AVM-Review-PR (#1)

* init hci * validate * update * Fix: terraform * keyvault.tf name * fix: part of terraform waring * add tags for storage account * validate * fix lint error * update repo name * update repo name * sensitive for password * nullable for list * locals to local.tf * prevent_deletion_if_contains_resources = false * remove useless var --------- Co-authored-by: Hangyu Xu <[email protected]>
Azure · Aug 30, 2024 · 93f7693 · 93f7693
1 parent 4421df3
commit 93f7693
Show file tree

Hide file tree

Showing 21 changed files with 1,099 additions and 465 deletions.
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -4,7 +4,7 @@
 
 formatter: "markdown document" # this is required
 
-version: "~> 0.17.0"
+version: "~> 0.18.0"
 
 header-from: "_header.md"
 footer-from: "_footer.md"

diff --git a/README.md b/README.md
diff --git a/_header.md b/_header.md
@@ -1,15 +1,6 @@
-# terraform-azurerm-avm-template
+# terraform-azurerm-avm-res-azurestackhci-cluster
 
-This is a template repo for Terraform Azure Verified Modules.
-
-Things to do:
-
-1. Set up a GitHub repo environment called `test`.
-1. Configure environment protection rule to ensure that approval is required before deploying to this environment.
-1. Create a user-assigned managed identity in your test subscription.
-1. Create a role assignment for the managed identity on your test subscription, use the minimum required role.
-1. Configure federated identity credentials on the user assigned managed identity. Use the GitHub environment.
-1. Search and update TODOs within the code and remove the TODO comments once complete.
+Module to provision azure stack hci.
 
 > [!IMPORTANT]
 > As the overall AVM framework is not GA (generally available) yet - the CI framework and test automation is not fully functional and implemented across all supported languages yet - breaking changes are expected, and additional customer feedback is yet to be gathered and incorporated. Hence, modules **MUST NOT** be published at version `1.0.0` or higher at this time.

diff --git a/deploy.tf b/deploy.tf
@@ -0,0 +1,19 @@
+resource "azapi_update_resource" "deploymentsetting" {
+  count = var.is_exported ? 0 : 1
+
+  type = "Microsoft.AzureStackHCI/clusters/deploymentSettings@2023-08-01-preview"
+  body = {
+    properties = {
+      deploymentMode = "Deploy"
+    }
+  }
+  name      = "default"
+  parent_id = azapi_resource.cluster.id
+
+  timeouts {
+    create = "24h"
+    delete = "60m"
+  }
+
+  depends_on = [azapi_resource.validatedeploymentsetting, azapi_resource.validatedeploymentsetting_seperate]
+}
diff --git a/examples/.terraform-docs.yml b/examples/.terraform-docs.yml
@@ -4,7 +4,7 @@
 
 formatter: "markdown document" # this is required
 
-version: "~> 0.17.0"
+version: "~> 0.18.0"
 
 header-from: "_header.md"
 footer-from: "_footer.md"

diff --git a/examples/default/README.md b/examples/default/README.md
@@ -11,10 +11,6 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~> 3.74"
     }
-    modtm = {
-      source  = "azure/modtm"
-      version = "~> 0.3"
-    }
     random = {
       source  = "hashicorp/random"
       version = "~> 3.5"
@@ -23,7 +19,11 @@ terraform {
 }
 
 provider "azurerm" {
-  features {}
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
 }
 
 
@@ -47,10 +47,8 @@ module "naming" {
   version = "~> 0.3"
 }
 
-# This is required for resource modules
-resource "azurerm_resource_group" "this" {
-  location = module.regions.regions[random_integer.region_index.result].name
-  name     = module.naming.resource_group.name_unique
+data "azurerm_resource_group" "rg" {
+  name = var.resource_group_name
 }
 
