Add Azure Linux Virtual Machine Terraform Module (#22)

* terraform fmt

* azure vm inux module

* fix coudinit file path issue

* vm fix

* terrform installation

* DEVOPS-312 vm terraform module

Author: githubofkrishnadhas

api-management/apim.tf

@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "rg" {
     Orchestrator    = "Terraform"
     DisplayName     = upper(var.resource_group_name)
     ApplicationName = lower(var.application_name)
-    Temporary = upper(var.temporary)
+    Temporary       = upper(var.temporary)
   }
 }
 
@@ -16,12 +16,12 @@ resource "azurerm_api_management" "apim" {
   resource_group_name = azurerm_resource_group.rg.name
   publisher_name      = tostring(var.publisher_name)
   publisher_email     = tostring(var.publisher_email)
-  sku_name = "${var.sku_name_part1}_${var.sku_name_part2}"
+  sku_name            = "${var.sku_name_part1}_${var.sku_name_part2}"
   tags = {
     Environment     = upper(var.environment)
     Orchestrator    = "Terraform"
     DisplayName     = upper(var.resource_group_name)
     ApplicationName = lower(var.application_name)
-    Temporary = upper(var.temporary)
+    Temporary       = upper(var.temporary)
   }
 }

container-registry/acr.tf

@@ -12,41 +12,41 @@ resource "azurerm_resource_group" "acr_rg" {
 
 
 resource "azurerm_container_registry" "acr" {
-  name = var.container_registry_name
+  name                = var.container_registry_name
   resource_group_name = azurerm_resource_group.acr_rg.name
-  location = azurerm_resource_group.acr_rg.location
-  sku = var.sku_name 
+  location            = azurerm_resource_group.acr_rg.location
+  sku                 = var.sku_name
 
   dynamic "georeplications" {
     for_each = var.georeplications
     content {
       location                = georeplications.value.location
       zone_redundancy_enabled = var.sku_name == "Premium" ? georeplications.value.zone_redundancy_enabled : false
       tags = {
-            Environment     = upper(var.environment)
-            Orchestrator    = "Terraform"
-            DisplayName     = "replication-${upper(var.container_registry_name)}"
-            ApplicationName = lower(var.application_name)
-            Temporary       = upper(var.temporary)
-        }
+        Environment     = upper(var.environment)
+        Orchestrator    = "Terraform"
+        DisplayName     = "replication-${upper(var.container_registry_name)}"
+        ApplicationName = lower(var.application_name)
+        Temporary       = upper(var.temporary)
+      }
     }
   }
 
-    retention_policy_in_days = var.sku_name == "Premium" ? var.container_registry_config.retention_policy_in_days : null
-    public_network_access_enabled = var.container_registry_config.public_network_access_enabled
-    quarantine_policy_enabled = var.sku_name == "Premium" ? var.container_registry_config.quarantine_policy_enabled : false
-    zone_redundancy_enabled = var.sku_name == "Premium" ? var.container_registry_config.zone_redundancy_enabled : false
-    admin_enabled = var.container_registry_config.admin_enabled
-    anonymous_pull_enabled = var.sku_name != "Basic" ? var.container_registry_config.anonymous_pull_enabled : false
-    data_endpoint_enabled = var.sku_name == "Premium" ? var.container_registry_config.data_endpoint_enabled : false
-    trust_policy_enabled = var.sku_name == "Premium" ? var.container_registry_config.trust_policy_enabled : false
+  retention_policy_in_days      = var.sku_name == "Premium" ? var.container_registry_config.retention_policy_in_days : null
+  public_network_access_enabled = var.container_registry_config.public_network_access_enabled
+  quarantine_policy_enabled     = var.sku_name == "Premium" ? var.container_registry_config.quarantine_policy_enabled : false
+  zone_redundancy_enabled       = var.sku_name == "Premium" ? var.container_registry_config.zone_redundancy_enabled : false
+  admin_enabled                 = var.container_registry_config.admin_enabled
+  anonymous_pull_enabled        = var.sku_name != "Basic" ? var.container_registry_config.anonymous_pull_enabled : false
+  data_endpoint_enabled         = var.sku_name == "Premium" ? var.container_registry_config.data_endpoint_enabled : false
+  trust_policy_enabled          = var.sku_name == "Premium" ? var.container_registry_config.trust_policy_enabled : false
 
