-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
121 lines (100 loc) · 4.28 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
resource "random_string" "str" {
length = 6
special = false
upper = false
keepers = {
domain_name_label = var.vnet_name
}
}
resource "azurerm_public_ip" "pip" {
name = lower("${var.vnet_name}-pip")
location = var.vnet_location
resource_group_name = var.resource_group_name
allocation_method = var.public_ip_allocation_method
sku = var.public_ip_sku
domain_name_label = var.domain_name_label != null ? var.domain_name_label : format("gw%s%s", lower(replace(var.vnet_name, "/[[:^alnum:]]/", "")), random_string.str.result)
tags = merge({ "ResourceName" = lower("${var.vnet_name}-${var.vnet_location}-pip") }, var.tags, )
lifecycle {
ignore_changes = [
tags,
ip_tags,
]
}
}
resource "azurerm_virtual_network" "vnet" {
address_space = var.address_space
location = var.vnet_location
name = var.vnet_name
resource_group_name = var.resource_group_name
bgp_community = var.bgp_community
dns_servers = var.dns_servers
tags = var.tags
dynamic "ddos_protection_plan" {
for_each = var.ddos_protection_plan != null ? [var.ddos_protection_plan] : []
content {
enable = ddos_protection_plan.value.enable
id = ddos_protection_plan.value.id
}
}
}
moved {
from = azurerm_subnet.subnet
to = azurerm_subnet.subnet_count
}
resource "azurerm_subnet" "subnet_count" {
count = var.use_for_each ? 0 : length(var.subnet_names)
address_prefixes = [var.subnet_prefixes[count.index]]
name = var.subnet_names[count.index]
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet.name
enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], true)
enforce_private_link_service_network_policies = lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false)
service_endpoints = lookup(var.subnet_service_endpoints, var.subnet_names[count.index], null)
dynamic "delegation" {
for_each = lookup(var.subnet_delegation, var.subnet_names[count.index], {})
content {
name = delegation.key
service_delegation {
name = lookup(delegation.value, "service_name")
actions = lookup(delegation.value, "service_actions", [])
}
}
}
}
resource "azurerm_subnet" "subnet_for_each" {
for_each = var.use_for_each ? toset(var.subnet_names) : []
address_prefixes = [local.subnet_names_prefixes[each.value]]
name = each.value
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet.name
enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, true)
enforce_private_link_service_network_policies = lookup(var.subnet_enforce_private_link_service_network_policies, each.value, false)
service_endpoints = lookup(var.subnet_service_endpoints, each.value, null)
dynamic "delegation" {
for_each = lookup(var.subnet_delegation, each.value, {})
content {
name = delegation.key
service_delegation {
name = lookup(delegation.value, "service_name")
actions = lookup(delegation.value, "service_actions", [])
}
}
}
}
locals {
azurerm_subnets = var.use_for_each ? [for s in azurerm_subnet.subnet_for_each : s] : [for s in azurerm_subnet.subnet_count : s]
azurerm_subnets_name_id_map = {
for index, subnet in local.azurerm_subnets :
subnet.name => subnet.id
}
}
resource "azurerm_subnet_network_security_group_association" "vnet" {
for_each = var.nsg_ids
network_security_group_id = each.value
subnet_id = local.azurerm_subnets_name_id_map[each.key]
}
resource "azurerm_subnet_route_table_association" "vnet" {
for_each = var.route_tables_ids
route_table_id = each.value
subnet_id = local.azurerm_subnets_name_id_map[each.key]
}