Only essential differences between azure-py-vdc and azureng-py-vdc (p…

…ulumi#810)

* Backport location, separator and suffix

* Add suffix to logical names

* Update README

* Update README

* Reconcile READMEs

* Only append suffix where needed

* Update READMEs

* Typed apply works for both

* Update comment for apply

* Improve configuration and error handling

* Restore previous peering

azure-nextgen-py-virtual-data-center/Pulumi.yaml

@@ -22,11 +22,11 @@ template:
  description: Azure region to deploy to (e.g. `australiaeast` or `australiasoutheast`)
  default: australiaeast
  org:
- description: Pulumi organization in which this project resides (optional)
+ description: Another organization having a project and stack to peer with (optional)
  peer:
- description: Another stack in same organization and project to peer hubs with (optional)
+ description: Another stack having corresponding Outputs to peer with (optional)
  project:
- description: Another project defining a stack with the same hub and spoke names to peer with (optional)
+ description: Another project having a stack to peer with (optional)
  separator:
  description: A dash (-) breaks up names by default; specify valid character or ' ' for none (optional)
  suffix:

azure-nextgen-py-virtual-data-center/__main__.py

@@ -9,7 +9,6 @@
 vdc.s = config.separator
 vdc.suffix = config.suffix
 vdc.tags = config.default_tags
-# all resources will be created in configuration location
 resource_group_name = vdc.resource_group(config.stack)
 
 # single hub with gateways, firewall, DMZ, shared services, bastion (optional)

azure-nextgen-py-virtual-data-center/config.py

@@ -21,23 +21,25 @@ def __init__(self, keys: [str], message: str):
 
 # retrieve the location
 location = config.require('location')
+#if not location:
+# azcfg = Config('azure-nextgen')
+# azloc = azcfg.require('location')
 
 # retrieve optional separator choice and suffix
-separator = config.get('separator')
-if not separator:
- separator = '-'
-else:
- separator = separator[0]
+separator = config.get('separator') or '-'
+separator = separator[0]
 if separator == ' ':
  separator = ''
-suffix = config.get('suffix')
-if not suffix:
- suffix = ''
+suffix = config.get('suffix') or ''
 
-# set default tags to be applied to all taggable resources
+# retrieve project and stack (org not yet available)
+project = get_project()
 stack = get_stack()
+# set default tags to be applied to all taggable resources
 default_tags = {
- 'environment': stack
+ 'manager': 'pulumi',
+ 'project': project,
+ 'stack': stack,
 }
 
 # Azure Bastion hosts in hub and spokes (until functional across peerings)
@@ -49,19 +51,19 @@ def __init__(self, keys: [str], message: str):
  ft_ip = ip_address(forced_tunnel) # check IP address is valid
 
 # another stack may be peered in the same project, even across organizations
-org = config.get('org')
 peer = config.get('peer')
-project = config.get('project')
-if org and not project:
- project = get_project()
-if not org:
- org = ''
-if not project:
- project = ''
+porg = config.get('org')
+proj = config.get('project')
+if porg and not proj: # assume the same project in other organization
+ proj = project
+if not porg: # assume the same organization
+ porg = ''
+if not proj: # assume the same project
+ proj = ''
 if not peer:
  reference = None
 else:
- reference = StackReference(f'{org}/{project}/{peer}')
+ reference = StackReference(f'{porg}/{proj}/{peer}')
 
 # validate firewall_address_space and hub_address_space
 firewall_address_space = config.require('firewall_address_space')

azure-nextgen-py-virtual-data-center/hub.py

@@ -90,7 +90,7 @@ def __init__(self, name: str, props: HubProps, opts: ResourceOptions=None):
  stem = f'{name}{s}fwm',
  disable_bgp_route_propagation = True, #required
  )
-  # only a default route to the Internet is permitted
+ # only a default route to the Internet is permitted
  hub_fwm_dg = vdc.route_to_internet(
  stem = f'fwm{s}internet',
  route_table_name = hub_fwm_rt.name,
@@ -146,9 +146,9 @@ def __init__(self, name: str, props: HubProps, opts: ResourceOptions=None):
  depends_on = [hub_fw_sn, hub_fwm_sn],
  )
 
