Merge branch 'sharmilamusunuru-master'

.github/workflows/standalone-scenarios.json

@@ -14,6 +14,7 @@
     "automation/101-automation-account-linked",
     "automation/102-automation-msi",
     "automation/103-automation-private-endpoints",
+    "automation/104-automation-schedule-runbook",
     "azuread/100-azuread-application-with-sevice-principle-with-builtin-roles",
     "azuread/100-sevice-principle-with-builtin-roles",
     "azuread/101-azuread-application-with-service-principle-with-custom-roles",

api_management.tf

@@ -334,8 +334,8 @@ module "api_management_subscription" {
   product_id          = can(each.value.product.product_id) ? each.value.product.product_id : try(local.combined_objects_api_management_product[try(each.value.product.lz_key, local.client_config.landingzone_key)][each.value.product.key].id, null)
 
   remote_objects = {
-    api_management         = local.combined_objects_api_management
-    resource_group         = local.combined_objects_resource_groups
+    api_management = local.combined_objects_api_management
+    resource_group = local.combined_objects_resource_groups
   }
 }
 output "api_management_subscription" {

automation_runbooks.tf

@@ -0,0 +1,17 @@
+module "automation_runbooks" {
+  source   = "./modules/automation/automation_runbook"
+  for_each = local.shared_services.automation_runbooks
+
+  global_settings         = local.global_settings
+  settings                = each.value
+  location                = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
+  resource_group_name     = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name
+  base_tags               = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
+  client_config           = local.client_config
+  automation_account_name = can(each.value.automation_account_name) ? each.value.automation_account_name : local.combined_objects_automations[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.automation_account_key].name
+
+}
+
+output "automation_runbooks" {
+  value = module.automation_runbooks
+}

automation_schedules.tf

@@ -0,0 +1,18 @@
+
+module "automation_schedules" {
+  source   = "./modules/automation/automation_schedule"
+  for_each = local.shared_services.automation_schedules
+
+  global_settings         = local.global_settings
+  settings                = each.value
+  location                = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
+  resource_group_name     = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name
+  base_tags               = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
+  client_config           = local.client_config
+  automation_account_name = can(each.value.automation_account_name) ? each.value.automation_account_name : local.combined_objects_automations[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.automation_account_key].name
+
+}
+
+output "automation_schedules" {
+  value = module.automation_schedules
+}

examples/automation/104-automation-schedule-runbook/configuration.tfvars

@@ -0,0 +1,50 @@
+
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "australiaeast"
+  }
+}
+
+resource_groups = {
+  automation = {
+    name = "automation"
+  }
+}
+
+automations = {
+  auto1 = {
+    name               = "automation"
+    sku                = "basic"
+    resource_group_key = "automation"
+  }
+}
+
+automation_runbooks = {
+  runbook1 = {
+    name                   = "Get-AzureVMTutorial"
+    resource_group_key     = "automation"
+    automation_account_key = "auto1"
+    log_verbose            = "true"
+    log_progress           = "true"
+    description            = "This is an example runbook"
+    runbook_type           = "PowerShellWorkflow"
+    publish_content_link = {
+      uri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/c4935ffb69246a6058eb24f54640f53f69d3ac9f/101-automation-runbook-getvms/Runbooks/Get-AzureVMTutorial.ps1"
+    }
+  }
+}
+
+automation_schedules = {
+  schedule1 = {
+    name                   = "tfex-automation-schedule"
+    resource_group_key     = "automation"
+    automation_account_key = "auto1"
+    frequency              = "Week"
+    interval               = 1
+    timezone               = "Australia/Perth"
+    start_time             = "2025-04-15T18:00:15+02:00"
+    description            = "This is an example schedule"
+    week_days              = ["Friday"]
+  }
+}

examples/module.tf

@@ -268,6 +268,8 @@ module "example" {
 
   shared_services = {
     automations                    = var.automations
+    automation_schedules           = var.automation_schedules
+    automation_runbooks            = var.automation_runbooks
     automation_log_analytics_links = var.automation_log_analytics_links
     consumption_budgets            = var.consumption_budgets
     image_definitions              = var.image_definitions

examples/variables.tf

@@ -484,6 +484,12 @@ variable "event_hubs" {
 variable "automations" {
   default = {}
 }
+variable "automation_schedules" {
+  default = {}
+}
+variable "automation_runbooks" {
+  default = {}
+}
 variable "automation_log_analytics_links" {
   default = {}
 }

