upgrade: vnet-gateway to avm (#94)

<!-- Thank you for submitting a Pull Request. Please fill out the
template below.-->
## Overview/Summary

Replace this with a brief description of what this Pull Request fixes,
changes, etc.

## This PR fixes/adds/changes/removes

1. #96 

### Breaking Changes

1. None

## Testing Evidence

Please provide any testing evidence to show that your Pull Request
works/fixes as described and planned (include screenshots, if
appropriate).

## As part of this Pull Request I have

- [x] Checked for duplicate [Pull
Requests](https://github.com/Azure/alz-terraform-accelerator/pulls)
- [x] Associated it with relevant
[issues](https://github.com/Azure/alz-terraform-accelerator/issues), for
tracking and closure.
- [x] Ensured my code/branch is up-to-date with the latest changes in
the `main`
[branch](https://github.com/Azure/alz-terraform-accelerator/tree/main)
- [x] Performed testing and provided evidence.
- [x] Updated relevant and associated documentation.

---------

Co-authored-by: Jared Holgate <[email protected]>

docs/wiki/[User-Guide]-Starter-Module-Complete.md

@@ -69,7 +69,7 @@ The `config.yaml` file also comes with helpful templated variables such as `defa
 
 > **Note:** We recommend that you use the `caf-enterprise-scale` module for management groups and policies, and the `hubnetworking` module for connectivity resources. However, connectivity resources can be deployed using the `caf-enterprise-scale` module if you desire.
 
-The schema for the `config.yaml` is documented here - [YAML Schema for `config.yaml`][wiki_yaml_schema_reference].
+The schema for the `config.yaml` is documented here - [Configuration YAML Schema][wiki_yaml_schema_reference].
 
 ## High Level Design
 
@@ -86,9 +86,9 @@ The `caf-enterprise-scale` module is used to deploy the management group hierarc
 The `hubnetworking` module is used to deploy connectivity resources such as Virtual Networks and Firewalls.
 This module can be extended to deploy multiple Virtual Networks at scale, Route Tables, and Resource Locks. For more information on the module itself see [here](https://github.com/Azure/terraform-azurerm-hubnetworking).
 
-### `vnet-gateway`
+### `avm-ptn-vnetgateway`
 
-The `vnet-gateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. Further configuration can be added (depending on requirements) to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways, and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-vnet-gateway).
+The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. Further configuration can be added (depending on requirements) to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways, and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway).
 
 ## Inputs
 

docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md

@@ -16,10 +16,10 @@ The `caf-enterprise-scale` has been used to deploy the management group hierarch
 The `hubnetworking` module is used to deploy connectivity resources such as Virtual Networks and Firewalls. By default, the module will deploy a Virtual Network with a Firewall in your `default_location`.
  This module can be extended however to deploy multiple Virtual Networks at scale, Route Tables, and Resource Locks. For more information on the module itself see [here](https://github.com/Azure/terraform-azurerm-hubnetworking).
 
-### `vnet-gateway`
+### `avm-ptn-vnetgateway`
 
-The `vnet-gateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. By default, the resources of the module will not be deployed unless `virtual_network_gateway_creation_enabled` is set to true, if so, the module will deploy a VPN Gateway with SKU VpnGw1.
- Further configuration can be added depending on requirements to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-vnet-gateway).
+The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. By default, the resources of the module will not be deployed unless `virtual_network_gateway_creation_enabled` is set to true, if so, the module will deploy a VPN Gateway with SKU VpnGw1.
+ Further configuration can be added depending on requirements to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway).
 
 ## Inputs
 

docs/wiki/[User-Guide]-YAML-Schema-Reference.md

@@ -121,7 +121,7 @@ connectivity:
 
