Comments (5)
f0cusN0w
commented on June 3, 2024
1
Echo the amazing work already done in the module. This will be a really useful feature to have.
Thanks in advance!
from terraform-azurerm-lz-vending.
matt-FFFFFF
commented on June 3, 2024
1
Started work on this in the linked branch
from terraform-azurerm-lz-vending.
matt-FFFFFF
commented on June 3, 2024
Hi @ChrisTav424 & @f0cusN0w
We will consider this once Terraform 1.3 is finally released. It allows for us to simplify inputs to modules where we have to use complex objects.
We could consider something like this, but until Terraform 1.3 comes along this would be unwieldy as we'd have to specify all possible inputs for each virtual network even if we were not using them, e.g. for virtual wan, peering, etc.
virtual_network_config = [
{
virtual_network_address_space = ["192.168.1.0/24"]
virtual_network_location = "eastus"
virtual_network_name = "myvnet-eastus"
virtual_network_resource_group_name = "my-network-rg-eastus"
# With TF < 1.3 the below are necessary even if we don't need them:
virtual_network_peering_enabled = false
hub_network_resource_id = ""
virtual_network_vwan_connection_enabled = false
vwan_hub_resource_id = ""
virtual_network_vwan_propagated_routetables_resource_ids = []
virtual_network_vwan_propagated_routetables_labels = []
virtual_network_vwan_associated_routetable_resource_id = ""
virtual_network_use_remote_gateways = false
virtual_network_resource_lock_enabled = false
},
{
virtual_network_address_space = ["192.168.2.0/24"]
virtual_network_location = "west"
virtual_network_name = "myvnet-westus"
virtual_network_resource_group_name = "my-network-rg-westus"
# With TF < 1.3 the below are necessary even if we don't need them:
virtual_network_peering_enabled = false
hub_network_resource_id = ""
virtual_network_vwan_connection_enabled = false
vwan_hub_resource_id = ""
virtual_network_vwan_propagated_routetables_resource_ids = []
virtual_network_vwan_propagated_routetables_labels = []
virtual_network_vwan_associated_routetable_resource_id = ""
virtual_network_use_remote_gateways = false
virtual_network_resource_lock_enabled = false
}
]
We have tried to simplify inputs to keep them as bool, string, list(string), etc. However that has scalability limits. For example we could consider:
# virtual network variables
virtual_network_enabled = true
virtual_network_address_space = ["192.168.1.0/24"]
virtual_network_location = "eastus"
virtual_network_name = "myvnet-eastus"
virtual_network_resource_group_name = "my-network-rg-eastus"
# virtual network 2 variables
virtual_network_2_enabled = true
virtual_network_2_address_space = ["192.168.2.0/24"]
virtual_network_2_location = "westus"
virtual_network_2_name = "myvnet-westus"
virtual_network_2_resource_group_name = "my-network-rg-westus"
This works until there is a requirement for a third virtual network, and then it gets complex.
I think on balance we wait until Terraform 1.3 and look to use a simplified version of the first option.
from terraform-azurerm-lz-vending.
matt-FFFFFF
commented on June 3, 2024
As a workaround, you can instantiate the module more than once. On the second instance, specify the subscription ID of the created subscription and then add another vnet.
from terraform-azurerm-lz-vending.
ChrisTav424
commented on June 3, 2024
Thanks @matt-FFFFFF I hadn't considered the implications on vnet peering etc so happy to wait until terraform 1.3.
We've done exactly that as workaround, as we know we want exactly two vnets per subscription (one for uks and one for ukw) we have used Example-5-Use-with-existing-subscriptions and added the following to main.tf and the yaml.
main.tf
module "lz_second_vnet" {
source = "Azure/lz-vending/azurerm"
version = "1.0.1"
for_each = local.landing_zone_data_map
location = each.value.default_location
# subscription variables
subscription_id = module.lz_vending[each.key].subscription_id
# virtual network variables
virtual_network_enabled = true
virtual_network_location = "ukwest"
virtual_network_address_space = each.value.vnet_ukw_address_space
virtual_network_name = each.value.vnet_ukw_name
virtual_network_resource_group_name = each.value.vnet_ukw_rg_name
disable_telemetry = true
}
landing_zone_connectivity.yaml
---
display_name: azure prod connectivity
name: azure-prod-connectivity
workload: Production
default_location: uksouth
management_group_id: hmlr-connectivity
vnet_uks_rg_name: rg-vnet-prod-uksouth-connectivity
vnet_uks_name: vnet-prod-uksouth-connectivity
vnet_uks_address_space:
- "10.0.1.0/24"
vnet_ukw_rg_name: rg-vnet-prod-ukwest-connectivity
vnet_ukw_name: vnet-prod-ukwest-connectivity
vnet_ukw_address_space:
- "10.0.2.0/24"
role_assignments:
- principal_id: <removed>
definition: Owner
relative_scope: ''
- principal_id: <removed>
definition: Reader
relative_scope: ''
from terraform-azurerm-lz-vending.
Related Issues (20)
- feat: Role Assignment with Conditions HOT 5
- bug: telemetry deployment fails HOT 4
- bug: When routing intent is enabled in the module subsequent runs attempt to remove the route table association and propagation HOT 8
- bug: virtual networks can't scale if using virtual_network_resource_ids output HOT 14
- bug: documentation not correct HOT 2
- bug: Lack of compatibility between variable `umi_federated_credentials_advanced` and `federated_credentials_advanced` for `audience` sub-variable HOT 2
- bug: dependency on resource provider registration in virtual network module HOT 7
- bug: no tags deployed with NetworkWatcherRG HOT 6
- bug: subscription_use_azapi not available on version 3.4.2 HOT 2
- bug: VirtualNetwork module not dependent on ResourceProvider module. HOT 9
- bug: subscription_tags in Yaml Data file HOT 4
- bug: Can no longer create UMI Role Assignments in v4.0.0 HOT 1
- bug: Hub/Spoke configuration when using YAML data files
- feat: change subscription_alias_name to optional HOT 6
- bug: hub_peering_direction not initiating peering HOT 2
- bug: creating subscription with invalid character in tag value HOT 1
- bug: Invalid API Version Parameter when assigning RBAC assignment HOT 2
- bug: hub_peering_use_remote_gateways should not try to enable use_remote_gateways for both the spoke and the hub network with a single setting HOT 4
- bug: Resources are created before the subscription is fully in the destination management group HOT 3
- feat: Allow lifecycle exclusions for Tags
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-azurerm-lz-vending.