Browse Source

add examples

tags/0.1.0
ravi 6 months ago
parent
commit
86f6ca8d50
13 changed files with 211 additions and 123 deletions
  1. +6
    -5
      README.md
  2. +1
    -1
      data.tf
  3. +8
    -17
      examples/default/README.md
  4. +5
    -0
      examples/default/deploy.tf
  5. +0
    -16
      examples/default/main.tf
  6. +1
    -9
      examples/default/provider.tf
  7. +6
    -64
      examples/default/variables.tf
  8. +30
    -0
      examples/disabled/README.md
  9. +102
    -0
      examples/disabled/deploy.tf
  10. +7
    -0
      examples/disabled/provider.tf
  11. +15
    -0
      examples/disabled/variables.tf
  12. +5
    -5
      main.tf
  13. +25
    -6
      variables.tf

+ 6
- 5
README.md View File

@@ -25,13 +25,13 @@ This module is used to deploy multiple resources (storage account,log analytics
| account\_replication\_type | The type of replication to use for this storage account. Valid options are 'LRS','GRS','RAGRS' and 'ZRS'. | `string` | `"LRS"` | no |
| account\_tier | Type of the tier to use for the storage account.Changing this force a new resource to be created. | `string` | `"Standard"` | no |
| diagnostics\_count | How many diagnostics settings to create. | `number` | `1` | no |
| enable\_https\_tarffic\_only | Boolean flag which forces HTTPS if enabled. | `bool` | `true` | no |
| enable\_https\_traffic\_only | Boolean flag which forces HTTPS if enabled. | `bool` | `true` | no |
| enabled | Enable or disable module. | `bool` | `true` | no |
| log\_analytics\_detination\_type | when set to `Dedicated logs sent to a log analytics workspace will go into resource specific tables, instead of the legacy Azurediagnostics table. Note: This setting will only have an effect if a `log\_analytics\_workspace\_id` is provided, and the resource is avaliable for resource-specific logs.` | `list(string)` | <pre>[<br> ""<br>]</pre> | no |
| log\_analytics\_tags | Tags which will be associated to the log analytics workspace. | `map` | `{}` | no |
| log\_analytics\_destination\_type | when set to `Dedicated logs sent to a log analytics workspace will go into resource specific tables, instead of the legacy Azurediagnostics table. Note: This setting will only have an effect if a `log\_analytics\_workspace\_id` is provided, and the resource is avaliable for resource-specific logs.` | `list(string)` | <pre>[<br> ""<br>]</pre> | no |
| log\_analytics\_workspace\_name | Name of the workspace to deploy to be used for logging.Changing this forces a new resource to be created. | `string` | `""` | no |
| logs | A list of list of map of options to apply. Map must support the following structure:<br> * category(required, string): The name of a diagnostic log category for the resource. Note: The log categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br> * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br> * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br> * enabled(required, boolean): Is this retention policy enabled?<br> * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | `[]` | no |
| metric | A list of list of map of options to apply. Map must support the following structure:<br> * category(required, string): The name of a diagnostic log category for the resource. Note: The metric categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br> * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br> * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br> * enabled(required, boolean): Is this retention policy enabled?<br> * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | `[]` | no |
| log\_analytics\_workspace\_tags | Tags which will be associated to the log analytics workspace. | `map` | `{}` | no |
| logs | A list of list of map of options to apply. Map must support the following structure:<br> * category(required, string): The name of a diagnostic log category for the resource. Note: The log categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br> * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br> * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br> * enabled(required, boolean): Is this retention policy enabled?<br> * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | <pre>[<br> []<br>]</pre> | no |
| metrics | A list of list of map of options to apply. Map must support the following structure:<br> * category(required, string): The name of a diagnostic log category for the resource. Note: The metric categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br> * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br> * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br> * enabled(required, boolean): Is this retention policy enabled?<br> * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | <pre>[<br> [<br> {<br> "category": "AllMetrics",<br> "enabled": true,<br> "retention_policy": [<br> {<br> "days": 2,<br> "enabled": false<br> }<br> ]<br> }<br> ]<br>]</pre> | no |
| names | List which specifies the names of the diagnostics settings. Changing this forces a new resource to be created. | `list(string)` | <pre>[<br> ""<br>]</pre> | no |
| resource\_group\_location | Location where the resources will be deployed.Changing this forces a new resource to be created. | `string` | `"canadacentral"` | no |
| resource\_group\_name | Name of the resource group where the resource will be deployed.Changing this forces a new resource to be created. | `string` | `""` | no |
@@ -40,6 +40,7 @@ This module is used to deploy multiple resources (storage account,log analytics
| storage\_account\_name | Name of the storage account to be used to host the logs. Changing forces a new resource to be created. | `string` | `""` | no |
| storage\_account\_tags | Tags which will specifically assigned to the storage account. | `map` | `{}` | no |
| storage\_containers | List of containers to create and their access levels. | `list(object({ name = string, access_type = string }))` | `[]` | no |
| storage\_shares | List of share to create | `list(object({ name = string, quota = string }))` | `[]` | no |
| tags | Tags shared by all resource of tis module. Will be merged with any other specific tags by resource. | `map` | `{}` | no |
| target\_resource\_ids | The list of IDs of an existing resource on which to configure diagnostic settings. Changing this forces a new resource to be created. | `list(string)` | <pre>[<br> ""<br>]</pre> | no |
| workspace\_exist | Boolean flag which describes whhether the log analytics workspace is already existing or not. | `bool` | `false` | no |


