Merge pull request #4 from fjdev/feature/restructure-model

Restructure module layout

README.md

@@ -11,33 +11,31 @@ No requirements.
 
 ## Modules
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | github.com/fjdev/terraform-azurerm-resource-group | n/a |
+No modules.
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [azurerm_point_to_site_vpn_gateway.p2s_vpng](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/point_to_site_vpn_gateway) | resource |
-| [azurerm_vpn_server_configuration.vpnsc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_server_configuration) | resource |
+| [azurerm_point_to_site_vpn_gateway.p2svpng](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/point_to_site_vpn_gateway) | resource |
+| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_connection_configuration"></a> [connection\_configuration](#input\_connection\_configuration) | (Required) A connection\_configuration block as defined below. | <pre>object({<br>    name = string<br>    vpn_client_address_pool = object({<br>      address_prefixes = list(string)<br>    })<br>    route = optional(object({<br>      associated_route_table_id = string<br>      inbound_route_map_id      = string<br>      outbound_route_map_id     = string<br>      propagated_route_table = optional(object({<br>        ids    = list(string)<br>        labels = optional(list(string))<br>      }))<br>    }))<br>    internet_security_enabled = optional(bool)<br>  })</pre> | n/a | yes |
+| <a name="input_connection_configurations"></a> [connection\_configurations](#input\_connection\_configurations) | (Required) One or more connection\_configuration blocks as defined above. | <pre>map(object({<br>    vpn_client_address_pool = object({<br>      address_prefixes = list(string)<br>    })<br>    route = optional(object({<br>      associated_route_table_id = string<br>      inbound_route_map_id      = optional(string)<br>      outbound_route_map_id     = optional(string)<br>      propagated_route_table = optional(object({<br>        ids    = list(string)<br>        labels = optional(list(string))<br>      }))<br>    }))<br>    internet_security_enabled = optional(bool)<br>  }))</pre> | n/a | yes |
 | <a name="input_deploy_resource_group"></a> [deploy\_resource\_group](#input\_deploy\_resource\_group) | (Optional) Specifies whether to deploy the resource group or not. Defaults to true. | `bool` | `true` | no |
-| <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | (Optional) A list of IP Addresses of DNS Servers for the Point-to-Site VPN Gateway. | `list(string)` | `null` | no |
+| <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | (Optional) A list of IP Addresses of DNS Servers for the Point-to-Site VPN Gateway. | `list(string)` | `[]` | no |
 | <a name="input_location"></a> [location](#input\_location) | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_managed_by"></a> [managed\_by](#input\_managed\_by) | (Optional) The ID of the resource or application that manages this Resource Group. | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Required) Specifies the name of the Point-to-Site VPN Gateway. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the resource group in which to create the Point-to-Site VPN Gateway. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_routing_preference_internet_enabled"></a> [routing\_preference\_internet\_enabled](#input\_routing\_preference\_internet\_enabled) | (Optional) Is the Routing Preference for the Public IP Interface of the VPN Gateway enabled? Defaults to false. Changing this forces a new resource to be created. | `bool` | `false` | no |
 | <a name="input_scale_unit"></a> [scale\_unit](#input\_scale\_unit) | (Required) The Scale Unit for this Point-to-Site VPN Gateway. | `number` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the Point-to-Site VPN Gateway. | `any` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resources | `any` | `null` | no |
 | <a name="input_virtual_hub_id"></a> [virtual\_hub\_id](#input\_virtual\_hub\_id) | (Required) The ID of the Virtual Hub where this Point-to-Site VPN Gateway should exist. Changing this forces a new resource to be created. | `string` | n/a | yes |
-| <a name="input_vpn_server_configuration"></a> [vpn\_server\_configuration](#input\_vpn\_server\_configuration) | (Required) A vpn\_server\_configuration block as defined below. | <pre>object({<br>    name                     = string<br>    vpn_authentication_types = string<br>    ipsec_policy = optional(object({<br>      dh_group               = string<br>      ike_encryption         = string<br>      ike_integrity          = string<br>      ipsec_encryption       = string<br>      ipsec_integrity        = string<br>      pfs_group              = string<br>      sa_lifetime_seconds    = number<br>      sa_data_size_kilobytes = number<br>    }))<br>    vpn_protocols = optional(list(string))<br>    azure_active_directory_authentication = optional(object({<br>      audience = string<br>      issuer   = string<br>      tenant   = string<br>    }))<br>    client_root_certificate = optional(map(object({<br>      public_cert_data = string<br>    })))<br>    client_revoked_certificate = optional(map(object({<br>      thumbprint = string<br>    })))<br>    radius = optional(object({<br>      server = map(object({<br>        address = string<br>        secret  = string<br>        score   = number<br>      }))<br>      client_root_certificate = optional(map(object({<br>        thumbprint = string<br>      })))<br>      server_root_certificate = optional(map(object({<br>        public_cert_data = string<br>      })))<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_vpn_server_configuration_id"></a> [vpn\_server\_configuration\_id](#input\_vpn\_server\_configuration\_id) | (Required) The ID of the VPN Server Configuration which this Point-to-Site VPN Gateway should use. Changing this forces a new resource to be created. | `string` | n/a | yes |
 
