Merge pull request #3 from sironite/fix/module

fix: module
sironite · Jul 9, 2023 · f34731a · f34731a
2 parents d1b837c + cd563cf
commit f34731a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 147 deletions.
diff --git a/README.md b/README.md
@@ -48,25 +48,10 @@ No modules.
 | resource\_group\_name | The name of the resource group in which to create the VPN server configuration. | `string` | yes |
 | vpn\_server\_configuration\_name | The name of the VPN server configuration. | `string` | yes |
 | audience | The audience for Azure AD authentication. | `string` | no |
-| client\_root\_certificate\_name | The name of the client root certificate. | `string` | no |
-| dh\_group | The Diffie-Hellman group to use. | `string` | no |
-| ike\_encryption | The IKE encryption to use. | `string` | no |
-| ike\_integrity | The IKE integrity to use. | `string` | no |
-| ipsec\_encryption | The IPSec encryption to use. | `string` | no |
-| ipsec\_integrity | The IPSec integrity to use. | `string` | no |
 | issuer | The issuer for Azure AD authentication. | `string` | no |
-| pfs\_group | The Perfect Forward Secrecy group to use. | `string` | no |
-| public\_cert\_data | The public certificate data. | `string` | no |
-| sa\_data\_size\_kilobytes | The size of the SA data in kilobytes. | `string` | no |
-| sa\_life\_time\_seconds | The lifetime of the SA in seconds. | `string` | no |
-| server\_adress | The address of the RADIUS server. | `string` | no |
-| server\_root\_certificate\_name | The name of the server root certificate. | `string` | no |
-| server\_score | The score for the RADIUS server. | `string` | no |
-| server\_secret | The secret for the RADIUS server. | `string` | no |
 | tenant\_id | The tenant ID for Azure AD authentication. | `string` | no |
-| tumbprint | The thumbprint for the client root certificate. | `string` | no |
-| vpn\_authentication\_types | The type of VPN authentication to use. | `string` | no |
-| vpn\_protocols | The VPN protocols to use. | `string` | no |
+| vpn\_authentication\_types | The type of VPN authentication to use. | `list(string)` | no |
+| vpn\_protocols | The VPN protocols to use. | `list(string)` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -6,52 +6,19 @@ resource "azurerm_vpn_server_configuration" "example" {
   vpn_protocols            = var.vpn_protocols
 
   dynamic "azure_active_directory_authentication" {
-    for_each = var.vpn_authentication_types == "AzureAD" ? [1] : []
+    for_each = contains(var.vpn_authentication_types, "AAD") ? [1] : []
     content {
       audience  = var.audience
       issuer    = var.issuer
-      tenant_id = var.tenant_id
+      tenant    = var.tenant_id
     }
   }
 
   dynamic "client_root_certificate" {
-    for_each = var.vpn_authentication_types == "Certificate" ? [1] : []
+    for_each = contains(var.vpn_authentication_types, "Certificate") ? [1] : []
     content {
       name             = var.client_root_certificate_name
       public_cert_data = var.public_cert_data
     }
   }
-
-  dynamic "radius" {
-    for_each = var.vpn_authentication_types == "Radius" ? [1] : []
-    content {
-      radius {
-        server {
-          adress = var.server_adress
-          secret = var.server_secret
-          score  = var.server_score
-        }
-        client_root_certificate {
-          name      = var.client_root_certificate_name
-          tumbprint = var.tumbprint
-        }
-        server_root_certificate {
-          name             = var.server_root_certificate_name
-          public_cert_data = var.public_cert_data
-        }
-      }
-    }
-  }
-
-
-  ipsec_policy {
-    dh_group               = var.dh_group
-    ike_encryption         = var.ike_encryption
-    ike_integrity          = var.ike_integrity
-    ipsec_encryption       = var.ipsec_encryption
-    ipsec_integrity        = var.ipsec_integrity
-    pfs_group              = var.pfs_group
-    sa_data_size_kilobytes = var.sa_data_size_kilobytes
-    sa_life_time_seconds   = var.sa_life_time_seconds
-  }
 }
diff --git a/variables.tf b/variables.tf
@@ -15,15 +15,15 @@ variable "location" {
 }
 
 variable "vpn_authentication_types" {
-  type        = string
+  type        = list(string)
   description = "The type of VPN authentication to use."
-  default     = null
+  default     = []
 }
 
 variable "vpn_protocols" {
-  type        = string
+  type        = list(string)
   description = "The VPN protocols to use."
-  default     = null
+  default     = []
 }
 
 variable "audience" {
@@ -43,93 +43,3 @@ variable "tenant_id" {
   description = "The tenant ID for Azure AD authentication."
   default     = null
 }
-
-variable "client_root_certificate_name" {
-  type        = string
-  description = "The name of the client root certificate."
-  default     = null
-}
-
-variable "public_cert_data" {
-  type        = string
-  description = "The public certificate data."
-  default     = null
-}
-
-variable "server_adress" {
-  type        = string
-  description = "The address of the RADIUS server."
-  default     = null
-}
-
-variable "server_secret" {
-  type        = string
-  description = "The secret for the RADIUS server."
-  default     = null
-}
-
-variable "server_score" {
-  type        = string
-  description = "The score for the RADIUS server."
-  default     = null
-}
-
-variable "tumbprint" {
-  type        = string
-  description = "The thumbprint for the client root certificate."
-  default     = null
-}
-
-variable "server_root_certificate_name" {
-  type        = string
-  description = "The name of the server root certificate."
-  default     = null
-}
-
-variable "dh_group" {
-  type        = string
-  description = "The Diffie-Hellman group to use."
-  default     = null
-}
-
-variable "ike_encryption" {
-  type        = string
-  description = "The IKE encryption to use."
-  default     = null
-}
-
-variable "ike_integrity" {
-  type        = string
-  description = "The IKE integrity to use."
-  default     = null
-}
-
-variable "ipsec_encryption" {
-  type        = string
-  description = "The IPSec encryption to use."
-  default     = null
-}
-
-variable "ipsec_integrity" {
-  type        = string
-  description = "The IPSec integrity to use."
-  default     = null
-}
-
-variable "pfs_group" {
-  type        = string
-  description = "The Perfect Forward Secrecy group to use."
-  default     = null
-}
-
-variable "sa_data_size_kilobytes" {
-  type        = string
-  description = "The size of the SA data in kilobytes."
-  default     = null
-}
-
-variable "sa_life_time_seconds" {
-  type        = string
-  description = "The lifetime of the SA in seconds."
-  default     = null
-}