Merge branch 'rfernandezdo-feature/add_ddos_protection_plan_id_var_no…

…n_global_to_DDOS'
aztfmod · Aug 3, 2023 · c2ae15a · c2ae15a
2 parents ddd6937 + 799e2d6
commit c2ae15a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 1 deletion.
diff --git a/examples/module.tf b/examples/module.tf
@@ -202,6 +202,7 @@ module "example" {
     azurerm_routes                                          = var.azurerm_routes
     cdn_profile                                             = var.cdn_profile
     cdn_endpoint                                            = var.cdn_endpoint
+    ddos_services                                           = var.ddos_services
     dns_zone_records                                        = var.dns_zone_records
     dns_zones                                               = var.dns_zones
     domain_name_registrations                               = var.domain_name_registrations

diff --git a/examples/networking/ddos_reusing_existing_plan_id/configuration.tfvars b/examples/networking/ddos_reusing_existing_plan_id/configuration.tfvars
@@ -0,0 +1,36 @@
+#Please don't include this example in CI due to DDOS Cost consumption
+
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "australiaeast"
+  }
+}
+
+resource_groups = {
+  ddosrg = {
+    name   = "ddos"
+    region = "region1"
+  }
+}
+
+ddos_services = {
+  ddos = {
+    name               = "ddos-testplan"
+    resource_group_key = "ddosrg"
+  }
+}
+
+vnets = {
+  vnet1 = {
+    # ddos_services_lz_key = "" #If the reference of Remote DDOS subscription plan is being inferred
+    # ddos_services_key  = "ddos"
+    ddos_protection_plan_id = "/subscriptions/00000000-0000-0000-0000-0000000/resourceGroups/rgname/providers/Microsoft.Network/ddosProtectionPlans/planname" 
+    resource_group_key = "ddosrg"
+    vnet = {
+      name          = "test-vnet"
+      address_space = ["10.0.0.0/16"]
+    }
+    specialsubnets = {}
+  }
+}
diff --git a/examples/variables.tf b/examples/variables.tf
@@ -289,6 +289,9 @@ variable "virtual_machines" {
 variable "virtual_machine_scale_sets" {
   default = {}
 }
+variable "ddos_services" {
+  default = {}
+}
 variable "bastion_hosts" {
   default = {}
 }

diff --git a/networking.tf b/networking.tf
@@ -33,7 +33,7 @@ module "networking" {
 
   application_security_groups       = local.combined_objects_application_security_groups
   client_config                     = local.client_config
-  ddos_id                           = try(local.combined_objects_ddos_services[try(each.value.ddos_services_lz_key, local.client_config.landingzone_key)][try(each.value.ddos_services_key, each.value.ddos_services_key)].id, "")
+  ddos_id                           = can(each.value.ddos_protection_plan_id) || can(each.value.ddos_services_key) == false ? try(each.value.ddos_protection_plan_id, null) : try(local.combined_objects_ddos_services[try(each.value.ddos_services_lz_key, local.client_config.landingzone_key)][try(each.value.ddos_services_key, each.value.ddos_services_key)].id, "")
   diagnostics                       = local.combined_diagnostics
   global_settings                   = local.global_settings
   network_security_groups           = module.network_security_groups