refactor

Pwd9000-ML · Jan 17, 2024 · 382cbb2 · 382cbb2
1 parent 1690840
commit 382cbb2
Show file tree

Hide file tree

Showing 11 changed files with 276 additions and 34 deletions.
diff --git a/resource_group.tf → 01_resource_group.tf b/resource_group.tf → 01_resource_group.tf
@@ -1,4 +1,4 @@
-resource "azurerm_resource_group" "az_openai" {
+resource "azurerm_resource_group" "az_openai_rg" {
   name     = var.resource_group_name
   location = var.location
   tags     = var.tags

diff --git a/02_networking.tf b/02_networking.tf
@@ -0,0 +1,34 @@
+resource "azurerm_virtual_network" "az_openai_vnet" {
+  name                = var.virtual_network_name
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  address_space       = var.vnet_address_space
+  tags                = var.tags
+}
+
+# Azure Virtual Network Subnets
+resource "azurerm_subnet" "az_openai_subnet" {
+  for_each = { for each in var.subnet_config : each.subnet_name => each }
+
+  resource_group_name                           = var.resource_group_name
+  virtual_network_name                          = azurerm_virtual_network.az_openai_vnet.name
+  name                                          = each.value.subnet_name
+  address_prefixes                              = each.value.subnet_address_space
+  service_endpoints                             = each.value.service_endpoints
+  private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
+  private_endpoint_network_policies_enabled     = each.value.private_endpoint_network_policies_enabled
+
+  dynamic "delegation" {
+    for_each = each.value.subnets_delegation_settings
+    content {
+      name = delegation.key
+      dynamic "service_delegation" {
+        for_each = toset(delegation.value)
+        content {
+          name    = service_delegation.value.name
+          actions = service_delegation.value.actions
+        }
+      }
+    }
+  }
+}
diff --git a/03_keyvault.tf b/03_keyvault.tf
@@ -0,0 +1,20 @@
+# # Key Vault - Create Key Vault to save cognitive account details
+# resource "azurerm_key_vault" "az_openai_kv" {
+#   resource_group_name = var.resource_group_name
+#   location            = var.location
+#   #values from variable kv_config object
+#   name                      = lower(var.kv_name)
+#   sku_name                  = var.kv_sku
+#   enable_rbac_authorization = true
+#   tenant_id                 = data.azurerm_client_config.current.tenant_id
+#   dynamic "network_acls" {
+#     for_each = local.kv_net_rules
+#     content {
+#       default_action             = network_acls.value.default_action
+#       bypass                     = network_acls.value.bypass
+#       ip_rules                   = network_acls.value.ip_rules
+#       virtual_network_subnet_ids = network_acls.value.virtual_network_subnet_ids
+#     }
+#   }
+#   tags = var.tags
+# }
diff --git a/data.tf b/data.tf
@@ -1,6 +1,8 @@
 ##################################################
 # DATA                                           #
 ##################################################
+data "azurerm_client_config" "current" {}
+
 # Data sources to get Subnet ID/s for CosmosDB and App Service
 # Usage in Module example: subnet_id = data.azurerm_subnet.subnet["app-cosmos-sub"].id
 # data "azurerm_subnet" "subnet" {

diff --git a/keyvault.tf b/keyvault.tf
diff --git a/locals.tf b/locals.tf
@@ -1,3 +1,15 @@
+locals {
+  ## locals config for key vault firewall rules ##
+  kv_net_rules = [
+    {
+      default_action             = var.keyvault_firewall_default_action
+      bypass                     = var.keyvault_firewall_bypass
+      ip_rules                   = var.keyvault_firewall_allowed_ips
+      virtual_network_subnet_ids = var.keyvault_firewall_virtual_network_subnet_ids
+    }
+  ]
+}
+
 #locals {
 #  cdn_gpt_origin = merge(
 #    var.cdn_gpt_origin,

diff --git a/networking.tf b/networking.tf
diff --git a/tests/auto_test1/main.tf b/tests/auto_test1/main.tf
@@ -33,10 +33,21 @@ resource "random_integer" "number" {
 module "private-chatgpt-openai" {
   source = "../.."
 
