add examples

vor 8 Monaten · 86f6ca8d50
--- a/README.md
+++ b/README.md
@@ -25,13 +25,13 @@ This module is used to deploy multiple resources (storage account,log analytics
 | account\_replication\_type | The type of replication to use for this storage account. Valid options are 'LRS','GRS','RAGRS' and 'ZRS'. | `string` | `"LRS"` | no |
 | account\_tier | Type of the tier to use for the storage account.Changing this force a new resource to be created. | `string` | `"Standard"` | no |
 | diagnostics\_count | How many diagnostics settings to create. | `number` | `1` | no |
 | enable\_https\_tarffic\_only | Boolean flag which forces HTTPS if enabled. | `bool` | `true` | no |
 | enable\_https\_traffic\_only | Boolean flag which forces HTTPS if enabled. | `bool` | `true` | no |
 | enabled | Enable or disable module. | `bool` | `true` | no |
 | log\_analytics\_detination\_type | when set to `Dedicated  logs sent to a log analytics workspace will go into resource specific tables, instead of the legacy Azurediagnostics table. Note: This setting will only have an effect if a  `log\_analytics\_workspace\_id` is provided, and the resource is avaliable for resource-specific logs.` | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 | log\_analytics\_tags | Tags which will be associated to the log analytics workspace. | `map` | `{}` | no |
 | log\_analytics\_destination\_type | when set to `Dedicated  logs sent to a log analytics workspace will go into resource specific tables, instead of the legacy Azurediagnostics table. Note: This setting will only have an effect if a  `log\_analytics\_workspace\_id` is provided, and the resource is avaliable for resource-specific logs.` | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 | log\_analytics\_workspace\_name | Name of the workspace to deploy to be used for logging.Changing this forces a new resource to be created. | `string` | `""` | no |
 | logs | A list of list of map of options to apply. Map must support the following structure:<br>  * category(required, string): The name of a diagnostic log category for the resource. Note: The log categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br>  * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br>  * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br>      * enabled(required, boolean): Is this retention policy enabled?<br>      * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | `[]` | no |
 | metric | A list of list of map of options to apply. Map must support the following structure:<br>  * category(required, string): The name of a diagnostic log category for the resource. Note: The metric categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br>  * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br>  * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br>      * enabled(required, boolean): Is this retention policy enabled?<br>      * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | `[]` | no |
 | log\_analytics\_workspace\_tags | Tags which will be associated to the log analytics workspace. | `map` | `{}` | no |
 | logs | A list of list of map of options to apply. Map must support the following structure:<br>  * category(required, string): The name of a diagnostic log category for the resource. Note: The log categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br>  * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br>  * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br>      * enabled(required, boolean): Is this retention policy enabled?<br>      * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | <pre>[<br>  []<br>]</pre> | no |
 | metrics | A list of list of map of options to apply. Map must support the following structure:<br>  * category(required, string): The name of a diagnostic log category for the resource. Note: The metric categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.<br>  * enabled(Optional, boolean): Is this Diagnostic metric enabled?<br>  * retention\_policy(Optional, list of map): A list of map of retention policies to apply<br>      * enabled(required, boolean): Is this retention policy enabled?<br>      * days(Optional, number): The number of days for which this retention policy should be applied. Note: Setting this to 0 will retain the events indefinetly.<br>For example, see folder example/default folder. | `list` | <pre>[<br>  [<br>    {<br>      "category": "AllMetrics",<br>      "enabled": true,<br>      "retention_policy": [<br>        {<br>          "days": 2,<br>          "enabled": false<br>        }<br>      ]<br>    }<br>  ]<br>]</pre> | no |
 | names | List which specifies the names of the diagnostics settings. Changing this forces a new resource to be created. | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 | resource\_group\_location | Location where the resources will be deployed.Changing this forces a new resource to be created. | `string` | `"canadacentral"` | no |
 | resource\_group\_name | Name of the resource group where the resource will be deployed.Changing this forces a new resource to be created. | `string` | `""` | no |
@@ -40,6 +40,7 @@ This module is used to deploy multiple resources (storage account,log analytics
 | storage\_account\_name | Name of the storage account to be used to host the logs. Changing forces a new resource to be created. | `string` | `""` | no |
 | storage\_account\_tags | Tags which will specifically assigned to the storage account. | `map` | `{}` | no |
 | storage\_containers | List of containers to create and their access levels. | `list(object({ name = string, access_type = string }))` | `[]` | no |
 | storage\_shares | List of share to create | `list(object({ name = string, quota = string }))` | `[]` | no |
 | tags | Tags shared by all resource of tis module. Will be merged with any other specific tags by resource. | `map` | `{}` | no |
 | target\_resource\_ids | The list of IDs of an existing resource on which to configure diagnostic settings. Changing this forces a new resource to be created. | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 | workspace\_exist | Boolean flag which describes whhether the log analytics workspace is already existing or not. | `bool` | `false` | no |
--- a/data.tf
+++ b/data.tf
@@ -10,4 +10,4 @@ data "azurerm_log_analytics_workspace" "this" {

  name                = var.log_analytics_workspace_name
  resource_group_name = var.resource_group_name
 }
 }
--- a/examples/default/README.md
+++ b/examples/default/README.md
@@ -1,11 +1,11 @@
 # terraform-example
 # Default example

 This will create some basic resource related to the diasgnostic settings.

