feat: Add tf modules for azure bus

terraform/modules/az-asb-queue/checkov.yml

@@ -0,0 +1,2 @@
+skip-path:
+  - tests

terraform/modules/az-asb-queue/main.tf

@@ -0,0 +1,15 @@
+resource "azurerm_servicebus_queue" "asb" {
+  name         = var.name
+  namespace_id = var.namespace_id
+
+  lock_duration                           = var.lock_duration
+  default_message_ttl                     = var.default_message_ttl
+  requires_session                        = var.requires_session
+  enable_partitioning                     = var.enable_partitioning
+  requires_duplicate_detection            = var.requires_duplicate_detection
+  duplicate_detection_history_time_window = var.duplicate_detection_history_time_window
+
+  forward_to                        = var.forward_to
+  forward_dead_lettered_messages_to = var.forward_dead_lettered_messages_to
+
+}

terraform/modules/az-asb-queue/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ServiceBus Queue ID."
+  value       = azurerm_servicebus_queue.asb.id
+}

terraform/modules/az-asb-queue/tests/queue.tftest.hcl

@@ -0,0 +1,53 @@
+provider "azurerm" {
+  features {
+  }
+}
+
+run "setup" {
+  module {
+    source = "./tests/setup"
+  }
+}
+
+run "plan" {
+
+  command = plan
+
+  variables {
+    name                            = "azasbstandardqueue"
+    namespace_id                    = run.setup.namespace_id
+    default_message_ttl             = "PT1M"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_queue.asb.name == var.name
+    error_message  = "azurerm_servicebus_queue name must be set"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_queue.asb.namespace_id == var.namespace_id
+    error_message  = "azurerm_servicebus_queue namespace_id must be set"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_queue.asb.default_message_ttl == var.default_message_ttl
+    error_message  = "azurerm_servicebus_queue default_message_ttl must be set"
+  }
+
+}
+
+run "apply" {
+
+    command = apply
+
+    variables {
+      name                            = "azasbstandardqueue"
+      namespace_id                    = run.setup.namespace_id
+      default_message_ttl             = "PT1M"
+    }
+
+    assert {
+      condition       = output.id != "" && output.id != null
+      error_message  = "output id is empty"
+    }
+}

terraform/modules/az-asb-queue/tests/setup/main.tf

@@ -0,0 +1,18 @@
+data "azurerm_resource_group" "test" {
+  name = "tf-test-rg"
+}
+
+resource "azurerm_servicebus_namespace" "test" {
+  name                = "system-az-asb-queue"
+  location            = data.azurerm_resource_group.test.location
+  resource_group_name = data.azurerm_resource_group.test.name
+  sku                 = "Standard"
+
+  tags = {
+    environment = "Test"
+  }
+}
+
+output "namespace_id" {
+  value = azurerm_servicebus_namespace.test.id
+}

terraform/modules/az-asb-queue/variables.tf

@@ -0,0 +1,57 @@
+variable "name" {
+  description = "The name of the Service Bus Queue"
+  type        = string
+}
+
+variable "namespace_id" {
+  description = "The ID of the Service Bus Namespace"
+  type        = string
+}
+
+variable "lock_duration" {
+  description = "The lock duration for messages in the Service Bus Queue"
+  type        = string
+  default     = "PT1M"
+}
+
+variable "default_message_ttl" {
+  description = "The TTL for messages in the Service Bus Queue"
+  type        = string
+  default     = "PT5M"
+}
+
+variable "requires_session" {
+  description = "Does the Service Bus Queue require a session"
+  type        = bool
+  default     = false
+}
+
+variable "enable_partitioning" {
+  description = "Is partitioning enabled for the Service Bus Queue"
+  type        = bool
+  default     = false
+}
+
+variable "requires_duplicate_detection" {
+  description = "Does the Service Bus Queue require duplicate detection"
+  type        = bool
+  default     = false
+}
+
+variable "duplicate_detection_history_time_window" {
+  description = "The time window for duplicate detection"
+  type        = string
+  default     = "PT10M"
+}
+
+variable "forward_to" {
+  description = "The name of the Service Bus Queue to forward messages to"
+  type        = string
+  default     = null
+}
+
+variable "forward_dead_lettered_messages_to" {
+  description = "The name of the Service Bus Queue to forward dead lettered messages to"
+  type        = string
+  default     = null
+}

