Tidy and fix do not deploy flag

Azure · Nov 26, 2024 · 55140e9 · 55140e9
1 parent 92bd4e9
commit 55140e9
Show file tree

Hide file tree

Showing 14 changed files with 147 additions and 78 deletions.
diff --git a/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars
@@ -10,7 +10,6 @@
 # `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`.
 # `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`.
 
-management_use_avm = false
 management_settings_es = {
   default_location              = "$${starter_location_01}"
   root_parent_id                = "$${root_parent_management_group_id}"

diff --git a/templates/complete_multi_region/examples/config-virtual-wan-multi-region.yaml b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.yaml
@@ -0,0 +1,138 @@
+# This file contains templated variables to avoid repeating the same hard-coded values.
+# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use:
+# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources.
+# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources.
+# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources.
+# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways.
+# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways.
+# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under.
+# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`.
+# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`.
+# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`.
+
+---
+connectivity_resource_groups:
+  ddos:
+    location: ${starter_location_01}
+    name: rg-hub-ddos-${starter_location_01}
+  dns:
+    location: ${starter_location_01}
+    name: rg-hub-dns-${starter_location_01}
+  vnet_primary:
+    location: ${starter_location_01}
+    name: rg-vwan-hub-${starter_location_01}
+  vnet_secondary:
+    location: ${starter_location_02}
+    name: rg-vwan-hub-${starter_location_02}
+  vwan:
+    location: ${starter_location_01}
+    name: rg-vwan-${starter_location_01}
+connectivity_type: virtual_wan
+management_settings_es:
+  configure_connectivity_resources:
+    advanced:
+      custom_settings_by_resource_type:
+        azurerm_network_ddos_protection_plan:
+          ddos:
+            ${starter_location_01}:
+              name: ddos-hub-${starter_location_01}
+        azurerm_resource_group:
+          ddos:
+            ${starter_location_01}:
+              name: ${connectivity_resource_group_ddos}
+          dns:
+            ${starter_location_01}:
+              name: ${connectivity_resource_group_dns}
+    settings:
+      ddos_protection_plan:
+        config:
+          location: ${starter_location_01}
+      dns:
+        config:
+          location: ${starter_location_01}
+  configure_management_resources:
+    advanced:
+      asc_export_resource_group_name: rg-management-asc-export-${starter_location_01}
+      azurerm_automation_account:
+        management:
+          name: aa-management-${starter_location_01}
+      azurerm_log_analytics_workspace:
+        management:
+          name: law-management-${starter_location_01}
+      custom_settings_by_resource_type:
+        azurerm_resource_group:
+          management:
+            name: rg-management-${starter_location_01}
+    location: ${starter_location_01}
+  default_location: ${starter_location_01}
+  deploy_connectivity_resources: false
+  deploy_management_resources: true
+  root_id: alz
+  root_name: Azure-Landing-Zones
+  root_parent_id: ${root_parent_management_group_id}
+  subscription_id_connectivity: ${subscription_id_connectivity}
+  subscription_id_identity: ${subscription_id_identity}
+  subscription_id_management: ${subscription_id_management}
+virtual_wan_settings:
+  ddos_protection_plan:
+    location: ${starter_location_01}
+    name: ddos-hub-${starter_location_01}
+    resource_group_name: ${connectivity_resource_group_ddos}
+  location: ${starter_location_01}
+  name: vwan-hub-${starter_location_01}
+  resource_group_name: ${connectivity_resource_group_vwan}
+virtual_wan_virtual_hubs:
+  primary:
+    firewall:
+      firewall_policy:
+        name: fwp-hub-${starter_location_01}
+      name: fw-hub-${starter_location_01}
+      sku_name: AZFW_Hub
+      sku_tier: Standard
+      zones: ${starter_location_01_availability_zones}
+    hub:
+      address_prefix: 10.0.0.0/16
+      location: ${starter_location_01}
+      name: vwan-hub-${starter_location_01}
+      resource_group_name: ${connectivity_resource_group_vnet_primary}
+    private_dns_zones:
+      is_primary: true
+      networking:
+        private_dns_resolver:
+          name: pdr-hub-dns-${starter_location_01}
+          resource_group_name: ${connectivity_resource_group_vnet_primary}
+        virtual_network:
+          address_space: 10.10.0.0/24
+          name: vnet-hub-dns-${starter_location_01}
+          private_dns_resolver_subnet:
+            address_prefix: 10.10.0.0/28
+            name: subnet-hub-dns-${starter_location_01}
+          resource_group_name: ${connectivity_resource_group_vnet_primary}
+      resource_group_name: ${connectivity_resource_group_dns}
+  secondary:
+    firewall:
+      firewall_policy:
+        name: fwp-hub-${starter_location_02}
+      name: fw-hub-${starter_location_02}
+      sku_name: AZFW_Hub
+      sku_tier: Standard
+      zones: ${starter_location_02_availability_zones}
+    hub:
+      address_prefix: 10.1.0.0/16
+      location: ${starter_location_02}
+      name: vwan-hub-${starter_location_02}
+      resource_group_name: ${connectivity_resource_group_vnet_secondary}
+    private_dns_zones:
+      is_primary: false
+      networking:
+        private_dns_resolver:
+          name: pdr-hub-dns-${starter_location_02}
+          resource_group_name: ${connectivity_resource_group_vnet_secondary}
+        virtual_network:
+          address_space: 10.11.0.0/24
+          name: vnet-hub-dns-${starter_location_02}
+          private_dns_resolver_subnet:
+            address_prefix: 10.11.0.0/28
+            name: subnet-hub-dns-${starter_location_02}
+          resource_group_name: ${connectivity_resource_group_vnet_secondary}
+      resource_group_name: ${connectivity_resource_group_dns}
diff --git a/templates/complete_multi_region/locals-hub-and-spoke-vnet.tf b/templates/complete_multi_region/locals-hub-and-spoke-vnet.tf
@@ -10,12 +10,12 @@ locals {
 }
 