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

 | Name | Version |
 |------|---------|
 | azurerm | >= 1.36.0 |
 No requirements.

 ## Providers

@@ -15,19 +15,10 @@ No provider.

 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | client\_id | Azure service principal application Id. | `any` | n/a | yes |
 | client\_secret | Azure service principal application Secret. | `any` | n/a | yes |
 | event\_hub\_namespace\_name | Name of the event hub namespace to be used as a target for the logs. | `string` | `"fxcozca1dgeneh005"` | no |
 | location | Location of the resources. | `string` | `"canadacentral"` | no |
 | log\_analytics\_workspace\_name | Name of the workspace to deploy to be used for logging. | `string` | `"fxcozca1dgenla005"` | no |
 | log\_analytics\_workspace\_retention\_in\_days | Number of days the workspace to deploy will retain logs. | `number` | `7` | no |
 | log\_analytics\_workspace\_sku | SKU of the workspace to deploy to be used for logging. | `string` | `"free"` | no |
 | resource\_group\_name | Resource group where the vnet resides. | `string` | `"fxcozca1dgenrg005"` | no |
 | storage\_account\_name | Name of the storage account to be used to host the logs. | `string` | `"fxcozca1dgensa006"` | no |
 | subscription\_id | Azure subscription Id. | `any` | n/a | yes |
 | subscription\_logs\_retention | Number of days to retain activity logs in the storage account. | `number` | `0` | no |
 | tags | Tags to add to the virtual network. | `map` | <pre>{<br>  "FXDepartment": "Cloud",<br>  "FXOwner": "Test user",<br>  "FXProjet": "FXCO"<br>}</pre> | no |
 | tenant\_id | Azure tenant Id. | `any` | n/a | yes |
 | client\_id | n/a | `string` | n/a | yes |
 | client\_secret | n/a | `string` | n/a | yes |
 | subscription\_id | n/a | `string` | n/a | yes |
 | tenant\_id | n/a | `string` | n/a | yes |

 ## Outputs

--- a/examples/default/deploy.tf
+++ b/examples/default/deploy.tf
@@ -0,0 +1,5 @@
 module "example" {
  source = "../"

  enabled = false
 }
--- a/examples/default/main.tf
+++ b/examples/default/main.tf
@@ -1,16 +0,0 @@
 module "az-rg-demo" {
  source   = "git::ssh://git@scm.dazzlingwrench.fxinnovation.com:2222/fxinnovation-public/terraform-module-azurerm-resource-group.git?ref=0.2.0"
  location = var.location
  name     = var.resource_group_name
  tags     = var.tags
 }

 module "az-diagnostics-demo" {
  source                       = "../../"
  resource_group_name          = module.az-rg-demo.name
  storage_account_name         = var.storage_account_name
  event_hub_namespace_name     = var.event_hub_namespace_name
  subscription_logs_retention  = var.subscription_logs_retention
  log_analytics_workspace_name = var.log_analytics_workspace_name
  tags                         = var.tags
 }
--- a/examples/default/provider.tf
+++ b/examples/default/provider.tf
@@ -1,15 +1,7 @@
 #Set the terraform backend
 terraform {
  backend "local" {} #Using a local backend just for the demo, the reco is to use a remote backend, see : https://jamesdld.github.io/terraform/Best-Practice/BestPractice-1/
 }

 #Set the Provider
 provider "azurerm" {
  features {}
  client_id       = var.client_id
  client_secret   = var.client_secret
  subscription_id = var.subscription_id
  tenant_id       = var.tenant_id
  #  subscription_id = "e469a261-e6fc-4363-94f1-3d8cdb259ec7"

  version = ">= 1.36.0" #1.36.0 to support the resource azurerm_bastion_host #1.37.0 fix a bug with the bastion host naming #With "=1.32.0" No warning with version the nsg and route linkd
 }
--- a/examples/default/variables.tf
+++ b/examples/default/variables.tf
@@ -1,73 +1,15 @@
 variable "tenant_id" {
  description = "Azure tenant Id."
 }

 variable "subscription_id" {
  description = "Azure subscription Id."
 }

 variable "client_id" {
  description = "Azure service principal application Id."
  type = string
 }

