diff --git a/README.yaml b/README.yaml index cf9151c..5578e59 100644 --- a/README.yaml +++ b/README.yaml @@ -38,16 +38,10 @@ usage: |- module "vnet_peering" { source = "clouddrove/vnet-peering/azure" version = "1.0.0" - depends_on = [module.resource_group_1, module.resource_group_2] enabled_peering = true resource_group_1_name = module.resource_group_1.resource_group_name resource_group_2_name = module.resource_group_2.resource_group_name - allow_gateway_transit_vnet1 = false - use_remote_gateways_vnet1 = false - allow_gateway_transit_vnet2 = false - use_remote_gateways_vnet2 = false - allow_forwarded_traffic_vnet1 = false - allow_forwarded_traffic_vnet2 = false + different_rg = true vnet_1_name = module.vnet.vnet_name[0] vnet_1_id = module.vnet.vnet_id[0] @@ -56,3 +50,20 @@ usage: |- } ``` + ### vnet-peering in different subscription + ```hcl + module "vnet_peering" { + source = "clouddrove/vnet-peering/azure" + version = "1.0.0" + enabled_diff_subs_peering = true + resource_group_1_name = module.resource_group_1.resource_group_name + diff_subs_resource_group_name = data.azurerm_resource_group.mgmt-rg.name + + alias_subs_id = "82XXXXXXXXXXXXXXXXXXXXa80" + vnet_1_name = module.vnet.vnet_name[0] + vnet_1_id = module.vnet.vnet_id[0] + vnet_diff_subs_name = data.azurerm_virtual_network.mgmt-staging-vnet.name + vnet_diff_subs_id = data.azurerm_virtual_network.mgmt-staging-vnet.id + } + ``` + diff --git a/_example/peering_in_diff_subscription/example.tf b/_example/peering_in_diff_subscription/example.tf new file mode 100644 index 0000000..42cce7d --- /dev/null +++ b/_example/peering_in_diff_subscription/example.tf @@ -0,0 +1,64 @@ +provider "azurerm" { + features {} +} + +module "resource_group_1" { + source = "clouddrove/resource-group/azure" + version = "1.0.1" + + name = "vnet" + environment = "test" + label_order = ["name", "environment"] + location = "North Europe" +} + + +#Vnet +module "vnet" { + source = "clouddrove/vnet/azure" + version = "1.0.0" + + name = "app" + environment = "example" + label_order = ["name", "environment"] + + resource_group_name = module.resource_group_1.resource_group_name + location = module.resource_group_1.resource_group_location + address_space = "10.0.0.0/24" + enable_ddos_pp = false +} + + +provider "azurerm" { + alias = "mgmt" + features {} + subscription_id = "8XXXXXXXXXXXXXXXX53b2a80" +} + +data "azurerm_resource_group" "mgmt-rg" { + provider = azurerm.mgmt + name = "example-rg" +} + +data "azurerm_virtual_network" "mgmt-staging-vnet" { + provider = azurerm.mgmt + name = "example-vnet" + resource_group_name = data.azurerm_resource_group.mgmt-rg.name +} + +module "vnet_peering" { + source = "../.." + + enabled_diff_subs_peering = true + resource_group_1_name = module.resource_group_1.resource_group_name + diff_subs_resource_group_name = data.azurerm_resource_group.mgmt-rg.name + + alias_subs_id = "82XXXXXXXXXXXXXXXXXXXXa80" + vnet_1_name = module.vnet.vnet_name[0] + vnet_1_id = module.vnet.vnet_id[0] + vnet_diff_subs_name = data.azurerm_virtual_network.mgmt-staging-vnet.name + vnet_diff_subs_id = data.azurerm_virtual_network.mgmt-staging-vnet.id + +} + + diff --git a/_example/peering_in_diff_subscription/output.tf b/_example/peering_in_diff_subscription/output.tf new file mode 100644 index 0000000..4e9b7ce --- /dev/null +++ b/_example/peering_in_diff_subscription/output.tf @@ -0,0 +1,19 @@ +output "vnet_peer_1_id" { + value = module.vnet_peering.*.vnet_peer_1_id + description = "The id of the newly created virtual network peering in on first virtual netowork." +} + +output "vnet_peer_1_name" { + value = module.vnet_peering.*.vnet_peer_1_name + description = "The name of the newly created virtual network peering in on first virtual netowork." +} + +output "vnet_peer_diff_subs_id" { + value = module.vnet_peering.