couchbasecloud · PaulomeeCb · Sep 25, 2024 · Aug 20, 2024 · Aug 20, 2024 · Aug 20, 2024
@@ -28,4 +28,14 @@ resource "couchbase-capella_network_peer" "new_network_peer" {
 #             network_name = var.gcp_config.network_name
 #             service_account = var.gcp_config.service_account
 #             cidr  = var.gcp_config.cidr
+#              }
+
+
+# Example Azure Config for creating network peer on Azure. Use this instead of aws_config above if you want to create a network peer for Azure.
+#      azure_config = {
+#             tenant_id       = var.azure_config.tenant_id
+#             resource_group  = var.azure_config.resource_group
+#             subscription_id = var.azure_config.subscription_id
+#             cidr            = var.azure_config.cidr
+#             vnet_id         = var.azure_config.vnet_id
 #              }
@@ -26,3 +26,17 @@ aws_config = {
 #     service_account = "service-account-name@project-id.iam.gserviceaccount.com"
 #     cidr       = "10.0.0.0/16"
 # }
+
+
+# Example Azure Config for creating network peer on Azure. Use this if you want to create a network peer for Azure.
+# network_peer = {
+#   name               = "VNETPeerTFTestAZURE"
+#   provider_type      = "azure"
+# }
+# azure_config = {
+#   tenant_id       = "ffffffff-aaaa-1414-eeee-000000000000"
+#   subscription_id = "ffffffff-aaaa-1414-eeee-000000000000"
+#   cidr            = "10.0.0.0/16"
+#   resource_group  = "test-rg"
+#   vnet_id         = "test-vnet"
+# }
@@ -45,4 +45,18 @@ variable "aws_config" {
 #     cidr            = string
 #     service_account = optional(string)
 #   })
+# }
+
+
+# Reference variable for Azure Config to create a network peer on Azure and use these in the create_network_peer.tf file under provider_config.
+# variable "azure_config" {
+#   description = "Azure configuration details useful for network peer creation"
+#
+#   type = object({
+#     tenant_id       = optional(string)
+#     resource_group  = optional(string)
+#     cidr            = string
+#     subscription_id = optional(string)
+#     vnet_id         = optional(string)
+#   })
 # }
@@ -0,0 +1,69 @@
+# Capella Azure VNET Peering CLI Command Example
+
+This example shows how to retrieve the Azure role assignment command to be run in the Azure CLI that is used to configure a network peer.
+
+To run, configure your Couchbase Capella provider as described in README in the root of this project.
+
+# Example Walkthrough
+
+In this example, we are going to do the following.
+
+1. GET: Display the Azure network peer cli command as stated in the `get_network_peer_command.tf` file.
+
+## GET
+
+Command: `terraform apply`
+
+Sample Output:
+```
+ terraform apply
+╷
+│ Warning: Provider development overrides are in effect
+│ 
+│ The following provider development overrides are set in the CLI configuration:
+│  - couchbasecloud/couchbase-capella in /Users/$USER/go/bin
+│ 
+│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
+╵
+data.couchbase-capella_azure_network_peer_command.azure_network_peer_command: Reading...
+data.couchbase-capella_azure_network_peer_command.azure_network_peer_command: Read complete after 0s
+
+Changes to Outputs:
+  + azure_network_peer_command = {
+      + cluster_id                     = "ffffffff-aaaa-1414-eeee-000000000000"
+      + command                        = "az role assignment create --assignee-object-id ffffffff-aaaa-1414-eeee-000000000000 --role \"Network Contributor\" --scope /subscriptions/ffffffff-aaaa-1414-eeee-000000000000/resourceGroups/test_rg/providers/Microsoft.Network/VirtualNetworks/test_vnet --assignee-principal-type ServicePrincipal"
+      + organization_id                = "ffffffff-aaaa-1414-eeee-000000000000"
+      + project_id                     = "ffffffff-aaaa-1414-eeee-000000000000"
+      + resource_group                 = "test_rg"
+      + subscription_id                = "ffffffff-aaaa-1414-eeee-000000000000"
+      + tenant_id                      = "ffffffff-aaaa-1414-eeee-000000000000"
+      + vnet_id                        = "test_vnet"
+      + vnet_peering_service_principal = "ffffffff-aaaa-1414-eeee-000000000000"
+    }
+
+You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
+
+Do you want to perform these actions?
+  Terraform will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+
+
+Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+azure_network_peer_command = {
+  "cluster_id" = "ffffffff-aaaa-1414-eeee-000000000000"
+  "command" = "az role assignment create --assignee-object-id ffffffff-aaaa-1414-eeee-000000000000 --role \"Network Contributor\" --scope /subscriptions/ffffffff-aaaa-1414-eeee-000000000000/resourceGroups/test_rg/providers/Microsoft.Network/VirtualNetworks/test_vnet --assignee-principal-type ServicePrincipal"
+  "organization_id" = "ffffffff-aaaa-1414-eeee-000000000000"
+  "project_id" = "ffffffff-aaaa-1414-eeee-000000000000"
+  "resource_group" = "test_rg"
+  "subscription_id" = "ffffffff-aaaa-1414-eeee-000000000000"
+  "tenant_id" = "ffffffff-aaaa-1414-eeee-000000000000"
+  "vnet_id" = "test_vnet"
+  "vnet_peering_service_principal" = "ffffffff-aaaa-1414-eeee-000000000000"
+}
+
+```
@@ -0,0 +1,14 @@
+output "azure_network_peer_command" {
+  value = data.couchbase-capella_azure_network_peer_command.azure_network_peer_command
+}
+
+data "couchbase-capella_azure_network_peer_command" "azure_network_peer_command" {
+  organization_id                = var.organization_id
+  project_id                     = var.project_id
+  cluster_id                     = var.cluster_id
+  tenant_id                      = var.tenant_id
+  vnet_id                        = var.vnet_id
+  subscription_id                = var.subscription_id
+  resource_group                 = var.resource_group
+  vnet_peering_service_principal = var.vnet_peering_service_principal
+}
@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    couchbase-capella = {
+      source = "couchbasecloud/couchbase-capella"
+    }
+  }
+}
+
+provider "couchbase-capella" {
+  authentication_token = var.auth_token
+}
@@ -0,0 +1,9 @@
+auth_token                     = "<v4-api-key-secret>"
+organization_id                = "<organization_id>"
+project_id                     = "<project_id>"
+cluster_id                     = "<cluster_id>"
+tenant_id                      = "ffffffff-aaaa-1414-eeee-000000000000"
+subscription_id                = "ffffffff-aaaa-1414-eeee-000000000000"
+resource_group                 = "sample-resource-group"
+vnet_id                        = "sample-vnet"
+vnet_peering_service_principal = "ffffffff-aaaa-1414-eeee-000000000000"
@@ -0,0 +1,37 @@
+variable "auth_token" {
+  description = "Authentication API Key"
+  sensitive   = true
+}
+
+variable "organization_id" {
+  description = "Capella Organization ID"
+}
+
+variable "project_id" {
+  description = "Capella Project ID"
+}
+
+variable "cluster_id" {
+  description = "Capella Cluster ID"
+}
+
+variable "tenant_id" {
+  description = "Azure Tenant ID"
+}
+
+variable "vnet_id" {
+  description = "Azure virtual network name"
+}
+
+variable "subscription_id" {
+  description = "Azure Subscription ID"
+}
+
+variable "resource_group" {
+  description = "Azure resource group name holding the resource you’re connecting with Capella"
+}
+
+variable "vnet_peering_service_principal" {
+  description = "Azure enterprise application object ID for the Capella service principal"
+}
+
@@ -22,10 +22,10 @@ type CreateNetworkPeeringRequest struct {
 	// Name is the name of the peering relationship. -  The name of the peering relationship must be at least 2 characters long. -  The name can not exceed 128 characters.
 	Name string `json:"name"`
 
