Cpapke/update azure poc by jsonar-cpapke · Pull Request #471 · imperva/dsfkit

jsonar-cpapke · 2025-06-19T19:06:06Z

No description provided.

lindanasredin · 2025-06-22T08:25:46Z

+  dra_admin_subnet_id = coalesce(try(var.subnet_ids.dra_admin_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
+  dra_analytics_subnet_id = coalesce(try(var.subnet_ids.dra_analytics_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])
+
  subnet_prefixes = cidrsubnets(var.vnet_ip_range, 8, 8)


I understand that this generates two subnet ranges: "10.0.0.0/24" and "10.0.1.0/24". This is different from the AWS deployment. Here, the first one is public and the second is private, see comment at the bottom of the networking.tf file. The deployment we want - VMs with a public interface should be in the public subnet, all the rest in a private subnet. Meaning, Hub main, Hub DR, MX, DRA Admin and DBs - in the public subnet. Agentless GWs main, Agentless GWs DR, Agent GW, DRA Analytics - in the private subnet.

What I did in this PR keeps everything the same if the subnet_ids aren't passed in. If you want to change how the network module works, that shouldn't be done in this PR, as these are meant to get our tests working, and don't change the default case.

lindanasredin · 2025-06-22T08:26:30Z

+  create_network = var.subnet_ids == null && var.subnet_id == null
+
+  hub_subnet_id = coalesce(try(var.subnet_ids.hub_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
+  hub_dr_subnet_id = coalesce(try(var.subnet_ids.hub_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])


vnet_subnets[0]
See comment on subnet_prefixes.

This is what it was already, if you are looking for changes to the existing behaviour, that should be done separately.

If I understood correctly, there is no existing behavior, the commented out bulk of local variables is a copy & paste from the AWS example, which is incorrect in the Azure case due to different private and public subnet modeling

I don't understand what you mean. Previously, the hub_dr module used module.network[0].vnet_subnets[1], and now it uses hub_dr_subnet_id which has the same default value. Therefore the existing behaviour hasn't changed.

lindanasredin · 2025-06-22T08:27:02Z

+  hub_subnet_id = coalesce(try(var.subnet_ids.hub_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
+  hub_dr_subnet_id = coalesce(try(var.subnet_ids.hub_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])
+
+  agentless_gw_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])


vnet_subnets[1]
See comment on subnet_prefixes.

Same as above

lindanasredin · 2025-06-22T08:27:37Z

+  agentless_gw_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
+  agentless_gw_dr_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])
+
+  db_subnet_ids = coalescelist(try(var.subnet_ids.db_subnet_ids, []), compact([var.subnet_id]), module.network[0].vnet_subnets)


Only vnet_subnets[1]
See comment on subnet_prefixes.

Same as above

lindanasredin · 2025-06-22T08:27:54Z

+  db_subnet_ids = coalescelist(try(var.subnet_ids.db_subnet_ids, []), compact([var.subnet_id]), module.network[0].vnet_subnets)
+
+  mx_subnet_id = coalesce(try(var.subnet_ids.mx_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
+  agent_gw_subnet_id = coalesce(try(var.subnet_ids.agent_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])


vnet_subnets[1]
See comment on subnet_prefixes.

Same as above

lindanasredin · 2025-06-22T08:29:56Z

-# }
-
 locals {
+  create_network = var.subnet_ids == null && var.subnet_id == null


I like this solution of adding subnet_id variable, the subnet_ids is cumbersome when you only want to provide one subnet. We should port it to the AWS dsf_deployment example sometime.

lindanasredin

Talked to Chris and agreed that this is a separate change which is not high in priority at the moment.

jsonar-cpapke added 2 commits June 19, 2025 09:53

add tarball_url

9ad2905

use passed in subnet_ids

962b435

jsonar-cpapke requested review from a team, IanBW and jagdeep-sonar June 19, 2025 19:06

jsonar-cpapke had a problem deploying to test June 19, 2025 19:06 — with GitHub Actions Failure

fix coalescelists

f31d65f

jsonar-cpapke temporarily deployed to test June 19, 2025 19:08 — with GitHub Actions Inactive

jagdeep-sonar approved these changes Jun 19, 2025

View reviewed changes

lindanasredin requested changes Jun 22, 2025

View reviewed changes

update desc

b40d7a3

jsonar-cpapke requested a review from lindanasredin June 23, 2025 14:53

lindanasredin approved these changes Jun 23, 2025

View reviewed changes

jsonar-cpapke merged commit 66f6a9c into dev Jun 23, 2025
1 check passed

jsonar-cpapke deleted the cpapke/update-azure-poc branch June 23, 2025 17:29

Conversation

jsonar-cpapke commented Jun 19, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

lindanasredin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants