# set required vdc variables before calling function
vdc.tags = config.default_tags
# all resources will be created in configuration location
resource_group_name = vdc.resource_group(config.stack)
# single hub with gateways, firewall, DMZ, shared services, bastion (optional)
hub = Hub(
'hub', # stem of child resource names (<4 chars)
HubProps(
azure_bastion=config.azure_bastion,
forced_tunnel=config.forced_tunnel,
firewall_address_space=config.firewall_address_space,
hub_address_space=config.hub_address_space,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
stack=config.stack,
subnets=[ # extra columns for future ASGs
('domain', 'any', 'any'),
('files', 'any', 'none'),
],
tags=config.default_tags,
),
)
# multiple spokes for application environments with bastion access (optional)
spoke1 = Spoke(
's01', # stem of child resource names (<6 chars)
SpokeProps(
azure_bastion=config.azure_bastion,
fw_rt_name=hub.fw_rt_name,
hub_as = next(stack_sn)
while hub_as.compare_networks(hub_nw) < 0:
hub_as = next(stack_sn)
# assert that hub_address_space == str(hub_as)
# single hub with gateways, firewall, DMZ, shared services, bastion (optional)
hub = Hub(
'hub', # stem of child resource names (<4 chars)
HubProps(
azure_bastion=azure_bastion,
forced_tunnel=config.get_bool('forced_tunnel'),
firewall_address_space=config.require('firewall_address_space'),
hub_address_space=hub_address_space,
peer=peer,
reference=reference,
resource_group_name=resource_group_name,
stack=stack,
subnets=[ # extra columns for future NSGs
('domain', 'any', 'any'),
('files', 'any', 'none'),
],
tags=default_tags,
),
)
# multiple spokes for application environments with bastion access (optional)
spoke_address_space = str(next(stack_sn))
spoke1 = Spoke(
's01', # stem of child resource names (<6 chars)
SpokeProps(
azure_bastion=azure_bastion,
else:
ref = None
# single hub virtual network with gateway, firewall, DMZ and shared services
hub = Hub(
'hub', # stem of child resource names (<4 chars)
HubProps(
resource_group_name=resource_group_name,
tags=default_tags,
stack=stack,
dmz_ar=config.require('firewall_dmz_subnet'),
fwm_ar=config.get('firewall_management_subnet'),
fws_ar=config.require('firewall_subnet'),
fwz_as=config.require('firewall_address_space'),
gws_ar=config.require('hub_gateway_subnet'),
hbs_ar=config.get('hub_bastion_subnet'),
hub_ar=config.require('hub_first_subnet'),
hub_as=config.require('hub_address_space'),
peer=peer,
ref=ref,
subnets=[ # extra columns for future NSGs
('domain', 'any', 'any'),
('files', 'any', 'none'),
],
),
)
# multiple spoke virtual networks for application environments
spoke1 = Spoke(
's01', # stem of child resource names (<6 chars)
SpokeProps(
# set default tags to be applied to all taggable resources
stack = get_stack()
default_tags = {'environment': stack}
# all resources will be created in the Resource Group location
resource_group = core.ResourceGroup(
stack + '-vdc-rg-',
tags=default_tags,
)
# Hub virtual network with gateway, firewall, DMZ and shared services subnets
hub1 = Hub(
config.require('hub_stem'),
HubProps(
config=config,
resource_group=resource_group,
tags=default_tags,
stack=stack,
),
opts=ResourceOptions(
custom_timeouts=CustomTimeouts(create='1h', update='1h', delete='1h')),
)
# Spoke virtual network for application environments
spoke1 = Spoke(
config.require('spoke_stem'),
SpokeProps(
config=config,
resource_group=resource_group,
tags=default_tags,
hub=hub1,
),