feat: support virtual network firewall rules

dploeger · dploeger · commit 81022a397ce3 · 2021-05-12T14:45:41.000+02:00
diff --git a/README.md b/README.md
@@ -37,6 +37,7 @@ The following resources are used by this module:
 - [azurerm_mysql_database.db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_database) (resource)
 - [azurerm_mysql_firewall_rule.firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_firewall_rule) (resource)
 - [azurerm_mysql_server.server](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server) (resource)
+- [azurerm_mysql_virtual_network_rule.virtualnetworks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_virtual_network_rule) (resource)
 
 ## Required Inputs
 
@@ -98,13 +99,13 @@ Description:     A hash of permissions to access the database server by ip. The
 Type:
 
 ```hcl
-object({
+map(object({
     start = string,
     end   = string
-  })
+  }))
 ```
 
-Default: `[]`
+Default: `{}`
 
 ### backup\_retention\_days
 
@@ -154,6 +155,14 @@ Type: `string`
 
 Default: `""`
 
+### virtual\_networks
+
+Description: Maps of prefix => virtual network id that has access to the server
+
+Type: `map(string)`
+
+Default: `{}`
+
 ## Outputs
 
 The following outputs are exported:
diff --git a/firewall.tf b/firewall.tf
@@ -6,3 +6,11 @@ resource "azurerm_mysql_firewall_rule" "firewall" {
   resource_group_name = var.resource_group
   server_name         = azurerm_mysql_server.server.name
 }
+
+resource "azurerm_mysql_virtual_network_rule" "virtualnetworks" {
+  for_each            = var.virtual_networks
+  name                = "${var.project}${var.stage}dbfwnet${each.key}"
+  resource_group_name = var.resource_group
+  server_name         = azurerm_mysql_server.server.name
+  subnet_id           = each.value
+}
diff --git a/vars.tf b/vars.tf
@@ -85,3 +85,9 @@ variable "allowed_ips" {
   }))
   default = {}
 }
+
+variable "virtual_networks" {
+  type        = map(string)
+  description = "Maps of prefix => virtual network id that has access to the server"
+  default     = {}
+}
