diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index b1dcf07..90f744d 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,7 +6,7 @@ version: '3.7' services: rover: - image: aztfmod/roverdev:2005.060543 + image: aztfmod/roverdev:vnext labels: - "caf=Azure CAF" diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml new file mode 100644 index 0000000..1fcc200 --- /dev/null +++ b/.github/workflows/master.yaml @@ -0,0 +1,42 @@ +# +# Copyright (c) Microsoft Corporation +# Licensed under the MIT License. +# + +name: caf_landing_zones_github_actions + +on: + push: + branches: + - master + - vnext + pull_request: + branches: + - master + - vnext + +jobs: + tfsec: + name: Run TFsec + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Terraform security scan + uses: triat/terraform-security-scan@v1.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + docs: + name: Run Terraform-docs + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + - name: Run Terraform-docs + uses: Dirrk/terraform-docs@v1.0.8 + with: + tf_docs_working_dir: . + tf_docs_output_file: README.md + tf_docs_output_method: inject + tf_docs_git_push: 'true' \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..4479b7f --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +# See http://pre-commit.com for more information +# See http://pre-commit.com/hooks.html for more hooks +repos: + - repo: git://github.com/antonbabenko/pre-commit-terraform + rev: v1.31.0 + hooks: + - id: terraform_fmt + # - id: terraform_docs + - id: terraform_tflint + # - id: terraform_tfsec + - repo: git://github.com/pre-commit/pre-commit-hooks + rev: v3.1.0 + hooks: + - id: check-merge-conflict + - id: trailing-whitespace + - id: check-yaml + - id: check-added-large-files + # - repo: git://github.com/markdownlint/markdownlint + # rev: v0.9.0 + # hooks: + # - id: markdownlint \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index d5f70de..a7f5c33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## v1.0.0 (July 2020) + +FEATURES: +* **new feature:** Support for Terraform 013 - remove included toggle feature as supported by TF013 [#1](https://github.com/aztfmod/terraform-azurerm-caf-azure-bastion/issues/1) + +IMPROVEMENTS: + +BUGS: ## v0.1.0 (May 2020) FEATURES: diff --git a/README.md b/README.md index 5c9d848..27253fb 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ +[![VScodespaces](https://img.shields.io/endpoint?url=https%3A%2F%2Faka.ms%2Fvso-badge)](https://online.visualstudio.com/environments/new?name=terraform-azurerm-azure-bastion&repo=aztfmod/terraform-azurerm-azure-bastion) [![Gitter](https://badges.gitter.im/aztfmod/community.svg)](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) # Configures an Azure Bastion @@ -26,25 +27,45 @@ module "azure_bastion" { } ``` -## Inputs - -| Name | Type | Default | Description | -| -- | -- | -- | -- | -| enable_bastion | bool | True | (Optional) Determine to deploy Bastion for the configuration. | -| subnet_id | string | None | (Required) Subnet ID to plug Azure Bastion. | -| public_ip_address_id | string | None | (Required) ID of hte Public IP address to use. | -| bastion_config | object | None |(Required) Bastion configuration object. | -| resource_group_name | string | None | (Required) Name of the resource group where to create the resource. Changing this forces a new resource to be created. | -| name | string | None | (Required) Name for the objects created (before naming convention applied.) | -| location | string | None | (Required) Specifies the Azure location to deploy the resource. Changing this forces a new resource to be created. | -| tags | map | None | (Required) Map of tags for the deployment. | -| convention | string | None | (Required) Naming convention to be used (check at the naming convention module for possible values). | -| prefix | string | None | (Optional) Prefix to be used. | -| postfix | string | None | (Optional) Postfix to be used. | -| max_length | string | None | (Optional) maximum length to the name of the resource. | -| log_analytics_workspace | string | None | Log Analytics Workspace. | -| diagnostics_map | map | None | Map with the diagnostics repository information. | -| diagnostics_settings | object | None | Map with the diagnostics settings. See the required structure in the following example or in the diagnostics module documentation. | + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| bastion\_config | (Required) Bastion configuration object | `any` | n/a | yes | +| convention | (Required) Naming convention method to use | `any` | n/a | yes | +| diagnostics\_map | (Required) contains the SA and EH details for operations diagnostics | `any` | n/a | yes | +| diagnostics\_settings | (Required) configuration object describing the diagnostics | `any` | n/a | yes | +| location | (Required) Specifies the Azure location to deploy the resource. Changing this forces a