diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml new file mode 100644 index 0000000..6915ed4 --- /dev/null +++ b/.github/workflows/documentation.yml @@ -0,0 +1,27 @@ +name: Generate terraform docs +on: + workflow_dispatch: + pull_request: + branches: + - main + - master + push: + branches: + - main + - master + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.7 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.2.0 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" \ No newline at end of file diff --git a/ESLZ/data_lake.tf b/ESLZ/data_lake.tf new file mode 100644 index 0000000..21f2dad --- /dev/null +++ b/ESLZ/data_lake.tf @@ -0,0 +1,19 @@ +variable "data_lakes" { + type = any + default = {} + description = "Value for data lake. This is a collection of values as defined in data_lake.tfvars" +} + +module "data_lakes" { + for_each = var.data_lakes + source = "/home/ken/terraform-azurerm-caf-data-lake" + location= var.location + env = var.env + group = var.group + project = var.project + userDefinedString = each.key + data_lake= each.value + resource_groups = local.resource_groups_all + subnets = local.subnets + user_data = try(each.value.user_data, false) != false ? base64encode(file("${path.cwd}/${each.value.user_data}")) : null +} \ No newline at end of file diff --git a/ESLZ/data_lake.tfvars b/ESLZ/data_lake.tfvars new file mode 100644 index 0000000..a9fdf8d --- /dev/null +++ b/ESLZ/data_lake.tfvars @@ -0,0 +1,91 @@ +data_lakes = { + data_lake={ + storage_account = { # Key defines the userDefinedString + resource_group = "Project" # Required: Resource group name, i.e Project, Management, DNS, etc, or the resource group ID + account_tier = "Standard" # Required: Possible values: Standard,Premium + account_replication_type = "GRS" # Required: Possible values: LRS, GRS, RAGRS, ZRS, GZRS, RAGZRS + + account_kind = "StorageV2" # Optional: possible values: BlobStorage, BlockBlobStorage, FileStorage, Storage, StorageV2. Default: StorageV2 + access_tier = "Hot" # Optional: Possible values: Hot, Cool. Default: Hot + public_network_access_enabled = false # Optional: Possible values: true, false. Default: false + allow_nested_items_to_be_public = false # Optional: Possible values: true, false. Default: false. Can uncomment to set this value + # https_traffic_only_enabled = true # Optional: Possible values: true, false. Default: true. Can uncomment to set this value + # min_tls_version = "TLS1_2" # Optional: Possible values: TLS1_0, TLS1_1, TLS1_2. Default: TLS1_2. Can uncomment to set this value + shared_access_key_enabled = true # Optional: Possible values: true, false. Default: false. Can uncomment to set this value + # default_to_oauth_authentication = false # Optional: Possible values: true, false. Default: false. Can uncomment to set this value + is_hns_enabled = true # Optional: Possible values: true, false. Default: false. Can uncomment to set this value + # nfsv3_enabled = false # Optional: Possible values: true, false. Default: false. Can uncomment to set this value + # cross_tenant_replication_enabled = true # Optional: Possible values: true, false. Default: true. Can uncomment to set this value + + # static_website = false # Optional: Set to true to enable static website with an empty index.html file. Default: false + + # Optional: Set network rules for the storage account. public_network_access_enabled needs to be set to true for this block to properly work + # Can uncomment to deploy it + # network_rules = { + # default_action = "Deny" # Default: Deny + # ip_rules = [] # List of IP permitted to access the storage account + # virtual_network_subnet_ids = ["MAZ", "OZ"] # List of subnet permitted to access the storage account. Values can either be name, i.e MAZ, OZ, etc, or subnet ID + # bypass = ["AzureServices"] # Default: AzureServices. List of Services/resources allowed to bypass firewall. + # } + + # Sets SAS policies, only valid if the shared_access_key_enabled is set to true + #sas_policy = { + # expiration_period = "90.00:00:00" # Required: Format for the period is DD.HH:MM:SS + # expiration_action = "Log" # Optional: Only possible value is Log + # } + + # Optional: Defines a private endpoint for the storage account + # Can be commented out if no private endpoint is required + private_endpoint = { + dfs = { # Key defines the userDefinedstring + resource_group = "Project" # Required: Resource group name, i.e Project, Management, DNS, etc, or the resource group ID + subnet = "OZ" # Required: Subnet name, i.e OZ,MAZ, etc, or the subnet ID + subresource_names = ["dfs"] # Required: Subresource name determines to what service the private endpoint will connect to. see: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource for list of subresrouce + #local_dns_zone = "privatelink.blob.core.windows.net" # Optional: Name of the local DNS zone for the private endpoint + } + } + } + storage_data_lake_gen2_filesystems = { + file-system-1 = { + default_encryption_scope = null + properties =null + owner = null + group = null + # ace = { + + # scope = null + # type = null + # id = null + # permissions = null + # } + + storage_data_lake_gen2_path = { + path1 = { + name = "test" + owner = null + group = null + # ace={ + # scope = null + # type = null + # permissions = null + # id = null + # } + } + path2 = { + name = "test1" + owner = null + group = null + # ace={ + # scope = null + # type = null + # permissions = null + # id = null + # } + } + } + } + + + } + } +} \ No newline at end of file diff --git a/README copy.md b/README copy.md new file mode 100644 index 0000000..f670f7b --- /dev/null +++ b/README copy.md @@ -0,0 +1 @@ +# terraform-azurerm-caf-windows_clusterV2 \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..dfdc7bb --- /dev/null +++ b/locals.tf @@ -0,0 +1,3 @@ +locals { + resource_group_name = strcontains(var.data_lake.storage_account.resource_group, "/resourceGroups/") ? regex("[^\\/]+$", var.data_lake.storage_account.resource_group) : var.resource_groups[var.data_lake.storage_account.resource_group].name +} \ No newline at end of file diff --git a/module.tf b/module.tf new file mode 100644 index 0000000..f784bd5 --- /dev/null +++ b/module.tf @@ -0,0 +1,78 @@ +module "dlsa" { + source ="github.com/canada-ca-terraform-modules/terraform-azurerm-caf-storage_accountV2.git?ref=v1.0.3" + userDefinedString = var.userDefinedString + location = var.location + env = var.env + resource_groups = var.resource_groups + storage_account = var.data_lake.storage_account + subnets = var.subnets + private_dns_zone_ids = var.private_dns_zone_ids + tags = var.tags +} + +# Create File Systems for each Data Lake Storage Account +resource "azurerm_storage_data_lake_gen2_filesystem" "filesystem" { + for_each = var.data_lake.storage_data_lake_gen2_filesystems + name = each.key + storage_account_id = module.dlsa.id + default_encryption_scope = try(each.value.default_encryption_scope, null) + properties =try(each.value.properties, null) + owner = try(each.value.owner, null) + group = try(each.value.group, null) + + dynamic "ace" { + for_each = try(each.value.ace, null) != null ? [1] : [] + content { + scope = try(each.value.ace.scope, null) + type = try(each.value.ace.type, null) + id = try(each.value.ace.id, null) + permissions = try(each.value.ace.permission, null) + + } + } +} + +# Create Paths within the File Systems for each Data Lake +resource "azurerm_storage_data_lake_gen2_path" "paths" { + for_each = zipmap( + flatten([ + for fs_key, fs_value in var.data_lake.storage_data_lake_gen2_filesystems : [ + for path_key, path_value in fs_value.storage_data_lake_gen2_path : "${fs_key}-${path_key}" + ] + ]), + flatten([ + for fs_key, fs_value in var.data_lake.storage_data_lake_gen2_filesystems : [ + for path_key, path_value in fs_value.storage_data_lake_gen2_path : { + file_system_key = fs_key + path_name = path_value.name + owner = try(path_value.owner, null) + group = try(path_value.group, null) + ace = try(path_value.ace, null) + storage_account_id = module.dlsa.id + } + ] + ]) + ) + + path = each.value.path_name + filesystem_name = azurerm_storage_data_lake_gen2_filesystem.filesystem[each.value.file_system_key].name + storage_account_id = each.value.storage_account_id + resource = "directory" + + owner = each.value.owner + group = each.value.group + dynamic "ace" { + for_each = try(each.value.ace, null) != null ? [1] : [] + content { + scope = try(each.value.ace.scope, null) + type = try(each.value.ace.type, null) + id = try(each.value.ace.id, null) + permissions = try(each.value.ace.permission, null) + + } + } +} + + + + diff --git a/name.tf b/name.tf new file mode 100644 index 0000000..024a565 --- /dev/null +++ b/name.tf @@ -0,0 +1,8 @@ +locals { + name_regex = "/[//\"'\\[\\]:|<>+=;,?*@&]/" # Can't include those characters name: \/"'[]:|<>+=;,?*@& + env_4 = substr(var.env, 0, 4) + userDefinedString_7 = substr(var.userDefinedString, 0, 7) + data_lake-name = replace("${local.env_4}-${local.userDefinedString_7}", local.name_regex, "") + + +} \ No newline at end of file diff --git a/output.tf b/output.tf new file mode 100644 index 0000000..2b97079 --- /dev/null +++ b/output.tf @@ -0,0 +1,13 @@ + +output "storage_account" { + description = "The storage account object" + value = module.dlsa +} +output "data_lake_gen2_filesystem" { + description = "The data_lake_gen2_filesystem object" + value = azurerm_storage_data_lake_gen2_filesystem.filesystem +} +output "data_lake_gen2_path" { + description = "The data_lake_gen2_path object" + value = azurerm_storage_data_lake_gen2_path.paths +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..2b1a196 --- /dev/null +++ b/variables.tf @@ -0,0 +1,72 @@ +variable "location" { + description = "Azure location for the VM" + type = string + default = "canadacentral" +} + +variable "tags" { + description = "Tags that will be applied to every associated VM resource" + type = map(string) + default = {} +} + +variable "env" { + description = "(Required) 4 character string defining the environment name prefix for the VM" + type = string + default = "dev" +} + +variable "group" { + description = "(Required) Character string defining the group for the target subscription" + type = string + default = "test" +} + +variable "project" { + description = "(Required) Character string defining the project for the target subscription" + type = string + default = "test" +} + +variable "userDefinedString" { + description = "(Required) User defined portion value for the name of the VM." + type = string + default= "test" +} + + + + + + +variable "data_lake" { + description = "(Required) Cluster configuration for the HA VMs." + type = any + default = null +} + +variable "resource_groups" { + description = "(Required) Resource group object for the VM" + type = any + default = {} +} + + + +variable "subnets" { + description = "(Required) List of subnet objects for the VM" + type = any + default = {} +} + +variable "user_data" { + description = "Base64 encoded file representing user data script for the VM" + type = any + default = null +} + +variable "private_dns_zone_ids" { + description = "(Required) List of private DNS zone IDs" + type = any + default = {} +} \ No newline at end of file