Merge pull request #77 from F5Networks/devel_22102024

fix changes

examples/bigip_azure_1nic_cicddeploy/README.md

@@ -0,0 +1,70 @@
+# Deploys F5 BIG-IP Azure Cloud
+
+* This Terraform module deploys `1-NIC` BIG-IP in Azure cloud
+* Using module `count` feature we can also deploy multiple BIGIP instances(default value of `count` is **1**)
+* Management interface associated with user provided **mgmt_subnet_ids** and **mgmt_securitygroup_ids**
+* Random generated `password` for login to BIG-IP (in case of explicit `f5_password` not provided and default value of `az_key_vault_authentication` is false )
+
+## Example Usage
+
+```hcl
+module "bigip" {
+  count                       = var.instance_count
+  source                      = "F5Networks/bigip-module/azure"
+  prefix                      = format("%s-1nic", var.prefix)
+  resource_group_name         = azurerm_resource_group.rg.name
+  f5_ssh_publickey            = azurerm_ssh_public_key.f5_key.public_key
+  mgmt_subnet_ids             = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
+  mgmt_securitygroup_ids      = [module.mgmt-network-security-group.network_security_group_id]
+  availability_zone           = var.availability_zone
+  availabilityZones_public_ip = var.availabilityZones_public_ip
+}
+```
+
+* Modify `terraform.tfvars` according to the requirement by changing `location` and `AllowedIPs` variables as follows
+
+```hcl
+location = "eastus"
+AllowedIPs = ["0.0.0.0/0"]
+```
+
+* Next, Run the following commands to `create` and `destroy` your configuration
+
+```shell
+$terraform init
+$terraform plan
+$terraform apply
+$terraform destroy
+```
+
+### Optional Input Variables
+
+| Name | Description | Type | Default |
+|------|-------------|------|---------|
+| prefix | Prefix for resources created by this module | `string` | tf-azure-bigip |
+| cidr | Azure VPC CIDR | `string` | 10.2.0.0/16 |
+| availabilityZones | If you want the VM placed in an Azure Availability Zone, and the Azure region you are deploying to supports it, specify the numbers of the existing Availability Zone you want to use | `List` | [1] |
+| instance_count | Number of Bigip instances to create | `number` | 1 |
+
+### Output Variables
+
+| Name | Description |
+|------|-------------|
+| mgmtPublicIP | The actual ip address allocated for the resource |
+| mgmtPublicDNS | fqdn to connect to the first vm provisioned |
+| mgmtPort | Mgmt Port |
+| f5\_username | BIG-IP username |
+| bigip\_password | BIG-IP Password (if dynamic_password is choosen it will be random generated password or if azure_keyvault is choosen it will be key vault secret name ) |
+| mgmtPublicURL | Complete url including DNS and port|  
+| resourcegroup_name | Resource Group in which objects are created |
+| public_addresses | List of BIG-IP public addresses |
+| private_addresses | List of BIG-IP private addresses |
+
+~> **NOTE**A local json file will get generated which contains the DO declaration
+
+### Steps to clone and use the module locally
+
+```shell
+$git clone https://github.com/F5Networks/terraform-azure-bigip-module
+$cd terraform-azure-bigip-module/examples/bigip_azure_1nic_deploy/
+```

