diff --git a/Makefile b/Makefile
index 9539fec..e619e8e 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,4 @@
export TF_PATH
test:
- cd tests && go test -v -timeout 60m -run TestApplyNoError/$(TF_PATH) ./virtualwan_test.go
-
-#test_extended:
- #cd tests && env go test -v -timeout 60m -run TestVm ./vm_extended_test.go
+ cd tests && go test -v -timeout 60m -run TestApplyNoError/$(TF_PATH) ./vwan_test.go
diff --git a/README.md b/README.md
index b1883b0..97b4d07 100644
--- a/README.md
+++ b/README.md
@@ -24,12 +24,9 @@ End-to-end testing is not conducted on these modules, as they are individual com
## Features
-- simplified virtual wan deployment across regions
+- simplified virtual wan deployment
- multiple secure virtual hub support
- utilization of terratest for robust validation
-- multiple collection groups, collections and rules support
-- optional ip group integration in collection rule groups
-- supports base and child policy inheritance
## Requirements
@@ -44,22 +41,10 @@ End-to-end testing is not conducted on these modules, as they are individual com
|------|---------|
| [azurerm](#provider\_azurerm) | ~> 3.61 |
-## Modules
-
-| Name | Source |
-|------|--------|
-| [collection-rule-groups](./modules/collection-rule-groups) | resource |
-| [firewall-policy](./modules/firewall-policy) | resource |
-
## Resources
| Name | Type |
|------|------|
-| [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) | resource |
-| [azurerm_firewall_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy) | resource |
-| [azurerm_firewall_policy_rule_collection_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group) | resource |
-| [azurerm_ip_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group) | resource |
-| [azurerm_ip_group_cidr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group_cidr) | resource |
| [azurerm_virtual_hub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub) | resource |
| [azurerm_virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_wan) | resource |
@@ -70,17 +55,14 @@ End-to-end testing is not conducted on these modules, as they are individual com
| `vwan` | describes virtual wan configuration | object | yes |
| `naming` | contains naming convention | string | yes |
| `location` | default azure region and can be used if location is not specified inside the object | string | no |
-| `resourcegroup` | default resource group and can be used if resourcegroup is not specified inside the object | string | no |
+| `resource_group` | default resource group and can be used if resourcegroup is not specified inside the object | string | no |
## Outputs
| Name | Description |
| :-- | :-- |
| `vwan` | contains virtual wan configuration |
-| `policy` | contains firewall policy configuration |
-| `vhub` | contains virtual hub configuration |
-| `firewall` | contains firewall configuration |
-| `firewall_public_ip_addresses` | list of public ip addresses associated with the firewall |
+| `vhubs` | contains virtual hub configuration |
## Testing
diff --git a/examples/collection-rule-groups/README.md b/examples/collection-rule-groups/README.md
deleted file mode 100644
index 89ff7ec..0000000
--- a/examples/collection-rule-groups/README.md
+++ /dev/null
@@ -1,122 +0,0 @@
-This example demonstrates managing collection groups within secure virtual hubs.
-
-## Usage
-
-```hcl
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.11"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- vhubs = {
- westeurope = {
- name = module.naming.virtual_hub.name
- resourcegroup = module.rg.groups.demo.name
- location = "westeurope"
- address_prefix = "10.0.0.0/23"
- policy = {
- name = module.naming.firewall_policy.name
- location = "westeurope"
- }
- }
- }
- }
-}
-```
-
-```hcl
-module "collection_rule_groups" {
- source = "cloudnationhq/vwan/azure//modules/collection-rule-groups"
- version = "~> 0.1"
-
- naming = local.naming
- groups = local.collection_rule_groups
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-}
-```
-
-The local below is utilized to store config,
-
-```hcl
-locals {
- collection_rule_groups = {
- default = {
- priority = 1000
- firewall_policy_id = module.vwan.policy.westeurope.id
- network_rule_collections = {
- netw_rules = {
- name = "netwrules"
- priority = 7000
- action = "Allow"
- rules = {
- rule1 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["10.0.1.0/8"]
- source_addresses = ["10.0.0.0/8"]
- }
- rule2 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["12.0.1.0/8"]
- source_addresses = ["12.0.0.0/8"]
- }
- }
- }
- }
- application_rule_collections = {
- app_rules = {
- name = "apprules"
- priority = 6000
- action = "Deny"
- rules = {
- rule1 = {
- source_addresses = ["10.0.0.1"]
- destination_fqdns = ["*.microsoft.com"]
- protocols = [
- {
- type = "Https"
- port = 443
- }
- ]
- }
- rule2 = {
- source_addresses = ["10.0.0.1"]
- destination_fqdns = ["*.bing.com"]
- protocols = [
- {
- type = "Https"
- port = 443
- }
- ]
- }
- }
- }
- }
- nat_rule_collections = {
- nat_rules = {
- name = "natrules"
- priority = 8000
- action = "Dnat"
- rules = {
- rule1 = {
- source_addresses = ["145.23.23.23", "10.0.0.0/8"]
- destination_ports = ["4430"]
- destination_address = module.vwan.firewall_public_ip_addresses.public_ip_addresses[0]
- translated_port = "443"
- translated_address = "10.0.0.10"
- protocols = ["TCP"]
- }
- }
- }
- }
- }
- }
-}
-```
diff --git a/examples/collection-rule-groups/locals.tf b/examples/collection-rule-groups/locals.tf
deleted file mode 100644
index bf2fe45..0000000
--- a/examples/collection-rule-groups/locals.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-locals {
- naming = {
- # lookup outputs to have consistent naming
- for type in local.naming_types : type => lookup(module.naming, type).name
- }
-
- naming_types = ["virtual_wan", "firewall", "firewall_policy", "ip_group"]
-}
-
-locals {
- collection_rule_groups = {
- default = {
- priority = 1000
- firewall_policy_id = module.vwan.policy.westeurope.id
- network_rule_collections = {
- netw_rules = {
- name = "netwrules"
- priority = 7000
- action = "Allow"
- rules = {
- rule1 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["10.0.1.0/8"]
- source_addresses = ["10.0.0.0/8"]
- }
- rule2 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["12.0.1.0/8"]
- source_addresses = ["12.0.0.0/8"]
- }
- }
- }
- }
- application_rule_collections = {
- app_rules = {
- name = "apprules"
- priority = 6000
- action = "Deny"
- rules = {
- rule1 = {
- source_addresses = ["10.0.0.1"]
- destination_fqdns = ["*.microsoft.com"]
- protocols = [
- {
- type = "Https"
- port = 443
- }
- ]
- }
- rule2 = {
- source_addresses = ["10.0.0.1"]
- destination_fqdns = ["*.bing.com"]
- protocols = [
- {
- type = "Https"
- port = 443
- }
- ]
- }
- }
- }
- }
- nat_rule_collections = {
- nat_rules = {
- name = "natrules"
- priority = 8000
- action = "Dnat"
- rules = {
- rule1 = {
- source_addresses = ["145.23.23.23", "10.0.0.0/8"]
- destination_ports = ["4430"]
- destination_address = module.vwan.firewall_public_ip_addresses.public_ip_addresses[0]
- translated_port = "443"
- translated_address = "10.0.0.10"
- protocols = ["TCP"]
- }
- }
- }
- }
- }
- }
-}
diff --git a/examples/collection-rule-groups/main.tf b/examples/collection-rule-groups/main.tf
deleted file mode 100644
index 97f6eb9..0000000
--- a/examples/collection-rule-groups/main.tf
+++ /dev/null
@@ -1,53 +0,0 @@
-module "naming" {
- source = "cloudnationhq/naming/azure"
- version = "~> 0.1"
-
- suffix = ["demo", "dev"]
-}
-
-module "rg" {
- source = "cloudnationhq/rg/azure"
- version = "~> 0.1"
-
- groups = {
- demo = {
- name = module.naming.resource_group.name
- region = "westeurope"
- }
- }
-}
-
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.1"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- vhubs = {
- westeurope = {
- name = module.naming.virtual_hub.name
- resourcegroup = module.rg.groups.demo.name
- location = "westeurope"
- address_prefix = "10.0.0.0/23"
- policy = {
- name = module.naming.firewall_policy.name
- location = "westeurope"
- }
- }
- }
- }
-}
-
-module "collection_rule_groups" {
- source = "cloudnationhq/vwan/azure//modules/collection-rule-groups"
- version = "~> 0.1"
-
- naming = local.naming
- groups = local.collection_rule_groups
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-}
diff --git a/examples/collection-rule-groups/terraform.tf b/examples/collection-rule-groups/terraform.tf
deleted file mode 100644
index 9867469..0000000
--- a/examples/collection-rule-groups/terraform.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
-
-provider "azurerm" {
- features {}
-}
diff --git a/examples/default/README.md b/examples/default/README.md
index c0f7fb4..efe94cb 100644
--- a/examples/default/README.md
+++ b/examples/default/README.md
@@ -1,20 +1,15 @@
-This example illustrates the defaul tvirtual wan setup, in its simplest form.
