Merge pull request #16 from clouddrove/feat/existing_ddos

Feat/existing ddos
clouddrove · Jun 15, 2023 · 9f3a38a · 9f3a38a
2 parents 87f4af9 + 55169b4
commit 9f3a38a
Show file tree

Hide file tree

Showing 13 changed files with 98 additions and 215 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -10,10 +10,10 @@ updates:
     schedule:
       interval: "weekly"
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/default" # Location of package manifests
+    directory: "_example/basic" # Location of package manifests
     schedule:
       interval: "weekly"
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/vnet-with-flow-logs" # Location of package manifests
+    directory: "_example/complete" # Location of package manifests
     schedule:
       interval: "weekly"
diff --git a/.github/workflows/semantic-releaser.yml b/.github/workflows/semantic-releaser.yml
@@ -6,7 +6,7 @@ on:
       - main
     paths:
       - '**.tf'
-      - '!examples/**.tf'
+      - '_example/**.tf'
 
 jobs:
   release:

diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml
@@ -30,7 +30,8 @@ jobs:
           - ${{ needs.versionExtract.outputs.minVersion }}
           - ${{ needs.versionExtract.outputs.maxVersion }}
         directory:
-          - _example/
+          - _example/basic/
+          - _example/complete/
 
     steps:
       - name: Checkout

diff --git a/README.yaml b/README.yaml
@@ -38,32 +38,13 @@ usage: |-
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
   module "virtual-network" {
-   source              = "clouddrove/vnet/azure"
-   name                = "app"
-   environment         = "test"
-   label_order         = ["name", "environment"]
-   resource_group_name = module.resource_group.resource_group_name
-   location            = module.resource_group.resource_group_location
-   address_space       = "10.0.0.0/16"
+   source                 = "clouddrove/vnet/azure"
+   name                   = "app"
+   environment            = "test"
+   label_order            = ["name", "environment"]
+   resource_group_name    = module.resource_group.resource_group_name
+   location               = module.resource_group.resource_group_location
+   address_space          = "10.0.0.0/16"
+   enable_network_watcher = false # To be set true when network security group flow logs are to be tracked and network watcher with specific name is to be deployed. 
    }
-    ```
-  ##vnet with flow log
-  ```hcl
-  module "virtual-network" {
-   source              = "clouddrove/vnet/azure"
-   name                = "app"
-   environment         = "test"
-   label_order         = ["name", "environment"]
-   resource_group_name = module.resource_group.resource_group_name
-   location            = module.resource_group.resource_group_location
-   address_space       = "10.0.0.0/16"
-   ## For enabling network flow logs for vnet.
-   enable_flow_logs          = true
-   enable_network_watcher    = true
-   enable_traffic_analytics  = true
-   network_security_group_id = module.security_group.id
-   storage_account_id        = module.storage.default_storage_account_id
-   workspace_id              = module.log-analytics.workspace_customer_id
-   workspace_resource_id     = module.log-analytics.workspace_id
-   }
-    ```
+    ```
diff --git a/_example/basic/example.tf b/_example/basic/example.tf
@@ -0,0 +1,18 @@
+locals {
+  name        = "app"
+  environment = "test"
+  label_order = ["name", "environment"]
+}
+
+##----------------------------------------------------------------------------- 
+## Virtual Network module call.
+##-----------------------------------------------------------------------------
+module "vnet" {
+  source                 = "../../"
+  name                   = local.name
+  environment            = local.environment
+  resource_group_name    = "app-test"
+  location               = "NorthEurope"
+  address_space          = "10.0.0.0/16"
+  enable_network_watcher = false # To be set true when network security group flow logs are to be tracked and network watcher with specific name is to be deployed. 
+}
diff --git a/_example/default/output.tf → _example/basic/outputs.tf b/_example/default/output.tf → _example/basic/outputs.tf
diff --git a/_example/complete/exmaple.tf b/_example/complete/exmaple.tf
@@ -0,0 +1,35 @@
+provider "azurerm" {
+  features {}
+}
+
+locals {
+  name        = "app"
+  environment = "test"
+  label_order = ["name", "environment"]
+}
+
+##----------------------------------------------------------------------------- 
+## Resource Group module call
+## Resource group in which all resources will be deployed.
+##-----------------------------------------------------------------------------
+module "resource_group" {
+  source      = "clouddrove/resource-group/azure"
+  version     = "1.0.2"
+  name        = local.name
+  environment = local.environment
+  label_order = local.label_order
+  location    = "North Europe"
+}
+
+##----------------------------------------------------------------------------- 
+## Virtual Network module call.
+##-----------------------------------------------------------------------------
+module "vnet" {
+  source                 = "../../"
+  name                   = local.name
+  environment            = local.environment
+  resource_group_name    = module.resource_group.resource_group_name
+  location               = module.resource_group.resource_group_location
+  address_space          = "10.0.0.0/16"
+  enable_network_watcher = false # To be set true when network security group flow logs are to be tracked and network watcher with specific name is to be deployed. 
+}
diff --git a/_example/vnet-with-flow-logs/output.tf → _example/complete/outputs.tf b/_example/vnet-with-flow-logs/output.tf → _example/complete/outputs.tf
@@ -26,4 +26,4 @@ output "vnet_guid" {
 output "vnet_rg_name" {
   description = "The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created."
   value       = module.vnet.vnet_rg_name
-}
+}
diff --git a/_example/default/exmaple.tf b/_example/default/exmaple.tf
diff --git a/_example/vnet-with-flow-logs/example.tf b/_example/vnet-with-flow-logs/example.tf
diff --git a/main.tf b/main.tf
@@ -1,7 +1,13 @@
+##----------------------------------------------------------------------------- 
+## Locals declaration for determining the id of ddos protection plan.    
+##-----------------------------------------------------------------------------
 locals {
-  ddos_pp_id = var.enable_ddos_pp ? azurerm_network_ddos_protection_plan.example[0].id : ""
+  ddos_pp_id = var.enable_ddos_pp && var.existing_ddos_pp != null ? var.existing_ddos_pp : var.enable_ddos_pp && var.existing_ddos_pp == null ? azurerm_network_ddos_protection_plan.example[0].id : null
 }
 
