Merge pull request #24 from NetApp/kerenNewTF

modified default variables and terraform-docs template

.github/workflows/terraform-docs.yml

@@ -6,7 +6,7 @@ name: "Documentation: terraform-docs"
 on:
   pull_request:
     paths:
-      - "Terraform/**"
+      - "Terraform/*"
 
 jobs:
   docs:
@@ -23,5 +23,5 @@ jobs:
           working-dir: Terraform/*
           config-file: ".terraform-docs.yml"
           output-file: "README.md"
-          output-method: replace
+          output-method: inject
           git-push: true

.terraform-docs.yml

@@ -40,26 +40,18 @@ sections:
 
 content: |
 
-  ## Table of Contents
-  * [Introduction](#introduction)
-  * [Prerequisites](#prerequisites)
-  * [Usage](#usage)
-  * [Repository Overview](#repository-overview)
-  * [Author Information](#author-information)
-  * [License](#license)
-
-  ## Introduction
+  ## Repository Overview
 
-  ## Prerequisites
+  ### Providers
 
-  {{ .Providers}}
+  {{ .Providers }}
 
-  ## Usage
-
-  ## Repository Overview
+  ### Inputs
 
   {{ .Inputs }}
 
+  ### Outputs
+
   {{ .Outputs }}
  
   ## Author Information

Terraform/delpoy-fsx-ontap/README.md

@@ -121,7 +121,8 @@ module "fsxontap" {
         "primarysub" = "<YOUR-PRIMARY-SUBNET>"
         "secondarysub" = "<YOUR-SECONDAY-SUBNET>"
     }
-    
+    create_sg = true
+    cidr_for_sg = "<YOUR-CIDR-BLOCK>"
     tags = {
         Terraform   = "true"
         Environment = "dev"
@@ -131,6 +132,8 @@ module "fsxontap" {
    > [NOTE!]
    > To Override default values assigned to other variables in this module, add them to this source block as well. The above source block includes the minimum requirements only.
 
+Please read the vriables descruptions in `variables.tf` file for more information regarding the variables passed to the module block.
+
 ### AWS provider block
 
 Add the AWS provider block to your root module `main.tf` file with the required configuration. For more information check [the docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
@@ -173,50 +176,3 @@ Once confirmed, run the `terraform apply` command followed by `yes` to execute t
 ```shell
 terraform apply -y
 ```
-
-## Repository Overview
-### Providers
-
-| Name | Version |
-|------|---------|
-| aws | n/a |
-
-### Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| fsx_capacity_size_gb | The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608 | `string` | `"1024"` | no |
-| fsx_deploy_type | The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1 | `string` | `"SINGLE_AZ_1"` | no |
-| fsx_name | The deployed filesystem name | `string` | `"terraform-fsxn"` | no |
-| fsx_subnets | The IDs of the subnets fro which the FSxN filesystem will be assigned IP addresses | `map` | <pre>{<br>  "primarysub": "",<br>  "secondarysub": ""<br>}</pre> | no |
-| fsx_tput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096. | `string` | `"256"` | no |
-| svm_name | The name of the Storage Virtual Machine | `string` | `"first_svm"` | no |
-| tags | Tags to be applied to the resources | `map` | <pre>{<br>  "Name": "terraform-fsxn"<br>}</pre> | no |
-| vol_info | Details for the volume creation | `map` | <pre>{<br>  "cooling_period": 31,<br>  "efficiency": true,<br>  "junction_path": "/vol1",<br>  "size_mg": 1024,<br>  "tier_policy_name": "AUTO",<br>  "vol_name": "vol1"<br>}</pre> | no |
-| vpc_id | The ID of the VPC in which the FSxN fikesystem should be deployed | `string` | `"vpc-111111111"` | no |
-
-### Outputs
-
-| Name | Description |
-|------|-------------|
-| my_filesystem_id | The ID of the FSxN Filesystem |
-| my_fsx_ontap_security_group_id | The ID of the FSxN Security Group |
-| my_svm_id | The ID of the FSxN Storage Virtual Machine |
-| my_vol_id | The ID of the ONTAP volume in the File System |
-
-## Author Information
-
-This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSxN-Samples/graphs/contributors).
-
-## License
-
-Licensed under the Apache License, Version 2.0 (the "License").
-
-You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
-
-Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
-
-See the License for the specific language governing permissions and limitations under the License.
-
-
-

Terraform/delpoy-fsx-ontap/main.tf

@@ -5,109 +5,111 @@
   The following resources are a Security Group followed by ingress and egress rules for FSx ONTAP. 
   The Security Group is not required for deploying FSx ONTAP, but is included here for completeness.
 
-  - If you wish to skip this resource, comment out the resource blocks of the Security Group and the rules.
+  - If you wish to skip this resource, pass the variable "create_sg" as false to the module block. Otherwise, pass true.
 
-  - If you wish to use the Security Group, choose the relevant source for the ingress rules (can be either cidr block or security group id)
-    and uncomment the relevant line in the resource block. Make sure you add your specific value as well. 
+  - If you wish to use the Security Group, choose the relevant source for the ingress rules as cidr block and pass the variable "cidr_for_sg" to the module block.
 
