From 7624a6a2ea19550155c6a8532172e61f65e23547 Mon Sep 17 00:00:00 2001 From: Joeri Van Hoof Date: Tue, 12 Nov 2024 09:43:26 +0100 Subject: [PATCH] FAZ: Terraform update to support latest AzureRM Provider --- FortiAnalyzer/Terraform/ha/deploy.sh | 40 +++++++++--- FortiAnalyzer/Terraform/ha/destroy.sh | 2 +- .../Terraform/ha/terraform/00-general.tf | 17 ++--- .../Terraform/ha/terraform/01-network.tf | 2 +- .../Terraform/ha/terraform/02-fortinet.tf | 62 +++++++++---------- .../Terraform/ha/terraform/03-output.tf | 4 +- FortiAnalyzer/Terraform/single/deploy.sh | 18 +++--- FortiAnalyzer/Terraform/single/destroy.sh | 2 +- .../Terraform/single/terraform/00-general.tf | 15 +++-- .../Terraform/single/terraform/01-network.tf | 2 +- .../Terraform/single/terraform/02-fortinet.tf | 26 ++++---- .../Terraform/single/terraform/03-output.tf | 4 +- 12 files changed, 109 insertions(+), 85 deletions(-) diff --git a/FortiAnalyzer/Terraform/ha/deploy.sh b/FortiAnalyzer/Terraform/ha/deploy.sh index 0111d18b..b6bc4cf5 100755 --- a/FortiAnalyzer/Terraform/ha/deploy.sh +++ b/FortiAnalyzer/Terraform/ha/deploy.sh @@ -41,7 +41,7 @@ then else location="$DEPLOY_LOCATION" fi -export TF_VAR_LOCATION="$location" +export TF_VAR_location="$location" echo "" echo "--> Deployment in $location location ..." echo "" @@ -60,7 +60,7 @@ then else prefix="$DEPLOY_PREFIX" fi -export TF_VAR_PREFIX="$prefix" +export TF_VAR_prefix="$prefix" echo "" echo "--> Using prefix $prefix for all resources ..." echo "" @@ -71,17 +71,17 @@ then # Input username echo -n "Enter username (default: azureuser): " stty_orig=`stty -g` # save original terminal setting. - read USERNAME # read the prefix + read username # read the prefix stty $stty_orig # restore terminal setting. - if [ -z "$USERNAME" ] + if [ -z "$username" ] then - USERNAME="azureuser" + username="azureuser" fi else - USERNAME="$DEPLOY_USERNAME" + username="$DEPLOY_USERNAME" fi echo "" -echo "--> Using username '$USERNAME' ..." +echo "--> Using username '$username' ..." echo "" if [ -z "$DEPLOY_PASSWORD" ] @@ -99,7 +99,27 @@ else echo "--> Using password found in env variable DEPLOY_PASSWORD ..." echo "" fi -PASSWORD="$passwd" +password="$passwd" + +if [ -z "$DEPLOY_SUBSCRIPTION_ID" ] +then + detected_id=`az account show | jq ".id" -r` + # Input username + echo -n "Enter subscription ID (press enter for detected id: '$detected_id'): " + stty_orig=`stty -g` # save original terminal setting. + read subscription_id # read the subscription id + stty $stty_orig # restore terminal setting. + if [ -z "$subscription_id" ] + then + subscription_id="$detected_id" + fi +else + subscription_id="$DEPLOY_SUBSCRIPTION_ID" +fi +export TF_VAR_subscription_id="$subscription_id" +echo "" +echo "--> Using subscription id '$subscription_id' ..." +echo "" SUMMARY="summary.out" @@ -117,8 +137,8 @@ echo "" echo "==> Terraform plan" echo "" terraform plan --out "$PLAN" \ - -var "USERNAME=$USERNAME" \ - -var "PASSWORD=$PASSWORD" + -var "username=$username" \ + -var "password=$password" echo "" echo "==> Terraform apply" diff --git a/FortiAnalyzer/Terraform/ha/destroy.sh b/FortiAnalyzer/Terraform/ha/destroy.sh index 74085f76..1be709a2 100755 --- a/FortiAnalyzer/Terraform/ha/destroy.sh +++ b/FortiAnalyzer/Terraform/ha/destroy.sh @@ -29,7 +29,7 @@ terraform init echo "" echo "==> terraform destroy" echo "" -terraform destroy -var "USERNAME=x" -var "PASSWORD=x" -var "LOCATION=x" -var "PREFIX=x" -auto-approve +terraform destroy -auto-approve if [[ $? != 0 ]]; then echo "--> ERROR: Destroy failed ..." diff --git a/FortiAnalyzer/Terraform/ha/terraform/00-general.tf b/FortiAnalyzer/Terraform/ha/terraform/00-general.tf index fd8d20e0..9d36eccb 100644 --- a/FortiAnalyzer/Terraform/ha/terraform/00-general.tf +++ b/FortiAnalyzer/Terraform/ha/terraform/00-general.tf @@ -7,19 +7,19 @@ ############################################################################################################## # Prefix