diff --git a/.terraform-docs.yml b/.terraform-docs.yml index 6b2519a..cac10ad 100644 --- a/.terraform-docs.yml +++ b/.terraform-docs.yml @@ -8,11 +8,12 @@ content: |- # Usage - Module - ## Network Watcher Flow Log + ## VPN Server Configuration + ```hcl - {{ include "examples/network-watcher-flow-log-example/main.tf" }} + {{ include "examples/vpn-server-example/main.tf" }} ``` - + {{ .Providers }} {{ .Modules }} diff --git a/docs/header-doc.tf b/docs/header-doc.tf index d2277f5..8d67040 100644 --- a/docs/header-doc.tf +++ b/docs/header-doc.tf @@ -1,6 +1,6 @@ /** - * # Invullen - * [![Changelog](https://img.shields.io/badge/changelog-release-green.svg)](Invullen) [![Notice](https://img.shields.io/badge/notice-copyright-yellow.svg)](NOTICE) [![Apache V2 License](https://img.shields.io/badge/license-Apache%20V2-orange.svg)](LICENSE) [![TF Registry](https://img.shields.io/badge/terraform-registry-blue.svg)](Invullen) + * ## VPN Server Configuration + * [![Changelog](https://img.shields.io/badge/changelog-release-green.svg)](Invullen) [![Notice](https://img.shields.io/badge/notice-copyright-yellow.svg)](NOTICE) [![Apache V2 License](https://img.shields.io/badge/license-Apache%20V2-orange.svg)](LICENSE) [![TF Registry](https://img.shields.io/badge/terraform-registry-blue.svg)](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_server_configuration) * * * diff --git a/examples/example1/main.tf b/examples/example1/main.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example1/variables.tf b/examples/example1/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example1/README.md b/examples/vpn-server-example/README.md similarity index 73% rename from examples/example1/README.md rename to examples/vpn-server-example/README.md index 3dc5865..19b7c8a 100644 --- a/examples/example1/README.md +++ b/examples/vpn-server-example/README.md @@ -1,6 +1,6 @@ -# Terraform module | AzureRM - Invullen +# Terraform module | AzureRM - VPN Server Configuration -This Terraform module is designed to create a Invullen for Azure. +This Terraform module is designed to create a VPN Server Configuration for Azure. ## Pre-requisites @@ -9,7 +9,7 @@ Using the modules requires the following pre-requisites: ## Usage -`Invullen` +`VPN Server Configuration` ```hcl diff --git a/examples/vpn-server-example/main.tf b/examples/vpn-server-example/main.tf new file mode 100644 index 0000000..9104e93 --- /dev/null +++ b/examples/vpn-server-example/main.tf @@ -0,0 +1,15 @@ + +module "vpn_server_configuration" { + source = "sironite/vpn_server_configuration/azurerm" + version = "X.X.X" + + vpn_server_configuration_name = "example-vpn-server-configuration" + resource_group_name = "example-resource-group" + location = "WestEurope" + vpn_authentication_types = "AzureAD" + + audience = "https://example.com" + issuer = "https://example.com" + tenant_id = "00000000-0000-0000-0000-000000000000" +} + diff --git a/examples/vpn-server-example/variables.tf b/examples/vpn-server-example/variables.tf new file mode 100644 index 0000000..b273a53 --- /dev/null +++ b/examples/vpn-server-example/variables.tf @@ -0,0 +1,135 @@ +variable "vpn_server_configuration_name" { + type = string + description = "The name of the VPN server configuration." +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group in which to create the VPN server configuration." +} + +variable "location" { + type = string + description = "The location in which to create the VPN server configuration." + +} + +variable "vpn_authentication_types" { + type = string + description = "The type of VPN authentication to use." + default = null +} + +variable "vpn_protocols" { + type = string + description = "The VPN protocols to use." + default = null +} + +variable "audience" { + type = string + description = "The audience for Azure AD authentication." + default = null +} + +variable "issuer" { + type = string + description = "The issuer for Azure AD authentication." + default = null +} + +variable "tenant_id" { + type = string + description = "The tenant ID for Azure AD authentication." + default = null +} + +variable "client_root_certificate_name" { + type = string + description = "The name of the client root certificate." + default = null +} + +variable "public_cert_data" { + type = string + description = "The public certificate data." + default = null +} + +variable "server_adress" { + type = string + description = "The address of the RADIUS server." + default = null +} + +variable "server_secret" { + type = string + description = "The secret for the RADIUS server." + default = null +} + +variable "server_score" { + type = string + description = "The score for the RADIUS server." + default = null +} + +variable "tumbprint" { + type = string + description = "The thumbprint for the client root certificate." + default = null +} + +variable "server_root_certificate_name" { + type = string + description = "The name of the server root certificate." + default = null +} + +variable "dh_group" { + type = string + description = "The Diffie-Hellman group to use." + default = null +} + +variable "ike_encryption" { + type = string + description = "The IKE encryption to use." + default = null +} + +variable "ike_integrity" { + type = string + description = "The IKE integrity to use." + default = null +} + +variable "ipsec_encryption" { + type = string + description = "The IPSec encryption to use." + default = null +} + +variable "ipsec_integrity" { + type = string + description = "The IPSec integrity to use." + default = null +} + +variable "pfs_group" { + type = string + description = "The Perfect Forward Secrecy group to use." + default = null +} + +variable "sa_data_size_kilobytes" { + type = string + description = "The size of the SA data in kilobytes." + default = null +} + +variable "sa_life_time_seconds" { + type = string + description = "The lifetime of the SA in seconds." + default = null +} \ No newline at end of file diff --git a/main.tf b/main.tf index e69de29..5b81204 100644 --- a/main.tf +++ b/main.tf @@ -0,0 +1,57 @@ +resource "azurerm_vpn_server_configuration" "example" { + name = var.vpn_server_configuration_name + resource_group_name = var.resource_group_name + location = var.location + vpn_authentication_types = var.vpn_authentication_types + vpn_protocols = var.vpn_protocols + + dynamic "azure_active_directory_authentication" { + for_each = var.vpn_authentication_types == "AzureAD" ? [1] : [] + content { + audience = var.audience + issuer = var.issuer + tenant_id = var.tenant_id + } + } + + dynamic "client_root_certificate" { + for_each = var.vpn_authentication_types == "Certificate" ? [1] : [] + content { + name = var.client_root_certificate_name + public_cert_data = var.public_cert_data + } + } + + dynamic "radius" { + for_each = var.vpn_authentication_types == "Radius" ? [1] : [] + content { + radius { + server { + adress = var.server_adress + secret = var.server_secret + score = var.server_score + } + client_root_certificate { + name = var.client_root_certificate_name + tumbprint = var.tumbprint + } + server_root_certificate { + name = var.server_root_certificate_name + public_cert_data = var.public_cert_data + } + } + } + } + + + ipsec_policy { + dh_group = var.dh_group + ike_encryption = var.ike_encryption + ike_integrity = var.ike_integrity + ipsec_encryption = var.ipsec_encryption + ipsec_integrity = var.ipsec_integrity + pfs_group = var.pfs_group + sa_data_size_kilobytes = var.sa_data_size_kilobytes + sa_life_time_seconds = var.sa_life_time_seconds + } +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index e69de29..1c9827b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -0,0 +1,9 @@ +output "vpn_server_configuration_id" { + description = "The ID of the VPN server configuration." + value = azurerm_vpn_server_configuration.example.id +} + +output "vpn_server_configuration_name" { + description = "The name of the VPN server configuration." + value = azurerm_vpn_server_configuration.example.name +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index e69de29..b273a53 100644 --- a/variables.tf +++ b/variables.tf @@ -0,0 +1,135 @@ +variable "vpn_server_configuration_name" { + type = string + description = "The name of the VPN server configuration." +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group in which to create the VPN server configuration." +} + +variable "location" { + type = string + description = "The location in which to create the VPN server configuration." + +} + +variable "vpn_authentication_types" { + type = string + description = "The type of VPN authentication to use." + default = null +} + +variable "vpn_protocols" { + type = string + description = "The VPN protocols to use." + default = null +} + +variable "audience" { + type = string + description = "The audience for Azure AD authentication." + default = null +} + +variable "issuer" { + type = string + description = "The issuer for Azure AD authentication." + default = null +} + +variable "tenant_id" { + type = string + description = "The tenant ID for Azure AD authentication." + default = null +} + +variable "client_root_certificate_name" { + type = string + description = "The name of the client root certificate." + default = null +} + +variable "public_cert_data" { + type = string + description = "The public certificate data." + default = null +} + +variable "server_adress" { + type = string + description = "The address of the RADIUS server." + default = null +} + +variable "server_secret" { + type = string + description = "The secret for the RADIUS server." + default = null +} + +variable "server_score" { + type = string + description = "The score for the RADIUS server." + default = null +} + +variable "tumbprint" { + type = string + description = "The thumbprint for the client root certificate." + default = null +} + +variable "server_root_certificate_name" { + type = string + description = "The name of the server root certificate." + default = null +} + +variable "dh_group" { + type = string + description = "The Diffie-Hellman group to use." + default = null +} + +variable "ike_encryption" { + type = string + description = "The IKE encryption to use." + default = null +} + +variable "ike_integrity" { + type = string + description = "The IKE integrity to use." + default = null +} + +variable "ipsec_encryption" { + type = string + description = "The IPSec encryption to use." + default = null +} + +variable "ipsec_integrity" { + type = string + description = "The IPSec integrity to use." + default = null +} + +variable "pfs_group" { + type = string + description = "The Perfect Forward Secrecy group to use." + default = null +} + +variable "sa_data_size_kilobytes" { + type = string + description = "The size of the SA data in kilobytes." + default = null +} + +variable "sa_life_time_seconds" { + type = string + description = "The lifetime of the SA in seconds." + default = null +} \ No newline at end of file diff --git a/versions.tf b/versions.tf index e69de29..3d19b74 100644 --- a/versions.tf +++ b/versions.tf @@ -0,0 +1,12 @@ +# Specify the required version of Terraform +terraform { + required_version = ">= 1.0.0" + + # Specify the required version of the azurerm provider + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=2.0.0" + } + } +} \ No newline at end of file