Merge pull request #1 from deepakttn/servicebus

Azure Service Bus terraform module
tothenew · Mar 21, 2024 · 9aea6d4 · 9aea6d4
2 parents 9b1b03d + 375106e
commit 9aea6d4
Show file tree

Hide file tree

Showing 13 changed files with 836 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,11 @@
+.terraform
+.terraform.lock.hcl
+terraform.tfvars
+!examples/**/terraform.tfvars
+
+# Compiled files
+*.tfstate
+*.tfstate.backup
+*.tfvars
+
+**/.terraform.lock.hcl
diff --git a/README.md b/README.md
diff --git a/_locals.tf b/_locals.tf
@@ -0,0 +1,37 @@
+locals {
+
+  name_prefix = lower(var.name_prefix)
+  name_suffix = lower(var.name_suffix)
+
+  default_tags = var.default_tags_enabled ? {
+    env   = var.environment
+    stack = var.stack
+  } : {}
+
+  queues = try({ for q in var.servicebus_queues : q.name => q }, {})
+  topics = try({ for t in var.servicebus_topics : t.name => t }, {})
+
+
+  queues_auth = flatten([
+    for q_name, q in local.queues : [
+      for rule in ["listen", "send", "manage"] : {
+        queue                      = q_name
+        rule                       = rule
+        custom_name                = q.custom_name
+        authorizations_custom_name = q.authorizations_custom_name
+        authorizations             = q.authorizations
+      }
+    ]
+  ])
+  topics_auth = flatten([
+    for t_name, t in local.topics : [
+      for rule in ["listen", "send", "manage"] : {
+        topic                      = t_name
+        rule                       = rule
+        custom_name                = t.custom_name
+        authorizations_custom_name = t.authorizations_custom_name
+        authorizations             = t.authorizations
+      }
+    ]
+  ])
+}
diff --git a/_namings.tf b/_namings.tf
@@ -0,0 +1,70 @@
+data "azurecaf_name" "servicebus_namespace" {
+  name          = var.stack
+  resource_type = "azurerm_servicebus_namespace"
+  prefixes      = var.name_prefix == "" ? null : [local.name_prefix]
+  suffixes      = compact([var.client_name, var.environment, local.name_suffix, var.use_caf_naming ? "" : "bus"])
+  use_slug      = var.use_caf_naming
+  clean_input   = true
+  separator     = "-"
+}
+
+data "azurecaf_name" "servicebus_queue" {
+  for_each = local.queues
+
+  name          = var.stack
+  resource_type = "azurerm_servicebus_queue"
+  prefixes      = var.name_prefix == "" ? null : [local.name_prefix]
+  suffixes      = compact([var.client_name, var.environment, each.key, local.name_suffix])
+  use_slug      = var.use_caf_naming
+  clean_input   = true
+  separator     = "-"
+}
+
+data "azurecaf_name" "servicebus_namespace_auth_rule" {
+  for_each = toset(["listen", "send", "manage"])
+
+  name          = var.stack
+  resource_type = "azurerm_servicebus_namespace_authorization_rule"
+  prefixes      = var.name_prefix == "" ? null : [local.name_prefix]
+  suffixes      = compact([var.client_name, var.environment, each.key, local.name_suffix])
+  use_slug      = var.use_caf_naming
+  clean_input   = true
+  separator     = "-"
+}
+
+data "azurecaf_name" "servicebus_topic" {
+  for_each = local.topics
+
+  name          = var.stack
+  resource_type = "azurerm_servicebus_topic"
+  prefixes      = var.name_prefix == "" ? null : [local.name_prefix]
+  suffixes      = compact([var.client_name, var.environment, each.key, local.name_suffix])
+  use_slug      = var.use_caf_naming
+  clean_input   = true
+  separator     = "-"
+}
+
+
+data "azurecaf_name" "servicebus_queue_auth_rule" {
+  for_each = { for a in local.queues_auth : format("%s.%s", a.queue, a.rule) => format("%s-%s", a.queue, a.rule) }
+
+  name          = var.stack
+  resource_type = "azurerm_servicebus_queue_authorization_rule"
+  prefixes      = var.name_prefix == "" ? null : [local.name_prefix]
+  suffixes      = compact([var.client_name, var.environment, each.value, local.name_suffix])
+  use_slug      = var.use_caf_naming
+  clean_input   = true
+  separator     = "-"
+}
+
+data "azurecaf_name" "servicebus_topic_auth_rule" {
+  for_each = { for a in local.topics_auth : format("%s.%s", a.topic, a.rule) => format("%s-%s", a.topic, a.rule) }
+
+  name          = var.stack
+  resource_type = "azurerm_servicebus_topic_authorization_rule"
+  prefixes      = var.name_prefix == "" ? null : [local.name_prefix]
+  suffixes      = compact([var.client_name, var.environment, each.value, local.name_suffix])
+  use_slug      = var.use_caf_naming
+  clean_input   = true
+  separator     = "-"
+}
diff --git a/_outputs.tf b/_outputs.tf
@@ -0,0 +1,82 @@
+output "namespace" {
+  description = "Service Bus Namespace outputs."
