Add support for pre-existing resource group (but net new vnet)

jimright · jimright · commit 5d3552824b79 · 2025-09-16T14:43:24.000+01:00
Signed-off-by: Jim Enright &lt;jenright@cloudera.com&gt;
diff --git a/modules/terraform-cdp-azure-pre-reqs/README.md b/modules/terraform-cdp-azure-pre-reqs/README.md
@@ -82,28 +82,29 @@ In each directory an example `terraform.tfvars.sample` values file is included t
 | <a name="input_backup_storage"></a> [backup\_storage](#input\_backup\_storage) | Optional Backup location for CDP environment. If not provided follow the data\_storage variable | <pre>object({<br/>    backup_storage_bucket = string<br/>    backup_storage_object = string<br/>  })</pre> | `null` | no |
 | <a name="input_cdp_delegated_subnet_names"></a> [cdp\_delegated\_subnet\_names](#input\_cdp\_delegated\_subnet\_names) | List of subnet names delegated for Flexible Servers. Required if create\_vnet is false. | `list(any)` | `null` | no |
 | <a name="input_cdp_gw_subnet_names"></a> [cdp\_gw\_subnet\_names](#input\_cdp\_gw\_subnet\_names) | List of subnet names for CDP Gateway. Required if create\_vnet is false. | `list(any)` | `null` | no |
-| <a name="input_cdp_resourcegroup_name"></a> [cdp\_resourcegroup\_name](#input\_cdp\_resourcegroup\_name) | Resource Group name for resources. If create\_vnet is false this is a pre-existing resource group. | `string` | `null` | no |
+| <a name="input_cdp_resourcegroup_name"></a> [cdp\_resourcegroup\_name](#input\_cdp\_resourcegroup\_name) | Resource Group name for resources. If either create\_vnet or create\_resource\_group is false this is a pre-existing resource group. | `string` | `null` | no |
 | <a name="input_cdp_subnet_names"></a> [cdp\_subnet\_names](#input\_cdp\_subnet\_names) | List of subnet names for CDP Resources. Required if create\_vnet is false. | `list(any)` | `null` | no |
-| <a name="input_cdp_subnet_range"></a> [cdp\_subnet\_range](#input\_cdp\_subnet\_range) | Size of each (internal) cluster subnet. Required if create\_vpc is true. | `number` | `19` | no |
+| <a name="input_cdp_subnet_range"></a> [cdp\_subnet\_range](#input\_cdp\_subnet\_range) | Size of each (internal) cluster subnet. Required if create\_vnet is true. | `number` | `19` | no |
 | <a name="input_cdp_subnets_private_endpoint_network_policies"></a> [cdp\_subnets\_private\_endpoint\_network\_policies](#input\_cdp\_subnets\_private\_endpoint\_network\_policies) | Enable or Disable network policies for the private endpoint on the CDP subnets | `string` | `"Enabled"` | no |
 | <a name="input_cdp_vnet_name"></a> [cdp\_vnet\_name](#input\_cdp\_vnet\_name) | Pre-existing VNet Name for CDP environment. Required if create\_vnet is false. | `string` | `null` | no |
 | <a name="input_create_azure_cml_nfs"></a> [create\_azure\_cml\_nfs](#input\_create\_azure\_cml\_nfs) | Whether to create NFS for CML | `bool` | `false` | no |
 | <a name="input_create_azure_storage_network_rules"></a> [create\_azure\_storage\_network\_rules](#input\_create\_azure\_storage\_network\_rules) | Enable creation of network rules for the Azure Storage Accounts. | `bool` | `false` | no |
 | <a name="input_create_azure_storage_private_endpoints"></a> [create\_azure\_storage\_private\_endpoints](#input\_create\_azure\_storage\_private\_endpoints) | Flag to specify if Private Endpoints are created for each storage account. | `bool` | `true` | no |
 | <a name="input_create_private_flexible_server_resources"></a> [create\_private\_flexible\_server\_resources](#input\_create\_private\_flexible\_server\_resources) | Flag to specify if resources to support a Private Postgres flexible server should be created. | `bool` | `null` | no |
