Add Search service module (aztfmod#1907)

* azure search service module * Added outputs for search service module * updated standalone-scenarios for search service * updated module with feedback provided * updated examples folder
blinqas · Jan 22, 2024 · 5b85b6e · 5b85b6e
1 parent 4991af0
commit 5b85b6e
Show file tree

Hide file tree

Showing 16 changed files with 284 additions and 2 deletions.
diff --git a/.github/workflows/standalone-scenarios.json b/.github/workflows/standalone-scenarios.json
@@ -145,6 +145,9 @@
     "redis_cache/103-redis-private-endpoints",
     "role_mapping/100-simple-role-mapping",
     "role_mapping/101-function-app-managed-identity",
+    "search_service/100-search-service-both-apikeys-and-azuread",
+    "search_service/101-search-service-only-api-keys",
+    "search_service/102-search-service-only-azuread",
     "sentinel/101-automation_rule",
     "sentinel/104-ar_fusion",
     "sentinel/105-ar_ml_behavior_analytics",

diff --git a/examples/module.tf b/examples/module.tf
@@ -428,4 +428,7 @@ module "example" {
     maintenance_configuration              = var.maintenance_configuration
     maintenance_assignment_virtual_machine = var.maintenance_assignment_virtual_machine
   }
+  search_services = {
+    search_services = var.search_services
+  }
 }
diff --git a/examples/search_service/100-search-service-both-apikeys-and-azuread/configuration.tfvars b/examples/search_service/100-search-service-both-apikeys-and-azuread/configuration.tfvars
@@ -0,0 +1,61 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "eastus"
+  }
+  inherit_tags = true
+  #   prefixes      = ["iac-shared"]
+  #   random_length = 0
+}
+
+
+resource_groups = {
+  new_rg = {
+    name     = "RG1"
+    location = "region1"
+  }
+}
+
+vnets = {
+  vnet1 = {
+    resource_group_key = "new_rg"
+    vnet = {
+      name          = "vnet-001"
+      address_space = ["10.5.0.0/16"]
+    }
+    subnets = {
+      default = {
+        name    = "default"
+        cidr    = ["10.5.1.0/24"]
+      }
+    }
+  }
+}
+
+search_services = {
+  ss1 = {
+    name               = "ss001"
+    resource_group_key = "new_rg"
+    region             = "region1"
+    identity = {
+      type = "SystemAssigned"
+    }
+    sku                          = "basic"
+    local_authentication_enabled = true
+    authentication_failure_mode  = "http403"
+    partition_count              = 1
+    replica_count                = 2
+    private_endpoints = {
+      pe1 = {
+        name       = "pe-searchservice"
+        subnet_key = "default"
+        vnet_key   = "vnet1"
+        private_service_connection = {
+          name                 = "pe-ssconnection"
+          is_manual_connection = false
+          subresource_names    = ["searchService"]
+        }
+      }
+    }
+  }
+}
diff --git a/examples/search_service/101-search-service-only-api-keys/configuration.tfvars b/examples/search_service/101-search-service-only-api-keys/configuration.tfvars
@@ -0,0 +1,25 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "eastus"
+  }
+  inherit_tags = true
+  #   prefixes      = ["iac-shared"]
+  #   random_length = 0
+}
+
+resource_groups = {
+  new_rg = {
+    name     = "RG1"
+    location = "region1"
+  }
+}
+
+search_services = {
+  ss1 = {
+    name               = "ss002"
+    resource_group_key = "new_rg"
+    region             = "region1"
+    sku                = "basic"
+  }
+}
diff --git a/examples/search_service/102-search-service-only-azuread/configuration.tfvars b/examples/search_service/102-search-service-only-azuread/configuration.tfvars
@@ -0,0 +1,29 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "eastus"
+  }
+  inherit_tags = true
+}
+
+resource_groups = {
+  new_rg = {
+    name     = "RG1"
+    location = "region1"
+  }
+}
+
+search_services = {
+  ss1 = {
+    name               = "ss003"
+    resource_group_key = "new_rg"
+    region             = "region1"
+    sku                = "standard"
+    identity = {
+      type = "SystemAssigned"
+    }
+    local_authentication_enabled  = false
+    # public_network_access_enabled = true
+    # allowed_ips                   = ["13.478.57.73"]
+  }
+}
diff --git a/examples/variables.tf b/examples/variables.tf
@@ -1123,3 +1123,6 @@ variable "maintenance_configuration" {
 variable "maintenance_assignment_virtual_machine" {
   default = {}
 }
+variable "search_services" {
+  default     = {}
+}
diff --git a/local.remote_objects.tf b/local.remote_objects.tf
@@ -113,6 +113,7 @@ locals {
     recovery_vaults                                = try(local.combined_objects_recovery_vaults, null)
     redis_caches                                   = try(local.combined_objects_redis_caches, null)
     resource_groups                                = try(local.combined_objects_resource_groups, null)
+    search_services                                = try(local.combined_objects_search_services, null)
     servicebus_namespaces                          = try(local.combined_objects_servicebus_namespaces, null)
     servicebus_topics                              = try(local.combined_objects_servicebus_topics, null)
     servicebus_queues                              = try(local.combined_objects_servicebus_queues, null)

diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf
@@ -146,6 +146,7 @@ locals {
   combined_objects_relay_namespace                                = merge(tomap({ (local.client_config.landingzone_key) = module.relay_namespace }), try(var.remote_objects.relay_namespace, {}))
   combined_objects_resource_groups                                = merge(tomap({ (local.client_config.landingzone_key) = merge(local.resource_groups, try(var.data_sources.resource_groups, {})) }), try(var.remote_objects.resource_groups, {}))
   combined_objects_route_tables                                   = merge(tomap({ (local.client_config.landingzone_key) = module.route_tables }), try(var.remote_objects.route_tables, {}))
+  combined_objects_search_services                                = merge(tomap({ (local.client_config.landingzone_key) = module.search_service }), try(var.remote_objects.search_services, {}), try(var.data_sources.search_services, {}))
   combined_objects_sentinel_watchlists                            = merge(tomap({ (local.client_config.landingzone_key) = module.sentinel_watchlists }), try(var.remote_objects.sentinel_watchlists, {}))
   combined_objects_servicebus_namespaces                          = merge(tomap({ (local.client_config.landingzone_key) = module.servicebus_namespaces }), try(var.remote_objects.servicebus_namespaces, {}), try(var.data_sources.servicebus_namespaces, {}))
   combined_objects_servicebus_queues                              = merge(tomap({ (local.client_config.landingzone_key) = module.servicebus_queues }), try(var.remote_objects.servicebus_queues, {}), try(var.data_sources.servicebus_queues, {}))

diff --git a/locals.tf b/locals.tf
@@ -247,7 +247,9 @@ locals {
   cognitive_services = {
     cognitive_services_account = try(var.cognitive_services.cognitive_services_account, {})
   }
-
+  search_services = {
+    search_services = try(var.search_services.search_services, {})
+  }
   maps = {
     maps_accounts = try(var.maps.maps_accounts, {})
   }

