refactor: add ccvm_source_image_id var

CHANGELOG.md

@@ -1,3 +1,10 @@
+## TBD (UNRELEASED)
+FEATURES:
+* Azure China support (China East, China East 2, China North, China North 2, and China North 3)
+
+ENHANCEMENTS:
+* ZSEC bash script support for Azure China regions
+
 ## v0.3.0 (September 30, 2023)
 
 FEATURES:

examples/base_1cc/README.md

@@ -97,6 +97,7 @@ From base_1cc directory execute:
 | <a name="input_ccvm_image_sku"></a> [ccvm\_image\_sku](#input\_ccvm\_image\_sku) | Azure Marketplace Cloud Connector Image SKU | `string` | `"zs_ser_gen1_cc_01"` | no |
 | <a name="input_ccvm_image_version"></a> [ccvm\_image\_version](#input\_ccvm\_image\_version) | Azure Marketplace Cloud Connector Image Version | `string` | `"latest"` | no |
 | <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Image size | `string` | `"Standard_D2s_v3"` | no |
+| <a name="input_ccvm_source_image_id"></a> [ccvm\_source\_image\_id](#input\_ccvm\_source\_image\_id) | Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher | `string` | `null` | no |
 | <a name="input_encryption_at_host_enabled"></a> [encryption\_at\_host\_enabled](#input\_encryption\_at\_host\_enabled) | User input for enabling or disabling host encryption | `bool` | `true` | no |
 | <a name="input_env_subscription_id"></a> [env\_subscription\_id](#input\_env\_subscription\_id) | Azure Subscription ID where resources are to be deployed in | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Customer defined environment tag. ie: Dev, QA, Prod, etc. | `string` | `"Development"` | no |

examples/base_1cc/main.tf

@@ -141,6 +141,7 @@ module "cc_vm" {
   ccvm_image_offer               = var.ccvm_image_offer
   ccvm_image_sku                 = var.ccvm_image_sku
   ccvm_image_version             = var.ccvm_image_version
+  ccvm_source_image_id           = var.ccvm_source_image_id
   cc_instance_size               = var.cc_instance_size
   mgmt_nsg_id                    = module.cc_nsg.mgmt_nsg_id
   service_nsg_id                 = module.cc_nsg.service_nsg_id

examples/base_1cc/terraform.tfvars

@@ -168,3 +168,11 @@
 ##    Uncomment if you want to not enable this VM setting
 
 #encryption_at_host_enabled                 = false
+
+## 21. By default, Terraform will lookup the latest Cloud Connector image version from the Azure Marketplace.
+##     Uncomment and set this value to the path of a local subscription Microsoft.Compute image to override the 
+##     Cloud Connector deployment with a private VHD instead of using the marketplace publisher.
+##     *** This is recommended only for testing purposes and not supported for production deployments ***
+##     Example: /subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Compute/images/<image_name>
+
+#ccvm_source_image_id                       = "<insert path to image>"

examples/base_1cc/variables.tf

@@ -156,6 +156,12 @@ variable "ccvm_image_version" {
   default     = "latest"
 }
 
+variable "ccvm_source_image_id" {
+  type        = string
+  description = "Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher"
+  default     = null
+}
+
 variable "http_probe_port" {
   type        = number
   description = "Port number for Cloud Connector cloud init to enable listener port for HTTP probe from Azure LB"

examples/base_1cc_zpa/README.md

@@ -100,6 +100,7 @@ From base_1cc_zpa directory execute:
 | <a name="input_ccvm_image_sku"></a> [ccvm\_image\_sku](#input\_ccvm\_image\_sku) | Azure Marketplace Cloud Connector Image SKU | `string` | `"zs_ser_gen1_cc_01"` | no |
 | <a name="input_ccvm_image_version"></a> [ccvm\_image\_version](#input\_ccvm\_image\_version) | Azure Marketplace Cloud Connector Image Version | `string` | `"latest"` | no |
 | <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Image size | `string` | `"Standard_D2s_v3"` | no |
+| <a name="input_ccvm_source_image_id"></a> [ccvm\_source\_image\_id](#input\_ccvm\_source\_image\_id) | Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher | `string` | `null` | no |
 | <a name="input_domain_names"></a> [domain\_names](#input\_domain\_names) | Domain names fqdn/wildcard to have Azure Private DNS redirect DNS requests to Cloud Connector | `map(any)` | n/a | yes |
 | <a name="input_encryption_at_host_enabled"></a> [encryption\_at\_host\_enabled](#input\_encryption\_at\_host\_enabled) | User input for enabling or disabling host encryption | `bool` | `true` | no |
 | <a name="input_env_subscription_id"></a> [env\_subscription\_id](#input\_env\_subscription\_id) | Azure Subscription ID where resources are to be deployed in | `string` | n/a | yes |