 ## Outputs
 

main.tf

@@ -1,40 +1,56 @@
-resource "azurerm_point_to_site_vpn_gateway" "p2s_vpng" {
+# Resource Group
+resource "azurerm_resource_group" "rg" {
+  count = var.deploy_resource_group ? 1 : 0
+
+  name       = var.resource_group_name
+  location   = var.location
+  managed_by = var.managed_by
+  tags       = try(var.tags.resource_group, null)
+}
+
+# Point-to-Site VPN Gateway
+resource "azurerm_point_to_site_vpn_gateway" "p2svpng" {
   name                = var.name
-  resource_group_name = var.deploy_resource_group ? module.resource_group[0].name : var.resource_group_name
+  resource_group_name = var.deploy_resource_group ? azurerm_resource_group.rg[0].name : var.resource_group_name
   location            = var.location
 
-  connection_configuration {
-    name = var.connection_configuration.name
+  dynamic "connection_configuration" {
+    for_each = var.connection_configurations != null ? var.connection_configurations : {}
 
-    vpn_client_address_pool {
-      address_prefixes = var.connection_configuration.vpn_client_address_pool.address_prefixes
-    }
+    content {
+
+      name = each.key
 
-    dynamic "route" {
-      for_each = var.connection_configuration.route != null ? [var.connection_configuration.route] : []
+      vpn_client_address_pool {
+        address_prefixes = each.value.vpn_client_address_pool.address_prefixes
+      }
+
+      dynamic "route" {
+        for_each = each.value.route != null ? [each.value.route] : []
 
-      content {
-        associated_route_table_id = route.value.associated_route_table_id
-        inbound_route_map_id      = route.value.inbound_route_map_id
-        outbound_route_map_id     = route.value.outbound_route_map_id
+        content {
+          associated_route_table_id = route.value.associated_route_table_id
+          inbound_route_map_id      = route.value.inbound_route_map_id
+          outbound_route_map_id     = route.value.outbound_route_map_id
 
-        dynamic "propagated_route_table" {
-          for_each = route.value.propagated_route_table != null ? [route.value.propagated_route_table] : []
+          dynamic "propagated_route_table" {
+            for_each = route.value.propagated_route_table != null ? [route.value.propagated_route_table] : []
 
-          content {
-            ids    = propagated_route_table.value.ids
-            labels = propagated_route_table.value.labels
+            content {
+              ids    = propagated_route_table.value.ids
+              labels = propagated_route_table.value.labels
+            }
           }
         }
       }
-    }
 
-    internet_security_enabled = var.connection_configuration.internet_security_enabled
+      internet_security_enabled = each.value.internet_security_enabled
+    }
   }
 
   scale_unit                          = var.scale_unit
   virtual_hub_id                      = var.virtual_hub_id
-  vpn_server_configuration_id         = azurerm_vpn_server_configuration.vpnsc.id
+  vpn_server_configuration_id         = var.vpn_server_configuration_id
   dns_servers                         = var.dns_servers
   routing_preference_internet_enabled = var.routing_preference_internet_enabled
   tags                                = try(var.tags.point_to_site_vpn_gateway, null)

outputs.tf

@@ -1,4 +1,4 @@
 output "id" {
-  value       = azurerm_point_to_site_vpn_gateway.p2s_vpng.id
   description = "The ID of the Point-to-Site VPN Gateway."
+  value       = azurerm_point_to_site_vpn_gateway.p2svpng.id
 }

variables.tf

@@ -3,12 +3,6 @@ variable "name" {
   description = "(Required) Specifies the name of the Point-to-Site VPN Gateway. Changing this forces a new resource to be created."
 }
 
