Giter VIP home page Giter VIP logo

azure / azure-verified-modules Goto Github PK

View Code? Open in Web Editor NEW
274.0 13.0 61.0 14.13 MB

Azure Verified Modules (AVM) is an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like. Modules will then align to these standards, across languages (Bicep, Terraform etc.) and will then be classified as AVMs and available from their respective language specific registries.

Home Page: https://aka.ms/AVM

License: MIT License

PowerShell 100.00%

azure-verified-modules's Introduction

πŸ“„ Please note that our documentation is published over at aka.ms/AVM. Please visit this site for more information and guidance! πŸ“„

This repository is used for proposing and tracking the state of modules, tracking issues and feature requests as well as hosting documentation for the Azure Verified Modules (AVM) project. If you are looking for the AVM code repositories, please visit the Bicep and Terraform module indexes on the AVM portal for references.

Azure Verified Modules (AVM)

Welcome to the Azure Verified Modules (AVM) repository!

Azure Verified Modules (AVM), as "One Microsoft", we want to provide and define the single definition of what a good IaC module is;

  • How they should be constructed and built
    • Enforcing consistency and testing where possible
  • How they are to be consumed
  • What they deliver for consumers in terms of resources deployed and configured
  • And where appropriate aligned across IaC languages (e.g. Bicep, Terraform, etc.)

For more information on AVM, please visit the AVM portal (https://aka.ms/AVM).

AVM Mission Statement

Our mission is to deliver a comprehensive Azure Verified Modules library in multiple IaC languages, following the principles of the well-architected framework, serving as the trusted Microsoft source of truth. Supported by Microsoft, AVM will accelerate deployment time for Azure resources and architectural patterns, empowering every person and organization on the planet on their IaC journey.

Contributing

To contribute to Azure Verified Modules please visit: aka.ms/AVM/Contribute

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

azure-verified-modules's People

Contributors

ahmadabdalla avatar alexandersehr avatar arnoldna avatar cae-pr-creator[bot] avatar chrissidebotham avatar cryp70n1x avatar dependabot[bot] avatar eriqua avatar jaredfholgate avatar javierruizjimenez avatar jeanchg avatar johnlokerse avatar jtracey93 avatar kewalaka avatar krbar avatar laurentlesle avatar lonegunmanb avatar mariusstorhaug avatar matebarabas avatar matt-ffffff avatar mbilalamjad avatar microsoft-github-operations[bot] avatar microsoftopensource avatar pmeshrampm avatar prjelesi avatar rahalan avatar renehezser avatar segraef avatar tony-box avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jtracey93 renehezser lonegunmanb ozakari prjelesi herms14 jeanchg laurentlesle pmeshrampm volatile-torpedo joeybarnes jhajduk-microsoft jimays-avila jaredfholgate sokolitdev segraef chrissidebotham bragesande94 rahalan alexandersehr kewalaka ahmadabdalla vladalonso adeelku iajeettiwari elyusubov ksagala jfolberth cassiekays nmdonathan alexanderojala 4ppli3d c6ai n-y-kim zeo-shark mrolli rnrbarbosa cryp70n1x davejdyer colincmac cyborganizer1 javierruizjimenez krbar alanflorance shocone aktapaz tony-box emichellecarter koudaiii kevball2 ashr4 simardeepsingh-zsh tapanila ktscso lukemurraynz johnlokerse rsatcodehub mikesecurity dev-olawale

azure-verified-modules's Issues

[Feedback]: Module naming policy for modules that use multiple Azure provider

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: RMNFR1 - Category: Naming - Module Naming describes:

  • <provider> is the logical abstraction of various APIs used by Terraform. In most cases, this is going to be azurerm or azuread for resource modules.

Sometimes we might need to use multiple Azure provider in one module, azurerm for resource, azuread as data source to read service application id, azapi to do some operation that azurerm do not support.

We might consider removing provider from the module's name.

[Feedback]: Explicit guidance on incorporating existing modules into AVM & on leveraging existing modules for inspiration to build net new AVM modules

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

Could we please get explicit guidance on incorporating existing modules into AVM incase there exist any instead of proposing and creating a new module

Also in case we propose and create a new module then could we get guidance on leveraging existing modules for inspiration to build net new AVM modules

[Module Proposal]: `avm-res-compute-virtualmachine` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module Name -> avm-res-compute-virtualmachine
GH repo name ->terraform-azurerm-avm-res-compute-virtualmachine

Module Details

Evolving the existing Terraform module from TFVM - https://github.com/Azure/terraform-azurerm-virtual-machine

Do you want to be the owner of this module?

