Adding documentation auto generation for module and submodules

.pre-commit-config.yaml

@@ -2,19 +2,22 @@
 # See http://pre-commit.com/hooks.html for more hooks
 repos:
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.44.0
+    rev: v1.45.0
     hooks:
     - id: terraform_fmt
-    # - id: terraform_docs
+    - id: terraform_docs
     # - id: terraform_tflint
+    # - id: terraform_validate
     # - id: terraform_tfsec
+    # - id: checkov
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v3.3.0
+    rev: v3.4.0
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace
       - id: check-yaml
       - id: check-added-large-files
+      - id: detect-private-key
   # - repo: git://github.com/markdownlint/markdownlint
   #   rev: v0.9.0
   #   hooks:

README.md

@@ -51,6 +51,8 @@ You can also reach us on [Gitter](https://gitter.im/aztfmod/community?utm_source
 
 ## Contributing
 
+In order to contribute to the project, please review the module contribution and [conventions guidelines](./documentation/conventions.md)
+
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
 the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

UPGRADE.md

@@ -13,7 +13,7 @@ var.virtual_machines/<key>/virtual_machine_settings/windows/
 Example of the updated sturcture
 /examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars
 
-Replace 
+Replace
 ```hcl
 admin_user_key = "vm-win-admin-username"
 ```

examples/README.md

@@ -17,7 +17,6 @@ rover login
 rover login --tenant <tenant_name>.onmicrosoft.com -s <subscription_id>
 ```
 
-
 2. Deploy the basic launchpad
 
 ```bash
@@ -35,6 +34,10 @@ rover -lz /tf/caf/examples \
 -a plan|apply
 ```
 
+## Deploying examples with Terraform
+
+Each module can be deployed outside of the rover using native Terraform, please refer to the instructions within each example directory, whenver you have a /standalone subdirectory.
+
 
 ## Developing and testing module for landing zones
 
@@ -67,4 +70,129 @@ module "networking" {
   source  = "../../.."
 ```
 
