Updates to complete_modular

Azure · Nov 6, 2023 · f6e9370 · f6e9370
1 parent 28b5391
commit f6e9370
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 101 deletions.
diff --git a/templates/complete_modular/config.yaml b/templates/complete_modular/config.yaml
@@ -1,3 +1,12 @@
+# This file contains templated variables to avoid repeating the same hard-coded values.
+# Templated variables are denoted by the dollar curly braces token. The following details each templated variable that you can use:
+# `default_postfix`: This is a string sourced from the variable `default_postfix`. This can be used to append to resource names for consistency.
+# `default_location`: This is an Azure location sourced from the `default_location` variable. This can be used to set the location of resources.
+# `tenant_id`: This is the tenant ID of the Entra ID tenant based on your connection. This is primarily used to set the root management group `parent_id`.
+# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`.
+# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`.
+# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`.
+
 management:
   automation_account_name: aa-${default_postfix}
   location: uksouth
@@ -6,77 +15,59 @@ management:
 
 management_groups:
   root:
-    - id: root-${default_postfix}
-    - display_name: root
-    - parent_id: ${tenant_id}
-    - base_archtype: root
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
+    id: root-${default_postfix}
+    display_name: root
+    parent_id: ${tenant_id}
+    base_archetype: root
   landing_zones:
-    - id: landing-zones-${default_postfix}
-    - display_name: landing-zones
-    - parent_id: root-${default_postfix}
-    - base_archtype: landing_zones
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
+    id: landing-zones-${default_postfix}
+    display_name: landing-zones
+    parent_id: root-${default_postfix}
+    base_archetype: landing_zones
   platform:
-    - id: platform-${default_postfix}
-    - display_name: platform
-    - parent_id: root-${default_postfix}
-    - base_archtype: platform
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
+    id: platform-${default_postfix}
+    display_name: platform
+    parent_id: root-${default_postfix}
+    base_archetype: platform
   identity:
-    - id: identity-${default_postfix}
-    - display_name: identity
-    - parent_id: platform-${default_postfix}
-    - base_archtype: identity
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
-    - subscriptions:
-      - ${subscription_id_identity}
+    id: identity-${default_postfix}
+    display_name: identity
+    parent_id: platform-${default_postfix}
+    base_archetype: identity
+    subscriptions:
+    - ${subscription_id_identity}
   connectivity:
-    - id: connectivity-${default_postfix}
-    - display_name: connectivity
-    - parent_id: platform-${default_postfix}
-    - base_archtype: connectivity
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
-    - subscriptions:
-      - ${subscription_id_connectivity}
+    id: connectivity-${default_postfix}
+    display_name: connectivity
+    parent_id: platform-${default_postfix}
+    base_archetype: connectivity
+    subscriptions:
+    - ${subscription_id_connectivity}
   management:
-    - id: management-${default_postfix}
-    - display_name: management
-    - parent_id: landing-zones-${default_postfix}
-    - base_archtype: management
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
-    - subscriptions:
-      - ${subscription_id_management}
+    id: management-${default_postfix}
+    display_name: management
+    parent_id: landing-zones-${default_postfix}
+    base_archetype: management
+    subscriptions:
+    - ${subscription_id_management}
   corp:
-    - id: corp-${default_postfix}
-    - display_name: corp
-    - parent_id: landing-zones-${default_postfix}
-    - base_archtype: corp
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
+    id: corp-${default_postfix}
+    display_name: corp
+    parent_id: landing-zones-${default_postfix}
+    base_archetype: corp
   online:
-    - id: online-${default_postfix}
-    - display_name: online
-    - parent_id: landing-zones-${default_postfix}
-    - base_archtype: online
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
+    id: online-${default_postfix}
+    display_name: online
+    parent_id: landing-zones-${default_postfix}
+    base_archetype: online
   sandboxes:
-    - id: sandboxes-${default_postfix}
-    - display_name: sandboxes
-    - parent_id: root-${default_postfix}
-    - base_archtype: sandboxes
-    - default_location: ${default_location}
-    - default_log_analytics_workspace_id: ${management_log_analytics_workspace_id}
+    id: sandboxes-${default_postfix}
+    display_name: sandboxes
+    parent_id: root-${default_postfix}
+    base_archetype: sandboxes
 
 connectivity:
-  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
+  hub_networking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
     hub_virtual_networks:
       primary:
         name: vnet-hub-${default_postfix}

diff --git a/templates/complete_modular/locals.tf b/templates/complete_modular/locals.tf
@@ -11,24 +11,16 @@ locals {
   initial_config = yamldecode(templatefile("${path.module}/config.yaml", local.base_config_replacements))
 
   management = local.initial_config.management
-}
-
-locals {
-  post_management_config_replacements = merge(local.base_config_replacements, {
-    management_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
-  })
-
-  post_management_config = yamldecode(templatefile("${path.module}/config.yaml", local.post_management_config_replacements))
-
-  management_groups = local.post_management_config.management.management_groups
+  management_groups = local.initial_config.management_groups
+  connectivity = local.initial_config.connectivity
 
