init/updateAzureTerraformModules: 1.0.1

Signed-off-by: FTNT-HQCM <[email protected]>
fortinetdev · Nov 18, 2024 · 3e1b5e9 · 3e1b5e9
1 parent 547daca
commit 3e1b5e9
Show file tree

Hide file tree

Showing 13 changed files with 167 additions and 175 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,21 @@
+## 1.0.2 (Unreleased)
+
+## 1.0.1 (November 15, 2024)
+
+BUGFIXES:
+
+* Fixed an issue when modifying the VM instance count after deployment.
+* Removed automatically generated files on certain OS systems, retaining only .lic files in the License folder.
+* Resolved a bug in the reselect_master() function after upgrading to the latest Azure function dependencies.
+* Enhanced the logic for the initial trigger of the Azure function to prevent timeout issues.
+
+IMPROVEMENTS:
+
+* Added support for both user_data and custom_data in VMSS.
+* Introduced support for user-defined VXLAN tunnel ports and identifiers.
+* Enabled support for user-defined ports in auto-scaling.
+* Updated the supported FortOS versions for different license plans.
+
 ## 1.0.0 (Septem 9, 2024)
 
 * Initial release
diff --git a/examples/applb_gwlb_fgtasg/README.md b/examples/applb_gwlb_fgtasg/README.md
diff --git a/examples/applb_gwlb_fgtasg/fortigate_custom_config.conf b/examples/applb_gwlb_fgtasg/fortigate_custom_config.conf
@@ -1 +1,5 @@
-## Add additional FortiGate configurations here
+## Add any additional configurations here as needed. The hostname configuration shown below is provided as an example.
+
+# config system global
+#     set hostname fgt_terr_test
+# end
diff --git a/examples/applb_gwlb_fgtasg/licenses/example.lic b/examples/applb_gwlb_fgtasg/licenses/example.lic
@@ -1 +1 @@
-# Put your own license here
+# Insert your license text here
diff --git a/examples/applb_gwlb_fgtasg/main.tf b/examples/applb_gwlb_fgtasg/main.tf
@@ -103,6 +103,7 @@ module "fortigate_scaleset" {
   fortiflex_config_id               = try(each.value.fortiflex_config_id, null)
   fortiflex_retrieve_mode           = try(each.value.fortiflex_retrieve_mode, "use_active")
   enable_accelerated_networking     = try(each.value.enable_accelerated_networking, true)
+  data_type                         = try(each.value.data_type, "custom_data")
   autoscale_notification_emails     = try(each.value.autoscale_notification_emails, [])
   min_count                         = try(each.value.min_count, 1)
   max_count                         = try(each.value.max_count, 1)

diff --git a/examples/applb_gwlb_fgtasg/terraform.tfvars.txt b/examples/applb_gwlb_fgtasg/terraform.tfvars.txt
@@ -5,6 +5,94 @@ resource_group_name          = "applb-gwlb-fgtvmss-w-func-app"
 # Sensitive Azure info
 azure_subscription_id = "<YOUR-OWN-VALUE>"
 
