Azurerm 3x (#5)

* update azurem provider
telekom-mms · May 9, 2022 · c64a00c · c64a00c
1 parent 7735a92
commit c64a00c
Show file tree

Hide file tree

Showing 6 changed files with 243 additions and 52 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,20 +1,22 @@
 # Changelog
 
+=======
+
 ## [1.0.2](https://github.com/T-Systems-MMS/terraform-azurerm-storage/tree/1.0.2) (2022-04-01)
 
 [Full Changelog](https://github.com/T-Systems-MMS/terraform-azurerm-storage/compare/1.0.1...1.0.2)
 
 **Merged pull requests:**
 
-- fix loop error if static\_website is enabled [\#4](https://github.com/T-Systems-MMS/terraform-azurerm-storage/pull/4) ([michaelamattes](https://github.com/michaelamattes))
+- fix loop error if static_website is enabled [\#4](https://github.com/T-Systems-MMS/terraform-azurerm-storage/pull/4) ([michaelamattes](https://github.com/michaelamattes))
 
 ## [1.0.1](https://github.com/T-Systems-MMS/terraform-azurerm-storage/tree/1.0.1) (2022-03-18)
 
 [Full Changelog](https://github.com/T-Systems-MMS/terraform-azurerm-storage/compare/1.0.0...1.0.1)
 
 **Merged pull requests:**
 
-- add more output to storage\_account [\#3](https://github.com/T-Systems-MMS/terraform-azurerm-storage/pull/3) ([michaelamattes](https://github.com/michaelamattes))
+- add more output to storage_account [\#3](https://github.com/T-Systems-MMS/terraform-azurerm-storage/pull/3) ([michaelamattes](https://github.com/michaelamattes))
 
 ## [1.0.0](https://github.com/T-Systems-MMS/terraform-azurerm-storage/tree/1.0.0) (2022-02-17)
 
@@ -29,6 +31,4 @@
 
 [Full Changelog](https://github.com/T-Systems-MMS/terraform-azurerm-storage/compare/cfd8018085c4154ec491cd259bd9eaa5d9575ace...0.0.1)
 
-
-
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
+\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_
diff --git a/README.md b/README.md
@@ -1,4 +1,5 @@
 <!-- BEGIN_TF_DOCS -->
+
 # storage
 
 This module manages Azure Storage Configuration.
@@ -7,40 +8,40 @@ This module manages Azure Storage Configuration.
 
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| terraform | >=1.0 |
-| azurerm | >=2.79 |
+| Name      | Version |
+| --------- | ------- |
+| terraform | >=1.0   |
+| azurerm   | >=2.79  |
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| azurerm | >=2.79 |
+| Name    | Version |
+| ------- | ------- |
+| azurerm | >=2.79  |
 
 ## Resources
 
-| Name | Type |
-|------|------|
-| azurerm_storage_account.storage_account | resource |
-| azurerm_storage_container.storage_container | resource |
-| azurerm_storage_share.storage_share | resource |
+| Name                                                    | Type     |
+| ------------------------------------------------------- | -------- |
+| azurerm_storage_account.storage_account                 | resource |
+| azurerm_storage_container.storage_container             | resource |
+| azurerm_storage_share.storage_share                     | resource |
 | azurerm_storage_share_directory.storage_share_directory | resource |
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| storage_account | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
-| storage_container | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
-| storage_share | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
-| storage_share_directory | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| Name                    | Description                                                                                  | Type  | Default | Required |
+| ----------------------- | -------------------------------------------------------------------------------------------- | ----- | ------- | :------: |
+| storage_account         | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}`    |    no    |
+| storage_container       | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}`    |    no    |
+| storage_share           | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}`    |    no    |
+| storage_share_directory | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}`    |    no    |
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| storage_account | azurerm_storage_account results |
+| Name              | Description                       |
+| ----------------- | --------------------------------- |
+| storage_account   | azurerm_storage_account results   |
 | storage_container | azurerm_storage_container results |
 
 ## Examples
@@ -69,4 +70,5 @@ module "storage" {
   }
 }
 ```
+
 <!-- END_TF_DOCS -->
diff --git a/examples/main.tf b/examples/main.tf
@@ -2,10 +2,14 @@ module "storage" {
   source = "registry.terraform.io/T-Systems-MMS/storage/azurerm"
   storage_account = {
     mgmt = {
-      name                     = "servicemgmtstg"
-      resource_group_name      = "service-infrastructure-rg"
-      location                 = "westeurope"
-      account_replication_type = "LRS"
+      name                = "servicemgmtstg"
+      resource_group_name = "service-infrastructure-rg"
+      location            = "westeurope"
+      min_tls_version     = "TLS1_0"
+      static_website = {
+        error_404_document = "404.html"
+        index_document     = "index.html"
+      }
       tags = {
         service = "service_name"
       }

diff --git a/main.tf b/main.tf
@@ -7,16 +7,124 @@
 resource "azurerm_storage_account" "storage_account" {
   for_each = var.storage_account
 
-  name                      = local.storage_account[each.key].name == "" ? each.key : local.storage_account[each.key].name
-  location                  = local.storage_account[each.key].location
-  resource_group_name       = local.storage_account[each.key].resource_group_name
-  account_kind              = local.storage_account[each.key].account_kind
-  account_tier              = local.storage_account[each.key].account_tier
-  account_replication_type  = local.storage_account[each.key].account_replication_type
-  access_tier               = local.storage_account[each.key].access_tier
-  enable_https_traffic_only = local.storage_account[each.key].enable_https_traffic_only
-  allow_blob_public_access  = local.storage_account[each.key].allow_blob_public_access
-  shared_access_key_enabled = local.storage_account[each.key].shared_access_key_enabled
+  name                              = local.storage_account[each.key].name == "" ? each.key : local.storage_account[each.key].name
+  location                          = local.storage_account[each.key].location
+  resource_group_name               = local.storage_account[each.key].resource_group_name
+  account_kind                      = local.storage_account[each.key].account_kind
+  account_tier                      = local.storage_account[each.key].account_tier
+  account_replication_type          = local.storage_account[each.key].account_replication_type
+  access_tier                       = local.storage_account[each.key].access_tier
+  edge_zone                         = local.storage_account[each.key].edge_zone
+  enable_https_traffic_only         = local.storage_account[each.key].enable_https_traffic_only
+  min_tls_version                   = local.storage_account[each.key].min_tls_version
+  allow_nested_items_to_be_public   = local.storage_account[each.key].allow_nested_items_to_be_public
+  shared_access_key_enabled         = local.storage_account[each.key].shared_access_key_enabled
+  is_hns_enabled                    = local.storage_account[each.key].is_hns_enabled
+  nfsv3_enabled                     = local.storage_account[each.key].nfsv3_enabled
+  large_file_share_enabled          = local.storage_account[each.key].large_file_share_enabled
+  queue_encryption_key_type         = local.storage_account[each.key].queue_encryption_key_type
+  table_encryption_key_type         = local.storage_account[each.key].table_encryption_key_type
+  infrastructure_encryption_enabled = local.storage_account[each.key].infrastructure_encryption_enabled
+
+  dynamic "custom_domain" {
+    for_each = local.storage_account[each.key].custom_domain.name == "" ? [1] : []
+    content {
+      name          = local.storage_account[each.key].custom_domain.name
+      use_subdomain = local.storage_account[each.key].custom_domain.use_subdomain
+    }
+  }
+
+  dynamic "customer_managed_key" {
+    for_each = local.storage_account[each.key].customer_managed_key != {} ? [1] : []
+    content {
+      key_vault_key_id          = local.storage_account[each.key].customer_managed_key.key_vault_key_id
+      user_assigned_identity_id = local.storage_account[each.key].customer_managed_key.user_assigned_identity_id
+    }
+  }
+
+  dynamic "identity" {
+    for_each = local.storage_account[each.key].identity.type != "" ? [1] : []
+    content {
+      type         = local.storage_account[each.key].identity.type
+      identity_ids = local.storage_account[each.key].identity.identity_ids
+    }
+  }
+
+  dynamic "blob_properties" {
+    for_each = local.storage_account[each.key].blob_properties != {} ? [1] : []
+    content {
+      versioning_enabled       = local.storage_account[each.key].blob_properties.versioning_enabled
+      change_feed_enabled      = local.storage_account[each.key].blob_properties.change_feed_enabled
+      default_service_version  = local.storage_account[each.key].blob_properties.change_feed_default_service_versionenabled
+      last_access_time_enabled = local.storage_account[each.key].blob_properties.last_access_time_enabled
+      dynamic "cors_rule" {
+        for_each = local.storage_account[each.key].blob_properties.cors_rule
+        content {
+          allowed_headers    = local.storage_account[each.key].blob_properties.cors_rule.allowed_headers
+          allowed_methods    = local.storage_account[each.key].blob_properties.cors_rule.allowed_methods
+          allowed_origins    = local.storage_account[each.key].blob_properties.cors_rule.allowed_origins
+          exposed_headers    = local.storage_account[each.key].blob_properties.cors_rule.exposed_headers
+          max_age_in_seconds = local.storage_account[each.key].blob_properties.cors_rule.max_age_in_seconds
+        }
+      }
+      dynamic "delete_retention_policy" {
+        for_each = local.storage_account[each.key].blob_properties.delete_retention_policy
+        content {
+          days = local.storage_account[each.key].blob_properties.delete_retention_policy.days
+        }
+      }
+      dynamic "container_delete_retention_policy" {
+        for_each = local.storage_account[each.key].blob_properties.container_delete_retention_policy
+        content {
+          days = local.storage_account[each.key].blob_properties.delete_retention_policy.days
+        }
+      }
+    }
+  }
+
+  dynamic "queue_properties" {
+    for_each = local.storage_account[each.key].queue_properties != {} ? [1] : []
+    content {
+      dynamic "cors_rule" {
+        for_each = local.storage_account[each.key].queue_properties.cors_rule
+        content {
+          allowed_headers    = local.storage_account[each.key].queue_properties.cors_rule.allowed_headers
+          allowed_methods    = local.storage_account[each.key].queue_properties.cors_rule.allowed_methods
+          allowed_origins    = local.storage_account[each.key].queue_properties.cors_rule.allowed_origins
+          exposed_headers    = local.storage_account[each.key].queue_properties.cors_rule.exposed_headers
+          max_age_in_seconds = local.storage_account[each.key].queue_properties.cors_rule.max_age_in_seconds
+        }
+      }
+      dynamic "logging" {
+        for_each = local.storage_account[each.key].queue_properties.logging
+        content {
+          delete                = local.storage_account[each.key].queue_properties.logging.delete
+          read                  = local.storage_account[each.key].queue_properties.logging.read
+          version               = local.storage_account[each.key].queue_properties.logging.version
+          write                 = local.storage_account[each.key].queue_properties.logging.write
+          retention_policy_days = local.storage_account[each.key].queue_properties.logging.retention_policy_days
+        }
+      }
+      dynamic "minute_metrics" {
+        for_each = local.storage_account[each.key].queue_properties.minute_metrics
+        content {
+          enabled               = local.storage_account[each.key].queue_properties.minute_metrics.enabled
+          version               = local.storage_account[each.key].queue_properties.minute_metrics.version
+          include_apis          = local.storage_account[each.key].queue_properties.minute_metrics.include_apis
+          retention_policy_days = local.storage_account[each.key].queue_properties.minute_metrics.retention_policy_days
+        }
+      }
+      dynamic "hour_metrics" {
+        for_each = local.storage_account[each.key].queue_properties.hour_metrics
+        content {
+          enabled               = local.storage_account[each.key].queue_properties.hour_metrics.enabled
+          version               = local.storage_account[each.key].queue_properties.hour_metrics.version
+          include_apis          = local.storage_account[each.key].queue_properties.hour_metrics.include_apis
+          retention_policy_days = local.storage_account[each.key].queue_properties.hour_metrics.retention_policy_days
+        }
+      }
+    }
+  }
 
   dynamic "static_website" {
     /** is static website config set and should be enabled */
@@ -27,6 +135,51 @@ resource "azurerm_storage_account" "storage_account" {
     }
   }
 
+  dynamic "network_rules" {
+    for_each = local.storage_account[each.key].network_rules.default_action != "" ? [1] : []
+    content {
+      default_action             = local.storage_account[each.key].network_rules.default_action
+      bypass                     = local.storage_account[each.key].network_rules.bypass
+      ip_rules                   = local.storage_account[each.key].network_rules.ip_rules
+      virtual_network_subnet_ids = local.storage_account[each.key].network_rules.virtual_network_subnet_ids
+      dynamic "private_link_access" {
+        for_each = local.storage_account[each.key].network_rules.private_link_access
+        content {
+          endpoint_resource_id = local.storage_account[each.key].network_rules.private_link_access[private_link_access.key].endpoint_resource_id
