feat: First release

.terraform-docs.yml

@@ -0,0 +1,5 @@
+formatter: markdown document
+output:
+  file: "README.md"
+settings:
+  anchor: false

README.md

@@ -0,0 +1,150 @@
+# Azure network resources
+
+## Introduction
+
+This module manages required Azure network resources.
+
+## Usage
+
+Instantiate the module by calling it from Terraform like this:
+
+```hcl
+module "azure-network" {
+  source = "dodevops/network/azure"
+  version = "<version>"
+  
+  (...)
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+The following providers are used by this module:
+
+- azurerm
+
+## Modules
+
+No modules.
+
+## Resources
+
+The following resources are used by this module:
+
+- [azurerm_network_security_group.network-security-group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) (resource)
+- [azurerm_network_security_rule.network-security-rules-inbound](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) (resource)
+- [azurerm_subnet.default-subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) (resource)
+- [azurerm_subnet.gateway-subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) (resource)
+- [azurerm_subnet_network_security_group_association.network-security-group-association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) (resource)
+- [azurerm_virtual_network.virtual-network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) (resource)
+- [azurerm_virtual_network_peering.network-peering](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) (resource)
+
+## Required Inputs
+
+The following input variables are required:
+
+### default\_subnet\_cidr
+
+Description: CIDR of the default subnet
+
+Type: `string`
+
+### location
+
+Description: The azure location used for azure
+
+Type: `string`
+
+### network\_cidr
+
+Description: The address space to use for the complete network
+
+Type: `string`
+
+### project
+
+Description: Three letter project key
+
+Type: `string`
+
+### resource\_group
+
+Description: Azure Resource Group to use
+
+Type: `string`
+
+### rules
+
+Description: A map of firewall rules to apply to the network security group of the virtual network
+
+Type:
+
+```hcl
+map(object({
+    priority                     = number,
+    source_address_prefixes      = list(string),
+    source_port_ranges           = list(string),
+    destination_address_prefixes = list(string),
+    destination_port_ranges      = list(string),
+    protocol                     = string,
+  }))
+```
+
+### stage
+
+Description: Stage for this ressource group
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### gateway\_subnet\_cidr
+
+Description: CIDR of the gateway subnet. If not specified, Subnet Gateway will not be created
+
+Type: `string`
+
+Default: `"NONE"`
+
+### peering\_remote\_virtual\_network\_id
+
+Description: The id of the remote virtual network to peer to, if required
+
+Type: `string`
+
+Default: `""`
+
+## Outputs
+
+The following outputs are exported:
+
+### default\_subnet\_id
+
+Description: The id of the default subnet
+
+### gateway\_subnet\_id
+
+Description: The id of the gateway subnet
+
+### network\_id
+
+Description: The id of the virtual network
+
+### network\_name
+
+Description: The name of the virtual network
+<!-- END_TF_DOCS -->
+
+## Development
+
+Use [terraform-docs](https://terraform-docs.io/) to generate the API documentation by running
+
+    terraform fmt .
+    terraform-docs .

firewall.tf

@@ -0,0 +1,28 @@
+# Sets up inbound security rules for the cluster
+
+resource "azurerm_network_security_group" "network-security-group" {
+  location            = var.location
+  name                = "${lower(var.project)}${lower(var.stage)}netsg"
+  resource_group_name = var.resource_group
+}
+
+resource "azurerm_subnet_network_security_group_association" "network-security-group-association" {
+  network_security_group_id = azurerm_network_security_group.network-security-group.id
+  subnet_id                 = azurerm_subnet.default-subnet.id
+}
+
+resource "azurerm_network_security_rule" "network-security-rules-inbound" {
+  for_each = var.rules
+
+  access                       = "Allow"
+  direction                    = "Inbound"
+  name                         = each.key
+  network_security_group_name  = azurerm_network_security_group.network-security-group.name
+  resource_group_name          = var.resource_group
+  priority                     = each.value.priority
+  protocol                     = each.value.protocol
+  source_address_prefixes      = each.value.source_address_prefixes
+  source_port_ranges           = each.value.source_port_ranges
+  destination_address_prefixes = each.value.destination_address_prefixes
+  destination_port_ranges      = each.value.destination_port_ranges
+}

main.tf

@@ -0,0 +1,22 @@
+resource "azurerm_virtual_network" "virtual-network" {
+  address_space       = [var.network_cidr]
+  location            = var.location
+  name                = "${lower(var.project)}${lower(var.stage)}netvnetwork"
+  resource_group_name = var.resource_group
+}
+
+resource "azurerm_subnet" "default-subnet" {
+  address_prefixes     = [var.default_subnet_cidr]
+  name                 = "default"
+  resource_group_name  = var.resource_group
+  virtual_network_name = azurerm_virtual_network.virtual-network.name
+  service_endpoints    = ["Microsoft.Sql", "Microsoft.Storage"]
+}
+
+resource "azurerm_subnet" "gateway-subnet" {
+  count                = var.gateway_subnet_cidr == "NONE" ? 0 : 1
+  name                 = "GatewaySubnet"
+  address_prefixes     = [var.gateway_subnet_cidr]
+  resource_group_name  = var.resource_group
+  virtual_network_name = azurerm_virtual_network.virtual-network.name
+}

outputs.tf

@@ -0,0 +1,18 @@
+output "gateway_subnet_id" {
+  description = "The id of the gateway subnet"
+  value       = var.gateway_subnet_cidr == "NONE" ? 0 : azurerm_subnet.gateway-subnet[0].id
+}
+output "default_subnet_id" {
+  description = "The id of the default subnet"
+  value       = azurerm_subnet.default-subnet.id
+}
+
+output "network_id" {
+  description = "The id of the virtual network"
+  value       = azurerm_virtual_network.virtual-network.id
+}
+
+output "network_name" {
+  description = "The name of the virtual network"
+  value       = azurerm_virtual_network.virtual-network.name
+}

peering.tf

@@ -0,0 +1,7 @@
+resource "azurerm_virtual_network_peering" "network-peering" {
+  count                     = var.peering_remote_virtual_network_id == "" ? 0 : 1
+  name                      = "${var.project}${var.stage}netpeer"
+  remote_virtual_network_id = var.peering_remote_virtual_network_id
+  resource_group_name       = var.resource_group
+  virtual_network_name      = azurerm_virtual_network.virtual-network.name
+}

vars.tf

@@ -0,0 +1,53 @@
+variable "location" {
+  type        = string
+  description = "The azure location used for azure"
+}
+
+variable "project" {
+  type        = string
+  description = "Three letter project key"
+}
+
+variable "stage" {
+  type        = string
+  description = "Stage for this ressource group"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "Azure Resource Group to use"
+}
+
+variable "network_cidr" {
+  type        = string
+  description = "The address space to use for the complete network"
+}
+
+variable "default_subnet_cidr" {
+  type        = string
+  description = "CIDR of the default subnet"
+}
+
+variable "gateway_subnet_cidr" {
+  type        = string
+  description = "CIDR of the gateway subnet. If not specified, Subnet Gateway will not be created"
+  default     = "NONE"
+}
+
+variable "rules" {
+  type = map(object({
+    priority                     = number,
+    source_address_prefixes      = list(string),
+    source_port_ranges           = list(string),
+    destination_address_prefixes = list(string),
+    destination_port_ranges      = list(string),
+    protocol                     = string,
+  }))
+  description = "A map of firewall rules to apply to the network security group of the virtual network"
+}
+
+variable "peering_remote_virtual_network_id" {
+  type        = string
+  default     = ""
+  description = "The id of the remote virtual network to peer to, if required"
+}