DEVOPS-279 terraform module for azure vnet init commit (#9)

* DEVOPS-279 terraform module for azure vnet init commit

* DEVOPS-279 fix typos

* DEVOPS-279 fix rule isssue bya dding depends on

* fix nsg rule issue clash DEVOPS-279

Author: githubofkrishnadhas

virtual-network/nsg.tf

@@ -0,0 +1,67 @@
+# Inbound rules
+resource "azurerm_network_security_rule" "port80" {
+  name                        = "AllowHttpOn80"
+  description                 = "port 80 open for HTTP traffic"
+  priority                    = 150
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "80"
+  source_address_prefix       = "Internet"
+  destination_address_prefix  = "VirtualNetwork"
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = azurerm_network_security_group.nsg.name
+}
+
+resource "azurerm_network_security_rule" "port22" {
+  name                        = "AllowSSHOn22"
+  priority                    = 160
+  description                 = "Ssh on port 22"
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "22"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "VirtualNetwork"
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = azurerm_network_security_group.nsg.name
+  depends_on                  = [azurerm_network_security_rule.port80]
+}
+
+resource "azurerm_network_security_rule" "port8080" {
+  name                        = "AllowAnyCustom8080Inbound"
+  priority                    = 170
+  description                 = "port 8080 opened for jenkins deployment as a docker container"
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "*"
+  source_port_range           = "*"
+  destination_port_range      = "8080"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "VirtualNetwork"
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = azurerm_network_security_group.nsg.name
+  depends_on = [azurerm_network_security_rule.port22,
+    azurerm_network_security_rule.port80
+  ]
+}
+
+resource "azurerm_network_security_rule" "port4243" {
+  name                        = "AllowAnyCustom4243Inbound"
+  priority                    = 180
+  description                 = "TCP connection jenkins + docker set"
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "4243"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "VirtualNetwork"
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = azurerm_network_security_group.nsg.name
+  depends_on = [azurerm_network_security_rule.port22,
+    azurerm_network_security_rule.port80, azurerm_network_security_rule.port8080
+  ]
+}

virtual-network/output.tf

@@ -0,0 +1,30 @@
+output "resource_group_name" {
+  value       = azurerm_resource_group.rg.name
+  description = "Azure resource group name"
+}
+
+output "location" {
+  description = "Azure Location"
+  value       = azurerm_resource_group.rg.location
+}
+
+output "vnet_name" {
+  description = "Azure Virtual network name"
+  value       = azurerm_virtual_network.vnet.name
+}
+
+output "vnet_address_range" {
+  description = "Azure Vnet address range"
+  value       = azurerm_virtual_network.vnet.address_space
+}
+
+output "subnet_ids" {
+  description = "List of all subnet IDs"
+  value       = azurerm_subnet.subnet[*].id # Collect all subnet IDs
+}
+
+output "network_security_group_id" {
+  description = "Azure NSG ID"
+  value       = azurerm_network_security_group.nsg.id
+}
+

virtual-network/providers.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_version = "~> 1.3"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "<= 4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.1"
+    }
+  }
+}
+provider "azurerm" {
+  features {}
+}

virtual-network/variables.tf

@@ -0,0 +1,54 @@
+variable "resource_group_name" {
+  default     = ""
+  description = "Azure Vnet resource group name"
+  type        = string
+}
+
+variable "vnet_name" {
+  default     = ""
+  description = "Azure Vnet name"
+  type        = string
+}
+
+variable "location" {
+  default     = ""
+  description = "Azure location"
+  type        = string
+}
+
+variable "application_name" {
+  default     = ""
+  description = "Azure application name tag"
+  type        = string
+}
+
+variable "environment" {
+  default     = ""
+  description = "Environment tag value in Azure"
+  type        = string
+  validation {
+    condition     = contains(["DEV", "QA", "UAT", "PROD"], var.environment)
+    error_message = "Environment value should be one among DEV or QA or UAT or PROD."
+  }
+}
+
+variable "vnet_address_space" {
+  description = "Azure VNET address space"
+  type        = list(string)
+  default     = []
+  validation {
+    condition     = length(var.vnet_address_space) > 0
+    error_message = "The address_space variable must contain at least one CIDR block."
+  }
+}
+
+variable "subnet_cidrs" {
+  default     = []
+  type        = list(string)
+  description = "Azure Subnet Ip addresses"
+  validation {
+    condition     = length(var.subnet_cidrs) > 0
+    error_message = "Atleast a single subnet CIDR is required."
+  }
+}
+

virtual-network/vnet.tf

@@ -0,0 +1,53 @@
+resource "azurerm_resource_group" "rg" {
+  name     = upper(var.resource_group_name)
+  location = var.location
+  tags = {
+    Environment     = upper(var.environment)
+    Orchestrator    = "Terraform"
+    DisplayName     = upper(var.resource_group_name)
+    ApplicationName = lower(var.application_name)
+  }
+}
+
+# Create NSG
+resource "azurerm_network_security_group" "nsg" {
+  name                = upper("${var.vnet_name}-nsg")
+  location            = var.location
+  resource_group_name = upper(var.resource_group_name)
+  tags = {
+    Environment     = upper(var.environment)
+    Orchestrator    = "Terraform"
+    DisplayName     = upper(var.resource_group_name)
+    ApplicationName = lower(var.application_name)
+  }
+}
+
+# Create a Vnet
+resource "azurerm_virtual_network" "vnet" {
+  name                = upper(var.vnet_name)
+  resource_group_name = upper(var.resource_group_name)
+  location            = var.location
+  address_space       = var.vnet_address_space
+  tags = {
+    Environment     = upper(var.environment)
+    Orchestrator    = "Terraform"
+    DisplayName     = upper(var.resource_group_name)
+    ApplicationName = lower(var.application_name)
+  }
+}
+
+# Create subnets dynamically based on the provided CIDR blocks
+resource "azurerm_subnet" "subnet" {
+  count                = length(var.subnet_cidrs)                        # Create as many subnets as in the CIDR list
+  name                 = upper("${var.vnet_name}-subnet-${count.index}") # Dynamic subnet name: subnet-0, subnet-1, etc.
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = [element(var.subnet_cidrs, count.index)] # Assign each CIDR from the list
+}
+
+# Associate subnets to NSG
+resource "azurerm_subnet_network_security_group_association" "subnet2nsg" {
+  count                     = length(var.subnet_cidrs)
+  subnet_id                 = azurerm_subnet.subnet[count.index].id
+  network_security_group_id = azurerm_network_security_group.nsg.id
+}

vmss-linux/providers.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.0"
+      version = "<= 4.0"
     }
     random = {
       source  = "hashicorp/random"