Add Tags to Route Table and Public IPs (#76)

Author: ryan-royals

.gitignore

@@ -53,3 +53,5 @@ README-generated.md
 
 # Certificate files generated by examples
 **/*.pem
+
+

locals.tf

@@ -34,6 +34,7 @@ locals {
       location            = local.virtual_networks_modules[vnet_name].vnet_location
       name                = try(vnet.firewall.default_ip_configuration.public_ip_config.name, "pip-afw-${vnet_name}")
       resource_group_name = vnet.resource_group_name
+      tags                = vnet.firewall.default_ip_configuration.tags
       ip_version          = try(vnet.firewall.default_ip_configuration.public_ip_config.ip_version, "IPv4")
       sku_tier            = try(vnet.firewall.default_ip_configuration.public_ip_config.sku_tier, "Regional")
       zones               = try(vnet.firewall.default_ip_configuration.public_ip_config.zones, null)
@@ -44,6 +45,7 @@ locals {
       location            = local.virtual_networks_modules[k].vnet_location
       name                = try(v.firewall.management_ip_configuration.public_ip_config.name, "pip-afw-mgmt-${k}")
       resource_group_name = v.resource_group_name
+      tags                = v.firewall.management_ip_configuration.tags
       ip_version          = try(v.firewall.management_ip_coniguration.public_ip_config.ip_version, "IPv4")
       sku_tier            = try(v.firewall.management_ip_coniguration.public_ip_config.sku_tier, "Regional")
       zones               = try(v.firewall.management_ip_coniguration.public_ip_config.zones, null)

main.tf

@@ -75,7 +75,7 @@ resource "azurerm_route_table" "hub_routing" {
   name                          = coalesce(var.hub_virtual_networks[each.key].route_table_name, "route-${each.key}")
   resource_group_name           = try(azurerm_resource_group.rg[var.hub_virtual_networks[each.key].resource_group_name].name, var.hub_virtual_networks[each.key].resource_group_name)
   disable_bgp_route_propagation = false
-  tags                          = {}
+  tags                          = var.hub_virtual_networks[each.key].route_table_tags
 
   route {
     address_prefix = "0.0.0.0/0"
@@ -128,7 +128,7 @@ resource "azurerm_public_ip" "fw_default_ip_configuration_pip" {
   ip_version          = each.value.ip_version
   sku                 = "Standard"
   sku_tier            = each.value.sku_tier
-  tags                = {}
+  tags                = each.value.tags
   zones               = each.value.zones
 }
 
@@ -142,7 +142,7 @@ resource "azurerm_public_ip" "fw_management_ip_configuration_pip" {
   ip_version          = each.value.ip_version
   sku                 = "Standard"
   sku_tier            = each.value.sku_tier
-  tags                = {}
+  tags                = each.value.tags
   zones               = each.value.zones
 }
 

variables.tf

@@ -5,6 +5,7 @@ variable "hub_virtual_networks" {
     location                        = string
     resource_group_name             = string
     route_table_name                = optional(string)
+    route_table_tags                = optional(map(string))
     bgp_community                   = optional(string)
     ddos_protection_plan_id         = optional(string)
     dns_servers                     = optional(list(string))
@@ -71,6 +72,7 @@ variable "hub_virtual_networks" {
       zones                            = optional(list(string))
       default_ip_configuration = optional(object({
         name = optional(string)
+        tags = optional(map(string))
         public_ip_config = optional(object({
           ip_version = optional(string)
           name       = optional(string)
@@ -80,6 +82,7 @@ variable "hub_virtual_networks" {
       }))
       management_ip_configuration = optional(object({
         name = optional(string)
+        tags = optional(map(string))
         public_ip_config = optional(object({
           ip_version = optional(string)
           name       = optional(string)
@@ -114,6 +117,8 @@ A map of the hub virtual networks to create. The map key is an arbitrary value t
 - `routing_address_space` - A list of IPv4 address spaces in CIDR format that are used for routing to this hub, e.g. `["192.168.0.0","172.16.0.0/12"]`.
 - `hub_router_ip_address` - If not using Azure Firewall, this is the IP address of the hub router. This is used to create route table entries for other hub networks.
 - `tags` - A map of tags to apply to the virtual network.
+- `route_table_name` - The name of the route table to create for this hub network.
+- `route_table_tags` - A map of tags to apply to all route tables.
 
 #### Route table entries
 
@@ -157,20 +162,22 @@ A map of the hub virtual networks to create. The map key is an arbitrary value t
   - `name` - (Optional) The name of the firewall resource. If not specified will use `afw-{vnetname}`.
   - `private_ip_ranges` - (Optional) A list of private IP ranges to use for the Azure Firewall, to which the firewall will not NAT traffic. If not specified will use RFC1918.
   - `subnet_route_table_id` = (Optional) The resource id of the Route Table which should be associated with the Azure Firewall subnet. If not specified the module will assign the generated route table.
-  - `tags` - (Optional) A map of tags to apply to the Azure Firewall. If not specified
+  - `tags` - (Optional) A map of tags to apply to the Azure Firewall.
   - `threat_intel_mode` - (Optional) The threat intelligence mode for the Azure Firewall. Possible values include `Alert`, `Deny`, `Off`.
   - `zones` - (Optional) A list of availability zones to use for the Azure Firewall. If not specified will be `null`.
   - `default_ip_configuration` - (Optional) An object with the following fields. If not specified the defaults below will be used:
     - `name` - (Optional) The name of the default IP configuration. If not specified will use `default`.
     - `public_ip_config` - (Optional) An object with the following fields:
       - `name` - (Optional) The name of the public IP configuration. If not specified will use `pip-afw-{vnetname}`.
+      - `tags` - (Optional) A map of tags to apply to the public IP configuration.
       - `zones` - (Optional) A list of availability zones to use for the public IP configuration. If not specified will be `null`.
       - `ip_version` - (Optional) The IP version to use for the public IP configuration. Possible values include `IPv4`, `IPv6`. If not specified will be `IPv4`.
       - `sku_tier` - (Optional) The SKU tier to use for the public IP configuration. Possible values include `Regional`, `Global`. If not specified will be `Regional`.
   - `management_ip_configuration` - (Optional) An object with the following fields. If not specified the defaults below will be used:
     - `name` - (Optional) The name of the management IP configuration. If not specified will use `defaultMgmt`.
     - `public_ip_config` - (Optional) An object with the following fields:
       - `name` - (Optional) The name of the public IP configuration. If not specified will use `pip-afw-mgmt-<Map Key>`.
+      - `tags` - (Optional) A map of tags to apply to the public IP configuration.
       - `zones` - (Optional) A list of availability zones to use for the public IP configuration. If not specified will be `null`.
       - `ip_version` - (Optional) The IP version to use for the public IP configuration. Possible values include `IPv4`, `IPv6`. If not specified will be `IPv4`.
       - `sku_tier` - (Optional) The SKU tier to use for the public IP configuration. Possible values include `Regional`, `Global`. If not specified will be `Regional`.