From 219f2204fdc1e49829a1b444729e054161022c49 Mon Sep 17 00:00:00 2001 From: Vedant Date: Sat, 7 Dec 2024 00:24:08 +0530 Subject: [PATCH 1/5] Fix : Updated Github Workflows and added Latest Azurerm Version --- .github/CODEOWNERS | 8 +- .github/workflows/auto_assignee.yml | 14 ++++ .github/workflows/automerge.yml | 12 +++ .github/workflows/readme.yml | 59 +++----------- .github/workflows/semantic-releaser.yml | 30 -------- .github/workflows/static-checks.yml | 77 ------------------- .github/workflows/tf-checks.yml | 26 +++++++ .github/workflows/tflint.yml | 11 +++ {_example => examples}/basic/example.tf | 1 + {_example => examples}/basic/outputs.tf | 0 examples/basic/version.tf | 10 +++ {_example => examples}/complete/example.tf | 19 ++--- {_example => examples}/complete/outputs.tf | 0 examples/complete/version.tf | 10 +++ .../firewall-with-isolated-rules/example.tf | 21 ++--- .../firewall-with-isolated-rules/outputs.tf | 0 .../firewall-with-isolated-rules/version.tf | 12 +++ .../firewall-with-public-ip-prefix/example.tf | 22 +++--- .../firewall-with-public-ip-prefix/outputs.tf | 0 .../firewall-with-public-ip-prefix/version.tf | 10 +++ main.tf | 17 ++-- variables.tf | 7 ++ versions.tf | 6 +- 23 files changed, 167 insertions(+), 205 deletions(-) create mode 100644 .github/workflows/auto_assignee.yml create mode 100644 .github/workflows/automerge.yml delete mode 100644 .github/workflows/semantic-releaser.yml delete mode 100644 .github/workflows/static-checks.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml rename {_example => examples}/basic/example.tf (99%) rename {_example => examples}/basic/outputs.tf (100%) create mode 100644 examples/basic/version.tf rename {_example => examples}/complete/example.tf (94%) rename {_example => examples}/complete/outputs.tf (100%) create mode 100644 examples/complete/version.tf rename {_example => examples}/firewall-with-isolated-rules/example.tf (95%) rename {_example => examples}/firewall-with-isolated-rules/outputs.tf (100%) create mode 100644 examples/firewall-with-isolated-rules/version.tf rename {_example => examples}/firewall-with-public-ip-prefix/example.tf (94%) rename {_example => examples}/firewall-with-public-ip-prefix/outputs.tf (100%) create mode 100644 examples/firewall-with-public-ip-prefix/version.tf diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b30a2d4..a538416 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,6 +1,2 @@ -.github/* @clouddrove/approvers - -* @clouddrove/clouddrovians @clouddrove/approvers - -.github/mergify.yml @clouddrove/admins -.github/CODEOWNERS @clouddrove/admins +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove-ci @clouddrove/terraform-azure-admins \ No newline at end of file diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..ec63b22 --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.2.8 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..1d1b636 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,12 @@ +--- +name: Auto merge +on: + pull_request: +jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'complete / Get min/max versions' +... diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 03b477f..444164d 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -1,54 +1,15 @@ -name: 'Create README.md file' +name: Readme Workflow on: push: branches: - master - + paths-ignore: + - 'README.md' + - 'docs/**' + workflow_dispatch: jobs: - readme-create: - name: 'readme-create' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@master - - - name: 'Set up Python 3.7' - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - - name: 'create readme' - uses: 'clouddrove/github-actions@9.0.3' - with: - actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB }}' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - - name: 'pre-commit check errors' - uses: pre-commit/action@v3.0.0 - continue-on-error: true - - - name: 'pre-commit fix erros' - uses: pre-commit/action@v3.0.0 - continue-on-error: true - - - name: 'push readme' - uses: 'clouddrove/github-actions@9.0.3' - continue-on-error: true - with: - actions_subcommand: 'push' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file + README: + uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master + secrets: + TOKEN : ${{ secrets.GITHUB }} + SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} \ No newline at end of file diff --git a/.github/workflows/semantic-releaser.yml b/.github/workflows/semantic-releaser.yml deleted file mode 100644 index c6911b9..0000000 --- a/.github/workflows/semantic-releaser.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Release - -on: - push: - branches: - - main - paths: - - '**.tf' - - '!