diff --git a/locals.tf b/locals.tf index 1db87dd..bb15dbb 100644 --- a/locals.tf +++ b/locals.tf @@ -4,7 +4,7 @@ resource "random_id" "name" { } locals { - name = "${var.name == "" ? random_id.name.hex : var.name}" + name = var.name == "" ? random_id.name.hex : var.name frontend_ip_configuration_name = "fe-ipconfig" https_port_name = "https" diff --git a/main.tf b/main.tf deleted file mode 100644 index 9661d67..0000000 --- a/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -provider "azurerm" { - version = "~> 1.23" -} - -provider "random" { - version = "~> 2.1" -} diff --git a/outputs.tf b/outputs.tf index 9cfd65e..9444f98 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,14 +1,14 @@ output "id" { description = "The ID of the application gateway" - value = "${azurerm_application_gateway.this.id}" + value = azurerm_application_gateway.this.id } output "backend_address_pool_id" { description = "The ID of the application gateway backend address pool" - value = "${azurerm_application_gateway.this.backend_address_pool.0.id}" + value = azurerm_application_gateway.this.backend_address_pool[0].id } output "public_ip" { description = "The public IP of the application gateway" - value = "${azurerm_public_ip.this.ip_address}" + value = azurerm_public_ip.this.ip_address } diff --git a/resources.tf b/resources.tf index 74cce1f..4b9dee5 100644 --- a/resources.tf +++ b/resources.tf @@ -1,19 +1,19 @@ resource "azurerm_public_ip" "this" { name = "${local.name}-vip" - resource_group_name = "${var.resource_group_name}" - location = "${var.location}" + resource_group_name = var.resource_group_name + location = var.location sku = "Standard" allocation_method = "Static" - tags = "${var.tags}" + tags = var.tags } resource "azurerm_application_gateway" "this" { - name = "${local.name}" - resource_group_name = "${var.resource_group_name}" - location = "${var.location}" - enable_http2 = "${var.enable_http2}" - disabled_ssl_protocols = ["${var.disabled_ssl_protocols}"] + name = local.name + resource_group_name = var.resource_group_name + location = var.location + enable_http2 = var.enable_http2 + disabled_ssl_protocols = var.disabled_ssl_protocols sku { name = "Standard_v2" @@ -23,103 +23,106 @@ resource "azurerm_application_gateway" "this" { gateway_ip_configuration { name = "gateway-ipconfig" - subnet_id = "${var.subnet_id}" + subnet_id = var.subnet_id } frontend_ip_configuration { - name = "${local.frontend_ip_configuration_name}" - public_ip_address_id = "${azurerm_public_ip.this.id}" + name = local.frontend_ip_configuration_name + public_ip_address_id = azurerm_public_ip.this.id } frontend_port { - name = "${local.https_port_name}" + name = local.https_port_name port = 443 } frontend_port { - name = "${local.http_port_name}" + name = local.http_port_name port = 80 } ssl_certificate { - name = "${local.certificate_name}" - data = "${data.azurerm_key_vault_secret.cert.value}" + name = local.certificate_name + data = data.azurerm_key_vault_secret.cert.value password = "" } http_listener { - name = "${local.https_listener_name}" - frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}" - frontend_port_name = "${local.https_port_name}" - ssl_certificate_name = "${local.certificate_name}" + name = local.https_listener_name + frontend_ip_configuration_name = local.frontend_ip_configuration_name + frontend_port_name = local.https_port_name + ssl_certificate_name = local.certificate_name protocol = "Https" } http_listener { - name = "${local.http_listener_name}" - frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}" - frontend_port_name = "${local.http_port_name}" + name = local.http_listener_name + frontend_ip_configuration_name = local.frontend_ip_configuration_name + frontend_port_name = local.http_port_name protocol = "Http" } backend_address_pool { - name = "${local.backend_address_pool_name}" + name = local.backend_address_pool_name } probe { - name = "${local.health_probe_name}" - protocol = "${var.health_probe_protocol}" - interval = "${var.health_probe_interval}" - timeout = "${var.health_probe_timeout}" - unhealthy_threshold = "${var.health_probe_threshold}" - path = "${var.health_probe_path}" + name = local.health_probe_name + protocol = var.health_probe_protocol + interval = var.health_probe_interval + timeout = var.health_probe_timeout + unhealthy_threshold = var.health_probe_threshold + path = var.health_probe_path host = "127.0.0.1" } backend_http_settings { - name = "${local.backend_http_settings_name}" - cookie_based_affinity = "${var.cookie_based_affinity}" + name = local.backend_http_settings_name + cookie_based_affinity = var.cookie_based_affinity port = 80 protocol = "Http" - request_timeout = "${var.backend_request_timeout}" - probe_name = "${local.health_probe_name}" + request_timeout = var.backend_request_timeout + probe_name = local.health_probe_name connection_draining { - enabled = "${var.enable_connection_draining}" - drain_timeout_sec = "${var.connection_drain_timeout}" + enabled = var.enable_connection_draining + drain_timeout_sec = var.connection_drain_timeout } } request_routing_rule { name = "https-routing" rule_type = "Basic" - http_listener_name = "${local.https_listener_name}" - backend_address_pool_name = "${local.backend_address_pool_name}" - backend_http_settings_name = "${local.backend_http_settings_name}" + http_listener_name = local.https_listener_name + backend_address_pool_name = local.backend_address_pool_name + backend_http_settings_name = local.backend_http_settings_name } request_routing_rule { name = "http-routing" rule_type = "Basic" - http_listener_name = "${local.http_listener_name}" - backend_address_pool_name = "${local.backend_address_pool_name}" - backend_http_settings_name = "${local.backend_http_settings_name}" + http_listener_name = local.http_listener_name + backend_address_pool_name = local.backend_address_pool_name + backend_http_settings_name = local.backend_http_settings_name } - tags = "${var.tags}" + tags = var.tags } data "azurerm_network_interface" "targets" { - count = "${length(var.targets)}" + count = length(var.targets) - name = "${var.targets[count.index]}" - resource_group_name = "${var.resource_group_name}" + name = var.targets[count.index] + resource_group_name = var.resource_group_name } resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "this" { - count = "${length(var.targets)}" - - network_interface_id = "${element(data.azurerm_network_interface.targets.*.id, count.index)}" - ip_configuration_name = "${element(data.azurerm_network_interface.targets.*.ip_configuration.0.name, count.index)}" - backend_address_pool_id = "${azurerm_application_gateway.this.backend_address_pool.0.id}" + count = length(var.targets) + + network_interface_id = element(data.azurerm_network_interface.targets.*.id, count.index) + ip_configuration_name = element( + data.azurerm_network_interface.targets.*.ip_configuration.0.name, + count.index, + ) + backend_address_pool_id = azurerm_application_gateway.this.backend_address_pool[0].id } diff --git a/ssl.tf b/ssl.tf index 1af2ed9..fd40426 100644 --- a/ssl.tf +++ b/ssl.tf @@ -1,18 +1,19 @@ -data "azurerm_client_config" "current" {} +data "azurerm_client_config" "current" { +} resource "azurerm_key_vault" "this" { - name = "${local.name}" - location = "${var.location}" - resource_group_name = "${var.resource_group_name}" - tenant_id = "${data.azurerm_client_config.current.tenant_id}" + name = local.name + location = var.location + resource_group_name = var.resource_group_name + tenant_id = data.azurerm_client_config.current.tenant_id sku { name = "standard" } access_policy { - tenant_id = "${data.azurerm_client_config.current.tenant_id}" - object_id = "${var.object_id}" + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = var.object_id certificate_permissions = [ "create", @@ -60,12 +61,12 @@ resource "azurerm_key_vault" "this" { ] } - tags = "${var.tags}" + tags = var.tags } resource "azurerm_key_vault_certificate" "this" { - name = "${local.certificate_name}" - key_vault_id = "${azurerm_key_vault.this.id}" + name = local.certificate_name + key_vault_id = azurerm_key_vault.this.id certificate_policy { issuer_parameters { @@ -106,7 +107,7 @@ resource "azurerm_key_vault_certificate" "this" { ] subject_alternative_names { - dns_names = ["${var.ssl_sans}"] + dns_names = var.ssl_sans } subject = "CN=${var.ssl_cn}" @@ -114,12 +115,12 @@ resource "azurerm_key_vault_certificate" "this" { } } - tags = "${var.tags}" + tags = var.tags } data "azurerm_key_vault_secret" "cert" { - name = "${local.certificate_name}" - vault_uri = "${azurerm_key_vault.this.vault_uri}" + name = local.certificate_name + vault_uri = azurerm_key_vault.this.vault_uri - depends_on = ["azurerm_key_vault_certificate.this"] + depends_on = [azurerm_key_vault_certificate.this] } diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..b636bd0 --- /dev/null +++ b/versions.tf @@ -0,0 +1,11 @@ +terraform { + required_version = ">= 0.12" +} + +provider "azurerm" { + version = "~> 1.33.0" +} + +provider "random" { + version = "~> 2.1" +}