additional validations for VNG module

PaloAltoNetworks · Jan 30, 2024 · 020042b · 020042b
1 parent 87acdbc
commit 020042b
Show file tree

Hide file tree

Showing 7 changed files with 876 additions and 320 deletions.
diff --git a/examples/virtual_network_gateway/README.md b/examples/virtual_network_gateway/README.md
@@ -241,8 +241,8 @@ map(object({
       default_local_network_gateway_id = optional(string)
       edge_zone                        = optional(string)
     })
-    azure_bgp_peer_addresses = map(string)
-    bgp = object({
+    azure_bgp_peer_addresses = optional(map(string))
+    bgp = optional(object({
       enable = optional(bool, false)
       configuration = optional(object({
         asn         = string
@@ -258,8 +258,8 @@ map(object({
           default_addresses  = optional(list(string))
         }))
       }))
-    })
-    local_network_gateways = map(object({
+    }))
+    local_network_gateways = optional(map(object({
       name = string
       remote_bgp_settings = optional(object({
         asn                 = string
@@ -288,7 +288,7 @@ map(object({
         mode       = optional(string)
         shared_key = optional(string)
       })
-    }))
+    })), {})
     vpn_clients = optional(map(object({
       address_space         = string
       aad_tenant            = optional(string)

diff --git a/examples/virtual_network_gateway/example.tfvars b/examples/virtual_network_gateway/example.tfvars
@@ -1,7 +1,7 @@
 # --- GENERAL --- #
 location            = "North Europe"
-resource_group_name = "vng-example"
-name_prefix         = "fosix-"
+resource_group_name = "vng"
+name_prefix         = "example-"
 tags = {
   "CreatedBy"   = "Palo Alto Networks"
   "CreatedWith" = "Terraform"
@@ -34,10 +34,97 @@ vnets = {
       }
     }
   }
+  er = {
+    name                    = "vpn"
+    address_space           = ["10.0.1.0/24"]
+    network_security_groups = {}
+    route_tables = {
+      "rt" = {
+        name = "rt-er"
+        routes = {
+          "udr" = {
+            name           = "udr"
+            address_prefix = "10.0.0.0/8"
+            next_hop_type  = "None"
+          }
+        }
+      }
+    }
+    subnets = {
+      vpn = {
+        name             = "GatewaySubnet"
+        address_prefixes = ["10.0.1.0/25"]
+        route_table_key  = "rt"
+      }
+    }
+  }
 }
 
 # --- VNG PART --- #
 virtual_network_gateways = {
+  expressroute = {
+    name = "expressroute"
+    virtual_network_gateway = {
+      type = "ExpressRoute"
+      # vpn_type = "PolicyBased"
+      sku = "Standard"
+      # generation = "Generation1"
+    }
+    vnet_key   = "transit"
+    subnet_key = "vpn"
+    network = {
+      public_ip_zones = ["1"]
+      ip_configurations = {
+        primary = {
+          create_public_ip = true
+          name             = "primary"
+          public_ip_name   = "expressroute_pip"
+        }
+      }
+    }
+  }
+  expressroute_policy_based = {
+    name = "er_policy"
+    virtual_network_gateway = {
+      type       = "ExpressRoute"
+      vpn_type   = "PolicyBased"
+      sku        = "Standard"
+      generation = "Generation2"
+    }
+    vnet_key   = "er"
+    subnet_key = "vpn"
+    network = {
+      public_ip_zones = ["1"]
+      ip_configurations = {
+        primary = {
+          create_public_ip = true
+          name             = "primary"
+          public_ip_name   = "er_policy_pip"
+        }
+      }
+    }
+  }
+  vpn_simple = {
+    name = "simple-vpn"
+    virtual_network_gateway = {
+      type = "Vpn"
+      # vpn_type   = "PolicyBased"
+      sku        = "VpnGw1"
+      generation = "Generation1"
+    }
+    vnet_key   = "er"
+    subnet_key = "vpn"
+    network = {
+      public_ip_zones = []
+      ip_configurations = {
+        primary = {
+          create_public_ip = true
+          name             = "primary"
+          public_ip_name   = "simple_vpn_pip"
+        }
+      }
+    }
+  }
   "vng" = {
     name = "vng"
     virtual_network_gateway = {

diff --git a/examples/virtual_network_gateway/variables.tf b/examples/virtual_network_gateway/variables.tf
@@ -147,8 +147,8 @@ variable "virtual_network_gateways" {
       default_local_network_gateway_id = optional(string)
       edge_zone                        = optional(string)
     })
-    azure_bgp_peer_addresses = map(string)
-    bgp = object({
+    azure_bgp_peer_addresses = optional(map(string))
+    bgp = optional(object({
       enable = optional(bool, false)
       configuration = optional(object({
         asn         = string
@@ -164,8 +164,8 @@ variable "virtual_network_gateways" {
           default_addresses  = optional(list(string))
         }))
       }))
-    })
-    local_network_gateways = map(object({
+    }))
+    local_network_gateways = optional(map(object({
       name = string
       remote_bgp_settings = optional(object({
         asn                 = string
@@ -194,7 +194,7 @@ variable "virtual_network_gateways" {
         mode       = optional(string)
         shared_key = optional(string)
       })
-    }))
+    })), {})
     vpn_clients = optional(map(object({
       address_space         = string
       aad_tenant            = optional(string)