edited tf versions

HoussemDellai · Jan 7, 2024 · 93c0140 · 93c0140
1 parent 080cc36
commit 93c0140
Show file tree

Hide file tree

Showing 77 changed files with 427 additions and 186 deletions.
diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
@@ -16,9 +16,9 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: true
     strategy:
-      max-parallel: 1
+      max-parallel: 20
       matrix:
-        directory: [300_load_balancer_vm, 301_load_balancer_vmss, 302_load_balancer_internal_vmss_natgateway, 400_private_dns_zone, 410_private_endpoint_mssql, 420_private_endpoint_pls, 430_service_endpoint_storage_account, 431_service_endpoint_app_service, 500_application_gateway_vmss, 520_application_gateway_vmss_tls_cert_keyvault, 600_public_ip_vm, 610_public_ip_prefix, 620_nat_gateway, 621_nat_gateway_lb, 700_api_management_public, 705_api_management_external, 710_api_management_internal, 715_api_management_internal_app_gateway]
+        directory: [001_vnet_subnets_tf, 002_vm_bastion, 003_vm_bastion_nsg, 004_vnet_peering_tf, 003_vm_bastion_nsg, 200_hub_spoke_firewall, 300_load_balancer_vm, 301_load_balancer_vmss, 302_load_balancer_internal_vmss_natgateway, 400_private_dns_zone, 410_private_endpoint_mssql, 420_private_endpoint_pls, 430_service_endpoint_storage_account, 431_service_endpoint_app_service, 500_application_gateway_vmss, 520_application_gateway_vmss_tls_cert_keyvault, 600_public_ip_vm, 620_nat_gateway, 621_nat_gateway_lb, 700_api_management_public, 705_api_management_external, 710_api_management_internal, 715_api_management_internal_app_gateway]
         # directory: [004_vnet_peering_tf, 003_vm_bastion_nsg, 200_hub_spoke_firewall, 300_load_balancer_vm, 301_load_balancer_vmss, 302_load_balancer_internal_vmss_natgateway, 400_private_dns_zone, 410_private_endpoint_mssql, 420_private_endpoint_pls]
 #       node: [14, 16,]
 
@@ -44,7 +44,7 @@ jobs:
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-    - name: Azure CLI script
+    - name: Test Azure CLI login
       uses: azure/CLI@v1
       with:
         azcliversion: latest
@@ -71,7 +71,7 @@ jobs:
     - name: Terraform Apply
       run: terraform apply tfplan
       working-directory: ${{ matrix.directory }}
-      continue-on-error: true
+      # continue-on-error: true
 #      if: github.ref == 'refs/heads/"main"' && github.event_name == 'push'
 
     # # Terraform Destroy
@@ -93,5 +93,6 @@ jobs:
         done
         
       working-directory: ${{ matrix.directory }}
-      continue-on-error: true
+      if: success() || failure()
+      # continue-on-error: true
 
diff --git a/001_vnet_subnets_tf/providers.tf b/001_vnet_subnets_tf/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.76.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/002_vm_bastion/providers.tf b/002_vm_bastion/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.83.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/003_vm_bastion_nsg/nsg.tf b/003_vm_bastion_nsg/nsg.tf
@@ -11,12 +11,12 @@ resource "azurerm_subnet_network_security_group_association" "nsg_association" {
 
 resource "azurerm_network_security_rule" "rule-deny-all-outbound" {
   name                        = "rule-deny-all-outbound"
-  access                      = "Deny" # Allow
-  priority                    = 900 # between 100 and 4096, must be unique, The lower the priority number, the higher the priority of the rule.
+  access                      = "Deny"     # Allow
+  priority                    = 900        # between 100 and 4096, must be unique, The lower the priority number, the higher the priority of the rule.
   direction                   = "Outbound" # Inbound
-  protocol                    = "Tcp" # Tcp, Udp, Icmp, Esp, Ah or * (which matches all).
-  source_address_prefix       = "*" # CIDR or source IP range or * to match any IP, Supports Tags like VirtualNetwork, AzureLoadBalancer and Internet.
-  source_port_range           = "*" # between 0 and 65535 or * to match any
+  protocol                    = "Tcp"      # Tcp, Udp, Icmp, Esp, Ah or * (which matches all).
+  source_address_prefix       = "*"        # CIDR or source IP range or * to match any IP, Supports Tags like VirtualNetwork, AzureLoadBalancer and Internet.
+  source_port_range           = "*"        # between 0 and 65535 or * to match any
   destination_address_prefix  = "*"
   destination_port_range      = "*"
   resource_group_name         = azurerm_resource_group.rg.name

diff --git a/003_vm_bastion_nsg/providers.tf b/003_vm_bastion_nsg/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.83.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/003_vm_bastion_nsg/rg.tf b/003_vm_bastion_nsg/rg.tf
@@ -1,4 +1,4 @@
-resource azurerm_resource_group "rg" {
+resource "azurerm_resource_group" "rg" {
   name     = "rg-spoke-003"
   location = "westeurope"
 }
diff --git a/004_vnet_peering_tf/providers.tf b/004_vnet_peering_tf/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.83.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/004_vnet_peering_tf/rg-1.tf b/004_vnet_peering_tf/rg-1.tf
@@ -1,4 +1,4 @@
-resource azurerm_resource_group "rg-1" {
+resource "azurerm_resource_group" "rg-1" {
   name     = "rg-1-004"
   location = "westeurope"
 }
diff --git a/004_vnet_peering_tf/rg-2.tf b/004_vnet_peering_tf/rg-2.tf
@@ -1,4 +1,4 @@
-resource azurerm_resource_group "rg-2" {
+resource "azurerm_resource_group" "rg-2" {
   name     = "rg-2-004"
   location = "westeurope"
 }
diff --git a/005_vm_linux_win_bastion/providers.tf b/005_vm_linux_win_bastion/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.79.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/005_vm_linux_win_bastion/rg-hub.tf b/005_vm_linux_win_bastion/rg-hub.tf
@@ -1,4 +1,4 @@
-resource azurerm_resource_group "rg-hub" {
+resource "azurerm_resource_group" "rg-hub" {
   name     = "rg-hub-005"
   location = "westeurope"
 }
diff --git a/005_vm_linux_win_bastion/rg-spoke.tf b/005_vm_linux_win_bastion/rg-spoke.tf
@@ -1,4 +1,4 @@
-resource azurerm_resource_group "rg-spoke" {
+resource "azurerm_resource_group" "rg-spoke" {
   name     = "rg-spoke-005"
   location = "westeurope"
 }
diff --git a/006_route_table/providers.tf b/006_route_table/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.80.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/101_launchpad/main.tf b/101_launchpad/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.46" # "~>2.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/102_create_onprem_resources/main.tf b/102_create_onprem_resources/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=3.46"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/103_create_hub_resources/main.tf b/103_create_hub_resources/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=3.46"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/104_create_hub_nva/main.tf b/104_create_hub_nva/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=3.46"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/105_create_spokes_resources/main.tf b/105_create_spokes_resources/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=3.76.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/200_hub_spoke_firewall/providers.tf b/200_hub_spoke_firewall/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.80.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/200_hub_spoke_nva/providers.tf b/200_hub_spoke_nva/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.80.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/300_load_balancer_vm/load_balancer.tf b/300_load_balancer_vm/load_balancer.tf
@@ -27,7 +27,7 @@ resource "azurerm_lb_backend_address_pool" "backend-pool" {
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic-backenpool-association" {
   network_interface_id    = azurerm_network_interface.nic_vm.id
-  ip_configuration_name   =  azurerm_network_interface.nic_vm.ip_configuration.0.name
+  ip_configuration_name   = azurerm_network_interface.nic_vm.ip_configuration.0.name
   backend_address_pool_id = azurerm_lb_backend_address_pool.backend-pool.id
 }
 

diff --git a/300_load_balancer_vm/providers.tf b/300_load_balancer_vm/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.81.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/301_load_balancer_vmss/providers.tf b/301_load_balancer_vmss/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.81.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/302_load_balancer_internal_vmss_natgateway/providers.tf b/302_load_balancer_internal_vmss_natgateway/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.81.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/400_private_dns_zone/providers.tf b/400_private_dns_zone/providers.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.81.0"
+      version = ">= 3.86.0"
     }
   }
 }

diff --git a/410_private_endpoint_mssql/mssql.tf b/410_private_endpoint_mssql/mssql.tf
@@ -1,5 +1,5 @@
 resource "azurerm_mssql_server" "mssql-server" {
-  name                          = "sqlserver-400"
+  name                          = "sqlserver-${random_string.random.result}-410"
   resource_group_name           = azurerm_resource_group.rg.name
   location                      = azurerm_resource_group.rg.location
   version                       = "12.0"
@@ -19,21 +19,22 @@ resource "azurerm_mssql_database" "database" {
   zone_redundant = false
 }
 
-resource "azurerm_mssql_firewall_rule" "firewall-rule" {
-  name             = "firewall-rule"
-  server_id        = azurerm_mssql_server.mssql-server.id
-  start_ip_address = local.machine_ip
-  end_ip_address   = local.machine_ip
-}
+# works when public_network_access_enabled = true
+# resource "azurerm_mssql_firewall_rule" "firewall-rule" {
+#   name             = "firewall-rule"
+#   server_id        = azurerm_mssql_server.mssql-server.id
+#   start_ip_address = local.machine_ip
+#   end_ip_address   = local.machine_ip
+# }
 
-data "http" "machine_ip" {
-  url = "http://ifconf.me"
+# data "http" "machine_ip" {
+#   url = "http://ifconf.me"
 
-  request_headers = {
-    Accept = "application/json"
-  }
-}
+#   request_headers = {
+#     Accept = "application/json"
+#   }
+# }
 
-locals {
-  machine_ip = replace(data.http.machine_ip.response_body, "\n", "")
-}
+# locals {
+#   machine_ip = replace(data.http.machine_ip.response_body, "\n", "")
+# }
diff --git a/410_private_endpoint_mssql/providers.tf b/410_private_endpoint_mssql/providers.tf
@@ -5,11 +5,15 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.81.0"
+      version = ">= 3.86.0"
     }
     http = {
       source  = "hashicorp/http"
-      version = "3.4.0"
+      version = ">= 3.4.0"
+    }
+    random = {
+      source = "hashicorp/random"
+      version = ">= 3.6.0"
     }
   }
 }

diff --git a/410_private_endpoint_mssql/random.tf b/410_private_endpoint_mssql/random.tf
@@ -0,0 +1,5 @@
+resource "random_string" "random" {
+  length  = 5
+  special = false
+  lower   = true
+}