actually use passed in networking

Author: jsonar-cpapke

examples/azure/poc/dsf_deployment/agent_sources.tf

@@ -16,7 +16,7 @@ module "db_with_agent" {
     ssh_public_key            = tls_private_key.ssh_key.public_key_openssh
     ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
   }
-  allowed_ssh_cidrs = concat([format("%s/32", module.mx[0].private_ip)], module.network[0].vnet_address_space)
+  allowed_ssh_cidrs = concat([format("%s/32", module.mx[0].private_ip)], local.all_subnet_address_spaces)
 
   registration_params = {
     agent_gateway_host = module.agent_gw[0].private_ip

examples/azure/poc/dsf_deployment/dam.tf

@@ -20,9 +20,9 @@ module "mx" {
   }
   mx_password                       = local.password
   allowed_web_console_and_api_cidrs = var.web_console_cidr
-  allowed_agent_gw_cidrs            = module.network[0].vnet_address_space
+  allowed_agent_gw_cidrs            = local.all_subnet_address_spaces
   allowed_ssh_cidrs                 = concat(local.workstation_cidr, var.allowed_ssh_cidrs)
-  allowed_hub_cidrs                 = module.network[0].vnet_address_space
+  allowed_hub_cidrs                 = local.all_subnet_address_spaces
 
   hub_details = var.enable_sonar ? {
     address      = coalesce(module.hub_main[0].public_ip, module.hub_main[0].private_ip)
@@ -53,10 +53,10 @@ module "agent_gw" {
     ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
   }
   mx_password                             = local.password
-  allowed_agent_cidrs                     = module.network[0].vnet_address_space
-  allowed_mx_cidrs                        = module.network[0].vnet_address_space
-  allowed_ssh_cidrs                       = concat(module.network[0].vnet_address_space, var.allowed_ssh_cidrs)
-  allowed_gw_clusters_cidrs               = module.network[0].vnet_address_space
+  allowed_agent_cidrs                     = local.all_subnet_address_spaces
+  allowed_mx_cidrs                        = local.all_subnet_address_spaces
+  allowed_ssh_cidrs                       = concat(local.all_subnet_address_spaces, var.allowed_ssh_cidrs)
+  allowed_gw_clusters_cidrs               = local.all_subnet_address_spaces
   management_server_host_for_registration = module.mx[0].private_ip
   management_server_host_for_api_access   = module.mx[0].public_ip
   large_scale_mode                        = var.large_scale_mode.agent_gw

examples/azure/poc/dsf_deployment/dra.tf

@@ -2,7 +2,7 @@ locals {
   dra_analytics_count = var.enable_dra ? var.dra_analytics_count : 0
 
   dra_admin_public_ip = var.enable_dra ? [format("%s/32", module.dra_admin[0].public_ip)] : []
-  dra_admin_cidr_list = concat(module.network[0].vnet_address_space, local.dra_admin_public_ip)
+  dra_admin_cidr_list = concat(local.all_subnet_address_spaces, local.dra_admin_public_ip)
 
   dra_admin_image_exits     = var.dra_admin_image_details != null ? true : false
   dra_admin_vhd_exits       = var.dra_admin_vhd_details != null ? true : false
@@ -24,7 +24,7 @@ module "dra_admin" {
   admin_ssh_password          = local.password
 
   allowed_web_console_cidrs = var.web_console_cidr
-  allowed_analytics_cidrs   = module.network[0].vnet_address_space
+  allowed_analytics_cidrs   = local.all_subnet_address_spaces
   allowed_hub_cidrs         = local.hub_cidr_list
   allowed_ssh_cidrs         = concat(local.workstation_cidr, var.allowed_ssh_cidrs)
 
@@ -62,7 +62,7 @@ module "dra_analytics" {
   analytics_ssh_password      = local.password
   archiver_password           = local.password
 
