Add subscription_id to azurerm and delegated_subnet inputs; update in…

…gress note in readme (#51) Signed-off-by: Jim Enright <[email protected]>
cloudera-labs · Oct 21, 2024 · a3a075c · a3a075c
1 parent 9966bf2
commit a3a075c
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -139,9 +139,9 @@ To use an existing SSH key, set the keypair name (for AWS) or public key text (f
 
 ### Access to UI and API endpoints
 
-By default inbound access to the UI and API endpoints of your deployment will be allowed from the public IP of executing host.
+The optional variable `ingress_extra_cidrs_and_ports` in the `terraform.tvars` file defines the list of client IP allowed to access - via ssh and https - the UI and API endpoints of your deployment.
 
-To add additional CIDRs or IP ranges, set the optional `ingress_extra_cidrs_and_ports` variable in the `terraform.tvars` file.
+When commented, this variable defaults to current public IP of the terraform client. In case this IP is a leased one - hence that might change overtime - you can uncomment this variable and set additional CIDRs or IP ranges via the `ingress_extra_cidrs_and_ports` variable.
 
 ### Notes on AWS authentication
 

diff --git a/aws/terraform.tfvars.template b/aws/terraform.tfvars.template
@@ -35,6 +35,7 @@ deployment_template = "<ENTER_VALUE>"  # Specify the deployment pattern below. O
 # aws_key_pair = "<ENTER_VALUE>" # Set this to specify the name of a pre-existing AWS keypair, e.g. my-keypair
 
 # If required use the variable below for any additional CIDRs to add the the AWS Security Groups
+# When commented UI and SSH access will be allowed only from the public IP of executing host.
 # ingress_extra_cidrs_and_ports = {
 # cidrs = ["<ENTER_IP_VALUE>/32", "<ENTER_IP_VALUE>/32"],
 # ports = [443, 22]

diff --git a/azure/main.tf b/azure/main.tf
@@ -43,6 +43,7 @@ terraform {
 }
 
 provider "azurerm" {
+  subscription_id = var.azure_subscription_id
   features {
     resource_group {
       prevent_deletion_if_contains_resources = false
@@ -64,11 +65,12 @@ module "cdp_azure_prereqs" {
   ingress_extra_cidrs_and_ports = local.ingress_extra_cidrs_and_ports
 
   # Inputs for BYO-VNet
-  create_vnet            = var.create_vnet
-  cdp_resourcegroup_name = var.cdp_resourcegroup_name
-  cdp_vnet_name          = var.cdp_vnet_name
-  cdp_subnet_names       = var.cdp_subnet_names
-  cdp_gw_subnet_names    = var.cdp_gw_subnet_names
+  create_vnet                = var.create_vnet
+  cdp_resourcegroup_name     = var.cdp_resourcegroup_name
+  cdp_vnet_name              = var.cdp_vnet_name
+  cdp_subnet_names           = var.cdp_subnet_names
+  cdp_gw_subnet_names        = var.cdp_gw_subnet_names
+  cdp_delegated_subnet_names = var.cdp_delegated_subnet_names
 
   # Tags to apply resources (omitted by default)
   env_tags = var.env_tags

diff --git a/azure/terraform.tfvars.template b/azure/terraform.tfvars.template
@@ -35,7 +35,9 @@ deployment_template = "<ENTER_VALUE>"  # Specify the deployment pattern below. O
 
 # public_key_text = "<ENTER_VALUE>" # Set this to specifiy an existing SSH public key text, e.g. ssh-rsa AAA....
 
+
 # If required use the variable below for any additional CIDRs to add the Azure Security Groups
+# When commented UI and SSH access will be allowed only from the public IP of executing host.
 # ingress_extra_cidrs_and_ports = {
 # cidrs = ["<ENTER_IP_VALUE>/32", "<ENTER_IP_VALUE>/32"],
 # ports = [443, 22]
@@ -49,4 +51,5 @@ deployment_template = "<ENTER_VALUE>"  # Specify the deployment pattern below. O
 # cdp_resourcegroup_name="<ENTER_EXISTING_RG_NAME>" # Name of pre-existing Resource Group for CDP environment. Required if create_vnet is false
 # cdp_vnet_name="<ENTER_EXISTING_VNET_NAME>" # Name of pre-existing VNet for CDP environment. Required if create_vnet is false
 # cdp_subnet_names=["<ENTER_EXISTING_SUBNET_NAME>","<ENTER_EXISTING_SUBNET_NAME>"] # List of pre-existing subnet names for CDP resources. Required if create_vnet is false
-# cdp_gw_subnet_names=["<ENTER_EXISTING_SUBNET_NAME>"] # List of pre-existing subnet names for CDP Gateway. Required if create_vnet is false. NOTE: Can be an empty list depending on deployment_template.
+# cdp_gw_subnet_names=["<ENTER_EXISTING_SUBNET_NAME>"] # List of pre-existing subnet names for CDP Gateway. Required if create_vnet is false. NOTE: Can be an empty list depending on deployment_template.
+# cdp_delegated_subnet_names=["<ENTER_EXISTING_SUBNET_NAME>"] # List of pre-existing subnet names delegated for Postgres flexible servers. NOTE: Can be an empty list depending on deployment_template.
diff --git a/azure/variables.tf b/azure/variables.tf
@@ -166,5 +166,12 @@ variable "cdp_gw_subnet_names" {
   type        = list(any)
   description = "List of subnet names for CDP Gateway. Required if create_vnet is false."
 
+  default = null
+}
+
+variable "cdp_delegated_subnet_names" {
+  type        = list(any)
+  description = "List of subnet names delegated for Flexible Servers. Required if create_vnet is false."
+
   default = null
 }
diff --git a/gcp/terraform.tfvars.template b/gcp/terraform.tfvars.template
@@ -39,6 +39,7 @@ deployment_template = "<ENTER_VALUE>"  # Specify the deployment pattern below. O
 # public_key_text = "<ENTER_VALUE>" # Set this to specifiy an existing SSH public key text, e.g. ssh-rsa AAA....
 
 # If required use the variable below for any additional CIDRs to add the GCP Security Groups
+# When commented UI and SSH access will be allowed only from the public IP of executing host.
 # ingress_extra_cidrs_and_ports = {
 # cidrs = ["<ENTER_IP_VALUE>/32", "<ENTER_IP_VALUE>/32"],
 # ports = [443, 22]