Feature/sqlami (#55)

Author: waltergrasselli

.github/workflows/sql-managed-instance.yml

@@ -0,0 +1,77 @@
+name: Module:sql-managed-instance
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main  
+    paths:
+      - '.github/workflows/sql-managed-instance.yml'
+      - 'terraform/sql-managed-instance/**'
+      - '.github/actions/**'
+
+env:
+  terraform_workingdir: "terraform/sql-managed-instance"  
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}
+  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+
+jobs:     
+  terraform-lint:
+    name: Run Terraform lint
+    runs-on: ubuntu-latest
+    defaults:
+         run:
+          working-directory: "${{ env.terraform_workingdir }}"
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: hashicorp/setup-terraform@v2
+
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -check
+      continue-on-error: false
+
+  terraform-sec:
+    name: Run Terraform tfsec
+    needs: 
+      - terraform-lint
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@main
+
+    - name: Run tfsec with reviewdog output on the PR
+      uses: ./.github/actions/run-terraform-sec
+
+  terratest:
+    name: Run Terratest
+    needs: 
+      - terraform-sec
+    runs-on: ubuntu-latest
+
+    defaults:
+          run:
+            working-directory: "${{ env.terraform_workingdir }}/test"
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+          go-version: 1.18.2
+      
+    - name: Setup Dependencies
+      run:  go mod init test && go mod tidy
+      env:
+        GOPATH: "/home/runner/work/azure-labs-modules/azure-labs-modules/${{ env.terraform_workingdir }}"
+      
+    - name: Unit-test
+      run: go test -v -timeout 120m
+      env:
+        GOPATH: "/home/runner/work/azure-labs-modules/azure-labs-modules/${{ env.terraform_workingdir }}"

.gitignore

@@ -10,5 +10,4 @@ terraform.tfvars
 
 tests/
 app-service/
-stream-analytics-cluster/
-sql-managed-instance/
+stream-analytics-cluster/

terraform/sql-managed-instance/main.tf

@@ -0,0 +1,88 @@
+# Associate subnet and the security group
+resource "azurerm_subnet_network_security_group_association" "adl_sqlmi" {
+  subnet_id                 = var.subnet_id
+  network_security_group_id = var.network_security_group_id
+  count                     = var.module_enabled ? 1 : 0
+}
+
+# Associate subnet and the route table
+resource "azurerm_subnet_route_table_association" "adl_sqlmi" {
+  subnet_id      = var.subnet_id
+  route_table_id = var.route_table_id
+  count          = var.module_enabled ? 1 : 0
+}
+
+# Associate subnet and the security group
+resource "azurerm_subnet_network_security_group_association" "adl_sqlmi_pe" {
+  subnet_id                 = var.subnet_private_enpoint_id
+  network_security_group_id = var.network_security_group_id
+  count                     = var.is_sec_module && var.module_enabled ? 1 : 0
+}
+
+# Associate subnet and the route table
+resource "azurerm_subnet_route_table_association" "adl_sqlmi_pe" {
+  subnet_id      = var.subnet_private_enpoint_id
+  route_table_id = var.route_table_id
+  count          = var.is_sec_module && var.module_enabled ? 1 : 0
+}
+
+
+resource "azurerm_mssql_managed_instance" "adl_sqlmi" {
+  name                = "sqlmi-${var.basename}"
+  resource_group_name = var.rg_name
+  location            = var.location
+
+  license_type                   = var.license_type
+  sku_name                       = var.sku_name
+  storage_size_in_gb             = var.storage_size_in_gb
+  storage_account_type           = var.storage_account_type
+  subnet_id                      = var.subnet_id
+  vcores                         = var.vcores
+  maintenance_configuration_name = var.maintenance_configuration_name
+  dns_zone_partner_id            = var.dns_zone_partner_id == "" ? null : var.dns_zone_partner_id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  collation                    = var.collation
+  proxy_override               = var.proxy_override
+  public_data_endpoint_enabled = var.public_data_endpoint_enabled
+  timezone_id                  = var.timezone_id
+
+  administrator_login          = var.administrator_login
+  administrator_login_password = var.administrator_login_password
+
+  count = var.module_enabled ? 1 : 0
+  tags  = var.tags
+
+  depends_on = [
+    azurerm_subnet_network_security_group_association.adl_sqlmi,
+    azurerm_subnet_route_table_association.adl_sqlmi
+  ]
+}
+
+# Private Endpoint configuration
+
+resource "azurerm_private_endpoint" "sqlmi_pe_server" {
+  name                = "pe-${azurerm_mssql_managed_instance.adl_sqlmi[0].name}-sqlmi"
+  location            = var.location
+  resource_group_name = var.rg_name
+  subnet_id           = var.subnet_private_enpoint_id
+
+  private_service_connection {
+    name                           = "psc-sqlmi-${var.basename}"
+    private_connection_resource_id = azurerm_mssql_managed_instance.adl_sqlmi[0].id
+    subresource_names              = ["managedInstance"]
+    is_manual_connection           = false
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group-server"
+    private_dns_zone_ids = var.private_dns_zone_ids
+  }
+  count = var.is_sec_module && var.module_enabled ? 1 : 0
+
+  tags = var.tags
+}
+

terraform/sql-managed-instance/outputs.tf

@@ -0,0 +1,6 @@
+output "id" {
+  value = (
+    length(azurerm_mssql_managed_instance.adl_sqlmi) > 0 ?
+    azurerm_mssql_managed_instance.adl_sqlmi[0].id : ""
+  )
+}

