Skip to content

Commit

Permalink
Merge pull request #61 from clouddrove/fix/provider
Browse files Browse the repository at this point in the history 
fix: fixed the multiple provider issue
  • Loading branch information
@d4kverma
d4kverma authored Jul 26, 2024
2 parents 87d2532 + fef1226 commit 3ffc626
Show file tree
Hide file tree
Showing 7 changed files with 80 additions and 14 deletions.
15 changes: 15 additions & 0 deletions _example/basic/example.tf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,18 @@
provider "azurerm" {
features {}
storage_use_azuread = true
subscription_id = "01111111111110-11-11-11-11"
skip_provider_registration = "true"
}

provider "azurerm" {
features {}
alias = "peer"
subscription_id = "01111111111110-11-11-11-11"
skip_provider_registration = "true"
}


locals {
name = "app"
environment = "test"
Expand All @@ -13,6 +24,10 @@ locals {
## Here default storage will be deployed i.e. storage account without cmk encryption.
##-----------------------------------------------------------------------------
module "storage" {
providers = {
azurerm.dns_sub = azurerm.peer,
azurerm.main_sub = azurerm
}
source = "../.."
name = local.name
environment = local.environment
Expand Down
4 changes: 2 additions & 2 deletions _example/basic/version.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.6.6"
required_version = ">= 1.7.8"
}

terraform {
Expand All @@ -9,4 +9,4 @@ terraform {
version = ">=3.89.0"
}
}
}
}
36 changes: 32 additions & 4 deletions _example/complete/example.tf
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,19 @@

provider "azurerm" {
features {}
storage_use_azuread = true
subscription_id = "01111111111110-11-11-11-11"
skip_provider_registration = "true"
}

provider "azurerm" {
storage_use_azuread = true
features {}
alias = "peer"
subscription_id = "01111111111110-11-11-11-11"
skip_provider_registration = "true"
}


data "azurerm_client_config" "current_client_config" {}

locals {
Expand Down Expand Up @@ -44,7 +55,7 @@ module "vnet" {
##-----------------------------------------------------------------------------
module "subnet" {
source = "clouddrove/subnet/azure"
version = "1.1.0"
version = "1.2.0"
name = local.name
environment = local.environment
label_order = local.label_order
Expand Down Expand Up @@ -83,7 +94,7 @@ module "vault" {
source = "clouddrove/key-vault/azure"
version = "1.1.0"

name = "vae596058"
name = "vae5960581"
environment = "test"
label_order = ["name", "environment", ]
resource_group_name = module.resource_group.resource_group_name
Expand Down Expand Up @@ -116,6 +127,11 @@ module "vault" {
## Here storage account will be deployed with CMK encryption.
##-----------------------------------------------------------------------------
module "storage" {
providers = {
azurerm.dns_sub = azurerm.peer,
azurerm.main_sub = azurerm
}

source = "../.."
name = local.name
environment = local.environment
Expand All @@ -132,6 +148,18 @@ module "storage" {
cmk_encryption_enabled = true
key_vault_id = module.vault.id

########Following to be uncommnented only when using DNS Zone from different subscription along with existing DNS zone.

# diff_sub = true
# alias = ""
# alias_sub = ""

#########Following to be uncommmented when using DNS zone from different resource group or different subscription.
# existing_private_dns_zone = "privatelink.blob.core.windows.net"
# existing_private_dns_zone_resource_group_name = "dns-rg"



## Storage Container
containers_list = [
{ name = "app-test", access_type = "private" },
Expand All @@ -145,4 +173,4 @@ module "storage" {
virtual_network_id = module.vnet.vnet_id
subnet_id = module.subnet.default_subnet_id[0]
log_analytics_workspace_id = module.log-analytics.workspace_id
}
}
4 changes: 2 additions & 2 deletions _example/complete/version.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.6.6"
required_version = ">= 1.7.8"
}

terraform {
Expand All @@ -9,4 +9,4 @@ terraform {
version = ">=3.89.0"
}
}
}
}
29 changes: 26 additions & 3 deletions main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
data "azurerm_client_config" "current" {}


