From 2da606491e9ef153a3599dfc6fa0abe8c3b64015 Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Sun, 21 Oct 2018 11:54:32 +0200 Subject: [PATCH 1/7] Allow OpenVPN as a VPN client protocol --- azurerm/resource_arm_virtual_network_gateway.go | 1 + website/docs/d/virtual_network_gateway.html.markdown | 2 +- website/docs/r/virtual_network_gateway.html.markdown | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/azurerm/resource_arm_virtual_network_gateway.go b/azurerm/resource_arm_virtual_network_gateway.go index 083895abaa0d..a48a068af5b2 100644 --- a/azurerm/resource_arm_virtual_network_gateway.go +++ b/azurerm/resource_arm_virtual_network_gateway.go @@ -216,6 +216,7 @@ func resourceArmVirtualNetworkGateway() *schema.Resource { Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ string(network.IkeV2), + string(network.OpenVPN), string(network.SSTP), }, true), }, diff --git a/website/docs/d/virtual_network_gateway.html.markdown b/website/docs/d/virtual_network_gateway.html.markdown index 9294c1aa4c23..0d8a380fde56 100644 --- a/website/docs/d/virtual_network_gateway.html.markdown +++ b/website/docs/d/virtual_network_gateway.html.markdown @@ -91,7 +91,7 @@ The `vpn_client_configuration` block supports: This setting is incompatible with the use of `root_certificate` and `revoked_certificate`. * `vpn_client_protocols` - (Optional) List of the protocols supported by the vpn client. - The supported values are `SSTP` and `IkeV2`. + The supported values are `SSTP`, `IkeV2` and `OpenVPN`. The `bgp_settings` block supports: diff --git a/website/docs/r/virtual_network_gateway.html.markdown b/website/docs/r/virtual_network_gateway.html.markdown index 44a2f61b5af8..62ca98251b43 100644 --- a/website/docs/r/virtual_network_gateway.html.markdown +++ b/website/docs/r/virtual_network_gateway.html.markdown @@ -186,7 +186,7 @@ The `vpn_client_configuration` block supports: This setting is incompatible with the use of `root_certificate` and `revoked_certificate`. * `vpn_client_protocols` - (Optional) List of the protocols supported by the vpn client. - The supported values are `SSTP` and `IkeV2`. + The supported values are `SSTP`, `IkeV2` and `OpenVPN`. **NOTE**: The OpenVPN protocol is currently in Public Preview. You need to [opt in to be able to use OpenVPN as an option](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). The `bgp_settings` block supports: From 39b6345bfc8af1b385e901f28fd736d6a936ed21 Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Sun, 21 Oct 2018 12:06:41 +0200 Subject: [PATCH 2/7] Clarify opt in requirements --- website/docs/r/virtual_network_gateway.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/virtual_network_gateway.html.markdown b/website/docs/r/virtual_network_gateway.html.markdown index 62ca98251b43..31a55d6227bd 100644 --- a/website/docs/r/virtual_network_gateway.html.markdown +++ b/website/docs/r/virtual_network_gateway.html.markdown @@ -186,7 +186,7 @@ The `vpn_client_configuration` block supports: This setting is incompatible with the use of `root_certificate` and `revoked_certificate`. * `vpn_client_protocols` - (Optional) List of the protocols supported by the vpn client. - The supported values are `SSTP`, `IkeV2` and `OpenVPN`. **NOTE**: The OpenVPN protocol is currently in Public Preview. You need to [opt in to be able to use OpenVPN as an option](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). + The supported values are `SSTP`, `IkeV2` and `OpenVPN`. **NOTE**: The OpenVPN protocol is currently in Public Preview. You need to [opt in your subscription and the gateway itself after its creation to be able to use OpenVPN as an option](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). The `bgp_settings` block supports: From 1574b00a29df107160702258a1a45c1767b51f11 Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Sun, 21 Oct 2018 12:09:02 +0200 Subject: [PATCH 3/7] Revert "Clarify opt in requirements" This reverts commit 39b6345bfc8af1b385e901f28fd736d6a936ed21. --- website/docs/r/virtual_network_gateway.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/virtual_network_gateway.html.markdown b/website/docs/r/virtual_network_gateway.html.markdown index 31a55d6227bd..62ca98251b43 100644 --- a/website/docs/r/virtual_network_gateway.html.markdown +++ b/website/docs/r/virtual_network_gateway.html.markdown @@ -186,7 +186,7 @@ The `vpn_client_configuration` block supports: This setting is incompatible with the use of `root_certificate` and `revoked_certificate`. * `vpn_client_protocols` - (Optional) List of the protocols supported by the vpn client. - The supported values are `SSTP`, `IkeV2` and `OpenVPN`. **NOTE**: The OpenVPN protocol is currently in Public Preview. You need to [opt in your subscription and the gateway itself after its creation to be able to use OpenVPN as an option](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). + The supported values are `SSTP`, `IkeV2` and `OpenVPN`. **NOTE**: The OpenVPN protocol is currently in Public Preview. You need to [opt in to be able to use OpenVPN as an option](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). The `bgp_settings` block supports: From 2f910ab614eeed69cb314f17079eb4b7d83bf5a7 Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Sun, 21 Oct 2018 19:40:10 +0200 Subject: [PATCH 4/7] Add OpenVPN client config option to test --- azurerm/resource_arm_virtual_network_gateway_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_virtual_network_gateway_test.go