+# Bring your own license FortiGate Scale Set
+fortigate_scaleset = {
+  byol = {
+    # Information used for creating FortiGate VMSS instances, modify as needed
+    vmss_name                     = "fortigate-scaleset-byol"
+    image_version                 = "7.2.8"
+    license_type                  = "byol"
+    architecture                  = "x64"           # or Arm64
+    vnet_key                      = "providerVnet"  # This value should match the corresponding value in the Gateway Load Balancer (GWLB)
+    zones                         = ["1", "2", "3"] # Availability zones used for the instances.
+    storage_account_creation_flag = true
+    network_interfaces = [
+      {
+        name       = "port1"
+        subnet_key = "public"
+        # pick the first ip from the subnet's address_prefixes by default
+        gateway_ip_address = " 192.168.1.1"
+        create_public_ip   = "true"
+      },
+      {
+        name       = "port2"
+        subnet_key = "private"
+        # pick the first ip from the subnet's address_prefixes by default
+        gateway_ip_address  = "192.168.1.129"
+        enable_backend_pool = "true"
+        gwlb_key            = "gwlb"
+        gwlb_backend_key    = "tunnel"
+      }
+    ]
+
+    fortigate_username            = "<YOUR-OWN-VALUE>"
+    fortigate_password            = "<YOUR-OWN-VALUE>"
+    fortigate_license_folder_path = "./licenses"
+    # Used for additional fortigate configurations
+    fortigate_custom_config_file_path = "fortigate_custom_config.conf"
+
+    fortiflex_api_username  = "<YOUR-OWN-VALUE>"
+    fortiflex_api_password  = "<YOUR-OWN-VALUE>"
+    fortiflex_config_id     = "<YOUR-OWN-VALUE>"
+    fortiflex_retrieve_mode = "use_active" # or use_stopped
+
+    # fortigate vmss auto scale info, modify the values as needed
+    autoscale_metrics = {
+      "Percentage CPU Scale Out" = {
+        metric_name                   = "Percentage CPU"
+        operator                      = "GreaterThanOrEqual"
+        statistic                     = "Average"
+        threshold                     = 80
+        time_aggregation              = "Last"
+        time_grain_minutes            = 1
+        time_window_minutes           = 5
+        scale_action_direction        = "Increase",
+        scale_action_type             = "ChangeCount",
+        scale_action_value            = 1
+        scale_action_cooldown_minutes = 50
+      }
+      "Percentage CPU Scale In" = {
+        metric_name                   = "Percentage CPU"
+        operator                      = "LessThanOrEqual"
+        statistic                     = "Average"
+        threshold                     = 80
+        time_aggregation              = "Last"
+        time_grain_minutes            = 1
+        time_window_minutes           = 5
+        scale_action_direction        = "Decrease",
+        scale_action_type             = "ChangeCount",
+        scale_action_value            = 1
+        scale_action_cooldown_minutes = 50
+      }
+    }
+
+    data_type                     = "custom_data" # Default to customer_data for enhanced security. Change it to user_data if you'd like to use user_data in vmss
+    autoscale_notification_emails = []            # Put your own email address here for scalein/scaleout events notification
+    min_count                     = 1
+    default_count                 = 1
+    max_count                     = 2
+
+    scaleout_window_minutes   = 5
+    scaleout_cooldown_minutes = 2
+    scaleout_statistic        = "Average"
+    scaleout_time_aggregation = "Last"
+    scalein_window_minutes    = 5
+    scalein_cooldown_minutes  = 2
+    scalein_statistic         = "Average"
+    scalein_time_aggregation  = "Last"
+  }
+}
+
 # VNets
 vnets = {
   providerVnet = {
@@ -117,92 +205,6 @@ gateway_load_balancers = {
   }
 }
 
-# Bring your own license FortiGate Scale Set
-fortigate_scaleset = {
-  byol = {
-    # Information used for creating FortiGate VMSS instances, modify as needed
-    vmss_name                     = "fortigate-scaleset-byol"
-    image_version                 = "7.2.8"
-    license_type                  = "byol"
-    architecture                  = "x64"           # or Arm64
-    vnet_key                      = "providerVnet"      # This value should match the corresponding value in the Gateway Load Balancer (GWLB)
-    zones                         = ["1", "2", "3"] # Availability zones used for the instances.
-    storage_account_creation_flag = true
-    network_interfaces = [
-      {
-        name       = "port1"
-        subnet_key = "public"
-        # pick the first ip from the subnet's address_prefixes by default
-        gateway_ip_address = " 192.168.1.1"
-        create_public_ip   = "true"
-      },
-      {
-        name       = "port2"
-        subnet_key = "private"
-        # pick the first ip from the subnet's address_prefixes by default
-        gateway_ip_address  = "192.168.1.129"
-        enable_backend_pool = "true"
-        gwlb_key            = "gwlb"
-        gwlb_backend_key    = "tunnel"
-      }
-    ]
-
-    fortigate_username            = "<YOUR-OWN-VALUE>"
-    fortigate_password            = "<YOUR-OWN-VALUE>"
-    fortigate_license_folder_path = "./licenses"
-    # Used for additional fortigate configurations
-    fortigate_custom_config_file_path = "fortigate_custom_config.conf"
-
-    fortiflex_api_username  = "<YOUR-OWN-VALUE>"
-    fortiflex_api_password  = "<YOUR-OWN-VALUE>"
-    fortiflex_config_id     = "<YOUR-OWN-VALUE>"
-    fortiflex_retrieve_mode = "use_active" # or use_stopped
-
-    # fortigate vmss auto scale info, modify the values as needed
-    autoscale_metrics = {
-      "Percentage CPU Scale Out" = {
-        metric_name                   = "Percentage CPU"
-        operator                      = "GreaterThanOrEqual"
-        statistic                     = "Average"
-        threshold                     = 80
-        time_aggregation              = "Last"
-        time_grain_minutes            = 1
-        time_window_minutes           = 5
-        scale_action_direction        = "Increase",
-        scale_action_type             = "ChangeCount",
-        scale_action_value            = 1
-        scale_action_cooldown_minutes = 120
-      }
-      "Percentage CPU Scale In" = {
-        metric_name                   = "Percentage CPU"
-        operator                      = "LessThanOrEqual"
-        statistic                     = "Average"
-        threshold                     = 80
-        time_aggregation              = "Last"
-        time_grain_minutes            = 1
-        time_window_minutes           = 5
-        scale_action_direction        = "Decrease",
-        scale_action_type             = "ChangeCount",
-        scale_action_value            = 1
-        scale_action_cooldown_minutes = 80
-      }
-    }
-    autoscale_notification_emails = [] # Put your own email address here for scalein/scaleout events notification
-    min_count                     = 1
-    default_count                 = 1
-    max_count                     = 2
-
-    scaleout_window_minutes   = 5
-    scaleout_cooldown_minutes = 2
-    scaleout_statistic        = "Average"
-    scaleout_time_aggregation = "Last"
-    scalein_window_minutes    = 5
-    scalein_cooldown_minutes  = 2
-    scalein_statistic         = "Average"
-    scalein_time_aggregation  = "Last"
-  }
-}
-
 # Standard Load Balancer connected with the applications you use
 standard_load_balancers = {
   webserver = {

