diff --git a/examples/panorama/README.md b/examples/panorama/README.md
index 4e4b6239..12606628 100644
--- a/examples/panorama/README.md
+++ b/examples/panorama/README.md
@@ -58,7 +58,7 @@ $ terraform apply
| [firewall\_mgmt\_prefixes](#input\_firewall\_mgmt\_prefixes) | n/a | `list(string)` | [
"10.0.0.0/24"
]
| no |
| [location](#input\_location) | Region to deploy Panorama into. | `string` | `""` | no |
| [network\_security\_groups](#input\_network\_security\_groups) | Map of Network Security Groups to create. The key of each entry acts as the Network Security Group name.
List of available attributes of each Network Security Group entry:
- `location` : (Optional) Specifies the Azure location where to deploy the resource.
- `rules`: A list of objects representing a Network Security Rule. The key of each entry acts as the name of the rule and
needs to be unique across all rules in the Network Security Group.
List of attributes available to define a Network Security Rule:
- `priority` : Numeric priority of the rule. The value can be between 100 and 4096 and must be unique for each rule in the collection.
The lower the priority number, the higher the priority of the rule.
- `direction` : The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`.
- `access` : Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`.
- `protocol` : Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, or `*` (which matches all).
- `source_port_range` : List of source ports or port ranges.
- `destination_port_range` : Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any.
- `source_address_prefix` : List of source address prefixes. Tags may not be used.
- `destination_address_prefix` : CIDR or destination IP range or `*` to match any IP.
Example:{
"network_security_group_1" = {
location = "Australia Central"
rules = {
"AllOutbound" = {
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
},
"AllowSSH" = {
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
},
"network_security_group_2" = {
rules = {}
}
} | `any` | n/a | yes |
-| [panorama\_name](#input\_panorama\_name) | n/a | `string` | `"panorama"` | no |
+| [panorama\_name](#input\_panorama\_name) | n/a | `any` | n/a | yes |
| [panorama\_private\_ip\_address](#input\_panorama\_private\_ip\_address) | Optional static private IP address of Panorama, for example 192.168.11.22. If empty, Panorama uses dynamic assignment. | `string` | `null` | no |
| [panorama\_size](#input\_panorama\_size) | n/a | `string` | `"Standard_D5_v2"` | no |
| [panorama\_sku](#input\_panorama\_sku) | n/a | `string` | `"byol"` | no |
diff --git a/examples/panorama/example.tfvars b/examples/panorama/example.tfvars
index bfdfbe26..df072a82 100644
--- a/examples/panorama/example.tfvars
+++ b/examples/panorama/example.tfvars
@@ -1,8 +1,9 @@
location = "East US"
tags = { environment = "dev" }
+panorama_name = "example-panorama"
resource_group_name = "example-rg"
-vnet_name = "example-vnet"
storage_account_name = "examplestorage"
+vnet_name = "example-vnet"
enable_zones = true
address_space = ["10.112.0.0/16"]
panorama_version = "10.1.5"
diff --git a/examples/panorama/main.tf b/examples/panorama/main.tf
index a31f79ac..8edd170b 100644
--- a/examples/panorama/main.tf
+++ b/examples/panorama/main.tf
@@ -84,11 +84,11 @@ module "panorama" {
]
logging_disks = {
- disk_name_1 = {
+ logs-1 = {
size : "2048"
lun : "1"
}
- disk_name_2 = {
+ logs-2 = {
size : "2048"
lun : "2"
}
diff --git a/examples/panorama/variables.tf b/examples/panorama/variables.tf
index 479ee9ba..fc3c97c0 100644
--- a/examples/panorama/variables.tf
+++ b/examples/panorama/variables.tf
@@ -18,10 +18,7 @@ variable "storage_account_name" {
type = string
}
-variable "panorama_name" {
- type = string
- default = "panorama"
-}
+variable "panorama_name" {}
variable "panorama_size" {
type = string
diff --git a/examples/transit_vnet_common/variables.tf b/examples/transit_vnet_common/variables.tf
index 04ed13b0..104379fd 100644
--- a/examples/transit_vnet_common/variables.tf
+++ b/examples/transit_vnet_common/variables.tf
@@ -103,6 +103,11 @@ variable "allow_inbound_mgmt_ips" {
EOF
default = []
type = list(string)
+
+ validation {
+ condition = length(var.allow_inbound_mgmt_ips) > 0
+ error_message = "At least one address has to be specified."
