telekom-mms / terraform-azurerm-network Goto Github PK

0.0 3.0 4.0 99 KB

A Terraform module that manages the network resources from the azurerm provider.

License: Mozilla Public License 2.0

HCL 100.00%

azure terraform terraform-module azure-network azure-public-ip azure-networksecuritygroups azure-private-endpoints virtual-network subnet public-ip

terraform-azurerm-network's Introduction

network

This module manages the hashicorp/azurerm network resources. For more information see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs > network

<-- This file is autogenerated, please do not change. -->

Requirements

Name	Version
terraform	>=1.4
azurerm	>=3.51.0

Providers

Name	Version
azurerm	>=3.51.0

Resources

Name	Type
azurerm_local_network_gateway.local_network_gateway	resource
azurerm_network_interface.network_interface	resource
azurerm_network_interface_security_group_association.network_interface_security_group_association	resource
azurerm_network_security_group.network_security_group	resource
azurerm_private_endpoint.private_endpoint	resource
azurerm_public_ip.public_ip	resource
azurerm_subnet.subnet	resource
azurerm_subnet_network_security_group_association.subnet_network_security_group_association	resource
azurerm_virtual_network.virtual_network	resource
azurerm_virtual_network_gateway.virtual_network_gateway	resource
azurerm_virtual_network_gateway_connection.virtual_network_gateway_connection	resource
azurerm_virtual_network_peering.virtual_network_peering	resource

Inputs

Name	Description	Type	Default	Required
local_network_gateway	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
network_interface	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
network_interface_security_group_association	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
network_security_group	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
private_endpoint	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
public_ip	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
subnet	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
subnet_network_security_group_association	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
virtual_network	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
virtual_network_gateway	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
virtual_network_gateway_connection	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no
virtual_network_peering	Resource definition, default settings are defined within locals and merged with var settings. For more information look at Outputs.	`any`	`{}`	no

Outputs

Name	Description
local_network_gateway	Outputs all attributes of resource_type.
network_interface	Outputs all attributes of resource_type.
network_interface_security_group_association	Outputs all attributes of resource_type.
network_security_group	Outputs all attributes of resource_type.
private_endpoint	Outputs all attributes of resource_type.
public_ip	Outputs all attributes of resource_type.
subnet	Outputs all attributes of resource_type.
subnet_network_security_group_association	Outputs all attributes of resource_type.
variables	Displays all configurable variables passed by the module. default = predefined values per module. merged = result of merging the default values and custom values passed to the module
virtual_network	Outputs all attributes of resource_type.
virtual_network_gateway	Outputs all attributes of resource_type.
virtual_network_gateway_connection	Outputs all attributes of resource_type.
virtual_network_peering	Outputs all attributes of resource_type.

