There is no variable named "local".There is no variable named "var"

modules waf
main.tf
#Public IP
resource “azurerm_public_ip” “appgateway_publicip” {
name = var.__l_appgateway_publicip_name
location = var.__location
resource_group_name = var.__resource_group_res_waf_name
allocation_method = “Static”
sku = “Standard”
domain_name_label = var.__appgateway_dns_name
zones = [“1”, “2”, “3”]
}
resource “azurerm_user_assigned_identity” “gateway” {

name = format(“%s-identity”, var.__l_appgateway_resource_name)
location = var.__location
resource_group_name = var.__resource_group_res_waf_name

}

#Azure Application Gateway
resource “azurerm_application_gateway” “appgateway_resource” {
name = var.__l_appgateway_resource_name
resource_group_name = var.__resource_group_res_waf_name
location = var.__location

zones = var.__appgateway_zones
enable_http2 = true

sku {
name = var.__appgateway_sku_name
tier = var.__appgateway_sku_tier
capacity = var.__appgateway_autoscale ? null : var.__appgateway_capacity
}

gateway_ip_configuration {
name = local.l_gateway_ip_configuration_name
subnet_id = var.__subnet_waf_id
}

frontend_port {
name = local.l_frontend_port_name_http
port = 80
}

frontend_port {
name = local.l_frontend_port_name_https
port = 443
}

frontend_ip_configuration {
name = local.l_frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.appgateway_publicip.id
}

dynamic “frontend_ip_configuration” {

for_each = [var.__appgateway_private_ip_address]

content {

name = “privateipconfig”

subnet_id = var.__subnet_waf_id

private_ip_address_allocation = “Static”

private_ip_address = frontend_ip_configuration.value[“ip”]

}

}

backend_address_pool {
name = local.l_backend_address_pool_name
}

backend_http_settings {
name = local.l_http_setting_name
cookie_based_affinity = var.__appgateway_backend_cookie
port = var.__appgateway_backend_port
protocol = var.__appgateway_backend_protocol
request_timeout = var.__appgateway_backend_request_timeout
}

ssl_policy {
policy_type = “Predefined”
policy_name = “AppGwSslPolicy20170401S”
}

http_listener {
name = local.l_listener_name
frontend_ip_configuration_name = local.l_frontend_ip_configuration_name
frontend_port_name = local.l_frontend_port_name_http
protocol = “Http”
}

request_routing_rule {
name = local.l_request_routing_rule_name
rule_type = “Basic”
http_listener_name = local.l_listener_name
backend_address_pool_name = local.l_backend_address_pool_name
backend_http_settings_name = local.l_http_setting_name
}

waf_configuration {
enabled = var.__appgateway_waf_enabled
firewall_mode = var.__appgateway_waf_firewall_mode
rule_set_type = var.__appgateway_waf_rule_set_type
rule_set_version = var.__appgateway_waf_rule_set_version
}

dynamic “autoscale_configuration” {
for_each = var.__appgateway_autoscale ? [1] :
content {
min_capacity = var.__appgateway_autoscale_min
max_capacity = var.__appgateway_autoscale_max
}
}

for web sites

dynamic “backend_address_pool” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, backend_address_pool.key, “bak”)
fqdns = [backend_address_pool.value.backend.host_name]
}
}
dynamic “probe” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, probe.key, “probe”)
path = probe.value.backend.healthRelativeUrl
# port = probe.value.backend.port # commenté pour avoir Pick port from backend HTTP settings= true
interval = 60
protocol = probe.value.backend.protocol
timeout = probe.value.backend.timeout
unhealthy_threshold = 3
pick_host_name_from_backend_http_settings = true
match {
status_code = [“200-399”]
body = “”
}
}
}

dynamic “ssl_certificate” {
for_each = azurerm_key_vault_certificate.selfsignecerts
content {
name = ssl_certificate.value.name
key_vault_secret_id = ssl_certificate.value.secret_id
}
}

dynamic “backend_http_settings” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, backend_http_settings.key, “setting”)
cookie_based_affinity = backend_http_settings.value.backend.cookie_based_affinity
port = backend_http_settings.value.backend.port
protocol = backend_http_settings.value.backend.protocol
request_timeout = backend_http_settings.value.backend.timeout
probe_name = format(“%s-%s”, backend_http_settings.key, “probe”)
host_name = backend_http_settings.value.backend.host_name
pick_host_name_from_backend_address = backend_http_settings.value.backend.host_name == null ? true : false

