Merge pull request #22 from Think-Cube/patch-1

Delete .terraform-docs.yml

Author: spy86

.terraform-docs.yml

@@ -1,50 +1,60 @@
-<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.4 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 4.0.1 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 4.12.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.0.1 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.12.0 |
+
+## Modules
+
+No modules.
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [azurerm_bastion_host.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/resources/bastion_host) | resource |
-| [azurerm_public_ip.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/resources/public_ip) | resource |
-| [azurerm_subnet.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/resources/subnet) | resource |
-| [azurerm_virtual_network.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/resources/virtual_network) | resource |
-| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/data-sources/client_config) | data source |
-| [azurerm_resource_group.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/data-sources/resource_group) | data source |
-| [azurerm_subnet.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.0.1/docs/data-sources/subnet) | data source |
+| [azurerm_bastion_host.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/resources/bastion_host) | resource |
+| [azurerm_public_ip.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/resources/public_ip) | resource |
+| [azurerm_subnet.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/resources/subnet) | resource |
+| [azurerm_virtual_network.main](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/resources/virtual_network) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/data-sources/client_config) | data source |
+| [azurerm_resource_group.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/data-sources/resource_group) | data source |
+| [azurerm_resource_group.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/data-sources/resource_group) | data source |
+| [azurerm_subnet.maindata](https://registry.terraform.io/providers/hashicorp/azurerm/4.12.0/docs/data-sources/subnet) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_bastion_host_ip_configuration"></a> [bastion\_host\_ip\_configuration](#input\_bastion\_host\_ip\_configuration) | Block for define Ip configuration for Bastion Host. Changing this forces a new resource to be created. | `string` | `"bastion_config"` | no |
 | <a name="input_bastion_hostname"></a> [bastion\_hostname](#input\_bastion\_hostname) | Name of the basion host | `string` | `"test"` | no |
-| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A mapping of tags to assign to the resource. | `map(any)` | <pre>{<br/>  "ManagedByTerraform": "True"<br/>}</pre> | no |
-| <a name="input_environment"></a> [environment](#input\_environment) | Variable that defines the name of the environment. | `string` | `"dev"` | no |
+| <a name="input_bastion_resource_group_location"></a> [bastion\_resource\_group\_location](#input\_bastion\_resource\_group\_location) | The location/region where the bastion host is created. Changing this forces a new resource to be created. | `string` | `"West Europe"` | no |
+| <a name="input_bastion_resource_group_name"></a> [bastion\_resource\_group\_name](#input\_bastion\_resource\_group\_name) | The name of the resource group in which to create the bastion host. | `string` | n/a | yes |
+| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A mapping of tags to assign to the resource. | `map(any)` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Var used for backend container name key | `string` | `"dev"` | no |
 | <a name="input_pubip_allocation_method"></a> [pubip\_allocation\_method](#input\_pubip\_allocation\_method) | Defines the allocation method for this IP address. Possible values are Static or Dynamic. | `string` | `"Static"` | no |
 | <a name="input_pubip_sku"></a> [pubip\_sku](#input\_pubip\_sku) | The SKU of the Public IP. Accepted values are Basic and Standard. Defaults to Basic. | `string` | `"Standard"` | no |
-| <a name="input_region"></a> [region](#input\_region) | Region in which resources are deployed. | `string` | `"weu"` | no |
-| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `any` | n/a | yes |
-| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the virtual networn, subnets and bastion host. Changing this forces a new resource to be created. | `any` | n/a | yes |
-| <a name="input_subnet_prefix"></a> [subnet\_prefix](#input\_subnet\_prefix) | The address prefix and name to use for the subnet. | `map(any)` | <pre>{<br/>  "bastion": {<br/>    "ip": [<br/>      "10.0.250.0/24"<br/>    ],<br/>    "name": "AzureBastionSubnet"<br/>  },<br/>  "subnet_1": {<br/>    "ip": [<br/>      "10.0.1.0/24"<br/>    ],<br/>    "name": "Subnet_1"<br/>  },<br/>  "subnet_2": {<br/>    "ip": [<br/>      "10.0.2.0/24"<br/>    ],<br/>    "name": "Subnet_2"<br/>  }<br/>}</pre> | no |
+| <a name="input_public_ip_name"></a> [public\_ip\_name](#input\_public\_ip\_name) | Specifies the name of the Public IP. Changing this forces a new Public IP to be created. | `string` | `"bastion_pub_ip"` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region in which resources are deployed | `string` | `"weu"` | no |
+| <a name="input_subnet_prefix"></a> [subnet\_prefix](#input\_subnet\_prefix) | List of subnets with their prefixes and optional service endpoints and delegations | <pre>map(object({<br/>    name              = string<br/>    ip                = list(string)<br/>    service_endpoints = optional(list(object({<br/>      service = string<br/>    })), [])<br/>    delegations = optional(list(object({<br/>      name         = string<br/>      service_name = string<br/>      actions      = list(string)<br/>    })), [])<br/>    private_endpoint_network_policies = optional(string, null)<br/>    private_link_service_network_policies_enabled = optional(string, null)<br/>  }))</pre> | <pre>{<br/>  "example-subnet-1": {<br/>    "delegations": [<br/>      {<br/>        "actions": [<br/>          "Microsoft.Network/virtualNetworks/subnets/action"<br/>        ],<br/>        "name": "delegation1",<br/>        "service_name": "Microsoft.Web/serverFarms"<br/>      }<br/>    ],<br/>    "ip": [<br/>      "10.0.1.0/24"<br/>    ],<br/>    "name": "subnet-1",<br/>    "private_endpoint_network_policies": "Disabled",<br/>    "private_link_service_network_policies_enabled": false,<br/>    "service_endpoints": [<br/>      {<br/>        "service": "Microsoft.Storage"<br/>      },<br/>      {<br/>        "service": "Microsoft.Sql"<br/>      }<br/>    ]<br/>  },<br/>  "example-subnet-2": {<br/>    "delegations": [<br/>      {<br/>        "actions": [<br/>          "Microsoft.Network/virtualNetworks/subnets/action"<br/>        ],<br/>        "name": "delegation2",<br/>        "service_name": "Microsoft.Web/serverFarms"<br/>      }<br/>    ],<br/>    "ip": [<br/>      "10.0.2.0/24"<br/>    ],<br/>    "name": "subnet-2",<br/>    "private_endpoint_network_policies": "Disabled",<br/>    "private_link_service_network_policies_enabled": false,<br/>    "service_endpoints": [<br/>      {<br/>        "service": "Microsoft.Storage"<br/>      }<br/>    ]<br/>  }<br/>}</pre> | no |
 | <a name="input_vnet_address_space"></a> [vnet\_address\_space](#input\_vnet\_address\_space) | The address space that is used the virtual network. You can supply more than one address space. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_vnet_name"></a> [vnet\_name](#input\_vnet\_name) | The name of the virtual network. Changing this forces a new resource to be created. | `string` | `"VirtualNetwork1"` | no |
+| <a name="input_vnet_resource_group_location"></a> [vnet\_resource\_group\_location](#input\_vnet\_resource\_group\_location) | The location/region where the virtual network is created. Changing this forces a new resource to be created. | `string` | `"West Europe"` | no |
+| <a name="input_vnet_resource_group_name"></a> [vnet\_resource\_group\_name](#input\_vnet\_resource\_group\_name) | The name of the resource group in which to create the virtual network. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_bastion_host"></a> [bastion\_host](#output\_bastion\_host) | Information about the bastion host. |
-| <a name="output_subnets"></a> [subnets](#output\_subnets) | Information about the subnets within the virtual network. |
-| <a name="output_virtual_network"></a> [virtual\_network](#output\_virtual\_network) | Information about the virtual network. |
-<!-- END_TF_DOCS -->
+| <a name="output_address_space"></a> [address\_space](#output\_address\_space) | The list of address spaces used by the virtual network. |
+| <a name="output_bastion_pubip"></a> [bastion\_pubip](#output\_bastion\_pubip) | List the public IP of the bastion server |
+| <a name="output_id"></a> [id](#output\_id) | The virtual NetworkConfiguration ID. |
+| <a name="output_location"></a> [location](#output\_location) | The location/region where the virtual network is created. |
+| <a name="output_name"></a> [name](#output\_name) | The name of the virtual network. |
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | The name of the resource group in which to create the virtual network. |

