fix: IMplemented flexible custom name convention

zscaler · Oct 6, 2024 · 957ab83 · 957ab83
1 parent 7ba80bd
commit 957ab83
Show file tree

Hide file tree

Showing 17 changed files with 190 additions and 53 deletions.
diff --git a/.gitignore b/.gitignore
@@ -21,7 +21,7 @@ system-*.tar
 
 # Crash log files
 crash.log
-
+Makefile
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
@@ -50,3 +50,4 @@ override.tf.json
 .todo
 local_test
 /local_test
+terraform.log
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.92.0
+    rev: v1.96.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate

diff --git a/examples/ac/README.md b/examples/ac/README.md
@@ -42,7 +42,7 @@ From the examples directory, run the zsac bash script that walks to all required
 From ac directory execute:
 - terraform destroy
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -124,6 +124,7 @@ From ac directory execute:
 | <a name="input_byo_vnet"></a> [byo\_vnet](#input\_byo\_vnet) | Bring your own Azure VNet for App Connector. If false, a new VNet will be created automatically | `bool` | `false` | no |
 | <a name="input_byo_vnet_name"></a> [byo\_vnet\_name](#input\_byo\_vnet\_name) | User provided existing Azure VNet name. This must be populated if byo\_vnet variable is true | `string` | `""` | no |
 | <a name="input_byo_vnet_subnets_rg_name"></a> [byo\_vnet\_subnets\_rg\_name](#input\_byo\_vnet\_subnets\_rg\_name) | User provided existing Azure VNET Resource Group. This must be populated if either byo\_vnet or byo\_subnets variables are true | `string` | `""` | no |
+| <a name="input_custom_name"></a> [custom\_name](#input\_custom\_name) | The full name of the resource. If provided, this will override name\_prefix and resource\_tag. | `string` | `null` | no |
 | <a name="input_enrollment_cert"></a> [enrollment\_cert](#input\_enrollment\_cert) | Get name of ZPA enrollment cert to be used for App Connector provisioning | `string` | `"Connector"` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Customer defined environment tag. ie: Dev, QA, Prod, etc. | `string` | `"Development"` | no |
 | <a name="input_existing_nat_gw_pip_association"></a> [existing\_nat\_gw\_pip\_association](#input\_existing\_nat\_gw\_pip\_association) | Set this to true only if both byo\_pips and byo\_nat\_gws variables are true. This implies that there are already NAT Gateway resources with Public IP Addresses associated so we do not attempt any new associations | `bool` | `false` | no |
@@ -145,4 +146,4 @@ From ac directory execute:
 | Name | Description |
 |------|-------------|
 | <a name="output_testbedconfig"></a> [testbedconfig](#output\_testbedconfig) | Azure Testbed results |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/examples/ac/main.tf b/examples/ac/main.tf
@@ -36,7 +36,7 @@ resource "tls_private_key" "key" {
 # write private key to local pem file
 resource "local_file" "private_key" {
   content         = tls_private_key.key.private_key_pem
-  filename        = "./${var.name_prefix}-key-${random_string.suffix.result}.pem"
+  filename        = coalesce(var.custom_name, "./${var.name_prefix}-key-${random_string.suffix.result}.pem")
   file_permission = "0600"
 }
 
@@ -46,8 +46,9 @@ resource "local_file" "private_key" {
 #    child modules (Resource Group, VNet, Subnets, NAT Gateway, Route Tables)
 ################################################################################
 module "network" {
-  source                = "../../modules/terraform-zsac-network-azure"
-  name_prefix           = var.name_prefix
+  source = "../../modules/terraform-zsac-network-azure"
+  # Use name if provided, otherwise fall back to name_prefix
+  name_prefix           = coalesce(var.custom_name, var.name_prefix)
   resource_tag          = random_string.suffix.result
   global_tags           = local.global_tags
   location              = var.arm_location
@@ -56,7 +57,7 @@ module "network" {
   public_subnets        = var.public_subnets
   zones_enabled         = var.zones_enabled
   zones                 = var.zones
-  #bring-your-own variables
+
   byo_rg                             = var.byo_rg
   byo_rg_name                        = var.byo_rg_name
   byo_vnet                           = var.byo_vnet
@@ -74,14 +75,13 @@ module "network" {
   existing_nat_gw_subnet_association = var.existing_nat_gw_subnet_association
 }
 
