ExpressRoute Code

azure_express_route/README.md

@@ -0,0 +1,88 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.9.0, < 2.0.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >=3.112.0, < 4.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >=3.112.0, < 4.0.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_express_route_circuit"></a> [express\_route\_circuit](#module\_express\_route\_circuit) | ./express_route_circuit | n/a |
+| <a name="module_express_route_connection"></a> [express\_route\_connection](#module\_express\_route\_connection) | ./express_route_connection | n/a |
+| <a name="module_express_route_peering"></a> [express\_route\_peering](#module\_express\_route\_peering) | ./express_route_circuit_peering | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_authorization_key"></a> [authorization\_key](#input\_authorization\_key) | (Optional) The authorization key to establish the Express Route Connection. | `string` | `null` | no |
+| <a name="input_circuit_peering"></a> [circuit\_peering](#input\_circuit\_peering) | Express Route circuit peering configuration | <pre>list(object({<br>    peering_type                  = string<br>    express_route_circuit_name    = string<br>    vlan_id                       = number<br>    primary_peer_address_prefix   = optional(string)<br>    secondary_peer_address_prefix = optional(string)<br>    ipv4_enabled                  = optional(bool, true)<br>    shared_key                    = optional(string, null)<br>    peer_asn                      = optional(number, null)<br>    microsoft_peering_config = optional(object({<br>      advertised_public_prefixes = list(string)<br>      customer_asn               = optional(number, 0)<br>      routing_registry_name      = optional(string, "NONE")<br>      advertised_communities     = optional(list(string))<br>    }), null)<br>    ipv6 = optional(object({<br>      primary_peer_address_prefix   = string<br>      secondary_peer_address_prefix = string<br>      enabled                       = optional(bool, true)<br>      microsoft_peering = optional(object({<br>        advertised_public_prefixes = list(string)<br>        customer_asn               = optional(number, 0)<br>        routing_registry_name      = optional(string, "NONE")<br>        advertised_communities     = optional(list(string))<br>      }), null)<br>      route_filter_id = optional(string, null)<br>    }), null)<br>    route_filter_id = optional(string, null)<br>  }))</pre> | `[]` | no |
+| <a name="input_circuit_peering_type"></a> [circuit\_peering\_type](#input\_circuit\_peering\_type) | (Required) The type of the Express Route Circuit Peering. | `string` | n/a | yes |
+| <a name="input_enable_internet_security"></a> [enable\_internet\_security](#input\_enable\_internet\_security) | (Optional) Is Internet security enabled for this Express Route Connection? | `bool` | `null` | no |
+| <a name="input_express_route_circuit"></a> [express\_route\_circuit](#input\_express\_route\_circuit) | Express Route circuit configuration | <pre>list(object({<br>    express_route_circuit_name = string<br>    location                   = string<br>    sku = object({<br>      tier   = string<br>      family = string<br>    })<br>    service_provider_name    = optional(string, null)<br>    peering_location         = optional(string, null)<br>    bandwidth_in_mbps        = optional(number, null)<br>    allow_classic_operations = optional(bool, false)<br>    express_route_port_id    = optional(string, null)<br>    bandwidth_in_gbps        = optional(number, null)<br>    authorization_key        = optional(string, null)<br>  }))</pre> | `[]` | no |
+| <a name="input_express_route_circuit_name"></a> [express\_route\_circuit\_name](#input\_express\_route\_circuit\_name) | (Required) The name of the Express Route Circuit that this Express Route Connection connects with. | `string` | n/a | yes |
+| <a name="input_express_route_circuit_resource_group_name"></a> [express\_route\_circuit\_resource\_group\_name](#input\_express\_route\_circuit\_resource\_group\_name) | (Required) The name of the Resource Group where the Express Route circuit is located. | `string` | n/a | yes |
+| <a name="input_express_route_connection_name"></a> [express\_route\_connection\_name](#input\_express\_route\_connection\_name) | (Required) The name which should be used for this Express Route Connection. | `string` | n/a | yes |
+| <a name="input_express_route_gateway_bypass_enabled"></a> [express\_route\_gateway\_bypass\_enabled](#input\_express\_route\_gateway\_bypass\_enabled) | (Optional) Specified whether Fast Path is enabled for Virtual Wan Firewall Hub. | `bool` | `false` | no |
+| <a name="input_express_route_gateway_name"></a> [express\_route\_gateway\_name](#input\_express\_route\_gateway\_name) | (Required) The name of the Express Route Gateway that this Express Route Connection connects with. | `string` | n/a | yes |
+| <a name="input_express_route_gateway_resource_group_name"></a> [express\_route\_gateway\_resource\_group\_name](#input\_express\_route\_gateway\_resource\_group\_name) | (Required) The name of the Resource Group where the Express Route Gateway is located. | `string` | n/a | yes |
+| <a name="input_private_link_fast_path_enabled"></a> [private\_link\_fast\_path\_enabled](#input\_private\_link\_fast\_path\_enabled) | (Optional) Bypass the Express Route gateway when accessing private-links. When enabled express\_route\_gateway\_bypass\_enabled must be set to true. | `bool` | `false` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | (Required) Specifies the supported Azure location where the resource exists. | `string` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the resource group in which to create the ExpressRoute circuit. | `string` | n/a | yes |
+| <a name="input_routing"></a> [routing](#input\_routing) | (Optional) A routing block as defined below. | <pre>object({<br>    associated_route_table_id = optional(string)<br>    inbound_route_map_id      = optional(string)<br>    outbound_route_map_id     = optional(string)<br>    propagated_route_table = optional(object({<br>      labels          = optional(list(string))<br>      route_table_ids = optional(list(string))<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_routing_weight"></a> [routing\_weight](#input\_routing\_weight) | (Optional) The routing weight associated to the Express Route Connection. | `number` | `0` | no |
+| <a name="input_subscription_id_connectivity"></a> [subscription\_id\_connectivity](#input\_subscription\_id\_connectivity) | Subscription ID to use for "connectivity" resources. | `string` | n/a | yes |
+| <a name="input_subscription_id_management"></a> [subscription\_id\_management](#input\_subscription\_id\_management) | Subscription ID to use for "management" resources. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_circuit_peering_id"></a> [circuit\_peering\_id](#output\_circuit\_peering\_id) | The ID of the ExpressRoute Circuit Peering. |
+| <a name="output_connection_id"></a> [connection\_id](#output\_connection\_id) | The ID of the ExpressRoute Connection. |
+| <a name="output_express_route_circuit_id"></a> [express\_route\_circuit\_id](#output\_express\_route\_circuit\_id) | The ID of the ExpressRoute Circuit. |
+| <a name="output_service_key"></a> [service\_key](#output\_service\_key) | The service key of the ExpressRoute Circuit. |
+| <a name="output_service_provider_provisioning_state"></a> [service\_provider\_provisioning\_state](#output\_service\_provider\_provisioning\_state) | The provisioning state of the ExpressRoute Circuit Service Provider. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