}

}

website on https

dynamic “http_listener” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, http_listener.key, “https-listener”)
frontend_ip_configuration_name = local.l_frontend_ip_configuration_name
frontend_port_name = local.l_frontend_port_name_https
protocol = “Https”
ssl_certificate_name = http_listener.value.certificate_name
#ssl_certificate_name = “selfsaftcloudcom”
host_name = format(“%s.%s”, http_listener.value.publicwebsite, http_listener.value.publicDomain)
}
}
dynamic “request_routing_rule” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, request_routing_rule.key, “routing”)
rule_type = “Basic”
http_listener_name = format(“%s-%s”, request_routing_rule.key, “https-listener”)
backend_address_pool_name = format(“%s-%s”, request_routing_rule.key, “bak”)
backend_http_settings_name = format(“%s-%s”, request_routing_rule.key, “setting”)
rewrite_rule_set_name = format(“%s-%s”, request_routing_rule.key, “rewrite-rules”)
#priority = 10
}
}

website on http

dynamic “http_listener” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, http_listener.key, “http-to-https-redirect”)
frontend_ip_configuration_name = local.l_frontend_ip_configuration_name
frontend_port_name = local.l_frontend_port_name_http
protocol = “Http”
host_name = format(“%s.%s”, http_listener.value.publicwebsite, http_listener.value.publicDomain)
}
}
dynamic “redirect_configuration” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, redirect_configuration.key, “redirect”)
redirect_type = “Permanent”
target_listener_name = format(“%s-%s”, redirect_configuration.key, “https-listener”)
include_path = true
include_query_string = true
}
}
dynamic “request_routing_rule” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, request_routing_rule.key, “routinghttp”)
rule_type = “Basic”
http_listener_name = format(“%s-%s”, request_routing_rule.key, “http-to-https-redirect”)
redirect_configuration_name = format(“%s-%s”, request_routing_rule.key, “redirect”)
#priority = 10

}

}

identity {
type = “UserAssigned”
identity_ids = [azurerm_user_assigned_identity.gateway.id]
}

dynamic “rewrite_rule_set” {
for_each = local.appgateway_websites
content {
name = format(“%s-%s”, rewrite_rule_set.key, “rewrite-rules”)
rewrite_rule {
name = format(“%s_%s”, rewrite_rule_set.key, “rewrite_hostname”)
rule_sequence = 100
condition {
variable = “http_resp_Location”
pattern = “(https?):\/\/{rewrite_rule_set.value.backend.host_name}(.*)
ignore_case = false
#negate=
}
# request_header_configuration {
# header_name = “Common header”
# header_value = “Location”
# }
response_header_configuration {
header_name = “Location”
header_value = “{http_resp_Location_1}://{rewrite_rule_set.value.publicwebsite}.{rewrite_rule_set.value.publicDomain}{http_resp_Location_2}”
}
# url {
# path =
# query_string =
# }
}

}

}

lifecycle {
ignore_changes = [
# backend_address_pool,
# backend_http_settings,
# http_listener,
# probe,
# redirect_configuration,
# request_routing_rule,
# ssl_certificate,
# trusted_root_certificate,
# authentication_certificate,
# rewrite_rule_set,
# frontend_port,
# waf_configuration,
]
}

}

variables.tf
###############################################################

General Variables

###############################################################

variable “__location” {
description = “Location of the resources created by the module, default to West Europe”
type = string

}

variable “__resource_group_res_waf_name” {
description = “Name of the Landing Zone Resource Group where the Application Gateway will be deployed”
type = string

}
variable “__l_appgateway_resource_name” {
description = “Name of the Landing Zone Resource Group where the Application Gateway will be deployed”
type = string

}
variable “__subnet_waf_id” {
type = string

}

variable “__l_appgateway_publicip_name” {
description = “Name of the Landing Zone Resource Group where the Application Gateway will be deployed”
type = string

}

variable “__appgateway_private_ip_address” {

description = “Private IP for the Application Gateway, must be included in the Application Gateway Subnet IP Range”

type = list(map(string))

default = [{ip =“10.1.3.0/24”}]

#default = [{ ip = “xxx.xxx.xxx.xxx”}]

}

variable “__tags” {

description = “Project Tags”

type = map(string)

default = {}

example = {

tag1 = value1

tag2 = value2

tag3 = value3

}

}

variable “__appgateway_zones” {
description = “A collection of availability zones to spread the Application Gateway over - Availability Zones are only supported in several regions at this time. They are also only supported for v2 SKUs”
type = list(string)
default = [“1”, “2”, “3”]
}

Application Gateway Public IP block variables

variable “__appgateway_dns_name” {
description = “DNS Name Prefix that will be configured onto the Application Gateway Public IP, final dns name will look like dnsname.westeurope.cloudapp.azure.com
type = string
default = null
}