+ }
}
variable "allow_inbound_data_ips" {
diff --git a/examples/transit_vnet_dedicated/variables.tf b/examples/transit_vnet_dedicated/variables.tf
index 7b9bc14c..15e23b0d 100644
--- a/examples/transit_vnet_dedicated/variables.tf
+++ b/examples/transit_vnet_dedicated/variables.tf
@@ -114,6 +114,11 @@ variable "allow_inbound_mgmt_ips" {
EOF
default = []
type = list(string)
+
+ validation {
+ condition = length(var.allow_inbound_mgmt_ips) > 0
+ error_message = "At least one address has to be specified."
+ }
}
variable "allow_inbound_data_ips" {
diff --git a/examples/vmseries_scaleset/variables.tf b/examples/vmseries_scaleset/variables.tf
index 076964b1..8d786405 100644
--- a/examples/vmseries_scaleset/variables.tf
+++ b/examples/vmseries_scaleset/variables.tf
@@ -221,6 +221,11 @@ variable "allow_inbound_mgmt_ips" {
EOF
default = []
type = list(string)
+
+ validation {
+ condition = length(var.allow_inbound_mgmt_ips) > 0
+ error_message = "At least one address has to be specified."
+ }
}
variable "allow_inbound_data_ips" {
diff --git a/modules/loadbalancer/main.tf b/modules/loadbalancer/main.tf
index 545c2fd8..c9ed767c 100644
--- a/modules/loadbalancer/main.tf
+++ b/modules/loadbalancer/main.tf
@@ -77,7 +77,7 @@ locals {
input_rules = { for v in local.input_flat_rules : "${v.fipkey}-${v.rulekey}" => v }
# Now, the outputs to be returned by the module. First, calculate the raw IP addresses.
- output_ips = { for _, v in azurerm_lb.lb.frontend_ip_configuration : v.name => coalesce(try(data.azurerm_public_ip.exists[v.name].ip_address, azurerm_public_ip.this[v.name].ip_address, v.private_ip_address)) }
+ output_ips = { for _, v in azurerm_lb.lb.frontend_ip_configuration : v.name => try(data.azurerm_public_ip.exists[v.name].ip_address, azurerm_public_ip.this[v.name].ip_address, v.private_ip_address) }
# A more rich output combines the raw IP addresses with more attributes.
# As the later NSGs demand that troublesome numerical `priority` attribute, we
diff --git a/modules/panorama/README.md b/modules/panorama/README.md
index 2e5eca9f..c3f3e20f 100644
--- a/modules/panorama/README.md
+++ b/modules/panorama/README.md
@@ -71,12 +71,12 @@ No modules.
| [boot\_diagnostic\_storage\_uri](#input\_boot\_diagnostic\_storage\_uri) | Existing diagnostic storage uri | `string` | `null` | no |
| [custom\_image\_id](#input\_custom\_image\_id) | Absolute ID of your own Custom Image to be used for creating Panorama. If set, the `username`, `password`, `panorama_version`, `panorama_publisher`, `panorama_offer`, `panorama_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software. | `string` | `null` | no |
| [enable\_plan](#input\_enable\_plan) | Enable usage of the Offer/Plan on Azure Marketplace. Even plan sku "byol", which means "bring your own license", still requires accepting on the Marketplace (as of 2021). Can be set to `false` when using a custom image. | `bool` | `true` | no |
-| [enable\_zones](#input\_enable\_zones) | If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones. | `bool` | `true` | no |
-| [interface](#input\_interface) | A array of map describing the intefaces configuration. Keys of the map are the names and values are { subnet\_id, private\_ip\_address, public\_ip, enable\_ip\_forwarding }. Example:[
{
name = "mgmt"
subnet_id = ""
private_ip_address = ""
public_ip = true
public_ip_name = ""
enable_ip_forwarding = false
}
]
| `any` | n/a | yes |
+| [enable\_zones](#input\_enable\_zones) | If false, the input `avzone` is ignored and all created public IPs default not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones. | `bool` | `true` | no |
+| [interface](#input\_interface) | A array of map describing the intefaces configuration. Keys of the map are the names and values are { subnet\_id, private\_ip\_address, public\_ip, enable\_ip\_forwarding }. Example:[
{
name = "mgmt"
subnet_id = ""
private_ip_address = ""
public_ip = true
public_ip_name = ""
enable_ip_forwarding = false
}
]
| `list(any)` | n/a | yes |
| [location](#input\_location) | Region to deploy Panorama into. | `string` | n/a | yes |
-| [logging\_disks](#input\_logging\_disks) | A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zones, lun }.
