Skip to content

Instantly share code, notes, and snippets.

@sjovang

sjovang/main.tf Secret

Last active September 20, 2022 11:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sjovang/87f8a71c32964c9add5b7c3ef6ccdd64 to your computer and use it in GitHub Desktop.
Save sjovang/87f8a71c32964c9add5b7c3ef6ccdd64 to your computer and use it in GitHub Desktop.
Complete example for Hub-Spoke with Virtual Network Manager in Terraform
/*
Deploy Virtual Network Manager with Hub-Spoke network.
Run `az extension add --name virtual-network-manager` to install the azure cli extension first
*/
terraform {
required_providers {
azapi = {
source = "azure/azapi"
version = "= 0.4.0"
}
azurerm = {
source = "hashicorp/azurerm"
version = "= 3.16.0"
}
}
}
provider "azurerm" {
features {}
}
locals {
spoke_subnets = {
"spoke1" = {
address_space = ["10.11.0.0/16"]
}
"spoke2" = {
address_space = ["10.12.0.0/16"]
}
}
}
resource "azurerm_resource_group" "test" {
name = "NetworkManager-Test"
location = "westeurope"
}
resource "azurerm_virtual_network" "hub" {
name = "hub"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
address_space = ["10.10.0.0/16"]
subnet {
name = "GatewaySubnet"
address_prefix = "10.10.0.0/24"
}
}
resource "azurerm_virtual_network" "spokes" {
for_each = local.spoke_subnets
name = each.key
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
address_space = each.value.address_space
}
resource "azurerm_public_ip" "gw" {
name = "hubgateway"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
allocation_method = "Dynamic"
}
resource "azurerm_virtual_network_gateway" "hub" {
name = "hubgateway"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
type = "Vpn"
vpn_type = "RouteBased"
sku = "Basic"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.gw.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_virtual_network.hub.subnet.*.id[0]
}
}
// Deploy Network Manager
data "azurerm_subscription" "current" {}
resource "azapi_resource" "network_manager" {
type = "Microsoft.Network/networkManagers@2022-04-01-preview"
name = "networkmanager"
parent_id = azurerm_resource_group.test.id
location = azurerm_resource_group.test.location
body = jsonencode({
properties = {
networkManagerScopeAccesses = [
"Connectivity",
"SecurityAdmin"
]
networkManagerScopes = {
subscriptions = [
data.azurerm_subscription.current.id
]
}
}
})
}
resource "azapi_resource" "spoke_group" {
type = "Microsoft.Network/networkManagers/networkGroups@2022-04-01-preview"
name = "spokes"
parent_id = azapi_resource.network_manager.id
body = jsonencode({
properties = {
#description = "Test"
memberType = "VirtualNetwork"
}
})
}
resource "azapi_resource" "spoke_group_members" {
type = "Microsoft.Network/networkManagers/networkGroups/staticMembers@2022-04-01-preview"
for_each = azurerm_virtual_network.spokes
name = each.value.name
parent_id = azapi_resource.spoke_group.id
body = jsonencode({
properties = {
resourceId = each.value.id
}
})
}
resource "azapi_resource" "hub_spoke_configuration" {
type = "Microsoft.Network/networkManagers/connectivityConfigurations@2022-04-01-preview"
name = "hub-spoke"
parent_id = azapi_resource.network_manager.id
body = jsonencode({
properties = {
appliesToGroups = [
{
groupConnectivity = "None"
isGlobal = "False"
networkGroupId = azapi_resource.spoke_group.id
useHubGateway = "True"
}
]
connectivityTopology = "HubAndSpoke"
deleteExistingPeering = "True"
hubs = [
{
resourceId = azurerm_virtual_network.hub.id
resourceType = "Microsoft.Network/virtualNetworks"
}
]
isGlobal = "False"
}
})
}
resource "null_resource" "network_manager_commit" {
depends_on = [
azapi_resource.hub_spoke_configuration
]
provisioner "local-exec" {
command = <<CMD
az network manager post-commit \
--commit-type Connectivity \
--network-manager-name ${azapi_resource.network_manager.name} \
--resource-group ${azurerm_resource_group.test.name} \
--target-locations ${azurerm_resource_group.test.location} \
--configuration-ids ${azapi_resource.hub_spoke_configuration.id}
CMD
}
/* provisioner "local-exec" {
command = <<CMD
AccessToken=$(az account get-access-token --query accessToken --output tsv) && \
curl -X POST https://management.azure.com${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.test.name}/providers/Microsoft.Network/networkManagers/${azapi_resource.network_manager.name}/commit?api-version=2021-02-01-preview \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $AccessToken" \
-d '{"targetLocations": [ "${azurerm_resource_group.test.location}" ], "configurationIds": [ "${azapi_resource.hub_spoke_configuration.id}" ], "commitType": "Connectivity"}' \
-v
CMD
} */
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment