kumarvna
diff --git a/‎examples/complete/.terraform.lock.hcl
Lines changed: 18 additions & 0 deletions b/‎examples/complete/.terraform.lock.hcl
Lines changed: 18 additions & 0 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 42 additions & 2 deletions b/‎examples/complete/main.tf
Lines changed: 42 additions & 2 deletions
diff --git a/‎examples/complete/output.tf
Lines changed: 48 additions & 0 deletions b/‎examples/complete/output.tf
Lines changed: 48 additions & 0 deletions
diff --git a/‎main.tf
Lines changed: 161 additions & 9 deletions b/‎main.tf
Lines changed: 161 additions & 9 deletions
diff --git a/‎output.tf
Lines changed: 48 additions & 0 deletions b/‎output.tf
Lines changed: 48 additions & 0 deletions
@@ -11,18 +11,58 @@ module "redis" {
   resource_group_name   = "rg-shared-westeurope-01"
   location              = "westeurope"
 
+  # Schedule maintenance for Redis. The default maintenance window is 5 hours
+  # This does not cover any maintenance done by Azure for updating the underlying platform.
+
   redis_server_settings = {
     demoredischache-shared = {
-      sku_name = "Standard"
-      capacity = 2
+      sku_name            = "Premium"
+      capacity            = 2
+      shard_count         = 3
+      zones               = ["1", "2", "3"]
+      enable_non_ssl_port = true
+      patch_schedule = {
+        days_of_week   = "Monday"
+        start_hour_utc = 21
+      }
     }
   }
 
+  #Configure virtual network support for a Premium Azure Cache for Redis instance
+  subnet_id = "/subscriptions/1e3f0eeb-2235-44cd-b3a3-dcded0861d06/resourceGroups/rg-shared-westeurope-01/providers/Microsoft.Network/virtualNetworks/vnet-shared-hub-westeurope-001/subnets/snet-appgateway"
+
   redis_configuration = {
     maxmemory_reserved = 2
     maxmemory_delta    = 2
     maxmemory_policy   = "allkeys-lru"
   }
+  /* # Redis data backup 
+  enable_data_persistence                    = true
+  data_persistence_backup_frequency          = 60
+  data_persistence_backup_max_snapshot_count = 1
+*/
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  # "name" may only contain alphanumeric characters and underscores
+  firewall_rules = {
+    access_to_azure = {
+      start_ip = "1.2.3.4"
+      end_ip   = "1.2.3.4"
+    },
+    desktop_ip = {
+      start_ip = "49.204.228.223"
+      end_ip   = "49.204.228.223"
+    }
+  }
+
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.mysql.database.azure.com` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
+  # Private endpoints doesn't work If using `subnet_id` to create redis cache inside a specified virtual network
+
+  enable_private_endpoint       = true
+  virtual_network_name          = "vnet-shared-hub-westeurope-001"
+  private_subnet_address_prefix = ["10.1.5.0/29"]
+  #  existing_private_dns_zone     = "demo.example.com"
 
   # Tags for Azure Resources
   tags = {
 
@@ -0,0 +1,48 @@
+output "redis_cache_instance_id" {
+  description = "The Route ID of Redis Cache Instance"
+  value       = module.redis.redis_cache_instance_id
+}
+
+output "redis_cache_hostname" {
+  description = "The Hostname of the Redis Instance"
+  value       = module.redis.redis_cache_hostname
+}
+
+output "redis_cache_ssl_port" {
+  description = "The SSL Port of the Redis Instance"
+  value       = module.redis.redis_cache_ssl_port
+}
+
+output "redis_cache_port" {
+  description = "The non-SSL Port of the Redis Instance"
+  value       = module.redis.redis_cache_port
+}
+
+output "redis_cache_primary_access_key" {
+  description = "The Primary Access Key for the Redis Instance"
+  value       = module.redis.redis_cache_primary_access_key
+  sensitive   = true
+}
+
+output "redis_cache_secondary_access_key" {
+  description = "The Secondary Access Key for the Redis Instance"
+  value       = module.redis.redis_cache_secondary_access_key
+  sensitive   = true
+}
+
+output "redis_cache_primary_connection_string" {
+  description = "The primary connection string of the Redis Instance."
+  value       = module.redis.redis_cache_primary_connection_string
+  sensitive   = true
+}
+
+output "redis_cache_secondary_connection_string" {
+  description = "The secondary connection string of the Redis Instance."
+  value       = module.redis.redis_cache_secondary_connection_string
+  sensitive   = true
+}
+
+output "redis_configuration_maxclients" {
+  description = "Returns the max number of connected clients at the same time."
+  value       = module.redis.redis_configuration_maxclients
+}
@@ -22,6 +22,38 @@ resource "azurerm_resource_group" "rg" {
   tags     = merge({ "Name" = format("%s", var.resource_group_name) }, var.tags, )
 }
 