_example/**.tf' - -jobs: - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - persist-credentials: false - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 14 - - - name: Release - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - run: npx semantic-release diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml deleted file mode 100644 index 7bf6ae8..0000000 --- a/.github/workflows/static-checks.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/basic/ - - _example/complete/ - - _example/firewall-with-isolated-rules/ - - _example/firewall-with-public-ip-prefix/ - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ matrix.version }} - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB_TOKEN }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive -check=true \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..efa0187 --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,26 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + basic: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + with: + working_directory: './examples/basic/' + + complete: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + with: + working_directory: './examples/complete/' + + firewall-with-isolated-rules: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + with: + working_directory: './examples/firewall-with-isolated-rules/' + + firewall-with-public-ip-prefix: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + with: + working_directory: './examples/firewall-with-public-ip-prefix/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..71a6fc4 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} diff --git a/_example/basic/example.tf b/examples/basic/example.tf similarity index 99% rename from _example/basic/example.tf rename to examples/basic/example.tf index 26c2aa0..69ba155 100644 --- a/_example/basic/example.tf +++ b/examples/basic/example.tf @@ -1,3 +1,4 @@ + ##----------------------------------------------------------------------------- ## Firewall module call. ## All firewall related resources will be deployed from this module, i.e. including firewall and firewall rules. diff --git a/_example/basic/outputs.tf b/examples/basic/outputs.tf similarity index 100% rename from _example/basic/outputs.tf rename to examples/basic/outputs.tf diff --git a/examples/basic/version.tf b/examples/basic/version.tf new file mode 100644 index 0000000..8ab9bb4 --- /dev/null +++ b/examples/basic/version.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 3.39.0" + } + } +} diff --git a/_example/complete/example.tf b/examples/complete/example.tf similarity index 94% rename from _example/complete/example.tf rename to examples/complete/example.tf index 8f18673..4a35300 100644 --- a/_example/complete/example.tf +++ b/examples/complete/example.tf @@ -1,5 +1,6 @@ provider "azurerm" { features {} + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" } locals { @@ -27,12 +28,12 @@ module "resource_group" { module "vnet" { depends_on = [module.resource_group] source = "clouddrove/vnet/azure" - version = "1.0.3" + version = "1.0.4" name = local.name environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - address_space = "10.0.0.0/16" + address_spaces = ["10.0.0.0/16"] } ##----------------------------------------------------------------------------- @@ -40,18 +41,18 @@ module "vnet" { ## Name specific subnet for firewall will be created. ##----------------------------------------------------------------------------- module "name_specific_subnet" { - depends_on = [module.vnet] source = "clouddrove/subnet/azure" - version = "1.0.2" - name = local.name - environment = local.environment + version = "1.2.1" + name = "app" + environment = "test" resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - virtual_network_name = join("", module.vnet.vnet_name) + virtual_network_name = module.vnet.vnet_name #subnet specific_name_subnet = true - specific_subnet_names = "AzureFirewallSubnet" + specific_subnet_names = ["AzureFirewallSubnet"] subnet_prefixes = ["10.0.1.0/24"] + enable_route_table = false # route_table routes = [ { @@ -68,7 +69,7 @@ module "name_specific_subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "2.0.0" name = local.name environment = local.environment label_order = ["name", "environment"] diff --git a/_example/complete/outputs.tf b/examples/complete/outputs.tf similarity index 100% rename from _example/complete/outputs.tf rename to examples/complete/outputs.tf diff --git a/examples/complete/version.tf b/examples/complete/version.tf new file mode 100644 index 0000000..8ab9bb4 --- /dev/null +++ b/examples/complete/version.