-
Notifications
You must be signed in to change notification settings - Fork 842
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
826ba00
commit 05bc6b6
Showing
6 changed files
with
364 additions
and
0 deletions.
There are no files selected for viewing
155 changes: 155 additions & 0 deletions
155
quickstart/201-virtual-network-manager-cross-tenant/cross-tenant-hns.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,155 @@ | ||
| /* | ||
| * This template will create a network manager + Hub&Spoke configuration in the 'home' tenant | ||
| * It will also create a vnet under a subscription in the 'away' tenant | ||
| * It will then establish a cross-tenant connection, and add the vnet in the 'away' tenant to a network group managed by the connect config | ||
| */ | ||
| variable "home_tenant" { | ||
| type = string | ||
| description = "The tenant (guid) the network manager is in." | ||
| } | ||
| variable "home_sub" { | ||
| type = string | ||
| description = "The subscription (guid) the network manager is created under." | ||
| } | ||
| variable "away_tenant" { | ||
| type = string | ||
| description = "The tenant (guid) the cross-tenant vnet is in." | ||
| } | ||
| variable "away_sub" { | ||
| type = string | ||
| description = "The subscription (guid) the cross-tenant vnet is created under." | ||
| } | ||
|
|
||
| # Azure Provider source and version being used | ||
| terraform { | ||
| required_providers { | ||
| azurerm = { | ||
| source = "hashicorp/azurerm" | ||
| # 3.83.0 or higher is required to retrieve aux tokens correctly | ||
| version = ">=4.15.0" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| # Setup initial 'home' tenant resources: | ||
| # Resource group, network manager, network group, vnet, static member, connectivity configuration | ||
| provider "azurerm" { | ||
| features {} | ||
| use_cli = true | ||
| subscription_id = var.home_sub | ||
| tenant_id = var.home_tenant | ||
| auxiliary_tenant_ids = [var.away_tenant] | ||
| } | ||
|
|
||
| data "azurerm_subscription" "home" { | ||
| subscription_id = var.home_sub | ||
| } | ||
|
|
||
| resource "azurerm_resource_group" "home" { | ||
| name = "anm-resources" | ||
| location = "East US" | ||
| } | ||
|
|
||
| resource "azurerm_network_manager" "home" { | ||
| name = "terraform-network-manager" | ||
| location = azurerm_resource_group.home.location | ||
| resource_group_name = azurerm_resource_group.home.name | ||
| scope_accesses = ["Connectivity"] | ||
| scope { | ||
| subscription_ids = [data.azurerm_subscription.home.id] | ||
| } | ||
| description = "Network manager for cross-tenant management." | ||
| } | ||
| resource "azurerm_network_manager_network_group" "home" { | ||
| name = "network-group" | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| description = "Network group for cross-tenant static members." | ||
| } | ||
|
|
||
| resource "azurerm_virtual_network" "home" { | ||
| name = "home-tenant-vnet" | ||
| resource_group_name = azurerm_resource_group.home.name | ||
| location = azurerm_resource_group.home.location | ||
| address_space = ["10.0.0.0/16"] | ||
| subnet { | ||
| name = "subnet1" | ||
| address_prefixes = ["10.0.1.0/24"] | ||
| default_outbound_access_enabled = "false" | ||
| } | ||
| } | ||
|
|
||
| # Connectivity configuration referencing in-tenant vnet as hub | ||
| resource "azurerm_network_manager_connectivity_configuration" "home" { | ||
| name = "cross-tenant-connectivity-conf" | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| connectivity_topology = "HubAndSpoke" | ||
| applies_to_group { | ||
| group_connectivity = "DirectlyConnected" | ||
| network_group_id = azurerm_network_manager_network_group.home.id | ||
| } | ||
|
|
||
| hub { | ||
| resource_id = azurerm_virtual_network.home.id | ||
| resource_type = "Microsoft.Network/virtualNetworks" | ||
| } | ||
| } | ||
|
|
||
| # Setup initial 'away' tenant resources: | ||
| # Resource group, vnet | ||
| provider "azurerm" { | ||
| features {} | ||
| alias = "away" | ||
| use_cli = true | ||
| subscription_id = var.away_sub | ||
| tenant_id = var.away_tenant | ||
| } | ||
|
|
||
| data "azurerm_subscription" "away" { | ||
| provider = azurerm.away | ||
| subscription_id = var.away_sub | ||
| } | ||
|
|
||
| resource "azurerm_resource_group" "away" { | ||
| provider = azurerm.away | ||
| name = "away-tenant-resources" | ||
| location = "East US" | ||
| } | ||
|
|
||
| resource "azurerm_virtual_network" "away" { | ||
| provider = azurerm.away | ||
| name = "away-tenant-vnet" | ||
| resource_group_name = azurerm_resource_group.away.name | ||
| location = azurerm_resource_group.away.location | ||
| address_space = ["192.168.1.0/24"] | ||
| } | ||
|
|
||