Examples

Minimal configuration to install the desired resources with the module

module "network" {
  source = "registry.terraform.io/telekom-mms/network/azurerm"
  virtual_network = {
    vn-db-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      address_space       = ["172.0.0.0/28"]
    }
    vn-app-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      address_space       = ["173.0.0.0/28"]
    }
    vn-mgmt-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      address_space       = ["174.0.0.0/28"]
    }
  }
  subnet = {
    snet-app-mms = {
      resource_group_name  = module.network.virtual_network["vn-app-mms"].resource_group_name
      address_prefixes     = ["173.0.0.0/29"]
      virtual_network_name = module.network.virtual_network["vn-app-mms"].name
    }
    GatewaySubnet = {
      resource_group_name  = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      address_prefixes     = ["174.0.0.0/29"]
      virtual_network_name = module.network.virtual_network["vn-mgmt-mms"].name
    }
  }
  public_ip = {
    pip-vpn-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
    }
  }
  network_interface = {
    nic-app-mms = {
      location            = module.network.virtual_network["vn-app-mms"].location
      resource_group_name = module.network.virtual_network["vn-app-mms"].resource_group_name
      ip_configuration = {
        nic-app-mms-01 = {
          subnet_id          = module.network.subnet["snet-app-mms"].id
          private_ip_address = "173.0.0.5"
        }
      }
    }
  }
  network_security_group = {
    nsg-app-mms = {
      location            = module.network.virtual_network["vn-app-mms"].location
      resource_group_name = module.network.virtual_network["vn-app-mms"].resource_group_name
      security_rule = {
        nsgsr-app-default = {}
      }
    }
  }
  subnet_network_security_group_association = {
    snet-app-mms = {
      network_security_group_id = module.network.network_security_group["nsg-app-mms"].id
      subnet_id                 = module.network.subnet["snet-app-mms"].id
    }
  }
  network_interface_security_group_association = {
    nic-app-mms = {
      network_interface_id      = module.network.network_interface["nic-app-mms"].id
      network_security_group_id = module.network.network_security_group["nsg-app-mms"].id
    }
  }
  local_network_gateway = {
    lgw-mms = {
      location            = module.network.virtual_network["vn-mgmt-mms"].location
      resource_group_name = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      address_space       = ["192.0.0.0/28"]
      gateway_fqdn        = "gateway.mms.com"
    }
  }
  virtual_network_gateway = {
    vgw-mms = {
      location            = module.network.virtual_network["vn-mgmt-mms"].location
      resource_group_name = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      ip_configuration = {
        mms = {
          subnet_id            = module.network.subnet["GatewaySubnet"].id
          public_ip_address_id = module.network.public_ip["pip-vpn-mms"].id
        }
      }
    }
  }
  virtual_network_gateway_connection = {
    vgwcn-mms = {
      location                   = module.network.virtual_network["vn-mgmt-mms"].location
      resource_group_name        = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      type                       = "IPsec"
      virtual_network_gateway_id = module.network.virtual_network_gateway["vgw-mms"].id
    }
  }
  virtual_network_peering = {
    peer-mms = {
      resource_group_name       = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      virtual_network_name      = module.network.virtual_network["vn-mgmt-mms"].name
      remote_virtual_network_id = module.network.virtual_network["vn-db-mms"].id
    }
  }
}

Advanced configuration to install the desired resources with the module

module "network" {
  source = "registry.terraform.io/telekom-mms/network/azurerm"
  virtual_network = {
    vn-db-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      address_space       = ["172.0.0.0/28"]
      subnet = {
        snet-mysql-mms = {
          address_prefix = "172.0.0.0/29"
        }
        snet-psql-mms = {
          address_prefix = "172.0.0.8/29"
        }
      }
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
    vn-app-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      address_space       = ["173.0.0.0/28"]
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
    vn-mgmt-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      address_space       = ["174.0.0.0/28"]
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
  subnet = {
    snet-app-mms = {
      resource_group_name  = module.network.virtual_network["vn-app-mms"].resource_group_name
      address_prefixes     = ["173.0.0.0/29"]
      virtual_network_name = module.network.virtual_network["vn-app-mms"].name
      service_endpoints    = ["Microsoft.Sql"]
    }
    GatewaySubnet = {
      resource_group_name  = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      address_prefixes     = ["174.0.0.0/29"]
      virtual_network_name = module.network.virtual_network["vn-mgmt-mms"].name
    }
  }
  public_ip = {
    pip-vpn-mms = {
      location            = "westeurope"
      resource_group_name = "rg-mms-github"
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
  network_interface = {
    nic-app-mms = {
      location            = module.network.virtual_network["vn-app-mms"].location
      resource_group_name = module.network.virtual_network["vn-app-mms"].resource_group_name
      ip_configuration = {
        nic-app-mms-01 = {
          subnet_id          = module.network.subnet["snet-app-mms"].id
          private_ip_address = "173.0.0.5"
        }
      }
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
  network_security_group = {
    nsg-app-mms = {
      location            = module.network.virtual_network["vn-app-mms"].location
      resource_group_name = module.network.virtual_network["vn-app-mms"].resource_group_name
      security_rule = {
        nsgsr-app-default = {}
      }
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
  subnet_network_security_group_association = {
    snet-app-mms = {
      network_security_group_id = module.network.network_security_group["nsg-app-mms"].id
      subnet_id                 = module.network.subnet["snet-app-mms"].id
    }
  }
  network_interface_security_group_association = {
    nic-app-mms = {
      network_interface_id      = module.network.network_interface["nic-app-mms"].id
      network_security_group_id = module.network.network_security_group["nsg-app-mms"].id
    }
  }
  local_network_gateway = {
    lgw-mms = {
      location            = module.network.virtual_network["vn-mgmt-mms"].location
      resource_group_name = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      address_space       = ["192.0.0.0/28"]
      gateway_fqdn        = "gateway.mms.com"
    }
  }
  virtual_network_gateway = {
    vgw-mms = {
      location            = module.network.virtual_network["vn-mgmt-mms"].location
      resource_group_name = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      ip_configuration = {
        mms = {
          subnet_id            = module.network.subnet["GatewaySubnet"].id
          public_ip_address_id = module.network.public_ip["pip-vpn-mms"].id
        }
      }
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
  virtual_network_gateway_connection = {
    vgwcn-mms = {
      location                   = module.network.virtual_network["vn-mgmt-mms"].location
      resource_group_name        = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      type                       = "IPsec"
      virtual_network_gateway_id = module.network.virtual_network_gateway["vgw-mms"].id
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
  virtual_network_peering = {
    peer-mms = {
      resource_group_name       = module.network.virtual_network["vn-mgmt-mms"].resource_group_name
      virtual_network_name      = module.network.virtual_network["vn-mgmt-mms"].name
      remote_virtual_network_id = module.network.virtual_network["vn-db-mms"].id
      tags = {
        project     = "mms-github"
        environment = terraform.workspace
        managed-by  = "terraform"
      }
    }
  }
}

