kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge development branch (#44)

Browse Source 
* VPN-HA module initial commit

* Added readme for net-vpn-ha module

* Update readme, add simple description

* Merge new modules list and environments foundation example (#30)

* gke-cluster

* net-vpc module and tests

* add TODO to net-vpc module

* add minimal README files with input/output variables to gke and net-vpc modules

* BigQuery Module (#24)

* Bigquery Module

* Added README file

* Added type hints

* gke-cluster

* net-vpc module and tests

* add TODO to net-vpc module

* add minimal README files with input/output variables to gke and net-vpc modules

* BigQuery Module (#24)

* Bigquery Module

* Added README file

* Added type hints

* GCS module

* net vpc module: improve secondary range outputs

* net vpc module: add serve project registration

* project module

* move bigquery module to not-ready folder

* folders module

* rename project module's iam variables

* slight tweak to folder module outputs

* gcs module

* simplify net-vpc module variables

* fix module tests configurations, fix net-vpc module tests

* add pydoc utility

* add/update module READMEs

* add/update module READMEs

* add/update module READMEs

* improve variable type summary generation in tfdoc

* tfdoc: add support for replacing doc in README.md files

* improve module READMEs

* net-vpc-firewall module

* add support for sensitive output attribute in tfdoc

* remove empty function from tfdoc

* render variable type as code in tfdoc

* update module READMEs

* net address module

* net cloudnat module

* remove redundant variable from net-cloudnat module

* vpc module: add support for peering, use network name as subnet name prefix

* net-vpn-static module

* net-vpn-static module README

* net-vpn-static module README

* tfdoc: fix error on undeclared variable type

* dns module

* set version for all modules

* kms module (untested)

* change kms key self links output to map, fix gcs and kms iam variable descriptions

* fix kms module

* update kms module readme

* simplify local iam pairs in modules

* service accounts module (unfinished)

* work on service accounts module

* project module: add gcr service account

* project module: update outputs in README

* first working version of the iam service accounts module

* iam service accounts module: extra checks in locals

* modules/net-cloudnat: reorder variables

* modules/net-vpn-dynamic: initial import (untested)

* modules/net-vpn-dynamic: first working version

* modules/net-vpn-dynamic: add outputs for auto-created router

* modules/net-vpn-dynamic: update README

* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix

* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables

* tfdoc: add tooltips for variable types and defaults

* modules: update README variables and outputs

* tfdoc: improve variable default rendering

* modules: update README variables and outputs

* modules/net-vpc: minimal output refactoring

* modules/vm-cos: initial import, base resources working, no outputs

* modules/vm-cos: add variable descriptions

* tfdoc: fix parsing in type and default blocks

* modules/vm-cos: fix README

* tfdoc: fix parsing in type and default blocks

* modules/vm-cos: fix README

* modules/compute-vm: initial working import (not fully tested)

* modules/vm-cos: move to not-ready

* tfdoc: fix variable defaults formatting

* modules: update README files with tfdoc fixes

* modules: add initial examples

* gke-nodepool: initial import, untested

* gke nodepool: add README, fix location variable, set node count default to 1

* gke cluster: fix private cluster variables

* gke nodepool: fix README title

* gke cluster: add output for cluster location

* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment

* gke nodepool: update README

* net-cloudnat: fix router name when creating default router

* fix variables used for address and router optional creation

* vpn dynamic: fix README

* modules/net-vpn-dynamic: fix router name output

* modules/compute-vm: remove unused variable

* modules/compute-vm-cos-coredns: initial import

* Update foundations modules versions (#26)

* update foundations modules versions

* update Terraform version to v0.12.19 in CI test configuration

* backport tfdoc from Ludo's branch (#27)

* Update docs using tfdoc format (#28)

* update README files

* set all types on variables

* foundations/environments: move log filter to a variable, use org for xpn by default

* foundations/environments: do not use liens by default

* modules/ntp-vpc: better shared_vpc_host variable description

* modules/logging-sinks: initial version

* modules/logging-sinks: streamline options in sinks variable

* modules/compute-vm-cos-coredns: add support for additional files

* modules/folders: rename from 'folder'

