diff --git a/README.md b/README.md index e700a23..7aaef75 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,14 @@ -# terraform-equinix-template +# terraform-equinix-network-edge [![Experimental](https://img.shields.io/badge/Stability-Experimental-red.svg)](https://github.com/equinix-labs/standards#about-uniform-standards) -[![run-pre-commit-hooks](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/pre-commit.yaml) -[![generate-terraform-docs](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/documentation.yaml/badge.svg)](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/documentation.yaml) +[![run-pre-commit-hooks](https://github.com/equinix-labs/terraform-equinix-network-edge/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/equinix/terraform-equinix-network-edge/actions/workflows/pre-commit.yaml) +[![generate-terraform-docs](https://github.com/equinix/terraform-equinix-network-edge/actions/workflows/documentation.yaml/badge.svg)](https://github.com/equinix/terraform-equinix-network-edge/actions/workflows/documentation.yaml) -`terraform-equinix-template` is a minimal Terraform module that utilizes [Terraform providers for Equinix](https://registry.terraform.io/namespaces/equinix) to provision digital infrastructure and demonstrate higher level integrations. +`terraform-equinix-network-edge` is a minimal Terraform module that +utilizes [Terraform providers for Equinix](https://registry.terraform.io/namespaces/equinix) to provision digital +infrastructure and demonstrate higher level integrations. @@ -16,7 +18,8 @@ This project is experimental and supported by the user community. Equinix does n Install Terraform using the [tfenv](https://github.com/tfutils/tfenv) utility. -This project may be forked, cloned, or downloaded and modified as needed as the base in your integrations and deployments. +This project may be forked, cloned, or downloaded and modified as needed as the base in your integrations and +deployments. This project may also be used as a [Terraform module](https://learn.hashicorp.com/collections/terraform/modules). @@ -29,41 +32,53 @@ terraform { equinix = { source = "equinix/equinix" } -} + } -module "example" { - source = "github.com/equinix-labs/template" - # TEMPLATE: replace "template" with the name of the repo after the terraform-equinix- prefix. + module "example" { + source = "github.com/equinix-labs/template" + # TEMPLATE: replace "template" with the name of the repo after the terraform-equinix- prefix. - # Published modules can be sourced as: - # source = "equinix-labs/template/equinix" - # See https://www.terraform.io/docs/registry/modules/publish.html for details. + # Published modules can be sourced as: + # source = "equinix-labs/template/equinix" + # See https://www.terraform.io/docs/registry/modules/publish.html for details. - # version = "0.1.0" + # version = "0.1.0" - # TEMPLATE: insert required variables here + # TEMPLATE: insert required variables here + } } ``` -Install [pre-commit](https://pre-commit.com/#install) with its prerequesites: [python](https://docs.python.org/3/using/index.html) and [pip](https://pip.pypa.io/en/stable/installation/). +Install [pre-commit](https://pre-commit.com/#install) with its +prerequesites: [python](https://docs.python.org/3/using/index.html) +and [pip](https://pip.pypa.io/en/stable/installation/). Configure pre-commit: `pre-commit install`. -Install required packages: [tflint](https://github.com/terraform-linters/tflint), [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/getting-started/installation/), [shfmt](https://github.com/mvdan/sh), [shellcheck](https://github.com/koalaman/shellcheck), and [markdownlint](https://github.com/markdownlint/markdownlint). +Install required +packages: [tflint](https://github.com/terraform-linters/tflint), [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/getting-started/installation/), [shfmt](https://github.com/mvdan/sh), [shellcheck](https://github.com/koalaman/shellcheck), +and [markdownlint](https://github.com/markdownlint/markdownlint). Run `terraform init -upgrade` and `terraform apply`. ## Module Documentation -The main README.md, the modules README.md and the examples README.md are populated by [terraform-docs worflow job](.github/workflows/documentation.yaml). The following sections are appended between the terraform-docs delimeters: Requiremenents, Providers, Modules, Resources, Inputs, and Outputs. +The main README.md, the modules README.md and the examples README.md are populated +by [terraform-docs worflow job](.github/workflows/documentation.yaml). The following sections are appended between the +terraform-docs delimeters: Requiremenents, Providers, Modules, Resources, Inputs, and Outputs. ## Module Release and Changelog Generation -The module git release and [changelog](CHANGELOG.md) are generated by the [release workflow job](.github/workflows/release.yaml). The release worflow follows the [conventional commits convention](https://www.conventionalcommits.org/). To submit a commit, please follow the [commit message format guidelines](https://www.conventionalcommits.org/en/v1.0.0/#specification). This job is set to run manually by default. +The module git release and [changelog](CHANGELOG.md) are generated by +the [release workflow job](.github/workflows/release.yaml). The release worflow follows +the [conventional commits convention](https://www.conventionalcommits.org/). To submit a commit, please follow +the [commit message format guidelines](https://www.conventionalcommits.org/en/v1.0.0/#specification). This job is set to +run manually by default. Example commit message: `fix: disabled log generation for system services` -For more examples, please see [conventional commit message examples](https://www.conventionalcommits.org/en/v1.0.0/#examples). +For more examples, please +see [conventional commit message examples](https://www.conventionalcommits.org/en/v1.0.0/#examples). ## Examples @@ -71,45 +86,48 @@ To view examples for how you can leverage this module, please see the [examples] + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.3 | -| [equinix](#requirement\_equinix) | >= 1.8.0 | +| Name | Version | +|---------------------------------------------------------------------------|----------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [equinix](#requirement\_equinix) | >= 1.8.0 | ## Providers -| Name | Version | -|------|---------| +| Name | Version | +|---------------------------------------------------------------|----------| | [equinix](#provider\_equinix) | >= 1.8.1 | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [inline-module](#module\_inline-module) | ./modules/inline-module | n/a | +| Name | Source | Version | +|-----------------------------------------------------------------------------|-------------------------|---------| +| [inline-module](#module\_inline-module) | ./modules/inline-module | n/a | ## Resources -| Name | Type | -|------|------| +| Name | Type | +|----------------------------------------------------------------------------------------------------------------------------|----------| | [equinix_metal_device.example](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/metal_device) | resource | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [example\_auth\_token](#input\_example\_auth\_token) | The example auth token value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes | -| [example\_project\_id](#input\_example\_project\_id) | The example project id value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [example\_auth\_token](#input\_example\_auth\_token) | The example auth token value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes | +| [example\_project\_id](#input\_example\_project\_id) | The example project id value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| +| Name | Description | +|---------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------| | [example\_device\_hostname](#output\_example\_device\_hostname) | The example output. In practice, output value reference implicit resource attributes declared in main.tf | -| [example\_gateway\_id](#output\_example\_gateway\_id) | The example output. In practice, output value reference implicit resource attributes declared in main.tf | +| [example\_gateway\_id](#output\_example\_gateway\_id) | The example output. In practice, output value reference implicit resource attributes declared in main.tf | + + ## Contributing If you would like to contribute to this module, see [CONTRIBUTING](CONTRIBUTING.md) page. diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/README.md new file mode 100644 index 0000000..b843d56 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/README.md @@ -0,0 +1,61 @@ +# Network Edge Palo Alto Firewall Cluster Example + +This example demonstrates creation of Network Edge Palo Alto Firewall Cluster. It will: + +- Create a ACL template +- Create a management ACL template +- Create an SSH key +- Provision Palo Alto Firewall Cluster + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-cluster +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource | +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/main.tf new file mode 100644 index 0000000..485a073 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/main.tf @@ -0,0 +1,61 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm_cluster" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-cluster" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + software_package = "VM300" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + additional_bandwidth = 100 + connectivity = "INTERNET-ACCESS" + acl_template_id = equinix_network_acl_template.pa_vm_cluster_wan_acl.id + mgmt_acl_template_uuid = equinix_network_acl_template.pa_vm_cluster_mgmt_acl.id + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe_pri.name + } + cluster = { + enabled = true + name = "test-pa-vm-cluster" + node0_vendor_configuration_hostname = "node0" + node1_vendor_configuration_hostname = "node1" + license_token = var.license_token + } +} + +resource "equinix_network_ssh_key" "johndoe_pri" { + name = "johndoe-pri-0426-12" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_acl_template" "pa_vm_cluster_mgmt_acl" { + name = "tf-pa-vm-cluster-mgmt" + description = "Primary Palo Alto Networks VM ACL template" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + inbound_rule { + subnet = "12.16.103.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} + +resource "equinix_network_acl_template" "pa_vm_cluster_wan_acl" { + name = "tf-pa-vm-cluster-wan" + description = "Secondary Palo Alto Networks VM ACL template" + inbound_rule { + subnet = "172.16.25.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/outputs.tf new file mode 100644 index 0000000..0dc2749 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm_cluster +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/variables.tf new file mode 100644 index 0000000..555ae6b --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/variables.tf @@ -0,0 +1,24 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} + +variable "license_token" { + description = "License Token" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/README.md new file mode 100644 index 0000000..6690f4c --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/README.md @@ -0,0 +1,60 @@ +# Network Edge Palo Alto Firewall HA Device Example + +This example demonstrates creation of Network Edge Palo Alto Firewall HA device. It will: + +- Create a ACL template +- Create an SSH key +- Provision Palo Alto Firewall HA device + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-ha +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource | +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/main.tf new file mode 100644 index 0000000..4f6d717 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/main.tf @@ -0,0 +1,68 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm_ha" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-ha" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + software_package = "VM300" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + connectivity = "INTERNET-ACCESS" + notifications = ["test@test.com"] + hostname = "pavm-pri" + additional_bandwidth = 100 + acl_template_id = equinix_network_acl_template.pa_vm_pri.id + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe_pri.name + } + secondary = { + enabled = true + metro_code = var.metro_code_secondary + hostname = "pavm-sec" + account_number = "123456" + additional_bandwidth = 50 + acl_template_id = equinix_network_acl_template.pa_vm_sec.id + license_token = var.license_token + } + +} + +resource "equinix_network_ssh_key" "johndoe_pri" { + name = "johndoe-pri-0425-2" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_ssh_key" "johndoe_sec" { + name = "johndoe-sec-0425-2" + public_key = var.ssh_rsa_public_key +} + +resource "equinix_network_acl_template" "pa_vm_pri" { + name = "tf-pa-vm-pri" + description = "Primary Palo Alto Networks VM ACL template" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + inbound_rule { + subnet = "12.16.103.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} + +resource "equinix_network_acl_template" "pa_vm_sec" { + name = "tf-pa-vm-sec" + description = "Secondary Palo Alto Networks VM ACL template" + inbound_rule { + subnet = "172.16.25.