diff --git a/terraform/azure/modules/add-routing-intent.py b/terraform/azure/modules/add-routing-intent.py
deleted file mode 100755
index 87437061..00000000
--- a/terraform/azure/modules/add-routing-intent.py
+++ /dev/null
@@ -1,29 +0,0 @@
-import json
-import requests
-import sys
-
-
-def perform_put_request(url, data, headers=None):
- """
- This function perform the PUT request to Azure in order to edit the vWAN Hub Routing-Intent
- """
- result = {"status": "success", "message": ""}
- try:
- response = requests.put(url, json=data, headers=headers)
- result["message"] = response.text
- except Exception as e:
- result["status"] = "error"
- result["message"] = f"An error occurred: {str(e)}"
- return result
-
-
-if __name__ == "__main__":
- """
- This script receives url, body, and authorization token as arguments and set vWAN Hub Routing-Intent
- """
- api_url = sys.argv[1]
- api_data = eval(sys.argv[2])
- auth_token = sys.argv[3]
- api_headers = {"Authorization": f'Bearer {auth_token}'}
- result = perform_put_request(api_url, api_data, api_headers)
- print(json.dumps(result))
diff --git a/terraform/azure/nva-into-existing-hub/README.md b/terraform/azure/nva-into-existing-hub/README.md
index 56972d7b..397f6c14 100755
--- a/terraform/azure/nva-into-existing-hub/README.md
+++ b/terraform/azure/nva-into-existing-hub/README.md
@@ -11,7 +11,6 @@ As part of the deployment the following resources are created:
## Configurations
- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure).
-- In order to configure hub routing-intent policies it is **required** to have Python and 'requests' library installed.
## Usage
- Choose the preferred login method to Azure in order to deploy the solution:
@@ -58,68 +57,68 @@ As part of the deployment the following resources are created:
terraform apply
### terraform.tfvars variables:
- | Name | Description | Type | Allowed values |
+ | Name | Description | Type | Allowed values |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- |
| **authentication_method** | The authentication method used to deploy the solution | string | "Service Principal";
"Azure CLI";
- | |
+ | |
| **client_secret** | The client secret value of the Service Principal used to deploy the solution | string |
- | | | | | |
+ | | | | | |
| **client_id** | The client ID of the Service Principal used to deploy the solution | string |
- | | | | | |
+ | | | | | |
| **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string |
- | | | | | |
+ | | | | | |
| **subscription_id** | The subscription ID is used to pay for Azure cloud services | string |
- | | | | | |
+ | | | | | |
| **resource-group-name** | The name of the resource group that will contain the managed application | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period |
- | | | | | |
+ | | | | | |
| **location** | The region where the resources will be deployed at | string | The full list of supported Azure regions can be found at https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-locations-partners#locations |
- | | | | | |
+ | | | | | |
| **vwan-hub-name** | The name of the virtual WAN hub that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens |
- | | | | | |
+ | | | | | |
| **vwan-hub-resource-group** | The vWAN hub resource group name | string | |
- | | | | | |
+ | | | | | |
| **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens |
- | | | | | |
+ | | | | | |
| **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens |
- | | | | | |
+ | | | | | |
| **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period |
- | | | | | |
+ | | | | | |
| **os-version** | The GAIA os version | string | "R8110"
"R8120" |
- | | | | | |
+ | | | | | |
| **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)"
"Full Package (NGTX + S1C)" |
- | | | | | | | | | |
+ | | | | | | | | | |
| **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled. | string | "2"
"4"
"10"
"20"
"30"
"60"
"80"
|
- | | | | | |
+ | | | | | |
| **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it |
- | | | | | | | | | |
+ | | | | | | | | | |
| **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; |
- | | | | | |
+ | | | | | |
| **sic-key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long |
- | | | | | |
+ | | | | | |
| **ssh-public-key** | The public ssh key used for ssh connection to the NVA GW instances | string | ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx generated-by-azure; | | string | gateway;
standalone; |
- | | | | | |
+ | | | | | |
| **bgp-asn** | The BGP autonomous system number. | string | 64512 ||
- | | | | | |
+ | | | | | |
| **custom-metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | string | yes;
no; |
- | | | | | |
- | **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment. |
- | | | | | |
- | **routing-intent-private-traffic** | Set routing intent policy to allow private traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment. |
- | | | | | |
+ | | | | | |