+# Default
-## Usage
+This example illustrates the default setup, in its simplest form.
-```hcl
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.11"
-
- naming = local.naming
+## Types
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- vwan = {
- allow_branch_to_branch_traffic = true
- disable_vpn_encryption = false
- }
-}
+```hcl
+vwan = object({
+ name = string
+ resource_group = string
+ location = string
+ allow_branch_to_branch_traffic = optional(bool)
+ disable_vpn_encryption = optional(bool)
+})
```
diff --git a/examples/default/main.tf b/examples/default/main.tf
index ef9781d..0dd704c 100644
--- a/examples/default/main.tf
+++ b/examples/default/main.tf
@@ -7,26 +7,24 @@ module "naming" {
module "rg" {
source = "cloudnationhq/rg/azure"
- version = "~> 0.1"
+ version = "~> 1.0"
groups = {
demo = {
- name = module.naming.resource_group.name
- region = "northeurope"
+ name = module.naming.resource_group.name
+ location = "westeurope"
}
}
}
module "vwan" {
source = "cloudnationhq/vwan/azure"
- version = "~> 0.1"
-
- naming = local.naming
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
+ version = "~> 1.0"
vwan = {
+ name = module.naming.virtual_wan.name
+ resource_group = module.rg.groups.demo.name
+ location = module.rg.groups.demo.location
allow_branch_to_branch_traffic = true
disable_vpn_encryption = false
}
diff --git a/examples/intrustion-detection/README.md b/examples/intrustion-detection/README.md
deleted file mode 100644
index 56670d7..0000000
--- a/examples/intrustion-detection/README.md
+++ /dev/null
@@ -1,65 +0,0 @@
-This example highlights intrusion detection within secure virtual hubs.
-
-## Usage
-
-```hcl
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.11"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- allow_branch_to_branch_traffic = true
- disable_vpn_encryption = false
-
- vhubs = local.vhubs
- }
-}
-```
-
-The local below is utilized to store config,
-
-```hcl
-locals {
- vhubs = {
- northeurope = {
- resourcegroup = module.rg.groups.demo.name
- location = "northeurope"
- address_prefix = "10.0.0.0/23"
- firewall_tier = "Premium"
- policy = {
- location = "northeurope"
- sku = "Premium"
- intrusion_detection = {
- mode = "Alert"
- traffic_bypass = {
- bypass1 = {
- protocol = "TCP"
- description = "bypass1"
- source_addresses = ["10.0.1.0"]
- destination_addresses = ["10.1.0.0"]
- destination_ports = ["*"]
- }
- bypass2 = {
- protocol = "TCP"
- description = "bypass2"
- source_addresses = ["10.0.2.0"]
- destination_addresses = ["10.2.0.0"]
- destination_ports = ["*"]
- }
- }
- signature_overrides = {
- or1 = {
- id = "948321945312"
- state = "Alert"
- }
- }
- }
- }
- }
- }
-}
-```
diff --git a/examples/intrustion-detection/locals.tf b/examples/intrustion-detection/locals.tf
deleted file mode 100644
index c7c992a..0000000
--- a/examples/intrustion-detection/locals.tf
+++ /dev/null
@@ -1,48 +0,0 @@
-locals {
- naming = {
- # lookup outputs to have consistent naming
- for type in local.naming_types : type => lookup(module.naming, type).name
- }
-
- naming_types = ["virtual_wan", "firewall", "firewall_policy", "virtual_hub"]
-}
-
-locals {
- vhubs = {
- northeurope = {
- resourcegroup = module.rg.groups.demo.name
- location = "northeurope"
- address_prefix = "10.0.0.0/23"
- firewall_tier = "Premium"
- policy = {
- location = "northeurope"
- sku = "Premium"
- intrusion_detection = {
- mode = "Alert"
- traffic_bypass = {
- bypass1 = {
- protocol = "TCP"
- description = "bypass1"
- source_addresses = ["10.0.1.0"]
- destination_addresses = ["10.1.0.0"]
- destination_ports = ["*"]
- }
- bypass2 = {
- protocol = "TCP"
- description = "bypass2"
- source_addresses = ["10.0.2.0"]
- destination_addresses = ["10.2.0.0"]
- destination_ports = ["*"]
- }
- }
- signature_overrides = {
- or1 = {
- id = "948321945312"
- state = "Alert"
- }
- }
- }
- }
- }
- }
-}
diff --git a/examples/intrustion-detection/main.tf b/examples/intrustion-detection/main.tf
deleted file mode 100644
index 7debedd..0000000
--- a/examples/intrustion-detection/main.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-module "naming" {
- source = "cloudnationhq/naming/azure"
- version = "~> 0.1"
-
- suffix = ["demo", "dev"]
-}
-
-module "rg" {
- source = "cloudnationhq/rg/azure"
- version = "~> 0.1"
-
- groups = {
- demo = {
- name = module.naming.resource_group.name
- region = "northeurope"
- }
- }
-}
-
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.1"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- allow_branch_to_branch_traffic = true
- disable_vpn_encryption = false
-
- vhubs = local.vhubs
- }
-}
diff --git a/examples/intrustion-detection/terraform.tf b/examples/intrustion-detection/terraform.tf
deleted file mode 100644
index 9867469..0000000
--- a/examples/intrustion-detection/terraform.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
-
-provider "azurerm" {
- features {}
-}
diff --git a/examples/ip-groups/README.md b/examples/ip-groups/README.md
deleted file mode 100644
index 36bad8a..0000000
--- a/examples/ip-groups/README.md
+++ /dev/null
@@ -1,134 +0,0 @@
-This example highlights the seamless integration of IP groups and collection rule groups using firewall policy inheritence.
