This repository has been archived by the owner on Feb 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a88b9e8
commit 26f6ef8
Showing
6 changed files
with
149 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| validate: | ||
| @../../makefile.sh validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # Palo Alto Networks VNet Peering Module for Azure | ||
|
|
||
| A terraform module for deploying a Virtual Network Peering and its components required for the VM-Series firewalls in Azure. | ||
|
|
||
| ## Usage | ||
|
|
||
| For usage refer to any example module. | ||
|
|
||
| ## Reference | ||
| <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
| ### Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2, < 2.0 | | ||
| | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.25 | | ||
|
|
||
| ### Providers | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 3.25 | | ||
|
|
||
| ### Modules | ||
|
|
||
| No modules. | ||
|
|
||
| ### Resources | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [azurerm_virtual_network_peering.local](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource | | ||
| | [azurerm_virtual_network_peering.remote](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource | | ||
| | [azurerm_virtual_network.local_peer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | ||
| | [azurerm_virtual_network.remote_peer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | ||
|
|
||
| ### Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix name appended to the peering names. | `string` | `""` | no | | ||
| | <a name="input_local_peer_config"></a> [local\_peer\_config](#input\_local\_peer\_config) | A map that contains the local peer configuration.<br>Mandatory Values: <br>- `vnet_name` - (`string`, required) the local peer VNET name.<br>- `resource_group_name - (`string`, required) : the resource group name of the local peer<br>- `allow\_virtual\_network\_access - (`bool`, optional, defaults to `true`) : allows communication between the two peering VNETs<br>- `allow_forwarded_traffic` - (`bool`, optional, defaults to `true`) : allows traffic forwarded from the remote VNET but not originated from within it<br>- `allow_gateway_transit` - (`bool`, optional, defaults to `false`) : controls the learning of routes from local VNET (gateway or route server) into the remote VNET. Must be true if `use_remote_gateways` is `true` for remote peer<br>- `use_remote_gateways` - (`bool`, optional, defaults to `false`) : controls the learning of routes from the remote VNET (gateway or route server) into the local VNET<br>- `name` - (`string`, optional, defaults to `<var.name_prefix><var.local_peer_config.vnet_name>-to-<var.remote_peer_config.vnet_name>`) : the name of the local VNET peering | `map(any)` | n/a | yes | | ||
| | <a name="input_remote_peer_config"></a> [remote\_peer\_config](#input\_remote\_peer\_config) | A map that contains the remote peer configuration.<br>Mandatory Values :<br>- `vnet_name` - (`string`, required) : the remote peer VNET name.<br>- `resource_group_name - (`string`, required) : the resource group name of the remote peer<br>- `allow\_virtual\_network\_access - (`bool`, optional, defaults to `true`) : allows communication between the two peering VNETs<br>- `allow_forwarded_traffic` - (`bool`, optional, defaults to `true`) : allows traffic forwarded from the local VNET but not originated from within it<br>- `allow_gateway_transit` - (`bool`, optional, defaults to `false`) : controls the learning of routes from remote VNET (gateway or route server) into the local VNET. Must be true if `use_remote_gateways` is `true` for local peer<br>- `use_remote_gateways` - (`bool`, optional, defaults to `false`) : controls the learning of routes from the local VNET (gateway or route server) into the remote VNET<br>- `name` - (`string`, optional, defaults to `<var.name_prefix><var.remote_peer_config.vnet_name>-to-<var.local_peer_config.vnet_name>`) : the name of the local VNET peering | `map(any)` | n/a | yes | | ||
|
|
||
| ### Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_local_peering_name"></a> [local\_peering\_name](#output\_local\_peering\_name) | The name of the local VNET peering. | | ||
| | <a name="output_remote_peering_name"></a> [remote\_peering\_name](#output\_remote\_peering\_name) | The name of the remote VNET peering. | | ||
| | <a name="output_local_peering_id"></a> [local\_peering\_id](#output\_local\_peering\_id) | The ID of the local VNET peering. | | ||
| | <a name="output_remote_peering_id"></a> [remote\_peering\_id](#output\_remote\_peering\_id) | The ID of the remote VNET peering. | | ||
| <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| data "azurerm_virtual_network" "local_peer" { | ||
| name = var.local_peer_config.vnet_name | ||
| resource_group_name = var.local_peer_config.resource_group_name | ||
| } | ||
|
|
||
| data "azurerm_virtual_network" "remote_peer" { | ||
| name = var.remote_peer_config.vnet_name | ||
| resource_group_name = var.remote_peer_config.resource_group_name | ||
| } | ||
|
|
||
| resource "azurerm_virtual_network_peering" "local" { | ||