No

Module Owner's GitHub Username

No response

[Question/Feedback]: Proposal to modify the default behavior in Tags Interface Spec

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

It is common to inherit tags from a parent resource group and or from a parent resource. Proposal for feedback is to modify the Tags spec to allow for the option to inherit and append tags for child resources in addition to the current option of only inserting the child resource tags.

This should help minimize errors from replaying some existing tags.

[Module Proposal]: `avm/res/desktop-virtualization/host-pool`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Resource Module

Module Name

avm/res/desktop-virtualization/host-pool

Module Details

We will be migrating and modifying the CARML module we are using for AVD LZA.

Please add as the following co-owner:
@moisesjgomez

cc: @matebarabas as we discussed submitting the issues.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

danycontre

[Module Proposal]: `avm/res/app/container-app`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Resource Module

Module Name

avm/res/app/container-app

Module Details

Not proposing a new module but interested in taking ownership of existing CARML module.

For reference: https://github.com/Azure/ResourceModules/tree/main/modules/app/container-app

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

oZakari

[Module Proposal]: `avm-res-kubernetes-connectedcluster`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name - avm-res-kubernetes-connectedcluster
GH Repo name - terraform-azurerm-avm-res-kubernetes-connectedcluster

Module Details

Terraform module for AKS, requirements from customers who wants to accelerate and standardize AKS automated deployments.

Do you want to be the owner of this module?

No

Module Owner's GitHub Username

No response

[Module Proposal]: `avm-res-sql-managedinstance`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name-> avm-res-sql-managedinstance
GH repo name -> terraform-azurerm-avm-res-sql-managedinstance

Module Details

Please refer to the this CARML Bicep module as it already implements RBAC, Locks, Tags, and Diagnostics Settings

https://github.com/Azure/ResourceModules/tree/main/modules/sql/managed-instance

Do you want to be the owner of this module?

No

Module Owner's GitHub Username

No response

[Question/Feedback]:

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

On the module submission form consider changing "resource or pattern module" to "module classification". This more closely reflect the language in the shared and specific requirements for each and the language about them.

image

[Question/Feedback]: Resource naming to follow CAF abbreviation best practices

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

Initially, great job, I feel AVM wil really take off quickly. I only just learnt about it via the recently ALZ community call and already poking around anything with AVM in the git repos now. So, thank you.

Regarding naming, within our company we were trying to adhere to the CAF best practices Abbreviation examples for Azure resources, and we were doing that via terraform-azurerm-naming. I'm hoping that something like this could be the standard across the board in some way. I say this as I was looking at the AVM Terraform storage module and noticed that was using:

name = "storage${random_pet.this.id}"

Vs the CAF abbreviation. Thought this is possibly something that could be baked into AVM to make sure resources are consistent.

Again, awesome job on this, many thanks!

[Question/Feedback]: Multiple errors in terraform telemetry sample

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

I had to make multiple modifications to get the telemtry examples included in the repo template to execute a successful plan:

Recommend making the following corrections:

  1. Remove the location value in main.telemetry.tf line 13 (this value isn't supported by the azurerm_resource_group_template_deployment resource)
  2. On line 2 in main.telemetry.tf change local.enable_telemetry to var.enable_telemetry
  3. Change line 13 references from random_id.telem to random_id.telemetry to correct a mismatch betwseen the reosurce and the reference

[Module Proposal]: `avm-res-storage-storageaccount`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name - avm-res-storage-storageaccount
Github Repo name - terraform-azurerm-avm-res-storage-storageaccount

Module Details

Terraform Storage account module for multiple SA requirements.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

chinthakaru

[Module Proposal]: `avm/ptn/avd-lza/session-hosts`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Pattern Module

Module Name

avm/ptn/avd-lza/session-hosts

Module Details

We will be migrating and modifying the CARML module we are using for AVD LZA.

Please add as the following co-owner:
@moisesjgomez

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

danycontre

[Module Proposal]: `avm-res-network-virtualnetwork` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name - avm-res-network-virtualnetwork
GH repo name - terraform-azurerm-avm-res-network-virtualnetwork

Module Details

creation of terraform module for virtual networks aligning to AVM standards

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

herms14

[Feedback]: We need different naming policy for pattern modules

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: RMNFR1 - Category: Naming - Module Naming describes:

  • avm-res-<rp>-<armresourcename> (Module name for registry)
  • terraform-<provider>-avm-res-<rp>-<armresourcename> (GitHub repository name to meet registry naming requirements)

This naming policy could not be applied to the pattern module, or modules designed for different scenarios, like terraform-aws-named-subnets and terraform-aws-dynamic-subnets.

