Update rest of vpn modules to tf1.3
This commit is contained in:
parent
620babe5c0
commit
e976d71428
|
@ -21,9 +21,9 @@ locals {
|
|||
: var.gateway_address
|
||||
)
|
||||
router = (
|
||||
var.router_create
|
||||
? google_compute_router.router[0].name
|
||||
: var.router_name
|
||||
var.router_config.create
|
||||
? try(google_compute_router.router[0].name, null)
|
||||
: var.router_config.name
|
||||
)
|
||||
secret = random_id.secret.b64_url
|
||||
}
|
||||
|
@ -65,75 +65,56 @@ resource "google_compute_forwarding_rule" "udp-4500" {
|
|||
}
|
||||
|
||||
resource "google_compute_router" "router" {
|
||||
count = var.router_create ? 1 : 0
|
||||
name = var.router_name == "" ? "vpn-${var.name}" : var.router_name
|
||||
count = var.router_config.create ? 1 : 0
|
||||
name = coalesce(var.router_config.name, "vpn-${var.name}")
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
bgp {
|
||||
advertise_mode = (
|
||||
var.router_advertise_config == null
|
||||
? null
|
||||
: var.router_advertise_config.mode
|
||||
var.router_config.custom_advertise != null
|
||||
? "CUSTOM"
|
||||
: "DEFAULT"
|
||||
)
|
||||
advertised_groups = (
|
||||
var.router_advertise_config == null ? null : (
|
||||
var.router_advertise_config.mode != "CUSTOM"
|
||||
? null
|
||||
: var.router_advertise_config.groups
|
||||
)
|
||||
try(var.router_config.custom_advertise.all_subnets, false)
|
||||
? ["ALL_SUBNETS"]
|
||||
: []
|
||||
)
|
||||
dynamic "advertised_ip_ranges" {
|
||||
for_each = (
|
||||
var.router_advertise_config == null ? {} : (
|
||||
var.router_advertise_config.mode != "CUSTOM"
|
||||
? null
|
||||
: var.router_advertise_config.ip_ranges
|
||||
)
|
||||
)
|
||||
for_each = try(var.router_config.custom_advertise.ip_ranges, {})
|
||||
iterator = range
|
||||
content {
|
||||
range = range.key
|
||||
description = range.value
|
||||
}
|
||||
}
|
||||
asn = var.router_asn
|
||||
keepalive_interval = try(var.router_config.keepalive, null)
|
||||
asn = var.router_config.asn
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_router_peer" "bgp_peer" {
|
||||
for_each = var.tunnels
|
||||
region = var.region
|
||||
project = var.project_id
|
||||
name = "${var.name}-${each.key}"
|
||||
router = each.value.router == null ? local.router : each.value.router
|
||||
peer_ip_address = each.value.bgp_peer.address
|
||||
peer_asn = each.value.bgp_peer.asn
|
||||
advertised_route_priority = (
|
||||
each.value.bgp_peer_options == null ? var.route_priority : (
|
||||
each.value.bgp_peer_options.route_priority == null
|
||||
? var.route_priority
|
||||
: each.value.bgp_peer_options.route_priority
|
||||
)
|
||||
)
|
||||
for_each = var.tunnels
|
||||
region = var.region
|
||||
project = var.project_id
|
||||
name = "${var.name}-${each.key}"
|
||||
router = coalesce(each.value.router, local.router)
|
||||
peer_ip_address = each.value.bgp_peer.address
|
||||
peer_asn = each.value.bgp_peer.asn
|
||||
advertised_route_priority = each.value.bgp_peer.route_priority
|
||||
advertise_mode = (
|
||||
each.value.bgp_peer_options == null ? null : each.value.bgp_peer_options.advertise_mode
|
||||
try(each.value.bgp_peer.custom_advertise, null) != null
|
||||
? "CUSTOM"
|
||||
: "DEFAULT"
|
||||
)
|
||||
advertised_groups = (
|
||||
each.value.bgp_peer_options == null ? null : (
|
||||
each.value.bgp_peer_options.advertise_mode != "CUSTOM"
|
||||
? null
|
||||
: each.value.bgp_peer_options.advertise_groups
|
||||
)
|
||||
advertised_groups = concat(
|
||||
try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [],
|
||||
try(each.value.bgp_peer.custom_advertise.all_vpc_subnets, false) ? ["ALL_VPC_SUBNETS"] : [],
|
||||
try(each.value.bgp_peer.custom_advertise.all_peer_vpc_subnets, false) ? ["ALL_PEER_VPC_SUBNETS"] : []
|
||||
)
|
||||
dynamic "advertised_ip_ranges" {
|
||||
for_each = (
|
||||
each.value.bgp_peer_options == null ? {} : (
|
||||
each.value.bgp_peer_options.advertise_mode != "CUSTOM"
|
||||
? {}
|
||||
: each.value.bgp_peer_options.advertise_ip_ranges
|
||||
)
|
||||
)
|
||||
for_each = try(each.value.bgp_peer.custom_advertise.ip_ranges, {})
|
||||
iterator = range
|
||||
content {
|
||||
range = range.key
|
||||
|
@ -144,11 +125,12 @@ resource "google_compute_router_peer" "bgp_peer" {
|
|||
}
|
||||
|
||||
resource "google_compute_router_interface" "router_interface" {
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
router = each.value.router == null ? local.router : each.value.router
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
router = coalesce(each.value.router, local.router)