-
-## Usage
-
-```hcl
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.11"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- vhubs = {
- westeurope = {
- name = module.naming.virtual_hub.name
- resourcegroup = module.rg.groups.demo.name
- location = "westeurope"
- address_prefix = "10.0.0.0/23"
- policy = {
- base_policy_id = module.fwpolicy.policy.parent.id
- }
- }
- }
- }
-}
-```
-
-```hcl
-module "collection_rule_groups" {
- source = "cloudnationhq/vwan/azure//modules/collection-rule-groups"
- version = "~> 0.1"
-
- naming = local.naming
- groups = local.collection_rule_groups
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- depends_on = [module.vwan, module.ip_groups]
-}
-```
-
-```hcl
-module "fwpolicy" {
- source = "cloudnationhq/vwan/azure//modules/firewall-policy"
- version = "~> 0.1"
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- policy = {
- parent = {
- name = "fwp-demo-dev-parent"
- }
- }
-}
-```
-
-```hcl
-module "ip_groups" {
- source = "cloudnationhq/vwan/azure//modules/ip-groups"
- version = "~> 0.1"
-
- naming = local.naming
- ip_groups = local.ip_groups
- depends_on = [module.vwan]
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-}
-```
-
-The locals below are utilized to store config,
-
-```hcl
-locals {
- ip_groups = {
- internal-networks = {
- name = "ipg-internal-corporate-networks"
- cidr = [
- "10.1.0.0/16", "172.20.0.0/16", "192.168.1.0/24",
- "192.168.2.0/24", "192.168.5.0/24", "10.2.0.0/16",
- "10.3.0.0/16", "172.21.0.0/16", "172.22.0.0/16",
- "10.4.0.0/16"
- ]
- }
- remote-workers = {
- name = "ipg-remote-workers-vpn"
- cidr = [
- "10.200.0.0/16", "10.201.0.0/16", "10.202.0.0/16",
- "10.203.0.0/16", "10.204.0.0/16", "10.205.0.0/16",
- "10.206.0.0/16", "10.207.0.0/16", "10.208.0.0/16",
- "10.209.0.0/16"
- ]
- }
- }
-}
-```
-
-```hcl
-locals {
- collection_rule_groups = {
- default = {
- name = "EnhancedSecurityRuleCollectionGroup"
- priority = 200
- firewall_policy_id = module.fwpolicy.policy.parent.id
- network_rule_collections = {
- CorporateWebAccessRules = {
- priority = 100
- action = "Allow"
- rules = {
- allowHttpHttps = {
- name = "AllowHTTPandHTTPS"
- protocols = ["TCP"]
- destination_ports = ["80", "443"]
- source_ip_groups = [module.ip_groups.groups.internal-networks.id]
- destination_addresses = ["*"]
- }
- allowVpnAccess = {
- name = "AllowVPNAccess"
- protocols = ["UDP"]
- destination_ports = ["1194", "500", "4500"]
- source_ip_groups = [module.ip_groups.groups.remote-workers.id]
- destination_addresses = ["*"]
- }
- }
- }
- }
- }
- }
-}
-```
diff --git a/examples/ip-groups/ipgroups.tf b/examples/ip-groups/ipgroups.tf
deleted file mode 100644
index bcbf34d..0000000
--- a/examples/ip-groups/ipgroups.tf
+++ /dev/null
@@ -1,76 +0,0 @@
-locals {
- ip_groups = {
- internal-networks = {
- name = "ipg-internal-corporate-networks"
- cidr = [
- "10.1.0.0/16", "172.20.0.0/16", "192.168.1.0/24",
- "192.168.2.0/24", "192.168.5.0/24", "10.2.0.0/16",
- "10.3.0.0/16", "172.21.0.0/16", "172.22.0.0/16",
- "10.4.0.0/16"
- ]
- }
- remote-workers = {
- name = "ipg-remote-workers-vpn"
- cidr = [
- "10.200.0.0/16", "10.201.0.0/16", "10.202.0.0/16",
- "10.203.0.0/16", "10.204.0.0/16", "10.205.0.0/16",
- "10.206.0.0/16", "10.207.0.0/16", "10.208.0.0/16",
- "10.209.0.0/16"
- ]
- }
- email-server = {
- name = "ipg-corporate-email-server"
- cidr = [
- "192.168.100.10/32", "192.168.100.11/32"
- ]
- }
- tor-exit-nodes = {
- name = "ipg-denied-tor-exit-nodes"
- cidr = [
- "85.93.0.0/16", "93.115.95.0/24", "109.105.109.0/24",
- "109.163.234.0/24", "176.10.99.0/24", "192.42.116.0/24",
- "193.23.244.0/24", "193.90.12.0/24", "194.109.206.0/24",
- "195.154.168.0/24"
- ]
- }
- known-malicious = {
- name = "ipg-denied-known-malicious-ips"
- cidr = [
- "103.27.124.0/24", "103.76.180.0/24", "104.248.0.0/16",
- "108.62.0.0/15", "109.201.133.0/24", "109.236.91.0/24",
- "128.14.134.0/24", "149.56.0.0/16", "151.80.0.0/16",
- "176.31.0.0/16"
- ]
- }
- site-a = {
- name = "ipg-site-a-network"
- cidr = [
- "10.10.0.0/16"
- ]
- }
- site-b = {
- name = "ipg-site-b-network"
- cidr = [
- "10.20.0.0/16"
- ]
- }
- all-sites = {
- name = "ipg-all-sites-network"
- cidr = [
- "10.10.0.0/16", "10.20.0.0/16", "10.30.0.0/16"
- ]
- }
- backup-services = {
- name = "ipg-backup-services"
- cidr = [
- "172.28.30.0/24", "172.28.31.0/24"
- ]
- }
- rfc1918 = {
- name = "ipg-rfc1918-private-addresses"
- cidr = [
- "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
- ]
- }
- }
-}
diff --git a/examples/ip-groups/main.tf b/examples/ip-groups/main.tf
deleted file mode 100644
index 3f3a211..0000000
--- a/examples/ip-groups/main.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-module "naming" {
- source = "cloudnationhq/naming/azure"
- version = "~> 0.1"
-
- suffix = ["demo", "dev"]
-}
-
-module "rg" {
- source = "cloudnationhq/rg/azure"
- version = "~> 0.1"
-
- groups = {
- demo = {
- name = module.naming.resource_group.name
- region = "westeurope"
- }
- }
-}
-
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.1"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- vhubs = {
- westeurope = {
- name = module.naming.virtual_hub.name
- resourcegroup = module.rg.groups.demo.name
- location = "westeurope"
- address_prefix = "10.0.0.0/23"
- policy = {
- base_policy_id = module.fwpolicy.policy.parent.id
- }
- }
- }
- }
-}
-
-module "collection_rule_groups" {
- source = "cloudnationhq/vwan/azure//modules/collection-rule-groups"
- version = "~> 0.1"
-
- naming = local.naming
- groups = local.collection_rule_groups
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- depends_on = [module.vwan, module.ip_groups]
-}
-
-module "fwpolicy" {
- source = "cloudnationhq/vwan/azure//modules/firewall-policy"
- version = "~> 0.1"
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- policy = {
- parent = {
- name = "fwp-demo-dev-parent"
- }
- }
-}
-
-module "ip_groups" {
- source = "cloudnationhq/vwan/azure//modules/ip-groups"
- version = "~> 0.1"
-
- naming = local.naming
- ip_groups = local.ip_groups
- depends_on = [module.vwan]
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-}
diff --git a/examples/ip-groups/rules.tf b/examples/ip-groups/rules.tf
deleted file mode 100644
index ee4ec79..0000000
--- a/examples/ip-groups/rules.tf
+++ /dev/null
@@ -1,94 +0,0 @@
-locals {
- naming = {
- # lookup outputs to have consistent naming
- for type in local.naming_types : type => lookup(module.naming, type).name
- }
-
- naming_types = ["virtual_wan", "firewall", "firewall_policy", "ip_group"]
-}
-
-locals {
- collection_rule_groups = {
- default = {
- name = "EnhancedSecurityRuleCollectionGroup"
- priority = 200
- firewall_policy_id = module.fwpolicy.policy.parent.id
- network_rule_collections = {
- CorporateWebAccessRules = {
- priority = 100
- action = "Allow"
- rules = {
- allowHttpHttps = {
- name = "AllowHTTPandHTTPS"
- protocols = ["TCP"]
- destination_ports = ["80", "443"]
- source_ip_groups = [module.ip_groups.groups.internal-networks.id]
- destination_addresses = ["*"]
- }
- allowVpnAccess = {
- name = "AllowVPNAccess"
- protocols = ["UDP"]
- destination_ports = ["1194", "500", "4500"]
- source_ip_groups = [module.ip_groups.groups.remote-workers.id]
- destination_addresses = ["*"]
- }
- allowCorporateEmail = {
- name = "AllowCorporateEmail"
- protocols = ["TCP"]
- destination_ports = ["993", "587"]
- destination_ip_groups = [module.ip_groups.groups.email-server.id]
- source_addresses = ["*"]
- }
- allowRemoteDesktop = {
- name = "AllowRemoteDesktop"
- protocols = ["TCP"]
- destination_ports = ["3389"]
- source_ip_groups = [module.ip_groups.groups.remote-workers.id]
- destination_addresses = ["*"]
- }
- }
- }
- RestrictedAccessRules = {
- priority = 150
- action = "Deny"
- rules = {
- denyTorExitNodes = {
- name = "DenyTorExitNodes"
- protocols = ["Any"]
- destination_ports = ["*"]
- source_ip_groups = [module.ip_groups.groups.tor-exit-nodes.id]
- destination_addresses = ["*"]
- }
- denyKnownMalicious = {
- name = "DenyKnownMaliciousIPs"
- protocols = ["Any"]
- destination_ports = ["*"]
- source_ip_groups = [module.ip_groups.groups.known-malicious.id]
- destination_addresses = ["*"]
- }
- }
- }
- InterSiteTrafficRules = {
- priority = 250
- action = "Allow"
- rules = {
- allowSiteToSite = {
- name = "AllowSiteToSite"
- protocols = ["TCP", "UDP"]
- destination_ports = ["*"]
- source_ip_groups = [module.ip_groups.groups.site-a.id]
- destination_ip_groups = [module.ip_groups.groups.site-b.id]
- }
- allowBackupServices = {
- name = "AllowBackupServices"
- protocols = ["TCP"]
- destination_ports = ["443"]
- source_ip_groups = [module.ip_groups.groups.all-sites.id]
- destination_ip_groups = [module.ip_groups.groups.backup-services.id]
- }
- }
- }
- }
- }
- }
-}
diff --git a/examples/ip-groups/terraform.tf b/examples/ip-groups/terraform.tf
deleted file mode 100644
index 9867469..0000000
--- a/examples/ip-groups/terraform.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
-
-provider "azurerm" {
- features {}
-}
diff --git a/examples/policy-inheritance/README.md b/examples/policy-inheritance/README.md
deleted file mode 100644
index 5116ca2..0000000
--- a/examples/policy-inheritance/README.md
+++ /dev/null
@@ -1,90 +0,0 @@
-This example illustrates firewall policy inheritance using multiple secure vhubs in different regions.
