Skip to content

Commit

Permalink
feat: Add storage account module with examples (#1)
Browse files Browse the repository at this point in the history 
* feat: Add storage account module with examples
  • Loading branch information
@jakubigla
jakubigla authored Jul 29, 2022
1 parent be45f01 commit f8ece17
Show file tree
Hide file tree
Showing 25 changed files with 972 additions and 83 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/pre-commit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,22 +36,22 @@ jobs:

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.0.3
uses: clowdhaus/terraform-min-max@v1.1.0
with:
directory: ${{ matrix.directory }}

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: 'terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: 'terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)'
Expand All @@ -69,13 +69,13 @@ jobs:

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.0.3
uses: clowdhaus/terraform-min-max@v1.1.0

# Step required as tflint pre-commit hook requires module to be initialised
- run: terraform init

- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,5 @@ crash.log

# terraform.lock.hcl files
.terraform.lock.hcl

tfplan
5 changes: 0 additions & 5 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,6 @@ repos:
- id: terraform-docs-go
args: ["."]

- repo: https://github.com/bridgecrewio/checkov.git
rev: '2.0.1161' # Get the latest from: https://github.com/bridgecrewio/checkov/releases
hooks:
- id: checkov

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: "v4.3.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
hooks:
Expand Down
4 changes: 2 additions & 2 deletions .terraform-docs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ sections:
show: [all]

content: |-
## EXAMPLES
## Usage
```hcl
{{ include "example/full-example/main.tf" }}
{{ include "examples/basic/main.tf" }}
```
{{ .Header }}
Expand Down
104 changes: 70 additions & 34 deletions README.md
View file

Large diffs are not rendered by default.

6 changes: 0 additions & 6 deletions example/full-example/main.tf
View file

This file was deleted.

4 changes: 0 additions & 4 deletions example/full-example/outputs.tf
View file

This file was deleted.

3 changes: 0 additions & 3 deletions example/full-example/providers.tf
View file

This file was deleted.

32 changes: 32 additions & 0 deletions examples/basic/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Azure Storage Account - basic example

```terraform
module "resource_group" {
source = "getindata/resource-group/azurerm"
version = "1.1.0"
context = module.this.context
name = "example-rg"
location = "West Europe"
}
module "storage_account" {
source = "../.."
context = module.this.context
name = "example"
location = module.resource_group.location
resource_group_name = module.resource_group.name
# Container lists with access_type to create
containers_list = [
{
name = "container"
access_type = "private"
}
]
depends_on = [module.resource_group]
}
```
0 example/full-example/context.tf → examples/basic/context.tf
View file
File renamed without changes.
28 changes: 28 additions & 0 deletions examples/basic/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
module "resource_group" {
source = "getindata/resource-group/azurerm"
version = "1.1.0"
context = module.this.context

name = "example-rg"
location = "West Europe"
}

module "storage_account" {
source = "../.."
context = module.this.context

name = "example"

location = module.resource_group.location
resource_group_name = module.resource_group.name

# Container lists with access_type to create
containers_list = [
{
name = "container"
access_type = "private"
}
]

depends_on = [module.resource_group]
}
4 changes: 4 additions & 0 deletions examples/basic/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "storage" {
value = module.storage_account
description = "Storage Account outputs"
}
3 changes: 3 additions & 0 deletions examples/basic/providers.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "azurerm" {
features {}
}
6 changes: 3 additions & 3 deletions example/full-example/versions.tf → examples/basic/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ terraform {
required_version = ">= 0.13.0"

required_providers {
null = {
source = "hashicorp/null"
version = "3.1.1"
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.0"
}
}
}
125 changes: 125 additions & 0 deletions examples/complete/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
# Azure Storage Account - complete example

```terraform
data "http" "myip" {
url = "http://ipv4.icanhazip.com"
}
module "resource_group" {
source = "getindata/resource-group/azurerm"
version = "1.1.0"
context = module.this.context
name = "example-rg"
location = "West Europe"
}
module "vnet" {
source = "Azure/vnet/azurerm"
version = "2.6.0"
resource_group_name = module.resource_group.name
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24"]
subnet_names = ["PublicSubnet", "PrivateSubnet"]
depends_on = [module.resource_group]
}
resource "azurerm_private_dns_zone" "blob" {
name = "privatelink.blob.core.windows.net"
resource_group_name = module.resource_group.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "blob" {
name = module.vnet.vnet_name
resource_group_name = module.resource_group.name
private_dns_zone_name = azurerm_private_dns_zone.blob.name
virtual_network_id = module.vnet.vnet_id
}
resource "azurerm_user_assigned_identity" "cmk" {
resource_group_name = module.resource_group.name
location = module.resource_group.location
name = "cmk"
}
resource "azurerm_user_assigned_identity" "readers" {
for_each = toset(["user-identity1", "user-identity2"])
resource_group_name = module.resource_group.name
location = module.resource_group.location
name = each.key
}
module "storage_account" {
source = "../.."
context = module.this.context
name = "example"
location = module.resource_group.location
resource_group_name = module.resource_group.name
# To enable advanced threat protection set argument to `true`
enable_advanced_threat_protection = true
# Container lists with access_type to create
containers_list = [
{ name = "mystore250", access_type = "private" },
{ name = "blobstore251", access_type = "blob" },
{ name = "containter252", access_type = "container" }
]
# SMB file share with quota (GB) to create
file_shares = [
{ name = "smbfileshare1", quota = 50 },
{ name = "smbfileshare2", quota = 50 }
]
# Storage queues
queues = ["queue1", "queue2"]
# Configure managed identities - used for instance for accessing encryption keys
# Possible types are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`.
managed_identity_type = "UserAssigned"
managed_identity_ids = [azurerm_user_assigned_identity.cmk.id]
# Configure Azure AD
storage_blob_data_readers = [for k in azurerm_user_assigned_identity.readers : k.principal_id]
# Lifecycle management for storage account.
# Must specify the value to each argument and default is `0`
lifecycles = [
{
prefix_match = ["mystore250/folder_path"]
tier_to_cool_after_days = 0
tier_to_archive_after_days = 50
delete_after_days = 100
snapshot_delete_after_days = 30
},
{
prefix_match = ["blobstore251/another_path"]
tier_to_cool_after_days = 0
tier_to_archive_after_days = 30
delete_after_days = 75
snapshot_delete_after_days = 30
}
]
network_rules = {
subnet_ids = []
bypass = ["AzureServices"]
ip_rules = [chomp(data.http.myip.body)]
}
#This will create a private endpoint, so connection to the storage will be made via private IP.
private_endpoint_enabled = true
private_endpoint_subresource_name = "blob"
private_endpoint_subnet_id = module.vnet.vnet_subnets[1]
private_endpoint_private_dns_zone_ids = [
azurerm_private_dns_zone.blob.id
]
depends_on = [module.resource_group]
}
```
Loading

0 comments on commit f8ece17

Please sign in to comment.