QA-301214 vdi windows vm instance deployment script

examples/base_1cc/main.tf

@@ -190,3 +190,22 @@ module "cc_identity" {
     azurerm = azurerm.managed_identity_sub
   }
 }
+
+################################################################################
+# 7. Windows VM VDI deployment for Cloud Connectors 
+################################################################################
+module "cc_vdi" {
+  count  = var.deploy_cca_vdi == true ? 1 : 0
+  source                      = "../../modules/terraform-zscc-vdi-azure"
+  resource_group_name = module.network.resource_group_name
+  resource_group_location = var.arm_location
+  prefix = var.name_prefix
+  resource_tag = random_string.suffix.result
+  subnet_id = module.network.cc_subnet_ids[0]
+  primary_service_ip = module.cc_vm.service_ip[0]
+  cca_template_url = var.cca_template_url
+  cca_token = var.cca_token
+  providers = {
+    azurerm = azurerm.managed_identity_sub
+  }
+}

examples/base_1cc/outputs.tf

@@ -44,6 +44,7 @@ ${join("\n", module.network.public_ip_address)}
 Bastion Public IP: 
 ${module.bastion.public_ip}
 
+
 TB
 }
 

examples/base_1cc/variables.tf

@@ -225,3 +225,22 @@ variable "zssupport_server" {
   description = "destination IP address of Zscaler Support access server. IP resolution of remotesupport.<zscaler_customer_cloud>.net"
   default     = "199.168.148.101" #for commercial clouds
 }
+
+variable "deploy_cca_vdi" {
+  type        = bool
+  description = "Variable to enable or disable VDI bringup during deployment"
+  default     = false
+}
+
+
+variable "cca_template_url" {
+    type = string
+    description = "Create a set of configurations that are applied to the VDI and dictate the VDI's behavior."
+    default = null
+}
+
+variable "cca_token" {
+    type = string
+    description = "Generated Token for VDI Template URL"
+    default = null
+}