-  #common
+  #01 common + RG
   location            = var.location
   tags                = var.tags
   resource_group_name = var.resource_group_name
+
+  #02 networking
+  virtual_network_name = var.virtual_network_name
+  vnet_address_space   = var.vnet_address_space
+  subnet_config        = var.subnet_config
+
+
+  #keyvault (Solution Secrets)
+  #kv_name = var.kv_name
+  #kv_sku  = var.kv_sku_name
+
 }
 
 #   #keyvault (OpenAI Service Account details)

diff --git a/tests/auto_test1/testing.auto.tfvars b/tests/auto_test1/testing.auto.tfvars
@@ -1,4 +1,4 @@
-### Common Variables ###
+### 01 Common Variables + RG ###
 resource_group_name = "TF-Module-Automated-Tests-Cognitive-GPT"
 location            = "uksouth"
 tags = {
@@ -8,11 +8,32 @@ tags = {
   GitHub      = "https://github.com/Pwd9000-ML/terraform-azurerm-openai-private-chatgpt"
 }
 
-# ### OpenAI Service Module Inputs ###
-# keyvault_firewall_default_action             = "Deny"
-# keyvault_firewall_bypass                     = "AzureServices"
-# keyvault_firewall_allowed_ips                = ["0.0.0.0/0"] #for testing purposes only - allow all IPs
-# keyvault_firewall_virtual_network_subnet_ids = []
+### 02 networking ###
+virtual_network_name = "openai-vnet-9000"
+vnet_address_space   = ["10.4.0.0/24"]
+subnet_config = [
+  {
+    subnet_name                                   = "app-cosmos-sub"
+    subnet_address_space                          = ["10.4.0.0/24"]
+    service_endpoints                             = ["Microsoft.AzureCosmosDB", "Microsoft.Web"]
+    private_endpoint_network_policies_enabled     = false
+    private_link_service_network_policies_enabled = false
+    subnets_delegation_settings = {
+      app-service-plan = [
+        {
+          name    = "Microsoft.Web/serverFarms"
+          actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+        }
+      ]
+    }
+  }
+]
+
+### Solution KeyVault ###
+keyvault_firewall_default_action             = "Deny"
+keyvault_firewall_bypass                     = "AzureServices"
+keyvault_firewall_allowed_ips                = ["0.0.0.0/0"] #for testing purposes only - allow all IPs
+keyvault_firewall_virtual_network_subnet_ids = []
 
 # ### Create OpenAI Service ###
 # create_openai_service                     = true
@@ -44,23 +65,7 @@ tags = {
 # network_resource_group_name = "TF-Module-Automated-Tests-Cognitive-GPT"
 # virtual_network_name        = "openai-vnet"
 # vnet_address_space          = ["10.4.0.0/16"]
-# subnet_config = [
-#   {
-#     subnet_name                                   = "app-cosmos-sub"
-#     subnet_address_space                          = ["10.4.0.0/24"]
-#     service_endpoints                             = ["Microsoft.AzureCosmosDB", "Microsoft.Web"]
-#     private_endpoint_network_policies_enabled     = false
-#     private_link_service_network_policies_enabled = false
-#     subnets_delegation_settings = {
-#       app-service-plan = [
-#         {
-#           name    = "Microsoft.Web/serverFarms"
-#           actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
-#         }
-#       ]
-#     }
-#   }
-# ]
+
 
 # ### cosmosdb ###
 # create_cosmosdb                  = true

diff --git a/tests/auto_test1/variables.tf b/tests/auto_test1/variables.tf
@@ -1,4 +1,4 @@
-### common ###
+### 01 common + RG ###
 variable "location" {
   type        = string
   default     = "uksouth"
@@ -11,13 +11,95 @@ variable "tags" {
   description = "A map of key value pairs that is used to tag resources created."
 }
 
-### solution resource group ###
 variable "resource_group_name" {
   type        = string
   description = "Name of the resource group to create where the cognitive account OpenAI service is hosted."
   nullable    = false
 }
 