+ 1
- 1
data.tf View File

@@ -10,4 +10,4 @@ data "azurerm_log_analytics_workspace" "this" {

name = var.log_analytics_workspace_name
resource_group_name = var.resource_group_name
}
}

+ 8
- 17
examples/default/README.md View File

@@ -1,11 +1,11 @@
# terraform-example
# Default example

This will create some basic resource related to the diasgnostic settings.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| azurerm | >= 1.36.0 |
No requirements.

## Providers

@@ -15,19 +15,10 @@ No provider.

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| client\_id | Azure service principal application Id. | `any` | n/a | yes |
| client\_secret | Azure service principal application Secret. | `any` | n/a | yes |
| event\_hub\_namespace\_name | Name of the event hub namespace to be used as a target for the logs. | `string` | `"fxcozca1dgeneh005"` | no |
| location | Location of the resources. | `string` | `"canadacentral"` | no |
| log\_analytics\_workspace\_name | Name of the workspace to deploy to be used for logging. | `string` | `"fxcozca1dgenla005"` | no |
| log\_analytics\_workspace\_retention\_in\_days | Number of days the workspace to deploy will retain logs. | `number` | `7` | no |
| log\_analytics\_workspace\_sku | SKU of the workspace to deploy to be used for logging. | `string` | `"free"` | no |
| resource\_group\_name | Resource group where the vnet resides. | `string` | `"fxcozca1dgenrg005"` | no |
| storage\_account\_name | Name of the storage account to be used to host the logs. | `string` | `"fxcozca1dgensa006"` | no |
| subscription\_id | Azure subscription Id. | `any` | n/a | yes |
| subscription\_logs\_retention | Number of days to retain activity logs in the storage account. | `number` | `0` | no |
| tags | Tags to add to the virtual network. | `map` | <pre>{<br> "FXDepartment": "Cloud",<br> "FXOwner": "Test user",<br> "FXProjet": "FXCO"<br>}</pre> | no |
| tenant\_id | Azure tenant Id. | `any` | n/a | yes |
| client\_id | n/a | `string` | n/a | yes |
| client\_secret | n/a | `string` | n/a | yes |
| subscription\_id | n/a | `string` | n/a | yes |
| tenant\_id | n/a | `string` | n/a | yes |

## Outputs



+ 5
- 0
examples/default/deploy.tf View File

@@ -0,0 +1,5 @@
module "example" {
source = "../"

enabled = false
}

+ 0
- 16
examples/default/main.tf View File

@@ -1,16 +0,0 @@
module "az-rg-demo" {
source = "git::ssh://git@scm.dazzlingwrench.fxinnovation.com:2222/fxinnovation-public/terraform-module-azurerm-resource-group.git?ref=0.2.0"
location = var.location
name = var.resource_group_name
tags = var.tags
}

module "az-diagnostics-demo" {
source = "../../"
resource_group_name = module.az-rg-demo.name
storage_account_name = var.storage_account_name
event_hub_namespace_name = var.event_hub_namespace_name
subscription_logs_retention = var.subscription_logs_retention
log_analytics_workspace_name = var.log_analytics_workspace_name
tags = var.tags
}

+ 1
- 9
examples/default/provider.tf View File

@@ -1,15 +1,7 @@
#Set the terraform backend
terraform {
backend "local" {} #Using a local backend just for the demo, the reco is to use a remote backend, see : https://jamesdld.github.io/terraform/Best-Practice/BestPractice-1/
}