-    network_rule_bypass_option = var.azure_services_bypass
-    tags = {
-            Environment     = upper(var.environment)
-            Orchestrator    = "Terraform"
-            DisplayName     = upper(var.container_registry_name)
-            ApplicationName = lower(var.application_name)
-            Temporary       = upper(var.temporary)
-        }
+  network_rule_bypass_option = var.azure_services_bypass
+  tags = {
+    Environment     = upper(var.environment)
+    Orchestrator    = "Terraform"
+    DisplayName     = upper(var.container_registry_name)
+    ApplicationName = lower(var.application_name)
+    Temporary       = upper(var.temporary)
+  }
 }

container-registry/outputs.tf

@@ -28,7 +28,7 @@ output "acr_admin_password" {
   description = " Password associated with the Container Registry Admin account - if the admin account is enabled"
   value       = nonsensitive(azurerm_container_registry.acr.admin_password)
   depends_on  = [azurerm_container_registry.acr]
-  sensitive = false 
+  sensitive   = false
 }
 
 output "acr_anonymous_pull_enabled" {

keyvault-nonprod/keyvault.tf

@@ -11,36 +11,36 @@ resource "azurerm_resource_group" "keyvault_rg" {
 }
 
 resource "azurerm_key_vault" "kv" {
-  name                             = var.keyvault_name
-  resource_group_name              = azurerm_resource_group.keyvault_rg.name
-  location                         = azurerm_resource_group.keyvault_rg.location
-  tenant_id = data.azurerm_client_config.current.tenant_id
-  sku_name = var.sku_name
-
-  enable_rbac_authorization = var.enable_rbac_authorization
-  enabled_for_deployment = var.azure_vms_can_access_certs_stored_as_secrets
-  enabled_for_disk_encryption = var.azure_disk_encryption_can_retrieve_secrets
+  name                = var.keyvault_name
+  resource_group_name = azurerm_resource_group.keyvault_rg.name
+  location            = azurerm_resource_group.keyvault_rg.location
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = var.sku_name
+
+  enable_rbac_authorization       = var.enable_rbac_authorization
+  enabled_for_deployment          = var.azure_vms_can_access_certs_stored_as_secrets
+  enabled_for_disk_encryption     = var.azure_disk_encryption_can_retrieve_secrets
   enabled_for_template_deployment = var.azure_resource_manager_can_retrieve_secrets
 
-  purge_protection_enabled = var.purge_protection_enabled
+  purge_protection_enabled   = var.purge_protection_enabled
   soft_delete_retention_days = var.soft_delete_retention_days
 
   public_network_access_enabled = var.public_network_access_enabled
 
   access_policy {
     tenant_id = data.azurerm_client_config.current.tenant_id
     object_id = data.azurerm_client_config.current.object_id
-    
+
     key_permissions = [
       "Get", "List", "Create", "Recover", "Purge", "UnwrapKey", "Update", "WrapKey", "Rotate", "GetRotationPolicy", "SetRotationPolicy"
     ]
 
     secret_permissions = [
-      "Get","Set", "List", "Delete", "Recover"
+      "Get", "Set", "List", "Delete", "Recover"
     ]
 
     storage_permissions = [
-      "Get", "Delete", "List", "Recover", "RegenerateKey","Restore","Set" , "SetSAS", "Update"
+      "Get", "Delete", "List", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update"
     ]
 
