Bug: Virtual WAN disable_vpn_encryption logic reversed

[OmnipotentOwl]

Summary

When using the module and expressing the disable_vpn_encryption property to indicate that VPN connections should be encrypted the opposite logic is executed on the Virtual WAN.

Reproduction

configure disable_vpn_encryption to false and the VPN encryption is disabled while if it is configured to true to disable vpn encryption then VPN encryption is enabled.

Remediation

The proposed solution below simplifies the configuration of the Virtual WAN's 'disable_vpn_encryption property and makes its usage more explicit to the user. Additionally, because this is an optional property on the azurerm_virtual_wan resource it should be set to be optional in the module with the resource's default value passed through.

variable "disable_vpn_encryption" {
  type        = bool
  description = "Boolean flag to specify whether VPN encryption is disabled"
  default     = false
}

resource "azurerm_virtual_wan" "virtual_wan" {
  name                              = var.virtual_wan_name
  location                          = var.location
  resource_group_name               = var.resource_group_name
  disable_vpn_encryption            = var.disable_vpn_encryption
  allow_branch_to_branch_traffic    = try(var.allow_branch_to_branch_traffic, true)
  office365_local_breakout_category = try(var.office365_local_breakout_category, "None")
  type                              = var.type
  tags                              = merge(var.tags, var.virtual_wan_tags)
}

[khushal08]

@OmnipotentOwl Started looking into it.