Skip to content

Commit

Permalink
Sync azure Terraform module documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@pan-dev-content-sync-trigger
pan-dev-content-sync-trigger[bot] authored Sep 19, 2024
1 parent e64bfef commit 76179df
Show file tree
Hide file tree
Showing 15 changed files with 852 additions and 139 deletions.
57 changes: 53 additions & 4 deletions products/terraform/docs/swfw/azure/vmseries/examples/standalone_panorama.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ terraform destroy
Name | Version | Source | Description
--- | --- | --- | ---
`vnet` | - | ../../modules/vnet |
`public_ip` | - | ../../modules/public_ip |
`panorama` | - | ../../modules/panorama |

### Resources
Expand All @@ -175,16 +176,17 @@ Name | Type | Description
[`name_prefix`](#name_prefix) | `string` | A prefix that will be added to all created resources.
[`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation.
[`tags`](#tags) | `map` | Map of tags to assign to the created resources.
[`public_ips`](#public_ips) | `object` | A map defining Public IP Addresses and Prefixes.
[`availability_sets`](#availability_sets) | `map` | A map defining availability sets.
[`panoramas`](#panoramas) | `map` | A map defining Azure Virtual Machine based on Palo Alto Networks Panorama image.

### Outputs

Name | Description
--- | ---
`username` | Initial administrative username to use for VM-Series.
`password` | Initial administrative password to use for VM-Series.
`panorama_mgmt_ips` |
`username` | Initial administrative username to use for Panorama.
`password` | Initial administrative password to use for Panorama.
`panorama_mgmt_ips` | IP addresses for the Panorama management interface.

### Required Inputs details

Expand Down Expand Up @@ -215,6 +217,8 @@ For detailed documentation on each property refer to [module documentation](../.
- `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a
full resource name, including prefixes.
- `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET.
- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by
default Azure DNS is used).
- `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when
set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is
disabled.
Expand All @@ -238,6 +242,7 @@ map(object({
resource_group_name = optional(string)
create_virtual_network = optional(bool, true)
address_space = optional(list(string))
dns_servers = optional(list(string))
vnet_encryption = optional(string)
network_security_groups = optional(map(object({
name = string
Expand Down Expand Up @@ -325,6 +330,49 @@ Map of tags to assign to the created resources.

Type: map(string)

Default value: `map[]`

<sup>[back to list](#modules-optional-inputs)</sup>

#### public_ips

A map defining Public IP Addresses and Prefixes.

Following properties are available:

- `public_ip_addresses` - (`map`, optional) map of objects describing Public IP Addresses, please refer to
[module documentation](../../modules/public_ip#public_ip_addresses)
for available properties.
- `public_ip_prefixes` - (`map`, optional) map of objects describing Public IP Prefixes, please refer to
[module documentation](../../modules/public_ip#public_ip_prefixes)
for available properties.


Type:

```hcl
object({
public_ip_addresses = optional(map(object({
create = bool
name = string
resource_group_name = optional(string)
zones = optional(list(string))
domain_name_label = optional(string)
idle_timeout_in_minutes = optional(number)
prefix_name = optional(string)
prefix_resource_group_name = optional(string)
})), {})
public_ip_prefixes = optional(map(object({
create = bool
name = string
resource_group_name = optional(string)
zones = optional(list(string))
length = optional(number)
})), {})
})
```


Default value: `map[]`

<sup>[back to list](#modules-optional-inputs)</sup>
Expand Down Expand Up @@ -458,10 +506,11 @@ map(object({
interfaces = list(object({
name = string
subnet_key = string
private_ip_address = optional(string)
create_public_ip = optional(bool, false)
public_ip_name = optional(string)
public_ip_resource_group_name = optional(string)
public_ip_key = optional(string)
private_ip_address = optional(string)
}))
logging_disks = optional(map(object({
name = string
Expand Down
8 changes: 6 additions & 2 deletions products/terraform/docs/swfw/azure/vmseries/modules/appgw.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -930,19 +930,23 @@ Type: string
A map defining listener's public IP configuration.

