From f689b44a6ccd60b3007b45409beb0617ad555bf6 Mon Sep 17 00:00:00 2001
From: chkp-dmitrytc <98877884+chkp-dmitrytc@users.noreply.github.com>
Date: Tue, 21 May 2024 22:49:19 +0300
Subject: [PATCH] Azure | Update vWAN templates
---
.../vwan-managed-app/mainTemplate.json | 42 +------------------
.../azure/nva-into-existing-hub/README.md | 7 ----
terraform/azure/nva-into-existing-hub/main.tf | 11 +----
.../nva-into-existing-hub/terraform.tfvars | 4 +-
.../azure/nva-into-existing-hub/variables.tf | 21 ----------
terraform/azure/nva-into-new-vwan/README.md | 7 ----
terraform/azure/nva-into-new-vwan/main.tf | 11 +----
.../azure/nva-into-new-vwan/terraform.tfvars | 4 +-
.../azure/nva-into-new-vwan/variables.tf | 21 ----------
9 files changed, 6 insertions(+), 122 deletions(-)
diff --git a/azure/templates/vwan-managed-app/mainTemplate.json b/azure/templates/vwan-managed-app/mainTemplate.json
index 2079b115..b685734f 100644
--- a/azure/templates/vwan-managed-app/mainTemplate.json
+++ b/azure/templates/vwan-managed-app/mainTemplate.json
@@ -154,36 +154,7 @@
"metadata": {
"description": "Managed app resource group Name"
}
- },
- "publicIPIngress": {
- "type": "string",
- "allowedValues": [
- "no",
- "yes"
- ],
- "defaultValue": "no",
- "metadata": {
- "description": "Use public IP for ingress traffic"
- }
- },
- "createNewIPIngress": {
- "type": "string",
- "allowedValues": [
- "no",
- "yes"
- ],
- "defaultValue": "no",
- "metadata": {
- "description": "Create new public IP"
- }
- },
- "ipIngressExistingResourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource id of the public IP"
- },
- "defaultValue": ""
- }
+ }
},
"variables": {
"managedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('managedResourceGroupName'))]"
@@ -199,7 +170,7 @@
"name": "vwan-app",
"product": "cp-vwan-managed-app",
"publisher": "checkpoint",
- "version": "1.0.11"
+ "version": "1.0.12"
},
"properties": {
"managedResourceGroupId": "[variables('managedResourceGroupId')]",
@@ -266,15 +237,6 @@
},
"smart1CloudTokenE": {
"value": "[parameters('smart1CloudTokenE')]"
- },
- "publicIPIngress": {
- "value": "[parameters('publicIPIngress')]"
- },
- "createNewIPIngress": {
- "value": "[parameters('createNewIPIngress')]"
- },
- "ipIngressExistingResourceId": {
- "value": "[parameters('ipIngressExistingResourceId')]"
}
}
}
diff --git a/terraform/azure/nva-into-existing-hub/README.md b/terraform/azure/nva-into-existing-hub/README.md
index dc01d01e..f169bbec 100755
--- a/terraform/azure/nva-into-existing-hub/README.md
+++ b/terraform/azure/nva-into-existing-hub/README.md
@@ -116,10 +116,6 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
- | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
- | | | | | |
- | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | |
| |
## Conditional creation
@@ -157,15 +153,12 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
smart1-cloud-token-c = ""
smart1-cloud-token-d = ""
smart1-cloud-token-e = ""
- existing-public-ip = ""
- new-public-ip = "yes"
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
|------------------|-------------------|
-| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure| |
diff --git a/terraform/azure/nva-into-existing-hub/main.tf b/terraform/azure/nva-into-existing-hub/main.tf
index 7d837266..57a0edbe 100755
--- a/terraform/azure/nva-into-existing-hub/main.tf
+++ b/terraform/azure/nva-into-existing-hub/main.tf
@@ -105,7 +105,7 @@ resource "azurerm_managed_application" "nva" {
name = "vwan-app"
product = "cp-vwan-managed-app"
publisher = "checkpoint"
- version = "1.0.11"
+ version = "1.0.12"
}
parameter_values = jsonencode({
location = {
@@ -167,15 +167,6 @@ resource "azurerm_managed_application" "nva" {
},
smart1CloudTokenE = {
value = var.smart1-cloud-token-e
- },
- publicIPIngress = {
- value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
- },
- createNewIPIngress = {
- value = var.new-public-ip
- }
- ipIngressExistingResourceId = {
- value = var.existing-public-ip
}
})
}
diff --git a/terraform/azure/nva-into-existing-hub/terraform.tfvars b/terraform/azure/nva-into-existing-hub/terraform.tfvars
index 268fb4c1..b43d49ba 100755
--- a/terraform/azure/nva-into-existing-hub/terraform.tfvars
+++ b/terraform/azure/nva-into-existing-hub/terraform.tfvars
