Improve custom names

Azure · Nov 19, 2024 · 46bc16a · 46bc16a
1 parent 72c68d9
commit 46bc16a
Show file tree

Hide file tree

Showing 8 changed files with 134 additions and 60 deletions.
diff --git a/templates/.config/ALZ-Powershell.config.json b/templates/.config/ALZ-Powershell.config.json
@@ -1,5 +1,10 @@
 {
     "starter_modules": {
+        "complete_azure_verified_modules": {
+            "location": "avm",
+            "short_name": "Complete Multi-Region with Azure Verified Modules",
+            "description": "Complete Azure Landing Zones Configurable Deployment with Multi-Region Support"
+        },
         "complete_multi_region": {
             "location": "complete_multi_region",
             "short_name": "Complete Multi-Region",
@@ -38,11 +43,6 @@
             "short_name": "Hub Networking",
             "description": "Hub Networking Azure Landing Zones Deployment with Management Groups, Policy and Hub Networking"
         },
-        "complete_vnext": {
-            "location": "complete_vnext",
-            "short_name": "Complete vNext",
-            "description": "vNext Complete Azure Landing Zones Configurable Deployment (Warning: This is a work in progress)"
-        },
         "test": {
             "location": "test",
             "short_name": "Test",

diff --git a/templates/avm/examples/config-avm-hub-and-spoke-vnet-multi-region.tfvars b/templates/avm/examples/config-avm-hub-and-spoke-vnet-multi-region.tfvars
@@ -1,6 +1,7 @@
 /*
-This file contains templated variables to avoid repeating the same hard-coded values.
-Templated variables are denoted by the dollar-dollar curly braces token (e.g. $${starter_location_01}). The following details each templated variable that you can use:
+--- Built-in Replacements ---
+This file contains built-in replacements to avoid repeating the same hard-coded values.
+Replacements are denoted by the dollar-dollar curly braces token (e.g. $${starter_location_01}). The following details each built-in replacemnets that you can use:
 `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources.
 `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources.
 `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources.
@@ -12,32 +13,60 @@ Templated variables are denoted by the dollar-dollar curly braces token (e.g. $$
 `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`.
 */
 
-/* 
-Custom Names: Based on any of the above variables, you can create your own custom names to use in the configuration by supplying them in the `custom_names` map variable.
-This avoids repeating the same hard-coded values in the configuration. 
-For example, you can use the custom name `$${management_resource_group_name}` in the configuration instead of hard-coding the value `rg-management-$${starter_location_01}`.
-NOTE: You cannot build a custom name based on another custom name. You can only build a custom name based on the templated variables.
+/*
+--- Custom Replacements ---
+You can define custom replacements to use throughout the configuration.
 */
-custom_names = {
-  # Resource group names
-  management_resource_group_name = "rg-management-$${starter_location_01}"
+custom_replacements = {
+  /* 
+  --- Custom Name Replacements ---
+  You can define custom names and other strings to use throughout the configuration. 
+  You can only use the built in replacements in this section.
+  NOTE: You cannot refer to another custom name in this variable.
+  */
+  names = {
+    # Resource group names
+    management_resource_group_name                 = "rg-management-$${starter_location_01}"
+    connectivity_hub_primary_resource_group_name   = "rg-hub-$${starter_location_01}"
+    connectivity_hub_secondary_resource_group_name = "rg-hub-$${starter_location_02}"
+    dns_resource_group_name                        = "rg-hub-dns-$${starter_location_01}"
+    ddos_resource_group_name                       = "rg-hub-ddos-$${starter_location_01}"
 
-  connectivity_hub_primary_resource_group_name   = "rg-hub-$${starter_location_01}"
-  connectivity_hub_secondary_resource_group_name = "rg-hub-$${starter_location_02}"
-  dns_resource_group_name                        = "rg-hub-dns-$${starter_location_01}"
-  ddos_resource_group_name                       = "rg-hub-ddos-$${starter_location_01}"
+    # Resource names
+    log_analytics_workspace_name            = "law-management-$${starter_location_01}"
+    ddos_protection_plan_name               = "ddos-hub-$${starter_location_01}"
+    automation_account_name                 = "aa-management-$${starter_location_01}"
+    ama_user_assigned_managed_identity_name = "uami-management-ama-$${starter_location_01}"
+    dcr_change_tracking_name                = "dcr-change-tracking"
+    dcr_defender_sql_name                   = "dcr-defender-sql"
+    dcr_vm_insights_name                    = "dcr-vm-insights"
+  }
 
