From 866b789b6c1c829f9debb8e6423b96749d26623b Mon Sep 17 00:00:00 2001
From: Rob Gil <dds@rem5.com>
Date: Thu, 19 Dec 2019 22:33:27 -0500
Subject: [PATCH] 169163334 - Adds Virtual Network Gateway for VPN

The Virtual Network Gateway is required for OpenVPN connectivity. The
change to the VPC module also adds a subnet which is exclusively used
for the Gateway.
---
 terraform/modules/vpc/main.tf        | 58 ++++++++++++++++++++++++----
 terraform/modules/vpc/variables.tf   |  5 +++
 terraform/providers/dev/variables.tf |  6 +++
 terraform/providers/dev/vpc.tf       |  1 +
 4 files changed, 62 insertions(+), 8 deletions(-)

diff --git a/terraform/modules/vpc/main.tf b/terraform/modules/vpc/main.tf
index e614b9e4..629be9f1 100644
--- a/terraform/modules/vpc/main.tf
+++ b/terraform/modules/vpc/main.tf
@@ -36,9 +36,9 @@ resource "azurerm_subnet" "subnet" {
   address_prefix       = element(split(",", each.value), 0)
 
   # See https://github.com/terraform-providers/terraform-provider-azurerm/issues/3471
-  lifecycle { 
-     ignore_changes = [route_table_id]
-  } 
+  lifecycle {
+    ignore_changes = [route_table_id]
+  }
   #delegation {
   #  name = "acctestdelegation"
   #
@@ -57,16 +57,58 @@ resource "azurerm_route_table" "route_table" {
 }
 
 resource "azurerm_subnet_route_table_association" "route_table" {
-  for_each      = var.networks
-  subnet_id     = azurerm_subnet.subnet[each.key].id
+  for_each       = var.networks
+  subnet_id      = azurerm_subnet.subnet[each.key].id
   route_table_id = azurerm_route_table.route_table[each.key].id
 }
 
 resource "azurerm_route" "route" {
-  for_each      = var.route_tables
-  name          = "${var.name}-${var.environment}-default" 
+  for_each            = var.route_tables
+  name                = "${var.name}-${var.environment}-default"
   resource_group_name = azurerm_resource_group.vpc.name
-  route_table_name = azurerm_route_table.route_table[each.key].name
+  route_table_name    = azurerm_route_table.route_table[each.key].name
   address_prefix      = "0.0.0.0/0"
   next_hop_type       = each.value
 }
+
+# Required for the gateway
+resource "azurerm_subnet" "gateway" {
+  name                 = "GatewaySubnet"
+  resource_group_name  = azurerm_resource_group.vpc.name
+  virtual_network_name = azurerm_virtual_network.vpc.name
+  address_prefix       = var.gateway_subnet
+}
+
+
+resource "azurerm_public_ip" "vpn_ip" {
+  name                = "test"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+
+  allocation_method = "Dynamic"
+}
+
+resource "azurerm_virtual_network_gateway" "vnet_gateway" {
+  name                = "test"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+
+  type     = "Vpn"
+  vpn_type = "RouteBased"
+
+  active_active = false
+  enable_bgp    = false
+  sku           = "Standard"
+
+  ip_configuration {
+    name                          = "vnetGatewayConfig"
+    public_ip_address_id          = azurerm_public_ip.vpn_ip.id
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = azurerm_subnet.gateway.id
+  }
+
+  vpn_client_configuration {
+    address_space        = ["172.16.1.0/24"]
+    vpn_client_protocols = ["OpenVPN"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/modules/vpc/variables.tf b/terraform/modules/vpc/variables.tf
index ab2aa894..9f331534 100644
--- a/terraform/modules/vpc/variables.tf
+++ b/terraform/modules/vpc/variables.tf
@@ -41,3 +41,8 @@ variable "route_tables" {
   type        = map
   description = "A map with the route tables to create"
 }
+
+variable "gateway_subnet" {
+  type        = string
+  description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'"
+}
diff --git a/terraform/providers/dev/variables.tf b/terraform/providers/dev/variables.tf
index 7a9eea21..164577ef 100644
--- a/terraform/providers/dev/variables.tf
+++ b/terraform/providers/dev/variables.tf
@@ -31,6 +31,12 @@ variable "networks" {
   }
 }
 
+variable "gateway_subnet" {
+  type    = string
+  default = "10.1.20.0/24"
+}
+
+
 variable "route_tables" {
   description = "Route tables and their default routes"
   type        = map
diff --git a/terraform/providers/dev/vpc.tf b/terraform/providers/dev/vpc.tf
index 0b930a0d..b7fac8ae 100644
--- a/terraform/providers/dev/vpc.tf
+++ b/terraform/providers/dev/vpc.tf
@@ -4,6 +4,7 @@ module "vpc" {
   region          = var.region
   virtual_network = var.virtual_network
   networks        = var.networks
+  gateway_subnet  = var.gateway_subnet
   route_tables    = var.route_tables
   owner           = var.owner
   name            = var.name