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/outputs.tf new file mode 100644 index 0000000..d3bab39 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm_ha +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/variables.tf new file mode 100644 index 0000000..5382882 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/variables.tf @@ -0,0 +1,28 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "metro_code_secondary" { + description = "Device location metro code" + type = string +} +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} + +variable "license_token" { + description = "License Token" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-ha/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/README.md new file mode 100644 index 0000000..b843d56 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/README.md @@ -0,0 +1,61 @@ +# Network Edge Palo Alto Firewall Cluster Example + +This example demonstrates creation of Network Edge Palo Alto Firewall Cluster. It will: + +- Create a ACL template +- Create a management ACL template +- Create an SSH key +- Provision Palo Alto Firewall Cluster + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-cluster +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource | +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/main.tf new file mode 100644 index 0000000..c292ec7 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/main.tf @@ -0,0 +1,48 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm_cluster" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-cluster" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + software_package = "VM300" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + connectivity = "INTERNET-ACCESS-WITH-PRVT-MGMT" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + additional_bandwidth = 100 + acl_template_id = equinix_network_acl_template.pa_vm_cluster_wan_acl.id + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe_pri.name + } + cluster = { + enabled = true + name = "test-pa-vm-cluster" + node0_vendor_configuration_hostname = "node0" + node1_vendor_configuration_hostname = "node1" + license_token = var.license_token + } +} + +resource "equinix_network_ssh_key" "johndoe_pri" { + name = "johndoe-pri-0414-21" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_acl_template" "pa_vm_cluster_wan_acl" { + name = "tf-pa-vm-cluster-wan" + description = "Secondary Palo Alto Networks VM ACL template" + inbound_rule { + subnet = "172.16.25.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/outputs.tf new file mode 100644 index 0000000..0dc2749 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm_cluster +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/variables.tf new file mode 100644 index 0000000..555ae6b --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/variables.tf @@ -0,0 +1,24 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} + +variable "license_token" { + description = "License Token" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-cluster/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/README.md new file mode 100644 index 0000000..f0271d4 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/README.md @@ -0,0 +1,59 @@ +# Network Edge Palo Alto Firewall HA Device Example + +This example demonstrates creation of Network Edge Palo Alto Firewall HA device. It will: + +- Create a ACL template +- Create an SSH key +- Provision Palo Alto Firewall HA device + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-ha +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource | +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/main.tf new file mode 100644 index 0000000..b079592 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/main.tf @@ -0,0 +1,68 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm_ha" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-ha" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + software_package = "VM300" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + connectivity = "INTERNET-ACCESS-WITH-PRVT-MGMT" + notifications = ["test@test.com"] + hostname = "pavm-pri" + additional_bandwidth = 100 + acl_template_id = equinix_network_acl_template.pa_vm_pri.id + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe_pri.name + } + secondary = { + enabled = true + metro_code = var.metro_code_secondary + hostname = "pavm-sec" + account_number = "123456" + additional_bandwidth = 50 + acl_template_id = equinix_network_acl_template.pa_vm_sec.id + license_token = var.license_token + } + +} + +resource "equinix_network_ssh_key" "johndoe_pri" { + name = "johndoe-pri-0425-2" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_ssh_key" "johndoe_sec" { + name = "johndoe-sec-0425-2" + public_key = var.ssh_rsa_public_key +} + +resource "equinix_network_acl_template" "pa_vm_pri" { + name = "tf-pa-vm-pri" + description = "Primary Palo Alto Networks VM ACL template" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + inbound_rule { + subnet = "12.16.103.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} + +resource "equinix_network_acl_template" "pa_vm_sec" { + name = "tf-pa-vm-sec" + description = "Secondary Palo Alto Networks VM ACL template" + inbound_rule { + subnet = "172.16.25.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/outputs.tf new file mode 100644 index 0000000..d3bab39 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm_ha +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/variables.tf new file mode 100644 index 0000000..3aa0e4d --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/variables.tf @@ -0,0 +1,29 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "metro_code_secondary" { + description = "Device location metro code" + type = string +} + +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} + +variable "license_token" { + description = "License Token" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-ha/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/README.md new file mode 100644 index 0000000..95d6201 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/README.md @@ -0,0 +1,60 @@ +# Network Edge Palo Alto Firewall Single Device Example + +This example demonstrates creation of Network Edge Palo Alto Firewall Single device. It will: + +- Create a ACL template +- Create an SSH key +- Provision Palo Alto Firewall Single device + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-single +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource | +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/main.tf new file mode 100644 index 0000000..381a64d --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/main.tf @@ -0,0 +1,42 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-single" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + software_package = "VM300" + connectivity = "INTERNET-ACCESS-WITH-PRVT-MGMT" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + additional_bandwidth = 100 + acl_template_id = equinix_network_acl_template.pa_vm_pri.id + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe.name + } +} + +resource "equinix_network_ssh_key" "johndoe" { + name = "johndoe-pri-0424-single-3" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_acl_template" "pa_vm_pri" { + name = "tf-pa-vm-pri" + description = "Primary Palo Alto Networks VM ACL template" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + inbound_rule { + subnet = "12.16.103.