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 3.39.0" + } + } +} diff --git a/_example/firewall-with-isolated-rules/example.tf b/examples/firewall-with-isolated-rules/example.tf similarity index 95% rename from _example/firewall-with-isolated-rules/example.tf rename to examples/firewall-with-isolated-rules/example.tf index dee445c..88689b1 100644 --- a/_example/firewall-with-isolated-rules/example.tf +++ b/examples/firewall-with-isolated-rules/example.tf @@ -1,7 +1,9 @@ provider "azurerm" { features {} + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" } + locals { name = "app" environment = "test" @@ -27,12 +29,12 @@ module "resource_group" { module "vnet" { depends_on = [module.resource_group] source = "clouddrove/vnet/azure" - version = "1.0.3" + version = "1.0.4" name = local.name environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - address_space = "10.0.0.0/16" + address_spaces = ["10.0.0.0/16"] } ##----------------------------------------------------------------------------- @@ -40,18 +42,18 @@ module "vnet" { ## Name specific subnet for firewall will be created. ##----------------------------------------------------------------------------- module "name_specific_subnet" { - depends_on = [module.vnet] source = "clouddrove/subnet/azure" - version = "1.0.2" - name = local.name - environment = local.environment + version = "1.2.1" + name = "app" + environment = "test" resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - virtual_network_name = join("", module.vnet.vnet_name) + virtual_network_name = module.vnet.vnet_name #subnet specific_name_subnet = true - specific_subnet_names = "AzureFirewallSubnet" + specific_subnet_names = ["AzureFirewallSubnet"] subnet_prefixes = ["10.0.1.0/24"] + enable_route_table = false # route_table routes = [ { @@ -62,13 +64,14 @@ module "name_specific_subnet" { ] } + ##----------------------------------------------------------------------------- ## Log Analytic Module Call. ## Log Analytic workspace for firerwall diagnostic setting. ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "2.0.0" name = local.name environment = local.environment label_order = ["name", "environment"] diff --git a/_example/firewall-with-isolated-rules/outputs.tf b/examples/firewall-with-isolated-rules/outputs.tf similarity index 100% rename from _example/firewall-with-isolated-rules/outputs.tf rename to examples/firewall-with-isolated-rules/outputs.tf diff --git a/examples/firewall-with-isolated-rules/version.tf b/examples/firewall-with-isolated-rules/version.tf new file mode 100644 index 0000000..6ad51f9 --- /dev/null +++ b/examples/firewall-with-isolated-rules/version.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 1.3.0" +} + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=2.90.0" + } + } +} \ No newline at end of file diff --git a/_example/firewall-with-public-ip-prefix/example.tf b/examples/firewall-with-public-ip-prefix/example.tf similarity index 94% rename from _example/firewall-with-public-ip-prefix/example.tf rename to examples/firewall-with-public-ip-prefix/example.tf index c0971fa..d021baf 100644 --- a/_example/firewall-with-public-ip-prefix/example.tf +++ b/examples/firewall-with-public-ip-prefix/example.tf @@ -1,7 +1,9 @@ provider "azurerm" { features {} + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" } + locals { name = "app" environment = "test" @@ -16,7 +18,7 @@ module "resource_group" { version = "1.0.2" name = local.name environment = local.environment - label_order = ["name", "environment", ] + label_order = ["name", "environment"] location = "East US" } @@ -27,12 +29,12 @@ module "resource_group" { module "vnet" { depends_on = [module.resource_group] source = "clouddrove/vnet/azure" - version = "1.0.3" + version = "1.0.4" name = local.name environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - address_space = "10.0.0.0/16" + address_spaces = ["10.0.0.0/16"] } ##----------------------------------------------------------------------------- @@ -40,18 +42,18 @@ module "vnet" { ## Name specific subnet for firewall will be created. ##----------------------------------------------------------------------------- module "name_specific_subnet" { - depends_on = [module.vnet] source = "clouddrove/subnet/azure" - version = "1.0.2" - name = local.name - environment = local.environment + version = "1.2.1" + name = "app" + environment = "test" resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - virtual_network_name = join("", module.vnet.vnet_name) + virtual_network_name = module.vnet.vnet_name #subnet specific_name_subnet = true - specific_subnet_names = "AzureFirewallSubnet" + specific_subnet_names = ["AzureFirewallSubnet"] subnet_prefixes = ["10.0.1.0/24"] + enable_route_table = false # route_table routes = [ { @@ -68,7 +70,7 @@ module "name_specific_subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "2.0.0" name = local.name environment = local.environment label_order = ["name", "environment"] diff --git a/_example/firewall-with-public-ip-prefix/outputs.tf b/examples/firewall-with-public-ip-prefix/outputs.tf similarity index 100% rename from _example/firewall-with-public-ip-prefix/outputs.tf rename to examples/firewall-with-public-ip-prefix/outputs.tf diff --git a/examples/firewall-with-public-ip-prefix/version.tf b/examples/firewall-with-public-ip-prefix/version.tf new file mode 100644 index 0000000..8ab9bb4 --- /dev/null +++ b/examples/firewall-with-public-ip-prefix/version.