[Question/Feedback]: Error on Lock variable declaration

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

Received the following error when adding the Lock interface in my module

Error: Unsupported attribute
β”‚
β”‚ on variables.tf line 209, in variable "lock":
β”‚ 209: condition = contains(["CanNotDelete", "ReadOnly", "None"], var.lock.type)
β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ β”‚ var.lock is a object
β”‚
β”‚ This object does not have an attribute named "type".

Added a type argument to resolve the issue

`variable "lock" {
type = object({
name = optional(string, null)
kind = optional(string, "None")
type = optional(string, "None")
})
default = {}

validation {
condition = contains(["CanNotDelete", "ReadOnly", "None"], var.lock.type)
error_message = "Lock type must be one of: CanNotDelete, ReadOnly, None."
}
}`

[Module Proposal]: `avm-res-network-loadbalancer` (res) (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name -> avm-res-network-loadbalancer
GH repo name -> terraform-azurerm-avm-res-network-loadbalancer

Module Details

Evolving the existing Terraform module from TFVM - https://github.com/Azure/terraform-azurerm-loadbalancer to AVM standards.

Do you want to be the owner of this module?

No

Module Owner's GitHub Username

No response

[Question/Feedback]: Missing local in telemetry sample - module_version

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

The template sample for telemetry references local module_version when defining the deployment local, but doesn't define it.

Recommend adding module_version sample variable definition to locals.telemetry.tf

[Question/Feedback]: Managed Identities

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

We should provide additional clarity on the following scenarios related to managed identities:

  1. Is it acceptable for a resource to enable the system managed identity by default if it is required for use within the resource.
  2. For user assigned managed identities explicitly set the expectation for resource modules that any identities will be created outside of the module. (Makes little sense to create a resource within the resource context that is expected to be used across resources)
  3. For user-assigned managed identities explicitly state that we won't be assigning RBAC to them either. (assumed the role assignments will take place when the user identity is created. (see item 2)

[Module Proposal]: `avm-res-sqlvirtualmachine-sqlvirtualmachine`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module Name - avm-res-sqlvirtualmachine-sqlvirtualmachine
GH Repo name - terraform-azurerm-avm-res-sqlvirtualmachine-sqlvirtualmachine

Module Details

Do you want to be the owner of this module?

No

Module Owner's GitHub Username

No response

[Feedback]: We have a new telemetry provider for TF module

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

We have a new telemetry provider which could provide module usage telemetry data with more details.

To use this provider, all you need to do is adding such resource block in your module:

resource "modtm_telemetry" "test" {
  tags = {
    avm_git_commit           = "2724cc167e90f94ce2511c3fb803400d0a486743"
    avm_git_file             = "main.tf"
    avm_git_last_modified_at = "2023-06-05 02:21:33"
    avm_git_org              = "Azure"
    avm_git_repo             = "terraform-provider-modtel"
  }
}

The tags would be sent to our telemetry collection service (an Azure Application Insight instance), every time our user execute apply/refresh/plan/destroy command with our module, an event with these tags and CRUD type would be sent to us along with an uuid represents resource instance id. We could learn how many module instances exist now, and the module names, versions.

Now this provider is blocked by some unknown issues so we cannot use it directly from the registry, once it has been unblocked maybe we should consider use it as verified module's telemetry solution.

[Module Proposal]: `avm-ptn-virtualwan` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Pattern Module

Module Name

The module name is avm-ptn-vwan based on naming convention
GitHub Repo name is terraform-azurerm-avm-ptn-vwan

Module Details

Outlined here.

https://dev.azure.com/CSUSolEng/Azure%20Infra%20Networking/_workitems/edit/30510

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

khushal08

[Feedback]: Manage module indexes in GitOps way along with Terraform configuation files

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: RMNFR1 - Category: Naming - Module Naming describes:

We will maintain a set of CSV files in the AVM Central Repo (Azure/Azure-Verified-Modules) with the correct singular names for all resource types to enable checks to utilize this list to ensure repos are named correctly. To see the formatted content of these CSV files with additional information, please visit the AVM Module Indexes page.

Static CSV files and markdown files only is not enough to manage these modules, we need a whole infrastructure to manage these repos along with corresponding testing infrastructure (testing pool, testing environment in verified module repos, etc..).

We have implemented such GitOps style infra in terraform-azure-modules repo, the document and list could be maintained along with the corresponding infrastructure.