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/outputs.tf new file mode 100644 index 0000000..35030b8 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/variables.tf new file mode 100644 index 0000000..780a892 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/variables.tf @@ -0,0 +1,19 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-private-interface-management-single/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/README.md new file mode 100644 index 0000000..95d6201 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/README.md @@ -0,0 +1,60 @@ +# Network Edge Palo Alto Firewall Single Device Example + +This example demonstrates creation of Network Edge Palo Alto Firewall Single device. It will: + +- Create a ACL template +- Create an SSH key +- Provision Palo Alto Firewall Single device + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-single +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource | +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/main.tf new file mode 100644 index 0000000..d8beb0c --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/main.tf @@ -0,0 +1,42 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-single" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + software_package = "VM300" + connectivity = "INTERNET-ACCESS" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + additional_bandwidth = 100 + acl_template_id = equinix_network_acl_template.pa_vm_pri.id + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe.name + } +} + +resource "equinix_network_ssh_key" "johndoe" { + name = "johndoe-pri-0414-single-15" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_acl_template" "pa_vm_pri" { + name = "tf-pa-vm-pri" + description = "Primary Palo Alto Networks VM ACL template" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + inbound_rule { + subnet = "12.16.103.0/24" + protocol = "TCP" + src_port = "any" + dst_port = "22" + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/outputs.tf new file mode 100644 index 0000000..35030b8 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/variables.tf new file mode 100644 index 0000000..780a892 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/variables.tf @@ -0,0 +1,19 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-single/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/README.md new file mode 100644 index 0000000..321761f --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/README.md @@ -0,0 +1,58 @@ +# Network Edge Palo Alto Firewall Cluster Example + +This example demonstrates creation of Network Edge Palo Alto Firewall Cluster. It will: + +- Create an SSH key +- Provision Palo Alto Firewall Cluster + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-cluster +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/main.tf new file mode 100644 index 0000000..a2bdf9a --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/main.tf @@ -0,0 +1,35 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm_cluster" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-cluster" + metro_code = var.metro_code_primary + platform = "medium" + account_number = "123456" + connectivity = "PRIVATE" + software_package = "VM300" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe_pri.name + } + cluster = { + enabled = true + name = "test-pa-vm-cluster" + node0_vendor_configuration_hostname = "node0" + node1_vendor_configuration_hostname = "node1" + license_token = var.license_token + } +} + +resource "equinix_network_ssh_key" "johndoe_pri" { + name = "johndoe-pri-0426-11" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/outputs.tf new file mode 100644 index 0000000..0dc2749 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm_cluster +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/variables.tf new file mode 100644 index 0000000..555ae6b --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/variables.tf @@ -0,0 +1,24 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} + +variable "license_token" { + description = "License Token" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-cluster/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/README.md new file mode 100644 index 0000000..e2a148e --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/README.md @@ -0,0 +1,58 @@ +# Network Edge Palo Alto Firewall HA Device Example + +This example demonstrates creation of Network Edge Palo Alto Firewall HA device. It will: + +- Create an SSH key +- Provision Palo Alto Firewall HA device + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-ha +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/main.tf new file mode 100644 index 0000000..f501cad --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/main.tf @@ -0,0 +1,40 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm_ha" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-ha" + metro_code = var.metro_code_primary + platform = "small" + account_number = "123456" + software_package = "VM300" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe_pri.name + } + secondary = { + enabled = true + metro_code = var.metro_code_secondary + hostname = "pavm-sec" + account_number = "123456" + license_token = var.license_token + } + +} + +resource "equinix_network_ssh_key" "johndoe_pri" { + name = "johndoe-pri-0426-10" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} + +resource "equinix_network_ssh_key" "johndoe_sec" { + name = "johndoe-pri-0426-10" + public_key = var.ssh_rsa_public_key +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/outputs.tf new file mode 100644 index 0000000..d3bab39 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm_ha +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/variables.tf new file mode 100644 index 0000000..5382882 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/variables.tf @@ -0,0 +1,28 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} + +variable "metro_code_secondary" { + description = "Device location metro code" + type = string +} +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} + +variable "license_token" { + description = "License Token" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-ha/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/README.md b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/README.md new file mode 100644 index 0000000..45a96ec --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/README.md @@ -0,0 +1,58 @@ +# Network Edge Palo Alto Firewall Single Device Example + +This example demonstrates creation of Network Edge Palo Alto Firewall Single device. It will: + +- Create an SSH key +- Provision Palo Alto Firewall Single device + +## Usage + +To provision this example, you should clone the github repository and run terraform from within this directory: + +```bash +git clone https://github.com/equinix/terraform-equinix-network-edge.git +cd terraform-equinix-network-edge/examples/pa-vm-firewall-single +terraform init +terraform apply +``` + +Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these +resources. + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.5.4 | +| [equinix](#requirement\_equinix) | ~> 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | ~> 1.34.