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 3.39.0" + } + } +} diff --git a/main.tf b/main.tf index d122759..b5d24df 100644 --- a/main.tf +++ b/main.tf @@ -264,24 +264,19 @@ resource "azurerm_monitor_diagnostic_setting" "firewall_diagnostic-setting" { log_analytics_workspace_id = var.log_analytics_workspace_id # log_analytics_destination_type = var.log_analytics_destination_type - log { + enabled_log { category_group = "AllLogs" - enabled = true - - retention_policy { - enabled = var.retention_policy_enabled - days = var.days - } } metric { category = "AllMetrics" enabled = true + } + metric { + category = "AllMetrics" + enabled = var.Metric_enable - retention_policy { - enabled = var.retention_policy_enabled - days = var.days - } } } + diff --git a/variables.tf b/variables.tf index 2c7069f..370dc58 100644 --- a/variables.tf +++ b/variables.tf @@ -288,3 +288,10 @@ variable "enable_prefix_subnet" { default = false description = "Should subnet id be attached to first public ip name specified in public ip prefix name varible. To be true when there is no individual public ip." } + +variable "Metric_enable" { + type = bool + default = true + description = "Is this Diagnostic Metric enabled? Defaults to true." +} + diff --git a/versions.tf b/versions.tf index 6ad51f9..8ab9bb4 100644 --- a/versions.tf +++ b/versions.tf @@ -1,12 +1,10 @@ terraform { required_version = ">= 1.3.0" -} -terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=2.90.0" + version = ">= 3.39.0" } } -} \ No newline at end of file +} From 1b5a585130cda760e5ce7c532dee6d83e46405d7 Mon Sep 17 00:00:00 2001 From: Vedant Date: Sat, 7 Dec 2024 00:29:31 +0530 Subject: [PATCH 2/5] Fix : Updated Github Workflows and added Latest Azurerm Version --- .github/workflows/auto_assignee.yml | 2 +- .github/workflows/tf-checks.yml | 8 ++++---- examples/complete/example.tf | 2 +- examples/firewall-with-isolated-rules/example.tf | 2 +- examples/firewall-with-public-ip-prefix/example.tf | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index ec63b22..f8b8bcd 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: assignee: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.2.8 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master secrets: GITHUB: ${{ secrets.GITHUB }} with: diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index efa0187..5f91880 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -6,21 +6,21 @@ on: workflow_dispatch: jobs: basic: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: working_directory: './examples/basic/' complete: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: working_directory: './examples/complete/' firewall-with-isolated-rules: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: working_directory: './examples/firewall-with-isolated-rules/' firewall-with-public-ip-prefix: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.8 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: working_directory: './examples/firewall-with-public-ip-prefix/' diff --git a/examples/complete/example.tf b/examples/complete/example.tf index 4a35300..1be7093 100644 --- a/examples/complete/example.tf +++ b/examples/complete/example.tf @@ -1,6 +1,6 @@ provider "azurerm" { features {} - subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" + subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" } locals { diff --git a/examples/firewall-with-isolated-rules/example.tf b/examples/firewall-with-isolated-rules/example.tf index 88689b1..b6b26e8 100644 --- a/examples/firewall-with-isolated-rules/example.tf +++ b/examples/firewall-with-isolated-rules/example.tf @@ -1,6 +1,6 @@ provider "azurerm" { features {} - subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" + subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" } diff --git a/examples/firewall-with-public-ip-prefix/example.tf b/examples/firewall-with-public-ip-prefix/example.tf index d021baf..0d95f34 100644 --- a/examples/firewall-with-public-ip-prefix/example.tf +++ b/examples/firewall-with-public-ip-prefix/example.tf @@ -1,6 +1,6 @@ provider "azurerm" { features {} - subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" + subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" } From 86449f936c4342e310de3c2b26c564c9a2554e06 Mon Sep 17 00:00:00 2001 From: Vedant Date: Fri, 10 Jan 2025 03:32:35 +0530 Subject: [PATCH 3/5] Fix : Updated Github Workflows and added Latest Azurerm Version --- main.tf | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index b5d24df..3533091 100644 --- a/main.tf +++ b/main.tf @@ -70,7 +70,7 @@ resource "azurerm_firewall" "firewall" { threat_intel_mode = var.threat_intel_mode sku_tier = var.sku_tier sku_name = var.sku_name - firewall_policy_id = join("", azurerm_firewall_policy.policy.