From 657ed699448f72073503236a41c52967f3021d05 Mon Sep 17 00:00:00 2001 From: Dennis van der Meulen Date: Fri, 25 Oct 2024 12:56:10 +0200 Subject: [PATCH 1/8] add initial core implementation --- .gitignore | 4 ++-- CHANGELOG.md | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2faf43d..e895a5a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,8 +10,8 @@ crash.log crash.*.log # Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject # to change depending on the environment. *.tfvars *.tfvars.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 61f161f..c86169d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,4 +3,3 @@ All notable changes to this project will automatically be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - From aa30cdfa8476a681be6954e6192ae51dcf551592 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 25 Oct 2024 10:59:39 +0000 Subject: [PATCH 2/8] docs(readme): update module usage --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..ef2fa69 --- /dev/null +++ b/README.md @@ -0,0 +1,25 @@ + +## Requirements + +No requirements. + +## Providers + +No providers. + +## Modules + +No modules. + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +No outputs. + \ No newline at end of file From 9de0909b9b5f745160eab05d2440bc536dfe8307 Mon Sep 17 00:00:00 2001 From: Dennis van der Meulen Date: Fri, 25 Oct 2024 13:07:33 +0200 Subject: [PATCH 3/8] add example dir --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index ef2fa69..e2f2eab 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +# terraform-azure-mcaf-core +Terraform module to create the Core component of each workload, currently only implements Terraform-azure-mcaf-key-vault + ## Requirements From e9f8fa821037e193f1df489ad9877b218250fb86 Mon Sep 17 00:00:00 2001 From: Dennis van der Meulen Date: Mon, 4 Nov 2024 10:16:01 +0100 Subject: [PATCH 4/8] initial core files --- examples/basic/main.tf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 examples/basic/main.tf diff --git a/examples/basic/main.tf b/examples/basic/main.tf new file mode 100644 index 0000000..ad5c425 --- /dev/null +++ b/examples/basic/main.tf @@ -0,0 +1,30 @@ +terraform { + required_version = ">= 1.7" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 4" + } + } +} + +provider "azurerm" { + subscription_id = "00000000-0000-0000-0000-000000000000" + features {} +} + +module "azure_core" { + source = "../.." + + resource_group = { + name = "example-rg" + } + + key_vault = { + name = "example-kv" + } + + location = "West Europe" + tags = { Environment = "Production" } +} \ No newline at end of file From e6b0a598e54735086cada905c5bc2530fc8f74e3 Mon Sep 17 00:00:00 2001 From: Dennis van der Meulen Date: Mon, 4 Nov 2024 10:18:08 +0100 Subject: [PATCH 5/8] Linter --- main.tf | 38 ++++++++++++++++++++++++++++++++++++++ outputs.tf | 21 +++++++++++++++++++++ terraform.tf | 10 ++++++++++ variables.tf | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 116 insertions(+) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 terraform.tf create mode 100644 variables.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..e415618 --- /dev/null +++ b/main.tf @@ -0,0 +1,38 @@ +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "this" { + name = var.resource_group.name + location = var.location + tags = merge( + try(var.tags), + tomap({ + "Resource Type" = "Resource Group" + }) + ) +} + +module "keyvault_with_cmk" { + source = "github.com/schubergphilis/terraform-azure-mcaf-key-vault.git" + + key_vault = { + name = var.key_vault.name + tenant_id = data.azurerm_client_config.current.tenant_id + resource_group_name = azurerm_resource_group.this.name + location = var.location + enabled_for_disk_encryption = true + enabled_for_deployment = false + enabled_for_template_deployment = false + enable_rbac_authorization = true + purge_protection = true + soft_delete_retention_days = 30 + sku = "standard" + ip_rules = length(var.key_vault.ip_rules) == 0 ? null : var.key_vault.ip_rules + subnet_ids = length(var.key_vault.subnet_ids) == 0 ? null : var.key_vault.subnet_ids + network_bypass = "AzureServices" + cmk_keys_create = true + cmkrsa_key_name = var.key_vault.cmkrsa_key_name + cmkec_key_name = var.key_vault.cmkec_key_name + } + + tags = var.tags +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..f8a34e5 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,21 @@ +output "key_vault_id" { + value = module.keyvault_with_cmk.key_vault_id +} + +output "key_vault_name" { + value = module.keyvault_with_cmk.key_vault_name +} + +output "key_vault_uri" { + value = module.keyvault_with_cmk.key_vault_uri +} + +output "key_vault_cmkrsa_key_name" { + value = module.keyvault_with_cmk.key_vault_cmkrsa_keyname + description = "CMK RSA Key Name" +} + +output "key_vault_cmkrsa_id" { + value = module.keyvault_with_cmk.key_vault_cmkrsa_id + description = "CMK RSA Key ID" +} diff --git a/terraform.tf b/terraform.tf new file mode 100644 index 0000000..ca9101b --- /dev/null +++ b/terraform.