Add VPN Server Configuration module (#50)

modules/vpn-server-configuration/CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

modules/vpn-server-configuration/README.md

@@ -0,0 +1,32 @@
+# VPN Server Configuration
+
+This module creates a [VPN Server Configuration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_server_configuration)
+
+## Usage
+
+```hcl
+module "vpn_server_configuration" {
+  source = "https://github.com/gofrontier-com/azurerm-terraform-modules/releases/download/vpn-server-configuration/[VERSION]/module.tar.gz//src"
+
+  environment         = "con"
+  identifier          = "aad"
+  location            = "uksouth"
+  resource_group_name = module.resource_group.name
+  zone                = "pla"
+
+  vpn_authentication_types = ["AAD"]
+  vpn_protocols            = ["OpenVPN"]
+
+  tags = {
+    WorkloadType = "PlatformLZ/virtual-wan"
+  }
+}
+```
+
+## Known issues
+
+_None._
+
+## Contributing
+
+See <https://github.com/gofrontier-com/azurerm-terraform-modules/blob/main/README.rst#contributing>.

modules/vpn-server-configuration/VERSION

@@ -0,0 +1 @@
+1.0

modules/vpn-server-configuration/src/data.tf

@@ -0,0 +1,6 @@
+data "azurerm_client_config" "main" {}
+
+# See https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant#authorize-the-azure-vpn-application
+data "azuread_service_principal" "azure_vpn" {
+  display_name = "Azure VPN"
+}

modules/vpn-server-configuration/src/locals.tf

@@ -0,0 +1,14 @@
+locals {
+  identifier = replace(lower(var.identifier), "/[^a-z1-9]/", "")
+
+  short_locations = {
+    "uksouth" = "uks"
+    "ukwest"  = "ukw"
+  }
+
+  tags = {
+    Environment = var.environment
+    Location    = var.location
+    Zone        = var.zone
+  }
+}

modules/vpn-server-configuration/src/main.tf

@@ -0,0 +1,20 @@
+resource "azurerm_vpn_server_configuration" "main" {
+  name                = "vpnconfig-${var.zone}-${var.environment}-${lookup(local.short_locations, var.location)}-${local.identifier}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  vpn_authentication_types = var.vpn_authentication_types
+  vpn_protocols            = var.vpn_protocols
+
+  dynamic "azure_active_directory_authentication" {
+    for_each = contains(var.vpn_authentication_types, "AAD") ? [{}] : []
+
+    content {
+      audience = data.azuread_service_principal.azure_vpn.client_id
+      issuer   = "https://sts.windows.net/${data.azurerm_client_config.main.tenant_id}/"
+      tenant   = "https://login.microsoftonline.com/${data.azurerm_client_config.main.tenant_id}/"
+    }
+  }
+
+  tags = merge(var.tags, local.tags)
+}

modules/vpn-server-configuration/src/outputs.tf

@@ -0,0 +1,7 @@
+output "id" {
+  value = azurerm_vpn_server_configuration.main.id
+}
+
+output "name" {
+  value = azurerm_vpn_server_configuration.main.name
+}

modules/vpn-server-configuration/src/variables.tf

@@ -0,0 +1,32 @@
+variable "environment" {
+  type = string
+}
+
+variable "identifier" {
+  type = string
+}
+
+variable "location" {
+  type = string
+}
+
+variable "resource_group_name" {
+  type = string
+}
+
+variable "tags" {
+  type    = map(string)
+  default = {}
+}
+
+variable "vpn_authentication_types" {
+  type = list(string)
+}
+
+variable "vpn_protocols" {
+  type = list(string)
+}
+
+variable "zone" {
+  type = string
+}

modules/vpn-server-configuration/test/main.tf

@@ -0,0 +1,20 @@
+provider "azurerm" {
+  features {}
+}
+
+module "azurerm_vpn_server_configuration" {
+  source = "../src"
+
+  environment         = "baz"
+  identifier          = "qux"
+  location            = "uksouth"
+  resource_group_name = "grault"
+  zone                = "waldo"
+
+  vpn_authentication_types = ["foo"]
+  vpn_protocols            = ["bar"]
+
+  tags = {
+    Foo = "Bar"
+  }
+}

modules/vpn-server-configuration/test/terraform.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.5"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.85"
+    }
+  }
+}