[Module Proposal]: `avm-ptn-confidential-compute`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Pattern Module

Module Name

avm-ptn-confidential-compute

Module Details

Deploy Azure Confidential Compute architectural pattern to help customers test and implement confidential compute. The associated architectural pattern, guidance and recommendations will be a coordinated effort.

The proposal is to create a confidential compute landing zone accelerator aligned with ALZ and associated policies which will allow both development and production scenario using HSM managed keys, Microsoft Azure Managed Attestation and AMD SEV-SNP VMs. The accelerator will provide pattern specific guidance in addition to the existing PG documentation and the AVM will allow ease of deployment of the pattern

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

humblejay

[Module Proposal]: `avm/res/resources/deployment-script`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Resource Module

Module Name

avm/res/resources/deployment-script

Module Details

Submitting for module ownership once its migrated from CARML

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

sebassem

[Module Proposal]: AVD Management Plane Resources

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Pattern Module

Module Name

avm-ptn-desktopvirtualization-logicalresources

Module Details

Module would deploy management plane resources for AVD (Workspace, application group, host pool, scaling plan)

For reference:
https://github.com/Azure/avdaccelerator/blob/main/workload/bicep/modules/avdManagementPlane/deploy.bicep

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

moisesjgomez

[Feedback]: We don't need a seperated idempotency test

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: SNFR7 - Category: Testing - Idempotency Tests described a testing that ensures deploying the module twice over the top of itself won't cause any config drift. We can add this idempotency as part of the e2e test, as we have done in terraform-module-test-helper library.

Idempotency should be part of our e2e testing acceptance criteria.

[Module Proposal]: `avm-res-keyvault-vault` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Resource or Pattern Module?

Resource Module

Module Name

avm-res-keyvault-vault

Module Details

key vault resource module with child resources for secrets, keys, etc.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

matt-FFFFFF

[Module Proposal]: AVD Session Host Setup

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Pattern Module

Module Name

avm-ptn-desktopvirtualization-sessionhostsetup

Module Details

Module would deploy VMs and consequently set them up with AVD host pool

For reference:
https://github.com/Azure/avdaccelerator/blob/main/workload/bicep/modules/avdSessionHosts/deploy.bicep

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

moisesjgomez

[Module Proposal]: `avm/res/desktop-virtualization/application-group`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Resource Module

Module Name

avm/res/desktop-virtualization/application-group

Module Details

We will be migrating and modifying the CARML module we are using for AVD LZA.

Please add as the following co-owner:
@danycontre

cc: @matebarabas as we discussed submitting the issues.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

moisesjgomez

[Module Proposal]: `avm-ptn-lbvmss`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Resource or Pattern Module?

Pattern Module

Module Name

avm-ptn-lbvmss

Module Details

Create a Terraform pattern for VMSS Flex deployment. We are currently researching how VMSS is being used by the field. This may result in multiple patterns.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

terrymandin

[Module Proposal]: `avm-res-containerregistry-registry`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name is avm-res-containerregistry-registry
GH repo name is terraform-azurerm-avm-res-containerregistry-registry

Module Details

Terraform module to build an Azure Container Registry

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

pradorodriguez

[Module Proposal]: `avm-res-network-applicationgateway`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

Module name - avm-res-network-applicationgateway
GH repo name - terraform-azurerm-avm-res-network-applicationgateway

Module Details

Application Gateway is one of the most common requirement for Internet facing applications to manage the web traffic.

Please refer to the this CARML Bicep module as it already implements RBAC, Locks, Tags, and Diag. https://github.com/Azure/ResourceModules/tree/main/modules/network/application-gateway

Do you want to be the owner of this module?

No

Module Owner's GitHub Username

No response

[Feedback]: A repo linter and pull request generator tool

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

We have a bunch of very detailed policies about what MUST be done and MUST NOT be done, but it'll be impossible for humans to follow them and check all policies manually.

I found a handy tool called SecureRepo which could scan our github repo and submit a corresponding pull request to harden the CI's security.

I also found RepoLinter which could let us define the linting rules that check a github repo, and give suggestions on how to fix the issues it finds.

We might have hundreds of repos in the future, and our policies might keep changing and involving, it'll be impossible for us to keep all repos update-to-date manually.

Maybe we should consider a tool that combines them two, we can lint whether a repo meets our requirements, and if it's not, this tool could open a remediation pull request.

[Feedback]: Consider a github team for automation bot account

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: SNFR9 - Category: Contribution/Support - AVM & PG Teams GitHub Repo Permissions described the teams that must be listed as repo's admin.

