Merge pull request #1270 from robgil-dds/169163334-ssl-vpn

169163334 - Adds Virtual Network Gateway for VPN
2019-12-20 10:22:27 -05:00 · 2019-12-20 10:22:27 -05:00 · 7dbdeb3ae7
commit 7dbdeb3ae7
parent 74fdbafa7f 866b789b6c
4 changed files with 62 additions and 8 deletions
--- a/terraform/modules/vpc/main.tf
+++ b/terraform/modules/vpc/main.tf
@ -36,9 +36,9 @@ resource "azurerm_subnet" "subnet" {
  address_prefix       = element(split(",", each.value), 0)

  # See https://github.com/terraform-providers/terraform-provider-azurerm/issues/3471
-  lifecycle { 
-     ignore_changes = [route_table_id]
-  } 
+  lifecycle {
+    ignore_changes = [route_table_id]
+  }
  #delegation {
  #  name = "acctestdelegation"
  #
@ -57,16 +57,58 @@ resource "azurerm_route_table" "route_table" {
 }

 resource "azurerm_subnet_route_table_association" "route_table" {
-  for_each      = var.networks
-  subnet_id     = azurerm_subnet.subnet[each.key].id
+  for_each       = var.networks
+  subnet_id      = azurerm_subnet.subnet[each.key].id
  route_table_id = azurerm_route_table.route_table[each.key].id
 }

 resource "azurerm_route" "route" {
-  for_each      = var.route_tables
-  name          = "${var.name}-${var.environment}-default" 
+  for_each            = var.route_tables
+  name                = "${var.name}-${var.environment}-default"
  resource_group_name = azurerm_resource_group.vpc.name
-  route_table_name = azurerm_route_table.route_table[each.key].name
+  route_table_name    = azurerm_route_table.route_table[each.key].name
  address_prefix      = "0.0.0.0/0"
  next_hop_type       = each.value
 }
+
+# Required for the gateway
+resource "azurerm_subnet" "gateway" {
+  name                 = "GatewaySubnet"
+  resource_group_name  = azurerm_resource_group.vpc.name
+  virtual_network_name = azurerm_virtual_network.vpc.name
+  address_prefix       = var.gateway_subnet
+}
+
+
+resource "azurerm_public_ip" "vpn_ip" {
+  name                = "test"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+
+  allocation_method = "Dynamic"
+}
+
+resource "azurerm_virtual_network_gateway" "vnet_gateway" {
+  name                = "test"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+
+  type     = "Vpn"
+  vpn_type = "RouteBased"
+
+  active_active = false
+  enable_bgp    = false
+  sku           = "Standard"
+
+  ip_configuration {
+    name                          = "vnetGatewayConfig"
+    public_ip_address_id          = azurerm_public_ip.vpn_ip.id
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = azurerm_subnet.gateway.id
+  }
+
+  vpn_client_configuration {
+    address_space        = ["172.16.1.0/24"]
+    vpn_client_protocols = ["OpenVPN"]
+  }
+}
--- a/terraform/modules/vpc/variables.tf
+++ b/terraform/modules/vpc/variables.tf
@ -41,3 +41,8 @@ variable "route_tables" {
  type        = map
  description = "A map with the route tables to create"
 }
+
+variable "gateway_subnet" {
+  type        = string
+  description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'"
+}
--- a/terraform/providers/dev/variables.tf
+++ b/terraform/providers/dev/variables.tf
@ -36,6 +36,12 @@ variable "networks" {
  }
 }

+variable "gateway_subnet" {
+  type    = string
+  default = "10.1.20.0/24"
+}
+
+
 variable "route_tables" {
  description = "Route tables and their default routes"
  type        = map
--- a/terraform/providers/dev/vpc.tf
+++ b/terraform/providers/dev/vpc.tf
@ -4,6 +4,7 @@ module "vpc" {
  region          = var.region
  virtual_network = var.virtual_network
  networks        = var.networks
+  gateway_subnet  = var.gateway_subnet
  route_tables    = var.route_tables
  owner           = var.owner
  name            = var.name