Skip to content

Enabled support for custom tags across all solutions + VWAN | Added plan parameters #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 17, 2025
Merged

Enabled support for custom tags across all solutions + VWAN | Added plan parameters #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
35f8502
VWAN | Added plan parameters
chkp-natanelm Sep 15, 2025
2a04dde
Enabled support for custom tags across all solutions
chkp-natanelm Sep 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions modules/common/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
resource "azurerm_resource_group" "resource_group" {
name = var.resource_group_name
location = var.location
tags = var.tags
}

4 changes: 2 additions & 2 deletions modules/common/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ variable "maintenance_mode_password_hash" {
}

variable "tags" {
type = map(string)
description = "A map of the tags to use on the resources that are deployed with this module."
description = "Tags to be associated with the resource group."
type = map(string)
default = {}
}

Expand Down
3 changes: 2 additions & 1 deletion modules/high_availability_existing_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_existing_vnet"
version = "1.0.5"
version = "1.0.6"

tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
Expand Down Expand Up @@ -128,3 +128,4 @@ module "example_module" {
| **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs<br />**Default:** [] |
| **security_rules** | Security rules for the Network Security Group | list(any) | A security rule composed of: {name, priority, direction, access, protocol, source_port_ranges, destination_port_ranges, source_address_prefix, destination_address_prefix, description}<br />**Default:** [] |
| **admin_SSH_key** | The SSH public key for SSH connections to the instance. Used when the authentication_type is 'SSH Public Key' | string | **Default:** "" |
| **tags** | Tags can be associated either globally across all resources or scoped to specific resource types. For example, a global tag can be defined as: {"all": {"example": "example"}}.<br/>Supported resource types for tag assignment include:<br>`all` (Applies tags universally to all resource instances)<br/>`resource-group`<br/>`network-interface`<br/>`public-ip`<br/>`public-ip-prefix`<br/>`load-balancer`<br/>`storage-account`<br/>`virtual-machine`<br/>`custom-image`<br/>`availability-set`<br/>**Important:** When identical tag keys are defined both globally under `all` and within a specific resource scope, the tag value specified under `all` overrides the resource-specific tag. | map(map(string)) | {} |
2 changes: 1 addition & 1 deletion modules/high_availability_existing_vnet/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
locals {
module_name = "ha_terraform"
module_version = "1.0.5"
module_version = "1.0.6"
}
23 changes: 23 additions & 0 deletions modules/high_availability_existing_vnet/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ module "common" {
serial_console_password_hash = var.serial_console_password_hash
maintenance_mode_password_hash = var.maintenance_mode_password_hash
storage_account_additional_ips = var.storage_account_additional_ips
tags = merge(lookup(var.tags, "resource-group", {}), lookup(var.tags, "all", {}))
}

//********************** Networking **************************//
Expand All @@ -35,6 +36,7 @@ resource "azurerm_public_ip_prefix" "public_ip_prefix" {
location = module.common.resource_group_location
resource_group_name = module.common.resource_group_name
prefix_length = 30
tags = merge(lookup(var.tags, "public-ip-prefix", {}), lookup(var.tags, "all", {}))
}

data "azurerm_subnet" "frontend" {
Expand All @@ -58,6 +60,7 @@ resource "azurerm_public_ip" "public-ip" {
sku = var.sku
domain_name_label = "${lower(var.cluster_name)}-${count.index+1}-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_public_ip" "cluster-vip" {
Expand All @@ -68,6 +71,7 @@ resource "azurerm_public_ip" "cluster-vip" {
sku = var.sku
domain_name_label = "${lower(var.cluster_name)}-vip-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface" "nic_vip" {
Expand Down Expand Up @@ -103,6 +107,8 @@ resource "azurerm_network_interface" "nic_vip" {
ip_configuration
]
}

tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface_backend_address_pool_association" "nic_vip_lb_association" {
Expand Down Expand Up @@ -137,6 +143,8 @@ resource "azurerm_network_interface" "nic" {
ip_configuration
]
}

tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface_backend_address_pool_association" "nic_lb_association" {
Expand All @@ -162,6 +170,8 @@ resource "azurerm_network_interface" "nic1" {
private_ip_address_allocation = var.vnet_allocation_method
private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0], var.backend_IP_addresses[count.index+1])
}

tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface_backend_address_pool_association" "nic1_lb_association" {
Expand All @@ -181,6 +191,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
sku = var.sku
domain_name_label = "${lower(var.cluster_name)}-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_lb" "frontend-lb" {
Expand All @@ -195,6 +206,8 @@ resource "azurerm_lb" "frontend-lb" {
name = "LoadBalancerFrontend"
public_ip_address_id = azurerm_public_ip.public-ip-lb.id
}

tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
Expand All @@ -213,6 +226,8 @@ resource "azurerm_lb" "backend-lb" {
private_ip_address_allocation = var.vnet_allocation_method
private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0], var.backend_IP_addresses[0])
}

tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
Expand Down Expand Up @@ -256,6 +271,7 @@ resource "azurerm_availability_set" "availability-set" {
platform_fault_domain_count = 2
platform_update_domain_count = 5
managed = true
tags = merge(lookup(var.tags, "availability-set", {}), lookup(var.tags, "all", {}))
}

//********************** Storage accounts **************************//
Expand Down Expand Up @@ -283,6 +299,7 @@ resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
days = "15"
}
}
tags = merge(lookup(var.tags, "storage-account", {}), lookup(var.tags, "all", {}))
}

//********************** Virtual Machines **************************//
Expand All @@ -301,6 +318,8 @@ resource "azurerm_image" "custom-image" {
os_state = "Generalized"
blob_uri = var.source_image_vhd_uri
}

tags = merge(lookup(var.tags, "custom-image", {}), lookup(var.tags, "all", {}))
}
resource "azurerm_virtual_machine" "vm-instance-availability-set" {
depends_on = [
Expand Down Expand Up @@ -393,6 +412,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-set" {
enabled = module.common.boot_diagnostics
storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
}

tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
Expand Down Expand Up @@ -487,6 +508,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
enabled = module.common.boot_diagnostics
storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
}

tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
}
//********************** Role Assigments **************************//
data "azurerm_role_definition" "virtual_machine_contributor_role_definition" {
Expand Down
5 changes: 5 additions & 0 deletions modules/high_availability_existing_vnet/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,3 +322,8 @@ variable "security_rules" {
default = []
}

variable "tags" {
description = "Assign tags by resource."
type = map(map(string))
default = {}
}
3 changes: 2 additions & 1 deletion modules/high_availability_new_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_new_vnet"
version = "1.0.5"
version = "1.0.6"

tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
Expand Down Expand Up @@ -130,3 +130,4 @@ module "example_module" {
| **storage_account_additional_ips**| IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs<br />**Default:** [] |
| **security_rules** | Security rules for the Network Security Group | list(any) | A security rule composed of: {name, priority, direction, access, protocol, source_port_ranges, destination_port_ranges, source_address_prefix, destination_address_prefix, description}<br />**Default:** [] |
| **admin_SSH_key** | The SSH public key for SSH connections to the instance. Used when the authentication_type is 'SSH Public Key' | string | **Default:** "" |
| **tags** | Tags can be associated either globally across all resources or scoped to specific resource types. For example, a global tag can be defined as: {"all": {"example": "example"}}.<br/>Supported resource types for tag assignment include:<br>`all` (Applies tags universally to all resource instances)<br/>`resource-group`<br/>`virtual-network`<br/>`network-security-group`<br/>`network-interface`<br/>`public-ip`<br/>`public-ip-prefix`<br/>`load-balancer`<br/>`route-table`<br/>`storage-account`<br/>`virtual-machine`<br/>`custom-image`<br/>`availability-set`<br/>**Important:** When identical tag keys are defined both globally under `all` and within a specific resource scope, the tag value specified under `all` overrides the resource-specific tag. | map(map(string)) | {} |
2 changes: 1 addition & 1 deletion modules/high_availability_new_vnet/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
locals {
module_name = "ha_terraform"
module_version = "1.0.5"
module_version = "1.0.6"
}
26 changes: 26 additions & 0 deletions modules/high_availability_new_vnet/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ module "common" {
serial_console_password_hash = var.serial_console_password_hash
maintenance_mode_password_hash = var.maintenance_mode_password_hash
storage_account_additional_ips = var.storage_account_additional_ips
tags = merge(lookup(var.tags, "resource-group", {}), lookup(var.tags, "all", {}))
}