#Set the Provider
provider "azurerm" {
features {}
client_id = var.client_id
client_secret = var.client_secret
subscription_id = var.subscription_id
tenant_id = var.tenant_id
# subscription_id = "e469a261-e6fc-4363-94f1-3d8cdb259ec7"

version = ">= 1.36.0" #1.36.0 to support the resource azurerm_bastion_host #1.37.0 fix a bug with the bastion host naming #With "=1.32.0" No warning with version the nsg and route linkd
}

+ 6
- 64
examples/default/variables.tf View File

@@ -1,73 +1,15 @@
variable "tenant_id" {
description = "Azure tenant Id."
}

variable "subscription_id" {
description = "Azure subscription Id."
}

variable "client_id" {
description = "Azure service principal application Id."
type = string
}

variable "client_secret" {
description = "Azure service principal application Secret."
}

variable "resource_group_name" {
description = "Resource group where the vnet resides."
type = string
default = "fxcozca1dgenrg005"
}

variable "location" {
description = "Location of the resources."
type = string
default = "canadacentral"
}

variable "tags" {
description = "Tags to add to the virtual network."
default = {
FXOwner = "Test user"
FXProjet = "FXCO"
FXDepartment = "Cloud"
}
type = map
}

variable "storage_account_name" {
description = "Name of the storage account to be used to host the logs."
type = string
default = "fxcozca1dgensa006"
type = string
}

variable "event_hub_namespace_name" {
description = "Name of the event hub namespace to be used as a target for the logs."
type = string
default = "fxcozca1dgeneh005"
}

variable "subscription_logs_retention" {
description = "Number of days to retain activity logs in the storage account."
type = number
default = 0 # 0 = no rotation
}

variable "log_analytics_workspace_name" {
description = "Name of the workspace to deploy to be used for logging."
type = string
default = "fxcozca1dgenla005"
}

variable "log_analytics_workspace_sku" {
description = "SKU of the workspace to deploy to be used for logging."
type = string
default = "free"
variable "subscription_id" {
type = string
}

variable "log_analytics_workspace_retention_in_days" {
description = "Number of days the workspace to deploy will retain logs."
type = number
default = 7
variable "tenant_id" {
type = string
}

+ 30
- 0
examples/disabled/README.md View File

@@ -0,0 +1,30 @@
# Disabled example

This will not create any resource.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

No requirements.

## Providers

| Name | Version |
|------|---------|
| azurerm | n/a |
| random | n/a |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| client\_id | n/a | `string` | n/a | yes |
| client\_secret | n/a | `string` | n/a | yes |
| subscription\_id | n/a | `string` | n/a | yes |
| tenant\_id | n/a | `string` | n/a | yes |

## Outputs

No output.

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

+ 102
- 0
examples/disabled/deploy.tf View File

@@ -0,0 +1,102 @@
resource "random_string" "this" {
length = 4
upper = false
special = false
}

module "resource_group_demo" {
source = "git::https://scm.dazzlingwrench.fxinnovation.com/fxinnovation-public/terraform-module-azurerm-resource-group.git?ref=1.0.0"
location = "francecentral"
name = "tftest${random_string.this.result}"

tags = {
managed_by = "Terraform"
EndDate = "2020-05-25"
}
}

resource "azurerm_virtual_network" "example" {
name = "tftest${random_string.this.result}"
address_space = ["10.0.0.0/16"]
location = "francecentral"
resource_group_name = module.resource_group_demo.name
}

resource "azurerm_subnet" "example" {
name = "tftest${random_string.this.result}"
resource_group_name = module.resource_group_demo.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.0.0/24"]
}

resource "azurerm_network_interface" "example" {
name = "tftest${random_string.this.result}"
location = module.resource_group_demo.location
resource_group_name = module.resource_group_demo.name

ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}

resource "azurerm_windows_virtual_machine" "example" {
name = "tftest${random_string.this.result}"
resource_group_name = module.resource_group_demo.name
location = module.resource_group_demo.location
size = "Standard_F2"
admin_username = "adminuser"
admin_password = "P@$$w0rd1234!"
network_interface_ids = [
azurerm_network_interface.example.id,
]

os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}

source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
}
}


module "example" {
source = "../"

resource_group_name = module.resource_group_demo.name
resource_group_location = module.resource_group_demo.location
storage_account_name = "tftest${random_string.this.result}"
account_tier = "standard"
account_replication_type = "LRS"
enable_https_traffic_only = true

log_analytics_workspace_name = "tftest${random_string.this.result}"
workspace_sku = "free"
retention_in_days = 1

diagnostics_count = 1
names = ["tftest${random_string.this.result}"]
target_resource_ids = ["${azurerm_windows_virtual_machine.example.id}"]
metrics = [
[
{
category = "AllMetrics"
enabled = true

retention_policy = [
{
enabled = false
days = 1
}
]
}
]
]
log_analytics_destination_type = ["Dedicated"]
}

