FAZ: Terraform update to support latest AzureRM Provider

FortiAnalyzer/Terraform/ha/deploy.sh

@@ -41,7 +41,7 @@ then
 else
     location="$DEPLOY_LOCATION"
 fi
-export TF_VAR_LOCATION="$location"
+export TF_VAR_location="$location"
 echo ""
 echo "--> Deployment in $location location ..."
 echo ""
@@ -60,7 +60,7 @@ then
 else
     prefix="$DEPLOY_PREFIX"
 fi
-export TF_VAR_PREFIX="$prefix"
+export TF_VAR_prefix="$prefix"
 echo ""
 echo "--> Using prefix $prefix for all resources ..."
 echo ""
@@ -71,17 +71,17 @@ then
     # Input username
     echo -n "Enter username (default: azureuser): "
     stty_orig=`stty -g` # save original terminal setting.
-    read USERNAME         # read the prefix
+    read username         # read the prefix
     stty $stty_orig     # restore terminal setting.
-    if [ -z "$USERNAME" ]
+    if [ -z "$username" ]
     then
-        USERNAME="azureuser"
+        username="azureuser"
     fi
 else
-    USERNAME="$DEPLOY_USERNAME"
+    username="$DEPLOY_USERNAME"
 fi
 echo ""
-echo "--> Using username '$USERNAME' ..."
+echo "--> Using username '$username' ..."
 echo ""
 
 if [ -z "$DEPLOY_PASSWORD" ]
@@ -99,7 +99,27 @@ else
     echo "--> Using password found in env variable DEPLOY_PASSWORD ..."
     echo ""
 fi
-PASSWORD="$passwd"
+password="$passwd"
+
+if [ -z "$DEPLOY_SUBSCRIPTION_ID" ]
+then
+    detected_id=`az account show | jq ".id" -r`
+    # Input username
+    echo -n "Enter subscription ID (press enter for detected id: '$detected_id'): "
+    stty_orig=`stty -g` # save original terminal setting.
+    read subscription_id         # read the subscription id
+    stty $stty_orig     # restore terminal setting.
+    if [ -z "$subscription_id" ]
+    then
+        subscription_id="$detected_id"
+    fi
+else
+    subscription_id="$DEPLOY_SUBSCRIPTION_ID"
+fi
+export TF_VAR_subscription_id="$subscription_id"
+echo ""
+echo "--> Using subscription id '$subscription_id' ..."
+echo ""
 
 SUMMARY="summary.out"
 
@@ -117,8 +137,8 @@ echo ""
 echo "==> Terraform plan"
 echo ""
 terraform plan --out "$PLAN" \
-                -var "USERNAME=$USERNAME" \
-                -var "PASSWORD=$PASSWORD"
+                -var "username=$username" \
+                -var "password=$password"
 
 echo ""
 echo "==> Terraform apply"

FortiAnalyzer/Terraform/ha/destroy.sh

@@ -29,7 +29,7 @@ terraform init
 echo ""
 echo "==> terraform destroy"
 echo ""
-terraform destroy -var "USERNAME=x" -var "PASSWORD=x" -var "LOCATION=x" -var "PREFIX=x" -auto-approve
+terraform destroy -auto-approve
 if [[ $? != 0 ]];
 then
     echo "--> ERROR: Destroy failed ..."

FortiAnalyzer/Terraform/ha/terraform/00-general.tf

@@ -7,19 +7,19 @@
 ##############################################################################################################
 
 # Prefix for all resources created for this deployment in Microsoft Azure
-variable "PREFIX" {
+variable "prefix" {
   description = "Added name to each deployed resource"
 }
 
-variable "LOCATION" {
+variable "location" {
   description = "Azure region"
 }
 
-variable "USERNAME" {
-}
+variable "username" {}
 
-variable "PASSWORD" {
-}
+variable "password" {}
+
+variable "subscription_id" {}
 
 ##############################################################################################################
 # FortiAnalyzer license type
@@ -79,6 +79,7 @@ terraform {
 
 provider "azurerm" {
   features {}
+  subscription_id = var.subscription_id
 }
 
 ##############################################################################################################
@@ -166,8 +167,8 @@ variable "fortinet_tags" {
 ##############################################################################################################
 
 resource "azurerm_resource_group" "resourcegroup" {
-  name     = "${var.PREFIX}-rg"
-  location = var.LOCATION
+  name     = "${var.prefix}-rg"
+  location = var.location
 }
 
 ##############################################################################################################

FortiAnalyzer/Terraform/ha/terraform/01-network.tf

@@ -11,7 +11,7 @@
 ##############################################################################################################
 
 resource "azurerm_virtual_network" "vnet" {
-  name                = "${var.PREFIX}-vnet"
+  name                = "${var.prefix}-vnet"
   address_space       = [var.vnet]
   location            = azurerm_resource_group.resourcegroup.location
   resource_group_name = azurerm_resource_group.resourcegroup.name

FortiAnalyzer/Terraform/ha/terraform/02-fortinet.tf

@@ -7,15 +7,15 @@
 ##############################################################################################################
 
 resource "azurerm_availability_set" "fazavset" {
-  name                = "${var.PREFIX}-faz-availabilityset"
-  location            = var.LOCATION
+  name                = "${var.prefix}-faz-availabilityset"
+  location            = var.location
   managed             = true
   resource_group_name = azurerm_resource_group.resourcegroup.name
 }
 
 resource "azurerm_network_security_group" "faznsg" {
-  name                = "${var.PREFIX}-faz-nsg"
-  location            = var.LOCATION
+  name                = "${var.prefix}-faz-nsg"
+  location            = var.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
 }
 
@@ -90,35 +90,35 @@ resource "azurerm_network_security_rule" "faznsgallowdevregin" {
 }
 
 resource "azurerm_public_ip" "fazpip" {
-  name                = "${var.PREFIX}-faz-vip"
-  location            = var.LOCATION
+  name                = "${var.prefix}-faz-vip"
+  location            = var.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
   allocation_method   = "Static"
   sku                 = "Standard"
-  domain_name_label   = format("%s-%s", lower(var.PREFIX), "-vip")
+  domain_name_label   = format("%s-%s", lower(var.prefix), "-vip")
 }
 
 resource "azurerm_public_ip" "fazpip2" {
-  name                = "${var.PREFIX}-faz-a-mgmt-pip"
-  location            = var.LOCATION
+  name                = "${var.prefix}-faz-a-mgmt-pip"
+  location            = var.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
   allocation_method   = "Static"
   sku                 = "Standard"
 }
 
 resource "azurerm_public_ip" "fazpip3" {
-  name                = "${var.PREFIX}-faz-b-mgmt-pip"
-  location            = var.LOCATION
+  name                = "${var.prefix}-faz-b-mgmt-pip"
+  location            = var.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
   allocation_method   = "Static"
   sku                 = "Standard"
 }
 
 resource "azurerm_network_interface" "fazaifc" {
-  name                 = "${var.PREFIX}-faz-a-nic1"
+  name                 = "${var.prefix}-faz-a-nic1"
   location             = azurerm_resource_group.resourcegroup.location
   resource_group_name  = azurerm_resource_group.resourcegroup.name
-  enable_ip_forwarding = true
+  ip_forwarding_enabled = true
 
   ip_configuration {
     name                          = "ipconfig1"
@@ -143,10 +143,10 @@ resource "azurerm_network_interface_security_group_association" "fazansg" {
 }
 
 resource "azurerm_network_interface" "fazbifc" {
-  name                 = "${var.PREFIX}-faz-b-nic1"
+  name                 = "${var.prefix}-faz-b-nic1"
   location             = azurerm_resource_group.resourcegroup.location
   resource_group_name  = azurerm_resource_group.resourcegroup.name
-  enable_ip_forwarding = true
+  ip_forwarding_enabled = true
 
   ip_configuration {
     name                          = "ipconfig1"
@@ -170,7 +170,7 @@ resource "azurerm_network_interface_security_group_association" "fazbnsg" {
 }
 
 resource "azurerm_linux_virtual_machine" "faza" {
-  name                  = "${var.PREFIX}-faz-a"
+  name                  = "${var.prefix}-faz-a"
   location              = azurerm_resource_group.resourcegroup.location
   resource_group_name   = azurerm_resource_group.resourcegroup.name
   network_interface_ids = [azurerm_network_interface.fazaifc.id]
@@ -195,18 +195,18 @@ resource "azurerm_linux_virtual_machine" "faza" {
   }
 
   os_disk {
-    name                 = "${var.PREFIX}-faz-a-osdisk"
+    name                 = "${var.prefix}-faz-a-osdisk"
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
   }
 
-  admin_username                  = var.USERNAME
-  admin_password                  = var.PASSWORD
+  admin_username                  = var.username
+  admin_password                  = var.password
   disable_password_authentication = false
   custom_data = base64encode(templatefile("${path.module}/customdata.tftpl", {
-    faz_vm_name           = "${var.PREFIX}-faz-a"
-    faz_username          = var.USERNAME
-    faz_password          = var.PASSWORD
+    faz_vm_name           = "${var.prefix}-faz-a"
+    faz_username          = var.username
+    faz_password          = var.password
     faz_ssh_public_key    = var.FAZ_SSH_PUBLIC_KEY_FILE
     faz_license_file      = var.FAZ_BYOL_LICENSE_FILE_A
     faz_license_fortiflex = var.FAZ_BYOL_FORTIFLEX_LICENSE_TOKEN_A
@@ -223,7 +223,7 @@ resource "azurerm_linux_virtual_machine" "faza" {
 }
 
 resource "azurerm_managed_disk" "faz-a-datadisk" {
-  name                 = "${var.PREFIX}-faz-a-datadisk"
+  name                 = "${var.prefix}-faz-a-datadisk"
   location             = azurerm_resource_group.resourcegroup.location
   resource_group_name  = azurerm_resource_group.resourcegroup.name
   storage_account_type = "Standard_LRS"
@@ -239,7 +239,7 @@ resource "azurerm_virtual_machine_data_disk_attachment" "faz-a-datadisk-attach"
 }
 
 resource "azurerm_linux_virtual_machine" "fazb" {
-  name                  = "${var.PREFIX}-faz-b"
+  name                  = "${var.prefix}-faz-b"
   location              = azurerm_resource_group.resourcegroup.location
   resource_group_name   = azurerm_resource_group.resourcegroup.name
   network_interface_ids = [azurerm_network_interface.fazbifc.id]
@@ -264,18 +264,18 @@ resource "azurerm_linux_virtual_machine" "fazb" {
   }
 
   os_disk {
-    name                 = "${var.PREFIX}-faz-b-osdisk"
+    name                 = "${var.prefix}-faz-b-osdisk"
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
   }
 