Following properties are available:
- `name` - (`string`, required) name of the Public IP resource.
- `create` - (`bool`, optional, defaults to `true`) controls if the Public IP resource is created or sourced.
- `name` - (`string`, optional) name of the Public IP resource, required unless `public_ip` module and `id`
property are used.
- `resource_group_name` - (`string`, optional, defaults to `null`) name of the Resource Group hosting the Public IP resource,
used only for sourced resources.
- `id` - (`string`, optional, defaults to `null`) ID of the Public IP to associate with the Listener.
Property is used when Public IP is not created or sourced within this module.


Type:

```hcl
object({
name = string
create = optional(bool, true)
name = optional(string)
resource_group_name = optional(string)
id = optional(string)
})
```

Expand Down
4 changes: 2 additions & 2 deletions products/terraform/docs/swfw/azure/vmseries/modules/bootstrap.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,11 +154,11 @@ details refer to the [var.file_shares](#file_shares) variable documentation.
### Requirements

- `terraform`, version: >= 1.5, < 2.0
- `azurerm`, version: ~> 3.98
- `azurerm`, version: ~> 3.98, <= 3.114

### Providers

- `azurerm`, version: ~> 3.98
- `azurerm`, version: ~> 3.98, <= 3.114



Expand Down
72 changes: 42 additions & 30 deletions products/terraform/docs/swfw/azure/vmseries/modules/loadbalancer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,8 @@ Name | Description
--- | ---
`id` | The identifier of the Load Balancer resource.
`backend_pool_id` | The identifier of the backend pool.
`frontend_ip_configs` | Map of IP addresses, one per each entry of `frontend_ips` input. Contains public IP address for the frontends that have it,
private IP address otherwise.
`frontend_ip_configs` | Map of IP prefixes/addresses, one per each entry of `frontend_ips` input. Contains public IP prefix/address for the frontends
that have it, private IP address otherwise.

`health_probe` | The health probe object.

Expand Down Expand Up @@ -204,35 +204,44 @@ To ease configuration they were grouped per Load Balancer type.

Private Load Balancer:

- `name` - (`string`, required) name of a frontend IP configuration
- `subnet_id` - (`string`, required) an ID of an existing subnet that will host the private Load Balancer
- `private_ip_address` - (`string`, required) the IP address of the Load Balancer
- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below
- `gwlb_fip_id` - (`string`, optional, defaults to `null`) an ID of a frontend IP configuration
of a Gateway Load Balancer
- `name` - (`string`, required) name of a frontend IP configuration.
- `subnet_id` - (`string`, required) an ID of an existing subnet that will host the private Load Balancer.
- `private_ip_address` - (`string`, required) the IP address of the Load Balancer.
- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below.
- `gwlb_fip_id` - (`string`, optional, defaults to `null`) an ID of a frontend IP configuration of a
Gateway Load Balancer.

Public Load Balancer:

- `name` - (`string`, required) name of a frontend IP configuration
- `public_ip_name` - (`string`, required) name of a public IP resource
- `create_public_ip` - (`bool`, optional, defaults to `false`) when set to `true` a new public IP will be
- `name` - (`string`, required) name of a frontend IP configuration.
- `create_public_ip` - (`bool`, optional, defaults to `false`) when set to `true` a new Public IP will be
created, otherwise an existing resource will be used;
in both cases the name of the resource is controlled by `public_ip_name` property
in both cases the name of the resource is controlled by `public_ip_name` property.
- `public_ip_name` - (`string`, optional) name of a Public IP resource, required unless `public_ip` module and
`public_ip_id` property are used.
- `public_ip_resource_group_name` - (`string`, optional, defaults to the Load Balancer's RG) name of a Resource Group
hosting an existing public IP resource
- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below
- `out_rules` - (`map`, optional, defaults to `{}`) a map defining outbound rules, see details below
hosting an existing Public IP resource.
- `public_ip_id` - (`string`, optional, defaults to `null`) ID of the Public IP Address to associate with the
Frontend. Property is used when Public IP is not created or sourced within this module.
- `public_ip_address` - (`string`, optional, defaults to `null`) IP address of the Public IP to associate with the
Frontend. Property is used when Public IP is not created or sourced within this module.
- `public_ip_prefix_id` - (`string`, optional, defaults to `null`) ID of the Public IP Prefix to associate with the
Frontend. Property is used when you need to source Public IP Prefix.
- `public_ip_prefix_address` - (`string`, optional, defaults to `null`) IP address of the Public IP Prefix to associate
with the Frontend. Property is used when you need to source Public IP Prefix.
- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below.
- `out_rules` - (`map`, optional, defaults to `{}`) a map defining outbound rules, see details below.