README.md

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source = "hashicorp/azurerm"
-      version = "4.0.1"
+      version = "4.14.0"
     }
   }
   required_version = ">= 1.6.4"

backend.tf

@@ -1,22 +1,22 @@
-data "azurerm_subnet" "main" {
+data "azurerm_subnet" "maindata" {
   name                 = "AzureBastionSubnet"
   virtual_network_name = "${var.environment}-${var.vnet_name}-${var.region}-vnet"
-  resource_group_name  = data.azurerm_resource_group.rg.name
+  resource_group_name  = data.azurerm_resource_group.vnet.name
 
   depends_on = [azurerm_virtual_network.main, azurerm_subnet.main]
 }
 
 resource "azurerm_bastion_host" "main" {
-  name                = "${var.environment}-${var.bastion_hostname}-${var.region}-bas"
-  location            = data.azurerm_resource_group.rg.location
-  resource_group_name = data.azurerm_resource_group.rg.name
+  name                = "${var.environment}-${var.bastion_hostname}-${var.region}-bst"
+  location            = data.azurerm_resource_group.bastion.location
+  resource_group_name = data.azurerm_resource_group.bastion.name
   tags                = var.default_tags
 
   ip_configuration {
-    name                 = "bastion_config"
-    subnet_id            = data.azurerm_subnet.main.id
+    name                 = var.bastion_host_ip_configuration
+    subnet_id            = data.azurerm_subnet.maindata.id
     public_ip_address_id = azurerm_public_ip.main.id
   }
 
   depends_on = [azurerm_virtual_network.main, azurerm_subnet.main, data.azurerm_subnet.maindata]
-}
+}

bastion_host.tf

@@ -1,5 +1,9 @@
 data "azurerm_client_config" "current" {}
 
-data "azurerm_resource_group" "main" {
-  name = var.resource_group_name
-}
+data "azurerm_resource_group" "vnet" {
+  name = var.vnet_resource_group_name
+}
+
+data "azurerm_resource_group" "bastion" {
+  name = var.bastion_resource_group_name
+}

main.tf

@@ -1,32 +1,30 @@
-output "virtual_network" {
-  description = "Information about the virtual network."
-  value = {
-    name          = azurerm_virtual_network.main.name
-    id            = azurerm_virtual_network.main.id
-    address_space = azurerm_virtual_network.main.address_space
-  }
-  sensitive = false
+output "id" {
+  description = "The virtual NetworkConfiguration ID."
+  value       = azurerm_virtual_network.main.id
+  sensitive   = false
 }
-
-output "subnets" {
-  description = "Information about the subnets within the virtual network."
-  value = {
-    for subnet_name, subnet in azurerm_subnet.main : subnet_name => {
-      name             = subnet.name
-      id               = subnet.id
-      address_prefixes = subnet.address_prefixes
-    }
-  }
-  sensitive = false
+output "name" {
+  description = "The name of the virtual network."
+  value       = azurerm_virtual_network.main.name
+  sensitive   = false
 }
-
-output "bastion_host" {
-  description = "Information about the bastion host."
-  value = {
-    name           = azurerm_bastion_host.main.name
-    private_ip     = azurerm_bastion_host.main.ip_configuration[0].private_ip_address
-    public_ip      = azurerm_public_ip.main.ip_address
-    bastion_subnet = azurerm_bastion_host.main.ip_configuration[0].subnet_id
-  }
-  sensitive = false
+output "resource_group_name" {
+  description = "The name of the resource group in which to create the virtual network."
+  value       = azurerm_virtual_network.main.resource_group_name
+  sensitive   = false
+}
+output "location" {
+  description = "The location/region where the virtual network is created."
+  value       = azurerm_virtual_network.main.location
+  sensitive   = false
+}
+output "address_space" {
+  description = "The list of address spaces used by the virtual network."
+  value       = azurerm_virtual_network.main.address_space
+  sensitive   = false
+}
+output "bastion_pubip" {
+  value       = azurerm_public_ip.main.ip_address
+  description = "List the public IP of the bastion server"
+  sensitive   = false
 }

output.tf

@@ -1,7 +1,7 @@
 resource "azurerm_public_ip" "main" {
-  name                = "${var.environment}-${var.bastion_hostname}-${var.region}-pip"
-  location            = data.azurerm_resource_group.rg.location
-  resource_group_name = data.azurerm_resource_group.rg.name
+  name                = "${var.environment}-${var.public_ip_name}"
+  location            = data.azurerm_resource_group.bastion.location
+  resource_group_name = data.azurerm_resource_group.bastion.name
   allocation_method   = var.pubip_allocation_method
   sku                 = var.pubip_sku
   tags                = var.default_tags

publicip.tf

@@ -1,9 +1,21 @@
 resource "azurerm_subnet" "main" {
   for_each             = var.subnet_prefix
-  resource_group_name  = data.azurerm_resource_group.rg.name
+  resource_group_name  = data.azurerm_resource_group.vnet.name
   virtual_network_name = "${var.environment}-${var.vnet_name}-${var.region}-vnet"
   name                 = each.value["name"]
   address_prefixes     = each.value["ip"]
-
-  depends_on = [azurerm_virtual_network.main]
-}
+  service_endpoints    = [for se in lookup(each.value, "service_endpoints", []) : se.service]
+  dynamic "delegation" {
+    for_each = lookup(each.value, "delegations", [])
+    content {
+      name = delegation.value.name
+      service_delegation {
+        name = delegation.value.service_name
+        actions = delegation.value.actions
+      }
+    }
+  }
+  private_endpoint_network_policies = lookup(each.value, "private_endpoint_network_policies", null) 
+  private_link_service_network_policies_enabled = lookup(each.value, "private_link_service_network_policies_enabled", null)    
+depends_on = [azurerm_virtual_network.main]
+}