##-----------------------------------------------------------------------------
## Labels module callled that will be used for naming and tags.
##-----------------------------------------------------------------------------
Expand All @@ -19,6 +20,7 @@ module "labels" {
## To create storage account with cmk(customer managed key) encryption set 'var.default_enabled = false'.
##-----------------------------------------------------------------------------
resource "azurerm_storage_account" "storage" {
provider = azurerm.main_sub
count = var.enabled ? 1 : 0
name = var.storage_account_name
resource_group_name = var.resource_group_name
Expand Down Expand Up @@ -211,6 +213,7 @@ resource "azurerm_storage_account" "storage" {
## This user assigned identity will be created when storage account with cmk is created.
##-----------------------------------------------------------------------------
resource "azurerm_user_assigned_identity" "identity" {
provider = azurerm.main_sub
count = var.enabled && var.cmk_encryption_enabled ? 1 : 0
location = var.location
name = format("%s-storage-mid", module.labels.id)
Expand All @@ -222,6 +225,7 @@ resource "azurerm_user_assigned_identity" "identity" {
## Below resource will assign 'Key Vault Crypto Service Encryption User' role to user assigned identity created above.
##-----------------------------------------------------------------------------
resource "azurerm_role_assignment" "identity_assigned" {
provider = azurerm.main_sub
depends_on = [azurerm_user_assigned_identity.identity]
count = var.enabled && var.cmk_encryption_enabled && var.key_vault_rbac_auth_enabled ? 1 : 0
principal_id = azurerm_user_assigned_identity.identity[0].principal_id
Expand All @@ -234,6 +238,7 @@ resource "azurerm_role_assignment" "identity_assigned" {
## if rbac is enabled then below resource will create.
##-----------------------------------------------------------------------------
resource "azurerm_role_assignment" "rbac_keyvault_crypto_officer" {
provider = azurerm.main_sub
for_each = toset(var.key_vault_rbac_auth_enabled && var.enabled && var.cmk_encryption_enabled ? var.admin_objects_ids : [])

scope = var.key_vault_id
Expand All @@ -245,6 +250,7 @@ resource "azurerm_role_assignment" "rbac_keyvault_crypto_officer" {
## Below resource will create key vault key that will be used for encryption.
##-----------------------------------------------------------------------------
resource "azurerm_key_vault_key" "kvkey" {
provider = azurerm.main_sub
depends_on = [azurerm_role_assignment.identity_assigned, azurerm_role_assignment.rbac_keyvault_crypto_officer]
count = var.enabled && var.cmk_encryption_enabled ? 1 : 0
name = format("%s-storage-key-vault-key", module.labels.id)
Expand Down Expand Up @@ -278,6 +284,7 @@ resource "azurerm_key_vault_key" "kvkey" {
## Below resource will create network rules for storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_account_network_rules" "network-rules" {
provider = azurerm.main_sub
for_each = var.enabled ? { for rule in var.network_rules : rule.default_action => rule } : {}
storage_account_id = azurerm_storage_account.storage[0].id
default_action = lookup(each.value, "default_action", "Deny")
Expand All @@ -297,6 +304,7 @@ resource "azurerm_storage_account_network_rules" "network-rules" {
## Below resource will create threat protection for storage account.
##-----------------------------------------------------------------------------
resource "azurerm_advanced_threat_protection" "atp" {
provider = azurerm.main_sub
count = var.enabled && var.enable_advanced_threat_protection ? 1 : 0
target_resource_id = azurerm_storage_account.storage[0].id
enabled = var.enable_advanced_threat_protection
Expand All @@ -307,6 +315,7 @@ resource "azurerm_advanced_threat_protection" "atp" {
## This resource is not required when key vault has role based authorization(rbac) enabled.
##-----------------------------------------------------------------------------
resource "azurerm_key_vault_access_policy" "keyvault-access-policy" {
provider = azurerm.main_sub
count = var.enabled && var.key_vault_rbac_auth_enabled == false ? 1 : 0
key_vault_id = var.key_vault_id
tenant_id = data.azurerm_client_config.current.tenant_id
Expand Down Expand Up @@ -347,6 +356,7 @@ resource "azurerm_key_vault_access_policy" "keyvault-access-policy" {
## Below resource will create container in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_container" "container" {
provider = azurerm.main_sub
count = var.enabled ? length(var.containers_list) : 0
name = var.containers_list[count.index].name
storage_account_name = azurerm_storage_account.storage[0].name
Expand All @@ -357,6 +367,7 @@ resource "azurerm_storage_container" "container" {
## Below resource will create file share in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_share" "fileshare" {
provider = azurerm.main_sub
count = var.enabled ? length(var.file_shares) : 0
name = var.file_shares[count.index].name
storage_account_name = azurerm_storage_account.storage[0].name
Expand All @@ -367,6 +378,7 @@ resource "azurerm_storage_share" "fileshare" {
## Below resource will create tables in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_table" "tables" {
provider = azurerm.main_sub
count = var.enabled ? length(var.tables) : 0
name = var.tables[count.index]
storage_account_name = azurerm_storage_account.storage[0].name
Expand All @@ -376,6 +388,7 @@ resource "azurerm_storage_table" "tables" {
## Below resource will create queue in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_queue" "queues" {
provider = azurerm.main_sub
count = var.enabled ? length(var.queues) : 0
name = var.queues[count.index]
storage_account_name = azurerm_storage_account.storage[0].name
Expand All @@ -385,6 +398,7 @@ resource "azurerm_storage_queue" "queues" {
## Below resource will create management policy for storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_management_policy" "lifecycle_management" {
provider = azurerm.main_sub
count = var.enabled && var.management_policy_enable ? length(var.management_policy) : 0
storage_account_id = azurerm_storage_account.storage[0].id

