Skip to content

Commit

Permalink
Azure | Update vWAN templates
Browse files Browse the repository at this point in the history
  • Loading branch information
@chkp-dmitrytc
chkp-dmitrytc authored Jun 5, 2024
1 parent d156d7d commit 4b3d6d6
Show file tree
Hide file tree
Showing 9 changed files with 122 additions and 6 deletions.
42 changes: 40 additions & 2 deletions azure/templates/vwan-managed-app/mainTemplate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,36 @@
"metadata": {
"description": "Managed app resource group Name"
}
}
},
"publicIPIngress": {
"type": "string",
"allowedValues": [
"no",
"yes"
],
"defaultValue": "no",
"metadata": {
"description": "Use public IP for ingress traffic"
}
},
"createNewIPIngress": {
"type": "string",
"allowedValues": [
"no",
"yes"
],
"defaultValue": "no",
"metadata": {
"description": "Create new public IP"
}
},
"ipIngressExistingResourceId": {
"type": "string",
"metadata": {
"description": "The resource id of the public IP"
},
"defaultValue": ""
}
},
"variables": {
"managedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('managedResourceGroupName'))]"
Expand All @@ -170,7 +199,7 @@
"name": "vwan-app",
"product": "cp-vwan-managed-app",
"publisher": "checkpoint",
"version": "1.0.12"
"version": "1.0.13"
},
"properties": {
"managedResourceGroupId": "[variables('managedResourceGroupId')]",
Expand Down Expand Up @@ -237,6 +266,15 @@
},
"smart1CloudTokenE": {
"value": "[parameters('smart1CloudTokenE')]"
},
"publicIPIngress": {
"value": "[parameters('publicIPIngress')]"
},
"createNewIPIngress": {
"value": "[parameters('createNewIPIngress')]"
},
"ipIngressExistingResourceId": {
"value": "[parameters('ipIngressExistingResourceId')]"
}
}
}
Expand Down
7 changes: 7 additions & 0 deletions terraform/azure/nva-into-existing-hub/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,10 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
| | | | | |
| **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes; <br/>no;| yes | |
| |

## Conditional creation
Expand Down Expand Up @@ -153,12 +157,15 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
smart1-cloud-token-c = ""
smart1-cloud-token-d = ""
smart1-cloud-token-e = ""
existing-public-ip = ""
new-public-ip = "yes"

## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)

| Template Version | Description |
|------------------|-------------------|
| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure| |


Expand Down
11 changes: 10 additions & 1 deletion terraform/azure/nva-into-existing-hub/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ resource "azurerm_managed_application" "nva" {
name = "vwan-app"
product = "cp-vwan-managed-app"
publisher = "checkpoint"
version = "1.0.12"
version = "1.0.13"
}
parameter_values = jsonencode({
location = {
Expand Down Expand Up @@ -167,6 +167,15 @@ resource "azurerm_managed_application" "nva" {
},
smart1CloudTokenE = {
value = var.smart1-cloud-token-e
},
publicIPIngress = {
value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
},
createNewIPIngress = {
value = var.new-public-ip
}
ipIngressExistingResourceId = {
value = var.existing-public-ip
}
})
}
Expand Down
4 changes: 3 additions & 1 deletion terraform/azure/nva-into-existing-hub/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,6 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
new-public-ip = "PLEASE ENTER yes or no" # "no"
21 changes: 21 additions & 0 deletions terraform/azure/nva-into-existing-hub/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,4 +173,25 @@ variable "smart1-cloud-token-d" {
variable "smart1-cloud-token-e" {
type = string
default = ""
}

variable "existing-public-ip" {
type = string
default = ""
}

variable "new-public-ip" {
type = string
default = "no"
validation {
condition = contains(["yes", "no"], var.new-public-ip)
error_message = "Valid options are string('yes' or 'no')"
}
}

locals{
# Validate that new-public-ip is false when existing-public-ip is used
is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
_ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
}
7 changes: 7 additions & 0 deletions terraform/azure/nva-into-new-vwan/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,10 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
| | | | | |
| **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes; <br/>no;| yes | |
| |

## Conditional creation
Expand Down Expand Up @@ -158,12 +162,15 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
smart1-cloud-token-c = ""
smart1-cloud-token-d = ""
smart1-cloud-token-e = ""
existing-public-ip = ""
new-public-ip = "yes"

## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)

| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------|
| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |


Expand Down
11 changes: 10 additions & 1 deletion terraform/azure/nva-into-new-vwan/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ resource "azurerm_managed_application" "nva" {
name = "vwan-app"
product = "cp-vwan-managed-app"
publisher = "checkpoint"
version = "1.0.12"
version = "1.0.13"
}
parameter_values = jsonencode({
location = {
Expand Down Expand Up @@ -177,6 +177,15 @@ resource "azurerm_managed_application" "nva" {
},
smart1CloudTokenE = {
value = var.smart1-cloud-token-e
},
publicIPIngress = {
value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
},
createNewIPIngress = {
value = var.new-public-ip
}
ipIngressExistingResourceId = {
value = var.existing-public-ip
}
})
}
Expand Down
4 changes: 3 additions & 1 deletion terraform/azure/nva-into-new-vwan/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,6 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR I
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
new-public-ip = "PLEASE ENTER yes or no" # "no"
21 changes: 21 additions & 0 deletions terraform/azure/nva-into-new-vwan/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,4 +184,25 @@ variable "smart1-cloud-token-d" {
variable "smart1-cloud-token-e" {
type = string
default = ""
}

variable "existing-public-ip" {
type = string
default = ""
}

variable "new-public-ip" {
type = string
default = "no"
validation {
condition = contains(["yes", "no"], var.new-public-ip)
error_message = "Valid options are string('yes' or 'no')"
}
}

locals{
# Validate that new-public-ip is false when existing-public-ip is used
is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
_ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
}

0 comments on commit 4b3d6d6

Please sign in to comment.