Issue combine actions (#19)

mikaEz · web-flow · commit 2e46f9814600 · 2022-08-08T10:16:08.000+02:00
* fix issue to combine multiple rules_engine actions
diff --git a/main.tf b/main.tf
@@ -179,7 +179,7 @@ resource "azurerm_frontdoor" "frontdoor" {
       frontend_endpoints = local.frontdoor[each.key].routing_rule[routing_rule.key].frontend_endpoints
       /** if forwarding_configuration is set */
       dynamic "forwarding_configuration" {
-        for_each = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.forwarding_protocol != "" && local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.cache_enabled == false ? [1] : []
+        for_each = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.backend_pool_name != "" && local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.cache_enabled == false ? [1] : []
         content {
           forwarding_protocol    = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.forwarding_protocol
           backend_pool_name      = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.backend_pool_name
@@ -188,7 +188,7 @@ resource "azurerm_frontdoor" "frontdoor" {
         }
       }
       dynamic "forwarding_configuration" {
-        for_each = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.forwarding_protocol != "" && local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.cache_enabled == true ? [1] : []
+        for_each = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.backend_pool_name != "" && local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.cache_enabled == true ? [1] : []
         content {
           forwarding_protocol                   = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.forwarding_protocol
           backend_pool_name                     = local.frontdoor[each.key].routing_rule[routing_rule.key].forwarding_configuration.backend_pool_name
@@ -202,7 +202,7 @@ resource "azurerm_frontdoor" "frontdoor" {
       }
       /** if redirect_configuration is set */
       dynamic "redirect_configuration" {
-        for_each = local.frontdoor[each.key].routing_rule[routing_rule.key].redirect_configuration.redirect_protocol != "" ? [1] : []
+        for_each = local.frontdoor[each.key].routing_rule[routing_rule.key].redirect_configuration.redirect_type != "" ? [1] : []
         content {
           custom_host         = local.frontdoor[each.key].routing_rule[routing_rule.key].redirect_configuration.custom_host
           redirect_protocol   = local.frontdoor[each.key].routing_rule[routing_rule.key].redirect_configuration.redirect_protocol
@@ -244,7 +244,7 @@ resource "azurerm_frontdoor_custom_https_configuration" "frontdoor_custom_https_
 # * https://docs.microsoft.com/en-us/cli/azure/ext/front-door/network/front-door/rules-engine?view=azure-cli-latest
 # */
 resource "azurerm_resource_group_template_deployment" "frontdoor_rules_engine" {
-  for_each = toset(local.frontdoor_rules_engine_keys.override)
+  for_each = toset(local.frontdoor_rules_engine_action.override)
 
   name                = local.frontdoor_rules_engine[each.key].name == "" ? each.key : local.frontdoor_rules_engine[each.key].name
   resource_group_name = local.frontdoor_rules_engine[each.key].resource_group_name
@@ -265,8 +265,24 @@ resource "azurerm_resource_group_template_deployment" "frontdoor_rules_engine" {
                         "name": "${format("%s", local.frontdoor_rules_engine[each.key].rule[rule].name == "" ? rule : local.frontdoor_rules_engine[each.key].resource_group_name.rule[rule].name)}",
                         "matchProcessingBehavior": "${local.frontdoor_rules_engine[each.key].rule[rule].match_processing_behavior}",
                         "action": {
-                            "requestHeaderActions": [],
-                            "responseHeaderActions": [],
+                            "requestHeaderActions": [
+                                %{for request_header in keys(local.frontdoor_rules_engine[each.key].rule[rule].action.request_header)}
+                                %{if index(keys(local.frontdoor_rules_engine[each.key].rule[rule].action.request_header), request_header) > 0},{%{else}{%{endif}
+                                    "headerActionType": "${local.frontdoor_rules_engine[each.key].rule[rule].action.request_header[request_header].header_action_type}",
+                                    "headerName": "${local.frontdoor_rules_engine[each.key].rule[rule].action.request_header[request_header].header_name}",
+                                    "value": "${local.frontdoor_rules_engine[each.key].rule[rule].action.request_header[request_header].value}"
+                                }
+                                %{endfor}
+                            ],
+                            "responseHeaderActions": [
+                                %{for response_header in keys(local.frontdoor_rules_engine[each.key].rule[rule].action.response_header)}
+                                %{if index(keys(local.frontdoor_rules_engine[each.key].rule[rule].action.response_header), response_header) > 0},{%{else}{%{endif}
+                                    "headerActionType": "${local.frontdoor_rules_engine[each.key].rule[rule].action.response_header[response_header].header_action_type}",
+                                    "headerName": "${local.frontdoor_rules_engine[each.key].rule[rule].action.response_header[response_header].header_name}",
+                                    "value": "${local.frontdoor_rules_engine[each.key].rule[rule].action.response_header[response_header].value}"
+                                }
+                                %{endfor}
+                            ],
                             "routeConfigurationOverride": {
                                 "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration",
                                 %{if local.frontdoor_rules_engine[each.key].rule[rule].action.route_configuration_override.custom_path != null}"customPath": "${local.frontdoor_rules_engine[each.key].rule[rule].action.route_configuration_override.custom_path}",%{else}%{endif}
@@ -300,20 +316,21 @@ resource "azurerm_resource_group_template_deployment" "frontdoor_rules_engine" {
 
 /**  add rules engine to routing rule */
 resource "null_resource" "frontdoor_routing_rule-rules_engine" {
-  for_each = toset(local.frontdoor_rules_engine_keys.override)
+  for_each = var.frontdoor_rules_engine
 
   triggers = {
-    routing_rule       = local.frontdoor_rules_engine[each.key].routing_rule_name
-    frontdoor_name     = local.frontdoor_rules_engine[each.key].frontdoor_name
-    parameters_content = azurerm_resource_group_template_deployment.frontdoor_rules_engine[each.key].parameters_content
+    frontdoor_name    = local.frontdoor_rules_engine[each.key].frontdoor_name
+    routing_rule_name = local.frontdoor_rules_engine[each.key].routing_rule_name
+    rules_engine_name = contains(local.frontdoor_rules_engine_action.override, each.key) == true ? azurerm_resource_group_template_deployment.frontdoor_rules_engine[each.key].name : azurerm_frontdoor_rules_engine.frontdoor_rules_engine[each.key].name
+    content           = contains(local.frontdoor_rules_engine_action.override, each.key) == true ? azurerm_resource_group_template_deployment.frontdoor_rules_engine[each.key].parameters_content : yamlencode(azurerm_frontdoor_rules_engine.frontdoor_rules_engine[each.key].rule)
   }
 
   provisioner "local-exec" {
     environment = {
       ROUTING_RULES = local.frontdoor_rules_engine[each.key].routing_rule_name
     }
 
-    command = "for ROUTING_RULE in $($ROUTING_RULES); do $(az network front-door routing-rule update --name $ROUTING_RULE --resource-group ${azurerm_resource_group_template_deployment.frontdoor_rules_engine[each.key].resource_group_name} --front-door-name ${local.frontdoor_rules_engine[each.key].frontdoor_name} --rules-engine ${azurerm_resource_group_template_deployment.frontdoor_rules_engine[each.key].name}); done"
+    command = "for ROUTING_RULE in $ROUTING_RULES; do az network front-door routing-rule update --name $ROUTING_RULE --resource-group ${local.frontdoor_rules_engine[each.key].resource_group_name} --front-door-name ${local.frontdoor_rules_engine[each.key].frontdoor_name} --rules-engine ${each.key}; done"
   }
 }
 
