From fff7bf142f1e0f9b0b31cd5cc43d91697105ee93 Mon Sep 17 00:00:00 2001 From: Luke Taylor <77284962+luke-taylor@users.noreply.github.com> Date: Tue, 23 Jan 2024 11:14:48 +0000 Subject: [PATCH] upgrade: vnet-gateway to avm (#94) ## Overview/Summary Replace this with a brief description of what this Pull Request fixes, changes, etc. ## This PR fixes/adds/changes/removes 1. #96 ### Breaking Changes 1. None ## Testing Evidence Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate). ## As part of this Pull Request I have - [x] Checked for duplicate [Pull Requests](https://github.com/Azure/alz-terraform-accelerator/pulls) - [x] Associated it with relevant [issues](https://github.com/Azure/alz-terraform-accelerator/issues), for tracking and closure. - [x] Ensured my code/branch is up-to-date with the latest changes in the `main` [branch](https://github.com/Azure/alz-terraform-accelerator/tree/main) - [x] Performed testing and provided evidence. - [x] Updated relevant and associated documentation. --------- Co-authored-by: Jared Holgate --- .../[User-Guide]-Starter-Module-Complete.md | 6 +- ...ser-Guide]-Starter-Module-HubNetworking.md | 6 +- .../[User-Guide]-YAML-Schema-Reference.md | 5 +- docs/wiki/_Sidebar.md | 2 +- templates/complete/main.tf | 8 +- templates/complete_vnext/config.yaml | 16 +- templates/complete_vnext/data.tf | 2 +- templates/complete_vnext/locals.tf | 70 ++++++--- .../locals_management_groups.tf | 23 --- templates/complete_vnext/main.tf | 143 +++++++++++++++--- templates/complete_vnext/management_groups.tf | 90 ----------- templates/complete_vnext/outputs.tf | 11 ++ templates/complete_vnext/variables.tf | 8 +- templates/hubnetworking/main.tf | 13 +- 14 files changed, 224 insertions(+), 179 deletions(-) delete mode 100644 templates/complete_vnext/locals_management_groups.tf delete mode 100644 templates/complete_vnext/management_groups.tf create mode 100644 templates/complete_vnext/outputs.tf diff --git a/docs/wiki/[User-Guide]-Starter-Module-Complete.md b/docs/wiki/[User-Guide]-Starter-Module-Complete.md index 2f12ddc4..a89152a3 100644 --- a/docs/wiki/[User-Guide]-Starter-Module-Complete.md +++ b/docs/wiki/[User-Guide]-Starter-Module-Complete.md @@ -69,7 +69,7 @@ The `config.yaml` file also comes with helpful templated variables such as `defa > **Note:** We recommend that you use the `caf-enterprise-scale` module for management groups and policies, and the `hubnetworking` module for connectivity resources. However, connectivity resources can be deployed using the `caf-enterprise-scale` module if you desire. -The schema for the `config.yaml` is documented here - [YAML Schema for `config.yaml`][wiki_yaml_schema_reference]. +The schema for the `config.yaml` is documented here - [Configuration YAML Schema][wiki_yaml_schema_reference]. ## High Level Design @@ -86,9 +86,9 @@ The `caf-enterprise-scale` module is used to deploy the management group hierarc The `hubnetworking` module is used to deploy connectivity resources such as Virtual Networks and Firewalls. This module can be extended to deploy multiple Virtual Networks at scale, Route Tables, and Resource Locks. For more information on the module itself see [here](https://github.com/Azure/terraform-azurerm-hubnetworking). -### `vnet-gateway` +### `avm-ptn-vnetgateway` -The `vnet-gateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. Further configuration can be added (depending on requirements) to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways, and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-vnet-gateway). +The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. Further configuration can be added (depending on requirements) to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways, and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway). ## Inputs diff --git a/docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md b/docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md index 1da478ad..2d2bbd49 100644 --- a/docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md +++ b/docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md @@ -16,10 +16,10 @@ The `caf-enterprise-scale` has been used to deploy the management group hierarch The `hubnetworking` module is used to deploy connectivity resources such as Virtual Networks and Firewalls. By default, the module will deploy a Virtual Network with a Firewall in your `default_location`. This module can be extended however to deploy multiple Virtual Networks at scale, Route Tables, and Resource Locks. For more information on the