azurerm_vpn_gateway_connection - support for the `inbound_route_map…

…_id` and `outbound_route_map_id` properties (#19681)
hashicorp · Dec 15, 2022 · 99539dd · 99539dd
1 parent 99d4f7a
commit 99539dd
Show file tree

Hide file tree

Showing 3 changed files with 157 additions and 0 deletions.
diff --git a/internal/services/network/vpn_gateway_connection_resource.go b/internal/services/network/vpn_gateway_connection_resource.go
@@ -78,6 +78,19 @@ func resourceVPNGatewayConnection() *pluginsdk.Resource {
 							Required:     true,
 							ValidateFunc: validate.HubRouteTableID,
 						},
+
+						"inbound_route_map_id": {
+							Type:         pluginsdk.TypeString,
+							Optional:     true,
+							ValidateFunc: validate.RouteMapID,
+						},
+
+						"outbound_route_map_id": {
+							Type:         pluginsdk.TypeString,
+							Optional:     true,
+							ValidateFunc: validate.RouteMapID,
+						},
+
 						"propagated_route_table": {
 							Type:     pluginsdk.TypeList,
 							Optional: true,
@@ -711,11 +724,25 @@ func expandVpnGatewayConnectionRoutingConfiguration(input []interface{}) *networ
 	if len(input) == 0 || input[0] == nil {
 		return nil
 	}
+
 	raw := input[0].(map[string]interface{})
+
 	output := &network.RoutingConfiguration{
 		AssociatedRouteTable: &network.SubResource{ID: utils.String(raw["associated_route_table"].(string))},
 	}
 
+	if inboundRouteMapId := raw["inbound_route_map_id"].(string); inboundRouteMapId != "" {
+		output.InboundRouteMap = &network.SubResource{
+			ID: utils.String(inboundRouteMapId),
+		}
+	}
+
+	if outboundRouteMapId := raw["outbound_route_map_id"].(string); outboundRouteMapId != "" {
+		output.OutboundRouteMap = &network.SubResource{
+			ID: utils.String(outboundRouteMapId),
+		}
+	}
+
 	if v := raw["propagated_route_table"].([]interface{}); len(v) != 0 {
 		output.PropagatedRouteTables = expandVpnGatewayConnectionPropagatedRouteTable(v)
 	}
@@ -733,10 +760,22 @@ func flattenVpnGatewayConnectionRoutingConfiguration(input *network.RoutingConfi
 		associateRouteTable = *input.AssociatedRouteTable.ID
 	}
 
+	var inboundRouteMapId string
+	if input.InboundRouteMap != nil && input.InboundRouteMap.ID != nil {
+		inboundRouteMapId = *input.InboundRouteMap.ID
+	}
+
+	var outboundRouteMapId string
+	if input.OutboundRouteMap != nil && input.OutboundRouteMap.ID != nil {
+		outboundRouteMapId = *input.OutboundRouteMap.ID
+	}
+
 	return []interface{}{
 		map[string]interface{}{
 			"propagated_route_table": flattenVpnGatewayConnectionPropagatedRouteTable(input.PropagatedRouteTables),
 			"associated_route_table": associateRouteTable,
+			"inbound_route_map_id":   inboundRouteMapId,
+			"outbound_route_map_id":  outboundRouteMapId,
 		},
 	}
 }

diff --git a/internal/services/network/vpn_gateway_connection_resource_test.go b/internal/services/network/vpn_gateway_connection_resource_test.go
@@ -235,6 +235,22 @@ func TestAccVpnGatewayConnection_customBgpAddress(t *testing.T) {
 	})
 }
 
+func TestAccVpnGatewayConnection_routeMap(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_vpn_gateway_connection", "test")
+	r := VPNGatewayConnectionResource{}
+	nameSuffix := randString()
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.routeMap(data, nameSuffix),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (t VPNGatewayConnectionResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := parse.VpnConnectionID(state.ID)
 	if err != nil {
@@ -648,6 +664,104 @@ resource "azurerm_vpn_gateway_connection" "test" {
 `, data.RandomInteger, data.Locations.Primary)
 }
 
+func (r VPNGatewayConnectionResource) routeMap(data acceptance.TestData, nameSuffix string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_route_map" "test" {
+  name           = "acctestrm-%[2]s"
+  virtual_hub_id = azurerm_virtual_hub.test.id
+
+  rule {
+    name                 = "rule1"
+    next_step_if_matched = "Continue"
+
+    action {
+      type = "Add"
+
+      parameter {
+        as_path = ["22334"]
+      }
+    }
+
+    match_criterion {
+      match_condition = "Contains"
+      route_prefix    = ["10.0.0.0/8"]
+    }
+  }
+}
+
+resource "azurerm_route_map" "test2" {
+  name           = "acctestrmn-%[2]s"
+  virtual_hub_id = azurerm_virtual_hub.test.id
+
+  rule {
+    name                 = "rule1"
+    next_step_if_matched = "Continue"
+
+    action {
+      type = "Add"
+
+      parameter {
+        as_path = ["22334"]
+      }
+    }
+
+    match_criterion {
+      match_condition = "Contains"
+      route_prefix    = ["10.0.0.0/8"]
+    }
+  }
+}
+
+resource "azurerm_vpn_gateway_connection" "test" {
+  name               = "acctest-VpnGwConn-%[3]d"
+  vpn_gateway_id     = azurerm_vpn_gateway.test.id
+  remote_vpn_site_id = azurerm_vpn_site.test.id
+
+  routing {
+    associated_route_table = azurerm_virtual_hub.test.default_route_table_id
+    inbound_route_map_id   = azurerm_route_map.test.id
+    outbound_route_map_id  = azurerm_route_map.test2.id
+
+    propagated_route_table {
+      route_table_ids = [azurerm_virtual_hub.test.default_route_table_id]
+      labels          = ["label1"]
+    }
+  }
+
+  vpn_link {
+    name             = "link1"
+    vpn_site_link_id = azurerm_vpn_site.test.link[0].id
+
+    ipsec_policy {
+      sa_lifetime_sec          = 300
+      sa_data_size_kb          = 1024
+      encryption_algorithm     = "AES256"
+      integrity_algorithm      = "SHA256"
+      ike_encryption_algorithm = "AES128"
+      ike_integrity_algorithm  = "SHA256"
+      dh_group                 = "DHGroup14"
+      pfs_group                = "PFS14"
+    }
+
+    bandwidth_mbps                        = 30
+    protocol                              = "IKEv2"
+    ratelimit_enabled                     = true
+    route_weight                          = 2
+    shared_key                            = "secret"
+    local_azure_ip_address_enabled        = true
+    policy_based_traffic_selector_enabled = true
+  }
+
+  vpn_link {
+    name             = "link3"
+    vpn_site_link_id = azurerm_vpn_site.test.link[1].id
+  }
+}
+`, r.template(data), nameSuffix, data.RandomInteger)
+}
+
 func (VPNGatewayConnectionResource) template(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {

diff --git a/website/docs/r/vpn_gateway_connection.html.markdown b/website/docs/r/vpn_gateway_connection.html.markdown
@@ -151,6 +151,10 @@ A `routing` block supports the following:
 
 * `propagated_route_table` - (Optional) A `propagated_route_table` block as defined below.
 
+* `inbound_route_map_id` - (Optional) The resource ID of the Route Map associated with this Routing Configuration for inbound learned routes.
+
+* `outbound_route_map_id` - (Optional) The resource ID of the Route Map associated with this Routing Configuration for outbound advertised routes.
+
 ---
 
 A `traffic_selector_policy` block supports the following: