Update rest of vpn modules to tf1.3

2022-11-30 15:19:49 +01:00
parent 620babe5c0
commit e976d71428
8 changed files with 85 additions and 124 deletions
--- a/modules/net-vpn-dynamic/main.tf
+++ b/modules/net-vpn-dynamic/main.tf
@@ -21,9 +21,9 @@ locals {
    : var.gateway_address
  )
  router = (
-    var.router_create
-    ? google_compute_router.router[0].name
-    : var.router_name
+    var.router_config.create
+    ? try(google_compute_router.router[0].name, null)
+    : var.router_config.name
  )
  secret = random_id.secret.b64_url
 }
@@ -65,75 +65,56 @@ resource "google_compute_forwarding_rule" "udp-4500" {
 }

 resource "google_compute_router" "router" {
-  count   = var.router_create ? 1 : 0
-  name    = var.router_name == "" ? "vpn-${var.name}" : var.router_name
+  count   = var.router_config.create ? 1 : 0
+  name    = coalesce(var.router_config.name, "vpn-${var.name}")
  project = var.project_id
  region  = var.region
  network = var.network
  bgp {
    advertise_mode = (
-      var.router_advertise_config == null
-      ? null
-      : var.router_advertise_config.mode
+      var.router_config.custom_advertise != null
+      ? "CUSTOM"
+      : "DEFAULT"
    )
    advertised_groups = (
-      var.router_advertise_config == null ? null : (
-        var.router_advertise_config.mode != "CUSTOM"
-        ? null
-        : var.router_advertise_config.groups
-      )
+      try(var.router_config.custom_advertise.all_subnets, false)
+      ? ["ALL_SUBNETS"]
+      : []
    )
    dynamic "advertised_ip_ranges" {
-      for_each = (
-        var.router_advertise_config == null ? {} : (
-          var.router_advertise_config.mode != "CUSTOM"
-          ? null
-          : var.router_advertise_config.ip_ranges
-        )
-      )
+      for_each = try(var.router_config.custom_advertise.ip_ranges, {})
      iterator = range
      content {
        range       = range.key
        description = range.value
      }
    }
-    asn = var.router_asn
+    keepalive_interval = try(var.router_config.keepalive, null)
+    asn                = var.router_config.asn
  }
 }

 resource "google_compute_router_peer" "bgp_peer" {
-  for_each        = var.tunnels
-  region          = var.region
-  project         = var.project_id
-  name            = "${var.name}-${each.key}"
-  router          = each.value.router == null ? local.router : each.value.router
-  peer_ip_address = each.value.bgp_peer.address
-  peer_asn        = each.value.bgp_peer.asn
-  advertised_route_priority = (
-    each.value.bgp_peer_options == null ? var.route_priority : (
-      each.value.bgp_peer_options.route_priority == null
-      ? var.route_priority
-      : each.value.bgp_peer_options.route_priority
-    )
-  )
+  for_each                  = var.tunnels
+  region                    = var.region
+  project                   = var.project_id
+  name                      = "${var.name}-${each.key}"
+  router                    = coalesce(each.value.router, local.router)
+  peer_ip_address           = each.value.bgp_peer.address
+  peer_asn                  = each.value.bgp_peer.asn
+  advertised_route_priority = each.value.bgp_peer.route_priority
  advertise_mode = (
-    each.value.bgp_peer_options == null ? null : each.value.bgp_peer_options.advertise_mode
+    try(each.value.bgp_peer.custom_advertise, null) != null
+    ? "CUSTOM"
+    : "DEFAULT"
  )
-  advertised_groups = (
-    each.value.bgp_peer_options == null ? null : (
-      each.value.bgp_peer_options.advertise_mode != "CUSTOM"
-      ? null
-      : each.value.bgp_peer_options.advertise_groups
-    )
+  advertised_groups = concat(
+    try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [],
+    try(each.value.bgp_peer.custom_advertise.all_vpc_subnets, false) ? ["ALL_VPC_SUBNETS"] : [],
+    try(each.value.bgp_peer.custom_advertise.all_peer_vpc_subnets, false) ? ["ALL_PEER_VPC_SUBNETS"] : []
  )
  dynamic "advertised_ip_ranges" {
-    for_each = (
-      each.value.bgp_peer_options == null ? {} : (
-        each.value.bgp_peer_options.advertise_mode != "CUSTOM"
-        ? {}
-        : each.value.bgp_peer_options.advertise_ip_ranges
-      )
-    )
+    for_each = try(each.value.bgp_peer.custom_advertise.ip_ranges, {})
    iterator = range
    content {
      range       = range.key
@@ -144,11 +125,12 @@ resource "google_compute_router_peer" "bgp_peer" {
 }

 resource "google_compute_router_interface" "router_interface" {
-  for_each   = var.tunnels
-  project    = var.project_id
-  region     = var.region
-  name       = "${var.name}-${each.key}"
-  router     = each.value.router == null ? local.router : each.value.router
+  for_each = var.tunnels
+  project  = var.project_id
+  region   = var.region
+  name     = "${var.name}-${each.key}"
+  router   = coalesce(each.value.router, local.router)
+  # FIXME: can bgp_session_range be null?
  ip_range   = each.value.bgp_session_range == "" ? null : each.value.bgp_session_range
  vpn_tunnel = google_compute_vpn_tunnel.tunnels[each.key].name
 }
@@ -161,18 +143,14 @@ resource "google_compute_vpn_gateway" "gateway" {
 }

 resource "google_compute_vpn_tunnel" "tunnels" {
-  for_each    = var.tunnels
-  project     = var.project_id
-  region      = var.region
-  name        = "${var.name}-${each.key}"
-  router      = each.value.router == null ? local.router : each.value.router
-  peer_ip     = each.value.peer_ip
-  ike_version = each.value.ike_version
-  shared_secret = (
-    each.value.shared_secret == "" || each.value.shared_secret == null
-    ? local.secret
-    : each.value.shared_secret
-  )
+  for_each           = var.tunnels
+  project            = var.project_id
+  region             = var.region
+  name               = "${var.name}-${each.key}"
+  router             = coalesce(each.value.router, local.router)
+  peer_ip            = each.value.peer_ip
+  ike_version        = each.value.ike_version
+  shared_secret      = coalesce(each.value.shared_secret, local.secret)
  target_vpn_gateway = google_compute_vpn_gateway.gateway.self_link
  depends_on         = [google_compute_forwarding_rule.esp]
 }