Add option to start graphdb cluster Without Application Gateway

.gitignore

@@ -48,6 +48,11 @@ terraform.rc
 *.pem
 *.p12
 *.pub
+*.pfx
+*.crt
 
 #Licenses
 *.license
+
+#Private key
+privatekey.key

main.tf

@@ -158,6 +158,7 @@ module "tls" {
 # Creates a public IP address and an Application Gateway for forwarding internet traffic to the GraphDB proxies/instances
 module "application_gateway" {
   source = "./modules/gateway"
+  count  = var.disable_agw ? 0 : 1
 
   resource_name_prefix = var.resource_name_prefix
   location             = var.location
@@ -179,14 +180,11 @@ module "application_gateway" {
   # Public / Private toggle
   gateway_enable_private_access = var.gateway_enable_private_access
 
+  disable_agw = var.disable_agw
+
   # TLS
-<<<<<<< HEAD
-  gateway_tls_certificate_identity_id = var.tls_manage_id != null ? var.tls_manage_id : module.tls.tls_identity_id
-  gateway_tls_certificate_secret_id   = var.tls_certificate != null ? var.tls_certificate : module.tls.tls_certificate_key_vault_secret_id
-=======
   gateway_tls_certificate_secret_id   = var.tls_certificate_id != null ? var.tls_certificate_id : module.tls[0].tls_certificate_id
   gateway_tls_certificate_identity_id = var.tls_certificate_id != null ? var.tls_certificate_identity_id : module.tls[0].tls_identity_id
->>>>>>> a5909aaae4b39df58dd7a317bf50d9dbd232a291
 
   # Private Link
   gateway_enable_private_link_service                   = var.gateway_enable_private_link_service
@@ -227,7 +225,7 @@ module "monitoring" {
   location             = var.location
   node_count           = var.node_count
 
-  web_test_availability_request_url = module.application_gateway.public_ip_address_fqdn
+  web_test_availability_request_url = var.disable_agw ? null : module.application_gateway[0].public_ip_address_fqdn
   web_test_geo_locations            = var.web_test_geo_locations
   web_test_ssl_check_enabled        = var.web_test_ssl_check_enabled
   graphdb_external_address_fqdn     = var.graphdb_external_address_fqdn != null ? var.graphdb_external_address_fqdn : module.application_gateway.public_ip_address_fqdn
@@ -275,14 +273,14 @@ module "graphdb" {
   graphdb_outbound_address_prefixes    = var.outbound_allowed_address_prefixes
 
   # Gateway
-  application_gateway_backend_address_pool_ids = [module.application_gateway.gateway_backend_address_pool_id]
+  application_gateway_backend_address_pool_ids = var.disable_agw ? [] : [module.application_gateway[0].gateway_backend_address_pool_id]
 
   # App Configuration
   app_configuration_id       = module.appconfig.app_configuration_id
   app_configuration_endpoint = module.appconfig.app_configuration_endpoint
 
   # GraphDB Configurations
-  graphdb_external_address_fqdn = var.graphdb_external_address_fqdn != null ? var.graphdb_external_address_fqdn : module.application_gateway.public_ip_address_fqdn
+  graphdb_external_address_fqdn = var.graphdb_external_address_fqdn != null ? var.graphdb_external_address_fqdn : (var.disable_agw ? null : module.application_gateway[0].public_ip_address_fqdn)
   graphdb_password              = var.graphdb_password
   graphdb_license_path          = var.graphdb_license_path
   graphdb_cluster_token         = var.graphdb_cluster_token
@@ -323,4 +321,4 @@ module "graphdb" {
 
   # Wait for the configurations to be created in the App Configuration store
   depends_on = [module.appconfig]
-}
+}

modules/gateway/outputs.tf

@@ -24,10 +24,14 @@ output "public_ip_address_fqdn" {
 
 output "gateway_id" {
   description = "Identifier of the application gateway for GraphDB"
-  value       = var.gateway_enable_private_access ? azurerm_application_gateway.graphdb-private[0].id : azurerm_application_gateway.graphdb-public[0].id
+  value       = var.gateway_enable_private_access && length(azurerm_application_gateway.graphdb-private) > 0 ? azurerm_application_gateway.graphdb-private[0].id : !var.gateway_enable_private_access && length(azurerm_application_gateway.graphdb-public) > 0 ? azurerm_application_gateway.graphdb-public[0].id : null
 }
 
 output "gateway_backend_address_pool_id" {
   description = "Identifier of the application gateway backend address pool"
-  value       = var.gateway_enable_private_access ? one(azurerm_application_gateway.graphdb-private[0].backend_address_pool).id : one(azurerm_application_gateway.graphdb-public[0].backend_address_pool).id
+  value = (var.gateway_enable_private_access && length(azurerm_application_gateway.graphdb-private) > 0 && length(azurerm_application_gateway.graphdb-private[0].backend_address_pool) > 0
+    ? one(azurerm_application_gateway.graphdb-private[0].backend_address_pool).id
+    : !var.gateway_enable_private_access && length(azurerm_application_gateway.graphdb-public) > 0 && length(azurerm_application_gateway.graphdb-public[0].backend_address_pool) > 0
+    ? one(azurerm_application_gateway.graphdb-public[0].backend_address_pool).id
+  : null)
 }

modules/gateway/variables.tf

@@ -55,6 +55,12 @@ variable "gateway_enable_private_access" {
   type        = bool
 }
 
+variable "disable_agw" {
+  description = "Disables the application gateway"
+  type        = bool
+  default     = false
+}
+
 variable "gateway_min_capacity" {
   description = "Minimum capacity for the Application Gateway autoscaling"
   type        = number
@@ -161,4 +167,4 @@ variable "gateway_global_response_buffering_enabled" {
 variable "node_count" {
   description = "Number of GraphDB nodes to deploy in ASG"
   type        = number
-}
+}

modules/graphdb/variables.tf

@@ -306,3 +306,8 @@ variable "user_supplied_scripts" {
   type        = list(string)
 }
 
+variable "disable_agw" {
+  description = "Disables the application gateway"
+  type        = bool
+  default     = false
+}

output.tf

@@ -1,9 +1,9 @@
 output "public_address" {
   description = "Public address for GraphDB"
-  value       = "https://${module.application_gateway.public_ip_address_fqdn}"
+  value       = var.disable_agw ? null : "https://${module.application_gateway[0].public_ip_address_fqdn}"
 }
 
 output "public_ip_address" {
   description = "The public IP address of the application gateway"
-  value       = module.application_gateway.public_ip_address
-}
+  value       = var.disable_agw ? null : module.application_gateway[0].public_ip_address
+}

variables.tf

@@ -136,6 +136,12 @@ variable "gateway_enable_private_access" {
   default     = false
 }
 
+variable "disable_agw" {
+  description = "Disables the creation of application gateway by the terraform module."
+  type        = bool
+  default     = false
+}
+
 variable "gateway_enable_private_link_service" {
   description = "Set to true to enable Private Link service, false to disable it."
   type        = bool
@@ -176,24 +182,13 @@ variable "gateway_probe_threshold" {
 variable "tls_certificate_path" {
   description = "Path to a TLS certificate that will be imported in Azure Key Vault and used in the Application Gateway TLS listener for GraphDB."
   type        = string
-  default     = null
 }
 
 variable "tls_certificate_password" {
   description = "TLS certificate password for password protected certificates."
   type        = string
-  default     = null
 }
 
-<<<<<<< HEAD
-variable "tls_certificate" {
-  description = "TLS Certificate Secret Identifier."
-  type        = string
-}
-
-variable "tls_manage_id" {
-  description = "ID for managing TLS. If provided it will use this isntead of the one created by the Terraform Script."
-=======
 variable "tls_certificate_id" {
   description = "Resource identifier for a TLS certificate secret from a Key Vault. Overrides tls_certificate_path"
   type        = string
@@ -202,7 +197,6 @@ variable "tls_certificate_id" {
 
 variable "tls_certificate_identity_id" {
   description = "Identifier of a managed identity giving access to the TLS certificate specified with tls_certificate_id"
->>>>>>> a5909aaae4b39df58dd7a317bf50d9dbd232a291
   type        = string
   default     = null
 }
@@ -511,4 +505,4 @@ variable "notification_recipients_email_list" {
   description = "List of emails which will be notified via e-mail and/or push notifications"
   type        = list(string)
   default     = []
-}
+}