Add extra private dns zones (#16)

* Add extra private dns zones and link them top the vnet. * Improve README for diagnostic settings * Rename additional_private_dns_zones to resolvable_private_dns_zones Add output resolvable_private_dns_zones * Change resolvable private dns zone link name * Change output for resolvable private dns zones * Fix regexp for output * Fix typo
avinor · Oct 20, 2022 · 43e471c · 43e471c
1 parent 25a3147
commit 43e471c
Show file tree

Hide file tree

Showing 11 changed files with 198 additions and 103 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,6 @@
 #  Local .terraform directories
 **/.terraform/*
-.terraform.lock.hcl
+examples/*/.terraform.lock.hcl
 
 # .tfstate files
 *.tfstate

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -57,10 +57,9 @@ module "hub" {
   address_space       = "10.0.0.0/24"
 
   diagnostics = {
-    destination   = "/subscription/xxxx-xxxx/.../resource_id"
-    eventhub_name = null
-    logs          = ["all"]
-    metrics       = [
+    destination = "/subscription/xxxx-xxxx/.../resource_id"
+    logs        = ["all"]
+    metrics     = [
       "all"
     ]
   }
@@ -140,7 +139,7 @@ module "hub" {
 Diagnostics settings can be sent to either storage account, event hub or Log Analytics workspace. The
 variable `diagnostics.destination` is the id of receiver, ie. storage account id, event namespace authorization rule id
 or log analytics resource id. Depending on what id is it will detect where to send. Unless using event namespace
-the `eventhub_name` is not required, just set to `null` for storage account and log analytics workspace.
+the `eventhub_name` is not required for storage account and log analytics workspace.
 
 Setting `all` in logs and metrics will send all possible diagnostics to destination. If not using `all` type name of
 categories to send.
@@ -215,4 +214,6 @@ all service principals that should have access to peer against hub network.
 
 To create a private dns zone for virtual network set the domain name for zone with variable `private_dns_zone`. This
 will create a private dns zone and link the virtual network hub to zone. It will also assign all principals that have
-peering access as contributors so spokes can be linked to same zone.
+peering access as contributors so spokes can be linked to same zone. For additional private dns zones, example for use
+with postgres flexible server, use `additional_private_dns_zones`. None of the additional zone must be linked with
+registration enabled.
diff --git a/examples/dns/main.tf b/examples/dns/main.tf
@@ -0,0 +1,24 @@
+module "hub" {
+  source = "../../"
+
+  name                = "hub"
+  resource_group_name = "networking-hub"
+  location            = "westeurope"
+  address_space       = "10.0.0.0/24"
+
+  public_ip_names = [
+    "fw-public"
+  ]
+
+  private_dns_zone = "cloud.mycorp.com"
+
+  resolvable_private_dns_zones = [
+    "example.postgres.database.azure.com",
+    "example2.postgres.database.azure.com",
+  ]
+
+  peering_assignment = [
+    "12345678-1234-1234-123456789012"
+  ]
+
+}
diff --git a/examples/firewall/main.tf b/examples/firewall/main.tf
@@ -7,10 +7,9 @@ module "hub" {
   address_space       = "10.0.0.0/24"
 
   diagnostics = {
-    destination   = "/subscription/xxxx-xxxx/.../resource_id"
-    eventhub_name = null
-    logs          = ["all"]
-    metrics       = ["all"]
+    destination = "/subscription/xxxx-xxxx/.../resource_id"
+    logs        = ["all"]
+    metrics     = ["all"]
   }
 
   public_ip_names = [