Merge branch 'main' of https://github.com/T-Systems-MMS/terraform-frontdoor into main

mikaEz · mikaEz · commit 8d895bcaf21e · 2021-12-22T12:45:45.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,9 @@
+# Changelog
+
+## [0.0.1](https://github.com/T-Systems-MMS/terraform-frontdoor/tree/0.0.1) (2021-12-22)
+
+[Full Changelog](https://github.com/T-Systems-MMS/terraform-frontdoor/compare/a6212ce3a8c9ab830b6b9b4afe4e47cba444958f...0.0.1)
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/README.md b/README.md
@@ -0,0 +1,219 @@
+<!-- BEGIN_TF_DOCS -->
+# frontdoor
+
+This module manages Azure FrontDoor.
+
+<-- This file is autogenerated, please do not change. -->
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | ~>1.0 |
+| azurerm | ~>2.79 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| azurerm | ~>2.79 |
+| null | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| azurerm_frontdoor.frontdoor | resource |
+| azurerm_frontdoor_custom_https_configuration.frontdoor_custom_https_configuration | resource |
+| azurerm_frontdoor_firewall_policy.frontdoor_firewall_policy | resource |
+| azurerm_resource_group_template_deployment.frontdoor_rules_engine | resource |
+| [null_resource.frontdoor_routing_rule-rules_engine](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.frontdoor_rules_engine](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| resource_group_name | resource_group whitin the resource should be created | `string` | n/a | yes |
+| frontdoor | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| frontdoor_config | resource configuration, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| frontdoor_custom_https_configuration | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| frontdoor_firewall_config | resource configuration, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| frontdoor_firewall_policy | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| frontdoor_rules_engine | resource definition, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| frontdoor_rules_engine_config | resource configuration, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+| location | location where the resource should be created | `string` | `"global"` | no |
+| resource_name | Azure FrontDoor | `any` | `{}` | no |
+| tags | mapping of tags to assign, default settings are defined within locals and merged with var settings | `any` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| frontdoor | azurerm_frontdoor results |
+| frontdoor_firewall_policy | azurerm_frontdoor_firewall_policy results |
+
+## Examples
+
+```hcl
+module "frontdoor" {
+  source              = "../terraform-frontdoor"
+  resource_group_name = "service-env-rg"
+  resource_name = {
+    frontdoor_firewall_policy = {
+      env = "serviceenvfdwafpolicy"
+    }
+    frontdoor = {
+      env = "service-env-fd"
+    }
+  }
+  frontdoor_firewall_policy = {
+    mode = "Prevention"
+  }
+  frontdoor_firewall_config = {
+    env = {
+      managed_rule = {
+        Microsoft_BotManagerRuleSet = {
+          type     = "Microsoft_BotManagerRuleSet"
+          version  = "1.0"
+          override = []
+        }
+      }
+      custom_rule = {
+        ip_access = {
+          name     = "iprestriction"
+          action   = "Block"
+          enabled  = true
+          priority = 0
+          type     = "MatchRule"
+          match_conditions = {
+            mms = {
+              match_variable     = "RemoteAddr"
+              operator           = "IPMatch"
+              negation_condition = true
+              match_values       = "127.0.0.2"
+            }
+          }
+        }
+      }
+    }
+  }
+  frontdoor = {
+    backend_pools_send_receive_timeout_seconds   = 60
+    enforce_backend_pools_certificate_name_check = false
+  }
+  frontdoor_config = {
+    env = {
+      backend_pool_health_probe = {
+        healthprobe = {}
+      }
+      backend_pool_load_balancing = {
+        loadbalancing = {}
+      }
+      frontend_endpoint = {
+        frontendendpoint = {
+          host_name                               = "service-env-fd.azurefd.net"
+          web_application_firewall_policy_link_id = module.frontdoor.frontdoor_firewall_policy.env.id
+        }