-
 ################################################################################
 # 2. Create ZPA App Connector Group
 ################################################################################
 module "zpa_app_connector_group" {
   count                                        = var.byo_provisioning_key == true ? 0 : 1 # Only use this module if a new provisioning key is needed
   source                                       = "../../modules/terraform-zpa-app-connector-group"
-  app_connector_group_name                     = "${var.arm_location}-${module.network.resource_group_name}"
+  app_connector_group_name                     = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   app_connector_group_description              = "${var.app_connector_group_description}-${var.arm_location}-${module.network.resource_group_name}"
   app_connector_group_enabled                  = var.app_connector_group_enabled
   app_connector_group_country_code             = var.app_connector_group_country_code
@@ -95,14 +95,13 @@ module "zpa_app_connector_group" {
   app_connector_group_dns_query_type           = var.app_connector_group_dns_query_type
 }
 
-
 ################################################################################
 # 3. Create ZPA Provisioning Key (or reference existing if byo set)
 ################################################################################
 module "zpa_provisioning_key" {
   source                            = "../../modules/terraform-zpa-provisioning-key"
   enrollment_cert                   = var.enrollment_cert
-  provisioning_key_name             = "${var.arm_location}-${module.network.resource_group_name}"
+  provisioning_key_name             = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   provisioning_key_enabled          = var.provisioning_key_enabled
   provisioning_key_association_type = var.provisioning_key_association_type
   provisioning_key_max_usage        = var.provisioning_key_max_usage
@@ -149,7 +148,7 @@ resource "local_file" "user_data_file" {
 module "ac_vm" {
   source               = "../../modules/terraform-zsac-acvm-azure"
   ac_count             = var.ac_count
-  name_prefix          = var.name_prefix
+  name_prefix          = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   resource_tag         = random_string.suffix.result
   global_tags          = local.global_tags
   resource_group       = module.network.resource_group_name
@@ -171,7 +170,6 @@ module "ac_vm" {
   ]
 }
 
-
 ################################################################################
 # 5. Create Network Security Group and rules to be assigned to AC interface(s). 
 #    Default behavior will create 1 of each resource per AC VM.
@@ -181,7 +179,7 @@ module "ac_vm" {
 module "ac_nsg" {
   source         = "../../modules/terraform-zsac-nsg-azure"
   nsg_count      = var.reuse_nsg == false ? var.ac_count : 1
-  name_prefix    = var.name_prefix
+  name_prefix    = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   resource_tag   = random_string.suffix.result
   resource_group = var.byo_nsg == false ? module.network.resource_group_name : var.byo_nsg_rg
   location       = var.arm_location

diff --git a/examples/ac/terraform.tfvars b/examples/ac/terraform.tfvars
@@ -19,6 +19,12 @@
 #provisioning_key_enabled                       = true
 #provisioning_key_max_usage                     = 10
 
+## If you want to specify custom resource names for the provisioning key, connector group, etc.,
+## provide a name variable here. Otherwise, leave it commented out, and the default naming convention
+## will be used.
+
+custom_name = "custom-name"
+
 ## 2. ZPA App Connector Group variables. Uncomment and replace default values as desired for your deployment. 
 ##    For any questions populating the below values, please reference: 
 ##    https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_app_connector_group

diff --git a/examples/ac/variables.tf b/examples/ac/variables.tf
@@ -4,6 +4,12 @@ variable "arm_location" {
   default     = "westus2"
 }
 
+variable "custom_name" {
+  type        = string
+  description = "The full name of the resource. If provided, this will override name_prefix and resource_tag."
+  default     = null
+}
+
 variable "name_prefix" {
   type        = string
   description = "The name prefix for all your resources"

