Merge pull request #132 from terraform-google-modules/vpn-ha-optional-gateway

Make VPN Gateway creation optional for the net-vpn-ha module
2020-09-01 16:32:14 +02:00
parent fe857ee96f aacb570ac8
commit d45934e544
6 changed files with 55 additions and 22 deletions
--- a/modules/net-vpn-ha/README.md
+++ b/modules/net-vpn-ha/README.md
@@ -136,7 +136,7 @@ module "vpn_ha" {

 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
-| name | VPN gateway name, and prefix used for dependent resources. | <code title="">string</code> | ✓ |  |
+| name | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | <code title="">string</code> | ✓ |  |
 | network | VPC used for the gateway and routes. | <code title="">string</code> | ✓ |  |
 | project_id | Project where resources will be created. | <code title="">string</code> | ✓ |  |
 | region | Region used for resources. | <code title="">string</code> | ✓ |  |
@@ -146,16 +146,18 @@ module "vpn_ha" {
 | *router_advertise_config* | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | <code title="object&#40;&#123;&#10;groups    &#61; list&#40;string&#41;&#10;ip_ranges &#61; map&#40;string&#41;&#10;mode      &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
 | *router_asn* | Router ASN used for auto-created router. | <code title="">number</code> |  | <code title="">64514</code> |
 | *router_create* | Create router. | <code title="">bool</code> |  | <code title="">true</code> |
-| *router_name* | Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. | <code title="">string</code> |  | <code title=""></code> |
+| *router_name* | Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router. | <code title="">string</code> |  | <code title=""></code> |
 | *tunnels* | VPN tunnel configurations, bgp_peer_options is usually null. | <code title="map&#40;object&#40;&#123;&#10;bgp_peer &#61; object&#40;&#123;&#10;address &#61; string&#10;asn     &#61; number&#10;&#125;&#41;&#10;bgp_peer_options &#61; object&#40;&#123;&#10;advertise_groups    &#61; list&#40;string&#41;&#10;advertise_ip_ranges &#61; map&#40;string&#41;&#10;advertise_mode      &#61; string&#10;route_priority      &#61; number&#10;&#125;&#41;&#10;bgp_session_range               &#61; string&#10;ike_version                     &#61; number&#10;vpn_gateway_interface           &#61; number&#10;peer_external_gateway_interface &#61; number&#10;shared_secret                   &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
+| *vpn_gateway* | HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`. | <code title="">string</code> |  | <code title="">null</code> |
+| *vpn_gateway_create* | Create HA VPN Gateway. | <code title="">bool</code> |  | <code title="">true</code> |

 ## Outputs

 | name | description | sensitive |
 |---|---|:---:|
 | external_gateway | External VPN gateway resource. |  |
-| gateway | HA VPN gateway resource. |  |
-| name | VPN gateway name. |  |
+| gateway | VPN gateway resource (only if auto-created). |  |
+| name | VPN gateway name (only if auto-created).  |  |
 | random_secret | Generated secret. | ✓ |
 | router | Router resource (only if auto-created). |  |
 | router_name | Router name. |  |
--- a/modules/net-vpn-ha/main.tf
+++ b/modules/net-vpn-ha/main.tf
@@ -27,11 +27,17 @@ locals {
    ? try(google_compute_router.router[0].name, null)
    : var.router_name
  )
+  vpn_gateway = (
+    var.vpn_gateway_create
+    ? try(google_compute_ha_vpn_gateway.ha_gateway[0].self_link, null)
+    : var.vpn_gateway
+  )
  secret = random_id.secret.b64_url
 }

 resource "google_compute_ha_vpn_gateway" "ha_gateway" {
  provider = google-beta
+  count    = var.vpn_gateway_create ? 1 : 0
  name     = var.name
  project  = var.project_id
  region   = var.region
@@ -55,12 +61,11 @@ resource "google_compute_external_vpn_gateway" "external_gateway" {
 }

 resource "google_compute_router" "router" {
-  provider = google-beta
-  count    = var.router_create ? 1 : 0
-  name     = var.router_name == "" ? "vpn-${var.name}" : var.router_name
-  project  = var.project_id
-  region   = var.region
-  network  = var.network
+  count   = var.router_create ? 1 : 0
+  name    = var.router_name == "" ? "vpn-${var.name}" : var.router_name
+  project = var.project_id
+  region  = var.region
+  network = var.network
  bgp {
    advertise_mode = (
      var.router_advertise_config == null
@@ -135,7 +140,6 @@ resource "google_compute_router_peer" "bgp_peer" {
 }

 resource "google_compute_router_interface" "router_interface" {
-  provider   = google-beta
  for_each   = var.tunnels
  project    = var.project_id
  region     = var.region
@@ -162,7 +166,7 @@ resource "google_compute_vpn_tunnel" "tunnels" {
    ? local.secret
    : each.value.shared_secret
  )
-  vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.self_link
+  vpn_gateway = local.vpn_gateway
 }

 resource "random_id" "secret" {
--- a/modules/net-vpn-ha/outputs.tf
+++ b/modules/net-vpn-ha/outputs.tf
@@ -1,4 +1,3 @@
-
 /**
 * Copyright 2019 Google LLC
 *
@@ -16,8 +15,12 @@
 */

 output "gateway" {
-  description = "HA VPN gateway resource."
-  value       = google_compute_ha_vpn_gateway.ha_gateway
+  description = "VPN gateway resource (only if auto-created)."
+  value = (
+    var.vpn_gateway_create
+    ? google_compute_ha_vpn_gateway.ha_gateway[0]
+    : null
+  )
 }

 output "external_gateway" {
@@ -30,13 +33,21 @@ output "external_gateway" {
 }

 output "name" {
-  description = "VPN gateway name."
-  value       = google_compute_ha_vpn_gateway.ha_gateway.name
+  description = "VPN gateway name (only if auto-created). "
+  value = (
+    var.vpn_gateway_create
+    ? google_compute_ha_vpn_gateway.ha_gateway[0].name
+    : null
+  )
 }

 output "router" {
  description = "Router resource (only if auto-created)."
-  value       = var.router_name == "" ? google_compute_router.router[0] : null
+  value = (
+    var.router_name == ""
+    ? google_compute_router.router[0]
+    : null
+  )
 }

 output "router_name" {
@@ -46,7 +57,7 @@ output "router_name" {

 output "self_link" {
  description = "HA VPN gateway self link."
-  value       = google_compute_ha_vpn_gateway.ha_gateway.self_link
+  value       = local.vpn_gateway
 }

 output "tunnels" {
--- a/modules/net-vpn-ha/variables.tf
+++ b/modules/net-vpn-ha/variables.tf
@@ -15,10 +15,22 @@
 */

 variable "name" {
-  description = "VPN gateway name, and prefix used for dependent resources."
+  description = "VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources."
  type        = string
 }

+variable "vpn_gateway_create" {
+  description = "Create HA VPN Gateway."
+  type        = bool
+  default     = true
+}
+
+variable "vpn_gateway" {
+  description = "HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`."
+  type        = string
+  default     = null
+}
+
 variable "network" {
  description = "VPC used for the gateway and routes."
  type        = string
@@ -81,7 +93,7 @@ variable "router_create" {
 }

 variable "router_name" {
-  description = "Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router."
+  description = "Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router."
  type        = string
  default     = ""
 }