terraform/sql-managed-instance/test/locals.tf

@@ -0,0 +1,9 @@
+locals {
+  tags = {
+    Project = "Azure/azure-data-labs-modules"
+    Module  = "sql-managed-instance"
+    Toolkit = "Terraform"
+  }
+
+  dns_sql_server = "privatelink.database.windows.net"
+}

terraform/sql-managed-instance/test/outputs.tf

@@ -0,0 +1,3 @@
+output "id" {
+  value = module.sql_managed_instance.id
+}

terraform/sql-managed-instance/test/providers.tf

@@ -0,0 +1,26 @@
+terraform {
+  backend "azurerm" {
+    resource_group_name  = "rg-adl-terraform-state"
+    storage_account_name = "stadltfstate"
+    container_name       = "default"
+    key                  = "sqlami.terraform.tfstate"
+
+    
+  }
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "= 3.30.0"
+    }
+  }
+
+}
+
+provider "azurerm" {
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}

terraform/sql-managed-instance/test/sql_managed_instance.tf

@@ -0,0 +1,84 @@
+
+# Modules dependencies
+module "local_rg" {
+  source   = "../../resource-group"
+  basename = random_string.postfix.result
+  location = var.location
+  tags     = local.tags
+}
+
+module "local_vnet" {
+  source        = "../../virtual-network"
+  rg_name       = module.local_rg.name
+  basename      = "vnet-${random_string.postfix.result}-sql-default"
+  location      = var.location
+  address_space = ["10.0.0.0/16"]
+}
+
+module "local_snet_default" {
+  source           = "../../subnet"
+  rg_name          = module.local_rg.name
+  name             = "snet-${random_string.postfix.result}-sqlmi-default"
+  vnet_name        = module.local_vnet.name
+  address_prefixes = ["10.0.6.0/24"]
+  subnet_delegation = {
+    delegation = [{
+      name    = "Microsoft.Sql/managedInstances"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"]
+  }] }
+}
+
+module "local_snet_private_enpoint" {
+  source           = "../../subnet"
+  rg_name          = module.local_rg.name
+  name             = "snet-${random_string.postfix.result}-sqlmi-private-endpoint"
+  vnet_name        = module.local_vnet.name
+  address_prefixes = ["10.0.5.0/24"]
+}
+
+module "network_security_group" {
+  source   = "../../network-security-group"
+  basename = "nsg-${random_string.postfix.result}"
+  rg_name  = module.local_rg.name
+  location = var.location
+  tags     = {}
+}
+
+module "route_table" {
+  source   = "../../route-table"
+  basename = "route-${random_string.postfix.result}"
+  rg_name  = module.local_rg.name
+  location = var.location
+  tags     = {}
+}
+
+// sql_managed_instance module
+module "sql_managed_instance" {
+  source                         = "git::https://github.com/Azure/azure-data-labs-modules.git//terraform/sql-managed-instance?ref=feature/sqlami"
+  basename                       = "sqlmi-${random_string.postfix.result}"
+  rg_name                        = module.local_rg.name
+  location                       = var.location
+  subnet_id                      = module.local_snet_default.id
+  subnet_private_enpoint_id      = module.local_snet_private_enpoint.id
+  route_table_id                 = module.route_table.id
+  network_security_group_id      = module.network_security_group.id
+  administrator_login            = "sqladminuser"
+  administrator_login_password   = "ThisIsNotVerySecure!"
+  module_enabled                 = true
+  is_sec_module                  = var.is_sec_module
+  tags                           = {}
+  license_type                   = "BasePrice"
+  sku_name                       = "GP_Gen5"
+  storage_size_in_gb             = 32
+  vcores                         = 4
+  maintenance_configuration_name = "SQL_Default"
+  dns_zone_partner_id            = ""
+  collation                      = "SQL_Latin1_General_CP1_CI_AS"
+  minimum_tls_version            = "1.2"
+  proxy_override                 = "Default"
+  public_data_endpoint_enabled   = false
+  storage_account_type           = "GRS"
+  timezone_id                    = "UTC"
+
+}
+

terraform/sql-managed-instance/test/unit_test.go

@@ -0,0 +1,30 @@
+package test
+
+import (
+	"testing"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestModule(t *testing.T) {
+	t.Parallel()
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: "./",
+		// VarFiles: []string{"terraform_unitest.tfvars"},
+	}
+
+	// At the end of the test, run `terraform destroy` to clean up any resources that were created
+	defer terraform.Destroy(t, terraformOptions)
+
+	// Is used mainly for debugging, fail early if plan is not possible
+	terraform.InitAndPlan(t, terraformOptions)
+
+	// This will run `terraform init` and `terraform apply` and fail the test if there are any errors
+	terraform.InitAndApply(t, terraformOptions)
+
+	// Check if the outputs exist
+	assert := assert.New(t)
+	id := terraform.Output(t, terraformOptions, "id")
+	assert.NotNil(id)
+}

terraform/sql-managed-instance/test/variables.tf

@@ -0,0 +1,21 @@
+resource "random_string" "postfix" {
+  length  = 8
+  special = false
+  upper   = false
+}
+
+variable "location" {
+  type    = string
+  default = "North Europe"
+}
+
+variable "rg_name_dns" {
+  type    = string
+  default = "rg-adl-modules-test-01-global-dns"
+}
+
+variable "is_sec_module" {
+  type        = bool
+  description = "Is secure module?"
+  default     = true
+}