+| <a name="input_create_resource_group"></a> [create\_resource\_group](#input\_create\_resource\_group) | Flag to specify if the Resource Group should be created | `bool` | `true` | no |
 | <a name="input_create_vm_mounting_nfs"></a> [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no |
 | <a name="input_create_vnet"></a> [create\_vnet](#input\_create\_vnet) | Flag to specify if the VNet should be created | `bool` | `true` | no |
 | <a name="input_data_storage"></a> [data\_storage](#input\_data\_storage) | Data storage locations for CDP environment | <pre>object({<br/>    data_storage_bucket = string<br/>    data_storage_object = string<br/>  })</pre> | `null` | no |
 | <a name="input_datalake_admin_backup_container_role_assignments"></a> [datalake\_admin\_backup\_container\_role\_assignments](#input\_datalake\_admin\_backup\_container\_role\_assignments) | List of Role Assignments for the Datalake Admin Managed Identity assigned to the Backup Storage Container. | <pre>list(object({<br/>    role        = string<br/>    description = string<br/>    })<br/>  )</pre> | <pre>[<br/>  {<br/>    "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Backup Container Level",<br/>    "role": "Storage Blob Data Owner"<br/>  }<br/>]</pre> | no |
 | <a name="input_datalake_admin_data_container_role_assignments"></a> [datalake\_admin\_data\_container\_role\_assignments](#input\_datalake\_admin\_data\_container\_role\_assignments) | List of Role Assignments for the Datalake Admin Managed Identity assigned to the Data Storage Container. | <pre>list(object({<br/>    role        = string<br/>    description = string<br/>    })<br/>  )</pre> | <pre>[<br/>  {<br/>    "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Data Container Level",<br/>    "role": "Storage Blob Data Owner"<br/>  }<br/>]</pre> | no |
 | <a name="input_datalake_admin_log_container_role_assignments"></a> [datalake\_admin\_log\_container\_role\_assignments](#input\_datalake\_admin\_log\_container\_role\_assignments) | List of Role Assignments for the Datalake Admin Managed Identity assigned to the Logs Storage Container. | <pre>list(object({<br/>    role        = string<br/>    description = string<br/>    })<br/>  )</pre> | <pre>[<br/>  {<br/>    "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Logs Container Level",<br/>    "role": "Storage Blob Data Owner"<br/>  }<br/>]</pre> | no |
 | <a name="input_datalake_admin_managed_identity_name"></a> [datalake\_admin\_managed\_identity\_name](#input\_datalake\_admin\_managed\_identity\_name) | Datalake Admin Managed Identity name | `string` | `null` | no |
-| <a name="input_delegated_subnet_range"></a> [delegated\_subnet\_range](#input\_delegated\_subnet\_range) | Size of each Postgres Flexible Server delegated subnet. Required if create\_vpc is true. | `number` | `26` | no |
+| <a name="input_delegated_subnet_range"></a> [delegated\_subnet\_range](#input\_delegated\_subnet\_range) | Size of each Postgres Flexible Server delegated subnet. Required if create\_vnet is true. | `number` | `26` | no |
 | <a name="input_enable_raz"></a> [enable\_raz](#input\_enable\_raz) | Flag to enable Ranger Authorization Service (RAZ) | `bool` | `true` | no |
 | <a name="input_env_tags"></a> [env\_tags](#input\_env\_tags) | Tags applied to provisioned resources | `map(any)` | `null` | no |
 | <a name="input_existing_xaccount_app_client_id"></a> [existing\_xaccount\_app\_client\_id](#input\_existing\_xaccount\_app\_client\_id) | Client ID of existing Azure AD Application for Cloudera Cross Account. If set then no application or SPN resources are created. | `string` | `null` | no |