azure_express_route/express_route_circuit/README.md

@@ -0,0 +1,45 @@
+# express_route_circuit
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_express_route_circuit.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/express_route_circuit) | resource |
+| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_express_route_circuit"></a> [express\_route\_circuit](#input\_express\_route\_circuit) | Express Route circuit configuration | <pre>list(object({<br>    express_route_circuit_name = string<br>    location                   = string<br>    sku = object({<br>      tier   = string<br>      family = string<br>    })<br>    service_provider_name    = optional(string, null)<br>    peering_location         = optional(string, null)<br>    bandwidth_in_mbps        = optional(number, null)<br>    allow_classic_operations = optional(bool, false)<br>    express_route_port_id    = optional(string, null)<br>    bandwidth_in_gbps        = optional(number, null)<br>    authorization_key        = optional(string, null)<br>  }))</pre> | `[]` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | (Required) Specifies the supported Azure location where the resource exists. | `string` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the resource group in which to create the ExpressRoute circuit. | `string` | n/a | yes |
+| <a name="input_subscription_id_connectivity"></a> [subscription\_id\_connectivity](#input\_subscription\_id\_connectivity) | Subscription ID to use for "connectivity" resources. | `string` | n/a | yes |
+| <a name="input_subscription_id_management"></a> [subscription\_id\_management](#input\_subscription\_id\_management) | Subscription ID to use for "management" resources. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_express_route_circuit_id"></a> [express\_route\_circuit\_id](#output\_express\_route\_circuit\_id) | The ID of the ExpressRoute Circuit. |
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | The name of the Resource Group. |
+| <a name="output_service_key"></a> [service\_key](#output\_service\_key) | The service key of the ExpressRoute Circuit. |
+| <a name="output_service_provider_provisioning_state"></a> [service\_provider\_provisioning\_state](#output\_service\_provider\_provisioning\_state) | The provisioning state of the ExpressRoute Circuit Service Provider. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

azure_express_route/express_route_circuit/data.tf

@@ -0,0 +1,2 @@
+# Get the current client configuration from the AzureRM provider
+data "azurerm_client_config" "current" {}

azure_express_route/express_route_circuit/express_route_circuit.tf

@@ -0,0 +1,23 @@
+resource "azurerm_express_route_circuit" "this" {
+  for_each = { for circuit in var.express_route_circuit : circuit.express_route_circuit_name => circuit }
+
+  name                = each.value.express_route_circuit_name
+  resource_group_name = azurerm_resource_group.this.name
+  location            = each.value.location
+
+  sku {
+    tier   = each.value.sku.tier
+    family = each.value.sku.family
+  }
+
+  service_provider_name    = each.value.service_provider_name
+  peering_location         = each.value.peering_location
+  bandwidth_in_mbps        = each.value.bandwidth_in_mbps
+  allow_classic_operations = each.value.allow_classic_operations
+
+  express_route_port_id = each.value.express_route_port_id
+  bandwidth_in_gbps     = each.value.bandwidth_in_gbps
+
+  authorization_key = each.value.authorization_key
+  tags              = var.tags
+}

azure_express_route/express_route_circuit/locals.tf

@@ -0,0 +1,4 @@
+locals {
+  subscription_id_connectivity = coalesce(var.subscription_id_connectivity, local.subscription_id_management)
+  subscription_id_management   = coalesce(var.subscription_id_management, data.azurerm_client_config.current.subscription_id)
+}

azure_express_route/express_route_circuit/main.tf

@@ -0,0 +1,4 @@
+resource "azurerm_resource_group" "this" {
+  name     = var.resource_group_name
+  location = var.resource_group_location
+}

azure_express_route/express_route_circuit/outputs.tf

@@ -0,0 +1,26 @@
+output "resource_group_name" {
+  description = "The name of the Resource Group."
+  value       = azurerm_resource_group.this.name
+}
+
+output "express_route_circuit_id" {
+  description = "The ID of the ExpressRoute Circuit."
+  value = {
+    for key, id in azurerm_express_route_circuit.this : key => id.id
+  }
+}
+
+output "service_provider_provisioning_state" {
+  description = "The provisioning state of the ExpressRoute Circuit Service Provider."
+  value = {
+    for key, state in azurerm_express_route_circuit.this : key => state.service_provider_provisioning_state
+  }
+}
+
+output "service_key" {
+  description = "The service key of the ExpressRoute Circuit."
+  value = {
+    for key, service_key in azurerm_express_route_circuit.this : key => service_key.service_key
+  }
+  sensitive = true
+}

azure_express_route/express_route_circuit/provider.tf

@@ -0,0 +1,22 @@
+# terraform {
+#   required_version = ">=1.9.0, < 2.0.0"
+
+#   required_providers {
+#     azurerm = {
+#       source  = "hashicorp/azurerm"
+#       version = ">=3.112.0, < 4.0.0"
+#     }
+
+#     azapi = {
+#       source = "azure/azapi"
+#     }
+#   }
+# }
+
+provider "azurerm" {
+  use_oidc = true
+  features {}
+  # NOTE: The assumption is that the pipeline will be using the Management subscription for the base provider
+  # The sub-modules will be using the subscription_id_connectivity
+  subscription_id = var.subscription_id_connectivity
+}

