diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 32fba6183..e4dfd9857 100755 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -36,7 +36,7 @@ // Add the IDs of extensions you want installed when the container is created in the array below. "extensions": [ - "4ops.terraform", + "hashicorp.terraform", "mutantdino.resourcemonitor", "ms-azure-devops.azure-pipelines", "omartawfik.github-actions-vscode" diff --git a/.github/workflows/master-standalone-tf13.yaml b/.github/workflows/master-standalone-tf13.yaml index 3f073b67c..66295d9f6 100755 --- a/.github/workflows/master-standalone-tf13.yaml +++ b/.github/workflows/master-standalone-tf13.yaml @@ -117,6 +117,8 @@ jobs: "networking/virtual_wan/104-vwan-hub-gw-spp", "networking/virtual_wan/105-vwan-hub-route-table", "networking/virtual_wan/106-vwan-hub-routes", + "networking/virtual_wan/108-vwan-vpn-site", + "networking/virtual_wan/109-vwan-vpn-gateway-connection", "postgresql_server/100-simple-postgresql", "postgresql_server/101-vnet-rule-postgresql", "postgresql_server/102-private-endpoint-postgresql", diff --git a/.github/workflows/master-standalone-tf14.yaml b/.github/workflows/master-standalone-tf14.yaml index bf2ae083e..e60a462db 100755 --- a/.github/workflows/master-standalone-tf14.yaml +++ b/.github/workflows/master-standalone-tf14.yaml @@ -114,6 +114,8 @@ jobs: "networking/virtual_wan/104-vwan-hub-gw-spp", "networking/virtual_wan/105-vwan-hub-route-table", "networking/virtual_wan/106-vwan-hub-routes", + "networking/virtual_wan/108-vwan-vpn-site", + "networking/virtual_wan/109-vwan-vpn-gateway-connection", "postgresql_server/100-simple-postgresql", "postgresql_server/101-vnet-rule-postgresql", "postgresql_server/102-private-endpoint-postgresql", diff --git a/.github/workflows/master-standalone-tf15.yaml b/.github/workflows/master-standalone-tf15.yaml index 22f2029bf..408b87173 100755 --- a/.github/workflows/master-standalone-tf15.yaml +++ b/.github/workflows/master-standalone-tf15.yaml @@ -121,6 +121,8 @@ jobs: "networking/virtual_wan/104-vwan-hub-gw-spp", "networking/virtual_wan/105-vwan-hub-route-table", "networking/virtual_wan/106-vwan-hub-routes", + "networking/virtual_wan/108-vwan-vpn-site", + "networking/virtual_wan/109-vwan-vpn-gateway-connection", "postgresql_server/100-simple-postgresql", "postgresql_server/101-vnet-rule-postgresql", "postgresql_server/102-private-endpoint-postgresql", diff --git a/examples/compute/virtual_machine/106-marketplace-image-with-plan/configuration.tfvars b/examples/compute/virtual_machine/106-marketplace-image-with-plan/configuration.tfvars index c6203a62f..8355ad387 100644 --- a/examples/compute/virtual_machine/106-marketplace-image-with-plan/configuration.tfvars +++ b/examples/compute/virtual_machine/106-marketplace-image-with-plan/configuration.tfvars @@ -14,7 +14,6 @@ global_settings = { } } - prefix = "test" } resource_groups = { diff --git a/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars b/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars index eee0dd0b7..7ddc84839 100644 --- a/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars @@ -1,6 +1,5 @@ global_settings = { default_region = "region1" - prefix = "example" regions = { region1 = "southeastasia" } diff --git a/examples/compute/virtual_machine_scale_set/101-linux-win-vmss-agw/configuration.tfvars b/examples/compute/virtual_machine_scale_set/101-linux-win-vmss-agw/configuration.tfvars index e43b0eca7..72caa8258 100644 --- a/examples/compute/virtual_machine_scale_set/101-linux-win-vmss-agw/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/101-linux-win-vmss-agw/configuration.tfvars @@ -1,6 +1,5 @@ global_settings = { default_region = "region1" - prefix = "example" regions = { region1 = "southeastasia" } diff --git a/examples/networking/virtual_wan/108-vwan-vpn-site/virtual_wan.tfvars b/examples/networking/virtual_wan/108-vwan-vpn-site/virtual_wan.tfvars new file mode 100644 index 000000000..599d79fcb --- /dev/null +++ b/examples/networking/virtual_wan/108-vwan-vpn-site/virtual_wan.tfvars @@ -0,0 +1,64 