| name = try(var.local_peer_config.name, "${var.local_peer_config.vnet_name}-to-${var.remote_peer_config.vnet_name}") | ||
| resource_group_name = var.local_peer_config.resource_group_name | ||
| virtual_network_name = var.local_peer_config.vnet_name | ||
| remote_virtual_network_id = data.azurerm_virtual_network.remote_peer.id | ||
| allow_virtual_network_access = try(var.local_peer_config.allow_virtual_network_access, true) | ||
| allow_forwarded_traffic = try(var.local_peer_config.allow_forwarded_traffic, true) | ||
| allow_gateway_transit = try(var.local_peer_config.allow_gateway_transit, false) | ||
| use_remote_gateways = try(var.local_peer_config.use_remote_gateways, false) | ||
| } | ||
|
|
||
| resource "azurerm_virtual_network_peering" "remote" { | ||
| name = try(var.remote_peer_config.name, "${var.remote_peer_config.vnet_name}-to-${var.local_peer_config.vnet_name}") | ||
| resource_group_name = var.remote_peer_config.resource_group_name | ||
| virtual_network_name = var.remote_peer_config.vnet_name | ||
| remote_virtual_network_id = data.azurerm_virtual_network.local_peer.id | ||
| allow_virtual_network_access = try(var.remote_peer_config.allow_virtual_network_access, true) | ||
| allow_forwarded_traffic = try(var.remote_peer_config.allow_forwarded_traffic, true) | ||
| allow_gateway_transit = try(var.remote_peer_config.allow_gateway_transit, false) | ||
| use_remote_gateways = try(var.remote_peer_config.use_remote_gateways, false) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| output "local_peering_name" { | ||
| description = "The name of the local VNET peering." | ||
| value = azurerm_virtual_network_peering.local.name | ||
| } | ||
|
|
||
| output "remote_peering_name" { | ||
| description = "The name of the remote VNET peering." | ||
| value = azurerm_virtual_network_peering.remote.name | ||
| } | ||
|
|
||
| output "local_peering_id" { | ||
| description = "The ID of the local VNET peering." | ||
| value = azurerm_virtual_network_peering.local.id | ||
| } | ||
|
|
||
| output "remote_peering_id" { | ||
| description = "The ID of the remote VNET peering." | ||
| value = azurerm_virtual_network_peering.remote.id | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| variable "name_prefix" { | ||
| description = "Prefix name appended to the peering names." | ||
| default = "" | ||
| type = string | ||
| } | ||
|
|
||
| variable "local_peer_config" { | ||
| description = <<-EOF | ||
| A map that contains the local peer configuration. | ||
| Mandatory Values: | ||
| - `vnet_name` - (`string`, required) the local peer VNET name. | ||
| - `resource_group_name - (`string`, required) : the resource group name of the local peer | ||
| - `allow_virtual_network_access - (`bool`, optional, defaults to `true`) : allows communication between the two peering VNETs | ||
| - `allow_forwarded_traffic` - (`bool`, optional, defaults to `true`) : allows traffic forwarded from the remote VNET but not originated from within it | ||
| - `allow_gateway_transit` - (`bool`, optional, defaults to `false`) : controls the learning of routes from local VNET (gateway or route server) into the remote VNET. Must be true if `use_remote_gateways` is `true` for remote peer | ||
| - `use_remote_gateways` - (`bool`, optional, defaults to `false`) : controls the learning of routes from the remote VNET (gateway or route server) into the local VNET | ||
| - `name` - (`string`, optional, defaults to `<var.name_prefix><var.local_peer_config.vnet_name>-to-<var.remote_peer_config.vnet_name>`) : the name of the local VNET peering | ||
| EOF | ||
| type = map(any) | ||
| } | ||
|
|
||
| variable "remote_peer_config" { | ||
| description = <<-EOF | ||
| A map that contains the remote peer configuration. | ||
| Mandatory Values : | ||
| - `vnet_name` - (`string`, required) : the remote peer VNET name. | ||
| - `resource_group_name - (`string`, required) : the resource group name of the remote peer | ||
| - `allow_virtual_network_access - (`bool`, optional, defaults to `true`) : allows communication between the two peering VNETs | ||
| - `allow_forwarded_traffic` - (`bool`, optional, defaults to `true`) : allows traffic forwarded from the local VNET but not originated from within it | ||
| - `allow_gateway_transit` - (`bool`, optional, defaults to `false`) : controls the learning of routes from remote VNET (gateway or route server) into the local VNET. Must be true if `use_remote_gateways` is `true` for local peer | ||
| - `use_remote_gateways` - (`bool`, optional, defaults to `false`) : controls the learning of routes from the local VNET (gateway or route server) into the remote VNET | ||
| - `name` - (`string`, optional, defaults to `<var.name_prefix><var.remote_peer_config.vnet_name>-to-<var.local_peer_config.vnet_name>`) : the name of the local VNET peering | ||
| EOF | ||
| type = map(any) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| terraform { | ||
| required_version = ">= 1.2, < 2.0" | ||
| required_providers { | ||
| azurerm = { | ||
| source = "hashicorp/azurerm" | ||
| version = "~> 3.25" | ||
| } | ||
| } | ||
| } |