Fix VWAN

Azure · Oct 8, 2024 · 2723dd1 · 2723dd1
1 parent 506cdc6
commit 2723dd1
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 217 deletions.
diff --git a/templates/complete_multi_region/examples/config-hub-and-spoke-vnet-multi-region.tfvars b/templates/complete_multi_region/examples/config-hub-and-spoke-vnet-multi-region.tfvars
@@ -141,7 +141,7 @@ hub_and_spoke_vnet_virtual_networks = {
         }
         firewall_policy = {
           name = "fwp-hub-$${starter_location_01}"
-          dns  = {
+          dns = {
             proxy_enabled = true
           }
         }
@@ -213,7 +213,7 @@ hub_and_spoke_vnet_virtual_networks = {
         }
         firewall_policy = {
           name = "fwp-hub-$${starter_location_01}"
-          dns  = {
+          dns = {
             proxy_enabled = true
           }
         }

diff --git a/templates/complete_multi_region/examples/config-hub-and-spoke-vnet-multi-region.yaml b/templates/complete_multi_region/examples/config-hub-and-spoke-vnet-multi-region.yaml
diff --git a/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars
@@ -89,7 +89,7 @@ connectivity_resource_groups = {
     name     = "rg-hub-ddos-$${starter_location_01}"
     location = "$${starter_location_01}"
   }
-  vwam = {
+  vwan = {
     name     = "rg-vwan-$${starter_location_01}"
     location = "$${starter_location_01}"
   }
@@ -136,19 +136,21 @@ virtual_wan_virtual_hubs = {
       }
     }
     private_dns_zones = {
-      resource_group_name = "rg-vwan-dns-$${starter_location_01}"
+      resource_group_name = "rg-hub-dns-$${starter_location_01}"
       is_primary          = true
       networking = {
         virtual_network = {
-          name          = "vnet-hub-dns-$${starter_location_01}"
-          address_space = "10.10.0.0/24"
+          name                = "vnet-hub-dns-$${starter_location_01}"
+          resource_group_name = "rg-vwan-hub-$${starter_location_01}"
+          address_space       = "10.10.0.0/24"
           private_dns_resolver_subnet = {
-            name           = "subnet-hub-dns-$${starter_location_01}"
-            address_prefix = "10.10.0.0/28"
+            name                = "subnet-hub-dns-$${starter_location_01}"
+            address_prefix      = "10.10.0.0/28"
           }
         }
         private_dns_resolver = {
           name = "pdr-hub-dns-$${starter_location_01}"
+          resource_group_name = "rg-vwan-hub-$${starter_location_01}"
         }
       }
     }
@@ -170,19 +172,21 @@ virtual_wan_virtual_hubs = {
       }
     }
     private_dns_zones = {
-      resource_group_name = "rg-vwan-dns-$${starter_location_01}"
+      resource_group_name = "rg-hub-dns-$${starter_location_01}"
       is_primary          = false
       networking = {
         virtual_network = {
-          name          = "vnet-hub-dns-$${starter_location_02}"
-          address_space = "10.11.0.0/24"
+          name                = "vnet-hub-dns-$${starter_location_02}"
+          resource_group_name = "rg-vwan-hub-$${starter_location_02}"
+          address_space       = "10.11.0.0/24"
           private_dns_resolver_subnet = {
-            name           = "subnet-hub-dns-$${starter_location_02}"
-            address_prefix = "10.11.0.0/28"
+            name                = "subnet-hub-dns-$${starter_location_02}"
+            address_prefix      = "10.11.0.0/28"
           }
         }
         private_dns_resolver = {
           name = "pdr-hub-dns-$${starter_location_02}"
+          resource_group_name = "rg-vwan-hub-$${starter_location_02}"
         }
       }
     }

diff --git a/templates/complete_multi_region/modules/virtual-wan/locals.tf b/templates/complete_multi_region/modules/virtual-wan/locals.tf
@@ -4,7 +4,7 @@ locals {
 
 locals {
   virtual_network_connections_input = { for virtual_network_connection in flatten([for virtual_hub_key, virtual_hub_value in var.virtual_hubs :
-    [for virtual_network_connection_key, virtual_network_connection_value in virtual_hub_value.virtual_network_connections : {
+    [for virtual_network_connection_key, virtual_network_connection_value in try(virtual_hub_value.virtual_network_connections, {}) : {
       unique_key                = "${virtual_hub_key}-${virtual_network_connection_key}"
       name                      = virtual_network_connection_value.settings.name
       virtual_hub_key           = virtual_hub_key
@@ -29,9 +29,9 @@ locals {
 
