Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(vnet)!: per-subnet sourcing and subnet delegation for CloudNGFW #103

Merged
merged 4 commits into from
Oct 10, 2024
Merged

feat(vnet)!: per-subnet sourcing and subnet delegation for CloudNGFW #103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c408d95
Update modules to support per-subnet sourcing
acelebanski Oct 9, 2024
3a58837
Update modules to support subnet delegation
acelebanski Oct 9, 2024
4df3a8d
Update examples and tests
acelebanski Oct 9, 2024
d4268e2
Update the READMEs
acelebanski Oct 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 14 additions & 16 deletions examples/common_vmseries/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,31 +279,29 @@ For detailed documentation on each property refer to [module documentation](../.
an existing VNET.
- `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a
full resource name, including prefixes.
- `resource_group_name` - (`string`, optional, defaults to current RG) a name of an existing Resource Group in which the
VNET will reside or is sourced from.
- `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET.
- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by
default Azure DNS is used).
- `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when
set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is
disabled.
- `resource_group_name` - (`string`, optional, defaults to current RG) a name of an existing Resource Group in which the
VNET will reside or is sourced from.
- `create_subnets` - (`bool`, optional, defaults to `true`) if `true`, create Subnets inside the Virtual Network,
otherwise use source existing subnets.
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `network_security_groups` - (`map`, optional) map of Network Security Groups to create, for details see
[VNET module documentation](../../modules/vnet/README.md#network_security_groups).
- `route_tables` - (`map`, optional) map of Route Tables to create, for details see
[VNET module documentation](../../modules/vnet/README.md#route_tables).
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).


Type:

```hcl
map(object({
create_virtual_network = optional(bool, true)
name = string
resource_group_name = optional(string)
create_virtual_network = optional(bool, true)
address_space = optional(list(string))
dns_servers = optional(list(string))
vnet_encryption = optional(string)
Expand Down Expand Up @@ -335,13 +333,14 @@ map(object({
next_hop_ip_address = optional(string)
}))
})), {})
create_subnets = optional(bool, true)
subnets = optional(map(object({
create = optional(bool, true)
name = string
address_prefixes = optional(list(string), [])
network_security_group_key = optional(string)
route_table_key = optional(string)
enable_storage_service_endpoint = optional(bool, false)
enable_storage_service_endpoint = optional(bool)
enable_cloudngfw_delegation = optional(bool)
})), {})
}))
```
Expand Down Expand Up @@ -1230,14 +1229,12 @@ Following properties are supported:
a full resource name, including prefixes.
- `address_space` - (`list(string)`, required when `create_virtual_network = `false`) a list of CIDRs for a newly
created VNET.
- `create_subnets` - (`bool`, optional, defaults to `true`) if `true`, create Subnets inside the Virtual Network,
otherwise use source existing subnets.
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `network_security_groups` - (`map`, optional) map of Network Security Groups to create, for details see
[VNET module documentation](../../modules/vnet/README.md#network_security_groups).
- `route_tables` - (`map`, optional) map of Route Tables to create, for details see
[VNET module documentation](../../modules/vnet/README.md#route_tables).
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `local_peer_config` - (`map`, optional) a map that contains local peer configuration parameters. This value allows to
set `allow_virtual_network_access`, `allow_forwarded_traffic`, `allow_gateway_transit` and
`use_remote_gateways` parameters on the local VNet peering.
Expand Down Expand Up @@ -1315,8 +1312,8 @@ map(object({
create_resource_group = optional(bool, true)
resource_group_name = optional(string)
vnets = map(object({
name = string
create_virtual_network = optional(bool, true)
name = string
address_space = optional(list(string))
dns_servers = optional(list(string))
hub_resource_group_name = optional(string)
Expand Down Expand Up @@ -1349,13 +1346,14 @@ map(object({
next_hop_ip_address = optional(string)
}))
})), {})
create_subnets = optional(bool, true)
subnets = optional(map(object({
create = optional(bool, true)
name = string
address_prefixes = optional(list(string), [])
network_security_group_key = optional(string)
route_table_key = optional(string)
enable_storage_service_endpoint = optional(bool, false)
enable_storage_service_endpoint = optional(bool)
enable_cloudngfw_delegation = optional(bool)
})), {})
local_peer_config = optional(object({
allow_virtual_network_access = optional(bool, true)
Expand Down
3 changes: 1 addition & 2 deletions examples/common_vmseries/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,7 @@ module "vnet" {
dns_servers = each.value.dns_servers
vnet_encryption = each.value.vnet_encryption

