diff --git a/modules/net-ipsec-over-interconnect/README.md b/modules/net-ipsec-over-interconnect/README.md
index 507c7e54..5cadae32 100644
--- a/modules/net-ipsec-over-interconnect/README.md
+++ b/modules/net-ipsec-over-interconnect/README.md
@@ -28,10 +28,9 @@ resource "google_compute_router" "encrypted-interconnect-overlay-router" {
}
resource "google_compute_external_vpn_gateway" "default" {
- name = "peer-vpn-gateway"
- project = "myproject"
- description = "Peer IPSec over Interconnect VPN gateway"
- redundancy_type = "TWO_IPS_REDUNDANCY"
+ name = "peer-vpn-gateway"
+ project = "myproject"
+ description = "Peer IPSec over Interconnect VPN gateway"
interface {
id = 0
ip_address = "10.0.0.1"
@@ -58,7 +57,7 @@ module "vpngw-a" {
}
router_config = {
create = false
- name = google_compute_router.encrypted-interconnect-overlay-router.id
+ name = google_compute_router.encrypted-interconnect-overlay-router.name
}
tunnels = {
remote-0 = {
@@ -102,7 +101,6 @@ module "vpngw-a" {
# tftest modules=1 resources=16
```
-
## Variables
| name | description | type | required | default |
@@ -110,11 +108,11 @@ module "vpngw-a" {
| [interconnect_attachments](variables.tf#L17) | VLAN attachments used by the VPN Gateway. | object({…})
| ✓ | |
| [name](variables.tf#L25) | Common name to identify the VPN Gateway. | string
| ✓ | |
| [network](variables.tf#L30) | The VPC name to which resources are associated to. | string
| ✓ | |
-| [peer_gateway_config](variables.tf#L35) | IP addresses for the external peer gateway. | object({…})
| ✓ | |
-| [project_id](variables.tf#L55) | The project id. | string
| ✓ | |
-| [region](variables.tf#L60) | GCP Region. | string
| ✓ | |
-| [router_config](variables.tf#L65) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…})
| ✓ | |
-| [tunnels](variables.tf#L80) | VPN tunnel configurations. | map(object({…}))
| | {}
|
+| [peer_gateway_config](variables.tf#L35) | IP addresses for the external peer gateway. | object({…})
| ✓ | |
+| [project_id](variables.tf#L54) | The project id. | string
| ✓ | |
+| [region](variables.tf#L59) | GCP Region. | string
| ✓ | |
+| [router_config](variables.tf#L64) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…})
| ✓ | |
+| [tunnels](variables.tf#L79) | VPN tunnel configurations. | map(object({…}))
| | {}
|
## Outputs
@@ -128,5 +126,4 @@ module "vpngw-a" {
| [router_name](outputs.tf#L45) | Router name. | |
| [self_link](outputs.tf#L50) | HA VPN gateway self link. | |
| [tunnels](outputs.tf#L55) | VPN tunnel resources. | |
-
diff --git a/modules/net-ipsec-over-interconnect/main.tf b/modules/net-ipsec-over-interconnect/main.tf
index 1c3b8b4b..89c775b0 100644
--- a/modules/net-ipsec-over-interconnect/main.tf
+++ b/modules/net-ipsec-over-interconnect/main.tf
@@ -35,7 +35,7 @@ locals {
}
resource "google_compute_ha_vpn_gateway" "default" {
- name = var.name
+ name = "vpn-gw-${var.name}"
network = var.network
project = var.project_id
region = var.region
@@ -51,10 +51,10 @@ resource "google_compute_ha_vpn_gateway" "default" {
resource "google_compute_external_vpn_gateway" "default" {
count = var.peer_gateway_config.create ? 1 : 0
- name = var.name
+ name = coalesce(var.peer_gateway_config.name, "peer-vpn-gw-${var.name}")
project = var.project_id
description = var.peer_gateway_config.description
- redundancy_type = var.peer_gateway_config.redundancy_type
+ redundancy_type = length(var.peer_gateway_config.interfaces) == 2 ? "TWO_IPS_REDUNDANCY" : "SINGLE_IP_INTERNALLY_REDUNDANT"
dynamic "interface" {
for_each = var.peer_gateway_config.interfaces
content {
@@ -66,7 +66,7 @@ resource "google_compute_external_vpn_gateway" "default" {
resource "google_compute_router" "default" {
count = var.router_config.create ? 1 : 0
- name = coalesce(var.router_config.name, "vpn-${var.name}")
+ name = coalesce(var.router_config.name, "router-${var.name}")
project = var.project_id
region = var.region
network = var.network
diff --git a/modules/net-ipsec-over-interconnect/variables.tf b/modules/net-ipsec-over-interconnect/variables.tf
index dceeecd0..25cf0cf2 100644
--- a/modules/net-ipsec-over-interconnect/variables.tf
+++ b/modules/net-ipsec-over-interconnect/variables.tf
@@ -35,20 +35,19 @@ variable "network" {
variable "peer_gateway_config" {
description = "IP addresses for the external peer gateway."
type = object({
- create = optional(bool, false)
- description = optional(string, "Terraform managed IPSec over Interconnect VPN gateway")
- name = optional(string, null)
- id = optional(string, null)
- redundancy_type = optional(string)
- interfaces = optional(list(string))
+ create = optional(bool, false)
+ description = optional(string, "Terraform managed IPSec over Interconnect VPN gateway")
+ name = optional(string, null)
+ id = optional(string, null)
+ interfaces = optional(list(string), [])
})
+ nullable = false
validation {
condition = anytrue([
var.peer_gateway_config.create == false && var.peer_gateway_config.id != null,
- var.peer_gateway_config.create == true && try(var.peer_gateway_config.redundancy_type, "") == "SINGLE_IP_INTERNALLY_REDUNDANT" && try(length(var.peer_gateway_config.interfaces) == 1, false),
- var.peer_gateway_config.create == true && try(var.peer_gateway_config.redundancy_type, "") == "TWO_IPS_REDUNDANCY" && try(length(var.peer_gateway_config.interfaces) == 2, false),
+ var.peer_gateway_config.create == true && (try(length(var.peer_gateway_config.interfaces) == 1, false) || try(length(var.peer_gateway_config.interfaces) == 2, false))
])
- error_message = "When using an existing gateway, an ID must be provided. SINGLE_IP_INTERNALLY_REDUNDANT requires exactly 1 interface, TWO_IPS_REDUNDANCY requires exactly 2."
+ error_message = "When using an existing gateway, an ID must be provided. When not, the gateway can have one or two interfaces."
}
}