|
||||
# FIXME: can bgp_session_range be null?
|
||||
ip_range = each.value.bgp_session_range == "" ? null : each.value.bgp_session_range
|
||||
vpn_tunnel = google_compute_vpn_tunnel.tunnels[each.key].name
|
||||
}
|
||||
|
@ -161,18 +143,14 @@ resource "google_compute_vpn_gateway" "gateway" {
|
|||
}
|
||||
|
||||
resource "google_compute_vpn_tunnel" "tunnels" {
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
router = each.value.router == null ? local.router : each.value.router
|
||||
peer_ip = each.value.peer_ip
|
||||
ike_version = each.value.ike_version
|
||||
shared_secret = (
|
||||
each.value.shared_secret == "" || each.value.shared_secret == null
|
||||
? local.secret
|
||||
: each.value.shared_secret
|
||||
)
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
router = coalesce(each.value.router, local.router)
|
||||
peer_ip = each.value.peer_ip
|
||||
ike_version = each.value.ike_version
|
||||
shared_secret = coalesce(each.value.shared_secret, local.secret)
|
||||
target_vpn_gateway = google_compute_vpn_gateway.gateway.self_link
|
||||
depends_on = [google_compute_forwarding_rule.esp]
|
||||
}
|
||||
|
|
|
@ -54,7 +54,7 @@ output "tunnel_names" {
|
|||
description = "VPN tunnel names."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name].name
|
||||
name => try(google_compute_vpn_tunnel.tunnels[name].name, null)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -62,7 +62,7 @@ output "tunnel_self_links" {
|
|||
description = "VPN tunnel self links."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name].self_link
|
||||
name => try(google_compute_vpn_tunnel.tunnels[name].self_link, null)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -70,6 +70,6 @@ output "tunnels" {
|
|||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name]
|
||||
name => try(google_compute_vpn_tunnel.tunnels[name], null)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
variable "gateway_address" {
|
||||
description = "Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false."
|
||||
type = string
|
||||
default = ""
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "gateway_address_create" {
|
||||
|
@ -46,60 +46,43 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "route_priority" {
|
||||
description = "Route priority, defaults to 1000."
|
||||
type = number
|
||||
default = 1000
|
||||
}
|
||||
|
||||
variable "router_advertise_config" {
|
||||
description = "Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions."
|
||||
variable "router_config" {
|
||||
description = "Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router."
|
||||
type = object({
|
||||
groups = list(string)
|
||||
ip_ranges = map(string)
|
||||
mode = string
|
||||
create = optional(bool, true)
|
||||
asn = number
|
||||
name = optional(string)
|
||||
keepalive = optional(number)
|
||||
custom_advertise = optional(object({
|
||||
all_subnets = bool
|
||||
ip_ranges = map(string)
|
||||
}))
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "router_asn" {
|
||||
description = "Router ASN used for auto-created router."
|
||||
type = number
|
||||
default = 64514
|
||||
}
|
||||
|
||||
variable "router_create" {
|
||||
description = "Create router."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "router_name" {
|
||||
description = "Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router."
|
||||
type = string
|
||||
default = ""
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "tunnels" {
|
||||
description = "VPN tunnel configurations, bgp_peer_options is usually null."
|
||||
description = "VPN tunnel configurations."