diff --git a/examples/base/README.md b/examples/base/README.md
@@ -34,7 +34,7 @@ From the examples directory, run the zsac bash script that walks to all required
 From base directory execute:
 - terraform destroy
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -90,4 +90,4 @@ From base directory execute:
 | Name | Description |
 |------|-------------|
 | <a name="output_testbedconfig"></a> [testbedconfig](#output\_testbedconfig) | Azure Testbed results |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/examples/base_ac/README.md b/examples/base_ac/README.md
@@ -39,7 +39,7 @@ From the examples directory, run the zsac bash script that walks to all required
 From base_ac directory execute:
 - terraform destroy
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -107,6 +107,7 @@ From base_ac directory execute:
 | <a name="input_bastion_nsg_source_prefix"></a> [bastion\_nsg\_source\_prefix](#input\_bastion\_nsg\_source\_prefix) | user input for locking down SSH access to bastion to a specific IP or CIDR range | `string` | `"*"` | no |
 | <a name="input_byo_provisioning_key"></a> [byo\_provisioning\_key](#input\_byo\_provisioning\_key) | Bring your own App Connector Provisioning Key. Setting this variable to true will effectively instruct this module to not create any resources and only reference data resources from values provided in byo\_provisioning\_key\_name | `bool` | `false` | no |
 | <a name="input_byo_provisioning_key_name"></a> [byo\_provisioning\_key\_name](#input\_byo\_provisioning\_key\_name) | Existing App Connector Provisioning Key name | `string` | `"provisioning-key-tf"` | no |
+| <a name="input_custom_name"></a> [custom\_name](#input\_custom\_name) | The full name of the resource. If provided, this will override name\_prefix and resource\_tag. | `string` | `null` | no |
 | <a name="input_enrollment_cert"></a> [enrollment\_cert](#input\_enrollment\_cert) | Get name of ZPA enrollment cert to be used for App Connector provisioning | `string` | `"Connector"` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Customer defined environment tag. ie: Dev, QA, Prod, etc. | `string` | `"Development"` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zsdemo"` | no |
@@ -126,4 +127,4 @@ From base_ac directory execute:
 | Name | Description |
 |------|-------------|
 | <a name="output_testbedconfig"></a> [testbedconfig](#output\_testbedconfig) | Azure Testbed results |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/examples/base_ac/main.tf b/examples/base_ac/main.tf
@@ -36,7 +36,7 @@ resource "tls_private_key" "key" {
 # write private key to local pem file
 resource "local_file" "private_key" {
   content         = tls_private_key.key.private_key_pem
-  filename        = "./${var.name_prefix}-key-${random_string.suffix.result}.pem"
+  filename        = coalesce(var.custom_name, "./${var.name_prefix}-key-${random_string.suffix.result}.pem")
   file_permission = "0600"
 }
 
@@ -47,7 +47,7 @@ resource "local_file" "private_key" {
 ################################################################################
 module "network" {
   source                = "../../modules/terraform-zsac-network-azure"
-  name_prefix           = var.name_prefix
+  name_prefix           = coalesce(var.custom_name, var.name_prefix)
   resource_tag          = random_string.suffix.result
   global_tags           = local.global_tags
   location              = var.arm_location
@@ -66,7 +66,7 @@ module "network" {
 module "bastion" {
   source                    = "../../modules/terraform-zsac-bastion-azure"
   location                  = var.arm_location
-  name_prefix               = var.name_prefix
+  name_prefix               = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   resource_tag              = random_string.suffix.result
   global_tags               = local.global_tags
   resource_group            = module.network.resource_group_name
@@ -82,7 +82,7 @@ module "bastion" {
 module "zpa_app_connector_group" {
   count                                        = var.byo_provisioning_key == true ? 0 : 1 # Only use this module if a new provisioning key is needed
   source                                       = "../../modules/terraform-zpa-app-connector-group"
-  app_connector_group_name                     = "${var.arm_location}-${module.network.resource_group_name}"
+  app_connector_group_name                     = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   app_connector_group_description              = "${var.app_connector_group_description}-${var.arm_location}-${module.network.resource_group_name}"
   app_connector_group_enabled                  = var.app_connector_group_enabled
   app_connector_group_country_code             = var.app_connector_group_country_code
@@ -103,7 +103,7 @@ module "zpa_app_connector_group" {
 module "zpa_provisioning_key" {
   source                            = "../../modules/terraform-zpa-provisioning-key"
   enrollment_cert                   = var.enrollment_cert
-  provisioning_key_name             = "${var.arm_location}-${module.network.resource_group_name}"
+  provisioning_key_name             = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   provisioning_key_enabled          = var.provisioning_key_enabled
   provisioning_key_association_type = var.provisioning_key_association_type
   provisioning_key_max_usage        = var.provisioning_key_max_usage
@@ -150,7 +150,7 @@ resource "local_file" "user_data_file" {
 module "ac_vm" {
   source               = "../../modules/terraform-zsac-acvm-azure"
   ac_count             = var.ac_count
-  name_prefix          = var.name_prefix
+  name_prefix          = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   resource_tag         = random_string.suffix.result
   global_tags          = local.global_tags
   resource_group       = module.network.resource_group_name
@@ -182,7 +182,7 @@ module "ac_vm" {
 module "ac_nsg" {
   source         = "../../modules/terraform-zsac-nsg-azure"
   nsg_count      = var.reuse_nsg == false ? var.ac_count : 1
-  name_prefix    = var.name_prefix
+  name_prefix    = coalesce(var.custom_name, "${var.name_prefix}-${var.arm_location}-${module.network.resource_group_name}")
   resource_tag   = random_string.suffix.result
   resource_group = module.network.resource_group_name
   location       = var.arm_location