@@ -323,20 +340,20 @@ resource "null_resource" "frontdoor_rules_engine" {
 
   triggers = {
     frontdoor_name = azurerm_frontdoor.frontdoor[each.key].name
-    rules_engine   = join(" ", local.frontdoor_rules_engine_keys.override)
+    rules_engine   = join(" ", keys(var.frontdoor_rules_engine))
   }
 
   provisioner "local-exec" {
     environment = {
-      RULES = join("|", local.frontdoor_rules_engine_keys.override)
+      RULES = join("|", keys(var.frontdoor_rules_engine))
     }
 
     command = "for REMOVE_RULE in $(az network front-door rules-engine list --resource-group ${azurerm_frontdoor.frontdoor[each.key].resource_group_name} --front-door-name ${azurerm_frontdoor.frontdoor[each.key].name} --query '[].name' -o tsv | egrep -v $RULES); do $(az network front-door rules-engine delete --resource-group ${azurerm_frontdoor.frontdoor[each.key].resource_group_name} --front-door-name ${azurerm_frontdoor.frontdoor[each.key].name} --name $REMOVE_RULE); done"
   }
 }
 
 resource "azurerm_frontdoor_rules_engine" "frontdoor_rules_engine" {
-  for_each = toset(local.frontdoor_rules_engine_keys.header)
+  for_each = setsubtract(local.frontdoor_rules_engine_action.header, local.frontdoor_rules_engine_action.override)
 
   name                = local.frontdoor_rules_engine[each.key].name == "" ? each.key : local.frontdoor_rules_engine[each.key].name
   frontdoor_name      = local.frontdoor_rules_engine[each.key].frontdoor_name
diff --git a/outputs.tf b/outputs.tf
@@ -1,3 +1,13 @@
+output "frontdoor_firewall_policy" {
+  description = "azurerm_frontdoor_firewall_policy results"
+  value = {
+    for firewall_policy in keys(azurerm_frontdoor_firewall_policy.frontdoor_firewall_policy) :
+    firewall_policy => {
+      id = azurerm_frontdoor_firewall_policy.frontdoor_firewall_policy[firewall_policy].id
+    }
+  }
+}
+
 output "frontdoor" {
   description = "azurerm_frontdoor results"
   value = {
@@ -10,12 +20,24 @@ output "frontdoor" {
   }
 }
 
