generated from tothenew/terraform-aws-template
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from deepakttn/servicebus
Azure Service Bus terraform module
- Loading branch information
Showing
13 changed files
with
836 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
.terraform | ||
.terraform.lock.hcl | ||
terraform.tfvars | ||
!examples/**/terraform.tfvars | ||
|
||
# Compiled files | ||
*.tfstate | ||
*.tfstate.backup | ||
*.tfvars | ||
|
||
**/.terraform.lock.hcl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
locals { | ||
|
||
name_prefix = lower(var.name_prefix) | ||
name_suffix = lower(var.name_suffix) | ||
|
||
default_tags = var.default_tags_enabled ? { | ||
env = var.environment | ||
stack = var.stack | ||
} : {} | ||
|
||
queues = try({ for q in var.servicebus_queues : q.name => q }, {}) | ||
topics = try({ for t in var.servicebus_topics : t.name => t }, {}) | ||
|
||
|
||
queues_auth = flatten([ | ||
for q_name, q in local.queues : [ | ||
for rule in ["listen", "send", "manage"] : { | ||
queue = q_name | ||
rule = rule | ||
custom_name = q.custom_name | ||
authorizations_custom_name = q.authorizations_custom_name | ||
authorizations = q.authorizations | ||
} | ||
] | ||
]) | ||
topics_auth = flatten([ | ||
for t_name, t in local.topics : [ | ||
for rule in ["listen", "send", "manage"] : { | ||
topic = t_name | ||
rule = rule | ||
custom_name = t.custom_name | ||
authorizations_custom_name = t.authorizations_custom_name | ||
authorizations = t.authorizations | ||
} | ||
] | ||
]) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
data "azurecaf_name" "servicebus_namespace" { | ||
name = var.stack | ||
resource_type = "azurerm_servicebus_namespace" | ||
prefixes = var.name_prefix == "" ? null : [local.name_prefix] | ||
suffixes = compact([var.client_name, var.environment, local.name_suffix, var.use_caf_naming ? "" : "bus"]) | ||
use_slug = var.use_caf_naming | ||
clean_input = true | ||
separator = "-" | ||
} | ||
|
||
data "azurecaf_name" "servicebus_queue" { | ||
for_each = local.queues | ||
|
||
name = var.stack | ||
resource_type = "azurerm_servicebus_queue" | ||
prefixes = var.name_prefix == "" ? null : [local.name_prefix] | ||
suffixes = compact([var.client_name, var.environment, each.key, local.name_suffix]) | ||
use_slug = var.use_caf_naming | ||
clean_input = true | ||
separator = "-" | ||
} | ||
|
||
data "azurecaf_name" "servicebus_namespace_auth_rule" { | ||
for_each = toset(["listen", "send", "manage"]) | ||
|
||
name = var.stack | ||
resource_type = "azurerm_servicebus_namespace_authorization_rule" | ||
prefixes = var.name_prefix == "" ? null : [local.name_prefix] | ||
suffixes = compact([var.client_name, var.environment, each.key, local.name_suffix]) | ||
use_slug = var.use_caf_naming | ||
clean_input = true | ||
separator = "-" | ||
} | ||
|
||
data "azurecaf_name" "servicebus_topic" { | ||
for_each = local.topics | ||
|
||
name = var.stack | ||
resource_type = "azurerm_servicebus_topic" | ||
prefixes = var.name_prefix == "" ? null : [local.name_prefix] | ||
suffixes = compact([var.client_name, var.environment, each.key, local.name_suffix]) | ||
use_slug = var.use_caf_naming | ||
clean_input = true | ||
separator = "-" | ||
} | ||
|
||
|
||
data "azurecaf_name" "servicebus_queue_auth_rule" { | ||
for_each = { for a in local.queues_auth : format("%s.%s", a.queue, a.rule) => format("%s-%s", a.queue, a.rule) } | ||
|
||
name = var.stack | ||
resource_type = "azurerm_servicebus_queue_authorization_rule" | ||
prefixes = var.name_prefix == "" ? null : [local.name_prefix] | ||
suffixes = compact([var.client_name, var.environment, each.value, local.name_suffix]) | ||
use_slug = var.use_caf_naming | ||
clean_input = true | ||
separator = "-" | ||
} | ||
|
||
data "azurecaf_name" "servicebus_topic_auth_rule" { | ||
for_each = { for a in local.topics_auth : format("%s.%s", a.topic, a.rule) => format("%s-%s", a.topic, a.rule) } | ||
|
||
name = var.stack | ||
resource_type = "azurerm_servicebus_topic_authorization_rule" | ||
prefixes = var.name_prefix == "" ? null : [local.name_prefix] | ||
suffixes = compact([var.client_name, var.environment, each.value, local.name_suffix]) | ||
use_slug = var.use_caf_naming | ||
clean_input = true | ||
separator = "-" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
output "namespace" { | ||
description = "Service Bus Namespace outputs." | ||
