feat: added private endpoint resources

.github/workflows/automerge.yml

@@ -1,10 +1,15 @@
 name: Auto merge
 on:
   pull_request:
+permissions:
+  contents: write
+  checks: read
+  pull-requests: write
 jobs:
   auto-merge:
     uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master
-    secrets:
-      GITHUB: ${{ secrets.GITHUB }}
     with:
-      tfcheck: 'examples/complete/**'
+      azure_cloud: true
+      tfchecks_azure: '["pr-validation / 📝 Validate PR title", "pr-validation / 🧾 Validate Commit Messages", "tf-lint / tflint"]'
+    secrets:
+      GITHUB: ${{ secrets.GITHUB }}

.github/workflows/checkov.yml

@@ -11,4 +11,4 @@ jobs:
     with:
       directory: '.'
       continue_on_error: 'true'
-      skip_check: 'CKV_TF_1'
+      skip_check: 'CKV_TF_1,CKV2_AZURE_56,CKV_AZURE_112,CKV_AZURE_40'

.github/workflows/tag-release.yml

@@ -6,8 +6,8 @@ on:
 
 jobs:
   release:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tag-release.yaml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tag-release.yml@master
     with:
       target_branch: master
     secrets:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GITHUB: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/terraform-diff.yml

@@ -14,4 +14,14 @@ jobs:
       target_branch: 'master'
     secrets:
       AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
-      ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+
+  mysql-with-private-endpoint-example:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-pr-checks.yaml@master
+    with:
+      provider: 'azurerm'
+      terraform_directory: 'examples/mysql_with_private_endpoint'
+      target_branch: 'master'
+    secrets:
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}       

.github/workflows/tf-checks.yml

@@ -10,7 +10,11 @@ jobs:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
       working_directory: './examples/complete/'
-
+
+  mysql_with_private_endpoint-example:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    with:
+      working_directory: './examples/mysql_with_private_endpoint/'  
 # Seperate Job for TFlint workflow call
   tf-lint:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master

README.yaml

@@ -5,13 +5,13 @@
 #
 
 # Name of this project
-name : Terraform Azure Module Template
+name : Terraform Azure Private DNS
 
 # License of this project
 license: "APACHE"
 
 # Canonical GitHub repo
-github_repo: terraform-az-modules/terraform-module-template
+github_repo: terraform-az-modules/terraform-azure-flexible-mysql
 
 # Badges to display
 badges:
@@ -38,7 +38,7 @@ providers:
 
 #  description of this project
 description: |-
-  Terraform Azure Module Template to create new modules using this as baseline
+    Terraform module to provision an Azure Flexible Server for MySQL with best practices.
 
 # How to use this project
 # How to use this project

data.tf

@@ -1,3 +1,4 @@
 ##-----------------------------------------------------------------------------
 ## Data
 ##-----------------------------------------------------------------------------
+data "azurerm_client_config" "current" {}

examples/complete/README.md

@@ -1,46 +1,40 @@
 <!-- BEGIN_TF_DOCS -->
+## Requirements
 
-# Terraform Azure Module Template
+No requirements.
 
-This directory contains an example usage of the **terraform-azure-module-template**. It demonstrates how to use the module with default settings or with custom configurations.
+## Providers
 
----
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.53.0 |
 
-## 📋 Requirements
+## Modules
 
-| Name      | Version   |
-|-----------|-----------|
-| Terraform | >= 1.6.6  |
-| Azurerm   | >= 3.116.0|
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_flexible-mysql"></a> [flexible-mysql](#module\_flexible-mysql) | ../../ | n/a |
+| <a name="module_log-analytics"></a> [log-analytics](#module\_log-analytics) | terraform-az-modules/log-analytics/azurerm | 1.0.2 |
+| <a name="module_private_dns"></a> [private\_dns](#module\_private\_dns) | terraform-az-modules/private-dns/azurerm | 1.0.2 |
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-az-modules/resource-group/azurerm | 1.0.3 |
+| <a name="module_subnet"></a> [subnet](#module\_subnet) | terraform-az-modules/subnet/azurerm | 1.0.1 |
+| <a name="module_vault"></a> [vault](#module\_vault) | terraform-az-modules/key-vault/azurerm | 1.0.1 |
+| <a name="module_vnet"></a> [vnet](#module\_vnet) | terraform-az-modules/vnet/azurerm | 1.0.3 |
 
----
+## Resources
 
-## 🔌 Providers
+| Name | Type |
+|------|------|
+| [azurerm_client_config.current_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 
-None specified in this example.
+## Inputs
 
----
+No inputs.
 
-## 📦 Modules
-
-None specified in this example.
-
----
-
-## 🏗️ Resources
-
-No resources are directly created in this example.
-
----
-
-## 🔧 Inputs
-
-No input variables are defined in this example.
-
----
-
-## 📤 Outputs
-
-No outputs are defined in this example.
+## Outputs
 
+| Name | Description |
+|------|-------------|
+| <a name="output_flexible-mysql_server_id"></a> [flexible-mysql\_server\_id](#output\_flexible-mysql\_server\_id) | The ID of the MySQL Flexible Server. |
+| <a name="output_flexible-mysql_server_name"></a> [flexible-mysql\_server\_name](#output\_flexible-mysql\_server\_name) | The Name of the MySQL Flexible Server. |
 <!-- END_TF_DOCS -->

