diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8685b784..13297f544 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
- add support for virtual displays in `compute-vm`
- add examples of alias IPs in `compute-vm` module
- fix support for creating disks from images in `compute-vm`
+- allow creating single-sided peerings in `net-vpc` and `net-vpc-peering`
## [3.4.0] - 2020-09-24
diff --git a/modules/net-vpc-peering/README.md b/modules/net-vpc-peering/README.md
index f10994383..b83964f7e 100644
--- a/modules/net-vpc-peering/README.md
+++ b/modules/net-vpc-peering/README.md
@@ -53,7 +53,8 @@ module "peering-a-c" {
| *export_local_custom_routes* | Export custom routes to peer network from local network. | bool | | false |
| *export_peer_custom_routes* | Export custom routes to local network from peer network. | bool | | false |
| *module_depends_on* | List of modules or resources this module depends on. | list | | [] |
-| *prefix* | Name prefix for the network peerings | string | | network-peering |
+| *peer_create_peering* | Create the peering on the remote side. If false, only the peering from this network to the remote network is created. | bool | | true |
+| *prefix* | Name prefix for the network peerings. | string | | network-peering |
## Outputs
diff --git a/modules/net-vpc-peering/main.tf b/modules/net-vpc-peering/main.tf
index 3090505a1..cd0044221 100644
--- a/modules/net-vpc-peering/main.tf
+++ b/modules/net-vpc-peering/main.tf
@@ -30,6 +30,7 @@ resource "google_compute_network_peering" "local_network_peering" {
}
resource "google_compute_network_peering" "peer_network_peering" {
+ count = var.peer_create_peering ? 1 : 0
name = "${var.prefix}-${local.peer_network_name}-${local.local_network_name}"
network = var.peer_network
peer_network = var.local_network
diff --git a/modules/net-vpc-peering/variables.tf b/modules/net-vpc-peering/variables.tf
index 4cd255a9d..edea01882 100644
--- a/modules/net-vpc-peering/variables.tf
+++ b/modules/net-vpc-peering/variables.tf
@@ -15,7 +15,7 @@
*/
variable "prefix" {
- description = "Name prefix for the network peerings"
+ description = "Name prefix for the network peerings."
type = string
default = "network-peering"
}
@@ -47,3 +47,9 @@ variable "module_depends_on" {
type = list
default = []
}
+
+variable "peer_create_peering" {
+ description = "Create the peering on the remote side. If false, only the peering from this network to the remote network is created."
+ type = bool
+ default = true
+}
diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 290857299..39406973c 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -37,6 +37,8 @@ module "vpc" {
A single peering can be configured for the VPC, so as to allow management of simple scenarios, and more complex configurations like hub and spoke by defining the peering configuration on the spoke VPCs. Care must be taken so as a single peering is created/changed/destroyed at a time, due to the specific behaviour of the peering API calls.
+If you only want to create the "local" side of the peering, use `peering_create_remote_end` to `false`. This is useful if you don't have permissions on the remote project/VPC to create peerings.
+
```hcl
module "vpc-spoke-1" {
source = "../modules/net-vpc"
@@ -119,6 +121,7 @@ module "vpc-host" {
| *log_config_defaults* | Default configuration for flow logs when enabled. | object({...}) | | ... |
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | map(map(string)) | | {} |
| *peering_config* | VPC peering configuration. | object({...}) | | null |
+| *peering_create_remote_end* | Skip creation of peering on the remote end when using peering_config | bool | | true |
| *routes* | Network routes, keyed by name. | map(object({...})) | | {} |
| *routing_mode* | The network routing mode (default 'GLOBAL') | string | | GLOBAL |
| *shared_vpc_host* | Enable shared VPC for this project. | bool | | false |
diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index 96dd92172..9f22d3753 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -101,7 +101,7 @@ resource "google_compute_network_peering" "local" {
resource "google_compute_network_peering" "remote" {
provider = google-beta
- count = var.peering_config == null ? 0 : 1
+ count = var.peering_config != null && var.peering_create_remote_end ? 1 : 0
name = "${local.peer_network}-${var.name}"
network = var.peering_config.peer_vpc_self_link
peer_network = local.network.self_link
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 96cc67427..3a4d0c03f 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -79,6 +79,12 @@ variable "peering_config" {
default = null
}
+variable "peering_create_remote_end" {
+ description = "Skip creation of peering on the remote end when using peering_config"
+ type = bool
+ default = true
+}
+
variable "project_id" {
description = "The ID of the project where this VPC will be created"
type = string