azure_express_route/express_route_circuit/variables-expressRoute-circuit.tf

@@ -0,0 +1,43 @@
+variable "express_route_circuit" {
+  description = "Express Route circuit configuration"
+  type = list(object({
+    express_route_circuit_name = string
+    location                   = string
+    sku = object({
+      tier   = string
+      family = string
+    })
+    service_provider_name    = optional(string, null)
+    peering_location         = optional(string, null)
+    bandwidth_in_mbps        = optional(number, null)
+    allow_classic_operations = optional(bool, false)
+    express_route_port_id    = optional(string, null)
+    bandwidth_in_gbps        = optional(number, null)
+    authorization_key        = optional(string, null)
+  }))
+  default = []
+
+  validation {
+    condition = alltrue([
+      for circuit in var.express_route_circuit : contains(["Basic", "Local", "Standard", "Premium"], circuit.sku.tier)
+    ])
+    error_message = "The sku tier must be either Basic, Local, Standard or Premium."
+  }
+
+  validation {
+    condition = alltrue([
+      for circuit in var.express_route_circuit : contains(["MeteredData", "UnlimitedData"], circuit.sku.family)
+    ])
+    error_message = "The sku family must be either MeteredData or UnlimitedData."
+  }
+}
+
+variable "resource_group_name" {
+  description = "(Required) The name of the resource group in which to create the ExpressRoute circuit."
+  type        = string
+}
+
+variable "resource_group_location" {
+  description = "(Required) Specifies the supported Azure location where the resource exists."
+  type        = string
+}

azure_express_route/express_route_circuit/variables.tf

@@ -0,0 +1,15 @@
+variable "subscription_id_management" {
+  type        = string
+  description = "Subscription ID to use for \"management\" resources."
+}
+
+variable "subscription_id_connectivity" {
+  type        = string
+  description = "Subscription ID to use for \"connectivity\" resources."
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "A mapping of tags to assign to the resource."
+  default     = null
+}

azure_express_route/express_route_circuit_peering/README.md

@@ -0,0 +1,40 @@
+# express_route_circuit_peering
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_express_route_circuit_peering.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/express_route_circuit_peering) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_circuit_peering"></a> [circuit\_peering](#input\_circuit\_peering) | Express Route circuit peering configuration | <pre>list(object({<br>    peering_type                  = string<br>    express_route_circuit_name    = string<br>    vlan_id                       = number<br>    primary_peer_address_prefix   = optional(string)<br>    secondary_peer_address_prefix = optional(string)<br>    ipv4_enabled                  = optional(bool, true)<br>    shared_key                    = optional(string, null)<br>    peer_asn                      = optional(number, null)<br>    microsoft_peering_config = optional(object({<br>      advertised_public_prefixes = list(string)<br>      customer_asn               = optional(number, 0)<br>      routing_registry_name      = optional(string, "NONE")<br>      advertised_communities     = optional(list(string))<br>    }), null)<br>    ipv6 = optional(object({<br>      primary_peer_address_prefix   = string<br>      secondary_peer_address_prefix = string<br>      enabled                       = optional(bool, true)<br>      microsoft_peering = optional(object({<br>        advertised_public_prefixes = list(string)<br>        customer_asn               = optional(number, 0)<br>        routing_registry_name      = optional(string, "NONE")<br>        advertised_communities     = optional(list(string))<br>      }), null)<br>      route_filter_id = optional(string, null)<br>    }), null)<br>    route_filter_id = optional(string, null)<br>  }))</pre> | `[]` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the resource group in which to create the ExpressRoute circuit. | `string` | n/a | yes |
+| <a name="input_subscription_id_connectivity"></a> [subscription\_id\_connectivity](#input\_subscription\_id\_connectivity) | Subscription ID to use for "connectivity" resources. | `string` | n/a | yes |
+| <a name="input_subscription_id_management"></a> [subscription\_id\_management](#input\_subscription\_id\_management) | Subscription ID to use for "management" resources. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_express_route_circuit_peering_id"></a> [express\_route\_circuit\_peering\_id](#output\_express\_route\_circuit\_peering\_id) | The ID of the ExpressRoute Circuit Peering. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->