Password default back to Null variables.tf

terraform-docs: updated markdown table

Added missing default for tls_certificate_path

terraform-docs: updated markdown table

terraform-docs: updated markdown table

fix git ignore + monitoring

fix comments

.gitignore

@@ -55,20 +55,4 @@ terraform.rc
 *.license
 
 #Private key
-<<<<<<< HEAD
-<<<<<<< HEAD
-<<<<<<< HEAD
-<<<<<<< HEAD
-privatekey.key
-=======
-privatekey.key
->>>>>>> 3884dac (Add the rest of the changes)
-=======
-privatekey.key
->>>>>>> 50ed20e (Fix comments from Viktor)
-=======
-privatekey.key
->>>>>>> 3884dac (Add the rest of the changes)
-=======
-privatekey.key
->>>>>>> 50ed20e (Fix comments from Viktor)
+*.key

README.md

@@ -144,7 +144,7 @@ az vm image terms accept --offer graphdb-ee --plan graphdb-byol --publisher onto
 | gateway\_probe\_threshold | Number of consecutive health checks to consider the probe passing or failing | `number` | `2` | no |
 | context\_path | The context path for the Application Gateway. | `string` | `""` | no |
 | tls\_certificate\_path | Path to a TLS certificate that will be imported in Azure Key Vault and used in the Application Gateway TLS listener for GraphDB. Either tls\_certificate\_path or tls\_certificate\_id must be provided. | `string` | n/a | yes |
-| tls\_certificate\_password | TLS certificate password for password-protected certificates. | `string` | n/a | yes |
+| tls\_certificate\_password | TLS certificate password for password-protected certificates. | `string` | `null` | no |
 | tls\_certificate\_id | Resource identifier for a TLS certificate secret from a Key Vault. Overrides tls\_certificate\_path. Either tls\_certificate\_id or tls\_certificate\_path must be provided. | `string` | `null` | no |
 | tls\_certificate\_identity\_id | Identifier of a managed identity giving access to the TLS certificate specified with tls\_certificate\_id | `string` | `null` | no |
 | key\_vault\_enable\_purge\_protection | Prevents purging the key vault and its contents by soft deleting it. It will be deleted once the soft delete retention has passed. | `bool` | `true` | no |
@@ -189,8 +189,8 @@ az vm image terms accept --offer graphdb-ee --plan graphdb-byol --publisher onto
 | appi\_web\_test\_availability\_enabled | Should the availability web test be enabled | `bool` | `true` | no |
 | web\_test\_ssl\_check\_enabled | Should the SSL check be enabled? | `bool` | `false` | no |
 | web\_test\_geo\_locations | A list of geo locations the test will be executed from | `list(string)` | ```[ "us-va-ash-azr", "us-il-ch1-azr", "emea-gb-db3-azr", "emea-nl-ams-azr", "apac-hk-hkn-azr" ]``` | no |
-| monitor\_reader\_principal\_id | Principal(Object) ID of a user/group which would receive notifications from alerts. | `string` | `null`                                                                                              | no |
-| notification\_recipients\_email\_list | List of emails which will be notified via e-mail and/or push notifications | `list(string)` | `[]`                                                                                                | no |
+| monitor\_reader\_principal\_id | Principal(Object) ID of a user/group which would receive notifications from alerts. | `string` | `null` | no |
+| notification\_recipients\_email\_list | List of emails which will be notified via e-mail and/or push notifications | `list(string)` | `[]` | no |
 <!-- END_TF_DOCS -->
 