-	// ProviderConfig The config data for a peering relationship for a cluster on AWS, GCP.
+	// ProviderConfig The config data for a peering relationship for a cluster on AWS, GCP or Azure.
 	ProviderConfig json.RawMessage `json:"providerConfig"`
 
-	// ProviderType Type of the cloud provider for which the peering connection is created. Which are- 1. aws 2. gcp
+	// ProviderType Type of the cloud provider for which the peering connection is created. Which are- 1. aws 2. gcp 3. azure
 	ProviderType string `json:"providerType"`
 }
 
@@ -55,10 +55,10 @@ type GetNetworkPeeringRecordResponse struct {
 	// Name is the name of the peering relationship.
 	Name string `json:"name"`
 
-	// ProviderType Type of the cloud provider for which the peering connection is created. Which are- 1. aws 2. gcp
+	// ProviderType Type of the cloud provider for which the peering connection is created. Which are- 1. aws 2. gcp 3. azure
 	ProviderType string `json:"providerType"`
 
-	// ProviderConfig This provides details about the configuration and the ID of the VPC peer on AWS, GCP.
+	// ProviderConfig This provides details about the configuration and the ID of the VPC peer on AWS, GCP, or Azure.
 	ProviderConfig json.RawMessage `json:"providerConfig"`
 
 	// PeeringStatus communicates the state of the VPC peering relationship. It is the state and reasoning for VPC peer.
@@ -67,7 +67,7 @@ type GetNetworkPeeringRecordResponse struct {
 