* modules/logging-sinks: fix circular dependencies and improve variables

* modules/project: remove extra variable

* modules/bigquery: new module with dataset support only

* foundations/environments: refactor using local modules

* modules/bigquery: better variables, README description and example

* modules: fix a few READMEs

Co-authored-by: Julio Castillo <juliocc@gmail.com>

* modules/net-vpc: README description and examples

* modules/net-vpc: tweak README description and examples

* modules/net-vpc: tweak README description and examples

* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description

* modules/compute-vm: README changes

* modules/compute-vm: use an object for the service account variable, update README

* modules/compute-vm: update README variables table

* modules/compute-vm: add TODO list to README

* modules/compute-vm: add TODO list to README

* modules/compute-vm: add outputs for service account

* modules/net-cloudnat: README

* modules/net-cloudnat: README

* modules/net-cloudnat: add router_create variable

* modules/compute-vm: simplify service account variables

* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null

* modules/net-vpn-dynamic: improve README example

* modules/gke-cluster: minimal README tweaks

* modules/kms: fix ephemeral keys resource name

* modules/iam-service-accounts: add storage roles

* modules/gke-nodepool: fix node default scopes

* New project variable to prevent deletion of default network (#32)

* New project variable to prevent deletion of default network

This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed

* Add TODOs to remove workarounds in the project module

* Fix Cloud Build files

* modules/gke-nodepool: add monitoring scope to defaults

* modules/iam-service-accounts: add support for IAM bindings onthe service accounts

* playground module in sandbox, remove not ready modules

* Fix ci configurations in development branch (#33)

* try fixing ci confgurations

* add exclusion match to ci boilerplate check

* add skip boilerplate comment to compute-vm-cos-coredns template fragment

* modules/gke-cluster: fix boilerplate in outputs

* Simplify tests, re-enable CI

* add instance group support to compute-vm, start tests refactoring

* modules/compute-vm: group fixes, tests

* modules/compute-vm: minimal test beautification

* simplify top-level pytest fixture

* modules/dns: tests and minor tweaks

* fix missing boilerplate in tests

* re-add requirements file to tests folder

* re-enable tests in ci build configuration

* Folder module tests and fixes (#38)

* folder tests wip

* modules/folders: tests and tweaks

* update folders and compute-vm README files

* modules/gcs: tests and minor tweaks

* Create README.md

* Update README.md

* Update README.md

* Update README.md

* Added docker image for strongSwan

* Add support for routes and tests to net-vpc module (#39)

* modules/net-vpc: add routes (untested)

* initial tests

* modules/net-vpc: add test for flow logs

* modules/net-vpc: split tests into two separate files

* modules/net-vpc: routes test

* modules/net-vpc: test routes

* Add support for Terraform plugin cache in ci test build file (#40)

* add Terraform plugin caching to test ci build configuration

* fix mkdir in test build configuration

* trigger test check

* Refactor dynamic vpn configuration for on-prem-in-a-box module

* Fix dynamic vpn for onprem-in-a-box module

* Migrate Shared VPC example to local modules (#41)

* wip

* wip

* validated, untested

* modules/compute-vm: make service account email in locals resilient to destroy

* modules/project: make project id output depend on iam roles

* fixes

* shared-vpc tweaks

* update diagram

* update README input output tables

* modules/compute-vm: add service account IAM email output

* move GKE service account roles at the project level, add GCE service account roles

* update diagram and README

* modules/project: add extra output for IAM-dependent project id

* update modules READMEs

* minor tweaks

* modules/compute-vm: fix service account output

* remove static address from NAT

* fix container service agent binding dependency

* rename shared vpc

* Update README.md

* Update README.md

* Add static vpn gw to on-prem-in-a-box module

* Refactor hub and spoke to use new modules (#42)

