Create template and documentation for vnets. (#34)

* Create template and documentation for vnets.

* Update definitions in vars file.

docs/ce-docs/docs/Self-Service/Introduction.md

@@ -0,0 +1,12 @@
+# Self-Service Portal
+
+If you would like to create your own infrastructure, you've come to the right place! The information and resources here in the Self-Service Portal will guide you through the process of creating your own infrastructure in the CDC External Azure Environment (CDCExt).
+
+## Environment Provisioning
+_Coming soon!_
+
+## Available Resources
+
+| Component Class | Documentation Link |
+| --- | --- |
+| Networking | [Networking](./Networking/00-contents.md) |

docs/ce-docs/docs/Self-Service/Networking/00-contents.md

@@ -0,0 +1,7 @@
+# Contents
+
+Several networking components within Azure are used to generate a secure and resilient environment. The components we support are listed in the table below.
+
+| Component | Description | Template Link |
+| --- | --- | --- |
+| Virtual Network | A virtual network (VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. | [VNet](./01-vnet.md) |

docs/ce-docs/docs/Self-Service/Networking/01-vnet.md

@@ -0,0 +1,29 @@
+# Virtual Networks
+
+Virtual Networks, or VNets, are the foundation of your network in Azure. VNETs allow you to securely connect Azure resources to each other, the internet, and on-premises networks. VNETs are similar to traditional networks, but with additional benefits of Azure's infrastructure.
+
+For security and resiliency, VNets are isolated from one another. This isolation prevents traffic from one VNet from directly communicating with another VNet. However, you can connect VNets together by using VNet peering, private endpoints, or other Azure resources.
+
+
+## File Structure
+VNet templates are located in the `templates/virtual_network` directory. The `main.tf` file contains the VNet and subnet resource definitions. The `_vars.tf` file contains the input variables for the VNet resource. The `_output.tf` file contains the output variables for the VNet resource.
+
+```
+- templates
+  - virtual_network
+    - main.tf
+    - _vars.tf
+    - _output.tf
+```
+
+## Usage
+Example usage of this module can be found in the `templates/implementation` directory. At a minimum, you will need to implement the following local and module declarations in your environment definition file:
+
+![VNet Usage](../../assets/vnet_usage.png)
+
+## Extras
+This template has several commented sections that can be used to add additional subnets to the VNet as you introduce new infrastructure components. As an example, the following section creates a subnet for an Azure App Service Plan:
+
+![App Service Subnet](../../assets/vnet_app_service_commented.png)
+
+To use this resource in your code, simply uncomment the section. No variable updates should be needed. If you need multiple instances of the same resource, you can copy the section and update the subnet name and address space as needed.

docs/ce-docs/docs/index.md

@@ -7,5 +7,5 @@ We offer two convenient options to help get your team up and running in the mann
 
 | Path | Description | Status |
 |---------|-------------|--------|
-| [Self-Service](Self-Service/00-index) | The **Self-Service** portal provides documentation and usage samples for pre-constructed Terraform templates. Simply take the files you need, add your variables, and add to your CI/CD pipeline! | In Development (Pre-alpha)|
+| [Self-Service](Self-Service/Introduction.md) | The **Self-Service** portal provides documentation and usage samples for pre-constructed Terraform templates. Simply take the files you need, add your variables, and add to your CI/CD pipeline! | In Development (Pre-alpha)|
 | [Full Service](Full%20Service/00-index) | Looking for an easier solution? The **Full Service** portal walks you through the steps for onboarding your project to the multi-tenant OPHDST Kubernetes cluster. | In Development (Pre-alpha)|

templates/implementation/main.tf

@@ -0,0 +1,22 @@
+locals {
+  project   = "#{vars.project}"
+  name      = "#{vars.name}"
+  env       = "#{vars.env}"
+
+  network_cidr = "10.1.0.0/16"
+  rg_name      = data.azurerm_resource_group.name
+  rg_location  = data.azurerm_resource_group.location
+  management_tags = {
+    environment    = local.env
+    resource_group = "${local.project}-${local.name}-${local.env}"
+  }
+}
+
+module "vnet" {
+  source              = "../../services/virtual_network"
+  env                 = local.env
+  resource_group_name = local.rg_name
+  network_address     = local.network_cidr
+  management_tags     = local.management_tags
+  location            = local.rg_location
+}