-  admin_username                  = var.USERNAME
-  admin_password                  = var.PASSWORD
+  admin_username                  = var.username
+  admin_password                  = var.password
   disable_password_authentication = false
   custom_data = base64encode(templatefile("${path.module}/customdata.tftpl", {
-    faz_vm_name           = "${var.PREFIX}-faz-b"
-    faz_username          = var.USERNAME
-    faz_password          = var.PASSWORD
+    faz_vm_name           = "${var.prefix}-faz-b"
+    faz_username          = var.username
+    faz_password          = var.password
     faz_license_file      = var.FAZ_BYOL_LICENSE_FILE_B
     faz_license_fortiflex = var.FAZ_BYOL_FORTIFLEX_LICENSE_TOKEN_B
     faz_serial_number     = var.FAZ_BYOL_SERIAL_NUMBER_A
@@ -292,7 +292,7 @@ resource "azurerm_linux_virtual_machine" "fazb" {
 }
 
 resource "azurerm_managed_disk" "faz-b-datadisk" {
-  name                 = "${var.PREFIX}-faz-b-datadisk"
+  name                 = "${var.prefix}-faz-b-datadisk"
   location             = azurerm_resource_group.resourcegroup.location
   resource_group_name  = azurerm_resource_group.resourcegroup.name
   storage_account_type = "Standard_LRS"

FortiAnalyzer/Terraform/ha/terraform/03-output.tf

@@ -12,8 +12,8 @@
 
 output "deployment_summary" {
   value = templatefile("${path.module}/summary.tftpl", {
-    location             = var.LOCATION
-    faz_username         = var.USERNAME
+    location             = var.location
+    faz_username         = var.username
     faz_public_ip        = data.azurerm_public_ip.fazpip.ip_address
     faz_a_mgmt_public_ip = data.azurerm_public_ip.fazpip2.ip_address
     faz_b_mgmt_public_ip = data.azurerm_public_ip.fazpip3.ip_address

FortiAnalyzer/Terraform/single/deploy.sh

@@ -38,7 +38,7 @@ then
 else
     location="$DEPLOY_LOCATION"
 fi
-export TF_VAR_LOCATION="$location"
+export TF_VAR_location="$location"
 echo ""
 echo "--> Deployment in $location location ..."
 echo ""
@@ -57,7 +57,7 @@ then
 else
     prefix="$DEPLOY_PREFIX"
 fi
-export TF_VAR_PREFIX="$prefix"
+export TF_VAR_prefix="$prefix"
 echo ""
 echo "--> Using prefix $prefix for all resources ..."
 echo ""
@@ -68,17 +68,17 @@ then
     # Input username
     echo -n "Enter username (default: azureuser): "
     stty_orig=`stty -g` # save original terminal setting.
-    read USERNAME         # read the prefix
+    read username         # read the prefix
     stty $stty_orig     # restore terminal setting.
     if [ -z "$USERNAME" ]
     then
-        USERNAME="azureuser"
+        username="azureuser"
     fi
 else
-    USERNAME="$DEPLOY_USERNAME"
+    username="$DEPLOY_USERNAME"
 fi
 echo ""
-echo "--> Using username '$USERNAME' ..."
+echo "--> Using username '$username' ..."
 echo ""
 
 if [ -z "$DEPLOY_PASSWORD" ]
@@ -96,7 +96,7 @@ else
     echo "--> Using password found in env variable DEPLOY_PASSWORD ..."
     echo ""
 fi
-PASSWORD="$passwd"
+password="$passwd"
 
 SUMMARY="summary.out"
 
@@ -114,8 +114,8 @@ echo ""
 echo "==> Terraform plan"
 echo ""
 terraform plan --out "$PLAN" \
-                -var "USERNAME=$USERNAME" \
-                -var "PASSWORD=$PASSWORD"
+                -var "username=$username" \
+                -var "password=$password"
 
 echo ""
 echo "==> Terraform apply"

FortiAnalyzer/Terraform/single/destroy.sh

@@ -29,7 +29,7 @@ terraform init
 echo ""
 echo "==> terraform destroy"
 echo ""
-terraform destroy -var "USERNAME=x" -var "PASSWORD=x" -var "LOCATION=x" -var "PREFIX=x" -auto-approve
+terraform destroy -var "USERNAME=x" -var "PASSWORD=x" -var "LOCATION=x" -var "prefix=x" -auto-approve
 if [[ $? != 0 ]];
 then
     echo "--> ERROR: Destroy failed ..."