 locals {
-  hub_and_spoke_vnet_settings_json           = tostring(jsonencode(var.hub_and_spoke_vnet_settings))
+  hub_and_spoke_vnet_settings_json           = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.hub_and_spoke_vnet_settings))
   hub_and_spoke_vnet_settings_json_templated = templatestring(local.hub_and_spoke_vnet_settings_json, local.final_replacements)
   hub_and_spoke_vnet_settings_json_final     = replace(replace(local.hub_and_spoke_vnet_settings_json_templated, "\"[", "["), "]\"", "]")
   hub_and_spoke_vnet_settings                = jsondecode(local.hub_and_spoke_vnet_settings_json_final)
 
-  hub_and_spoke_vnet_virtual_networks_json           = tostring(jsonencode(var.hub_and_spoke_vnet_virtual_networks))
+  hub_and_spoke_vnet_virtual_networks_json           = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.hub_and_spoke_vnet_virtual_networks))
   hub_and_spoke_vnet_virtual_networks_json_templated = templatestring(local.hub_and_spoke_vnet_virtual_networks_json, local.final_replacements)
   hub_and_spoke_vnet_virtual_networks_json_final     = replace(replace(local.hub_and_spoke_vnet_virtual_networks_json_templated, "\"[", "["), "]\"", "]")
   hub_and_spoke_vnet_virtual_networks                = local.connectivity_hub_and_spoke_vnet_enabled ? jsondecode(local.hub_and_spoke_vnet_virtual_networks_json_final) : {}

diff --git a/templates/complete_multi_region/locals-management.tf b/templates/complete_multi_region/locals-management.tf
@@ -1,13 +1,6 @@
 locals {
-  management_settings_es_json           = tostring(jsonencode(var.management_settings_es))
+  management_settings_es_json           = var.skip_deploy ? jsonencode({}) : jsonencode(var.management_settings_es)
   management_settings_es_json_templated = templatestring(local.management_settings_es_json, local.final_replacements)
   management_settings_es_json_final     = replace(replace(local.management_settings_es_json_templated, "\"[", "["), "]\"", "]")
   management_settings_es                = jsondecode(local.management_settings_es_json_final)
 }
-
-locals {
-  management_settings_avm_json           = tostring(jsonencode(var.management_settings_avm))
-  management_settings_avm_json_templated = templatestring(local.management_settings_avm_json, local.final_replacements)
-  management_settings_avm_json_final     = replace(replace(local.management_settings_avm_json_templated, "\"[", "["), "]\"", "]")
-  management_settings_avm                = jsondecode(local.management_settings_avm_json_final)
-}
diff --git a/templates/complete_multi_region/locals-resource-groups.tf b/templates/complete_multi_region/locals-resource-groups.tf
@@ -1,5 +1,5 @@
 locals {
-  connectivity_resource_groups_json           = tostring(jsonencode(var.connectivity_resource_groups))
+  connectivity_resource_groups_json           = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.connectivity_resource_groups))
   connectivity_resource_groups_json_templated = templatestring(local.connectivity_resource_groups_json, local.config_template_file_variables)
   connectivity_resource_groups_json_final     = replace(replace(local.connectivity_resource_groups_json_templated, "\"[", "["), "]\"", "]")
   connectivity_resource_groups                = jsondecode(local.connectivity_resource_groups_json_final)

diff --git a/templates/complete_multi_region/locals-virtual-wan.tf b/templates/complete_multi_region/locals-virtual-wan.tf
@@ -1,10 +1,10 @@
 locals {
-  virtual_wan_settings_json           = tostring(jsonencode(var.virtual_wan_settings))
+  virtual_wan_settings_json           = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.virtual_wan_settings))
   virtual_wan_settings_json_templated = templatestring(local.virtual_wan_settings_json, local.final_replacements)
   virtual_wan_settings_json_final     = replace(replace(local.virtual_wan_settings_json_templated, "\"[", "["), "]\"", "]")
   virtual_wan_settings                = local.connectivity_virtual_wan_enabled ? jsondecode(local.virtual_wan_settings_json_final) : null
 