@@ -26,6 +26,4 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
-new-public-ip = "PLEASE ENTER yes or no" # "no"
\ No newline at end of file
+smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
\ No newline at end of file
diff --git a/terraform/azure/nva-into-existing-hub/variables.tf b/terraform/azure/nva-into-existing-hub/variables.tf
index 090b4bc5..9d140c8f 100755
--- a/terraform/azure/nva-into-existing-hub/variables.tf
+++ b/terraform/azure/nva-into-existing-hub/variables.tf
@@ -173,25 +173,4 @@ variable "smart1-cloud-token-d" {
variable "smart1-cloud-token-e" {
type = string
default = ""
-}
-
-variable "existing-public-ip" {
- type = string
- default = ""
-}
-
-variable "new-public-ip" {
- type = string
- default = "no"
- validation {
- condition = contains(["yes", "no"], var.new-public-ip)
- error_message = "Valid options are string('yes' or 'no')"
- }
-}
-
-locals{
- # Validate that new-public-ip is false when existing-public-ip is used
- is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
- validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
- _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
}
\ No newline at end of file
diff --git a/terraform/azure/nva-into-new-vwan/README.md b/terraform/azure/nva-into-new-vwan/README.md
index d63fb424..210ff9e6 100755
--- a/terraform/azure/nva-into-new-vwan/README.md
+++ b/terraform/azure/nva-into-new-vwan/README.md
@@ -120,10 +120,6 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
- | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
- | | | | | |
- | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | |
| |
## Conditional creation
@@ -162,15 +158,12 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
smart1-cloud-token-c = ""
smart1-cloud-token-d = ""
smart1-cloud-token-e = ""
- existing-public-ip = ""
- new-public-ip = "yes"
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------|
-| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |
diff --git a/terraform/azure/nva-into-new-vwan/main.tf b/terraform/azure/nva-into-new-vwan/main.tf
index 1efc9344..52ea73d2 100755
--- a/terraform/azure/nva-into-new-vwan/main.tf
+++ b/terraform/azure/nva-into-new-vwan/main.tf
@@ -115,7 +115,7 @@ resource "azurerm_managed_application" "nva" {
name = "vwan-app"
product = "cp-vwan-managed-app"
publisher = "checkpoint"
- version = "1.0.11"
+ version = "1.0.12"
}
parameter_values = jsonencode({
location = {
@@ -177,15 +177,6 @@ resource "azurerm_managed_application" "nva" {
},
smart1CloudTokenE = {
value = var.smart1-cloud-token-e
- },
- publicIPIngress = {
- value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
- },
- createNewIPIngress = {
- value = var.new-public-ip
- }
- ipIngressExistingResourceId = {
- value = var.existing-public-ip
}
})
}
diff --git a/terraform/azure/nva-into-new-vwan/terraform.tfvars b/terraform/azure/nva-into-new-vwan/terraform.tfvars
index 8473e72c..c754d4ee 100755
--- a/terraform/azure/nva-into-new-vwan/terraform.tfvars
+++ b/terraform/azure/nva-into-new-vwan/terraform.tfvars
@@ -27,6 +27,4 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR I
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
-new-public-ip = "PLEASE ENTER yes or no" # "no"
\ No newline at end of file
+smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
\ No newline at end of file
diff --git a/terraform/azure/nva-into-new-vwan/variables.tf b/terraform/azure/nva-into-new-vwan/variables.tf
index deb1bc31..461b9ed5 100755
--- a/terraform/azure/nva-into-new-vwan/variables.tf
+++ b/terraform/azure/nva-into-new-vwan/variables.tf
@@ -184,25 +184,4 @@ variable "smart1-cloud-token-d" {
variable "smart1-cloud-token-e" {
type = string
default = ""
-}
-
-variable "existing-public-ip" {
- type = string
- default = ""
-}
-
-variable "new-public-ip" {
- type = string
- default = "no"
- validation {
- condition = contains(["yes", "no"], var.new-public-ip)
- error_message = "Valid options are string('yes' or 'no')"
- }
-}
-
-locals{
- # Validate that new-public-ip is false when existing-public-ip is used
- is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
- validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
- _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
}
\ No newline at end of file