* modules/compute-vm: saner defaults for service account scopes

* hub and spoke refactor, docs still missing

* complete hub and spoke

* Update README.md

* Add toolbox docker container, fix gw routing to the internet

* Add DNS Hybrid connectivity parameters

* Fix onprem dns zone for the static vpn configuration

* Added readme.md for on-prem module

* Add new line at the end of the files

* Add boilerplate for cloudbuild config files

* fix boilerplate in strongswan shell script

* Update README.md

* include missing file to fix merge conflict

* remove missing file to fix merge conflict

* include missing file to fix merge conflict (again)

* remove content from spurious file used to avoid merge conflicts

* Add net-vpc-peering module

* Initial commit for hub-and-spoke-peering infrastructure example

* Fix typos in infrastructure/ READMEs

* remove stale file

* use larger resolution version of hub and spoke diagram

* Update README.md

* Update hub-and-spoke-peerings example to use internal modules

* Add initial project tests (#46)

* modules/project: make prefix optional

* initial project module tests

* modules/project: use null for unset parent

* modules/dns: backport PR6 from the CFT dns module

* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example

* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity

* Move locals out of main.tf

* remove ssh tag from compute-vm variable default

* Add ssh tag to the test vms

* Update README.md

* Update README.md

* Update README.md

* Hub and spoke peering changes (#48)

* rename hub-and-spoke-vpn

* add ssh tag to shared-vpc-gke instance

* rename and rework hub and spoke peering

* fix test requirements

* align hub and spoke peering with module contents

* diagram

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* minimal fixes to onprem examples variable files

* onprem example stub, missing DNS zones and private.googleapis records onprem

* add missing boilerplate

* Update README.md

* Update README.md

* infra/onprem: add test instance and minimal outputs

* add DNS modules and resource

* infra/onprem: diagram and initial README

* minor changes to onprem module and example (#49)

* update toolbox image

* infra/onprem: add zone for private access, add metadata domain to onprem dns

* infra/onprem: onnprem service account, add testing procedure in README

* Update README.md

* infra/onprem: remove extra variable

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* infra/onprem: rename forwarder address variable

* Update README:

Added explicit --tunnel-through-iap for gcloud compute ssh commands

* Update top-level and section READMEs (#50)

* top-level README WIP

* rewrite top-level README

* change top-level README title

* remove initial quote in top-level README

* Update README.md

* Update README.md

* Update README.md

* foundations README

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* add experimental scheduled cloud function module

* scheduled cloud function module: allow disabling schedule

* business-units foundation example (#52)

* Added folder-units module.

* Business units example update (WIP)

* Update all BU modules to internal ones

* Refactoring business-units example, add billing and org IAM handling

* update projects tests for new iam additive naming

* update project README for new iam additive naming

* streamline bu example and module (#53)

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>

* align net-vpn-ha interface with the other vpn modules

* update module README files

* Update README.md

* Update README.md

* Create CHANGELOG.md

* Refactor COS module to be generic (#51)

* Create generic COS module and update CoreDNS module to use it

* Update compute-vm-cos README

* Fix COS README

* Update COS example

* Skip boilerplate check for COS file template

* Make COS module more generic and provide preset configurations

* Update COS module documentation

* tfdoc: add support for multiple variables files

* compute-vm: split boot disk in separate variable file for cos module support

* Streamline cos modules (#54)

* tfdoc: fix bug in last commit

* compute-vm: add support for user-data

* compute-vm: restore noncos variable split

* remove compute-vm-cos-coredns

* compute-vm: revert to original state

* cos-container/coredns

* fix variables mess

* cos/coredns fixes

* cos/mysql

* remove stale compute-vm-cos module

* add test instance to cos modules

* tfdoc: add support for multiple output files

* cos: add initial READMEs

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* add test apply fixture

* cos-coredns: tested

* Update README.md

* Fix typo

* cos-coredns: refactor README

* Update README.md

* test yaml validity in cos modules tests

* cos mysql tests

* cos mysql: refactor and test (disk tests missing)

* onprem: fix Coredns

* cos mysql: additional disk working

* cos modules: fix instance disks for no instance

* update some modules READMEs

* update some modules READMEs

* Update README.md

* Update README.md

* add simple tests for foundations/environments

* change default for org id in foundations/environments to avoid errors when none is specified

* fix null/empty organization id in foundations/environments

* fix errors when destroying on empty state in foundations/environments

* fundations/bu: fix errors when destroying with empty state

* modules/gcs: make outputs resilient on destroy with empty state

* modules/folders: make outputs resilient on destroy with empty state

* switch organization_id variable to long form in foundations/bu and modules/folders-unit

* Update README.md

* infra/shared-vpc: remove duplicate tag attribute from bastion

Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
This commit is contained in:
Ludovico Magnocavallo
2020-04-03 14:06:48 +02:00
committed by GitHub
parent b278c4eae4
commit c486bfc66f
282 changed files with 14296 additions and 2759 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
modules/net-vpn-dynamic/README.md Normal file
View File

@@ -0,0 +1,72 @@
# Cloud VPN Dynamic Module
## Example
This example shows how to configure a single VPN tunnel using a couple of extra features
- custom advertisement on the tunnel's BGP session; if custom advertisement is not needed, simply set the `bgp_peer_options` attribute to `null`
- internally generated shared secret, which can be fetched from the module's `random_secret` output for reuse; a predefined secret can be used instead by assigning it to the `shared_secret` attribute
```hcl
module "vpn-dynamic" {
source = "./modules/net-vpn-dynamic"
project_id = "my-project"
region = "europe-west1"
network = "my-vpc"
name = "gateway-1"
tunnels = {
remote-1 = {
bgp_peer = {
address = "169.254.139.134"
asn = 64513
}
bgp_session_range = "169.254.139.133/30"
ike_version = 2
peer_ip = var.remote_vpn_gateway.address
shared_secret = null
bgp_peer_options = {
advertise_groups = ["ALL_SUBNETS"]
advertise_ip_ranges = {
"192.168.0.0/24" = "Advertised range description"
}
advertise_mode = "CUSTOM"
route_priority = 1000
}
}
}
}
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| name | VPN gateway name, and prefix used for dependent resources. | <code title="">string</code> | ✓ | |
| network | VPC used for the gateway and routes. | <code title="">string</code> | ✓ | |
| project_id | Project where resources will be created. | <code title="">string</code> | ✓ | |
| region | Region used for resources. | <code title="">string</code> | ✓ | |
| *gateway_address* | Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. | <code title="">string</code> | | <code title=""></code> |
| *gateway_address_create* | Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. | <code title="">bool</code> | | <code title="">true</code> |
| *route_priority* | Route priority, defaults to 1000. | <code title="">number</code> | | <code title="">1000</code> |
| *router_advertise_config* | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | <code title="object&#40;&#123;&#10;groups &#61; list&#40;string&#41;&#10;ip_ranges &#61; map&#40;string&#41;&#10;mode &#61; string&#10;&#125;&#41;">object({...})</code> | | <code title="">null</code> |
| *router_asn* | Router ASN used for auto-created router. | <code title="">number</code> | | <code title="">64514</code> |
| *router_create* | Create router. | <code title="">bool</code> | | <code title="">true</code> |
| *router_name* | Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. | <code title="">string</code> | | <code title=""></code> |
| *tunnels* | VPN tunnel configurations, bgp_peer_options is usually null. | <code title="map&#40;object&#40;&#123;&#10;bgp_peer &#61; object&#40;&#123;&#10;address &#61; string&#10;asn &#61; number&#10;&#125;&#41;&#10;bgp_peer_options &#61; object&#40;&#123;&#10;advertise_groups &#61; list&#40;string&#41;&#10;advertise_ip_ranges &#61; map&#40;string&#41;&#10;advertise_mode &#61; string&#10;route_priority &#61; number&#10;&#125;&#41;&#10;bgp_session_range &#61; string&#10;ike_version &#61; number&#10;peer_ip &#61; string&#10;shared_secret &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">{}</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| address | VPN gateway address. | |