The size value is provided in GB. The recommended size for additional(optional) disks should be at least 2TB (2048 GB). Example:{
disk_name_1 = {
size: "2048"
zone: "1"
lun: "1"
}
disk_name_2 = {
size: "2048"
zone: "2"
lun: "2"
}
} | `map(any)` | `{}` | no |
+| [logging\_disks](#input\_logging\_disks) | A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zone, lun }.
The size value is provided in GB. The recommended size for additional (optional) disks is at least 2TB (2048 GB). Example:{
logs-1 = {
size: "2048"
zone: "1"
lun: "1"
}
logs-2 = {
size: "2048"
zone: "2"
lun: "2"
}
} | `map(any)` | `{}` | no |
| [os\_disk\_name](#input\_os\_disk\_name) | The name of OS disk. The name is auto-generated when not provided. | `string` | `null` | no |
-| [panorama\_name](#input\_panorama\_name) | The Panorama common name. | `string` | `"panorama"` | no |
+| [panorama\_name](#input\_panorama\_name) | The Panorama common name. | `string` | n/a | yes |
| [panorama\_offer](#input\_panorama\_offer) | Panorama offer. | `string` | `"panorama"` | no |
| [panorama\_publisher](#input\_panorama\_publisher) | Panorama Publisher. | `string` | `"paloaltonetworks"` | no |
| [panorama\_size](#input\_panorama\_size) | Virtual Machine size. | `string` | `"Standard_D5_v2"` | no |
diff --git a/modules/panorama/variables.tf b/modules/panorama/variables.tf
index 32292c2a..35075ba1 100644
--- a/modules/panorama/variables.tf
+++ b/modules/panorama/variables.tf
@@ -1,11 +1,13 @@
+# Location
variable "location" {
description = "Region to deploy Panorama into."
type = string
}
-variable "resource_group_name" {
- description = "The name of the existing resource group where to place all the resources created by this module."
- type = string
+variable "enable_zones" {
+ description = "If false, the input `avzone` is ignored and all created public IPs default not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones."
+ default = true
+ type = bool
}
variable "avzone" {
@@ -23,6 +25,23 @@ variable "avzones" {
type = list(string)
}
+# Naming
+variable "panorama_name" {
+ description = "The Panorama common name."
+ type = string
+}
+
+variable "os_disk_name" {
+ description = "The name of OS disk. The name is auto-generated when not provided."
+ default = null
+ type = string
+}
+variable "resource_group_name" {
+ description = "The name of the existing resource group where to place all the resources created by this module."
+ type = string
+}
+
+# Instance settings
variable "panorama_size" {
description = "Virtual Machine size."
default = "Standard_D5_v2"
@@ -69,9 +88,17 @@ variable "panorama_offer" {
type = string
}
+variable "custom_image_id" {
+ description = "Absolute ID of your own Custom Image to be used for creating Panorama. If set, the `username`, `password`, `panorama_version`, `panorama_publisher`, `panorama_offer`, `panorama_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software."
+ default = null
+ type = string
+}
+
+# Networking
variable "interface" {
description = <<-EOF
A array of map describing the intefaces configuration. Keys of the map are the names and values are { subnet_id, private_ip_address, public_ip, enable_ip_forwarding }. Example:
+
```
[
{
@@ -84,37 +111,37 @@ variable "interface" {
}
]
```
+
EOF
+ type = list(any)
}
+# Storage
variable "logging_disks" {
- type = map(any)
- default = {}
description = <<-EOF
- A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zones, lun }.
- The size value is provided in GB. The recommended size for additional(optional) disks should be at least 2TB (2048 GB). Example:
+ A map of objects describing the additional disk configuration. The keys of the map are the names and values are { size, zone, lun }.
+ The size value is provided in GB. The recommended size for additional (optional) disks is at least 2TB (2048 GB). Example:
+
```
{
- disk_name_1 = {
+ logs-1 = {
size: "2048"
zone: "1"
lun: "1"
}
- disk_name_2 = {
+ logs-2 = {
size: "2048"
zone: "2"
lun: "2"
}
}
```
+
EOF
+ default = {}
+ type = map(any)
}
-variable "custom_image_id" {
- description = "Absolute ID of your own Custom Image to be used for creating Panorama. If set, the `username`, `password`, `panorama_version`, `panorama_publisher`, `panorama_offer`, `panorama_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software."
- default = null
- type = string
-}
variable "boot_diagnostic_storage_uri" {
description = "Existing diagnostic storage uri"
@@ -122,28 +149,6 @@ variable "boot_diagnostic_storage_uri" {
type = string
}
-variable "enable_zones" {
- description = "If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones."
- default = true
- type = bool
-}
-
-# --- #
-# Naming #
-# --- #
-
-variable "panorama_name" {
- description = "The Panorama common name."
- default = "panorama"
- type = string
-}
-
-variable "os_disk_name" {
- description = "The name of OS disk. The name is auto-generated when not provided."
- default = null
- type = string
-}
-
variable "tags" {
description = "A map of tags to be associated with the resources created."
default = {}
diff --git a/modules/virtual_machine/.README.md b/modules/virtual_machine/.README.md
index 1f4bd564..731c26de 100644
--- a/modules/virtual_machine/.README.md
+++ b/modules/virtual_machine/.README.md
@@ -1,6 +1,6 @@
-# Azure Virtual Machine Module for Azure
+# Azure Virtual Machine Module
-A Terraform module for deploying a virtual machine in Azure cloud. This module intended to be an internal module that can be leveraged during proof of concepts and demos.
+A Terraform module for deploying a virtual machine in Azure cloud. This module is intended to be an internal one that can be leveraged during proof of concepts and demos.
You can easily control the linux flavour by passing `UbuntuServer`, `RHEL`, `openSUSE-Leap`, `CentOS`, `Debian`, `CoreOS` and `SLES` as the value to the `vm_os_simple` variable.
diff --git a/modules/virtual_machine/variables.tf b/modules/virtual_machine/variables.tf
index 82ccc915..bae44a9b 100644
--- a/modules/virtual_machine/variables.tf
+++ b/modules/virtual_machine/variables.tf
@@ -9,8 +9,7 @@ variable "resource_group_name" {
}
variable "name" {
- description = "Hostname of the virtual machine."
- default = "fw00"
+ description = "Virtual machine instance name."
type = string
}
@@ -29,24 +28,29 @@ variable "avset_id" {
variable "interfaces" {
description = <<-EOF
List of the network interface specifications.
- The first should be the Management network interface, which does not participate in data filtering.
- The remaining ones are the dataplane interfaces.
-
- - `subnet_id`: Identifier of the existing subnet to use.
- - `lb_backend_pool_id`: Identifier of the existing backend pool of the load balancer to associate.
- - `enable_backend_pool`: If false, ignore `lb_backend_pool_id`. Default is false.
- - `public_ip_address_id`: Identifier of the existing public IP to associate.
- - `create_public_ip`: If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
+ Options for an interface object:
+ - `name` - (required|string) Interface name.
+ - `subnet_id` - (required|string) Identifier of an existing subnet to create interface in.
+ - `private_ip_address` - (optional|string) Static private IP to asssign to the interface. If null, dynamic one is allocated.
+ - `public_ip_address_id` - (optional|string) Identifier of an existing public IP to associate.
+ - `create_public_ip` - (optional|bool) If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
+ - `availability_zone` - (optional|string) Availability zone to create public IP in. If not specified, set based on `avzone` and `enable_zones`.
+ - `enable_ip_forwarding` - (optional|bool) If true, the network interface will not discard packets sent to an IP address other than the one assigned. If false, the network interface only accepts traffic destined to its IP address.
+ - `enable_backend_pool` - (optional|bool) If true, associate interface with backend pool specified with `lb_backend_pool_id`. Default is false.
+ - `lb_backend_pool_id` - (optional|string) Identifier of an existing backend pool to associate interface with. Required if `enable_backend_pool` is true.
+ - `tags` - (optional|map) Tags to assign to the interface and public IP (if created). Overrides contents of `tags` variable.
