2023-05-31 03:53:38 -07:00
|
|
|
/**
|
|
|
|
* Copyright 2023 Google LLC
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
resource "google_compute_router" "encrypted-interconnect-overlay-router" {
|
|
|
|
name = "ioic-overlay-router-${var.region}"
|
|
|
|
project = var.project_id
|
|
|
|
network = var.network
|
|
|
|
region = var.region
|
|
|
|
bgp {
|
|
|
|
advertise_mode = (
|
|
|
|
var.overlay_config.gcp_bgp.custom_advertise != null
|
|
|
|
? "CUSTOM"
|
|
|
|
: "DEFAULT"
|
|
|
|
)
|
|
|
|
advertised_groups = (
|
|
|
|
try(var.overlay_config.gcp_bgp.custom_advertise.all_subnets, false)
|
|
|
|
? ["ALL_SUBNETS"]
|
|
|
|
: []
|
|
|
|
)
|
|
|
|
dynamic "advertised_ip_ranges" {
|
|
|
|
for_each = try(var.overlay_config.gcp_bgp.custom_advertise.ip_ranges, {})
|
|
|
|
iterator = range
|
|
|
|
content {
|
|
|
|
range = range.key
|
|
|
|
description = range.value
|
|
|
|
}
|
|
|
|
}
|
|
|
|
keepalive_interval = try(var.overlay_config.gcp_bgp.keepalive, null)
|
|
|
|
asn = var.overlay_config.gcp_bgp.asn
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_compute_external_vpn_gateway" "default" {
|
|
|
|
name = "peer-vpn-gateway"
|
|
|
|
project = var.project_id
|
|
|
|
description = "Peer IPSec over Interconnect VPN gateway"
|
2023-08-02 04:02:17 -07:00
|
|
|
redundancy_type = length(var.overlay_config.onprem_vpn_gateway_interfaces) == 2 ? "TWO_IPS_REDUNDANCY" : "SINGLE_IP_INTERNALLY_REDUNDANT"
|
2023-05-31 03:53:38 -07:00
|
|
|
dynamic "interface" {
|
2023-08-02 04:02:17 -07:00
|
|
|
for_each = var.overlay_config.onprem_vpn_gateway_interfaces
|
2023-05-31 03:53:38 -07:00
|
|
|
content {
|
|
|
|
id = interface.key
|
|
|
|
ip_address = interface.value
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
module "vpngw" {
|
|
|
|
source = "../../../modules/net-ipsec-over-interconnect"
|
|
|
|
for_each = var.overlay_config.gateways
|
|
|
|
project_id = var.project_id
|
|
|
|
network = var.network
|
|
|
|
region = var.region
|
|
|
|
name = "vpngw-${each.key}"
|
|
|
|
interconnect_attachments = {
|
|
|
|
a = module.va-a.id
|
|
|
|
b = module.va-b.id
|
|
|
|
}
|
|
|
|
peer_gateway_config = {
|
|
|
|
create = false
|
|
|
|
id = google_compute_external_vpn_gateway.default.id
|
|
|
|
}
|
|
|
|
router_config = {
|
|
|
|
create = false
|
|
|
|
name = google_compute_router.encrypted-interconnect-overlay-router.name
|
|
|
|
}
|
|
|
|
tunnels = each.value
|
|
|
|
}
|