From 3b7e62990c925140a6d856d8e1f75311308275ea Mon Sep 17 00:00:00 2001 From: Miren Esnaola Date: Wed, 2 Aug 2023 12:07:20 +0200 Subject: [PATCH] Added IPSEC_INTERCONNECT addresses to net-address module --- modules/net-address/README.md | 38 +++++++++++++++---- modules/net-address/main.tf | 13 +++++++ modules/net-address/outputs.tf | 10 ++++- modules/net-address/variables.tf | 14 ++++++- .../examples/ipsec-interconnect.yaml | 36 ++++++++++++++++++ 5 files changed, 102 insertions(+), 9 deletions(-) create mode 100644 tests/modules/net_address/examples/ipsec-interconnect.yaml diff --git a/modules/net-address/README.md b/modules/net-address/README.md index cefecd9b1..d8d448244 100644 --- a/modules/net-address/README.md +++ b/modules/net-address/README.md @@ -77,18 +77,42 @@ module "addresses" { } # tftest modules=1 resources=2 inventory=psc.yaml ``` - +# IPSec Interconnect addresses + +```hcl +module "addresses" { + source = "./fabric/modules/net-address" + project_id = var.project_id + ipsec_interconnect_addresses = { + vpn-gw-range-1 = { + address = "10.255.255.0" + region = var.region + network = var.vpc.self_link + prefix_length = 29 + } + vpn-gw-range-2 = { + address = "10.255.255.8" + region = var.region + network = var.vpc.self_link + prefix_length = 29 + } + } +} +# tftest modules=1 resources=2 inventory=ipsec-interconnect.yaml +``` + ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L55) | Project where the addresses will be created. | string | ✓ | | +| [project_id](variables.tf#L67) | Project where the addresses will be created. | string | ✓ | | | [external_addresses](variables.tf#L17) | Map of external address regions, keyed by name. | map(string) | | {} | | [global_addresses](variables.tf#L29) | List of global addresses to create. | list(string) | | [] | | [internal_addresses](variables.tf#L35) | Map of internal addresses to create, keyed by name. | map(object({…})) | | {} | -| [psa_addresses](variables.tf#L60) | Map of internal addresses used for Private Service Access. | map(object({…})) | | {} | -| [psc_addresses](variables.tf#L71) | Map of internal addresses used for Private Service Connect. | map(object({…})) | | {} | +| [ipsec_interconnect_addresses](variables.tf#L49) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | map(object({…})) | | {} | +| [psa_addresses](variables.tf#L72) | Map of internal addresses used for Private Service Access. | map(object({…})) | | {} | +| [psc_addresses](variables.tf#L83) | Map of internal addresses used for Private Service Connect. | map(object({…})) | | {} | ## Outputs @@ -97,7 +121,7 @@ module "addresses" { | [external_addresses](outputs.tf#L17) | Allocated external addresses. | | | [global_addresses](outputs.tf#L25) | Allocated global external addresses. | | | [internal_addresses](outputs.tf#L33) | Allocated internal addresses. | | -| [psa_addresses](outputs.tf#L41) | Allocated internal addresses for PSA endpoints. | | -| [psc_addresses](outputs.tf#L49) | Allocated internal addresses for PSC endpoints. | | - +| [ipsec_interconnect_addresses](outputs.tf#L41) | Allocated internal addresses for HA VPN over Cloud Interconnect. | | +| [psa_addresses](outputs.tf#L49) | Allocated internal addresses for PSA endpoints. | | +| [psc_addresses](outputs.tf#L57) | Allocated internal addresses for PSC endpoints. | | diff --git a/modules/net-address/main.tf b/modules/net-address/main.tf index 0ca494233..46705d703 100644 --- a/modules/net-address/main.tf +++ b/modules/net-address/main.tf @@ -69,3 +69,16 @@ resource "google_compute_global_address" "psa" { purpose = "VPC_PEERING" # labels = lookup(var.internal_address_labels, each.key, {}) } + +resource "google_compute_address" "ipsec_interconnect" { + for_each = var.ipsec_interconnect_addresses + project = var.project_id + name = each.key + description = each.value.description + address = each.value.address + address_type = "INTERNAL" + region = each.value.region + network = each.value.network + prefix_length = each.value.prefix_length + purpose = "IPSEC_INTERCONNECT" +} diff --git a/modules/net-address/outputs.tf b/modules/net-address/outputs.tf index e77a36b41..f4f47ef4f 100644 --- a/modules/net-address/outputs.tf +++ b/modules/net-address/outputs.tf @@ -38,6 +38,14 @@ output "internal_addresses" { } } +output "ipsec_interconnect_addresses" { + description = "Allocated internal addresses for HA VPN over Cloud Interconnect." + value = { + for address in google_compute_address.ipsec_interconnect : + address.name => address + } +} + output "psa_addresses" { description = "Allocated internal addresses for PSA endpoints." value = { @@ -52,4 +60,4 @@ output "psc_addresses" { for address in google_compute_global_address.psc : address.name => address } -} +} \ No newline at end of file diff --git a/modules/net-address/variables.tf b/modules/net-address/variables.tf index f460b3ff1..87b9fc7d7 100644 --- a/modules/net-address/variables.tf +++ b/modules/net-address/variables.tf @@ -46,6 +46,18 @@ variable "internal_addresses" { default = {} } +variable "ipsec_interconnect_addresses" { + description = "Map of internal addresses used for HPA VPN over Cloud Interconnect." + type = map(object({ + region = string + address = string + network = string + description = optional(string, "Terraform managed.") + prefix_length = number + })) + default = {} +} + # variable "internal_address_labels" { # description = "Optional labels for internal addresses, keyed by address name." # type = map(map(string)) @@ -76,4 +88,4 @@ variable "psc_addresses" { description = optional(string, "Terraform managed.") })) default = {} -} +} \ No newline at end of file diff --git a/tests/modules/net_address/examples/ipsec-interconnect.yaml b/tests/modules/net_address/examples/ipsec-interconnect.yaml new file mode 100644 index 000000000..2a9a43dea --- /dev/null +++ b/tests/modules/net_address/examples/ipsec-interconnect.yaml @@ -0,0 +1,36 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.addresses.google_compute_address.ipsec_interconnect["vpn-gw-range-1"]: + address: 10.255.255.0 + address_type: INTERNAL + name: vpn-gw-range-1 + network: projects/xxx/global/networks/aaa + prefix_length: 29 + project: project-id + purpose: IPSEC_INTERCONNECT + region: region + module.addresses.google_compute_address.ipsec_interconnect["vpn-gw-range-2"]: + address: 10.255.255.8 + address_type: INTERNAL + name: vpn-gw-range-2 + network: projects/xxx/global/networks/aaa + prefix_length: 29 + project: project-id + purpose: IPSEC_INTERCONNECT + region: region + +counts: + google_compute_address: 2 \ No newline at end of file