Merge pull request #4 from bcgov/dns-ipam-fix

Environment Variable Added for Private DNS
bcgov · Aug 27, 2024 · cc1df8c · cc1df8c
2 parents d5f3bcc + 23abe61
commit cc1df8c
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 5 deletions.
diff --git a/azure_private_dns/README.md b/azure_private_dns/README.md
@@ -22,4 +22,4 @@ No inputs.
 ## Outputs
 
 No outputs.
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/azure_private_dns/virtual_network/README.md b/azure_private_dns/virtual_network/README.md
@@ -39,6 +39,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_IPAM_TOKEN"></a> [IPAM\_TOKEN](#input\_IPAM\_TOKEN) | (Required) The IPAM token to use for IP address management. | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | This is either LIVE or FORGE. | `string` | n/a | yes |
 | <a name="input_firewall_private_ip_address"></a> [firewall\_private\_ip\_address](#input\_firewall\_private\_ip\_address) | (Required) Private IP address of the Azure Firewall to connect to. | `list(string)` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | (Required) Azure region to deploy to. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_private_dns_resolver_virtual_network_name"></a> [private\_dns\_resolver\_virtual\_network\_name](#input\_private\_dns\_resolver\_virtual\_network\_name) | (Required) Name of the Virtual Network to deploy the Private DNS Resolver into. | `string` | n/a | yes |

diff --git a/azure_private_dns/virtual_network/ipam.tf b/azure_private_dns/virtual_network/ipam.tf
@@ -1,6 +1,6 @@
 resource "azureipam_reservation" "private_dns_resolver" {
-  space       = "bcgov-managed-lz-forge"
-  block       = "bcgov-managed-lz-forge"
+  space       = "bcgov-managed-lz-${lower(var.environment)}"
+  block       = "bcgov-managed-lz-${lower(var.environment)}"
   size        = 23 # NOTE: Two /24 subnets are required for the Azure Private DNS Resolvers (https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview#virtual-network-restrictions)
   description = "Azure Private DNS Resolvers"
 }
diff --git a/azure_private_dns/virtual_network/locals.tf b/azure_private_dns/virtual_network/locals.tf
@@ -1,3 +1,3 @@
 locals {
-
+  api_url = var.environment == "FORGE" ? "https://ipam-forge.azurewebsites.net" : "https://ipam-live.azurewebsites.net"
 }
diff --git a/azure_private_dns/virtual_network/provider.tf b/azure_private_dns/virtual_network/provider.tf
@@ -31,6 +31,6 @@ provider "azapi" {
 }
 
 provider "azureipam" {
-  api_url = "https://ipam-forge.azurewebsites.net"
+  api_url = local.api_url
   token   = var.IPAM_TOKEN
 }
diff --git a/azure_private_dns/virtual_network/variables.tf b/azure_private_dns/virtual_network/variables.tf
@@ -6,6 +6,16 @@ variable "IPAM_TOKEN" {
   # For local testing, add the IPAM token to an environment variable using: export TF_VAR_IPAM_TOKEN="<ACCESS_TOKEN_VALUE>"
 }
 
+variable "environment" {
+  description = "This is either LIVE or FORGE."
+  type        = string
+
+  validation {
+    condition     = contains(["LIVE", "FORGE"], var.environment)
+    error_message = "ERROR: Only LIVE or FORGE are allowed for the variable \"environment\"."
+  }
+}
+
 variable "subscription_id_connectivity" {
   description = "(Required) Subscription ID to use for \"connectivity\" resources."
   type        = string