| # Create the cross-tenant connection resources | ||
| resource "azurerm_network_manager_scope_connection" "home" { | ||
| name = "scope-connection" | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| tenant_id = var.away_tenant | ||
| target_scope_id = data.azurerm_subscription.away.id | ||
| description = "Used to manage cross-tenant subscription." | ||
| } | ||
|
|
||
| resource "azurerm_network_manager_subscription_connection" "away" { | ||
| provider = azurerm.away | ||
| name = "subscription-connection" | ||
| subscription_id = data.azurerm_subscription.away.id | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| description = "Used to approve management from cross-tenant network manager." | ||
| } | ||
|
|
||
| # Wait to ensure connection has been established async | ||
| resource "time_sleep" "wait" { | ||
| depends_on = [azurerm_network_manager_scope_connection.home, azurerm_network_manager_subscription_connection.away] | ||
| create_duration = "30s" | ||
| } | ||
|
|
||
| # Create a static member for the vnet in the 'away' tenant after connection is established | ||
| resource "azurerm_network_manager_static_member" "home" { | ||
| name = "cross-tenant-static-member" | ||
| network_group_id = azurerm_network_manager_network_group.home.id | ||
| target_virtual_network_id = azurerm_virtual_network.away.id | ||
| depends_on = [time_sleep.wait] | ||
| } |
138 changes: 138 additions & 0 deletions
138
quickstart/201-virtual-network-manager-cross-tenant/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,138 @@ | ||
| /* | ||
| * This template will create a network manager + Hub&Spoke configuration in the 'home' tenant | ||
| * It will also create a vnet under a subscription in the 'away' tenant | ||
| * It will then establish a cross-tenant connection, and add the vnet in the 'away' tenant to a network group managed by the connect config | ||
| */ | ||
|
|
||
| resource "random_pet" "rg_name_home" { | ||
| prefix = var.resource_group_name_prefix | ||
| } | ||
|
|
||
| resource "random_pet" "rg_name_away" { | ||
| prefix = var.resource_group_name_prefix | ||
| } | ||
|
|
||
|
|
||
| resource "azurerm_resource_group" "rg_home" { | ||
| location = var.resource_group_location | ||
| name = random_pet.rg_name.id | ||
| } | ||
|
|
||
| resource "azurerm_resource_group" "rg_away" { | ||
| location = var.resource_group_location | ||
| name = random_pet.rg_name.id | ||
| } | ||
| # Create three virtual networks | ||
| resource "random_string" "prefix" { | ||
| length = 4 | ||
| special = false | ||
| upper = false | ||
| } | ||
|
|
||
| resource "random_pet" "virtual_network_name" { | ||
| prefix = "vnet-${random_string.prefix.result}" | ||
| } | ||
|
|
||
| resource "azurerm_network_manager" "home" { | ||
| name = "terraform-network-manager" | ||
| location = azurerm_resource_group.home.location | ||
| resource_group_name = azurerm_resource_group.home.name | ||
| scope_accesses = ["Connectivity"] | ||
| scope { | ||
| subscription_ids = [data.azurerm_subscription.home.id] | ||
| } | ||
| description = "Network manager for cross-tenant management." | ||
| } | ||
| resource "azurerm_network_manager_network_group" "home" { | ||
| name = "network-group" | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| description = "Network group for cross-tenant static members." | ||
| } | ||
|
|
||
| resource "azurerm_virtual_network" "home" { | ||
| name = "home-tenant-vnet" | ||
| resource_group_name = azurerm_resource_group.home.name | ||
| location = azurerm_resource_group.home.location | ||
| address_space = ["10.0.0.0/16"] | ||
| subnet { | ||
| name = "subnet1" | ||
| address_prefixes = ["10.0.1.0/24"] | ||
| default_outbound_access_enabled = "false" | ||
| } | ||
| } | ||
|
|
||
| # Connectivity configuration referencing in-tenant vnet as hub | ||
| resource "azurerm_network_manager_connectivity_configuration" "home" { | ||
| name = "cross-tenant-connectivity-conf" | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| connectivity_topology = "HubAndSpoke" | ||
| applies_to_group { | ||
| group_connectivity = "DirectlyConnected" | ||
| network_group_id = azurerm_network_manager_network_group.home.id | ||
| } | ||
|
|
||
| hub { | ||
| resource_id = azurerm_virtual_network.home.id | ||
| resource_type = "Microsoft.Network/virtualNetworks" | ||
| } | ||
| } | ||
|
|
||
| # Setup initial 'away' tenant resources: | ||
| # Resource group, vnet | ||
| provider "azurerm" { | ||
| features {} | ||
| alias = "away" | ||
| use_cli = true | ||
| subscription_id = var.away_sub | ||
| tenant_id = var.away_tenant | ||
| } | ||
|
|
||
| data "azurerm_subscription" "away" { | ||
| provider = azurerm.away | ||
| subscription_id = var.away_sub | ||
