Merge pull request #18 from SazniMohamed/main

Add Modules for DNS Zone, DNS A Record, User Assigned Identity and Update AKS-Firewall module

modules/azurerm/AKS-Firewall/aks_cluster.tf

@@ -19,6 +19,7 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   node_resource_group                 = join("-", ["rg", var.aks_node_pool_resource_group_name])
   sku_tier                            = var.sku_tier
   private_cluster_enabled             = var.private_cluster_enabled
+  private_dns_zone_id                 = var.private_dns_zone_id
   private_cluster_public_fqdn_enabled = var.private_cluster_public_fqdn_enable
   role_based_access_control_enabled   = true
   azure_policy_enabled                = var.azure_policy_enabled
@@ -60,8 +61,19 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     only_critical_addons_enabled = var.default_node_pool_only_critical_addons_enabled
   }
 
-  identity {
-    type = "SystemAssigned"
+  dynamic "identity" {
+    for_each = var.identity_type == "SystemAssigned" ? [1] : []
+    content {
+      type = "SystemAssigned"
+    }
+  }
+
+  dynamic "identity" {
+    for_each = var.identity_type == "SystemAssigned" ? [] : [1]
+    content {
+      type         = "UserAssigned"
+      identity_ids = [var.user_assigned_identity_id]
+    }
   }
 
   azure_active_directory_role_based_access_control {

modules/azurerm/AKS-Firewall/role_assignment.tf

@@ -12,13 +12,13 @@
 resource "azurerm_role_assignment" "network_contributor_role_assignment_subnet" {
   scope                = azurerm_subnet.aks_node_pool_subnet.id
   role_definition_name = "Network Contributor"
-  principal_id         = azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id
+  principal_id         = var.identity_type == "SystemAssigned" ? azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id : var.user_assigned_identity_principal_id
   depends_on           = [azurerm_kubernetes_cluster.aks_cluster, azurerm_subnet.aks_node_pool_subnet]
 }
 
 resource "azurerm_role_assignment" "aks_network_contributor_role_assignment_loadbalancer_subnet" {
   scope                = azurerm_subnet.internal_load_balancer_subnet.id
   role_definition_name = "Network Contributor"
-  principal_id         = azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id
+  principal_id         = var.identity_type == "SystemAssigned" ? azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id : var.user_assigned_identity_principal_id
   depends_on           = [azurerm_kubernetes_cluster.aks_cluster, azurerm_subnet.internal_load_balancer_subnet]
 }

modules/azurerm/AKS-Firewall/variables.tf

@@ -248,3 +248,26 @@ variable "internal_load_balancer_subnet_enforce_private_link_endpoint_network_po
   description = "Enable or Disable network policies for the private link endpoint on the internal load balancer subnet"
   type        = bool
 }
+
+variable "private_dns_zone_id" {
+  description = "Private DNS zone id"
+  type        = string
+}
+
+variable "identity_type" {
+  description = "Identity type"
+  type        = string
+  default     = "SystemAssigned"
+}
+
+variable "user_assigned_identity_id" {
+  description = "User assigned identity id"
+  type        = string
+  default     = ""
+}
+
+variable "user_assigned_identity_principal_id" {
+  description = "User assigned identity principal id"
+  type        = string
+  default     = ""
+}

modules/azurerm/DNS-A-Record/dns_a_record.tf

@@ -0,0 +1,19 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+resource "azurerm_dns_a_record" "dns_a_record" {
+  name                = var.record_name
+  zone_name           = var.dns_zone_name
+  resource_group_name = var.resource_group_name
+  ttl                 = var.ttl
+  records             = var.records
+  tags                = var.tags
+}

modules/azurerm/DNS-A-Record/variables.tf

@@ -0,0 +1,40 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+variable "record_name" {
+  description = "The name of the CNAME record."
+  type        = string
+}
+
+variable "dns_zone_name" {
+  description = "The name of the DNS zone in which the record should be created."
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group in which the DNS zone exists."
+  type        = string
+}
+
+variable "ttl" {
+  description = "The Time To Live (TTL) of the DNS record in seconds."
+  type        = number
+}
+
+variable "records" {
+  description = "The value of the CNAME records."
+  type        = list(string)
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to the resource."
+  type        = map(string)
+}

modules/azurerm/DNS-A-Record/versions.tf

@@ -0,0 +1,20 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.52.0"
+    }
+  }
+}

modules/azurerm/DNS-CNAME-RECORD/dns_cname_record.tf

@@ -9,7 +9,7 @@
 #
 # --------------------------------------------------------------------------------------
 
