azure/core: Add "allow_gateway_transit" as an optional argument in th…

…e peering configuration #929 (#937)

CHANGELOG.md

@@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - [#936](https://github.com/XenitAB/terraform-modules/pull/936) Add Spegel to AKS and EKS.
 
 ### Changed
+- [#929](https://github.com/XenitAB/terraform-modules/pull/928) Make allow_gateway_transit configurable.
 
 - [#928](https://github.com/XenitAB/terraform-modules/pull/928) Enable Node TTL by default.
 - [#935](https://github.com/XenitAB/terraform-modules/pull/935) Update Node TTL to v0.0.6 and enable monitoring.

modules/azure/core/README.md

@@ -60,7 +60,7 @@ No modules.
 | <a name="input_location_short"></a> [location\_short](#input\_location\_short) | The Azure region short name | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | The commonName to use for the deploy | `string` | n/a | yes |
 | <a name="input_notification_email"></a> [notification\_email](#input\_notification\_email) | Email address to send alert notifications | `string` | n/a | yes |
-| <a name="input_peering_config"></a> [peering\_config](#input\_peering\_config) | Network peering configuration | <pre>list(object({<br>    name                         = string<br>    remote_virtual_network_id    = string<br>    allow_forwarded_traffic      = bool<br>    use_remote_gateways          = bool<br>    allow_virtual_network_access = bool<br>  }))</pre> | `[]` | no |
+| <a name="input_peering_config"></a> [peering\_config](#input\_peering\_config) | Network peering configuration | <pre>list(object({<br>    name                         = string<br>    remote_virtual_network_id    = string<br>    allow_forwarded_traffic      = bool<br>    use_remote_gateways          = bool<br>    allow_virtual_network_access = bool<br>    allow_gateway_transit        = optional(bool, false) # Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network. <br>  }))</pre> | `[]` | no |
 | <a name="input_route_config"></a> [route\_config](#input\_route\_config) | Route configuration. Not applied to AKS subnets | <pre>list(object({<br>    subnet_name                   = string                # Short name for the subnet<br>    disable_bgp_route_propagation = optional(bool, false) # Controls propagation of routes learned by BGP on that route table <br>    routes = list(object({<br>      name                   = string # Name of the route<br>      address_prefix         = string # Example: 192.168.0.0/24<br>      next_hop_type          = string # VirtualNetworkGateway, VnetLocal, Internet, VirtualAppliance and None<br>      next_hop_in_ip_address = string # Only set if next_hop_type is VirtualAppliance<br>    }))<br><br>  }))</pre> | `[]` | no |
 | <a name="input_subnet_private_endpoints"></a> [subnet\_private\_endpoints](#input\_subnet\_private\_endpoints) | Enable private enpoint for specific subnet names | `map(bool)` | `{}` | no |
 | <a name="input_subscription_name"></a> [subscription\_name](#input\_subscription\_name) | The subscription commonName to use for the deploy | `string` | n/a | yes |

modules/azure/core/network.tf

@@ -19,4 +19,5 @@ resource "azurerm_virtual_network_peering" "this" {
   allow_forwarded_traffic      = each.value.peering_config.allow_forwarded_traffic
   use_remote_gateways          = each.value.peering_config.use_remote_gateways
   allow_virtual_network_access = each.value.peering_config.allow_virtual_network_access
+  allow_gateway_transit        = each.value.peering_config.allow_gateway_transit
 }

modules/azure/core/variables.tf

@@ -66,6 +66,7 @@ variable "peering_config" {
     allow_forwarded_traffic      = bool
     use_remote_gateways          = bool
     allow_virtual_network_access = bool
+    allow_gateway_transit        = optional(bool, false) # Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network. 
   }))
   default = []
 }