From d40dcf6e2da2a824eb7952b18aa33f6c132d95a8 Mon Sep 17 00:00:00 2001 From: Ankit Kaushik Date: Thu, 1 Aug 2024 11:11:35 +0530 Subject: [PATCH 1/2] initial commit --- .gitignore | 6 + README.md | 199 ++++++++++++++++++ _data.tf | 19 ++ _locals.tf | 13 ++ _outputs.tf | 54 +++++ _variables.tf | 401 +++++++++++++++++++++++++++++++++++++ api-management.tf | 185 +++++++++++++++++ examples/main/main.tf | 13 ++ examples/main/modules.tf | 74 +++++++ examples/main/variables.tf | 30 +++ r-logs.tf | 13 ++ r-named-values.tf | 10 + r-network.tf | 15 ++ r-policy.tf | 8 + r-products-groups.tf | 28 +++ terraform.tfvars.ci | 9 + versions.tf | 13 ++ 17 files changed, 1090 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 _data.tf create mode 100644 _locals.tf create mode 100644 _outputs.tf create mode 100644 _variables.tf create mode 100644 api-management.tf create mode 100644 examples/main/main.tf create mode 100644 examples/main/modules.tf create mode 100644 examples/main/variables.tf create mode 100644 r-logs.tf create mode 100644 r-named-values.tf create mode 100644 r-network.tf create mode 100644 r-policy.tf create mode 100644 r-products-groups.tf create mode 100644 terraform.tfvars.ci create mode 100644 versions.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c6bc911 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +.terraform +main.tf +terraform.tfvars +.terraform.lock.hcl +!examples/**/main.tf +!examples/**/terraform.tfvars diff --git a/README.md b/README.md new file mode 100644 index 0000000..db9bb9d --- /dev/null +++ b/README.md @@ -0,0 +1,199 @@ +# Azure API Management feature +[![Lint Status](https://github.com/tothenew/terraform-aws-template/workflows/Lint/badge.svg)](https://github.com/tothenew/terraform-aws-template/actions) +[![LICENSE](https://img.shields.io/github/license/tothenew/terraform-aws-template)](https://github.com/tothenew/terraform-aws-template/blob/master/LICENSE) + +This Terraform module creates an [Azure API Management](https://docs.microsoft.com/en-us/azure/api-management/). + +## Requirements + +* [AzureRM Terraform provider](https://www.terraform.io/docs/providers/azurerm/) >= 1.32 + + +## Global versioning rule for Claranet Azure modules + +| Module version | Terraform version | AzureRM version | +| -------------- | ----------------- | --------------- | +| >= 7.x.x | 1.3.x | >= 3.0 | +| >= 6.x.x | 1.x | >= 3.0 | +| >= 5.x.x | 0.15.x | >= 2.0 | +| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | +| >= 3.x.x | 0.12.x | >= 2.0 | +| >= 2.x.x | 0.12.x | < 2.0 | +| < 2.x.x | 0.11.x | < 2.0 | + + +## Usage + +This module is optimized to work with the [ToTheNew Modules](https://github.com/claranet/terraform-wrapper) tool +which set some terraform variables in the environment needed by this module. +More details about variables set by the `terraform-wrapper` available in the [documentation](https://github.com/claranet/terraform-wrapper#environment). + +```hcl + +module "storage_account" { + source = "git::https://github.com/tothenew/terraform-azure-storageaccount.git" + + account_name = "{local.name_prefix}sa" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + log_analytics_workspace_id = module.log_analytics.workspace_id + + account_kind = "BlobStorage" +} + + +module "log_analytics" { + source = "git::https://github.com/tothenew/terraform-azure-loganalytics.git" + + workspace_name = "${local.name_prefix}-log" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + tags = var.extra_tags +} + +module "apim" { + location_short = module.azure_region.location_short + source = "claranet/api-management/azurerm" + version = "x.x.x" + + location = var.location + client_name = var.client_name + environment = var.environment + stack = var.stack + + resource_group_name = var.resource_group_name + + sku_tier = "Standard" + sku_capacity = 1 + + publisher_name = "Contoso ApiManager" + publisher_email = "api_manager@test.com" + + named_values = [ + { + name = "my_named_value" + value = "my_secret_value" + secret = true + }, + { + display_name = "My second value explained" + name = "my_second_value" + value = "my_not_secret_value" + } + ] + + additional_location = [ + { + location = "eastus2" + subnet_id = var.subnet_id + }, + ] + + logs_destinations_ids = [ + module.storage_account.account_id, + module.log_analytics.workspace_id + ] +} +``` + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | ~> 1.2, >= 1.2.22 | +| azurerm | ~> 3.108 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| diagnostics | claranet/diagnostic-settings/azurerm | ~> 6.5.0 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management) | resource | +| [azurerm_api_management_group.group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource | +| [azurerm_api_management_named_value.named_values](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_policy.policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_policy) | resource | +| [azurerm_api_management_product.product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_product) | resource | +| [azurerm_api_management_product_group.product_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_product_group) | resource | +| [azurerm_network_security_rule.management_apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurecaf_name.apim](https://registry.terraform.io/providers/aztfmod/azurecaf/latest/docs/data-sources/name) | data source | +| [azurecaf_name.apim_nsg_rule](https://registry.terraform.io/providers/aztfmod/azurecaf/latest/docs/data-sources/name) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| additional\_location | List of the Azure Region in which the API Management Service should be expanded to. | 
list(object({
    location             = string
    capacity             = optional(number)
    zones                = optional(list(number), [1, 2, 3])
    public_ip_address_id = optional(string)
    subnet_id            = optional(string)
  }))
| `[]` | no | +| certificate\_configuration | List of certificate configurations. | 
list(object({
    encoded_certificate  = string
    certificate_password = optional(string)
    store_name           = string
  }))
| `[]` | no | +| client\_certificate\_enabled | (Optional) Enforce a client certificate to be presented on each request to the gateway? This is only supported when SKU type is `Consumption`. | `bool` | `false` | no | +| client\_name | Client name/account used in naming. | `string` | n/a | yes | +| create\_management\_rule | Whether to create the NSG rule for the management port of the APIM. If true, nsg\_name variable must be set | `bool` | `false` | no | +| create\_product\_group\_and\_relationships | Create local APIM groups with name identical to products and create a relationship between groups and products. | `bool` | `false` | no | +| custom\_diagnostic\_settings\_name | Custom name of the diagnostics settings, name will be 'default' if not set. | `string` | `"default"` | no | +| custom\_management\_rule\_name | Custom NSG rule name for APIM Management. | `string` | `""` | no | +| custom\_name | Custom API Management name, generated if not set. | `string` | `""` | no | +| default\_tags\_enabled | Option to enable or disable default tags | `bool` | `true` | no | +| developer\_portal\_hostname\_configuration | Developer Portal hostname configurations. | 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
| `[]` | no | +| enable\_http2 | Should HTTP/2 be supported by the API Management Service? | `bool` | `false` | no | +| environment | Project environment. | `string` | n/a | yes | +| extra\_tags | Extra tags to add | `map(string)` | `{}` | no | +| gateway\_disabled | (Optional) Disable the gateway in main region? This is only supported when `additional_location` is set. | `bool` | `false` | no | +| identity\_ids | A list of IDs for User Assigned Managed Identity resources to be assigned. This is required when type is set to `UserAssigned` or `SystemAssigned, UserAssigned`. | `list(string)` | `[]` | no | +| identity\_type | Type of Managed Service Identity that should be configured on this API Management Service. | `string` | `"SystemAssigned"` | no | +| location | Azure location for Eventhub. | `string` | n/a | yes | +| location\_short | Short string for Azure location. | `string` | n/a | yes | +| logs\_categories | Log categories to send to destinations. | `list(string)` | `null` | no | +| logs\_destinations\_ids | List of destination resources IDs for logs diagnostic destination.
Can be `Storage Account`, `Log Analytics Workspace` and `Event Hub`. No more than one of each can be set.