Example:
```
[
{
+ name = "mgmt"
subnet_id = azurerm_subnet.my_mgmt_subnet.id
public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id
},
{
+ name = "public"
subnet_id = azurerm_subnet.my_pub_subnet.id
lb_backend_pool_id = module.inbound_lb.backend_pool_id
enable_backend_pool = true
@@ -129,7 +133,7 @@ variable "img_version" {
variable "vm_os_simple" {
description = "Allows user to specify a simple name for the OS required and auto populate the publisher, offer, sku parameters"
- default = null
+ default = "UbuntuServer"
type = string
}
diff --git a/modules/vmseries/README.md b/modules/vmseries/README.md
index c662699a..ec294722 100644
--- a/modules/vmseries/README.md
+++ b/modules/vmseries/README.md
@@ -94,11 +94,11 @@ No modules.
| [img\_publisher](#input\_img\_publisher) | The Azure Publisher identifier for a image which should be deployed. | `string` | `"paloaltonetworks"` | no |
| [img\_sku](#input\_img\_sku) | VM-series SKU - list available with `az vm image list -o table --all --publisher paloaltonetworks` | `string` | `"bundle2"` | no |
| [img\_version](#input\_img\_version) | VM-series PAN-OS version - list available for a default `img_offer` with `az vm image list -o table --publisher paloaltonetworks --offer vmseries-flex --all` | `string` | `"10.1.0"` | no |
-| [interfaces](#input\_interfaces) | List of the network interface specifications.
The first should be the Management network interface, which does not participate in data filtering.
The remaining ones are the dataplane interfaces.
- `subnet_id`: Identifier of the existing subnet to use.
- `lb_backend_pool_id`: Identifier of the existing backend pool of the load balancer to associate.
- `enable_backend_pool`: If false, ignore `lb_backend_pool_id`. Default is false.
- `public_ip_address_id`: Identifier of the existing public IP to associate.
- `create_public_ip`: If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
- `enable_ip_forwarding`: If true, the network interface will not discard packets sent to an IP address other than the one assigned. False disables this and the network interface only accepts traffic destined to its IP address.
Example:[
{
subnet_id = azurerm_subnet.my_mgmt_subnet.id
public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id
},
{
subnet_id = azurerm_subnet.my_pub_subnet.id
lb_backend_pool_id = module.inbound_lb.backend_pool_id
enable_backend_pool = true
},
]
| `any` | n/a | yes |
+| [interfaces](#input\_interfaces) | List of the network interface specifications.
The first should be the management interface, which does not participate in data filtering.
The remaining ones are the dataplane interfaces.
Options for an interface object:
- `name` - (required\|string) Interface name.
- `subnet_id` - (required\|string) Identifier of an existing subnet to create interface in.
- `private_ip_address` - (optional\|string) Static private IP to asssign to the interface. If null, dynamic one is allocated.
- `public_ip_address_id` - (optional\|string) Identifier of an existing public IP to associate.
- `create_public_ip` - (optional\|bool) If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
- `availability_zone` - (optional\|string) Availability zone to create public IP in. If not specified, set based on `avzone` and `enable_zones`.
- `enable_ip_forwarding` - (optional\|bool) If true, the network interface will not discard packets sent to an IP address other than the one assigned. If false, the network interface only accepts traffic destined to its IP address.
- `enable_backend_pool` - (optional\|bool) If true, associate interface with backend pool specified with `lb_backend_pool_id`. Default is false.
- `lb_backend_pool_id` - (optional\|string) Identifier of an existing backend pool to associate interface with. Required if `enable_backend_pool` is true.
- `tags` - (optional\|map) Tags to assign to the interface and public IP (if created). Overrides contents of `tags` variable.
