diff --git a/README.md b/README.md
index 0dd1a61..3aefe26 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,46 @@
-# terraform-azure-mcaf-pdns
\ No newline at end of file
+# terraform-azure-mcaf-pdns
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [azurerm](#requirement\_azurerm) | >= 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azurerm](#provider\_azurerm) | 4.10.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_private_dns_resolver.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver) | resource |
+| [azurerm_private_dns_resolver_dns_forwarding_ruleset.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_dns_forwarding_ruleset) | resource |
+| [azurerm_private_dns_resolver_forwarding_rule.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_forwarding_rule) | resource |
+| [azurerm_private_dns_resolver_inbound_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_inbound_endpoint) | resource |
+| [azurerm_private_dns_resolver_outbound_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_outbound_endpoint) | resource |
+| [azurerm_private_dns_resolver_virtual_network_link.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_virtual_network_link) | resource |
+| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [private\_dns\_resolver](#input\_private\_dns\_resolver) | Private DNS resolver configuration | object({
name = string
virtual_network_id = string
virtual_network_name = string
}) | n/a | yes |
+| [private\_dns\_resolver\_forwarding\_rule](#input\_private\_dns\_resolver\_forwarding\_rule) | Private DNS resolver forwarding rule configuration | map(object({
name = string
domain_name = string
enabled = optional(bool, true)
target_dns_servers = list(object({
ip_address = string
port = optional(number, 53)
}))
})) | n/a | yes |
+| [private\_dns\_resolver\_inbound\_endpoint](#input\_private\_dns\_resolver\_inbound\_endpoint) | Private DNS resolver inbound endpoint configuration | object({
name = string
private_ip_allocation_method = optional(string, "static")
subnet_id = string
}) | n/a | yes |
+| [private\_dns\_resolver\_outbound\_endpoint](#input\_private\_dns\_resolver\_outbound\_endpoint) | Private DNS resolver outbound endpoint configuration | object({
enabled = optional(bool, true)
name = string
subnet_id = string
}) | n/a | yes |
+| [resource\_group](#input\_resource\_group) | Resource group configuration | object({
name = string
location = string
}) | n/a | yes |
+| [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+
\ No newline at end of file
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
new file mode 100644
index 0000000..67eaa7c
--- /dev/null
+++ b/examples/basic/main.tf
@@ -0,0 +1,60 @@
+terraform {
+
+
+ required_version = ">= 1.8"
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = ">= 4.5, < 5.0"
+ }
+ }
+}
+
+
+module "pdns_resolver" {
+ source = "../../"
+
+ resource_group = {
+ name = "example-resource-group"
+ location = "eastus"
+ }
+
+ private_dns_resolver = {
+ name = "example-dns-resolver"
+ virtual_network_id = "vnet-id"
+ virtual_network_name = "vnet-name"
+ }
+
+ private_dns_resolver_inbound_endpoint = {
+ name = "inbound-endpoint"
+ private_ip_allocation_method = "Static"
+ subnet_id = "subnet-id"
+ }
+
+ private_dns_resolver_outbound_endpoint = {
+ enabled = true
+ name = "outbound-endpoint"
+ subnet_id = "subnet-id"
+ }
+
+ private_dns_resolver_forwarding_rule = {
+ rule1 = {
+ name = "rule1"
+ domain_name = "example.com"
+ enabled = true
+ target_dns_servers = [
+ {
+ ip_address = "10.0.0.1"
+ port = 53
+ }
+ ]
+ }
+ }
+
+
+ tags = {
+ Owner = "team-name"
+ Environment = "production"
+ }
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index d5933a6..8857b14 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,12 @@
resource "azurerm_resource_group" "this" {
name = var.resource_group.name
location = var.resource_group.location
+ tags = merge(
+ try(var.tags),
+ tomap({
+ "Resource Type" = "Resource Group"
+ })
+ )
}
resource "azurerm_private_dns_resolver" "this" {
@@ -8,6 +14,12 @@ resource "azurerm_private_dns_resolver" "this" {
resource_group_name = azurerm_resource_group.this.name
location = azurerm_resource_group.this.location
virtual_network_id = var.private_dns_resolver.virtual_network_id
+ tags = merge(
+ try(var.tags),
+ tomap({
