Skip to content

Commit

Permalink
[azure/event_hubs] Set public_network_access_enabled to true when…
Browse files Browse the repository at this point in the history 
… there are `ip_rule`s or `virtual_network_rule`s (#36)

Only create `virtual_network_rule`s for subnets we will NOT create a private endpoint for
  • Loading branch information
@missingcharacter
missingcharacter authored May 2, 2024
1 parent c55a148 commit bbf723d
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions modules/azure/event_hubs/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,14 @@ locals {
}
}
]...)
subnets_no_private_endpoint = merge([
for event_hub_ns, event_hub_ns_details in var.event_hubs_namespaces : {
for subnet, subnet_details in event_hub_ns_details.subnets :
event_hub_ns => [subnet]...
if subnet_details.create_private_endpoint == false
}
]...)

}

data "azurerm_subnet" "private_endpoint_subnet" {
Expand All @@ -32,10 +40,10 @@ resource "azurerm_eventhub_namespace" "events" {
auto_inflate_enabled = each.value.sku == "Standard" ? each.value.auto_inflate.enabled : false
maximum_throughput_units = each.value.auto_inflate.enabled && each.value.sku == "Standard" ? each.value.auto_inflate.maximum_throughput_units : null
zone_redundant = each.value.zone_redundant
public_network_access_enabled = each.value.public_network_access_enabled
public_network_access_enabled = length(each.value.ip_rules) > 0 || length(lookup(local.subnets_no_private_endpoint, each.key, [])) > 0 ? true : each.value.public_network_access_enabled
network_rulesets {
default_action = "Deny"
public_network_access_enabled = each.value.public_network_access_enabled
public_network_access_enabled = length(each.value.ip_rules) > 0 || length(lookup(local.subnets_no_private_endpoint, each.key, [])) > 0 ? true : each.value.public_network_access_enabled
trusted_service_access_enabled = each.value.trusted_service_access_enabled
ip_rule = [
Expand All @@ -50,6 +58,7 @@ resource "azurerm_eventhub_namespace" "events" {
ignore_missing_virtual_network_service_endpoint = false
subnet_id = data.azurerm_subnet.private_endpoint_subnet["${each.key}-${subnet_details.vnet_name}-${subnet_details.resource_group_name}-${subnet_details.location}-${subnet}"].id
}
if subnet_details.create_private_endpoint == false
]
}
}
Expand Down

0 comments on commit bbf723d

Please sign in to comment.