 variable "client_secret" {
  description = "Azure service principal application Secret."
 }

 variable "resource_group_name" {
  description = "Resource group where the vnet resides."
  type        = string
  default     = "fxcozca1dgenrg005"
 }

 variable "location" {
  description = "Location of the resources."
  type        = string
  default     = "canadacentral"
 }

 variable "tags" {
  description = "Tags to add to the virtual network."
  default = {
    FXOwner      = "Test user"
    FXProjet     = "FXCO"
    FXDepartment = "Cloud"
  }
  type = map
 }

 variable "storage_account_name" {
  description = "Name of the storage account to be used to host the logs."
  type        = string
  default     = "fxcozca1dgensa006"
  type = string
 }

 variable "event_hub_namespace_name" {
  description = "Name of the event hub namespace to be used as a target for the logs."
  type        = string
  default     = "fxcozca1dgeneh005"
 }

 variable "subscription_logs_retention" {
  description = "Number of days to retain activity logs in the storage account."
  type        = number
  default     = 0 # 0 = no rotation
 }

 variable "log_analytics_workspace_name" {
  description = "Name of the workspace to deploy to be used for logging."
  type        = string
  default     = "fxcozca1dgenla005"
 }

 variable "log_analytics_workspace_sku" {
  description = "SKU of the workspace to deploy to be used for logging."
  type        = string
  default     = "free"
 variable "subscription_id" {
  type = string
 }

 variable "log_analytics_workspace_retention_in_days" {
  description = "Number of days the workspace to deploy will retain logs."
  type        = number
  default     = 7
 variable "tenant_id" {
  type = string
 }
--- a/examples/disabled/README.md
+++ b/examples/disabled/README.md
@@ -0,0 +1,30 @@
 # Disabled example

 This will not create any resource.

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

 No requirements.

 ## Providers

 | Name | Version |
 |------|---------|
 | azurerm | n/a |
 | random | n/a |

 ## Inputs

 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | client\_id | n/a | `string` | n/a | yes |
 | client\_secret | n/a | `string` | n/a | yes |
 | subscription\_id | n/a | `string` | n/a | yes |
 | tenant\_id | n/a | `string` | n/a | yes |

 ## Outputs

 No output.

 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/examples/disabled/deploy.tf
+++ b/examples/disabled/deploy.tf
@@ -0,0 +1,102 @@
 resource "random_string" "this" {
  length  = 4
  upper   = false
  special = false
 }

 module "resource_group_demo" {
  source   = "git::https://scm.dazzlingwrench.fxinnovation.com/fxinnovation-public/terraform-module-azurerm-resource-group.git?ref=1.0.0"
  location = "francecentral"
  name     = "tftest${random_string.this.result}"

  tags = {
    managed_by = "Terraform"
    EndDate    = "2020-05-25"
  }
 }

 resource "azurerm_virtual_network" "example" {
  name                = "tftest${random_string.this.result}"
  address_space       = ["10.0.0.0/16"]
  location            = "francecentral"
  resource_group_name = module.resource_group_demo.name
 }

 resource "azurerm_subnet" "example" {
  name                 = "tftest${random_string.this.result}"
  resource_group_name  = module.resource_group_demo.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.0.0/24"]
 }

 resource "azurerm_network_interface" "example" {
  name                = "tftest${random_string.this.result}"
  location            = module.resource_group_demo.location
  resource_group_name = module.resource_group_demo.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.example.id
    private_ip_address_allocation = "Dynamic"
  }
 }

 resource "azurerm_windows_virtual_machine" "example" {
  name                = "tftest${random_string.this.result}"
  resource_group_name = module.resource_group_demo.name
  location            = module.resource_group_demo.location
  size                = "Standard_F2"
  admin_username      = "adminuser"
  admin_password      = "P@$$w0rd1234!"
  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsServer"
    offer     = "WindowsServer"
    sku       = "2016-Datacenter"
    version   = "latest"
  }
 }


 module "example" {
  source = "../"

  resource_group_name       = module.resource_group_demo.name
  resource_group_location   = module.resource_group_demo.location
  storage_account_name      = "tftest${random_string.this.result}"
  account_tier              = "standard"
  account_replication_type  = "LRS"
  enable_https_traffic_only = true

  log_analytics_workspace_name = "tftest${random_string.this.result}"
  workspace_sku                = "free"
  retention_in_days            = 1

  diagnostics_count   = 1
  names               = ["tftest${random_string.this.result}"]
  target_resource_ids = ["${azurerm_windows_virtual_machine.example.id}"]
  metrics = [
    [
      {
        category = "AllMetrics"
        enabled  = true