-
-## Usage
-
-```hcl
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.11"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- vhubs = {
- northeurope = {
- name = module.naming.virtual_hub.name
- resourcegroup = module.rg.groups.demo.name
- location = "northeurope"
- address_prefix = "10.0.0.0/23"
- policy = {
- base_policy_id = module.fwp_inheritance.policy.base.id
- }
- }
- }
- }
-}
-```
-
-```hcl
-module "collection_rule_groups" {
- source = "cloudnationhq/vwan/azure//modules/collection-rule-groups"
- version = "~> 0.1"
-
- naming = local.naming
- groups = local.collection_rule_groups
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-}
-```
-
-```hcl
-module "fwp_inheritance" {
- source = "cloudnationhq/vwan/azure//modules/firewall-policy"
- version = "~> 0.1"
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- policy = {
- base = {
- name = "fwp-demo-dev-base"
- }
- }
-}
-```
-
-The local below is utilized to store config,
-
-```hcl
-locals {
- collection_rule_groups = {
- default = {
- priority = 50000
- firewall_policy_id = module.fwp_inheritance.policy.base.id
- network_rule_collections = [
- {
- key = "netw_rules"
- priority = 60000
- action = "Allow"
- rules = {
- rule1 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["10.1.0.0/16"]
- source_addresses = ["10.0.0.0/8"]
- }
- rule2 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["12.0.1.0/8"]
- source_addresses = ["12.0.0.0/8"]
- }
- }
- }
- ]
- }
- }
-}
-```
diff --git a/examples/policy-inheritance/locals.tf b/examples/policy-inheritance/locals.tf
deleted file mode 100644
index 1752d93..0000000
--- a/examples/policy-inheritance/locals.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-locals {
- naming = {
- # lookup outputs to have consistent naming
- for type in local.naming_types : type => lookup(module.naming, type).name
- }
-
- naming_types = ["virtual_wan", "firewall", "firewall_policy"]
-}
-
-locals {
- collection_rule_groups = {
- default = {
- priority = 1000
- firewall_policy_id = module.fwpolicy.policy.parent.id
- network_rule_collections = {
- netw_rules = {
- name = "netwrules"
- priority = 7000
- action = "Allow"
- rules = {
- rule1 = {
- protocols = ["TCP"]
- destination_ports = ["*"]
- destination_addresses = ["10.0.1.0/8"]
- source_addresses = ["10.0.0.0/8"]
- }
- }
- }
- }
- }
- }
-}
diff --git a/examples/policy-inheritance/main.tf b/examples/policy-inheritance/main.tf
deleted file mode 100644
index a43f115..0000000
--- a/examples/policy-inheritance/main.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-module "naming" {
- source = "cloudnationhq/naming/azure"
- version = "~> 0.1"
-
- suffix = ["demo", "dev"]
-}
-
-module "rg" {
- source = "cloudnationhq/rg/azure"
- version = "~> 0.1"
-
- groups = {
- demo = {
- name = module.naming.resource_group.name
- region = "westeurope"
- }
- }
-}
-
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.1"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- vhubs = {
- westeurope = {
- name = module.naming.virtual_hub.name
- resourcegroup = module.rg.groups.demo.name
- location = "westeurope"
- address_prefix = "10.0.0.0/23"
- policy = {
- base_policy_id = module.fwpolicy.policy.parent.id
- }
- }
- }
- }
-}
-
-module "collection_rule_groups" {
- source = "cloudnationhq/vwan/azure//modules/collection-rule-groups"
- version = "~> 0.1"
-
- naming = local.naming
- groups = local.collection_rule_groups
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-}
-
-module "fwpolicy" {
- source = "cloudnationhq/vwan/azure//modules/firewall-policy"
- version = "~> 0.1"
-
- resourcegroup = module.rg.groups.demo.name
- location = module.rg.groups.demo.location
-
- policy = {
- parent = {
- name = "fwp-demo-dev-parent"
- }
- }
-}
diff --git a/examples/policy-inheritance/terraform.tf b/examples/policy-inheritance/terraform.tf
deleted file mode 100644
index 9867469..0000000
--- a/examples/policy-inheritance/terraform.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
-
-provider "azurerm" {
- features {}
-}
diff --git a/examples/secure-vhubs/README.md b/examples/secure-vhubs/README.md
index ee6bb2f..b125e5e 100644
--- a/examples/secure-vhubs/README.md
+++ b/examples/secure-vhubs/README.md
@@ -1,52 +1,19 @@
-This example illustrates configuring multiple secure virtual hubs with their associated policy.
+# Secure Vhubs
-## Usage
+This deploys secure vhubs within a virtual wan.
-```hcl
-module "vwan" {
- source = "cloudnationhq/vwan/azure"
- version = "~> 0.11"
-
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
-
- vwan = {
- allow_branch_to_branch_traffic = true
- disable_vpn_encryption = false
-
- vhubs = local.vhubs
- }
-}
-```
-
-The local below is utilized to store config,
+## Types
```hcl
-locals {
- vhubs = {
- northeurope = {
- resourcegroup = module.rg.groups.demo.name
- location = "northeurope"
- address_prefix = "10.0.0.0/23"
- firewall_tier = "Premium"
- policy = {
- location = "northeurope"
- dns = {
- proxy_enabled = true
- servers = ["7.7.7.7", "8.8.8.8"]
- }
- }
- }
- southcentralus = {
- resourcegroup = module.rg.groups.demo.name
- location = "southcentralus"
- address_prefix = "11.0.0.0/23"
- firewall_tier = "Premium"
- policy = {
- location = "northeurope"
- }
- }
- }
-}
+vwan = object({
+ name = string
+ allow_branch_to_branch_traffic = optional(bool)
+ disable_vpn_encryption = optional(bool)
+ vhubs = map(object({
+ resource_group = string
+ location = string
+ address_prefix = optional(string)
+ sku = optional(string)
+ }))
+})
```
diff --git a/examples/secure-vhubs/firewalls.tf b/examples/secure-vhubs/firewalls.tf
new file mode 100644
index 0000000..759c8d8
--- /dev/null
+++ b/examples/secure-vhubs/firewalls.tf
@@ -0,0 +1,22 @@
+locals {
+ firewalls = {
+ weu = {
+ name = "fw-demo-dev-weu"
+ location = "westeurope"
+ sku_name = "AZFW_Hub"
+ sku_tier = "Standard"
+ virtual_hub = {
+ virtual_hub_id = module.vwan.vhubs.weu.id
+ }
+ }
+ eus = {
+ name = "fw-demo-dev-eus"
+ location = "eastus"
+ sku_name = "AZFW_Hub"
+ sku_tier = "Standard"
+ virtual_hub = {
+ virtual_hub_id = module.vwan.vhubs.eus.id
+ }
+ }
+ }
+}
diff --git a/examples/secure-vhubs/locals.tf b/examples/secure-vhubs/locals.tf
deleted file mode 100644
index a5ddd31..0000000
--- a/examples/secure-vhubs/locals.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-locals {
- naming = {
- # lookup outputs to have consistent naming
- for type in local.naming_types : type => lookup(module.naming, type).name
- }
-
- naming_types = ["virtual_wan", "firewall", "firewall_policy", "virtual_hub"]
-}
-
-locals {
- vhubs = {
- northeurope = {
- resourcegroup = module.rg.groups.demo.name
- location = "northeurope"
- address_prefix = "10.0.0.0/23"
- firewall_tier = "Premium"
- policy = {
- location = "northeurope"
- dns = {
- proxy_enabled = true
- servers = ["7.7.7.7", "8.8.8.8"]
- }
- }
- }
- southcentralus = {
- resourcegroup = module.rg.groups.demo.name
- location = "southcentralus"
- address_prefix = "11.0.0.0/23"
- firewall_tier = "Premium"
- policy = {
- location = "northeurope"
- }
- }
- }
-}
diff --git a/examples/secure-vhubs/main.tf b/examples/secure-vhubs/main.tf
index 7debedd..70b4aa7 100644
--- a/examples/secure-vhubs/main.tf
+++ b/examples/secure-vhubs/main.tf
@@ -7,28 +7,38 @@ module "naming" {
module "rg" {
source = "cloudnationhq/rg/azure"
- version = "~> 0.1"
+ version = "~> 1.0"
groups = {
demo = {
- name = module.naming.resource_group.name
- region = "northeurope"
+ name = module.naming.resource_group.name_unique
+ location = "westeurope"
}
}
}
module "vwan" {
source = "cloudnationhq/vwan/azure"
- version = "~> 0.1"
+ version = "~> 1.0"
- naming = local.naming
- location = module.rg.groups.demo.location
- resourcegroup = module.rg.groups.demo.name
+ naming = local.naming
+ location = module.rg.groups.demo.location
+ resource_group = module.rg.groups.demo.name
vwan = {
+ name = module.naming.virtual_wan.name
+ vhubs = local.vhubs
allow_branch_to_branch_traffic = true
disable_vpn_encryption = false
-
- vhubs = local.vhubs
}
}
+
+module "firewall" {
+ source = "cloudnationhq/fw/azure"
+ version = "~> 1.0"
+
+ resource_group = module.rg.groups.demo.name
+ for_each = local.firewalls
+
+ instance = each.value
+}
diff --git a/examples/default/locals.tf b/examples/secure-vhubs/naming.tf
similarity index 82%
rename from examples/default/locals.tf
rename to examples/secure-vhubs/naming.tf
index e3a31d2..249ad30 100644
--- a/examples/default/locals.tf
+++ b/examples/secure-vhubs/naming.tf
@@ -4,5 +4,5 @@ locals {
for type in local.naming_types : type => lookup(module.naming, type).name
}
- naming_types = ["virtual_wan"]
+ naming_types = ["virtual_hub"]
}
diff --git a/examples/secure-vhubs/vhubs.tf b/examples/secure-vhubs/vhubs.tf
new file mode 100644
index 0000000..ba40e53
--- /dev/null
+++ b/examples/secure-vhubs/vhubs.tf
@@ -0,0 +1,12 @@
+locals {
+ vhubs = {
+ weu = {
+ location = "westeurope"
+ address_prefix = "10.0.0.0/23"
+ }
+ eus = {
+ location = "eastus"
+ address_prefix = "10.1.0.0/23"
+ }
+ }
+}
diff --git a/locals.tf b/locals.tf
deleted file mode 100644
index 1743b9c..0000000
--- a/locals.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-locals {
- firewalls = {
- for fw_key, fw in var.vwan.vhubs : fw_key => {
-
- name = try(fw.firewall_name, join("-", [var.naming.firewall, fw_key]))
- location = try(fw.location, var.location)
- resourcegroup = try(fw.resourcegroup, var.resourcegroup)
- tier = try(fw.firewall_tier, "Standard")
- sku = try(fw.firewall_sku, "AZFW_Hub")
- tags = try(fw.tags, {})
- public_ip_count = try(fw.firewall_public_ip_count, 1)
- associate_policy = try(fw.associate_policy, true)
- }
- }
-}
-
-locals {
- vhubs = {
- for vh_key, vh in var.vwan.vhubs : vh_key => {
-
- name = try(vh.name, join("-", [var.naming.virtual_hub, vh_key]))
- location = try(vh.location, var.location)
- resourcegroup = try(vh.resourcegroup, var.resourcegroup)
- address_prefix = vh.address_prefix
- sku = try(vh.sku, "Standard")
- hub_routing_preference = try(vh.hub_routing_preference, "ExpressRoute")
- tags = try(vh.tags, {})
- }
- }
-}
-
-locals {
- firewall_policies = {
- for fwp_key, fwp in var.vwan.vhubs : fwp_key => {
-
- name = try(fwp.policy.name, join("-", [var.naming.firewall_policy, fwp_key]))
- base_policy_id = try(fwp.policy.base_policy_id, null)
- location = try(fwp.policy.location, var.location)
- resourcegroup = try(fwp.resourcegroup, var.resourcegroup)
- dns = try(fwp.policy.dns, null)
- intrusion_detection = try(fwp.policy.intrusion_detection, null)
- tags = try(fwp.tags, {})
- private_ip_ranges = try(fwp.policy.private_ip_ranges, null)
- sku = try(fwp.policy.sku, "Standard")
- sql_redirect_allowed = try(fwp.policy.sql_redirect_allowed, null)
- threat_intelligence_mode = try(fwp.policy.threat_intelligence_mode, "Alert")
- auto_learn_private_ranges_enabled = try(fwp.policy.auto_learn_private_ranges_enabled, null)
- }
- }
-}
diff --git a/main.tf b/main.tf
index 10c0986..f5b7645 100644
--- a/main.tf
+++ b/main.tf
@@ -1,104 +1,27 @@
# virtual wan
resource "azurerm_virtual_wan" "vwan" {
- name = try(var.vwan.name, var.naming.virtual_wan)
- location = var.location
- resource_group_name = var.resourcegroup
- allow_branch_to_branch_traffic = try(var.vwan.allow_branch_to_branch_traffic, true)
- disable_vpn_encryption = try(var.vwan.disable_vpn_encryption, false)
- type = try(var.vwan.type, "Standard")
- tags = try(var.vwan.tags, {})
-
+ name = var.vwan.name
+ resource_group_name = coalesce(lookup(var.vwan, "resource_group", null), var.resource_group)
+ location = coalesce(lookup(var.vwan, "location", null), var.location)
+ allow_branch_to_branch_traffic = try(var.vwan.allow_branch_to_branch_traffic, true)
+ disable_vpn_encryption = try(var.vwan.disable_vpn_encryption, false)
+ type = try(var.vwan.type, "Standard")
office365_local_breakout_category = try(var.vwan.office365_local_breakout_category, "None")
+ tags = try(var.vwan.tags, {})
}
# vhubs
resource "azurerm_virtual_hub" "vhub" {
- for_each = local.vhubs
+ for_each = lookup(
+ var.vwan, "vhubs", {}
+ )
- name = each.value.name
- location = each.value.location
- resource_group_name = each.value.resourcegroup
+ name = try(each.value.name, join("-", [var.naming.virtual_hub, each.key]))
+ resource_group_name = coalesce(lookup(var.vwan, "resource_group", null), var.resource_group)
+ location = coalesce(lookup(var.vwan, "location", null), var.location)
address_prefix = each.value.address_prefix
virtual_wan_id = azurerm_virtual_wan.vwan.id
- sku = each.value.sku
- hub_routing_preference = each.value.hub_routing_preference
- tags = each.value.tags
-}
-
-# firewalls
-resource "azurerm_firewall" "fw" {
- for_each = {
- for fw_key, fw in local.firewalls : fw_key => fw
- }
-
- name = each.value.name
- location = each.value.location
- resource_group_name = each.value.resourcegroup
- sku_tier = each.value.tier
- sku_name = each.value.sku
- tags = each.value.tags
