Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

initial MVP- Palo Alto Firewall Module #8

Merged
merged 28 commits into from
Apr 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
023c45f
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
de0e1e5
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
ac2c6c8
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
244a28e
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
1a31f49
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
a3315d8
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
8fcffd9
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
0df2b61
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
8102058
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
29db89f
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
d0846d5
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
e24795c
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
ba08b64
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
1fac287
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
d8c9786
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
4ca5cf4
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
af3eb84
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
5fc4820
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
828b208
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
6b3e793
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
96dae11
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
128339d
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
1c4d285
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
a5fe669
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 26, 2024
581bedf
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 27, 2024
e114a70
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 29, 2024
b524a4b
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 29, 2024
11df429
initial MVP- Palo Alto Firewall Module
kpdhulipala Apr 29, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 55 additions & 37 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
# terraform-equinix-template
# terraform-equinix-network-edge

<!-- TEMPLATE: Review all "TEMPLATE" comments and remove them when applied. -->
<!-- TEMPLATE: replace "template" with the name of your project. The prefix "terraform-equinix-" informs the Terraform registry that this project is a Terraform module associated with the Equinix provider, preserve this prefix. -->
[![Experimental](https://img.shields.io/badge/Stability-Experimental-red.svg)](https://github.com/equinix-labs/standards#about-uniform-standards)
[![run-pre-commit-hooks](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/pre-commit.yaml)
[![generate-terraform-docs](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/documentation.yaml/badge.svg)](https://github.com/equinix-labs/terraform-equinix-template/actions/workflows/documentation.yaml)
[![run-pre-commit-hooks](https://github.com/equinix-labs/terraform-equinix-network-edge/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/equinix/terraform-equinix-network-edge/actions/workflows/pre-commit.yaml)
[![generate-terraform-docs](https://github.com/equinix/terraform-equinix-network-edge/actions/workflows/documentation.yaml/badge.svg)](https://github.com/equinix/terraform-equinix-network-edge/actions/workflows/documentation.yaml)

`terraform-equinix-template` is a minimal Terraform module that utilizes [Terraform providers for Equinix](https://registry.terraform.io/namespaces/equinix) to provision digital infrastructure and demonstrate higher level integrations.
`terraform-equinix-network-edge` is a minimal Terraform module that
utilizes [Terraform providers for Equinix](https://registry.terraform.io/namespaces/equinix) to provision digital
infrastructure and demonstrate higher level integrations.

<!-- TEMPLATE: Insert an image here of the infrastructure diagram. You can generate a starting image using instructions found at https://www.terraform.io/docs/cli/commands/graph.html#generating-images -->

Expand All @@ -16,7 +18,8 @@ This project is experimental and supported by the user community. Equinix does n

Install Terraform using the [tfenv](https://github.com/tfutils/tfenv) utility.

This project may be forked, cloned, or downloaded and modified as needed as the base in your integrations and deployments.
This project may be forked, cloned, or downloaded and modified as needed as the base in your integrations and
deployments.

This project may also be used as a [Terraform module](https://learn.hashicorp.com/collections/terraform/modules).

Expand All @@ -29,87 +32,102 @@ terraform {
equinix = {
source = "equinix/equinix"
}
}
}

module "example" {
source = "github.com/equinix-labs/template"
# TEMPLATE: replace "template" with the name of the repo after the terraform-equinix- prefix.
module "example" {
source = "github.com/equinix-labs/template"
# TEMPLATE: replace "template" with the name of the repo after the terraform-equinix- prefix.

# Published modules can be sourced as:
# source = "equinix-labs/template/equinix"
# See https://www.terraform.io/docs/registry/modules/publish.html for details.
# Published modules can be sourced as:
# source = "equinix-labs/template/equinix"
# See https://www.terraform.io/docs/registry/modules/publish.html for details.

