hunfabric/modules/net-vpc-factory/factory-vpn.tf

/**
 * Copyright 2025 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

# tfdoc:file:description VPN factory.

locals {
  routers = merge(flatten([
    for factory_key, factory_config in local.network_projects : [
      for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
        for router_key, router_config in try(vpc_config.routers, {}) : {
          "${factory_key}/${vpc_key}/${router_key}" = merge(router_config, {
            vpc_self_link     = module.vpc["${factory_key}/${vpc_key}"].self_link
            project_id        = module.projects[factory_key].id
            custom_advertise  = try(router_config.custom_advertise, {})
            advertise_mode    = try(router_config.custom_advertise != null, false) ? "CUSTOM" : "DEFAULT"
            advertised_groups = try(router_config.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : []
            keepalive         = try(router_config.keepalive, null)
            asn               = try(router_config.asn, null)
          })
        }
      ]
    ]
  ])...)

  vpns = merge(flatten([
    for factory_key, factory_config in local.network_projects : [
      for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
        for k, v in try(vpc_config.vpn_config, {}) : {
          "${factory_key}/${vpc_key}/${k}" = merge(v, {
            vpc_name   = module.vpc["${factory_key}/${vpc_key}"].name
            vpn_name   = replace("${factory_key}/${vpc_key}/${k}", "/", "-")
            project_id = module.projects[factory_key].id
            },
            {
              router_config = merge(v.router_config,
                try(v.router_config.create, false) == false && can(v.router_config.name) ? {
                  name = try(google_compute_router.default[v.router_config.name].name, v.router_config.name)
                } : {}
              )
            }
          )
        }
      ]
    ]
  ])...)
}

resource "google_compute_router" "default" {
  for_each = local.routers
  name     = replace(each.key, "/", "-")
  project  = each.value.project_id
  region   = each.value.region
  network  = each.value.vpc_self_link
  bgp {
    advertise_mode    = each.value.advertise_mode
    advertised_groups = each.value.advertised_groups
    dynamic "advertised_ip_ranges" {
      for_each = try(each.value.custom_advertise.ip_ranges, {})
      iterator = range
      content {
        range       = range.key
        description = range.value
      }
    }
    keepalive_interval = each.value.keepalive
    asn                = each.value.asn
  }
}

resource "google_compute_ha_vpn_gateway" "default" {
  for_each   = local.vpns
  project    = each.value.project_id
  region     = each.value.region
  name       = replace(each.key, "/", "-")
  network    = each.value.vpc_name
  stack_type = try(each.value.stack_type, null)
  depends_on = [module.vpc]
}

module "vpn-ha" {
  source             = "../net-vpn-ha"
  for_each           = local.vpns
  project_id         = each.value.project_id
  name               = replace(each.key, "/", "-")
  network            = each.value.vpc_name
  region             = each.value.region
  router_config      = each.value.router_config
  tunnels            = each.value.tunnels
  vpn_gateway        = google_compute_ha_vpn_gateway.default[each.key].id
  vpn_gateway_create = null
  peer_gateways = {
    for k, gw in each.value.peer_gateways : k => {
      for gw_type, value in gw : gw_type => (
        gw_type == "gcp" ? try(google_compute_ha_vpn_gateway.default[value].id, value) : value
      )
    }
  }
}