This is Release Version 1.1.0 of the "vcd_nsxt_ipsec_vpn_tunnel" Terr…

…aform Module that will be used in the RXT Build Automation Tool.
global-vmware · Jun 20, 2023 · 6f18235 · 6f18235
1 parent e4d4253
commit 6f18235
Show file tree

Hide file tree

Showing 5 changed files with 273 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,33 @@
+# Local .terraform directories
+**/.terraform/*
+.terraform.*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+secrets.tfvars
+secrets.auto.tfvars
+providers.tf
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
diff --git a/README.md b/README.md
@@ -1 +1,84 @@
-# vcd_nsxt_ipsec_vpn_tunnel
+# Terraform VMware Cloud Director NSX-T IPSec VPN Tunnel Module
+
+This Terraform module will deploy an IPSec VPN Tunnel on an NSX-T Edge Gateway in a VMware Cloud Director (VCD) environment. This module can be used to provsion a new IPSec VPN Tunnel into [Rackspace Technology SDDC Flex](https://www.rackspace.com/cloud/private/software-defined-data-center-flex) VCD Data Center Regions.
+
+## Requirements
+
+| Name      | Version |
+|-----------|---------|
+| terraform | ~> 1.2  |
+| vcd       | ~> 3.8  |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [vcd_vdc_group](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/vdc_group) | Data Source |
+| [vcd_nsxt_edgegateway](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/nsxt_edgegateway) | Data Source |
+| [vcd_library_certificate](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/library_certificate) | Data Source |
+| [vcd_nsxt_ipsec_vpn_tunnel](https://registry.terraform.io/providers/vmware/vcd/latest/docs/resources/nsxt_ipsec_vpn_tunnel) | Resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|----------|
+| vdc_org_name | The name of the Data Center Group Organization in VCD | string | `"Organization Name Format: <Account_Number>-<Region>-<Account_Name>"` | yes |
+| vdc_group_name | The name of the Data Center Group in VCD | string | `"Data Center Group Name Format: <Account_Number>-<Region>-<Account_Name> <datacenter group>"` | yes |
+| vdc_edge_name | Name of the Data Center Group Edge Gateway | string | `"Edge Gateway Name Format: <Account_Number>-<Region>-<Edge_GW_Identifier>-<edge>"` | Yes |
+| name | The name of the IPSec VPN tunnel | string | - | yes |
+| description | The description of the IPSec VPN tunnel | string | "" | no |
+| enabled | Whether the IPSec VPN tunnel is enabled | bool | true | no |
+| pre_shared_key | The pre-shared key for authentication (used when authentication mode is PSK) | string | "" | yes |
+| local_ip_address | The local IP address for the IPSec VPN tunnel | string | - | yes |
+| local_networks | List of local networks (CIDR blocks) to be included in the tunnel | list(string) | - | yes |
+| remote_ip_address | The remote IP address for the IPSec VPN tunnel | string | - | yes |
+| remote_id | The remote identifier for the IPSec VPN tunnel | string | - | no |
+| remote_networks | List of remote networks (CIDR blocks) to be included in the tunnel | list(string) | ["0.0.0.0/0"] | no |
+| logging | Whether logging is enabled for the IPSec VPN tunnel | bool | false | no |
+| authentication_mode | The authentication mode for the IPSec VPN tunnel | string | "PSK" | no |
+| certificate_alias | The alias of the library certificate to use for authentication | string | "" | no |
+| ca_certificate_alias | The alias of the CA certificate to use for authentication | string | "" | no |
+| certificate_id | The ID of the library certificate to use for authentication | string | "" | no |
+| ca_certificate_id | The ID of the CA certificate to use for authentication | string | "" | no |
+
+## Outputs
+
+| Name                  | Description                                      |
+|-----------------------|--------------------------------------------------|
+| ipsec_vpn_tunnel_name | The name of the IPSec VPN tunnel                  |
+| authentication_mode   | The authentication mode of the IPSec VPN tunnel   |
+| local_ip_address      | The local IP address of the IPSec VPN tunnel      |
+| local_networks        | The local networks of the IPSec VPN tunnel        |
+| remote_ip_address     | The remote IP address of the IPSec VPN tunnel     |
+| remote_networks       | The remote networks of the IPSec VPN tunnel       |
+| remote_id             | The remote identifier of the IPSec VPN tunnel     |
+| security_profile      | The security profile of the IPSec VPN tunnel      |
