terraform-azurerm-caf-enter.../locals.role_assignments.tf

49 строки
1.9 KiB
Terraform
Исходник Обычный вид История

2020-09-25 22:39:19 +03:00
# The following locals are used to extract the Role Assignment
2020-10-09 15:19:33 +03:00
# configuration from the archetype module outputs.
2020-09-25 22:39:19 +03:00
locals {
2020-10-09 15:19:33 +03:00
es_role_assignments_by_management_group = flatten([
for archetype in values(module.management_group_archetypes) :
archetype.configuration.azurerm_role_assignment
2020-10-09 15:19:33 +03:00
])
es_role_assignments_by_subscription = local.empty_list
2020-10-09 15:19:33 +03:00
es_role_assignments = concat(
local.es_role_assignments_by_management_group,
local.es_role_assignments_by_subscription,
)
}
# The following locals are used to build the map of Role
# Assignments to deploy.
locals {
azurerm_role_assignment_enterprise_scale = {
for assignment in local.es_role_assignments :
assignment.resource_id => assignment
}
}
# The following locals are used to build the output of Role
# Assignments created by the child module.
locals {
flatten_role_assignments_for_policy_output = flatten([
for pa_id, role_assignments in module.role_assignments_for_policy : [
for role_assignment_id, role_assignment_config in role_assignments.azurerm_role_assignment : {
role_assignment_id = role_assignment_id
role_assignment_config = role_assignment_config
}
]
])
role_assignments_for_policy_output = {
for role in local.flatten_role_assignments_for_policy_output :
(role.role_assignment_id) => role.role_assignment_config
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
}
2020-09-25 22:39:19 +03:00
}
# The following locals is required to resolve bug as per https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/794
# This locals is used by resource "azurerm_role_assignment" "private_dns_zone_contributor_connectivity"
# in resources.role_assignments.tf to determine if the connectivity management group exists
locals {
connectivity_mg_exists = length([for k, v in local.es_landing_zones_map : v if(v.id == "${var.root_id}-connectivity")]) > 0
platform_mg_exists = length([for k, v in local.es_landing_zones_map : v if(v.id == "${var.root_id}-platform")]) > 0
}