Add support for azurerm_subnet_nat_gateway_association injection

examples/complete/main.tf

@@ -25,6 +25,12 @@ resource "azurerm_network_ddos_protection_plan" "example" {
   resource_group_name = azurerm_resource_group.example.name
 }
 
+resource "azurerm_nat_gateway" "example" {
+  location            = azurerm_resource_group.example.location
+  name                = "example-natgateway"
+  resource_group_name = azurerm_resource_group.example.name
+}
+
 module "vnet" {
   source              = "../../"
   resource_group_name = azurerm_resource_group.example.name
@@ -56,6 +62,9 @@ module "vnet" {
     }
     subnet2 = {
       address_prefixes = ["10.0.2.0/24"]
+      nat_gateway = {
+        id = azurerm_nat_gateway.example.id
+      }
       network_security_group = {
         id = azurerm_network_security_group.nsg1.id
       }

locals.tf

@@ -1,7 +1,13 @@
 locals {
   subnet_names                             = toset(keys(var.subnets))
+  subnet_names_with_nat_gateway            = keys(local.subnet_with_nat_gateway)
   subnet_names_with_network_security_group = keys(local.subnet_with_network_security_group)
   subnet_names_with_route_table            = keys(local.subnets_with_route_table)
+  subnet_with_nat_gateway = {
+    for name, subnet in var.subnets :
+    name => subnet.nat_gateway.id
+    if subnet.nat_gateway != null
+  }
   subnet_with_network_security_group = {
     for name, subnet in var.subnets :
     name => subnet.network_security_group.id

main.tf

@@ -55,7 +55,7 @@ resource "azurerm_subnet" "subnet" {
 }
 
 locals {
-  azurerm_subnets = {
+  azurerm_subnet_name2id = {
     for index, subnet in azurerm_subnet.subnet :
     subnet.name => subnet.id
   }
@@ -65,12 +65,19 @@ resource "azurerm_subnet_network_security_group_association" "vnet" {
   for_each = toset(local.subnet_names_with_network_security_group)
 
   network_security_group_id = var.subnets[each.value].network_security_group.id
-  subnet_id                 = local.azurerm_subnets[each.value]
+  subnet_id                 = local.azurerm_subnet_name2id[each.value]
 }
 
 resource "azurerm_subnet_route_table_association" "vnet" {
   for_each = toset(local.subnet_names_with_route_table)
 
   route_table_id = var.subnets[each.value].route_table.id
-  subnet_id      = local.azurerm_subnets[each.value]
+  subnet_id      = local.azurerm_subnet_name2id[each.value]
+}
+
+resource "azurerm_subnet_nat_gateway_association" "nat_gw" {
+  for_each = toset(local.subnet_names_with_nat_gateway)
+
+  nat_gateway_id = var.subnets[each.value].nat_gateway.id
+  subnet_id      = local.azurerm_subnet_name2id[each.value]
 }

outputs.tf

@@ -20,5 +20,5 @@ output "vnet_name" {
 
 output "vnet_subnets_name_id" {
   description = "Can be queried subnet-id by subnet name by using lookup(module.vnet.vnet_subnets_name_id, subnet1)"
-  value       = local.azurerm_subnets
+  value       = local.azurerm_subnet_name2id
 }

test/unit/unit_test.go

@@ -13,6 +13,7 @@ type subnet struct {
 	name                                          string
 	id                                            string
 	Address_prefixes                              []string    `mapstructure:"address_prefixes"`
+	Nat_gateway                                   *natGw      `mapstructure:"nat_gateway, omitempty"`
 	Network_security_group                        *nsg        `mapstructure:"network_security_group,omitempty"`
 	Private_endpoint_network_policies_enabled     bool        `mapstructure:"private_endpoint_network_policies_enabled"`
 	Private_link_service_network_policies_enabled bool        `mapstructure:"private_link_service_network_policies_enabled"`
@@ -41,6 +42,10 @@ type routeTable struct {
 	Id string `mapstructure:"id"`
 }
 
