support dns zone ids

streamnative · Dec 5, 2023 · 5c12020 · 5c12020
1 parent 9ccd0a7
commit 5c12020
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ Previous versions of these modules can be found in the following locations:
 - [https://github.com/streamnative/terraform-aws-managed-cloud](https://github.com/streamnative/terraform-aws-managed-cloud): This repository contains an older AWS vendor access module, which has been deprecated and is no longer in use.
 
 ## Modules
-The modules are organized by Cloud Provider. For example, the AWS modules are in the `modules/aws` directory and the GCP modules (WIP) modules are in the `modules/gcp`, and so on.
+The modules are organized by Cloud Provider. For example, the AWS modules are in the `modules/aws` directory and the GCP modules (WIP) modules are in the `modules/gcp`, and for Azure the modules are in the `modules/azure` directory, and so on.
 
 ## Quickstart
 

diff --git a/modules/azure/vendor-access/README.md b/modules/azure/vendor-access/README.md
@@ -55,6 +55,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [azurerm_resource_group.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_role_assignment.dns_zone_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.sn_automation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.sn_automation_cluster_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.sn_support](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
@@ -72,10 +73,11 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_tags"></a> [additional\_tags](#input\_additional\_tags) | Additional tags to be added to the resources created by this module. | `map(any)` | `{}` | no |
+| <a name="input_dns_zone_ids"></a> [dns\_zone\_ids](#input\_dns\_zone\_ids) | The DNS zone IDs for the DNS zones that will be used for the AKS cluster | `list(string)` | `[]` | no |
 | <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | The location of the resource group where the AKS cluster will be created | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where the AKS cluster will be created | `string` | n/a | yes |
 | <a name="input_streamnative_automation_gsa_ids"></a> [streamnative\_automation\_gsa\_ids](#input\_streamnative\_automation\_gsa\_ids) | The GSAs will be used to provisioning StreamnNative cloud. | `map(string)` | <pre>{<br>  "cloud_manager_sncloud_test_iam_gserviceaccount_com": "103687585001802233900",<br>  "pool_automation_sncloud_test_iam_gserviceaccount_com": "101134291802756860252"<br>}</pre> | no |
-| <a name="input_streamnative_org_id"></a> [streamnative\_org\_id](#input\_streamnative\_org\_id) | An external ID that correspond to your Organization within StreamNative Cloud, used for all managed identities created by the module. This will be the organization ID in the StreamNative console, e.g. "o-xhopj". | `string` | n/a | yes |
+| <a name="input_streamnative_org_id"></a> [streamnative\_org\_id](#input\_streamnative\_org\_id) | Your Organization ID within StreamNative Cloud, used for all resources created by the module. This will be the organization ID in the StreamNative console, e.g. "o-xhopj". | `string` | n/a | yes |
 | <a name="input_streamnative_support_access_gsa_ids"></a> [streamnative\_support\_access\_gsa\_ids](#input\_streamnative\_support\_access\_gsa\_ids) | The GSA will be used by StreamnNative support team. | `map(string)` | <pre>{<br>  "cloud_support_general_sncloud_test_iam_gserviceaccount_com": "103182365501883681520"<br>}</pre> | no |
 
 ## Outputs

diff --git a/modules/azure/vendor-access/main.tf b/modules/azure/vendor-access/main.tf
@@ -92,3 +92,11 @@ resource "azurerm_role_assignment" "user_access_administrator" {
   condition_version    = "2.0"
   condition            = templatefile("${path.module}/role-assignment-condition.tpl", { role_definition_id = azurerm_role_definition.velero_backup_role.role_definition_id })
 }
+
+# Grand the sn automation service principal as the DNS Zone Contributor to the given DNS Zone
+resource "azurerm_role_assignment" "dns_zone_contributor" {
+  for_each             = toset(var.dns_zone_ids)
+  scope                = each.value
+  role_definition_name = "DNS Zone Contributor"
+  principal_id         = data.azuread_service_principal.sn_automation.id
+}
diff --git a/modules/azure/vendor-access/variables.tf b/modules/azure/vendor-access/variables.tf
@@ -49,3 +49,9 @@ variable "streamnative_org_id" {
   description = "Your Organization ID within StreamNative Cloud, used for all resources created by the module. This will be the organization ID in the StreamNative console, e.g. \"o-xhopj\"."
   type        = string
 }
+
+variable "dns_zone_ids" {
+  type        = list(string)
+  description = "The DNS zone IDs for the DNS zones that will be used for the AKS cluster"
+  default     = []
+}