 // AWS provides details about the configuration and the ID of the VPC peer on AWS.
 type AWS struct {
-	// ProviderId The ID of the VPC peer on GCP.
+	// ProviderId The ID of the VPC peer on AWS.
 	ProviderId string `json:"ProviderId"`
 	// AWSConfigData is the AWS config data required to establish a VPC peering relationship.
 	AWSConfigData AWSConfigData `json:"AWSConfig"`
@@ -81,6 +81,14 @@ type GCP struct {
 	GCPConfigData GCPConfigData `json:"GCPConfig"`
 }
 
+// Azure provides details about the configuration and the ID of the VNET peer on Azure.
+type Azure struct {
+	// ProviderId The ID of the VNET peer on Azure.
+	ProviderId string `json:"ProviderId"`
+	// AzureConfigData Azure config data required to establish a VNET peering relationship.
+	AzureConfigData AzureConfigData `json:"AzureConfig"`
+}
+
 // AWSConfigData is the AWS config data required to establish a VPC peering relationship.
 //
 //	Refer to the docs for other limitations to AWS VPC Peering - [ref](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations).
@@ -118,6 +126,25 @@ type GCPConfigData struct {
 	ServiceAccount string `json:"serviceAccount"`
 }
 
+// AzureConfigData Azure config data required to establish a VNet peering relationship.
+// Refer to the docs for other limitations to Azure VNet Peering - [ref](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#constraints-for-peered-virtual-networks)
+type AzureConfigData struct {
+	// AzureTenantId The tenant ID. To find your tenant ID, see [How to find your Azure Active Directory tenant ID](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-find-tenant).
+	AzureTenantId string `json:"azureTenantId"`
+
+	// Cidr The CIDR block from the virtual network that you created in Azure.
+	Cidr string `json:"cidr"`
+
+	// ResourceGroup The resource group name holding the resource you’re connecting with Capella.
+	ResourceGroup string `json:"resourceGroup"`
+
+	// SubscriptionId The subscription ID. To find your subscription ID, see [Find your Azure subscription](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription).
+	SubscriptionId string `json:"subscriptionId"`
+
+	// VnetId The VNet ID is the name of the virtual network peering in Azure.
+	VnetId string `json:"vnetId"`
+}
+
 // AsAWS returns the union data inside the GetNetworkPeeringRecordResponse as a AWS.
 func (t GetNetworkPeeringRecordResponse) AsAWS() (AWS, error) {
 	var body AWS
@@ -131,3 +158,10 @@ func (t GetNetworkPeeringRecordResponse) AsGCP() (GCP, error) {
 	err := json.Unmarshal(t.ProviderConfig, &body)
 	return body, err
 }
+
+// AsAZURE returns the union data inside the GetNetworkPeeringRecordResponse_ProviderConfig as a AZURE.
+func (t GetNetworkPeeringRecordResponse) AsAZURE() (Azure, error) {
+	var body Azure
+	err := json.Unmarshal(t.ProviderConfig, &body)
+	return body, err
+}
@@ -0,0 +1,25 @@
+package network_peer
+
+// GetAzureVNetPeeringCommandRequest request to retrieve the role assignment command or script to be executed in the Azure CLI to assign a new network contributor role.
+type GetAzureVNetPeeringCommandRequest struct {
+	// ResourceGroup The resource group name holding the resource you’re connecting with Capella.
+	ResourceGroup string `json:"resourceGroup"`
+
+	// SubscriptionId Subscription ID is a GUID that uniquely identifies your subscription to use Azure services. To find your subscription ID, see [Find your Azure subscription](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription).
+	SubscriptionId string `json:"subscriptionId"`
+
+	// TenantId The Azure tenant ID. To find your tenant ID, see [How to find your Azure Active Directory tenant ID](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-find-tenant).
+	TenantId string `json:"tenantId"`
+
+	// VnetId The VNet ID is the name of the virtual network in Azure.
+	VnetId string `json:"vnetId"`
+
+	// VnetPeeringServicePrincipal The enterprise application object ID for the Capella service principal. You can find the enterprise application object ID in Azure by selecting Azure Active Directory -> Enterprise applications. Next, select the application name, the object ID is in the Object ID box.
+	VnetPeeringServicePrincipal string `json:"vnetPeeringServicePrincipal"`
+}
+
+// GetAzureVNetPeeringCommandResponse retrieves the role assignment command or script to be executed in the Azure CLI to assign a new network contributor role.
+type GetAzureVNetPeeringCommandResponse struct {
+	// Command The command to be run by the customer in is their external azure account in order to grant the service principal a network contributor role that is required for VNET peering.
+	Command string `json:"command"`
+}