If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formated string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the `|` character. | `list(string)` | n/a | yes | +| logs\_metrics\_categories | Metrics categories to send to destinations. | `list(string)` | `null` | no | +| management\_hostname\_configuration | List of management hostname configurations. | 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
| `[]` | no | +| management\_nsg\_rule\_priority | Priority of the NSG rule created for the management port of the APIM | `number` | `101` | no | +| min\_api\_version | (Optional) The version which the control plane API calls to API Management service are limited with version equal to or newer than. | `string` | `null` | no | +| name\_prefix | Optional prefix for the generated name | `string` | `""` | no | +| name\_suffix | Optional suffix for the generated name | `string` | `""` | no | +| named\_values | Named values configurations. | 
list(object({
    name         = string
    display_name = optional(string)
    value        = string
    secret       = optional(bool, false)
  }))
| `[]` | no | +| notification\_sender\_email | Email address from which the notification will be sent. | `string` | `null` | no | +| nsg\_name | NSG name of the subnet hosting the APIM to add the rule to allow management if the APIM is private | `string` | `null` | no | +| nsg\_rg\_name | Name of the RG hosting the NSG if it's different from the one hosting the APIM | `string` | `null` | no | +| policy\_configuration | Policies configurations. | 
list(object({
    name        = optional(string, "default")
    xml_content = optional(string)
    xml_link    = optional(string)
  }))
| `[]` | no | +| portal\_hostname\_configuration | Legacy Portal hostname configurations. | 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
| `[]` | no | +| products | List of products to create. | `list(string)` | `[]` | no | +| proxy\_hostname\_configuration | List of proxy hostname configurations. | 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
| `[]` | no | +| publisher\_email | The email of publisher/company. | `string` | n/a | yes | +| publisher\_name | The name of publisher/company. | `string` | n/a | yes | +| resource\_group\_name | Name of the resource group. | `string` | n/a | yes | +| scm\_hostname\_configuration | List of SCM hostname configurations. | 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
| `[]` | no | +| security\_configuration | Security configuration block. | 
object({
    enable_backend_ssl30  = optional(bool, false)
    enable_backend_tls10  = optional(bool, false)
    enable_backend_tls11  = optional(bool, false)
    enable_frontend_ssl30 = optional(bool, false)
    enable_frontend_tls10 = optional(bool, false)
    enable_frontend_tls11 = optional(bool, false)

    tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = optional(bool, false)
    tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = optional(bool, false)
    tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled   = optional(bool, false)
    tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled   = optional(bool, false)
    tls_rsa_with_aes128_cbc_sha256_ciphers_enabled      = optional(bool, false)
    tls_rsa_with_aes128_cbc_sha_ciphers_enabled         = optional(bool, false)
    tls_rsa_with_aes128_gcm_sha256_ciphers_enabled      = optional(bool, false)
    tls_rsa_with_aes256_cbc_sha256_ciphers_enabled      = optional(bool, false)
    tls_rsa_with_aes256_cbc_sha_ciphers_enabled         = optional(bool, false)

    triple_des_ciphers_enabled = optional(bool, false)
  })
| `{}` | no | +| sign\_in\_enabled | Should anonymous users be redirected to the sign in page? | `bool` | `false` | no | +| sign\_up\_enabled | Can users sign up on the development portal? | `bool` | `false` | no | +| sku\_capacity | APIM SKU capacity. | `number` | `1` | no | +| sku\_tier | APIM SKU. Valid values include: Developer, Basic, Standard, StandardV2 and Premium. | `string` | `"Basic"` | no | +| stack | Project stack name. | `string` | n/a | yes | +| terms\_of\_service\_configuration | Terms of service configurations. | 
list(object({
    consent_required = optional(bool, false)
    enabled          = optional(bool, false)
    text             = optional(string, "")
  }))
| `[]` | no | +| use\_caf\_naming | Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`. | `bool` | `true` | no | +| virtual\_network\_configuration | The id(s) of the subnet(s) that will be used for the API Management. Required when virtual\_network\_type is External or Internal | `list(string)` | `[]` | no | +| virtual\_network\_type | The type of virtual network you want to use, valid values include: None, External, Internal. | `string` | `null` | no | +| zones | (Optional) Specifies a list of Availability Zones in which this API Management service should be located. Changing this forces a new API Management service to be created. Supported in Premium Tier. | `list(number)` | 
[
  1,
  2,
  3
]
| no | + +## Outputs + +| Name | Description | +|------|-------------| +| api\_management\_additional\_location | Map listing gateway\_regional\_url and public\_ip\_addresses associated | +| api\_management\_gateway\_regional\_url | The Region URL for the Gateway of the API Management Service | +| api\_management\_gateway\_url | The URL of the Gateway for the API Management Service | +| api\_management\_id | The ID of the API Management Service | +| api\_management\_identity | The identity of the API Management | +| api\_management\_management\_api\_url | The URL for the Management API associated with this API Management service | +| api\_management\_name | The name of the API Management Service | +| api\_management\_portal\_url | The URL for the Publisher Portal associated with this API Management service | +| api\_management\_private\_ip\_addresses | The Private IP addresses of the API Management Service | +| api\_management\_public\_ip\_addresses | The Public IP addresses of the API Management Service | +| api\_management\_scm\_url | The URL for the SCM Endpoint associated with this API Management service | + +## Related documentation + +Microsoft Azure documentation: [https://docs.microsoft.com/en-us/azure/api-management/](https://docs.microsoft.com/en-us/azure/api-management/) diff --git a/_data.tf b/_data.tf new file mode 100644 index 0000000..0caaaa1 --- /dev/null +++ b/_data.tf @@ -0,0 +1,19 @@ +data "azurecaf_name" "apim" { + name = var.stack + resource_type = "azurerm_api_management" + prefixes = var.name_prefix == "" ? null : [local.name_prefix] + suffixes = compact([var.client_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "apim"]) + use_slug = var.use_caf_naming + clean_input = true + separator = "-" +} + +data "azurecaf_name" "apim_nsg_rule" { + name = var.stack + resource_type = "azurerm_network_security_rule" + prefixes = var.name_prefix == "" ? null : [local.name_prefix] + suffixes = compact([var.client_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "apim-nsg"]) + use_slug = var.use_caf_naming + clean_input = true + separator = "-" +} diff --git a/_locals.tf b/_locals.tf new file mode 100644 index 0000000..39d740d --- /dev/null +++ b/_locals.tf @@ -0,0 +1,13 @@ +locals { + default_tags = var.default_tags_enabled ? { + env = var.environment + stack = var.stack + } : {} + + # Naming locals/constants + name_prefix = lower(var.name_prefix) + name_suffix = lower(var.name_suffix) + + apim_name = coalesce(var.custom_name, data.azurecaf_name.apim.result) + nsg_rule_name = coalesce(var.custom_management_rule_name, data.azurecaf_name.apim_nsg_rule.result) +} diff --git a/_outputs.tf b/_outputs.tf new file mode 100644 index 0000000..72c508d --- /dev/null +++ b/_outputs.tf @@ -0,0 +1,54 @@ +output "api_management_name" { + description = "The name of the API Management Service" + value = azurerm_api_management.apim.name +} + +output "api_management_id" { + description = "The ID of the API Management Service" + value = azurerm_api_management.apim.id +} + +output "api_management_additional_location" { + description = "Map listing gateway_regional_url and public_ip_addresses associated" + value = azurerm_api_management.apim.additional_location +} + +output "api_management_gateway_url" { + description = "The URL of the Gateway for the API Management Service" + value = azurerm_api_management.apim.gateway_url +} + +output "api_management_gateway_regional_url" { + description = "The Region URL for the Gateway of the API Management Service" + value = azurerm_api_management.apim.gateway_regional_url +} + +output "api_management_management_api_url" { + description = "The URL for the Management API associated with this API Management service" + value = azurerm_api_management.apim.management_api_url +} + +output "api_management_portal_url" { + description = "The URL for the Publisher Portal associated with this API Management service" + value = azurerm_api_management.apim.portal_url +} + +output "api_management_public_ip_addresses" { + description = "The Public IP addresses of the API Management Service" + value = azurerm_api_management.apim.public_ip_addresses +} + +output "api_management_private_ip_addresses" { + description = "The Private IP addresses of the API Management Service" + value = azurerm_api_management.apim.private_ip_addresses +} + +output "api_management_scm_url" { + description = "The URL for the SCM Endpoint associated with this API Management service" + value = azurerm_api_management.apim.scm_url +} + +output "api_management_identity" { + description = "The identity of the API Management" + value = azurerm_api_management.apim.identity +} diff --git a/_variables.tf b/_variables.tf new file mode 100644 index 0000000..4c7500d --- /dev/null +++ b/_variables.tf @@ -0,0 +1,401 @@ +# Generic naming variables +variable "name_prefix" { + description = "Optional prefix for the generated name" + type = string + default = "" +} + +variable "name_suffix" { + description = "Optional suffix for the generated name" + type = string + default = "" +} + +variable "use_caf_naming" { + description = "Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`." + type = bool + default = true +} + +# Custom naming override +variable "custom_name" { + description = "Custom API Management name, generated if not set." + type = string + default = "" +} + +variable "custom_management_rule_name" { + description = "Custom NSG rule name for APIM Management." + type = string + default = "" +} + + +# Diag settings / logs parameters + +variable "logs_destinations_ids" { + type = list(string) + description = < named_value } + + api_management_name = azurerm_api_management.apim.name + display_name = coalesce(each.value.display_name, each.value.name) + name = each.value.name + resource_group_name = var.resource_group_name + value = each.value.value + secret = each.value.secret +} diff --git a/r-network.tf b/r-network.tf new file mode 100644 index 0000000..fde4b23 --- /dev/null +++ b/r-network.tf @@ -0,0 +1,15 @@ +resource "azurerm_network_security_rule" "management_apim" { + count = var.create_management_rule ? 1 : 0 + access = "Allow" + direction = "Inbound" + name = local.nsg_rule_name + network_security_group_name = var.nsg_name + priority = var.management_nsg_rule_priority + protocol = "Tcp" + resource_group_name = var.nsg_rg_name == null ? var.resource_group_name : var.nsg_rg_name + + source_port_range = "*" + destination_port_range = "3443" + source_address_prefix = "ApiManagement" + destination_address_prefix = "VirtualNetwork" +} diff --git a/r-policy.tf b/r-policy.tf new file mode 100644 index 0000000..7ce7fd4 --- /dev/null +++ b/r-policy.tf @@ -0,0 +1,8 @@ +resource "azurerm_api_management_policy" "policy" { + for_each = { for p in var.policy_configuration : p.name => p } + + api_management_id = azurerm_api_management.apim.id + + xml_content = each.value.xml_content + xml_link = each.value.xml_link +} diff --git a/r-products-groups.tf b/r-products-groups.tf new file mode 100644 index 0000000..717c877 --- /dev/null +++ b/r-products-groups.tf @@ -0,0 +1,28 @@ +resource "azurerm_api_management_group" "group" { + for_each = var.create_product_group_and_relationships ? toset(var.products) : [] + name = each.key + resource_group_name = var.resource_group_name + api_management_name = azurerm_api_management.apim.name + display_name = each.key +} + +resource "azurerm_api_management_product" "product" { + for_each = toset(var.products) + product_id = each.key + resource_group_name = var.resource_group_name + api_management_name = azurerm_api_management.apim.name + display_name = each.key + subscription_required = true + approval_required = true + published = true + subscriptions_limit = 1 +} + +resource "azurerm_api_management_product_group" "product_group" { + for_each = var.create_product_group_and_relationships ? toset(var.products) : [] + product_id = each.key + resource_group_name = var.resource_group_name + api_management_name = azurerm_api_management.apim.name + group_name = each.key +} + diff --git a/terraform.tfvars.ci b/terraform.tfvars.ci new file mode 100644 index 0000000..7f87100 --- /dev/null +++ b/terraform.tfvars.ci @@ -0,0 +1,9 @@ +location = "fr-central" +location_short = "frc" +client_name = "test" +environment = "test" +stack = "ci" +resource_group_name = "ci" +sku_name = "Standard_1" +publisher_name = "BRS ApiManager" +publisher_email = "api_manager@test.com" diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..555aeed --- /dev/null +++ b/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.3" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.108" + } + azurecaf = { + source = "aztfmod/azurecaf" + version = "~> 1.2, >= 1.2.22" + } + } +} From 65396b65b630781c1612d47ea4d39043fab42851 Mon Sep 17 00:00:00 2001 From: Ankit Kaushik Date: Thu, 1 Aug 2024 11:33:02 +0530 Subject: [PATCH 2/2] terraform fmt and validate --- _data.tf | 4 ++-- _locals.tf | 2 +- _variables.tf | 4 ---- examples/main/modules.tf | 14 +++++++------- r-logs.tf | 13 ------------- 5 files changed, 10 insertions(+), 27 deletions(-) delete mode 100644 r-logs.tf diff --git a/_data.tf b/_data.tf index 0caaaa1..97601f2 100644 --- a/_data.tf +++ b/_data.tf @@ -2,7 +2,7 @@ data "azurecaf_name" "apim" { name = var.stack resource_type = "azurerm_api_management" prefixes = var.name_prefix == "" ? null : [local.name_prefix] - suffixes = compact([var.client_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "apim"]) + suffixes = compact([var.client_name, var.environment, local.name_suffix, var.use_caf_naming ? "" : "apim"]) use_slug = var.use_caf_naming clean_input = true separator = "-" @@ -12,7 +12,7 @@ data "azurecaf_name" "apim_nsg_rule" { name = var.stack resource_type = "azurerm_network_security_rule" prefixes = var.name_prefix == "" ? null : [local.name_prefix] - suffixes = compact([var.client_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "apim-nsg"]) + suffixes = compact([var.client_name, var.environment, local.name_suffix, var.use_caf_naming ? "" : "apim-nsg"]) use_slug = var.use_caf_naming clean_input = true separator = "-" diff --git a/_locals.tf b/_locals.tf index 39d740d..c6e0ef6 100644 --- a/_locals.tf +++ b/_locals.tf @@ -4,7 +4,7 @@ locals { stack = var.stack } : {} - # Naming locals/constants + # Naming locals/constants name_prefix = lower(var.name_prefix) name_suffix = lower(var.name_suffix) diff --git a/_variables.tf b/_variables.tf index 4c7500d..66e3508 100644 --- a/_variables.tf +++ b/_variables.tf @@ -97,10 +97,6 @@ variable "location" { type = string } -variable "location_short" { - description = "Short string for Azure location." - type = string -} variable "sku_tier" { description = "APIM SKU. Valid values include: Developer, Basic, Standard, StandardV2 and Premium." diff --git a/examples/main/modules.tf b/examples/main/modules.tf index 55fb8aa..aaf60a5 100644 --- a/examples/main/modules.tf +++ b/examples/main/modules.tf @@ -28,18 +28,18 @@ module "log_analytics" { workspace_name = "${local.name_prefix}-log" resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location - tags = var.extra_tags + tags = var.extra_tags } module "apim" { - source = "../../" + source = "../../" - location = var.location - client_name = var.client_name - environment = var.environment - stack = var.stack + location = var.location + client_name = var.client_name + environment = var.environment + stack = var.stack - resource_group_name = var.resource_group_name + resource_group_name = azurerm_resource_group.rg.name sku_tier = "Standard" sku_capacity = 1 diff --git a/r-logs.tf b/r-logs.tf deleted file mode 100644 index 4b3e366..0000000 --- a/r-logs.tf +++ /dev/null @@ -1,13 +0,0 @@ -module "diagnostic_settings" { - source = "git::https://github.com/tothenew/terraform-azure-diagnostics.git" - - resource_id = module.lb.lb_id - - logs_destinations_ids = [ - module.logs.logs_storage_account_id, - module.logs.log_analytics_workspace_id, - format("%s|%s", module.eventhub.namespace_send_authorization_rule.id, module.eventhub.eventhubs["logs"].name), - ] - - log_analytics_destination_type = "Dedicated" -}