     certificate_permissions = [

keyvault-nonprod/variables.tf

@@ -19,7 +19,7 @@ variable "sku_name" {
   default     = "standard"
   description = "Keyvault SKUs available in azure. Valid options are standard and premium"
   validation {
-    condition = contains(["standard", "premium"], var.sku_name)
+    condition     = contains(["standard", "premium"], var.sku_name)
     error_message = "Keyvault SKU should be one among standard or premium"
   }
 }
@@ -52,47 +52,47 @@ variable "temporary" {
 }
 
 variable "azure_vms_can_access_certs_stored_as_secrets" {
-  default = false
-  type = bool
+  default     = false
+  type        = bool
   description = "Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault"
 }
 
-variable "azure_disk_encryption_can_retrieve_secrets"{
-  default = false
-  type = bool
+variable "azure_disk_encryption_can_retrieve_secrets" {
+  default     = false
+  type        = bool
   description = "Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys"
 }
 
-variable "azure_resource_manager_can_retrieve_secrets"{
-  default = false
-  type = bool
+variable "azure_resource_manager_can_retrieve_secrets" {
+  default     = false
+  type        = bool
   description = "Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the vault"
 }
 
 variable "enable_rbac_authorization" {
-  default = false
-  type = bool
+  default     = false
+  type        = bool
   description = "Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions"
 }
 
 variable "purge_protection_enabled" {
-  type = bool
-  default = false
+  type        = bool
+  default     = false
   description = "Purge Protection enabled or not"
 }
 
 variable "public_network_access_enabled" {
-  default = true
-  type = bool
+  default     = true
+  type        = bool
   description = "Whether public network access is allowed for this Key Vault"
 }
 
 variable "soft_delete_retention_days" {
-  default = 90
-  type = number
+  default     = 90
+  type        = number
   description = " The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90"
   validation {
-    condition = var.soft_delete_retention_days >= 7 && var.soft_delete_retention_days <=90
+    condition     = var.soft_delete_retention_days >= 7 && var.soft_delete_retention_days <= 90
     error_message = "This value should be between 7 and 90 both included."
   }
 }

kubernetes-cluster/kubernetes.tf

@@ -17,23 +17,23 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   location                  = var.location
   resource_group_name       = azurerm_resource_group.rg.name
   automatic_upgrade_channel = var.automatic_upgrade_channel
-  kubernetes_version = var.kubernetes_version
-  sku_tier = var.kubernetes_sku_tier
-  node_resource_group = var.aks_node_resource_group_name
+  kubernetes_version        = var.kubernetes_version
+  sku_tier                  = var.kubernetes_sku_tier
+  node_resource_group       = var.aks_node_resource_group_name
 
   dns_prefix = var.aks_cluster_name
 
   azure_active_directory_role_based_access_control {
     tenant_id              = data.azurerm_client_config.current.tenant_id
     admin_group_object_ids = data.azuread_groups.cluster_admin.object_ids
   }
-  
+
   network_profile {
     network_plugin      = var.network_plugin
     network_plugin_mode = var.network_plugin_mode
     network_policy      = var.network_policy
     pod_cidr            = var.pod_cidr_range
-    service_cidr        = var.service_cidr_subnet 
+    service_cidr        = var.service_cidr_subnet
     load_balancer_sku   = var.load_balancer_sku
     dns_service_ip      = cidrhost((var.service_cidr_subnet), 5) # 5th ip on service cidr subnet
   }
@@ -48,13 +48,13 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   dynamic "service_principal" {
     for_each = var.authentication_method == "service_principal" ? [1] : []
     content {
-      client_id = data.azurerm_key_vault_secret.appid.value
+      client_id     = data.azurerm_key_vault_secret.appid.value
       client_secret = data.azurerm_key_vault_secret.secret.value
     }
   }
 
   workload_identity_enabled = var.workload_identity_enabled
-  oidc_issuer_enabled = var.workload_identity_enabled ? true : false
+  oidc_issuer_enabled       = var.workload_identity_enabled ? true : false
 
