feat(MAJOR): Major refactor of all modules and examples (#37)

This PR introduces v3.0 of the repo and contains: - major refactor to all modules (except for legacy virtual_machine module) - replacement of application_insights module with a new ngfw_metrics module - introduction of test_infrastructure module - significant refactor to all reference architecture examples - bump of required Terraform version to 1.5 - bump of required AzureRM provider version to 3.98 Co-authored-by: Łukasz Pawlęga <lpawlega@paloaltonetworks.com> Co-authored-by: Sebastian Czech <sczech@paloaltonetworks.com> Co-authored-by: Alp Eren Kose <alperenkose@gmail.com>
PaloAltoNetworks · Apr 25, 2024 · 4a68e10 · 4a68e10
1 parent 2619842
commit 4a68e10
Show file tree

Hide file tree

Showing 184 changed files with 33,564 additions and 8,467 deletions.
diff --git a/.github/workflows/help-command.yml b/.github/workflows/help-command.yml
@@ -1,6 +1,9 @@
 name: ChatOPS Help
 run-name: "Display ChatOPS help (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:

diff --git a/.github/workflows/hub_sync.yml b/.github/workflows/hub_sync.yml
@@ -6,7 +6,7 @@ permissions:
 on:
   workflow_dispatch:
   release:
-    types: [released]
+    types: [published]
 
 jobs:
   hub_sync:

diff --git a/.github/workflows/pr_ci.yml b/.github/workflows/pr_ci.yml
@@ -27,7 +27,7 @@ jobs:
     if: github.actor != 'dependabot[bot]'
     with:
       cloud: azure
-      tf_version: 1.2 1.3 1.4 1.5 1.6 1.7
+      tf_version: 1.5 1.6 1.7
       validate_max_parallel: 20
       test_max_parallel: 10
       terratest_action: Plan # keep in mind that this has to start with capital letter

diff --git a/.gitignore b/.gitignore
@@ -30,6 +30,12 @@
 .vscode
 .idea
 
+
+# Ceritifcates
+*.pem
+*.crt
+*.pfx
+*.key
 # Palo auth codes
 authcodes
 # Crash log files
@@ -49,3 +55,5 @@ terraform.tfvars.json
 # **/
 *bootstrap.xml
 