|
||||
type = map(object({
|
||||
bgp_peer = object({
|
||||
address = string
|
||||
asn = number
|
||||
})
|
||||
bgp_peer_options = object({
|
||||
advertise_groups = list(string)
|
||||
advertise_ip_ranges = map(string)
|
||||
advertise_mode = string
|
||||
route_priority = number
|
||||
address = string
|
||||
asn = number
|
||||
route_priority = optional(number, 1000)
|
||||
custom_advertise = optional(object({
|
||||
all_subnets = bool
|
||||
all_vpc_subnets = bool
|
||||
all_peer_vpc_subnets = bool
|
||||
ip_ranges = map(string)
|
||||
}))
|
||||
})
|
||||
# each BGP session on the same Cloud Router must use a unique /30 CIDR
|
||||
# from the 169.254.0.0/16 block.
|
||||
bgp_session_range = string
|
||||
ike_version = number
|
||||
ike_version = optional(number, 2)
|
||||
peer_ip = string
|
||||
router = string
|
||||
shared_secret = string
|
||||
router = optional(string)
|
||||
shared_secret = optional(string)
|
||||
}))
|
||||
default = {}
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
|
|
@ -54,7 +54,7 @@ resource "google_compute_external_vpn_gateway" "external_gateway" {
|
|||
|
||||
resource "google_compute_router" "router" {
|
||||
count = var.router_config.create ? 1 : 0
|
||||
name = var.router_config.name == null ? "vpn-${var.name}" : var.router_config.name
|
||||
name = coalesce(var.router_config.name, "vpn-${var.name}")
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
|
@ -87,7 +87,7 @@ resource "google_compute_router_peer" "bgp_peer" {
|
|||
region = var.region
|
||||
project = var.project_id
|
||||
name = "${var.name}-${each.key}"
|
||||
router = local.router
|
||||
router = coalesce(each.value.router, local.router)
|
||||
peer_ip_address = each.value.bgp_peer.address
|
||||
peer_asn = each.value.bgp_peer.asn
|
||||
advertised_route_priority = each.value.bgp_peer.route_priority
|
||||
|
|
|
@ -66,7 +66,7 @@ variable "router_config" {
|
|||
}
|
||||
|
||||
variable "tunnels" {
|
||||
description = "VPN tunnel configurations, bgp_peer_options is usually null."
|
||||
description = "VPN tunnel configurations."
|
||||
type = map(object({
|
||||
bgp_peer = object({
|
||||
address = string
|
||||
|
|
|
@ -17,12 +17,10 @@ module "vpn" {
|
|||
region = var.region
|
||||
network = var.vpc.self_link
|
||||
name = "remote"
|
||||
gateway_address_create = false
|
||||
gateway_address = module.addresses.external_addresses["vpn"].address
|
||||
gateway_address = module.addresses.external_addresses["vpn"].address
|
||||
remote_ranges = ["10.10.0.0/24"]
|
||||
tunnels = {
|
||||
remote-0 = {
|
||||
ike_version = 2
|
||||
peer_ip = "1.1.1.1"
|
||||
shared_secret = "mysecret"
|
||||
traffic_selectors = { local = ["0.0.0.0/0"], remote = ["0.0.0.0/0"] }
|
||||
|
|
|
@ -91,7 +91,7 @@ resource "google_compute_vpn_tunnel" "tunnels" {
|
|||
local_traffic_selector = each.value.traffic_selectors.local
|
||||
remote_traffic_selector = each.value.traffic_selectors.remote
|
||||
ike_version = each.value.ike_version
|
||||
shared_secret = each.value.shared_secret == "" ? local.secret : each.value.shared_secret
|
||||
shared_secret = coalesce(each.value.shared_secret, local.secret)
|
||||
target_vpn_gateway = google_compute_vpn_gateway.gateway.self_link
|
||||
depends_on = [google_compute_forwarding_rule.esp]
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
variable "gateway_address" {
|
||||
description = "Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false."
|
||||
type = string
|
||||
default = ""
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "gateway_address_create" {
|
||||
|
@ -50,6 +50,7 @@ variable "remote_ranges" {
|
|||
description = "Remote IP CIDR ranges."
|
||||
type = list(string)
|
||||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "route_priority" {
|
||||
|
@ -61,13 +62,14 @@ variable "route_priority" {
|
|||
variable "tunnels" {
|
||||
description = "VPN tunnel configurations."
|
||||
type = map(object({
|
||||
ike_version = number
|
||||
ike_version = optional(number, 2)
|
||||
peer_ip = string
|
||||
shared_secret = string
|
||||
shared_secret = optional(string)
|
||||
traffic_selectors = object({
|
||||
local = list(string)
|
||||
remote = list(string)
|
||||
})
|
||||
}))
|
||||
default = {}
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue