From 2bfdcb07f39bec98afb8deec7f3c1131449aa17e Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 01:19:03 +0530 Subject: [PATCH 01/22] fix:update azurerm version --- .github/workflows/auto_assignee.yml | 14 +++++ .github/workflows/automerge.yml | 12 ++++ .github/workflows/changelog.yml | 2 +- .github/workflows/semantic-releaser.yml | 30 ---------- .github/workflows/static-checks.yml | 75 ------------------------- .github/workflows/tf-checks.yml | 24 ++++++++ .github/workflows/tflint.yml | 12 ++++ .github/workflows/tfsec.yml | 2 +- README.yaml | 25 ++++++++- examples/complete/main.tf | 6 +- main.tf | 9 --- variables.tf | 13 ----- versions.tf | 2 +- 13 files changed, 91 insertions(+), 135 deletions(-) create mode 100644 .github/workflows/auto_assignee.yml create mode 100644 .github/workflows/automerge.yml delete mode 100644 .github/workflows/semantic-releaser.yml delete mode 100644 .github/workflows/static-checks.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..77d5fdf --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..47988d0 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,12 @@ +--- + name: Auto merge + on: + pull_request: + jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'basic / Check code format' + ... \ No newline at end of file diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 1ee6f78..4b735f5 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -10,4 +10,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master secrets: inherit with: - branch: 'master' + branch: 'master' \ No newline at end of file diff --git a/.github/workflows/semantic-releaser.yml b/.github/workflows/semantic-releaser.yml deleted file mode 100644 index 6e685a0..0000000 --- a/.github/workflows/semantic-releaser.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Release - -on: - push: - branches: - - main - paths: - - '**.tf' - - '!examples/**.tf' - -jobs: - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - persist-credentials: false - - - name: Setup Node.js - uses: actions/setup-node@v1 - with: - node-version: 14 - - - name: Release - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - run: npx semantic-release diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml deleted file mode 100644 index b04783c..0000000 --- a/.github/workflows/static-checks.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - examples/basic - - examples/complete - - examples/mysql-flexible-server-replication - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB_TOKEN }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive -check=true diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..9d06aa4 --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,24 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + complete-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + secrets: inherit + with: + working_directory: './examples/complete/' + + basic-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + secrets: inherit + with: + working_directory: './examples/basic/' + + mysql-flexible-server-replication-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + secrets: inherit + with: + working_directory: './examples/mysql-flexible-server-replication/' \ No newline at end of file diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..95ac391 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,12 @@ + +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index c203751..9aaf588 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -8,4 +8,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master secrets: inherit with: - working_directory: '.' + working_directory: '.' \ No newline at end of file diff --git a/README.yaml b/README.yaml index 6f4f5ab..5e2b3c9 100644 --- a/README.yaml +++ b/README.yaml @@ -4,7 +4,6 @@ # Run `make readme` to rebuild the `README.md` # - # Name of this project name: Terraform AZURE FLEXIBLE MYSQL @@ -19,20 +18,40 @@ badges: - name: "Terraform" image: "https://img.shields.io/badge/Terraform-v1.1.7-green" url: "https://www.terraform.io" + - name: "tfsec" + image: "https://github.com/clouddrove/terraform-azure-log-analytics/actions/workflows/tfsec.yml/badge.svg" + url: "https://github.com/clouddrove/terraform-azure-log-analytics/actions/workflows/tfsec.yml" - name: "Licence" image: "https://img.shields.io/badge/License-APACHE-blue.svg" url: "LICENSE.md" + - name: "Changelog" + image: "https://img.shields.io/badge/Changelog-blue" + url: "CHANGELOG.md" + +# Prerequesties to display +prerequesties: + - name: Terraform + url: https://learn.hashicorp.com/terraform/getting-started/install.html + version: ">= 1.7.8" + +providers: + - name: azure + url: https://azure.microsoft.com/ + version: ">= 3.39.0" + +module_dependencies: + - name: Labels Module + url: https://github.com/clouddrove/terraform-azure-labels + description: Provides resource tagging. # description of this project description: |- Terraform module to create flexible-mysql resource on AZURE. - # extra content include: - "terraform.md" # How to use this project -# yamllint disable rule:line-length usage: |- ### Simple Example Here is an example of how you can use this module in your inventory structure: diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f6872df..ea95431 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,5 +1,6 @@ provider "azurerm" { features {} + subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" } locals { @@ -65,7 +66,7 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment label_order = local.label_order @@ -76,7 +77,8 @@ module "log-analytics" { internet_ingestion_enabled = true internet_query_enabled = true resource_group_name = module.resource_group.resource_group_name - log_analytics_workspace_location = module.resource_group.resource_group_location + log_analytics_workspace_location = module.resource_group.resource_group_location + log_analytics_workspace_id = module.log-analytics.workspace_id } ##----------------------------------------------------------------------------- diff --git a/main.tf b/main.tf index 708debd..1bc818c 100644 --- a/main.tf +++ b/main.tf @@ -106,15 +106,6 @@ resource "azurerm_mysql_flexible_server_configuration" "main" { value = element(var.values, count.index) } -##------------------------------------------------------------------------ -## Manages a Customer Managed Key for a MySQL Server. - Default is "false" -##------------------------------------------------------------------------ -resource "azurerm_mysql_server_key" "main" { - count = var.enabled && var.key_vault_key_id != null ? 1 : 0 - server_id = join("", azurerm_mysql_flexible_server.main.*.id) - key_vault_key_id = var.key_vault_key_id -} - ##----------------------------------------------------------------------------- ## Below resource will deploy private dns for flexible mysql server. ##----------------------------------------------------------------------------- diff --git a/variables.tf b/variables.tf index d78a3fa..f9c107b 100644 --- a/variables.tf +++ b/variables.tf @@ -158,19 +158,6 @@ variable "virtual_network_id" { default = "" } -variable "key_vault_key_id" { - type = string - description = "The URL to a Key Vault Key" - default = null -} - -variable "key_vault_id" { - type = string - default = "" - description = "Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret" -} - - variable "private_dns" { type = bool default = false diff --git a/versions.tf b/versions.tf index 78a772f..86614c3 100644 --- a/versions.tf +++ b/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.0.0" + version = ">=3.112.0" } } } \ No newline at end of file From 6ac5dc3184c510d987048e190e9ca5c3ece2d253 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 01:32:15 +0530 Subject: [PATCH 02/22] fix:fixed formatting --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ea95431..55bc673 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -77,7 +77,7 @@ module "log-analytics" { internet_ingestion_enabled = true internet_query_enabled = true resource_group_name = module.resource_group.resource_group_name - log_analytics_workspace_location = module.resource_group.resource_group_location + log_analytics_workspace_location = module.resource_group.resource_group_location log_analytics_workspace_id = module.log-analytics.workspace_id } From e0cd9c5df502504bccec5f7e83ba493a9b0481f5 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 01:53:06 +0530 Subject: [PATCH 03/22] fix:fixed tflint warnings --- main.tf | 8 ++++---- output.tf | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 1bc818c..7a8f7f0 100644 --- a/main.tf +++ b/main.tf @@ -51,7 +51,7 @@ resource "azurerm_mysql_flexible_server" "main" { administrator_password = var.admin_password == null ? random_password.main[0].result : var.admin_password backup_retention_days = var.backup_retention_days delegated_subnet_id = var.delegated_subnet_id - private_dns_zone_id = var.private_dns ? join("", azurerm_private_dns_zone.main.*.id) : var.existing_private_dns_zone_id + private_dns_zone_id = var.private_dns ? join("", azurerm_private_dns_zone.main.[0].id) : var.existing_private_dns_zone_id sku_name = var.sku_name create_mode = var.create_mode geo_redundant_backup_enabled = var.geo_redundant_backup_enabled @@ -88,7 +88,7 @@ resource "azurerm_mysql_flexible_database" "main" { count = var.enabled ? 1 : 0 name = var.db_name resource_group_name = local.resource_group_name - server_name = join("", azurerm_mysql_flexible_server.main.*.name) + server_name = join("", azurerm_mysql_flexible_server.main.[0].name) charset = var.charset collation = var.collation depends_on = [azurerm_mysql_flexible_server.main] @@ -102,7 +102,7 @@ resource "azurerm_mysql_flexible_server_configuration" "main" { count = var.enabled ? length(var.server_configuration_names) : 0 name = element(var.server_configuration_names, count.index) resource_group_name = local.resource_group_name - server_name = join("", azurerm_mysql_flexible_server.main.*.name) + server_name = join("", azurerm_mysql_flexible_server.main.[0].name) value = element(var.values, count.index) } @@ -122,7 +122,7 @@ resource "azurerm_private_dns_zone" "main" { resource "azurerm_private_dns_zone_virtual_network_link" "main" { count = var.enabled && var.private_dns ? 1 : 0 name = format("mysql-endpoint-link-%s", module.labels.id) - private_dns_zone_name = join("", azurerm_private_dns_zone.main.*.name) + private_dns_zone_name = join("", azurerm_private_dns_zone.main.[0].name) virtual_network_id = var.virtual_network_id resource_group_name = local.resource_group_name registration_enabled = var.registration_enabled diff --git a/output.tf b/output.tf index 71cdaec..802a9ca 100644 --- a/output.tf +++ b/output.tf @@ -1,14 +1,14 @@ output "mysql_flexible_server_id" { - value = join("", azurerm_mysql_flexible_server.main.*.id) + value = join("", azurerm_mysql_flexible_server.main.[0].id) description = "The ID of the MySQL Flexible Server." } output "azurerm_private_dns_zone_virtual_network_link_id" { - value = join("", azurerm_private_dns_zone_virtual_network_link.main.*.id) + value = join("", azurerm_private_dns_zone_virtual_network_link.main.[0].id) description = "The ID of the Private DNS Zone Virtual Network Link." } output "existing_private_dns_zone_virtual_network_link_id" { - value = join("", azurerm_private_dns_zone_virtual_network_link.main2.