diff --git a/modules/search_service/main.tf b/modules/search_service/main.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    azurecaf = {
+      source = "aztfmod/azurecaf"
+    }
+  }
+
+}
+
+locals {
+  tags = var.base_tags ? merge(
+    var.global_settings.tags,
+    try(var.resource_group.tags, null),
+    try(var.settings.tags, null)
+  ) : try(var.settings.tags, null)
+
+  location            = coalesce(var.location, var.resource_group.location)
+  resource_group_name = coalesce(var.resource_group_name, var.resource_group.name)
+}
diff --git a/modules/search_service/output.tf b/modules/search_service/output.tf
@@ -0,0 +1,16 @@
+output "name" {
+  value = azurerm_search_service.search_service.name
+}
+
+output "location" {
+  value = azurerm_search_service.search_service.location
+}
+
+output "tags" {
+  value = azurerm_search_service.search_service.tags
+
+}
+
+output "id" {
+  value = azurerm_search_service.search_service.id
+}
diff --git a/modules/search_service/private_endpoint.tf b/modules/search_service/private_endpoint.tf
@@ -0,0 +1,18 @@
+module "private_endpoint" {
+  source   = "../networking/private_endpoint"
+  for_each = var.private_endpoints
+
+  resource_id         = azurerm_search_service.search_service.id
+  name                = each.value.name
+  location            = local.location
+  resource_group_name = local.resource_group_name
+  subnet_id           = can(each.value.subnet_id) || can(each.value.virtual_subnet_key) ? try(each.value.subnet_id, var.virtual_subnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.virtual_subnet_key].id) : var.vnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.vnet_key].subnets[each.value.subnet_key].id
+  settings            = each.value
+  global_settings     = var.global_settings
+  tags                = local.tags
+  base_tags           = var.base_tags
+  private_dns         = var.private_dns
+  client_config       = var.client_config
+}
+
+
diff --git a/modules/search_service/searchservice.tf b/modules/search_service/searchservice.tf
@@ -0,0 +1,32 @@
+
+resource "azurecaf_name" "service" {
+  name          = var.settings.name
+  prefixes      = var.global_settings.prefixes
+  resource_type = "azurerm_search_service"
+  random_length = var.global_settings.random_length
+  clean_input   = true
+  passthrough   = var.global_settings.passthrough
+  use_slug      = var.global_settings.use_slug
+}
+
+resource "azurerm_search_service" "search_service" {
+  name                                     = azurecaf_name.service.result
+  location                                 = local.location
+  resource_group_name                      = local.resource_group_name
+  sku                                      = lower(var.settings.sku)
+  local_authentication_enabled             = try(var.settings.local_authentication_enabled, null)
+  authentication_failure_mode              = try(var.settings.authentication_failure_mode, null)
+  public_network_access_enabled            = try(var.settings.public_network_access_enabled, false)
+  allowed_ips                              = try(var.settings.public_network_access_enabled, false) ? try(var.settings.allowed_ips, []) : []
+  customer_managed_key_enforcement_enabled = try(var.settings.customer_managed_key_enforcement_enabled, null)
+  hosting_mode                             = (lower(var.settings.sku) == "standard3") ? try(var.settings.hosting_mode, "default") : null
+  dynamic "identity" {
+    for_each = try(var.identity, null) == null ? [] : [1]
+
+    content {
+      type = var.identity.type
+    }
+  }
+  partition_count = ((lower(var.settings.sku) != "free") && (lower(var.settings.sku) != "basic")) ? try(var.settings.partition_count, null) : null
+  replica_count   = (lower(var.settings.sku) != "free") ? try(var.settings.replica_count, null) : null
+}
diff --git a/modules/search_service/variables.tf b/modules/search_service/variables.tf
@@ -0,0 +1,44 @@
+variable "global_settings" {
+  description = "Global settings object (see module README.md)"
+}
+variable "client_config" {
+  description = "Client configuration object (see module README.md)."
+}
+variable "location" {
+  description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created."
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "Name of the existing resource group to deploy the virtual machine"
+  type        = string
+}
+variable "resource_group" {
+  description = "Resource group object to deploy the virtual machine"
+}
+variable "identity" {
+  default = null
+}
+
+variable "settings" {}
+
+variable "private_endpoints" {
+  default = {}
+}
+
+variable "private_dns" {
+  default = {}
+}
+
+variable "base_tags" {
+  description = "Base tags for the resource to be inherited from the resource group."
+  type        = bool
+}
+variable "vnets" {
+  default = {}
+}
+variable "virtual_subnets" {
+  description = "Map of virtual_subnets objects"
+  default     = {}
+  nullable    = false
+}
diff --git a/search_service.tf b/search_service.tf
@@ -0,0 +1,21 @@
+module "search_service" {
+  source   = "./modules/search_service"
+  for_each = local.search_services.search_services
+
+  client_config       = local.client_config
+  global_settings     = local.global_settings
+  resource_group      = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)]
+  resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : null
+  location            = lookup(each.value, "region", null) == null ? local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location : local.global_settings.regions[each.value.region]
+  settings            = each.value
+  base_tags           = local.global_settings.inherit_tags
+  identity            = try(each.value.identity, null)
+  private_endpoints   = try(each.value.private_endpoints, {})
+  private_dns         = local.combined_objects_private_dns
+  vnets               = local.combined_objects_networking
+  virtual_subnets     = local.combined_objects_virtual_subnets
+}
+
+output "search_service" {
+  value = module.search_service
+}
diff --git a/variables.tf b/variables.tf
@@ -440,4 +440,8 @@ variable "powerbi_embedded" {
 }
 variable "maintenance" {
   default = {}
-}
+}
+variable "search_services" {
+  description = "Configuration object - Search service Resource "
+  default     = {}
+}