   hub_virtual_networks = {
-    for k, v in local.config.connectivity.hubnetworking.hub_virtual_networks : k => {
+    for k, v in local.connectivity.hub_networking.hub_virtual_networks : k => {
       for k2, v2 in v : k2 => v2 if k2 != "virtual_network_gateway"
     }
   }
-  vritual_network_gateways = {
-    for k, v in local.config.connectivity.hubnetworking.hub_virtual_networks : k => merge(
+  virtual_network_gateways = {
+    for k, v in local.connectivity.hub_networking.hub_virtual_networks : k => merge(
       v.virtual_network_gateway,
       {
         location                            = v.location
@@ -37,12 +29,4 @@ locals {
       }
     )
   }
-  dummy_hub_virtual_network = {
-    hub = {
-      name                = "dummy"
-      address_space       = ["0.0.0.0/0"]
-      location            = "dummy"
-      resource_group_name = "dummy"
-    }
-  }
 }
diff --git a/templates/complete_modular/main.tf b/templates/complete_modular/main.tf
@@ -1,42 +1,51 @@
 module "management_resources" {
   source  = "Azure/alz-management/azurerm"
-  version = "~> 0.1.0"
-
+  version = "~> 0.1.5"
+  providers = {
+    azurerm = azurerm.management
+  }
   automation_account_name      = try(local.management.automation_account_name, "")
   location                     = try(local.management.location, "")
   log_analytics_workspace_name = try(local.management.log_analytics_workspace_name, "")
   resource_group_name          = try(local.management.resource_group_name, "")
 }
 
+output "test" {
+  value = local.management_groups
+}
+
 module "management_groups" {
   source                             = "Azure/avm-ptn-alz/azurerm"
   version                            = "~> 0.3.3"
   for_each                           = local.management_groups
   id                                 = each.value.id
   display_name                       = try(each.value.display_name, each.value.id)
   parent_id                          = each.value.parent_id
-  base_archetype                     = try(each.value.base_archetype, "")
-  default_location                   = try(each.value.default_location, var.default_location)
-  default_log_analytics_workspace_id = try(each.value.default_log_analytics_workspace_id, "")
+  base_archetype                     = each.value.base_archetype
+  default_location                   = var.default_location
+  default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id
+  #subscription_ids                   = try(each.value.subscription_ids, [])
 }
 
 module "hub_networking" {
   source  = "Azure/hubnetworking/azurerm"
-  version = "1.1.0"
-  count   = length(local.hub_virtual_networks) > 0 ? 1 : 0
-
-  hub_virtual_networks = length(local.hub_virtual_networks) > 0 ? local.hub_virtual_networks : local.dummy_hub_virtual_network
-
+  version = "~> 1.1.0"
   providers = {
     azurerm = azurerm.connectivity
   }
+  count   = length(local.hub_virtual_networks) > 0 ? 1 : 0
+
+  hub_virtual_networks = length(local.hub_virtual_networks) > 0 ? local.hub_virtual_networks : null
 }
 
 module "vnet_gateway" {
   source  = "Azure/vnet-gateway/azurerm"
-  version = "0.1.2"
+  version = "~> 0.1.2"
+  providers = {
+    azurerm = azurerm.connectivity
+  }
 
-  for_each = local.vritual_network_gateways
+  for_each = local.virtual_network_gateways
 
   location                            = each.value.location
   name                                = each.value.name
@@ -58,11 +67,7 @@ module "vnet_gateway" {
   vpn_point_to_site                   = try(each.value.vpn_point_to_site, null)
   vpn_type                            = try(each.value.vpn_type, null)
 
-  providers = {
-    azurerm = azurerm.connectivity
-  }
-
   depends_on = [
-    module.hubnetworking
+    module.hub_networking
   ]
 }
diff --git a/templates/complete_modular/variables.tf b/templates/complete_modular/variables.tf
@@ -6,6 +6,7 @@ variable "default_location" {
 variable "default_postfix" {
   description = "The default postfix for Azure resources. (e.g 'landing-zone')|2|azure_name"
   type        = string
+  default     = "landing-zone"
 }
 
 variable "subscription_id_connectivity" {

diff --git a/templates/complete_modular/versions.tf b/templates/complete_modular/versions.tf
@@ -1,7 +1,7 @@
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 1.5"
   required_providers {
-    azurerm = ">= 3.0.0"
+    azurerm = ">= 3.79.0"
   }
   # backend "azurerm" {}
 }

diff --git a/templates/hubnetworking/versions.tf b/templates/hubnetworking/versions.tf
@@ -21,3 +21,9 @@ provider "azurerm" {
   subscription_id = var.subscription_id_connectivity
   features {}
 }
+
+provider "azurerm" {
+  alias           = "identity"
+  subscription_id = var.subscription_id_identity
+  features {}
+}