 | <a name="input_existing_xaccount_app_pword"></a> [existing\_xaccount\_app\_pword](#input\_existing\_xaccount\_app\_pword) | Password of existing Azure AD Application for Cloudera Cross Account. If set then no application or SPN resources are created. | `string` | `null` | no |
-| <a name="input_gateway_subnet_range"></a> [gateway\_subnet\_range](#input\_gateway\_subnet\_range) | Size of each gateway subnet. Required if create\_vpc is true. | `number` | `24` | no |
+| <a name="input_gateway_subnet_range"></a> [gateway\_subnet\_range](#input\_gateway\_subnet\_range) | Size of each gateway subnet. Required if create\_vnet is true. | `number` | `24` | no |
 | <a name="input_gateway_subnets_private_endpoint_network_policies"></a> [gateway\_subnets\_private\_endpoint\_network\_policies](#input\_gateway\_subnets\_private\_endpoint\_network\_policies) | Enable or Disable network policies for the private endpoint on the Gateway subnets | `string` | `"Enabled"` | no |
 | <a name="input_idbroker_managed_identity_name"></a> [idbroker\_managed\_identity\_name](#input\_idbroker\_managed\_identity\_name) | IDBroker Managed Identity name | `string` | `null` | no |
 | <a name="input_idbroker_role_assignments"></a> [idbroker\_role\_assignments](#input\_idbroker\_role\_assignments) | List of Role Assignments for the IDBroker Managed Identity | <pre>list(object({<br/>    role        = string<br/>    description = string<br/>    })<br/>  )</pre> | <pre>[<br/>  {<br/>    "description": "Assign VM Contributor Role to IDBroker Identity at Subscription Level",<br/>    "role": "Virtual Machine Contributor"<br/>  },<br/>  {<br/>    "description": "Assign Managed Identity Operator Role to IDBroker Identity at Subscription Level",<br/>    "role": "Managed Identity Operator"<br/>  }<br/>]</pre> | no |
@@ -128,7 +129,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t
 | <a name="input_separate_network_resource_group"></a> [separate\_network\_resource\_group](#input\_separate\_network\_resource\_group) | Flag to specify if separate resource group is to be used for network and Cloudera resources | `bool` | `false` | no |
 | <a name="input_storage_public_network_access_enabled"></a> [storage\_public\_network\_access\_enabled](#input\_storage\_public\_network\_access\_enabled) | Enable public\_network\_access\_enabled for storage accounts. | `bool` | `true` | no |
 | <a name="input_subnet_count"></a> [subnet\_count](#input\_subnet\_count) | Number of CDP Subnets Required | `string` | `"3"` | no |
-| <a name="input_vnet_cidr"></a> [vnet\_cidr](#input\_vnet\_cidr) | VNet CIDR Block. Required if create\_vpc is true. | `string` | `"10.10.0.0/16"` | no |
+| <a name="input_vnet_cidr"></a> [vnet\_cidr](#input\_vnet\_cidr) | VNet CIDR Block. Required if create\_vnet is true. | `string` | `"10.10.0.0/16"` | no |
 | <a name="input_vnet_name"></a> [vnet\_name](#input\_vnet\_name) | VNet name | `string` | `null` | no |
 | <a name="input_xaccount_app_name"></a> [xaccount\_app\_name](#input\_xaccount\_app\_name) | Cross account application name within Azure Active Directory | `string` | `null` | no |
 | <a name="input_xaccount_app_role_assignments"></a> [xaccount\_app\_role\_assignments](#input\_xaccount\_app\_role\_assignments) | List of Role Assignments for the Cross Account Service Principal. If scope is not specified then scope is set to var.azure\_subscription\_id | <pre>list(object({<br/>    role        = string<br/>    description = string<br/>    scope       = optional(string)<br/>    })<br/>  )</pre> | <pre>[<br/>  {<br/>    "description": "Contributor Role to Cross Account Service Principal at Subscription Level",<br/>    "role": "Contributor"<br/>  }<br/>]</pre> | no |
diff --git a/modules/terraform-cdp-azure-pre-reqs/main.tf b/modules/terraform-cdp-azure-pre-reqs/main.tf
@@ -19,15 +19,15 @@ module "azure_cdp_rmgp" {
 