# version = "0.1.0"
# version = "0.1.0"

# TEMPLATE: insert required variables here
# TEMPLATE: insert required variables here
}
}
```

Install [pre-commit](https://pre-commit.com/#install) with its prerequesites: [python](https://docs.python.org/3/using/index.html) and [pip](https://pip.pypa.io/en/stable/installation/).
Install [pre-commit](https://pre-commit.com/#install) with its
prerequesites: [python](https://docs.python.org/3/using/index.html)
and [pip](https://pip.pypa.io/en/stable/installation/).

Configure pre-commit: `pre-commit install`.

Install required packages: [tflint](https://github.com/terraform-linters/tflint), [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/getting-started/installation/), [shfmt](https://github.com/mvdan/sh), [shellcheck](https://github.com/koalaman/shellcheck), and [markdownlint](https://github.com/markdownlint/markdownlint).
Install required
packages: [tflint](https://github.com/terraform-linters/tflint), [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/getting-started/installation/), [shfmt](https://github.com/mvdan/sh), [shellcheck](https://github.com/koalaman/shellcheck),
and [markdownlint](https://github.com/markdownlint/markdownlint).

Run `terraform init -upgrade` and `terraform apply`.

## Module Documentation

The main README.md, the modules README.md and the examples README.md are populated by [terraform-docs worflow job](.github/workflows/documentation.yaml). The following sections are appended between the terraform-docs delimeters: Requiremenents, Providers, Modules, Resources, Inputs, and Outputs.
The main README.md, the modules README.md and the examples README.md are populated
by [terraform-docs worflow job](.github/workflows/documentation.yaml). The following sections are appended between the
terraform-docs delimeters: Requiremenents, Providers, Modules, Resources, Inputs, and Outputs.

## Module Release and Changelog Generation

The module git release and [changelog](CHANGELOG.md) are generated by the [release workflow job](.github/workflows/release.yaml). The release worflow follows the [conventional commits convention](https://www.conventionalcommits.org/). To submit a commit, please follow the [commit message format guidelines](https://www.conventionalcommits.org/en/v1.0.0/#specification). This job is set to run manually by default.
The module git release and [changelog](CHANGELOG.md) are generated by
the [release workflow job](.github/workflows/release.yaml). The release worflow follows
the [conventional commits convention](https://www.conventionalcommits.org/). To submit a commit, please follow
the [commit message format guidelines](https://www.conventionalcommits.org/en/v1.0.0/#specification). This job is set to
run manually by default.

Example commit message: `fix: disabled log generation for system services`

For more examples, please see [conventional commit message examples](https://www.conventionalcommits.org/en/v1.0.0/#examples).
For more examples, please
see [conventional commit message examples](https://www.conventionalcommits.org/en/v1.0.0/#examples).

## Examples

To view examples for how you can leverage this module, please see the [examples](examples/) directory.

<!-- TEMPLATE: The following block has been generated by terraform-docs util: https://github.com/terraform-docs/terraform-docs -->
<!-- BEGIN_TF_DOCS -->

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_equinix"></a> [equinix](#requirement\_equinix) | >= 1.8.0 |
| Name | Version |
|---------------------------------------------------------------------------|----------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_equinix"></a> [equinix](#requirement\_equinix) | >= 1.8.0 |

## Providers

| Name | Version |
|------|---------|
| Name | Version |
|---------------------------------------------------------------|----------|
| <a name="provider_equinix"></a> [equinix](#provider\_equinix) | >= 1.8.1 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_inline-module"></a> [inline-module](#module\_inline-module) | ./modules/inline-module | n/a |
| Name | Source | Version |
|-----------------------------------------------------------------------------|-------------------------|---------|
| <a name="module_inline-module"></a> [inline-module](#module\_inline-module) | ./modules/inline-module | n/a |

## Resources

| Name | Type |
|------|------|
| Name | Type |
|----------------------------------------------------------------------------------------------------------------------------|----------|
| [equinix_metal_device.example](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/metal_device) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_example_auth_token"></a> [example\_auth\_token](#input\_example\_auth\_token) | The example auth token value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes |
| <a name="input_example_project_id"></a> [example\_project\_id](#input\_example\_project\_id) | The example project id value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes |
| Name | Description | Type | Default | Required |
|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:|
| <a name="input_example_auth_token"></a> [example\_auth\_token](#input\_example\_auth\_token) | The example auth token value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes |
| <a name="input_example_project_id"></a> [example\_project\_id](#input\_example\_project\_id) | The example project id value defines what will be included in the example resource in main.tf. This example is descriptive. | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| Name | Description |
|---------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
| <a name="output_example_device_hostname"></a> [example\_device\_hostname](#output\_example\_device\_hostname) | The example output. In practice, output value reference implicit resource attributes declared in main.tf |
| <a name="output_example_gateway_id"></a> [example\_gateway\_id](#output\_example\_gateway\_id) | The example output. In practice, output value reference implicit resource attributes declared in main.tf |
| <a name="output_example_gateway_id"></a> [example\_gateway\_id](#output\_example\_gateway\_id) | The example output. In practice, output value reference implicit resource attributes declared in main.tf |

<!-- END_TF_DOCS -->

## Contributing

If you would like to contribute to this module, see [CONTRIBUTING](CONTRIBUTING.md) page.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Network Edge Palo Alto Firewall Cluster Example

This example demonstrates creation of Network Edge Palo Alto Firewall Cluster. It will:

- Create a ACL template
- Create a management ACL template
- Create an SSH key
- Provision Palo Alto Firewall Cluster

## Usage

To provision this example, you should clone the github repository and run terraform from within this directory:

