feat: extra tags (#47)

clouddrove · Feb 7, 2024 · a313fc2 · a313fc2
1 parent 2c83634
commit a313fc2
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 53 deletions.
diff --git a/_example/basic/version.tf b/_example/basic/version.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_version = ">= 1.6.6"
+}
+
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.89.0"
+    }
+  }
+}
diff --git a/_example/complete/example.tf b/_example/complete/example.tf
@@ -50,7 +50,7 @@ module "subnet" {
   label_order          = local.label_order
   resource_group_name  = module.resource_group.resource_group_name
   location             = module.resource_group.resource_group_location
-  virtual_network_name = join("", module.vnet.vnet_name)
+  virtual_network_name = module.vnet.vnet_name
   service_endpoints    = ["Microsoft.Storage"]
   #subnet
   subnet_names    = ["subnet1"]
@@ -89,7 +89,7 @@ module "vault" {
   resource_group_name         = module.resource_group.resource_group_name
   location                    = module.resource_group.resource_group_location
   admin_objects_ids           = [data.azurerm_client_config.current_client_config.object_id]
-  virtual_network_id          = join("", module.vnet.vnet_id)
+  virtual_network_id          = module.vnet.vnet_id
   subnet_id                   = module.subnet.default_subnet_id[0]
   enable_rbac_authorization   = true
   enabled_for_disk_encryption = false
@@ -142,7 +142,7 @@ module "storage" {
     { name = "fileshare", quota = "10" },
   ]
 
-  virtual_network_id         = module.vnet.vnet_id[0]
+  virtual_network_id         = module.vnet.vnet_id
   subnet_id                  = module.subnet.default_subnet_id[0]
   log_analytics_workspace_id = module.log-analytics.workspace_id
 }
diff --git a/_example/complete/version.tf b/_example/complete/version.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_version = ">= 1.6.6"
+}
+
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.89.0"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -11,6 +11,7 @@ module "labels" {
   managedby   = var.managedby
   label_order = var.label_order
   repository  = var.repository
+  extra_tags  = var.extra_tags
 }
 
 ##----------------------------------------------------------------------------- 
@@ -193,7 +194,7 @@ resource "azurerm_storage_account" "storage" {
     for_each = var.cmk_encryption_enabled && var.identity_type != null ? [1] : []
     content {
       type         = var.identity_type
-      identity_ids = var.identity_type == "UserAssigned" ? [join("", azurerm_user_assigned_identity.identity.*.id)] : null
+      identity_ids = var.identity_type == "UserAssigned" ? azurerm_user_assigned_identity.identity[*].id : null
     }
   }
   dynamic "customer_managed_key" {
@@ -214,6 +215,7 @@ resource "azurerm_user_assigned_identity" "identity" {
   location            = var.location
   name                = format("%s-storage-mid", module.labels.id)
   resource_group_name = var.resource_group_name
+  tags                = module.labels.tags
 }
 
 ##----------------------------------------------------------------------------- 
@@ -250,6 +252,7 @@ resource "azurerm_key_vault_key" "kvkey" {
   key_vault_id    = var.key_vault_id
   key_type        = "RSA"
   key_size        = 2048
+  tags            = module.labels.tags
   key_opts = [
     "decrypt",
     "encrypt",
@@ -276,7 +279,7 @@ resource "azurerm_key_vault_key" "kvkey" {
 ##-----------------------------------------------------------------------------
 resource "azurerm_storage_account_network_rules" "network-rules" {
   for_each                   = var.enabled ? { for rule in var.network_rules : rule.default_action => rule } : {}
-  storage_account_id         = join("", azurerm_storage_account.storage.*.id)
+  storage_account_id         = azurerm_storage_account.storage[0].id
   default_action             = lookup(each.value, "default_action", "Deny")
   ip_rules                   = lookup(each.value, "ip_rules", null)
   virtual_network_subnet_ids = lookup(each.value, "virtual_network_subnet_ids", null)
@@ -295,7 +298,7 @@ resource "azurerm_storage_account_network_rules" "network-rules" {
 ##-----------------------------------------------------------------------------
 resource "azurerm_advanced_threat_protection" "atp" {
   count              = var.enabled && var.enable_advanced_threat_protection ? 1 : 0
-  target_resource_id = join("", azurerm_storage_account.storage.*.id)
+  target_resource_id = azurerm_storage_account.storage[0].id
   enabled            = var.enable_advanced_threat_protection
 }
 
