diff --git a/modules/net-address/README.md b/modules/net-address/README.md
index cefecd9b1..d8d448244 100644
--- a/modules/net-address/README.md
+++ b/modules/net-address/README.md
@@ -77,18 +77,42 @@ module "addresses" {
}
# tftest modules=1 resources=2 inventory=psc.yaml
```
-
+# IPSec Interconnect addresses
+
+```hcl
+module "addresses" {
+ source = "./fabric/modules/net-address"
+ project_id = var.project_id
+ ipsec_interconnect_addresses = {
+ vpn-gw-range-1 = {
+ address = "10.255.255.0"
+ region = var.region
+ network = var.vpc.self_link
+ prefix_length = 29
+ }
+ vpn-gw-range-2 = {
+ address = "10.255.255.8"
+ region = var.region
+ network = var.vpc.self_link
+ prefix_length = 29
+ }
+ }
+}
+# tftest modules=1 resources=2 inventory=ipsec-interconnect.yaml
+```
+
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L55) | Project where the addresses will be created. | string | ✓ | |
+| [project_id](variables.tf#L67) | Project where the addresses will be created. | string | ✓ | |
| [external_addresses](variables.tf#L17) | Map of external address regions, keyed by name. | map(string) | | {} |
| [global_addresses](variables.tf#L29) | List of global addresses to create. | list(string) | | [] |
| [internal_addresses](variables.tf#L35) | Map of internal addresses to create, keyed by name. | map(object({…})) | | {} |
-| [psa_addresses](variables.tf#L60) | Map of internal addresses used for Private Service Access. | map(object({…})) | | {} |
-| [psc_addresses](variables.tf#L71) | Map of internal addresses used for Private Service Connect. | map(object({…})) | | {} |
+| [ipsec_interconnect_addresses](variables.tf#L49) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | map(object({…})) | | {} |
+| [psa_addresses](variables.tf#L72) | Map of internal addresses used for Private Service Access. | map(object({…})) | | {} |
+| [psc_addresses](variables.tf#L83) | Map of internal addresses used for Private Service Connect. | map(object({…})) | | {} |
## Outputs
@@ -97,7 +121,7 @@ module "addresses" {
| [external_addresses](outputs.tf#L17) | Allocated external addresses. | |
| [global_addresses](outputs.tf#L25) | Allocated global external addresses. | |
| [internal_addresses](outputs.tf#L33) | Allocated internal addresses. | |
-| [psa_addresses](outputs.tf#L41) | Allocated internal addresses for PSA endpoints. | |
-| [psc_addresses](outputs.tf#L49) | Allocated internal addresses for PSC endpoints. | |
-
+| [ipsec_interconnect_addresses](outputs.tf#L41) | Allocated internal addresses for HA VPN over Cloud Interconnect. | |
+| [psa_addresses](outputs.tf#L49) | Allocated internal addresses for PSA endpoints. | |
+| [psc_addresses](outputs.tf#L57) | Allocated internal addresses for PSC endpoints. | |
diff --git a/modules/net-address/main.tf b/modules/net-address/main.tf
index 0ca494233..46705d703 100644
--- a/modules/net-address/main.tf
+++ b/modules/net-address/main.tf
@@ -69,3 +69,16 @@ resource "google_compute_global_address" "psa" {
purpose = "VPC_PEERING"
# labels = lookup(var.internal_address_labels, each.key, {})
}
+
+resource "google_compute_address" "ipsec_interconnect" {
+ for_each = var.ipsec_interconnect_addresses
+ project = var.project_id
+ name = each.key
+ description = each.value.description
+ address = each.value.address
+ address_type = "INTERNAL"
+ region = each.value.region
+ network = each.value.network
+ prefix_length = each.value.prefix_length
+ purpose = "IPSEC_INTERCONNECT"
+}
diff --git a/modules/net-address/outputs.tf b/modules/net-address/outputs.tf
index e77a36b41..f4f47ef4f 100644
--- a/modules/net-address/outputs.tf
+++ b/modules/net-address/outputs.tf
@@ -38,6 +38,14 @@ output "internal_addresses" {
}
}
+output "ipsec_interconnect_addresses" {
+ description = "Allocated internal addresses for HA VPN over Cloud Interconnect."
+ value = {
+ for address in google_compute_address.ipsec_interconnect :
+ address.name => address
+ }
+}
+
output "psa_addresses" {
description = "Allocated internal addresses for PSA endpoints."
value = {
@@ -52,4 +60,4 @@ output "psc_addresses" {
for address in google_compute_global_address.psc :
address.name => address
}
-}
+}
\ No newline at end of file
diff --git a/modules/net-address/variables.tf b/modules/net-address/variables.tf
index f460b3ff1..87b9fc7d7 100644
--- a/modules/net-address/variables.tf
+++ b/modules/net-address/variables.tf
@@ -46,6 +46,18 @@ variable "internal_addresses" {
default = {}
}
+variable "ipsec_interconnect_addresses" {
+ description = "Map of internal addresses used for HPA VPN over Cloud Interconnect."
+ type = map(object({
+ region = string
+ address = string
+ network = string
+ description = optional(string, "Terraform managed.")
+ prefix_length = number
+ }))
+ default = {}
+}
+
# variable "internal_address_labels" {
# description = "Optional labels for internal addresses, keyed by address name."
# type = map(map(string))
@@ -76,4 +88,4 @@ variable "psc_addresses" {
description = optional(string, "Terraform managed.")
}))
default = {}
-}
+}
\ No newline at end of file
diff --git a/tests/modules/net_address/examples/ipsec-interconnect.yaml b/tests/modules/net_address/examples/ipsec-interconnect.yaml
new file mode 100644
index 000000000..2a9a43dea
--- /dev/null
+++ b/tests/modules/net_address/examples/ipsec-interconnect.yaml
@@ -0,0 +1,36 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.addresses.google_compute_address.ipsec_interconnect["vpn-gw-range-1"]:
+ address: 10.255.255.0
+ address_type: INTERNAL
+ name: vpn-gw-range-1
+ network: projects/xxx/global/networks/aaa
+ prefix_length: 29
+ project: project-id
+ purpose: IPSEC_INTERCONNECT
+ region: region
+ module.addresses.google_compute_address.ipsec_interconnect["vpn-gw-range-2"]:
+ address: 10.255.255.8
+ address_type: INTERNAL
+ name: vpn-gw-range-2
+ network: projects/xxx/global/networks/aaa
+ prefix_length: 29
+ project: project-id
+ purpose: IPSEC_INTERCONNECT
+ region: region
+
+counts:
+ google_compute_address: 2
\ No newline at end of file