Example:[
{
name = "fw-mgmt"
subnet_id = azurerm_subnet.my_mgmt_subnet.id
public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id
},
{
name = "fw-public"
subnet_id = azurerm_subnet.my_pub_subnet.id
lb_backend_pool_id = module.inbound_lb.backend_pool_id
enable_backend_pool = true
},
]
| `list(any)` | n/a | yes |
| [location](#input\_location) | Region where to deploy VM-Series and dependencies. | `string` | n/a | yes |
| [managed\_disk\_type](#input\_managed\_disk\_type) | Type of OS Managed Disk to create for the virtual machine. Possible values are `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS`. The `Premium_LRS` works only for selected `vm_size` values, details in Azure docs. | `string` | `"StandardSSD_LRS"` | no |
| [metrics\_retention\_in\_days](#input\_metrics\_retention\_in\_days) | Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether. | `number` | `null` | no |
-| [name](#input\_name) | Hostname of the VM-Series virtual machine. | `string` | `"fw00"` | no |
+| [name](#input\_name) | VM-Series instance name. | `string` | n/a | yes |
| [name\_application\_insights](#input\_name\_application\_insights) | Name of the Applications Insights instance to be created. Can be `null`, in which case a default name is auto-generated. | `string` | `null` | no |
| [os\_disk\_name](#input\_os\_disk\_name) | Optional name of the OS disk to create for the virtual machine. If empty, the name is auto-generated. | `string` | `null` | no |
| [password](#input\_password) | Initial administrative password to use for VM-Series. Mind the [Azure-imposed restrictions](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/faq#what-are-the-password-requirements-when-creating-a-vm). | `string` | n/a | yes |
diff --git a/modules/vmseries/variables.tf b/modules/vmseries/variables.tf
index 9af43eb0..91f83c90 100644
--- a/modules/vmseries/variables.tf
+++ b/modules/vmseries/variables.tf
@@ -9,11 +9,16 @@ variable "resource_group_name" {
}
variable "name" {
- description = "Hostname of the VM-Series virtual machine."
- default = "fw00"
+ description = "VM-Series instance name."
type = string
}
+variable "enable_zones" {
+ description = "If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones."
+ default = true
+ type = bool
+}
+
variable "avzone" {
description = "The availability zone to use, for example \"1\", \"2\", \"3\". Ignored if `enable_zones` is false. Conflicts with `avset_id`, in which case use `avzone = null`."
default = "1"
@@ -29,25 +34,31 @@ variable "avset_id" {
variable "interfaces" {
description = <<-EOF
List of the network interface specifications.
- The first should be the Management network interface, which does not participate in data filtering.
+ The first should be the management interface, which does not participate in data filtering.
The remaining ones are the dataplane interfaces.
-
- - `subnet_id`: Identifier of the existing subnet to use.
- - `lb_backend_pool_id`: Identifier of the existing backend pool of the load balancer to associate.
- - `enable_backend_pool`: If false, ignore `lb_backend_pool_id`. Default is false.
- - `public_ip_address_id`: Identifier of the existing public IP to associate.
- - `create_public_ip`: If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
- - `enable_ip_forwarding`: If true, the network interface will not discard packets sent to an IP address other than the one assigned. False disables this and the network interface only accepts traffic destined to its IP address.
+ Options for an interface object:
+ - `name` - (required|string) Interface name.
+ - `subnet_id` - (required|string) Identifier of an existing subnet to create interface in.
+ - `private_ip_address` - (optional|string) Static private IP to asssign to the interface. If null, dynamic one is allocated.
+ - `public_ip_address_id` - (optional|string) Identifier of an existing public IP to associate.
+ - `create_public_ip` - (optional|bool) If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
+ - `availability_zone` - (optional|string) Availability zone to create public IP in. If not specified, set based on `avzone` and `enable_zones`.
+ - `enable_ip_forwarding` - (optional|bool) If true, the network interface will not discard packets sent to an IP address other than the one assigned. If false, the network interface only accepts traffic destined to its IP address.
+ - `enable_backend_pool` - (optional|bool) If true, associate interface with backend pool specified with `lb_backend_pool_id`. Default is false.
+ - `lb_backend_pool_id` - (optional|string) Identifier of an existing backend pool to associate interface with. Required if `enable_backend_pool` is true.
+ - `tags` - (optional|map) Tags to assign to the interface and public IP (if created). Overrides contents of `tags` variable.
Example:
```
[
{
+ name = "fw-mgmt"
subnet_id = azurerm_subnet.my_mgmt_subnet.id
public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id
},
{
+ name = "fw-public"
subnet_id = azurerm_subnet.my_pub_subnet.id
lb_backend_pool_id = module.inbound_lb.backend_pool_id
enable_backend_pool = true
@@ -56,6 +67,7 @@ variable "interfaces" {
```
EOF
+ type = list(any)
}
variable "username" {
@@ -156,12 +168,6 @@ variable "accelerated_networking" {
type = bool
}
-variable "enable_zones" {
- description = "If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones."
- default = true
- type = bool
-}
-
variable "bootstrap_options" {
description = "Bootstrap options to pass to VM-Series instance."
default = ""