modules/terraform-zscc-vdi-azure/main.tf

@@ -0,0 +1,141 @@
+resource "azurerm_public_ip" "public_ip" {
+    name                = "${var.prefix}-vdi-public-ip-${var.resource_tag}"
+    resource_group_name = var.resource_group_name
+    location            = var.resource_group_location
+    allocation_method   = "Static"
+    sku                 = "Standard"
+    sku_tier            = "Regional"
+}
+
+  resource "azurerm_network_interface" "cca-vdi-network" {
+    name                = "${var.prefix}-vdi-network-${var.resource_tag}"
+    location            = var.resource_group_location
+    resource_group_name = var.resource_group_name
+    ip_configuration {
+      name                          = "internal"
+      subnet_id                     = var.subnet_id
+      private_ip_address_allocation = "Dynamic"
+      public_ip_address_id = azurerm_public_ip.public_ip.id
+    }
+}
+
+# Create virtual machine
+resource "azurerm_windows_virtual_machine" "cca-vdi" {
+  name                  = "${var.resource_tag}-vdi"
+  admin_username        = var.admin_username
+  admin_password        = var.admin_password
+  location              = var.resource_group_location
+  resource_group_name   = var.resource_group_name
+  network_interface_ids = [azurerm_network_interface.cca-vdi-network.id]
+  size                  = "Standard_D2s_v3"
+  zone                 = "1"
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+  source_image_reference {
+    publisher = "MicrosoftWindowsDesktop"
+    offer     = "Office-365"
+    sku       = "win10-21h2-avd-m365"
+    version   = "latest"
+  }
+}
+
+resource "azurerm_route_table" "cca-vdi-routetable" {
+    name                = "${var.prefix}-vdi-route-table-${var.resource_tag}"
+    location            = var.resource_group_location
+    resource_group_name = var.resource_group_name
+
+    route {
+      name           = "${var.prefix}-vdi-route-${var.resource_tag}"
+      address_prefix = "185.46.212.80/32"
+      next_hop_type  = "VirtualAppliance"
+      next_hop_in_ip_address = var.primary_service_ip
+    }
+
+    tags = {
+      environment = "cc-vdi"
+    }
+  }
+
+ resource "azurerm_subnet_route_table_association" "cca-vdi-routetable-association" {
+   subnet_id      = var.subnet_id
+   route_table_id = azurerm_route_table.cca-vdi-routetable.id
+ }
+
+resource "azurerm_network_security_group" "cca-vdi-nsg" {
+  name                = "${var.prefix}-vdi-nsg-${var.resource_tag}"
+  location            = var.resource_group_location
+  resource_group_name = var.resource_group_name
+
+  security_rule {
+    name                       = "AllowAnyRDPInbound"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "3389"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+
+  security_rule {
+    name                       = "AllowAnySSHInbound"
+    priority                   = 101
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+  tags = {
+    environment = "cc-vdi"
+  }
+}
+
+resource "azurerm_network_interface_security_group_association" "cca-vdi-nsg-association" {
+  network_interface_id      = azurerm_network_interface.cca-vdi-network.id
+  network_security_group_id = azurerm_network_security_group.cca-vdi-nsg.id
+}
+
+
+resource "azurerm_virtual_machine_extension" "CustomScriptExtenson" {
+      count                = var.cca_template_url == null && var.cca_token == null ? 1 : 0 
+      name                 = "${var.prefix}-CustomScriptExtension-${var.resource_tag}"
+      virtual_machine_id   = azurerm_windows_virtual_machine.cca-vdi.id
+      publisher            = "Microsoft.Compute"
+      type                 = "CustomScriptExtension"
+      type_handler_version = "1.10"
+
+      settings = <<SETTINGS
+        {
+          "commandToExecute": "powershell.exe -Command \"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://z0luvmca.blob.core.windows.net/zsvdiinstaller/ZSVDIInstaller_1.4.0.5_x64.msi' -OutFile 'C:\\temp\\ZSVDIInstaller_1.4.0.5_x64.msi'\";powershell.exe -Command \"msiexec \"/i C:\\temp\\ZSVDIInstaller_1.4.0.5_x64.msi /qn\"\""
+        }
+    SETTINGS
+}
+
+resource "azurerm_virtual_machine_extension" "CustomScriptExtension" {
+      count                = var.cca_template_url != null && var.cca_token != null ? 1 : 0 
+      name                 = "${var.prefix}-CustomScriptExtension-${var.resource_tag}"
+      virtual_machine_id   = azurerm_windows_virtual_machine.cca-vdi.id
+      publisher            = "Microsoft.Compute"
+      type                 = "CustomScriptExtension"
+      type_handler_version = "1.10"
+
+      settings = <<SETTINGS
+        {
+          "commandToExecute": "powershell.exe -Command \"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://z0luvmca.blob.core.windows.net/zsvdiinstaller/ZSVDIInstaller_1.4.0.5_x64.msi' -OutFile 'C:\\temp\\ZSVDIInstaller_1.4.0.5_x64.msi'\";powershell.exe -Command \"msiexec \"/i C:\\temp\\ZSVDIInstaller_1.4.0.5_x64.msi PROVURL=\"${var.cca_template_url}\" TOKEN=\"${var.cca_token}\" MODE=1 ONBOARD=1 /qn\"\""
+        }
+    SETTINGS
+}
+
+resource "azurerm_virtual_machine_extension" "WindowsOpenSSH" {
+    name                 = "${var.prefix}-WindowsOpenSSH-${var.resource_tag}"
+    virtual_machine_id   = azurerm_windows_virtual_machine.cca-vdi.id
+    publisher            = "Microsoft.Azure.OpenSSH"
+    type                 = "WindowsOpenSSH"
+    type_handler_version = "3.0"
+}

modules/terraform-zscc-vdi-azure/output.tf

@@ -0,0 +1,11 @@
+output "public_ip_address" {
+  value = azurerm_windows_virtual_machine.cca-vdi.public_ip_address
+}
+
+output "admin_password" {
+  value     = azurerm_windows_virtual_machine.cca-vdi.admin_password
+}
+
+output "admin_username" {
+  value     = azurerm_windows_virtual_machine.cca-vdi.admin_username
+}

modules/terraform-zscc-vdi-azure/variables.tf

@@ -0,0 +1,42 @@
+variable "resource_group_name" {
+  description = "Main Resource Group Name"
+}
+
+variable "resource_group_location" {
+  description = "Azure Region"
+}
+
+variable "prefix" {
+  description = "A prefix to associate to VDI module resources"
+  type        = string
+}
+
+variable "admin_username" {
+  description = "VDI Admin username for login"
+  default     = "ccvdiuser"
+}
+
+variable "admin_password" {
+  description = "VDI Admin password for login"
+  default     = "Admin@123456"
+}
+
+variable "subnet_id" {
+  description = "Subnet ID to associate to VDI Windows Instance"
+}
+
+variable "primary_service_ip" {
+  description = "Cloud Connector Service Ip to add route to forward traffic from VDI Windows Instance"
+}
+
+variable "resource_tag" {
+  description = "A tag to associate to VDI module resources"  
+}
+
+variable "cca_template_url" {
+  description = "Create a set of configurations that are applied to the VDI and dictate the VDI's behavior."
+}
+
+variable "cca_token" {
+  description = "Generated Token for VDI Template URL"
+}

modules/terraform-zscc-vdi-azure/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.46, <= 3.116"
+    }
+  }
+  required_version = ">= 0.13.7, < 2.0.0"
+}