*.id) + value = join("", azurerm_private_dns_zone_virtual_network_link.main2.[0].id) description = "The ID of the Private DNS Zone Virtual Network Link." } output "azurerm_mysql_flexible_server_configuration_id" { From 90643e1024e25614489933c05e83ed0ab793c307 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 02:05:56 +0530 Subject: [PATCH 04/22] fix:fixed errors due to tflint --- main.tf | 8 ++++---- output.tf | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 7a8f7f0..f1d8ebd 100644 --- a/main.tf +++ b/main.tf @@ -51,7 +51,7 @@ resource "azurerm_mysql_flexible_server" "main" { administrator_password = var.admin_password == null ? random_password.main[0].result : var.admin_password backup_retention_days = var.backup_retention_days delegated_subnet_id = var.delegated_subnet_id - private_dns_zone_id = var.private_dns ? join("", azurerm_private_dns_zone.main.[0].id) : var.existing_private_dns_zone_id + private_dns_zone_id = var.private_dns ? join("", azurerm_private_dns_zone.main[0].id) : var.existing_private_dns_zone_id sku_name = var.sku_name create_mode = var.create_mode geo_redundant_backup_enabled = var.geo_redundant_backup_enabled @@ -88,7 +88,7 @@ resource "azurerm_mysql_flexible_database" "main" { count = var.enabled ? 1 : 0 name = var.db_name resource_group_name = local.resource_group_name - server_name = join("", azurerm_mysql_flexible_server.main.[0].name) + server_name = join("", azurerm_mysql_flexible_server.main[0].name) charset = var.charset collation = var.collation depends_on = [azurerm_mysql_flexible_server.main] @@ -102,7 +102,7 @@ resource "azurerm_mysql_flexible_server_configuration" "main" { count = var.enabled ? length(var.server_configuration_names) : 0 name = element(var.server_configuration_names, count.index) resource_group_name = local.resource_group_name - server_name = join("", azurerm_mysql_flexible_server.main.[0].name) + server_name = join("", azurerm_mysql_flexible_server.main[0].name) value = element(var.values, count.index) } @@ -122,7 +122,7 @@ resource "azurerm_private_dns_zone" "main" { resource "azurerm_private_dns_zone_virtual_network_link" "main" { count = var.enabled && var.private_dns ? 1 : 0 name = format("mysql-endpoint-link-%s", module.labels.id) - private_dns_zone_name = join("", azurerm_private_dns_zone.main.[0].name) + private_dns_zone_name = join("", azurerm_private_dns_zone.main[0].name) virtual_network_id = var.virtual_network_id resource_group_name = local.resource_group_name registration_enabled = var.registration_enabled diff --git a/output.tf b/output.tf index 802a9ca..7f9d83d 100644 --- a/output.tf +++ b/output.tf @@ -1,14 +1,14 @@ output "mysql_flexible_server_id" { - value = join("", azurerm_mysql_flexible_server.main.[0].id) + value = join("", azurerm_mysql_flexible_server.main[0].id) description = "The ID of the MySQL Flexible Server." } output "azurerm_private_dns_zone_virtual_network_link_id" { - value = join("", azurerm_private_dns_zone_virtual_network_link.main.[0].id) + value = join("", azurerm_private_dns_zone_virtual_network_link.main[0].id) description = "The ID of the Private DNS Zone Virtual Network Link." } output "existing_private_dns_zone_virtual_network_link_id" { - value = join("", azurerm_private_dns_zone_virtual_network_link.main2.[0].id) + value = join("", azurerm_private_dns_zone_virtual_network_link.main2[0].id) description = "The ID of the Private DNS Zone Virtual Network Link." } output "azurerm_mysql_flexible_server_configuration_id" { From 562e1326802f11cebb08a2b241e491f9e3132c22 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 17:12:16 +0530 Subject: [PATCH 05/22] fix: updated random provider --- examples/complete/main.tf | 3 +-- examples/complete/versions.tf | 6 +++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 55bc673..909e6d4 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,6 +1,6 @@ provider "azurerm" { features {} - subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" } locals { @@ -94,7 +94,6 @@ module "flexible-mysql" { virtual_network_id = module.vnet.vnet_id[0] delegated_subnet_id = module.subnet.default_subnet_id[0] mysql_version = "8.0.21" - mysql_server_name = "testmysqlserver" private_dns = true zone = "1" admin_username = "mysqlusername" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 75852e1..5832ae7 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -7,7 +7,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=3.112.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.1" } } } \ No newline at end of file From 6e469c824b50d8c756688be7e5e1153a3c3fc712 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 17:14:01 +0530 Subject: [PATCH 06/22] fix: ran tf fmt --- examples/complete/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5832ae7..0cd4943 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -11,7 +11,7 @@ terraform { } random = { source = "hashicorp/random" - version = "~> 3.1" + version = "~> 3.1" } } } \ No newline at end of file From 2c84383d5998619ca23ae08d748f6829901a5a29 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 17:38:37 +0530 Subject: [PATCH 07/22] fix: tflint warnings --- main.tf | 8 ++++---- output.tf | 11 +++++------ variables.tf | 21 ++------------------- versions.tf | 4 ++++ 4 files changed, 15 insertions(+), 29 deletions(-) diff --git a/main.tf b/main.tf index f1d8ebd..f2d0084 100644 --- a/main.tf +++ b/main.tf @@ -51,7 +51,7 @@ resource "azurerm_mysql_flexible_server" "main" { administrator_password = var.admin_password == null ? random_password.main[0].result : var.admin_password backup_retention_days = var.backup_retention_days delegated_subnet_id = var.delegated_subnet_id - private_dns_zone_id = var.private_dns ? join("", azurerm_private_dns_zone.main[0].id) : var.existing_private_dns_zone_id + private_dns_zone_id = var.private_dns ? azurerm_private_dns_zone.main[0].id : var.existing_private_dns_zone_id sku_name = var.sku_name create_mode = var.create_mode geo_redundant_backup_enabled = var.geo_redundant_backup_enabled @@ -88,7 +88,7 @@ resource "azurerm_mysql_flexible_database" "main" { count = var.enabled ? 