terraform/modules/az-asb/README.md

@@ -0,0 +1,45 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.96.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_servicebus_namespace.asb](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/servicebus_namespace) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_capacity"></a> [capacity](#input\_capacity) | The capacity of the Azure Service Bus Namespace | `number` | `1` | no |
+| <a name="input_cmk_key_vault_key_id"></a> [cmk\_key\_vault\_key\_id](#input\_cmk\_key\_vault\_key\_id) | The Key Vault Key Id to associate with the Azure Service Bus Namespace | `string` | `null` | no |
+| <a name="input_identity_ids"></a> [identity\_ids](#input\_identity\_ids) | A list of identities associated with the Azure Service Bus Namespace | `list(string)` | `[]` | no |
+| <a name="input_location"></a> [location](#input\_location) | Azure Region Location | `string` | n/a | yes |
+| <a name="input_minimum_tls_version"></a> [minimum\_tls\_version](#input\_minimum\_tls\_version) | The minimum TLS version for the Azure Service Bus Namespace | `string` | `"1.2"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the azure bus namespace | `any` | n/a | yes |
+| <a name="input_network_rules_default_action"></a> [network\_rules\_default\_action](#input\_network\_rules\_default\_action) | The default action of the network rules | `string` | `"Deny"` | no |
+| <a name="input_premium_messaging_partitions"></a> [premium\_messaging\_partitions](#input\_premium\_messaging\_partitions) | The number of messaging partitions for the Azure Service Bus Namespace | `number` | `1` | no |
+| <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Is public network access enabled for the Azure Service Bus Namespace | `bool` | `false` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Resource group name of the azure bus namespace | `any` | n/a | yes |
+| <a name="input_sku"></a> [sku](#input\_sku) | The SKU of the Azure Service Bus Namespace | `string` | `"Premium"` | no |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The list of subnet ids to associate with the Azure Service Bus Namespace | `list(string)` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to associate with resources. | `map(string)` | n/a | yes |
+| <a name="input_trusted_services_allowed"></a> [trusted\_services\_allowed](#input\_trusted\_services\_allowed) | The list of trusted services allowed | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | The endpoint for the Service Bus Namespace. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Service Bus Namespace. |

terraform/modules/az-asb/checkov.yml

@@ -0,0 +1,2 @@
+skip-path:
+  - tests

terraform/modules/az-asb/main.tf

@@ -0,0 +1,47 @@
+resource "azurerm_servicebus_namespace" "asb" {
+  name                         = var.name
+  location                     = var.location
+  resource_group_name          = var.resource_group_name
+  sku                          = var.sku
+  capacity                     = var.capacity
+  premium_messaging_partitions = var.premium_messaging_partitions
+
+  public_network_access_enabled = var.public_network_access_enabled
+  local_auth_enabled            = false
+  minimum_tls_version           = var.minimum_tls_version
+
+  dynamic "network_rule_set" {
+    for_each = length(var.subnet_ids) > 0 ? [1] : []
+    content {
+      public_network_access_enabled = var.public_network_access_enabled
+      default_action                = var.network_rules_default_action
+      trusted_services_allowed      = var.trusted_services_allowed
+
+      dynamic "network_rules" {
+        for_each = var.subnet_ids
+        content {
+          subnet_id = network_rules.value
+        }
+      }
+    }
+  }
+
+  dynamic "identity" {
+    for_each = length(var.identity_ids) > 0 ? [1] : []
+    content {
+      type         = "UserAssigned"
+      identity_ids = var.identity_ids
+    }
+  }
+
+  dynamic "customer_managed_key" {
+    for_each = var.cmk_key_vault_key_id != null && length(var.identity_ids) > 0 ? [1] : []
+    content {
+      key_vault_key_id                  = var.cmk_key_vault_key_id
+      identity_id                       = var.identity_ids[0]
+      infrastructure_encryption_enabled = true
+    }
+  }
+
+  tags = var.tags
+}

terraform/modules/az-asb/outputs.tf

@@ -0,0 +1,9 @@
+output "id" {
+  description = "The ID of the Service Bus Namespace."
+  value       = azurerm_servicebus_namespace.asb.id
+}
+
+output "endpoint" {
+  description = "The endpoint for the Service Bus Namespace."
+  value       = azurerm_servicebus_namespace.asb.endpoint
+}

terraform/modules/az-asb/tests/premium_bus.tftest.hcl

@@ -0,0 +1,115 @@
+provider "azurerm" {
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy    = false
+      recover_soft_deleted_key_vaults = true
+    }
+  }
+}
+
+run "setup" {
+  module {
+    source = "./tests/setup_premium"
+  }
+}
+
+run "plan" {
+
+  command = plan
+
+  variables {
+    name                            = "azasbpremium"
+    location                        = run.setup.resource_group_location
+    resource_group_name             = run.setup.resource_group_name
+
+    subnet_ids                      = [run.setup.subnet_id]
+
+    tags                            = { Environment = "Test" }
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.name == var.name
+    error_message  = "azurerm_servicebus_namespace name must be set"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.resource_group_name == var.resource_group_name
+    error_message  = "azurerm_servicebus_namespace resource_group_name must be set"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.location == var.location
+    error_message  = "azurerm_servicebus_namespace location must be set"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.sku == "Premium"
+    error_message  = "azurerm_servicebus_namespace sku must be set to Premium by default"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.minimum_tls_version == "1.2"
+    error_message  = "azurerm_servicebus_namespace min_tls_version must be set to 1.2"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.capacity == 1
+    error_message  = "azurerm_servicebus_namespace capacity must be set to 1"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.public_network_access_enabled == false
+    error_message  = "azurerm_servicebus_namespace public_network_access_enabled must be set to false"
+  }
+
+  assert {
+    condition      = azurerm_servicebus_namespace.asb.local_auth_enabled == false
+    error_message  = "azurerm_servicebus_namespace local_auth_enabled must be set to false"
+  }
+
+  assert {
+    condition       = length(azurerm_servicebus_namespace.asb.tags) == 1
+    error_message  = "azurerm_servicebus_namespace tags must contains one element"
+  }
+
+}
+
+run "apply" {
+
+    command = apply
+
+    variables {
+      name                            = "azasbstandard"
+      location                        = run.setup.resource_group_location
+      resource_group_name             = run.setup.resource_group_name
+
+      subnet_ids                      = [run.setup.subnet_id]
+
+      tags                            = { Environment = "Test" }
+    }
+
+  assert {
+    condition       = length(azurerm_servicebus_namespace.asb.network_rule_set) == 1
+    error_message  = "acazurerm_servicebus_namespacer network_rule_set array must contains 1 element"
+  }
+
+  assert {
+    condition       = length(azurerm_servicebus_namespace.asb.identity) == 0
+    error_message  = "acazurerm_servicebus_namespacer identity array must contains 0 element"
+  }
+
+  assert {
+    condition       = length(azurerm_servicebus_namespace.asb.customer_managed_key) == 0
+    error_message  = "acazurerm_servicebus_namespacer customer_managed_key array must contains 0 element"
+  }
+
+  assert {
+      condition       = output.id != "" && output.id != null
+      error_message  = "output id is empty"
+  }
+
+  assert {
+      condition       = output.endpoint != "" && output.endpoint != null
+      error_message  = "output endpoint is empty"
+  }
+}