module itself see [here](https://github.com/Azure/terraform-azurerm-hubnetworking). -### `vnet-gateway` +### `avm-ptn-vnetgateway` -The `vnet-gateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. By default, the resources of the module will not be deployed unless `virtual_network_gateway_creation_enabled` is set to true, if so, the module will deploy a VPN Gateway with SKU VpnGw1. - Further configuration can be added depending on requirements to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-vnet-gateway). +The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. By default, the resources of the module will not be deployed unless `virtual_network_gateway_creation_enabled` is set to true, if so, the module will deploy a VPN Gateway with SKU VpnGw1. + Further configuration can be added depending on requirements to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway). ## Inputs diff --git a/docs/wiki/[User-Guide]-YAML-Schema-Reference.md b/docs/wiki/[User-Guide]-YAML-Schema-Reference.md index 5dbbe845..b663cd79 100644 --- a/docs/wiki/[User-Guide]-YAML-Schema-Reference.md +++ b/docs/wiki/[User-Guide]-YAML-Schema-Reference.md @@ -121,7 +121,7 @@ connectivity: ## `connectivity.hubnetworking.hub_virtual_networks..virtual_network_gateway` -Specifies the virtual network gateway configuration to be used from the `terraform-azurerm-vnet-gateway` module. +Specifies the virtual network gateway configuration to be used from the `terraform-azurerm-avm-ptn-vnetgateway` module. ```yaml @@ -133,10 +133,11 @@ connectivity: resource_group_name: # string location: # string address_space: # list - virtual_network_gateway: # Arguments from https://github.com/Azure/terraform-azurerm-vnet-gateway/blob/v0.1.2/variables.tf converted to YAML. + virtual_network_gateway: # Arguments from https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway/blob/v0.2.0/variables.tf converted to YAML. name: # string sku: # string subnet_address_prefix: # string + subnet_id: # string type: # string default_tags: # object edge_zone: # string diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index 54eba60c..cd793d79 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -18,7 +18,7 @@ - [Basic][wiki_starter_module_basic] - [Hub Networking][wiki_starter_module_hubnetworking] - [Complete][wiki_starter_module_complete] - - [YAML Schema for `config.yaml`][wiki_yaml_schema_reference] + - [Configuration YAML Schema][wiki_yaml_schema_reference] - [Example GitHub inputs][example_powershell_inputs_github] - [Example Azure DevOps inputs][example_powershell_inputs_azure_devops] - [Example Hub and Spoke config][example_starter_module_complete_config_hub_spoke] diff --git a/templates/complete/main.tf b/templates/complete/main.tf index 74fae6ff..ff4796b2 100644 --- a/templates/complete/main.tf +++ b/templates/complete/main.tf @@ -69,23 +69,25 @@ module "hubnetworking" { } module "virtual_network_gateway" { - source = "Azure/vnet-gateway/azurerm" - version = "0.1.2" + source = "Azure/avm-ptn-vnetgateway/azurerm" + version = "~> 0.2.0" for_each = local.module_virtual_network_gateway location = each.value.location name = each.value.name sku = each.value.sku - subnet_address_prefix = each.value.subnet_address_prefix type = each.value.type virtual_network_name = each.value.virtual_network_name virtual_network_resource_group_name = each.value.virtual_network_resource_group_name default_tags = try(each.value.default_tags, null) edge_zone = try(each.value.edge_zone, null) + enable_telemetry = false express_route_circuits = try(each.value.express_route_circuits, null) ip_configurations = try(each.value.ip_configurations, null) local_network_gateways = try(each.value.local_network_gateways, null) + subnet_address_prefix = try(each.value.subnet_address_prefix, null) + subnet_id = try(each.value.subnet_id, null) tags = try(each.value.tags, null) vpn_active_active_enabled = try(each.value.vpn_active_active_enabled, null) vpn_bgp_enabled = try(each.value.vpn_bgp_enabled, null) diff --git a/templates/complete_vnext/config.yaml b/templates/complete_vnext/config.yaml index d31233a8..04f1a1b5 100644 --- a/templates/complete_vnext/config.yaml +++ b/templates/complete_vnext/config.yaml @@ -14,15 +14,15 @@ management: resource_group_name: rg-management-${default_postfix} management_groups: - root: # `key`: the unique identifier for the management group within the Terraform Module this is used in the `parent` field to build the hierarchy - id: root-${default_postfix} # `id`: the id the management group will be created with in