| gateway | VPN gateway resource. | |
| name | VPN gateway name. | |
| random_secret | Generated secret. | ✓ |
| router | Router resource (only if auto-created). | |
| router_name | Router name. | |
| self_link | VPN gateway self link. | |
| tunnel_names | VPN tunnel names. | |
| tunnel_self_links | VPN tunnel self links. | |
| tunnels | VPN tunnel resources. | |
<!-- END TFDOC -->

182
modules/net-vpn-dynamic/main.tf Normal file
View File

@@ -0,0 +1,182 @@
/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
gateway_address = (
var.gateway_address_create
? google_compute_address.gateway[0].address
: var.gateway_address
)
router = (
var.router_create
? google_compute_router.router[0].name
: var.router_name
)
secret = random_id.secret.b64_url
}
resource "google_compute_address" "gateway" {
count = var.gateway_address_create ? 1 : 0
name = "vpn-${var.name}"
project = var.project_id
region = var.region
}
resource "google_compute_forwarding_rule" "esp" {
name = "vpn-${var.name}-esp"
project = var.project_id
region = var.region
target = google_compute_vpn_gateway.gateway.self_link
ip_address = local.gateway_address
ip_protocol = "ESP"
}
resource "google_compute_forwarding_rule" "udp-500" {
name = "vpn-${var.name}-udp-500"
project = var.project_id
region = var.region
target = google_compute_vpn_gateway.gateway.self_link
ip_address = local.gateway_address
ip_protocol = "UDP"
port_range = "500"
}
resource "google_compute_forwarding_rule" "udp-4500" {
name = "vpn-${var.name}-udp-4500"
project = var.project_id
region = var.region
target = google_compute_vpn_gateway.gateway.self_link
ip_address = local.gateway_address
ip_protocol = "UDP"
port_range = "4500"
}
resource "google_compute_router" "router" {
count = var.router_create ? 1 : 0
name = var.router_name == "" ? "vpn-${var.name}" : var.router_name
project = var.project_id
region = var.region
network = var.network
bgp {
advertise_mode = (
var.router_advertise_config == null
? null
: var.router_advertise_config.mode
)
advertised_groups = (
var.router_advertise_config == null ? null : (
var.router_advertise_config.mode != "CUSTOM"
? null
: var.router_advertise_config.groups
)
)
dynamic advertised_ip_ranges {
for_each = (
var.router_advertise_config == null ? {} : (
var.router_advertise_config.mode != "CUSTOM"
? null
: var.router_advertise_config.ip_ranges
)
)
iterator = range
content {
range = range.key
description = range.value
}
}
asn = var.router_asn
}
}
resource "google_compute_router_peer" "bgp_peer" {
for_each = var.tunnels
region = var.region
project = var.project_id
name = "${var.name}-${each.key}"
router = local.router
peer_ip_address = each.value.bgp_peer.address
peer_asn = each.value.bgp_peer.asn
advertised_route_priority = (
each.value.bgp_peer_options == null ? var.route_priority : (
each.value.bgp_peer_options.route_priority == null
? var.route_priority
: each.value.bgp_peer_options.route_priority
)
)
advertise_mode = (
each.value.bgp_peer_options == null ? null : each.value.bgp_peer_options.advertise_mode
)
advertised_groups = (
each.value.bgp_peer_options == null ? null : (
each.value.bgp_peer_options.advertise_mode != "CUSTOM"
? null
: each.value.bgp_peer_options.advertise_groups
)
)
dynamic advertised_ip_ranges {
for_each = (
each.value.bgp_peer_options == null ? {} : (
each.value.bgp_peer_options.advertise_mode != "CUSTOM"
? {}
: each.value.bgp_peer_options.advertise_ip_ranges
)
)
iterator = range
content {
range = range.key
description = range.value
}
}
interface = google_compute_router_interface.router_interface[each.key].name
}
resource "google_compute_router_interface" "router_interface" {
for_each = var.tunnels
project = var.project_id
region = var.region
name = "${var.name}-${each.key}"
router = local.router
ip_range = each.value.bgp_session_range == "" ? null : each.value.bgp_session_range
vpn_tunnel = google_compute_vpn_tunnel.tunnels[each.key].name
