add APIM subresources to module

.lcafenv

@@ -21,3 +21,4 @@
 # PYTHON_VER=
 # TERRAGRUNT_VER=
 # TERRAFORM_VER=
+# TERRAFORM_VERSION=

.tool-versions

@@ -1,9 +1,9 @@
 conftest 0.44.1
-golang 1.21.7
-golangci-lint 1.55.2
+golang 1.24.8
+golangci-lint 2.5.0
 pre-commit 3.3.3
 regula 3.2.1 # https://github.com/launchbynttdata/asdf-regula
 terraform 1.5.5
 terraform-docs 0.16.0
 terragrunt 0.39.2
-tflint 0.48.0
+tflint 0.51.2

Makefile

@@ -18,7 +18,7 @@ LCAF_ENV_FILE = .lcafenv
 # Source repository for repo manifests
 REPO_MANIFESTS_URL ?= https://github.com/launchbynttdata/launch-common-automation-framework.git
 # Branch of source repository for repo manifests. Other tags not currently supported.
-REPO_BRANCH ?= refs/tags/1.7.1
+REPO_BRANCH ?= refs/tags/1.8.1
 # Path to seed manifest in repository referenced in REPO_MANIFESTS_URL
 REPO_MANIFEST ?= manifests/terraform_modules/seed/manifest.xml
 

README.md

@@ -106,7 +106,7 @@ If `make check` target is successful, developer is good to commit the code to pr
 - runs `conftests`. `conftests` make sure `policy` checks are successful.
 - runs `terratest`. This is integration test suit.
 - runs `opa` tests
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -132,6 +132,13 @@ No providers.
 | <a name="module_nsg"></a> [nsg](#module\_nsg) | terraform.registry.launch.nttdata.com/module_primitive/network_security_group/azurerm | ~> 1.0 |
 | <a name="module_nsg_subnet_assoc"></a> [nsg\_subnet\_assoc](#module\_nsg\_subnet\_assoc) | terraform.registry.launch.nttdata.com/module_primitive/nsg_subnet_association/azurerm | ~> 1.0 |
 | <a name="module_apim"></a> [apim](#module\_apim) | terraform.registry.launch.nttdata.com/module_primitive/api_management/azurerm | ~> 1.0 |
+| <a name="module_key_vault_role_assignments"></a> [key\_vault\_role\_assignments](#module\_key\_vault\_role\_assignments) | terraform.registry.launch.nttdata.com/module_primitive/role_assignment/azurerm | ~> 1.0 |
+| <a name="module_apim_certificates"></a> [apim\_certificates](#module\_apim\_certificates) | terraform.registry.launch.nttdata.com/module_primitive/api_management_certificate/azurerm | ~> 1.0 |
+| <a name="module_apim_loggers"></a> [apim\_loggers](#module\_apim\_loggers) | terraform.registry.launch.nttdata.com/module_primitive/api_management_logger/azurerm | ~> 1.0 |
+| <a name="module_apim_named_values"></a> [apim\_named\_values](#module\_apim\_named\_values) | terraform.registry.launch.nttdata.com/module_primitive/api_management_named_value/azurerm | ~> 1.0 |
+| <a name="module_apim_backends"></a> [apim\_backends](#module\_apim\_backends) | terraform.registry.launch.nttdata.com/module_primitive/api_management_backend/azurerm | ~> 1.0 |
+| <a name="module_apim_apis"></a> [apim\_apis](#module\_apim\_apis) | terraform.registry.launch.nttdata.com/module_primitive/api_management_api/azurerm | ~> 1.0 |
+| <a name="module_apim_diagnostics"></a> [apim\_diagnostics](#module\_apim\_diagnostics) | terraform.registry.launch.nttdata.com/module_primitive/api_management_diagnostic/azurerm | ~> 1.0 |
 