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes | +| [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes | +| [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes | +| [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------|------------------------| +| [device\_details](#output\_device\_details) | Virtual device details | + diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/main.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/main.tf new file mode 100644 index 0000000..5b7994d --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/main.tf @@ -0,0 +1,28 @@ +provider "equinix" { + client_id = var.equinix_client_id + client_secret = var.equinix_client_secret +} + +module "pa_vm" { + source = "../../../modules/Palo-Alto-Network-Firewall" + name = "tf-pa-vm-single" + metro_code = var.metro_code_primary + platform = "small" + account_number = "123456" + software_package = "VM300" + connectivity = "PRIVATE" + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" + term_length = 1 + notifications = ["test@test.com"] + hostname = "pavm-pri" + ssh_key = { + userName = "johndoe-primary" + keyName = equinix_network_ssh_key.johndoe.name + } +} + +resource "equinix_network_ssh_key" "johndoe" { + name = "johndoe-pri-0414-single-7" + public_key = var.ssh_rsa_public_key + project_id = "e6be59d9-62c0-4140-aad6-150f0700203c" +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/outputs.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/outputs.tf new file mode 100644 index 0000000..35030b8 --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/outputs.tf @@ -0,0 +1,4 @@ +output "device_details" { + description = "Virtual device details" + value = module.pa_vm +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/variables.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/variables.tf new file mode 100644 index 0000000..f342f6e --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/variables.tf @@ -0,0 +1,18 @@ +variable "equinix_client_id" { + type = string + description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable." +} + +variable "equinix_client_secret" { + type = string + description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable." +} + +variable "metro_code_primary" { + description = "Device location metro code" + type = string +} +variable "ssh_rsa_public_key" { + description = "SSH RSA public key" + type = string +} diff --git a/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/versions.tf b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/versions.tf new file mode 100644 index 0000000..8401ebe --- /dev/null +++ b/examples/Palo-Alto-Network-Firewall/pa-vm-firewall-znpd-single/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } +} diff --git a/examples/simple/README.md b/examples/simple/README.md deleted file mode 100644 index 6a41ec3..0000000 --- a/examples/simple/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# Simple Example - -This example demonstrates usage of the Equinix Template module. - -## Usage - -```bash -terraform init -terraform apply -``` - - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.3 | - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [example](#module\_example) | ../../ | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [example\_metal\_auth\_token](#input\_example\_metal\_auth\_token) | The example auth token value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes | -| [example\_metal\_project\_id](#input\_example\_metal\_project\_id) | The example project id value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [example\_device\_hostname](#output\_example\_device\_hostname) | The example output. In practice, output value reference implicit resource attributes declared in main.tf | -| [example\_gateway\_id](#output\_example\_gateway\_id) | The example output. In practice, output value reference implicit resource attributes declared in main.tf | - diff --git a/examples/simple/main.tf b/examples/simple/main.tf deleted file mode 100644 index 43c115c..0000000 --- a/examples/simple/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_version = ">= 1.3" -} - -module "example" { - # TEMPLATE: Replace this path with the Git repo path or Terraform Registry path - source = "../../" - - # Define any required variables - metal_project_id = var.example_metal_project_id - metal_auth_token = var.example_metal_auth_token -} diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf deleted file mode 100644 index 50d8eb0..0000000 --- a/examples/simple/outputs.tf +++ /dev/null @@ -1,24 +0,0 @@ -# TEMPLATE: Consider the attributes users of this module will need to take advantage of this module -# TEMPLATE: in a new module that depends on this module (addresses, credentials, filenames). -# TEMPLATE: All outputs must have a description. Do not include descriptions or help text in the -# TEMPLATE: value, use the description field. -# TEMPLATE: -# TEMPLATE: Declare all outputs in this file, sprawling declarations are difficult to identify. -# TEMPLATE: -# TEMPLATE: https://www.terraform.io/docs/language/values/outputs.html -# TEMPLATE: https://www.terraform.io/docs/language/expressions/types.html -# TEMPLATE: - -# TEMPLATE: Replace sample output described below with your own. -output "example_device_hostname" { - description = "The example output. In practice, output value reference implicit resource attributes declared in main.tf" - sensitive = false - value = module.example.device_hostname -} - -# TEMPLATE: Replace sample output described below with your own. -output "example_gateway_id" { - description = "The example output. In practice, output value reference implicit resource attributes declared in main.tf" - sensitive = false - value = module.example.gateway_id -} diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf deleted file mode 100644 index 878ff3d..0000000 --- a/examples/simple/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -# TEMPLATE: All variables must have a description and should declare their type. -# TEMPLATE: Set defaults whenever possible but do not set defaults for required properties. -# TEMPLATE: Declare all variables in this file, sprawling declarations are difficult to identify. -# TEMPLATE: -# TEMPLATE: https://www.terraform.io/docs/language/values/variables.html -# TEMPLATE: https://www.terraform.io/docs/language/expressions/types.html -# TEMPLATE: - -# TEMPLATE: Replace sample variable described below with your own. -variable "example_metal_project_id" { - type = string - description = "The example project id value defines what will be included in the example resource in main.tf. This example is descriptive." - sensitive = false -} - -# TEMPLATE: Replace sample variable described below with your own. -variable "example_metal_auth_token" { - type = string - description = "The example auth token value defines what will be included in the example resource in main.tf. This example is descriptive." - sensitive = true -} diff --git a/modules/Palo-Alto-Network-Firewall/README.md b/modules/Palo-Alto-Network-Firewall/README.md new file mode 100644 index 0000000..97242b6 --- /dev/null +++ b/modules/Palo-Alto-Network-Firewall/README.md @@ -0,0 +1,106 @@ +# Network Edge Virtual Device PA-VM SubModule + +The Network Edge Virtual Device PA-VM Module will create Palo Alto Networks VM series firewall devices on the Equinix +Network edge platform. + +1. Single or Non HA device +2. HA devices +3. Cluster devices + +Please refer to the pa-vm-firewall-* examples in this module's registry for more details on how to leverage the +submodule. + + + +## Equinix Network Edge Developer Documentation + +To see the documentation for the APIs that the Network Edge Terraform Provider is built on +and to learn how to procure your own Client_Id and Client_Secret follow the link below: +[Equinix Network Edge Developer Portal](https://developer.equinix.com/catalog/network-edgev1) + + + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.6.6 | +| [equinix](#requirement\_equinix) | >= 1.34.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|-----------| +| [equinix](#provider\_equinix) | >= 1.34.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|----------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [equinix_network_device.cluster](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/network_device) | resource | +| [equinix_network_device.non_cluster](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/network_device) | resource | +| [equinix_network_device_platform.this](https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device_platform) | data source | +| [equinix_network_device_software.this](https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device_software) | data source | +| [equinix_network_device_type.this](https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device_type) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|---------------------|:--------:| +| [metro\_code](#input\_metro\_code) | Device location metro code | `string` | n/a | yes | +| [connectivity](#input\_connectivity) | Device accessibility (INTERNET-ACCESS or PRIVATE or INTERNET-ACCESS-WITH-PRVT-MGMT) | `string` | `"INTERNET-ACCESS"` | no | +| [project\_id](#input\_project\_id) | project_id | `string` | "" | no | +| [account\_number](#input\_account\_number) | Billing account number for a device | `string` | n/a | yes | +| [platform](#input\_platform) | Device hardware platform flavor: small, medium, large | `list(string)` | n/a | yes | +| [software\_package](#input\_software\_package) | Additional info parameters. It's a list of maps containing 'key' and 'value' keys with their corresponding values. | `list(object({ key = string, value = string }))` | `[]` | no | +| [license_token](#input\_license\_token) | License token applicable for Equinix managed device in BYOL licensing mode | `string` | `""` | no | +| [name](#input\_name) | Interface Id | `number` | `null` | no | +| [hostname](#input\_hostname) | Virtual Device Interface type - CLOUD, NETWORK | `string` | `""` | no | +| [term_length](#input\_term_length) | Virtual Device type - EDGE | `string` | `""` | no | +| [notifications](#input\_notifications) | Virtual Device UUID | list(string) | `""` | no | +| [acl\_template\_id](#input\_acl\_template\_id) | Notification Type - ALL is the only type currently supported | `string` | `"ALL"` | no | +| [mgmt\_acl\_template\_uuid](#input\_mgmt\_acl\_template\_uuid) | Subscriber-assigned project ID | `string` | `""` | no | +| [additional\_bandwidth](#input\_additional\_bandwidth) | Purchase order number | `string` | `""` | no | +| [ssh\_key](#input\_ssh\_key) | Connection bandwidth in Mbps | `number` | `0` | no | +| [interface\_count](#input\_interface\_count) | Secondary Connection name. An alpha-numeric 24 characters string which can include only hyphens and underscores | `string` | `""` | no | +| [secondary](#input\_secondary) | Secondary device attributes | map(any) | `""` | no | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------------|---------------------------------| +| [account\_number](#output\_account\_number) | Device billing account number | +| [cpu\_count](#output\_cpu\_count) | Device CPU cores count | +| [ibx](#output\_ibx) | Device IBX center | +| [id](#output\_id) | Device identifier | +| [interfaces](#output\_interfaces) | Device interfaces | +| [license\_status](#output\_license\_status) | Device license status | +| [memory](#output\_memory) | Device memory amount | +| [region](#output\_region) | Device region | +| [secondary](#output\_secondary) | Secondary device attributes | +| [software\_version](#output\_software\_version) | Device software version | +| [ssh\_ip\_address](#output\_ssh\_ip\_address) | Device SSH interface IP address | +| [ssh\_ip\_fqdn](#output\_ssh\_ip\_fqdn) | Device SSH interface FQDN | +| [status](#output\_status) | Device provisioning status | + +## Examples + +- [Network Edge PA-VM single device](https://registry.terraform.io/modules/equinix/terraform-equinix-network-edge/examples/pa-vm-firewall-single/) +- [Network Edge PA-VM HA pair device](https://registry.terraform.io/modules/equinix/terraform-equinix-network-edge/examples/pa-vm-firewall-ha/) +- [Network Edge PA-VM_cluster device](https://registry.terraform.io/modules/equinix/terraform-equinix-network-edge/examples/pa-vm-firewall-cluster/) + +[equinix_network_device_data_source_url]: (https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device) + +[equinix_network_device_type_data_source_url]: (https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device_type) + +[equinix_network_device_platform_data_source_url]: (https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device_platform) + +[equinix_network_device_software_data_source_url]: (https://registry.terraform.io/providers/equinix/equinix/latest/docs/data-sources/equinix_network_device_software) + +[equinix_terraform_provider_url]: (https://registry.terraform.io/providers/equinix/equinix/latest) + diff --git a/modules/Palo-Alto-Network-Firewall/main.tf b/modules/Palo-Alto-Network-Firewall/main.tf new file mode 100644 index 0000000..3f248a8 --- /dev/null +++ b/modules/Palo-Alto-Network-Firewall/main.tf @@ -0,0 +1,109 @@ +data "equinix_network_device_type" "this" { + category = "FIREWALL" + vendor = "Palo Alto Networks" +} + +data "equinix_network_device_platform" "this" { + device_type = data.equinix_network_device_type.this.code + flavor = var.platform +} + +data "equinix_network_device_software" "this" { + device_type = data.equinix_network_device_type.this.code + packages = [var.software_package] + stable = true + most_recent = true +} + +resource "equinix_network_device" "non_cluster" { + + count = !var.cluster.enabled ? 1 : 0 + lifecycle { + ignore_changes = [version, core_count] + precondition { + condition = length(var.hostname) >= 2 && length(var.hostname) <= 10 + error_message = "Device hostname should consist of 2 to 10 characters." + } + } + self_managed = true + byol = true + name = var.name + project_id = var.project_id + hostname = var.hostname + type_code = data.equinix_network_device_type.this.code + package_code = var.software_package + version = data.equinix_network_device_software.this.version + core_count = data.equinix_network_device_platform.this.core_count + metro_code = var.metro_code + connectivity = var.connectivity + account_number = var.account_number + term_length = var.term_length + interface_count = var.interface_count + notifications = var.notifications + acl_template_id = var.acl_template_id != "" ? var.acl_template_id : null + additional_bandwidth = var.additional_bandwidth > 0 ? var.additional_bandwidth : null + ssh_key { + username = var.ssh_key.userName + key_name = var.ssh_key.keyName + } + + dynamic "secondary_device" { + for_each = var.secondary.enabled ? [1] : [] + content { + name = "${var.name}-secondary" + license_token = try(var.secondary.license_token, null) + hostname = var.secondary.hostname + metro_code = var.secondary.metro_code + account_number = var.secondary.account_number + notifications = var.notifications + acl_template_id = try(var.secondary.acl_template_id, null) + additional_bandwidth = var.additional_bandwidth > 0 ? var.additional_bandwidth : null + ssh_key { + username = var.ssh_key.userName + key_name = var.ssh_key.keyName + } + } + } +} + +resource "equinix_network_device" "cluster" { + count = var.cluster.enabled ? 1 : 0 + lifecycle { + ignore_changes = [version, core_count] + } + self_managed = true + byol = true + name = var.name + type_code = data.equinix_network_device_type.this.code + package_code = var.software_package + version = data.equinix_network_device_software.this.version + core_count = data.equinix_network_device_platform.this.core_count + metro_code = var.metro_code + account_number = var.account_number + term_length = var.term_length + interface_count = var.interface_count + notifications = var.notifications + connectivity = var.connectivity + acl_template_id = var.acl_template_id != "" ? var.acl_template_id : null + mgmt_acl_template_uuid = var.mgmt_acl_template_uuid != "" ? var.mgmt_acl_template_uuid : null + additional_bandwidth = var.additional_bandwidth > 0 ? var.additional_bandwidth : null + ssh_key { + username = var.ssh_key.userName + key_name = var.ssh_key.keyName + } + cluster_details { + cluster_name = var.cluster.name + node0 { + vendor_configuration { + hostname = var.cluster.node0_vendor_configuration_hostname + } + license_token = var.cluster.license_token + } + node1 { + vendor_configuration { + hostname = var.cluster.node1_vendor_configuration_hostname + } + license_token = var.cluster.license_token + } + } +} diff --git a/modules/Palo-Alto-Network-Firewall/outputs.tf b/modules/Palo-Alto-Network-Firewall/outputs.tf new file mode 100644 index 0000000..ab3eb09 --- /dev/null +++ b/modules/Palo-Alto-Network-Firewall/outputs.tf @@ -0,0 +1,76 @@ +output "id" { + description = "Device identifier" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].uuid : equinix_network_device.cluster[0].uuid +} + +output "status" { + description = "Device provisioning status" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].status : equinix_network_device.cluster[0].status +} + +output "license_status" { + description = "Device license status" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].license_status : equinix_network_device.cluster[0].license_status +} + +output "account_number" { + description = "Device billing account number" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].account_number : equinix_network_device.cluster[0].account_number +} + +output "cpu_count" { + description = "Device CPU cores count" + value = data.equinix_network_device_platform.this.core_count +} + +output "memory" { + description = "Device memory amount" + value = join(" ", [ + data.equinix_network_device_platform.this.memory, data.equinix_network_device_platform.this.memory_unit + ]) +} + +output "software_version" { + description = "Device software version" + value = data.equinix_network_device_software.this.version +} + +output "region" { + description = "Device region" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].region : equinix_network_device.cluster[0].region +} + +output "ibx" { + description = "Device IBX center" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].ibx : equinix_network_device.cluster[0].ibx +} + +output "ssh_ip_address" { + description = "Device SSH interface IP address" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].ssh_ip_address : equinix_network_device.cluster[0].ssh_ip_address +} + +output "ssh_ip_fqdn" { + description = "Device SSH interface FQDN" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].ssh_ip_fqdn : equinix_network_device.cluster[0].ssh_ip_fqdn +} + +output "interfaces" { + description = "Device interfaces" + value = !var.cluster.enabled ? equinix_network_device.non_cluster[0].interface : equinix_network_device.cluster[0].interface +} + +output "secondary" { + description = "Secondary device attributes" + value = !var.cluster.enabled && var.secondary.enabled ? { + id = equinix_network_device.non_cluster[0].secondary_device[0].uuid + status = equinix_network_device.non_cluster[0].secondary_device[0].status + license_status = equinix_network_device.non_cluster[0].secondary_device[0].license_status + account_number = equinix_network_device.non_cluster[0].secondary_device[0].account_number + region = equinix_network_device.non_cluster[0].secondary_device[0].region + ibx = equinix_network_device.non_cluster[0].secondary_device[0].ibx + ssh_ip_address = equinix_network_device.non_cluster[0].secondary_device[0].ssh_ip_address + ssh_ip_fqdn = equinix_network_device.non_cluster[0].secondary_device[0].ssh_ip_fqdn + interfaces = equinix_network_device.non_cluster[0].secondary_device[0].interface + } : null +} diff --git a/modules/Palo-Alto-Network-Firewall/variables.tf b/modules/Palo-Alto-Network-Firewall/variables.tf new file mode 100644 index 0000000..659946c --- /dev/null +++ b/modules/Palo-Alto-Network-Firewall/variables.tf @@ -0,0 +1,161 @@ +variable "metro_code" { + description = "Device location metro code" + type = string + validation { + condition = can(regex("^[A-Z]{2}$", var.metro_code)) + error_message = "Valid metro code consists of two capital letters, i.e. SV, DC." + } +} + +variable "project_id" { + description = "project_id" + type = string +} + +variable "account_number" { + description = "Billing account number for a device" + type = string + default = 0 +} + +variable "platform" { + description = "Device platform flavor that determines number of CPU cores and memory" + type = string + validation { + condition = can(regex("^(small|medium|large)$", var.platform)) + error_message = "One of following platform flavors are supported: small, medium, large." + } +} + +variable "software_package" { + description = "Device software package" + type = string + validation { + condition = can(regex("^(VM100|VM300|VM500)$", var.software_package)) + error_message = "One of following software packages are supported: STD." + } +} + +variable "name" { + description = "Device name" + type = string + validation { + condition = length(var.name) >= 2 && length(var.name) <= 50 + error_message = "Device name should consist of 2 to 50 characters." + } +} + +variable "hostname" { + description = "Device hostname" + type = string + default = "" +} + +variable "term_length" { + description = "Term length in months" + type = number + validation { + condition = can(regex("^(1|12|24|36)$", var.term_length)) + error_message = "One of following term lengths are available: 1, 12, 24, 36 months." + } +} + +variable "notifications" { + description = "List of email addresses that will receive device status notifications" + type = list(string) + validation { + condition = length(var.notifications) > 0 + error_message = "Notification list cannot be empty." + } +} + +variable "acl_template_id" { + description = "Identifier of an management ACL template that will be applied on a device" + type = string + default = "" +} + +variable "mgmt_acl_template_uuid" { + description = "Identifier of an management ACL template that will be applied on a device" + type = string + default = "" +} + +variable "connectivity" { + description = "Parameter to identify internet access for device. Supported Values: INTERNET-ACCESS(default) or PRIVATE or INTERNET-ACCESS-WITH-PRVT-MGMT" + type = string + default = "INTERNET-ACCESS" +} + +variable "additional_bandwidth" { + description = "Additional internet bandwidth for a device" + type = number + default = 0 + validation { + condition = var.additional_bandwidth == 0 || (var.additional_bandwidth >= 25 && var.additional_bandwidth <= 2001) + error_message = "Additional internet bandwidth should be between 25 and 2001 Mbps." + } +} +variable "ssh_key" { + description = "SSH public key for a device" + type = object({ + userName = string + keyName = string + }) +} + +variable "interface_count" { + description = "Number of network interfaces on a device. If not specified, default number for a given device type will be used." + type = number + default = 10 +} + +variable "secondary" { + description = "Secondary device attributes" + type = map(any) + default = { enabled = false } + validation { + condition = can(var.secondary.enabled) + error_message = "Key 'enabled' has to be defined for secondary device." + } + validation { + condition = !try(var.secondary.enabled, false) || can(regex("^[A-Z]{2}$", var.secondary.metro_code)) + error_message = "Key 'metro_code' has to be defined for secondary device. Valid metro code consits of two capital leters, i.e. SV, DC." + } + validation { + condition = !try(var.secondary.enabled, false) || try(length(var.secondary.hostname) >= 2 && length(var.secondary.hostname) <= 10, false) + error_message = "Key 'hostname' has to be defined for secondary device. Valid hostname has to be from 2 to 10 characters long." + } + validation { + condition = !try(var.secondary.enabled, false) || try(var.secondary.additional_bandwidth >= 25 && var.secondary.additional_bandwidth <= 2001, true) + error_message = "Key 'additional_bandwidth' has to be between 25 and 2001 Mbps." + } + validation { + condition = !try(var.secondary.enabled, false) || try(var.secondary.acl_template_id != null, true) + error_message = "Secondary management Acl template is required." + } +} +variable "cluster" { + description = "cluster device attributes" + type = map(any) + default = { enabled = false } + + validation { + condition = !try(var.cluster.enabled, false) || try(var.cluster.name != null, true) + error_message = "Cluster name is required." + } + validation { + condition = can(var.cluster.enabled) + error_message = "Key 'enabled' has to be defined for secondary device." + } + validation { + condition = !try(var.cluster.enabled, false) || try(length(var.cluster.node0_vendor_configuration_hostname) >= 2 && length(var.cluster.node0_vendor_configuration_hostname) <= 10, false) + error_message = "Key 'node0.vendorConfig.hostname' has to be defined for cluster device. Valid hostname has to be from 2 to 10 characters long." + } + + validation { + condition = !try(var.cluster.enabled, false) || try(length(var.cluster.node1_vendor_configuration_hostname) >= 2 && length(var.cluster.node1_vendor_configuration_hostname) <= 10, false) + error_message = "Key 'node0.vendorConfig.hostname' has to be defined for cluster device. Valid hostname has to be from 2 to 10 characters long." + } + +} diff --git a/modules/Palo-Alto-Network-Firewall/versions.tf b/modules/Palo-Alto-Network-Firewall/versions.tf new file mode 100644 index 0000000..e02500d --- /dev/null +++ b/modules/Palo-Alto-Network-Firewall/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 1.3" + required_providers { + equinix = { + source = "equinix/equinix" + version = "~> 1.34.0" + } + } + provider_meta "equinix" { + module_name = "terraform-equinix-network-edge" + } +}