Make provision use bastion local_ip when bastion is not public

cmd-ntrf · cmd-ntrf · commit ce79e0ff49f5 · 2025-10-10T10:57:10.000-04:00
diff --git a/common/provision/main.tf b/common/provision/main.tf
@@ -59,13 +59,17 @@ data "archive_file" "puppetserver_files" {
   }
 }
 
+locals {
+  bastion_host = length(var.configuration.bastions) > 0 ? var.configuration.bastions[keys(var.configuration.bastions)[0]] : null
+}
+
 resource "terraform_data" "deploy_puppetserver_files" {
-  for_each = length(var.configuration.bastions) > 0 ? var.configuration.puppetservers : {}
+  for_each = bastion_host != null ? var.configuration.puppetservers : {}
 
   connection {
     type                = "ssh"
     agent               = false
-    bastion_host        = var.configuration.bastions[keys(var.configuration.bastions)[0]].public_ip
+    bastion_host        = contains(bastion_host.tags, "public") ? bastion_host.public_ip : bastion_host.local_ip
     bastion_user        = "tf"
     bastion_private_key = var.configuration.ssh_key.private
     user                = "tf"