        retention_policy = [
          {
            enabled = false
            days    = 1
          }
        ]
      }
    ]
  ]
  log_analytics_destination_type = ["Dedicated"]
 }
--- a/examples/disabled/provider.tf
+++ b/examples/disabled/provider.tf
@@ -0,0 +1,7 @@
 provider "azurerm" {
  features {}
  client_id       = var.client_id
  client_secret   = var.client_secret
  subscription_id = var.subscription_id
  tenant_id       = var.tenant_id
 }
--- a/examples/disabled/variables.tf
+++ b/examples/disabled/variables.tf
@@ -0,0 +1,15 @@
 variable "client_id" {
  type = string
 }

 variable "client_secret" {
  type = string
 }

 variable "subscription_id" {
  type = string
 }

 variable "tenant_id" {
  type = string
 }
--- a/main.tf
+++ b/main.tf
@@ -8,13 +8,13 @@ module "storage_account" {
  enabled                   = var.enabled && var.storage_account_exist == false
  storage_account_name      = var.storage_account_name
  resource_group_name       = var.resource_group_name
  location                  = var.location
  location                  = var.resource_group_location
  account_tier              = var.account_tier
  account_replication_type  = var.account_replication_type
  enable_https_traffic_only = var.enable_https_traffic_only

  storage_containers = var.storage_containers
  storage_shares     = []
  storage_shares     = var.storage_shares

  tags = merge(
    var.tags,
@@ -53,11 +53,11 @@ resource "azurerm_monitor_diagnostic_setting" "this" {
  name                           = element(var.names, count.index)
  target_resource_id             = element(var.target_resource_ids, count.index)
  log_analytics_workspace_id     = var.workspace_exist != false ? data.azurerm_log_analytics_workspace.this[0].id : module.log_analytics_workspace.id
  log_analytics_destination_type = var.log_analytics_destination_type
  log_analytics_destination_type = element(var.log_analytics_destination_type, count.index)
  storage_account_id             = var.storage_account_exist != false ? data.azurerm_storage_account.this[0].id : module.storage_account.id

  dynamic "log" {
    for_each = var.logs
    for_each = var.logs[count.index]

    content {
      category = lookup(log.value, "category", null)
@@ -75,7 +75,7 @@ resource "azurerm_monitor_diagnostic_setting" "this" {
  }

  dynamic "metric" {
    for_each = var.metrics
    for_each = var.metrics[count.index]

    content {
      category = lookup(metric.value, "category", null)
--- a/variables.tf
+++ b/variables.tf
@@ -48,7 +48,7 @@ variable "account_replication_type" {
  default     = "LRS"
 }

 variable "enable_https_tarffic_only" {
 variable "enable_https_traffic_only" {
  description = "Boolean flag which forces HTTPS if enabled."
  default     = true
 }
@@ -59,6 +59,12 @@ variable "storage_containers" {
  type        = list(object({ name = string, access_type = string }))
 }

 variable "storage_shares" {
  description = "List of share to create"
  default     = []
  type        = list(object({ name = string, quota = string }))
 }

 variable "storage_account_tags" {
  description = "Tags which will specifically assigned to the storage account."
  default     = {}
@@ -91,7 +97,7 @@ variable "retention_in_days" {
  default     = 7
 }

 variable "log_analytics_tags" {
 variable "log_analytics_workspace_tags" {
  description = "Tags which will be associated to the log analytics workspace."
  default     = {}
 }
@@ -117,7 +123,7 @@ variable "target_resource_ids" {
  default     = [""]
 }

 variable "log_analytics_detination_type" {
 variable "log_analytics_destination_type" {
  description = "when set to `Dedicated  logs sent to a log analytics workspace will go into resource specific tables, instead of the legacy Azurediagnostics table. Note: This setting will only have an effect if a  `log_analytics_workspace_id` is provided, and the resource is avaliable for resource-specific logs."
  type        = list(string)
  default     = [""]
@@ -134,10 +140,11 @@ variable "logs" {
  For example, see folder example/default folder.
  DOCUMENTATION
  type        = list
  default     = []
  default     = [[]]

 }

 variable "metric" {
 variable "metrics" {
  description = <<-DOCUMENTATION
  A list of list of map of options to apply. Map must support the following structure:
    * category(required, string): The name of a diagnostic log category for the resource. Note: The metric categories available vary depending on the resource begin used. You may wish to use `azurerm_monitor_diagnostc_catehories` data source to identify which categories are available for a given resource.
@@ -148,5 +155,17 @@ variable "metric" {
  For example, see folder example/default folder.
  DOCUMENTATION
  type        = list
  default     = []
  default = [[
    {
      category = "AllMetrics"
      enabled  = true

      retention_policy = [
        {
          enabled = false
          days    = 2
        }
      ]
    }
  ]]
 }