+bootstrap_package/
+examples/appgw/files/*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -2,9 +2,12 @@ repos:
 - hooks:
   - id: terraform_fmt
   - args:
-    - --args=--sort=false
-    - --args=--lockfile=false
-    - --args=--indent=3
+    - --args=--config=.terraform-docs.yml
+    id: terraform_docs
+  - args:
+    - --args=--config=.terraform-docs-internal.yml
+    - --hook-config=--path-to-file=.README.md
+    files: ^modules/test_infrastructure/
     id: terraform_docs
   - args:
     - --args=--only=terraform_deprecated_interpolation
@@ -14,14 +17,14 @@ repos:
     - --args=--only=terraform_workspace_remote
     id: terraform_tflint
   repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.83.0
+  rev: v1.88.4
 - hooks:
   - args:
     - --compact
     - --quiet
     - --skip-check
-    - CKV_AZURE_118,CKV_AZURE_119,CKV_AZURE_120,CKV2_AZURE_10,CKV2_AZURE_12,CKV_AZURE_35,CKV_AZURE_206,CKV_AZURE_93,CKV2_AZURE_1,CKV2_AZURE_18,CKV_AZURE_97,CKV_AZURE_59,CKV_AZURE_190,CKV2_AZURE_33,CKV_AZURE_179,CKV_AZURE_1,CKV_AZURE_49,CKV_AZURE_217,CKV_AZURE_218
+    - CKV_GHA_7,CKV_AZURE_1,CKV_AZURE_35,CKV_AZURE_44,CKV_AZURE_49,CKV_AZURE_59,CKV_AZURE_93,CKV_AZURE_97,CKV_AZURE_118,CKV_AZURE_119,CKV_AZURE_120,CKV_AZURE_179,CKV_AZURE_190,CKV_AZURE_206,CKV_AZURE_217,CKV_AZURE_218,CKV2_AZURE_1,CKV2_AZURE_10,CKV2_AZURE_12,CKV2_AZURE_18,CKV2_AZURE_33,CKV2_AZURE_39,CKV2_AZURE_40,CKV2_AZURE_41
     id: checkov
     verbose: true
   repo: https://github.com/bridgecrewio/checkov.git
-  rev: 2.4.22
+  rev: 3.2.50
diff --git a/.terraform-docs-internal.yml b/.terraform-docs-internal.yml
@@ -0,0 +1,130 @@
+formatter: "markdown document" # this is required
+version: ""
+header-from: ".header.md"
+
+output:
+  file: .README.md
+  mode: replace
+
+sort:
+  enabled: false
+
+settings:
+  indent: 3
+  lockfile: false
+
+content: |-
+  {{ .Header }}
+
+  ## Module's Required Inputs
+
+  Name | Type | Description
+  --- | --- | ---
+  {{- range .Module.Inputs }}
+  {{- if .Required }}
+  [`{{ .Name }}`](#{{ .Name }}) | `{{ (split "(" .Type.Raw)._0 }}` | {{ (split "." .Description.Raw)._0 }}.
+  {{- end }}
+  {{- end }}
+
+  {{ $optional := false -}}
+  {{ range .Module.Inputs }}{{ if not .Required }}{{ $optional = true -}}{{ end -}}{{ end -}}
+
+  {{ if $optional -}}
+  ## Module's Optional Inputs
+
+  Name | Type | Description
+  --- | --- | ---
+  {{- range .Module.Inputs }}
+  {{- if not .Required }}
+  [`{{ .Name }}`](#{{ .Name }}) | `{{ (split "(" .Type.Raw)._0 }}` | {{ (split "." .Description.Raw)._0 }}.
+  {{- end -}}
+  {{ end -}}
+  {{ end }}
+
+  {{ if ne (len .Module.Outputs) 0 -}}
+  ## Module's Outputs
+
+  Name |  Description
+  --- | ---
+  {{- range .Module.Outputs }}
+  `{{ .Name }}` | {{ .Description.Raw }}
+  {{- end }}
+  {{- end }}
+
+  ## Module's Nameplate
+
+  {{ if ne (len .Module.Requirements) 0 -}}
+  Requirements needed by this module:
+  {{ range .Module.Requirements }}
+  - `{{ .Name }}`{{ if .Version }}, version: {{ .Version }}{{ end }}
+  {{- end }}
+  {{- end }}
+
+  {{ if ne (len .Module.Providers) 0 -}}
+  Providers used in this module:
+  {{ range .Module.Providers }}
+  - `{{ .Name }}`{{ if .Version }}, version: {{ .Version }}{{ end }}
+  {{- end }}
+  {{- end }}
+
+  {{ if ne (len .Module.ModuleCalls) 0 -}}
+  Modules used in this module:
+  Name | Version | Source | Description
+  --- | --- | --- | ---
+  {{- range .Module.ModuleCalls }}
+  `{{ .Name }}` | {{ if .Version }}{{ .Version }}{{ else }}-{{ end }} | {{ .Source }} | {{ .Description }}
+  {{- end }}
+  {{- end }}
+
+  {{ if ne (len .Module.Resources) 0 -}}
+  Resources used in this module:
+  {{ range .Module.Resources }}
+  - `{{ .Type }}` ({{ .Mode }})
+  {{- end }}
+  {{- end }}
+
