Fix so it runs

edenavital · Jun 17, 2020 · de3bb77 · de3bb77
1 parent 898d5be
commit de3bb77
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 28 deletions.
diff --git a/terraform/azure/aks.tf b/terraform/azure/aks.tf
@@ -22,5 +22,4 @@ resource azurerm_kubernetes_cluster "k8s_cluster" {
   role_based_access_control {
     enabled = false
   }
-
 }
diff --git a/terraform/azure/instance.tf b/terraform/azure/instance.tf
@@ -7,11 +7,11 @@ resource random_string "password" {
 }
 
 resource azurerm_linux_virtual_machine "linux_machine" {
-  admin_username                  = "terragoat-${var.environment}"
+  admin_username                  = "terragoat-linux"
   admin_password                  = random_string.password.result
   location                        = var.location
-  name                            = "terragoat-linux-${var.environment}"
-  network_interface_ids           = [azurerm_network_interface.example.id]
+  name                            = "terragoat-linux"
+  network_interface_ids           = [azurerm_network_interface.ni_linux.id]
   resource_group_name             = azurerm_resource_group.example.name
   size                            = "Standard_F2"
   disable_password_authentication = false
@@ -25,18 +25,35 @@ resource azurerm_linux_virtual_machine "linux_machine" {
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
   }
+
+  tags = {
+    terragoat   = true
+    environment = var.environment
+  }
 }
 
 resource azurerm_windows_virtual_machine "windows_machine" {
   admin_password        = random_string.password.result
   admin_username        = "tg-${var.environment}"
   location              = var.location
-  name                  = "terragoat-windows-machine-${var.environment}"
-  network_interface_ids = [azurerm_network_interface.example.id]
+  name                  = "tg-win"
+  network_interface_ids = [azurerm_network_interface.ni_win.id]
   resource_group_name   = azurerm_resource_group.example.name
   size                  = "Standard_F2"
   os_disk {
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
   }
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2016-Datacenter"
+    version   = "latest"
+  }
+
+  tags = {
+    terragoat   = true
+    environment = var.environment
+  }
 }
diff --git a/terraform/azure/key_vault.tf b/terraform/azure/key_vault.tf
@@ -38,6 +38,6 @@ resource "azurerm_key_vault_key" "generated" {
 
 resource azurerm_key_vault_secret "secret" {
   key_vault_id = azurerm_key_vault.example.id
-  name = "terragoat-secret-${var.environment}"
-  value = random_string.password.result
+  name         = "terragoat-secret-${var.environment}"
+  value        = random_string.password.result
 }
diff --git a/terraform/azure/logging.tf b/terraform/azure/logging.tf
@@ -1,7 +1,8 @@
 resource azurerm_monitor_log_profile "logging_profile" {
-  categories = ["Action"]
-  locations  = [var.location]
-  name       = "terragoat-${var.environment}"
+  storage_account_id = azurerm_storage_account.example.id
+  categories         = ["Action"]
+  locations          = [var.location]
+  name               = "terragoat-${var.environment}"
   retention_policy {
     enabled = true
     days    = 30

diff --git a/terraform/azure/networking.tf b/terraform/azure/networking.tf
@@ -12,8 +12,20 @@ resource "azurerm_subnet" "example" {
   address_prefixes     = ["10.0.0.0/24"]
 }
 
-resource "azurerm_network_interface" "example" {
-  name                = "terragoat-${var.environment}"
+resource "azurerm_network_interface" "ni_linux" {
+  name                = "terragoat-linux-${var.environment}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.example.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_interface" "ni_win" {
+  name                = "terragoat-win-${var.environment}"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
 
@@ -32,21 +44,25 @@ resource azurerm_network_security_group "bad_sg" {
   security_rule {
     access                 = "Allow"
     direction              = "Inbound"
-    name                   = "Allow SSH"
+    name                   = "AllowSSH"
     priority               = 200
     protocol               = "TCP"
     source_address_prefix  = "*"
+    source_port_range      = "*"
     destination_port_range = "22-22"
+    destination_address_prefix = "*"
   }
 
   security_rule {
     access                 = "Allow"
     direction              = "Inbound"
-    name                   = "Allow SSH"
+    name                   = "AllowRDP"
     priority               = 300
     protocol               = "TCP"
     source_address_prefix  = "*"
+    source_port_range      = "*"
     destination_port_range = "3389-3389"
+    destination_address_prefix = "*"
   }
 }
 

diff --git a/terraform/azure/roles.tf b/terraform/azure/roles.tf
@@ -2,13 +2,15 @@ data azurerm_subscription current_subscription {}
 
 resource "azurerm_role_definition" "example" {
   name        = "my-custom-role"
-  scope       = data.azurerm_subscription.current_subscription.subscription_id
+  scope       = data.azurerm_subscription.current_subscription.id
   description = "This is a custom role created via Terraform"
 
   permissions {
     actions     = ["*"]
     not_actions = []
   }
 
-  assignable_scopes = [data.azurerm_subscription.current_subscription.subscription_id]
+  assignable_scopes = [
+    data.azurerm_subscription.current_subscription.id
+  ]
 }
diff --git a/terraform/azure/sql.tf b/terraform/azure/sql.tf
@@ -1,9 +1,9 @@
 resource "azurerm_sql_firewall_rule" "example" {
-  name                = "terragoat-internet-${var.environment}"
+  name                = "terragoat-firewall-rule-${var.environment}"
   resource_group_name = azurerm_resource_group.example.name
   server_name         = azurerm_sql_server.example.name
-  start_ip_address    = "0.0.0.0/0"
-  end_ip_address      = "0.0.0.0/0"
+  start_ip_address    = "10.0.17.62"
+  end_ip_address      = "10.0.17.62"
 }
 
 resource "azurerm_sql_server" "example" {
@@ -47,9 +47,8 @@ resource "azurerm_mysql_server" "example" {
   auto_grow_enabled                 = true
   backup_retention_days             = 7
   infrastructure_encryption_enabled = true
-  public_network_access_enabled     = false
+  public_network_access_enabled     = true
   ssl_enforcement_enabled           = false
-  ssl_minimal_tls_version_enforced  = "TLS1_1"
 }
 
 resource "azurerm_postgresql_server" "example" {

diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf
@@ -47,9 +47,3 @@ resource "azurerm_storage_account_network_rules" "test" {
   ip_rules       = ["127.0.0.1"]
   bypass         = ["Metrics"]
 }
-
-resource azurerm_storage_container "container" {
-  name                  = "terragoat-container-${var.environment}"
-  storage_account_name  = azurerm_storage_account.example.name
-  container_access_type = "blob"
-}
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,5 +22,4 @@ resource azurerm_kubernetes_cluster "k8s_cluster" { @@
       role_based_access_control {
         enabled = false
       }
     }