+        mydomain-de = {
+          host_name                               = "mydomain.de"
+          web_application_firewall_policy_link_id = module.frontdoor.frontdoor_firewall_policy.env.id
+        }
+        mydomain-com = {
+          host_name                               = "mydomain.com"
+          web_application_firewall_policy_link_id = module.frontdoor.frontdoor_firewall_policy.env.id
+        }
+      }
+      backend_pool = {
+        kubernetes_cluster_controller = {
+          address = "0.0.0.0"
+        }
+      }
+      routing_rule = {
+        /** forwarding configuration */
+        default = {
+          frontend_endpoints                    = ["frontendendpoint"]
+          backend_pool_name                     = "kubernetes_cluster_controller"
+          forwarding_protocol                   = "MatchRequest"
+          cache_enabled                         = true
+          cache_use_dynamic_compression         = true
+          cache_query_parameter_strip_directive = "StripNone"
+        }
+        kubernetes_cluster_controller = {
+          frontend_endpoints                    = ["mydomain-de", "mydomain-com"]
+          backend_pool_name                     = "kubernetes_cluster_controller"
+          accepted_protocols                    = ["Https"]
+          forwarding_protocol                   = "HttpsOnly"
+          cache_enabled                         = true
+          cache_use_dynamic_compression         = true
+          cache_query_parameter_strip_directive = "StripAll"
+        }
+        /** redirect configuration */
+        rewrite-http-to-https = {
+          frontend_endpoints = ["mydomain-de", "mydomain-com"]
+          configuration      = "redirect_configuration"
+          accepted_protocols = ["Http"]
+          redirect_protocol  = "HttpsOnly"
+          redirect_type      = "Moved"
+        }
+      }
+    }
+  }
+  frontdoor_custom_https_configuration = {
+    mydomain-de = {
+      frontend_endpoint_id                       = module.frontdoor.frontdoor.env.frontend_endpoint["mydomain-de"].id
+      custom_https_provisioning_enabled          = true
+      certificate_source                         = "AzureKeyVault"
+      azure_key_vault_certificate_vault_id       = data.azurerm_key_vault.key_vault_mgmt.id
+      azure_key_vault_certificate_secret_name    = data.azurerm_key_vault_secret.mydomain-de-certificate.name
+      azure_key_vault_certificate_secret_version = data.azurerm_key_vault_secret.mydomain-de-certificate.version
+    }
+    mydomain-com = {
+      frontend_endpoint_id                       = module.frontdoor.frontdoor.env.frontend_endpoint["mydomain-com"].id
+      custom_https_provisioning_enabled          = true
+      certificate_source                         = "AzureKeyVault"
+      azure_key_vault_certificate_vault_id       = data.azurerm_key_vault.key_vault_mgmt.id
+      azure_key_vault_certificate_secret_name    = data.azurerm_key_vault_secret.mydomain-com-certificate.name
+      azure_key_vault_certificate_secret_version = data.azurerm_key_vault_secret.mydomain-com-certificate.version
+    }
+  }
+  frontdoor_rules_engine = {
+    mydomain-com = {
+      frontdoor_name    = "service-env-fd.azurefd.net"
+      routing_rule_name = "kubernetes_cluster_controller"
+    }
+  }
+  frontdoor_rules_engine_config = {
+    mydomaincom = {
+      rules = {
+        entire = {
+          priority                  = "0"
+          match_processing_behavior = "Stop"
+          action = {
+            route_configuration_override = {
+              custom_host       = "mydomain.com"
+              custom_path       = "/"
+              redirect_protocol = "HttpsOnly"
+              redirect_type     = "PermanentRedirect"
+            }
+          }
+          match_conditions = [
+            {
+              match_value      = ["mydomain.com mydomain.com/"]
+              match_variable   = "RequestUri"
+              operator         = "Equal"
+              negate_condition = false
+              selector         = ""
+              transforms       = []
+            }
+          ]
+        }
+      }
+    }
+  }
+  tags = {
+    service = "service_name"
+  }
+}
+```
+<!-- END_TF_DOCS -->