terraform-azurerm-network's People

Contributors

Watchers

Forkers

danellidesign hektor1966 sjedlick devsecteam

terraform-azurerm-network's Issues

Resource network_security_group is missing

Teh AzureRM resource network_security_group is missing, some projects require it.

Snippet of terraform plan

Error: Unsupported attribute
...
network_security_group_id = module.network.network_security_group.<name>.id
     ├────────────────
     │ module.network is a object, known only after apply
This object does not have an attribute named "network_security_group".

Error in subnet delegation

Please fix.

Error:

│ Error: Unsupported attribute
│ 
│   on .terraform/modules/network/main.tf line 36, in resource "azurerm_subnet" "subnet":
│   36:       name = local.subnet[each.key].delegation[delegation.key].name == "" ? delegation.key : local.subnet[each.key].delegation[delegation.key].name
│     ├────────────────
│     │ delegation.key is "fs"
│     │ each.key is "db"
│     │ local.subnet is object with 2 attributes
│ This object does not have an attribute named "name".
│

appears with these Variable settings

  subnet = {
    aks = {
      name                                           = format("%s-aks",module.naming.subnet.name)
      resource_group_name                            = module.resource_group.resource_group[terraform.workspace].name
      virtual_network_name                           = module.network.virtual_network[terraform.workspace].name
      address_prefixes                               = local.network_context_vars[terraform.workspace].aks_address_prefix
      enforce_private_link_endpoint_network_policies = true
    }
    db = {
      name                                           = format("%s-db",module.naming.subnet.name)
      resource_group_name                            = module.resource_group.resource_group[terraform.workspace].name
      virtual_network_name                           = module.network.virtual_network[terraform.workspace].name
      address_prefixes                               = local.network_context_vars[terraform.workspace].db_address_prefix
      service_endpoints                              = ["Microsoft.Storage"]
      enforce_private_link_endpoint_network_policies = true
      delegation = {
        fs = {
         service_delegation = {
           mysqlflex = {
             name = "Microsoft.DBforMySQL/flexibleServers"
             actions = [
               "Microsoft.Network/virtualNetworks/subnets/join/action"
             ]
           }
         }
        }
      }
    }
  }

delegation not supported for subnet part

as discussed:

module.network.azurerm_subnet.subnet["db"] will be updated in-place

~ resource "azurerm_subnet" "subnet" {
id = "/subscriptions/4c1b10e8-7301-4c93-84d7-045c20f11c20/resourceGroups/rg-buderus-dev/providers/Microsoft.Network/virtualNetworks/vnet-buderus-dev/subnets/snet-buderus-dev-db"
name = "snet-buderus-dev-db"
# (8 unchanged attributes hidden)

  + delegation {
      + name = "fs"

      + service_delegation {
          + actions = [
              + "Microsoft.Network/virtualNetworks/subnets/join/action",
            ]
          + name    = "Microsoft.DBforMySQL/flexibleServers"
        }
    }
}

[Enhancement] deprecation warning

Description

there is a deprecation warning using this module:
enforce_private_link_endpoint_network_policies will be removed in favour of the property private_endpoint_network_policies_enabled in version 4.0 of the AzureRM Provider

please replace this property.

