@microsoft/terraform-cdk-constructs 1.4.0 → 1.6.0

package/lib/azure-virtualnetworkgatewayconnection/lib/virtual-network-gateway-connection.d.ts

@@ -0,0 +1,333 @@
+/**
+ * Azure Virtual Network Gateway Connection implementation using AzapiResource framework
+ *
+ * This class provides a unified implementation for Azure Virtual Network Gateway Connections that
+ * automatically handles version management, schema validation, and property
+ * transformation across all supported API versions.
+ *
+ * Supported API Versions:
+ * - 2024-01-01 (Active)
+ * - 2024-05-01 (Active, Latest)
+ *
+ * Features:
+ * - Automatic latest version resolution when no version is specified
+ * - Explicit version pinning for stability requirements
+ * - Schema-driven validation and transformation
+ * - Type-safe connection type handling using discriminated unions
+ * - Full backward compatibility
+ * - JSII compliance for multi-language support
+ */
+import * as cdktf from "cdktf";
+import { Construct } from "constructs";
+import { AzapiResource, AzapiResourceProps } from "../../core-azure/lib/azapi/azapi-resource";
+import { ApiSchema } from "../../core-azure/lib/version-manager/interfaces/version-interfaces";
+/**
+ * Reference to a Virtual Network Gateway
+ */
+export interface GatewayReference {
+    /**
+     * Resource ID of the virtual network gateway
+     */
+    readonly id: string;
+}
+/**
+ * Reference to an ExpressRoute circuit peer
+ */
+export interface PeerReference {
+    /**
+     * Resource ID of the ExpressRoute circuit
+     */
+    readonly id: string;
+}
+/**
+ * IPsec policy configuration
+ */
+export interface IpsecPolicy {
+    /**
+     * DH Group for IKE Phase 1
+     * @example "DHGroup14", "DHGroup2048", "ECP256", "ECP384"
+     */
+    readonly dhGroup: string;
+    /**
+     * IKE encryption algorithm
+     * @example "AES128", "AES192", "AES256", "GCMAES128", "GCMAES256"
+     */
+    readonly ikeEncryption: string;
+    /**
+     * IKE integrity algorithm
+     * @example "SHA256", "SHA384", "GCMAES128", "GCMAES256"
+     */
+    readonly ikeIntegrity: string;
+    /**
+     * IPsec encryption algorithm
+     * @example "AES128", "AES192", "AES256", "GCMAES128", "GCMAES192", "GCMAES256"
+     */
+    readonly ipsecEncryption: string;
+    /**
+     * IPsec integrity algorithm
+     * @example "SHA256", "GCMAES128", "GCMAES192", "GCMAES256"
+     */
+    readonly ipsecIntegrity: string;
+    /**
+     * PFS Group for IKE Phase 2
+     * @example "None", "PFS1", "PFS2", "PFS2048", "ECP256", "ECP384", "PFS24", "PFS14", "PFSMM"
+     */
+    readonly pfsGroup: string;
+    /**
+     * SA lifetime in seconds
+     * @example 3600
+     */
+    readonly saLifeTimeSeconds: number;
+    /**
+     * SA data size in kilobytes
+     * @example 102400000
+     */
+    readonly saDataSizeKilobytes: number;
+}
+/**
+ * NAT rule reference
+ */
+export interface NatRuleReference {
+    /**
+     * Resource ID of the NAT rule
+     */
+    readonly id: string;
+}
+/**
+ * Properties for the Azure Virtual Network Gateway Connection
+ *
+ * Supports three connection types: IPsec (Site-to-Site), VNet-to-VNet, and ExpressRoute
+ */
+export interface VirtualNetworkGatewayConnectionProps extends AzapiResourceProps {
+    /**
+     * Connection type
+     * Must be "IPsec", "Vnet2Vnet", or "ExpressRoute"
+     */
+    readonly connectionType: "IPsec" | "Vnet2Vnet" | "ExpressRoute";
+    /**
+     * Resource group ID where the connection will be created
+     */
+    readonly resourceGroupId: string;
+    /**
+     * Reference to the first virtual network gateway
+     * Required for all connection types
+     */
+    readonly virtualNetworkGateway1: GatewayReference;
+    /**
+     * Reference to the local network gateway
+     * Required for IPsec connections only
+     */
+    readonly localNetworkGateway2?: GatewayReference;
+    /**
+     * Reference to the second virtual network gateway
+     * Required for Vnet2Vnet connections only
+     */
+    readonly virtualNetworkGateway2?: GatewayReference;
+    /**
+     * Reference to the ExpressRoute circuit
+     * Required for ExpressRoute connections only
+     */
+    readonly peer?: PeerReference;
+    /**
+     * Shared key for the connection
+     * Required for IPsec and Vnet2Vnet connections
+     */
+    readonly sharedKey?: string;
+    /**
+     * Authorization key for the ExpressRoute circuit
+     * Optional - for cross-subscription ExpressRoute connections
+     */
+    readonly authorizationKey?: string;
+    /**
+     * Connection protocol to use
+     * @defaultValue "IKEv2"
+     */
+    readonly connectionProtocol?: "IKEv2" | "IKEv1";
+    /**
+     * Enable BGP for the connection
+     * @defaultValue false
+     */
+    readonly enableBgp?: boolean;
+    /**
+     * Routing weight for the connection
+     */
+    readonly routingWeight?: number;
+    /**
+     * DPD timeout in seconds
+     */
+    readonly dpdTimeoutSeconds?: number;
+    /**
+     * Custom IPsec policies
+     */
+    readonly ipsecPolicies?: IpsecPolicy[];
+    /**
+     * Enable policy-based traffic selectors
+     * @defaultValue false
+     */
+    readonly usePolicyBasedTrafficSelectors?: boolean;
+    /**
+     * Connection mode
+     * @defaultValue "Default"
+     */
+    readonly connectionMode?: "Default" | "ResponderOnly" | "InitiatorOnly";
+    /**
+     * Egress NAT rules
+     */
+    readonly egressNatRules?: NatRuleReference[];
+    /**
+     * Ingress NAT rules
+     */
+    readonly ingressNatRules?: NatRuleReference[];
+    /**
+     * The lifecycle rules to ignore changes
+     * @example ["tags"]
+     */
+    readonly ignoreChanges?: string[];
+}
+/**
+ * Azure Virtual Network Gateway Connection implementation
+ *
+ * This class provides a single, version-aware implementation that replaces
+ * version-specific Virtual Network Gateway Connection classes. It automatically handles version
+ * resolution, schema validation, and property transformation while maintaining
+ * full backward compatibility.
+ *
+ * Virtual Network Gateway Connections establish connectivity between Virtual Network Gateways
+ * and other networking endpoints:
+ * - IPsec: Site-to-Site VPN connections to on-premises networks
+ * - Vnet2Vnet: VNet-to-VNet connections between Azure virtual networks
+ * - ExpressRoute: Private connections to Azure via ExpressRoute circuits
+ *
+ * @example
+ * // IPsec (Site-to-Site VPN) Connection:
+ * const s2sConnection = new VirtualNetworkGatewayConnection(this, "s2sConnection", {
+ *   name: "my-s2s-connection",
+ *   location: "eastus",
+ *   resourceGroupId: resourceGroup.id,
+ *   connectionType: "IPsec",
+ *   virtualNetworkGateway1: { id: vpnGateway.id },
+ *   localNetworkGateway2: { id: localGateway.id },
+ *   sharedKey: "mySecureSharedKey123!"