+#---------------------------------------------------------------
+# Storage Account to keep logs and backups - Default is "false"
+#----------------------------------------------------------------
+
+resource "random_string" "str" {
+  count   = var.enable_data_persistence ? 1 : 0
+  length  = 6
+  special = false
+  upper   = false
+  keepers = {
+    name = var.storage_account_name
+  }
+}
+
+resource "azurerm_storage_account" "storeacc" {
+  #  for_each                  = var.redis_configuration != {} ? { for rdb_backup_enabled, v in var.redis_configuration : rdb_backup_enabled => v if v == true } : null
+  count                     = var.enable_data_persistence ? 1 : 0
+  name                      = var.storage_account_name == null ? "rediscachebkpstore${random_string.str.0.result}" : substr(var.storage_account_name, 0, 24)
+  resource_group_name       = local.resource_group_name
+  location                  = local.location
+  account_kind              = "StorageV2"
+  account_tier              = "Standard"
+  account_replication_type  = "GRS"
+  enable_https_traffic_only = true
+  min_tls_version           = "TLS1_2"
+  tags                      = merge({ "Name" = format("%s", "stsqlauditlogs") }, var.tags, )
+}
+
+#------------------------------------------------------------
+# Redis Cache Instance configuration - Default (required). 
+#------------------------------------------------------------
+
 resource "azurerm_redis_cache" "main" {
   for_each                      = var.redis_server_settings
   name                          = format("%s", each.key)
@@ -34,30 +66,150 @@ resource "azurerm_redis_cache" "main" {
   minimum_tls_version           = each.value["minimum_tls_version"]
   private_static_ip_address     = each.value["private_static_ip_address"]
   public_network_access_enabled = each.value["public_network_access_enabled"]
-  replicas_per_master           = each.value["sku_name"] == "Premium" && { for shard_count, v in var.redis_server_settings : shard_count => v } == null ? each.value["replicas_per_master"] : null
-  shard_count                   = { for sku_name, v in var.redis_server_settings : sku_name => v } == "Premium" && { for replicas_per_master, v in var.redis_server_settings : replicas_per_master => v } == null ? each.value["shard_count"] : null
+  replicas_per_master           = each.value["sku_name"] == "Premium" ? each.value["replicas_per_master"] : null
+  shard_count                   = each.value["sku_name"] == "Premium" ? each.value["shard_count"] : null
   subnet_id                     = each.value["sku_name"] == "Premium" ? var.subnet_id : null
   zones                         = each.value["zones"]
   tags                          = merge({ "Name" = format("%s", each.key) }, var.tags, )
 
