Addressing Review comments, also made subnets a list

cloudera-labs · Oct 23, 2023 · ac70734 · ac70734
1 parent 0679ddb
commit ac70734
Show file tree

Hide file tree

Showing 10 changed files with 247 additions and 142 deletions.
diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md
@@ -7,62 +7,78 @@ This module contains resource files and example variable definition files for cr
 * Creates a NFS file share of 100 GB in the storage account
 * Creates a private dns zone of type privatelink.file.core.windows.net
 * Creates a VNET link between CDP workload VNET and private DNS zone
-* Creates a private endpoint for NFS Storage Account (File sub-resource) for one of the subnets in the CDP VNET - this should be extended to all subnets for CML.
+* Creates a private endpoint for NFS Storage Account (File sub-resource) for the specified subnets in the CDP VNET.
 * Creates a public IP , security group allowing port 22 from everywhere
-* Creates a ubuntu VM with public IP, security group in the CDP VNET to which private endpoint was created.
+* Creates a ubuntu VM with public IP, security group in the CDP Subnets to which private endpoint was created.
 
+## Usage
+
+The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios:
+
+* `ex01-nfs_fileshare` uses a set of inputs for the module.
+
+In each directory an example `terraform.tfvars.sample` values file is included to show input variable values.
 
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 3.45.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >=3.11.0, <4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | 2.39.0 |
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.45.0 |
-
-## Usage
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >=3.11.0, <4.0 |
 
-The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios:
+## Modules
 
-* `ex01-nfs_fileshare` uses a set of inputs for the module.
-
-In each directory an example `terraform.tfvars.sample` values file is included to show input variable values.
+No modules.
 
 ## Resources
+
 | Name | Type |
 |------|------|
-| [azurem_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account.html) | resource |
-| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share.html) | resource |
+| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource |
+| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource |
+| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource |
+| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
+| [azurerm_network_security_rule.nfsvm_sg_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource |
 | [azurerm_private_dns_zone.nfs_privatednszone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
-| [azurerm_public_ip.nfs_vm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
-| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/Azurerm/3.41.0/docs/resources/network_interface) | resource |
-| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
-| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association.html) | resource |
-| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource |
+| [azurerm_private_endpoint.nfs_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
+| [azurerm_public_ip.nfsvm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
+| [azurerm_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
+| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share) | resource |
+| [azurerm_subnet.nfs_subnets](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
+| [azurerm_virtual_network.nfs_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_resourcegroup_name"></a> [resourcegroup\_name](#input\_resourcegroup\_name) | CDP Resource Group | `string` | n/a | yes |
-| <a name="input_vnet_name"></a> [vent\_name](#input\_vnet\_name) | CDP Workload VNET Name | `string` | n/a | yes |
-| <a name="input_azure_region"></a> [azure\_region](#azure\_region) | Azure Region | `string` | n/a | yes |
-| <a name="input_nfs_storage_account_name"></a> [aws\_region](#nfs\_storage\_account\_name) | NFS Storage Account Name | `string` | n/a | yes |
-| <a name="input_env_prefix"></a> [env\_prefix](#env\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes |
-| <a name="input_nfs_file_share_name"></a> [nfs\_file\_share\_name](#nfs\_file\_share\_name) | NFS File Share Name | `string` | n/a | yes |
-| <a name="input_nfs_private_endpoint_target_subnet_name"></a> [aws\_region](#nfs\_private\_endpoint\_target\_subnet\_name) | Subnet to which Azure Files private endpoint is created | `string` | n/a | yes |
-| <a name="input_nfs_file_share_size"></a> [nfs\_file\_share\_size](#nfs\_file\_share\_size) | NFS File Share Size | `number` | 100 | yes |
+| <a name="input_azure_region"></a> [azure\_region](#input\_azure\_region) | Region for CDP | `string` | n/a | yes |
+| <a name="input_nfs_file_share_name"></a> [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | n/a | yes |
+| <a name="input_nfs_private_endpoint_target_subnet_names"></a> [nfs\_private\_endpoint\_target\_subnet\_names](#input\_nfs\_private\_endpoint\_target\_subnet\_names) | Subnet to which private endpoints are created | `list(string)` | n/a | yes |
+| <a name="input_nfs_storage_account_name"></a> [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes |
+| <a name="input_nfs_vnet_link_name"></a> [nfs\_vnet\_link\_name](#input\_nfs\_vnet\_link\_name) | Name for NFS VNET Link | `string` | n/a | yes |
+| <a name="input_nfsvm_name"></a> [nfsvm\_name](#input\_nfsvm\_name) | Name for NFS VM | `string` | n/a | yes |
+| <a name="input_nfsvm_nic_name"></a> [nfsvm\_nic\_name](#input\_nfsvm\_nic\_name) | Name for NFS VM NIC | `string` | n/a | yes |
+| <a name="input_nfsvm_public_ip_name"></a> [nfsvm\_public\_ip\_name](#input\_nfsvm\_public\_ip\_name) | Name for NFS VM Public IP | `string` | n/a | yes |
+| <a name="input_nfsvm_sg_name"></a> [nfsvm\_sg\_name](#input\_nfsvm\_sg\_name) | Name for NFS VM Security Group | `string` | n/a | yes |
+| <a name="input_private_endpoint_prefix"></a> [private\_endpoint\_prefix](#input\_private\_endpoint\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes |
+| <a name="input_public_key_text"></a> [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | n/a | yes |
+| <a name="input_resourcegroup_name"></a> [resourcegroup\_name](#input\_resourcegroup\_name) | Resource Group Name | `string` | n/a | yes |
+| <a name="input_source_address_prefixes"></a> [source\_address\_prefixes](#input\_source\_address\_prefixes) | Source address prefixes for VM ssh access | `list(string)` | n/a | yes |
+| <a name="input_vnet_name"></a> [vnet\_name](#input\_vnet\_name) | Vnet name | `string` | n/a | yes |
+| <a name="input_nfs_file_share_size"></a> [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_nfs_file_share_url"></a> [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share Url |
-| <a name="output_nfs_vm_public_ip"></a> [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | Public IP of VM to manage NFS |
+| <a name="output_nfs_file_share_url"></a> [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share url |
+| <a name="output_nfs_vm_public_ip"></a> [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM public IP address |
+| <a name="output_nfs_vm_username"></a> [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username |
+<!-- END_TF_DOCS -->
diff --git a/modules/terraform-azure-nfs/data.tf b/modules/terraform-azure-nfs/data.tf
@@ -11,14 +11,17 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+data "azurerm_subnet" "nfs_subnets" {
 