value = azurerm_servicebus_namespace.servicebus_namespace | ||
sensitive = true | ||
} | ||
|
||
output "namespace_listen_authorization_rule" { | ||
description = "Service Bus namespace listen only authorization rule." | ||
value = try(azurerm_servicebus_namespace_authorization_rule.listen["enabled"], null) | ||
} | ||
|
||
output "namespace_send_authorization_rule" { | ||
description = "Service Bus namespace send only authorization rule." | ||
value = try(azurerm_servicebus_namespace_authorization_rule.send["enabled"], null) | ||
} | ||
|
||
output "namespace_manage_authorization_rule" { | ||
description = "Service Bus namespace manage authorization rule." | ||
value = try(azurerm_servicebus_namespace_authorization_rule.manage["enabled"], null) | ||
} | ||
|
||
output "queues" { | ||
description = "Service Bus queues outputs." | ||
value = { for q_name in keys(local.queues) : q_name => azurerm_servicebus_queue.queue[q_name] } | ||
} | ||
|
||
output "topics" { | ||
description = "Service Bus topics outputs." | ||
value = { for t_name in keys(local.topics) : t_name => azurerm_servicebus_topic.topic[t_name] } | ||
} | ||
|
||
output "queues_listen_authorization_rule" { | ||
description = "Service Bus queues listen only authorization rules." | ||
value = { | ||
for a in local.queues_auth : | ||
a.queue => azurerm_servicebus_queue_authorization_rule.listen[format("%s.%s", a.queue, a.rule)] if a.rule == "listen" && a.authorizations.listen | ||
} | ||
sensitive = true | ||
} | ||
|
||
output "queues_send_authorization_rule" { | ||
description = "Service Bus queues send only authorization rules." | ||
value = { | ||
for a in local.queues_auth : | ||
a.queue => azurerm_servicebus_queue_authorization_rule.send[format("%s.%s", a.queue, a.rule)] if a.rule == "send" && a.authorizations.send | ||
} | ||
} | ||
|
||
output "queues_manage_authorization_rule" { | ||
description = "Service Bus queues manage authorization rules." | ||
value = { | ||
for a in local.queues_auth : | ||
a.queue => azurerm_servicebus_queue_authorization_rule.manage[format("%s.%s", a.queue, a.rule)] if a.rule == "manage" && a.authorizations.manage | ||
} | ||
sensitive = true | ||
} | ||
|
||
output "topics_listen_authorization_rule" { | ||
description = "Service Bus topics listen only authorization rules." | ||
value = { | ||
for a in local.topics_auth : | ||
a.topic => azurerm_servicebus_topic_authorization_rule.listen[format("%s.%s", a.topic, a.rule)] if a.rule == "listen" && a.authorizations.listen | ||
} | ||
sensitive = true | ||
} | ||
|
||
output "topics_send_authorization_rule" { | ||
description = "Service Bus topics send only authorization rules." | ||
value = { | ||
for a in local.topics_auth : | ||
a.topic => azurerm_servicebus_topic_authorization_rule.send[format("%s.%s", a.topic, a.rule)] if a.rule == "send" && a.authorizations.send | ||
} | ||
sensitive = true | ||
} | ||
|
||
output "topics_manage_authorization_rule" { | ||
description = "Service Bus topics manage authorization rules." | ||
value = { | ||
for a in local.topics_auth : | ||
a.topic => azurerm_servicebus_topic_authorization_rule.manage[format("%s.%s", a.topic, a.rule)] if a.rule == "manage" && a.authorizations.manage | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,190 @@ | ||
# Generic naming variables | ||
variable "name_prefix" { | ||
description = "Optional prefix for the generated name" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "name_suffix" { | ||
description = "Optional suffix for the generated name" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "use_caf_naming" { | ||
description = "Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`." | ||
type = bool | ||
default = true | ||
} | ||
|
||
# Storage Firewall | ||
|
||
variable "network_rules_enabled" { | ||
description = "Boolean to enable Network Rules on the Service Bus Namespace, requires `trusted_services_allowed`, `allowed_cidrs`, `subnet_ids` or `default_firewall_action` correctly set if enabled." | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "trusted_services_allowed" { | ||
description = "If True, then Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration." | ||
type = bool | ||
default = true | ||
} | ||
|
||
variable "allowed_cidrs" { | ||
description = "List of CIDR to allow access to that Service Bus Namespace." | ||
type = list(string) | ||
default = [] | ||
} | ||
|
||
variable "subnet_ids" { | ||