examples/bigip_azure_1nic_cicddeploy/main.tf

@@ -0,0 +1,139 @@
+provider "azurerm" {
+  //  version = "~>2.0"
+  features {}
+}
+
+#
+# Create a random id
+#
+resource "random_id" "id" {
+  byte_length = 2
+}
+
+#
+# Create a resource group
+#
+resource "azurerm_resource_group" "rg" {
+  name     = format("%s-rg-%s", var.prefix, random_id.id.hex)
+  location = var.location
+}
+
+resource "azurerm_ssh_public_key" "f5_key" {
+  name                = format("%s-pubkey-%s", var.prefix, random_id.id.hex)
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  public_key          = file("~/.ssh/id_rsa.pub")
+}
+#
+#Create N-nic bigip
+#
+module "bigip" {
+  count                       = var.instance_count
+  source                      = "../../"
+  prefix                      = format("%s-1nic", var.prefix)
+  resource_group_name         = azurerm_resource_group.rg.name
+  mgmt_enable_ip_forwarding   = true
+  f5_ssh_publickey            = azurerm_ssh_public_key.f5_key.public_key
+  mgmt_subnet_ids             = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
+  mgmt_securitygroup_ids      = [module.mgmt-network-security-group.network_security_group_id]
+  availability_zone           = var.availability_zone
+  availabilityZones_public_ip = var.availabilityZones_public_ip
+}
+
+resource "null_resource" "clusterDO" {
+
+  count = var.instance_count
+
+  provisioner "local-exec" {
+    command = "cat > DO_1nic-instance${count.index}.json <<EOL\n ${module.bigip[count.index].onboard_do}\nEOL"
+  }
+  provisioner "local-exec" {
+    when    = destroy
+    command = "rm -rf DO_1nic-instance${count.index}.json"
+  }
+  depends_on = [module.bigip.onboard_do]
+}
+
+
+#
+# Create the Network Module to associate with BIGIP
+#
+
+module "network" {
+  source              = "Azure/vnet/azurerm"
+  version             = "3.0.0"
+  vnet_name           = format("%s-vnet-%s", var.prefix, random_id.id.hex)
+  resource_group_name = azurerm_resource_group.rg.name
+  vnet_location       = var.location
+  address_space       = [var.cidr]
+  subnet_prefixes     = [cidrsubnet(var.cidr, 8, 1)]
+  subnet_names        = ["mgmt-subnet"]
+
+  tags = {
+    environment = "dev"
+    costcenter  = "it"
+  }
+}
+
+data "azurerm_subnet" "mgmt" {
+  name                 = "mgmt-subnet"
+  virtual_network_name = module.network.vnet_name
+  resource_group_name  = azurerm_resource_group.rg.name
+  depends_on           = [module.network]
+}
+
+#
+# Create the Network Security group Module to associate with BIGIP-Mgmt-Nic
+#
+module "mgmt-network-security-group" {
+  source              = "Azure/network-security-group/azurerm"
+  resource_group_name = azurerm_resource_group.rg.name
+  security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
+  tags = {
+    environment = "dev"
+    costcenter  = "terraform"
+  }
+}
+
+resource "azurerm_network_security_rule" "mgmt_allow_https" {
+  name                        = "Allow_Https"
+  priority                    = 200
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "8443"
+  destination_address_prefix  = "*"
+  source_address_prefixes     = var.AllowedIPs
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
+  depends_on                  = [module.mgmt-network-security-group]
+}
+resource "azurerm_network_security_rule" "mgmt_allow_http" {
+  name                        = "Allow_Http"
+  priority                    = 201
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "80"
+  destination_address_prefix  = "*"
+  source_address_prefixes     = var.AllowedIPs
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
+  depends_on                  = [module.mgmt-network-security-group]
+}
+resource "azurerm_network_security_rule" "mgmt_allow_ssh" {
+  name                        = "Allow_ssh"
+  priority                    = 202
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "22"
+  destination_address_prefix  = "*"
+  source_address_prefixes     = var.AllowedIPs
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
+  depends_on                  = [module.mgmt-network-security-group]
+}

