diff --git a/CHANGELOG.md b/CHANGELOG.md index fd037a4..1085b0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v0.7.0 + +- Allow resource suffix for custom resource names + ## v0.6.0 - Support network in different resource groups diff --git a/README.md b/README.md index c13687d..26f7b5a 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,6 @@ You can find examples of code that uses this Terraform module in the [examples]( | [azure\_openai\_deployment\_gpt4o](#input\_azure\_openai\_deployment\_gpt4o) | ------ Azure OpenAI ------ # |
object({| `{}` | no | | [azure\_openai\_deployment\_gpt4o\_mini](#input\_azure\_openai\_deployment\_gpt4o\_mini) | n/a |
name : optional(string, "gpt-4o")
version : optional(string, "2024-08-06")
rate_limit : optional(number, 80)
enabled : optional(bool, true)
})
object({| `{}` | no | | [azure\_openai\_location](#input\_azure\_openai\_location) | The Azure region where to deploy the Azure OpenAI models.
name : optional(string, "gpt-4o-mini")
version : optional(string, "2024-07-18")
rate_limit : optional(number, 80)
enabled : optional(bool, true)
})
object({| `{}` | no | | [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where to provision the resources. | `string` | n/a | yes | | [resource\_prefix](#input\_resource\_prefix) | The prefix that is used for generating resource names. | `string` | n/a | yes | +| [resource\_suffix](#input\_resource\_suffix) | The suffix that is used for generating resource names. | `string` | `null` | no | | [storage\_account\_override\_name](#input\_storage\_account\_override\_name) | Override the name of the Storage Account. If not provided, the name is generated based on the resource\_prefix. | `string` | `null` | no | | [subnet\_address\_space\_aks\_nodes](#input\_subnet\_address\_space\_aks\_nodes) | Address space of the new subnet in which to create the nodes of the AKS cluster.
flexible_postgres = optional(object({
name : string
resource_group_name : string
}), null)
key_vault = optional(object({
name : string
resource_group_name : string
}), null)
})
[| no | | [subnet\_address\_space\_flexible\_postgres](#input\_subnet\_address\_space\_flexible\_postgres) | Address space of the new subnet delgated to Flexible PostgreSQL Server service.
"10.0.0.0/22"
]
[| no | @@ -196,57 +196,57 @@ You can find examples of code that uses this Terraform module in the [examples]( ## Resources -- resource.azuread_application.main (/terraform-docs/main.tf#286) -- resource.azuread_group.aks_admins (/terraform-docs/main.tf#610) -- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#614) -- resource.azuread_service_principal.main (/terraform-docs/main.tf#292) -- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#297) -- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#504) -- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#524) -- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#541) -- resource.azurerm_key_vault.main (/terraform-docs/main.tf#219) -- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#558) -- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#301) -- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#310) -- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#748) -- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#323) -- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#332) -- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#760) -- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#771) -- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#487) -- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#478) -- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#705) -- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#421) -- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#429) -- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#351) -- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#402) -- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#395) -- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#415) -- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#409) -- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#181) -- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#199) -- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#187) -- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#204) -- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#245) -- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#700) -- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#276) -- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#268) -- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#596) -- resource.azurerm_storage_account.main (/terraform-docs/main.tf#572) -- resource.azurerm_storage_container.models (/terraform-docs/main.tf#592) -- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#137) -- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#159) -- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#151) -- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#129) -- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#346) -- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#687) -- resource.tls_private_key.aks (/terraform-docs/main.tf#606) -- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#744) -- data source.azuread_user.aks_admins (/terraform-docs/main.tf#81) -- data source.azurerm_client_config.current (/terraform-docs/main.tf#73) -- data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#114) -- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#120) -- data source.azurerm_resource_group.main (/terraform-docs/main.tf#70) -- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#86) -- data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#100) -- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#75) +- resource.azuread_application.main (/terraform-docs/main.tf#305) +- resource.azuread_group.aks_admins (/terraform-docs/main.tf#650) +- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#654) +- resource.azuread_service_principal.main (/terraform-docs/main.tf#315) +- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#320) +- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#531) +- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#551) +- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#568) +- resource.azurerm_key_vault.main (/terraform-docs/main.tf#238) +- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#585) +- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#324) +- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#333) +- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#788) +- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#346) +- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#355) +- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#800) +- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#811) +- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#510) +- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#501) +- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#745) +- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#444) +- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#452) +- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#374) +- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#425) +- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#418) +- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#438) +- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#432) +- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#200) +- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#218) +- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#206) +- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#223) +- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#264) +- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#740) +- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#295) +- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#287) +- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#636) +- resource.azurerm_storage_account.main (/terraform-docs/main.tf#612) +- resource.azurerm_storage_container.models (/terraform-docs/main.tf#632) +- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#156) +- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#178) +- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#170) +- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#144) +- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#369) +- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#727) +- resource.tls_private_key.aks (/terraform-docs/main.tf#646) +- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#784) +- data source.azuread_user.aks_admins (/terraform-docs/main.tf#96) +- data source.azurerm_client_config.current (/terraform-docs/main.tf#88) +- data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#129) +- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#135) +- data source.azurerm_resource_group.main (/terraform-docs/main.tf#85) +- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#101) +- data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#115) +- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#90) diff --git a/main.tf b/main.tf index 2faaf4b..49dbffa 100644 --- a/main.tf +++ b/main.tf @@ -29,17 +29,32 @@ terraform { # ------ Locals ------ # locals { - aks_cluster_name = format("%snebuly", var.resource_prefix) + aks_cluster_name = ( + var.resource_suffix == null ? + format("%snebuly", var.resource_prefix) : + format("%snebuly%s", var.resource_suffix) + ) whitelisted_ips = var.whitelisted_ips - postgres_server_name = var.postgres_override_name == null ? format("%snebulydb", var.resource_prefix) : var.postgres_override_name + postgres_server_generated_name = ( + var.resource_suffix == null ? + format("%snebulydb", var.resource_prefix) : + format("%snebulydb%s", var.resource_prefix, var.resource_suffix) + ) + postgres_server_name = ( + var.postgres_override_name == null ? local.postgres_server_generated_name : var.postgres_override_name + ) postgres_server_configurations = { "azure.extensions" : "vector,pgaudit", "shared_preload_libraries" : "pgaudit", } - key_vault_name = format("%snebulykv", var.resource_prefix) + key_vault_name = ( + var.resource_suffix == null ? + format("%snebulykv", var.resource_prefix) : + format("%snebulykv%s", var.resource_prefix, var.resource_suffix) + ) use_existing_virtual_network = var.virtual_network != null use_existing_aks_nodes_subnet = var.subnet_name_aks_nodes != null @@ -129,7 +144,11 @@ data "azurerm_private_dns_zone" "key_vault" { resource "azurerm_virtual_network" "main" { count = local.use_existing_virtual_network ? 0 : 1 - name = format("%s-nebuly-vnet", var.resource_prefix) + name = ( + var.resource_suffix == null ? + format("%s-nebuly-vnet", var.resource_prefix) : + format("%s-nebuly-%s-vnet", var.resource_prefix, var.resource_suffix) + ) resource_group_name = data.azurerm_resource_group.main.name location = var.location address_space = var.virtual_network_address_space @@ -284,7 +303,11 @@ resource "azurerm_role_assignment" "key_vault_secret_officer__current" { # ------ Identity ------ # resource "azuread_application" "main" { - display_name = var.azuread_identity_override_name == null ? format("%s.nebuly.platform", var.resource_prefix) : var.azuread_identity_override_name + display_name = ( + var.resource_suffix == null ? + format("%s.nebuly.platform", var.resource_prefix) : + format("%s.nebuly.platform.%s", var.resource_prefix, var.resource_suffix) + ) owners = [data.azurerm_client_config.current.object_id] sign_in_audience = "AzureADMyOrg" # default identifier_uris = [] @@ -499,7 +522,11 @@ resource "azurerm_key_vault_secret" "postgres_password" { # ------ Azure OpenAI ------ # locals { - azure_openai_account_name = format("%snebuly", var.resource_prefix) + azure_openai_account_name = ( + var.resource_suffix == null ? + format("%snebuly", var.resource_prefix) : + format("%snebuly%s", var.resource_prefix, var.resource_suffix) + ) } resource "azurerm_cognitive_account" "main" { name = local.azure_openai_account_name @@ -569,8 +596,21 @@ resource "azurerm_key_vault_secret" "azure_openai_api_key" { # ------ Model Registry ------ # +locals { + storage_account_generated_name = ( + var.resource_suffix == null ? + format("%smodels", var.resource_prefix) : + format("%smodels%s", var.resource_suffix) + + ) + storage_account_name = ( + var.storage_account_override_name == null ? + local.storage_account_generated_name : + var.storage_account_override_name + ) +} resource "azurerm_storage_account" "main" { - name = var.storage_account_override_name == null ? format("%smodels", var.resource_prefix) : var.storage_account_override_name + name = local.storage_account_name resource_group_name = data.azurerm_resource_group.main.name location = var.location diff --git a/variables.tf b/variables.tf index 0782438..8792904 100644 --- a/variables.tf +++ b/variables.tf @@ -3,6 +3,11 @@ variable "resource_prefix" { type = string description = "The prefix that is used for generating resource names." } +variable "resource_suffix" { + type = string + description = "The suffix that is used for generating resource names." + default = null +} variable "tags" { type = map(string) default = {} @@ -83,6 +88,11 @@ variable "postgres_server_high_availability" { mode = "SameZone" } } +variable "postgres_override_name" { + type = string + default = null + description = "Override the name of the PostgreSQL Server. If not provided, the name is generated based on the resource_prefix." +} variable "postgres_server_maintenance_window" { type = object({ day_of_week : number @@ -208,19 +218,6 @@ variable "storage_account_override_name" { } -# ------ Override Names ------ # -variable "postgres_override_name" { - type = string - default = null - description = "Override the name of the PostgreSQL Server. If not provided, the name is generated based on the resource_prefix." -} -variable "azuread_identity_override_name" { - type = string - default = null - description = "Override the name of the Service Account representing the platform identity. If not provided, the name is generated based on the resource_prefix." -} - - # ------ Networking ------ # variable "whitelisted_ips" { description = <
"10.0.12.0/26"
]