fix: removed deprecations and tflint warnings

clouddrove · Sep 17, 2024 · 34a53f1 · 34a53f1
1 parent 0eaf96a
commit 34a53f1
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 109 deletions.
diff --git a/examples/basic/example.tf b/examples/basic/example.tf
@@ -87,7 +87,6 @@ module "firewall" {
           protocols           = ["TCP"]
           source_addresses    = ["*"] // ["X.X.X.X"]
           destination_ports   = ["80"]
-          source_addresses    = ["*"]
           translated_port     = "80"
           translated_address  = "10.1.1.1"                           #provide private ip address to translate
           destination_address = module.firewall.public_ip_address[1] //Public ip associated with firewall. Here index 1 indicates 'vnet ip' (from public_ip_names     = ["ingress" , "vnet"])
@@ -97,7 +96,6 @@ module "firewall" {
           name                = "https"
           protocols           = ["TCP"]
           destination_ports   = ["443"]
-          source_addresses    = ["*"]
           translated_port     = "443"
           translated_address  = "10.1.1.1"                           #provide private ip address to translate
           destination_address = module.firewall.public_ip_address[1] //Public ip associated with firewall
@@ -113,7 +111,6 @@ module "firewall" {
         {
           name                = "http"
           protocols           = ["TCP"]
-          source_addresses    = ["*"] // ["X.X.X.X"]
           destination_ports   = ["80"]
           translated_port     = "80"
           translated_address  = "10.1.1.2"                           #provide private ip address to translate

diff --git a/examples/complete/example.tf b/examples/complete/example.tf
@@ -170,7 +170,6 @@ module "firewall" {
           protocols           = ["TCP"]
           source_addresses    = ["*"] // ["X.X.X.X"]
           destination_ports   = ["80"]
-          source_addresses    = ["*"]
           translated_port     = "80"
           translated_address  = "10.1.1.1"                           #provide private ip address to translate
           destination_address = module.firewall.public_ip_address[1] //Public ip associated with firewall. Here index 1 indicates 'vnet ip' (from public_ip_names     = ["ingress" , "vnet"])

diff --git a/examples/firewall-with-isolated-rules/example.tf b/examples/firewall-with-isolated-rules/example.tf
@@ -181,7 +181,6 @@ module "firewall-rules" {
           protocols           = ["TCP"]
           source_addresses    = ["*"] // ["X.X.X.X"]
           destination_ports   = ["80"]
-          source_addresses    = ["*"]
           translated_port     = "80"
           translated_address  = "10.1.1.1"                           #provide private ip address to translate
           destination_address = module.firewall.public_ip_address[1] //Public ip associated with firewall. Here index 1 indicates 'vnet ip' (from public_ip_names     = ["ingress" , "vnet"])

diff --git a/examples/firewall-with-public-ip-prefix/example.tf b/examples/firewall-with-public-ip-prefix/example.tf
@@ -171,7 +171,6 @@ module "firewall" {
           protocols           = ["TCP"]
           source_addresses    = ["*"] // ["X.X.X.X"]
           destination_ports   = ["80"]
-          source_addresses    = ["*"]
           translated_port     = "80"
           translated_address  = "10.1.1.1"                                  #provide private ip address to translate
           destination_address = module.firewall.prefix_public_ip_address[1] //Public ip associated with firewall. Here index 1 indicates 'vnet ip' (from public_ip_names     = ["ingress" , "vnet"])

diff --git a/main.tf b/main.tf
@@ -3,6 +3,7 @@
 ##-----------------------------------------------------------------------------
 module "labels" {
   source      = "clouddrove/labels/azure"
+  version     =  "1.0.0"
   name        = var.name
   environment = var.environment
   managedby   = var.managedby
@@ -70,7 +71,7 @@ resource "azurerm_firewall" "firewall" {
   threat_intel_mode   = var.threat_intel_mode
   sku_tier            = var.sku_tier
   sku_name            = var.sku_name
-  firewall_policy_id  = join("", azurerm_firewall_policy.policy.*.id)
+  firewall_policy_id  = join("",azurerm_firewall_policy.policy[0].id)
   tags                = module.labels.tags
   private_ip_ranges   = var.firewall_private_ip_ranges
   dns_servers         = var.dns_servers
@@ -82,7 +83,7 @@ resource "azurerm_firewall" "firewall" {
       # var.enable_ip_subnet will be true when individual public ip and prefix public ip both are to be deployed (none of them exist before) or only individual public ip are to be deployed.
       # var.enable_ip_subnet will be false when prefix_public_ip already exists and there are no individual public ip.
       subnet_id            = var.enable_ip_subnet ? it.key == 0 ? var.subnet_id : null : null
-      public_ip_address_id = azurerm_public_ip.public_ip.*.id[it.key]
+      public_ip_address_id = azurerm_public_ip.public_ip[it.key].id
     }
   }
 
@@ -94,16 +95,16 @@ resource "azurerm_firewall" "firewall" {
       # var.enable_prefix_subnet will only be true when prefix public ips are to be deployed during initial apply and there are no individual public ips to be created.
       # Individual public ips can be deployed after initial apply and var.enable_ip_subnet variable must be false. 
       subnet_id            = var.enable_prefix_subnet ? it.key == 0 ? var.subnet_id : null : null
-      public_ip_address_id = azurerm_public_ip.prefix_public_ip.*.id[it.key]
+      public_ip_address_id = azurerm_public_ip.prefix_public_ip[it.key].id
     }
   }
 
   dynamic "ip_configuration" {
     for_each = toset(var.additional_public_ips)
 
     content {
-      name                 = lookup(ip_configuration.value, "name")
-      public_ip_address_id = lookup(ip_configuration.value, "public_ip_address_id")
+      name = lookup(ip_configuration.value, "name", null)
+      public_ip_address_id = lookup(ip_configuration.value, "public_ip_address_id", null)
     }
   }
 
@@ -129,7 +130,7 @@ resource "azurerm_firewall_policy" "policy" {
     for_each = var.identity_type != null && var.sku_policy == "Premium" && var.sku_tier == "Premium" ? [1] : []
     content {
       type         = var.identity_type
-      identity_ids = var.identity_type == "UserAssigned" ? [join("", azurerm_user_assigned_identity.identity.*.id)] : null
+      identity_ids = var.identity_type == "UserAssigned" ? [azurerm_user_assigned_identity.identity[0].id] : null
     }
   }
 }
@@ -152,7 +153,7 @@ resource "azurerm_user_assigned_identity" "identity" {
 resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collection_group" {
   count              = var.enabled && var.policy_rule_enabled ? 1 : 0
   name               = var.app_policy_collection_group
-  firewall_policy_id = var.firewall_policy_id == null ? join("", azurerm_firewall_policy.policy.*.id) : var.firewall_policy_id
+  firewall_policy_id = var.firewall_policy_id == null ? azurerm_firewall_policy.policy[0].id : var.firewall_policy_id
   priority           = 300
 
   dynamic "application_rule_collection" {
@@ -190,7 +191,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collec
 resource "azurerm_firewall_policy_rule_collection_group" "network_policy_rule_collection_group" {
   count              = var.enabled && var.policy_rule_enabled ? 1 : 0
   name               = var.net_policy_collection_group
-  firewall_policy_id = var.firewall_policy_id == null ? join("", azurerm_firewall_policy.policy.*.id) : var.firewall_policy_id
+  firewall_policy_id = var.firewall_policy_id == null ? azurerm_firewall_policy.policy[0].id : var.firewall_policy_id
   priority           = 200
 
 
@@ -225,7 +226,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "network_policy_rule_co
 resource "azurerm_firewall_policy_rule_collection_group" "nat_policy_rule_collection_group" {
   count              = var.enabled && var.dnat-destination_ip && var.policy_rule_enabled ? 1 : 0
   name               = var.nat_policy_collection_group
-  firewall_policy_id = var.firewall_policy_id == null ? join("", azurerm_firewall_policy.policy.*.id) : var.firewall_policy_id
+  firewall_policy_id = var.firewall_policy_id == null ? azurerm_firewall_policy.policy[0].id : var.firewall_policy_id
   priority           = 100
 
   dynamic "nat_rule_collection" {
@@ -262,27 +263,20 @@ resource "azurerm_monitor_diagnostic_setting" "firewall_diagnostic-setting" {
   eventhub_name                  = var.eventhub_name
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
   log_analytics_workspace_id     = var.log_analytics_workspace_id
-
-  enabled_log {
-    category = var.firewall_application_rule_category
-  }
-
-  enabled_log {
-    category = var.firewall_network_rule_category
-  }
-
   enabled_log {
-    category = var.firewall_threat_intel_category
+    category_group = "AllLogs"
+    retention_policy {
+      enabled = var.retention_policy_enabled
+      days    = var.days
+    }
   }
 
   metric {
-    category = var.metric_category
-    enabled  = var.metric_enabled
-
+    category = "AllMetrics"
+    enabled  = true
     retention_policy {
       enabled = var.retention_policy_enabled
-      days    = var.retention_days
+      days    = var.days
     }
   }
-
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,40 +1,38 @@
 output "firewall_id" {
   description = "Firewall generated id"
-  value       = join("", azurerm_firewall.firewall.*.id)
+  value       = azurerm_firewall.firewall[0].id
 }
 
 output "firewall_name" {
-  value       = join("", azurerm_firewall.firewall.*.name)
+  value       = azurerm_firewall.firewall[0].name
   description = "Firewall name"
-
 }
 
 output "private_ip_address" {
-  value       = azurerm_firewall.firewall[*].ip_configuration[0].private_ip_address
+  value       = azurerm_firewall.firewall[0].ip_configuration[0].private_ip_address
   description = "Firewall private IP"
-
 }
 
 output "public_ip_id" {
-  value = azurerm_public_ip.public_ip.*.id
+  value       = azurerm_public_ip.public_ip[0].id
 }
 
 output "public_ip_address" {
-  value = azurerm_public_ip.public_ip.*.ip_address
+  value       = azurerm_public_ip.public_ip[0].ip_address
 }
 
 output "firewall_policy_id" {
-  value = join("", azurerm_firewall_policy.policy.*.id)
+  value       = azurerm_firewall_policy.policy[0].id
 }
 
 output "prefix_public_ip_id" {
-  value = azurerm_public_ip.prefix_public_ip.*.id
+  value       = azurerm_public_ip.prefix_public_ip[0].id
 }
 
 output "prefix_public_ip_address" {
-  value = azurerm_public_ip.prefix_public_ip.*.ip_address
+  value       = azurerm_public_ip.prefix_public_ip[0].ip_address
 }
 
 output "public_ip_prefix_id" {
-  value = join("", azurerm_public_ip_prefix.pip-prefix.*.id)
-}
+  value       = azurerm_public_ip_prefix.pip-prefix[0].id
+}