examples/complete/example.tf

@@ -2,6 +2,157 @@
   features {}
 }
 
+data "azurerm_client_config" "current_client_config" {}
+
+##-----------------------------------------------------------------------------
+## Resource Group module call
+## Resource group in which all resources will be deployed.
+##-----------------------------------------------------------------------------
+module "resource_group" {
+  source      = "terraform-az-modules/resource-group/azurerm"
+  version     = "1.0.3"
+  name        = "core"
+  environment = "dev"
+  location    = "centralindia"
+  label_order = ["name", "environment", "location"]
+}
+
+# ------------------------------------------------------------------------------
+# Virtual Network
+# ------------------------------------------------------------------------------
+module "vnet" {
+  source              = "terraform-az-modules/vnet/azurerm"
+  version             = "1.0.3"
+  name                = "core"
+  environment         = "dev"
+  label_order         = ["name", "environment", "location"]
+  resource_group_name = module.resource_group.resource_group_name
+  location            = module.resource_group.resource_group_location
+  address_spaces      = ["10.0.0.0/16"]
+}
+
+# ------------------------------------------------------------------------------
+# Subnet
+# ------------------------------------------------------------------------------
+module "subnet" {
+  source               = "terraform-az-modules/subnet/azurerm"
+  version              = "1.0.1"
+  environment          = "dev"
+  label_order          = ["name", "environment", "location"]
+  resource_group_name  = module.resource_group.resource_group_name
+  location             = module.resource_group.resource_group_location
+  virtual_network_name = module.vnet.vnet_name
+  subnets = [
+    {
+      name            = "subnet1"
+      subnet_prefixes = ["10.0.1.0/24"]
+      delegations = [
+        {
+          name = "delegation1"
+          service_delegations = [
+            {
+              name    = "Microsoft.DBforMySQL/flexibleServers"
+              actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+            }
+          ]
+        }
+      ]
+    },
+    {
+      name            = "subnet2"
+      subnet_prefixes = ["10.0.2.0/24"]
+    }
+  ]
+}
+
+# ------------------------------------------------------------------------------
+# Log Analytics
+# ------------------------------------------------------------------------------
+module "log-analytics" {
+  source                      = "terraform-az-modules/log-analytics/azurerm"
+  version                     = "1.0.2"
+  name                        = "core"
+  environment                 = "dev"
+  label_order                 = ["name", "environment", "location"]
+  log_analytics_workspace_sku = "PerGB2018"
+  resource_group_name         = module.resource_group.resource_group_name
+  location                    = module.resource_group.resource_group_location
+  log_analytics_workspace_id  = module.log-analytics.workspace_id
+}
+
+# ------------------------------------------------------------------------------
+# Key Vault
+# ------------------------------------------------------------------------------
+module "vault" {
+  source                        = "terraform-az-modules/key-vault/azurerm"
+  version                       = "1.0.1"
+  name                          = "core121"
+  environment                   = "dev"
+  label_order                   = ["name", "environment", "location"]
+  resource_group_name           = module.resource_group.resource_group_name
+  location                      = module.resource_group.resource_group_location
+  subnet_id                     = module.subnet.subnet_ids.subnet2
+  public_network_access_enabled = true
+  sku_name                      = "standard"
+  private_dns_zone_ids          = module.private_dns.private_dns_zone_ids.key_vault
+  network_acls = {
+    bypass         = "AzureServices"
+    default_action = "Deny"
+    ip_rules       = ["0.0.0.0/0"]
+  }
+  reader_objects_ids = {
+    "Key Vault Administrator" = {
+      role_definition_name = "Key Vault Administrator"
+      principal_id         = data.azurerm_client_config.current_client_config.object_id
+    }
+  }
+  diagnostic_setting_enable  = true
+  log_analytics_workspace_id = module.log-analytics.workspace_id
+}
+
+##-----------------------------------------------------------------------------
+## Private DNS Zone module call
+##-----------------------------------------------------------------------------
+module "private_dns" {
+  source              = "terraform-az-modules/private-dns/azurerm"
+  version             = "1.0.2"
+  location            = module.resource_group.resource_group_location
+  name                = "dns"
+  environment         = "dev"
+  resource_group_name = module.resource_group.resource_group_name
+  private_dns_config = [
+    {
+      resource_type = "key_vault"
+      vnet_ids      = [module.vnet.vnet_id]
+    },
+    {
+      resource_type = "mysql_server"
+      vnet_ids      = [module.vnet.vnet_id]
+    }
+  ]
+}
+
 ##-----------------------------------------------------------------------------
-## Resources
+## Flexible Mysql server module call.
 ##-----------------------------------------------------------------------------
+module "flexible-mysql" {
+  depends_on                 = [module.resource_group, module.vnet, module.vault]
+  source                     = "../../"
+  name                       = "core"
+  environment                = "dev"
+  label_order                = ["name", "environment", "location"]
+  resource_group_name        = module.resource_group.resource_group_name
+  location                   = module.resource_group.resource_group_location
+  virtual_network_id         = module.vnet.vnet_id
+  delegated_subnet_id        = module.subnet.subnet_ids["subnet1"]
+  mysql_version              = "8.0.21"
+  admin_username             = "mysqlusername"
+  sku_name                   = "B_Standard_B1ms"
+  db_name                    = "maindb"
+  log_analytics_workspace_id = module.log-analytics.workspace_id
+  key_vault_id               = module.vault.id
+  key_vault_with_rbac        = true
+  cmk_enabled                = true
+  private_dns_id             = module.private_dns.private_dns_zone_ids.mysql_server
+  enable_private_endpoint    = false
+}

examples/complete/outputs.tf

@@ -1,3 +1,13 @@
 ##-----------------------------------------------------------------------------
 ## Outputs
 ##-----------------------------------------------------------------------------
+output "flexible-mysql_server_id" {
+  value       = module.flexible-mysql.mysql_flexible_server_id
+  description = "The ID of the MySQL Flexible Server."
+}
+
+output "flexible-mysql_server_name" {
+  value       = module.flexible-mysql.mysql_flexible_server_name
+  description = "The Name of the MySQL Flexible Server."
+}
+