   support_plan = var.support_plan
 
@@ -70,12 +70,12 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     auto_scaling_enabled   = var.default_nodepool_autoscaling
     type                   = "VirtualMachineScaleSets"
     node_public_ip_enabled = var.node_public_ip_enabled
-    orchestrator_version = var.kubernetes_version
+    orchestrator_version   = var.kubernetes_version
     max_pods               = var.max_pods_per_node
     vnet_subnet_id         = data.azurerm_subnet.vnet_subnet_cidr.id
     os_sku                 = var.os_sku
-    max_count = var.default_nodepool_max_count
-    min_count = var.default_nodepool_min_count
+    max_count              = var.default_nodepool_max_count
+    min_count              = var.default_nodepool_min_count
     tags = {
       Environment     = upper(var.environment)
       DisplayName     = upper(var.default_nodepool_name)
@@ -85,7 +85,7 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
 
   }
 
-  depends_on = [ azurerm_resource_group.rg ]
+  depends_on = [azurerm_resource_group.rg]
 
   key_vault_secrets_provider {
     secret_rotation_enabled  = var.key_vault_secrets_provider
@@ -104,25 +104,25 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
 
 # Create worker nodepool
 resource "azurerm_kubernetes_cluster_node_pool" "workernodes" {
-  name = var.worker_nodepool_name
-  kubernetes_cluster_id = azurerm_kubernetes_cluster.aks_cluster.id
+  name                   = var.worker_nodepool_name
+  kubernetes_cluster_id  = azurerm_kubernetes_cluster.aks_cluster.id
   vm_size                = var.worker_nodepool_sku
-  auto_scaling_enabled = var.worker_nodepool_autoscaling
+  auto_scaling_enabled   = var.worker_nodepool_autoscaling
   node_public_ip_enabled = var.node_public_ip_enabled
-  priority = var.worker_node_spot ? "Spot" : "Regular"
-  scale_down_mode = var.worker_node_scaledown_mode
-  vnet_subnet_id = data.azurerm_subnet.vnet_subnet_cidr.id
-  min_count = var.worker_nodepool_min_count
-  max_count = var.worker_nodepool_max_count
-  eviction_policy = var.worker_nodepool_eviction_policy
-  os_sku = var.os_sku
-  os_disk_size_gb = var.os_disk_size_in_gb
-      orchestrator_version = var.kubernetes_version
-  max_pods = var.max_pods_per_node
+  priority               = var.worker_node_spot ? "Spot" : "Regular"
+  scale_down_mode        = var.worker_node_scaledown_mode
+  vnet_subnet_id         = data.azurerm_subnet.vnet_subnet_cidr.id
+  min_count              = var.worker_nodepool_min_count
+  max_count              = var.worker_nodepool_max_count
+  eviction_policy        = var.worker_nodepool_eviction_policy
+  os_sku                 = var.os_sku
+  os_disk_size_gb        = var.os_disk_size_in_gb
+  orchestrator_version   = var.kubernetes_version
+  max_pods               = var.max_pods_per_node
   tags = {
-      Environment     = upper(var.environment)
-      DisplayName     = upper(var.worker_nodepool_name)
-      ApplicationName = lower(var.application_name)
-      Temporary       = upper(var.temporary)
-    }
+    Environment     = upper(var.environment)
+    DisplayName     = upper(var.worker_nodepool_name)
+    ApplicationName = lower(var.application_name)
+    Temporary       = upper(var.temporary)
+  }
 }

kubernetes-cluster/output.tf

@@ -5,5 +5,5 @@ output "aks_cluster_name" {
 
 output "aks_cluster_control_plane_url" {
   description = "FQDN of the Azure Kubernetes Managed Cluster"
-  value = azurerm_kubernetes_cluster.aks_cluster.fqdn
+  value       = azurerm_kubernetes_cluster.aks_cluster.fqdn
 }