+ "Resource Type" = "Private DNS Resolver"
+ })
+ )
}
resource "azurerm_private_dns_resolver_inbound_endpoint" "this" {
@@ -21,23 +33,67 @@ resource "azurerm_private_dns_resolver_inbound_endpoint" "this" {
private_ip_address = "static"
}
+ tags = merge(
+ try(var.tags),
+ tomap({
+ "Resource Type" = "Private DNS Resolver Inbound Endpoint"
+ })
+ )
}
resource "azurerm_private_dns_resolver_outbound_endpoint" "this" {
+ count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
name = var.private_dns_resolver_outbound_endpoint.name
location = azurerm_resource_group.this.location
private_dns_resolver_id = azurerm_private_dns_resolver.this.id
subnet_id = var.private_dns_resolver_outbound_endpoint.subnet_id
+
+ tags = merge(
+ try(var.tags),
+ tomap({
+ "Resource Type" = "Private DNS Resolver Outbound Endpoint"
+ })
+ )
+}
+
+resource "azurerm_private_dns_resolver_dns_forwarding_ruleset" "this" {
+ count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
+ name = var.private_dns_resolver_forwarding_rule.each.name
+ resource_group_name = azurerm_resource_group.this.name
+ location = azurerm_resource_group.this.location
+ private_dns_resolver_outbound_endpoint_ids = [azurerm_private_dns_resolver_outbound_endpoint.this[count.index].id]
+
+ tags = merge(
+ try(var.tags),
+ tomap({
+ "Resource Type" = "Private DNS Resolver DNS Forwarding Ruleset"
+ })
+ )
}
resource "azurerm_private_dns_resolver_forwarding_rule" "this" {
+ count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
name = var.private_dns_resolver_forwarding_rule.each.name
- dns_forwarding_ruleset_id = azurerm_private_dns_resolver.this.id
+ dns_forwarding_ruleset_id = azurerm_private_dns_resolver_outbound_endpoint.this[count.index].id
domain_name = var.private_dns_resolver_forwarding_rule.each.domain_name
enabled = var.private_dns_resolver_forwarding_rule.each.enabled
- target_dns_servers {
- ip_address = var.private_dns_resolver_forwarding_rule.each.target_dns_servers
- port = var.private_dns_resolver_forwarding_rule.each.port
+
+ dynamic "target_dns_servers" {
+ for_each = var.private_dns_resolver_forwarding_rule.each.target_dns_servers
+ content {
+ ip_address = target_dns_servers.value.ip_address
+ port = target_dns_servers.value.port
+ }
}
}
+resource "azurerm_private_dns_resolver_virtual_network_link" "this" {
+ count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
+ name = "$(var.private_dns_resolver.virtual_network_name)-link"
+ dns_forwarding_ruleset_id = azurerm_private_dns_resolver_outbound_endpoint.this[count.index].id
+ virtual_network_id = var.private_dns_resolver.virtual_network_id
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/variables.tf b/variables.tf
index b46eb52..a4e2d96 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,9 @@
+variable "tags" {
+ description = "A map of tags to assign to the resource."
+ type = map(string)
+ default = {}
+}
+
variable "resource_group" {
description = "Resource group configuration"
type = object({
@@ -9,8 +15,9 @@ variable "resource_group" {
variable "private_dns_resolver" {
description = "Private DNS resolver configuration"
type = object({
- name = string
- virtual_network_id = string
+ name = string
+ virtual_network_id = string
+ virtual_network_name = string
})
}
@@ -18,7 +25,7 @@ variable "private_dns_resolver_inbound_endpoint" {
description = "Private DNS resolver inbound endpoint configuration"
type = object({
name = string
- private_ip_allocation_method = string
+ private_ip_allocation_method = optional(string, "static")
subnet_id = string
})
}
@@ -26,6 +33,7 @@ variable "private_dns_resolver_inbound_endpoint" {
variable "private_dns_resolver_outbound_endpoint" {
description = "Private DNS resolver outbound endpoint configuration"
type = object({
+ enabled = optional(bool, true)
name = string
subnet_id = string
})
@@ -33,10 +41,12 @@ variable "private_dns_resolver_outbound_endpoint" {
variable "private_dns_resolver_forwarding_rule" {
description = "Private DNS resolver forwarding rule configuration"
type = map(object({
- name = string
- domain_name = string
- enabled = bool
- target_dns_servers = string
- port = number
+ name = string
+ domain_name = string
+ enabled = optional(bool, true)
+ target_dns_servers = list(object({
+ ip_address = string
+ port = optional(number, 53)
+ }))
}))
}