examples/base_1cc_zpa/main.tf

@@ -143,6 +143,7 @@ module "cc_vm" {
   ccvm_image_offer               = var.ccvm_image_offer
   ccvm_image_sku                 = var.ccvm_image_sku
   ccvm_image_version             = var.ccvm_image_version
+  ccvm_source_image_id           = var.ccvm_source_image_id
   cc_instance_size               = var.cc_instance_size
   mgmt_nsg_id                    = module.cc_nsg.mgmt_nsg_id
   service_nsg_id                 = module.cc_nsg.service_nsg_id

examples/base_1cc_zpa/terraform.tfvars

@@ -170,11 +170,19 @@
 
 #encryption_at_host_enabled                 = false
 
+## 21. By default, Terraform will lookup the latest Cloud Connector image version from the Azure Marketplace.
+##     Uncomment and set this value to the path of a local subscription Microsoft.Compute image to override the 
+##     Cloud Connector deployment with a private VHD instead of using the marketplace publisher.
+##     *** This is recommended only for testing purposes and not supported for production deployments ***
+##     Example: /subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Compute/images/<image_name>
+
+#ccvm_source_image_id                       = "<insert path to image>"
+
 
 #####################################################################################################################
 ##### ZPA/Azure Private DNS specific variables #####
 #####################################################################################################################
-## 21. Provide the domain names you want Azure Private DNS to redirect to Cloud Connector for ZPA interception. 
+## 22. Provide the domain names you want Azure Private DNS to redirect to Cloud Connector for ZPA interception. 
 ##     Only applicable for base + zpa or zpa_enabled = true deployment types where Outbound DNS subnets, Resolver Ruleset/Rules, 
 ##     and Outbound Endpoints are being created. Two example domains are populated to show the mapping structure and syntax.
 ##     Azure does require a trailing dot "." on all domain entries. ZPA Module will read through each to create a resolver rule per 
@@ -185,7 +193,7 @@
 #  appseg2 = "app2.com."
 #}
 
-## 22. Azure Private DNS queries will be conditionally forwarded to these target IP addresses. Default are a pair of Zscaler Global VIP addresses.
+## 23. Azure Private DNS queries will be conditionally forwarded to these target IP addresses. Default are a pair of Zscaler Global VIP addresses.
 ##     The required expectation is that the target should follow VNet/subnet routing towards the configured Cloud Connector Load Balancer VIP for 
 ##     ZPA DNS interception
 

examples/base_1cc_zpa/variables.tf

@@ -162,6 +162,12 @@ variable "ccvm_image_version" {
   default     = "latest"
 }
 
+variable "ccvm_source_image_id" {
+  type        = string
+  description = "Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher"
+  default     = null
+}
+
 variable "http_probe_port" {
   type        = number
   description = "Port number for Cloud Connector cloud init to enable listener port for HTTP probe from Azure LB"

examples/base_cc_lb/README.md

@@ -99,6 +99,7 @@ From base_cc_lb directory execute:
 | <a name="input_ccvm_image_sku"></a> [ccvm\_image\_sku](#input\_ccvm\_image\_sku) | Azure Marketplace Cloud Connector Image SKU | `string` | `"zs_ser_gen1_cc_01"` | no |
 | <a name="input_ccvm_image_version"></a> [ccvm\_image\_version](#input\_ccvm\_image\_version) | Azure Marketplace Cloud Connector Image Version | `string` | `"latest"` | no |
 | <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Image size | `string` | `"Standard_D2s_v3"` | no |
+| <a name="input_ccvm_source_image_id"></a> [ccvm\_source\_image\_id](#input\_ccvm\_source\_image\_id) | Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher | `string` | `null` | no |
 | <a name="input_encryption_at_host_enabled"></a> [encryption\_at\_host\_enabled](#input\_encryption\_at\_host\_enabled) | User input for enabling or disabling host encryption | `bool` | `true` | no |
 | <a name="input_env_subscription_id"></a> [env\_subscription\_id](#input\_env\_subscription\_id) | Azure Subscription ID where resources are to be deployed in | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Customer defined environment tag. ie: Dev, QA, Prod, etc. | `string` | `"Development"` | no |