+ | **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | bool | true;
false; |
+ | | | | | |
+ | **routing-intent-private-traffic** | Set routing intent policy to allow private traffic through the new nva | bool | true;
false; |
+ | | | | | |
| **smart1-cloud-token-a** | Smart-1 Cloud token to connect automatically ***NVA instance a*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
+ | | | | | |
| **smart1-cloud-token-b** | Smart-1 Cloud token to connect automatically ***NVA instance b*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
+ | | | | | |
| **smart1-cloud-token-c** | Smart-1 Cloud token to connect automatically ***NVA instance c*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
+ | | | | | |
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
+ | | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
- | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
- | | | | | |
- | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | |
- | |
+ | | | | | |
+ | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | |
+ | | | | | |
+ | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no; | |
+ | |
## Conditional creation
- To enable CloudGuard metrics in order to send statuses and statistics collected from the gateway instance to the Azure Monitor service:
@@ -149,8 +148,8 @@ As part of the deployment the following resources are created:
ssh-public-key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
bgp-asn = "64512"
custom-metrics = "yes"
- routing-intent-internet-traffic = "yes"
- routing-intent-private-traffic = "yes"
+ routing-intent-internet-traffic = true
+ routing-intent-private-traffic = true
smart1-cloud-token-a = ""
smart1-cloud-token-b = ""
smart1-cloud-token-c = ""
@@ -165,7 +164,7 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
|------------------|-------------------|
| 20240228 | Added public IP for ingress support | | |
-| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure| |
+| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | |
## License
diff --git a/terraform/azure/nva-into-existing-hub/main.tf b/terraform/azure/nva-into-existing-hub/main.tf
index 7d837266..657a064c 100755
--- a/terraform/azure/nva-into-existing-hub/main.tf
+++ b/terraform/azure/nva-into-existing-hub/main.tf
@@ -40,8 +40,8 @@ data "http" "image-versions" {
}
locals {
- image_versions = tolist([for version in jsondecode(data.http.image-versions.response_body).properties.availableVersions : version if substr(version, 0, 4) == substr(lower(var.os-version), 1, 4)])
- routing_intent-internet-policy = {
+ image_versions = tolist([for version in jsondecode(data.http.image-versions.response_body).properties.availableVersions : version if substr(version, 0, 4) == substr(lower(var.os-version), 1, 4)])
+ routing_intent-internet-policy = {
"name": "InternetTraffic",
"destinations": [
"Internet"
@@ -55,9 +55,9 @@ locals {
],
"nextHop": "/subscriptions/${var.subscription_id}/resourcegroups/${var.nva-rg-name}/providers/Microsoft.Network/networkVirtualAppliances/${var.nva-name}"
}
- routing-intent-policies = var.routing-intent-internet-traffic == "yes" ? (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-internet-policy, local.routing_intent-private-policy]) : tolist([local.routing_intent-internet-policy])) : (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-private-policy]) : [])
- req_body = jsonencode({"properties": {"routingPolicies": local.routing-intent-policies}})
- req_url = "https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${var.vwan-hub-resource-group}/providers/Microsoft.Network/virtualHubs/${var.vwan-hub-name}/routingIntent/hubRoutingIntent?api-version=2022-01-01"
+ routing-intent-policies = var.routing-intent-internet-traffic ? (var.routing-intent-private-traffic ? tolist([local.routing_intent-internet-policy, local.routing_intent-private-policy]) : tolist([local.routing_intent-internet-policy])) : (var.routing-intent-private-traffic ? tolist([local.routing_intent-private-policy]) : [])
+
+
}
//********************** Marketplace Terms & Solution Registration **************************//
@@ -182,14 +182,18 @@ resource "azurerm_managed_application" "nva" {
//********************** Routing Intent **************************//
-
-data "external" "update-routing-intent" {
- count = length(local.routing-intent-policies) != 0 ? 1 : 0
+resource "azurerm_virtual_hub_routing_intent" "routing-intent" {
+ count = (var.routing-intent-internet-traffic || var.routing-intent-private-traffic) ? 1 : 0
depends_on = [azurerm_managed_application.nva]
- program = ["python", "../modules/add-routing-intent.py", "${local.req_url}", "${local.req_body}", "${local.access_token}"]
-}
-
-output "api_request_result" {
- value = length(local.routing-intent-policies) != 0 ? data.external.update-routing-intent[0].result : {routing-intent: "not changed"}
+ name = "hubRoutingIntent"
+ virtual_hub_id = data.azurerm_virtual_hub.vwan-hub.id