new resource to be created. | `any` | n/a | yes | +| log\_analytics\_workspace | (Required) contains the log analytics workspace details for operations diagnostics | `any` | n/a | yes | +| max\_length | (Optional) You can speficy a maximum length to the name of the resource | `string` | `""` | no | +| name | (Required) Name for the objects created (before naming convention applied.) | `any` | n/a | yes | +| postfix | (Optional) You can use a postfix to the name of the resource | `string` | `""` | no | +| prefix | (Optional) You can use a prefix to the name of the resource | `string` | `""` | no | +| public\_ip\_address\_id | (Required) ID of the Public IP address to use. | `any` | n/a | yes | +| resource\_group\_name | (Required) Name of the resource group where to create the resource. Changing this forces a new resource to be created. | `any` | n/a | yes | +| subnet\_id | (Required) Subnet ID to plug Azure Bastion. | `any` | n/a | yes | +| tags | (Required) Map of tags for the deployment. | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| name | n/a | +| object | n/a | + + ## Parameters @@ -70,12 +91,4 @@ bastion_config = { ] } } -``` - -## Outputs - -| Name | Type | Description | -| -- | -- | -- | -| id | map | Returns the id of the bastion configuration | -| name | map | Returns the name of the bastion configuration | -| object | map | Returns the object of the bastion configuration | \ No newline at end of file +``` \ No newline at end of file diff --git a/diagnostics.tf b/diagnostics.tf index bb746f0..59dd37a 100644 --- a/diagnostics.tf +++ b/diagnostics.tf @@ -1,40 +1,10 @@ -# When Terraform will have condition module support, link it back to https://github.com/aztfmod/terraform-azurerm-caf-diagnostics - -resource "azurerm_monitor_diagnostic_setting" "diagnostics" { - count = var.enable_bastion ? 1 : 0 - - name = "${azurerm_bastion_host.azurebastion.0.name}-diag" - target_resource_id = azurerm_bastion_host.azurebastion.0.id - - eventhub_name = lookup(var.diagnostics_map, "eh_name", null) - eventhub_authorization_rule_id = lookup(var.diagnostics_map, "eh_id", null) != null ? "${var.diagnostics_map.eh_id}/authorizationrules/RootManageSharedAccessKey" : null - - log_analytics_workspace_id = var.log_analytics_workspace.id - log_analytics_destination_type = lookup(var.bastion_config.diagnostics, "log_analytics_destination_type", null) - - storage_account_id = var.diagnostics_map.diags_sa - - dynamic "log" { - for_each = var.bastion_config.diagnostics.log - content { - category = log.value[0] - enabled = log.value[1] - retention_policy { - enabled = log.value[2] - days = log.value[3] - } - } - } - - dynamic "metric" { - for_each = var.bastion_config.diagnostics.metric - content { - category = metric.value[0] - enabled = metric.value[1] - retention_policy { - enabled = metric.value[2] - days = metric.value[3] - } - } - } - } \ No newline at end of file +module "diagnostics_pip" { + source = "aztfmod/caf-diagnostics/azurerm" + version = "1.0.0" + + name = azurerm_bastion_host.azurebastion.name + resource_id = azurerm_bastion_host.azurebastion.id + log_analytics_workspace_id = var.log_analytics_workspace.id + diagnostics_map = var.diagnostics_map + diag_object = var.diagnostics_settings +} \ No newline at end of file diff --git a/examples/simple_bastion/output.tf b/examples/simple_bastion/output.tf index e69de29..ae64e24 100644 --- a/examples/simple_bastion/output.tf +++ b/examples/simple_bastion/output.tf @@ -0,0 +1,5 @@ +output bastion { + value = module.bastion + sensitive = true + description = "Full Bastion object" +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..623ce68 --- /dev/null +++ b/main.tf @@ -0,0 +1,18 @@ + +locals { + module_tag = { + "module" = basename(abspath(path.module)) + } + tags = merge(var.tags, local.module_tag) +} + +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + azurerm = { + source = "hashicorp/azurerm" + } + } +} \ No newline at end of file diff --git a/module.tf b/module.tf index 9bf72f5..5365e0c 100644 --- a/module.tf +++ b/module.tf @@ -1,6 +1,4 @@ resource "azurerm_bastion_host" "azurebastion" { - count = var.enable_bastion ? 1 : 0 - name = var.bastion_config.name location = var.location resource_group_name = var.resource_group_name diff --git a/variables.tf b/variables.tf index 579bdbf..bf61a99 100644 --- a/variables.tf +++ b/variables.tf @@ -52,16 +52,10 @@ variable "subnet_id" { description = "(Required) Subnet ID to plug Azure Bastion." } -variable "enable_bastion" { - description = "(Optional) Determine to deploy Bastion for the configuration." - type = bool - default = true -} - variable "bastion_config" { description = "(Required) Bastion configuration object" } variable "public_ip_address_id" { - description = "(Required) ID of hte Public IP address to use." + description = "(Required) ID of the Public IP address to use." } \ No newline at end of file