-data "azurerm_subnet" "nfs_subnet" {
-  name = var.nfs_private_endpoint_target_subnet_name
+  for_each = toset(var.nfs_private_endpoint_target_subnet_names)
+
+  name                 = each.value
   virtual_network_name = var.vnet_name
-  resource_group_name = var.resourcegroup_name
+  resource_group_name  = var.resourcegroup_name
 }
 
+
 data "azurerm_virtual_network" "nfs_vnet" {
-  name = var.vnet_name
+  name                = var.vnet_name
   resource_group_name = var.resourcegroup_name
 }
diff --git a/modules/terraform-azure-nfs/defaults.tf b/modules/terraform-azure-nfs/defaults.tf
@@ -13,5 +13,5 @@
 # limitations under the License.
 
 locals {
-  nfs_file_share_size = 100
+
 }
diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml
diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf
@@ -12,23 +12,35 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-module "ex01_nfs_filesahre" {
+module "ex01_nfs_fileshare" {
   source = "../.."
 
-  resourcegroup_name                      = var.resourcegroup_name
-  azure_region                            = var.azure_region
-  nfs_file_share_name                     = var.nfs_file_share_size
-  nfs_file_share_size                     = var.nfs_file_share_size
-  nfs_private_endpoint_target_subnet_name = var.nfs_private_endpoint_target_subnet_name
-  vnet_name                               = var.vnet_name
-  env_prefix                              = var.env_prefix
-  nfs_storage_account_name                = var.nfs_storage_account_name
-
+  resourcegroup_name                       = var.resourcegroup_name
+  azure_region                             = var.azure_region
+  nfs_file_share_name                      = var.nfs_file_share_name
+  nfs_file_share_size                      = var.nfs_file_share_size
+  nfs_private_endpoint_target_subnet_names = var.nfs_private_endpoint_target_subnet_names
+  vnet_name                                = var.vnet_name
+  nfs_storage_account_name                 = var.nfs_storage_account_name
+  source_address_prefixes                  = var.source_address_prefixes
+  nfsvm_nic_name                           = var.nfsvm_nic_name
+  nfsvm_public_ip_name                     = var.nfsvm_public_ip_name
+  nfsvm_sg_name                            = var.nfsvm_sg_name
+  nfs_vnet_link_name                       = var.nfs_vnet_link_name
+  nfsvm_name                               = var.nfsvm_name
+  public_key_text                          = var.public_key_text
+  private_endpoint_prefix                  = var.private_endpoint_prefix
 }
 
