Merge pull request #4 from schubergphilis/fixes

Routing intent now has explicit depends_on on Azure Firewall and Firewall Policy deployment to prevent deployment failures when the Azure Firewall is still provisioning. hub_bgp_peers is no longer a required attribute optimized hub_bgp_peers for_each loop
schubergphilis · Jan 28, 2025 · 5be76a8 · 5be76a8
2 parents a3a0353 + b4ed2e4
commit 5be76a8
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -32,10 +32,10 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_hub_bgp_peers"></a> [hub\_bgp\_peers](#input\_hub\_bgp\_peers) | n/a | <pre>map(object({<br>    virtual_hub_id     = string<br>    name               = string<br>    peer_asn           = number<br>    peer_ip            = string<br>    vnet_connection_id = string<br>  }))</pre> | n/a | yes |
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | n/a | <pre>object({<br>    name     = string<br>    location = string<br>  })</pre> | n/a | yes |
 | <a name="input_virtual_hubs"></a> [virtual\_hubs](#input\_virtual\_hubs) | n/a | <pre>map(object({<br>    virtual_hub_name                  = string<br>    location                          = string<br>    address_prefix                    = string<br>    routing_intent_name               = string<br>    firewall_name                     = string<br>    firewall_policy_name              = string<br>    firewall_sku_tier                 = string<br>    firewall_public_ip_count          = number<br>    firewall_threat_intelligence_mode = string<br>    firewall_proxy_enabled            = bool<br>    firewall_dns_servers              = list(string)<br>  }))</pre> | n/a | yes |
 | <a name="input_virtual_wan"></a> [virtual\_wan](#input\_virtual\_wan) | n/a | <pre>object({<br>    name     = string<br>    location = string<br>  })</pre> | n/a | yes |
+| <a name="input_hub_bgp_peers"></a> [hub\_bgp\_peers](#input\_hub\_bgp\_peers) | n/a | <pre>map(object({<br>    virtual_hub_id     = string<br>    name               = string<br>    peer_asn           = number<br>    peer_ip            = string<br>    vnet_connection_id = string<br>  }))</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(string)` | `{}` | no |
 
 ## Outputs

diff --git a/main.tf b/main.tf
@@ -36,10 +36,10 @@ module "vhub" {
 }
 
 resource "azurerm_virtual_hub_bgp_connection" "this" {
-  for_each                      = var.hub_bgp_peers != null ? var.hub_bgp_peers : {}
+  for_each                      = var.hub_bgp_peers
   virtual_hub_id                = each.value.virtual_hub_id
   name                          = each.value.name
   peer_asn                      = each.value.peer_asn
   peer_ip                       = each.value.peer_ip
   virtual_network_connection_id = each.value.vnet_connection_id
-}
+}
diff --git a/modules/vhub/main.tf b/modules/vhub/main.tf
@@ -20,24 +20,6 @@ resource "azurerm_virtual_hub" "this" {
   )
 }
 
-
-
-resource "azurerm_virtual_hub_routing_intent" "this" {
-  name           = var.virtual_hubs.routing_intent_name
-  virtual_hub_id = azurerm_virtual_hub.this.id
-
-  routing_policy {
-    name         = "_policy_PublicTraffic"
-    destinations = ["Internet"]
-    next_hop     = azurerm_firewall.this.id
-  }
-  routing_policy {
-    name         = "_policy_PrivateTraffic"
-    destinations = ["PrivateTraffic"]
-    next_hop     = azurerm_firewall.this.id
-  }
-}
-
 resource "azurerm_firewall" "this" {
   name                = var.virtual_hubs.firewall_name
   resource_group_name = var.resource_group_name
@@ -75,3 +57,21 @@ resource "azurerm_firewall_policy" "this" {
   )
 }
 
+resource "azurerm_virtual_hub_routing_intent" "this" {
+  name           = var.virtual_hubs.routing_intent_name
+  virtual_hub_id = azurerm_virtual_hub.this.id
+
+  routing_policy {
+    name         = "_policy_PublicTraffic"
+    destinations = ["Internet"]
+    next_hop     = azurerm_firewall.this.id
+  }
+  routing_policy {
+    name         = "_policy_PrivateTraffic"
+    destinations = ["PrivateTraffic"]
+    next_hop     = azurerm_firewall.this.id
+  }
+  depends_on = [azurerm_firewall.this, azurerm_firewall_policy.this]
+}
+
+
diff --git a/variables.tf b/variables.tf
@@ -73,4 +73,5 @@ variable "hub_bgp_peers" {
     peer_ip            = string
     vnet_connection_id = string
   }))
+  default = {}
 }