From 8c845be0a213c508ec0818edbb0853bfcdd70eb3 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <tfmod442916@users.noreply.github.com>
Date: Mon, 5 Feb 2024 21:12:12 +0000
Subject: [PATCH] Add sample for iothub with private link

---
 .../main.tf                                   | 65 ++++++++++++++
 .../network.tf                                | 90 +++++++++++++++++++
 .../outputs.tf                                | 19 ++++
 .../provider.tf                               | 14 +++
 .../readme.md                                 | 27 ++++++
 .../variables.tf                              | 17 ++++
 6 files changed, 232 insertions(+)
 create mode 100644 quickstart/201-private-link-iothub-builtin-endpoint/main.tf
 create mode 100644 quickstart/201-private-link-iothub-builtin-endpoint/network.tf
 create mode 100644 quickstart/201-private-link-iothub-builtin-endpoint/outputs.tf
 create mode 100644 quickstart/201-private-link-iothub-builtin-endpoint/provider.tf
 create mode 100644 quickstart/201-private-link-iothub-builtin-endpoint/readme.md
 create mode 100644 quickstart/201-private-link-iothub-builtin-endpoint/variables.tf

diff --git a/quickstart/201-private-link-iothub-builtin-endpoint/main.tf b/quickstart/201-private-link-iothub-builtin-endpoint/main.tf
new file mode 100644
index 00000000..8fd4f0f5
--- /dev/null
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/main.tf
@@ -0,0 +1,65 @@
+resource "random_string" "suffix" {
+  length  = 5
+  special = false
+  upper   = false
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "rg-iothub-${random_string.suffix.result}"
+  location = var.location
+}
+
+resource "azurerm_iothub" "iothub" {
+  name                = "iothub-${random_string.suffix.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  public_network_access_enabled = false
+
+  sku {
+    name     = "S1"
+    capacity = 1
+  }
+
+  cloud_to_device {
+    max_delivery_count = 30
+    default_ttl        = "PT1H"
+    feedback {
+      time_to_live       = "PT1H10M"
+      max_delivery_count = 15
+      lock_duration      = "PT30S"
+    }
+  }
+
+}
+
+resource "azurerm_iothub_shared_access_policy" "iothub_policy" {
+  name                = "iothub-policy"
+  resource_group_name = azurerm_resource_group.rg.name
+  iothub_name         = azurerm_iothub.iothub.name
+
+  registry_read   = true
+  registry_write  = true
+  service_connect = true
+
+  depends_on = [azurerm_private_endpoint.iothub]
+}
+
+resource "azurerm_iothub_dps" "dps" {
+  name                = "test-device-${random_string.suffix.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  allocation_policy   = "Hashed"
+  public_network_access_enabled = false
+
+  sku {
+    name     = "S1"
+    capacity = "1"
+  }
+
+  linked_hub {
+    connection_string = azurerm_iothub_shared_access_policy.iothub_policy.primary_connection_string
+    location = azurerm_resource_group.rg.location
+    allocation_weight       = 150
+    apply_allocation_policy = true
+  }
+}
\ No newline at end of file
diff --git a/quickstart/201-private-link-iothub-builtin-endpoint/network.tf b/quickstart/201-private-link-iothub-builtin-endpoint/network.tf
new file mode 100644
index 00000000..9f67f828
--- /dev/null
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/network.tf
@@ -0,0 +1,90 @@
+resource "azurerm_virtual_network" "vnet" {
+  name                = "iothub-vnet-${random_string.suffix.result}"
+  address_space       = [var.vnet_address_space]
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_subnet" "snet" {
+  name                 = "iothub-snet-${random_string.suffix.result}"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = [var.iothub_subnet_address_space]
+}
+
+## Private DNS Zone
+resource "azurerm_private_dns_zone" "iothub" {
+  name                = "privatelink.azure-devices.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone" "eventhub" {
+  name                = "privatelink.servicebus.windows.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone" "dps" {
+  name                = "privatelink.azure-devices-provisioning.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "iothub" {
+  name                  = "vnet-link-iothub-${random_string.suffix.result}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.iothub.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "eventhub" {
+  name                  = "vnet-link-eventhub-${random_string.suffix.result}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.eventhub.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "dps" {
+  name                  = "vnet-link-dps-${random_string.suffix.result}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.dps.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+## Private Endpoint
+resource "azurerm_private_endpoint" "iothub" {
+  name                = "pep-iothub-${random_string.suffix.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  subnet_id           = azurerm_subnet.snet.id
+
+  private_service_connection {
+    name                           = "psc-iothub-${random_string.suffix.result}"
+    private_connection_resource_id = azurerm_iothub.iothub.id
+    subresource_names              = ["iotHub"]
+    is_manual_connection           = false
+  }
+
+  private_dns_zone_group {
+    name                 = "privateDNSZoneGroup"
+    private_dns_zone_ids = [azurerm_private_dns_zone.iothub.id]
+  }
+
+}
+
+resource "azurerm_private_endpoint" "dps" {
+  name                = "pep-dps-${random_string.suffix.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  subnet_id           = azurerm_subnet.snet.id
+
+  private_service_connection {
+    name                           = "psc-iothub-${random_string.suffix.result}"
+    private_connection_resource_id = azurerm_iothub_dps.dps.id
+    subresource_names              = ["iotDps"]
+    is_manual_connection           = false
+  }
+
+  private_dns_zone_group {
+    name                 = "privateDNSZoneGroup"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dps.id]
+  }
+}
\ No newline at end of file
diff --git a/quickstart/201-private-link-iothub-builtin-endpoint/outputs.tf b/quickstart/201-private-link-iothub-builtin-endpoint/outputs.tf
new file mode 100644
index 00000000..41a6390c
--- /dev/null
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/outputs.tf
@@ -0,0 +1,19 @@
+output "resource_group_name" {
+  description = "The name of the created resource group."