create_subnets = each.value.create_subnets
subnets = each.value.subnets
subnets = each.value.subnets

network_security_groups = {
for k, v in each.value.network_security_groups : k => merge(v, { name = "${var.name_prefix}${v.name}" })
Expand Down
30 changes: 14 additions & 16 deletions examples/common_vmseries/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,27 +58,25 @@ variable "vnets" {
an existing VNET.
- `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a
full resource name, including prefixes.
- `resource_group_name` - (`string`, optional, defaults to current RG) a name of an existing Resource Group in which the
VNET will reside or is sourced from.
- `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET.
- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by
default Azure DNS is used).
- `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when
set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is
disabled.
- `resource_group_name` - (`string`, optional, defaults to current RG) a name of an existing Resource Group in which the
VNET will reside or is sourced from.
- `create_subnets` - (`bool`, optional, defaults to `true`) if `true`, create Subnets inside the Virtual Network,
otherwise use source existing subnets.
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `network_security_groups` - (`map`, optional) map of Network Security Groups to create, for details see
[VNET module documentation](../../modules/vnet/README.md#network_security_groups).
- `route_tables` - (`map`, optional) map of Route Tables to create, for details see
[VNET module documentation](../../modules/vnet/README.md#route_tables).
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
EOF
type = map(object({
create_virtual_network = optional(bool, true)
name = string
resource_group_name = optional(string)
create_virtual_network = optional(bool, true)
address_space = optional(list(string))
dns_servers = optional(list(string))
vnet_encryption = optional(string)
Expand Down Expand Up @@ -110,13 +108,14 @@ variable "vnets" {
next_hop_ip_address = optional(string)
}))
})), {})
create_subnets = optional(bool, true)
subnets = optional(map(object({
create = optional(bool, true)
name = string
address_prefixes = optional(list(string), [])
network_security_group_key = optional(string)
route_table_key = optional(string)
enable_storage_service_endpoint = optional(bool, false)
enable_storage_service_endpoint = optional(bool)
enable_cloudngfw_delegation = optional(bool)
})), {})
}))
}
Expand Down Expand Up @@ -946,14 +945,12 @@ variable "test_infrastructure" {
a full resource name, including prefixes.
- `address_space` - (`list(string)`, required when `create_virtual_network = `false`) a list of CIDRs for a newly
created VNET.
- `create_subnets` - (`bool`, optional, defaults to `true`) if `true`, create Subnets inside the Virtual Network,
otherwise use source existing subnets.
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `network_security_groups` - (`map`, optional) map of Network Security Groups to create, for details see
[VNET module documentation](../../modules/vnet/README.md#network_security_groups).
- `route_tables` - (`map`, optional) map of Route Tables to create, for details see
[VNET module documentation](../../modules/vnet/README.md#route_tables).
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `local_peer_config` - (`map`, optional) a map that contains local peer configuration parameters. This value allows to
set `allow_virtual_network_access`, `allow_forwarded_traffic`, `allow_gateway_transit` and
`use_remote_gateways` parameters on the local VNet peering.
Expand Down Expand Up @@ -1029,8 +1026,8 @@ variable "test_infrastructure" {
create_resource_group = optional(bool, true)
resource_group_name = optional(string)
vnets = map(object({
name = string
create_virtual_network = optional(bool, true)
name = string
address_space = optional(list(string))
dns_servers = optional(list(string))
hub_resource_group_name = optional(string)
Expand Down Expand Up @@ -1063,13 +1060,14 @@ variable "test_infrastructure" {
next_hop_ip_address = optional(string)
}))
})), {})
create_subnets = optional(bool, true)
subnets = optional(map(object({
create = optional(bool, true)
name = string
address_prefixes = optional(list(string), [])
network_security_group_key = optional(string)
route_table_key = optional(string)
enable_storage_service_endpoint = optional(bool, false)
enable_storage_service_endpoint = optional(bool)
enable_cloudngfw_delegation = optional(bool)
})), {})
local_peer_config = optional(object({
allow_virtual_network_access = optional(bool, true)
Expand Down
34 changes: 16 additions & 18 deletions examples/common_vmseries_and_autoscale/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,38 +295,36 @@ Type: string
#### vnets

A map defining VNETs.