+  value       = azurerm_servicebus_namespace.servicebus_namespace
+  sensitive   = true
+}
+
+output "namespace_listen_authorization_rule" {
+  description = "Service Bus namespace listen only authorization rule."
+  value       = try(azurerm_servicebus_namespace_authorization_rule.listen["enabled"], null)
+}
+
+output "namespace_send_authorization_rule" {
+  description = "Service Bus namespace send only authorization rule."
+  value       = try(azurerm_servicebus_namespace_authorization_rule.send["enabled"], null)
+}
+
+output "namespace_manage_authorization_rule" {
+  description = "Service Bus namespace manage authorization rule."
+  value       = try(azurerm_servicebus_namespace_authorization_rule.manage["enabled"], null)
+}
+
+output "queues" {
+  description = "Service Bus queues outputs."
+  value       = { for q_name in keys(local.queues) : q_name => azurerm_servicebus_queue.queue[q_name] }
+}
+
+output "topics" {
+  description = "Service Bus topics outputs."
+  value       = { for t_name in keys(local.topics) : t_name => azurerm_servicebus_topic.topic[t_name] }
+}
+
+output "queues_listen_authorization_rule" {
+  description = "Service Bus queues listen only authorization rules."
+  value = {
+    for a in local.queues_auth :
+    a.queue => azurerm_servicebus_queue_authorization_rule.listen[format("%s.%s", a.queue, a.rule)] if a.rule == "listen" && a.authorizations.listen
+  }
+  sensitive = true
+}
+
+output "queues_send_authorization_rule" {
+  description = "Service Bus queues send only authorization rules."
+  value = {
+    for a in local.queues_auth :
+    a.queue => azurerm_servicebus_queue_authorization_rule.send[format("%s.%s", a.queue, a.rule)] if a.rule == "send" && a.authorizations.send
+  }
+}
+
+output "queues_manage_authorization_rule" {
+  description = "Service Bus queues manage authorization rules."
+  value = {
+    for a in local.queues_auth :
+    a.queue => azurerm_servicebus_queue_authorization_rule.manage[format("%s.%s", a.queue, a.rule)] if a.rule == "manage" && a.authorizations.manage
+  }
+  sensitive = true
+}
+
+output "topics_listen_authorization_rule" {
+  description = "Service Bus topics listen only authorization rules."
+  value = {
+    for a in local.topics_auth :
+    a.topic => azurerm_servicebus_topic_authorization_rule.listen[format("%s.%s", a.topic, a.rule)] if a.rule == "listen" && a.authorizations.listen
+  }
+  sensitive = true
+}
+
+output "topics_send_authorization_rule" {
+  description = "Service Bus topics send only authorization rules."
+  value = {
+    for a in local.topics_auth :
+    a.topic => azurerm_servicebus_topic_authorization_rule.send[format("%s.%s", a.topic, a.rule)] if a.rule == "send" && a.authorizations.send
+  }
+  sensitive = true
+}
+
+output "topics_manage_authorization_rule" {
+  description = "Service Bus topics manage authorization rules."
+  value = {
+    for a in local.topics_auth :
+    a.topic => azurerm_servicebus_topic_authorization_rule.manage[format("%s.%s", a.topic, a.rule)] if a.rule == "manage" && a.authorizations.manage
+  }
+}
diff --git a/_variables.tf b/_variables.tf
@@ -0,0 +1,190 @@
+# Generic naming variables
+variable "name_prefix" {
+  description = "Optional prefix for the generated name"
+  type        = string
+  default     = ""
+}
+
+variable "name_suffix" {
+  description = "Optional suffix for the generated name"
+  type        = string
+  default     = ""
+}
+
+variable "use_caf_naming" {
+  description = "Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`."
+  type        = bool
+  default     = true
+}
+
+# Storage Firewall
+
+variable "network_rules_enabled" {
+  description = "Boolean to enable Network Rules on the Service Bus Namespace, requires `trusted_services_allowed`, `allowed_cidrs`, `subnet_ids` or `default_firewall_action` correctly set if enabled."
