We've added a CI pipeline for this module to speed up our code review and to enforce a high code quality standard, if you want to contribute by submitting a pull request, please read Pre-Commit & Pr-Check & Test section, or your pull request might be rejected by CI pipeline.
A pull request will be reviewed when it has passed Pre Pull Request Check in the pipeline, and will be merged when it has passed the acceptance tests. Once the ci Pipeline failed, please read the pipeline's output, thanks for your cooperation.
V4.0.0 is a major version upgrade. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident.
Running the terraform plan
first to inspect the plan is strongly advised.
This Terraform module deploys a Virtual Network in Azure with a subnet or a set of subnets passed in as input parameters.
The module does not create nor expose a security group. You could use https://github.com/Azure/terraform-azurerm-vnet to assign network security group to the subnets.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "network" {
source = "Azure/network/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_spaces = ["10.0.0.0/16", "10.2.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
subnet_service_endpoints = {
"subnet1" : ["Microsoft.Sql"],
"subnet2" : ["Microsoft.Sql"],
"subnet3" : ["Microsoft.Sql"]
}
tags = {
environment = "dev"
costcenter = "it"
}
depends_on = [azurerm_resource_group.example]
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "network" {
source = "Azure/network/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_space = "10.0.0.0/16"
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
subnet_enforce_private_link_endpoint_network_policies = {
"subnet1" : true
}
subnet_service_endpoints = {
"subnet1" : ["Microsoft.Sql"],
"subnet2" : ["Microsoft.Sql"],
"subnet3" : ["Microsoft.Sql"]
}
tags = {
environment = "dev"
costcenter = "it"
}
}
We assumed that you have setup service principal's credentials in your environment variables like below:
export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"
On Windows Powershell:
$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"
We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest
To run the pre-commit task, we can run the following command:
$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
On Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
In pre-commit task, we will:
- Run
terraform fmt -recursive
command for your Terraform code. - Run
terrafmt fmt -f
command for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted. - Run
go mod tidy
andgo mod vendor
for test folder to ensure that all the dependencies have been synced. - Run
gofmt
for all go code files. - Run
gofumpt
for all go code files. - Run
terraform-docs
onREADME.md
file, then runmarkdown-table-formatter
to format markdown tables inREADME.md
.
Then we can run the pr-check task to check whether our code meets our pipeline's requirement(We strongly recommend you run the following command before you commit):
$ docker run --rm -v $(pwd):/src -w /src -e CHECKOV_CONFIG=.checkov_config.yaml -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-check
On Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src -e CHECKOV_CONFIG=.checkov_config.yaml -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-check
To run the e2e-test, we can run the following command:
docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
Originally created by Eugene Chuvyrov
Name | Version |
---|---|
terraform | >= 1.2 |
azurerm | >= 3.0, < 4.0 |
Name | Version |
---|---|
azurerm | >= 3.0, < 4.0 |
No modules.
Name | Type |
---|---|
azurerm_subnet.subnet | resource |
azurerm_virtual_network.vnet | resource |
azurerm_resource_group.network | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
address_space | The address space that is used by the virtual network. | string |
"10.0.0.0/16" |
no |
address_spaces | The list of the address spaces that is used by the virtual network. | list(string) |
[] |
no |
dns_servers | The DNS servers to be used with vNet. | list(string) |
[] |
no |
resource_group_name | The name of an existing resource group to be imported. | string |
n/a | yes |
subnet_enforce_private_link_endpoint_network_policies | A map with key (string) subnet name , value (bool) true or false to indicate enable or disable network policies for the private link endpoint on the subnet. Default value is false. |
map(bool) |
{} |
no |
subnet_names | A list of public subnets inside the vNet. | list(string) |
[ |
no |
subnet_prefixes | The address prefix to use for the subnet. | list(string) |
[ |
no |
subnet_service_endpoints | A map with key (string) subnet name , value (list(string)) to indicate enabled service endpoints on the subnet. Default value is []. |
map(list(string)) |
{} |
no |
tags | The tags to associate with your network and subnets. | map(string) |
{ |
no |
vnet_name | Name of the vnet to create. | string |
"acctvnet" |
no |
Name | Description |
---|---|
vnet_address_space | The address space of the newly created vNet |
vnet_id | The id of the newly created vNet |
vnet_location | The location of the newly created vNet |
vnet_name | The name of the newly created vNet |
vnet_subnets | The ids of subnets created inside the newly created vNet |