templates/virtual_network/_output.tf

@@ -0,0 +1,23 @@
+output "subnet_lbs_id" {
+  value = azurerm_subnet.lbs.id
+}
+
+output "subnet_webapp_id" {
+  value = azurerm_subnet.webapp.id
+}
+
+output "subnet_db_id" {
+  value = azurerm_subnet.db.id
+}
+
+output "subnet_container_instances_id" {
+  value = azurerm_subnet.container_instances.id
+}
+
+output "private_dns_zone_id" {
+  value = azurerm_private_dns_zone.default.id
+}
+
+output "network" {
+  value = azurerm_virtual_network.vn
+}

templates/virtual_network/_var.tf

@@ -0,0 +1,30 @@
+variable "project" {
+  default = "#{vars.project}"
+}
+
+variable "app_name" {
+  default = "#{vars.app_name}"
+}
+
+variable "env" {
+  description = "values: [dev, prod]"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group to deploy to"
+  type        = string
+}
+
+variable "network_address" {
+  description = "The network address of the virtual network"
+}
+variable "management_tags" {
+  description = "The tags to apply to the management resources"
+  type        = map(string)
+}
+
+variable "location" {
+  description = "The location of the resource group to deploy to"
+  type        = string
+}

templates/virtual_network/main.tf

@@ -0,0 +1,111 @@
+locals {
+  subnet_basename = "${var.project}-${var.app_name}-${var.env}"
+}
+
+# Create the virtual network and the persistent subnets
+resource "azurerm_virtual_network" "vnet" {
+  name                = "${var.app_name}-${var.env}-network"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  address_space       = [var.network_address]
+
+  tags = var.management_tags
+}
+
+resource "azurerm_subnet" "lbs" {
+  name                 = "${local.subnet_basename}-lb"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vn.name
+  address_prefixes     = [cidrsubnet(var.network_address, 8, 254)] # X.X.254.0/24
+  service_endpoints = [
+    "Microsoft.Web",
+    "Microsoft.Storage"
+  ]
+}
+
+/*
+# Subnet for App Service Plans
+resource "azurerm_subnet" "webapp" {
+  name                 = "${local.subnet_basename}-webapp"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vn.name
+  address_prefixes     = [cidrsubnet(var.network_address, 8, 100)] # X.X.100.0/24
+
+  delegation {
+    name = "serverfarms"
+    service_delegation {
+      name = "Microsoft.Web/serverFarms"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/action"
+      ]
+    }
+  }
+}
+*/
+
+/*
+# Subnet + network profile for Azure Container Instances
+resource "azurerm_subnet" "container_instances" {
+  name                 = "${var.env}-azure-container-instances"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vn.name
+  address_prefixes     = [cidrsubnet(var.network_address, 8, 101)] # X.X.101.0/24
+
+  delegation {
+    name = "${var.env}-container-instances"
+
+    service_delegation {
+      name    = "Microsoft.ContainerInstance/containerGroups"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+    }
+  }
+}
+
+resource "azurerm_network_profile" "container_instances" {
+  name                = "${var.env}-azure-container-instances"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  container_network_interface {
+    name = "${var.env}-container-instances"
+
+    ip_configuration {
+      name      = "${var.env}-container-instances"
+      subnet_id = azurerm_subnet.container_instances.id
+    }
+  }
+}
+*/
+
+/*
+# Subnet for Flexible DBs
+resource "azurerm_subnet" "db" {
+  name                 = "${var.env}-db"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vn.name
+  address_prefixes     = [cidrsubnet(var.network_address, 8, 102)] # X.X.102.0/24
+
+  delegation {
+    name = "${var.env}-db"
+
+    service_delegation {
+      name    = "Microsoft.DBforPostgreSQL/flexibleServers"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
+    }
+  }
+}
+
+# The name of the private DNS zone MUST be environment-specific to support multiple envs within the same resource group.
+resource "azurerm_private_dns_zone" "default" {
+  name                = "privatelink.${var.env == var.env_level ? "" : "${var.env}."}postgres.database.azure.com"
+  resource_group_name = var.resource_group_name
+}
+
+# DNS/VNet linkage for Flexible DB functionality
+resource "azurerm_private_dns_zone_virtual_network_link" "vnet_link" {
+  name                  = "${var.env}-vnet-dns-link"
+  resource_group_name   = var.resource_group_name
+  private_dns_zone_name = azurerm_private_dns_zone.default.name
+  virtual_network_id    = azurerm_virtual_network.vn.id
+}
+*/