-
Notifications
You must be signed in to change notification settings - Fork 881
/
__main__.py
90 lines (85 loc) · 2.77 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import config
import vdc
from hub import HubProps, Hub
from spoke import SpokeProps, Spoke
from pulumi import export
# set required vdc variables before calling function
vdc.location = config.location
vdc.s = config.separator
vdc.suffix = config.suffix
vdc.tags = config.default_tags
resource_group_name = vdc.resource_group(config.stack)
# single hub with gateways, firewall, DMZ, shared services, bastion (optional)
hub = Hub(
'hub', # stem of child resource names (<4 chars)
HubProps(
azure_bastion=config.azure_bastion,
forced_tunnel=config.forced_tunnel,
firewall_address_space=config.firewall_address_space,
hub_address_space=config.hub_address_space,
location=config.location,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
separator=config.separator,
stack=config.stack,
subnets=[ # extra columns for future ASGs
('domain', 'any', 'any'),
('files', 'any', 'none'),
],
suffix=config.suffix,
tags=config.default_tags,
),
)
# multiple spokes for application environments with bastion access (optional)
spoke1 = Spoke(
's01', # stem of child resource names (<6 chars)
SpokeProps(
azure_bastion=config.azure_bastion,
fw_rt_name=hub.fw_rt_name,
hub=hub,
location=config.location,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
separator=config.separator,
spoke_address_space=str(next(config.stack_sn)),
subnets=[ # extra columns for future ASGs
('web', 'any', 'app'),
('app', 'web', 'db'),
('db', 'app', 'none'),
],
suffix=config.suffix,
tags=config.default_tags,
),
)
spoke2 = Spoke(
's02', # stem of child resource names (<6 chars)
SpokeProps(
azure_bastion=config.azure_bastion,
fw_rt_name=hub.fw_rt_name,
hub=hub,
location=config.location,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
separator=config.separator,
spoke_address_space=str(next(config.stack_sn)),
subnets=[ # extra columns for future ASGs
('web', 'any', 'app'),
('app', 'web', 'db'),
('db', 'app', 'none'),
],
suffix=config.suffix,
tags=config.default_tags,
),
)
# export information about the stack required for stack peering
export('dmz_ar', hub.dmz_ar)
export('fw_ip', hub.fw_ip)
export('hub_as', hub.address_space)
export('hub_id', hub.id)
export('s01_as', spoke1.address_space)
export('s01_id', spoke1.id)
export('s02_as', spoke2.address_space)
export('s02_id', spoke2.id)