Skip to content

Commit

Permalink
fix: resource control conditions
Browse files Browse the repository at this point in the history
  • Loading branch information
d4kverma committed Jan 26, 2024
1 parent 9a183e1 commit ea3a297
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 23 deletions.
15 changes: 7 additions & 8 deletions _example/complete/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ provider "azurerm" {
data "azurerm_client_config" "current_client_config" {}

locals {
name = "storage"
name = "app-storage"
environment = "test"
label_order = ["name", "environment"]
}
Expand Down Expand Up @@ -83,7 +83,7 @@ module "vault" {
source = "clouddrove/key-vault/azure"
version = "1.1.0"

name = "vault65960589"
name = "vault6596058"
environment = "test"
label_order = ["name", "environment", ]
resource_group_name = module.resource_group.resource_group_name
Expand All @@ -95,6 +95,7 @@ module "vault" {
enabled_for_disk_encryption = false
#private endpoint
enable_private_endpoint = false
network_acls = null
########Following to be uncommnented only when using DNS Zone from different subscription along with existing DNS zone.

# diff_sub = true
Expand All @@ -121,18 +122,16 @@ module "storage" {
label_order = local.label_order
resource_group_name = module.resource_group.resource_group_name
location = module.resource_group.resource_group_location
storage_account_name = "storage874682"
storage_account_name = "storage87482"
public_network_access_enabled = true
account_kind = "StorageV2"
account_tier = "Standard"
identity_type = "UserAssigned"
object_id = [data.azurerm_client_config.current_client_config.object_id]
account_replication_type = "ZRS"
cmk_encryption_enabled = true
admin_objects_ids = [data.azurerm_client_config.current_client_config.object_id]

###customer_managed_key can only be set when the account_kind is set to StorageV2 or account_tier set to Premium, and the identity type is UserAssigned.
key_vault_id = module.vault.id
cmk_encryption_enabled = true
key_vault_id = module.vault.id

## Storage Container
containers_list = [
{ name = "app-test", access_type = "private" },
Expand Down
17 changes: 8 additions & 9 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ module "labels" {
## To create storage account with cmk(customer managed key) encryption set 'var.default_enabled = false'.
##-----------------------------------------------------------------------------
resource "azurerm_storage_account" "storage" {
count = var.enabled ? 1 : 0
# depends_on = [azurerm_role_assignment.identity_assigned]
count = var.enabled ? 1 : 0
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
Expand Down Expand Up @@ -295,7 +294,7 @@ resource "azurerm_storage_account_network_rules" "network-rules" {
## Below resource will create threat protection for storage account.
##-----------------------------------------------------------------------------
resource "azurerm_advanced_threat_protection" "atp" {
count = var.enabled ? 1 : 0
count = var.enabled && var.enable_advanced_threat_protection ? 1 : 0
target_resource_id = join("", azurerm_storage_account.storage.*.id)

Check warning on line 298 in main.tf

View workflow job for this annotation

GitHub Actions / tf-lint / tflint

List items should be accessed using square brackets
enabled = var.enable_advanced_threat_protection
}
Expand All @@ -305,7 +304,7 @@ resource "azurerm_advanced_threat_protection" "atp" {
## This resource is not required when key vault has role based authorization(rbac) enabled.
##-----------------------------------------------------------------------------
resource "azurerm_key_vault_access_policy" "keyvault-access-policy" {
count = var.enabled && var.key_vault_rbac_auth_enabled == false ? length(var.object_id) : 0
count = var.enabled && var.key_vault_rbac_auth_enabled == false ? 1 : 0
key_vault_id = var.key_vault_id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = join("", azurerm_user_assigned_identity.identity.*.principal_id)

Check warning on line 310 in main.tf

View workflow job for this annotation

GitHub Actions / tf-lint / tflint

List items should be accessed using square brackets
Expand Down Expand Up @@ -345,7 +344,7 @@ resource "azurerm_key_vault_access_policy" "keyvault-access-policy" {
## Below resource will create container in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_container" "container" {
count = length(var.containers_list)
count = var.enabled ? length(var.containers_list) : 0
name = var.containers_list[count.index].name
storage_account_name = azurerm_storage_account.storage[0].name
container_access_type = var.containers_list[count.index].access_type
Expand All @@ -355,7 +354,7 @@ resource "azurerm_storage_container" "container" {
## Below resource will create file share in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_share" "fileshare" {
count = length(var.file_shares)
count = var.enabled ? length(var.file_shares) : 0
name = var.file_shares[count.index].name
storage_account_name = azurerm_storage_account.storage[0].name
quota = var.file_shares[count.index].quota
Expand All @@ -365,7 +364,7 @@ resource "azurerm_storage_share" "fileshare" {
## Below resource will create tables in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_table" "tables" {
count = length(var.tables)
count = var.enabled ? length(var.tables) : 0
name = var.tables[count.index]
storage_account_name = join("", azurerm_storage_account.storage.*.name)

Check warning on line 369 in main.tf

View workflow job for this annotation

GitHub Actions / tf-lint / tflint

List items should be accessed using square brackets
}
Expand All @@ -374,7 +373,7 @@ resource "azurerm_storage_table" "tables" {
## Below resource will create queue in storage account.
##-----------------------------------------------------------------------------
resource "azurerm_storage_queue" "queues" {
count = length(var.queues)
count = var.enabled ? length(var.queues) : 0
name = var.queues[count.index]
storage_account_name = join("", azurerm_storage_account.storage.*.name)

Check warning on line 378 in main.tf

View workflow job for this annotation

GitHub Actions / tf-lint / tflint

List items should be accessed using square brackets
}
Expand Down Expand Up @@ -509,7 +508,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-1" {
##-----------------------------------------------------------------------------
resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-diff-subs" {
provider = azurerm.peer
count = var.multi_sub_vnet_link && var.existing_private_dns_zone != null ? 1 : 0
count = var.enabled && var.multi_sub_vnet_link && var.existing_private_dns_zone != null ? 1 : 0
name = format("%s-pdz-vnet-link-storage-1", module.labels.id)
resource_group_name = var.existing_private_dns_zone_resource_group_name
private_dns_zone_name = var.existing_private_dns_zone
Expand Down
7 changes: 1 addition & 6 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ variable "access_tier" {

variable "account_replication_type" {
type = string
default = "GRS"
default = "LRS"
description = "Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa."
}

Expand Down Expand Up @@ -338,11 +338,6 @@ variable "allow_nested_items_to_be_public" {
description = "Allow or disallow nested items within this Account to opt into being public. Defaults to true."
}

variable "object_id" {
type = list(string)
default = []
}

variable "allowed_copy_scope" {
type = string
default = "PrivateLink"
Expand Down

0 comments on commit ea3a297

Please sign in to comment.