kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix subnet configuration in cloud nat module (#2171)

Browse Source 
* support optional secondary ranges in net-cloudnat module

* fix subnet configuration

* fix packer blueprint
This commit is contained in:
Ludovico Magnocavallo
2024-03-22 15:59:02 +01:00
committed by GitHub
parent 1ee7494a30
commit a590deb58b
5 changed files with 184 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
modules/net-cloudnat/main.tf
View File

@@ -20,6 +20,15 @@ locals {
? try(google_compute_router.router[0].name, null)
: var.router_name
)
subnet_config = (
var.config_source_subnetworks.all != true
? "LIST_OF_SUBNETWORKS"
: (
var.config_source_subnetworks.primary_ranges_only == true
? "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES"
: "ALL_SUBNETWORKS_ALL_IP_RANGES"
)
)
}
resource "google_compute_router" "router" {
@@ -38,22 +47,32 @@ resource "google_compute_router" "router" {
}
resource "google_compute_router_nat" "nat" {
project = var.project_id
region = var.region
name = var.name
router = local.router_name
nat_ips = var.addresses
nat_ip_allocate_option = length(var.addresses) > 0 ? "MANUAL_ONLY" : "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = var.config_source_subnets
icmp_idle_timeout_sec = var.config_timeouts.icmp
udp_idle_timeout_sec = var.config_timeouts.udp
tcp_established_idle_timeout_sec = var.config_timeouts.tcp_established
tcp_time_wait_timeout_sec = var.config_timeouts.tcp_time_wait
tcp_transitory_idle_timeout_sec = var.config_timeouts.tcp_transitory
enable_endpoint_independent_mapping = var.config_port_allocation.enable_endpoint_independent_mapping
enable_dynamic_port_allocation = var.config_port_allocation.enable_dynamic_port_allocation
min_ports_per_vm = var.config_port_allocation.min_ports_per_vm
max_ports_per_vm = var.config_port_allocation.max_ports_per_vm
project = var.project_id
region = var.region
name = var.name
router = local.router_name
nat_ips = var.addresses
nat_ip_allocate_option = (
length(var.addresses) > 0 ? "MANUAL_ONLY" : "AUTO_ONLY"
)
source_subnetwork_ip_ranges_to_nat = local.subnet_config
icmp_idle_timeout_sec = var.config_timeouts.icmp
udp_idle_timeout_sec = var.config_timeouts.udp
tcp_established_idle_timeout_sec = var.config_timeouts.tcp_established
tcp_time_wait_timeout_sec = var.config_timeouts.tcp_time_wait
tcp_transitory_idle_timeout_sec = var.config_timeouts.tcp_transitory
enable_endpoint_independent_mapping = (
var.config_port_allocation.enable_endpoint_independent_mapping
)
enable_dynamic_port_allocation = (
var.config_port_allocation.enable_dynamic_port_allocation
)
min_ports_per_vm = (
var.config_port_allocation.min_ports_per_vm
)
max_ports_per_vm = (
var.config_port_allocation.max_ports_per_vm
)
log_config {
enable = var.logging_filter == null ? false : true
@@ -61,24 +80,29 @@ resource "google_compute_router_nat" "nat" {
}
dynamic "subnetwork" {
for_each = var.subnetworks
iterator = subnet
for_each = toset(
local.subnet_config == "LIST_OF_SUBNETWORKS"
? var.config_source_subnetworks.subnetworks
: []
)
content {
name = subnet.value.self_link
name = subnetwork.value.self_link
source_ip_ranges_to_nat = (
subnet.value.all_ip_ranges == true ? ["ALL_IP_RANGES"] : concat(
subnetwork.value.all_ranges == true
? ["ALL_IP_RANGES"]
: concat(
["PRIMARY_IP_RANGE"],
(
subnet.value.secondary_ranges == null
subnetwork.value.secondary_ranges == null
? []
: ["LIST_OF_SECONDARY_IP_RANGES"]
)
)
)
secondary_ip_range_names = (
subnet.value.all_ip_ranges == true
subnetwork.value.all_ranges == true
? null
: subnet.value.secondary_ranges
: subnetwork.value.secondary_ranges
)
}
}