 ## `connectivity.hubnetworking.hub_virtual_networks.<hub_key>.virtual_network_gateway`
 
-Specifies the virtual network gateway configuration to be used from the `terraform-azurerm-vnet-gateway` module.
+Specifies the virtual network gateway configuration to be used from the `terraform-azurerm-avm-ptn-vnetgateway` module.
 
 ```yaml
 
@@ -133,10 +133,11 @@ connectivity:
         resource_group_name: # string
         location: # string
         address_space: # list
-        virtual_network_gateway: # Arguments from https://github.com/Azure/terraform-azurerm-vnet-gateway/blob/v0.1.2/variables.tf converted to YAML.
+        virtual_network_gateway: # Arguments from https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway/blob/v0.2.0/variables.tf converted to YAML.
           name: # string
           sku: # string
           subnet_address_prefix: # string
+          subnet_id: # string
           type: # string
           default_tags: # object
           edge_zone: # string

docs/wiki/_Sidebar.md

@@ -18,7 +18,7 @@
     - [Basic][wiki_starter_module_basic]
     - [Hub Networking][wiki_starter_module_hubnetworking]
     - [Complete][wiki_starter_module_complete]
-      - [YAML Schema for `config.yaml`][wiki_yaml_schema_reference]
+      - [Configuration YAML Schema][wiki_yaml_schema_reference]
       - [Example GitHub inputs][example_powershell_inputs_github]
       - [Example Azure DevOps inputs][example_powershell_inputs_azure_devops]
       - [Example Hub and Spoke config][example_starter_module_complete_config_hub_spoke]

templates/complete/main.tf

@@ -69,23 +69,25 @@ module "hubnetworking" {
 }
 
 module "virtual_network_gateway" {
-  source  = "Azure/vnet-gateway/azurerm"
-  version = "0.1.2"
+  source  = "Azure/avm-ptn-vnetgateway/azurerm"
+  version = "~> 0.2.0"
 
   for_each = local.module_virtual_network_gateway
 
   location                            = each.value.location
   name                                = each.value.name
   sku                                 = each.value.sku
-  subnet_address_prefix               = each.value.subnet_address_prefix
   type                                = each.value.type
   virtual_network_name                = each.value.virtual_network_name
   virtual_network_resource_group_name = each.value.virtual_network_resource_group_name
   default_tags                        = try(each.value.default_tags, null)
   edge_zone                           = try(each.value.edge_zone, null)
+  enable_telemetry                    = false
   express_route_circuits              = try(each.value.express_route_circuits, null)
   ip_configurations                   = try(each.value.ip_configurations, null)
   local_network_gateways              = try(each.value.local_network_gateways, null)
+  subnet_address_prefix               = try(each.value.subnet_address_prefix, null)
+  subnet_id                           = try(each.value.subnet_id, null)
   tags                                = try(each.value.tags, null)
   vpn_active_active_enabled           = try(each.value.vpn_active_active_enabled, null)
   vpn_bgp_enabled                     = try(each.value.vpn_bgp_enabled, null)

templates/complete_vnext/config.yaml

@@ -14,15 +14,15 @@ management:
   resource_group_name: rg-management-${default_postfix}
 
 management_groups:
-  root:  # `key`: the unique identifier for the management group within the Terraform Module this is used in the `parent` field to build the hierarchy
-    id: root-${default_postfix}  # `id`: the id the management group will be created with in Azure
-    display_name: Intermediate Root  # `display_name`: the name the management group will be created with in Azure
-    parent: ${root_management_group_id}  # `parent`: for the root management group this should be the id of the tenant root management group or your chosen root management group
-    base_archetype: root  # `archetype`: the archetype to use for this management group
+  root: # `key`: the unique identifier for the management group within the Terraform Module this is used in the `parent` field to build the hierarchy
+    id: root-${default_postfix} # `id`: the id the management group will be created with in Azure
+    display_name: Intermediate Root # `display_name`: the name the management group will be created with in Azure
+    parent: ${root_parent_management_group_id} # `parent`: for the root management group this should be the id of the tenant root management group or your chosen root management group
+    base_archetype: root # `archetype`: the archetype to use for this management group
   landing-zones:
     id: landing-zones-${default_postfix}
     display_name: Landing Zones
-    parent: root  # Note that `parent` refers to the `key` of it's parent as opposed to the `id` which can be different
+    parent: root # Note that `parent` refers to the `key` of it's parent as opposed to the `id` which can be different
     base_archetype: landing_zones
   platform:
     id: platform-${default_postfix}
@@ -72,7 +72,7 @@ management_groups:
     base_archetype: decommissioned
 
 connectivity:
-  hub_networking:  # `hubnetworking` module, add inputs as listed on the module registry where necessary.
+  hub_networking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
     hub_virtual_networks:
       primary:
         name: vnet-hub-${default_postfix}
@@ -85,7 +85,7 @@ connectivity:
           sku_name: AZFW_VNet
           sku_tier: Standard
           subnet_address_prefix: 10.0.1.0/24
-        virtual_network_gateway:  # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
+        virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
           name: vgw-hub-${default_postfix}
           sku: VpnGw1
           type: Vpn

templates/complete_vnext/data.tf

@@ -1 +1 @@
-data "azurerm_client_config" "current" {}
+data "azurerm_client_config" "core" {}

templates/complete_vnext/locals.tf

@@ -1,33 +1,59 @@
 locals {
-  root_management_group_id = var.root_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_management_group_id
+  const_yaml = "yaml"
+  const_yml  = "yml"
 
-  base_config_replacements = {
-    default_location             = var.default_location
-    default_postfix              = var.default_postfix
-    root_management_group_id     = local.root_management_group_id
-    subscription_id_connectivity = var.subscription_id_connectivity
-    subscription_id_identity     = var.subscription_id_identity
-    subscription_id_management   = var.subscription_id_management
+  config_file_name      = var.configuration_file_path == "" ? "config.yaml" : basename(var.configuration_file_path)
+  config_file_split     = split(".", local.config_file_name)
+  config_file_extension = replace(lower(element(local.config_file_split, length(local.config_file_split) - 1)), local.const_yml, local.const_yaml)
+}
+locals {
+  config_template_file_variables = {
+    default_location                = var.default_location
+    default_postfix                 = var.default_postfix
+    root_parent_management_group_id = var.root_parent_management_group_id == "" ? data.azurerm_client_config.core.tenant_id : var.root_parent_management_group_id
+    subscription_id_connectivity    = var.subscription_id_connectivity
+    subscription_id_identity        = var.subscription_id_identity
+    subscription_id_management      = var.subscription_id_management
   }
 
-  initial_config = yamldecode(templatefile("${path.module}/config.yaml", local.base_config_replacements))
-
-  management   = local.initial_config.management
-  connectivity = local.initial_config.connectivity
-
-  hub_virtual_networks = {
-    for k, v in local.connectivity.hub_networking.hub_virtual_networks : k => {
-      for k2, v2 in v : k2 => v2 if k2 != "virtual_network_gateway"
+  config = (local.config_file_extension == local.const_yaml ?
+    yamldecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables)) :
+    jsondecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables))
+  )
+}
+locals {
+  root_parent_management_group_id = local.config_template_file_variables.root_parent_management_group_id
+  management_groups               = local.config.management_groups
+  management_groups_layer_1       = { for k, v in local.management_groups : k => v if v.parent == local.root_parent_management_group_id }
+  management_groups_layer_2       = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_1), v.parent) }
+  management_groups_layer_3       = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_2), v.parent) }
+  management_groups_layer_4       = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_3), v.parent) }
+  management_groups_layer_5       = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_4), v.parent) }
+  management_groups_layer_6       = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_5), v.parent) }
+  management_groups_layer_7       = { for k, v in local.management_groups : k => v if contains(keys(local.management_groups_layer_6), v.parent) }
+}
+locals {
+  management                 = local.config.management
+  log_analytics_workspace_id = "/subscriptions/${var.subscription_id_management}/resourceGroups/${local.management.resource_group_name}/providers/Microsoft.OperationalInsights/workspaces/${local.management.log_analytics_workspace_name}"
+}
+locals {
+  hub_virtual_networks = try(merge(local.config.connectivity.hubnetworking.hub_virtual_networks, {}), {})
+  module_hubnetworking = {
+    hub_virtual_networks = {
+      for key, hub_virtual_network in local.hub_virtual_networks : key => {
+        for argument, value in hub_virtual_network : argument => value if argument != "virtual_network_gateway"
+      }
     }
   }
-  virtual_network_gateways = {
-    for k, v in local.connectivity.hub_networking.hub_virtual_networks : k => merge(
-      v.virtual_network_gateway,
+  module_virtual_network_gateway = {
+    for key, hub_virtual_network in local.hub_virtual_networks : key => merge(
+      hub_virtual_network.virtual_network_gateway,
       {
-        location                            = v.location
-        virtual_network_name                = v.name
-        virtual_network_resource_group_name = v.resource_group_name
+        location                            = hub_virtual_network.location
+        virtual_network_name                = hub_virtual_network.name
+        virtual_network_resource_group_name = hub_virtual_network.resource_group_name
       }
     )
+    if can(hub_virtual_network.virtual_network_gateway)
   }
 }