From 6128ace50a75d7458454293e3e3e4d6e89facbc3 Mon Sep 17 00:00:00 2001
From: Charles J Shea <58995422+cshea-msft@users.noreply.github.com>
Date: Sun, 2 Jun 2024 14:05:52 -0400
Subject: [PATCH] v0.2.0 (#30)
* update changes to modules and examples
* changed version
* push changes
---
examples/deploy_fw_policy_for_avd/README.md | 90 +++++++--------------
examples/deploy_fw_policy_for_avd/main.tf | 90 +++++++--------------
locals.version.tf.json | 2 +-
modules/rule_collection_groups/readme.md | 2 +-
modules/rule_collection_groups/terraform.tf | 2 +-
5 files changed, 65 insertions(+), 121 deletions(-)
diff --git a/examples/deploy_fw_policy_for_avd/README.md b/examples/deploy_fw_policy_for_avd/README.md
index 0aeda5b..dc0412a 100644
--- a/examples/deploy_fw_policy_for_avd/README.md
+++ b/examples/deploy_fw_policy_for_avd/README.md
@@ -66,102 +66,85 @@ module "avd_core_rule_collection_group" {
firewall_policy_rule_collection_group_priority = 1000
firewall_policy_rule_collection_group_network_rule_collection = [{
action = "Allow"
- name = "AVDRequiredNetworkRules"
+ name = "AVDCoreNetworkRules"
priority = 500
rule = [
{
name = "Login to Microsoft"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["login.microsoftonline.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "AVD"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_addresses = ["WindowsVirtualDesktop", "AzureFrontDoor.Frontend", "AzureMonitor"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "GCS"
- source_addresses = [" 10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["gcs.prod.monitoring.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "DNS"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_addresses = ["AzureDNS"]
protocols = ["TCP", "UDP"]
destination_ports = ["53"]
- }
- ]
- rule = [
+ },
{
name = "azkms"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["azkms.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["1688"]
- }
- ]
- rule = [
+ },
{
name = "KMS"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["kms.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["1688"]
- }
- ]
- rule = [
+ },
{
name = "mrglobalblob"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["mrsglobalsteus2prod.blob.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "wvdportalstorageblob"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["wvdportalstorageblob.blob.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "oneocsp"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["oneocsp.microsoft.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "microsoft.com"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["www.microsoft.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
+ },
]
}
]
}
+
module "avd_optional_rule_collection_group" {
source = "../../modules/rule_collection_groups"
# source = "Azure/avm-res-network-firewallpolicy/azurerm//modules/rule_collection_groups"
@@ -179,28 +162,25 @@ module "avd_optional_rule_collection_group" {
destination_fqdns = ["time.windows.com"]
protocols = ["UDP"]
destination_ports = ["123"]
- }
- ]
- rule = [
+ },
{
name = "login windows.net"
source_addresses = ["10.0.0.0/24"]
destination_fqdns = ["login.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "msftconnecttest"
source_addresses = ["10.0.0.0/24"]
destination_fqdns = ["www.msftconnecttest.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
+ },
]
}
]
+
firewall_policy_rule_collection_group_application_rule_collection = [{
action = "Allow"
name = "AVDOptionalApplicationRules"
@@ -216,9 +196,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "Events"
source_addresses = ["10.0.0.0/24"]
@@ -229,9 +207,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "sfx"
source_addresses = ["10.0.0.0/24"]
@@ -242,9 +218,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "digicert"
source_addresses = ["10.0.0.0/24"]
@@ -255,9 +229,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "Azure DNS"
source_addresses = ["10.0.0.0/24"]
@@ -268,7 +240,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
+ },
]
}
]
diff --git a/examples/deploy_fw_policy_for_avd/main.tf b/examples/deploy_fw_policy_for_avd/main.tf
index dcc952e..8e34c17 100644
--- a/examples/deploy_fw_policy_for_avd/main.tf
+++ b/examples/deploy_fw_policy_for_avd/main.tf
@@ -55,102 +55,85 @@ module "avd_core_rule_collection_group" {
firewall_policy_rule_collection_group_priority = 1000
firewall_policy_rule_collection_group_network_rule_collection = [{
action = "Allow"
- name = "AVDRequiredNetworkRules"
+ name = "AVDCoreNetworkRules"
priority = 500
rule = [
{
name = "Login to Microsoft"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["login.microsoftonline.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "AVD"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_addresses = ["WindowsVirtualDesktop", "AzureFrontDoor.Frontend", "AzureMonitor"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "GCS"
- source_addresses = [" 10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["gcs.prod.monitoring.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "DNS"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_addresses = ["AzureDNS"]
protocols = ["TCP", "UDP"]
destination_ports = ["53"]
- }
- ]
- rule = [
+ },
{
name = "azkms"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["azkms.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["1688"]
- }
- ]
- rule = [
+ },
{
name = "KMS"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["kms.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["1688"]
- }
- ]
- rule = [
+ },
{
name = "mrglobalblob"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["mrsglobalsteus2prod.blob.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "wvdportalstorageblob"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["wvdportalstorageblob.blob.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "oneocsp"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["oneocsp.microsoft.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "microsoft.com"
- source_addresses = ["10.0.0.0/24"]
+ source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["www.microsoft.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
+ },
]
}
]
}
+
module "avd_optional_rule_collection_group" {
source = "../../modules/rule_collection_groups"
# source = "Azure/avm-res-network-firewallpolicy/azurerm//modules/rule_collection_groups"
@@ -168,28 +151,25 @@ module "avd_optional_rule_collection_group" {
destination_fqdns = ["time.windows.com"]
protocols = ["UDP"]
destination_ports = ["123"]
- }
- ]
- rule = [
+ },
{
name = "login windows.net"
source_addresses = ["10.0.0.0/24"]
destination_fqdns = ["login.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
- ]
- rule = [
+ },
{
name = "msftconnecttest"
source_addresses = ["10.0.0.0/24"]
destination_fqdns = ["www.msftconnecttest.com"]
protocols = ["TCP"]
destination_ports = ["443"]
- }
+ },
]
}
]
+
firewall_policy_rule_collection_group_application_rule_collection = [{
action = "Allow"
name = "AVDOptionalApplicationRules"
@@ -205,9 +185,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "Events"
source_addresses = ["10.0.0.0/24"]
@@ -218,9 +196,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "sfx"
source_addresses = ["10.0.0.0/24"]
@@ -231,9 +207,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "digicert"
source_addresses = ["10.0.0.0/24"]
@@ -244,9 +218,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
- ]
- rule = [
+ },
{
name = "Azure DNS"
source_addresses = ["10.0.0.0/24"]
@@ -257,7 +229,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
- }
+ },
]
}
]
diff --git a/locals.version.tf.json b/locals.version.tf.json
index 0efb1e6..6fbffc6 100644
--- a/locals.version.tf.json
+++ b/locals.version.tf.json
@@ -1,5 +1,5 @@
{
"locals": {
- "module_version": "0.1.3"
+ "module_version": "0.2.0"
}
}
diff --git a/modules/rule_collection_groups/readme.md b/modules/rule_collection_groups/readme.md
index bfd9df4..6928551 100644
--- a/modules/rule_collection_groups/readme.md
+++ b/modules/rule_collection_groups/readme.md
@@ -120,7 +120,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "this" {
The following requirements are needed by this module:
-- [terraform](#requirement\_terraform) (>= 1.5.0)
+- [terraform](#requirement\_terraform) (~> 1.5)
- [azurerm](#requirement\_azurerm) (~> 3.71)
diff --git a/modules/rule_collection_groups/terraform.tf b/modules/rule_collection_groups/terraform.tf
index c5596c0..519c19b 100644
--- a/modules/rule_collection_groups/terraform.tf
+++ b/modules/rule_collection_groups/terraform.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.5.0"
+ required_version = "~> 1.5"
required_providers {
azurerm = {
source = "hashicorp/azurerm"