From 40059cb53205bab589cd314f33bdcf03c3b3febb Mon Sep 17 00:00:00 2001
From: Florian de Vries <florian.de.vries@conclusion.nl>
Date: Mon, 10 Jun 2024 08:06:20 +0200
Subject: [PATCH] Add terraform module for managing Point-to-Site VPN Gateway

---
 README.md         | 48 +++++++++++++++++++++++++++++++++--
 main.tf           | 41 ++++++++++++++++++++++++++++++
 outputs.tf        |  4 +++
 resource_group.tf | 10 ++++++++
 variables.tf      | 64 +++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 165 insertions(+), 2 deletions(-)
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 resource_group.tf
 create mode 100644 variables.tf

diff --git a/README.md b/README.md
index 1fb20fc..19688b7 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,46 @@
-# terraform-azurerm-point-to-site-vpn-gateway
-Manages a Point-to-Site VPN Gateway.
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | github.com/fjdev/terraform-azurerm-resource-group | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_point_to_site_vpn_gateway.p2s_vpng](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/point_to_site_vpn_gateway) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_connection_configuration"></a> [connection\_configuration](#input\_connection\_configuration) | (Required) A connection\_configuration block as defined below. | `object({})` | n/a | yes |
+| <a name="input_deploy_resource_group"></a> [deploy\_resource\_group](#input\_deploy\_resource\_group) | (Optional) Specifies whether to deploy the resource group or not. Defaults to true. | `bool` | `true` | no |
+| <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | (Optional) A list of IP Addresses of DNS Servers for the Point-to-Site VPN Gateway. | `list(string)` | `null` | no |
+| <a name="input_location"></a> [location](#input\_location) | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `string` | n/a | yes |
+| <a name="input_managed_by"></a> [managed\_by](#input\_managed\_by) | (Optional) The ID of the resource or application that manages this Resource Group. | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | (Required) Specifies the name of the Point-to-Site VPN Gateway. Changing this forces a new resource to be created. | `string` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the resource group in which to create the Point-to-Site VPN Gateway. Changing this forces a new resource to be created. | `string` | n/a | yes |
+| <a name="input_routing_preference_internet_enabled"></a> [routing\_preference\_internet\_enabled](#input\_routing\_preference\_internet\_enabled) | (Optional) Is the Routing Preference for the Public IP Interface of the VPN Gateway enabled? Defaults to false. Changing this forces a new resource to be created. | `bool` | `false` | no |
+| <a name="input_scale_unit"></a> [scale\_unit](#input\_scale\_unit) | (Required) The Scale Unit for this Point-to-Site VPN Gateway. | `number` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the Point-to-Site VPN Gateway. | `any` | `null` | no |
+| <a name="input_virtual_hub_id"></a> [virtual\_hub\_id](#input\_virtual\_hub\_id) | (Required) The ID of the Virtual Hub where this Point-to-Site VPN Gateway should exist. Changing this forces a new resource to be created. | `string` | n/a | yes |
+| <a name="input_vpn_server_configuration_id"></a> [vpn\_server\_configuration\_id](#input\_vpn\_server\_configuration\_id) | (Required) The ID of the VPN Server Configuration which this Point-to-Site VPN Gateway should use. Changing this forces a new resource to be created. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Point-to-Site VPN Gateway. |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..bc41ef1
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,41 @@
+resource "azurerm_point_to_site_vpn_gateway" "p2s_vpng" {
+  name                = var.name
+  resource_group_name = var.deploy_resource_group ? module.resource_group[0].name : var.resource_group_name
+  location            = var.location
+
+  connection_configuration {
+    name = var.connection_configuration.name
+
+    vpn_client_address_pool {
+      address_prefixes = var.connection_configuration.vpn_client_address_pool.address_prefixes
+    }
+
+    dynamic "route" {
+      for_each = var.connection_configuration.route != null ? [var.connection_configuration.route] : []
+
+      content {
+        associated_route_table_id = route.value.associated_route_table_id
+        inbound_route_map_id      = route.value.inbound_route_map_id
+        outbound_route_map_id     = route.value.outbound_route_map_id
+
+        dynamic "propagated_route_table" {
+          for_each = route.value.propagated_route_table != null ? [route.value.propagated_route_table] : []
+
+          content {
+            ids    = propagated_route_table.value.ids
+            labels = propagated_route_table.value.labels
+          }
+        }
+      }
+    }
+
+    internet_security_enabled = var.connection_configuration.internet_security_enabled
+  }
+
+  scale_unit                          = var.scale_unit
+  virtual_hub_id                      = var.virtual_hub_id
+  vpn_server_configuration_id         = var.vpn_server_configuration_id
+  dns_servers                         = var.dns_servers
+  routing_preference_internet_enabled = var.routing_preference_internet_enabled
+  tags                                = var.tags
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..db87712
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+  value       = azurerm_point_to_site_vpn_gateway.p2s_vpng.id
+  description = "The ID of the Point-to-Site VPN Gateway."
+}
diff --git a/resource_group.tf b/resource_group.tf
new file mode 100644
index 0000000..553f89e
--- /dev/null
+++ b/resource_group.tf
@@ -0,0 +1,10 @@
+module "resource_group" {
+  count = var.deploy_resource_group ? 1 : 0
+
+  source = "github.com/fjdev/terraform-azurerm-resource-group"
+
+  name       = var.resource_group_name
+  location   = var.location
+  managed_by = var.managed_by
+  tags       = try(var.tags.resource_group, null)
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..f204f78
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,64 @@
+variable "name" {
+  type        = string
+  description = "(Required) Specifies the name of the Point-to-Site VPN Gateway. Changing this forces a new resource to be created."
+}
+
+variable "deploy_resource_group" {
+  type        = bool
+  default     = true
+  description = "(Optional) Specifies whether to deploy the resource group or not. Defaults to true."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "(Required) The name of the resource group in which to create the Point-to-Site VPN Gateway. Changing this forces a new resource to be created."
+}
+
+variable "location" {
+  type        = string
+  description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created."
+}
+
+variable "connection_configuration" {
+  type        = object({})
+  description = "(Required) A connection_configuration block as defined below."
+}
+
+variable "scale_unit" {
+  type        = number
+  description = "(Required) The Scale Unit for this Point-to-Site VPN Gateway."
+}
+
+variable "virtual_hub_id" {
+  type        = string
+  description = "(Required) The ID of the Virtual Hub where this Point-to-Site VPN Gateway should exist. Changing this forces a new resource to be created."
+}
+
+variable "vpn_server_configuration_id" {
+  type        = string
+  description = "(Required) The ID of the VPN Server Configuration which this Point-to-Site VPN Gateway should use. Changing this forces a new resource to be created."
+}
+
+variable "dns_servers" {
+  type        = list(string)
+  default     = null
+  description = "(Optional) A list of IP Addresses of DNS Servers for the Point-to-Site VPN Gateway."
+}
+
+variable "routing_preference_internet_enabled" {
+  type        = bool
+  default     = false
+  description = "(Optional) Is the Routing Preference for the Public IP Interface of the VPN Gateway enabled? Defaults to false. Changing this forces a new resource to be created."
+}
+
+variable "managed_by" {
+  type        = string
+  default     = null
+  description = "(Optional) The ID of the resource or application that manages this Resource Group."
+}
+
+variable "tags" {
+  type        = any
+  default     = null
+  description = "(Optional) A mapping of tags to assign to the Point-to-Site VPN Gateway."
+}