 locals {
   firewall_policies = { for virtual_hub_key, virtual_hub_value in var.virtual_hubs : virtual_hub_key => merge({
-    location            = virtual_hub_value.location
-    resource_group_name = virtual_hub_value.resource_group_name
-    firewall_policy_dns = {
+    location            = try(virtual_hub_value.firewall.firewall_policy.location, virtual_hub_value.hub.location)
+    resource_group_name = try(virtual_hub_value.firewall.firewall_policy.resource_group_name, virtual_hub_value.hub.resource_group_name)
+    dns = {
       servers       = [module.dns_resolver[virtual_hub_key].inbound_endpoint_ips["dns"]]
       proxy_enabled = true
     }
@@ -40,7 +40,7 @@ locals {
   firewalls = { for virtual_hub_key, virtual_hub_value in var.virtual_hubs : virtual_hub_key => merge(
     {
       virtual_hub_key    = virtual_hub_key
-      location           = virtual_hub_value.location
+      location           = try(virtual_hub_value.firewall.location, virtual_hub_value.hub.location)
       firewall_policy_id = module.firewall_policy[virtual_hub_key].resource_id
     }, virtual_hub_value.firewall)
     if can(virtual_hub_value.firewall)

diff --git a/templates/complete_multi_region/modules/virtual-wan/main.tf b/templates/complete_multi_region/modules/virtual-wan/main.tf
@@ -10,7 +10,7 @@ module "firewall_policy" {
   firewall_policy_sku                               = try(each.value.sku, "Standard")
   firewall_policy_auto_learn_private_ranges_enabled = try(each.value.auto_learn_private_ranges_enabled, null)
   firewall_policy_base_policy_id                    = try(each.value.base_policy_id, null)
-  firewall_policy_dns                               = each.value.settings.dns
+  firewall_policy_dns                               = each.value.dns
   firewall_policy_threat_intelligence_mode          = try(each.value.threat_intelligence_mode, "Alert")
   firewall_policy_private_ip_ranges                 = try(each.value.private_ip_ranges, null)
   firewall_policy_threat_intelligence_allowlist     = try(each.value.threat_intelligence_allowlist, null)
@@ -53,10 +53,10 @@ module "virtual_network_private_dns" {
 
   for_each = local.private_dns_zones
 
-  address_space       = each.value.networking.virtual_network.address_space
+  address_space       = [each.value.networking.virtual_network.address_space]
   location            = each.value.location
   name                = each.value.networking.virtual_network.name
-  resource_group_name = each.value.resource_group_name
+  resource_group_name = each.value.networking.virtual_network.resource_group_name
   enable_telemetry    = var.enable_telemetry
   ddos_protection_plan = local.ddos_protection_plan_enabled ? {
     id     = module.ddos_protection_plan[0].resource.id
@@ -85,7 +85,7 @@ module "dns_resolver" {
 
   location                    = each.value.location
   name                        = each.value.networking.private_dns_resolver.name
-  resource_group_name         = each.value.resource_group_name
+  resource_group_name         = each.value.networking.private_dns_resolver.resource_group_name
   virtual_network_resource_id = module.virtual_network_private_dns[each.key].resource_id
   enable_telemetry            = var.enable_telemetry
   inbound_endpoints = {

diff --git a/templates/complete_multi_region/modules/virtual-wan/variables.tf b/templates/complete_multi_region/modules/virtual-wan/variables.tf
@@ -12,15 +12,17 @@ variable "virtual_hubs" {
       is_primary          = optional(bool, false)
       networking = object({
         virtual_network = object({
-          name          = string
-          address_space = string
+          name                = string
+          address_space       = string
+          resource_group_name = string
           private_dns_resolver_subnet = object({
             name           = string
             address_prefix = string
           })
         })
         private_dns_resolver = object({
-          name = string
+          name                = string
+          resource_group_name = string
         })
       })
     }))

diff --git a/templates/complete_multi_region/yaml.tf b/templates/complete_multi_region/yaml.tf
@@ -24,16 +24,16 @@ YAML
   })
 
   yaml_file_virtual_wan_es = yamlencode({
-    management_use_avm                  = var.management_use_avm
-    management_settings_es              = var.management_settings_es
-    connectivity_type                   = var.connectivity_type
-    connectivity_resource_groups        = var.connectivity_resource_groups
-    virtual_wan_settings                = var.virtual_wan_settings
-    virtual_wan_virtual_hubs            = var.virtual_wan_virtual_hubs
+    management_use_avm           = var.management_use_avm
+    management_settings_es       = var.management_settings_es
+    connectivity_type            = var.connectivity_type
+    connectivity_resource_groups = var.connectivity_resource_groups
+    virtual_wan_settings         = var.virtual_wan_settings
+    virtual_wan_virtual_hubs     = var.virtual_wan_virtual_hubs
   })
 
   yaml_file_content = local.connectivity_hub_and_spoke_vnet_enabled ? local.yaml_file_hub_and_spoke_vnet_es : local.yaml_file_virtual_wan_es
-  yaml_file_final = replace("${local.yaml_file_header}${local.yaml_file_content}", "\"", "")
+  yaml_file_final   = replace("${local.yaml_file_header}${local.yaml_file_content}", "\"", "")
 
   yaml_file_name = "config-${replace(var.connectivity_type, "_", "-")}-multi-region.yaml"
 }