   Note that a source reference for a Security Group is optional, but is considered to be a best practice.
-  Feel free to add, remove, or change the rules as needed. The rules below are just a suggestion for basic functionality.
+  The rules below are just a suggestion for basic functionality.
 */
 
 resource "aws_security_group" "fsx_sg" {
+  count = var.create_sg ? 1 : 0
   name        = "fsx_sg"
   description = "Allow FSx ONTAP required ports"
   vpc_id      = var.vpc_id
 }
 
 resource "aws_vpc_security_group_ingress_rule" "all_icmp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Allow all ICMP traffic"
   cidr_ipv4         = "0.0.0.0/0"
   ip_protocol       = "icmp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote procedure call for NFS"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 111
   to_port           = 111
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote procedure call for NFS"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 111
   to_port           = 111
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "cifs" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NetBIOS service session for CIFS"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 139
   to_port           = 139
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Simple network management protocol for log collection"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 161
   to_port           = 162
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Simple network management protocol for log collection"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 161
   to_port           = 162
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Microsoft SMB/CIFS over TCP with NetBIOS framing"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 445
   to_port           = 445
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS mount"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 635
   to_port           = 635
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS mount"
-//  cidr_ipv4         = "10.0.0.0/8"
-//  referenced_security_group_id = "sg-11111111111111111"
+  cidr_ipv4         = var.cidr_for_sg
   from_port         = 635
   to_port           = 635
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" {
+  count = var.create_sg ? 1 : 0
   security_group_id = aws_security_group.fsx_sg.id
   cidr_ipv4         = "0.0.0.0/0"
   ip_protocol       = "-1"
@@ -138,17 +140,21 @@ resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
   tags = {
 	  Name = var.fsx_name
   }
-  # weekly_maintenance_start_time = "00:00:00"
-  # kms_key_id = ""
-  # automatic_backup_retention_days = 0
-  # daily_automatic_backup_start_time = "00:00"
-  # disk_iops_configuration = ""
+  weekly_maintenance_start_time = var.fsx_maintenance_start_time
+  kms_key_id = var.kms_key_id
+  automatic_backup_retention_days = var.backup_retention_days
+  daily_automatic_backup_start_time = var.daily_backup_start_time
+  storage_type = var.storage_type
+  disk_iops_configuration {
+    iops = var.disk_iops_configuration[iops]
+    mode = var.disk_iops_configuration[mode]
+  }
   # endpoint_ip_address_range = ""
-  # ha_pairs = 1
-  # Storage_type = "SSD"
-  # fsx_admin_password = ""
+  # ha_pairs = var.ha_pairs
+  # fsx_admin_password = var.fsx_admin_password 
   # route_table_ids = []
-  # throughput_capacity_per_ha_pair = 0
+  # throughput_capacity = var.fsx_tput_in_MBps
+  # throughput_capacity_per_ha_pair = var.fsx_tput_per_pair_in_MBps
 }
 
 resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" {
@@ -157,11 +163,19 @@ resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" {
   name                = var.svm_name
 
 // OPTIONAL PARAMETERS
-  # root_volume_security_style = "UNIX"
-  # tags = {}
+  root_volume_security_style = var.root_vol_sec_style
+  tags = {
+	  Name = var.svm_name
+  }
   # active_directory_configuration {
-  #   netbios_name = "mysvm"
-  #   self_managed_active_directory_configuration {}
+  #   netbios_name = var.ad_configuration[netbios_name]
+  #   self_managed_active_directory_configuration {
+  #     dns_ips = var.ad_configuration[self_managed_active_directory_configuration][dns_ips]
+  #     domain_name = var.ad_configuration[self_managed_active_directory_configuration][domain_name]
+  #     organizational_unit = var.ad_configuration[self_managed_active_directory_configuration][organizational_unit]
+  #     password = var.ad_configuration[self_managed_active_directory_configuration][password]
+  #     username = var.ad_configuration[self_managed_active_directory_configuration][username]
+  #   }
   # }
 }
 
@@ -173,19 +187,38 @@ resource "aws_fsx_ontap_volume" "myvol" {
 
 // OPTIONAL PARAMETERS
   junction_path              = var.vol_info["junction_path"]
-  ontap_volume_type          = "RW"
+  ontap_volume_type          = var.vol_info["vol_type"]
   storage_efficiency_enabled = var.vol_info["efficiency"]
   tiering_policy {
     name           = var.vol_info["tier_policy_name"]
     cooling_period = var.vol_info["cooling_period"]
   }
-  # bypass_snaplock_enterprise_retention = true
-  # copy_tags_to_backups = false
-  # security_style = "MIXED"
-  # skip_final_backup = false
-  # snaplock_configuration {}
-  # snapshot_policy {}
-  # tags = {}  
+  bypass_snaplock_enterprise_retention = var.vol_info["bypass_sl_retention"]
+  copy_tags_to_backups = var.vol_info["copy_tags_to_backups"]
+  security_style = var.vol_info["sec_style"]
+  skip_final_backup = var.vol_info["skip_final_backup"]
+  # snaplock_configuration {
+  #   audit_log_volume = var.vol_snaplock_configuration["audit_log_volume"]
+  #   snaplock_type = var.vol_snaplock_configuration["snaplock_type"]
+  #   privileged_delete = var.vol_snaplock_configuration["privileged_delete"]
+  #   volume_append_mode_enabled = var.vol_snaplock_configuration["volume_append_mode_enabled"]
+  #   retention_period {
+  #     default_retention {
+  #       type = var.vol_snaplock_configuration["retention_period"]["default_retention"]["type"]
+  #       value = var.vol_snaplock_configuration["retention_period"]["default_retention"]["value"]
+  #     }
+  #     maximum_retention {
+  #       type = var.vol_snaplock_configuration["retention_period"]["maximum_retention"]["type"]
+  #       value = var.vol_snaplock_configuration["retention_period"]["maximum_retention"]["value"]
+  #     }
+  #     minimum_retention {
+  #       type = var.vol_snaplock_configuration["retention_period"]["minimum_retention"]["type"]
+  #       value = var.vol_snaplock_configuration["retention_period"]["minimum_retention"]["value"] 
+  #     }
+  #   }
+  # }
+  snapshot_policy = "NONE"
+  tags = var.tags
 }