   redis_configuration {
+    #  aof_backup_enabled              = var.enable_aof_backup
+    #  aof_storage_connection_string_0 = var.enable_aof_backup == true ? azurerm_storage_account.storeacc.0.primary_blob_connection_string : null
+    #  aof_storage_connection_string_1 = var.enable_aof_backup == true ? azurerm_storage_account.storeacc.0.secondary_blob_connection_string : null
     enable_authentication           = lookup(var.redis_configuration, "enable_authentication", true)
-    maxfragmentationmemory_reserved = lookup(var.redis_configuration, "maxfragmentationmemory_reserved", null)
-    maxmemory_delta                 = lookup(var.redis_configuration, "maxmemory_delta")
+    maxfragmentationmemory_reserved = each.value["sku_name"] == "Premium" || each.value["sku_name"] == "Standard" ? lookup(var.redis_configuration, "maxfragmentationmemory_reserved") : null
+    maxmemory_delta                 = each.value["sku_name"] == "Premium" || each.value["sku_name"] == "Standard" ? lookup(var.redis_configuration, "maxmemory_delta") : null
     maxmemory_policy                = lookup(var.redis_configuration, "maxmemory_policy")
-    maxmemory_reserved              = lookup(var.redis_configuration, "maxmemory_reserved")
+    maxmemory_reserved              = each.value["sku_name"] == "Premium" || each.value["sku_name"] == "Standard" ? lookup(var.redis_configuration, "maxmemory_reserved") : null
     notify_keyspace_events          = lookup(var.redis_configuration, "notify_keyspace_events")
-    rdb_backup_enabled              = lookup(var.redis_configuration, "rdb_backup_enabled", false)
-    rdb_backup_frequency            = { for rdb_backup_enabled, v in var.redis_configuration : rdb_backup_enabled => v } == true ? lookup(var.redis_configuration, "rdb_backup_frequency") : null
-    rdb_backup_max_snapshot_count   = { for rdb_backup_enabled, v in var.redis_configuration : rdb_backup_enabled => v } == true ? lookup(var.redis_configuration, "rdb_backup_max_snapshot_count") : null
-    rdb_storage_connection_string   = { for rdb_backup_enabled, v in var.redis_configuration : rdb_backup_enabled => v } == true ? lookup(var.redis_configuration, "rdb_storage_connection_string") : null
+    rdb_backup_enabled              = each.value["sku_name"] == "Premium" && var.enable_data_persistence == true ? true : false
+    rdb_backup_frequency            = each.value["sku_name"] == "Premium" && var.enable_data_persistence == true ? var.data_persistence_backup_frequency : null
+    rdb_backup_max_snapshot_count   = each.value["sku_name"] == "Premium" && var.enable_data_persistence == true ? var.data_persistence_backup_max_snapshot_count : null
+    rdb_storage_connection_string   = each.value["sku_name"] == "Premium" && var.enable_data_persistence == true ? azurerm_storage_account.storeacc.0.primary_blob_connection_string : null
+  }
+
+  patch_schedule {
+    day_of_week    = each.value.patch_schedule["days_of_week"]
+    start_hour_utc = each.value.patch_schedule["start_hour_utc"]
   }
 
   lifecycle {
     # A bug in the Redis API where the original storage connection string isn't being returned
     ignore_changes = [redis_configuration.0.rdb_storage_connection_string]
   }
+}
+
+#----------------------------------------------------------------------
+# Adding Firewall rules for Redis Cache Instance - Default is "false"
+#----------------------------------------------------------------------
+resource "azurerm_redis_firewall_rule" "name" {
+  for_each            = var.firewall_rules != null ? { for k, v in var.firewall_rules : k => v if v != null } : {}
+  name                = format("%s", each.key)
+  redis_cache_name    = element([for n in azurerm_redis_cache.main : n.name], 0)
+  resource_group_name = local.resource_group_name
+  start_ip            = each.value["start_ip"]
+  end_ip              = each.value["end_ip"]
+}
+
 
+#---------------------------------------------------------
+# Private Link for SQL Server - Default is "false" 
+#---------------------------------------------------------
+data "azurerm_virtual_network" "vnet01" {
+  count               = var.enable_private_endpoint ? 1 : 0
+  name                = var.virtual_network_name
+  resource_group_name = local.resource_group_name
 }
 
+resource "azurerm_subnet" "snet-ep" {
+  count                                          = var.enable_private_endpoint ? 1 : 0
+  name                                           = "snet-endpoint-shared-${local.location}"
+  resource_group_name                            = local.resource_group_name
+  virtual_network_name                           = data.azurerm_virtual_network.vnet01.0.name
+  address_prefixes                               = var.private_subnet_address_prefix
+  enforce_private_link_endpoint_network_policies = true
+}
 
