From 76cc26f256757ed59f9d3c67e970411a7e181706 Mon Sep 17 00:00:00 2001
From: Migara Ekanayake <2110772+migara@users.noreply.github.com>
Date: Tue, 1 Nov 2022 12:21:38 +0000
Subject: [PATCH] feat(modules/vnet): Creation of route tables is optional when
using the `vnet` module (#201)
---
modules/vnet/README.md | 2 +-
modules/vnet/variables.tf | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/vnet/README.md b/modules/vnet/README.md
index 204ab459..0f4404c8 100644
--- a/modules/vnet/README.md
+++ b/modules/vnet/README.md
@@ -68,7 +68,7 @@ No modules.
| [location](#input\_location) | Location of the resources that will be deployed. | `string` | n/a | yes |
| [network\_security\_groups](#input\_network\_security\_groups) | Map of Network Security Groups to create. The key of each entry acts as the Network Security Group name.
List of available attributes of each Network Security Group entry:
- `location` : (Optional) Specifies the Azure location where to deploy the resource.
- `rules`: (Optional) A list of objects representing a Network Security Rule. The key of each entry acts as the name of the rule and
needs to be unique across all rules in the Network Security Group.
List of attributes available to define a Network Security Rule:
- `priority` : Numeric priority of the rule. The value can be between 100 and 4096 and must be unique for each rule in the collection.
The lower the priority number, the higher the priority of the rule.
- `direction` : The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`.
- `access` : Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`.
- `protocol` : Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, or `*` (which matches all).
- `source_port_range` : List of source ports or port ranges.
- `destination_port_range` : Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any.
- `source_address_prefix` : List of source address prefixes. Tags may not be used.
- `destination_address_prefix` : CIDR or destination IP range or `*` to match any IP.
Example:
{| `any` | n/a | yes | | [resource\_group\_name](#input\_resource\_group\_name) | Name of the Resource Group to use. | `string` | n/a | yes | -| [route\_tables](#input\_route\_tables) | Map of objects describing a Route Table. The key of each entry acts as the Route Table name.
"network_security_group_1" = {
location = "Australia Central"
rules = {
"AllOutbound" = {
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
},
"AllowSSH" = {
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
},
"network_security_group_2" = {
rules = {}
}
}
{| `any` | n/a | yes | +| [route\_tables](#input\_route\_tables) | Map of objects describing a Route Table. The key of each entry acts as the Route Table name.
"route_table_1" = {
routes = {
"route_1" = {
address_prefix = "10.1.0.0/16"
next_hop_type = "vnetlocal"
},
"route_2" = {
address_prefix = "10.2.0.0/16"
next_hop_type = "vnetlocal"
},
}
},
"route_table_2" = {
routes = {
"route_3" = {
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = "10.112.0.100"
}
},
},
}
{| `map` | `{}` | no | | [subnets](#input\_subnets) | Map of subnet objects to create within a virtual network. The key of each entry acts as the subnet name.
"route_table_1" = {
routes = {
"route_1" = {
address_prefix = "10.1.0.0/16"
next_hop_type = "vnetlocal"
},
"route_2" = {
address_prefix = "10.2.0.0/16"
next_hop_type = "vnetlocal"
},
}
},
"route_table_2" = {
routes = {
"route_3" = {
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = "10.112.0.100"
}
},
},
}
{| `any` | n/a | yes | | [tags](#input\_tags) | Map of tags to assign to all of the created resources. | `map(any)` | `{}` | no | | [virtual\_network\_name](#input\_virtual\_network\_name) | The name of the Azure Virtual Network. | `string` | n/a | yes | diff --git a/modules/vnet/variables.tf b/modules/vnet/variables.tf index ab423b0b..e2e43a6d 100644 --- a/modules/vnet/variables.tf +++ b/modules/vnet/variables.tf @@ -124,6 +124,7 @@ variable "route_tables" { } ``` EOF + default = {} } variable "subnets" {
"management" = {
address_prefixes = ["10.100.0.0/24"]
network_security_group = "network_security_group_1"
route_table = "route_table_1"
},
"private" = {
address_prefixes = ["10.100.1.0/24"]
network_security_group = "network_security_group_2"
route_table = "route_table_2"
},
"public" = {
address_prefixes = ["10.100.2.0/24"]
network_security_group = "network_security_group_3"
route_table = "route_table_3"
},
}