 ## Resources
 
@@ -175,6 +182,13 @@ No resources.
 | <a name="input_virtual_network_type"></a> [virtual\_network\_type](#input\_virtual\_network\_type) | The type of virtual network you want to use, valid values include: None, External, Internal.<br>    External and Internal are only supported in the SKUs - Premium and Developer | `string` | `"None"` | no |
 | <a name="input_virtual_network_configuration"></a> [virtual\_network\_configuration](#input\_virtual\_network\_configuration) | The id(s) of the subnet(s) that will be used for the API Management. Required when virtual\_network\_type is External or Internal<br>    that is in the SKUs - Premium and Developer | `list(string)` | `[]` | no |
 | <a name="input_additional_nsg_rules"></a> [additional\_nsg\_rules](#input\_additional\_nsg\_rules) | A list of additional NSG rules to be applied to the API Management subnet. Only applicable when virtual\_network\_type<br>    is External or Internal.<br>    Use `priority` > 105 to avoid conflicts with default rules. | <pre>list(object({<br>    name                       = string<br>    priority                   = number<br>    direction                  = string<br>    access                     = string<br>    protocol                   = string<br>    source_port_range          = string<br>    destination_port_range     = string<br>    source_address_prefix      = string<br>    destination_address_prefix = string<br>  }))</pre> | `[]` | no |
+| <a name="input_apis"></a> [apis](#input\_apis) | A map of API definitions to be created in the API Management Service. The key is the API name and the value is the API definition. | <pre>map(object({<br>    display_name          = string<br>    path                  = string<br>    description           = string<br>    protocols             = optional(list(string), ["https"])<br>    api_type              = optional(string, "http")<br>    service_url           = optional(string, null)<br>    soap_pass_through     = optional(bool, null)<br>    subscription_required = optional(bool, true)<br>    terms_of_service_url  = optional(string, null)<br><br>    contact = optional(object({<br>      name  = string<br>      email = string<br>      url   = string<br>    }), null)<br><br>    import = optional(object({<br>      content_format = string<br>      content_value  = string<br>    }), null)<br><br>    license = optional(object({<br>      name = string<br>      url  = string<br>    }), null)<br><br>    policy = optional(object({<br>      xml_content = optional(string, null)<br>      xml_link    = optional(string, null)<br>    }), null)<br>  }))</pre> | `{}` | no |
+| <a name="input_backends"></a> [backends](#input\_backends) | A map of backend definitions to be created in the API Management Service. The key is the backend name and the value is the backend definition. | <pre>map(object({<br>    url = string<br><br>    description = optional(string, null)<br>    title       = optional(string, null)<br>    protocol    = optional(string, "http")<br><br>    credentials = object({<br>      authorization = optional(object({<br>        scheme    = string<br>        parameter = string<br>      }), null)<br>      certificate = optional(list(string), null)<br>      query       = optional(map(string), null)<br>      header      = optional(map(string), null)<br>    })<br><br>    proxy = optional(object({<br>      url      = string<br>      username = string<br>      password = optional(string)<br>    }), null)<br><br>    service_fabric_cluster = optional(object({<br>      client_certificate_thumbprint    = optional(string, null)<br>      client_certificate_id            = optional(string, null)<br>      management_endpoints             = list(string)<br>      max_partition_resolution_retries = number<br>      server_certificate_thumbprints   = optional(list(string), null)<br>      server_x509_names = optional(list(object({<br>        issuer_certificate_thumbprint = string<br>        name                          = string<br>      })), null)<br>    }), null)<br><br>    tls = optional(object({<br>      validate_certificate_name  = optional(bool, true)<br>      validate_certificate_chain = optional(bool, true)<br>    }), null)<br><br>    resource_id = optional(string, null)<br>  }))</pre> | `{}` | no |
+| <a name="input_certificates"></a> [certificates](#input\_certificates) | A map of certificate definitions to be created in the API Management Service. The key is the certificate name and the value is the certificate definition. | <pre>map(object({<br>    data                         = optional(string, null)<br>    password                     = optional(string, null)<br>    key_vault_secret_id          = optional(string, null)<br>    key_vault_identity_client_id = optional(string, null)<br>  }))</pre> | `{}` | no |
+| <a name="input_diagnostics"></a> [diagnostics](#input\_diagnostics) | A map of diagnostics definitions to be created in the API Management Service. The key is the diagnostic identifier and the value is the diagnostic definition. | <pre>map(object({<br>    identifier                = string<br>    logger_name               = string<br>    api_name                  = optional(string, null)<br>    always_log_errors         = optional(bool, false)<br>    http_correlation_protocol = optional(string, "W3C")<br>    operation_name_format     = optional(string, "Name")<br>    log_client_ip             = optional(bool, false)<br>    sampling_percentage       = optional(number, 100)<br>    verbosity                 = optional(string, "error")<br>    frontend_request = optional(object({<br>      body_bytes     = optional(number, 0)<br>      headers_to_log = optional(list(string), [])<br>    }), {})<br>    frontend_response = optional(object({<br>      body_bytes     = optional(number, 0)<br>      headers_to_log = optional(list(string), [])<br>    }), {})<br>    backend_request = optional(object({<br>      body_bytes     = optional(number, 0)<br>      headers_to_log = optional(list(string), [])<br>    }), {})<br>    backend_response = optional(object({<br>      body_bytes     = optional(number, 0)<br>      headers_to_log = optional(list(string), [])<br>    }), {})<br>  }))</pre> | `{}` | no |
+| <a name="input_loggers"></a> [loggers](#input\_loggers) | A map of logger definitions to be created in the API Management Service. The key is the logger name and the value is the logger definition. | <pre>map(object({<br>    description = optional(string, null)<br>    buffered    = optional(bool, true)<br><br>    application_insights = optional(object({<br>      instrumentation_key = string<br>    }), null)<br><br>    eventhub = optional(object({<br>      name                             = string<br>      connection_string                = optional(string, null)<br>      user_assigned_identity_client_id = optional(string, null)<br>      endpoint_uri                     = optional(string, null)<br>    }), null)<br>  }))</pre> | `{}` | no |
+| <a name="input_named_values"></a> [named\_values](#input\_named\_values) | A map of named value definitions to be created in the API Management Service. | <pre>map(object({<br>    display_name = optional(string, null)<br>    value        = optional(string, null)<br>    secret       = optional(bool, false)<br>    value_from_key_vault = optional(object({<br>      secret_id          = string<br>      identity_client_id = optional(string, null)<br>    }), null)<br>  }))</pre> | `{}` | no |
+| <a name="input_key_vaults"></a> [key\_vaults](#input\_key\_vaults) | A map of Key Vaults that the API Management Service will be given read access to | `map(string)` | `{}` | no |
 | <a name="input_identity_type"></a> [identity\_type](#input\_identity\_type) | Type of Managed Service Identity that should be configured on this API Management Service | `string` | `"SystemAssigned"` | no |
 | <a name="input_identity_ids"></a> [identity\_ids](#input\_identity\_ids) | A list of IDs for User Assigned Managed Identity resources to be assigned. This is required when type is set to UserAssigned or SystemAssigned, UserAssigned. | `list(string)` | `[]` | no |
 | <a name="input_dns_zone_suffix"></a> [dns\_zone\_suffix](#input\_dns\_zone\_suffix) | The DNS Zone suffix for APIM private DNS Zone. Default is `azure-api.net` for Public Cloud<br>    For gov cloud it may be different | `string` | `"azure-api.net"` | no |
@@ -199,4 +213,9 @@ No resources.
 | <a name="output_api_management_identity"></a> [api\_management\_identity](#output\_api\_management\_identity) | The identity of the API Management |
 | <a name="output_public_ip_address"></a> [public\_ip\_address](#output\_public\_ip\_address) | n/a |
 | <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | n/a |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| <a name="output_api_management_apis"></a> [api\_management\_apis](#output\_api\_management\_apis) | List of APIs created in the API Management Service |
+| <a name="output_api_management_backends"></a> [api\_management\_backends](#output\_api\_management\_backends) | List of backends created in the API Management Service |
+| <a name="output_api_management_certificates"></a> [api\_management\_certificates](#output\_api\_management\_certificates) | List of certificates created in the API Management Service |
+| <a name="output_api_management_diagnostics"></a> [api\_management\_diagnostics](#output\_api\_management\_diagnostics) | List of diagnostics created in the API Management Service |
+| <a name="output_api_management_loggers"></a> [api\_management\_loggers](#output\_api\_management\_loggers) | List of loggers created in the API Management Service |
+<!-- END_TF_DOCS -->

examples/private/README.md

@@ -13,7 +13,7 @@ provider "azurerm" {
 ```
 
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -43,10 +43,10 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_product_family"></a> [product\_family](#input\_product\_family) | (Required) Name of the product family for which the resource is created.<br>    Example: org\_name, department\_name. | `string` | `"dso"` | no |
-| <a name="input_product_service"></a> [product\_service](#input\_product\_service) | (Required) Name of the product service for which the resource is created.<br>    For example, backend, frontend, middleware etc. | `string` | `"apim"` | no |
+| <a name="input_product_service"></a> [product\_service](#input\_product\_service) | (Required) Name of the product service for which the resource is created.<br>    For example, backend, frontend, middleware etc. | `string` | `"apimprivate"` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment in which the resource should be provisioned like dev, qa, prod etc. | `string` | `"dev"` | no |
-| <a name="input_environment_number"></a> [environment\_number](#input\_environment\_number) | The environment count for the respective environment. Defaults to 000. Increments in value of 1 | `string` | `"000"` | no |
-| <a name="input_resource_number"></a> [resource\_number](#input\_resource\_number) | The resource count for the respective resource. Defaults to 000. Increments in value of 1 | `string` | `"000"` | no |
+| <a name="input_environment_number"></a> [environment\_number](#input\_environment\_number) | The environment count for the respective environment. Defaults to 000. Increments in value of 1 | `string` | `"001"` | no |
+| <a name="input_resource_number"></a> [resource\_number](#input\_resource\_number) | The resource count for the respective resource. Defaults to 000. Increments in value of 1 | `string` | `"001"` | no |
 | <a name="input_region"></a> [region](#input\_region) | Azure Region in which the infra needs to be provisioned | `string` | `"eastus"` | no |
 | <a name="input_resource_names_map"></a> [resource\_names\_map](#input\_resource\_names\_map) | A map of key to resource\_name that will be used by tf-launch-module\_library-resource\_name to generate resource names | <pre>map(object(<br>    {<br>      name       = string<br>      max_length = optional(number, 60)<br>    }<br>  ))</pre> | <pre>{<br>  "resource_group": {<br>    "max_length": 60,<br>    "name": "rg"<br>  },<br>  "virtual_network": {<br>    "name": "vnet"<br>  }<br>}</pre> | no |
 | <a name="input_address_prefix"></a> [address\_prefix](#input\_address\_prefix) | The address space that is used by the virtual network. | `string` | `"10.6.0.0/16"` | no |
@@ -74,4 +74,4 @@ No resources.
 | <a name="output_api_management_identity"></a> [api\_management\_identity](#output\_api\_management\_identity) | The identity of the API Management |
 | <a name="output_public_ip_address"></a> [public\_ip\_address](#output\_public\_ip\_address) | n/a |
 | <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | n/a |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->

examples/private/variables.tf

@@ -24,7 +24,7 @@ variable "product_service" {
     For example, backend, frontend, middleware etc.
   EOF
   type        = string
-  default     = "apim"
+  default     = "apimprivate"
 }
 
 variable "environment" {
@@ -36,13 +36,13 @@ variable "environment" {
 variable "environment_number" {
   description = "The environment count for the respective environment. Defaults to 000. Increments in value of 1"
   type        = string
-  default     = "000"
+  default     = "001"
 }
 
 variable "resource_number" {
   description = "The resource count for the respective resource. Defaults to 000. Increments in value of 1"
   type        = string
-  default     = "000"
+  default     = "001"
 }
 
 variable "region" {