description = "Subnets to allow access to that Service Bus Namespace." | ||
type = list(string) | ||
default = [] | ||
} | ||
|
||
variable "default_firewall_action" { | ||
description = "Which default firewalling policy to apply. Valid values are `Allow` or `Deny`." | ||
type = string | ||
default = "Deny" | ||
} | ||
|
||
variable "default_tags_enabled" { | ||
description = "Option to enable or disable default tags" | ||
type = bool | ||
default = true | ||
} | ||
|
||
variable "extra_tags" { | ||
description = "Extra tags to add" | ||
type = map(string) | ||
default = {} | ||
} | ||
|
||
|
||
variable "client_name" { | ||
description = "Client name/account used in naming" | ||
type = string | ||
} | ||
|
||
variable "environment" { | ||
description = "Project environment" | ||
type = string | ||
} | ||
|
||
variable "stack" { | ||
description = "Project stack name" | ||
type = string | ||
} | ||
|
||
variable "resource_group_name" { | ||
description = "Name of the resource group" | ||
type = string | ||
} | ||
|
||
variable "location" { | ||
description = "Azure location for Servicebus." | ||
type = string | ||
} | ||
|
||
|
||
# Identity | ||
variable "identity_type" { | ||
description = "Specifies the type of Managed Service Identity that should be configured on this Service Bus. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both)." | ||
type = string | ||
default = "SystemAssigned" | ||
} | ||
|
||
variable "identity_ids" { | ||
description = "Specifies a list of User Assigned Managed Identity IDs to be assigned to this Service Bus." | ||
type = list(string) | ||
default = null | ||
} | ||
|
||
variable "namespace_parameters" { | ||
type = object({ | ||
custom_name = optional(string) | ||
sku = optional(string, "Standard") | ||
capacity = optional(number, 0) | ||
local_auth_enabled = optional(bool, true) | ||
zone_redundant = optional(bool, false) | ||
minimum_tls_version = optional(string, "1.2") | ||
|
||
public_network_access_enabled = optional(bool, true) | ||
}) | ||
default = {} | ||
} | ||
|
||
variable "namespace_authorizations" { | ||
description = "Object to specify which Namespace Authorization Rules need to be created." | ||
type = object({ | ||
listen = optional(bool, true) | ||
send = optional(bool, true) | ||
manage = optional(bool, true) | ||
}) | ||
default = {} | ||
} | ||
|
||
variable "servicebus_queues" { | ||
type = list(object({ | ||
name = string | ||
custom_name = optional(string) | ||
|
||
status = optional(string, "Active") | ||
|
||
auto_delete_on_idle = optional(string) | ||
default_message_ttl = optional(string) | ||
duplicate_detection_history_time_window = optional(string) | ||
lock_duration = optional(string) | ||
max_message_size_in_kilobytes = optional(number) | ||
max_size_in_megabytes = optional(number) | ||
max_delivery_count = optional(number, 10) | ||
|
||
enable_batched_operations = optional(bool, true) | ||
enable_partitioning = optional(bool) | ||
enable_express = optional(bool) | ||
dead_lettering_on_message_expiration = optional(bool) | ||
requires_duplicate_detection = optional(bool) | ||
requires_session = optional(bool) | ||
|
||
forward_to = optional(string) | ||
forward_dead_lettered_messages_to = optional(string) | ||
|
||
authorizations_custom_name = optional(string) | ||
authorizations = optional(object({ | ||
listen = optional(bool, true) | ||
send = optional(bool, true) | ||
manage = optional(bool, true) | ||
}), {}) | ||
})) | ||
default = [] | ||
} | ||
|
||
variable "servicebus_topics" { | ||
type = list(object({ | ||
name = string | ||
custom_name = optional(string) | ||
|
||
status = optional(string, "Active") | ||
|
||
auto_delete_on_idle = optional(string) | ||
default_message_ttl = optional(string) | ||
duplicate_detection_history_time_window = optional(string) | ||
max_message_size_in_kilobytes = optional(number) | ||
max_size_in_megabytes = optional(number) | ||
|
||
enable_batched_operations = optional(bool) | ||
enable_partitioning = optional(bool) | ||
enable_express = optional(bool) | ||
requires_duplicate_detection = optional(bool) | ||
support_ordering = optional(bool) | ||
|
||
authorizations_custom_name = optional(string) | ||
authorizations = optional(object({ | ||
listen = optional(bool, true) | ||
send = optional(bool, true) | ||
manage = optional(bool, true) | ||
}), {}) | ||
})) | ||
default = [] | ||
} |
Oops, something went wrong.