-output "frontdoor_firewall_policy" {
-  description = "azurerm_frontdoor_firewall_policy results"
+output "frontdoor_custom_https_configuration" {
+  description = "azurerm_frontdoor_custom_https_configuration results"
   value = {
-    for firewall_policy in keys(azurerm_frontdoor_firewall_policy.frontdoor_firewall_policy) :
-    firewall_policy => {
-      id = azurerm_frontdoor_firewall_policy.frontdoor_firewall_policy[firewall_policy].id
+    for frontdoor_custom_https_configuration in keys(azurerm_frontdoor_custom_https_configuration.frontdoor_custom_https_configuration) :
+    frontdoor_custom_https_configuration => {
+      id                   = azurerm_frontdoor_custom_https_configuration.frontdoor_custom_https_configuration[frontdoor_custom_https_configuration].id
+      frontend_endpoint_id = azurerm_frontdoor_custom_https_configuration.frontdoor_custom_https_configuration[frontdoor_custom_https_configuration].frontend_endpoint_id
+    }
+  }
+}
+
+output "frontdoor_rules_engine" {
+  description = "azurerm_frontdoor_rules_engine results"
+  value = {
+    for frontdoor_rules_engine in keys(var.frontdoor_rules_engine) :
+    frontdoor_rules_engine => {
+      id   = contains(local.frontdoor_rules_engine_action.override, frontdoor_rules_engine) == true ? azurerm_resource_group_template_deployment.frontdoor_rules_engine[frontdoor_rules_engine].id : azurerm_frontdoor_rules_engine.frontdoor_rules_engine[frontdoor_rules_engine].id
+      name = contains(local.frontdoor_rules_engine_action.override, frontdoor_rules_engine) == true ? azurerm_resource_group_template_deployment.frontdoor_rules_engine[frontdoor_rules_engine].name : azurerm_frontdoor_rules_engine.frontdoor_rules_engine[frontdoor_rules_engine].name
     }
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -92,17 +92,18 @@ locals {
         name                                    = ""
         session_affinity_enabled                = false
         session_affinity_ttl_seconds            = 0
-        web_application_firewall_policy_link_id = ""
+        web_application_firewall_policy_link_id = null
       }
       routing_rule = {
         name               = ""
         backend_pool_name  = "default"
-        accepted_protocols = ["Http", "Https"]
+        accepted_protocols = ["Https"]
         patterns_to_match  = ["/*"]
         enabled            = true
         frontend_endpoints = ["frontendendpoint"]
         forwarding_configuration = {
-          forwarding_protocol                   = ""
+          forwarding_protocol                   = "HttpsOnly"
+          backend_pool_name                     = ""
           patterns_to_match                     = ["/*"]
           cache_enabled                         = true
           cache_use_dynamic_compression         = true
@@ -113,8 +114,8 @@ locals {
         }
         redirect_configuration = {
           custom_host         = null
-          redirect_protocol   = ""
-          redirect_type       = "Found"
+          redirect_protocol   = "HttpsOnly"
+          redirect_type       = ""
           custom_fragment     = null
           custom_path         = null
           custom_query_string = null
@@ -125,9 +126,9 @@ locals {
     frontdoor_custom_https_configuration = {
       custom_https_provisioning_enabled          = false
       certificate_source                         = "FrontDoor"
-      azure_key_vault_certificate_vault_id       = ""
-      azure_key_vault_certificate_secret_name    = ""
-      azure_key_vault_certificate_secret_version = ""
+      azure_key_vault_certificate_vault_id       = null
+      azure_key_vault_certificate_secret_name    = null
+      azure_key_vault_certificate_secret_version = null
     }
     frontdoor_rules_engine = {
       name = ""
@@ -313,15 +314,15 @@ locals {
               config => merge(
                 merge(local.default.frontdoor_rules_engine.rule[config], local.frontdoor_rules_engine_rule_values[frontdoor_rules_engine][rulekey][config]),
                 {
-                  for subconfig in ["route_configuration_override"] :
+                  for subconfig in keys(local.frontdoor_rules_engine_rule_values[frontdoor_rules_engine][rulekey][config]) :
                   subconfig => merge(local.default.frontdoor_rules_engine.rule[config][subconfig], local.frontdoor_rules_engine_rule_values[frontdoor_rules_engine][rulekey][config][subconfig])
                 }
               )
             },
             {
               for config in ["match_condition"] :
               config => {
-                for key in keys(local.frontdoor_rules_engine_rule_values[frontdoor_rules_engine][rulekey][config]) :
+                for key in keys(lookup(local.frontdoor_rules_engine_values[frontdoor_rules_engine].rule[rulekey], config, {})) :
                 key => merge(local.default.frontdoor_rules_engine.rule[config], local.frontdoor_rules_engine_rule_values[frontdoor_rules_engine][rulekey][config][key])
               }
             }
@@ -335,18 +336,16 @@ locals {
   * resource "azurerm_frontdoor_rules_engine" "frontdoor_rules_engine"
   * resource "azurerm_resource_group_template_deployment" "frontdoor_rules_engine"
   */
-  frontdoor_rules_engine_keys = {
+  frontdoor_rules_engine_action = {
     for engine_key, engine_match in {
       header   = false
       override = true
     } :
-    engine_key => compact(distinct(flatten(
-      [
-        for frontdoor_rules_engine in keys(local.frontdoor_rules_engine) : [
-          for rulekey in keys(local.frontdoor_rules_engine[frontdoor_rules_engine].rule) :
-          contains(keys(local.frontdoor_rules_engine[frontdoor_rules_engine].rule[rulekey].action), "route_configuration_override") == engine_match ? frontdoor_rules_engine : ""
-        ]
+    engine_key => compact(distinct(flatten([
+      for frontdoor_rules_engine in keys(var.frontdoor_rules_engine) : [
+        for rulekey in keys(var.frontdoor_rules_engine[frontdoor_rules_engine].rule) :
+        contains(keys(var.frontdoor_rules_engine[frontdoor_rules_engine].rule[rulekey].action), "route_configuration_override") == engine_match ? frontdoor_rules_engine : ""
       ]
-    )))
+    ])))
   }
 }