@@ -307,7 +310,7 @@ resource "azurerm_key_vault_access_policy" "keyvault-access-policy" {
   count        = var.enabled && var.key_vault_rbac_auth_enabled == false ? 1 : 0
   key_vault_id = var.key_vault_id
   tenant_id    = data.azurerm_client_config.current.tenant_id
-  object_id    = join("", azurerm_user_assigned_identity.identity.*.principal_id)
+  object_id    = azurerm_user_assigned_identity.identity[0].principal_id
 
   key_permissions = [
     "Create",
@@ -366,7 +369,7 @@ resource "azurerm_storage_share" "fileshare" {
 resource "azurerm_storage_table" "tables" {
   count                = var.enabled ? length(var.tables) : 0
   name                 = var.tables[count.index]
-  storage_account_name = join("", azurerm_storage_account.storage.*.name)
+  storage_account_name = azurerm_storage_account.storage[0].name
 }
 
 ##----------------------------------------------------------------------------- 
@@ -375,15 +378,15 @@ resource "azurerm_storage_table" "tables" {
 resource "azurerm_storage_queue" "queues" {
   count                = var.enabled ? length(var.queues) : 0
   name                 = var.queues[count.index]
-  storage_account_name = join("", azurerm_storage_account.storage.*.name)
+  storage_account_name = azurerm_storage_account.storage[0].name
 }
 
 ##----------------------------------------------------------------------------- 
 ## Below resource will create management policy for storage account.  
 ##-----------------------------------------------------------------------------
 resource "azurerm_storage_management_policy" "lifecycle_management" {
   count              = var.enabled && var.management_policy_enable ? length(var.management_policy) : 0
-  storage_account_id = join("", azurerm_storage_account.storage.*.id)
+  storage_account_id = azurerm_storage_account.storage[0].id
 
   dynamic "rule" {
     for_each = var.management_policy
@@ -432,7 +435,7 @@ resource "azurerm_private_endpoint" "pep" {
   private_service_connection {
     name                           = format("%s-%s-psc", module.labels.id, var.storage_account_name)
     is_manual_connection           = false
-    private_connection_resource_id = join("", azurerm_storage_account.storage.*.id)
+    private_connection_resource_id = azurerm_storage_account.storage[0].id
     subresource_names              = ["blob"]
   }
   lifecycle {
@@ -449,7 +452,7 @@ locals {
   resource_group_name   = var.resource_group_name
   location              = var.location
   valid_rg_name         = var.existing_private_dns_zone == null ? local.resource_group_name : (var.existing_private_dns_zone_resource_group_name == "" ? local.resource_group_name : var.existing_private_dns_zone_resource_group_name)
-  private_dns_zone_name = var.existing_private_dns_zone == null ? join("", azurerm_private_dns_zone.dnszone.*.name) : var.existing_private_dns_zone
+  private_dns_zone_name = var.existing_private_dns_zone == null ? azurerm_private_dns_zone.dnszone[0].name : var.existing_private_dns_zone
 }
 
 ##----------------------------------------------------------------------------- 
@@ -458,7 +461,7 @@ locals {
 ##-----------------------------------------------------------------------------
 data "azurerm_private_endpoint_connection" "private-ip-0" {
   count               = var.enabled && var.enable_private_endpoint ? 1 : 0
-  name                = join("", azurerm_private_endpoint.pep.*.name)
+  name                = azurerm_private_endpoint.pep[0].name
   resource_group_name = local.resource_group_name
   depends_on          = [azurerm_storage_account.storage]
 }
@@ -524,7 +527,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "addon_vent_link" {
   count                 = var.enabled && var.addon_vent_link ? 1 : 0
   name                  = format("%s-pdz-vnet-link-storage-addon", module.labels.id)
   resource_group_name   = var.addon_resource_group_name
-  private_dns_zone_name = var.existing_private_dns_zone == null ? join("", azurerm_private_dns_zone.dnszone.*.name) : var.existing_private_dns_zone
+  private_dns_zone_name = var.existing_private_dns_zone == null ? azurerm_private_dns_zone.dnszone[0].name : var.existing_private_dns_zone
   virtual_network_id    = var.addon_virtual_network_id
   tags                  = module.labels.tags
 }
@@ -534,11 +537,11 @@ resource "azurerm_private_dns_zone_virtual_network_link" "addon_vent_link" {
 ##-----------------------------------------------------------------------------
 resource "azurerm_private_dns_a_record" "arecord" {
   count               = var.enabled && var.enable_private_endpoint && var.diff_sub == false ? 1 : 0
-  name                = var.key_vault_id != null ? join("", azurerm_storage_account.storage.*.name) : null
+  name                = var.key_vault_id != null ? azurerm_storage_account.storage[0].name : null
   zone_name           = local.private_dns_zone_name
   resource_group_name = local.valid_rg_name
   ttl                 = 3600
-  records             = [data.azurerm_private_endpoint_connection.private-ip-0.0.private_service_connection.0.private_ip_address]
+  records             = [data.azurerm_private_endpoint_connection.private-ip-0[0].private_service_connection[0].private_ip_address]
   tags                = module.labels.tags
   lifecycle {
     ignore_changes = [
@@ -554,11 +557,11 @@ resource "azurerm_private_dns_a_record" "arecord" {
 resource "azurerm_private_dns_a_record" "arecord1" {
   count               = var.enabled && var.enable_private_endpoint && var.diff_sub == true ? 1 : 0
   provider            = azurerm.peer
-  name                = var.key_vault_id != null ? join("", azurerm_storage_account.storage.*.name) : null
+  name                = var.key_vault_id != null ? azurerm_storage_account.storage[0].name : null
   zone_name           = local.private_dns_zone_name
   resource_group_name = local.valid_rg_name
   ttl                 = 3600
-  records             = [data.azurerm_private_endpoint_connection.private-ip-0.0.private_service_connection.0.private_ip_address]
+  records             = [data.azurerm_private_endpoint_connection.private-ip-0[0].private_service_connection[0].private_ip_address]
   tags                = module.labels.tags
   lifecycle {
     ignore_changes = [
@@ -573,7 +576,7 @@ resource "azurerm_private_dns_a_record" "arecord1" {
 resource "azurerm_monitor_diagnostic_setting" "storage" {
   count                          = var.enabled && var.enable_diagnostic ? 1 : 0
   name                           = format("storage-diagnostic-log")
-  target_resource_id             = join("", azurerm_storage_account.storage.*.id)
+  target_resource_id             = azurerm_storage_account.storage[0].id
   storage_account_id             = var.storage_account_id
   eventhub_name                  = var.eventhub_name
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
@@ -620,7 +623,7 @@ resource "azurerm_monitor_diagnostic_setting" "storage-nic" {
   depends_on                     = [azurerm_private_endpoint.pep]
   count                          = var.enabled && var.enable_diagnostic && var.enable_private_endpoint ? 1 : 0
   name                           = format("%s-storage-nic-diagnostic-log", module.labels.id)
-  target_resource_id             = element(azurerm_private_endpoint.pep[count.index].network_interface.*.id, count.index)
+  target_resource_id             = element(azurerm_private_endpoint.pep[count.index].network_interface[*].id, count.index)
   storage_account_id             = var.storage_account_id
   eventhub_name                  = var.eventhub_name
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id

diff --git a/outputs.tf b/outputs.tf
@@ -1,41 +1,41 @@
 output "storage_account_id" {
-  value       = join("", azurerm_storage_account.storage.*.id)
+  value       = azurerm_storage_account.storage[0].id
   description = "The ID of the storage account."
 }
 
 output "storage_account_name" {
-  value       = join("", azurerm_storage_account.storage.*.name)
+  value       = azurerm_storage_account.storage[0].name
   description = "The name of the storage account."
 }
 
 output "storage_account_primary_location" {
-  value       = join("", azurerm_storage_account.storage.*.primary_location)
+  value       = azurerm_storage_account.storage[0].primary_location
   description = "The primary location of the storage account"
 }
 