- firewall_policy_id = each.value.associate_policy ? azurerm_firewall_policy.fwp[each.key].id : null
-
- virtual_hub {
- virtual_hub_id = azurerm_virtual_hub.vhub[each.key].id
- public_ip_count = each.value.public_ip_count
- }
-}
-
-# firewall Policies
-resource "azurerm_firewall_policy" "fwp" {
- for_each = {
- for fwp_key, fwp in local.firewall_policies : fwp_key => fwp
- }
-
- name = each.value.name
- location = each.value.location
- resource_group_name = each.value.resourcegroup
- tags = each.value.tags
- base_policy_id = each.value.base_policy_id
- private_ip_ranges = each.value.private_ip_ranges
- sku = each.value.sku
- sql_redirect_allowed = each.value.sql_redirect_allowed
- threat_intelligence_mode = each.value.threat_intelligence_mode
- auto_learn_private_ranges_enabled = each.value.auto_learn_private_ranges_enabled
-
- dynamic "dns" {
- for_each = each.value.dns != null ? [each.value.dns] : []
-
- content {
- proxy_enabled = try(dns.value.proxy_enabled, false)
- servers = try(dns.value.servers, [])
- }
- }
-
- dynamic "intrusion_detection" {
- for_each = lookup(each.value, "intrusion_detection", null) != null ? [each.value.intrusion_detection] : []
-
- content {
- mode = intrusion_detection.value.mode
-
- dynamic "traffic_bypass" {
- for_each = lookup(intrusion_detection.value, "traffic_bypass", {})
-
- content {
- name = traffic_bypass.key
- protocol = traffic_bypass.value.protocol
- description = lookup(traffic_bypass.value, "description", null)
- destination_addresses = lookup(traffic_bypass.value, "destination_addresses", [])
- destination_ip_groups = lookup(traffic_bypass.value, "destination_ip_groups", [])
- destination_ports = lookup(traffic_bypass.value, "destination_ports", [])
- source_addresses = lookup(traffic_bypass.value, "source_addresses", [])
- source_ip_groups = lookup(traffic_bypass.value, "source_ip_groups", [])
- }
- }
- dynamic "signature_overrides" {
- for_each = lookup(intrusion_detection.value, "signature_overrides", {})
-
- content {
- id = signature_overrides.value.id
- state = signature_overrides.value.state
- }
- }
- }
- }
+ sku = try(each.value.sku, "Standard")
+ hub_routing_preference = try(each.value.hub_routing_preference, "ExpressRoute")
+ tags = try(each.value.tags, {})
}
diff --git a/modules/collection-rule-groups/README.md b/modules/collection-rule-groups/README.md
deleted file mode 100644
index 066cac2..0000000
--- a/modules/collection-rule-groups/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# Collection Rule Groups
-
-This submodule illustrates how to manage collection groups through the use of IP groups within secure virtual hubs.
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | ~> 1.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.61 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.61 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_firewall_policy_rule_collection_group.group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group) | resource |
-| [azurerm_ip_group.ipgroup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group) | resource |
-| [azurerm_ip_group_cidr.ipcidr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group_cidr) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [groups](#input\_groups) | contains all firewall policy rule collection groups config | `any` | n/a | yes |
-| [ip\_groups](#input\_ip\_groups) | describes all ip groups | `map(any)` | `{}` | no |
-| [location](#input\_location) | contains the region | `string` | `null` | no |
-| [naming](#input\_naming) | contains naming convention | `map(string)` | `null` | no |
-| [resourcegroup](#input\_resourcegroup) | contains the resourcegroup name | `string` | `null` | no |
diff --git a/modules/collection-rule-groups/main.tf b/modules/collection-rule-groups/main.tf
deleted file mode 100644
index a4a5894..0000000
--- a/modules/collection-rule-groups/main.tf
+++ /dev/null
@@ -1,98 +0,0 @@
-# collection groups
-resource "azurerm_firewall_policy_rule_collection_group" "group" {
- for_each = var.groups
-
- name = try(each.value.name, format("fwrcg-%s", each.key))
- firewall_policy_id = try(var.groups[each.key].firewall_policy_id, null)
- priority = each.value.priority
-
- dynamic "network_rule_collection" {
- for_each = contains(keys(each.value), "network_rule_collections") ? each.value.network_rule_collections : tomap({})
-
- content {
- name = try(network_rule_collection.name, network_rule_collection.key)
- priority = network_rule_collection.value.priority
- action = network_rule_collection.value.action
-
- dynamic "rule" {
- for_each = network_rule_collection.value.rules
-
- content {
- name = try(rule.value.name, rule.key)
- description = try(rule.value.description, null)
- protocols = rule.value.protocols
- destination_ports = rule.value.destination_ports
- destination_addresses = try(rule.value.destination_addresses, [])
- destination_fqdns = try(rule.value.destination_fqdns, [])
- source_addresses = try(rule.value.source_addresses, [])
- source_ip_groups = try(rule.value.source_ip_groups, [])
- destination_ip_groups = try(rule.value.destination_ip_groups, [])
- }
- }
- }
- }
-
- dynamic "application_rule_collection" {
- for_each = contains(keys(each.value), "application_rule_collections") ? each.value.application_rule_collections : tomap({})
-
- content {
- name = try(application_rule_collection.name, application_rule_collection.key)
- priority = application_rule_collection.value.priority
- action = application_rule_collection.value.action
-
- dynamic "rule" {
- for_each = application_rule_collection.value.rules
-
-
- content {
- name = try(rule.value.name, rule.key)
- description = try(rule.value.description, null)
- source_addresses = try(rule.value.source_addresses, null)
- source_ip_groups = try(rule.value.source_ip_groups, null)
- destination_addresses = try(rule.value.destination_addresses, null)
- destination_urls = try(rule.value.destination_urls, null)
- destination_fqdns = try(rule.value.destination_fqdns, null)
- destination_fqdn_tags = try(rule.value.destination_fqdn_tags, null)
- terminate_tls = try(rule.value.terminate_tls, null)
- web_categories = try(rule.value.web_categories, null)
-
- dynamic "protocols" {
- for_each = rule.value.protocols
-
- content {
- type = protocols.value.type
- port = protocols.value.port
- }
- }
- }
- }
- }
- }
-
- dynamic "nat_rule_collection" {
- for_each = contains(keys(each.value), "nat_rule_collections") ? each.value.nat_rule_collections : tomap({})
-
- content {
- name = try(nat_rule_collection.name, nat_rule_collection.key)
- priority = nat_rule_collection.value.priority
- action = nat_rule_collection.value.action
-
- dynamic "rule" {
- for_each = nat_rule_collection.value.rules
-
- content {
- name = try(rule.value.name, rule.key)
- description = try(rule.value.description, null)
- protocols = rule.value.protocols
- source_addresses = try(rule.value.source_addresses, null)
- source_ip_groups = try(rule.value.source_ip_groups, null)
- destination_address = try(rule.value.destination_address, null)
- destination_ports = try(rule.value.destination_ports, null)
- translated_address = try(rule.value.translated_address, null)
- translated_fqdn = try(rule.value.translated_fqdn, null)
- translated_port = try(rule.value.translated_port, null)
- }
- }
- }
- }
-}
diff --git a/modules/collection-rule-groups/terraform.tf b/modules/collection-rule-groups/terraform.tf
deleted file mode 100644
index 6c1c905..0000000
--- a/modules/collection-rule-groups/terraform.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
diff --git a/modules/collection-rule-groups/variables.tf b/modules/collection-rule-groups/variables.tf
deleted file mode 100644
index 8251dff..0000000
--- a/modules/collection-rule-groups/variables.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-variable "groups" {
- description = "contains all firewall policy rule collection groups config"
- type = any
-}
-
-variable "location" {
- description = "contains the region"
- type = string
- default = null
-}
-
-variable "resourcegroup" {
- description = "contains the resourcegroup name"
- type = string
- default = null
-}
-
-variable "naming" {
- description = "contains naming convention"
- type = map(string)
- default = null
-}
diff --git a/modules/firewall-policy/README.md b/modules/firewall-policy/README.md
deleted file mode 100644
index ca0606f..0000000
--- a/modules/firewall-policy/README.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Firewall Policy
-
-This submodule focuses on the effective management of firewall policies.
