Feat/dtoss 9003 deploy service bus into the hub vnet (#176)

* DTOSS: Fix the name of the ACR

* DTOSS-9003: Deploy service bus into the hub vnet

* DTOSS-9006: Update the Service Bus module cause it must have private end points to work

* DTOSS-9006: Update the Service Bus module cause it must have private end points to work

* DTOSS-9006: Update the Service Bus module cause it must have private end points to work

* DTOSS-9006: Update the Service Bus module cause it must have private end points to work

Author: mrlockstar

infrastructure/modules/service-bus/example/main.tf

@@ -11,6 +11,17 @@ module "azure_service_bus" {
   capacity                  = each.value.capacity
   sku_tier                  = each.value.sku_tier
 
+  # Private Endpoint Configuration if enabled
+  private_endpoint_properties = var.features.private_endpoints_enabled ? {
+    # THIS MUST be changed to service bus
+    private_dns_zone_ids                 = [data.terraform_remote_state.hub.outputs.private_dns_zones["${each.value.region}-event_hub"].id]
+    private_endpoint_enabled             = var.features.private_endpoints_enabled
+    private_endpoint_subnet_id           = module.subnets["${module.regions_config[each.value.region].names.subnet}-pep"].id
+    private_endpoint_resource_group_name = azurerm_resource_group.rg_private_endpoints[each.value.region].name
+    private_service_connection_is_manual = var.features.private_service_connection_is_manual
+  } : null
+
+
   tags = var.tags
 }
 

infrastructure/modules/service-bus/example/variables.tf

@@ -15,6 +15,29 @@ variable "regions" {
   }))
 }
 
+variable "private_endpoint_properties" {
+  description = "Consolidated properties for the Service Bus Private Endpoint."
+  type = object({
+    private_dns_zone_ids                 = optional(list(string), [])
+    private_endpoint_enabled             = optional(bool, false)
+    private_endpoint_subnet_id           = optional(string, "")
+    private_endpoint_resource_group_name = optional(string, "")
+    private_service_connection_is_manual = optional(bool, false)
+  })
+
+  validation {
+    condition = (
+      can(var.private_endpoint_properties == null) ||
+      can(var.private_endpoint_properties.private_endpoint_enabled == false) ||
+      can((length(var.private_endpoint_properties.private_dns_zone_ids) > 0 &&
+        length(var.private_endpoint_properties.private_endpoint_subnet_id) > 0
+        )
+      )
+    )
+    error_message = "Both private_dns_zone_ids and private_endpoint_subnet_id must be provided if private_endpoint_enabled is true."
+  }
+}
+
 variable "service_bus" {
   description = "Configuration for Service Bus namespaces and their topics"
   type = map(object({

infrastructure/modules/service-bus/main.tf

@@ -27,3 +27,37 @@ resource "azurerm_servicebus_topic" "this" {
   status                                  = each.value.status
 }
 
+resource "azurerm_servicebus_namespace_authorization_rule" "this" {
+  name                = "access-rule"
+  namespace_id        = azurerm_servicebus_namespace.this.id
+
+  listen              = true
+  send                = true
+  manage              = false
+}
+
+
+module "private_endpoint_service_bus_namespace" {
+  count = var.private_endpoint_properties.private_endpoint_enabled ? 1 : 0
+
+  source = "../private-endpoint"
+
+  name                = "${var.servicebus_namespace_name}-servicebus-private-endpoint"
+  resource_group_name = var.private_endpoint_properties.private_endpoint_resource_group_name
+  location            = var.location
+  subnet_id           = var.private_endpoint_properties.private_endpoint_subnet_id
+
+  private_dns_zone_group = {
+    name                 = "${var.servicebus_namespace_name}-private-endpoint-zone-group"
+    private_dns_zone_ids = var.private_endpoint_properties.private_dns_zone_ids
+  }
+
+  private_service_connection = {
+    name                           = "${var.servicebus_namespace_name}-private-endpoint-connection"
+    private_connection_resource_id = azurerm_servicebus_namespace.this.id
+    subresource_names              = ["namespace"]
+    is_manual_connection           = var.private_endpoint_properties.private_service_connection_is_manual
+  }
+
+  tags = var.tags
+}

infrastructure/modules/service-bus/output.tf

@@ -0,0 +1,8 @@
+output "servicebus_connection_string" {
+  value = azurerm_servicebus_namespace_authorization_rule.this.primary_connection_string
+  sensitive = true
+}
+
+output "namespace_id" {
+  value = azurerm_servicebus_namespace.this.id
+}

infrastructure/modules/service-bus/variables.tf

@@ -89,3 +89,25 @@ variable "tags" {
   default     = {}
 }
 
+variable "private_endpoint_properties" {
+  description = "Consolidated properties for the Service Bus Private Endpoint."
+  type = object({
+    private_dns_zone_ids                 = optional(list(string), [])
+    private_endpoint_enabled             = optional(bool, false)
+    private_endpoint_subnet_id           = optional(string, "")
+    private_endpoint_resource_group_name = optional(string, "")
+    private_service_connection_is_manual = optional(bool, false)
+  })
+
+  validation {
+    condition = (
+      can(var.private_endpoint_properties == null) ||
+      can(var.private_endpoint_properties.private_endpoint_enabled == false) ||
+      can((length(var.private_endpoint_properties.private_dns_zone_ids) > 0 &&
+        length(var.private_endpoint_properties.private_endpoint_subnet_id) > 0
+        )
+      )
+    )
+    error_message = "Both private_dns_zone_ids and private_endpoint_subnet_id must be provided if private_endpoint_enabled is true."
+  }
+}