fix!: Fix potential issues with use of coalesce

examples/panorama/README.md

@@ -58,7 +58,7 @@ $ terraform apply
 | <a name="input_firewall_mgmt_prefixes"></a> [firewall\_mgmt\_prefixes](#input\_firewall\_mgmt\_prefixes) | n/a | `list(string)` | <pre>[<br>  "10.0.0.0/24"<br>]</pre> | no |
 | <a name="input_location"></a> [location](#input\_location) | Region to deploy Panorama into. | `string` | `""` | no |
 | <a name="input_network_security_groups"></a> [network\_security\_groups](#input\_network\_security\_groups) | Map of Network Security Groups to create. The key of each entry acts as the Network Security Group name.<br>List of available attributes of each Network Security Group entry:<br>- `location` : (Optional) Specifies the Azure location where to deploy the resource.<br>- `rules`: A list of objects representing a Network Security Rule. The key of each entry acts as the name of the rule and<br>    needs to be unique across all rules in the Network Security Group.<br>    List of attributes available to define a Network Security Rule:<br>    - `priority` : Numeric priority of the rule. The value can be between 100 and 4096 and must be unique for each rule in the collection.<br>    The lower the priority number, the higher the priority of the rule.<br>    - `direction` : The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`.<br>    - `access` : Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`.<br>    - `protocol` : Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, or `*` (which matches all).<br>    - `source_port_range` : List of source ports or port ranges.<br>    - `destination_port_range` : Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any.<br>    - `source_address_prefix` : List of source address prefixes. Tags may not be used.<br>    - `destination_address_prefix` : CIDR or destination IP range or `*` to match any IP.<br><br>Example:<pre>{<br>  "network_security_group_1" = {<br>    location = "Australia Central"<br>    rules = {<br>      "AllOutbound" = {<br>        priority                   = 100<br>        direction                  = "Outbound"<br>        access                     = "Allow"<br>        protocol                   = "Tcp"<br>        source_port_range          = "*"<br>        destination_port_range     = "*"<br>        source_address_prefix      = "*"<br>        destination_address_prefix = "*"<br>      },<br>      "AllowSSH" = {<br>        priority                   = 200<br>        direction                  = "Inbound"<br>        access                     = "Allow"<br>        protocol                   = "Tcp"<br>        source_port_range          = "*"<br>        destination_port_range     = "22"<br>        source_address_prefix      = "*"<br>        destination_address_prefix = "*"<br>      }<br>    }<br>  },<br>  "network_security_group_2" = {<br>    rules = {}<br>  }<br>}</pre> | `any` | n/a | yes |
-| <a name="input_panorama_name"></a> [panorama\_name](#input\_panorama\_name) | n/a | `string` | `"panorama"` | no |
+| <a name="input_panorama_name"></a> [panorama\_name](#input\_panorama\_name) | n/a | `any` | n/a | yes |
 | <a name="input_panorama_private_ip_address"></a> [panorama\_private\_ip\_address](#input\_panorama\_private\_ip\_address) | Optional static private IP address of Panorama, for example 192.168.11.22. If empty, Panorama uses dynamic assignment. | `string` | `null` | no |
 | <a name="input_panorama_size"></a> [panorama\_size](#input\_panorama\_size) | n/a | `string` | `"Standard_D5_v2"` | no |
 | <a name="input_panorama_sku"></a> [panorama\_sku](#input\_panorama\_sku) | n/a | `string` | `"byol"` | no |

examples/panorama/example.tfvars

@@ -1,8 +1,9 @@
 location             = "East US"
 tags                 = { environment = "dev" }
+panorama_name        = "example-panorama"
 resource_group_name  = "example-rg"
-vnet_name            = "example-vnet"
 storage_account_name = "examplestorage"
+vnet_name            = "example-vnet"
 enable_zones         = true
 address_space        = ["10.112.0.0/16"]
 panorama_version     = "10.1.5"

examples/panorama/main.tf

@@ -84,11 +84,11 @@ module "panorama" {
   ]
 
   logging_disks = {
-    disk_name_1 = {
+    logs-1 = {
       size : "2048"
       lun : "1"
     }
-    disk_name_2 = {
+    logs-2 = {
       size : "2048"
       lun : "2"
     }

examples/panorama/variables.tf

@@ -18,10 +18,7 @@ variable "storage_account_name" {
   type        = string
 }
 
-variable "panorama_name" {
-  type    = string
-  default = "panorama"
-}
+variable "panorama_name" {}
 
 variable "panorama_size" {
   type    = string

examples/transit_vnet_common/variables.tf

@@ -103,6 +103,11 @@ variable "allow_inbound_mgmt_ips" {
   EOF
   default     = []
   type        = list(string)
+
+  validation {
+    condition     = length(var.allow_inbound_mgmt_ips) > 0
+    error_message = "At least one address has to be specified."
+  }
 }
 
 variable "allow_inbound_data_ips" {

examples/transit_vnet_dedicated/variables.tf

@@ -114,6 +114,11 @@ variable "allow_inbound_mgmt_ips" {
   EOF
   default     = []
   type        = list(string)
+
+  validation {
+    condition     = length(var.allow_inbound_mgmt_ips) > 0
+    error_message = "At least one address has to be specified."
+  }
 }
 
 variable "allow_inbound_data_ips" {

examples/vmseries_scaleset/variables.tf

@@ -221,6 +221,11 @@ variable "allow_inbound_mgmt_ips" {
   EOF
   default     = []
   type        = list(string)
+
+  validation {
+    condition     = length(var.allow_inbound_mgmt_ips) > 0
+    error_message = "At least one address has to be specified."
+  }
 }
 
 variable "allow_inbound_data_ips" {

modules/loadbalancer/main.tf

@@ -77,7 +77,7 @@ locals {
   input_rules = { for v in local.input_flat_rules : "${v.fipkey}-${v.rulekey}" => v }
 
   # Now, the outputs to be returned by the module. First, calculate the raw IP addresses.
-  output_ips = { for _, v in azurerm_lb.lb.frontend_ip_configuration : v.name => coalesce(try(data.azurerm_public_ip.exists[v.name].ip_address, azurerm_public_ip.this[v.name].ip_address, v.private_ip_address)) }
+  output_ips = { for _, v in azurerm_lb.lb.frontend_ip_configuration : v.name => try(data.azurerm_public_ip.exists[v.name].ip_address, azurerm_public_ip.this[v.name].ip_address, v.private_ip_address) }
 
   # A more rich output combines the raw IP addresses with more attributes.
   # As the later NSGs demand that troublesome numerical `priority` attribute, we

modules/panorama/README.md

@@ -71,12 +71,12 @@ No modules.
 | <a name="input_boot_diagnostic_storage_uri"></a> [boot\_diagnostic\_storage\_uri](#input\_boot\_diagnostic\_storage\_uri) | Existing diagnostic storage uri | `string` | `null` | no |
 | <a name="input_custom_image_id"></a> [custom\_image\_id](#input\_custom\_image\_id) | Absolute ID of your own Custom Image to be used for creating Panorama. If set, the `username`, `password`, `panorama_version`, `panorama_publisher`, `panorama_offer`, `panorama_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software. | `string` | `null` | no |
 | <a name="input_enable_plan"></a> [enable\_plan](#input\_enable\_plan) | Enable usage of the Offer/Plan on Azure Marketplace. Even plan sku "byol", which means "bring your own license", still requires accepting on the Marketplace (as of 2021). Can be set to `false` when using a custom image. | `bool` | `true` | no |
-| <a name="input_enable_zones"></a> [enable\_zones](#input\_enable\_zones) | If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones. | `bool` | `true` | no |
-| <a name="input_interface"></a> [interface](#input\_interface) | A array of map describing the intefaces configuration. Keys of the map are the names and values are { subnet\_id, private\_ip\_address, public\_ip, enable\_ip\_forwarding }. Example:<pre>[<br>  {<br>    name                 = "mgmt"<br>    subnet_id            = ""<br>    private_ip_address   = ""<br>    public_ip            = true<br>    public_ip_name       = ""<br>    enable_ip_forwarding = false<br>  }<br>]</pre> | `any` | n/a | yes |
+| <a name="input_enable_zones"></a> [enable\_zones](#input\_enable\_zones) | If false, the input `avzone` is ignored and all created public IPs default not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones. | `bool` | `true` | no |
+| <a name="input_interface"></a> [interface](#input\_interface) | A array of map describing the intefaces configuration. Keys of the map are the names and values are { subnet\_id, private\_ip\_address, public\_ip, enable\_ip\_forwarding }. Example:<pre>[<br>  {<br>    name                 = "mgmt"<br>    subnet_id            = ""<br>    private_ip_address   = ""<br>    public_ip            = true<br>    public_ip_name       = ""<br>    enable_ip_forwarding = false<br>  }<br>]</pre> | `list(any)` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | Region to deploy Panorama into. | `string` | n/a | yes |
-| <a name="input_logging_disks"></a> [logging\_disks](#input\_logging\_disks) | A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zones, lun }. <br> The size value is provided in GB. The recommended size for additional(optional) disks should be at least 2TB (2048 GB). Example:<pre>{<br>  disk_name_1 = {<br>    size: "2048"<br>    zone: "1"<br>    lun: "1"<br>  }<br>  disk_name_2 = {<br>    size: "2048"<br>    zone: "2"<br>    lun: "2"<br>  }<br>}</pre> | `map(any)` | `{}` | no |
+| <a name="input_logging_disks"></a> [logging\_disks](#input\_logging\_disks) | A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zone, lun }. <br> The size value is provided in GB. The recommended size for additional (optional) disks is at least 2TB (2048 GB). Example:<pre>{<br>  logs-1 = {<br>    size: "2048"<br>    zone: "1"<br>    lun: "1"<br>  }<br>  logs-2 = {<br>    size: "2048"<br>    zone: "2"<br>    lun: "2"<br>  }<br>}</pre> | `map(any)` | `{}` | no |
 | <a name="input_os_disk_name"></a> [os\_disk\_name](#input\_os\_disk\_name) | The name of OS disk. The name is auto-generated when not provided. | `string` | `null` | no |
-| <a name="input_panorama_name"></a> [panorama\_name](#input\_panorama\_name) | The Panorama common name. | `string` | `"panorama"` | no |
+| <a name="input_panorama_name"></a> [panorama\_name](#input\_panorama\_name) | The Panorama common name. | `string` | n/a | yes |
 | <a name="input_panorama_offer"></a> [panorama\_offer](#input\_panorama\_offer) | Panorama offer. | `string` | `"panorama"` | no |
 | <a name="input_panorama_publisher"></a> [panorama\_publisher](#input\_panorama\_publisher) | Panorama Publisher. | `string` | `"paloaltonetworks"` | no |
 | <a name="input_panorama_size"></a> [panorama\_size](#input\_panorama\_size) | Virtual Machine size. | `string` | `"Standard_D5_v2"` | no |

modules/panorama/variables.tf

@@ -1,11 +1,13 @@
+# Location
 variable "location" {
   description = "Region to deploy Panorama into."
   type        = string
 }
 
-variable "resource_group_name" {
-  description = "The name of the existing resource group where to place all the resources created by this module."
-  type        = string
+variable "enable_zones" {
+  description = "If false, the input `avzone` is ignored and all created public IPs default not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones."
+  default     = true
+  type        = bool
 }
 
 variable "avzone" {
@@ -23,6 +25,23 @@ variable "avzones" {
   type        = list(string)
 }
 
+# Naming
+variable "panorama_name" {
+  description = "The Panorama common name."
+  type        = string
+}
+
+variable "os_disk_name" {
+  description = "The name of OS disk. The name is auto-generated when not provided."
+  default     = null
+  type        = string
+}
+variable "resource_group_name" {
+  description = "The name of the existing resource group where to place all the resources created by this module."
+  type        = string
+}
+
+# Instance settings
 variable "panorama_size" {
   description = "Virtual Machine size."
   default     = "Standard_D5_v2"
@@ -69,9 +88,17 @@ variable "panorama_offer" {
   type        = string
 }
 
+variable "custom_image_id" {
+  description = "Absolute ID of your own Custom Image to be used for creating Panorama. If set, the `username`, `password`, `panorama_version`, `panorama_publisher`, `panorama_offer`, `panorama_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software."
+  default     = null
+  type        = string
+}
+
+# Networking
 variable "interface" {
   description = <<-EOF
   A array of map describing the intefaces configuration. Keys of the map are the names and values are { subnet_id, private_ip_address, public_ip, enable_ip_forwarding }. Example:
+
   ```
   [
     {
@@ -84,66 +111,44 @@ variable "interface" {
     }
   ]
   ```
+
   EOF
+  type        = list(any)
 }
 
+# Storage
 variable "logging_disks" {
-  type        = map(any)
-  default     = {}
   description = <<-EOF
-   A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zones, lun }. 
-   The size value is provided in GB. The recommended size for additional(optional) disks should be at least 2TB (2048 GB). Example:
+   A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zone, lun }. 
+   The size value is provided in GB. The recommended size for additional (optional) disks is at least 2TB (2048 GB). Example:
+
   ```
   {
-    disk_name_1 = {
+    logs-1 = {
       size: "2048"
       zone: "1"
       lun: "1"
     }
-    disk_name_2 = {
+    logs-2 = {
       size: "2048"
       zone: "2"
       lun: "2"
     }
   }
   ```
+
   EOF
+  default     = {}
+  type        = map(any)
 }
 
-variable "custom_image_id" {
-  description = "Absolute ID of your own Custom Image to be used for creating Panorama. If set, the `username`, `password`, `panorama_version`, `panorama_publisher`, `panorama_offer`, `panorama_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software."
-  default     = null
-  type        = string
-}
 
 variable "boot_diagnostic_storage_uri" {
   description = "Existing diagnostic storage uri"
   default     = null
   type        = string
 }
 
-variable "enable_zones" {
-  description = "If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones."
-  default     = true
-  type        = bool
-}
-
-#  ---   #
-# Naming #
-#  ---   #
-
-variable "panorama_name" {
-  description = "The Panorama common name."
-  default     = "panorama"
-  type        = string
-}
-
-variable "os_disk_name" {
-  description = "The name of OS disk. The name is auto-generated when not provided."
-  default     = null
-  type        = string
-}
-
 variable "tags" {
   description = "A map of tags to be associated with the resources created."
   default     = {}

modules/virtual_machine/.README.md

@@ -1,6 +1,6 @@
-# Azure Virtual Machine Module for Azure
+# Azure Virtual Machine Module
 
-A Terraform module for deploying a virtual machine in Azure cloud. This module intended to be an internal module that can be leveraged during proof of concepts and demos.
+A Terraform module for deploying a virtual machine in Azure cloud. This module is intended to be an internal one that can be leveraged during proof of concepts and demos.
 
 You can easily control the linux flavour by passing `UbuntuServer`, `RHEL`, `openSUSE-Leap`, `CentOS`, `Debian`, `CoreOS` and `SLES` as the value to the `vm_os_simple` variable.
 

modules/virtual_machine/variables.tf

@@ -9,8 +9,7 @@ variable "resource_group_name" {
 }
 
 variable "name" {
-  description = "Hostname of the virtual machine."
-  default     = "fw00"
+  description = "Virtual machine instance name."
   type        = string
 }
 
@@ -29,24 +28,29 @@ variable "avset_id" {
 variable "interfaces" {
   description = <<-EOF
   List of the network interface specifications.
-  The first should be the Management network interface, which does not participate in data filtering.
-  The remaining ones are the dataplane interfaces.
-
-  - `subnet_id`: Identifier of the existing subnet to use.
-  - `lb_backend_pool_id`: Identifier of the existing backend pool of the load balancer to associate.
-  - `enable_backend_pool`: If false, ignore `lb_backend_pool_id`. Default is false.
-  - `public_ip_address_id`: Identifier of the existing public IP to associate.
-  - `create_public_ip`: If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
+  Options for an interface object:
+  - `name`                 - (required|string) Interface name.
+  - `subnet_id`            - (required|string) Identifier of an existing subnet to create interface in.
+  - `private_ip_address`   - (optional|string) Static private IP to asssign to the interface. If null, dynamic one is allocated.
+  - `public_ip_address_id` - (optional|string) Identifier of an existing public IP to associate.
+  - `create_public_ip`     - (optional|bool) If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
+  - `availability_zone`    - (optional|string) Availability zone to create public IP in. If not specified, set based on `avzone` and `enable_zones`.
+  - `enable_ip_forwarding` - (optional|bool) If true, the network interface will not discard packets sent to an IP address other than the one assigned. If false, the network interface only accepts traffic destined to its IP address.
+  - `enable_backend_pool`  - (optional|bool) If true, associate interface with backend pool specified with `lb_backend_pool_id`. Default is false.
+  - `lb_backend_pool_id`   - (optional|string) Identifier of an existing backend pool to associate interface with. Required if `enable_backend_pool` is true.
+  - `tags`                 - (optional|map) Tags to assign to the interface and public IP (if created). Overrides contents of `tags` variable.
 
   Example:
 
   ```
   [
     {
+      name                 = "mgmt"
       subnet_id            = azurerm_subnet.my_mgmt_subnet.id
       public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id
     },
     {
+      name                = "public"
       subnet_id           = azurerm_subnet.my_pub_subnet.id
       lb_backend_pool_id  = module.inbound_lb.backend_pool_id
       enable_backend_pool = true
@@ -129,7 +133,7 @@ variable "img_version" {
 
 variable "vm_os_simple" {
   description = "Allows user to specify a simple name for the OS required and auto populate the publisher, offer, sku parameters"
-  default     = null
+  default     = "UbuntuServer"
   type        = string
 }