add network ruleset config, pre-commit fix

cloudkite-io · Mar 6, 2024 · 5ac7117 · 5ac7117
1 parent 5604988
commit 5ac7117
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/modules/azure/event-hubs/main.tf b/modules/azure/event-hubs/main.tf
@@ -27,8 +27,9 @@ resource "azurerm_eventhub_namespace" "events" {
   dynamic "network_rulesets" {
     for_each = each.value.network_rules != null ? ["true"] : []
     content {
-      default_action = "Deny"
-
+      default_action                 = "Deny"
+      public_network_access_enabled  = each.value.public_network_access_enabled
+      trusted_service_access_enabled = each.value.trusted_service_access_enabled
       dynamic "ip_rule" {
         for_each = each.value.network_rules.ip_rules
         iterator = iprule
@@ -41,7 +42,8 @@ resource "azurerm_eventhub_namespace" "events" {
         for_each = each.value.network_rules.subnet_ids
         iterator = subnet
         content {
-          subnet_id = subnet.value
+          ignore_missing_virtual_network_service_endpoint = false
+          subnet_id                                       = subnet.value
         }
       }
     }

diff --git a/modules/azure/event-hubs/variables.tf b/modules/azure/event-hubs/variables.tf
@@ -33,8 +33,10 @@ variable "event_hubs_namespaces" {
       maximum_throughput_units = optional(number)
     })
     network_rules = optional(object({
-      ip_rules   = list(string)
-      subnet_ids = list(string)
+      ip_rules                       = optional(list(string), [""])
+      subnet_ids                     = optional(list(string), [""])
+      public_network_access_enabled  = optional(bool, false)
+      trusted_service_access_enabled = optional(bool, false)
     }))
     private_endpoint = optional(object({
       enabled = optional(bool, false)