initial

.github/workflows/documentation.yml

@@ -0,0 +1,27 @@
+name: Generate terraform docs
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - master
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs inside the README.md and push changes back to PR branch
+        uses: terraform-docs/[email protected]
+        with:
+          working-dir: .
+          output-file: README.md
+          output-method: inject
+          git-push: "true"

ESLZ/data_lake.tf

@@ -0,0 +1,19 @@
+variable "data_lakes" {
+  type = any
+  default = {}
+  description = "Value for data lake. This is a collection of values as defined in data_lake.tfvars"
+}
+
+module "data_lakes" {
+    for_each = var.data_lakes
+    source = "/home/ken/terraform-azurerm-caf-data-lake"
+    location= var.location
+    env = var.env
+    group = var.group
+    project = var.project
+    userDefinedString = each.key
+    data_lake= each.value
+    resource_groups = local.resource_groups_all
+    subnets = local.subnets
+    user_data = try(each.value.user_data, false) != false ? base64encode(file("${path.cwd}/${each.value.user_data}")) : null
+}

ESLZ/data_lake.tfvars

@@ -0,0 +1,91 @@
+data_lakes = {
+    data_lake={
+        storage_account = {                           # Key defines the userDefinedString
+            resource_group           = "Project"  # Required: Resource group name, i.e Project, Management, DNS, etc, or the resource group ID
+            account_tier             = "Standard" # Required: Possible values: Standard,Premium
+            account_replication_type = "GRS"      # Required: Possible values: LRS, GRS, RAGRS, ZRS, GZRS, RAGZRS
+
+            account_kind                     = "StorageV2"   # Optional: possible values: BlobStorage, BlockBlobStorage, FileStorage, Storage, StorageV2. Default: StorageV2
+            access_tier                      = "Hot"         # Optional: Possible values: Hot, Cool. Default: Hot
+            public_network_access_enabled    = false         # Optional: Possible values: true, false. Default: false
+            allow_nested_items_to_be_public  = false         # Optional: Possible values: true, false. Default: false. Can uncomment to set this value
+            # https_traffic_only_enabled        = true        # Optional: Possible values: true, false. Default: true. Can uncomment to set this value
+            # min_tls_version                  = "TLS1_2"    # Optional: Possible values: TLS1_0, TLS1_1, TLS1_2. Default: TLS1_2. Can uncomment to set this value
+            shared_access_key_enabled        = true       # Optional: Possible values: true, false. Default: false. Can uncomment to set this value
+            # default_to_oauth_authentication  = false       # Optional: Possible values: true, false. Default: false. Can uncomment to set this value
+             is_hns_enabled                   = true       # Optional: Possible values: true, false. Default: false. Can uncomment to set this value
+            # nfsv3_enabled                    = false       # Optional: Possible values: true, false. Default: false. Can uncomment to set this value
+            # cross_tenant_replication_enabled = true        # Optional: Possible values: true, false. Default: true. Can uncomment to set this value
+
+            # static_website = false                         # Optional: Set to true to enable static website with an empty index.html file. Default: false
+
+            # Optional: Set network rules for the storage account. public_network_access_enabled needs to be set to true for this block to properly work
+            # Can uncomment to deploy it
+            # network_rules = {
+            #   default_action             = "Deny"            # Default: Deny
+            #   ip_rules                   = []                # List of IP permitted to access the storage account
+            #   virtual_network_subnet_ids = ["MAZ", "OZ"]     # List of subnet permitted to access the storage account. Values can either be name, i.e MAZ, OZ, etc, or subnet ID
+            #   bypass                     = ["AzureServices"] # Default: AzureServices. List of Services/resources allowed to bypass firewall.
+            # }
+
+            # Sets SAS policies, only valid if the shared_access_key_enabled is set to true
+            #sas_policy = {
+            #   expiration_period = "90.00:00:00"              # Required: Format for the period is DD.HH:MM:SS
+            #   expiration_action = "Log"                      # Optional: Only possible value is Log
+            # }
+
+            # Optional: Defines a private endpoint for the storage account
+            # Can be commented out if no private endpoint is required
+            private_endpoint = {
+            dfs = {                                                  # Key defines the userDefinedstring
+                resource_group    = "Project"                           # Required: Resource group name, i.e Project, Management, DNS, etc, or the resource group ID
+                subnet            = "OZ"                                # Required: Subnet name, i.e OZ,MAZ, etc, or the subnet ID
+                subresource_names = ["dfs"]                            # Required: Subresource name determines to what service the private endpoint will connect to. see: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource for list of subresrouce
+                #local_dns_zone    = "privatelink.blob.core.windows.net" # Optional: Name of the local DNS zone for the private endpoint
+            }
+            }
+        }
+         storage_data_lake_gen2_filesystems = {
+            file-system-1 = {
+                default_encryption_scope = null
+                properties =null
+                owner = null
+                group = null
+                # ace = {
+
+                #     scope         = null
+                #     type = null
+                #     id = null
+                #     permissions = null
+                # }
+
+                storage_data_lake_gen2_path = {
+                    path1 = {
+                        name = "test"
+                        owner = null
+                        group = null
+                        # ace={
+                        #     scope = null
+                        #     type = null
+                        #     permissions = null
+                        #     id = null
+                        # }
+                    }
+                    path2 = {
+                        name = "test1"
+                        owner = null
+                        group = null
+                        # ace={
+                        #     scope = null
+                        #     type = null
+                        #     permissions = null
+                        #     id = null
+                        # }
+                    }
+                }
+            }
+
+
+         }
+    }
+}