-  allowed_admin_cidrs = module.network[0].vnet_address_space
+  allowed_admin_cidrs = local.all_subnet_address_spaces
   allowed_ssh_cidrs   = concat(local.workstation_cidr, local.hub_cidr_list)
   #allowed_ssh_cidrs = concat(var.allowed_ssh_cidrs, local.hub_cidr_list, local.workstation_cidr)
 

examples/azure/poc/dsf_deployment/networking.tf

@@ -1,21 +1,55 @@
 locals {
   create_network = var.subnet_ids == null && var.subnet_id == null
 
-  hub_subnet_id = coalesce(try(var.subnet_ids.hub_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
-  hub_dr_subnet_id = coalesce(try(var.subnet_ids.hub_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])
+  hub_subnet_id = coalesce(try(var.subnet_ids.hub_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[0], null))
+  hub_dr_subnet_id = coalesce(try(var.subnet_ids.hub_dr_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[1], null))
 
-  agentless_gw_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
-  agentless_gw_dr_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])
+  agentless_gw_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[0], null))
+  agentless_gw_dr_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_dr_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[1], null))
 
-  db_subnet_ids = coalescelist(try(var.subnet_ids.db_subnet_ids, []), compact([var.subnet_id]), module.network[0].vnet_subnets)
+  db_subnet_ids = coalescelist(try(var.subnet_ids.db_subnet_ids, []), compact([var.subnet_id]), try(module.network[0].vnet_subnets, []))
 
-  mx_subnet_id = coalesce(try(var.subnet_ids.mx_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
-  agent_gw_subnet_id = coalesce(try(var.subnet_ids.agent_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
+  mx_subnet_id = coalesce(try(var.subnet_ids.mx_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[0], null))
+  agent_gw_subnet_id = coalesce(try(var.subnet_ids.agent_gw_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[0], null))
 
-  dra_admin_subnet_id = coalesce(try(var.subnet_ids.dra_admin_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
-  dra_analytics_subnet_id = coalesce(try(var.subnet_ids.dra_analytics_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])
+  dra_admin_subnet_id = coalesce(try(var.subnet_ids.dra_admin_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[0], null))
+  dra_analytics_subnet_id = coalesce(try(var.subnet_ids.dra_analytics_subnet_id, null), var.subnet_id, try(module.network[0].vnet_subnets[1], null))
+
+  all_subnet_ids = concat([
+    local.hub_subnet_id,
+    local.hub_dr_subnet_id,
+    local.agent_gw_subnet_id,
+    local.agentless_gw_dr_subnet_id,
+    local.mx_subnet_id,
+    local.agent_gw_subnet_id,
+    local.dra_admin_subnet_id,
+    local.dra_analytics_subnet_id,
+  ], local.db_subnet_ids)
 
   subnet_prefixes = cidrsubnets(var.vnet_ip_range, 8, 8)
+
+  ipv4_regex = "([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?"
+
+  _all_subnet_address_spaces = distinct(sort(
+    concat([for subnet in data.azurerm_subnet.all_subnets : subnet.address_prefixes]...)
+  ))
+
+  # we can't currently use ipv6 IPs
+  all_subnet_address_spaces = [
+    for cidr in local._all_subnet_address_spaces: cidr
+    if can(regex(local.ipv4_regex, cidr))
+  ]
+}
+
+data "azurerm_subnet" "all_subnets" {
+  for_each = {
+    for index, id in local.all_subnet_ids :
+    index => id
+  }
+
+  resource_group_name  = split("/", each.value)[4]
+  virtual_network_name = split("/", each.value)[8]
+  name                 = split("/", each.value)[10]
 }
 
 # network

examples/azure/poc/dsf_deployment/outputs.tf

@@ -15,7 +15,7 @@ output "generated_network" {
   value = try({
     vnet          = module.network[0].vnet_id
     subnets       = module.network[0].vnet_subnets
-    address_space = module.network[0].vnet_address_space
+    address_space = local.all_subnet_address_spaces
   }, null)
 }
 

examples/azure/poc/dsf_deployment/sonar.tf

@@ -3,8 +3,8 @@ locals {
 
   hub_public_ip    = var.enable_sonar ? (length(module.hub_main[0].public_ip) > 0 ? format("%s/32", module.hub_main[0].public_ip) : null) : null
   hub_dr_public_ip = var.enable_sonar && var.hub_hadr ? (length(module.hub_dr[0].public_ip) > 0 ? format("%s/32", module.hub_dr[0].public_ip) : null) : null
-  #  WA since the following doesn't work: hub_cidr_list = concat(module.network[0].vnet_address_space, compact([local.hub_public_ip, local.hub_dr_public_ip]))
-  hub_cidr_list = var.enable_sonar ? (var.hub_hadr ? concat(module.network[0].vnet_address_space, [local.hub_public_ip, local.hub_dr_public_ip]) : concat(module.network[0].vnet_address_space, [local.hub_public_ip])) : module.network[0].vnet_address_space
+  #  WA since the following doesn't work: hub_cidr_list = concat(local.all_subnet_address_spaces, compact([local.hub_public_ip, local.hub_dr_public_ip]))
+  hub_cidr_list = var.enable_sonar ? (var.hub_hadr ? concat(local.all_subnet_address_spaces, [local.hub_public_ip, local.hub_dr_public_ip]) : concat(local.all_subnet_address_spaces, [local.hub_public_ip])) : local.all_subnet_address_spaces
 }
 
 module "hub_main" {
@@ -29,8 +29,8 @@ module "hub_main" {
     ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
   }
   allowed_web_console_and_api_cidrs = var.web_console_cidr
-  allowed_hub_cidrs                 = module.network[0].vnet_address_space
-  allowed_agentless_gw_cidrs        = module.network[0].vnet_address_space
+  allowed_hub_cidrs                 = local.all_subnet_address_spaces
+  allowed_agentless_gw_cidrs        = local.all_subnet_address_spaces
   allowed_dra_admin_cidrs           = local.dra_admin_cidr_list
   allowed_all_cidrs                 = local.workstation_cidr
   allowed_ssh_cidrs                 = var.allowed_ssh_cidrs
@@ -79,8 +79,8 @@ module "hub_dr" {
     ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
   }
   allowed_web_console_and_api_cidrs = var.web_console_cidr
-  allowed_hub_cidrs                 = module.network[0].vnet_address_space
-  allowed_agentless_gw_cidrs        = module.network[0].vnet_address_space
+  allowed_hub_cidrs                 = local.all_subnet_address_spaces
+  allowed_agentless_gw_cidrs        = local.all_subnet_address_spaces
   allowed_dra_admin_cidrs           = local.dra_admin_cidr_list
   allowed_all_cidrs                 = local.workstation_cidr
   allowed_ssh_cidrs                 = var.allowed_ssh_cidrs
@@ -127,8 +127,8 @@ module "agentless_gw_main" {
     ssh_public_key            = tls_private_key.ssh_key.public_key_openssh
     ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
   }
-  allowed_agentless_gw_cidrs = module.network[0].vnet_address_space
-  allowed_hub_cidrs          = module.network[0].vnet_address_space
+  allowed_agentless_gw_cidrs = local.all_subnet_address_spaces
+  allowed_hub_cidrs          = local.all_subnet_address_spaces
   allowed_all_cidrs          = local.workstation_cidr
   allowed_ssh_cidrs          = var.allowed_ssh_cidrs
   ingress_communication_via_proxy = {
@@ -164,8 +164,8 @@ module "agentless_gw_dr" {
     ssh_public_key            = tls_private_key.ssh_key.public_key_openssh
     ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
   }
-  allowed_agentless_gw_cidrs = module.network[0].vnet_address_space
-  allowed_hub_cidrs          = module.network[0].vnet_address_space
+  allowed_agentless_gw_cidrs = local.all_subnet_address_spaces
+  allowed_hub_cidrs          = local.all_subnet_address_spaces
   allowed_all_cidrs          = local.workstation_cidr
   allowed_ssh_cidrs          = var.allowed_ssh_cidrs
   ingress_communication_via_proxy = {