for all resources created for this deployment in Microsoft Azure -variable "PREFIX" { +variable "prefix" { description = "Added name to each deployed resource" } -variable "LOCATION" { +variable "location" { description = "Azure region" } -variable "USERNAME" { -} +variable "username" {} -variable "PASSWORD" { -} +variable "password" {} + +variable "subscription_id" {} ############################################################################################################## # FortiAnalyzer license type @@ -79,6 +79,7 @@ terraform { provider "azurerm" { features {} + subscription_id = var.subscription_id } ############################################################################################################## @@ -166,8 +167,8 @@ variable "fortinet_tags" { ############################################################################################################## resource "azurerm_resource_group" "resourcegroup" { - name = "${var.PREFIX}-rg" - location = var.LOCATION + name = "${var.prefix}-rg" + location = var.location } ############################################################################################################## diff --git a/FortiAnalyzer/Terraform/ha/terraform/01-network.tf b/FortiAnalyzer/Terraform/ha/terraform/01-network.tf index 1c5e091c..76287d1c 100644 --- a/FortiAnalyzer/Terraform/ha/terraform/01-network.tf +++ b/FortiAnalyzer/Terraform/ha/terraform/01-network.tf @@ -11,7 +11,7 @@ ############################################################################################################## resource "azurerm_virtual_network" "vnet" { - name = "${var.PREFIX}-vnet" + name = "${var.prefix}-vnet" address_space = [var.vnet] location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name diff --git a/FortiAnalyzer/Terraform/ha/terraform/02-fortinet.tf b/FortiAnalyzer/Terraform/ha/terraform/02-fortinet.tf index afb05aad..62082334 100644 --- a/FortiAnalyzer/Terraform/ha/terraform/02-fortinet.tf +++ b/FortiAnalyzer/Terraform/ha/terraform/02-fortinet.tf @@ -7,15 +7,15 @@ ############################################################################################################## resource "azurerm_availability_set" "fazavset" { - name = "${var.PREFIX}-faz-availabilityset" - location = var.LOCATION + name = "${var.prefix}-faz-availabilityset" + location = var.location managed = true resource_group_name = azurerm_resource_group.resourcegroup.name } resource "azurerm_network_security_group" "faznsg" { - name = "${var.PREFIX}-faz-nsg" - location = var.LOCATION + name = "${var.prefix}-faz-nsg" + location = var.location resource_group_name = azurerm_resource_group.resourcegroup.name } @@ -90,35 +90,35 @@ resource "azurerm_network_security_rule" "faznsgallowdevregin" { } resource "azurerm_public_ip" "fazpip" { - name = "${var.PREFIX}-faz-vip" - location = var.LOCATION + name = "${var.prefix}-faz-vip" + location = var.location resource_group_name = azurerm_resource_group.resourcegroup.name allocation_method = "Static" sku = "Standard" - domain_name_label = format("%s-%s", lower(var.PREFIX), "-vip") + domain_name_label = format("%s-%s", lower(var.prefix), "-vip") } resource "azurerm_public_ip" "fazpip2" { - name = "${var.PREFIX}-faz-a-mgmt-pip" - location = var.LOCATION + name = "${var.prefix}-faz-a-mgmt-pip" + location = var.location resource_group_name = azurerm_resource_group.resourcegroup.name allocation_method = "Static" sku = "Standard" } resource "azurerm_public_ip" "fazpip3" { - name = "${var.PREFIX}-faz-b-mgmt-pip" - location = var.LOCATION + name = "${var.prefix}-faz-b-mgmt-pip" + location = var.location resource_group_name = azurerm_resource_group.resourcegroup.name allocation_method = "Static" sku = "Standard" } resource "azurerm_network_interface" "fazaifc" { - name = "${var.PREFIX}-faz-a-nic1" + name = "${var.prefix}-faz-a-nic1" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name - enable_ip_forwarding = true + ip_forwarding_enabled = true ip_configuration { name = "ipconfig1" @@ -143,10 +143,10 @@ resource "azurerm_network_interface_security_group_association" "fazansg" { } resource "azurerm_network_interface" "fazbifc" { - name = "${var.PREFIX}-faz-b-nic1" + name = "${var.prefix}-faz-b-nic1" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name - enable_ip_forwarding = true + ip_forwarding_enabled = true ip_configuration { name = "ipconfig1" @@ -170,7 +170,7 @@ resource "azurerm_network_interface_security_group_association" "fazbnsg" { } resource "azurerm_linux_virtual_machine" "faza" { - name = "${var.PREFIX}-faz-a" + name = "${var.prefix}-faz-a" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name network_interface_ids = [azurerm_network_interface.fazaifc.id] @@ -195,18 +195,18 @@ resource "azurerm_linux_virtual_machine" "faza" { } os_disk { - name = "${var.PREFIX}-faz-a-osdisk" + name = "${var.prefix}-faz-a-osdisk" caching = "ReadWrite" storage_account_type = "Standard_LRS" } - admin_username = var.USERNAME - admin_password = var.PASSWORD + admin_username = var.username + admin_password = var.password disable_password_authentication = false custom_data = base64encode(templatefile("${path.module}/customdata.tftpl", { - faz_vm_name = "${var.PREFIX}-faz-a" - faz_username = var.USERNAME - faz_password = var.PASSWORD + faz_vm_name = "${var.prefix}-faz-a" + faz_username = var.username + faz_password = var.password faz_ssh_public_key = var.FAZ_SSH_PUBLIC_KEY_FILE faz_license_file = var.FAZ_BYOL_LICENSE_FILE_A faz_license_fortiflex = var.FAZ_BYOL_FORTIFLEX_LICENSE_TOKEN_A @@ -223,7 +223,7 @@ resource "azurerm_linux_virtual_machine" "faza" { } resource "azurerm_managed_disk" "faz-a-datadisk" { - name = "${var.PREFIX}-faz-a-datadisk" + name = "${var.prefix}-faz-a-datadisk" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name storage_account_type = "Standard_LRS" @@ -239,7 +239,7 @@ resource "azurerm_virtual_machine_data_disk_attachment" "faz-a-datadisk-attach" } resource "azurerm_linux_virtual_machine" "fazb" { - name = "${var.PREFIX}-faz-b" + name = "${var.prefix}-faz-b" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name network_interface_ids = [azurerm_network_interface.fazbifc.id] @@ -264,18 +264,18 @@ resource "azurerm_linux_virtual_machine" "fazb" { } os_disk { - name = "${var.PREFIX}-faz-b-osdisk" + name = "${var.prefix}-faz-b-osdisk" caching = "ReadWrite" storage_account_type = "Standard_LRS" } - admin_username = var.USERNAME - admin_password = var.PASSWORD + admin_username = var.username + admin_password = var.password disable_password_authentication = false custom_data = base64encode(templatefile("${path.module}/customdata.tftpl", { - faz_vm_name = "${var.PREFIX}-faz-b" - faz_username = var.USERNAME - faz_password = var.PASSWORD + faz_vm_name = "${var.prefix}-faz-b" + faz_username = var.username + faz_password = var.password faz_license_file = var.FAZ_BYOL_LICENSE_FILE_B faz_license_fortiflex = var.FAZ_BYOL_FORTIFLEX_LICENSE_TOKEN_B faz_serial_number = var.FAZ_BYOL_SERIAL_NUMBER_A @@ -292,7 +292,7 @@ resource "azurerm_linux_virtual_machine" "fazb" { } resource "azurerm_managed_disk" "faz-b-datadisk" { - name = "${var.PREFIX}-faz-b-datadisk" + name = "${var.prefix}-faz-b-datadisk" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name storage_account_type = "Standard_LRS" diff --git a/FortiAnalyzer/Terraform/ha/terraform/03-output.tf b/FortiAnalyzer/Terraform/ha/terraform/03-output.tf index 7d0c44b0..979ca331 100644 --- a/FortiAnalyzer/Terraform/ha/terraform/03-output.tf +++ b/FortiAnalyzer/Terraform/ha/terraform/03-output.tf @@ -12,8 +12,8 @@ output "deployment_summary" { value = templatefile("${path.module}/summary.tftpl", { - location = var.LOCATION - faz_username = var.USERNAME + location = var.location + faz_username = var.username