For detailed documentation on each property refer to [module documentation](../../modules/vnet/README.md)

- `create_virtual_network` - (`bool`, optional, defaults to `true`) when set to `true` will create a VNET, `false` will source
an existing VNET.
- `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a
full resource name, including prefixes.
- `resource_group_name` - (`string`, optional, defaults to current RG) a name of an existing Resource Group in which the
VNET will reside or is sourced from.
- `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET.
- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by
default Azure DNS is used).
- `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when
set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is
disabled.
- `resource_group_name` - (`string`, optional, defaults to current RG) a name of an existing Resource Group in which the
VNET will reside or is sourced from.
- `create_subnets` - (`bool`, optional, defaults to `true`) if `true`, create Subnets inside the Virtual Network,
otherwise use source existing subnets.
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `network_security_groups` - (`map`, optional) map of Network Security Groups to create, for details see
[VNET module documentation](../../modules/vnet/README.md#network_security_groups).
- `route_tables` - (`map`, optional) map of Route Tables to create, for details see
[VNET module documentation](../../modules/vnet/README.md#route_tables).
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).


Type:

```hcl
map(object({
create_virtual_network = optional(bool, true)
name = string
resource_group_name = optional(string)
create_virtual_network = optional(bool, true)
address_space = optional(list(string))
dns_servers = optional(list(string))
vnet_encryption = optional(string)
Expand Down Expand Up @@ -358,13 +356,14 @@ map(object({
next_hop_ip_address = optional(string)
}))
})), {})
create_subnets = optional(bool, true)
subnets = optional(map(object({
create = optional(bool, true)
name = string
address_prefixes = optional(list(string), [])
network_security_group_key = optional(string)
route_table_key = optional(string)
enable_storage_service_endpoint = optional(bool, false)
enable_storage_service_endpoint = optional(bool)
enable_cloudngfw_delegation = optional(bool)
})), {})
}))
```
Expand Down Expand Up @@ -1112,20 +1111,18 @@ Following properties are supported:
a full resource name, including prefixes.
- `address_space` - (`list(string)`, required when `create_virtual_network = `false`) a list of CIDRs for a newly
created VNET.
- `create_subnets` - (`bool`, optional, defaults to `true`) if `true`, create Subnets inside the Virtual Network,
otherwise use source existing subnets.
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `network_security_groups` - (`map`, optional) map of Network Security Groups to create, for details see
[VNET module documentation](../../modules/vnet/README.md#network_security_groups).
- `route_tables` - (`map`, optional) map of Route Tables to create, for details see
[VNET module documentation](../../modules/vnet/README.md#route_tables).
- `subnets` - (`map`, optional) map of Subnets to create or source, for details see
[VNET module documentation](../../modules/vnet/README.md#subnets).
- `local_peer_config` - (`map`, optional) a map that contains local peer configuration parameters. This value allows to
set `allow_virtual_network_access`, `allow_forwarded_traffic`, `allow_gateway_transit` and
`use_remote_gateways` parameters on the local VNet peering.
- `remote_peer_config` - (`map`, optional) a map that contains remote peer configuration parameters. This value allows to
set `allow_virtual_network_access`, `allow_forwarded_traffic`, `allow_gateway_transit` and
`use_remote_gateways` parameters on the remote VNet peering.
`use_remote_gateways` parameters on the remote VNet peering.

For all properties and their default values see [module's documentation](../../modules/test_infrastructure/README.md#vnets).

Expand Down Expand Up @@ -1197,8 +1194,8 @@ map(object({
create_resource_group = optional(bool, true)
resource_group_name = optional(string)
vnets = map(object({
name = string
create_virtual_network = optional(bool, true)
name = string
address_space = optional(list(string))
dns_servers = optional(list(string))
hub_resource_group_name = optional(string)
Expand Down Expand Up @@ -1231,13 +1228,14 @@ map(object({
next_hop_ip_address = optional(string)
}))
})), {})
create_subnets = optional(bool, true)
subnets = optional(map(object({
create = optional(bool, true)
name = string
address_prefixes = optional(list(string), [])
network_security_group_key = optional(string)
route_table_key = optional(string)
enable_storage_service_endpoint = optional(bool, false)
enable_storage_service_endpoint = optional(bool)
enable_cloudngfw_delegation = optional(bool)
})), {})
local_peer_config = optional(object({
allow_virtual_network_access = optional(bool, true)
Expand Down
Loading
Loading