From 5ab464dc05f0e3e802aeaecba4858c938797a8d7 Mon Sep 17 00:00:00 2001
From: Jesse Reynolds <jesse@va.com.au>
Date: Mon, 12 May 2025 13:08:06 +1000
Subject: [PATCH] allow nodes to access puppet servers, compilers, and load
 balancer

---
 main.tf                      | 2 +-
 modules/instances/outputs.tf | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 8735b59..00701ab 100644
--- a/main.tf
+++ b/main.tf
@@ -92,7 +92,7 @@ module "networking" {
   source        = "./modules/networking"
   id            = local.id
   resourcegroup = azurerm_resource_group.resource_group
-  allow         = var.firewall_allow
+  allow         = concat(module.instances.node_public_ips, var.firewall_allow)
   region        = var.region
   tags          = local.tags
 }
diff --git a/modules/instances/outputs.tf b/modules/instances/outputs.tf
index 2d96256..19ee289 100644
--- a/modules/instances/outputs.tf
+++ b/modules/instances/outputs.tf
@@ -11,4 +11,9 @@ value       = var.compiler_count == 0 ?  azurerm_network_interface.server_nic[*]
 output "primary_ip" {
 value       = try(azurerm_public_ip.server_public_ip[0], "")
 description = "IP of primary server"
+}
+
+output "node_public_ips" {
+  value = azurerm_public_ip.node_public_ip[*].ip_address
+  description = "Public IPS of all non-puppet-infra nodes"
 }
\ No newline at end of file