Application Gateway SKU block variables

variable “__appgateway_sku_name” {
description = “The Name of the SKU to use for this Application Gateway. Possible values are Standard_Small, Standard_Medium, Standard_Large, Standard_v2, WAF_Medium, WAF_Large, and WAF_v2, default to WAF_v2”
type = string
default = “WAF_v2”
}

variable “__appgateway_sku_tier” {
description = “The Tier of the SKU to use for this Application Gateway. Possible values are Standard, Standard_v2, WAF and WAF_v2, default to WAF_v2”
type = string
default = “WAF_v2”
}

variable “__appgateway_capacity” {
description = “The Capacity of the SKU to use for this Application Gateway. When using a V1 SKU this value must be between 1 and 32, and 1 to 125 for a V2 SKU. This property is optional if autoscale_configuration is set. Default to 1, ignored if appgateway_autoscale is true”
type = number
default = 1
}

Application Gateway Backend HTTP Settings block variables

variable “__appgateway_backend_cookie” {
description = “Is Cookie-Based Affinity enabled? Possible values are Enabled and Disabled, default to Disabled”
type = string
default = “Disabled”
}

variable “__appgateway_backend_port” {
description = “The port which should be used for this Backend HTTP Settings Collection, default to 443”
type = number
default = 443
}

variable “__appgateway_backend_protocol” {
description = “The Protocol which should be used. Possible values are Http and Https, default to Https”
type = string
default = “Https”
}

variable “__appgateway_backend_request_timeout” {
description = “The request timeout in seconds, which must be between 1 and 86400 seconds, default to 20”
type = number
default = 20
}

Application Gateway WAF Configuration block variables

variable “__appgateway_waf_enabled” {
description = “Is the Web Application Firewall be enabled ? default to TRUE”
type = bool
default = true
}

variable “__appgateway_waf_firewall_mode” {
description = “The Web Application Firewall Mode. Possible values are Detection and Prevention. default to Prevention”
type = string
default = “Prevention”
}

variable “__appgateway_waf_rule_set_type” {
description = “The type of the web application firewall rule set. Possible values are: ‘OWASP’, default to OWASP”
type = string
default = “OWASP”
}

variable “__appgateway_waf_rule_set_version” {
description = “The Version of the Rule Set used for this Web Application Firewall. Possible values are 2.2.9, 3.0, and 3.1., default to 3.1”
type = string
default = “3.1”
}

Application Gateway Autoscale Configuration block variables

variable “__appgateway_autoscale” {
description = “Should the Application Gateway perform autoscale ? Default to false”
type = bool
default = false
}

variable “__appgateway_autoscale_min” {
description = “Minimum capacity for autoscaling, default to 2”
type = string

}

variable “__appgateway_autoscale_max” {
description = “Maximum capacity for autoscaling, default to 10”
type = string

}

application gateway : declare websites

variable “__appgateway_websites” {
description = “websites that application gateway need to protect”

publicDomain: dns suffix of public IP. Should be .iasp.tgscloud.net or app.com

if .iasp.tgscloud.net, then a record A is added to the public DNS zone of

publicwebsite: the name of the website. Website will be accessible thru .

generateLetsEncrypt: only for publicDomain=.iasp.tgscloud.net, the app gateway will generate a letsencrypt certificate. Do not forget to run this module every X months to generate a new certificate

the period of validity of check of expiration can be tuned thru

dont forget to fill the variable team_mailing_list

contraints : the name of the map is unique in the map

are also unique, backendUrl, .

for some properties, if not set some default are applied

backend : describe the application that app gateway protect

healthRelativeUrl: relative URL to Health probe. For example /Health. Default: /

port: the port number. Default : 443

protocol: http or https. Default : Https

cookie_based_affinity : Enabled or Disabled. Default Disabled. The application gateway can use cookies to keep a user session on the same server. You can enable this feature if the client supports the use of cookies.

timeout : default = 60. The request timeout is the number of seconds that the application gateway will wait to receive a response from the backend pool before it returns a “connection timed out” error message.

host_name: where to send request. Mandatory for app service. For App Service, is the full hostname

type = map(object({
publicDomain = string
publicwebsite = string
generateSelfSignedCertificate = bool
certificate_name = string
backend = object({
healthRelativeUrl = string
port = number
protocol = string
cookie_based_affinity = string
timeout = number
host_name = string
})
}))
default = {}
}

variable “__team_mailing_list” {
type = string
description = “Tiger Team mailing list to be used as contact information for specific Azure resources. Will be used when generate letsencrypt certificate and mandatory in that case. Mandatory if appgateway_websites.generateSelfSignedCertificate is true”
default = “example.com
}

set 0 if you dont want expiration management…

variable “__min_days_remaining” {
type = number
description = “Minimum days remaining for certification request. Mandatory if appgateway_websites.generateSelfSignedCertificate is true”
default = 30
}

variable “__key_vault_certif” {

type = object({

id = string

})

description = “Key vault for certificates info. Mandatory if appgateway_websites.generateSelfSignedCertificate is true. Appgateway identity will be granted to perform GET oprations on certificates and secrets”

default = null

}

variable “__dns_domain” {
type = string
description = “DNS domain for certification request”
default = “example-apps.com
}

variable “__a_record_ttl” {
type = number
description = “A TTL reccord in identity DNS”
default = 3600
}