locals.tf

@@ -343,6 +343,8 @@ locals {
 
   shared_services = {
     automations                               = try(var.shared_services.automations, {})
+    automation_schedules                      = try(var.shared_services.automation_schedules, {})
+    automation_runbooks                       = try(var.shared_services.automation_runbooks, {})
     automation_log_analytics_links            = try(var.shared_services.automation_log_analytics_links, {})
     automation_software_update_configurations = try(var.shared_services.automation_software_update_configurations, {})
     consumption_budgets                       = try(var.shared_services.consumption_budgets, {})

modules/automation/automation_runbook/main.tf

@@ -0,0 +1,15 @@
+locals {
+  module_tag = {
+    "module" = basename(abspath(path.module))
+  }
+  tags = merge(var.base_tags, local.module_tag, try(var.settings.tags, null))
+}
+
+
+terraform {
+  required_providers {
+    azurecaf = {
+      source = "aztfmod/azurecaf"
+    }
+  }
+}

modules/automation/automation_runbook/module.tf

@@ -0,0 +1,47 @@
+# In some instances, the name of the runbook needs to match the name of workflow, using var.settings.name
+# 
+# resource "azurecaf_name" "automation_runbook" {
+#   name          = var.settings.name
+#   resource_type = "azurerm_automation_runbook"
+#   prefixes      = var.global_settings.prefixes
+#   random_length = var.global_settings.random_length
+#   clean_input   = true
+#   passthrough   = var.global_settings.passthrough
+#   use_slug      = var.global_settings.use_slug
+# }
+
+resource "azurerm_automation_runbook" "automation_runbook" {
+  name                    = var.settings.name
+  location                = var.location
+  resource_group_name     = var.resource_group_name
+  automation_account_name = var.automation_account_name
+  log_verbose             = try(var.settings.log_verbose, null)
+  log_progress            = try(var.settings.log_progress, null)
+  description             = try(var.settings.description, null)
+  runbook_type            = var.settings.runbook_type
+
+  content = try(var.settings.content, null)
+
+  dynamic "publish_content_link" {
+    for_each = try(var.settings.publish_content_link, null) == null ? [] : [1]
+
+    content {
+      uri = var.settings.publish_content_link.uri
+    }
+  }
+
+  dynamic "timeouts" {
+    for_each = lookup(var.settings, "timeouts", {}) == {} ? [] : [1]
+
+    content {
+      create = try(var.settings.timeouts.create, "30m")
+      read   = try(var.settings.timeouts.read, "30m")
+      update = try(var.settings.timeouts.update, "30m")
+      delete = try(var.settings.timeouts.delete, "30m")
+    }
+  }
+}
+
+# locals {
+#   script_content = try(var.settings.script_file, null) != null ? file(var.settings.script_file) : var.settings.content
+# }

modules/automation/automation_runbook/output.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The Automation Account Runbook ID."
+  value       = azurerm_automation_runbook.automation_runbook.id
+}

modules/automation/automation_runbook/variables.tf

@@ -0,0 +1,31 @@
+variable "resource_group_name" {
+  description = "(Required) The name of the resource group where to create the resource."
+  type        = string
+}
+variable "automation_account_name" {}
+
+variable "location" {
+  description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created."
+  type        = string
+}
+
+variable "settings" {
+  description = "Configuration object for the Automation account schedule."
+}
+
+variable "global_settings" {
+  description = "Global settings object (see module README.md)"
+}
+
+variable "base_tags" {
+  description = "Base tags for the resource to be inherited from the resource group."
+  type        = map(any)
+}
+
+variable "remote_objects" {
+  description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created."
+  default     = {}
+}
+
+variable "client_config" {}
+

modules/automation/automation_schedule/main.tf

@@ -0,0 +1,15 @@
+locals {
+  module_tag = {
+    "module" = basename(abspath(path.module))
+  }
+  tags = merge(var.base_tags, local.module_tag, try(var.settings.tags, null))
+}
+
+
+terraform {
+  required_providers {
+    azurecaf = {
+      source = "aztfmod/azurecaf"
+    }
+  }
+}