*.vnet_peer_diff_subs_id + description = "The id of the newly created virtual network peering in on different subscription virtual network." +} + +output "vnet_peer_diff_subs_name" { + value = module.vnet_peering.*.vnet_peer_diff_subs_name + description = "The name of the newly created virtual network peering in on different subscription virtual network." +} diff --git a/_example/versions.tf b/_example/peering_in_diff_subscription/versions.tf similarity index 100% rename from _example/versions.tf rename to _example/peering_in_diff_subscription/versions.tf diff --git a/_example/example.tf b/_example/peering_in_same_subscription/example.tf similarity index 70% rename from _example/example.tf rename to _example/peering_in_same_subscription/example.tf index 825b997..fc240b3 100644 --- a/_example/example.tf +++ b/_example/peering_in_same_subscription/example.tf @@ -55,23 +55,16 @@ module "vnet_remote" { } module "vnet_peering" { - source = "../" - depends_on = [module.resource_group_1, module.resource_group_2] + source = "../.." enabled_peering = true resource_group_1_name = module.resource_group_1.resource_group_name resource_group_2_name = module.resource_group_2.resource_group_name - allow_gateway_transit_vnet1 = false - use_remote_gateways_vnet1 = false - allow_gateway_transit_vnet2 = false - use_remote_gateways_vnet2 = false - allow_forwarded_traffic_vnet1 = false - allow_forwarded_traffic_vnet2 = false - different_rg = true - vnet_1_name = module.vnet.vnet_name[0] - vnet_1_id = module.vnet.vnet_id[0] - vnet_2_name = module.vnet_remote.vnet_name[0] - vnet_2_id = module.vnet_remote.vnet_id[0] + different_rg = true + vnet_1_name = module.vnet.vnet_name[0] + vnet_1_id = module.vnet.vnet_id[0] + vnet_2_name = module.vnet_remote.vnet_name[0] + vnet_2_id = module.vnet_remote.vnet_id[0] } diff --git a/_example/output.tf b/_example/peering_in_same_subscription/output.tf similarity index 100% rename from _example/output.tf rename to _example/peering_in_same_subscription/output.tf diff --git a/_example/peering_in_same_subscription/versions.tf b/_example/peering_in_same_subscription/versions.tf new file mode 100644 index 0000000..55c5a8f --- /dev/null +++ b/_example/peering_in_same_subscription/versions.tf @@ -0,0 +1,13 @@ +# Terraform version +terraform { + required_version = ">= 1.0.0" +} + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=2.90.0" + } + } +} diff --git a/main.tf b/main.tf index f8696d5..9de7143 100644 --- a/main.tf +++ b/main.tf @@ -1,11 +1,11 @@ # enable global peering between the two virtual network resource "azurerm_virtual_network_peering" "peering" { - count = var.enabled_peering ? 1 : 0 - name = format("%s-peering-%s", var.vnet_1_name, var.vnet_2_name) + count = var.enabled_peering || var.enabled_diff_subs_peering ? 1 : 0 + name = var.enabled_diff_subs_peering == false ? format("%s-peering-%s", var.vnet_1_name, var.vnet_2_name) : format("%s-peering-%s", var.vnet_1_name, var.vnet_diff_subs_name) resource_group_name = var.resource_group_1_name virtual_network_name = var.vnet_1_name - remote_virtual_network_id = var.vnet_2_id + remote_virtual_network_id = var.enabled_diff_subs_peering == false ? var.vnet_2_id : var.vnet_diff_subs_id allow_virtual_network_access = var.allow_virtual_network_access allow_forwarded_traffic = var.allow_forwarded_traffic_vnet1 allow_gateway_transit = var.allow_gateway_transit_vnet1 @@ -25,3 +25,23 @@ resource "azurerm_virtual_network_peering" "peering_back" { allow_gateway_transit = var.allow_gateway_transit_vnet2 use_remote_gateways = var.use_remote_gateways_vnet2 } + +provider "azurerm" { + alias = "peer" + features {} + subscription_id = var.alias_subs_id +} + +# enable global peering between the two virtual network +resource "azurerm_virtual_network_peering" "peering_back_diff_subs" { + provider = azurerm.peer + count = var.enabled_diff_subs_peering ? 