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | ~> 1.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.61 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.61 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_firewall_policy.policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [location](#input\_location) | contains the region | `string` | `null` | no |
-| [policy](#input\_policy) | contains firewall policy configuration | `any` | n/a | yes |
-| [resourcegroup](#input\_resourcegroup) | contains the resourcegroup name | `string` | `null` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [policy](#output\_policy) | contains all firewall policy configuration |
diff --git a/modules/firewall-policy/main.tf b/modules/firewall-policy/main.tf
deleted file mode 100644
index 07bd25e..0000000
--- a/modules/firewall-policy/main.tf
+++ /dev/null
@@ -1,64 +0,0 @@
-# firewall policy
-resource "azurerm_firewall_policy" "policy" {
- for_each = try(var.policy, {})
-
- name = try(each.value.name, join("-", [var.naming.firewall_policy, each.key]))
- location = var.location
- resource_group_name = var.resourcegroup
- tags = try(each.value.tags, {})
- private_ip_ranges = try(each.value.private_ip_ranges, null)
- sku = try(each.value.sku, "Standard")
- sql_redirect_allowed = try(each.value.sql_redirect_allowed, null)
- threat_intelligence_mode = try(each.value.threat_intelligence_mode, "Alert")
- auto_learn_private_ranges_enabled = try(each.value.auto_learn_private_ranges_enabled, null)
-
- dynamic "dns" {
- for_each = lookup(each.value, "dns", null) != null ? [each.value.dns] : []
-
- content {
- proxy_enabled = try(dns.value.proxy_enabled, false)
- servers = try(dns.value.servers, [])
- }
- }
-
- dynamic "intrusion_detection" {
- for_each = lookup(each.value, "intrusion_detection", null) != null ? [each.value.intrusion_detection] : []
-
- content {
- mode = intrusion_detection.value.mode
-
- dynamic "traffic_bypass" {
- for_each = lookup(intrusion_detection.value, "traffic_bypass", {})
-
- content {
- name = traffic_bypass.key
- protocol = traffic_bypass.value.protocol
- description = lookup(traffic_bypass.value, "description", null)
- destination_addresses = lookup(traffic_bypass.value, "destination_addresses", [])
- destination_ip_groups = lookup(traffic_bypass.value, "destination_ip_groups", [])
- destination_ports = lookup(traffic_bypass.value, "destination_ports", [])
- source_addresses = lookup(traffic_bypass.value, "source_addresses", [])
- source_ip_groups = lookup(traffic_bypass.value, "source_ip_groups", [])
- }
- }
-
- dynamic "signature_overrides" {
- for_each = lookup(intrusion_detection.value, "signature_overrides", {})
-
- content {
- id = signature_overrides.value.id
- state = signature_overrides.value.state
- }
- }
-
- }
- }
-
- dynamic "threat_intelligence_allowlist" {
- for_each = try(each.value.threat_intelligence_allowlist != null ? [1] : [], [])
- content {
- fqdns = try(each.value.threat_intelligence_allowlist.fqdns, [])
- ip_addresses = try(each.value.threat_intelligence_allowlist.ip_addresses, [])
- }
- }
-}
diff --git a/modules/firewall-policy/outputs.tf b/modules/firewall-policy/outputs.tf
deleted file mode 100644
index fdf984b..0000000
--- a/modules/firewall-policy/outputs.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-output "policy" {
- description = "contains all firewall policy configuration"
- value = {
- for k, policy in azurerm_firewall_policy.policy : k => policy
- }
-}
diff --git a/modules/firewall-policy/terraform.tf b/modules/firewall-policy/terraform.tf
deleted file mode 100644
index 6c1c905..0000000
--- a/modules/firewall-policy/terraform.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
diff --git a/modules/firewall-policy/variables.tf b/modules/firewall-policy/variables.tf
deleted file mode 100644
index 36ec360..0000000
--- a/modules/firewall-policy/variables.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-variable "location" {
- description = "contains the region"
- type = string
- default = null
-}
-
-variable "resourcegroup" {
- description = "contains the resourcegroup name"
- type = string
- default = null
-}
-
-variable "policy" {
- description = "contains firewall policy configuration"
- type = any
-}
-
-variable "naming" {
- description = "contains naming convention"
- type = map(string)
- default = null
-}
diff --git a/modules/ip-groups/README.md b/modules/ip-groups/README.md
deleted file mode 100644
index 50a1820..0000000
--- a/modules/ip-groups/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Ip Groups
-
-This submodule focuses on the effective management of ip groups.
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | ~> 1.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.61 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.61 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_ip_group.ipgroup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group) | resource |
-| [azurerm_ip_group_cidr.ipcidr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group_cidr) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [ip\_groups](#input\_ip\_groups) | describes all ip groups | `map(any)` | `{}` | no |
-| [location](#input\_location) | contains the region | `string` | `null` | no |
-| [naming](#input\_naming) | contains naming convention | `map(string)` | `null` | no |
-| [resourcegroup](#input\_resourcegroup) | contains the resourcegroup name | `string` | `null` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [groups](#output\_groups) | contains all ip groups configuration |
diff --git a/modules/ip-groups/locals.tf b/modules/ip-groups/locals.tf
deleted file mode 100644
index 9d01576..0000000
--- a/modules/ip-groups/locals.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-locals {
- flattened_ip_groups = merge([
- for group_name, group_values in try(var.ip_groups, {}) : {
- for cidr in group_values.cidr : "${group_name}-${cidr}" => {
- group = group_name
- cidr = cidr
- }
- }
- ]...)
