Skip to content

Commit

Permalink
Merge pull request #36 from using-system/features/azure-bus
Browse files Browse the repository at this point in the history 
feat: Add tf modules for azure bus
  • Loading branch information
@using-system
using-system authored Mar 17, 2024
2 parents 7aacf94 + a637b4f commit 6b4c4f3
Show file tree
Hide file tree
Showing 16 changed files with 612 additions and 0 deletions.
Binary file added terraform/modules/az-asb-queue/README.md
View file
Binary file not shown.
2 changes: 2 additions & 0 deletions terraform/modules/az-asb-queue/checkov.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
skip-path:
- tests
15 changes: 15 additions & 0 deletions terraform/modules/az-asb-queue/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
resource "azurerm_servicebus_queue" "asb" {
name = var.name
namespace_id = var.namespace_id

lock_duration = var.lock_duration
default_message_ttl = var.default_message_ttl
requires_session = var.requires_session
enable_partitioning = var.enable_partitioning
requires_duplicate_detection = var.requires_duplicate_detection
duplicate_detection_history_time_window = var.duplicate_detection_history_time_window

forward_to = var.forward_to
forward_dead_lettered_messages_to = var.forward_dead_lettered_messages_to

}
4 changes: 4 additions & 0 deletions terraform/modules/az-asb-queue/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "id" {
description = "The ServiceBus Queue ID."
value = azurerm_servicebus_queue.asb.id
}
53 changes: 53 additions & 0 deletions terraform/modules/az-asb-queue/tests/queue.tftest.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
provider "azurerm" {
features {
}
}

run "setup" {
module {
source = "./tests/setup"
}
}

run "plan" {

command = plan

variables {
name = "azasbstandardqueue"
namespace_id = run.setup.namespace_id
default_message_ttl = "PT1M"
}

assert {
condition = azurerm_servicebus_queue.asb.name == var.name
error_message = "azurerm_servicebus_queue name must be set"
}

assert {
condition = azurerm_servicebus_queue.asb.namespace_id == var.namespace_id
error_message = "azurerm_servicebus_queue namespace_id must be set"
}

assert {
condition = azurerm_servicebus_queue.asb.default_message_ttl == var.default_message_ttl
error_message = "azurerm_servicebus_queue default_message_ttl must be set"
}

}

run "apply" {

command = apply

variables {
name = "azasbstandardqueue"
namespace_id = run.setup.namespace_id
default_message_ttl = "PT1M"
}

assert {
condition = output.id != "" && output.id != null
error_message = "output id is empty"
}
}
18 changes: 18 additions & 0 deletions terraform/modules/az-asb-queue/tests/setup/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
data "azurerm_resource_group" "test" {
name = "tf-test-rg"
}

resource "azurerm_servicebus_namespace" "test" {
name = "system-az-asb-queue"
location = data.azurerm_resource_group.test.location
resource_group_name = data.azurerm_resource_group.test.name
sku = "Standard"

tags = {
environment = "Test"
}
}

output "namespace_id" {
value = azurerm_servicebus_namespace.test.id
}
57 changes: 57 additions & 0 deletions terraform/modules/az-asb-queue/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
variable "name" {
description = "The name of the Service Bus Queue"
type = string
}

variable "namespace_id" {
description = "The ID of the Service Bus Namespace"
type = string
}

variable "lock_duration" {
description = "The lock duration for messages in the Service Bus Queue"
type = string
default = "PT1M"
}

variable "default_message_ttl" {
description = "The TTL for messages in the Service Bus Queue"
type = string
default = "PT5M"
}

variable "requires_session" {
description = "Does the Service Bus Queue require a session"
type = bool
default = false
}

variable "enable_partitioning" {
description = "Is partitioning enabled for the Service Bus Queue"
type = bool
default = false
}

variable "requires_duplicate_detection" {
description = "Does the Service Bus Queue require duplicate detection"
type = bool
default = false
}

variable "duplicate_detection_history_time_window" {
description = "The time window for duplicate detection"
type = string
default = "PT10M"
}

variable "forward_to" {
description = "The name of the Service Bus Queue to forward messages to"
type = string
default = null
}

variable "forward_dead_lettered_messages_to" {
description = "The name of the Service Bus Queue to forward dead lettered messages to"
type = string
default = null
}
45 changes: 45 additions & 0 deletions terraform/modules/az-asb/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
## Requirements

No requirements.

## Providers

| Name | Version |
|------|---------|
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.96.0 |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [azurerm_servicebus_namespace.asb](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/servicebus_namespace) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_capacity"></a> [capacity](#input\_capacity) | The capacity of the Azure Service Bus Namespace | `number` | `1` | no |
| <a name="input_cmk_key_vault_key_id"></a> [cmk\_key\_vault\_key\_id](#input\_cmk\_key\_vault\_key\_id) | The Key Vault Key Id to associate with the Azure Service Bus Namespace | `string` | `null` | no |
| <a name="input_identity_ids"></a> [identity\_ids](#input\_identity\_ids) | A list of identities associated with the Azure Service Bus Namespace | `list(string)` | `[]` | no |
| <a name="input_location"></a> [location](#input\_location) | Azure Region Location | `string` | n/a | yes |
| <a name="input_minimum_tls_version"></a> [minimum\_tls\_version](#input\_minimum\_tls\_version) | The minimum TLS version for the Azure Service Bus Namespace | `string` | `"1.2"` | no |
| <a name="input_name"></a> [name](#input\_name) | Name of the azure bus namespace | `any` | n/a | yes |
| <a name="input_network_rules_default_action"></a> [network\_rules\_default\_action](#input\_network\_rules\_default\_action) | The default action of the network rules | `string` | `"Deny"` | no |
| <a name="input_premium_messaging_partitions"></a> [premium\_messaging\_partitions](#input\_premium\_messaging\_partitions) | The number of messaging partitions for the Azure Service Bus Namespace | `number` | `1` | no |
| <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Is public network access enabled for the Azure Service Bus Namespace | `bool` | `false` | no |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Resource group name of the azure bus namespace | `any` | n/a | yes |
| <a name="input_sku"></a> [sku](#input\_sku) | The SKU of the Azure Service Bus Namespace | `string` | `"Premium"` | no |
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The list of subnet ids to associate with the Azure Service Bus Namespace | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Tags to associate with resources. | `map(string)` | n/a | yes |
| <a name="input_trusted_services_allowed"></a> [trusted\_services\_allowed](#input\_trusted\_services\_allowed) | The list of trusted services allowed | `bool` | `false` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | The endpoint for the Service Bus Namespace. |
| <a name="output_id"></a> [id](#output\_id) | The ID of the Service Bus Namespace. |
2 changes: 2 additions & 0 deletions terraform/modules/az-asb/checkov.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
skip-path:
- tests
47 changes: 47 additions & 0 deletions terraform/modules/az-asb/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
resource "azurerm_servicebus_namespace" "asb" {
name = var.name
location = var.location
resource_group_name = var.resource_group_name
sku = var.sku
capacity = var.capacity
premium_messaging_partitions = var.premium_messaging_partitions

public_network_access_enabled = var.public_network_access_enabled
local_auth_enabled = false
minimum_tls_version = var.minimum_tls_version

dynamic "network_rule_set" {
for_each = length(var.subnet_ids) > 0 ? [1] : []
content {
public_network_access_enabled = var.public_network_access_enabled
default_action = var.network_rules_default_action
trusted_services_allowed = var.trusted_services_allowed

dynamic "network_rules" {
for_each = var.subnet_ids
content {
subnet_id = network_rules.value
}
}
}
}

dynamic "identity" {
for_each = length(var.identity_ids) > 0 ? [1] : []
content {
type = "UserAssigned"
identity_ids = var.identity_ids
}
}

dynamic "customer_managed_key" {
for_each = var.cmk_key_vault_key_id != null && length(var.identity_ids) > 0 ? [1] : []
content {
key_vault_key_id = var.cmk_key_vault_key_id
identity_id = var.identity_ids[0]
infrastructure_encryption_enabled = true
}
}

tags = var.tags
}
9 changes: 9 additions & 0 deletions terraform/modules/az-asb/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "id" {
description = "The ID of the Service Bus Namespace."
value = azurerm_servicebus_namespace.asb.id
}

output "endpoint" {
description = "The endpoint for the Service Bus Namespace."
value = azurerm_servicebus_namespace.asb.endpoint
}
115 changes: 115 additions & 0 deletions terraform/modules/az-asb/tests/premium_bus.tftest.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = false
recover_soft_deleted_key_vaults = true
}
}
}

run "setup" {
module {
source = "./tests/setup_premium"
}
}

run "plan" {

command = plan

variables {
name = "azasbpremium"
location = run.setup.resource_group_location
resource_group_name = run.setup.resource_group_name

subnet_ids = [run.setup.subnet_id]

tags = { Environment = "Test" }
}

assert {
condition = azurerm_servicebus_namespace.asb.name == var.name
error_message = "azurerm_servicebus_namespace name must be set"
}

assert {
condition = azurerm_servicebus_namespace.asb.resource_group_name == var.resource_group_name
error_message = "azurerm_servicebus_namespace resource_group_name must be set"
}

assert {
condition = azurerm_servicebus_namespace.asb.location == var.location
error_message = "azurerm_servicebus_namespace location must be set"
}

assert {
condition = azurerm_servicebus_namespace.asb.sku == "Premium"
error_message = "azurerm_servicebus_namespace sku must be set to Premium by default"
}

assert {
condition = azurerm_servicebus_namespace.asb.minimum_tls_version == "1.2"
error_message = "azurerm_servicebus_namespace min_tls_version must be set to 1.2"
}

assert {
condition = azurerm_servicebus_namespace.asb.capacity == 1
error_message = "azurerm_servicebus_namespace capacity must be set to 1"
}

assert {
condition = azurerm_servicebus_namespace.asb.public_network_access_enabled == false
error_message = "azurerm_servicebus_namespace public_network_access_enabled must be set to false"
}

assert {
condition = azurerm_servicebus_namespace.asb.local_auth_enabled == false
error_message = "azurerm_servicebus_namespace local_auth_enabled must be set to false"
}

assert {
condition = length(azurerm_servicebus_namespace.asb.tags) == 1
error_message = "azurerm_servicebus_namespace tags must contains one element"
}

}

run "apply" {

command = apply

variables {
name = "azasbstandard"
location = run.setup.resource_group_location
resource_group_name = run.setup.resource_group_name

subnet_ids = [run.setup.subnet_id]

tags = { Environment = "Test" }
}

assert {
condition = length(azurerm_servicebus_namespace.asb.network_rule_set) == 1
error_message = "acazurerm_servicebus_namespacer network_rule_set array must contains 1 element"
}

assert {
condition = length(azurerm_servicebus_namespace.asb.identity) == 0
error_message = "acazurerm_servicebus_namespacer identity array must contains 0 element"
}

assert {
condition = length(azurerm_servicebus_namespace.asb.customer_managed_key) == 0
error_message = "acazurerm_servicebus_namespacer customer_managed_key array must contains 0 element"
}

assert {
condition = output.id != "" && output.id != null
error_message = "output id is empty"
}

assert {
condition = output.endpoint != "" && output.endpoint != null
error_message = "output endpoint is empty"
}
}
Loading

0 comments on commit 6b4c4f3

Please sign in to comment.