Expand Down Expand Up @@ -426,6 +440,7 @@ provider "azurerm" {
## Below resource will create private endpoint for storage account.
##-----------------------------------------------------------------------------
resource "azurerm_private_endpoint" "pep" {
provider = azurerm.main_sub
count = var.enabled && var.enable_private_endpoint ? 1 : 0
name = format("%s-%s-pe", module.labels.id, var.storage_account_name)
location = local.location
Expand Down Expand Up @@ -460,6 +475,7 @@ locals {
## Will work when storage account with cmk encryption.
##-----------------------------------------------------------------------------
data "azurerm_private_endpoint_connection" "private-ip-0" {
provider = azurerm.main_sub
count = var.enabled && var.enable_private_endpoint ? 1 : 0
name = azurerm_private_endpoint.pep[0].name
resource_group_name = local.resource_group_name
Expand All @@ -471,6 +487,7 @@ data "azurerm_private_endpoint_connection" "private-ip-0" {
## Will be created only when there is no existing private dns zone and private endpoint is enabled.
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_zone" "dnszone" {
provider = azurerm.main_sub
count = var.enabled && var.existing_private_dns_zone == null && var.enable_private_endpoint ? 1 : 0
name = "privatelink.blob.core.windows.net"
resource_group_name = local.resource_group_name
Expand All @@ -482,6 +499,7 @@ resource "azurerm_private_dns_zone" "dnszone" {
## Vnet link will be created when there is no existing private dns zone or existing private dns zone is in same subscription.
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_zone_virtual_network_link" "vent-link" {
provider = azurerm.main_sub
count = var.enabled && var.enable_private_endpoint && (var.existing_private_dns_zone != null ? (var.existing_private_dns_zone_resource_group_name == "" ? false : true) : true) && var.diff_sub == false ? 1 : 0
name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-storage", module.labels.id) : format("%s-pdz-vnet-link-storage-1", module.labels.id)
resource_group_name = local.valid_rg_name
Expand All @@ -495,7 +513,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vent-link" {
## Vnet link will be created when existing private dns zone is in different subscription.
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-1" {
provider = azurerm.peer
provider = azurerm.dns_sub
count = var.enabled && var.enable_private_endpoint && var.diff_sub == true ? 1 : 0
name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-storage", module.labels.id) : format("%s-pdz-vnet-link-storage-1", module.labels.id)
resource_group_name = local.valid_rg_name
Expand All @@ -510,7 +528,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-1" {
## This resource is deployed when more than 1 vnet link is required and module can be called again to do so without deploying other storage account resources.
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-diff-subs" {
provider = azurerm.peer
provider = azurerm.dns_sub
count = var.enabled && var.multi_sub_vnet_link && var.existing_private_dns_zone != null ? 1 : 0
name = format("%s-pdz-vnet-link-storage-1", module.labels.id)
resource_group_name = var.existing_private_dns_zone_resource_group_name
Expand All @@ -524,6 +542,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-diff-subs" {
## Below resource will be created when extra vnet link is required in dns zone in same subscription.
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_zone_virtual_network_link" "addon_vent_link" {
provider = azurerm.main_sub
count = var.enabled && var.addon_vent_link ? 1 : 0
name = format("%s-pdz-vnet-link-storage-addon", module.labels.id)
resource_group_name = var.addon_resource_group_name
Expand All @@ -536,6 +555,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "addon_vent_link" {
## Below resource will create dns A record for private ip of private endpoint in private dns zone.
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_a_record" "arecord" {
provider = azurerm.main_sub
count = var.enabled && var.enable_private_endpoint && var.diff_sub == false ? 1 : 0
name = var.key_vault_id != null ? azurerm_storage_account.storage[0].name : null
zone_name = local.private_dns_zone_name
Expand All @@ -556,7 +576,7 @@ resource "azurerm_private_dns_a_record" "arecord" {
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_a_record" "arecord1" {
count = var.enabled && var.enable_private_endpoint && var.diff_sub == true ? 1 : 0
provider = azurerm.peer
provider = azurerm.dns_sub
name = var.key_vault_id != null ? azurerm_storage_account.storage[0].name : null
zone_name = local.private_dns_zone_name
resource_group_name = local.valid_rg_name
Expand All @@ -574,6 +594,7 @@ resource "azurerm_private_dns_a_record" "arecord1" {
## Below resources will create diagnostic setting for storage account and its components.
##-----------------------------------------------------------------------------
resource "azurerm_monitor_diagnostic_setting" "storage" {
provider = azurerm.main_sub
count = var.enabled && var.enable_diagnostic ? 1 : 0
name = format("storage-diagnostic-log")
target_resource_id = azurerm_storage_account.storage[0].id
Expand All @@ -593,6 +614,7 @@ resource "azurerm_monitor_diagnostic_setting" "storage" {
}

resource "azurerm_monitor_diagnostic_setting" "datastorage" {
provider = azurerm.main_sub
depends_on = [azurerm_storage_account.storage]
count = var.enabled && var.enable_diagnostic ? length(var.datastorages) : 0
name = format("%s-diagnostic-log", var.datastorages[count.index])
Expand Down Expand Up @@ -620,6 +642,7 @@ resource "azurerm_monitor_diagnostic_setting" "datastorage" {
}

resource "azurerm_monitor_diagnostic_setting" "storage-nic" {
provider = azurerm.main_sub
depends_on = [azurerm_private_endpoint.pep]
count = var.enabled && var.enable_diagnostic && var.enable_private_endpoint ? 1 : 0
name = format("%s-storage-nic-diagnostic-log", module.labels.id)
Expand Down
2 changes: 1 addition & 1 deletion variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ variable "key_vault_id" {

variable "expiration_date" {
type = string
default = null
default = "2034-10-22T18:29:59Z"
description = "Expiration UTC datetime (Y-m-d'T'H:M:S'Z')"
}

Expand Down
4 changes: 2 additions & 2 deletions versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.6.6"
required_version = ">= 1.7.8"
}

terraform {
Expand All @@ -9,4 +9,4 @@ terraform {
version = ">=3.89.0"
}
}
}
}

0 comments on commit 3ffc626

Please sign in to comment.