1 : 0 name = var.db_name resource_group_name = local.resource_group_name - server_name = join("", azurerm_mysql_flexible_server.main[0].name) + server_name = azurerm_mysql_flexible_server.main[0].name charset = var.charset collation = var.collation depends_on = [azurerm_mysql_flexible_server.main] @@ -102,7 +102,7 @@ resource "azurerm_mysql_flexible_server_configuration" "main" { count = var.enabled ? length(var.server_configuration_names) : 0 name = element(var.server_configuration_names, count.index) resource_group_name = local.resource_group_name - server_name = join("", azurerm_mysql_flexible_server.main[0].name) + server_name = azurerm_mysql_flexible_server.main[0].name value = element(var.values, count.index) } @@ -122,7 +122,7 @@ resource "azurerm_private_dns_zone" "main" { resource "azurerm_private_dns_zone_virtual_network_link" "main" { count = var.enabled && var.private_dns ? 1 : 0 name = format("mysql-endpoint-link-%s", module.labels.id) - private_dns_zone_name = join("", azurerm_private_dns_zone.main[0].name) + private_dns_zone_name = azurerm_private_dns_zone.main[0].name virtual_network_id = var.virtual_network_id resource_group_name = local.resource_group_name registration_enabled = var.registration_enabled diff --git a/output.tf b/output.tf index 7f9d83d..f3fd259 100644 --- a/output.tf +++ b/output.tf @@ -1,22 +1,21 @@ output "mysql_flexible_server_id" { - value = join("", azurerm_mysql_flexible_server.main[0].id) + value = azurerm_mysql_flexible_server.main[0].id description = "The ID of the MySQL Flexible Server." } output "azurerm_private_dns_zone_virtual_network_link_id" { - value = join("", azurerm_private_dns_zone_virtual_network_link.main[0].id) + value = azurerm_private_dns_zone_virtual_network_link.main[0].id description = "The ID of the Private DNS Zone Virtual Network Link." } output "existing_private_dns_zone_virtual_network_link_id" { - value = join("", azurerm_private_dns_zone_virtual_network_link.main2[0].id) - description = "The ID of the Private DNS Zone Virtual Network Link." + value = length(azurerm_private_dns_zone_virtual_network_link.main2) > 0 ? azurerm_private_dns_zone_virtual_network_link.main2[0].id : null } output "azurerm_mysql_flexible_server_configuration_id" { - value = join("", azurerm_mysql_flexible_server_configuration.main.*.id) + value = azurerm_mysql_flexible_server_configuration.main[0].id description = "The ID of the MySQL Flexible Server Configuration." } output "azurerm_private_dns_zone_id" { - value = join("", azurerm_private_dns_zone.main.*.id) + value = azurerm_private_dns_zone.main[0].id description = "The Private DNS Zone ID." } diff --git a/variables.tf b/variables.tf index f9c107b..8a9d17b 100644 --- a/variables.tf +++ b/variables.tf @@ -31,6 +31,7 @@ variable "managedby" { } variable "resource_group_name" { + type = string description = "A container that holds related resources for an Azure solution" default = "" } @@ -49,11 +50,6 @@ variable "existing_private_dns_zone" { default = false } -variable "enable_private_endpoint" { - description = "Manages a Private Endpoint to Azure database for MySQL" - default = false -} - variable "registration_enabled" { type = bool description = "Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled" @@ -62,14 +58,11 @@ variable "registration_enabled" { ###########azurerm_mysql_flexible_server###### variable "admin_username" { + type = string description = "The administrator login name for the new SQL Server" default = null } -variable "mysql_server_name" { - type = string - default = "" -} variable "admin_password" { type = string description = "The password associated with the admin_username user" @@ -142,16 +135,6 @@ variable "source_server_id" { description = "The resource ID of the source MySQL Flexible Server to be restored. Required when create_mode is PointInTimeRestore, GeoRestore, and Replica. Changing this forces a new MySQL Flexible Server to be created." } -variable "start_ip_address" { - type = string - default = "" -} - -variable "end_ip_address" { - type = string - default = "" -} - variable "virtual_network_id" { type = string description = "The name of the virtual network" diff --git a/versions.tf b/versions.tf index 86614c3..0cd4943 100644 --- a/versions.tf +++ b/versions.tf @@ -9,5 +9,9 @@ terraform { source = "hashicorp/azurerm" version = ">=3.112.0" } + random = { + source = "hashicorp/random" + version = "~> 3.1" + } } } \ No newline at end of file From 9b1daa99994c04c339c07c5f77abed8f66585f82 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Thu, 12 Sep 2024 17:49:24 +0530 Subject: [PATCH 08/22] fix: removed unused variables --- examples/basic/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/basic/main.tf b/examples/basic/main.tf index a852ad3..3dc872f 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -10,7 +10,6 @@ module "flexible-mysql" { virtual_network_id = "/subscriptions/------------------------------" delegated_subnet_id = "/subscriptions/------------------------------" mysql_version = "8.0.21" - mysql_server_name = "testmysqlserver" private_dns = true zone = "1" admin_username = "mysqlusername" From 06ad1a4b10c33810b66171f93c83887d366b4761 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 13 Sep 2024 02:38:49 +0530 Subject: [PATCH 09/22] fix:fixed tflint errors