Azure - display_name: Intermediate Root # `display_name`: the name the management group will be created with in Azure - parent: ${root_management_group_id} # `parent`: for the root management group this should be the id of the tenant root management group or your chosen root management group - base_archetype: root # `archetype`: the archetype to use for this management group + root: # `key`: the unique identifier for the management group within the Terraform Module this is used in the `parent` field to build the hierarchy + id: root-${default_postfix} # `id`: the id the management group will be created with in Azure + display_name: Intermediate Root # `display_name`: the name the management group will be created with in Azure + parent: ${root_parent_management_group_id} # `parent`: for the root management group this should be the id of the tenant root management group or your chosen root management group + base_archetype: root # `archetype`: the archetype to use for this management group landing-zones: id: landing-zones-${default_postfix} display_name: Landing Zones - parent: root # Note that `parent` refers to the `key` of it's parent as opposed to the `id` which can be different + parent: root # Note that `parent` refers to the `key` of it's parent as opposed to the `id` which can be different base_archetype: landing_zones platform: id: platform-${default_postfix} @@ -72,7 +72,7 @@ management_groups: base_archetype: decommissioned connectivity: - hub_networking: # `hubnetworking` module, add inputs as listed on the module registry where necessary. + hub_networking: # `hubnetworking` module, add inputs as listed on the module registry where necessary. hub_virtual_networks: primary: name: vnet-hub-${default_postfix} @@ -85,7 +85,7 @@ connectivity: sku_name: AZFW_VNet sku_tier: Standard subnet_address_prefix: 10.0.1.0/24 - virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary. + virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary. name: vgw-hub-${default_postfix} sku: VpnGw1 type: Vpn diff --git a/templates/complete_vnext/data.tf b/templates/complete_vnext/data.tf index cee07df2..d5783ec3 100644 --- a/templates/complete_vnext/data.tf +++ b/templates/complete_vnext/data.tf @@ -1 +1 @@ -data "azurerm_client_config" "current" {} +data "azurerm_client_config" "core" {} diff --git a/templates/complete_vnext/locals.tf b/templates/complete_vnext/locals.tf index bb4468d2..04c25fc3 100644 --- a/templates/complete_vnext/locals.tf +++ b/templates/complete_vnext/locals.tf @@ -1,33 +1,59 @@ locals { - root_management_group_id = var.root_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_management_group_id + const_yaml = "yaml" + const_yml = "yml" - base_config_replacements = { - default_location = var.default_location - default_postfix = var.default_postfix - root_management_group_id = local.root_management_group_id - subscription_id_connectivity = var.subscription_id_connectivity - subscription_id_identity = var.subscription_id_identity - subscription_id_management = var.subscription_id_management + config_file_name = var.configuration_file_path == "" ? "config.yaml" : basename(var.configuration_file_path) + config_file_split = split(".", local.config_file_name) + config_file_extension = replace(lower(element(local.config_file_split, length(local.config_file_split) - 1)), local.const_yml, local.const_yaml) +} +locals { + config_template_file_variables = { + default_location = var.default_location + default_postfix = var.default_postfix + root_parent_management_group_id = var.root_parent_management_group_id == "" ? data.azurerm_client_config.core.tenant_id : var.root_parent_management_group_id + subscription_id_connectivity = var.subscription_id_connectivity + subscription_id_identity = var.subscription_id_identity + subscription_id_management = var.subscription_id_management } - initial_config = yamldecode(templatefile("${path.module}/config.yaml", local.base_config_replacements)) - - management = local.initial_config.management - connectivity = local.initial_config.connectivity - - hub_virtual_networks = { - for k, v in local.connectivity.hub_networking.hub_virtual_networks : k => { - for k2, v2 in v : k2 => v2 if k2 != "virtual_network_gateway" + config = (local.config_file_extension == local.const_yaml ? + yamldecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables)) : + jsondecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables)) + ) +} +locals { + root_parent_management_group_id = local.config_template_file_variables.root_parent_management_group_id + management_groups = local.config.management_groups + management_groups_layer_1 = { for k, v in local.management_groups : k => v if v.parent == local.root_parent_management_group_id } + management_groups_layer_2 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_1), v.parent) } + management_groups_layer_3 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_2), v.parent) } + management_groups_layer_4 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_3), v.parent) } + management_groups_layer_5 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_4), v.parent) } + management_groups_layer_6 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_5), v.parent) } + management_groups_layer_7 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_6), v.parent) } +} +locals { + management = local.config.management + log_analytics_workspace_id = "/subscriptions/${var.subscription_id_management}/resourceGroups/${local.management.resource_group_name}/providers/Microsoft.OperationalInsights/workspaces/${local.management.log_analytics_workspace_name}" +} +locals { + hub_virtual_networks = try(merge(local.config.connectivity.hubnetworking.hub_virtual_networks, {}), {}) + module_hubnetworking = { + hub_virtual_networks = { + for key, hub_virtual_network in local.hub_virtual_networks : key => { + for argument, value in hub_virtual_network : argument => value if argument != "virtual_network_gateway" + } } } - virtual_network_gateways = { - for k, v in local.connectivity.hub_networking.hub_virtual_networks : k => merge( - v.virtual_network_gateway, + module_virtual_network_gateway = { + for key, hub_virtual_network in local.hub_virtual_networks : key => merge( + hub_virtual_network.virtual_network_gateway, { - location = v.location - virtual_network_name = v.name - virtual_network_resource_group_name = v.resource_group_name + location = hub_virtual_network.location + virtual_network_name = hub_virtual_network.name + virtual_network_resource_group_name = hub_virtual_network.resource_group_name } ) + if can(hub_virtual_network.virtual_network_gateway) } } diff --git a/templates/complete_vnext/locals_management_groups.tf b/templates/complete_vnext/locals_management_groups.tf deleted file mode 100644 index 02353859..00000000 --- a/templates/complete_vnext/locals_management_groups.tf +++ /dev/null @@ -1,23 +0,0 @@ -locals { - management_groups = local.initial_config.management_groups - - management_groups_layer_1 = { for k, v in local.management_groups : k => v if v.parent == local.root_management_group_id } - management_groups_layer_2 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_1), v.parent) } - management_groups_layer_3 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_2), v.parent) } - management_groups_layer_4 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_3), v.parent) } - management_groups_layer_5 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_4), v.parent) } - management_groups_layer_6 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_5), v.parent) } - management_groups_layer_7 = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_6), v.parent) } -} - -output "test" { - value = { - management_groups_layer_1 = local.management_groups_layer_1 - management_groups_layer_2 = local.management_groups_layer_2 - management_groups_layer_3 = local.management_groups_layer_3 - management_groups_layer_4 = local.management_groups_layer_4 - management_groups_layer_5 = local.management_groups_layer_5 - management_groups_layer_6 = local.management_groups_layer_6 - management_groups_layer_7 = local.management_groups_layer_7 - } -} diff --git a/templates/complete_vnext/main.tf b/templates/complete_vnext/main.tf index 29cbb129..fe577121 100644 --- a/templates/complete_vnext/main.tf +++ b/templates/complete_vnext/main.tf @@ -1,47 +1,150 @@ +module "management_groups_layer_1" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_1 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = each.value.parent + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + +module "management_groups_layer_2" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_2 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = module.management_groups_layer_1[each.value.parent].management_group_name + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + +module "management_groups_layer_3" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_3 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = module.management_groups_layer_2[each.value.parent].management_group_name + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + +module "management_groups_layer_4" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_4 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = module.management_groups_layer_3[each.value.parent].management_group_name + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + +module "management_groups_layer_5" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_5 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = module.management_groups_layer_4[each.value.parent].management_group_name + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + +module "management_groups_layer_6" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_6 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = module.management_groups_layer_5[each.value.parent].management_group_name + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + +module "management_groups_layer_7" { + source = "Azure/avm-ptn-alz/azurerm" + version = "~> 0.4.1" + for_each = local.management_groups_layer_7 + id = each.value.id + display_name = try(each.value.display_name, each.value.id) + parent_id = module.management_groups_layer_6[each.value.parent].management_group_name + base_archetype = each.value.base_archetype + default_location = var.default_location + default_log_analytics_workspace_id = local.log_analytics_workspace_id + subscription_ids = try(each.value.subscriptions, []) +} + module "management_resources" { - source = "Azure/alz-management/azurerm" - version = "~> 0.1.5" - providers = { - azurerm = azurerm.management - } + source = "Azure/avm-ptn-alz-management/azurerm" + version = "~> 0.1.0" + automation_account_name = try(local.management.automation_account_name, "") location = try(local.management.location, "") log_analytics_workspace_name = try(local.management.log_analytics_workspace_name, "") resource_group_name = try(local.management.resource_group_name, "") -} + enable_telemetry = false -module "hub_networking" { - source = "Azure/hubnetworking/azurerm" - version = "~> 1.1.0" providers = { - azurerm = azurerm.connectivity + azurerm = azurerm.management } - count = length(local.hub_virtual_networks) > 0 ? 1 : 0 - hub_virtual_networks = length(local.hub_virtual_networks) > 0 ? local.hub_virtual_networks : null + depends_on = [ + module.management_groups_layer_7 + ] } -module "vnet_gateway" { - source = "Azure/vnet-gateway/azurerm" - version = "~> 0.1.2" +module "hubnetworking" { + source = "Azure/hubnetworking/azurerm" + version = "~> 1.1.1" + + count = length(local.hub_virtual_networks) > 0 ? 1 : 0 + + hub_virtual_networks = local.module_hubnetworking.hub_virtual_networks + providers = { azurerm = azurerm.connectivity } - for_each = local.virtual_network_gateways + depends_on = [ + module.management_resources + ] +} + +module "virtual_network_gateway" { + source = "Azure/avm-ptn-vnetgateway/azurerm" + version = "~> 0.2.0" + + for_each = local.module_virtual_network_gateway location = each.value.location name = each.value.name sku = each.value.sku - subnet_address_prefix = each.value.subnet_address_prefix type = each.value.type virtual_network_name = each.value.virtual_network_name virtual_network_resource_group_name = each.value.virtual_network_resource_group_name default_tags = try(each.value.default_tags, null) edge_zone = try(each.value.edge_zone, null) + enable_telemetry = false express_route_circuits = try(each.value.express_route_circuits, null) ip_configurations = try(each.value.ip_configurations, null) local_network_gateways = try(each.value.local_network_gateways, null) + subnet_address_prefix = try(each.value.subnet_address_prefix, null) + subnet_id = try(each.value.subnet_id, null) tags = try(each.value.tags, null) vpn_active_active_enabled = try(each.value.vpn_active_active_enabled, null) vpn_bgp_enabled = try(each.value.vpn_bgp_enabled, null) @@ -50,7 +153,11 @@ module "vnet_gateway" { vpn_point_to_site = try(each.value.vpn_point_to_site, null) vpn_type = try(each.value.vpn_type, null) + providers = { + azurerm = azurerm.connectivity + } + depends_on = [ - module.hub_networking + module.hubnetworking ] } diff --git a/templates/complete_vnext/management_groups.tf b/templates/complete_vnext/management_groups.tf deleted file mode 100644 index 9e2a046e..00000000 --- a/templates/complete_vnext/management_groups.tf +++ /dev/null @@ -1,90 +0,0 @@ -module "management_groups_layer_1" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_1 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = each.value.parent - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} - -module "management_groups_layer_2" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_2 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = module.management_groups_layer_1[each.value.parent].management_group_name - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} - -module "management_groups_layer_3" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_3 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = module.management_groups_layer_2[each.value.parent].management_group_name - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} - -module "management_groups_layer_4" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_4 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = module.management_groups_layer_3[each.value.parent].management_group_name - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} - -module "management_groups_layer_5" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_5 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = module.management_groups_layer_4[each.value.parent].management_group_name - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} - -module "management_groups_layer_6" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_6 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = module.management_groups_layer_5[each.value.parent].management_group_name - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} - -module "management_groups_layer_7" { - source = "Azure/avm-ptn-alz/azurerm" - version = "~> 0.4.1" - for_each = local.management_groups_layer_7 - id = each.value.id - display_name = try(each.value.display_name, each.value.id) - parent_id = module.management_groups_layer_6[each.value.parent].management_group_name - base_archetype = each.value.base_archetype - default_location = var.default_location - default_log_analytics_workspace_id = module.management_resources.log_analytics_workspace.id - subscription_ids = try(each.value.subscriptions, []) -} diff --git a/templates/complete_vnext/outputs.tf b/templates/complete_vnext/outputs.tf new file mode 100644 index 00000000..9126277c --- /dev/null +++ b/templates/complete_vnext/outputs.tf @@ -0,0 +1,11 @@ +output "test" { + value = { + management_groups_layer_1 = local.management_groups_layer_1 + management_groups_layer_2 = local.management_groups_layer_2 + management_groups_layer_3 = local.management_groups_layer_3 + management_groups_layer_4 = local.management_groups_layer_4 + management_groups_layer_5 = local.management_groups_layer_5 + management_groups_layer_6 = local.management_groups_layer_6 + management_groups_layer_7 = local.management_groups_layer_7 + } +} diff --git a/templates/complete_vnext/variables.tf b/templates/complete_vnext/variables.tf index 44d09aca..339bf26f 100644 --- a/templates/complete_vnext/variables.tf +++ b/templates/complete_vnext/variables.tf @@ -9,7 +9,7 @@ variable "default_postfix" { default = "landing-zone" } -variable "root_management_group_id" { +variable "root_parent_management_group_id" { description = "The identifier of the Tenant Root Management Group, if left blank will use the tenant id. (e.g '00000000-0000-0000-0000-000000000000')|3|azure_name" type = string default = "" @@ -29,3 +29,9 @@ variable "subscription_id_management" { description = "The identifier of the Management Subscription. (e.g 00000000-0000-0000-0000-000000000000)|6|azure_subscription_id" type = string } + +variable "configuration_file_path" { + description = "The path of the configuration file|7|configuration_file_path" + type = string + default = "" +} diff --git a/templates/hubnetworking/main.tf b/templates/hubnetworking/main.tf index 9f609e6d..86223e0d 100644 --- a/templates/hubnetworking/main.tf +++ b/templates/hubnetworking/main.tf @@ -1,4 +1,4 @@ -module "enterprise-scale" { +module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" version = "4.2.0" @@ -44,11 +44,15 @@ module "hubnetworking" { providers = { azurerm = azurerm.connectivity } + + depends_on = [ + module.enterprise_scale + ] } -module "vnet-gateway" { - source = "Azure/vnet-gateway/azurerm" - version = "0.1.2" +module "virtual_network_gateway" { + source = "Azure/avm-ptn-vnetgateway/azurerm" + version = "0.2.0" count = var.virtual_network_gateway_creation_enabled ? 1 : 0 @@ -57,6 +61,7 @@ module "vnet-gateway" { sku = "VpnGw1" subnet_address_prefix = var.gateway_subnet_address_prefix type = "Vpn" + enable_telemetry = false virtual_network_name = module.hubnetworking.virtual_networks["primary-hub"].name virtual_network_resource_group_name = "rg-connectivity-${var.default_location}"