- # work around https://github.com/pulumi/pulumi/issues/4040
+ # wait for the private ip address of the firewall to become available
  hub_fw_ip = hub_fw.ip_configurations.apply(
- lambda ipc: ipc[0].get('privateIPAddress')
+ lambda ipc: ipc[0].private_ip_address
  )
  # It is very important to ensure that there is never a route with an
  # address_prefix which covers the AzureFirewallSubnet.
@@ -161,25 +161,25 @@ def __init__(self, name: str, props: HubProps, opts: ResourceOptions=None):
  )
  # default route from DMZ via the firewall
  hub_dmz_dg = vdc.route_to_virtual_appliance(
-  stem = f'dmz{s}dg',
-  route_table_name = hub_dmz_rt.name,
-  address_prefix = '0.0.0.0/0',
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'dmz{s}dg',
+ route_table_name = hub_dmz_rt.name,
+ address_prefix = '0.0.0.0/0',
+ next_hop_ip_address = hub_fw_ip,
+ )
  # redirect intra-DMZ traffic via the firewall
  hub_dmz_dmz = vdc.route_to_virtual_appliance(
-  stem = f'dmz{s}dmz',
-  route_table_name = hub_dmz_rt.name,
-  address_prefix = dmz_ar,
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'dmz{s}dmz',
+ route_table_name = hub_dmz_rt.name,
+ address_prefix = dmz_ar,
+ next_hop_ip_address = hub_fw_ip,
+ )
  # redirect traffic from DMZ to hub via the firewall
  hub_dmz_hub = vdc.route_to_virtual_appliance(
-  stem = f'dmz{s}hub',
-  route_table_name = hub_dmz_rt.name,
-  address_prefix = props.hub_address_space,
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'dmz{s}hub',
+ route_table_name = hub_dmz_rt.name,
+ address_prefix = props.hub_address_space,
+ next_hop_ip_address = hub_fw_ip,
+ )
  hub_dmz_sn = vdc.subnet_special( #ToDo add NSG
  stem = f'{name}{s}dmz',
  name = 'DMZ', # name not required but preferred
@@ -203,18 +203,18 @@ def __init__(self, name: str, props: HubProps, opts: ResourceOptions=None):
  )
  # redirect traffic from gateways to DMZ via firewall
  hub_gw_dmz = vdc.route_to_virtual_appliance(
-  stem = f'gw{s}dmz',
-  route_table_name = hub_gw_rt.name,
-  address_prefix = dmz_ar,
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'gw{s}dmz',
+ route_table_name = hub_gw_rt.name,
+ address_prefix = dmz_ar,
+ next_hop_ip_address = hub_fw_ip,
+ )
  # redirect traffic from gateways to hub via firewall
  hub_gw_hub = vdc.route_to_virtual_appliance(
-  stem = f'gw{s}hub',
-  route_table_name = hub_gw_rt.name,
-  address_prefix = props.hub_address_space,
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'gw{s}hub',
+ route_table_name = hub_gw_rt.name,
+ address_prefix = props.hub_address_space,
+ next_hop_ip_address = hub_fw_ip,
+ )
  hub_gw_sn = vdc.subnet_special(
  stem = f'{name}{s}gw',
  name = 'GatewaySubnet', # name required
@@ -246,25 +246,25 @@ def __init__(self, name: str, props: HubProps, opts: ResourceOptions=None):
  )
  # default route from hub via the firewall
  hub_ss_dg = vdc.route_to_virtual_appliance(
-  stem = f'ss{s}dg',
-  route_table_name = hub_ss_rt.name,
-  address_prefix = '0.0.0.0/0',
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'ss{s}dg',
+ route_table_name = hub_ss_rt.name,
+ address_prefix = '0.0.0.0/0',
+ next_hop_ip_address = hub_fw_ip,
+ )
  # redirect traffic from hub to DMZ via the firewall
  hub_ss_dmz = vdc.route_to_virtual_appliance(
-  stem = f'ss{s}dmz',
-  route_table_name = hub_ss_rt.name,
-  address_prefix = dmz_ar,
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'ss{s}dmz',
+ route_table_name = hub_ss_rt.name,
+ address_prefix = dmz_ar,
+ next_hop_ip_address = hub_fw_ip,
+ )
  # redirect traffic from hub to gateways via the firewall
  hub_ss_gw = vdc.route_to_virtual_appliance(
-  stem = f'ss{s}gw',
-  route_table_name = hub_ss_rt.name,
-  address_prefix = gws_ar,
-  next_hop_ip_address = hub_fw_ip,
-  )
+ stem = f'ss{s}gw',
+ route_table_name = hub_ss_rt.name,
+ address_prefix = gws_ar,
+ next_hop_ip_address = hub_fw_ip,
+ )
  # shared services subnets starting with the second subnet
  for subnet in props.subnets:
  next_sn = next(subnets)