kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
275dd6a9eacf35cb1025001b30f8a5ddeceb2f69
hunfabric/modules/net-vpn-static
History
Hemanand eaa420534b Add agent engine BYOC support (#3885) 
* feat(agent-engine): add support for container and custom image specs

- Add container_config to deployment_files.
- Add image_spec with build_args to source_config.
- Make agent_framework optional and document supported values.
- Implement dynamic specs for container and source deployments.
- Add examples and automated tests for new deployment types.

* chore: update Google provider version to 7.28.0 across modules

Mechanical update of versions.tf and versions.tofu files using tools/versions.py.

* feat(agent-engine): refactor for container deployments and API alignment

- Group deployment settings under 'deployment_config' (renamed from 'deployment_files').
- Support container-based deployments via 'container_config' and 'image_spec'.
- Refactor 'source_files_config' (renamed from 'source_config') to include mutually exclusive 'python_spec' and 'image_spec'.
- Support 'developer_connect_config' as a source code type.
- Group engine settings (framework, env, secrets) under 'agent_engine_config'.
- Add support for 'memory_bank_config' persistent memory.
- Overhaul reasoning engine resources with dynamic blocks to match provider schema.
- Update all documentation examples, add TOC, and refresh test inventories.

* Update dynamic python_spec block and related example yamls

* Ignore changes setting for developer_connect_source under lifecycle management

* fixing review comments for `try` and default path for `source_path`

---------

Co-authored-by: Hemanand <hemr@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2026-04-21 17:46:20 +00:00
..
main.tf
Add support for cipher suite configuration on net-vpn-* modules (#3790)
2026-03-17 09:39:07 +01:00
outputs.tf
fix: mark VPN module secret outputs as sensitive (#3864)
2026-04-13 18:05:06 +02:00
README.md
fix: mark VPN module secret outputs as sensitive (#3864)
2026-04-13 18:05:06 +02:00
variables.tf
Add support for cipher suite configuration on net-vpn-* modules (#3790)
2026-03-17 09:39:07 +01:00
versions.tf
Add agent engine BYOC support (#3885)
2026-04-21 17:46:20 +00:00
versions.tofu
Add agent engine BYOC support (#3885)
2026-04-21 17:46:20 +00:00

README.md

Cloud VPN Route-based Module

This module makes it easy to deploy a Classic VPN with static routing.

Examples

Classic VPN with single tunnel

module "addresses" {
  source     = "./fabric/modules/net-address"
  project_id = var.project_id
  external_addresses = {
    vpn = { region = "europe-west1" }
  }
}

module "vpn" {
  source                 = "./fabric/modules/net-vpn-static"
  project_id             = var.project_id
  region                 = var.region
  network                = var.vpc.self_link
  name                   = "remote"
  gateway_address_create = false
  gateway_address        = module.addresses.external_addresses["vpn"].address
  remote_ranges          = ["10.10.0.0/24"]
  tunnels = {
    remote-0 = {
      peer_ip           = "1.1.1.1"
      shared_secret     = "mysecret"
      traffic_selectors = { local = ["0.0.0.0/0"], remote = ["0.0.0.0/0"] }
    }
  }
}
# tftest modules=2 resources=8 inventory=vpn-single-tunnel.yaml

Classic VPN with single tunnel and custom ciphers

module "addresses" {
  source     = "./fabric/modules/net-address"
  project_id = var.project_id
  external_addresses = {
    vpn = { region = "europe-west1" }
  }
}

module "vpn" {
  source                 = "./fabric/modules/net-vpn-static"
  project_id             = var.project_id
  region                 = var.region
  network                = var.vpc.self_link
  name                   = "remote"
  gateway_address_create = false
  gateway_address        = module.addresses.external_addresses["vpn"].address
  remote_ranges          = ["10.10.0.0/24"]
  tunnels = {
    remote-0 = {
      cipher_suite = {
        phase1 = {
          dh         = ["Group-14"]
          encryption = ["AES-CBC-256"]
          integrity  = ["HMAC-SHA2-256-128"]
          prf        = ["PRF-HMAC-SHA2-256"]
        }
        phase2 = {
          encryption = ["AES-CBC-128"]
          integrity  = ["HMAC-SHA2-256-128"]
          pfs        = ["Group-14"]
        }
      }
      peer_ip           = "1.1.1.1"
      shared_secret     = "mysecret"
      traffic_selectors = { local = ["0.0.0.0/0"], remote = ["0.0.0.0/0"] }
    }
  }
}
# tftest modules=2 resources=8 inventory=vpn-single-tunnel-custom-ciphers.yaml

Variables

name description type required default
name VPN gateway name, and prefix used for dependent resources. string
network VPC used for the gateway and routes. string
project_id Project where resources will be created. string
region Region used for resources. string
gateway_address Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. string null
gateway_address_create Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. bool true
remote_ranges Remote IP CIDR ranges. list(string) []
route_priority Route priority, defaults to 1000. number 1000
tunnels VPN tunnel configurations. map(object({…})) {}

Outputs

name description sensitive
address VPN gateway address.
gateway VPN gateway resource.
id Fully qualified VPN gateway id.
name VPN gateway name.
random_secret Generated secret.
self_link VPN gateway self link.
tunnel_names VPN tunnel names.
tunnel_self_links VPN tunnel self links.
tunnels VPN tunnel resources.