 ## Usage
@@ -389,8 +389,8 @@ graphdb_external_address_fqdn = "your-fqdn-or-ip"
 ```
 
 _Notes_:
-- Setting `disable_agw` to true allows you to use your existing Application Gateway.
-- When using `disable_agw` you need to set `graphdb_external_adress_fqdn` as well.
+- Setting `disable_agw` to true allows will disable creating Application Gateway by the terraform, allowing you too use your existing Application Gateway.
+- You need to provide `graphdb_external_adress_fqdn` when `disable_agw` is set to true.
 - The `context_path` variable sets the custom context path for your application.
 
 **_Post-Deployment Actions_**:
@@ -400,13 +400,13 @@ After applying the Terraform code, you must perform the following steps:
   - Path-Based Routing Rule: Set up a path-based routing rule on your Application Gateway to listen to the same context path. For example, if `context_path = "/graphdb"`, the path-based rule should be `/graphdb/*`.
 
   _Note_:
-  - You can use your External Application Gateway without the context path.
+  - You can use your external Application Gateway without the context path.
 
 **2.** Add VMs or VMSS to Backend Pool:
   - Manually add your Virtual Machine Scale Sets (VMSS) to the Application Gateway’s backend pool as targets.
 
-**3.** Upgrade VM Instances:
-  - After assigning the VMSS to the backend pool and verifying that the Application Gateway can access the VMSS, upgrade your VM instances to the latest model or version. This is essential for the Application Gateway to identify them as valid targets within the backend pool.
+**3.** Upgrade VMSS Instances:
+  - After assigning the VMSS to the backend pool and verifying that the Application Gateway can access the VMSS, upgrade your VMSS instances to the latest model or version. This is essential for the Application Gateway to identify them as valid targets within the backend pool.
 **4.** Network Security Group (NSG) Configuration:
   - Configure NSG rules to allow traffic between the Application Gateway and the VMSS, ensuring the necessary access is in place.
 

main.tf

@@ -230,7 +230,8 @@ module "monitoring" {
   web_test_availability_request_url = var.disable_agw ? var.graphdb_external_address_fqdn : module.application_gateway[0].public_ip_address_fqdn
   web_test_geo_locations            = var.web_test_geo_locations
   web_test_ssl_check_enabled        = var.web_test_ssl_check_enabled
-  graphdb_external_address_fqdn     = var.graphdb_external_address_fqdn != null ? var.graphdb_external_address_fqdn : module.application_gateway.public_ip_address_fqdn
+
+  graphdb_external_address_fqdn = var.graphdb_external_address_fqdn != null ? var.graphdb_external_address_fqdn : module.application_gateway[0].public_ip_address_fqdn
 
   monitor_reader_principal_id = var.monitor_reader_principal_id
 

modules/gateway/main.tf

@@ -151,8 +151,8 @@ resource "azurerm_application_gateway" "graphdb-public" {
   # HTTPS request - Path-Based routing rule
   # Conditionally create a request routing rule based on the var.context_path
   dynamic "request_routing_rule" {
-
     for_each = var.context_path != null && var.context_path != "" ? [1] : []
+
     content {
       name               = local.gateway_https_request_routing_rule_name
       priority           = 10
@@ -165,8 +165,8 @@ resource "azurerm_application_gateway" "graphdb-public" {
   # HTTPS request Basic routing rule
   # Fallback to a Basic Rule when var.context_path is empty
   dynamic "request_routing_rule" {
-
     for_each = var.context_path == null || var.context_path == "" ? [1] : []
+
     content {
       name                       = local.gateway_https_request_routing_rule_name
       priority                   = 10
@@ -177,8 +177,8 @@ resource "azurerm_application_gateway" "graphdb-public" {
     }
   }
   dynamic "url_path_map" {
-
     for_each = var.context_path != null && var.context_path != "" ? [1] : []
+
     content {
       name                               = "path-map"
       default_backend_address_pool_name  = local.gateway_backend_address_pool_name

variables.tf

@@ -183,15 +183,18 @@ variable "context_path" {
   type        = string
   default     = ""
 }
+
 # TLS
 variable "tls_certificate_path" {
   description = "Path to a TLS certificate that will be imported in Azure Key Vault and used in the Application Gateway TLS listener for GraphDB. Either tls_certificate_path or tls_certificate_id must be provided."
   type        = string
+  default     = null
 }
 
 variable "tls_certificate_password" {
   description = "TLS certificate password for password-protected certificates."
   type        = string
+  default     = null
 }
 
 variable "tls_certificate_id" {