-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathlocals.subnet.tf
65 lines (65 loc) · 4.34 KB
/
locals.subnet.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
locals {
firewall_internet_route_name = "internet"
firewall_management_subnet_name = "AzureFirewallManagementSubnet"
firewall_management_subnets = {
for k, v in var.hub_virtual_networks : "${k}-${local.firewall_management_subnet_name}" => {
composite_key = "${k}-${local.firewall_management_subnet_name}"
virtual_newtork_key = k
virtual_network_id = local.virtual_network_id[k]
name = local.firewall_management_subnet_name
address_prefixes = [v.firewall.management_subnet_address_prefix]
nat_gateway = null
network_security_group = null
private_endpoint_network_policies = null
private_link_service_network_policies_enabled = null
service_endpoints = null
service_endpoint_policies = null
delegation = null
route_table = null
}
if try(v.firewall.sku_tier, "FirewallNull") == "Basic" && v.firewall != null
}
firewall_route_table_ids = {
# NOTE: For the destroy, you cannot delete the default route before removing the route table from the AzureFirewallSubnet.
# Therefore we are building an implicit dependency on the default route here.
for vnet_name, route in azurerm_route.firewall_default : vnet_name => replace(route.id, "/routes/${local.firewall_internet_route_name}", "")
}
firewall_subnet_name = "AzureFirewallSubnet"
firewall_subnets = {
for k, v in var.hub_virtual_networks : "${k}-${local.firewall_subnet_name}" => {
composite_key = "${k}-${local.firewall_subnet_name}"
virtual_newtork_key = k
virtual_network_id = local.virtual_network_id[k]
name = local.firewall_subnet_name
address_prefixes = [v.firewall.subnet_address_prefix]
nat_gateway = null
network_security_group = null
private_endpoint_network_policies = null
private_link_service_network_policies_enabled = null
service_endpoints = null
service_endpoint_policies = null
delegation = null
route_table = { id = v.firewall.subnet_route_table_id != null ? v.firewall.subnet_route_table_id : local.firewall_route_table_ids[k] }
} if v.firewall != null
}
subnets = merge(local.user_subnets, local.firewall_subnets, local.firewall_management_subnets)
user_subnets = { for subnet in flatten([
for k, v in var.hub_virtual_networks : [
for subnetKey, subnet in v.subnets : [{
composite_key = "${k}-${subnetKey}"
virtual_newtork_key = k
virtual_network_id = local.virtual_network_id[k]
name = subnet.name
address_prefixes = subnet.address_prefixes
nat_gateway = subnet.nat_gateway
network_security_group = subnet.network_security_group
private_endpoint_network_policies = subnet.private_endpoint_network_policies_enabled ? "Enabled" : "Disabled"
private_link_service_network_policies_enabled = subnet.private_link_service_network_policies_enabled
service_endpoints = subnet.service_endpoints
service_endpoint_policies = try(local.service_endpoint_policy_map[k][subnetKey], null)
delegation = subnet.delegations
route_table = try(subnet.route_table.assign_generated_route_table, true) ? (local.create_route_tables_user_subnets[k] ? { id = module.hub_routing_user_subnets[k].resource_id } : null) : (try(subnet.route_table.id, null) == null ? null : { id = subnet.route_table.id })
}]
]]) : subnet.composite_key => subnet
}
}