Add support for single-sided peerings.

CHANGELOG.md

@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
 - add support for virtual displays in `compute-vm`
 - add examples of alias IPs in `compute-vm` module
 - fix support for creating disks from images in `compute-vm`
+- allow creating single-sided peerings in `net-vpc` and `net-vpc-peering`
 
 ## [3.4.0] - 2020-09-24
 

modules/net-vpc-peering/README.md

@@ -53,7 +53,8 @@ module "peering-a-c" {
 | *export_local_custom_routes* | Export custom routes to peer network from local network. | <code title="">bool</code> |  | <code title="">false</code> |
 | *export_peer_custom_routes* | Export custom routes to local network from peer network. | <code title="">bool</code> |  | <code title="">false</code> |
 | *module_depends_on* | List of modules or resources this module depends on. | <code title="">list</code> |  | <code title="">[]</code> |
-| *prefix* | Name prefix for the network peerings | <code title="">string</code> |  | <code title="">network-peering</code> |
+| *peer_create_peering* | Create the peering on the remote side. If false, only the peering from this network to the remote network is created. | <code title="">bool</code> |  | <code title="">true</code> |
+| *prefix* | Name prefix for the network peerings. | <code title="">string</code> |  | <code title="">network-peering</code> |
 
 ## Outputs
 

modules/net-vpc-peering/main.tf

@@ -30,6 +30,7 @@ resource "google_compute_network_peering" "local_network_peering" {
 }
 
 resource "google_compute_network_peering" "peer_network_peering" {
+  count                = var.peer_create_peering ? 1 : 0
   name                 = "${var.prefix}-${local.peer_network_name}-${local.local_network_name}"
   network              = var.peer_network
   peer_network         = var.local_network

modules/net-vpc-peering/variables.tf

@@ -15,7 +15,7 @@
  */
 
 variable "prefix" {
-  description = "Name prefix for the network peerings"
+  description = "Name prefix for the network peerings."
   type        = string
   default     = "network-peering"
 }
@@ -47,3 +47,9 @@ variable "module_depends_on" {
   type        = list
   default     = []
 }
+
+variable "peer_create_peering" {
+  description = "Create the peering on the remote side. If false, only the peering from this network to the remote network is created."
+  type        = bool
+  default     = true
+}

modules/net-vpc/README.md

@@ -37,6 +37,8 @@ module "vpc" {
 
 A single peering can be configured for the VPC, so as to allow management of simple scenarios, and more complex configurations like hub and spoke by defining the peering configuration on the spoke VPCs. Care must be taken so as a single peering is created/changed/destroyed at a time, due to the specific behaviour of the peering API calls.
 
+If you only want to create the "local" side of the peering, use `peering_create_remote_end` to `false`. This is useful if you don't have permissions on the remote project/VPC to create peerings.
+
 ```hcl
 module "vpc-spoke-1" {
   source     = "../modules/net-vpc"
@@ -119,6 +121,7 @@ module "vpc-host" {
 | *log_config_defaults* | Default configuration for flow logs when enabled. | <code title="object&#40;&#123;&#10;aggregation_interval &#61; string&#10;flow_sampling        &#61; number&#10;metadata             &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;aggregation_interval &#61; &#34;INTERVAL_5_SEC&#34;&#10;flow_sampling        &#61; 0.5&#10;metadata             &#61; &#34;INCLUDE_ALL_METADATA&#34;&#10;&#125;">...</code> |
 | *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | <code title="map&#40;map&#40;string&#41;&#41;">map(map(string))</code> |  | <code title="">{}</code> |
 | *peering_config* | VPC peering configuration. | <code title="object&#40;&#123;&#10;peer_vpc_self_link &#61; string&#10;export_routes      &#61; bool&#10;import_routes      &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
+| *peering_create_remote_end* | Skip creation of peering on the remote end when using peering_config | <code title="">bool</code> |  | <code title="">true</code> |
 | *routes* | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10;dest_range    &#61; string&#10;priority      &#61; number&#10;tags          &#61; list&#40;string&#41;&#10;next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10;next_hop      &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
 | *routing_mode* | The network routing mode (default 'GLOBAL') | <code title="">string</code> |  | <code title="">GLOBAL</code> |
 | *shared_vpc_host* | Enable shared VPC for this project. | <code title="">bool</code> |  | <code title="">false</code> |

modules/net-vpc/main.tf

@@ -101,7 +101,7 @@ resource "google_compute_network_peering" "local" {
 
 resource "google_compute_network_peering" "remote" {
   provider             = google-beta
-  count                = var.peering_config == null ? 0 : 1
+  count                = var.peering_config != null && var.peering_create_remote_end ? 1 : 0
   name                 = "${local.peer_network}-${var.name}"
   network              = var.peering_config.peer_vpc_self_link
   peer_network         = local.network.self_link

modules/net-vpc/variables.tf

@@ -79,6 +79,12 @@ variable "peering_config" {
   default = null
 }
 
+variable "peering_create_remote_end" {
+  description = "Skip creation of peering on the remote end when using peering_config"
+  type        = bool
+  default     = true
+}
+
 variable "project_id" {
   description = "The ID of the project where this VPC will be created"
   type        = string