| } | ||
|
|
||
| resource "azurerm_resource_group" "away" { | ||
| provider = azurerm.away | ||
| name = "away-tenant-resources" | ||
| location = "East US" | ||
| } | ||
|
|
||
| resource "azurerm_virtual_network" "away" { | ||
| provider = azurerm.away | ||
| name = "away-tenant-vnet" | ||
| resource_group_name = azurerm_resource_group.away.name | ||
| location = azurerm_resource_group.away.location | ||
| address_space = ["192.168.1.0/24"] | ||
| } | ||
|
|
||
| # Create the cross-tenant connection resources | ||
| resource "azurerm_network_manager_scope_connection" "home" { | ||
| name = "scope-connection" | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| tenant_id = var.away_tenant | ||
| target_scope_id = data.azurerm_subscription.away.id | ||
| description = "Used to manage cross-tenant subscription." | ||
| } | ||
|
|
||
| resource "azurerm_network_manager_subscription_connection" "away" { | ||
| provider = azurerm.away | ||
| name = "subscription-connection" | ||
| subscription_id = data.azurerm_subscription.away.id | ||
| network_manager_id = azurerm_network_manager.home.id | ||
| description = "Used to approve management from cross-tenant network manager." | ||
| } | ||
|
|
||
| # Wait to ensure connection has been established async | ||
| resource "time_sleep" "wait" { | ||
| depends_on = [azurerm_network_manager_scope_connection.home, azurerm_network_manager_subscription_connection.away] | ||
| create_duration = "30s" | ||
| } | ||
|
|
||
| # Create a static member for the vnet in the 'away' tenant after connection is established | ||
| resource "azurerm_network_manager_static_member" "home" { | ||
| name = "cross-tenant-static-member" | ||
| network_group_id = azurerm_network_manager_network_group.home.id | ||
| target_virtual_network_id = azurerm_virtual_network.away.id | ||
| depends_on = [time_sleep.wait] | ||
| } |
3 changes: 3 additions & 0 deletions
3
quickstart/201-virtual-network-manager-cross-tenant/outputs.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| output "resource_group_name" { | ||
| value = azurerm_resource_group.rg.name | ||
| } |
21 changes: 21 additions & 0 deletions
21
quickstart/201-virtual-network-manager-cross-tenant/providers.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| terraform { | ||
| required_providers { | ||
| azurerm = { | ||
| source = "hashicorp/azurerm" | ||
| # 3.83.0 or higher is required to retrieve aux tokens correctly | ||
| version = ">=4.15.0" | ||
| } | ||
| random = { | ||
| source = "hashicorp/random" | ||
| version = "~>3.0" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| provider "azurerm" { | ||
| features {} | ||
| use_cli = true | ||
| subscription_id = var.home_sub | ||
| tenant_id = var.home_tenant | ||
| auxiliary_tenant_ids = [var.away_tenant] | ||
| } |
19 changes: 19 additions & 0 deletions
19
quickstart/201-virtual-network-manager-cross-tenant/readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Azure resource group | ||
|
|
||
| This template deploys an Azure resource group with a random name beginning with "rg-". | ||
|
|
||
| ## Terraform resource types | ||
|
|
||
| - [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ||
| - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | ||
|
|
||
| ## Variables | ||
|
|
||
| | Name | Description | Default | | ||
| |-|-|-| | ||
| | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | | ||
| | `resource_group_location` | Location of the resource group. | eastus | | ||
|
|
||
| ## Example | ||
|
|
||
| To see how to run this example, see [Create an Azure resource group using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-resource-group). |
28 changes: 28 additions & 0 deletions
28
quickstart/201-virtual-network-manager-cross-tenant/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| variable "resource_group_location" { | ||
| type = string | ||
| default = "eastus" | ||
| description = "Location of the resource group." | ||
| } | ||
|
|
||
| variable "resource_group_name_prefix" { | ||
| type = string | ||
| default = "rg" | ||
| description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." | ||
| } | ||
|
|
||
| variable "home_tenant" { | ||
| type = string | ||
| description = "The tenant (guid) the network manager is in." | ||
| } | ||
| variable "home_sub" { | ||
| type = string | ||
| description = "The subscription (guid) the network manager is created under." | ||
| } | ||
| variable "away_tenant" { | ||
| type = string | ||
| description = "The tenant (guid) the cross-tenant vnet is in." | ||
| } | ||
| variable "away_sub" { | ||
| type = string | ||
| description = "The subscription (guid) the cross-tenant vnet is created under." | ||
| } |