modules/automation/automation_schedule/module.tf

@@ -0,0 +1,32 @@
+
+resource "azurecaf_name" "automation_schedule" {
+  name          = var.settings.name
+  resource_type = "azurerm_automation_schedule"
+  prefixes      = var.global_settings.prefixes
+  random_length = var.global_settings.random_length
+  clean_input   = true
+  passthrough   = var.global_settings.passthrough
+  use_slug      = var.global_settings.use_slug
+}
+
+resource "azurerm_automation_schedule" "automation_schedule" {
+  name                    = azurecaf_name.automation_schedule.result
+  resource_group_name     = var.resource_group_name
+  automation_account_name = var.automation_account_name
+  frequency               = var.settings.frequency
+  interval                = try(var.settings.interval, null)
+  timezone                = try(var.settings.timezone, null)
+  start_time              = try(var.settings.start_time, null)
+  description             = try(var.settings.description, null)
+  week_days               = try(var.settings.week_days, null)
+  month_days              = try(var.settings.month_days, null)
+
+  dynamic "monthly_occurrence" {
+    for_each = try(var.settings.monthly_occurrences, null) == null ? [] : [1]
+
+    content {
+      day        = monthly_occurrence.day
+      occurrence = monthly_occurrence.occurrence
+    }
+  }
+}

modules/automation/automation_schedule/output.tf

@@ -0,0 +1,6 @@
+
+output "id" {
+  description = "The Automation Account Schedule ID."
+  value       = azurerm_automation_schedule.automation_schedule.id
+}
+

modules/automation/automation_schedule/variables.tf

@@ -0,0 +1,31 @@
+variable "resource_group_name" {
+  description = "(Required) The name of the resource group where to create the resource."
+  type        = string
+}
+variable "automation_account_name" {}
+
+variable "location" {
+  description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created."
+  type        = string
+}
+
+variable "settings" {
+  description = "Configuration object for the Automation account schedule."
+}
+
+variable "global_settings" {
+  description = "Global settings object (see module README.md)"
+}
+
+
+variable "base_tags" {
+  description = "Base tags for the resource to be inherited from the resource group."
+  type        = map(any)
+}
+
+variable "remote_objects" {
+  description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created."
+  default     = {}
+}
+
+variable "client_config" {}

modules/automation/module.tf

@@ -9,6 +9,7 @@ resource "azurecaf_name" "auto_account" {
   use_slug      = var.global_settings.use_slug
 }
 
+
 resource "azurerm_automation_account" "auto_account" {
   name                          = azurecaf_name.auto_account.result
   location                      = var.location
@@ -25,5 +26,4 @@ resource "azurerm_automation_account" "auto_account" {
       identity_ids = local.managed_identities
     }
   }
-}
-
+}

roles.tf

@@ -16,7 +16,7 @@ module "custom_roles" {
 
 resource "azurerm_role_assignment" "for" {
   for_each = {
-    for key, value in try(local.roles_to_process, {}) : key => value 
+    for key, value in try(local.roles_to_process, {}) : key => value
     if contains(keys(local.services_roles), value.scope_resource_key)
   }
 
@@ -28,7 +28,7 @@ resource "azurerm_role_assignment" "for" {
 
 resource "azurerm_role_assignment" "for_deferred" {
   for_each = {
-    for key, value in try(local.roles_to_process, {}) : key => value 
+    for key, value in try(local.roles_to_process, {}) : key => value
     if contains(keys(local.services_roles_deferred), value.scope_resource_key)
   }
 
@@ -42,7 +42,7 @@ resource "time_sleep" "azurerm_role_assignment_for" {
   depends_on = [azurerm_role_assignment.for]
   count = length(
     {
-      for key, value in try(local.roles_to_process, {}) : key => value 
+      for key, value in try(local.roles_to_process, {}) : key => value
       if contains(keys(local.services_roles), value.scope_resource_key)
     }
   ) > 0 ? 1 : 0
@@ -55,7 +55,7 @@ resource "time_sleep" "azurerm_role_assignment_for_deferred" {
   depends_on = [azurerm_role_assignment.for_deferred]
   count = length(
     {
-      for key, value in try(local.roles_to_process, {}) : key => value 
+      for key, value in try(local.roles_to_process, {}) : key => value
       if contains(keys(local.services_roles_deferred), value.scope_resource_key)
     }
   ) > 0 ? 1 : 0
@@ -98,7 +98,7 @@ locals {
 
   # Nested objects that must be processed after the services_roles
   services_roles_deferred = {
-    storage_containers                         = local.combined_objects_storage_containers
+    storage_containers = local.combined_objects_storage_containers
   }
 
   services_roles = {