Below are the properties for the `in_rules` map:

- `name` - (`string`, required) a name of an inbound rule
- `name` - (`string`, required) a name of an inbound rule.
- `protocol` - (`string`, required) communication protocol, either 'Tcp', 'Udp' or 'All'.
- `port` - (`number`, required) communication port, this is both the front- and the backend port
if `backend_port` is not set; value of `0` means all ports
if `backend_port` is not set; value of `0` means all ports.
- `backend_port` - (`number`, optional, defaults to `null`) this is the backend port to forward traffic
to in the backend pool
to in the backend pool.
- `health_probe_key` - (`string`, optional, defaults to `default`) a key from the `var.health_probes` map defining
a health probe to use with this rule
a health probe to use with this rule.
- `floating_ip` - (`bool`, optional, defaults to `true`) enables floating IP for this rule.
- `session_persistence` - (`string`, optional, defaults to `Default`) controls session persistance/load distribution,
three values are possible:
Expand All @@ -250,21 +259,20 @@ Setting at least one `out_rule` switches the outgoing traffic from SNAT to outbo
single backend, and you cannot mix SNAT and outbound rules traffic in rules using the same backend, setting one `out_rule`
switches the outgoing traffic route for **ALL** `in_rules`.

- `name` - (`string`, required) a name of an outbound rule
- `protocol` - (`string`, required) protocol used by the rule. One of `All`, `Tcp` or `Udp` is accepted
- `name` - (`string`, required) a name of an outbound rule.
- `protocol` - (`string`, required) protocol used by the rule. One of `All`, `Tcp` or `Udp` is accepted.
- `allocated_outbound_ports` - (`number`, optional, defaults to `null`) number of ports allocated per instance,
when skipped provider defaults will be used (`1024`),
when set to `0` port allocation will be set to default number (Azure defaults);
maximum value is `64000`
- `enable_tcp_reset` - (`bool`, optional, defaults to Azure defaults) ignored when `protocol` is set to `Udp`
- `idle_timeout_in_minutes` - (`number`, optional, defaults to Azure defaults) TCP connection timeout in minutes
(between 4 and 120)
in case the connection is idle, ignored when `protocol` is set to `Udp`
maximum value is `64000`.
- `enable_tcp_reset` - (`bool`, optional, defaults to Azure defaults) ignored when `protocol` is set to `Udp`.
- `idle_timeout_in_minutes` - (`number`, optional, defaults to Azure defaults) TCP connection timeout in minutes (between 4
and 120) in case the connection is idle, ignored when `protocol` is set to `Udp`.

Examples

```hcl
# rules for a public Load Balancer, reusing an existing public IP and doing port translation
# rules for a public Load Balancer, reusing an existing Public IP and doing port translation
frontend_ips = {
pip_existing = {
create_public_ip = false
Expand Down Expand Up @@ -323,9 +331,13 @@ Type:
```hcl
map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_name = optional(string)
public_ip_resource_group_name = optional(string)
public_ip_id = optional(string)
public_ip_address = optional(string)
public_ip_prefix_id = optional(string)
public_ip_prefix_address = optional(string)
subnet_id = optional(string)
private_ip_address = optional(string)
gwlb_fip_id = optional(string)
Expand Down Expand Up @@ -370,14 +382,14 @@ Controls zones for Load Balancer's fronted IP configurations.