+##----------------------------------------------------------------------------- 
+## Labels module callled that will be used for naming and tags.   
+##-----------------------------------------------------------------------------
 module "labels" {
 
   source  = "clouddrove/labels/azure"
@@ -14,6 +20,9 @@ module "labels" {
   repository  = var.repository
 }
 
+##----------------------------------------------------------------------------- 
+## Below resource will deploy virtual network in your azure environment.    
+##-----------------------------------------------------------------------------
 resource "azurerm_virtual_network" "vnet" {
   count                   = var.enable == true ? 1 : 0
   name                    = format("%s-vnet", module.labels.id)
@@ -25,7 +34,7 @@ resource "azurerm_virtual_network" "vnet" {
   edge_zone               = var.edge_zone
   flow_timeout_in_minutes = var.flow_timeout_in_minutes
   dynamic "ddos_protection_plan" {
-    for_each = local.ddos_pp_id != "" ? ["ddos_protection_plan"] : []
+    for_each = local.ddos_pp_id != null ? ["ddos_protection_plan"] : []
     content {
       id     = local.ddos_pp_id
       enable = true
@@ -34,6 +43,9 @@ resource "azurerm_virtual_network" "vnet" {
   tags = module.labels.tags
 }
 
+##----------------------------------------------------------------------------- 
+## Below resource will deploy ddos protection plan for virtual network.   
+##-----------------------------------------------------------------------------
 resource "azurerm_network_ddos_protection_plan" "example" {
   count               = var.enable_ddos_pp && var.enable == true ? 1 : 0
   name                = format("%s-ddospp", module.labels.id)
@@ -42,34 +54,14 @@ resource "azurerm_network_ddos_protection_plan" "example" {
   tags                = module.labels.tags
 }
 
-resource "azurerm_network_watcher" "test" {
-  count               = var.enable_network_watcher ? 1 : 0
+##-----------------------------------------------------------------------------
+## Below resource will deploy network watcher resource group in azure.
+## To be deployed when flow logs for network security group is to be tracked. 
+## By default azure deploys network wather on its own, but if in azure infrastructure deployment you need network watcher with specific name than set 'enable_network_watcher' variable to true. 
+##-----------------------------------------------------------------------------
+resource "azurerm_network_watcher" "flow_log_nw" {
+  count               = var.enable && var.enable_network_watcher ? 1 : 0
   name                = format("%s-network_watcher", module.labels.id)
   location            = var.location
   resource_group_name = var.resource_group_name
-}
-
-
-resource "azurerm_network_watcher_flow_log" "test" {
-  count                = var.enable_flow_logs ? 1 : 0
-  network_watcher_name = join("", azurerm_network_watcher.test.*.name)
-  resource_group_name  = var.resource_group_name
-  name                 = format("%s-flow_logs", module.labels.id)
-
-  network_security_group_id = var.network_security_group_id
-  storage_account_id        = var.storage_account_id
-  enabled                   = true
-
-  retention_policy {
-    enabled = var.retention_policy_enabled
-    days    = var.retention_policy_days
-  }
-
-  traffic_analytics {
-    enabled               = var.enable_traffic_analytics
-    workspace_id          = var.workspace_id
-    workspace_region      = var.location
-    workspace_resource_id = var.workspace_resource_id
-    interval_in_minutes   = 10
-  }
-}
+}
diff --git a/outputs.tf b/outputs.tf
@@ -33,6 +33,6 @@ output "ddos_protection_plan_id" {
   description = "The ID of the DDoS Protection Plan"
 }
 output "network_watcher_id" {
-  value       = join("", azurerm_network_watcher.test.*.id)
+  value       = join("", azurerm_network_watcher.flow_log_nw.*.id)
   description = "The ID of the Network Watcher."
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,7 @@ on: @@
           - main
         paths:
           - '**.tf'
-          - '!examples/**.tf'
+          - '_example/**.tf'
     jobs:
       release:
@@ Expand Down @@