 # This is the module call
@@ -59,13 +57,58 @@ resource "azurerm_resource_group" "this" {
 # with a data source.
 module "test" {
   source = "../../"
-  # source             = "Azure/avm-<res/ptn>-<name>/azurerm"
+  # source             = "Azure/avm-res-azurestackhci-cluster/azurerm"
   # ...
-  location            = azurerm_resource_group.this.location
-  name                = "TODO" # TODO update with module.naming.<RESOURCE_TYPE>.name_unique
-  resource_group_name = azurerm_resource_group.this.name
+  location            = data.azurerm_resource_group.rg.location
+  name                = local.name # TODO update with module.naming.<RESOURCE_TYPE>.name_unique
+  resource_group_name = data.azurerm_resource_group.rg.name
 
   enable_telemetry = var.enable_telemetry # see variables.tf
+
+  site_id          = var.site_id
+  domain_fqdn      = "jumpstart.local"
+  starting_address = "192.168.1.55"
+  ending_address   = "192.168.1.65"
+  subnet_mask      = var.subnet_mask
+  default_gateway  = "192.168.1.1"
+  dns_servers      = ["192.168.1.254"]
+  adou_path        = local.adou_path
+  servers = [
+    {
+      name        = "AzSHOST1",
+      ipv4Address = "192.168.1.12"
+    },
+    {
+      name        = "AzSHOST2",
+      ipv4Address = "192.168.1.13"
+    }
+  ]
+  management_adapters = ["FABRIC", "FABRIC2"]
+  storage_networks = [
+    {
+      name               = "Storage1Network",
+      networkAdapterName = "StorageA",
+      vlanId             = "711"
+    },
+    {
+      name               = "Storage2Network",
+      networkAdapterName = "StorageB",
+      vlanId             = "712"
+    }
+  ]
+  rdma_enabled                    = false
+  storage_connectivity_switchless = false
+  custom_location_name            = local.custom_location_name
+  witness_storage_account_name    = local.witness_storage_account_name
+  keyvault_name                   = local.keyvault_name
+  random_suffix                   = true
+  deployment_user                 = var.deployment_user
+  deployment_user_password        = var.deployment_user_password
+  local_admin_user                = var.local_admin_user
+  local_admin_password            = var.local_admin_password
+  service_principal_id            = var.service_principal_id
+  service_principal_secret        = var.service_principal_secret
+  rp_service_principal_object_id  = var.rp_service_principal_object_id
 }
 ```
 
@@ -78,34 +121,82 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.74)
 
-- <a name="requirement_modtm"></a> [modtm](#requirement\_modtm) (~> 0.3)
-
 - <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.5)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (~> 3.74)
-
-- <a name="provider_random"></a> [random](#provider\_random) (~> 3.5)
-
 ## Resources
 
 The following resources are used by this module:
 
-- [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs
 
-No required inputs.
+The following input variables are required:
+
+### <a name="input_deployment_user_password"></a> [deployment\_user\_password](#input\_deployment\_user\_password)
+
+Description: The password for deployment user.
+
+Type: `string`
+
+### <a name="input_local_admin_password"></a> [local\_admin\_password](#input\_local\_admin\_password)
+
+Description: The password for the local administrator account.
+
+Type: `string`
+
+### <a name="input_local_admin_user"></a> [local\_admin\_user](#input\_local\_admin\_user)
+
+Description: The username for the local administrator account.
+
+Type: `string`
+
+### <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name)
+
+Description: The resource group where the resources will be deployed.
+
+Type: `string`
+
+### <a name="input_service_principal_id"></a> [service\_principal\_id](#input\_service\_principal\_id)
+
+Description: The service principal ID for ARB.
+
+Type: `string`
+
+### <a name="input_service_principal_secret"></a> [service\_principal\_secret](#input\_service\_principal\_secret)
+
+Description: The service principal secret.
+
+Type: `string`
+
+### <a name="input_site_id"></a> [site\_id](#input\_site\_id)
+
+Description: A unique identifier for the site.
+
+Type: `string`
 
 ## Optional Inputs
 
 The following input variables are optional (have default values):
 
+### <a name="input_adou_suffix"></a> [adou\_suffix](#input\_adou\_suffix)
+
+Description: The suffix of Active Directory OU path.
+
+Type: `string`
+
+Default: `"DC=jumpstart,DC=local"`
+
+### <a name="input_deployment_user"></a> [deployment\_user](#input\_deployment\_user)
+
+Description: The username for deployment user.
+
+Type: `string`
+
+Default: `"avmdeploy"`
+
 ### <a name="input_enable_telemetry"></a> [enable\_telemetry](#input\_enable\_telemetry)
 
 Description: This variable controls whether or not telemetry is enabled for the module.  
@@ -116,6 +207,22 @@ Type: `bool`
 
 Default: `true`
 
+### <a name="input_rp_service_principal_object_id"></a> [rp\_service\_principal\_object\_id](#input\_rp\_service\_principal\_object\_id)
+
+Description: The object ID of the HCI resource provider service principal.
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_subnet_mask"></a> [subnet\_mask](#input\_subnet\_mask)
+
+Description: The subnet mask for the network.
+
+Type: `string`
+
+Default: `"255.255.255.0"`
+
 ## Outputs
 
 No outputs.

diff --git a/examples/default/locals.tf b/examples/default/locals.tf
@@ -0,0 +1,7 @@
+locals {
+  adou_path                    = "OU=${var.resource_group_name},${var.adou_suffix}"
+  custom_location_name         = "customlocation-${var.site_id}"
+  keyvault_name                = "kv${var.site_id}"
+  name                         = "cl${var.site_id}"
+  witness_storage_account_name = "${lower(var.site_id)}wit"
+}
diff --git a/examples/default/main.tf b/examples/default/main.tf
@@ -5,10 +5,6 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~> 3.74"
     }
-    modtm = {
-      source  = "azure/modtm"
-      version = "~> 0.3"
-    }
     random = {
       source  = "hashicorp/random"
       version = "~> 3.5"
@@ -17,7 +13,11 @@ terraform {
 }
 
 provider "azurerm" {
-  features {}
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
 }
 
 
@@ -41,10 +41,8 @@ module "naming" {
   version = "~> 0.3"
 }
 
-# This is required for resource modules
-resource "azurerm_resource_group" "this" {
-  location = module.regions.regions[random_integer.region_index.result].name
-  name     = module.naming.resource_group.name_unique
+data "azurerm_resource_group" "rg" {
+  name = var.resource_group_name
 }
 
 # This is the module call
@@ -53,11 +51,56 @@ resource "azurerm_resource_group" "this" {
 # with a data source.
 module "test" {
   source = "../../"
-  # source             = "Azure/avm-<res/ptn>-<name>/azurerm"
+  # source             = "Azure/avm-res-azurestackhci-cluster/azurerm"
   # ...
-  location            = azurerm_resource_group.this.location
-  name                = "TODO" # TODO update with module.naming.<RESOURCE_TYPE>.name_unique
-  resource_group_name = azurerm_resource_group.this.name
+  location            = data.azurerm_resource_group.rg.location
+  name                = local.name # TODO update with module.naming.<RESOURCE_TYPE>.name_unique
+  resource_group_name = data.azurerm_resource_group.rg.name
 
   enable_telemetry = var.enable_telemetry # see variables.tf
+
+  site_id          = var.site_id
+  domain_fqdn      = "jumpstart.local"
+  starting_address = "192.168.1.55"
+  ending_address   = "192.168.1.65"
+  subnet_mask      = var.subnet_mask
+  default_gateway  = "192.168.1.1"
+  dns_servers      = ["192.168.1.254"]
+  adou_path        = local.adou_path
+  servers = [
+    {
+      name        = "AzSHOST1",
+      ipv4Address = "192.168.1.12"
+    },
+    {
+      name        = "AzSHOST2",
+      ipv4Address = "192.168.1.13"
+    }
+  ]
+  management_adapters = ["FABRIC", "FABRIC2"]
+  storage_networks = [
+    {
+      name               = "Storage1Network",
+      networkAdapterName = "StorageA",
+      vlanId             = "711"
+    },
+    {
+      name               = "Storage2Network",
+      networkAdapterName = "StorageB",
+      vlanId             = "712"
+    }
+  ]
+  rdma_enabled                    = false
+  storage_connectivity_switchless = false
+  custom_location_name            = local.custom_location_name
+  witness_storage_account_name    = local.witness_storage_account_name
+  keyvault_name                   = local.keyvault_name
+  random_suffix                   = true
+  deployment_user                 = var.deployment_user
+  deployment_user_password        = var.deployment_user_password
+  local_admin_user                = var.local_admin_user
+  local_admin_password            = var.local_admin_password
+  service_principal_id            = var.service_principal_id
+  service_principal_secret        = var.service_principal_secret
+  rp_service_principal_object_id  = var.rp_service_principal_object_id
 }