examples/base_cc_lb/main.tf

@@ -144,6 +144,7 @@ module "cc_vm" {
   ccvm_image_offer               = var.ccvm_image_offer
   ccvm_image_sku                 = var.ccvm_image_sku
   ccvm_image_version             = var.ccvm_image_version
+  ccvm_source_image_id           = var.ccvm_source_image_id
   cc_instance_size               = var.cc_instance_size
   mgmt_nsg_id                    = module.cc_nsg.mgmt_nsg_id
   service_nsg_id                 = module.cc_nsg.service_nsg_id

examples/base_cc_lb/terraform.tfvars

@@ -168,3 +168,11 @@
 ##    Uncomment if you want to not enable this VM setting
 
 #encryption_at_host_enabled                 = false
+
+## 21. By default, Terraform will lookup the latest Cloud Connector image version from the Azure Marketplace.
+##     Uncomment and set this value to the path of a local subscription Microsoft.Compute image to override the 
+##     Cloud Connector deployment with a private VHD instead of using the marketplace publisher.
+##     *** This is recommended only for testing purposes and not supported for production deployments ***
+##     Example: /subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Compute/images/<image_name>
+
+#ccvm_source_image_id                       = "<insert path to image>"

examples/base_cc_lb/variables.tf

@@ -156,6 +156,12 @@ variable "ccvm_image_version" {
   default     = "latest"
 }
 
+variable "ccvm_source_image_id" {
+  type        = string
+  description = "Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher"
+  default     = null
+}
+
 variable "http_probe_port" {
   type        = number
   description = "Port number for Cloud Connector cloud init to enable listener port for HTTP probe from Azure LB"

examples/base_cc_lb_zpa/README.md

@@ -102,6 +102,7 @@ From base_cc_lb_zpa directory execute:
 | <a name="input_ccvm_image_sku"></a> [ccvm\_image\_sku](#input\_ccvm\_image\_sku) | Azure Marketplace Cloud Connector Image SKU | `string` | `"zs_ser_gen1_cc_01"` | no |
 | <a name="input_ccvm_image_version"></a> [ccvm\_image\_version](#input\_ccvm\_image\_version) | Azure Marketplace Cloud Connector Image Version | `string` | `"latest"` | no |
 | <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Image size | `string` | `"Standard_D2s_v3"` | no |
+| <a name="input_ccvm_source_image_id"></a> [ccvm\_source\_image\_id](#input\_ccvm\_source\_image\_id) | Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher | `string` | `null` | no |
 | <a name="input_domain_names"></a> [domain\_names](#input\_domain\_names) | Domain names fqdn/wildcard to have Azure Private DNS redirect DNS requests to Cloud Connector | `map(any)` | n/a | yes |
 | <a name="input_encryption_at_host_enabled"></a> [encryption\_at\_host\_enabled](#input\_encryption\_at\_host\_enabled) | User input for enabling or disabling host encryption | `bool` | `true` | no |
 | <a name="input_env_subscription_id"></a> [env\_subscription\_id](#input\_env\_subscription\_id) | Azure Subscription ID where resources are to be deployed in | `string` | n/a | yes |

examples/base_cc_lb_zpa/main.tf

@@ -146,6 +146,7 @@ module "cc_vm" {
   ccvm_image_offer               = var.ccvm_image_offer
   ccvm_image_sku                 = var.ccvm_image_sku
   ccvm_image_version             = var.ccvm_image_version
+  ccvm_source_image_id           = var.ccvm_source_image_id
   cc_instance_size               = var.cc_instance_size
   mgmt_nsg_id                    = module.cc_nsg.mgmt_nsg_id
   service_nsg_id                 = module.cc_nsg.service_nsg_id

examples/base_cc_lb_zpa/terraform.tfvars

@@ -170,11 +170,19 @@
 
 #encryption_at_host_enabled                 = false
 
+## 21. By default, Terraform will lookup the latest Cloud Connector image version from the Azure Marketplace.
+##     Uncomment and set this value to the path of a local subscription Microsoft.Compute image to override the 
+##     Cloud Connector deployment with a private VHD instead of using the marketplace publisher.
+##     *** This is recommended only for testing purposes and not supported for production deployments ***
+##     Example: /subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Compute/images/<image_name>
+
+#ccvm_source_image_id                       = "<insert path to image>"
+
 