+type natGw struct {
+	Id string `mapstructure:"id"`
+}
+
 var (
 	baseSubnet = subnet{
 		name:             "baseSubnet",
@@ -59,18 +64,18 @@ var (
 		Address_prefixes:       []string{"10.0.2.0/24"},
 		Network_security_group: &nsg{Id: "nsg_id"},
 	}
+	subnetWithNatGw = subnet{
+		name:             "subnetWithNatGw",
+		id:               "subnetWithNatGw_id",
+		Address_prefixes: []string{"10.0.3.0/24"},
+		Nat_gateway:      &natGw{Id: "nat_gw_id"},
+	}
 )
 
 func TestSubnetWithRouteTableShouldCreateRouteTableAssociation(t *testing.T) {
-	vars := dummyVariables()
-	vars["subnets"] = map[string]interface{}{
-		baseSubnet.name:    baseSubnet.toMap(),
-		subnetWithRt.name:  subnetWithRt.toMap(),
-		subnetWithNsg.name: subnetWithNsg.toMap(),
-	}
 	test_helper.RunE2ETest(t, "../../", "unit-test-fixture", terraform.Options{
 		Upgrade: false,
-		Vars:    vars,
+		Vars:    mockVariables(),
 	}, func(t *testing.T, output test_helper.TerraformOutput) {
 		rt := output["azurerm_subnet_route_table_association"].(map[string]interface{})
 		assert.Equal(t, 1, len(rt))
@@ -85,23 +90,13 @@ func TestSubnetWithRouteTableShouldCreateRouteTableAssociation(t *testing.T) {
 		subnetId, ok := outputs["subnet_id"]
 		assert.True(t, ok)
 		assert.Equal(t, subnetWithRt.id, subnetId)
-		_, ok = rt[baseSubnet.name]
-		assert.False(t, ok)
-		_, ok = rt[subnetWithNsg.name]
-		assert.False(t, ok)
 	})
 }
 
 func TestSubnetWithNsgShouldCreateNsgAssociation(t *testing.T) {
-	vars := dummyVariables()
-	vars["subnets"] = map[string]interface{}{
-		baseSubnet.name:    baseSubnet.toMap(),
-		subnetWithRt.name:  subnetWithRt.toMap(),
-		subnetWithNsg.name: subnetWithNsg.toMap(),
-	}
 	test_helper.RunE2ETest(t, "../../", "unit-test-fixture", terraform.Options{
 		Upgrade: false,
-		Vars:    vars,
+		Vars:    mockVariables(),
 	}, func(t *testing.T, output test_helper.TerraformOutput) {
 		rt := output["azurerm_subnet_network_security_group_association"].(map[string]interface{})
 		assert.Equal(t, 1, len(rt))
@@ -116,23 +111,52 @@ func TestSubnetWithNsgShouldCreateNsgAssociation(t *testing.T) {
 		subnetId, ok := outputs["subnet_id"]
 		assert.True(t, ok)
 		assert.Equal(t, subnetWithNsg.id, subnetId)
-		_, ok = rt[baseSubnet.name]
-		assert.False(t, ok)
-		_, ok = rt[subnetWithRt.name]
-		assert.False(t, ok)
+	})
+}
+
+func TestSubnetWithNatGwShouldCreateNatGwAssociation(t *testing.T) {
+	test_helper.RunE2ETest(t, "../../", "unit-test-fixture", terraform.Options{
+		Upgrade: false,
+		Vars:    mockVariables(),
+	}, func(t *testing.T, output test_helper.TerraformOutput) {
+		rt := output["azurerm_subnet_nat_gateway_association"].(map[string]interface{})
+		assert.Equal(t, 1, len(rt))
+		natGwSubnet, ok := rt[subnetWithNatGw.name]
+		assert.True(t, ok)
+		assert.NotNil(t, natGwSubnet)
+		association := natGwSubnet.(map[string]interface{})
+		outputs := association["outputs"].(map[string]interface{})
+		natGwId, ok := outputs["nat_gateway_id"]
+		assert.True(t, ok)
+		assert.Equal(t, subnetWithNatGw.Nat_gateway.Id, natGwId)
+		subnetId, ok := outputs["subnet_id"]
+		assert.True(t, ok)
+		assert.Equal(t, subnetWithNatGw.id, subnetId)
 	})
 }
 