+| status                | The status of the IPSec VPN tunnel                |
+
+## Example Usage
+
+```terraform
+module "vcd_nsxt_ipsec_vpn_tunnel" {
+  source                = "github.com/global-vmware/vcd_nsxt_ipsec_vpn_tunnel.git?ref=v1.1.0"
+
+  vdc_org_name          = "<US1-VDC-ORG-NAME>"
+  vdc_group_name        = "<US1-VDC-GRP-NAME>"
+  vdc_edge_name         = "<US1-VDC-EDGE-NAME>"
+
+  name                  = "US1-VPN-Tunnel-->US2"
+
+  authentication_mode   = "PSK"
+
+  pre_shared_key        = "mysecretpsk"
+
+  local_ip_address      = "8.8.8.8"
+  local_networks        = ["172.16.0.0/24", "172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24", "172.16.4.0/24"]
+
+  remote_ip_address     = "9.9.9.9"
+  remote_networks       = ["172.16.10.0/24", "172.16.11.0/24", "172.16.12.0/24", "172.16.13.0/24", "172.16.14.0/24"]
+}
+```
+
+## Authors
+
+This module is maintained by the [Global VMware Cloud Automation Services Team](https://github.com/global-vmware).
diff --git a/main.tf b/main.tf
@@ -0,0 +1,51 @@
+terraform {
+  required_version = "~> 1.2"
+
+  required_providers {
+    vcd = {
+      source  = "vmware/vcd"
+      version = "~> 3.8"
+    }
+  }
+}
+
+data "vcd_vdc_group" "dcgroup" {
+  name  = var.vdc_group_name
+}
+
+data "vcd_nsxt_edgegateway" "edge_gateway" {
+  org      = var.vdc_org_name
+  owner_id = data.vcd_vdc_group.dcgroup.id
+  name     = var.vdc_edge_name
+}
+
+data "vcd_library_certificate" "cert" {
+  count = var.authentication_mode == "CERTIFICATE" ? 1 : 0
+  alias = var.certificate_alias
+}
+
+data "vcd_library_certificate" "ca-cert" {
+  count = var.authentication_mode == "CERTIFICATE" ? 1 : 0
+  alias = var.ca_certificate_alias
+}
+
+resource "vcd_nsxt_ipsec_vpn_tunnel" "tunnel" {
+  edge_gateway_id = data.vcd_nsxt_edgegateway.edge_gateway.id
+
+  name              = var.name
+  description       = var.description
+  enabled           = var.enabled
+  pre_shared_key    = var.authentication_mode == "PSK" ? var.pre_shared_key : ""
+  local_ip_address  = var.local_ip_address
+  local_networks    = var.local_networks
+  remote_ip_address = var.remote_ip_address
+  remote_id         = var.remote_id
+  remote_networks   = var.remote_networks
+  logging           = var.logging
+
+  authentication_mode = var.authentication_mode
+  certificate_id      = var.authentication_mode == "CERTIFICATE" ? data.vcd_library_certificate.cert[0].id : null
+  ca_certificate_id   = var.authentication_mode == "CERTIFICATE" ? data.vcd_library_certificate.ca-cert[0].id : null
+}
+
+
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,35 @@
+output "ipsec_vpn_tunnel_name" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.name
+}
+
+output "authentication_mode" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.authentication_mode
+}
+
+output "local_ip_address" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.local_ip_address
+}
+
+output "local_networks" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.local_networks
+}
+
+output "remote_ip_address" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.remote_ip_address
+}
+
+output "remote_networks" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.remote_networks
+}
+
+output "remote_id" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.remote_id
+}
+
+output "security_profile" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.security_profile
+}
+
+output "status" {
+  value     = vcd_nsxt_ipsec_vpn_tunnel.tunnel.status
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,70 @@
+variable "vdc_org_name" {}
+
+variable "vdc_group_name" {}
+
+variable "vdc_edge_name" {}
+
+variable "name" {
+  type = string
+}
+
+variable "description" {
+  type = string
+  default = ""
+}
+
+variable "enabled" {
+  type = bool
+  default = true
+}
+
+variable "pre_shared_key" {
+  type = string
+  default = ""
+}
+
+variable "local_ip_address" {
+  type = string
+}
+
+variable "local_networks" {
+  type = list(string)
+}
+
+variable "remote_ip_address" {
+  type = string
+}
+
+variable "remote_id" {
+  type = string
+}
+
+variable "remote_networks" {
+  type = list(string)
+  default = ["0.0.0.0/0"]
+}
+
+variable "logging" {
+  default = false
+}
+
+variable "authentication_mode" {
+  default = "PSK"
+}
+
+variable "certificate_alias" {
+  default = ""
+}
+
+variable "ca_certificate_alias" {
+  default = ""
+}
+
+variable "certificate_id" {
+  default = ""
+}
+
+variable "ca_certificate_id" {
+  default = ""
+}
+