+  ## Inputs/Outpus details
+
+  ### Required Inputs
+
+  {{ range .Module.Inputs -}}
+  {{ if .Required -}}
+  #### {{ .Name }}
+
+  {{ .Description }}
+
+  Type: {{ if lt (len (split "\n" .Type.Raw)) 2 }}{{ .Type }}{{ else }}
+
+  ```hcl
+  {{ .Type }}
+  ```
+  {{ end }}
+
+  <sup>[back to list](#modules-required-inputs)</sup>
+  
+  {{ end -}}
+  {{- end -}}
+
+  {{ if $optional -}}
+  ### Optional Inputs
+
+  {{ range .Module.Inputs -}}
+  {{ if not .Required -}}
+  #### {{ .Name }}
+
+  {{ .Description }}
+
+  Type: {{ if lt (len (split "\n" .Type.Raw)) 2 }}{{ .Type }}{{ else }}
+
+  ```hcl
+  {{ .Type }}
+  ```
+  {{ end }}
+
+  Default value: `{{ .Default }}`
+
+  <sup>[back to list](#modules-optional-inputs)</sup>
+  
+  {{ end }}
+  {{- end -}}
+  {{ end -}}
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -0,0 +1,130 @@
+formatter: "markdown document" # this is required
+version: ""
+header-from: ".header.md"
+
+output:
+  file: README.md
+  mode: replace
+
+sort:
+  enabled: false
+
+settings:
+  indent: 3
+  lockfile: false
+
+content: |-
+  {{ .Header }}
+
+  ## Module's Required Inputs
+
+  Name | Type | Description
+  --- | --- | ---
+  {{- range .Module.Inputs }}
+  {{- if .Required }}
+  [`{{ .Name }}`](#{{ .Name }}) | `{{ (split "(" .Type.Raw)._0 }}` | {{ (split "." .Description.Raw)._0 }}.
+  {{- end }}
+  {{- end }}
+
+  {{ $optional := false -}}
+  {{ range .Module.Inputs }}{{ if not .Required }}{{ $optional = true -}}{{ end -}}{{ end -}}
+
+  {{ if $optional -}}
+  ## Module's Optional Inputs
+
+  Name | Type | Description
+  --- | --- | ---
+  {{- range .Module.Inputs }}
+  {{- if not .Required }}
+  [`{{ .Name }}`](#{{ .Name }}) | `{{ (split "(" .Type.Raw)._0 }}` | {{ (split "." .Description.Raw)._0 }}.
+  {{- end -}}
+  {{ end -}}
+  {{ end }}
+
+  {{ if ne (len .Module.Outputs) 0 -}}
+  ## Module's Outputs
+
+  Name |  Description
+  --- | ---
+  {{- range .Module.Outputs }}
+  `{{ .Name }}` | {{ .Description.Raw }}
+  {{- end }}
+  {{- end }}
+
+  ## Module's Nameplate
+
+  {{ if ne (len .Module.Requirements) 0 -}}
+  Requirements needed by this module:
+  {{ range .Module.Requirements }}
+  - `{{ .Name }}`{{ if .Version }}, version: {{ .Version }}{{ end }}
+  {{- end }}
+  {{- end }}
+
+  {{ if ne (len .Module.Providers) 0 -}}
+  Providers used in this module:
+  {{ range .Module.Providers }}
+  - `{{ .Name }}`{{ if .Version }}, version: {{ .Version }}{{ end }}
+  {{- end }}
+  {{- end }}
+
+  {{ if ne (len .Module.ModuleCalls) 0 -}}
+  Modules used in this module:
+  Name | Version | Source | Description
+  --- | --- | --- | ---
+  {{- range .Module.ModuleCalls }}
+  `{{ .Name }}` | {{ if .Version }}{{ .Version }}{{ else }}-{{ end }} | {{ .Source }} | {{ .Description }}
+  {{- end }}
+  {{- end }}
+
+  {{ if ne (len .Module.Resources) 0 -}}
+  Resources used in this module:
+  {{ range .Module.Resources }}
+  - `{{ .Type }}` ({{ .Mode }})
+  {{- end }}
+  {{- end }}
+
+  ## Inputs/Outpus details
+
+  ### Required Inputs
+
+  {{ range .Module.Inputs -}}
+  {{ if .Required -}}
+  #### {{ .Name }}
+
+  {{ .Description }}
+
+  Type: {{ if lt (len (split "\n" .Type.Raw)) 2 }}{{ .Type }}{{ else }}
+
+  ```hcl
+  {{ .Type }}
+  ```
+  {{ end }}
+
+  <sup>[back to list](#modules-required-inputs)</sup>
+  
+  {{ end -}}
+  {{- end -}}
+
+  {{ if $optional -}}
+  ### Optional Inputs
+
+  {{ range .Module.Inputs -}}
+  {{ if not .Required -}}
+  #### {{ .Name }}
+
+  {{ .Description }}
+
+  Type: {{ if lt (len (split "\n" .Type.Raw)) 2 }}{{ .Type }}{{ else }}
+
+  ```hcl
+  {{ .Type }}
+  ```
+  {{ end }}
+
+  Default value: `{{ .Default }}`
+
+  <sup>[back to list](#modules-optional-inputs)</sup>
+  
+  {{ end }}
+  {{- end -}}
+  {{ end -}}