examples/bigip_azure_1nic_cicddeploy/outputs.tf

@@ -0,0 +1,41 @@
+output "mgmtPublicIP" {
+  value = module.bigip.*.mgmtPublicIP[0]
+}
+
+output "mgmtPublicDNS" {
+  value = module.bigip.*.mgmtPublicDNS[0]
+}
+output "bigip_username" {
+  value = module.bigip.*.f5_username[0]
+}
+
+output "bigip_password" {
+  value = module.bigip.*.bigip_password[0]
+}
+
+output "mgmtPort" {
+  value = module.bigip.*.mgmtPort[0]
+}
+
+output "mgmtPublicURL" {
+  description = "mgmtPublicURL"
+  value       = [for i in range(var.instance_count) : format("https://%s:%s", module.bigip[i].mgmtPublicDNS, module.bigip[i].mgmtPort)]
+}
+
+output "resourcegroup_name" {
+  description = "Resource Group in which objects are created"
+  value       = azurerm_resource_group.rg.name
+}
+
+output "public_addresses" {
+  value = module.bigip.*.public_addresses
+}
+
+output "private_addresses" {
+  value = module.bigip.*.private_addresses
+}
+
+output "bigip_instance_ids" {
+  value = module.bigip.*.bigip_instance_ids
+}
+

examples/bigip_azure_1nic_cicddeploy/runtests.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# extract the BIG-IP details from the Terraform output
+export BIGIP_MGMT_IP=`terraform output --json | jq -cr '.mgmtPublicIP.value[]'`
+export BIGIP_USER=`terraform output --json | jq -cr '.bigip_username.value[]'`
+export BIGIP_PASSWORD=`terraform output --json | jq -cr '.bigip_password.value[]'`
+export BIGIP_MGMT_PORT=`terraform output --json | jq -cr '.mgmtPort.value[]'`
+
+#Run InSpect tests from the Jumphost
+
+inspec exec ../inspec/bigip-ready  --input bigip_address=$BIGIP_MGMT_IP bigip_port=$BIGIP_MGMT_PORT user=$BIGIP_USER password=$BIGIP_PASSWORD
+

examples/bigip_azure_1nic_cicddeploy/variables.tf

@@ -0,0 +1,33 @@
+variable "prefix" {
+  description = "Prefix for resources created by this module"
+  type        = string
+  default     = "tf-azure-bigip"
+}
+
+variable "location" {}
+
+variable "cidr" {
+  description = "Azure VPC CIDR"
+  type        = string
+  default     = "10.2.0.0/16"
+}
+
+variable "availability_zone" {
+  description = "If you want the VM placed in an Azure Availability Zone, and the Azure region you are deploying to supports it, specify the number of the existing Availability Zone you want to use."
+  default     = 1
+}
+
+variable "availabilityZones_public_ip" {
+  description = "The availability zone to allocate the Public IP in. Possible values are Zone-Redundant, 1, 2, 3, and No-Zone."
+  type        = string
+  default     = "Zone-Redundant"
+}
+
+variable "AllowedIPs" {}
+
+variable "instance_count" {
+  description = "Number of Bigip instances to create( From terraform 0.13, module supports count feature to spin mutliple instances )"
+  type        = number
+  default     = 1
+}
+

test/azure_bigip_1nic_unit_test.go

@@ -1,16 +1,20 @@
 package test
 
 import (
+	"crypto/tls"
+	"fmt"
 	"testing"
+	"time"
 
+	http_helper "github.com/gruntwork-io/terratest/modules/http-helper"
+	"github.com/gruntwork-io/terratest/modules/logger"
 	"github.com/gruntwork-io/terratest/modules/terraform"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestTerraformAzure1NicExample(t *testing.T) {
 	t.Parallel()
 	terraformOptions := &terraform.Options{
-		TerraformDir: "../examples/bigip_azure_1nic_deploy",
+		TerraformDir: "../examples/bigip_azure_1nic_cicddeploy",
 		Vars: map[string]interface{}{
 			"location": "eastus",
 		},
@@ -22,12 +26,29 @@ func TestTerraformAzure1NicExample(t *testing.T) {
 	bigipUsername := terraform.Output(t, terraformOptions, "bigip_username")
 	mgmtPort := terraform.Output(t, terraformOptions, "mgmtPort")
 	mgmtPublicURL := terraform.Output(t, terraformOptions, "mgmtPublicURL")
+	// assert.NotEqual(t, "", mgmtPublicIP[0])
+	// assert.NotEqual(t, "", bigipPassword[0])
+	// assert.NotEqual(t, "", bigipUsername[0])
+	// assert.Equal(t, 8443, mgmtPort[0])
+	// assert.NotEqual(t, "", mgmtPublicURL[0])
 
