diff --git a/examples/cognitive_services/101-cognitive-services-account-managed-identity/configuration.tfvars b/examples/cognitive_services/101-cognitive-services-account-managed-identity/configuration.tfvars index 79f8ab921a..62c98ec3e1 100644 --- a/examples/cognitive_services/101-cognitive-services-account-managed-identity/configuration.tfvars +++ b/examples/cognitive_services/101-cognitive-services-account-managed-identity/configuration.tfvars @@ -27,14 +27,14 @@ cognitive_services_account = { # lz_key = "examples" key = "test-rg" } - name = "cs-test-1" - kind = "OpenAI" - sku_name = "S0" + name = "cs-test-1" + kind = "OpenAI" + sku_name = "S0" public_network_access_enabled = true identity = { type = "SystemAssigned, UserAssigned" // Can be "SystemAssigned, UserAssigned" or "SystemAssigned" or "UserAssigned" - key = "cognitive_msi" // A must with "SystemAssigned, UserAssigned" and "UserAssigned" + key = "cognitive_msi" // A must with "SystemAssigned, UserAssigned" and "UserAssigned" } tags = { diff --git a/examples/mysql_flexible_server/103-mysql-flexible-private-endpoint/configuration.tfvars b/examples/mysql_flexible_server/103-mysql-flexible-private-endpoint/configuration.tfvars new file mode 100644 index 0000000000..f65925a736 --- /dev/null +++ b/examples/mysql_flexible_server/103-mysql-flexible-private-endpoint/configuration.tfvars @@ -0,0 +1,110 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "australiaeast" + } +} + +resource_groups = { + mysql_region1 = { + name = "mysql-region1" + region = "region1" + } + security_region1 = { + name = "security-region1" + } +} + +mysql_flexible_server = { + primary_region1 = { + name = "vks-flexible-testservers" + version = "8.0.21" #Possible values are 5.7, and 8.0.21 + sku_name = "GP_Standard_D2ds_v4" + zone = 1 + resource_group = { + key = "mysql_region1" + # lz_key = "" # Set the lz_key if the resource group is remote. + } + + private_dns_zone_id = "dns_zone1" + + # Auto-generated administrator credentials stored in azure keyvault when not set (recommended). + #administrator_username = "psqladmin" + #administrator_password = "ComplxP@ssw0rd!" + keyvault = { + key = "mysql_region1" # (Required) when auto-generated administrator credentials needed. + # lz_key = "" # Set the lz_key if the keyvault is remote. + } + + # [Optional] Server Configurations + mysql_configurations = { + mysql_configurations = { + name = "interactive_timeout" + value = "600" + } + + } + # [Optional] Database Configurations + mysql_databases = { + flex_mysql_database = { + name = "exampledb" + collation = "utf8mb3_unicode_ci" + charset = "utf8mb3" + } + } + + tags = { + server = "MysqlFlexible" + } + + private_endpoints = { + private-link-level4 = { + name = "sales-sql-rg1" + vnet_key = "vnet_region1" + subnet_key = "private_dns" + resource_group_key = "sql_region1" + + private_service_connection = { + name = "sales-sql-rg1" + is_manual_connection = false + subresource_names = ["mysqlServer"] + } + } + } + + } + +} + +keyvaults = { + mysql_region1 = { + name = "mysql-region123" + resource_group_key = "security_region1" + sku_name = "standard" + soft_delete_enabled = true + creation_policies = { + logged_in_user = { + secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] + } + } + } +} + +vnets = { + vnet_region1 = { + resource_group_key = "mysql_region1" + region = "region1" + vnet = { + name = "mysql" + address_space = ["10.10.0.0/24"] + } + subnets = { + private_dns = { + name = "private-dns" + cidr = ["10.10.0.0/25"] + enforce_private_link_endpoint_network_policies = true + enforce_private_link_service_network_policies = false + } + } + } +} \ No newline at end of file diff --git a/modules/databases/mysql_flexible_server/main.tf b/modules/databases/mysql_flexible_server/main.tf index 2e1918847f..e8019f6ebf 100644 --- a/modules/databases/mysql_flexible_server/main.tf +++ b/modules/databases/mysql_flexible_server/main.tf @@ -12,4 +12,3 @@ locals { } tags = merge(var.base_tags, local.module_tag, try(var.settings.tags, null)) } - diff --git a/modules/databases/mysql_flexible_server/private_endpoints.tf b/modules/databases/mysql_flexible_server/private_endpoints.tf new file mode 100644 index 0000000000..c77476562c --- /dev/null +++ b/modules/databases/mysql_flexible_server/private_endpoints.tf @@ -0,0 +1,20 @@ +module "private_endpoint" { + source = "../../networking/private_endpoint" + for_each = var.private_endpoints + + resource_id = azurerm_mysql_flexible_server.mysql.id + name = each.value.name + # location = var.resource_groups[try(each.value.resource_group.lz_key, var.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location + # resource_group_name = var.resource_groups[try(each.value.resource_group.lz_key, var.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].name + location = var.location + resource_group_name = var.resource_group_name + + subnet_id = can(each.value.subnet_id) ? each.value.subnet_id : var.vnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.vnet_key].subnets[each.value.subnet_key].id + + settings = each.value + global_settings = var.global_settings + base_tags = var.inherit_base_tags + tags = local.tags + private_dns = var.private_dns + client_config = var.client_config +} diff --git a/modules/databases/mysql_flexible_server/variables.tf b/modules/databases/mysql_flexible_server/variables.tf index 790831d1d0..c5717d2735 100644 --- a/modules/databases/mysql_flexible_server/variables.tf +++ b/modules/databases/mysql_flexible_server/variables.tf @@ -31,4 +31,21 @@ variable "settings" { variable "location" { description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." type = string +} + +variable "private_dns" { + default = {} +} + +variable "private_endpoints" {} + +variable "resource_groups" {} + +variable "resource_group" {} + +variable "vnets" {} + +variable "inherit_base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool } \ No newline at end of file diff --git a/mysql_flexible_servers.tf b/mysql_flexible_servers.tf index 3e396f8e63..afdcc69bee 100644 --- a/mysql_flexible_servers.tf +++ b/mysql_flexible_servers.tf @@ -15,7 +15,11 @@ module "mysql_flexible_server" { resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name location = can(local.global_settings.regions[each.value.region]) || can(each.value.region) ? try(local.global_settings.regions[each.value.region], each.value.region) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location - + private_endpoints = try(each.value.private_endpoints, {}) + resource_groups = try(each.value.private_endpoints, {}) == {} ? null : local.resource_groups + resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] + vnets = local.combined_objects_networking + inherit_base_tags = local.global_settings.inherit_tags remote_objects = { subnet_id = can(each.value.vnet.subnet_key) ? local.combined_objects_networking[try(each.value.vnet.lz_key, local.client_config.landingzone_key)][each.value.vnet.key].subnets[each.value.vnet.subnet_key].id : null private_dns_zone_id = can(each.value.private_dns_zone.key) ? local.combined_objects_private_dns[try(each.value.private_dns_zone.lz_key, local.client_config.landingzone_key)][each.value.private_dns_zone.key].id : null