*.id) + firewall_policy_id = azurerm_firewall_policy.policy[count.index].id tags = module.labels.tags private_ip_ranges = var.firewall_private_ip_ranges dns_servers = var.dns_servers @@ -82,7 +82,7 @@ resource "azurerm_firewall" "firewall" { # var.enable_ip_subnet will be true when individual public ip and prefix public ip both are to be deployed (none of them exist before) or only individual public ip are to be deployed. # var.enable_ip_subnet will be false when prefix_public_ip already exists and there are no individual public ip. subnet_id = var.enable_ip_subnet ? it.key == 0 ? var.subnet_id : null : null - public_ip_address_id = azurerm_public_ip.public_ip.*.id[it.key] + public_ip_address_id = azurerm_public_ip.public_ip[it.key].id } } @@ -94,7 +94,7 @@ resource "azurerm_firewall" "firewall" { # var.enable_prefix_subnet will only be true when prefix public ips are to be deployed during initial apply and there are no individual public ips to be created. # Individual public ips can be deployed after initial apply and var.enable_ip_subnet variable must be false. subnet_id = var.enable_prefix_subnet ? it.key == 0 ? var.subnet_id : null : null - public_ip_address_id = azurerm_public_ip.prefix_public_ip.*.id[it.key] + public_ip_address_id = azurerm_public_ip.prefix_public_ip[it.key].id } } @@ -129,7 +129,9 @@ resource "azurerm_firewall_policy" "policy" { for_each = var.identity_type != null && var.sku_policy == "Premium" && var.sku_tier == "Premium" ? [1] : [] content { type = var.identity_type - identity_ids = var.identity_type == "UserAssigned" ? [join("", azurerm_user_assigned_identity.identity.*.id)] : null + identity_ids = var.identity_type == "UserAssigned" ? [join(",", azurerm_user_assigned_identity.identity[*].id)] : null + + } } } @@ -152,8 +154,9 @@ resource "azurerm_user_assigned_identity" "identity" { resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collection_group" { count = var.enabled && var.policy_rule_enabled ? 1 : 0 name = var.app_policy_collection_group - firewall_policy_id = var.firewall_policy_id == null ? join("", azurerm_firewall_policy.policy.*.id) : var.firewall_policy_id - priority = 300 + firewall_policy_id = var.firewall_policy_id == null ? (length(azurerm_firewall_policy.policy) > 0 ? join(",", azurerm_firewall_policy.policy[*].id) : null) : var.firewall_policy_id + + priority = 300 dynamic "application_rule_collection" { for_each = var.application_rule_collection @@ -190,7 +193,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collec resource "azurerm_firewall_policy_rule_collection_group" "network_policy_rule_collection_group" { count = var.enabled && var.policy_rule_enabled ? 1 : 0 name = var.net_policy_collection_group - firewall_policy_id = var.firewall_policy_id == null ? join("", azurerm_firewall_policy.policy.*.id) : var.firewall_policy_id + firewall_policy_id = var.firewall_policy_id == null ? (length(azurerm_firewall_policy.policy) > 0 ? join(",", azurerm_firewall_policy.policy[*].id) : null) : var.firewall_policy_id priority = 200 From c4c543b29c3a483e0f023b112b2d08270d66a1ad Mon Sep 17 00:00:00 2001 From: Vedant Date: Fri, 10 Jan 2025 03:39:36 +0530 Subject: [PATCH 4/5] Fix : Updated Github Workflows and added Latest Azurerm Version --- outputs.tf | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/outputs.tf b/outputs.tf index 4023992..1f228cf 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,40 +1,44 @@ output "firewall_id" { description = "Firewall generated id" - value = join("", azurerm_firewall.firewall.*.id) + value = join(",", azurerm_firewall.firewall[*].id) } output "firewall_name" { - value = join("", azurerm_firewall.firewall.*.name) description = "Firewall name" - + value = join(",", azurerm_firewall.firewall[*].name) } output "private_ip_address" { - value = azurerm_firewall.firewall[*].ip_configuration[0].private_ip_address description = "Firewall private IP" - + value = [for ip in azurerm_firewall.firewall[*].ip_configuration : ip.private_ip_address] } output "public_ip_id" { - value = azurerm_public_ip.public_ip.*.id + description = "Public IP IDs" + value = azurerm_public_ip.public_ip[*].id } output "public_ip_address" { - value = azurerm_public_ip.public_ip.