Merge pull request #2 from aztfmod/vnext

July 2020

.devcontainer/docker-compose.yml

@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/roverdev:2005.060543
+      image: aztfmod/roverdev:vnext
 
       labels:
         - "caf=Azure CAF"

.github/workflows/master.yaml

@@ -0,0 +1,42 @@
+#
+# Copyright (c) Microsoft Corporation
+# Licensed under the MIT License.
+#
+
+name: caf_landing_zones_github_actions 
+
+on:
+  push:
+    branches:
+      - master
+      - vnext
+  pull_request:
+    branches:
+      - master
+      - vnext
+
+jobs:
+  tfsec:
+    name: Run TFsec
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Terraform security scan
+        uses: triat/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  docs:
+    name: Run Terraform-docs
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+    - name: Run Terraform-docs
+      uses: Dirrk/[email protected]
+      with:
+        tf_docs_working_dir: .
+        tf_docs_output_file: README.md
+        tf_docs_output_method: inject
+        tf_docs_git_push: 'true'

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+# See http://pre-commit.com for more information
+# See http://pre-commit.com/hooks.html for more hooks
+repos:
+    - repo: git://github.com/antonbabenko/pre-commit-terraform
+      rev: v1.31.0
+      hooks:
+      - id: terraform_fmt
+      # - id: terraform_docs
+      - id: terraform_tflint
+      # - id: terraform_tfsec
+    - repo: git://github.com/pre-commit/pre-commit-hooks
+      rev: v3.1.0
+      hooks:
+        - id: check-merge-conflict
+        - id: trailing-whitespace
+        - id: check-yaml
+        - id: check-added-large-files
+    # - repo: git://github.com/markdownlint/markdownlint
+    #   rev: v0.9.0
+    #   hooks:
+    #     - id: markdownlint

CHANGELOG.md

@@ -1,3 +1,11 @@
+## v1.0.0 (July 2020)
+
+FEATURES: 
+* **new feature:**  Support for Terraform 013 - remove included toggle feature as supported by TF013 [#1](https://github.com/aztfmod/terraform-azurerm-caf-azure-bastion/issues/1)
+
+IMPROVEMENTS:
+
+BUGS:
 ## v0.1.0 (May 2020)
 
 FEATURES: 

README.md

@@ -1,3 +1,4 @@
+[![VScodespaces](https://img.shields.io/endpoint?url=https%3A%2F%2Faka.ms%2Fvso-badge)](https://online.visualstudio.com/environments/new?name=terraform-azurerm-azure-bastion&repo=aztfmod/terraform-azurerm-azure-bastion)
 [![Gitter](https://badges.gitter.im/aztfmod/community.svg)](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 # Configures an Azure Bastion
@@ -26,25 +27,45 @@ module "azure_bastion" {
 }
 ```
 
-## Inputs 
-
-| Name | Type | Default | Description |
-| -- | -- | -- | -- |
-| enable_bastion | bool | True | (Optional) Determine to deploy Bastion for the configuration. |
-| subnet_id | string | None | (Required) Subnet ID to plug Azure Bastion. |
-| public_ip_address_id | string | None | (Required) ID of hte Public IP address to use. |
-| bastion_config | object | None |(Required) Bastion configuration object. | 
-| resource_group_name | string | None | (Required) Name of the resource group where to create the resource. Changing this forces a new resource to be created. |
-| name | string | None | (Required) Name for the objects created (before naming convention applied.) |
-| location | string | None | (Required) Specifies the Azure location to deploy the resource. Changing this forces a new resource to be created.  |
-| tags | map | None | (Required) Map of tags for the deployment.  |
-| convention | string | None | (Required) Naming convention to be used (check at the naming convention module for possible values).  |
-| prefix | string | None | (Optional) Prefix to be used. |
-| postfix | string | None | (Optional) Postfix to be used. |
-| max_length | string | None | (Optional) maximum length to the name of the resource. |
-| log_analytics_workspace | string | None | Log Analytics Workspace. | 
-| diagnostics_map | map | None | Map with the diagnostics repository information.  | 
-| diagnostics_settings | object | None | Map with the diagnostics settings. See the required structure in the following example or in the diagnostics module documentation. | 
+<!--- BEGIN_TF_DOCS --->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| azurerm | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| bastion\_config | (Required) Bastion configuration object | `any` | n/a | yes |
+| convention | (Required) Naming convention method to use | `any` | n/a | yes |
+| diagnostics\_map | (Required) contains the SA and EH details for operations diagnostics | `any` | n/a | yes |
+| diagnostics\_settings | (Required) configuration object describing the diagnostics | `any` | n/a | yes |
+| location | (Required) Specifies the Azure location to deploy the resource. Changing this forces a new resource to be created. | `any` | n/a | yes |
+| log\_analytics\_workspace | (Required) contains the log analytics workspace details for operations diagnostics | `any` | n/a | yes |
+| max\_length | (Optional) You can speficy a maximum length to the name of the resource | `string` | `""` | no |
+| name | (Required) Name for the objects created (before naming convention applied.) | `any` | n/a | yes |
+| postfix | (Optional) You can use a postfix to the name of the resource | `string` | `""` | no |
+| prefix | (Optional) You can use a prefix to the name of the resource | `string` | `""` | no |
+| public\_ip\_address\_id | (Required) ID of the Public IP address to use. | `any` | n/a | yes |
+| resource\_group\_name | (Required) Name of the resource group where to create the resource. Changing this forces a new resource to be created. | `any` | n/a | yes |
+| subnet\_id | (Required) Subnet ID to plug Azure Bastion. | `any` | n/a | yes |
+| tags | (Required) Map of tags for the deployment. | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| id | n/a |
+| name | n/a |
+| object | n/a |
+
+<!--- END_TF_DOCS --->
 
 ## Parameters
 
@@ -70,12 +91,4 @@ bastion_config = {
             ]
         }
     }
-```
-
-## Outputs
-
-| Name | Type | Description | 
-| -- | -- | -- | 
-| id | map | Returns the id of the bastion configuration |
-| name | map | Returns the name of the bastion configuration |
-| object | map | Returns the object of the bastion configuration |
+```

diagnostics.tf

@@ -1,40 +1,10 @@
-# When Terraform will have condition module support, link it back to https://github.com/aztfmod/terraform-azurerm-caf-diagnostics
-
-resource "azurerm_monitor_diagnostic_setting" "diagnostics" {
-  count = var.enable_bastion ? 1 : 0
-
-  name                             = "${azurerm_bastion_host.azurebastion.0.name}-diag"
-  target_resource_id               = azurerm_bastion_host.azurebastion.0.id
-
-  eventhub_name                    = lookup(var.diagnostics_map, "eh_name", null)
-  eventhub_authorization_rule_id   = lookup(var.diagnostics_map, "eh_id", null) != null ? "${var.diagnostics_map.eh_id}/authorizationrules/RootManageSharedAccessKey" : null
-
-  log_analytics_workspace_id       = var.log_analytics_workspace.id
-  log_analytics_destination_type   = lookup(var.bastion_config.diagnostics, "log_analytics_destination_type", null)
-
-  storage_account_id               = var.diagnostics_map.diags_sa
-
-  dynamic "log" {
-      for_each = var.bastion_config.diagnostics.log
-      content {
-          category    = log.value[0]
-          enabled =     log.value[1]
-          retention_policy {
-              enabled =     log.value[2]
-              days    = log.value[3]
-          }
-      }
-  }   
-
-  dynamic "metric" {
-      for_each = var.bastion_config.diagnostics.metric
-      content {
-          category    = metric.value[0]
-          enabled =     metric.value[1]
-          retention_policy {
-              enabled =     metric.value[2]
-              days    = metric.value[3]
-          }
-          }
-  }
-  }  
+module "diagnostics_pip" {
+  source  = "aztfmod/caf-diagnostics/azurerm"
+  version = "1.0.0"
+
+    name                            = azurerm_bastion_host.azurebastion.name
+    resource_id                     = azurerm_bastion_host.azurebastion.id
+    log_analytics_workspace_id      = var.log_analytics_workspace.id
+    diagnostics_map                 = var.diagnostics_map
+    diag_object                     = var.diagnostics_settings
+}

examples/simple_bastion/output.tf

@@ -0,0 +1,5 @@
+output bastion {
+  value       = module.bastion
+  sensitive   = true
+  description = "Full Bastion object"
+}

main.tf

@@ -0,0 +1,18 @@
+
+locals {
+  module_tag          = {
+    "module" = basename(abspath(path.module))
+  }
+  tags                = merge(var.tags, local.module_tag)
+}
+
+terraform {
+  required_providers {
+    azurecaf = {
+      source = "aztfmod/azurecaf"
+    }
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+  }
+}

module.tf

@@ -1,6 +1,4 @@
 resource "azurerm_bastion_host" "azurebastion" {
-  count = var.enable_bastion ? 1 : 0
-
   name                = var.bastion_config.name
   location            = var.location
   resource_group_name = var.resource_group_name

variables.tf

@@ -52,16 +52,10 @@ variable "subnet_id" {
   description = "(Required) Subnet ID to plug Azure Bastion."
 }
 
-variable "enable_bastion" {
-  description = "(Optional) Determine to deploy Bastion for the configuration."
-  type = bool
-  default = true
-}
-
 variable "bastion_config" {
   description = "(Required) Bastion configuration object"
 }
 
 variable "public_ip_address_id" {
-  description = "(Required) ID of hte Public IP address to use."
+  description = "(Required) ID of the Public IP address to use."
 }