We should consider a special team which contains a bunch of bot accounts, those bots could serve automation service in our CI pipeline, such as auto-generate documents, sync module's owner list from Github teams, or something like that.

We should consider using these bots to do the daily chore maintenance jobs.

[Feedback]: A soft requirement for issue response time

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: SNFR11 - Category: Contribution/Support - Issues Response Times describes A module owner **MUST** respond to logged issues within 3 business days..

According to our experience in terraform-provider-azurerm maintenance work, it would be hard to follow this requirement, especially when the module's creators and maintainers are doing the job as a side job. This requirement could encourage a bot-style response at first time: Thanks for opening this issue to us, we'll take a look ASAP..

Maybe we should have a background scan service, looking for those issues that has no response for weeks.

[Module Proposal]: `avm-res-desktopvirtualization-hostpool` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

avm-res-desktopvirtualization-hostpool

Module Details

Azure Virtual Desktop Resource Host pool to eventually be used in the pattern module for AVD LZA
I already have the code publish here ttps://github.com/Azure/avdaccelerator/blob/main/workload/terraform/greenfield/AADscenario/avd.tf and will be converting to AVM format.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

@jensheerin

[Question/Feedback]: Invalid resource group name in telemetry sample

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

The spec RMFR3 says the resource group name variable in Terraform must be resource_group but the telemetry sample uses var.resource_group_name.

Recommend updating the sample and template to align with the existing variable spec.

[Feedback]: Resource group variable type

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

ID: RMFR3 - Category: Composition - Resource Groups requires the variable name must be resource_group, which implies that the variable's type should be object({ name = string}). In most cases we will need resource group's name and the location that we want to provision module's resources in, and this location could be different than the resource group's location. So it's improper to use such type definition:

variable "resource_group" {
  type = object({
    name     = string
    location = string
  })
}

Using datasource to retrieve resource group's location might cause the resource location be Known after apply in the plan.

It's better to define var.resource_group_name and var.location instead.

[Module Proposal]: `avm/res/web/serverfarm`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Resource Module

Module Name

avm/res/web/serverfarm

Module Details

A resource module for an ASP (Microsoft.web/serverfarm). Put name on original index spreadsheet of carml modules back in may, so happy to own and refactor to avm specs.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

tsc-buddy

[Question/Feedback]: Terraform RBAC interface sample change

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

The interface examples for role_assignments in Terraform has an error. If we set the default value for condition_version to "2.0" the API requires condition to also have a value. If we try to create a simple role association without a condition or condition_version value, it will fail as the 2.0 value is injected but no condition exists. Recommend updating the example to the following:

condition_version = optional(string) instead of condition_version = optional(string, "2.0")

[Module Proposal]: `avm-res-operationalinsights-workspace` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Terraform

Module Classification?

Resource Module

Module Name

avm-res-operationalinsights-workspace

Module Details

Creating a module for log analytics to be used by other modules for data ingestion.

code is currently here https://github.com/Azure/avdaccelerator/blob/main/workload/terraform/modules/insights/law.tf

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

cshea-msft , jensheerin

[Module Proposal]: `avm-ptn-avd-lza-sessionhosts` (tf)

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Terraform

Module Classification?

Pattern Module

Module Name

avm-ptn-avd-lza-sessionhosts

Module Details

Creating an AVD Session Host with Azure Entra ID join module, that will deploy session hosts into a host pool. Jen Sheerin is working on the host pool module that will be used to add the session hosts too. Eventually will add this to the pattern module for AVD LZA.

code is currently in https://github.com/Azure/avdaccelerator/blob/main/workload/terraform/greenfield/AADscenario/host.tf

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

cshea15, jensheerin

Scope of the AVM project

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Description

AVM stands for Azure Verified Module.

What is the strategy for Azure AD (entra) and other Azure services like Azure devops, Github, Power Platform that would eventually benefit of having the verified module approach.

In the guidance there is a normalisation of the output variable to resource_id. This is something very specific to Azure and it does not exist in Azure Devops for example

[Module Proposal]: `avm/res/desktop-virtualization/scaling-plan`

Check for previous/existing GitHub issues/module proposals

  • I have checked for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in another project that is being evolved into AVM

  • I have checked for that this module doesn't already exist in CARML or TFVM

Terraform or Bicep?

Bicep

Module Classification?

Resource Module

Module Name

avm/res/desktop-virtualization/scaling-plan

Module Details

We will be migrating and modifying the CARML module we are using for AVD LZA.

Please add as the following co-owner:
@moisesjgomez

cc: @matebarabas as we discussed submitting the issues.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username

danycontre

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.