 output "nfs_file_share_url" {
-  value = module.ex01_nfs_filesahre.nfs_file_share_url
+  value = module.ex01_nfs_fileshare.nfs_file_share_url
 }
 output "nfs_vm_public_ip" {
-  value = module.ex01_nfs_filesahre.nfs_vm_public_ip
+  value = module.ex01_nfs_fileshare.nfs_vm_public_ip
+}
+
+
+output "nfs_vm_username" {
+  value       = module.ex01_nfs_fileshare.nfs_vm_username
+  description = "NFS VM Admin Username"
 }
diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample
@@ -12,15 +12,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# ------- Global settings -------
-env_prefix = "<ENTER_VALUE>" # Required name prefix for cloud and CDP resources, e.g. cldr1
+private_endpoint_prefix = "<ENTER_VALUE>"
 
 # ------- Cloud Settings -------
 azure_region = "<ENTER_VALUE>" # Change this to specify Cloud Provider region, e.g. eastus
 
 resourcegroup_name                      = "<ENTER_VALUE>"
 nfs_file_share_name                     = "<ENTER_VALUE>"
 nfs_file_share_size                     = <ENTER_VALUE>
-nfs_private_endpoint_target_subnet_name = "<ENTER_VALUE>"
+nfs_private_endpoint_target_subnet_names = ["<ENTER_VALUE>", "<ENTER_VALUE>"]
 vnet_name                               = "<ENTER_VALUE>"
-nfs_storage_account_name                = "<ENTER_VALUE>"
+nfs_storage_account_name                = "<ENTER_VALUE>"
+nfsvm_public_ip_name                    = "<ENTER_VALUE>"
+nfsvm_nic_name                          = "<ENTER_VALUE>"
+nfsvm_sg_name                           = <ENTER_VALUE>
+nfs_vnet_link_name                      = "<ENTER_VALUE>"
+nfsvm_name                              = "<ENTER_VALUE>"
+public_key_text                         = "<ENTER_VALUE>"
+source_address_prefixes                 = ["<ENTER_VALUE>", "<ENTER_VALUE>"]
diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf
@@ -14,45 +14,83 @@
 
 
 variable "resourcegroup_name" {
-  type = string
+  type        = string
   description = "Resource Group Name"
 }
 
 variable "vnet_name" {
-  type = string
+  type        = string
   description = "Vnet name"
 
 }
 
 
 variable "azure_region" {
-  type = string
+  type        = string
   description = "Region for CDP"
 
 }
 
-variable "env_prefix" {
-  type = string
+variable "private_endpoint_prefix" {
+  type        = string
   description = "Shorthand name for the environment. Used in resource descriptions"
 }
 
 
 variable "nfs_file_share_name" {
-  type = string
+  type        = string
   description = "nfs file share name"
 }
 
-variable "nfs_private_endpoint_target_subnet_name" {
-  type = string
-  description = "Subnet to which private endpoint is created"
+variable "nfs_private_endpoint_target_subnet_names" {
+  type        = list(string)
+  description = "Subnets to which private endpoints are created"
 }
 
 variable "nfs_storage_account_name" {
-  type = string
+  type        = string
   description = "NFS Storage account name"
 }
 
 variable "nfs_file_share_size" {
-  type = number
+  type        = number
   description = "NFS File Share size"
+}
+
+
+variable "nfsvm_public_ip_name" {
+  type        = string
+  description = "Name for NFS VM Public IP"
+}
+
+variable "nfsvm_nic_name" {
+  type        = string
+  description = "Name for NFS VM NIC"
+}
+
+variable "nfsvm_sg_name" {
+  type        = string
+  description = "Name for NFS VM Security Group"
+}
+
+variable "nfs_vnet_link_name" {
+  type        = string
+  description = "Name for NFS VNET Link"
+}
+
+
+variable "nfsvm_name" {
+  type        = string
+  description = "Name for NFS VM"
+}
+
+variable "public_key_text" {
+  type = string
+
+  description = "SSH Public key string for the nodes of the CDP environment"
+}
+
+variable "source_address_prefixes" {
+  type        = list(string)
+  description = "Source address prefixes for VM ssh access"
 }