-resource "azurerm_dns_cname_record" "example" {
+resource "azurerm_dns_cname_record" "dns_cname_record" {
   name                = var.record_name
   zone_name           = var.dns_zone_name
   resource_group_name = var.resource_group_name

modules/azurerm/DNS-Zone/dns_zone.tf

@@ -0,0 +1,15 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+resource "azurerm_dns_zone" "dns_zone" {
+  name                = var.dns_zone_name
+  resource_group_name = var.resource_group_name
+}

modules/azurerm/DNS-Zone/outputs.tf

@@ -0,0 +1,15 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+output "dns_zone_id" {
+  depends_on = [azurerm_dns_zone.dns_zone]
+  value      = azurerm_dns_zone.dns_zone.id
+}

modules/azurerm/DNS-Zone/variables.tf

@@ -0,0 +1,20 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+variable "dns_zone_name" {
+  description = "The name of the DNS zone."
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group."
+  type        = string
+}

modules/azurerm/DNS-Zone/versions.tf

@@ -0,0 +1,20 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.52.0"
+    }
+  }
+}

modules/azurerm/User-Assigned-Identity/outputs.tf

@@ -0,0 +1,20 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+output "azurerm_user_assigned_identity_id" {
+  depends_on = [azurerm_user_assigned_identity.user_assigned_identity]
+  value      = azurerm_user_assigned_identity.user_assigned_identity.id
+}
+
+output "azurerm_user_assigned_identity_principal_id" {
+  depends_on = [azurerm_user_assigned_identity.user_assigned_identity]
+  value      = azurerm_user_assigned_identity.user_assigned_identity.principal_id
+}

modules/azurerm/User-Assigned-Identity/user_assigned_identity.tf

@@ -0,0 +1,16 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+resource "azurerm_user_assigned_identity" "user_assigned_identity" {
+  name                = var.name
+  resource_group_name = var.resource_group_name
+  location            = var.location
+}

modules/azurerm/User-Assigned-Identity/variables.tf

@@ -0,0 +1,25 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+variable "name" {
+  description = "Name of the user assigned identity"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "Resource group name"
+  type        = string
+}
+
+variable "location" {
+  description = "Azure region"
+  type        = string
+}

modules/azurerm/User-Assigned-Identity/versions.tf

@@ -0,0 +1,20 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+#
+# This software is the property of WSO2 LLC. and its suppliers, if any.
+# Dissemination of any information or reproduction of any material contained
+# herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+# You may not alter or remove any copyright or other notice from copies of this content.
+#
+# --------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.52.0"
+    }
+  }
+}

modules/azurerm/Vnet-Peering/locals.tf

@@ -14,7 +14,6 @@ locals {
   vnet_src_name                = element(local.vnet_src_parts, 8)
   vnet_src_resource_group_name = element(local.vnet_src_parts, 4)
 
-  vnet_dest_parts               = split("/", var.vnet_dest_id)
-  vnet_dest_name                = element(local.vnet_dest_parts, 8)
-  vnet_dest_resource_group_name = element(local.vnet_dest_parts, 4)
+  vnet_dest_parts = split("/", var.vnet_dest_id)
+  vnet_dest_name  = element(local.vnet_dest_parts, 8)
 }

modules/azurerm/Vnet-Peering/outputs.tf

@@ -9,22 +9,12 @@
 #
 # --------------------------------------------------------------------------------------
 
-output "vnet_peering_src_id" {
-  description = "Virtual network src peering id"
-  value       = azurerm_virtual_network_peering.peering_src.id
+output "vnet_peering_id" {
+  description = "Virtual network peering id"
+  value       = azurerm_virtual_network_peering.vnet_peering.id
 }
 
-output "vnet_peering_src_name" {
-  description = "Virtual network src peering name"
-  value       = azurerm_virtual_network_peering.peering_src.name
-}
-
-output "vnet_peering_dest_id" {
-  description = "Virtual network dest peering id"
-  value       = azurerm_virtual_network_peering.peering_dest.id
-}
-
-output "vnet_peering_dest_name" {
-  description = "Virtual network dest peering name"
-  value       = azurerm_virtual_network_peering.peering_dest.name
+output "vnet_peering_name" {
+  description = "Virtual network peering name"
+  value       = azurerm_virtual_network_peering.vnet_peering.name
 }