*.ip_address + description = "Public IP Addresses" + value = azurerm_public_ip.public_ip[*].ip_address } output "firewall_policy_id" { - value = join("", azurerm_firewall_policy.policy.*.id) + description = "Firewall Policy ID" + value = join(",", azurerm_firewall_policy.policy[*].id) } output "prefix_public_ip_id" { - value = azurerm_public_ip.prefix_public_ip.*.id + description = "Prefix Public IP IDs" + value = azurerm_public_ip.prefix_public_ip[*].id } output "prefix_public_ip_address" { - value = azurerm_public_ip.prefix_public_ip.*.ip_address + description = "Prefix Public IP Addresses" + value = azurerm_public_ip.prefix_public_ip[*].ip_address } output "public_ip_prefix_id" { - value = join("", azurerm_public_ip_prefix.pip-prefix.*.id) -} \ No newline at end of file + description = "Public IP Prefix IDs" + value = join(",", azurerm_public_ip_prefix.pip-prefix[*].id) +} From 32376413f77c5509dbacb7411ba0bd64aa760380 Mon Sep 17 00:00:00 2001 From: Vedant Date: Fri, 10 Jan 2025 03:51:18 +0530 Subject: [PATCH 5/5] Fix : Updated Github Workflows and added Latest Azurerm Version --- main.tf | 2 +- variables.tf | 56 ++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 3533091..621c349 100644 --- a/main.tf +++ b/main.tf @@ -228,7 +228,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "network_policy_rule_co resource "azurerm_firewall_policy_rule_collection_group" "nat_policy_rule_collection_group" { count = var.enabled && var.dnat-destination_ip && var.policy_rule_enabled ? 1 : 0 name = var.nat_policy_collection_group - firewall_policy_id = var.firewall_policy_id == null ? join("", azurerm_firewall_policy.policy.*.id) : var.firewall_policy_id + firewall_policy_id = var.firewall_policy_id == null ? (length(azurerm_firewall_policy.policy) > 0 ? join(",", azurerm_firewall_policy.policy[*].id) : null) : var.firewall_policy_id priority = 100 dynamic "nat_rule_collection" { diff --git a/variables.tf b/variables.tf index 370dc58..a4655bb 100644 --- a/variables.tf +++ b/variables.tf @@ -39,6 +39,7 @@ variable "enabled" { variable "resource_group_name" { description = "A container that holds related resources for an Azure solution" default = "" + type = string } variable "tags" { @@ -52,11 +53,13 @@ variable "tags" { variable "public_ip_allocation_method" { description = "Defines the allocation method for this IP address. Possible values are Static or Dynamic" default = "Static" + type = string } variable "public_ip_sku" { description = "The SKU of the Public IP. Accepted values are Basic and Standard. Defaults to Basic" default = "Standard" + type = string } #firewall @@ -126,18 +129,59 @@ variable "additional_public_ips" { } variable "application_rule_collection" { - default = {} - description = "One or more application_rule_collection blocks as defined below.." + description = "Application rule collections for the firewall policy" + type = list(object({ + name = string + priority = number + action = string + rules = list(object({ + name = string + source_addresses = list(string) + source_ip_groups = list(string) + destination_fqdns = list(string) + protocols = list(object({ + port = number + type = string + })) + })) + })) } variable "network_rule_collection" { - default = {} - description = "One or more network_rule_collection blocks as defined below." + description = "Network rule collections for the firewall policy" + type = list(object({ + name = string + priority = number + action = string + rules = list(object({ + name = string + protocols = list(string) # List of protocol types (e.g., TCP, UDP) + destination_ports = list(string) # List of destination ports + source_addresses = list(string) # Optional list of source addresses + source_ip_groups = list(string) # Optional list of source IP groups + destination_addresses = list(string) # Optional list of destination addresses + destination_ip_groups = list(string) # Optional list of destination IP groups + destination_fqdns = list(string) # Optional list of destination FQDNs + })) + })) } + variable "nat_rule_collection" { - default = {} - description = "One or more nat_rule_collection blocks as defined below." + description = "NAT rule collections for the firewall policy" + type = list(object({ + name = string + priority = number + rules = list(object({ + name = string + protocols = list(string) # List of protocols (e.g., TCP, UDP) + destination_ports = list(string) # List of destination ports + source_addresses = list(string) # Optional list of source addresses + destination_address = string # Optional destination address + translated_address = list(string) # List of translated addresses + translated_port = string # Translated port + })) + })) } variable "public_ip_names" {