-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathlocals.routing.tf
108 lines (105 loc) · 5.38 KB
/
locals.routing.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Route Tables
locals {
create_route_tables_firewall = { for key, value in var.hub_virtual_networks : key => value.firewall != null || value.hub_router_ip_address != null }
create_route_tables_user_subnets = { for key, value in var.hub_virtual_networks : key => value.firewall != null || value.hub_router_ip_address != null }
route_tables_firewall = { for key, value in var.hub_virtual_networks : key => value if local.create_route_tables_firewall[key] || length(value.route_table_entries_firewall) > 0 }
route_tables_user_subnets = { for key, value in var.hub_virtual_networks : key => value if local.create_route_tables_user_subnets[key] || length(value.route_table_entries_user_subnets) > 0 }
}
# Final Routes
locals {
final_route_map_firewall = merge(local.mesh_route_map_firewall, local.route_table_entries_firewall)
final_route_map_user_subnets = merge(local.mesh_route_map_internet, local.mesh_route_map_user_subnets, local.route_table_entries_user_subnet)
}
# Firewall Routes
locals {
default_route_internet = {
for key, value in var.hub_virtual_networks : key => {
virtual_network_key = key
key = key
name = local.firewall_internet_route_name
address_prefix = "0.0.0.0/0"
next_hop_type = "Internet"
next_hop_in_ip_address = null
resource_group_name = try(value.resource_group_name, azurerm_resource_group.rg[key].name)
} if local.create_route_tables_firewall[key]
}
firewall_private_ip = {
for vnet_name, fw in module.hub_firewalls : vnet_name => fw.resource.ip_configuration[0].private_ip_address
}
mesh_route_map_firewall = {
for route in flatten([
for k_src, v_src in var.hub_virtual_networks : [
for k_dst, v_dst in var.hub_virtual_networks : [
for index, cidr in v_dst.routing_address_space : {
virtual_network_key = k_src
key = "${k_src}-${k_dst}-${index}"
name = "${k_src}-${k_dst}-${replace(cidr, "/", "-")}"
address_prefix = cidr
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = try(local.firewall_private_ip[k_dst], v_dst.hub_router_ip_address)
resource_group_name = try(v_src.resource_group_name, azurerm_resource_group.rg[k_src].name)
} if k_src != k_dst && v_dst.mesh_peering_enabled && can(v_dst.routing_address_space[0]) && local.create_route_tables_firewall[k_dst]
]
] if v_src.mesh_peering_enabled
]) : route.key => route
}
route_table_entries_firewall = {
for route in flatten([
for k_src, v_src in var.hub_virtual_networks : [
for route_table_entry in v_src.route_table_entries_firewall : {
virtual_network_key = k_src
name = route_table_entry.name
address_prefix = route_table_entry.address_prefix
next_hop_type = route_table_entry.next_hop_type
next_hop_in_ip_address = route_table_entry.next_hop_ip_address
resource_group_name = try(v_src.resource_group_name, azurerm_resource_group.rg[k_src].name)
}
]
]) : route.name => route
}
}
# User Subnet and Spoke Routes
locals {
mesh_route_map_internet = {
for key, value in var.hub_virtual_networks : "${key}-internet" => {
virtual_network_key = key
key = "${key}-internet"
name = "${key}-0.0.0.0-0"
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = try(local.firewall_private_ip[key], value.hub_router_ip_address)
resource_group_name = try(value.resource_group_name, azurerm_resource_group.rg[key].name)
} if local.create_route_tables_user_subnets[key]
}
mesh_route_map_user_subnets = {
for route in flatten([
for k_src, v_src in var.hub_virtual_networks : [
for k_dst, v_dst in var.hub_virtual_networks : [
for index, cidr in v_dst.routing_address_space : {
virtual_network_key = k_src
key = "${k_src}-${k_dst}-${index}"
name = "${k_src}-${k_dst}-${replace(cidr, "/", "-")}"
address_prefix = cidr
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = try(local.firewall_private_ip[k_dst], v_dst.hub_router_ip_address)
resource_group_name = try(v_src.resource_group_name, azurerm_resource_group.rg[k_src].name)
} if v_dst.mesh_peering_enabled && can(v_dst.routing_address_space[0]) && local.create_route_tables_user_subnets[k_dst]
]
] if v_src.mesh_peering_enabled
]) : route.key => route
}
route_table_entries_user_subnet = {
for route in flatten([
for k_src, v_src in var.hub_virtual_networks : [
for route_table_entry in v_src.route_table_entries_user_subnets : {
virtual_network_key = k_src
name = route_table_entry.name
address_prefix = route_table_entry.address_prefix
next_hop_type = route_table_entry.next_hop_type
next_hop_in_ip_address = route_table_entry.next_hop_ip_address
resource_group_name = try(v_src.resource_group_name, azurerm_resource_group.rg[k_src].name)
}
]
]) : route.name => route
}
}