README copy.md

@@ -0,0 +1 @@
+# terraform-azurerm-caf-windows_clusterV2

locals.tf

@@ -0,0 +1,3 @@
+locals {
+  resource_group_name = strcontains(var.data_lake.storage_account.resource_group, "/resourceGroups/") ? regex("[^\\/]+$", var.data_lake.storage_account.resource_group) :  var.resource_groups[var.data_lake.storage_account.resource_group].name
+}

module.tf

@@ -0,0 +1,78 @@
+module "dlsa" {
+  source ="github.com/canada-ca-terraform-modules/terraform-azurerm-caf-storage_accountV2.git?ref=v1.0.3"
+  userDefinedString = var.userDefinedString
+  location = var.location
+  env = var.env
+  resource_groups = var.resource_groups
+  storage_account = var.data_lake.storage_account
+  subnets = var.subnets
+  private_dns_zone_ids = var.private_dns_zone_ids
+  tags = var.tags
+}
+
+# Create File Systems for each Data Lake Storage Account
+resource "azurerm_storage_data_lake_gen2_filesystem" "filesystem" {
+  for_each = var.data_lake.storage_data_lake_gen2_filesystems
+  name               = each.key
+  storage_account_id = module.dlsa.id
+  default_encryption_scope = try(each.value.default_encryption_scope, null)
+  properties =try(each.value.properties, null)
+  owner = try(each.value.owner, null)
+  group = try(each.value.group, null)
+
+  dynamic "ace" {
+    for_each = try(each.value.ace, null) != null ? [1] : []
+    content {
+      scope         = try(each.value.ace.scope, null)
+      type = try(each.value.ace.type, null)
+      id = try(each.value.ace.id, null)
+      permissions = try(each.value.ace.permission, null)
+
+    }
+  }
+}
+
+# Create Paths within the File Systems for each Data Lake
+resource "azurerm_storage_data_lake_gen2_path" "paths" {
+  for_each = zipmap(
+    flatten([
+      for fs_key, fs_value in var.data_lake.storage_data_lake_gen2_filesystems : [
+        for path_key, path_value in fs_value.storage_data_lake_gen2_path : "${fs_key}-${path_key}"
+      ]
+    ]),
+    flatten([
+    for fs_key, fs_value in var.data_lake.storage_data_lake_gen2_filesystems : [
+      for path_key, path_value in fs_value.storage_data_lake_gen2_path : {
+        file_system_key  = fs_key
+        path_name        = path_value.name
+        owner            = try(path_value.owner, null)
+        group            = try(path_value.group, null)
+        ace              = try(path_value.ace, null)
+        storage_account_id  = module.dlsa.id
+      }
+    ]
+  ])
+  )
+
+  path               = each.value.path_name
+  filesystem_name   = azurerm_storage_data_lake_gen2_filesystem.filesystem[each.value.file_system_key].name
+  storage_account_id = each.value.storage_account_id
+  resource           = "directory"
+
+  owner = each.value.owner
+  group = each.value.group
+  dynamic "ace" {
+    for_each = try(each.value.ace, null) != null ? [1] : []
+    content {
+      scope         = try(each.value.ace.scope, null)
+      type = try(each.value.ace.type, null)
+      id = try(each.value.ace.id, null)
+      permissions = try(each.value.ace.permission, null)
+
+    }
+  }
+}
+
+
+
+

name.tf

@@ -0,0 +1,8 @@
+locals {
+  name_regex = "/[//\"'\\[\\]:|<>+=;,?*@&]/" # Can't include those characters  name: \/"'[]:|<>+=;,?*@&
+  env_4                         = substr(var.env, 0, 4)
+  userDefinedString_7           = substr(var.userDefinedString, 0, 7)
+  data_lake-name                = replace("${local.env_4}-${local.userDefinedString_7}", local.name_regex, "")
+
+
+}

output.tf

@@ -0,0 +1,13 @@
+
+output "storage_account" {
+  description = "The storage account object"
+  value       = module.dlsa
+}
+output "data_lake_gen2_filesystem" {
+  description = "The data_lake_gen2_filesystem object"
+  value       = azurerm_storage_data_lake_gen2_filesystem.filesystem
+}
+output "data_lake_gen2_path" {
+  description = "The data_lake_gen2_path object"
+  value       = azurerm_storage_data_lake_gen2_path.paths
+}

variables.tf

@@ -0,0 +1,72 @@
+variable "location" {
+  description = "Azure location for the VM"
+  type = string
+  default = "canadacentral"
+}
+
+variable "tags" {
+  description = "Tags that will be applied to every associated VM resource"
+  type = map(string)
+  default = {}
+}
+
+variable "env" {
+  description = "(Required) 4 character string defining the environment name prefix for the VM"
+  type = string
+  default =  "dev"
+}
+
+variable "group" {
+  description = "(Required) Character string defining the group for the target subscription"
+  type = string
+  default = "test"
+}
+
+variable "project" {
+  description = "(Required) Character string defining the project for the target subscription"
+  type = string
+  default = "test"
+}
+
+variable "userDefinedString" {
+  description = "(Required) User defined portion value for the name of the VM."
+  type = string
+  default= "test"
+}
+
+
+
+
+
+
+variable "data_lake" {
+  description = "(Required) Cluster configuration for the HA VMs."
+  type        = any
+  default     = null
+}
+
+variable "resource_groups" {
+  description = "(Required) Resource group object for the VM"
+  type = any
+  default = {}
+}
+
+
+
+variable "subnets" {
+  description = "(Required) List of subnet objects for the VM"
+  type = any
+  default = {}
+}
+
+variable "user_data" {
+  description = "Base64 encoded file representing user data script for the VM"
+  type = any
+  default = null
+}
+
+variable "private_dns_zone_ids" {
+  description = "(Required) List of private DNS zone IDs"
+  type = any
+  default = {}
+}