-  virtual_wan_virtual_hubs_json           = tostring(jsonencode(var.virtual_wan_virtual_hubs))
+  virtual_wan_virtual_hubs_json           = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.virtual_wan_virtual_hubs))
   virtual_wan_virtual_hubs_json_templated = templatestring(local.virtual_wan_virtual_hubs_json, local.final_replacements)
   virtual_wan_virtual_hubs_json_final     = replace(replace(local.virtual_wan_virtual_hubs_json_templated, "\"[", "["), "]\"", "]")
   virtual_wan_virtual_hubs                = local.connectivity_virtual_wan_enabled ? jsondecode(local.virtual_wan_virtual_hubs_json_final) : {}

diff --git a/templates/complete_multi_region/management.tf b/templates/complete_multi_region/management.tf
@@ -1,7 +1,7 @@
 module "management_es" {
   source = "./modules/management-es"
 
-  count = var.skip_deploy ? 0 : (var.management_use_avm ? 0 : 1)
+  count = var.skip_deploy ? 0 : 1
 
   enable_telemetry = var.enable_telemetry
   settings         = local.management_settings_es
@@ -12,18 +12,3 @@ module "management_es" {
     azurerm.management   = azurerm.management
   }
 }
-
-module "management_avm" {
-  source = "./modules/management-avm"
-
-  count = var.skip_deploy ? 0 : (var.management_use_avm ? 1 : 0)
-
-  enable_telemetry = var.enable_telemetry
-  settings         = local.management_settings_avm
-
-  providers = {
-    azurerm              = azurerm
-    azurerm.connectivity = azurerm.connectivity
-    azurerm.management   = azurerm.management
-  }
-}
diff --git a/templates/complete_multi_region/modules/management-avm/main.tf b/templates/complete_multi_region/modules/management-avm/main.tf
diff --git a/templates/complete_multi_region/modules/management-avm/terraform.tf b/templates/complete_multi_region/modules/management-avm/terraform.tf
diff --git a/templates/complete_multi_region/modules/management-avm/variables.tf b/templates/complete_multi_region/modules/management-avm/variables.tf
diff --git a/templates/complete_multi_region/modules/management-es/main.tf b/templates/complete_multi_region/modules/management-es/main.tf
@@ -1,6 +1,6 @@
 module "management_groups" {
   source  = "Azure/caf-enterprise-scale/azurerm"
-  version = "6.1.0"
+  version = "6.2.0"
 
   disable_telemetry                                       = !var.enable_telemetry
   default_location                                        = var.settings.default_location

diff --git a/templates/complete_multi_region/modules/virtual-wan/main.tf b/templates/complete_multi_region/modules/virtual-wan/main.tf
@@ -20,7 +20,7 @@ module "firewall_policy" {
 
 module "virtual_wan" {
   source  = "Azure/avm-ptn-virtualwan/azurerm"
-  version = "0.5.0"
+  version = "0.5.1"
 
   allow_branch_to_branch_traffic        = try(var.virtual_wan_settings.allow_branch_to_branch_traffic, null)
   disable_vpn_encryption                = try(var.virtual_wan_settings.disable_vpn_encryption, false)

diff --git a/templates/complete_multi_region/variables-management.tf b/templates/complete_multi_region/variables-management.tf
@@ -1,9 +1,3 @@
-variable "management_use_avm" {
-  type        = bool
-  default     = false
-  description = "Flag to enable/disable the use of the AVM version of the management modules"
-}
-
 variable "management_settings_avm" {
   type        = any
   default     = {}

diff --git a/templates/complete_multi_region/yaml.tf b/templates/complete_multi_region/yaml.tf
@@ -19,7 +19,6 @@ locals {
 YAML
 
   yaml_file_hub_and_spoke_vnet_es = yamlencode({
-    management_use_avm                  = var.management_use_avm
     management_settings_es              = var.management_settings_es
     connectivity_type                   = var.connectivity_type
     connectivity_resource_groups        = var.connectivity_resource_groups
@@ -28,7 +27,6 @@ YAML
   })
 
   yaml_file_virtual_wan_es = yamlencode({
-    management_use_avm           = var.management_use_avm
     management_settings_es       = var.management_settings_es
     connectivity_type            = var.connectivity_type
     connectivity_resource_groups = var.connectivity_resource_groups