+ dynamic "routing_policy" {
+ for_each = local.routing-intent-policies
+ content {
+ name = routing_policy.value["name"]
+ destinations = routing_policy.value["destinations"]
+ next_hop = routing_policy.value["nextHop"]
+ }
+ }
}
diff --git a/terraform/azure/nva-into-existing-hub/terraform.tfvars b/terraform/azure/nva-into-existing-hub/terraform.tfvars
index 268fb4c1..e7da4007 100755
--- a/terraform/azure/nva-into-existing-hub/terraform.tfvars
+++ b/terraform/azure/nva-into-existing-hub/terraform.tfvars
@@ -20,8 +20,8 @@ sic-key = "PLEASE ENTER SIC KEY"
ssh-public-key = "PLEASE ENTER SSH PUBLIC KEY" # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
bgp-asn = "PLEASE ENTER BGP AUTONOMOUS SYSTEM NUMBER" # "64512"
custom-metrics = "PLEASE ENTER yes or no" # "yes"
-routing-intent-internet-traffic = "PLEASE ENTER yes or no" # "yes"
-routing-intent-private-traffic = "PLEASE ENTER yes or no" # "yes"
+routing-intent-internet-traffic = "PLEASE ENTER true or false" # true
+routing-intent-private-traffic = "PLEASE ENTER true or false" # true
smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE A OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
diff --git a/terraform/azure/nva-into-existing-hub/variables.tf b/terraform/azure/nva-into-existing-hub/variables.tf
index 090b4bc5..3186b0d2 100755
--- a/terraform/azure/nva-into-existing-hub/variables.tf
+++ b/terraform/azure/nva-into-existing-hub/variables.tf
@@ -135,18 +135,20 @@ variable "custom-metrics" {
}
variable "routing-intent-internet-traffic" {
- default = "yes"
+ type = bool
+ default = true
validation {
- condition = contains(["yes", "no"], var.routing-intent-internet-traffic)
- error_message = "Valid options are string('yes' or 'no')"
+ condition = contains([true, false], var.routing-intent-internet-traffic)
+ error_message = "Valid options are true or false"
}
}
variable "routing-intent-private-traffic" {
- default = "yes"
+ type = bool
+ default = true
validation {
- condition = contains(["yes", "no"], var.routing-intent-private-traffic)
- error_message = "Valid options are string('yes' or 'no')"
+ condition = contains([true, false], var.routing-intent-private-traffic)
+ error_message = "Valid options are true or false"
}
}
diff --git a/terraform/azure/nva-into-new-vwan/README.md b/terraform/azure/nva-into-new-vwan/README.md
index dd1df4aa..c7350a0e 100755
--- a/terraform/azure/nva-into-new-vwan/README.md
+++ b/terraform/azure/nva-into-new-vwan/README.md
@@ -13,7 +13,6 @@ As part of the deployment the following resources are created:
## Configurations
- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure).
-- In order to configure hub routing-intent policies it is **required** to have Python and 'requests' library installed.
## Usage
- Choose the preferred login method to Azure in order to deploy the solution:
@@ -106,10 +105,10 @@ As part of the deployment the following resources are created:
| | | | | |
| **custom-metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | string | yes;
no; |
| | | | | |
- | **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment. |
- | | | | | |
- | **routing-intent-private-traffic** | Set routing intent policy to allow private traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment. |
- | | | | | |
+ | **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | bool | true;
false; |
+ | | | | | |
+ | **routing-intent-private-traffic** | Set routing intent policy to allow private traffic through the new nva | bool | true;
false; |
+ | | | | | |
| **smart1-cloud-token-a** | Smart-1 Cloud token to connect automatically ***NVA instance a*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-b** | Smart-1 Cloud token to connect automatically ***NVA instance b*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
@@ -119,10 +118,10 @@ As part of the deployment the following resources are created:
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
- | | | | | |
- | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
- | | | | | |
- | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | |
+ | |
+ | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | |
+ | | | | | |
+ | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| |
| |
## Conditional creation
@@ -154,8 +153,8 @@ As part of the deployment the following resources are created:
ssh-public-key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
bgp-asn = "64512"
custom-metrics = "yes"
- routing-intent-internet-traffic = "yes"
- routing-intent-private-traffic = "yes"
+ routing-intent-internet-traffic = true
+ routing-intent-private-traffic = true
smart1-cloud-token-a = ""
smart1-cloud-token-b = ""
smart1-cloud-token-c = ""
@@ -167,10 +166,10 @@ As part of the deployment the following resources are created:
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
-| Template Version | Description |
+| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------|
-| 20240228 | Added public IP for ingress support | | |
-| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |
+| 20240228 | Added public IP for ingress support | | |
+| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |
## License
diff --git a/terraform/azure/nva-into-new-vwan/main.tf b/terraform/azure/nva-into-new-vwan/main.tf
index c905f74a..4c5b6693 100755
--- a/terraform/azure/nva-into-new-vwan/main.tf
+++ b/terraform/azure/nva-into-new-vwan/main.tf
@@ -64,10 +64,7 @@ locals {
],
"nextHop": "/subscriptions/${var.subscription_id}/resourcegroups/${var.nva-rg-name}/providers/Microsoft.Network/networkVirtualAppliances/${var.nva-name}"
}
- routing-intent-policies = var.routing-intent-internet-traffic == "yes" ? (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-internet-policy, local.routing_intent-private-policy]) : tolist([local.routing_intent-internet-policy])) : (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-private-policy]) : [])
- req_body = jsonencode({"properties": {"routingPolicies": local.routing-intent-policies}})
- req_url = "https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.managed-app-rg.name}/providers/Microsoft.Network/virtualHubs/${var.vwan-hub-name}/routingIntent/hubRoutingIntent?api-version=2022-01-01"
-
+ routing-intent-policies = var.routing-intent-internet-traffic ? (var.routing-intent-private-traffic ? tolist([local.routing_intent-internet-policy, local.routing_intent-private-policy]) : tolist([local.routing_intent-internet-policy])) : (var.routing-intent-private-traffic ? tolist([local.routing_intent-private-policy]) : [])
}
//********************** Marketplace Terms & Solution Registration **************************//
@@ -115,7 +112,7 @@ resource "azurerm_managed_application" "nva" {
name = "vwan-app"
product = "cp-vwan-managed-app"
publisher = "checkpoint"
- version = "1.0.8"
+ version = "1.0.11"
}
parameter_values = jsonencode({
location = {
@@ -191,12 +188,18 @@ resource "azurerm_managed_application" "nva" {
}
//********************** Routing Intent **************************//
-data "external" "update-routing-intent" {
- count = length(local.routing-intent-policies) != 0 ? 1 : 0
- depends_on = [azurerm_managed_application.nva]
- program = ["python", "../modules/add-routing-intent.py", "${local.req_url}", "${local.req_body}", "${local.access_token}"]
-}
-output "api_request_result" {
- value = length(local.routing-intent-policies) != 0 ? data.external.update-routing-intent[0].result : {routing-intent: "not changed"}
+resource "azurerm_virtual_hub_routing_intent" "routing-intent" {
+ count = (var.routing-intent-internet-traffic || var.routing-intent-private-traffic) ? 1 : 0
+ depends_on = [azurerm_managed_application.nva]
+ name = "hubRoutingIntent"
+ virtual_hub_id = azurerm_virtual_hub.vwan-hub.id
+ dynamic "routing_policy" {
+ for_each = local.routing-intent-policies
+ content {
+ name = routing_policy.value["name"]
+ destinations = routing_policy.value["destinations"]
+ next_hop = routing_policy.value["nextHop"]
+ }
+ }
}
diff --git a/terraform/azure/nva-into-new-vwan/terraform.tfvars b/terraform/azure/nva-into-new-vwan/terraform.tfvars
index 8473e72c..c03dae78 100755
--- a/terraform/azure/nva-into-new-vwan/terraform.tfvars
+++ b/terraform/azure/nva-into-new-vwan/terraform.tfvars
@@ -21,8 +21,8 @@ sic-key = "PLEASE ENTER SIC KEY"
ssh-public-key = "PLEASE ENTER SSH PUBLIC KEY" # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
bgp-asn = "PLEASE ENTER BGP AUTONOMOUS SYSTEM NUMBER" # "64512"
custom-metrics = "PLEASE ENTER yes or no" # "yes"
-routing-intent-internet-traffic = "PLEASE ENTER yes or no" # "yes"
-routing-intent-private-traffic = "PLEASE ENTER yes or no" # "yes"
+routing-intent-internet-traffic = "PLEASE ENTER yes or no" # true
+routing-intent-private-traffic = "PLEASE ENTER yes or no" # true
smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE A OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
diff --git a/terraform/azure/nva-into-new-vwan/variables.tf b/terraform/azure/nva-into-new-vwan/variables.tf
index deb1bc31..695d8ad5 100755
--- a/terraform/azure/nva-into-new-vwan/variables.tf
+++ b/terraform/azure/nva-into-new-vwan/variables.tf
@@ -146,18 +146,20 @@ variable "custom-metrics" {
}
variable "routing-intent-internet-traffic" {
- default = "yes"
+ type = bool
+ default = true
validation {
- condition = contains(["yes", "no"], var.routing-intent-internet-traffic)
- error_message = "Valid options are string('yes' or 'no')"
+ condition = contains([true, false], var.routing-intent-internet-traffic)
+ error_message = "Valid options are true or false"
}
}
variable "routing-intent-private-traffic" {
- default = "yes"
+ type = bool
+ default = true
validation {
- condition = contains(["yes", "no"], var.routing-intent-private-traffic)
- error_message = "Valid options are string('yes' or 'no')"
+ condition = contains([true, false], var.routing-intent-private-traffic)
+ error_message = "Valid options are true or false"
}
}