+  value       = azurerm_resource_group.rg.name
+}
+  
+output "virtual_network_name" {
+  description = "The name of the created virtual network."
+  value       = azurerm_virtual_network.vnet.name
+}
+  
+output "iothub_subnet_name" {
+  description = "The name of the created subnet for iothub."
+  value       = azurerm_subnet.snet.name
+}
+
+output "iothub_name" {
+  description = "The name of the created iothub."
+  value       = azurerm_subnet.snet.name
+}
\ No newline at end of file
diff --git a/quickstart/201-private-link-iothub-builtin-endpoint/provider.tf b/quickstart/201-private-link-iothub-builtin-endpoint/provider.tf
new file mode 100644
index 00000000..e5c0bc1a
--- /dev/null
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/provider.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.2"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.35.0, < 4.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+  }
+}
\ No newline at end of file
diff --git a/quickstart/201-private-link-iothub-builtin-endpoint/readme.md b/quickstart/201-private-link-iothub-builtin-endpoint/readme.md
new file mode 100644
index 00000000..83118f56
--- /dev/null
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/readme.md
@@ -0,0 +1,27 @@
+# Azure Private Link for IoT Hub and IoT Hub Device Provisioning Service
+
+This template specifies configuration for deploying [Azure IoT Hub](https://learn.microsoft.com/azure/iot-hub/) and [Azure IoT Hub Device Provisioning Service](https://learn.microsoft.com/azure/iot-dps/) services in a Virtual Network.
+
+In addition to deploying the two resources above, it deploys the necessary network components required to set up private network connectivity between IoT Hub, the IoT Hub's built-in eventhub endpoint and the Azure DPS using [Azure Private Link Service](https://docs.microsoft.com/en-us/azure/private-link/). 
+
+## Terraform resource types
+
+* [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+* [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+* [azurerm_iothub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub)
+* [azurerm_iothub_shared_access_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub_shared_access_policy)
+* [azurerm_iothub_dps](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub_dps)
+* [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+* [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+* [azurerm_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone)
+* [azurerm_private_dns_zone_virtual_network_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link)
+* [azurerm_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint)
+
+
+## Variables
+
+| Name | Description | Default |
+| ---- | ----------- | ------- |
+| `location` | Location of the resource group. | `eastus` |
+| `vnet_address_space` | Private IP address range of the virtual network | `10.0.0.0/16` |
+| `iothub_subnet_address_space` | Private IP address of the iothub subnet  | `10.0.3.0/24` |
\ No newline at end of file
diff --git a/quickstart/201-private-link-iothub-builtin-endpoint/variables.tf b/quickstart/201-private-link-iothub-builtin-endpoint/variables.tf
new file mode 100644
index 00000000..51c787ec
--- /dev/null
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/variables.tf
@@ -0,0 +1,17 @@
+variable "location" {
+    type = string
+    default = "westeurope"
+    description = "Location of the resource group"
+}
+
+variable "vnet_address_space" {
+    type = string
+    default = "10.0.0.0/16"
+    description = "Address range of the virtual network"
+}
+
+variable "iothub_subnet_address_space" {
+    type = string
+    default = "10.0.3.0/24"
+    description = "Address range of the subnet containing the iothub"
+}
\ No newline at end of file