b/azurerm/resource_arm_virtual_network_gateway_test.go index cf0b8754c2df..b3ccc405bd29 100644 --- a/azurerm/resource_arm_virtual_network_gateway_test.go +++ b/azurerm/resource_arm_virtual_network_gateway_test.go @@ -493,7 +493,7 @@ resource "azurerm_virtual_network_gateway" "test" { vpn_client_configuration { address_space = ["10.2.0.0/24"] - vpn_client_protocols = ["SSTP", "IkeV2"] + vpn_client_protocols = ["SSTP", "IkeV2", "OpenVPN"] radius_server_address = "1.2.3.4" radius_server_secret = "1234" From b37148bb7d7e38a1cda015ab42d9e4627f89dc1e Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Mon, 22 Oct 2018 08:50:16 +0200 Subject: [PATCH 5/7] Revert "Add OpenVPN client config option to test" This reverts commit 2f910ab614eeed69cb314f17079eb4b7d83bf5a7. --- azurerm/resource_arm_virtual_network_gateway_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_virtual_network_gateway_test.go b/azurerm/resource_arm_virtual_network_gateway_test.go index b3ccc405bd29..cf0b8754c2df 100644 --- a/azurerm/resource_arm_virtual_network_gateway_test.go +++ b/azurerm/resource_arm_virtual_network_gateway_test.go @@ -493,7 +493,7 @@ resource "azurerm_virtual_network_gateway" "test" { vpn_client_configuration { address_space = ["10.2.0.0/24"] - vpn_client_protocols = ["SSTP", "IkeV2", "OpenVPN"] + vpn_client_protocols = ["SSTP", "IkeV2"] radius_server_address = "1.2.3.4" radius_server_secret = "1234" From c2d623914201a11ef151b2602497a719d6d495a7 Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Mon, 22 Oct 2018 09:23:13 +0200 Subject: [PATCH 6/7] Add dedicated test for OpenVPN client protocol --- ...source_arm_virtual_network_gateway_test.go | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/azurerm/resource_arm_virtual_network_gateway_test.go b/azurerm/resource_arm_virtual_network_gateway_test.go index cf0b8754c2df..024ad1b5f0c6 100644 --- a/azurerm/resource_arm_virtual_network_gateway_test.go +++ b/azurerm/resource_arm_virtual_network_gateway_test.go @@ -185,6 +185,27 @@ func TestAccAzureRMVirtualNetworkGateway_vpnClientConfig(t *testing.T) { }) } +func TestAccAzureRMVirtualNetworkGateway_vpnClientConfigOpenVPN(t *testing.T) { + ri := acctest.RandInt() + resourceName := "azurerm_virtual_network_gateway.test" + config := testAccAzureRMVirtualNetworkGateway_vpnClientConfigOpenVPN(ri, testLocation()) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMVirtualNetworkGatewayDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMVirtualNetworkGatewayExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "vpn_client_configuration.0.vpn_client_protocols.#", "1"), + ), + }, + }, + }) +} + func testCheckAzureRMVirtualNetworkGatewayExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { name, resourceGroup, err := getArmResourceNameAndGroup(s, name) @@ -502,6 +523,58 @@ resource "azurerm_virtual_network_gateway" "test" { `, rInt, location, rInt, rInt, rInt) } +func testAccAzureRMVirtualNetworkGateway_vpnClientConfigOpenVPN(rInt int, location string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + address_space = ["10.0.0.0/16"] +} + +resource "azurerm_subnet" "test" { + name = "GatewaySubnet" + resource_group_name = "${azurerm_resource_group.test.name}" + virtual_network_name = "${azurerm_virtual_network.test.name}" + address_prefix = "10.0.1.0/24" +} + +resource "azurerm_public_ip" "test" { + name = "acctestpip-%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + public_ip_address_allocation = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "test" { + depends_on = ["azurerm_public_ip.test"] + name = "acctestvng-%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + + type = "Vpn" + vpn_type = "RouteBased" + sku = "VpnGw1" + + ip_configuration { + public_ip_address_id = "${azurerm_public_ip.test.id}" + private_ip_address_allocation = "Dynamic" + subnet_id = "${azurerm_subnet.test.id}" + } + + vpn_client_configuration { + address_space = ["10.2.0.0/24"] + vpn_client_protocols = ["OpenVPN"] + } +} +`, rInt, location, rInt, rInt, rInt) +} + func testAccAzureRMVirtualNetworkGateway_sku(rInt int, location string, sku string) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { From f4ab41280d4b11f7ab407a73b4e15e05e556dcc7 Mon Sep 17 00:00:00 2001 From: Matthias Blaser Date: Mon, 22 Oct 2018 18:15:16 +0200 Subject: [PATCH 7/7] Update NOTE format and wording --- website/docs/r/virtual_network_gateway.html.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/r/virtual_network_gateway.html.markdown b/website/docs/r/virtual_network_gateway.html.markdown index 62ca98251b43..5be265087ff5 100644 --- a/website/docs/r/virtual_network_gateway.html.markdown +++ b/website/docs/r/virtual_network_gateway.html.markdown @@ -186,7 +186,9 @@ The `vpn_client_configuration` block supports: This setting is incompatible with the use of `root_certificate` and `revoked_certificate`. * `vpn_client_protocols` - (Optional) List of the protocols supported by the vpn client. - The supported values are `SSTP`, `IkeV2` and `OpenVPN`. **NOTE**: The OpenVPN protocol is currently in Public Preview. You need to [opt in to be able to use OpenVPN as an option](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). + The supported values are `SSTP`, `IkeV2` and `OpenVPN`. + +-> **NOTE:** Support for `OpenVPN` as a Client Protocol is currently in Public Preview - [you can register for this Preview using this link](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn). The `bgp_settings` block supports: