schubergphilis · gillianstravers · Nov 27, 2024 · Nov 28, 2024 · Nov 28, 2024 · Nov 28, 2024
diff --git a/README.md b/README.md
@@ -1 +1,46 @@
-# terraform-azure-mcaf-pdns
+# terraform-azure-mcaf-pdns
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.7 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.10.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_private_dns_resolver.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver) | resource |
+| [azurerm_private_dns_resolver_dns_forwarding_ruleset.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_dns_forwarding_ruleset) | resource |
+| [azurerm_private_dns_resolver_forwarding_rule.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_forwarding_rule) | resource |
+| [azurerm_private_dns_resolver_inbound_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_inbound_endpoint) | resource |
+| [azurerm_private_dns_resolver_outbound_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_outbound_endpoint) | resource |
+| [azurerm_private_dns_resolver_virtual_network_link.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_resolver_virtual_network_link) | resource |
+| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_private_dns_resolver"></a> [private\_dns\_resolver](#input\_private\_dns\_resolver) | Private DNS resolver configuration | <pre>object({<br>    name                  = string<br>    virtual_network_id    = string<br>    virtual_netwwork_name = string<br>  })</pre> | n/a | yes |
+| <a name="input_private_dns_resolver_forwarding_rule"></a> [private\_dns\_resolver\_forwarding\_rule](#input\_private\_dns\_resolver\_forwarding\_rule) | Private DNS resolver forwarding rule configuration | <pre>map(object({<br>    name        = string<br>    domain_name = string<br>    enabled     = optional(bool, true)<br>    target_dns_servers = list(object({<br>      ip_address = string<br>      port       = optional(number, 53)<br>    }))<br>  }))</pre> | n/a | yes |
+| <a name="input_private_dns_resolver_inbound_endpoint"></a> [private\_dns\_resolver\_inbound\_endpoint](#input\_private\_dns\_resolver\_inbound\_endpoint) | Private DNS resolver inbound endpoint configuration | <pre>object({<br>    name                         = string<br>    private_ip_allocation_method = optional(string, "static")<br>    subnet_id                    = string<br>  })</pre> | n/a | yes |
+| <a name="input_private_dns_resolver_outbound_endpoint"></a> [private\_dns\_resolver\_outbound\_endpoint](#input\_private\_dns\_resolver\_outbound\_endpoint) | Private DNS resolver outbound endpoint configuration | <pre>object({<br>    enabled   = optional(bool, true)<br>    name      = string<br>    subnet_id = string<br>  })</pre> | n/a | yes |
+| <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | Resource group configuration | <pre>object({<br>    name     = string<br>    location = string<br>  })</pre> | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -0,0 +1,65 @@
+terraform {
+
+
+   required_version = ">= 1.8"
+
+   required_providers {
+     azurerm = {
+       source  = "hashicorp/azurerm"
+       version = ">= 4.5, < 5.0"
+     }
+   }
+ }
+
+
+module "pdns_resolver" {
+  source = "../../"
+
+  resource_group = {
+    name     = "example-resource-group"
+    location = "eastus"
+  }
+
+  private_dns_resolver = {
+    name                  = "example-dns-resolver"
+    virtual_network_id    = "vnet-id"
+    virtual_netwwork_name = "vnet-name"
+  }
+
+  private_dns_resolver_inbound_endpoint = {
+    name                         = "inbound-endpoint"
+    private_ip_allocation_method = "Static"
+    subnet_id                    = "subnet-id"
+  }
+
+  private_dns_resolver_outbound_endpoint = {
+    enabled   = true
+    name      = "outbound-endpoint"
+    subnet_id = "subnet-id"
+  }
+
+  private_dns_resolver_forwarding_rule = {
+    each = {
+      rule1 = {
+        name        = "rule1"
+        domain_name = "example.com"
+        enabled     = true
+        target_dns_servers = [
+          {
+            ip_address = "10.0.0.1"
+            port       = 53
+          },
+          {
+            ip_address = "10.0.0.2"
+            port       = 53
+          }
+        ]
+      }
+    }
+  }
+
+  tags = {
+    Owner       = "team-name"
+    Environment = "production"
+  }
+}
diff --git a/main.tf b/main.tf
@@ -1,13 +1,25 @@
 resource "azurerm_resource_group" "this" {
   name     = var.resource_group.name
   location = var.resource_group.location
+  tags = merge(
+    try(var.tags),
+    tomap({
+      "Resource Type" = "Resource Group"
+    })
+  )
 }
 
 resource "azurerm_private_dns_resolver" "this" {
   name                = var.private_dns_resolver.name
   resource_group_name = azurerm_resource_group.this.name
   location            = azurerm_resource_group.this.location
   virtual_network_id  = var.private_dns_resolver.virtual_network_id
+  tags = merge(
+    try(var.tags),
+    tomap({
+      "Resource Type" = "Private DNS Resolver"
+    })
+  )
 }
 
 resource "azurerm_private_dns_resolver_inbound_endpoint" "this" {
@@ -21,23 +33,67 @@ resource "azurerm_private_dns_resolver_inbound_endpoint" "this" {
     private_ip_address           = "static"
 
   }
+  tags = merge(
+    try(var.tags),
+    tomap({
+      "Resource Type" = "Private DNS Resolver Inbound Endpoint"
+    })
+  )
 }
 
 resource "azurerm_private_dns_resolver_outbound_endpoint" "this" {
+  count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
   name                    = var.private_dns_resolver_outbound_endpoint.name
   location                = azurerm_resource_group.this.location
   private_dns_resolver_id = azurerm_private_dns_resolver.this.id
   subnet_id               = var.private_dns_resolver_outbound_endpoint.subnet_id
+
+  tags = merge(
+    try(var.tags),
+    tomap({
+      "Resource Type" = "Private DNS Resolver Outbound Endpoint"
+    })
+  )
+}
+
+resource "azurerm_private_dns_resolver_dns_forwarding_ruleset" "this" {
+  count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
+  name                                       = var.private_dns_resolver_forwarding_rule.each.name
+  resource_group_name                        = azurerm_resource_group.this.name
+  location                                   = azurerm_resource_group.this.location
+  private_dns_resolver_outbound_endpoint_ids = [azurerm_private_dns_resolver_outbound_endpoint.this[count.index].id]
+
+  tags = merge(
+    try(var.tags),
+    tomap({
+      "Resource Type" = "Private DNS Resolver DNS Forwarding Ruleset"
+    })
+  )
 }
 
 resource "azurerm_private_dns_resolver_forwarding_rule" "this" {
+  count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
   name                      = var.private_dns_resolver_forwarding_rule.each.name
-  dns_forwarding_ruleset_id = azurerm_private_dns_resolver.this.id
+  dns_forwarding_ruleset_id = azurerm_private_dns_resolver_outbound_endpoint.this[count.index].id
   domain_name               = var.private_dns_resolver_forwarding_rule.each.domain_name
   enabled                   = var.private_dns_resolver_forwarding_rule.each.enabled
-  target_dns_servers {
-    ip_address = var.private_dns_resolver_forwarding_rule.each.target_dns_servers
-    port       = var.private_dns_resolver_forwarding_rule.each.port
+
+  dynamic "target_dns_servers" {
+    for_each = var.private_dns_resolver_forwarding_rule.each.target_dns_servers
+    content {
+      ip_address = target_dns_servers.value.ip_address
+      port       = target_dns_servers.value.port
+    }
   }
 }
 
+resource "azurerm_private_dns_resolver_virtual_network_link" "this" {
+  count = var.private_dns_resolver_outbound_endpoint.enabled ? 1 : 0
+
+  name                      = "$(var.private_dns_resolver.virtual_netwwork_name)-link"
+  dns_forwarding_ruleset_id = azurerm_private_dns_resolver_outbound_endpoint.this[count.index].id
+  virtual_network_id        = var.private_dns_resolver.virtual_network_id
+}
diff --git a/outputs.tf b/outputs.tf
diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,9 @@
+variable "tags" {
+  description = "A map of tags to assign to the resource."
+  type        = map(string)
+  default     = {}
+}
+
 variable "resource_group" {
   description = "Resource group configuration"
   type = object({
@@ -9,34 +15,38 @@ variable "resource_group" {
 variable "private_dns_resolver" {
   description = "Private DNS resolver configuration"
   type = object({
-    name               = string
-    virtual_network_id = string
+    name                  = string
+    virtual_network_id    = string
+    virtual_netwwork_name = string
   })
 }
 
 variable "private_dns_resolver_inbound_endpoint" {
   description = "Private DNS resolver inbound endpoint configuration"
   type = object({
     name                         = string
-    private_ip_allocation_method = string
+    private_ip_allocation_method = optional(string, "static")
     subnet_id                    = string
   })
 }
 
 variable "private_dns_resolver_outbound_endpoint" {
   description = "Private DNS resolver outbound endpoint configuration"
   type = object({
+    enabled   = optional(bool, true)
     name      = string
     subnet_id = string
   })
 }
 variable "private_dns_resolver_forwarding_rule" {
   description = "Private DNS resolver forwarding rule configuration"
   type = map(object({
-    name               = string
-    domain_name        = string
-    enabled            = bool
-    target_dns_servers = string
-    port               = number
+    name        = string
+    domain_name = string
+    enabled     = optional(bool, true)
+    target_dns_servers = list(object({
+      ip_address = string
+      port       = optional(number, 53)
+    }))
   }))
 }