+  type        = bool
+  default     = false
+}
+
+variable "trusted_services_allowed" {
+  description = "If True, then Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration."
+  type        = bool
+  default     = true
+}
+
+variable "allowed_cidrs" {
+  description = "List of CIDR to allow access to that Service Bus Namespace."
+  type        = list(string)
+  default     = []
+}
+
+variable "subnet_ids" {
+  description = "Subnets to allow access to that Service Bus Namespace."
+  type        = list(string)
+  default     = []
+}
+
+variable "default_firewall_action" {
+  description = "Which default firewalling policy to apply. Valid values are `Allow` or `Deny`."
+  type        = string
+  default     = "Deny"
+}
+
+variable "default_tags_enabled" {
+  description = "Option to enable or disable default tags"
+  type        = bool
+  default     = true
+}
+
+variable "extra_tags" {
+  description = "Extra tags to add"
+  type        = map(string)
+  default     = {}
+}
+
+
+variable "client_name" {
+  description = "Client name/account used in naming"
+  type        = string
+}
+
+variable "environment" {
+  description = "Project environment"
+  type        = string
+}
+
+variable "stack" {
+  description = "Project stack name"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "Name of the resource group"
+  type        = string
+}
+
+variable "location" {
+  description = "Azure location for Servicebus."
+  type        = string
+}
+
+
+# Identity
+variable "identity_type" {
+  description = "Specifies the type of Managed Service Identity that should be configured on this Service Bus. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both)."
+  type        = string
+  default     = "SystemAssigned"
+}
+
+variable "identity_ids" {
+  description = "Specifies a list of User Assigned Managed Identity IDs to be assigned to this Service Bus."
+  type        = list(string)
+  default     = null
+}
+
+variable "namespace_parameters" {
+  type = object({
+    custom_name         = optional(string)
+    sku                 = optional(string, "Standard")
+    capacity            = optional(number, 0)
+    local_auth_enabled  = optional(bool, true)
+    zone_redundant      = optional(bool, false)
+    minimum_tls_version = optional(string, "1.2")
+
+    public_network_access_enabled = optional(bool, true)
+  })
+  default = {}
+}
+
+variable "namespace_authorizations" {
+  description = "Object to specify which Namespace Authorization Rules need to be created."
+  type = object({
+    listen = optional(bool, true)
+    send   = optional(bool, true)
+    manage = optional(bool, true)
+  })
+  default = {}
+}
+
+variable "servicebus_queues" {
+  type = list(object({
+    name        = string
+    custom_name = optional(string)
+
+    status = optional(string, "Active")
+
+    auto_delete_on_idle                     = optional(string)
+    default_message_ttl                     = optional(string)
+    duplicate_detection_history_time_window = optional(string)
+    lock_duration                           = optional(string)
+    max_message_size_in_kilobytes           = optional(number)
+    max_size_in_megabytes                   = optional(number)
+    max_delivery_count                      = optional(number, 10)
+
+    enable_batched_operations            = optional(bool, true)
+    enable_partitioning                  = optional(bool)
+    enable_express                       = optional(bool)
+    dead_lettering_on_message_expiration = optional(bool)
+    requires_duplicate_detection         = optional(bool)
+    requires_session                     = optional(bool)
+
+    forward_to                        = optional(string)
+    forward_dead_lettered_messages_to = optional(string)
+
+    authorizations_custom_name = optional(string)
+    authorizations = optional(object({
+      listen = optional(bool, true)
+      send   = optional(bool, true)
+      manage = optional(bool, true)
+    }), {})
+  }))
+  default = []
+}
+
+variable "servicebus_topics" {
+  type = list(object({
+    name        = string
+    custom_name = optional(string)
+
+    status = optional(string, "Active")
+
+    auto_delete_on_idle                     = optional(string)
+    default_message_ttl                     = optional(string)
+    duplicate_detection_history_time_window = optional(string)
+    max_message_size_in_kilobytes           = optional(number)
+    max_size_in_megabytes                   = optional(number)
+
+    enable_batched_operations    = optional(bool)
+    enable_partitioning          = optional(bool)
+    enable_express               = optional(bool)
+    requires_duplicate_detection = optional(bool)
+    support_ordering             = optional(bool)
+
+    authorizations_custom_name = optional(string)
+    authorizations = optional(object({
+      listen = optional(bool, true)
+      send   = optional(bool, true)
+      manage = optional(bool, true)
+    }), {})
+  }))
+  default = []
+}