+ * });
+ *
+ * @example
+ * // VNet-to-VNet Connection:
+ * const vnetConnection = new VirtualNetworkGatewayConnection(this, "vnetConnection", {
+ *   name: "my-vnet-connection",
+ *   location: "eastus",
+ *   resourceGroupId: resourceGroup.id,
+ *   connectionType: "Vnet2Vnet",
+ *   virtualNetworkGateway1: { id: vpnGateway1.id },
+ *   virtualNetworkGateway2: { id: vpnGateway2.id },
+ *   sharedKey: "mySecureSharedKey123!",
+ *   enableBgp: true
+ * });
+ *
+ * @example
+ * // ExpressRoute Connection:
+ * const erConnection = new VirtualNetworkGatewayConnection(this, "erConnection", {
+ *   name: "my-er-connection",
+ *   location: "eastus",
+ *   resourceGroupId: resourceGroup.id,
+ *   connectionType: "ExpressRoute",
+ *   virtualNetworkGateway1: { id: erGateway.id },
+ *   peer: { id: expressRouteCircuit.id },
+ *   authorizationKey: "optional-auth-key-if-cross-subscription"
+ * });
+ *
+ * @example
+ * // IPsec Connection with Custom IPsec Policies:
+ * const customConnection = new VirtualNetworkGatewayConnection(this, "customConnection", {
+ *   name: "my-custom-connection",
+ *   location: "eastus",
+ *   resourceGroupId: resourceGroup.id,
+ *   connectionType: "IPsec",
+ *   virtualNetworkGateway1: { id: vpnGateway.id },
+ *   localNetworkGateway2: { id: localGateway.id },
+ *   sharedKey: "mySecureSharedKey123!",
+ *   connectionProtocol: "IKEv2",
+ *   ipsecPolicies: [{
+ *     dhGroup: "DHGroup14",
+ *     ikeEncryption: "AES256",
+ *     ikeIntegrity: "SHA256",
+ *     ipsecEncryption: "AES256",
+ *     ipsecIntegrity: "SHA256",
+ *     pfsGroup: "PFS2048",
+ *     saLifeTimeSeconds: 3600,
+ *     saDataSizeKilobytes: 102400000
+ *   }],
+ *   usePolicyBasedTrafficSelectors: true
+ * });
+ *
+ * @stability stable
+ */
+export declare class VirtualNetworkGatewayConnection extends AzapiResource {
+    /**
+     * The input properties for this Virtual Network Gateway Connection instance
+     */
+    readonly props: VirtualNetworkGatewayConnectionProps;
+    readonly idOutput: cdktf.TerraformOutput;
+    readonly nameOutput: cdktf.TerraformOutput;
+    readonly locationOutput: cdktf.TerraformOutput;
+    readonly tagsOutput: cdktf.TerraformOutput;
+    /**
+     * Creates a new Azure Virtual Network Gateway Connection using the AzapiResource framework
+     *
+     * The constructor automatically handles version resolution, schema registration,
+     * validation, and resource creation. It maintains full backward compatibility
+     * with existing Virtual Network Gateway Connection implementations.
+     *
+     * @param scope - The scope in which to define this construct
+     * @param id - The unique identifier for this instance
+     * @param props - Configuration properties for the Virtual Network Gateway Connection
+     */
+    constructor(scope: Construct, id: string, props: VirtualNetworkGatewayConnectionProps);
+    /**
+     * Gets the default API version to use when no explicit version is specified
+     * Returns the most recent stable version as the default
+     */
+    protected defaultVersion(): string;
+    /**
+     * Gets the Azure resource type for Virtual Network Gateway Connections
+     */
+    protected resourceType(): string;
+    /**
+     * Gets the API schema for the resolved version
+     * Uses the framework's schema resolution to get the appropriate schema
+     */
+    protected apiSchema(): ApiSchema;
+    /**
+     * Indicates that location is required for Virtual Network Gateway Connections
+     */
+    protected requiresLocation(): boolean;
+    /**
+     * Creates the resource body for the Azure API call
+     * Transforms the input properties into the JSON format expected by Azure REST API
+     * Handles type-specific properties based on connectionType
+     */
+    protected createResourceBody(props: any): any;
+    /**
+     * Get the subscription ID from the Virtual Network Gateway Connection ID
+     * Extracts the subscription ID from the Azure resource ID format
+     */
+    get subscriptionId(): string;
+    /**
+     * Get the full resource identifier for use in other Azure resources
+     * Alias for the id property to match original interface
+     */
+    get resourceId(): string;
+    /**
+     * Add a tag to the Virtual Network Gateway Connection
+     * Note: This modifies the construct props but requires a new deployment to take effect
+     */
+    addTag(key: string, value: string): void;
+    /**
+     * Remove a tag from the Virtual Network Gateway Connection
+     * Note: This modifies the construct props but requires a new deployment to take effect
+     */
+    removeTag(key: string): void;
+    /**
+     * Applies ignore changes lifecycle rules if specified in props
+     */
+    private _applyIgnoreChanges;
+}