generated from equinor/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
147 lines (126 loc) · 5.9 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
resource "azurerm_synapse_workspace" "this" {
name = var.workspace_name
resource_group_name = var.resource_group_name
location = var.location
storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.this.id
sql_identity_control_enabled = var.sql_identity_control_enabled
sql_administrator_login = var.sql_administrator_login
sql_administrator_login_password = var.sql_administrator_login_password
azuread_authentication_only = var.azuread_authentication_only
dynamic "identity" {
for_each = coalesce([var.identity])
content {
type = identity.value.type
identity_ids = lookup(identity.value, "identity_ids", [])
}
}
dynamic "customer_managed_key" {
for_each = var.customer_managed_key == null ? [] : [var.customer_managed_key]
content {
key_versionless_id = customer_managed_key.value.key_versionless_id
key_name = lookup(customer_managed_key.value, "key_name", "cmk")
}
}
dynamic "azure_devops_repo" {
for_each = var.github_repo == null ? (var.azure_devops_repo == null ? [] : [var.azure_devops_repo]) : [] # If a Github repo is given do not use devops repo
content {
account_name = azure_devops_repo.value.account_name
branch_name = azure_devops_repo.value.branch_name
last_commit_id = lookup(azure_devops_repo.value, "last_commit_id", null)
project_name = azure_devops_repo.value.project_name
repository_name = azure_devops_repo.value.repository_name
root_folder = lookup(azure_devops_repo.value, "root_folder", "/")
tenant_id = lookup(azure_devops_repo.value, "tenant_id", null)
}
}
dynamic "github_repo" {
for_each = var.github_repo == null ? [] : [var.github_repo]
content {
account_name = github_repo.value.account_name
branch_name = github_repo.value.branch_name
last_commit_id = lookup(github_repo.value, "last_commit_id", null)
repository_name = github_repo.value.repository_name
root_folder = lookup(github_repo.value, "root_folder", "/")
git_url = lookup(github_repo.value, "git_url", null)
}
}
data_exfiltration_protection_enabled = var.data_exfiltration_protection_enabled
linking_allowed_for_aad_tenant_ids = var.allowed_linked_tenant_ids
managed_resource_group_name = var.managed_resource_group_name
managed_virtual_network_enabled = var.managed_virtual_network_enabled
compute_subnet_id = var.compute_subnet_id
public_network_access_enabled = var.public_network_access_enabled
purview_id = var.purview_id
tags = var.tags
lifecycle {
ignore_changes = [github_repo[0].last_commit_id, azure_devops_repo[0].last_commit_id]
}
}
# Add sql Admins
resource "azurerm_synapse_workspace_sql_aad_admin" "this" {
for_each = { for sql_aad_admin in var.sql_aad_admins : sql_aad_admin.login => sql_aad_admin }
synapse_workspace_id = azurerm_synapse_workspace.this.id
login = each.value.login
object_id = each.value.object_id
tenant_id = each.value.tenant_id
}
# Add Workspace Admins
resource "azurerm_synapse_workspace_aad_admin" "this" {
for_each = { for aad_admin in var.aad_admins : aad_admin.login => aad_admin }
synapse_workspace_id = azurerm_synapse_workspace.this.id
login = each.value.login
object_id = each.value.object_id
tenant_id = each.value.tenant_id
}
resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
name = var.workspace_name
storage_account_id = var.data_lake_gen2_id
}
resource "azurerm_synapse_firewall_rule" "this" {
for_each = { for fr in var.allowed_firewall_rules : fr.name => fr }
synapse_workspace_id = azurerm_synapse_workspace.this.id
name = each.value.name
start_ip_address = each.value.start_ip_address
end_ip_address = each.value.end_ip_address
}
resource "azurerm_synapse_integration_runtime_azure" "this" {
for_each = { for ir in var.integration_runtimes : ir.name => ir }
name = each.value.name
synapse_workspace_id = azurerm_synapse_workspace.this.id
location = each.value.location ? each.value.location : azurerm_synapse_workspace.this.location
compute_type = each.value.compute_type
core_count = each.value.core_count
description = each.value.description
time_to_live_min = each.value.time_to_live_min
}
resource "azurerm_synapse_integration_runtime_self_hosted" "this" {
for_each = { for shir in var.self_hosted_integration_runtimes : shir.name => shir }
name = each.value.name
synapse_workspace_id = azurerm_synapse_workspace.this.id
description = each.value.description
}
resource "azurerm_synapse_linked_service" "this" {
for_each = { for ls in var.linked_services : ls.name => ls }
name = each.value.name
synapse_workspace_id = azurerm_synapse_workspace.this.id
type = each.value.type
type_properties_json = jsonencode(each.value.type_properties)
additional_properties = each.value.additional_properties
annotations = each.value.annotations
description = each.value.description
dynamic "integration_runtime" {
for_each = each.value.integration_runtime != null ? [each.value.integration_runtime] : []
content {
name = integration_runtime.value.name
parameters = integration_runtime.value.parameters
}
}
parameters = each.value.parameters
}
resource "azurerm_synapse_managed_private_endpoint" "this" {
for_each = { for mpe in var.managed_private_endpoints : mpe.name => mpe }
name = each.value.name
synapse_workspace_id = azurerm_synapse_workspace.this.id
target_resource_id = each.value.target_resource_id
subresource_name = each.value.subresource_name
}