Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(vpn_gateway): Support policy based traffic selectors #382

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion vpn_gateway/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ No modules.
| <a name="input_active_active"></a> [active\_active](#input\_active\_active) | If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false. | `bool` | `false` | no |
| <a name="input_enable_bgp"></a> [enable\_bgp](#input\_enable\_bgp) | If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false. | `bool` | `false` | no |
| <a name="input_generation"></a> [generation](#input\_generation) | The Generation of the Virtual Network gateway | `string` | `null` | no |
| <a name="input_local_networks"></a> [local\_networks](#input\_local\_networks) | List of local virtual network connections to connect to gateway. | `list(object({ name = string, gateway_address = string, address_space = list(string), shared_key = string, ipsec_policy = any }))` | `[]` | no |
| <a name="input_local_networks"></a> [local\_networks](#input\_local\_networks) | List of local virtual network connections to connect to gateway. | <pre>list(object({<br/> name = string<br/> gateway_address = string<br/> address_space = list(string)<br/> shared_key = string<br/> ipsec_policy = any<br/> use_policy_based_traffic_selectors = optional(bool, false)<br/> traffic_selector_policies = optional(list(object({<br/> local_address_cidrs = list(string)<br/> remote_address_cidrs = list(string)<br/> })), [])<br/> }))</pre> | `[]` | no |
| <a name="input_location"></a> [location](#input\_location) | The Azure Region in which to create resource. | `any` | n/a | yes |
| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent. | `any` | `null` | no |
| <a name="input_log_storage_account_id"></a> [log\_storage\_account\_id](#input\_log\_storage\_account\_id) | Specifies the ID of a Storage Account where Logs should be sent. | `any` | `null` | no |
Expand Down
11 changes: 11 additions & 0 deletions vpn_gateway/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,17 @@ resource "azurerm_virtual_network_gateway_connection" "local" {
virtual_network_gateway_id = azurerm_virtual_network_gateway.gw.id
local_network_gateway_id = azurerm_local_network_gateway.local[count.index].id

use_policy_based_traffic_selectors = var.local_networks[count.index].use_policy_based_traffic_selectors

dynamic "traffic_selector_policy" {
for_each = var.local_networks[count.index].traffic_selector_policies
iterator = ts_policy
content {
local_address_cidrs = ts_policy.value.local_address_cidrs
remote_address_cidrs = ts_policy.value.remote_address_cidrs
}
}

shared_key = var.local_networks[count.index].shared_key

dynamic "ipsec_policy" {
Expand Down
15 changes: 13 additions & 2 deletions vpn_gateway/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,19 @@ variable "vpn_client_configuration" {

variable "local_networks" {
description = "List of local virtual network connections to connect to gateway."
type = list(object({ name = string, gateway_address = string, address_space = list(string), shared_key = string, ipsec_policy = any }))
default = []
type = list(object({
name = string
gateway_address = string
address_space = list(string)
shared_key = string
ipsec_policy = any
use_policy_based_traffic_selectors = optional(bool, false)
traffic_selector_policies = optional(list(object({
local_address_cidrs = list(string)
remote_address_cidrs = list(string)
})), [])
}))
default = []
}

variable "log_analytics_workspace_id" {
Expand Down