-You should now be able to run landing zones as usual, except it will source the module locally, so you can test the features you introduced in the module.
+You should now be able to run landing zones as usual, except it will source the module locally, so you can test the features you introduced in the module.
+
+## Using the examples
+
+You can customize the examples execution by modifying the variables as follow:
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.13 |
+| azuread | ~> 1.0.0 |
+| azurecaf | ~> 1.1.0 |
+| azurerm | ~> 2.40.0 |
+| external | ~> 1.2.0 |
+| null | ~> 2.1.0 |
+| random | ~> 2.2.1 |
+| time | ~> 0.6.0 |
+| tls | ~> 2.2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| terraform | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| aks\_clusters | n/a | `map` | `{}` | no |
+| app\_service\_environments | n/a | `map` | `{}` | no |
+| app\_service\_plans | n/a | `map` | `{}` | no |
+| app\_services | n/a | `map` | `{}` | no |
+| application\_gateway\_applications | n/a | `map` | `{}` | no |
+| application\_gateways | n/a | `map` | `{}` | no |
+| availability\_sets | n/a | `map` | `{}` | no |
+| azuread\_groups | n/a | `map` | `{}` | no |
+| azuread\_roles | n/a | `map` | `{}` | no |
+| azurerm\_application\_insights | n/a | `map` | `{}` | no |
+| azurerm\_redis\_caches | n/a | `map` | `{}` | no |
+| azurerm\_routes | n/a | `map` | `{}` | no |
+| bastion\_hosts | n/a | `map` | `{}` | no |
+| cosmos\_db | n/a | `map` | `{}` | no |
+| cosmos\_dbs | n/a | `map` | `{}` | no |
+| databricks\_workspaces | n/a | `map` | `{}` | no |
+| diagnostic\_event\_hub\_namespaces | n/a | `map` | `{}` | no |
+| diagnostic\_log\_analytics | n/a | `map` | `{}` | no |
+| diagnostic\_storage\_accounts | n/a | `map` | `{}` | no |
+| diagnostics\_definition | n/a | `any` | `null` | no |
+| diagnostics\_destinations | n/a | `map` | `{}` | no |
+| dns\_zones | n/a | `map` | `{}` | no |
+| dynamic\_keyvault\_secrets | n/a | `map` | `{}` | no |
+| environment | n/a | `string` | `"sandpit"` | no |
+| event\_hub\_namespaces | n/a | `map` | `{}` | no |
+| express\_route\_circuit\_authorizations | n/a | `map` | `{}` | no |
+| express\_route\_circuits | n/a | `map` | `{}` | no |
+| front\_door\_waf\_policies | n/a | `map` | `{}` | no |
+| front\_doors | n/a | `map` | `{}` | no |
+| global\_settings | n/a | `map` | <pre>{<br>  "default_region": "region1",<br>  "regions": {<br>    "region1": "southeastasia",<br>    "region2": "eastasia"<br>  }<br>}</pre> | no |
+| keyvault\_access\_policies | n/a | `map` | `{}` | no |
+| keyvault\_certificate\_issuers | n/a | `map` | `{}` | no |
+| keyvault\_certificate\_requests | n/a | `map` | `{}` | no |
+| keyvaults | n/a | `map` | `{}` | no |
+| landingzone | n/a | `map` | <pre>{<br>  "backend_type": "azurerm",<br>  "global_settings_key": "launchpad",<br>  "key": "examples",<br>  "level": "level0",<br>  "tfstates": {<br>    "launchpad": {<br>      "level": "lower",<br>      "tfstate": "caf_launchpad.tfstate"<br>    }<br>  }<br>}</pre> | no |
+| local\_network\_gateways | n/a | `map` | `{}` | no |
+| log\_analytics | n/a | `map` | `{}` | no |
+| logged\_aad\_app\_objectId | n/a | `any` | `null` | no |
+| logged\_user\_objectId | n/a | `any` | `null` | no |
+| lower\_container\_name | n/a | `any` | n/a | yes |
+| lower\_resource\_group\_name | n/a | `any` | n/a | yes |
+| lower\_storage\_account\_name | Map of the remote data state for lower level | `any` | n/a | yes |
+| machine\_learning\_workspaces | n/a | `map` | `{}` | no |
+| managed\_identities | n/a | `map` | `{}` | no |
+| mariadb\_databases | n/a | `map` | `{}` | no |
+| mariadb\_servers | n/a | `map` | `{}` | no |
+| monitoring | n/a | `map` | `{}` | no |
+| mssql\_databases | n/a | `map` | `{}` | no |
+| mssql\_elastic\_pools | n/a | `map` | `{}` | no |
+| mssql\_failover\_groups | n/a | `map` | `{}` | no |
+| mssql\_managed\_databases | n/a | `map` | `{}` | no |
+| mssql\_managed\_databases\_restore | n/a | `map` | `{}` | no |
+| mssql\_managed\_instances | n/a | `map` | `{}` | no |
+| mssql\_managed\_instances\_secondary | n/a | `map` | `{}` | no |
+| mssql\_mi\_administrators | n/a | `map` | `{}` | no |
+| mssql\_mi\_failover\_groups | n/a | `map` | `{}` | no |
+| mssql\_servers | n/a | `map` | `{}` | no |
+| mysql\_servers | n/a | `map` | `{}` | no |
+| network\_security\_group\_definition | n/a | `any` | `null` | no |
+| network\_watchers | n/a | `map` | `{}` | no |
+| postgresql\_servers | n/a | `map` | `{}` | no |
+| private\_dns | n/a | `map` | `{}` | no |
+| private\_endpoints | n/a | `map` | `{}` | no |
+| proximity\_placement\_groups | n/a | `map` | `{}` | no |
+| public\_ip\_addresses | n/a | `map` | `{}` | no |
+| recovery\_vaults | n/a | `map` | `{}` | no |
+| resource\_groups | n/a | `any` | `null` | no |
+| role\_mapping | n/a | `map` | `{}` | no |
+| route\_tables | n/a | `map` | `{}` | no |
+| rover\_version | n/a | `any` | `null` | no |
+| storage\_accounts | n/a | `map` | `{}` | no |
+| synapse\_workspaces | n/a | `map` | `{}` | no |
+| tags | n/a | `map` | `null` | no |
+| tenant\_id | n/a | `any` | n/a | yes |
+| tfstate\_container\_name | n/a | `any` | n/a | yes |
+| tfstate\_key | n/a | `any` | n/a | yes |
+| tfstate\_resource\_group\_name | n/a | `any` | n/a | yes |
+| tfstate\_storage\_account\_name | n/a | `any` | n/a | yes |
+| tfstate\_subscription\_id | n/a | `any` | n/a | yes |
+| var\_folder\_path | n/a | `map` | `{}` | no |
+| virtual\_machines | n/a | `map` | `{}` | no |
+| virtual\_network\_gateway\_connections | n/a | `map` | `{}` | no |
+| virtual\_network\_gateways | n/a | `map` | `{}` | no |
+| virtual\_wans | n/a | `map` | `{}` | no |
+| vnet\_peerings | n/a | `map` | `{}` | no |
+| vnets | n/a | `map` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| mssql\_managed\_instances | n/a |
+| virtual\_machines | n/a |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/app_insights/100-all-attributes/configuration.tfvars

@@ -17,10 +17,10 @@ azurerm_application_insights = {
     name                                  = "tf-test-appinsights-web"
     resource_group_key                    = "rg1"
     application_type                      = "web"
-    daily_data_cap_in_gb                  = "100"
+    daily_data_cap_in_gb                  = 100
     daily_data_cap_notifications_disabled = false
-    retention_in_days                     = "180"
-    sampling_percentage                   = "50"
+    retention_in_days                     = 180
+    sampling_percentage                   = 50
     disable_ip_masking                    = true
   }
   ios = {

examples/compute/availability_set/101-availabilityset-with-proximity-placement-group/configuration.tfvars

@@ -110,7 +110,7 @@ virtual_machines = {
     virtual_machine_settings = {
       linux = {
         availability_set_key            = "avset1"
-        proximity_placement_group_key                         = "ppg1"
+        proximity_placement_group_key   = "ppg1"
         name                            = "example_vm2"
         size                            = "Standard_F2"
         admin_username                  = "adminuser"

examples/compute/virtual_machine/210-vm-bastion-winrm/standalone/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 2.33.0"
+      version = "~> 2.40.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
@@ -30,6 +30,7 @@ terraform {
     }
   }
   required_version = ">= 0.13"
+  # backend "remote" {}
 }
 
 

examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars

@@ -93,7 +93,7 @@ virtual_machines = {
         admin_password_key = "vm-win-admin-password"
 
         # Value of the nic keys to attach the VM. The first one in the list is the default nic
-        network_interface_keys = ["nic0","nic1"]
+        network_interface_keys = ["nic0", "nic1"]
 
         zone = "1"
 

examples/cosmos_db/100-simple-cosmos-db-mongo/standalone/readme.md

@@ -3,7 +3,7 @@ You can test this module outside of a landingzone using
 ```bash
 terraform init
 
-terraform [plan|apply|destroy] \ 
+terraform [plan|apply|destroy] \
   -var-file ../configuration.tfvars \
   -var-file ../keyvaults.tfvars \
   -var-file ../nsg_definitions.tfvars \

examples/databricks/100-simple-databricks/configuration.tfvars

@@ -1,20 +1,26 @@
-
-
+#
+# Global settings
+#
 global_settings = {
   default_region = "region1"
   regions = {
     region1 = "southeastasia"
   }
 }
 
+#
+# Resource groups to be created
+#
 resource_groups = {
   databricks_re1 = {
     name   = "databricks-re1"
     region = "region1"
   }
 }
 
-
+#
+# Databricks workspace settings
+#
 databricks_workspaces = {
   sales_workspaces = {
     name               = "sales_workspace"
@@ -29,25 +35,9 @@ databricks_workspaces = {
   }
 }
 
-keyvaults = {
-  secrets_re1 = {
-    name               = "secrets"
-    resource_group_key = "databricks_re1"
-    sku_name           = "standard"
-
-    creation_policies = {
-      logged_in_user = {
-        # if the key is set to "logged_in_user" add the user running terraform in the keyvault policy
-        # More examples in /examples/keyvault
-        secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"]
-      }
-      logged_in_aad_app = {
-        secret_permissions = ["Set", "Get", "List", "Delete", "Purge"]
-      }
-    }
-  }
-}
-
+#
+# Virtual network for Databricks resources
+#
 vnets = {
   vnet_region1 = {
     resource_group_key = "databricks_re1"
@@ -76,9 +66,8 @@ vnets = {
   }
 }
 
-
 #
-# Definition of the networking security groups
+# Definition of the security groups for the virtual subnets
 #
 network_security_group_definition = {
   # This entry is applied to all subnets with no NSG defined

examples/machine_learning/100-aml/configuration.tfvars

@@ -1,9 +1,15 @@
+#
+# Resource groups to be created
+#
 resource_groups = {
   dap_azure_ml_re1 = {
     name = "azure-ml"
   }
 }
 
+#
+# Machine learning workspace settings
+#
 machine_learning_workspaces = {
   ml_workspace_re1 = {
     name                     = "amlwrkspc"
@@ -15,6 +21,9 @@ machine_learning_workspaces = {
   }
 }
 
+#
+# App insights settings
+#
 azurerm_application_insights = {
   ml_app_insight = {
     name               = "ml-app-insight"
@@ -23,6 +32,9 @@ azurerm_application_insights = {
   }
 }
 
+#
+# Storage account settings
+#
 storage_accounts = {
   amlstorage_re1 = {
     name                     = "amlwrkspcstg"
@@ -34,6 +46,9 @@ storage_accounts = {
   }
 }
 
+#
+# Key Vault settings
+#
 keyvaults = {
   aml_secrets = {
     name                = "amlsecrets"