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.7" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 4" + } + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..fa4bac3 --- /dev/null +++ b/variables.tf @@ -0,0 +1,47 @@ +variable "resource_group" { + description = "The name of the resource group in which to create the resources." + type = object({ + name = string + }) + default = { + name = null + } +} + +variable "key_vault" { + type = object({ + name = string + enabled_for_disk_encryption = optional(bool, false) + enabled_for_deployment = optional(bool, false) + enabled_for_template_deployment = optional(bool, false) + enable_rbac_authorization = optional(bool, true) + purge_protection = optional(bool, true) + soft_delete_retention_days = optional(number, 30) + sku = optional(string, "standard") + ip_rules = optional(list(string), []) + subnet_ids = optional(list(string), []) + network_bypass = optional(string, "None") + cmk_keys_create = optional(bool, true) + cmkrsa_key_name = optional(string, "cmkrsa") + cmkec_key_name = optional(string, "cmkec") + cmk_rotation_period = optional(string, "P90D") + }) +} + +variable "location" { + description = "Location of the resources to create" + type = string +} + +variable "tags" { + description = "A map of tags to assign to the resource." + type = map(string) + default = {} +} + +variable "zones" { + type = list(string) + default = [] + description = "A list of availability zones in which the resource should be created." +} + From 80d10a2c5a3bf034187faefd1c335b30be05da4e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 4 Nov 2024 09:18:27 +0000 Subject: [PATCH 6/8] docs(readme): update module usage --- README.md | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e2f2eab..c350050 100644 --- a/README.md +++ b/README.md @@ -4,25 +4,47 @@ Terraform module to create the Core component of each workload, currently only i ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.7 | +| [azurerm](#requirement\_azurerm) | >= 4 | ## Providers -No providers. +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | >= 4 | ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [keyvault\_with\_cmk](#module\_keyvault\_with\_cmk) | github.com/schubergphilis/terraform-azure-mcaf-key-vault.git | n/a | ## Resources -No resources. +| Name | Type | +|------|------| +| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | ## Inputs -No inputs. +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [key\_vault](#input\_key\_vault) | n/a | 
object({
    name                            = string
    enabled_for_disk_encryption     = optional(bool, false)
    enabled_for_deployment          = optional(bool, false)
    enabled_for_template_deployment = optional(bool, false)
    enable_rbac_authorization       = optional(bool, true)
    purge_protection                = optional(bool, true)
    soft_delete_retention_days      = optional(number, 30)
    sku                             = optional(string, "standard")
    ip_rules                        = optional(list(string), [])
    subnet_ids                      = optional(list(string), [])
    network_bypass                  = optional(string, "None")
    cmk_keys_create                 = optional(bool, true)
    cmkrsa_key_name                 = optional(string, "cmkrsa")
    cmkec_key_name                  = optional(string, "cmkec")
    cmk_rotation_period             = optional(string, "P90D")
  })
| n/a | yes | +| [location](#input\_location) | Location of the resources to create | `string` | n/a | yes | +| [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the resources. | 
object({
    name = string
  })
| 
{
  "name": null
}
| no | +| [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [zones](#input\_zones) | A list of availability zones in which the resource should be created. | `list(string)` | `[]` | no | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [key\_vault\_cmkrsa\_id](#output\_key\_vault\_cmkrsa\_id) | CMK RSA Key ID | +| [key\_vault\_cmkrsa\_key\_name](#output\_key\_vault\_cmkrsa\_key\_name) | CMK RSA Key Name | +| [key\_vault\_id](#output\_key\_vault\_id) | n/a | +| [key\_vault\_name](#output\_key\_vault\_name) | n/a | +| [key\_vault\_uri](#output\_key\_vault\_uri) | n/a | \ No newline at end of file From 8a5415150de6e2393b85675887d81954f85baed6 Mon Sep 17 00:00:00 2001 From: Dennis van der Meulen Date: Mon, 4 Nov 2024 10:21:15 +0100 Subject: [PATCH 7/8] removed unused var --- .github/workflows/terraform-test.yaml | 20 -------------------- variables.tf | 6 ------ 2 files changed, 26 deletions(-) delete mode 100644 .github/workflows/terraform-test.yaml diff --git a/.github/workflows/terraform-test.yaml b/.github/workflows/terraform-test.yaml deleted file mode 100644 index 4d7d195..0000000 --- a/.github/workflows/terraform-test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: "terraform-test" - -on: - pull_request: - -jobs: - terraform-test-unit: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Task - uses: arduino/setup-task@v2 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - - - name: Run unit tests - run: task test diff --git a/variables.tf b/variables.tf index fa4bac3..a033542 100644 --- a/variables.tf +++ b/variables.tf @@ -39,9 +39,3 @@ variable "tags" { default = {} } -variable "zones" { - type = list(string) - default = [] - description = "A list of availability zones in which the resource should be created." -} - From d62557a97a5f1a347daadd4fd9f42d19f817cfa2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 4 Nov 2024 09:21:46 +0000 Subject: [PATCH 8/8] docs(readme): update module usage --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index c350050..f5251de 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,6 @@ Terraform module to create the Core component of each workload, currently only i | [location](#input\_location) | Location of the resources to create | `string` | n/a | yes | | [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the resources. | 
object({
    name = string
  })
| 
{
  "name": null
}
| no | | [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | -| [zones](#input\_zones) | A list of availability zones in which the resource should be created. | `list(string)` | `[]` | no | ## Outputs