feat: add new example

clouddrove · Dec 13, 2023 · 53ca73e · 53ca73e
1 parent f49103b
commit 53ca73e
Show file tree

Hide file tree

Showing 10 changed files with 159 additions and 5 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -54,3 +54,16 @@ updates:
       - "approvers"
     # Allow up to 3 open pull requests for pip dependencies
     open-pull-requests-limit: 3
+
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/_example/vnet_with_existing_ddos_id" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    # Add assignees
+    assignees:
+      - "clouddrove-ci"
+    # Add reviewer
+    reviewers:
+      - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -5,12 +5,17 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  example-basic:
+  basic-example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8
     with:
       working_directory: './_example/basic/'
 
-  example-complete:
+  complete-example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8
     with:
       working_directory: './_example/complete/'
+
+  vnet_with_existing_ddos_id-example:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8
+    with:
+      working_directory: './_example/vnet_with_existing_ddos_id/'
diff --git a/README.yaml b/README.yaml
@@ -59,7 +59,21 @@ usage: |-
     resource_group_name    = module.resource_group.resource_group_name
     location               = module.resource_group.resource_group_location
     address_space          = "10.0.0.0/16"
+    enable_ddos_pp         = false
     enable_network_watcher = false # To be set true when network security group flow logs are to be tracked and network watcher with specific name is to be deployed.
     }
   ```
+  ### vnet_with_existing_ddos_id Example
+  ```hcl
+    module "vnet" {
+    source                 = "clouddrove/vnet/azure"
+    name                   = local.name
+    environment            = local.environment
+    resource_group_name    = module.resource_group.resource_group_name
+    location               = module.resource_group.resource_group_location
+    address_space          = "10.0.0.0/16"
+    existing_ddos_pp       = "/subscriptions/068245d4-3c94-42fe-9c4d-9e5e1cabc60c/resourceGroups/"
+    enable_network_watcher = false
+    }
+  ```
 
diff --git a/_example/complete/outputs.tf b/_example/complete/outputs.tf
@@ -27,3 +27,8 @@ output "vnet_rg_name" {
   value       = module.vnet.vnet_rg_name
   description = "The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created."
 }
+
+output "ddos_protection_plan_id" {
+  value       = module.vnet.ddos_protection_plan_id
+  description = "The ID of the DDoS Protection Plan"
+}
diff --git a/_example/vnet_with_existing_ddos_id/example.tf b/_example/vnet_with_existing_ddos_id/example.tf
@@ -0,0 +1,34 @@
+provider "azurerm" {
+  features {}
+}
+
+locals {
+  name        = "app"
+  environment = "test"
+}
+
+##-----------------------------------------------------------------------------
+## Resource Group module call
+## Resource group in which all resources will be deployed.
+##-----------------------------------------------------------------------------
+module "resource_group" {
+  source      = "clouddrove/resource-group/azure"
+  version     = "1.0.2"
+  name        = local.name
+  environment = local.environment
+  location    = "North Europe"
+}
+
+##-----------------------------------------------------------------------------
+## Virtual Network module call.
+##-----------------------------------------------------------------------------
+module "vnet" {
+  source                 = "../../"
+  name                   = local.name
+  environment            = local.environment
+  resource_group_name    = module.resource_group.resource_group_name
+  location               = module.resource_group.resource_group_location
+  address_space          = "10.0.0.0/16"
+  existing_ddos_pp       = "/subscriptions/068245d4-3c94-42fe-9c4d-9e5e1cabc60c/resourceGroups/"
+  enable_network_watcher = false # To be set true when network security group flow logs are to be tracked and network watcher with specific name is to be deployed.
+}
diff --git a/_example/vnet_with_existing_ddos_id/outputs.tf b/_example/vnet_with_existing_ddos_id/outputs.tf
@@ -0,0 +1,34 @@
+output "vnet_id" {
+  value       = module.vnet.vnet_id
+  description = "The id of the newly created vNet"
+}
+
+output "vnet_name" {
+  value       = module.vnet.vnet_name
+  description = "The name of the newly created vNet"
+}
+
+output "vnet_location" {
+  value       = module.vnet.vnet_location
+  description = "The location of the newly created vNet"
+}
+
+output "vnet_address_space" {
+  value       = module.vnet.vnet_address_space
+  description = "The address space of the newly created vNet"
+}
+
+output "vnet_guid" {
+  value       = module.vnet.vnet_guid
+  description = "The GUID of the virtual network."
+}
+
+output "vnet_rg_name" {
+  value       = module.vnet.vnet_rg_name
+  description = "The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created."
+}
+
+output "ddos_plan_id" {
+  value       = module.vnet.ddos_existing_plan_id
+  description = "The ID of the Exiting DDoS Protection Plan"
+}
diff --git a/_example/vnet_with_existing_ddos_id/versions.tf b/_example/vnet_with_existing_ddos_id/versions.tf
@@ -0,0 +1,13 @@
+# Terraform version
+terraform {
+  required_version = ">= 1.6.5"
+}
+
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.83.0"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -2,7 +2,7 @@
 ## Locals declaration for determining the id of ddos protection plan.
 ##-----------------------------------------------------------------------------
 locals {
-  ddos_pp_id = var.enable_ddos_pp && var.existing_ddos_pp != null ? var.existing_ddos_pp : var.enable_ddos_pp && var.existing_ddos_pp == null ? azurerm_network_ddos_protection_plan.example[0].id : null
+  ddos_pp_id = var.enable_ddos_pp == false && var.existing_ddos_pp != null ? var.existing_ddos_pp : var.enable_ddos_pp && var.existing_ddos_pp == null ? azurerm_network_ddos_protection_plan.example[0].id : null
 }
 
 ##-----------------------------------------------------------------------------
@@ -24,13 +24,27 @@ module "labels" {
 resource "azurerm_virtual_network" "vnet" {
   count                   = var.enable == true ? 1 : 0
   name                    = format("%s-vnet", module.labels.id)
+  address_space           = length(var.address_spaces) == 0 ? [var.address_space] : var.address_spaces
   resource_group_name     = var.resource_group_name
+  flow_timeout_in_minutes = var.flow_timeout_in_minutes
   location                = var.location
-  address_space           = length(var.address_spaces) == 0 ? [var.address_space] : var.address_spaces
   dns_servers             = var.dns_servers
   bgp_community           = var.bgp_community
   edge_zone               = var.edge_zone
-  flow_timeout_in_minutes = var.flow_timeout_in_minutes
+
+  encryption {
+    enforcement = var.enforcement
+  }
+
+  dynamic "subnet" {
+    for_each = var.subnets == null ? [] : var.subnets
+    content {
+      name           = subnets.value.name
+      address_prefix = subnets.value.address_prefix
+      security_group = subnets.security_group
+    }
+  }
+
   dynamic "ddos_protection_plan" {
     for_each = local.ddos_pp_id != null ? ["ddos_protection_plan"] : []
     content {

diff --git a/outputs.tf b/outputs.tf
@@ -32,6 +32,7 @@ output "ddos_protection_plan_id" {
   value       = join("", azurerm_network_ddos_protection_plan.example[*].id)
   description = "The ID of the DDoS Protection Plan"
 }
+
 output "network_watcher_id" {
   value       = join("", azurerm_network_watcher.flow_log_nw[*].id)
   description = "The ID of the Network Watcher."
@@ -41,3 +42,8 @@ output "network_watcher_name" {
   value       = join("", azurerm_network_watcher.flow_log_nw[*].name)
   description = "The name of Network Watcher deployed."
 }
+
+output "ddos_existing_plan_id" {
+  value       = azurerm_virtual_network.vnet[*].ddos_protection_plan
+  description = "The ID of the DDoS Protection Plan"
+}
diff --git a/variables.tf b/variables.tf
@@ -105,3 +105,19 @@ variable "enable_network_watcher" {
   default     = false
   description = "Flag to control creation of network watcher."
 }
+
+variable "enforcement" {
+  type        = string
+  default     = "AllowUnencrypted"
+  description = "Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted."
+}
+
+variable "subnets" {
+  type = list(object({
+    name           = string
+    address_prefix = string
+    security_group = list(any)
+  }))
+  default     = null
+  description = "Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below."
+}