diff --git a/modules/net-ncc/main.tf b/modules/net-ncc/main.tf index 7b861bab..02db91d7 100644 --- a/modules/net-ncc/main.tf +++ b/modules/net-ncc/main.tf @@ -15,17 +15,13 @@ */ locals { - spoke_vms = flatten([ - for spoke_key, spoke in var.spokes : [ - for nva in spoke.nvas : { - ip = nva.ip - vm = nva.vm - vm_name = element(split("/", nva.vm), length(split("/", nva.vm)) - 1) - spoke_key = spoke_key - spoke = spoke - } - ] - ]) + spoke_vms = [ + for ras in var.ras : { + ip = ras.ip + vm = ras.vm + vm_name = element(split("/", ras.vm), length(split("/", ras.vm)) - 1) + } + ] } resource "google_network_connectivity_hub" "hub" { @@ -34,69 +30,65 @@ resource "google_network_connectivity_hub" "hub" { description = var.description } -resource "google_network_connectivity_spoke" "spoke" { - for_each = var.spokes +resource "google_network_connectivity_spoke" "spoke-ra" { project = var.project_id hub = google_network_connectivity_hub.hub.id - location = each.value.region - name = "${var.name}-${each.key}" + location = var.region + name = var.name linked_router_appliance_instances { dynamic "instances" { - for_each = each.value.nvas + for_each = var.ras content { virtual_machine = instances.value["vm"] ip_address = instances.value["ip"] } } - site_to_site_data_transfer = false + site_to_site_data_transfer = var.data_transfer } } resource "google_compute_router" "cr" { - for_each = var.spokes - project = var.project_id - name = "${var.name}-${each.key}-cr" - network = each.value.vpc - region = each.value.region + project = var.project_id + name = "${var.name}-cr" + network = var.vpc + region = var.region bgp { advertise_mode = ( - each.value.router.custom_advertise != null ? "CUSTOM" : "DEFAULT" + var.custom_advertise != null ? "CUSTOM" : "DEFAULT" ) advertised_groups = ( - try(each.value.router.custom_advertise.all_subnets, false) + try(var.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [] ) dynamic "advertised_ip_ranges" { - for_each = try(each.value.router.custom_advertise.ip_ranges, {}) + for_each = try(var.custom_advertise.ip_ranges, {}) content { description = advertised_ip_ranges.key range = advertised_ip_ranges.value } } asn = var.asn - keepalive_interval = try(each.value.router.keepalive, null) + keepalive_interval = try(var.keepalive, null) } } resource "google_compute_router_interface" "intf1" { - for_each = var.spokes project = var.project_id name = "intf1" - router = google_compute_router.cr[each.key].name - region = each.value.region - subnetwork = each.value.subnetwork - private_ip_address = each.value.router.ip1 + router = google_compute_router.cr.name + region = var.region + subnetwork = var.subnetwork + private_ip_address = var.ip_intf1 } resource "google_compute_router_interface" "intf2" { - for_each = var.spokes project = var.project_id name = "intf2" - router = google_compute_router.cr[each.key].name - region = each.value.region - subnetwork = each.value.subnetwork - private_ip_address = each.value.router.ip2 - redundant_interface = google_compute_router_interface.intf1[each.key].name + router = google_compute_router.cr.name + region = var.region + subnetwork = var.subnetwork + private_ip_address = var.ip_intf2 + redundant_interface = google_compute_router_interface.intf1.name } resource "google_compute_router_peer" "peer1" { @@ -105,10 +97,10 @@ resource "google_compute_router_peer" "peer1" { } project = var.project_id name = "peer1-${each.value.vm_name}" - router = google_compute_router.cr[each.value.spoke_key].name - region = each.value.spoke.region - interface = google_compute_router_interface.intf1[each.value.spoke_key].name - peer_asn = each.value.spoke.router.peer_asn + router = google_compute_router.cr.name + region = var.region + interface = google_compute_router_interface.intf1.name + peer_asn = var.peer_asn peer_ip_address = each.value.ip router_appliance_instance = each.value.vm } @@ -119,10 +111,10 @@ resource "google_compute_router_peer" "peer2" { } project = var.project_id name = "peer2-${each.value.vm_name}" - router = google_compute_router.cr[each.value.spoke_key].name - region = each.value.spoke.region - interface = google_compute_router_interface.intf2[each.value.spoke_key].name - peer_asn = each.value.spoke.router.peer_asn + router = google_compute_router.cr.name + region = var.region + interface = google_compute_router_interface.intf2.name + peer_asn = var.peer_asn peer_ip_address = each.value.ip router_appliance_instance = each.value.vm } diff --git a/modules/net-ncc/variables.tf b/modules/net-ncc/variables.tf index 2115e2f8..c2639b01 100644 --- a/modules/net-ncc/variables.tf +++ b/modules/net-ncc/variables.tf @@ -15,45 +15,78 @@ */ variable "asn" { - description = "ASN for all CRs in the hub." + description = "Autonomous System Number for the CR. All spokes in a hub should use the same ASN." type = number } +variable "custom_advertise" { + description = "IP ranges to advertise if not using default route advertisement (subnet ranges)." + type = object({ + all_subnets = bool + ip_ranges = map(string) # map of descriptions and address ranges + }) +} + +variable "data_transfer" { + description = "Site-to-site data transfer feature, available only in some regions." + type = bool +} + variable "description" { description = "An optional description of the NCC hub." type = string default = "Terraform-managed." } +variable "ip_intf1" { + description = "IP address for the CR interface 1. It must belong to the primary range of the subnet." + type = string +} + +variable "ip_intf2" { + description = "IP address for the CR interface 2. It must belong to the primary range of the subnet." + type = string +} + +variable "keepalive" { + description = "The interval in seconds between BGP keepalive messages that are sent to the peer." + type = number +} + variable "name" { description = "The name of the NCC hub being created." type = string } +variable "peer_asn" { + description = "Peer Autonomous System Number used by the router appliances." + type = number +} + variable "project_id" { description = "The ID of the project where the NCC hub & spokes will be created." type = string } -variable "spokes" { - description = "List of NCC spokes." - type = map(object({ - vpc = string - region = string - subnetwork = string # URI - nvas = list(object({ - vm = string # URI - ip = string - })) - router = object({ - custom_advertise = optional(object({ - all_subnets = bool - ip_ranges = map(string) # map of descriptions and address ranges - })) - ip1 = string - ip2 = string - keepalive = optional(number) - peer_asn = number - }) +variable "ras" { + description = "List of router appliances this spoke is associated with." + type = list(object({ + vm = string # URI + ip = string })) } + +variable "region" { + description = "Region where the spoke is located." + type = string +} + +variable "subnetwork" { + description = "The URI of the subnetwork that CR interfaces belong to." + type = string +} + +variable "vpc" { + description = "A reference to the network to which the CR belongs." + type = string +}