###############################################################

Naming Variables

###############################################################

#Locals calculating the resources names
locals {

l_appgateway_subnet_name = format(“direct-%s-%s-%s-%s-%s”, var.__vnet_resource_name, var.__snet_resource_code, var.__tags[“AppCode”], var.__tags[“Environment”], var.__snet_resource_utility) # Example : direct-vnet-iasp-euw-lz-network-snet-cccd-p-apgw

l_appgateway_publicip_name = format(“%s-%s-%s-%s-%s-%s-%s”, var.__publicip_resource_code, var.__appgateway_resource_code, var.__platform_code, var.__tags[“Environment”], var.__region_code, var.__tags[“AppCode”], var.__resource_index) # Example : pip-apgw-iasp-p-euw-cccd-01

l_appgateway_nsg_name = format(“%s-%s-%s-%s-%s-%s-%s”, var.__nsg_resource_code, var.__appgateway_resource_code, var.__platform_code, var.__tags[“Environment”], var.__region_code, var.__tags[“AppCode”], var.__resource_index) # Example : nsg-apgw-iasp-p-euw-cccd-01

l_appgateway_resource_name = format(“%s-%s-%s-%s-%s-%s”, var.__appgateway_resource_code, var.__platform_code, var.__tags[“Environment”], var.__region_code, var.__tags[“AppCode”], var.__resource_index) # Example : apgw-iasp-p-euwxx-01

Calculate all default configuration names

l_backend_address_pool_name = format(“%s-bak-default”, var.__l_appgateway_resource_name)
l_frontend_port_name_http = format(“%s-feport-http”, var.__l_appgateway_resource_name)
l_frontend_port_name_https = format(“%s-feport-https”, var.__l_appgateway_resource_name)
l_frontend_ip_configuration_name = format(“%s-feip”, var.__l_appgateway_resource_name)
l_http_setting_name = format(“%s-be-htst-default”, var.__l_appgateway_resource_name)
l_listener_name = format(“%s-httplist-default”, var.__l_appgateway_resource_name)
l_request_routing_rule_name = format(“%s-routerule-default”, var.__l_appgateway_resource_name)
l_gateway_ip_configuration_name = format(“%s-gicn-default”, var.__l_appgateway_resource_name)

appgateway_websites = var.__appgateway_websites
}
call modules.
main.tf
module “waf” {

source = “./modules/waf”
__resource_group_res_waf_name =var.resource_group_res_waf_name
__location =var.location
__l_appgateway_resource_name = var.l_appgateway_resource_name
__l_appgateway_publicip_name =var.l_appgateway_publicip_name
__subnet_waf_id =module.vnet.vnet_subnet-waf[1]
__appgateway_autoscale = true
__appgateway_autoscale_min = 0
__appgateway_autoscale_max = 2
__appgateway_websites = local.all_websites

__key_vault_certif = data.azurerm_key_vault.kv

}
variables.tf

locals {

all_websites = {
uatalcad = {
publicDomain = “example-apps.com
publicwebsite = “example-api-proto”
generateSelfSignedCertificate = false //true
certificate_name = “Certificate” //“self-signed-alcad-com”
backend = {
host_name = “app-sa-test.azurewebsites.net
port = 443
healthRelativeUrl = “/”
protocol = “Https”
cookie_based_affinity = “Disabled”
timeout = 60
}
},
}
}

error

│ Error: Unknown variable

│ on modules\waf\main.tf line 104, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 104: for_each = var.__appgateway_autoscale ? [1] :

│ There is no variable named “var”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 113, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 113: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 120, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 120: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 138, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 138: for_each = azurerm_key_vault_certificate.selfsignecerts

│ There is no variable named “azurerm_key_vault_certificate”.


│ Error: Reference to undeclared resource

│ on modules\waf\main.tf line 138, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 138: for_each = azurerm_key_vault_certificate.selfsignecerts

│ A managed resource “azurerm_key_vault_certificate” “selfsignecerts” has not been declared in
│ module.waf.


│ Error: Unknown variable

│ on modules\waf\main.tf line 146, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 146: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 161, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 161: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 173, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 173: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 186, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 186: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 196, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 196: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 206, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 206: for_each = local.appgateway_websites

│ There is no variable named “local”.


│ Error: Unknown variable

│ on modules\waf\main.tf line 223, in resource “azurerm_application_gateway” “appgateway_resource”:
│ 223: for_each = local.appgateway_websites

│ There is no variable named “local”.

KhanfirM@G02FRXN00810 MINGW64 ~/OneDrive - FUJITSU/Bureau/test/azure-infrastructure (master)
$