+ 7
- 0
examples/disabled/provider.tf View File

@@ -0,0 +1,7 @@
provider "azurerm" {
features {}
client_id = var.client_id
client_secret = var.client_secret
subscription_id = var.subscription_id
tenant_id = var.tenant_id
}

+ 15
- 0
examples/disabled/variables.tf View File

@@ -0,0 +1,15 @@
variable "client_id" {
type = string
}

variable "client_secret" {
type = string
}

variable "subscription_id" {
type = string
}

variable "tenant_id" {
type = string
}

+ 5
- 5
main.tf View File

@@ -8,13 +8,13 @@ module "storage_account" {
enabled = var.enabled && var.storage_account_exist == false
storage_account_name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
location = var.resource_group_location
account_tier = var.account_tier
account_replication_type = var.account_replication_type
enable_https_traffic_only = var.enable_https_traffic_only

storage_containers = var.storage_containers
storage_shares = []
storage_shares = var.storage_shares

tags = merge(
var.tags,
@@ -53,11 +53,11 @@ resource "azurerm_monitor_diagnostic_setting" "this" {
name = element(var.names, count.index)
target_resource_id = element(var.target_resource_ids, count.index)
log_analytics_workspace_id = var.workspace_exist != false ? data.azurerm_log_analytics_workspace.this[0].id : module.log_analytics_workspace.id
log_analytics_destination_type = var.log_analytics_destination_type
log_analytics_destination_type = element(var.log_analytics_destination_type, count.index)
storage_account_id = var.storage_account_exist != false ? data.azurerm_storage_account.this[0].id : module.storage_account.id

dynamic "log" {
for_each = var.logs
for_each = var.logs[count.index]

content {
category = lookup(log.value, "category", null)
@@ -75,7 +75,7 @@ resource "azurerm_monitor_diagnostic_setting" "this" {
}

dynamic "metric" {
for_each = var.metrics
for_each = var.metrics[count.index]

content {
category = lookup(metric.value, "category", null)


+ 25
- 6
variables.tf View File

@@ -48,7 +48,7 @@ variable "account_replication_type" {
default = "LRS"
}

variable "enable_https_tarffic_only" {
variable "enable_https_traffic_only" {
description = "Boolean flag which forces HTTPS if enabled."
default = true
}
@@ -59,6 +59,12 @@ variable "storage_containers" {
type = list(object({ name = string, access_type = string }))
}

variable "storage_shares" {
description = "List of share to create"
default = []
type = list(object({ name = string, quota = string }))
}

variable "storage_account_tags" {
description = "Tags which will specifically assigned to the storage account."
default = {}
@@ -91,7 +97,7 @@ variable "retention_in_days" {
default = 7
}

variable "log_analytics_tags" {
variable "log_analytics_workspace_tags" {
description = "Tags which will be associated to the log analytics workspace."
default = {}
}
@@ -117,7 +123,7 @@ variable "target_resource_ids" {
default = [""]
}

variable "log_analytics_detination_type" {
variable "log_analytics_destination_type" {
description = "when set to `Dedicated logs sent to a log analytics workspace will go into resource specific tables, instead of the legacy Azurediagnostics table. Note: This setting will only have an effect if a `log_analytics_workspace_id` is provided, and the resource is avaliable for resource-specific logs."
type = list(string)
default = [""]
@@ -134,10 +140,11 @@ variable "logs" {
For example, see folder example/default folder.
DOCUMENTATION
type = list
default = []
default = [[]]

}

variable "metric" {
variable "metrics" {
description = <<-DOCUMENTATION
A list of list of map of options to apply. Map must support the following structure:
* category(required, string): The name of a diagnostic log category for the resource. Note: The metric categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.
@@ -148,5 +155,17 @@ variable "metric" {
For example, see folder example/default folder.
DOCUMENTATION
type = list
default = []
default = [[
{
category = "AllMetrics"
enabled = true

retention_policy = [
{
enabled = false
days = 2
}
]
}
]]
}

Loading…
Cancel
Save