Merge pull request #760 from sihbher/main

Enhancements and Fixes in Terraform Greenfield ADDS Deployment

Author: danycontre

workload/terraform/greenfield/ADDSscenario/data.tf

@@ -3,7 +3,7 @@ data "azurerm_subscription" "primary" {}
 data "azurerm_client_config" "current" {}
 
 data "azurerm_virtual_network" "remote" {
-  provider = azurerm.hub
+  provider            = azurerm.hub
   name                = var.hub_vnet
   resource_group_name = var.hub_connectivity_rg
 }

workload/terraform/greenfield/ADDSscenario/keyvault.tf

@@ -1,3 +1,22 @@
+# Get current IP address for use in KV firewall rules
+data "http" "ip" {
+  url = "https://api.ipify.org/"
+  retry {
+    attempts     = 5
+    max_delay_ms = 1000
+    min_delay_ms = 500
+  }
+}
+# Get current IP address for use in KV firewall rules
+data "http" "ipv6" {
+  url = "https://api64.ipify.org/"
+  retry {
+    attempts     = 5
+    max_delay_ms = 1000
+    min_delay_ms = 500
+  }
+}
+
 module "avm-res-keyvault-vault" {
   source                      = "Azure/avm-res-keyvault-vault/azurerm"
   version                     = "0.5.3"
@@ -29,7 +48,7 @@ module "avm-res-keyvault-vault" {
   network_acls = {
     bypass         = "AzureServices"
     default_action = "Deny"
-    ip_rules       = ["136.28.83.128"]
+    ip_rules       = ["${data.http.ip.response_body}/32", "${data.http.ipv6.response_body}/32"]
     virtual_network_subnet_ids = [
       data.azurerm_subnet.pesubnet.id
     ]

workload/terraform/greenfield/ADDSscenario/main.tf

@@ -39,7 +39,7 @@ module "avm_res_desktopvirtualization_hostpool" {
   version = "0.1.4"
 
   virtual_desktop_host_pool_location                 = azurerm_resource_group.this.location
-  virtual_desktop_host_pool_name                     = "${var.hostpool}-${var.prefix}-${var.environment}-${var.avdLocation}"
+  virtual_desktop_host_pool_name                     = "${var.hostpool}-${var.prefix}-${var.environment}"
   virtual_desktop_host_pool_type                     = "Pooled" // "Personal" or "Pooled"
   virtual_desktop_host_pool_resource_group_name      = azurerm_resource_group.this.name
   virtual_desktop_host_pool_load_balancer_type       = "BreadthFirst" // "DepthFirst" or "BreadthFirst"
@@ -85,7 +85,7 @@ module "avm_res_desktopvirtualization_applicationgroup" {
   source                                                = "Azure/avm-res-desktopvirtualization-applicationgroup/azurerm"
   enable_telemetry                                      = var.enable_telemetry
   version                                               = "0.1.2"
-  virtual_desktop_application_group_name                = "${var.dag}-${var.prefix}-${var.environment}-${var.avdLocation}-01"
+  virtual_desktop_application_group_name                = "${var.dag}-${var.prefix}-${var.environment}-01"
   virtual_desktop_application_group_type                = "Desktop"
   virtual_desktop_application_group_host_pool_id        = module.avm_res_desktopvirtualization_hostpool.resource.id
   virtual_desktop_application_group_resource_group_name = azurerm_resource_group.this.name
@@ -97,13 +97,14 @@ module "avm_res_desktopvirtualization_applicationgroup" {
 # Create Azure Virtual Desktop workspace
 module "avm_res_desktopvirtualization_workspace" {
   source              = "Azure/avm-res-desktopvirtualization-workspace/azurerm"
-  version             = "0.1.2"
+  version             = "0.2.0"
   enable_telemetry    = var.enable_telemetry
   resource_group_name = azurerm_resource_group.this.name
-  location            = azurerm_resource_group.this.location
-  description         = "${var.prefix} Workspace"
-  name                = "${var.workspace}-${var.prefix}-${var.environment}-${var.avdLocation}-01"
-  tags                = local.tags
+  virtual_desktop_workspace_resource_group_name = azurerm_resource_group.this.name
+  virtual_desktop_workspace_location            = azurerm_resource_group.this.location
+  virtual_desktop_workspace_name                = "${var.workspace}-${var.prefix}-${var.environment}-${var.avdLocation}-01"
+
+  tags = local.tags
 }
 
 resource "azurerm_virtual_desktop_workspace_application_group_association" "workappgrassoc" {
@@ -123,6 +124,7 @@ data "azurerm_role_definition" "power_role" {
 }
 
 resource "azurerm_role_assignment" "new" {
+  name               = random_uuid.example.result
   principal_id       = data.azuread_service_principal.spn.object_id
   scope              = data.azurerm_subscription.primary.id
   role_definition_id = data.azurerm_role_definition.power_role.id

workload/terraform/modules/network/locals.tf

@@ -3,4 +3,7 @@ locals {
     environment = var.prefix
     source      = "https://github.com/Azure/avdaccelerator/tree/main/workload/terraform/avdbaseline"
   }
+
+  #Validate if identity_subscription_id is equal to hub_subscription_id
+  use_same_hub_identity_vnet =  var.identity_subscription_id == var.hub_subscription_id ? true : false
 }

workload/terraform/modules/network/main.tf

@@ -48,10 +48,11 @@ resource "azurerm_virtual_network_peering" "peer1" {
   depends_on = [
     azurerm_virtual_network.vnet, azurerm_resource_group.net, azurerm_subnet.subnet
   ]
-
 }
 
 resource "azurerm_virtual_network_peering" "peer4" {
+  count = local.use_same_hub_identity_vnet ? 0 : 1
+
   name                         = "peer_${var.prefix}_avdspoke_identity"
   resource_group_name          = azurerm_resource_group.net.name
   virtual_network_name         = azurerm_virtual_network.vnet.name
@@ -66,6 +67,7 @@ resource "azurerm_virtual_network_peering" "peer4" {
     azurerm_virtual_network_peering.peer1
   ]
 }
+
 resource "azurerm_virtual_network_peering" "peer2" {
   name                         = "peer_${var.prefix}_hub_avdspoke"
   resource_group_name          = var.hub_connectivity_rg
@@ -83,6 +85,8 @@ resource "azurerm_virtual_network_peering" "peer2" {
 }
 
 resource "azurerm_virtual_network_peering" "peer3" {
+    count = local.use_same_hub_identity_vnet ? 0 : 1
+
   name                         = "peer_${var.prefix}_identity_avdspoke"
   resource_group_name          = var.identity_rg
   virtual_network_name         = var.identity_vnet