-variable "deploy_resource_group" {
-  type        = bool
-  default     = true
-  description = "(Optional) Specifies whether to deploy the resource group or not. Defaults to true."
-}
-
 variable "resource_group_name" {
   type        = string
   description = "(Required) The name of the resource group in which to create the Point-to-Site VPN Gateway. Changing this forces a new resource to be created."
@@ -19,24 +13,23 @@ variable "location" {
   description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created."
 }
 
-variable "connection_configuration" {
-  type = object({
-    name = string
+variable "connection_configurations" {
+  type = map(object({
     vpn_client_address_pool = object({
       address_prefixes = list(string)
     })
     route = optional(object({
       associated_route_table_id = string
-      inbound_route_map_id      = string
-      outbound_route_map_id     = string
+      inbound_route_map_id      = optional(string)
+      outbound_route_map_id     = optional(string)
       propagated_route_table = optional(object({
         ids    = list(string)
         labels = optional(list(string))
       }))
     }))
     internet_security_enabled = optional(bool)
-  })
-  description = "(Required) A connection_configuration block as defined below."
+  }))
+  description = "(Required) One or more connection_configuration blocks as defined above."
 }
 
 variable "scale_unit" {
@@ -49,69 +42,37 @@ variable "virtual_hub_id" {
   description = "(Required) The ID of the Virtual Hub where this Point-to-Site VPN Gateway should exist. Changing this forces a new resource to be created."
 }
 
+variable "vpn_server_configuration_id" {
+  type        = string
+  description = "(Required) The ID of the VPN Server Configuration which this Point-to-Site VPN Gateway should use. Changing this forces a new resource to be created."
+}
+
 variable "dns_servers" {
   type        = list(string)
-  default     = null
   description = "(Optional) A list of IP Addresses of DNS Servers for the Point-to-Site VPN Gateway."
+  default     = []
 }
 
 variable "routing_preference_internet_enabled" {
   type        = bool
-  default     = false
   description = "(Optional) Is the Routing Preference for the Public IP Interface of the VPN Gateway enabled? Defaults to false. Changing this forces a new resource to be created."
-}
-
-variable "managed_by" {
-  type        = string
-  default     = null
-  description = "(Optional) The ID of the resource or application that manages this Resource Group."
+  default     = false
 }
 
 variable "tags" {
   type        = any
+  description = "(Optional) A mapping of tags to assign to the resources"
   default     = null
-  description = "(Optional) A mapping of tags to assign to the Point-to-Site VPN Gateway."
 }
 
-variable "vpn_server_configuration" {
-  type = object({
-    name                     = string
-    vpn_authentication_types = string
-    ipsec_policy = optional(object({
-      dh_group               = string
-      ike_encryption         = string
-      ike_integrity          = string
-      ipsec_encryption       = string
-      ipsec_integrity        = string
-      pfs_group              = string
-      sa_lifetime_seconds    = number
-      sa_data_size_kilobytes = number
-    }))
-    vpn_protocols = optional(list(string))
-    azure_active_directory_authentication = optional(object({
-      audience = string
-      issuer   = string
-      tenant   = string
-    }))
-    client_root_certificate = optional(map(object({
-      public_cert_data = string
-    })))
-    client_revoked_certificate = optional(map(object({
-      thumbprint = string
-    })))
-    radius = optional(object({
-      server = map(object({
-        address = string
-        secret  = string
-        score   = number
-      }))
-      client_root_certificate = optional(map(object({
-        thumbprint = string
-      })))
-      server_root_certificate = optional(map(object({
-        public_cert_data = string
-      })))
-    }))
-  })
-  description = "(Required) A vpn_server_configuration block as defined below."
+variable "deploy_resource_group" {
+  type        = bool
+  description = "(Optional) Specifies whether to deploy the resource group or not. Defaults to true."
+  default     = true
+}
+
+variable "managed_by" {
+  type        = string
+  default     = null
+  description = "(Optional) The ID of the resource or application that manages this Resource Group."
 }