-	assert.NotEqual(t, "", mgmtPublicIP[0])
-	assert.NotEqual(t, "", bigipPassword[0])
-	assert.NotEqual(t, "", bigipUsername[0])
-	assert.Equal(t, 8443, mgmtPort[0])
-	// assert.Equal(t, "8443", fmt.Sprintf("%d", mgmtPort[0]))
-	assert.NotEqual(t, "", mgmtPublicURL[0])
+	logger.Logf(t, "mgmtPublicURL:%+v", mgmtPublicURL[0])
+	// logger.Logf(t, "bigipPassword:%+v",bigipPassword)
+	testUrl := fmt.Sprintf("https://%s:%s@%s:%d/mgmt/shared/appsvcs/info", string(bigipUsername[0]), string(bigipPassword[0]), string(mgmtPublicIP[0]), int(mgmtPort[0]))
+	logger.Logf(t, "testUrl:%+v", testUrl)
+	// fmt.Sprintf("https://%s:%s@%s:%s/mgmt/shared/appsvcs/info", string([]byte{bigipUsername[0]}), string([]byte{bigipPassword[0]}), string([]byte{mgmtPublicIP[0]}), string([]byte{mgmtPort[0]})),
+	// Setup a TLS configuration to submit with the helper, a blank struct is acceptable
+	tlsConfig := tls.Config{}
+
+	http_helper.HttpGetWithRetryWithCustomValidation(
+		t,
+		testUrl,
+		&tlsConfig,
+		20,
+		10*time.Second,
+		func(statusCode int, body string) bool {
+			return statusCode == 200
+		},
+	)
 
 }

test/azure_bigip_3nic_unit_test.go

@@ -36,7 +36,9 @@ func TestTerraformAzure3NicExample(t *testing.T) {
 
 	logger.Logf(t, "mgmtPublicURL:%+v", mgmtPublicURL)
 	// logger.Logf(t, "bigipPassword:%+v",bigipPassword)
-	testUrl := fmt.Sprintf("https://%s:%s@%s:%d/mgmt/shared/appsvcs/info", bigipUsername[0], bigipPassword[0], mgmtPublicIP[0], mgmtPort[0])
+	testUrl := fmt.Sprintf("https://%s:%s@%s:%d/mgmt/shared/appsvcs/info", string(bigipUsername[0]), string(bigipPassword[0]), string(mgmtPublicIP[0]), int(mgmtPort[0]))
+
+	// testUrl := fmt.Sprintf("https://%s:%s@%s:%d/mgmt/shared/appsvcs/info", bigipUsername[0], bigipPassword[0], mgmtPublicIP[0], mgmtPort[0])
 	logger.Logf(t, "testUrl:%+v", testUrl)
 	// fmt.Sprintf("https://%s:%s@%s:%s/mgmt/shared/appsvcs/info", string([]byte{bigipUsername[0]}), string([]byte{bigipPassword[0]}), string([]byte{mgmtPublicIP[0]}), string([]byte{mgmtPort[0]})),
 

variables.tf

@@ -213,7 +213,7 @@ variable "AS3_URL" {
 variable "TS_URL" {
   description = "URL to download the BIG-IP Telemetry Streaming module"
   type        = string
-  default     = "https://github.com/F5Networks/f5-telemetry-streaming/releases/download/v1.36.0/f5-telemetry-1.36.0-1.noarch.rpm"
+  default     = "https://github.com/F5Networks/f5-telemetry-streaming/releases/download/v1.37.0/f5-telemetry-1.37.0-1.noarch.rpm"
 }
 
 ## Please check and update the latest FAST URL from https://github.com/F5Networks/f5-appsvcs-templates/releases/latest