-  # Resource names
-  log_analytics_workspace_name            = "law-management-$${starter_location_01}"
-  ddos_protection_plan_name               = "ddos-hub-$${starter_location_01}"
-  automation_account_name                 = "aa-management-$${starter_location_01}"
-  ama_user_assigned_managed_identity_name = "uami-management-ama-$${starter_location_01}"
-  dcr_change_tracking_name                = "dcr-change-tracking"
-  dcr_defender_sql_name                   = "dcr-defender-sql"
-  dcr_vm_insights_name                    = "dcr-vm-insights"
+  /* 
+  --- Custom Resource Group Identifier Replacements ---
+  You can define custom resource group identifiers to use throughout the configuration. 
+  You can only use the templated variables and custom names in this section.
+  NOTE: You cannot refer to another custom resource group identifier in this variable.
+  */
+  resource_group_identifiers = {
+    management_resource_group_id           = "/subscriptions/$${subscription_id_management}/resourcegroups/$${management_resource_group_name}"
+    ddos_protection_plan_resource_group_id = "/subscriptions/$${subscription_id_connectivity}/resourcegroups/$${ddos_resource_group_name}"
+  }
 
-  # Resource identifiers
-  management_resource_group_id = "/subscriptions/$${subscription_id_management}/resourcegroups/rg-management-$${starter_location_01}"
+  /* 
+  --- Custom Resource Identifier Replacements ---
+  You can define custom resource identifiers to use throughout the configuration. 
+  You can only use the templated variables, custom names and customer resource group identifiers in this variable.
+  NOTE: You cannot refer to another custom resource identifier in this variable.
+  */
+  resource_identifiers = {
+    ama_change_tracking_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_change_tracking_name}"
+    ama_mdfc_sql_data_collection_rule_id        = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_defender_sql_name}"
+    ama_vm_insights_data_collection_rule_id     = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_vm_insights_name}"
+    ama_user_assigned_managed_identity_id       = "$${management_resource_group_id}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$${ama_user_assigned_managed_identity_name}"
+    log_analytics_workspace_id                  = "$${management_resource_group_id}/providers/Microsoft.OperationalInsights/workspaces/$${log_analytics_workspace_name}"
+    ddos_protection_plan_id                     = "$${ddos_protection_plan_resource_group_id}/providers/Microsoft.Network/ddosProtectionPlans/$${ddos_protection_plan_name}"
+  }
 }
 
 enable_telemetry = false
@@ -70,13 +99,13 @@ management_group_settings = {
   architecture_name  = "alz"
   parent_resource_id = "$${root_parent_management_group_id}"
   policy_default_values = {
-    ama_change_tracking_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_change_tracking_name}"
-    ama_mdfc_sql_data_collection_rule_id        = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_defender_sql_name}"
-    ama_vm_insights_data_collection_rule_id     = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_vm_insights_name}"
-    ama_user_assigned_managed_identity_id       = "$${management_resource_group_id}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$${ama_user_assigned_managed_identity_name}"
-    ama_user_assigned_managed_identity_name     = "uami-management-ama-$${starter_location_01}"
-    log_analytics_workspace_id                  = "$${management_resource_group_id}/providers/Microsoft.OperationalInsights/workspaces/$${log_analytics_workspace_name}"
-    ddos_protection_plan_id                     = "$${management_resource_group_id}/providers/Microsoft.Network/ddosProtectionPlans/$${ddos_protection_plan_name}"
+    ama_change_tracking_data_collection_rule_id = "$${ama_change_tracking_data_collection_rule_id}"
+    ama_mdfc_sql_data_collection_rule_id        = "$${ama_mdfc_sql_data_collection_rule_id}"
+    ama_vm_insights_data_collection_rule_id     = "$${ama_vm_insights_data_collection_rule_id}"
+    ama_user_assigned_managed_identity_id       = "$${ama_user_assigned_managed_identity_id}"
+    ama_user_assigned_managed_identity_name     = "$${ama_user_assigned_managed_identity_name}"
+    log_analytics_workspace_id                  = "$${log_analytics_workspace_id}"
+    ddos_protection_plan_id                     = "$${ddos_protection_plan_id}"
     private_dns_zone_subscription_id            = "$${subscription_id_connectivity}"
     private_dns_zone_region                     = "$${starter_location_01}"
     private_dns_zone_resource_group_name        = "$${dns_resource_group_name}"

diff --git a/templates/avm/lib/alz_library_metadata.json b/templates/avm/lib/alz_library_metadata.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/library_metadata.json",
+  "name": "local",
+  "display_name": "Financial Services Industry",
+  "description": "This library provides the reference set of Financial Services Industry (FSI) policies, archetypes, and management group architecture.",
+  "dependencies": [
+    {
+      "path": "platform/alz",
+      "ref": "2024.11.0"
+    }
+  ]
+}
diff --git a/templates/avm/locals.config.tf b/templates/avm/locals.config.tf
@@ -1,5 +1,5 @@
 locals {
-  config_template_file_variables = {
+  built_in_replacements = {
     starter_location_01                                           = var.starter_locations[0]
     starter_location_02                                           = try(var.starter_locations[1], null)
     starter_location_03                                           = try(var.starter_locations[2], null)
@@ -47,13 +47,38 @@ locals {
   }
 }
 