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "southeastasia" + } +} + +resource_groups = { + hub_re1 = { + name = "vnet-hub-re1" + region = "region1" + } +} + +virtual_wans = { + vwan_re1 = { + resource_group_key = "hub_re1" + name = "contosovWAN-re1" + region = "region1" + } +} + +vpn_sites = { + vpn-site-1 = { + name = "vpn-site-1" + address_cidrs = ["1.2.3.0/24", "4.5.6.0/24"] + device_vendor = "Cisco" + device_model = "800" + + resource_group = { + # lz_key = "vwans" # Set the 'lz_key' of a Resource Group created in a remote deployment + key = "hub_re1" # Set the 'key' of the Resource Group created in this (or a remote) deployment + } + + virtual_wan = { + key = "vwan_re1" # Set the 'key' of the Virtual WAN created in this (or a remote) deployment + # lz_key = "vwans" # Set the 'lz_key' of a Virtual WAN created in a remote deployment + # + # or + # + # id = "/subscriptions/{subscriptionId}/resourceGroups/testRG/providers/Microsoft.Network/virtualHubs/westushub/hubRouteTables/defaultRouteTable" # Set the Resource ID of an existing Virtual WAN + # resource_id = "/subscriptions/[subscription_id]/resourceGroups/qaxu-rg-dns-domain-registrar/providers/Microsoft.Network/dnszones/ml0iaix4xgnz0jqd.com" # Set the Resource ID of an existing Virtual WAN + } + + links = { + primary = { + name = "primary" + ip_address = "1.2.3.4" + provider_name = "Microsoft" + speed_in_mbps = "150" + } + secondary = { + name = "secondary" + fqdn = "secondary.link.com" + provider_name = "Microsoft" + speed_in_mbps = "50" + bgp = { + asn = "65534" + peering_address = "169.254.1.2" + } + } + } + } +} diff --git a/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars b/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars new file mode 100644 index 000000000..d08fb66e9 --- /dev/null +++ b/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars @@ -0,0 +1,167 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "southeastasia" + } +} + +resource_groups = { + hub_re1 = { + name = "vnet-hub-re1" + region = "region1" + } +} + +virtual_wans = { + vwan_re1 = { + resource_group_key = "hub_re1" + name = "contosovWAN-re1" + region = "region1" + + hubs = { + hub_re1 = { + hub_name = "hub-re1" + region = "region1" + hub_address_prefix = "10.0.3.0/24" + deploy_firewall = false + deploy_p2s = false + p2s_config = {} + deploy_s2s = true + s2s_config = { + name = "caf-sea-vpn-s2s" + scale_unit = 1 + } + deploy_er = false + } + } + } +} + +virtual_hub_route_tables = { + routetable1 = { + name = "example-vhubroutetable1" + + virtual_wan_key = "vwan_re1" + virtual_hub_key = "hub_re1" + + labels = ["label1"] + } + routetable2 = { + name = "example-vhubroutetable2" + + virtual_wan_key = "vwan_re1" + virtual_hub_key = "hub_re1" + + labels = ["label2"] + } +} + +vpn_sites = { + vpn-site-1 = { + name = "vpn-site-1" + address_cidrs = ["1.2.3.0/24", "4.5.6.0/24"] + device_vendor = "Cisco" + device_model = "800" + + resource_group = { + key = "hub_re1" + } + + virtual_wan = { + key = "vwan_re1" + } + + links = { + primary = { + name = "primary" + ip_address = "1.2.3.4" + provider_name = "Microsoft" + speed_in_mbps = "150" + } + secondary = { + name = "secondary" + fqdn = "secondary.link.com" + provider_name = "Microsoft" + speed_in_mbps = "50" + bgp = { + asn = "65534" + peering_address = "169.254.1.2" + } + } + } + } +} + +vpn_gateway_connections = { + connection-1 = { + name = "connection-1" + internet_security_enabled = false + + # vpn_site_id = "" # Set the Resource ID of an existing VPN Site + vpn_site = { + # lz_key = "vpns" # Set the 'lz_key' of a VPN Site created in a remote deployment + key = "vpn-site-1" # Set the 'key' of the VPN Site created in this (or a remote) deployment + } + virtual_wan = { + key = "vwan_re1" + } + # virtual_hub_gateway_id = "" # Set the Resource ID of an existing Virtual Hub's VPN Gateway + virtual_hub = { + # lz_key = "" # Set the 'lz_key' of a Virtual Hub created in a remote deployment + key = "hub_re1" # Set the 'key' of the Virtual Hub created in this (or a remote) deployment + } + + vpn_links = { + link-1 = { + link_index = 0 # Index order of VPN Site's Link + name = "link-1" + bandwidth_mbps = "100" # Optional + bgp_enabled = true # Optional + protocol = "IKEv2" # Optional + ratelimit_enabled = true # Optional + route_weight = "100" # Optional + shared_key = "abc123456" # Optional + local_azure_ip_address_enabled = false # Optional + policy_based_traffic_selectors_enabled = false # Optional + + ipsec_policies = { # Optional + policy1 = { + dh_group = "DHGroup14" + ike_encryption_algorithm = "AES256" + ike_integrity_algorithm = "SHA256" + encryption_algorithm = "AES256" + integrity_algorithm = "SHA256" + pfs_group = "PFS14" + sa_data_size_kb = "102400000" + sa_lifetime_sec = "27000" + } + } + } + # link-2 = { + # link_index = 1 + # name = "link-2" + # } + } + + routing = { # Optional + associated_route_table = { + # id = "" # Set the Resource ID of an existing Virtual WAN Route Table + # lz_key = "" # Set the 'lz_key' of a Route Table created in a remote deployment + key = "routetable1" # Set the 'key' of the Route Table created in this (or a remote) deployment + } + + propagated_route_tables = { + routetable1 = { + # id = "" # Set the Resource ID of an existing Virtual WAN Route Table + # lz_key = "" # Set the 'lz_key' of a Route Table created in a remote deployment + key = "routetable1" # Set the 'key' of the Route Table created in this (or a remote) deployment + } + routetable2 = { + # id = "" # Set the Resource ID of an existing Virtual WAN Route Table + # lz_key = "" # Set the 'lz_key' of a Route Table created in a remote deployment + key = "routetable2" # Set the 'key' of the Route Table created in this (or a remote) deployment + } + } + } + } +} diff --git a/landingzones/caf_example/README.md b/landingzones/caf_example/README.md index 379d6303d..ec3976fd1 100755 --- a/landingzones/caf_example/README.md +++ b/landingzones/caf_example/README.md @@ -229,6 +229,8 @@ No resources. | virtual\_wans | n/a | `map` | `{}` | no | | vnet\_peerings | n/a | `map` | `{}` | no | | vnets | n/a | `map` | `{}` | no | +| vpn_gateway_connections | n/a | `map` | `{}` | no | +| vpn_sites | n/a | `map` | `{}` | no | ## Outputs diff --git a/landingzones/caf_example/module.tf b/landingzones/caf_example/module.tf index 9d7633a8b..800390732 100644 --- a/landingzones/caf_example/module.tf +++ b/landingzones/caf_example/module.tf @@ -117,6 +117,8 @@ module "example" { virtual_wans = var.virtual_wans vnet_peerings = var.vnet_peerings vnets = var.vnets + vpn_sites = var.vpn_sites + vpn_gateway_connections = var.vpn_gateway_connections } diagnostics = { diff --git a/landingzones/caf_example/variables.tf b/landingzones/caf_example/variables.tf index 3d0a9070d..53fddf588 100755 --- a/landingzones/caf_example/variables.tf +++ b/landingzones/caf_example/variables.tf @@ -508,3 +508,9 @@ variable "wvd_host_pools" { variable "lighthouse_definitions" { default = {} } +variable "vpn_sites" { + default = {} +} +variable "vpn_gateway_connections" { + default = {} +} diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf index 8f7aa4bf1..1b7a496f9 100644 --- a/locals.combined_objects.tf +++ b/locals.combined_objects.tf @@ -54,6 +54,8 @@ locals { combined_objects_virtual_hub_route_tables = merge(tomap({ (local.client_config.landingzone_key) = azurerm_virtual_hub_route_table.route_table }), try(var.remote_objects.virtual_hub_route_tables, {})) combined_objects_virtual_hubs = merge(tomap({ (local.client_config.landingzone_key) = module.virtual_hubs }), try(var.remote_objects.virtual_hubs, {})) combined_objects_virtual_wans = merge(tomap({ (local.client_config.landingzone_key) = module.virtual_wans }), try(var.remote_objects.virtual_wans, {})) + combined_objects_vpn_gateway_connections = merge(tomap({ (local.client_config.landingzone_key) = module.vpn_gateway_connections }), try(var.remote_objects.vpn_gateway_connections, {})) + combined_objects_vpn_sites = merge(tomap({ (local.client_config.landingzone_key) = module.vpn_sites }), try(var.remote_objects.vpn_sites, {})) combined_objects_wvd_application_groups = merge(tomap({ (local.client_config.landingzone_key) = module.wvd_application_groups }), try(var.remote_objects.wvd_application_groups, {})) combined_objects_wvd_host_pools = merge(tomap({ (local.client_config.landingzone_key) = module.wvd_host_pools }), try(var.remote_objects.wvd_host_pools, {})) combined_objects_wvd_workspaces = merge(tomap({ (local.client_config.landingzone_key) = module.wvd_workspaces }), try(var.remote_objects.wvd_workspaces, {})) diff --git a/locals.tf b/locals.tf index caf88c8d1..520ff4278 100755 --- a/locals.tf +++ b/locals.tf @@ -202,6 +202,8 @@ locals { virtual_wans = try(var.networking.virtual_wans, {}) vnet_peerings = try(var.networking.vnet_peerings, {}) vnets = try(var.networking.vnets, {}) + vpn_gateway_connections = try(var.networking.vpn_gateway_connections, {}) + vpn_sites = try(var.networking.vpn_sites, {}) } object_id = coalesce(var.logged_user_objectId, var.logged_aad_app_objectId, try(data.azurerm_client_config.current.object_id, null), try(data.azuread_service_principal.logged_in_app.0.object_id, null)) diff --git a/modules/networking/application_gateway/locals.backend_pools.tf b/modules/networking/application_gateway/locals.backend_pools.tf index 5ee6f22b7..70536a5a1 100644 --- a/modules/networking/application_gateway/locals.backend_pools.tf +++ b/modules/networking/application_gateway/locals.backend_pools.tf @@ -33,7 +33,7 @@ locals { local.backend_pools_app_services[key], local.backend_pools_fqdn[key] ] - ),null) + ), null) ip_addresses = try(value.backend_pool.ip_addresses, null) } } diff --git a/modules/networking/virtual_wan/virtual_hub/site_to_site_gateway.tf b/modules/networking/virtual_wan/virtual_hub/site_to_site_gateway.tf index 270d0091f..da3c99ff1 100644 --- a/modules/networking/virtual_wan/virtual_hub/site_to_site_gateway.tf +++ b/modules/networking/virtual_wan/virtual_hub/site_to_site_gateway.tf @@ -38,7 +38,7 @@ resource "azurerm_vpn_gateway" "s2s_gateway" { custom_ips = var.virtual_hub_config.s2s_config.bgp_settings.instance_0_bgp_peering_address.custom_ips } } - + dynamic "instance_1_bgp_peering_address" { for_each = try(var.virtual_hub_config.s2s_config.bgp_settings.instance_1_bgp_peering_address, null) == null ? [] : [1] @@ -46,7 +46,7 @@ resource "azurerm_vpn_gateway" "s2s_gateway" { custom_ips = var.virtual_hub_config.s2s_config.bgp_settings.instance_1_bgp_peering_address.custom_ips } } - + } } diff --git a/modules/networking/vpn_gateway_connection/main.tf b/modules/networking/vpn_gateway_connection/main.tf new file mode 100644 index 000000000..1fbfa0679 --- /dev/null +++ b/modules/networking/vpn_gateway_connection/main.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} diff --git a/modules/networking/vpn_gateway_connection/module.tf b/modules/networking/vpn_gateway_connection/module.tf new file mode 100644 index 000000000..aebdd6636 --- /dev/null +++ b/modules/networking/vpn_gateway_connection/module.tf @@ -0,0 +1,71 @@ +resource "azurecaf_name" "vpn_gateway_connection" { + name = var.settings.name + resource_type = "azurerm_vpn_gateway_connection" + prefixes = var.global_settings.prefixes + random_length = var.global_settings.random_length + clean_input = true + passthrough = var.global_settings.passthrough + use_slug = var.global_settings.use_slug +} + +resource "azurerm_vpn_gateway_connection" "vpn_gateway_connection" { + name = azurecaf_name.vpn_gateway_connection.result + vpn_gateway_id = var.vpn_gateway_id + internet_security_enabled = var.settings.internet_security_enabled + + remote_vpn_site_id = coalesce( + try(var.vpn_sites[try(var.settings.vpn_site.lz_key, var.client_config.landingzone_key)][var.settings.vpn_site.key].vpn_site.id, null), + try(var.settings.vpn_site_id, null) + ) + + dynamic "vpn_link" { + for_each = var.settings.vpn_links + content { + name = vpn_link.value.name + bandwidth_mbps = try(vpn_link.value.bandwidth_mbps, null) + bgp_enabled = try(vpn_link.value.bgp_enabled, null) + protocol = try(vpn_link.value.protocol, null) + ratelimit_enabled = try(vpn_link.value.ratelimit_enabled, null) + route_weight = try(vpn_link.value.route_weight, null) + shared_key = try(vpn_link.value.shared_key, null) + local_azure_ip_address_enabled = try(vpn_link.value.local_azure_ip_address_enabled, null) + policy_based_traffic_selector_enabled = try(vpn_link.value.policy_based_traffic_selector_enabled, null) + + vpn_site_link_id = coalesce( + try(var.vpn_sites[try(var.settings.vpn_site.lz_key, var.client_config.landingzone_key)][var.settings.vpn_site.key].vpn_site.link[vpn_link.value.link_index].id, null), + try(vpn_link.value.vpn_link_id, null) + ) + + dynamic "ipsec_policy" { + for_each = vpn_link.value.ipsec_policies + content { + dh_group = ipsec_policy.value.dh_group + ike_encryption_algorithm = ipsec_policy.value.ike_encryption_algorithm + ike_integrity_algorithm = ipsec_policy.value.ike_integrity_algorithm + encryption_algorithm = ipsec_policy.value.encryption_algorithm + integrity_algorithm = ipsec_policy.value.integrity_algorithm + pfs_group = ipsec_policy.value.pfs_group + sa_data_size_kb = ipsec_policy.value.sa_data_size_kb + sa_lifetime_sec = ipsec_policy.value.sa_lifetime_sec + } + } + } + } + + dynamic "routing" { + for_each = lookup(var.settings, "routing", null) == null ? [] : [1] + content { + associated_route_table = coalesce( + try(var.route_tables[try(var.settings.routing.associated_route_table.lz_key, var.client_config.landingzone_key)][var.settings.routing.associated_route_table.key].id, null), + try(var.settings.routing.associated_route_table.id, null) + ) + + propagated_route_tables = [ + for key, value in var.settings.routing.propagated_route_tables : coalesce( + try(var.route_tables[try(value.lz_key, var.client_config.landingzone_key)][value.key].id, null), + try(value.id, null) + ) + ] + } + } +} diff --git a/modules/networking/vpn_gateway_connection/output.tf b/modules/networking/vpn_gateway_connection/output.tf new file mode 100755 index 000000000..a136b5ef4 --- /dev/null +++ b/modules/networking/vpn_gateway_connection/output.tf @@ -0,0 +1,4 @@ +output "vpn_gateway_connection" { + value = azurerm_vpn_gateway_connection.vpn_gateway_connection + description = "VPN Gateway Connection object" +} diff --git a/modules/networking/vpn_gateway_connection/variables.tf b/modules/networking/vpn_gateway_connection/variables.tf new file mode 100755 index 000000000..abb3037c1 --- /dev/null +++ b/modules/networking/vpn_gateway_connection/variables.tf @@ -0,0 +1,8 @@ +variable "settings" {} +variable "global_settings" { + description = "Global settings object (see module README.md)" +} +variable "vpn_gateway_id" {} +variable "vpn_sites" {} +variable "client_config" {} +variable "route_tables" {} diff --git a/modules/networking/vpn_site/main.tf b/modules/networking/vpn_site/main.tf new file mode 100644 index 000000000..4a54194d0 --- /dev/null +++ b/modules/networking/vpn_site/main.tf @@ -0,0 +1,14 @@ +locals { + module_tag = { + "module" = basename(abspath(path.module)) + } + tags = merge(var.base_tags, local.module_tag, try(var.settings.tags, null)) +} + +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} diff --git a/modules/networking/vpn_site/module.tf b/modules/networking/vpn_site/module.tf new file mode 100644 index 000000000..42014668f --- /dev/null +++ b/modules/networking/vpn_site/module.tf @@ -0,0 +1,39 @@ +resource "azurecaf_name" "vpn_site" { + name = var.settings.name + resource_type = "azurerm_vpn_site" + prefixes = var.global_settings.prefixes + random_length = var.global_settings.random_length + clean_input = true + passthrough = var.global_settings.passthrough + use_slug = var.global_settings.use_slug +} + +resource "azurerm_vpn_site" "vpn_site" { + name = azurecaf_name.vpn_site.result + location = var.location + resource_group_name = var.resource_group_name + virtual_wan_id = var.virtual_wan_id + address_cidrs = try(var.settings.address_cidrs, null) + device_model = try(var.settings.device_model, null) + device_vendor = try(var.settings.device_vendor, null) + tags = local.tags + + dynamic "link" { + for_each = try(var.settings.links, {}) + content { + name = link.value.name + ip_address = try(link.value.ip_address, null) + fqdn = try(link.value.fqdn, null) + provider_name = try(link.value.provider_name, null) + speed_in_mbps = try(link.value.speed_in_mbps, null) + + dynamic "bgp" { + for_each = try([link.value.bgp], []) # TODO - Check this works + content { + asn = bgp.value.asn + peering_address = bgp.value.peering_address + } + } + } + } +} diff --git a/modules/networking/vpn_site/output.tf b/modules/networking/vpn_site/output.tf new file mode 100755 index 000000000..36e43817e --- /dev/null +++ b/modules/networking/vpn_site/output.tf @@ -0,0 +1,4 @@ +output "vpn_site" { + value = azurerm_vpn_site.vpn_site + description = "VPN Site object" +} diff --git a/modules/networking/vpn_site/variables.tf b/modules/networking/vpn_site/variables.tf new file mode 100755 index 000000000..f494c1be9 --- /dev/null +++ b/modules/networking/vpn_site/variables.tf @@ -0,0 +1,17 @@ +variable "resource_group_name" { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable "location" { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = map(any) +} +variable "settings" {} +variable "global_settings" { + description = "Global settings object (see module README.md)" +} +variable "virtual_wan_id" {} diff --git a/networking_vpn_gateway_connection.tf b/networking_vpn_gateway_connection.tf new file mode 100644 index 000000000..c65b928ca --- /dev/null +++ b/networking_vpn_gateway_connection.tf @@ -0,0 +1,27 @@ + +# +# +# VPN Gateway Connection +# +# + +output "vpn_gateway_connections" { + value = module.vpn_gateway_connections +} + +module "vpn_gateway_connections" { + depends_on = [module.virtual_wans, module.vpn_sites] + source = "./modules/networking/vpn_gateway_connection" + for_each = local.networking.vpn_gateway_connections + + settings = each.value + global_settings = local.global_settings + client_config = local.client_config + vpn_sites = local.combined_objects_vpn_sites + route_tables = local.combined_objects_virtual_hub_route_tables + + vpn_gateway_id = coalesce( + try(local.combined_objects_virtual_wans[try(each.value.virtual_wan.lz_key, local.client_config.landingzone_key)][each.value.virtual_wan.key].virtual_hubs[try(each.value.virtual_hub.lz_key, local.client_config.landingzone_key)[each.value.virtual_hub.key]].s2s_gateway.id, null), + try(each.value.virtual_hub_gateway_id, null) + ) +} diff --git a/networking_vpn_site.tf b/networking_vpn_site.tf new file mode 100644 index 000000000..d5e73347f --- /dev/null +++ b/networking_vpn_site.tf @@ -0,0 +1,42 @@ + +# +# +# VPN Sites +# +# + +output "vpn_sites" { + value = module.vpn_sites +} + +module "vpn_sites" { + depends_on = [module.virtual_wans] + source = "./modules/networking/vpn_site" + for_each = local.networking.vpn_sites + + global_settings = local.global_settings + settings = each.value + + base_tags = try(local.global_settings.inherit_tags, false) ? coalesce( + try(local.resource_groups[each.value.resource_group_key].tags, null), + try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][each.value.resource_group.key].tags, null), + ) : {} + + location = lookup(each.value, "region", null) == null ? coalesce( + try(local.resource_groups[each.value.resource_group_key].location, null), + try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][each.value.resource_group.key].location, null), + ) : local.global_settings.regions[each.value.region] + + resource_group_name = coalesce( + try(local.resource_groups[each.value.resource_group_key].name, null), + try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][each.value.resource_group.key].name, null), + ) + + virtual_wan_id = coalesce( + try(local.combined_objects_virtual_wans[try(each.value.virtual_wan.lz_key, local.client_config.landingzone_key)][each.value.virtual_wan.key].virtual_wan.id, null), + try(local.combined_objects_virtual_wans[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.virtual_wan_key].virtual_wan.id, null), + try(each.value.virtual_wan.resource_id, null), + try(each.value.virtual_wan.id, null), + try(each.value.virtual_wan_id, null) + ) +}