+resource "azurerm_private_endpoint" "pep1" {
+  count               = var.enable_private_endpoint ? 1 : 0
+  name                = format("%s-private-endpoint", element([for n in azurerm_redis_cache.main : n.name], 0))
+  location            = local.location
+  resource_group_name = local.resource_group_name
+  subnet_id           = azurerm_subnet.snet-ep.0.id
+  tags                = merge({ "Name" = format("%s-private-endpoint", element([for n in azurerm_redis_cache.main : n.name], 0)) }, var.tags, )
+
+  private_service_connection {
+    name                           = "rediscache-privatelink"
+    is_manual_connection           = false
+    private_connection_resource_id = element([for i in azurerm_redis_cache.main : i.id], 0)
+    subresource_names              = ["redisCache"]
+  }
+}
+
+data "azurerm_private_endpoint_connection" "private-ip1" {
+  count               = var.enable_private_endpoint ? 1 : 0
+  name                = azurerm_private_endpoint.pep1.0.name
+  resource_group_name = local.resource_group_name
+  depends_on          = [azurerm_redis_cache.main]
+}
+
+resource "azurerm_private_dns_zone" "dnszone1" {
+  count               = var.existing_private_dns_zone == null && var.enable_private_endpoint ? 1 : 0
+  name                = "privatelink.redis.cache.windows.net"
+  resource_group_name = local.resource_group_name
+  tags                = merge({ "Name" = format("%s", "RedisCache-Private-DNS-Zone") }, var.tags, )
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vent-link1" {
+  count                 = var.existing_private_dns_zone == null && var.enable_private_endpoint ? 1 : 0
+  name                  = "vnet-private-zone-link"
+  resource_group_name   = local.resource_group_name
+  private_dns_zone_name = azurerm_private_dns_zone.dnszone1.0.name
+  virtual_network_id    = data.azurerm_virtual_network.vnet01.0.id
+  tags                  = merge({ "Name" = format("%s", "vnet-private-zone-link") }, var.tags, )
+}
+
+resource "azurerm_private_dns_a_record" "arecord1" {
+  count               = var.enable_private_endpoint ? 1 : 0
+  name                = element([for n in azurerm_redis_cache.main : n.name], 0)
+  zone_name           = var.existing_private_dns_zone == null ? azurerm_private_dns_zone.dnszone1.0.name : var.existing_private_dns_zone
+  resource_group_name = local.resource_group_name
+  ttl                 = 300
+  records             = [data.azurerm_private_endpoint_connection.private-ip1.0.private_service_connection.0.private_ip_address]
+}
+
+#------------------------------------------------------------------
+# azurerm monitoring diagnostics  - Default is "false" 
+#------------------------------------------------------------------
+/*
+resource "azurerm_monitor_diagnostic_setting" "extaudit" {
+  count                      = var.log_analytics_workspace_name != null ? 1 : 0
+  name                       = lower("extaudit-${var.mysqlserver_name}-diag")
+  target_resource_id         = azurerm_mysql_server.main.id
+  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.logws.0.id
+  storage_account_id         = var.enable_threat_detection_policy ? azurerm_storage_account.storeacc.0.id : null
+
+  dynamic "log" {
+    for_each = var.extaudit_diag_logs
+    content {
+      category = log.value
+      enabled  = true
+      retention_policy {
+        enabled = false
+      }
+    }
+  }
+
+  metric {
+    category = "AllMetrics"
+
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [log, metric]
+  }
+}
+*/
@@ -0,0 +1,48 @@
+output "redis_cache_instance_id" {
+  description = "The Route ID of Redis Cache Instance"
+  value       = { for k, v in azurerm_redis_cache.main : k => v.id }
+}
+
+output "redis_cache_hostname" {
+  description = "The Hostname of the Redis Instance"
+  value       = { for k, v in azurerm_redis_cache.main : k => v.hostname }
+}
+
+output "redis_cache_ssl_port" {
+  description = "The SSL Port of the Redis Instance"
+  value       = { for k, v in azurerm_redis_cache.main : k => v.ssl_port }
+}
+
+output "redis_cache_port" {
+  description = "The non-SSL Port of the Redis Instance"
+  value       = { for k, v in azurerm_redis_cache.main : k => v.port }
+}
+
+output "redis_cache_primary_access_key" {
+  description = "The Primary Access Key for the Redis Instance"
+  value       = { for k, v in azurerm_redis_cache.main : k => v.primary_access_key }
+  sensitive   = true
+}
+
+output "redis_cache_secondary_access_key" {
+  description = "The Secondary Access Key for the Redis Instance"
+  value       = { for k, v in azurerm_redis_cache.main : k => v.secondary_access_key }
+  sensitive   = true
+}
+
+output "redis_cache_primary_connection_string" {
+  description = "The primary connection string of the Redis Instance."
+  value       = { for k, v in azurerm_redis_cache.main : k => v.primary_connection_string }
+  sensitive   = true
+}
+
+output "redis_cache_secondary_connection_string" {
+  description = "The secondary connection string of the Redis Instance."
+  value       = { for k, v in azurerm_redis_cache.main : k => v.secondary_connection_string }
+  sensitive   = true
+}
+
+output "redis_configuration_maxclients" {
+  description = "Returns the max number of connected clients at the same time."
+  value       = { for k, v in azurerm_redis_cache.main : k => v.redis_configuration.0.maxclients }
+}