faz_public_ip = data.azurerm_public_ip.fazpip.ip_address faz_a_mgmt_public_ip = data.azurerm_public_ip.fazpip2.ip_address faz_b_mgmt_public_ip = data.azurerm_public_ip.fazpip3.ip_address diff --git a/FortiAnalyzer/Terraform/single/deploy.sh b/FortiAnalyzer/Terraform/single/deploy.sh index 1b4b6e1d..da529a33 100755 --- a/FortiAnalyzer/Terraform/single/deploy.sh +++ b/FortiAnalyzer/Terraform/single/deploy.sh @@ -38,7 +38,7 @@ then else location="$DEPLOY_LOCATION" fi -export TF_VAR_LOCATION="$location" +export TF_VAR_location="$location" echo "" echo "--> Deployment in $location location ..." echo "" @@ -57,7 +57,7 @@ then else prefix="$DEPLOY_PREFIX" fi -export TF_VAR_PREFIX="$prefix" +export TF_VAR_prefix="$prefix" echo "" echo "--> Using prefix $prefix for all resources ..." echo "" @@ -68,17 +68,17 @@ then # Input username echo -n "Enter username (default: azureuser): " stty_orig=`stty -g` # save original terminal setting. - read USERNAME # read the prefix + read username # read the prefix stty $stty_orig # restore terminal setting. if [ -z "$USERNAME" ] then - USERNAME="azureuser" + username="azureuser" fi else - USERNAME="$DEPLOY_USERNAME" + username="$DEPLOY_USERNAME" fi echo "" -echo "--> Using username '$USERNAME' ..." +echo "--> Using username '$username' ..." echo "" if [ -z "$DEPLOY_PASSWORD" ] @@ -96,7 +96,7 @@ else echo "--> Using password found in env variable DEPLOY_PASSWORD ..." echo "" fi -PASSWORD="$passwd" +password="$passwd" SUMMARY="summary.out" @@ -114,8 +114,8 @@ echo "" echo "==> Terraform plan" echo "" terraform plan --out "$PLAN" \ - -var "USERNAME=$USERNAME" \ - -var "PASSWORD=$PASSWORD" + -var "username=$username" \ + -var "password=$password" echo "" echo "==> Terraform apply" diff --git a/FortiAnalyzer/Terraform/single/destroy.sh b/FortiAnalyzer/Terraform/single/destroy.sh index 74085f76..3771f4d2 100755 --- a/FortiAnalyzer/Terraform/single/destroy.sh +++ b/FortiAnalyzer/Terraform/single/destroy.sh @@ -29,7 +29,7 @@ terraform init echo "" echo "==> terraform destroy" echo "" -terraform destroy -var "USERNAME=x" -var "PASSWORD=x" -var "LOCATION=x" -var "PREFIX=x" -auto-approve +terraform destroy -var "USERNAME=x" -var "PASSWORD=x" -var "LOCATION=x" -var "prefix=x" -auto-approve if [[ $? != 0 ]]; then echo "--> ERROR: Destroy failed ..." diff --git a/FortiAnalyzer/Terraform/single/terraform/00-general.tf b/FortiAnalyzer/Terraform/single/terraform/00-general.tf index 984a3353..3e79da11 100644 --- a/FortiAnalyzer/Terraform/single/terraform/00-general.tf +++ b/FortiAnalyzer/Terraform/single/terraform/00-general.tf @@ -6,20 +6,22 @@ ############################################################################################################## # Prefix for all resources created for this deployment in Microsoft Azure -variable "PREFIX" { +variable "prefix" { description = "Added name to each deployed resource" } -variable "LOCATION" { +variable "location" { description = "Azure region" } -variable "USERNAME" { +variable "username" { } -variable "PASSWORD" { +variable "password" { } +variable "subscription_id" {} + ############################################################################################################## # FortiAnalyzer license type ############################################################################################################## @@ -62,6 +64,7 @@ terraform { provider "azurerm" { features {} + subscription_id = var.subscription_id } ############################################################################################################## @@ -138,8 +141,8 @@ variable "fortinet_tags" { ############################################################################################################## resource "azurerm_resource_group" "resourcegroup" { - name = "${var.PREFIX}-rg" - location = var.LOCATION + name = "${var.prefix}-rg" + location = var.location } ############################################################################################################## diff --git a/FortiAnalyzer/Terraform/single/terraform/01-network.tf b/FortiAnalyzer/Terraform/single/terraform/01-network.tf index 7cfda1bd..6022ea7d 100644 --- a/FortiAnalyzer/Terraform/single/terraform/01-network.tf +++ b/FortiAnalyzer/Terraform/single/terraform/01-network.tf @@ -10,7 +10,7 @@ ############################################################################################################## resource "azurerm_virtual_network" "vnet" { - name = "${var.PREFIX}-vnet" + name = "${var.prefix}-vnet" address_space = [var.vnet] location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name diff --git a/FortiAnalyzer/Terraform/single/terraform/02-fortinet.tf b/FortiAnalyzer/Terraform/single/terraform/02-fortinet.tf index 6f751b4b..3885f70b 100644 --- a/FortiAnalyzer/Terraform/single/terraform/02-fortinet.tf +++ b/FortiAnalyzer/Terraform/single/terraform/02-fortinet.tf @@ -6,8 +6,8 @@ ############################################################################################################## resource "azurerm_network_security_group" "faznsg" { - name = "${var.PREFIX}-faz-nsg" - location = var.LOCATION + name = "${var.prefix}-faz-nsg" + location = var.location resource_group_name = azurerm_resource_group.resourcegroup.name } @@ -82,20 +82,20 @@ resource "azurerm_network_security_rule" "faznsgallowdevregin" { } resource "azurerm_public_ip" "fazpip" { - name = "${var.PREFIX}-faz-pip" - location = var.LOCATION + name = "${var.prefix}-faz-pip" + location = var.location resource_group_name = azurerm_resource_group.resourcegroup.name allocation_method = "Static" sku = "Standard" - domain_name_label = format("%s-%s", lower(var.PREFIX), "faz-pip") + domain_name_label = format("%s-%s", lower(var.prefix), "faz-pip") } resource "azurerm_network_interface" "fazifc" { - name = "${var.PREFIX}-faz-nic1" + name = "${var.prefix}-faz-nic1" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name - enable_ip_forwarding = true + ip_forwarding_enabled = true ip_configuration { name = "ipconfig1" @@ -113,7 +113,7 @@ resource "azurerm_network_interface_security_group_association" "faznsg" { } resource "azurerm_linux_virtual_machine" "faz" { - name = "${var.PREFIX}-faz" + name = "${var.prefix}-faz" location = azurerm_resource_group.resourcegroup.location resource_group_name = azurerm_resource_group.resourcegroup.name network_interface_ids = [azurerm_network_interface.fazifc.id] @@ -137,17 +137,17 @@ resource "azurerm_linux_virtual_machine" "faz" { } os_disk { - name = "${var.PREFIX}-faz-osdisk" + name = "${var.prefix}-faz-osdisk" caching = "ReadWrite" storage_account_type = "Standard_LRS" } - admin_username = var.USERNAME - admin_password = var.PASSWORD + admin_username = var.username + admin_password = var.password disable_password_authentication = false custom_data = base64encode(templatefile("${path.module}/customdata.tftpl", { - faz_vm_name = "${var.PREFIX}-faz" - faz_username = var.USERNAME + faz_vm_name = "${var.prefix}-faz" + faz_username = var.username faz_license_file = var.FAZ_BYOL_LICENSE_FILE faz_license_fortiflex = var.FAZ_BYOL_FORTIFLEX_LICENSE_TOKEN faz_ssh_public_key = var.FAZ_SSH_PUBLIC_KEY_FILE diff --git a/FortiAnalyzer/Terraform/single/terraform/03-output.tf b/FortiAnalyzer/Terraform/single/terraform/03-output.tf index f7dd06cc..40c78228 100644 --- a/FortiAnalyzer/Terraform/single/terraform/03-output.tf +++ b/FortiAnalyzer/Terraform/single/terraform/03-output.tf @@ -13,8 +13,8 @@ data "template_file" "summary" { template = file("${path.module}/summary.tpl") vars = { - location = var.LOCATION - faz_username = var.USERNAME + location = var.location + faz_username = var.username faz_public_ip_address = data.azurerm_public_ip.fazpip.ip_address faz_private_ip_address = azurerm_network_interface.fazifc.private_ip_address }