```bash
git clone https://github.com/equinix/terraform-equinix-network-edge.git
cd terraform-equinix-network-edge/examples/pa-vm-firewall-cluster
terraform init
terraform apply
```

Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these
resources.

<!-- TEMPLATE: The following block has been generated by terraform-docs util: https://github.com/terraform-docs/terraform-docs -->
<!-- BEGIN_TF_DOCS -->

## Requirements

| Name | Version |
|---------------------------------------------------------------------------|-----------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.4 |
| <a name="requirement_equinix"></a> [equinix](#requirement\_equinix) | ~> 1.34.0 |

## Providers

| Name | Version |
|---------------------------------------------------------------|-----------|
| <a name="provider_equinix"></a> [equinix](#provider\_equinix) | ~> 1.34.0 |

## Resources

| Name | Type |
|------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
| [equinix_network_acl_template.pa-vm-pri](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_acl_template) | resource |
| [equinix_network_ssh_key.johndoe](https://registry.terraform.io/providers/equinix/equinix/latest/docs/resources/equinix_network_ssh_key) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:|
| <a name="input_equinix_client_id"></a> [equinix\_client\_id](#input\_equinix\_client\_id) | API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTID shell environment variable. | `string` | n/a | yes |
| <a name="input_equinix_client_secret"></a> [equinix\_client\_secret](#input\_equinix\_client\_secret) | API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX\_API\_CLIENTSECRET shell environment variable. | `string` | n/a | yes |
| <a name="input_metro_code_primary"></a> [metro\_code\_primary](#input\_metro\_code\_primary) | Device location metro code | `string` | n/a | yes |
| <a name="input_ssh_rsa_public_key"></a> [ssh\_rsa\_public\_key](#input\_ssh\_rsa\_public\_key) | SSH RSA public key | `string` | n/a | yes |

## Outputs

| Name | Description |
|----------------------------------------------------------------------------------|------------------------|
| <a name="output_device_details"></a> [device\_details](#output\_device\_details) | Virtual device details |
<!-- END_TF_DOCS -->
61 changes: 61 additions & 0 deletions examples/Palo-Alto-Network-Firewall/pa-vm-firewall-cluster/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
provider "equinix" {
client_id = var.equinix_client_id
client_secret = var.equinix_client_secret
}

module "pa_vm_cluster" {
source = "../../../modules/Palo-Alto-Network-Firewall"
name = "tf-pa-vm-cluster"
metro_code = var.metro_code_primary
platform = "medium"
account_number = "123456"
software_package = "VM300"
project_id = "e6be59d9-62c0-4140-aad6-150f0700203c"
term_length = 1
notifications = ["[email protected]"]
hostname = "pavm-pri"
additional_bandwidth = 100
connectivity = "INTERNET-ACCESS"
acl_template_id = equinix_network_acl_template.pa_vm_cluster_wan_acl.id
mgmt_acl_template_uuid = equinix_network_acl_template.pa_vm_cluster_mgmt_acl.id
ssh_key = {
userName = "johndoe-primary"
keyName = equinix_network_ssh_key.johndoe_pri.name
}
cluster = {
enabled = true
name = "test-pa-vm-cluster"
node0_vendor_configuration_hostname = "node0"
node1_vendor_configuration_hostname = "node1"
license_token = var.license_token
}
}

resource "equinix_network_ssh_key" "johndoe_pri" {
name = "johndoe-pri-0426-12"
public_key = var.ssh_rsa_public_key
project_id = "e6be59d9-62c0-4140-aad6-150f0700203c"
}

resource "equinix_network_acl_template" "pa_vm_cluster_mgmt_acl" {
name = "tf-pa-vm-cluster-mgmt"
description = "Primary Palo Alto Networks VM ACL template"
project_id = "e6be59d9-62c0-4140-aad6-150f0700203c"
inbound_rule {
subnet = "12.16.103.0/24"
protocol = "TCP"
src_port = "any"
dst_port = "22"
}
}

resource "equinix_network_acl_template" "pa_vm_cluster_wan_acl" {
name = "tf-pa-vm-cluster-wan"
description = "Secondary Palo Alto Networks VM ACL template"
inbound_rule {
subnet = "172.16.25.0/24"
protocol = "TCP"
src_port = "any"
dst_port = "22"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "device_details" {
description = "Virtual device details"
value = module.pa_vm_cluster
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
variable "equinix_client_id" {
type = string
description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable."
}

variable "equinix_client_secret" {
type = string
description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable."
}

variable "metro_code_primary" {
description = "Device location metro code"
type = string
}

variable "ssh_rsa_public_key" {
description = "SSH RSA public key"
type = string
}

variable "license_token" {
description = "License Token"
type = string
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_version = ">= 1.3"
required_providers {
equinix = {
source = "equinix/equinix"
version = "~> 1.34.0"
}
}
}
Loading
Loading