diff --git a/examples/applb_gwlb_fgtasg/variables.tf b/examples/applb_gwlb_fgtasg/variables.tf
@@ -138,6 +138,7 @@ variable "fortigate_scaleset" {
   - fortiflex_retrieve_mode              (Required|string) mode to specify how fortiflex tokens are used, can be use_active or use_stopped, use_stopped mode will use the fortiflex token with stopped status in your fortiflex account.
   - autoscale_metrics                    (Required|map) The metrics used to automatically scale in/out FortiGate instances.
   - autoscale_notification_emails        (Optional|list) Specifies a list of custom email addresses to which the autoscaling notifications will be sent.
+  - data_type                            (Optional|string) Use custom_data or user_data.
   - min_count                            (Optional|number) The minimum number of instances to maintain in the scale set. The default value is `1`.
   - default_count                        (Optional|number) The default number of instances to maintain in the scale set.
   The default value is `1`.
@@ -149,8 +150,8 @@ variable "fortigate_scaleset" {
     statistic                     (Required|string) Specifies how the metrics from multiple instances are combined. Possible values are Average, Max, Min and Sum.
     threshold                     (Required|string) Specifies the threshold of the metric that triggers the scale action.
     time_aggregation              (Required|string) Specifies how the data that's collected should be combined over time. Possible values include Average, Count, Maximum, Minimum, Last and Total.
-    time_grain_minutes            (Required|string) Specifies the granularity of metrics that the rule monitors, which must be one of the pre-defined values returned from the metric definitions for the metric. This value must be between 1 minute and 12 hours.
-    time_window_minutes           (Required|string) Specifies the time range for which data is collected, which must be greater than the delay in metric collection (which varies from resource to resource). This value must be between 5 minutes and 12 hours.
+    time_grain_minutes            (Required|number) Specifies the granularity of metrics that the rule monitors, which must be one of the pre-defined values returned from the metric definitions for the metric. This value must be between 1 minute and 12 hours.
+    time_window_minutes           (Required|number) Specifies the time range for which data is collected, which must be greater than the delay in metric collection (which varies from resource to resource). This value must be between 5 minutes and 12 hours.
     scale_action_direction        (Required|string) The scale direction. Possible values are Increase and Decrease.
     scale_action_type             (Required|string) The type of action that should occur. Possible values are ChangeCount, ExactCount, PercentChangeCount and ServiceAllowedNextValue.
     scale_action_value            (Required|number) The number of instances involved in the scaling action.
@@ -192,8 +193,8 @@ EOF
       statistic                     = string
       threshold                     = string
       time_aggregation              = string
-      time_grain_minutes            = string
-      time_window_minutes           = string
+      time_grain_minutes            = number
+      time_window_minutes           = number
       scale_action_direction        = string
       scale_action_type             = string
       scale_action_value            = number
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		# Put your own license here
		# Insert your license text here