+### 02 networking ###
+variable "virtual_network_name" {
+  type        = string
+  default     = "openai-vnet-9000"
+  description = "Name of the virtual network where resources are attached."
+}
+
+variable "vnet_address_space" {
+  type        = list(string)
+  default     = ["10.4.0.0/24"]
+  description = "value of the address space for the virtual network."
+}
+
+variable "subnet_config" {
+  type = list(object({
+    subnet_name                                   = string
+    subnet_address_space                          = list(string)
+    service_endpoints                             = list(string)
+    private_endpoint_network_policies_enabled     = bool
+    private_link_service_network_policies_enabled = bool
+    subnets_delegation_settings = map(list(object({
+      name    = string
+      actions = list(string)
+    })))
+  }))
+  default = [
+    {
+      subnet_name                                   = "app-cosmos-sub"
+      subnet_address_space                          = ["10.4.0.0/24"]
+      service_endpoints                             = ["Microsoft.AzureCosmosDB", "Microsoft.Web"]
+      private_endpoint_network_policies_enabled     = false
+      private_link_service_network_policies_enabled = false
+      subnets_delegation_settings = {
+        app-service-plan = [
+          {
+            name    = "Microsoft.Web/serverFarms"
+            actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+          }
+        ]
+      }
+    }
+  ]
+  description = "A list of subnet configuration objects to create subnets in the virtual network."
+}
+
+
+### key vault ###
+variable "kv_name" {
+  type        = string
+  description = "Name of the Key Vault to create (solution secrets)."
+  default     = "openaikv9000"
+}
+
+variable "kv_sku" {
+  type        = string
+  description = "SKU of the Key Vault to create."
+  default     = "standard"
+}
+
+variable "keyvault_firewall_default_action" {
+  type        = string
+  default     = "Deny"
+  description = "Default action for key vault firewall rules."
+}
+
+variable "keyvault_firewall_bypass" {
+  type        = string
+  default     = "AzureServices"
+  description = "List of key vault firewall rules to bypass."
+}
+
+variable "keyvault_firewall_allowed_ips" {
+  type        = list(string)
+  default     = []
+  description = "value of key vault firewall allowed ip rules."
+}
+
+variable "keyvault_firewall_virtual_network_subnet_ids" {
+  type        = list(string)
+  default     = []
+  description = "value of key vault firewall allowed virtual network subnet ids."
+}
+
 # ### OpenAI service Module params ###
 # ### key vault ###
 # variable "kv_config" {
@@ -176,12 +258,6 @@ variable "resource_group_name" {
 #   description = "Name of the virtual network where resources are attached."
 # }
 
-# variable "vnet_address_space" {
-#   type        = list(string)
-#   default     = null
-#   description = "value of the address space for the virtual network."
-# }
-
 # variable "subnet_config" {
 #   type = list(object({
 #     subnet_name                                   = string

diff --git a/variables.tf b/variables.tf
@@ -1,7 +1,7 @@
 # ##################################################
 # # VARIABLES                                      #
 # ##################################################
-### common ###
+### 01 common + Resource Group ###
 variable "location" {
   type        = string
   default     = "uksouth"
@@ -20,6 +20,88 @@ variable "resource_group_name" {
   nullable    = false
 }
 
+### 02 Networking ###
+variable "virtual_network_name" {
+  type        = string
+  default     = "openai-vnet-9000"
+  description = "Name of the virtual network where resources are attached."
+}
+
+variable "vnet_address_space" {
+  type        = list(string)
+  default     = ["10.4.0.0/24"]
+  description = "value of the address space for the virtual network."
+}
+
+variable "subnet_config" {
+  type = list(object({
+    subnet_name                                   = string
+    subnet_address_space                          = list(string)
+    service_endpoints                             = list(string)
+    private_endpoint_network_policies_enabled     = bool
+    private_link_service_network_policies_enabled = bool
+    subnets_delegation_settings = map(list(object({
+      name    = string
+      actions = list(string)
+    })))
+  }))
+  default = [
+    {
+      subnet_name                                   = "app-cosmos-sub"
+      subnet_address_space                          = ["10.4.0.0/24"]
+      service_endpoints                             = ["Microsoft.AzureCosmosDB", "Microsoft.Web"]
+      private_endpoint_network_policies_enabled     = false
+      private_link_service_network_policies_enabled = false
+      subnets_delegation_settings = {
+        app-service-plan = [
+          {
+            name    = "Microsoft.Web/serverFarms"
+            actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+          }
+        ]
+      }
+    }
+  ]
+  description = "A list of subnet configuration objects to create subnets in the virtual network."
+}
+
+### key vault ###
+variable "kv_name" {
+  type        = string
+  description = "Name of the Key Vault to create (solution secrets)."
+  default     = "openaikv9000"
+}
+
+variable "kv_sku" {
+  type        = string
+  description = "SKU of the Key Vault to create."
+  default     = "standard"
+}
+
+variable "keyvault_firewall_default_action" {
+  type        = string
+  default     = "Deny"
+  description = "Default action for key vault firewall rules."
+}
+
+variable "keyvault_firewall_bypass" {
+  type        = string
+  default     = "AzureServices"
+  description = "List of key vault firewall rules to bypass."
+}
+
+variable "keyvault_firewall_allowed_ips" {
+  type        = list(string)
+  default     = []
+  description = "value of key vault firewall allowed ip rules."
+}
+
+variable "keyvault_firewall_virtual_network_subnet_ids" {
+  type        = list(string)
+  default     = []
+  description = "value of key vault firewall allowed virtual network subnet ids."
+}
+
 # ####################################
 # ### OpenAI service Module params ###
 # ####################################