Merge pull request #1 from scalair/feat/multi_peering

Refactor: bidirectional peering

CHANGELOG.md

@@ -1,4 +1,13 @@
 # Changelog
 
+## v2.0.0 - 2020-11-18
+
+### Added
+
+- **BREAKING CHANGES**: the module creates bidirectional peering, and allows to pass multiple peering inputs. See README.md for more informations
+
+## v1.0.0
+
 ### Added
+
 - Initial release

LICENSE

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -1 +1,63 @@
-# terraform-azure-vnet-peering
+# Terraform Azure Virtual network peering
+
+This module peers two virtual networks in the same subscription.
+
+More info [here](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering).
+
+## Usage example
+
+The following example will create 4 peerings:
+
+- vnet1 -> vnet2
+- vnet2 -> vnet1
+- vnet1 -> vnet3
+- vnet3 -> vnet1
+
+```hcl
+module "vnet_peering" {
+  source = "github.com/scalair/terraform-azure-vnet-peering"
+
+  peerings = [
+    {
+      source = {
+        vnet_name                    = "vnet_1",
+        resource_group_name          = "rg_1",
+        allow_virtual_network_access = true,
+        allow_forwarded_traffic      = false,
+        allow_gateway_transit        = false,
+        use_remote_gateways          = false,
+      },
+      destination = {
+        vnet_name                    = "vnet_2",
+        resource_group_name          = "rg_2",
+        allow_virtual_network_access = true,
+        allow_forwarded_traffic      = false,
+        allow_gateway_transit        = false,
+        use_remote_gateways          = false,
+      }
+    },
+    {
+      source = {
+        vnet_name                    = "vnet_1",
+        resource_group_name          = "rg_1",
+        allow_virtual_network_access = true,
+        allow_forwarded_traffic      = false,
+        allow_gateway_transit        = false,
+        use_remote_gateways          = false,
+      },
+      destination = {
+        vnet_name                    = "vnet_3",
+        resource_group_name          = "rg_3",
+        allow_virtual_network_access = true,
+        allow_forwarded_traffic      = false,
+        allow_gateway_transit        = false,
+        use_remote_gateways          = false,
+      }
+    }
+  ]
+}
+```
+
+## Limitations
+
+This module can only peer vnets in the same subscription.

main.tf

@@ -1,10 +1,39 @@
-resource "azurerm_virtual_network_peering" "vnet-peering" {
-  name                         = var.vnet_peering_name
-  remote_virtual_network_id    = var.remote_vnet_id_to_peer
-  resource_group_name          = var.resource_group_name
-  virtual_network_name         = var.peering_from_vnet
-  allow_virtual_network_access = var.enable_virtual_network_access
-  allow_forwarded_traffic      = var.enable_forwarded_traffic
-  allow_gateway_transit        = var.enable_gateway_transit
-  use_remote_gateways          = var.enable_use_remote_gateways
+data "azurerm_virtual_network" "vnet_1" {
+  for_each = { for i, p in var.peerings : i => p }
+
+  name                = each.value.source.vnet_name
+  resource_group_name = each.value.source.resource_group_name
+}
+
+data "azurerm_virtual_network" "vnet_2" {
+  for_each = { for i, p in var.peerings : i => p }
+
+  name                = each.value.destination.vnet_name
+  resource_group_name = each.value.destination.resource_group_name
+}
+
+resource "azurerm_virtual_network_peering" "vnet_peering_1" {
+  for_each = { for i, p in var.peerings : i => p }
+
+  name                         = format("peer-%s-%s", each.value.source.vnet_name, each.value.destination.vnet_name)
+  resource_group_name          = each.value.source.resource_group_name
+  virtual_network_name         = each.value.source.vnet_name
+  remote_virtual_network_id    = data.azurerm_virtual_network.vnet_2[each.key].id
+  allow_virtual_network_access = lookup(each.value.source, "allow_virtual_network_access", null)
+  allow_forwarded_traffic      = lookup(each.value.source, "allow_forwarded_traffic", null)
+  allow_gateway_transit        = lookup(each.value.source, "allow_gateway_transit", null)
+  use_remote_gateways          = lookup(each.value.source, "use_remote_gateways", null)
+}
+
+resource "azurerm_virtual_network_peering" "vnet_peering_2" {
+  for_each = { for i, p in var.peerings : i => p }
+
+  name                         = format("peer-%s-%s", each.value.destination.vnet_name, each.value.source.vnet_name)
+  resource_group_name          = each.value.destination.resource_group_name
+  virtual_network_name         = each.value.destination.vnet_name
+  remote_virtual_network_id    = data.azurerm_virtual_network.vnet_1[each.key].id
+  allow_virtual_network_access = lookup(each.value.destination, "allow_virtual_network_access", null)
+  allow_forwarded_traffic      = lookup(each.value.destination, "allow_forwarded_traffic", null)
+  allow_gateway_transit        = lookup(each.value.destination, "allow_gateway_transit", null)
+  use_remote_gateways          = lookup(each.value.destination, "use_remote_gateways", null)
 }

outputs.tf

@@ -0,0 +1,7 @@
+output "vnet_peering_1" {
+    value = azurerm_virtual_network_peering.vnet_peering_1
+}
+
+output "vnet_peering_2" {
+    value = azurerm_virtual_network_peering.vnet_peering_2
+}

variables.tf

@@ -1,49 +1,3 @@
-# vnet peering variable
-
-variable "vnet_peering_name" {
-  description = "The name of the virtual network peering. Changing this forces a new resource to be created."
-  type        = string
-  default     = ""
-}
-
-variable "peering_from_vnet" {
-  description = ""
-  type        = string
-  default     = ""
-}
-
-variable "resource_group_name" {
-  description = ""
-  type        = string
-  default     = ""
-}
-
-variable "remote_vnet_id_to_peer" {
-  description = ""
-  type        = string
-  default     = ""
-}
-
-variable "enable_virtual_network_access" {
-  description = ""
-  type        = string
-  default     = true
-}
-
-variable "enable_forwarded_traffic" {
-  description = ""
-  type        = string
-  default     = false
-}
-
-variable "enable_gateway_transit" {
-  description = ""
-  type        = string
-  default     = false
-}
-
-variable "enable_use_remote_gateways" {
-  description = ""
-  type        = string
-  default     = false
-}
+variable "peerings" {
+    type = list
+}