blobs.tf
index 7820365e50..48064a6ed6 100644
--- a/storage_account_blobs.tf
+++ b/storage_account_blobs.tf
@@ -22,6 +22,6 @@ module "storage_account_blobs" {
}
output storage_account_blobs {
- value = module.storage_account_blobs
-
+ value = module.storage_account_blobs
+
}
diff --git a/storage_accounts.tf b/storage_accounts.tf
index de598afa64..fdbe114c3f 100755
--- a/storage_accounts.tf
+++ b/storage_accounts.tf
@@ -17,6 +17,6 @@ module "storage_accounts" {
}
output storage_accounts {
- value = module.storage_accounts
-
+ value = module.storage_accounts
+
}
diff --git a/synapses.tf b/synapses.tf
index d7c2ccc0a0..152613d281 100644
--- a/synapses.tf
+++ b/synapses.tf
@@ -13,8 +13,8 @@ module synapse_workspaces {
}
output synapse_workspaces {
- value = module.synapse_workspaces
-
+ value = module.synapse_workspaces
+
}
diff --git a/virtual_machines.tf b/virtual_machines.tf
index 50e17d0507..fe4ac5d134 100644
--- a/virtual_machines.tf
+++ b/virtual_machines.tf
@@ -30,7 +30,7 @@ module virtual_machines {
output virtual_machines {
- value = module.virtual_machines
-
+ value = module.virtual_machines
+
}