and removed unused variables --- examples/mysql-flexible-server-replication/main.tf | 3 +-- main.tf | 2 -- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/examples/mysql-flexible-server-replication/main.tf b/examples/mysql-flexible-server-replication/main.tf index 88c5008..51bc6f4 100644 --- a/examples/mysql-flexible-server-replication/main.tf +++ b/examples/mysql-flexible-server-replication/main.tf @@ -83,7 +83,7 @@ data "azurerm_private_dns_zone" "main" { ##----------------------------------------------------------------------------- module "flexible-mysql" { depends_on = [module.resource_group, module.vnet, data.azurerm_resource_group.main] - source = "clouddrove/flexible-mysql/azure" + source = "../../" name = local.name environment = local.environment main_rg_name = data.azurerm_resource_group.main.name @@ -92,7 +92,6 @@ module "flexible-mysql" { virtual_network_id = module.vnet.vnet_id[0] delegated_subnet_id = module.subnet.default_subnet_id[0] mysql_version = "8.0.21" - mysql_server_name = "testmysqlserver" zone = "1" admin_username = "mysqlusern" admin_password = "ba5yatgfgfhdsvvc6A3ns2lu4gqzzc" diff --git a/main.tf b/main.tf index f2d0084..451fa86 100644 --- a/main.tf +++ b/main.tf @@ -1,14 +1,12 @@ ##----------------------------------------------------------------------------- ## Vritual Network and Subnet Creation ##----------------------------------------------------------------------------- -data "azurerm_client_config" "current" {} ##----------------------------------------------------------------------------- ## Locals Declaration ##----------------------------------------------------------------------------- locals { resource_group_name = var.resource_group_name - location = var.location } ##----------------------------------------------------------------------------- From 665d70861ef0528470c115c3dbdcbd42d178d88a Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 13 Sep 2024 02:45:20 +0530 Subject: [PATCH 10/22] fix:fixed automerge workflow --- .github/workflows/automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 47988d0..127ba26 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -8,5 +8,5 @@ secrets: GITHUB: ${{ secrets.GITHUB }} with: - tfcheck: 'basic / Check code format' + tfcheck: 'complete-example / Check code format' ... \ No newline at end of file From fbfd4f0daf7c756d9dd0dd01f591331472506282 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 13 Sep 2024 02:51:08 +0530 Subject: [PATCH 11/22] fix:fixed yaml syntax error in automerge workflow --- .github/workflows/automerge.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 127ba26..3baf5e1 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -1,12 +1,12 @@ --- - name: Auto merge - on: - pull_request: - jobs: - auto-merge: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master - secrets: - GITHUB: ${{ secrets.GITHUB }} - with: - tfcheck: 'complete-example / Check code format' - ... \ No newline at end of file +name: Auto merge +on: + pull_request: +jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'complete-example / Check code format' +... \ No newline at end of file From 68e5a6c9ad4e6f868224502293b79494d500ccee Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 13 Sep 2024 14:07:03 +0530 Subject: [PATCH 12/22] fix:removed subscription id --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 909e6d4..3fe15ba 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,6 +1,6 @@ provider "azurerm" { features {} - subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" + subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" } locals { From 2478adfcd6b548d9a3061d25f392a6c8e3334241 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 4 Oct 2024 15:48:31 +0530 Subject: [PATCH 13/22] Added resource for data encryption --- .github/CODEOWNERS | 8 +-- .github/workflows/tflint.yml | 1 - README.yaml | 4 +- examples/complete/main.tf | 98 ++++++++++++++++++++++++++--------- examples/complete/versions.tf | 2 +- main.tf | 88 ++++++++++++++++++++++++++++++- variables.tf | 34 ++++++++++++ versions.tf | 2 +- 8 files changed, 201 insertions(+), 36 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b30a2d4..a538416 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,6 +1,2 @@ -.github/* @clouddrove/approvers - -* @clouddrove/clouddrovians @clouddrove/approvers - -.github/mergify.yml @clouddrove/admins -.github/CODEOWNERS @clouddrove/admins +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove-ci @clouddrove/terraform-azure-admins \ No newline at end of file diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index 95ac391..ee98182 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -1,4 +1,3 @@ - name: tf-lint on: push: diff --git a/README.yaml b/README.yaml index 5e2b3c9..430d628 100644 --- a/README.yaml +++ b/README.yaml @@ -19,8 +19,8 @@ badges: image: "https://img.shields.io/badge/Terraform-v1.1.7-green" url: "https://www.terraform.io" - name: "tfsec" - image: "https://github.com/clouddrove/terraform-azure-log-analytics/actions/workflows/tfsec.yml/badge.svg" - url: "https://github.com/clouddrove/terraform-azure-log-analytics/actions/workflows/tfsec.yml" + image: "https://github.com/clouddrove/terraform-azure-flexible-mysql/actions/workflows/tfsec.yml/badge.svg" + url: "https://github.com/clouddrove/terraform-azure-flexible-mysql/actions/workflows/tfsec.yml" - name: "Licence" image: "https://img.shields.io/badge/License-APACHE-blue.svg" url: "LICENSE.md" diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 3fe15ba..251ab03 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,11 +1,19 @@ provider "azurerm" { features {} - subscription_id = "000000-11111-1223-XXX-XXXXXXXXXXXX" + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" } +provider "azurerm" { + features {} + alias = "peer" + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" +} + +data "azurerm_client_config" "current_client_config" {} + locals { - name = "app" - environment = "test" + name = "lacoster-23" + environment = "maximum-32" label_order = ["name", "environment"] } @@ -61,6 +69,46 @@ module "subnet" { } } +##----------------------------------------------------------------------------- +## Key Vault module call. +##----------------------------------------------------------------------------- +module "vault" { + source = "clouddrove/key-vault/azure" + version = "1.2.0" + + providers = { + azurerm.dns_sub = azurerm.peer, + azurerm.main_sub = azurerm + } + + name = "oliveware-23" + environment = "vilod-32" + label_order = ["name", "environment", ] + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + admin_objects_ids = [data.azurerm_client_config.current_client_config.object_id] + virtual_network_id = module.vnet.vnet_id[0] + subnet_id = module.subnet.default_subnet_id[0] + enable_rbac_authorization = true + enabled_for_disk_encryption = false + #private endpoint + enable_private_endpoint = false + network_acls = null + ########Following to be uncommnented only when using DNS Zone from different subscription along with existing DNS zone. + + # diff_sub = true + # alias = "" + # alias_sub = "" + + #########Following to be uncommmented when using DNS zone from different resource group or different subscription. + # existing_private_dns_zone = "" + # existing_private_dns_zone_resource_group_name = "" + + #### enable diagnostic setting + diagnostic_setting_enable = false + log_analytics_workspace_id = module.log-analytics.workspace_id ## when diagnostic_setting_enable enable, add log analytics workspace id +} + ##----------------------------------------------------------------------------- ## Log Analytics module call. ##----------------------------------------------------------------------------- @@ -85,28 +133,30 @@ module "log-analytics" { ## Flexible Mysql server module call. ##----------------------------------------------------------------------------- module "flexible-mysql" { - depends_on = [module.resource_group, module.vnet] - source = "../../" - name = local.name - environment = local.environment - resource_group_name = module.resource_group.resource_group_name - location = module.resource_group.resource_group_location - virtual_network_id = module.vnet.vnet_id[0] - delegated_subnet_id = module.subnet.default_subnet_id[0] - mysql_version = "8.0.21" - private_dns = true - zone = "1" - admin_username = "mysqlusername" - admin_password = "ba5yatgfgfhdsv6A3ns2lu4gqzzc" - sku_name = "GP_Standard_D8ds_v4" - db_name = "maindb" - charset = "utf8mb3" - collation = "utf8mb3_unicode_ci" - auto_grow_enabled = true - iops = 360 - size_gb = "20" - ##azurerm_mysql_flexible_server_configuration + depends_on = [module.resource_group, module.vnet, module.vault] + source = "../../" + name = local.name + environment = local.environment + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + virtual_network_id = module.vnet.vnet_id[0] + delegated_subnet_id = module.subnet.default_subnet_id[0] + mysql_version = "8.0.21" + private_dns = true + zone = "1" + admin_username = "mysqlusername" + admin_password = "ba5yatgfgfhdsv6A3ns2lu4gqzzc" + sku_name = "GP_Standard_D8ds_v4" + db_name = "maindb" + charset = "utf8mb3" + collation = "utf8mb3_unicode_ci" + auto_grow_enabled = true + iops = 360 + size_gb = "20" server_configuration_names = ["interactive_timeout", "audit_log_enabled", "audit_log_events"] values = ["600", "ON", "CONNECTION,ADMIN,DDL,TABLE_ACCESS"] log_analytics_workspace_id = module.log-analytics.workspace_id + key_vault_id = module.vault.id + key_vault_with_rbac = true + cmk_enabled = true } diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 0cd4943..f4a4730 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -11,7 +11,7 @@ terraform { } random = { source = "hashicorp/random" - version = "~> 3.1" + version = ">= 3.1" } } } \ No newline at end of file diff --git a/main.tf b/main.tf index 451fa86..4210024 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,7 @@ ##----------------------------------------------------------------------------- ## Vritual Network and Subnet Creation ##----------------------------------------------------------------------------- - +data "azurerm_client_config" "current" {} ##----------------------------------------------------------------------------- ## Locals Declaration ##----------------------------------------------------------------------------- @@ -70,6 +70,27 @@ resource "azurerm_mysql_flexible_server" "main" { } } + dynamic "identity" { + for_each = var.cmk_enabled ? [true] : [] + content { + type = "UserAssigned" + identity_ids = flatten([ + [azurerm_user_assigned_identity.primary_cmk_umi[0].id], + var.geo_redundant_backup_enabled ? [azurerm_user_assigned_identity.geo_cmk_umi[0].id] : [] + ]) + } + } + + dynamic "customer_managed_key" { + for_each = var.cmk_enabled ? [true] : [] + content { + key_vault_key_id = azurerm_key_vault_key.primary_cmk_key[0].id + primary_user_assigned_identity_id = azurerm_user_assigned_identity.primary_cmk_umi[0].id + geo_backup_key_vault_key_id = var.geo_redundant_backup_enabled ? azurerm_key_vault_key.geo_cmk_key[0].id : null + geo_backup_user_assigned_identity_id = var.geo_redundant_backup_enabled ? azurerm_user_assigned_identity.geo_cmk_umi[0].id : null + } + } + version = var.mysql_version zone = var.zone @@ -165,3 +186,68 @@ resource "azurerm_monitor_diagnostic_setting" "mysql" { } } } + +resource "azurerm_user_assigned_identity" "primary_cmk_umi" { + count = var.cmk_enabled ? 1 : 0 + name = format("%s-cmk-primary-identity", module.labels.id) + resource_group_name = local.resource_group_name + location = var.location +} + +##----------------------------------------------------------------------------- +## Customer Managed Key (CMK) - Key Vault Key Creation +##----------------------------------------------------------------------------- +resource "azurerm_key_vault_key" "primary_cmk_key" { + count = var.cmk_enabled ? 1 : 0 + name = format("%s-cmk-key", module.labels.id) + key_vault_id = var.key_vault_id + key_type = var.cmk_key_type + key_size = var.cmk_key_size + key_opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] +} + +resource "azurerm_role_assignment" "primary_cmk_role_assignment" { + count = var.key_vault_with_rbac && var.cmk_enabled ? 1 : 0 + principal_id = azurerm_user_assigned_identity.primary_cmk[0].principal_id + role_definition_name = "Key Vault Crypto Service Encryption User" + scope = var.key_vault_id +} + +resource "azurerm_key_vault_access_policy" "primary_cmk_access_policy" { + count = !var.key_vault_with_rbac && var.cmk_enabled ? 1 : 0 + key_vault_id = var.key_vault_id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = azurerm_user_assigned_identity.primary_cmk[0].principal_id + key_permissions = ["Get", "WrapKey", "UnwrapKey", "List"] +} + +resource "azurerm_user_assigned_identity" "geo_cmk_umi" { + count = var.geo_redundant_backup_enabled && var.cmk_enabled ? 1 : 0 + name = format("%s-cmk-geo-identity", module.labels.id) + resource_group_name = local.resource_group_name + location = var.location +} + +resource "azurerm_key_vault_key" "geo_cmk_key" { + count = var.geo_redundant_backup_enabled && var.cmk_enabled ? 1 : 0 + name = format("%s-geo-cmk-key", module.labels.id) + key_vault_id = var.key_vault_id + key_type = var.cmk_key_type + key_size = var.cmk_key_size + key_opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] +} + +resource "azurerm_role_assignment" "geo_cmk_role_assignment" { + count = var.key_vault_with_rbac && var.cmk_enabled && var.geo_redundant_backup_enabled ? 1 : 0 + principal_id = azurerm_user_assigned_identity.geo_cmk[0].principal_id + role_definition_name = "Key Vault Crypto Service Encryption User" + scope = var.key_vault_id +} + +resource "azurerm_key_vault_access_policy" "geo_cmk_access_policy" { + count = !var.key_vault_with_rbac && var.cmk_enabled && var.geo_redundant_backup_enabled ? 1 : 0 + key_vault_id = var.key_vault_id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = azurerm_user_assigned_identity.geo_cmk[0].principal_id + key_permissions = ["Get", "WrapKey", "UnwrapKey", "List"] +} diff --git a/variables.tf b/variables.tf index 8a9d17b..688b84b 100644 --- a/variables.tf +++ b/variables.tf @@ -268,4 +268,38 @@ variable "eventhub_authorization_rule_id" { type = string default = null description = "Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG." +} + +variable "cmk_enabled" { + type = bool + default = false +} + +variable "key_vault_id" { + type = string + default = null +} + +variable "key_vault_key_name" { + type = string + default = "" +} + +variable "cmk_key_type" { + type = string + default = "RSA" +} + +variable "cmk_key_size" { + type = number + default = 2048 +} +variable "cmk_geo_backup_enabled" { + type = bool + default = false +} + +variable "key_vault_with_rbac" { + type = bool + default = false } \ No newline at end of file diff --git a/versions.tf b/versions.tf index 0cd4943..f4a4730 100644 --- a/versions.tf +++ b/versions.tf @@ -11,7 +11,7 @@ terraform { } random = { source = "hashicorp/random" - version = "~> 3.1" + version = ">= 3.1" } } } \ No newline at end of file From 3e5084ad10791ac9db8270df23927872304be56f Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 4 Oct 2024 16:13:32 +0530 Subject: [PATCH 14/22] Fix:Added network_acls in vault --- examples/complete/main.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 251ab03..3edc682 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -93,7 +93,11 @@ module "vault" { enabled_for_disk_encryption = false #private endpoint enable_private_endpoint = false - network_acls = null + network_acls = { + bypass = "AzureServices" + default_action = "Deny" + ip_rules = ["0.0.0.0/0"] + } ########Following to be uncommnented only when using DNS Zone from different subscription along with existing DNS zone. # diff_sub = true From b332a11bc5471de217fe0877e3d33fa05c5b9ab0 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 4 Oct 2024 17:00:34 +0530 Subject: [PATCH 15/22] Fix:fixed variables --- main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 4210024..ffbbfe1 100644 --- a/main.tf +++ b/main.tf @@ -208,7 +208,7 @@ resource "azurerm_key_vault_key" "primary_cmk_key" { resource "azurerm_role_assignment" "primary_cmk_role_assignment" { count = var.key_vault_with_rbac && var.cmk_enabled ? 1 : 0 - principal_id = azurerm_user_assigned_identity.primary_cmk[0].principal_id + principal_id = azurerm_user_assigned_identity.primary_cmk_umi[0].principal_id role_definition_name = "Key Vault Crypto Service Encryption User" scope = var.key_vault_id } @@ -217,7 +217,7 @@ resource "azurerm_key_vault_access_policy" "primary_cmk_access_policy" { count = !var.key_vault_with_rbac && var.cmk_enabled ? 1 : 0 key_vault_id = var.key_vault_id tenant_id = data.azurerm_client_config.current.tenant_id - object_id = azurerm_user_assigned_identity.primary_cmk[0].principal_id + object_id = azurerm_user_assigned_identity.primary_cmk_umi[0].principal_id key_permissions = ["Get", "WrapKey", "UnwrapKey", "List"] } @@ -239,7 +239,7 @@ resource "azurerm_key_vault_key" "geo_cmk_key" { resource "azurerm_role_assignment" "geo_cmk_role_assignment" { count = var.key_vault_with_rbac && var.cmk_enabled && var.geo_redundant_backup_enabled ? 