For:

- public IPs - these are zones in which the public IP resource is available.
- public IPs - these are zones in which the Public IP resource is available.
- private IPs - these are zones to which Azure will deploy paths leading to Load Balancer frontend IPs (all frontends are
affected).

Setting this variable to explicit `null` disables a zonal deployment.
This can be helpful in regions where Availability Zones are not available.

For public Load Balancers, since this setting controls also Availability Zones for public IPs, you need to specify all zones
For public Load Balancers, since this setting controls also Availability Zones for Public IPs, you need to specify all zones
available in a region (typically 3): `["1","2","3"]`.


Expand Down
16 changes: 12 additions & 4 deletions products/terraform/docs/swfw/azure/vmseries/modules/natgw.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,9 +211,12 @@ A map defining a Public IP resource.
List of available properties:

- `create` - (`bool`, required) controls whether a Public IP is created, sourced, or not used at all.
- `name` - (`string`, required) name of a created or sourced Public IP.
- `name` - (`string`, optional) name of a created or sourced Public IP, required unless `public_ip` module and
`id` property are used.
- `resource_group_name` - (`string`, optional) name of a resource group hosting the sourced Public IP resource, ignored when
`create = true`.
- `id` - (`string`, optional, defaults to `null`) ID of the Public IP to associate with the NAT Gateway.
Property is used when Public IP Address is not created or sourced within this module.

The module operates in 3 modes, depending on combination of `create` and `name` properties:

Expand Down Expand Up @@ -247,8 +250,9 @@ Type:
```hcl
object({
create = bool
name = string
name = optional(string)
resource_group_name = optional(string)
id = optional(string)
})
```

Expand All @@ -264,11 +268,14 @@ A map defining a Public IP Prefix resource.
List of available properties:

- `create` - (`bool`, required) controls whether a Public IP Prefix is created, sourced, or not used at all.
- `name` - (`string`, required) name of a created or sourced Public IP Prefix.
- `name` - (`string`, optional) name of a created or sourced Public IP Prefix, required unless `public_ip`
module and `id` property are used.
- `resource_group_name` - (`string`, optional) name of a resource group hosting the sourced Public IP Prefix resource, ignored
when `create = true`.
- `length` - (`number`, optional, defaults to `28`) number of bits of the Public IP Prefix, this value can be
between `0` and `31` but can be limited on subscription level (Azure default is `/28`).
- `id` - (`string`, optional, defaults to `null`) ID of the Public IP Prefix to associate with the NAT Gateway.
Property is used when Public IP Prefix is not created or sourced within this module.

The module operates in 3 modes, depending on combination of `create` and `name` properties:

Expand Down Expand Up @@ -302,9 +309,10 @@ Type:
```hcl
object({
create = bool
name = string
name = optional(string)
resource_group_name = optional(string)
length = optional(number, 28)
id = optional(string)
})
```

Expand Down
5 changes: 4 additions & 1 deletion products/terraform/docs/swfw/azure/vmseries/modules/panorama.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,10 +270,12 @@ Following configuration options are available:
- `public_ip_name` - (`string`, optional, defaults to `null`) name of the public IP to associate with the
interface. When `create_public_ip` is set to `true` this will become a name of a newly
created Public IP interface. Otherwise this is a name of an existing interfaces that will
be sourced and attached to the interface.
be sourced and attached to the interface. Not used when using `public_ip` module.
- `public_ip_resource_group_name` - (`string`, optional, defaults to `var.resource_group_name`) name of a Resource Group that
contains public IP that that will be associated with the interface. Used only when
`create_public_ip` is `false`.
- `public_ip_id` - (`string`, optional, defaults to `null`) ID of the public IP to associate with the
interface. Property is used when public IP is not created or sourced within this module.

Example:

Expand Down Expand Up @@ -307,6 +309,7 @@ list(object({
create_public_ip = optional(bool, false)
public_ip_name = optional(string)
public_ip_resource_group_name = optional(string)
public_ip_id = optional(string)
}))
```

Expand Down
Loading

0 comments on commit 76179df

Please sign in to comment.