 output "storage_account_primary_web_endpoint" {
-  value       = join("", azurerm_storage_account.storage.*.primary_web_endpoint)
+  value       = azurerm_storage_account.storage[0].primary_web_endpoint
   description = "The endpoint URL for web storage in the primary location."
 }
 
 output "storage_account_primary_blob_endpoint" {
-  value       = join("", azurerm_storage_account.storage.*.primary_blob_endpoint)
+  value       = azurerm_storage_account.storage[0].primary_blob_endpoint
   description = "The endpoint URL for blob storage in the primary location."
 }
 
 output "storage_account_primary_web_host" {
-  value       = join("", azurerm_storage_account.storage.*.primary_web_host)
+  value       = azurerm_storage_account.storage[0].primary_web_host
   description = "The hostname with port if applicable for web storage in the primary location."
 }
 
 output "storage_primary_connection_string" {
-  value       = join("", azurerm_storage_account.storage.*.primary_connection_string)
+  value       = azurerm_storage_account.storage[0].primary_connection_string
   sensitive   = true
   description = "The primary connection string for the storage account"
 }
 
 output "storage_primary_access_key" {
-  value       = join("", azurerm_storage_account.storage.*.primary_access_key)
+  value       = azurerm_storage_account.storage[0].primary_access_key
   sensitive   = true
   description = "The primary access key for the storage account"
 }

diff --git a/variables.tf b/variables.tf
@@ -30,6 +30,12 @@ variable "managedby" {
   description = "ManagedBy, eg 'Identos'."
 }
 
+variable "extra_tags" {
+  type        = map(string)
+  default     = null
+  description = "Variable to pass extra tags."
+}
+
 variable "enabled" {
   type        = bool
   description = "Set to false to prevent the module from creating any resources."
@@ -61,6 +67,7 @@ variable "account_tier" {
 }
 
 variable "access_tier" {
+  type        = string
   default     = "Hot"
   description = "Defines the access tier for BlobStorage and StorageV2 accounts. Valid options are Hot and Cool."
 }
@@ -89,11 +96,6 @@ variable "min_tls_version" {
   description = "The minimum supported TLS version for the storage account"
 }
 
-variable "soft_delete_retention" {
-  type        = number
-  default     = 30
-  description = "Number of retention days for soft delete. If set to null it will disable soft delete all together."
-}
 
 variable "containers_list" {
   type        = list(object({ name = string, access_type = string }))
@@ -102,16 +104,19 @@ variable "containers_list" {
 }
 
 variable "network_rules" {
+  type        = map(string)
   default     = {}
   description = "List of objects that represent the configuration of each network rules."
 }
 
 variable "table_encryption_key_type" {
+  type        = string
   default     = "Account"
   description = "The encryption type of the table service. Possible values are 'Service' and 'Account'."
 }
 
 variable "queue_encryption_key_type" {
+  type        = string
   default     = "Account"
   description = "The encryption type of the queue service. Possible values are 'Service' and 'Account'."
 }
@@ -584,18 +589,6 @@ variable "log_analytics_workspace_id" {
   description = "log analytics workspace id to pass it to destination details of diagnosys setting of NSG."
 }
 
-variable "retention_policy_enabled" {
-  type        = bool
-  default     = false
-  description = "Set to false to prevent the module from creating retension policy for the diagnosys setting."
-}
-
-variable "days" {
-  type        = number
-  default     = 365
-  description = "Number of days to create retension policies for te diagnosys setting."
-}
-
 variable "metrics" {
   type    = list(string)
   default = ["Transaction", "Capacity"]
@@ -642,11 +635,6 @@ variable "Metric_enable" {
   default     = true
   description = "Is this Diagnostic Metric enabled? Defaults to true."
 }
-variable "diagnostic_log_days" {
-  type        = number
-  default     = "90"
-  description = " The number of days for which this Retention Policy should apply."
-}
 
 variable "multi_sub_vnet_link" {
   type        = bool
@@ -679,4 +667,4 @@ variable "rotation_policy" {
     notify_before_expiry = string
   }))
   default = null
-}
+}
diff --git a/versions.tf b/versions.tf
@@ -1,12 +1,12 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.6.6"
 }
 
 terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=2.90.0"
+      version = ">=3.89.0"
     }
   }
 }