//********************** Networking **************************//
Expand All @@ -30,6 +31,7 @@ module "vnet" {
nsg_id = var.nsg_id == "" ? module.network_security_group[0].network_security_group_id: var.nsg_id
address_space = var.address_space
subnet_prefixes = var.subnet_prefixes
tags = var.tags
}

module "network_security_group" {
Expand All @@ -39,6 +41,7 @@ module "network_security_group" {
security_group_name = "${module.common.resource_group_name}_nsg"
location = module.common.resource_group_location
security_rules = var.security_rules
tags = merge(lookup(var.tags, "network-security-group", {}), lookup(var.tags, "all", {}))
}

resource "random_id" "random_id" {
Expand All @@ -54,6 +57,7 @@ resource "azurerm_public_ip_prefix" "public_ip_prefix" {
location = module.common.resource_group_location
resource_group_name = module.common.resource_group_name
prefix_length = 30
tags = merge(lookup(var.tags, "public-ip-prefix", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_public_ip" "public-ip" {
Expand All @@ -65,6 +69,7 @@ resource "azurerm_public_ip" "public-ip" {
sku = var.sku
domain_name_label = "${lower(var.cluster_name)}-${count.index+1}-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_public_ip" "cluster-vip" {
Expand All @@ -75,6 +80,7 @@ resource "azurerm_public_ip" "cluster-vip" {
sku = var.sku
domain_name_label = "${lower(var.cluster_name)}-vip-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface" "nic_vip" {
Expand Down Expand Up @@ -110,6 +116,8 @@ resource "azurerm_network_interface" "nic_vip" {
ip_configuration
]
}

tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface_backend_address_pool_association" "nic_vip_lb_association" {
Expand Down Expand Up @@ -144,6 +152,8 @@ resource "azurerm_network_interface" "nic" {
ip_configuration
]
}

tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface_backend_address_pool_association" "nic_lb_association" {
Expand All @@ -169,6 +179,8 @@ resource "azurerm_network_interface" "nic1" {
private_ip_address_allocation = module.vnet.allocation_method
private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], count.index+5)
}

tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_network_interface_backend_address_pool_association" "nic1_lb_association" {
Expand All @@ -188,6 +200,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
sku = var.sku
domain_name_label = "${lower(var.cluster_name)}-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_lb" "frontend-lb" {
Expand All @@ -202,6 +215,8 @@ resource "azurerm_lb" "frontend-lb" {
name = "LoadBalancerFrontend"
public_ip_address_id = azurerm_public_ip.public-ip-lb.id
}

tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
Expand All @@ -220,6 +235,8 @@ resource "azurerm_lb" "backend-lb" {
private_ip_address_allocation = module.vnet.allocation_method
private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], 4)
}

tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
Expand Down Expand Up @@ -263,6 +280,8 @@ resource "azurerm_availability_set" "availability-set" {
platform_fault_domain_count = 2
platform_update_domain_count = 5
managed = true

tags = merge(lookup(var.tags, "availability-set", {}), lookup(var.tags, "all", {}))
}

//********************** Storage accounts **************************//
Expand Down Expand Up @@ -290,6 +309,7 @@ resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
days = "15"
}
}
tags = merge(lookup(var.tags, "storage-account", {}), lookup(var.tags, "all", {}))
}

//********************** Virtual Machines **************************//
Expand All @@ -308,6 +328,8 @@ resource "azurerm_image" "custom-image" {
os_state = "Generalized"
blob_uri = var.source_image_vhd_uri
}

tags = merge(lookup(var.tags, "custom-image", {}), lookup(var.tags, "all", {}))
}
resource "azurerm_virtual_machine" "vm-instance-availability-set" {
depends_on = [
Expand Down Expand Up @@ -400,6 +422,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-set" {
enabled = module.common.boot_diagnostics
storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
}

tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
}

resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
Expand Down Expand Up @@ -494,6 +518,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
enabled = module.common.boot_diagnostics
storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
}

tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
}
//********************** Role Assigments **************************//
data "azurerm_role_definition" "virtual_machine_contributor_role_definition" {
Expand Down
6 changes: 6 additions & 0 deletions modules/high_availability_new_vnet/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,3 +321,9 @@ variable "security_rules" {
}
]
}

variable "tags" {
description = "Assign tags by resource."
type = map(map(string))
default = {}
}
Loading