+          endpoint_tenant_id   = local.storage_account[each.key].network_rules.private_link_access[private_link_access.key].endpoint_tenant_id
+        }
+      }
+    }
+  }
+
+  dynamic "azure_files_authentication" {
+    for_each = local.storage_account[each.key].azure_files_authentication.directory_type != "" ? [1] : []
+    content {
+      directory_type = local.storage_account[each.key].azure_files_authentication.directory_type
+
+      dynamic "active_directory" {
+        for_each = local.storage_account[each.key].azure_files_authentication.active_directory != {} ? [1] : []
+        content {
+          storage_sid         = local.storage_account[each.key].azure_files_authentication.active_directory.storage_sid
+          domain_name         = local.storage_account[each.key].azure_files_authentication.active_directory.domain_name
+          domain_sid          = local.storage_account[each.key].azure_files_authentication.active_directory.domain_sid
+          domain_guid         = local.storage_account[each.key].azure_files_authentication.active_directory.domain_guid
+          forest_name         = local.storage_account[each.key].azure_files_authentication.active_directory.forest_name
+          netbios_domain_name = local.storage_account[each.key].azure_files_authentication.active_directory.netbios_domain_name
+        }
+      }
+    }
+  }
+
+  dynamic "routing" {
+    for_each = local.storage_account[each.key].routing != {} ? [1] : []
+    content {
+      publish_internet_endpoints  = local.storage_account[each.key].routing.publish_internet_endpoints
+      publish_microsoft_endpoints = local.storage_account[each.key].routing.publish_microsoft_endpoints
+      choice                      = local.storage_account[each.key].routing.choice
+    }
+  }
+
   tags = local.storage_account[each.key].tags
 }
 

diff --git a/variables.tf b/variables.tf
@@ -23,16 +23,47 @@ locals {
   default = {
     # resource definition
     storage_account = {
-      name                      = ""
-      account_kind              = "StorageV2"
-      account_tier              = "Standard"
-      account_replication_type  = "ZRS"
-      access_tier               = "Hot"
-      enable_https_traffic_only = true
-      allow_blob_public_access  = false
-      shared_access_key_enabled = true
-      static_website            = {}
-      tags                      = {}
+      name                              = ""
+      account_kind                      = "StorageV2"
+      account_tier                      = "Standard"
+      account_replication_type          = "ZRS"
+      access_tier                       = "Hot"
+      edge_zone                         = null
+      enable_https_traffic_only         = true
+      min_tls_version                   = "TLS1_2"
+      allow_nested_items_to_be_public   = false
+      shared_access_key_enabled         = true
+      is_hns_enabled                    = null
+      nfsv3_enabled                     = false
+      large_file_share_enabled          = null
+      queue_encryption_key_type         = null
+      table_encryption_key_type         = null
+      infrastructure_encryption_enabled = false
+      custom_domain = {
+        name          = ""
+        use_subdomain = null
+      }
+      customer_managed_key = {}
+      identity = {
+        type         = ""
+        identity_ids = null
+      }
+      blob_properties  = {}
+      queue_properties = {}
+      static_website   = {}
+      network_rules = {
+        default_action             = ""
+        bypass                     = null
+        ip_rules                   = []
+        virtual_network_subnet_ids = []
+        private_link_access        = {}
+      }
+      azure_files_authentication = {
+        directory_type   = ""
+        active_directory = {}
+      }
+      routing = {}
+      tags    = {}
     }
     storage_container = {
       name                  = ""
@@ -73,7 +104,8 @@ locals {
     storage_account => merge(
       local.storage_account_values[storage_account],
       {
-        for config in ["static_website"] :
+        #for config in ["custom_domain", "customer_managed_key", "identity", "blob_properties", "queue_properties", "static_website", "network_rules", "azure_files_authentication", "routing", "queue_encryption_key_type", "table_encryption_key_type", "infrastructure_encryption_enabled"] :
+        for config in ["custom_domain", "customer_managed_key", "identity", "static_website", "azure_files_authentication", "routing", ] :
         config => merge(local.default.storage_account[config], local.storage_account_values[storage_account][config])
       }
     )

diff --git a/versions.tf b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "registry.terraform.io/hashicorp/azurerm"
-      version = ">=2.79"
+      version = ">=3.2"
     }
   }
   required_version = ">=1.0"