 func dummyVariables() map[string]interface{} {
 	return map[string]interface{}{
-		"azurerm_subnets": map[string]string{
-			baseSubnet.name:    baseSubnet.id,
-			subnetWithRt.name:  subnetWithRt.id,
-			subnetWithNsg.name: subnetWithNsg.id,
-		},
 		"resource_group_name":           "dummyRg",
 		"virtual_network_address_space": []string{"10.0.0.0/16"},
 		"virtual_network_location":      "eastus",
 		"virtual_network_name":          "dummyVnet",
 	}
 }
+
+func mockVariables() map[string]interface{} {
+	vars := dummyVariables()
+	vars["azurerm_subnets"] = map[string]string{
+		baseSubnet.name:      baseSubnet.id,
+		subnetWithRt.name:    subnetWithRt.id,
+		subnetWithNsg.name:   subnetWithNsg.id,
+		subnetWithNatGw.name: subnetWithNatGw.id,
+	}
+	vars["subnets"] = map[string]interface{}{
+		baseSubnet.name:      baseSubnet.toMap(),
+		subnetWithRt.name:    subnetWithRt.toMap(),
+		subnetWithNsg.name:   subnetWithNsg.toMap(),
+		subnetWithNatGw.name: subnetWithNatGw.toMap(),
+	}
+	return vars
+}

unit-test-fixture/main.tf

@@ -3,15 +3,15 @@ variable "azurerm_subnets" {
 }
 
 locals {
-  azurerm_subnets = var.azurerm_subnets
+  azurerm_subnet_name2id = var.azurerm_subnets
 }
 
 data "null_data_source" "azurerm_subnet_network_security_group_association" {
   for_each = toset(local.subnet_names_with_network_security_group)
 
   inputs = {
     network_security_group_id = var.subnets[each.value].network_security_group.id
-    subnet_id                 = local.azurerm_subnets[each.value]
+    subnet_id                 = local.azurerm_subnet_name2id[each.value]
   }
 }
 
@@ -20,6 +20,15 @@ data "null_data_source" "azurerm_subnet_route_table_association" {
 
   inputs = {
     route_table_id = var.subnets[each.value].route_table.id
-    subnet_id      = local.azurerm_subnets[each.value]
+    subnet_id      = local.azurerm_subnet_name2id[each.value]
+  }
+}
+
+data "null_data_source" "azurerm_subnet_nat_gateway_association" {
+  for_each = toset(local.subnet_names_with_nat_gateway)
+
+  inputs = {
+    nat_gateway_id = var.subnets[each.value].nat_gateway.id
+    subnet_id      = local.azurerm_subnet_name2id[each.value]
   }
 }

unit-test-fixture/output.tf

@@ -4,4 +4,8 @@ output "azurerm_subnet_network_security_group_association" {
 
 output "azurerm_subnet_route_table_association" {
   value = data.null_data_source.azurerm_subnet_route_table_association
+}
+
+output "azurerm_subnet_nat_gateway_association" {
+  value = data.null_data_source.azurerm_subnet_nat_gateway_association
 }

variables.tf

@@ -8,6 +8,9 @@ variable "subnets" {
   type = map(object(
     {
       address_prefixes = list(string) # (Required) The address prefixes to use for the subnet.
+      nat_gateway = optional(object({
+        id = string # (Required) The ID of the NAT Gateway which should be associated with the Subnet. Changing this forces a new resource to be created.
+      }))
       network_security_group = optional(object({
         id = string # (Required) The ID of the Network Security Group which should be associated with the Subnet. Changing this forces a new association to be created.
       }))