1 : 0 + name = format("%s-peering-%s", var.vnet_diff_subs_name, var.vnet_1_name) + resource_group_name = var.diff_subs_resource_group_name + virtual_network_name = var.vnet_diff_subs_name + remote_virtual_network_id = var.vnet_1_id + allow_virtual_network_access = var.allow_virtual_network_access + allow_forwarded_traffic = var.allow_forwarded_traffic_vnet_diff_subs + allow_gateway_transit = var.allow_gateway_transit_vnet_diff_subs + use_remote_gateways = var.use_remote_gateways_vnet_diff_subs +} diff --git a/output.tf b/output.tf index afc1194..eb51f52 100644 --- a/output.tf +++ b/output.tf @@ -17,3 +17,13 @@ output "vnet_peer_2_name" { value = azurerm_virtual_network_peering.peering_back.*.name description = "The name of the newly created virtual network peering in on second virtual netowork." } + +output "vnet_peer_diff_subs_name" { + value = azurerm_virtual_network_peering.peering_back_diff_subs.*.name + description = "The name of the newly created virtual network peering in on different subscription virtual netowork." +} + +output "vnet_peer_diff_subs_id" { + value = azurerm_virtual_network_peering.peering_back_diff_subs.*.id + description = "The id of the newly created virtual network peering in on different subscription virtual netowork." +} diff --git a/variables.tf b/variables.tf index 3036827..7635b55 100644 --- a/variables.tf +++ b/variables.tf @@ -78,6 +78,11 @@ variable "allow_forwarded_traffic_vnet2" { default = false description = "Controls if forwarded traffic from VMs in the remote virtual network is allowed" } +variable "allow_forwarded_traffic_vnet_diff_subs" { + type = bool + default = false + description = "Controls if forwarded traffic from VMs in the remote virtual network is allowed" +} variable "allow_gateway_transit_vnet1" { type = bool @@ -90,6 +95,11 @@ variable "allow_gateway_transit_vnet2" { default = false description = "Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network." } +variable "allow_gateway_transit_vnet_diff_subs" { + type = bool + default = false + description = "Controls gatewayLinks can be used in the different subscription virtual network’s link to the local virtual network." +} variable "use_remote_gateways_vnet1" { type = bool @@ -103,6 +113,12 @@ variable "use_remote_gateways_vnet2" { description = "Controls if remote gateways can be used on the local virtual network" } +variable "use_remote_gateways_vnet_diff_subs" { + type = bool + default = false + description = "Controls if remote gateways can be used on the different subscription virtual network" +} + variable "resource_group_1_name" { type = string default = "" @@ -118,5 +134,31 @@ variable "resource_group_2_name" { variable "different_rg" { type = bool default = false - description = "Flag to tell whether peering is to be done in same in resource group or deifferent resource group " + description = "Flag to tell whether peering is to be done in same in resource group or different resource group " +} + +variable "enabled_diff_subs_peering" { + type = bool + default = false +} +variable "vnet_diff_subs_name" { + type = string + default = "" + description = "The name of the remote virtual network." +} +variable "alias_subs_id" { + type = string + default = "" + description = "Alias for remote provider in module." +} +variable "diff_subs_resource_group_name" { + type = string + default = "" + description = "The name of remote resource group to be imported." +} + +variable "vnet_diff_subs_id" { + type = string + default = "" + description = "The id of the remote virtual network." }