Additional information

...

[Bug] Error in subnet delegation

Description

Error:

╷
│ Error: Invalid index
│
│   on .terraform/modules/network/variables.tf line 313, in locals:
│  313:             subconfig => merge(local.default.subnet[config][subconfig], local.subnet_values[subnet][config][subconfig])
│     ├────────────────
│     │ local.subnet_values is object with 2 attributes
│
│ The given key does not identify an element in this collection value.
╵

appears with these Variable settings:

  subnet = {
    aks = {
      name                 = format("%s-aks", local.subnet_name)
      resource_group_name  = module.resource_group.resource_group[terraform.workspace].name
      virtual_network_name = module.network.virtual_network[terraform.workspace].name
      address_prefixes     = local.network_context_vars[terraform.workspace].aks_address_prefix
      service_endpoints = [
        "Microsoft.Storage",
        "Microsoft.KeyVault"
      ]
      private_link_service_network_policies_enabled = true
    }
    db = {
      name                                      = format("%s-db", local.subnet_name)
      resource_group_name                       = module.resource_group.resource_group[terraform.workspace].name
      virtual_network_name                      = module.network.virtual_network[terraform.workspace].name
      address_prefixes                          = local.network_context_vars[terraform.workspace].db_address_prefix
      service_endpoints                         = ["Microsoft.Storage"]
      private_endpoint_network_policies_enabled = true
      delegation = {
        fs = {
          name = "fs"
          service_delegation = {
            mysqlflex = {
              name = "Microsoft.DBforMySQL/flexibleServers"
              actions = [
                "Microsoft.Network/virtualNetworks/subnets/join/action"
              ]
            }
          }
        }
      }
    }
  }

Reproduction steps

terraform plan

Current Behavior

╷
│ Error: Invalid index
│
│   on .terraform/modules/network/variables.tf line 313, in locals:
│  313:             subconfig => merge(local.default.subnet[config][subconfig], local.subnet_values[subnet][config][subconfig])
│     ├────────────────
│     │ local.subnet_values is object with 2 attributes
│
│ The given key does not identify an element in this collection value.
╵

Expected Behavior

terraform plan is running without any errors

Additional information

Could you fix this, please ?

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions

.github/workflows/codespell.yml

telekom-mms/.github main

.github/workflows/linting.yml

telekom-mms/.github main

.github/workflows/release.yml

telekom-mms/.github main

telekom-mms/.github main

.github/workflows/settings.yml

telekom-mms/.github main

.github/workflows/terrascan.yml

telekom-mms/.github main

.github/workflows/terratest.yml

telekom-mms/.github main

terraform

providers.tf

versions.tf

azurerm >=3.51.0

hashicorp/terraform >=1.4

Check this box to trigger a request for Renovate to run again on this repository

[Bug] ddos_protection_plan can only be configured for all workspaces

Description

The ddos_protection_plan can only be configured for all workspaces at once. If it's only enabled in workspace a, the module fails if it is run in workspace b.

  virtual_network = {
    environment = {
      name                = format(local.resource_name.virtual_network, terraform.workspace)
      location            = local.location
      resource_group_name = data.azurerm_resource_group.environment.name
      address_space       = [format("%s/%s", local.network.address_space[terraform.workspace], local.network.netmask.default)]
      tags                = local.tags
      ddos_protection_plan = terraform.workspace != "prod" ? {} : {
        enable  = true
        id      = "/subscriptions/1234/resourceGroups/example-com-rg/providers/Microsoft.Network/ddosProtectionPlans/example-com-ddos-protection"
      }
    }
  }

If terraform plan is executed from test workspace, not from prod, the following error occurs:

│ Error: Missing map element
│ 
│   on .terraform/modules/network/main.tf line 26, in resource "azurerm_virtual_network" "virtual_network":
│   26:       id     = local.virtual_network[each.key].ddos_protection_plan.id
│     ├────────────────
│     │ each.key is "environment"
│     │ local.virtual_network is object with 1 attribute "environment"
│ 
│ This map does not have an element with the key "id".

Reproduction steps

restrict ddos_protection_plan to one workspace, then plan/apply from another workspace

Current Behavior

Error: missing map element

Expected Behavior

ddos_protection_plan is ignored/skipped in unwanted environments/workspaces

Additional information

No response

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.