Merge pull request #17 from aztfmod/2002-Refresh

All good now
Azure · Feb 13, 2020 · bdc5a03 · bdc5a03
2 parents f3097f0 + 9b689f7
commit bdc5a03
Show file tree

Hide file tree

Showing 40 changed files with 314 additions and 331 deletions.
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:2002.0320
+      image: aztfmod/rover:2002.1204
 
       labels:
         - "caf=Azure CAF"

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,16 @@
+## v2.1.2002 (February 2020)
+FEATURES:
+* **landingzone_vdc_demo :** refactor to use landingzone_caf_foundations as lower level [#12](
+https://github.com/aztfmod/landingzones/issues/12)
+* **landingzone_vdc_demo :** refresh of module versions to latest [#12](
+https://github.com/aztfmod/landingzones/issues/12)
+* **overall :** upgrade to latest azurerm provider [1.44](https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.44.0/CHANGELOG.md) 
+
+BUGFIXES:
+* **rover :** launchpad opensource light fails to deploy successfully [#18](
+https://github.com/aztfmod/landingzones/issues/18)
+
+
 ## v2.0.2002 (February 2020)
 FEATURES:
 * **landingzone_caf_foundations :** adding support for azurerm 1.42 provider, azuread provider 0.7

diff --git a/README.md b/README.md
@@ -20,10 +20,10 @@ Examples of landing zones:
 
 Currently we provide you with the following landing zones:
 
-| Name | Purpose |  
-| ------- | ---------------- |
-| landingzone_caf_foundations  | setup all the fundamentals for a subscription (logging, accounting, security.). You can find all details of the caf_foundations landing zone [Here](./landingzones/landingzone_caf_foundations/readme.md) |
-| landingzone_vdc_demo  | setup a demo environment of a hub-spoke topology including shared services, as well as various DMZ (ingress, egress, transit). You can find all details of the vdc_demo landing zone [Here](./landingzones/landingzone_vdc_demo/readme.md)|
+| Name | Purpose | Depends on | Tested with launchpad
+| ------- | ---------------- | -- | -- |
+| landingzone_caf_foundations  | setup all the fundamentals for a subscription (logging, accounting, security.). You can find all details of the caf_foundations landing zone [Here](./landingzones/landingzone_caf_foundations/readme.md) | N/A | launchpad_opensource_light |
+| landingzone_vdc_demo  | setup a demo environment of a hub-spoke topology including shared services, as well as various DMZ (ingress, egress, transit). You can find all details of the vdc_demo landing zone [Here](./landingzones/landingzone_vdc_demo/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
 
 ## Getting started
 

diff --git a/landingzones/landingzone_caf_foundations/blueprint_foundations_accounting/main.tf b/landingzones/landingzone_caf_foundations/blueprint_foundations_accounting/main.tf
@@ -2,7 +2,7 @@ data "azurerm_client_config" "current" {
 }
 
 provider "azurerm" {
-  version = "<= 1.42"
+  version = "<= 1.44"
 }
 
 provider "azuread" {

diff --git a/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/main.tf b/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/main.tf
@@ -5,7 +5,7 @@ data "azurerm_subscription" "current" {}
 
 
 provider "azurerm" {
-  version = "<= 1.42"
+  version = "<= 1.44"
 }
 
 provider "azuread" {

diff --git a/landingzones/landingzone_caf_foundations/blueprint_foundations_security/main.tf b/landingzones/landingzone_caf_foundations/blueprint_foundations_security/main.tf
@@ -2,7 +2,7 @@ data "azurerm_client_config" "current" {
 }
 
 provider "azurerm" {
-  version = "<= 1.42"
+  version = "<= 1.44"
 }
 
 provider "azuread" {

diff --git a/landingzones/landingzone_caf_foundations/main.tf b/landingzones/landingzone_caf_foundations/main.tf
@@ -1,5 +1,5 @@
 provider "azurerm" {
-  version = "<=1.42"
+  version = "<=1.44"
 }
 
 terraform {

diff --git a/landingzones/landingzone_vdc_demo/blueprint_foundations.sandpit.auto.tfvars b/landingzones/landingzone_vdc_demo/blueprint_foundations.sandpit.auto.tfvars
diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress.sandpit.auto.tfvars b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress.sandpit.auto.tfvars
@@ -1,5 +1,4 @@
 # settings for the shared egress blueprint 
-
 resource_groups_shared_egress = {
     HUB-EGRESS-NET    = {
         name = "-hub-network-egress"
@@ -10,7 +9,7 @@ resource_groups_shared_egress = {
 # Settings for the shared services egress vnet - note that Azure Firewall subnet must be at least /26 
 networking_egress = {
     vnet = {
-        name                = "_Shared_Egress"
+        name                = "Shared-Egress"
         address_space       = ["10.0.0.0/25"]     
         dns                 = ["192.168.0.16", "192.168.0.64"]
     }
@@ -45,7 +44,7 @@ networking_egress = {
 # Settings for the public IP address to be used for egress
 # Must be standard and static for Azure Firewall 
 ip_addr_config = {
-    ip_name = "arnaud-pip-egress"    
+    ip_name = "caf-pip-egress"    
     allocation_method   = "Static"
     #Dynamic Public IP Addresses aren't allocated until they're assigned to a resource (such as a Virtual Machine or a Load Balancer) by design within Azure 
 