 #####################################################################################################################
 ##### ZPA/Azure Private DNS specific variables #####
 #####################################################################################################################
-## 21. Provide the domain names you want Azure Private DNS to redirect to Cloud Connector for ZPA interception. 
+## 22. Provide the domain names you want Azure Private DNS to redirect to Cloud Connector for ZPA interception. 
 ##     Only applicable for base + zpa or zpa_enabled = true deployment types where Outbound DNS subnets, Resolver Ruleset/Rules, 
 ##     and Outbound Endpoints are being created. Two example domains are populated to show the mapping structure and syntax.
 ##     Azure does require a trailing dot "." on all domain entries. ZPA Module will read through each to create a resolver rule per 
@@ -185,7 +193,7 @@
 #  appseg2 = "app2.com."
 #}
 
-## 22. Azure Private DNS queries will be conditionally forwarded to these target IP addresses. Default are a pair of Zscaler Global VIP addresses.
+## 23. Azure Private DNS queries will be conditionally forwarded to these target IP addresses. Default are a pair of Zscaler Global VIP addresses.
 ##     The required expectation is that the target should follow VNet/subnet routing towards the configured Cloud Connector Load Balancer VIP for 
 ##     ZPA DNS interception
 

examples/base_cc_lb_zpa/variables.tf

@@ -162,6 +162,12 @@ variable "ccvm_image_version" {
   default     = "latest"
 }
 
+variable "ccvm_source_image_id" {
+  type        = string
+  description = "Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher"
+  default     = null
+}
+
 variable "http_probe_port" {
   type        = number
   description = "Port number for Cloud Connector cloud init to enable listener port for HTTP probe from Azure LB"

examples/cc_lb/README.md

@@ -117,6 +117,7 @@ From cc_lb directory execute:
 | <a name="input_ccvm_image_sku"></a> [ccvm\_image\_sku](#input\_ccvm\_image\_sku) | Azure Marketplace Cloud Connector Image SKU | `string` | `"zs_ser_gen1_cc_01"` | no |
 | <a name="input_ccvm_image_version"></a> [ccvm\_image\_version](#input\_ccvm\_image\_version) | Azure Marketplace Cloud Connector Image Version | `string` | `"latest"` | no |
 | <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Image size | `string` | `"Standard_D2s_v3"` | no |
+| <a name="input_ccvm_source_image_id"></a> [ccvm\_source\_image\_id](#input\_ccvm\_source\_image\_id) | Custom Cloud Connector Source Image ID. Set this value to the path of a local subscription Microsoft.Compute image to override the Cloud Connector deployment instead of using the marketplace publisher | `string` | `null` | no |
 | <a name="input_domain_names"></a> [domain\_names](#input\_domain\_names) | Domain names fqdn/wildcard to have Azure Private DNS redirect DNS requests to Cloud Connector | `map(any)` | n/a | yes |
 | <a name="input_encryption_at_host_enabled"></a> [encryption\_at\_host\_enabled](#input\_encryption\_at\_host\_enabled) | User input for enabling or disabling host encryption | `bool` | `false` | no |
 | <a name="input_env_subscription_id"></a> [env\_subscription\_id](#input\_env\_subscription\_id) | Azure Subscription ID where resources are to be deployed in | `string` | n/a | yes |

examples/cc_lb/main.tf

@@ -124,6 +124,7 @@ module "cc_vm" {
   ccvm_image_offer               = var.ccvm_image_offer
   ccvm_image_sku                 = var.ccvm_image_sku
   ccvm_image_version             = var.ccvm_image_version
+  ccvm_source_image_id           = var.ccvm_source_image_id
   cc_instance_size               = var.cc_instance_size
   mgmt_nsg_id                    = module.cc_nsg.mgmt_nsg_id
   service_nsg_id                 = module.cc_nsg.service_nsg_id