}
resource "google_compute_vpn_gateway" "gateway" {
name = var.name
project = var.project_id
region = var.region
network = var.network
}
resource "google_compute_vpn_tunnel" "tunnels" {
for_each = var.tunnels
project = var.project_id
region = var.region
name = "${var.name}-${each.key}"
router = local.router
peer_ip = each.value.peer_ip
ike_version = each.value.ike_version
shared_secret = (
each.value.shared_secret == "" || each.value.shared_secret == null
? local.secret
: each.value.shared_secret
)
target_vpn_gateway = google_compute_vpn_gateway.gateway.self_link
depends_on = [google_compute_forwarding_rule.esp]
}
resource "random_id" "secret" {
byte_length = 8
}

75
modules/net-vpn-dynamic/outputs.tf Normal file
View File

@@ -0,0 +1,75 @@
/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "address" {
description = "VPN gateway address."
value = local.gateway_address
}
output "gateway" {
description = "VPN gateway resource."
value = google_compute_vpn_gateway.gateway
}
output "name" {
description = "VPN gateway name."
value = google_compute_vpn_gateway.gateway.name
}
output "router" {
description = "Router resource (only if auto-created)."
value = var.router_create ? google_compute_router.router[0] : null
}
output "router_name" {
description = "Router name."
value = local.router
}
output "self_link" {
description = "VPN gateway self link."
value = google_compute_vpn_gateway.gateway.self_link
}
output "tunnels" {
description = "VPN tunnel resources."
value = {
for name in keys(var.tunnels) :
name => google_compute_vpn_tunnel.tunnels[name]
}
}
output "tunnel_names" {
description = "VPN tunnel names."
value = {
for name in keys(var.tunnels) :
name => google_compute_vpn_tunnel.tunnels[name].name
}
}
output "tunnel_self_links" {
description = "VPN tunnel self links."
value = {
for name in keys(var.tunnels) :
name => google_compute_vpn_tunnel.tunnels[name].self_link
}
}
output "random_secret" {
description = "Generated secret."
sensitive = true
value = local.secret
}

104
modules/net-vpn-dynamic/variables.tf Normal file
View File

@@ -0,0 +1,104 @@
/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "gateway_address_create" {
description = "Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable."
type = bool
default = true
}
variable "gateway_address" {
description = "Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false."
type = string
default = ""
}
variable "name" {
description = "VPN gateway name, and prefix used for dependent resources."
type = string
}
variable "network" {
description = "VPC used for the gateway and routes."
type = string
}
variable "project_id" {
description = "Project where resources will be created."
type = string
}
variable "region" {
description = "Region used for resources."
type = string
}
variable "route_priority" {
description = "Route priority, defaults to 1000."
type = number
default = 1000
}
variable "router_advertise_config" {
description = "Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions."
type = object({
groups = list(string)
ip_ranges = map(string)
mode = string
})
default = null
}
variable "router_asn" {
description = "Router ASN used for auto-created router."
type = number
default = 64514
}
variable "router_create" {
description = "Create router."
type = bool
default = true
}
variable "router_name" {
description = "Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router."
type = string
default = ""
}
variable "tunnels" {
description = "VPN tunnel configurations, bgp_peer_options is usually null."
type = map(object({
bgp_peer = object({
address = string
asn = number
})
bgp_peer_options = object({
advertise_groups = list(string)
advertise_ip_ranges = map(string)
advertise_mode = string
route_priority = number
})
# each BGP session on the same Cloud Router must use a unique /30 CIDR
# from the 169.254.0.0/16 block.
bgp_session_range = string
ike_version = number
peer_ip = string
shared_secret = string
}))
default = {}
}

19
modules/net-vpn-dynamic/versions.tf Normal file
View File

@@ -0,0 +1,19 @@
/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
terraform {
required_version = ">= 0.12.6"
}