@@ -73,7 +72,7 @@ ip_addr_config = {
 
 # Settings for the Azure Firewall settings
 az_fw_config = {
-    name = "az-fw-arnaud"
+    name = "az-fw-caf"
     diagnostics = {
         log = [
                     #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] 

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress/blueprint.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress/blueprint.tf
@@ -14,8 +14,9 @@ locals {
 
 module "networking_shared_egress_vnet" {
   source  = "aztfmod/caf-virtual-network/azurerm"
-  version = "0.2.0"
-
+  version = "1.0.0"
+
+  convention                        = var.global_settings.convention  
   virtual_network_rg                = local.HUB-EGRESS-NET
   prefix                            = var.prefix
   location                          = var.location
@@ -28,8 +29,9 @@ module "networking_shared_egress_vnet" {
 
 module "networking_shared_public_ip" {
   source  = "aztfmod/caf-public-ip/azurerm"
-  version = "0.1.3"
+  version = "1.0.0"
 
+  convention                       = var.global_settings.convention 
   name                             = var.ip_addr_config.ip_name
   location                         = var.location
   rg                               = local.HUB-EGRESS-NET
@@ -42,16 +44,17 @@ module "networking_shared_public_ip" {
 
 module "networking_shared_egress_azfirewall" {
   source  = "aztfmod/caf-azure-firewall/azurerm"
-  version = "0.1.2"
+  version = "1.1.0"
 
-  az_fw_name                        = var.az_fw_config.name
-  az_fw_rg                          = local.HUB-EGRESS-NET
+  convention                        = var.global_settings.convention 
+  name                              = var.az_fw_config.name
+  rg                                = local.HUB-EGRESS-NET
   subnet_id                         = lookup(module.networking_shared_egress_vnet.vnet_subnets, "AzureFirewallSubnet", null)
   public_ip_id                      = module.networking_shared_public_ip.id
   location                          = var.location
   tags                              = local.tags
   diagnostics_map                   = var.diagnostics_map
-  log_analytics_workspace_id        = var.log_analytics_workspace.id
+  la_workspace_id                   = var.log_analytics_workspace.id
   diagnostics_settings              = var.az_fw_config.diagnostics
 }
 

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress/main.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress/main.tf
@@ -5,7 +5,7 @@ terraform {
 }
 
 provider "azurerm" {
-  version = "<= 1.42"
+  version = "<= 1.44"
 }
 
 data "azurerm_subscription" "current" {

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress/variables.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_egress/variables.tf
@@ -41,3 +41,7 @@ variable "diagnostics_map" {
 
 variable "resource_groups_shared_egress" {
 }
+
+variable "global_settings" {
+  description = "global settings"
+}
diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services.sandpit.auto.tfvars b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services.sandpit.auto.tfvars
@@ -1,5 +1,4 @@
 # settings for the shared network blueprint 
-
 resource_groups_shared_services = {
     HUB-CORE-NET    = {
         name = "-hub-network-shared"  
@@ -12,7 +11,7 @@ ddos_name            = "ddos_protection_plan"
 
 shared_services_vnet = {
         vnet = {
-            name                = "_Shared_Services"
+            name                = "Shared-Services"
             address_space       = ["10.101.4.0/22"]
             dns                 = []
         }
@@ -32,7 +31,7 @@ shared_services_vnet = {
                 service_endpoints   = []
                 nsg_inbound         = [
                     # {"Name", "Priority", "Direction", "Action", "Protocol", "source_port_range", "destination_port_range", "source_address_prefix", "destination_address_prefix" }, 
-                    ["LDAP-t", "100", "Inbound", "Allow", "*", "*", "389", "*", "*"],
+                    ["LDAP", "100", "Inbound", "Allow", "*", "*", "389", "*", "*"],
                     ["RPC-EPM", "102", "Inbound", "Allow", "tcp", "*", "135", "*", "*"],
                     ["SMB-In", "103", "Inbound", "Allow", "tcp", "*", "445", "*", "*"],
                 ]
@@ -93,7 +92,7 @@ bastion_config = {
             #    ["AllMetrics", true, true, 30],
         ]
     }
-    ip_name = "arnaud-pip-bastion"
+    ip_name = "caf-pip-bastion"
     ip_addr = {
             allocation_method   = "Static"
             #Dynamic Public IP Addresses aren't allocated until they're assigned to a resource (such as a Virtual Machine or a Load Balancer) by design within Azure 