   source = "../terraform-azure-resource-group"
 
-  create_resource_group = var.create_vnet
+  create_resource_group = (var.create_resource_group && var.create_vnet)
 
   # Variables required when creating RG
-  resourcegroup_name = var.create_vnet ? local.cdp_resourcegroup_name : null
-  azure_region       = var.create_vnet ? var.azure_region : null
-  tags               = var.create_vnet ? var.env_tags : null
+  resourcegroup_name = (var.create_resource_group && var.create_vnet) ? local.cdp_resourcegroup_name : null
+  azure_region       = (var.create_resource_group && var.create_vnet) ? var.azure_region : null
+  tags               = (var.create_resource_group && var.create_vnet) ? var.env_tags : null
 
   # Variables required when using pre-existing RG
-  existing_resource_group_name = var.create_vnet ? null : var.cdp_resourcegroup_name
+  existing_resource_group_name = (var.create_resource_group && var.create_vnet) ? null : var.cdp_resourcegroup_name
 
 }
 
@@ -37,15 +37,15 @@ module "azure_network_rmgp" {
 
   source = "../terraform-azure-resource-group"
 
-  create_resource_group = var.create_vnet
+  create_resource_group = (var.create_resource_group && var.create_vnet)
 
   # Variables required when creating RG
-  resourcegroup_name = var.create_vnet ? local.network_resourcegroup_name : null
-  azure_region       = var.create_vnet ? var.azure_region : null
-  tags               = var.create_vnet ? var.env_tags : null
+  resourcegroup_name = (var.create_resource_group && var.create_vnet) ? local.network_resourcegroup_name : null
+  azure_region       = (var.create_resource_group && var.create_vnet) ? var.azure_region : null
+  tags               = (var.create_resource_group && var.create_vnet) ? var.env_tags : null
 
   # Variables required when using pre-existing RG
-  existing_resource_group_name = var.create_vnet ? null : var.network_resourcegroup_name
+  existing_resource_group_name = (var.create_resource_group && var.create_vnet) ? null : var.network_resourcegroup_name
 
 }
 
diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf
@@ -92,7 +92,7 @@ variable "network_resourcegroup_name" {
 
 variable "cdp_resourcegroup_name" {
   type        = string
-  description = "Resource Group name for resources. If create_vnet is false this is a pre-existing resource group."
+  description = "Resource Group name for resources. If either create_vnet or create_resource_group is false this is a pre-existing resource group."
 
   default = null
 
@@ -108,6 +108,14 @@ variable "cdp_resourcegroup_name" {
 
 }
 
+variable "create_resource_group" {
+  type = bool
+
+  description = "Flag to specify if the Resource Group should be created"
+
+  default = true
+}
+
 variable "create_vnet" {
   type = bool
 
@@ -135,28 +143,28 @@ variable "vnet_name" {
 
 variable "vnet_cidr" {
   type        = string
-  description = "VNet CIDR Block. Required if create_vpc is true."
+  description = "VNet CIDR Block. Required if create_vnet is true."
 
   default = "10.10.0.0/16"
 }
 
 variable "cdp_subnet_range" {
   type        = number
-  description = "Size of each (internal) cluster subnet. Required if create_vpc is true."
+  description = "Size of each (internal) cluster subnet. Required if create_vnet is true."
 
   default = 19
 }
 
 variable "gateway_subnet_range" {
   type        = number
-  description = "Size of each gateway subnet. Required if create_vpc is true."
+  description = "Size of each gateway subnet. Required if create_vnet is true."
 
   default = 24
 }
 
 variable "delegated_subnet_range" {
   type        = number
-  description = "Size of each Postgres Flexible Server delegated subnet. Required if create_vpc is true."
+  description = "Size of each Postgres Flexible Server delegated subnet. Required if create_vnet is true."
 
   default = 26
 }
