Merge pull request #1940 from sschne/kusto-cluster-private-endpoint

Kusto cluster private endpoint
aztfmod · Mar 14, 2024 · c8322d9 · c8322d9
2 parents e03117c + 818ec56
commit c8322d9
Showing 7 changed files with 103 additions and 8 deletions.
diff --git a/.github/workflows/standalone-scenarios.json b/.github/workflows/standalone-scenarios.json
@@ -26,6 +26,7 @@
     "data_explorer/104-kusto_cluster_database",
     "data_explorer/105-kusto_attached_database_configuration",
     "data_explorer/106-database_principal_assignment",
+    "data_explorer/107-private-endpoint",
     "data_factory/101-data_factory",
     "data_factory/102-data_factory_pipeline",
     "data_factory/103-data_factory_trigger_schedule",

diff --git a/data_explorer.tf b/data_explorer.tf
@@ -7,9 +7,11 @@ module "kusto_clusters" {
   settings            = each.value
   location            = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
   resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name
+  private_endpoints   = try(each.value.private_endpoints, {})
   base_tags           = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
 
   combined_resources = {
+    private_dns        = local.combined_objects_private_dns
     vnets              = local.combined_objects_networking
     pips               = local.combined_objects_public_ip_addresses
     managed_identities = local.combined_objects_managed_identities

diff --git a/examples/data_explorer/107-private-endpoint/configuration.tfvars b/examples/data_explorer/107-private-endpoint/configuration.tfvars
@@ -0,0 +1,75 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "eastus"
+  }
+}
+
+resource_groups = {
+  rg1 = {
+    name   = "dedicated-test"
+    region = "region1"
+  }
+}
+kusto_clusters = {
+  kc1 = {
+    name              = "kustocluster"
+    auto_stop_enabled = false
+    resource_group = {
+      key = "rg1"
+      #lz_key = ""
+      #name   = ""
+    }
+    region = "region1"
+
+    sku = {
+      name     = "Dev(No SLA)_Standard_E2a_v4"
+      capacity = 1
+    }
+
+    private_endpoints = {
+      pe1 = {
+        name               = "kusto-shared"
+        resource_group_key = "rg1"
+        vnet_key           = "vnet_region1"
+        subnet_key         = "private_endpoints"
+        private_service_connection = {
+          name                 = "kusto-shared"
+          is_manual_connection = false
+          subresource_names    = ["cluster"]
+        }
+        private_dns = {
+          keys = ["kusto"]
+        }
+      }
+    }
+  }
+}
+
+## Networking configuration
+vnets = {
+  vnet_region1 = {
+    resource_group_key = "rg1"
+    region             = "region1"
+
+    vnet = {
+      name          = "kusto"
+      address_space = ["10.10.0.0/24"]
+    }
+
+    subnets = {
+      private_endpoints = {
+        name                                           = "private-endpoint"
+        cidr                                           = ["10.10.0.0/25"]
+        enforce_private_link_endpoint_network_policies = true
+      }
+    }
+  }
+}
+
+private_dns = {
+  kusto = {
+    name               = "privatelink.westeurope.kusto.windows.net"
+    resource_group_key = "rg1"
+  }
+}
diff --git a/modules/databases/data_explorer/kusto_clusters/module.tf b/modules/databases/data_explorer/kusto_clusters/module.tf
@@ -52,9 +52,10 @@ resource "azurerm_kusto_cluster" "kusto" {
       maximum_instances = optimized_auto_scale.value.maximum_instances
     }
   }
-  trusted_external_tenants = try(var.settings.trusted_external_tenants, null)
-  zones                    = try(var.settings.zones, null)
-  engine                   = try(var.settings.engine, null)
-  auto_stop_enabled        = try(var.settings.auto_stop_enabled, null)
-  tags                     = local.tags
-}
+  trusted_external_tenants      = try(var.settings.trusted_external_tenants, null)
+  zones                         = try(var.settings.zones, null)
+  engine                        = try(var.settings.engine, null)
+  auto_stop_enabled             = try(var.settings.auto_stop_enabled, null)
+  public_network_access_enabled = try(var.settings.public_network_access_enabled, null)
+  tags                          = local.tags
+}
diff --git a/modules/databases/data_explorer/kusto_clusters/private_endpoint.tf b/modules/databases/data_explorer/kusto_clusters/private_endpoint.tf
@@ -0,0 +1,16 @@
+module "private_endpoint" {
+  source   = "../../../networking/private_endpoint"
+  for_each = try(var.private_endpoints, {})
+
+  resource_id         = azurerm_kusto_cluster.kusto.id
+  name                = each.value.name
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  subnet_id           = can(each.value.subnet_id) ? each.value.subnet_id : var.combined_resources.vnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.vnet_key].subnets[each.value.subnet_key].id
+  settings            = each.value
+  global_settings     = var.global_settings
+  base_tags           = var.global_settings.inherit_tags
+  tags                = local.tags
+  private_dns         = var.combined_resources.private_dns
+  client_config       = var.client_config
+}
diff --git a/modules/databases/data_explorer/kusto_clusters/variables.tf b/modules/databases/data_explorer/kusto_clusters/variables.tf
@@ -25,8 +25,8 @@ variable "vnets" {
 variable "pips" {
   default = null
 }
+variable "private_endpoints" {}
 variable "combined_resources" {
   description = "Provide a map of combined resources for environment_variables_from_resources"
   default     = {}
 }
-
diff --git a/modules/networking/private_endpoint/main.tf b/modules/networking/private_endpoint/main.tf
@@ -16,6 +16,6 @@ locals {
 
   location = can(var.location) || can(var.settings.region) ? try(var.location, var.global_settings.regions[var.settings.region]) : var.resource_groups[try(var.settings.resource_group.lz_key, var.settings.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)].location
 
-  resource_group_name = can(var.resource_group_name) ? var.resource_group_name : var.resource_groups[try(var.settings.resource_group.lz_key, var.settings.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)].name
+  resource_group_name = can(var.resource_group_name) && var.resource_group_name != null ? var.resource_group_name : var.resource_groups[try(var.settings.resource_group.lz_key, var.settings.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)].name
 
 }