Add ability to autogenerate md5 keys in net-vpn-ha (#2748)

* Add ability to optionally generate MD5 secrets in VPN module * Add ability to autogenerate MD5 keys in net-vpn-ha module * restore missing output * fix test counts --------- Co-authored-by: Luca Prete <lucaprete@google.com> Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-12-06 10:34:56 +03:00
parent 5842bf7407
commit c6c6bbfffa
17 changed files with 71 additions and 39 deletions
--- a/modules/net-vpn-ha/main.tf
+++ b/modules/net-vpn-ha/main.tf
@@ -16,6 +16,10 @@
 */

 locals {
+  md5_keys = {
+    for k, v in random_id.md5_keys
+    : k => v.b64_url
+  }
  peer_gateways_external = {
    for k, v in var.peer_gateways : k => v.external if v.external != null
  }
@@ -117,7 +121,7 @@ resource "google_compute_router_peer" "bgp_peer" {
    for_each = each.value.bgp_peer.md5_authentication_key != null ? toset([each.value.bgp_peer.md5_authentication_key]) : []
    content {
      name = md5_authentication_key.value.name
-      key  = md5_authentication_key.value.key
+      key  = coalesce(md5_authentication_key.value.key, local.md5_keys[each.key])
    }
  }
  enable_ipv6               = try(each.value.bgp_peer.ipv6, null) == null ? false : true
@@ -160,3 +164,8 @@ resource "google_compute_vpn_tunnel" "tunnels" {
 resource "random_id" "secret" {
  byte_length = 8
 }
+
+resource "random_id" "md5_keys" {
+  for_each    = var.tunnels
+  byte_length = 12
+}