1 : 0 - principal_id = azurerm_user_assigned_identity.geo_cmk[0].principal_id + principal_id = azurerm_user_assigned_identity.geo_cmk_umi[0].principal_id role_definition_name = "Key Vault Crypto Service Encryption User" scope = var.key_vault_id } @@ -248,6 +248,6 @@ resource "azurerm_key_vault_access_policy" "geo_cmk_access_policy" { count = !var.key_vault_with_rbac && var.cmk_enabled && var.geo_redundant_backup_enabled ? 1 : 0 key_vault_id = var.key_vault_id tenant_id = data.azurerm_client_config.current.tenant_id - object_id = azurerm_user_assigned_identity.geo_cmk[0].principal_id + object_id = azurerm_user_assigned_identity.geo_cmk_umi[0].principal_id key_permissions = ["Get", "WrapKey", "UnwrapKey", "List"] } From 5663a9108b7666cd011f5d862a19336d7fce1fd4 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Fri, 4 Oct 2024 17:33:16 +0530 Subject: [PATCH 16/22] Fix:fixed git repo link in precommit ci --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9e713a5..f3d75ab 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: - id: shellcheck - id: tflint - - repo: git://github.com/pre-commit/pre-commit-hooks + - repo: https://github.com/pre-commit/pre-commit-hooks.git rev: v4.0.1 # Use the ref you want to point at hooks: - id: end-of-file-fixer From da3a5e2a130f602c3c562dc18334db33506ce68c Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 12:03:30 +0000 Subject: [PATCH 17/22] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .github/CODEOWNERS | 2 +- .github/workflows/auto_assignee.yml | 2 +- .github/workflows/automerge.yml | 2 +- .github/workflows/changelog.yml | 2 +- .github/workflows/readme.yml | 2 +- .github/workflows/tf-checks.yml | 4 +- .github/workflows/tflint.yml | 2 +- .github/workflows/tfsec.yml | 2 +- CHANGELOG.md | 2 +- README.md | 12 ++--- docs/io.md | 1 - examples/basic/main.tf | 4 +- examples/basic/versions.tf | 2 +- examples/complete/main.tf | 12 ++--- examples/complete/output.tf | 3 -- examples/complete/versions.tf | 2 +- .../mysql-flexible-server-replication/main.tf | 16 +++---- .../output.tf | 5 --- .../versions.tf | 2 +- main.tf | 44 +++++++++---------- output.tf | 6 --- variables.tf | 2 +- versions.tf | 2 +- 23 files changed, 59 insertions(+), 74 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a538416..c575e28 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ # These owners will be the default owners for everything in the repo. -* @anmolnagpal @clouddrove-ci @clouddrove/terraform-azure-admins \ No newline at end of file +* @anmolnagpal @clouddrove-ci @clouddrove/terraform-azure-admins diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index 77d5fdf..f8b8bcd 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -11,4 +11,4 @@ jobs: secrets: GITHUB: ${{ secrets.GITHUB }} with: - assignees: 'clouddrove-ci' \ No newline at end of file + assignees: 'clouddrove-ci' diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 3baf5e1..26392e2 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -9,4 +9,4 @@ jobs: GITHUB: ${{ secrets.GITHUB }} with: tfcheck: 'complete-example / Check code format' -... \ No newline at end of file +... diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 4b735f5..1ee6f78 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -10,4 +10,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 444164d..c4a5793 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -12,4 +12,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master secrets: TOKEN : ${{ secrets.GITHUB }} - SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} \ No newline at end of file + SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 9d06aa4..0556411 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -10,7 +10,7 @@ jobs: secrets: inherit with: working_directory: './examples/complete/' - + basic-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master secrets: inherit @@ -21,4 +21,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master secrets: inherit with: - working_directory: './examples/mysql-flexible-server-replication/' \ No newline at end of file + working_directory: './examples/mysql-flexible-server-replication/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index ee98182..71a6fc4 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -8,4 +8,4 @@ jobs: tf-lint: uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master secrets: - GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file + GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 9aaf588..c203751 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -8,4 +8,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master secrets: inherit with: - working_directory: '.' \ No newline at end of file + working_directory: '.' diff --git a/CHANGELOG.md b/CHANGELOG.md index 4624be4..93f2760 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,4 +26,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [1.0.0]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.0...master -[1.0.1]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.0...1.0.1 \ No newline at end of file +[1.0.1]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.0...1.0.1 diff --git a/README.md b/README.md index afc1679..4bfa730 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@
-We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. +We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. @@ -64,7 +64,7 @@ This module includes Terraform open source, examples, and automation tests (for Refer to complete documentation: [here](docs/io.md) -