+# Custom name replacements
 locals {
-  custom_names_json           = tostring(jsonencode(var.custom_names))
-  custom_names_json_templated = templatestring(local.custom_names_json, local.config_template_file_variables)
+  custom_names_json           = tostring(jsonencode(var.custom_replacements.names))
+  custom_names_json_templated = templatestring(local.custom_names_json, local.built_in_replacements)
   custom_names_json_final     = replace(replace(local.custom_names_json_templated, "\"[", "["), "]\"", "]")
   custom_names                = jsondecode(local.custom_names_json_final)
 }
 
 locals {
-  template_replacements = merge(local.config_template_file_variables, local.custom_names)
+  custom_name_replacements = merge(local.built_in_replacements, local.custom_names)
+}
+
+# Custom resource group identifiers
+locals {
+  custom_resource_group_identifiers_json           = tostring(jsonencode(var.custom_replacements.resource_group_identifiers))
+  custom_resource_group_identifiers_json_templated = templatestring(local.custom_resource_group_identifiers_json, local.custom_name_replacements)
+  custom_resource_group_identifiers_json_final     = replace(replace(local.custom_resource_group_identifiers_json_templated, "\"[", "["), "]\"", "]")
+  custom_resource_group_identifiers                = jsondecode(local.custom_resource_group_identifiers_json_final)
+}
+
+locals {
+  custom_resource_group_replacements = merge(local.custom_name_replacements, local.custom_resource_group_identifiers)
+}
+
+# Custom resource identifiers
+locals {
+  custom_resource_identifiers_json           = tostring(jsonencode(var.custom_replacements.resource_identifiers))
+  custom_resource_identifiers_json_templated = templatestring(local.custom_resource_identifiers_json, local.custom_resource_group_replacements)
+  custom_resource_identifiers_json_final     = replace(replace(local.custom_resource_identifiers_json_templated, "\"[", "["), "]\"", "]")
+  custom_resource_identifiers                = jsondecode(local.custom_resource_identifiers_json_final)
+}
+
+locals {
+  template_replacements = merge(local.custom_resource_group_replacements, local.custom_resource_identifiers)
 }
diff --git a/templates/avm/locals.management.tf b/templates/avm/locals.management.tf
@@ -11,3 +11,18 @@ locals {
   management_group_settings_json_final     = replace(replace(local.management_group_settings_json_templated, "\"[", "["), "]\"", "]")
   management_group_settings                = jsondecode(local.management_group_settings_json_final)
 }
+
+locals {
+  management_group_dependencies = {
+    policy_assignments = [
+      module.management_resources,
+      module.hub_and_spoke_vnet,
+      module.virtual_wan
+    ]
+    policy_role_assignments = [
+      module.management_resources,
+      module.hub_and_spoke_vnet,
+      module.virtual_wan
+    ]
+  }
+}
diff --git a/templates/avm/main.management.tf b/templates/avm/main.management.tf
@@ -14,16 +14,5 @@ module "management_groups" {
 
   enable_telemetry          = var.enable_telemetry
   management_group_settings = local.management_group_settings
-  dependencies = {
-    policy_assignments = [
-      module.management_resources,
-      module.hub_and_spoke_vnet,
-      module.virtual_wan
-    ]
-    policy_role_assignments = [
-      module.management_resources,
-      module.hub_and_spoke_vnet,
-      module.virtual_wan
-    ]
-  }
+  dependencies              = local.management_group_dependencies
 }
diff --git a/templates/avm/terraform.tf b/templates/avm/terraform.tf
@@ -24,10 +24,6 @@ terraform {
 provider "alz" {
   library_overwrite_enabled = true
   library_references = [
-    {
-      path = "platform/alz"
-      ref  = "2024.11.0"
-    },
     {
       custom_url = "${path.root}/lib"
     }

diff --git a/templates/avm/variables.tf b/templates/avm/variables.tf
@@ -30,8 +30,16 @@ variable "enable_telemetry" {
   description = "Flag to enable/disable telemetry"
 }
 
-variable "custom_names" {
-  type        = map(string)
-  default     = {}
-  description = "Custom names for resources"
+variable "custom_replacements" {
+  type        = object({
+    names = optional(map(string), {})
+    resource_group_identifiers = optional(map(string), {})
+    resource_identifiers = optional(map(string), {})
+  })
+  default     = {
+    names = {}
+    resource_group_identifiers = {}
+    resource_identifiers = {}
+  }
+  description = "Custom replacements"
 }