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services/blueprint.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services/blueprint.tf
@@ -11,11 +11,11 @@ locals {
   HUB-CORE-NET = lookup(module.resource_group.names, "HUB-CORE-NET", null)
 }
 
-
 module "networking_shared_services" {
   source  = "aztfmod/caf-virtual-network/azurerm"
-  version = "0.2.0"
+  version = "1.0.0"
 
+  convention                        = var.global_settings.convention
   virtual_network_rg                = local.HUB-CORE-NET
   prefix                            = var.prefix
   location                          = var.location

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services/main.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services/main.tf
@@ -5,7 +5,7 @@ terraform {
 }
 
 provider "azurerm" {
-  version = "<= 1.42"
+  version = "<= 1.44"
 }
 
 data "azurerm_subscription" "current" {

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services/variables.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_services/variables.tf
@@ -54,4 +54,8 @@ variable "bastion_config" {
 
 variable "enable_bastion" {
   description = "Switch to enable Azure Bastion // reserved for future use"
+}
+
+variable "global_settings" {
+  description = "global settings"
 }
diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit.sandpit.auto.tfvars b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit.sandpit.auto.tfvars
@@ -11,7 +11,7 @@ resource_groups_shared_transit = {
 # Settings for the shared services egress vnet
 networking_transit = {
         vnet = {
-            name                = "_Shared_Transit"
+            name                = "Shared-Transit"
             address_space       = ["172.16.0.0/23"]   
             dns                 = ["192.168.0.16", "192.168.0.64"]
         }
@@ -45,7 +45,7 @@ networking_transit = {
 
 # Settings for the public IP address to be used for egress
 public_ip_addr = {
-    name   = "arnaud-pip-vpn"
+    name   = "caf-pip-vpn"
     allocation_method = "Dynamic"
     sku               = "Basic"
     #For basic SKU, you can pick the zone to be deployed - if you want multi zone - pick Standard IP and pick AZ aware VPN gateway SKU
@@ -69,7 +69,7 @@ provision_gateway = false
 gateway_config  = {
     gateway_type                 = "VPN" 
     # Possible values are "VPN" or "ExpressRoute"
-    vpn_gateway_name             = "magateway"
+    vpn_gateway_name             = "mygateway"
     active_active                = false
     #An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
     enable_bgp                   = false 
@@ -101,7 +101,7 @@ connection_name = "onpremconnection"
 remote_network_connect = true
 
 remote_network = {
-    gateway_name = "arnaudlocalnetwork"
+    gateway_name = "caf_local_network"
     gateway_ip = "1.2.3.4"
     gateway_adress_space = ["1.0.0.0/8"]
 }

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit/blueprint.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit/blueprint.tf
@@ -14,8 +14,9 @@ locals {
 
 module "networking_transit_vnet" {
   source  = "aztfmod/caf-virtual-network/azurerm"
-  version = "0.2.0"
+  version = "1.0.0"
 
+  convention                        = var.global_settings.convention  
   virtual_network_rg                = local.HUB-NET-TRANSIT
   prefix                            = var.prefix
   location                          = var.location
@@ -28,8 +29,9 @@ module "networking_transit_vnet" {
 
 module "networking_transit_public_ip" {
   source  = "aztfmod/caf-public-ip/azurerm"
-  version = "0.1.3"
+  version = "1.0.0"
 
+  convention                       = var.global_settings.convention 
   name                             = var.ip_addr_config.name
   location                         = var.location
   rg                               = local.HUB-NET-TRANSIT
@@ -61,8 +63,9 @@ module "vpn_gateway" {
 
 module "keyvault" {
   source  = "aztfmod/caf-keyvault/azurerm"
-  version = "0.1.1"
+  version = "1.0.0"
 
+  convention                        = var.global_settings.convention 
   rg                                = local.HUB-NET-TRANSIT
   akv_config                        = var.akv_config
   prefix                            = var.prefix

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit/main.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit/main.tf
@@ -5,7 +5,7 @@ terraform {
 }
 
 provider "azurerm" {
-  version = "<= 1.42"
+  version = "<= 1.44"
 }
 
 data "azurerm_subscription" "current" {

diff --git a/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit/variables.tf b/landingzones/landingzone_vdc_demo/blueprint_networking_shared_transit/variables.tf
@@ -73,3 +73,7 @@ variable "provision_gateway" {
 variable "akv_config" {
 
 }
+
+variable "global_settings" {
+  description = "global settings"
+}