-}
diff --git a/modules/ip-groups/main.tf b/modules/ip-groups/main.tf
deleted file mode 100644
index ceed7c9..0000000
--- a/modules/ip-groups/main.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-# ip groups
-resource "azurerm_ip_group" "ipgroup" {
- for_each = try(var.ip_groups, {})
-
- name = try(each.value.name, join("-", [var.naming.ip_group, each.key]))
- location = var.location
- resource_group_name = var.resourcegroup
- tags = try(each.value.tags, {})
-
- lifecycle {
- ignore_changes = [cidrs]
- }
-}
-
-# ip group cidrs
-resource "azurerm_ip_group_cidr" "ipcidr" {
- for_each = local.flattened_ip_groups
-
- ip_group_id = azurerm_ip_group.ipgroup[each.value.group].id
- cidr = each.value.cidr
-}
diff --git a/modules/ip-groups/outputs.tf b/modules/ip-groups/outputs.tf
deleted file mode 100644
index 4ac60a8..0000000
--- a/modules/ip-groups/outputs.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-output "groups" {
- description = "contains all ip groups configuration"
- value = {
- for k, ipgroup in azurerm_ip_group.ipgroup : k => ipgroup
- }
-}
diff --git a/modules/ip-groups/terraform.tf b/modules/ip-groups/terraform.tf
deleted file mode 100644
index 6c1c905..0000000
--- a/modules/ip-groups/terraform.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
- required_version = "~> 1.0"
-
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~> 3.61"
- }
- }
-}
diff --git a/modules/ip-groups/variables.tf b/modules/ip-groups/variables.tf
deleted file mode 100644
index 3edb24c..0000000
--- a/modules/ip-groups/variables.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-variable "ip_groups" {
- description = "describes all ip groups"
- type = map(any)
- default = {}
-}
-
-variable "location" {
- description = "contains the region"
- type = string
- default = null
-}
-
-variable "resourcegroup" {
- description = "contains the resourcegroup name"
- type = string
- default = null
-}
-
-variable "naming" {
- description = "contains naming convention"
- type = map(string)
- default = null
-}
diff --git a/outputs.tf b/outputs.tf
index 1966692..36e026e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,31 +1,9 @@
-output "policy" {
- description = "contains firewall policy configuration"
- value = {
- for k, policy in azurerm_firewall_policy.fwp : k => policy
- }
-}
-
-output "firewall_public_ip_addresses" {
- description = "list of public ip addresses associated with the firewall"
- value = {
- public_ip_addresses = [
- for key, fw in azurerm_firewall.fw :
- fw.virtual_hub[0].public_ip_addresses[0]
- ]
- }
-}
-
-output "firewall" {
- description = "contains firewall configuration"
- value = azurerm_firewall.fw
+output "vwan" {
+ description = "contains virtual wan configuration"
+ value = azurerm_virtual_wan.vwan
}
-output "vhub" {
+output "vhubs" {
description = "contains virtual hub configuration"
value = azurerm_virtual_hub.vhub
}
-
-output "vwan" {
- description = "contains virtual wan configuration"
- value = azurerm_virtual_wan.vwan
-}
diff --git a/tests/go.mod b/tests/go.mod
index 0293fdb..3627adf 100644
--- a/tests/go.mod
+++ b/tests/go.mod
@@ -1,8 +1,8 @@
module github.com/cloudnationhq/terraform-azure-vwan
-go 1.20
+go 1.23.1
-require github.com/gruntwork-io/terratest v0.47.0
+require github.com/gruntwork-io/terratest v0.47.1
require (
cloud.google.com/go v0.110.0 // indirect
@@ -23,7 +23,7 @@ require (
github.com/googleapis/gax-go/v2 v2.7.1 // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
- github.com/hashicorp/go-getter v1.7.5 // indirect
+ github.com/hashicorp/go-getter v1.7.6 // indirect
github.com/hashicorp/go-multierror v1.1.0 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
diff --git a/tests/go.sum b/tests/go.sum
index 8117435..e5dd8d4 100644
--- a/tests/go.sum
+++ b/tests/go.sum
@@ -116,6 +116,7 @@ cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQn
cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8=
cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08=
cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo=
cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4=
cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w=
cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE=
@@ -300,6 +301,7 @@ github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG
github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
+github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -336,14 +338,14 @@ github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6c
github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/gruntwork-io/terratest v0.47.0 h1:xIy1pT7NbGVlMLDZEHl3+3iSnvffh8tN2pL6idn448c=
-github.com/gruntwork-io/terratest v0.47.0/go.mod h1:oywHw1cFKXSYvKPm27U7quZVzDUlA22H2xUrKCe26xM=
+github.com/gruntwork-io/terratest v0.47.1 h1:qOaxnL7Su5+KpDHYUN/ek1jn8ImvCKtOkaY4OSMS4tI=
+github.com/gruntwork-io/terratest v0.47.1/go.mod h1:LnYX8BN5WxUMpDr8rtD39oToSL4CBERWSCusbJ0d/64=
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-getter v1.7.5 h1:dT58k9hQ/vbxNMwoI5+xFYAJuv6152UNvdHokfI5wE4=
-github.com/hashicorp/go-getter v1.7.5/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.6 h1:5jHuM+aH373XNtXl9TNTUH5Qd69Trve11tHIrB+6yj4=
+github.com/hashicorp/go-getter v1.7.6/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
@@ -653,6 +655,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -954,6 +957,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/tests/shared/shared.go b/tests/shared/shared.go
deleted file mode 100644
index 4a038e7..0000000
--- a/tests/shared/shared.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package shared
-
-import (
- "os"
- "path/filepath"
- "testing"
-
- "github.com/gruntwork-io/terratest/modules/terraform"
-)
-
-var filesToCleanup = []string{
- "*.terraform*",
- "*tfstate*",
-}
-
-type TestCase struct {
- Name string
- Path string
-}
-
-func GetTerraformOptions(terraformDir string) *terraform.Options {
- return &terraform.Options{
- TerraformDir: terraformDir,
- NoColor: true,
- Parallelism: 20,
- }
-}
-
-func Cleanup(t *testing.T, tfOpts *terraform.Options) {
- terraform.Destroy(t, tfOpts)
- CleanupFiles(t, tfOpts.TerraformDir)
-}
-
-func CleanupFiles(t *testing.T, dir string) {
- for _, pattern := range filesToCleanup {
- matches, err := filepath.Glob(filepath.Join(dir, pattern))
- if err != nil {
- t.Logf("Error: %v", err)
- continue
- }
- for _, filePath := range matches {
- if err := os.RemoveAll(filePath); err != nil {
- t.Logf("Failed to remove %s: %v\n", filePath, err)
- } else {
- t.Logf("Successfully removed %s\n", filePath)
- }
- }
- }
-}
diff --git a/tests/virtualwan_test.go b/tests/virtualwan_test.go
deleted file mode 100644
index c221e68..0000000
--- a/tests/virtualwan_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package main
-
-import (
- "os"
- "testing"
-
- "github.com/cloudnationhq/terraform-azure-vwan/shared"
- "github.com/gruntwork-io/terratest/modules/terraform"
-)
-
-func TestApplyNoError(t *testing.T) {
- t.Parallel()
-
- tests := []shared.TestCase{
- {Name: os.Getenv("TF_PATH"), Path: "../examples/" + os.Getenv("TF_PATH")},
- }
-
- for _, test := range tests {
- t.Run(test.Name, func(t *testing.T) {
- terraformOptions := shared.GetTerraformOptions(test.Path)
-
- terraform.WithDefaultRetryableErrors(t, &terraform.Options{})
-
- defer shared.Cleanup(t, terraformOptions)
- terraform.InitAndApply(t, terraformOptions)
- })
- }
-}
diff --git a/tests/vwan_test.go b/tests/vwan_test.go
new file mode 100644
index 0000000..8a4d914
--- /dev/null
+++ b/tests/vwan_test.go
@@ -0,0 +1,72 @@
+package main
+
+import (
+ "os"
+ "path/filepath"
+ "testing"
+
+ "github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+type TerraformModule struct {
+ Name string
+ Path string
+ Options *terraform.Options
+}
+
+func NewTerraformModule(name, path string) *TerraformModule {
+ return &TerraformModule{
+ Name: name,
+ Path: path,
+ Options: &terraform.Options{
+ TerraformDir: path,
+ NoColor: true,
+ },
+ }
+}
+
+func (m *TerraformModule) Apply(t *testing.T) {
+ t.Logf("Applying Terraform module: %s", m.Name)
+ terraform.WithDefaultRetryableErrors(t, m.Options)
+ terraform.InitAndApply(t, m.Options)
+}
+
+func (m *TerraformModule) Destroy(t *testing.T) {
+ t.Logf("Destroying Terraform module: %s", m.Name)
+ terraform.Destroy(t, m.Options)
+ m.cleanupFiles(t)
+}
+
+func (m *TerraformModule) cleanupFiles(t *testing.T) {
+ t.Logf("Cleaning up in: %s", m.Options.TerraformDir)
+ filesToCleanup := []string{"*.terraform*", "*tfstate*"}
+ for _, pattern := range filesToCleanup {
+ matches, err := filepath.Glob(filepath.Join(m.Options.TerraformDir, pattern))
+ if err != nil {
+ t.Errorf("Error matching pattern %s: %v", pattern, err)
+ continue
+ }
+ for _, filePath := range matches {
+ if err := os.RemoveAll(filePath); err != nil {
+ t.Errorf("Failed to remove %s: %v", filePath, err)
+ }
+ }
+ }
+}
+
+func TestApplyNoError(t *testing.T) {
+ t.Parallel()
+
+ example := os.Getenv("EXAMPLE")
+ if example == "" {
+ t.Fatal("EXAMPLE environment variable is not set")
+ }
+
+ modulePath := filepath.Join("..", "examples", example)
+ module := NewTerraformModule(example, modulePath)
+
+ t.Run(module.Name, func(t *testing.T) {
+ defer module.Destroy(t)
+ module.Apply(t)
+ })
+}
diff --git a/variables.tf b/variables.tf
index 9bd65bd..108064c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -15,7 +15,7 @@ variable "location" {
default = null
}
-variable "resourcegroup" {
+variable "resource_group" {
description = "default resource group and can be used if resourcegroup is not specified inside the object."
type = string
default = null