kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b9ad76ced736ab432bb60f489920ea6011005c7
hunfabric/modules/net-vpc-factory/factory-ncc.tf
Simone Ruffilli fc84c4f60d Module: net-vpc-factory (#2982) 
This pull request introduces the `net-vpc-factory` module. This new factory handles: 

* Project setup (most of what's supported by the `project` module)
* VPC setup
  * Routing
  * Subnets
* Connectivity options
  * NCC (hub, VPC spokes and VPN hybrid spokes)
  * Peerings
  * VPN (GCP-to-onprem and GCP-to-GCP)
* NAT (everything supported by the `net-cloudnat` module)
* DNS (everything supported by the `dns` module)
* Firewall (everything supported by the `net-vpc-firewall` module)
2025-04-10 11:44:39 +02:00

140 lines
5.5 KiB
HCL
Raw Blame History

/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description NCC factory.
locals {
ncc_hubs = { for k, v in local.network_projects : "${k}/${v.ncc_hub_config.name}" =>
{
name = v.ncc_hub_config.name
project_id = module.projects[k].id
description = try(v.ncc_hub_config.description, "Terraform-managed")
export_psc = try(v.ncc_hub_config.export_psc, true)
preset_topology = try(v.ncc_hub_config.preset_topology, "MESH")
}
if try(v.ncc_hub_config != null, false)
}
ncc_groups = merge(flatten([for k, v in local.network_projects :
{
for gk, gv in try(v.ncc_hub_config.groups, {}) : "${k}/${v.ncc_hub_config.name}/${gk}" =>
{
name = gk
project = module.projects[k].id
hub = google_network_connectivity_hub.default["${k}/${v.ncc_hub_config.name}"].id
description = try(gv.description, "Terraform-managed")
labels = try(gv.labels, {})
auto_accept = [for project_key in try(gv.auto_accept, []) : module.projects[project_key].id]
}
}
if try(v.ncc_hub_config != null, false)
])...)
ncc_vpn_spokes = merge(flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for vpn_key, vpn_config in try(vpc_config.vpn_config, {}) : {
"${factory_key}/${vpc_key}/${vpn_key}" = {
name = replace("${factory_key}/${vpc_key}/${vpn_key}", "/", "-")
project_id = module.projects[factory_key].id
hub = google_network_connectivity_hub.default[vpn_config.ncc_spoke_config.hub].id
location = vpn_config.region
description = lookup(vpn_config.ncc_spoke_config, "description", "Terraform-managed.")
labels = lookup(vpn_config.ncc_spoke_config, "labels", {})
tunnel_self_link = [for t, _ in vpn_config.tunnels : module.vpn-ha["${factory_key}/${vpc_key}/${vpn_key}"].tunnel_self_links[t]]
}
}
if try(vpn_config.ncc_spoke_config != null, false)
]
]
])...)
ncc_vpc_spokes = merge(flatten([
for factory_key, factory_config in local.network_projects : {
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : "${factory_key}/${vpc_key}" => merge(vpc_config.ncc_config, {
project_id = module.projects[factory_key].id
network_self_link = module.vpc["${factory_key}/${vpc_key}"].self_link
labels = try(vpc_config.ncc_config.labels, {})
hub = google_network_connectivity_hub.default[vpc_config.ncc_config.hub].id
description = try(vpc_config.ncc_config.description, "Terraform-managed")
exclude_export_ranges = try(vpc_config.ncc_config.exclude_export_ranges, null)
include_export_ranges = try(vpc_config.ncc_config.include_export_ranges, null)
group = try(google_network_connectivity_group.default[vpc_config.ncc_config.group].id, null)
})
if try(vpc_config.ncc_config != null, false)
}
])...)
}
resource "google_network_connectivity_hub" "default" {
for_each = local.ncc_hubs
name = each.value.name
description = each.value.description
export_psc = each.value.export_psc
preset_topology = each.value.preset_topology
project = each.value.project_id
}
resource "google_network_connectivity_spoke" "vpcs" {
for_each = local.ncc_vpc_spokes
project = each.value.project_id
name = replace(each.key, "/", "-")
location = "global"
description = each.value.description
labels = each.value.labels
hub = each.value.hub
linked_vpc_network {
uri = each.value.network_self_link
exclude_export_ranges = each.value.exclude_export_ranges
include_export_ranges = each.value.include_export_ranges
}
depends_on = [google_network_connectivity_hub.default]
group = each.value.group
}
resource "google_network_connectivity_group" "default" {
for_each = local.ncc_groups
project = each.value.project
name = each.value.name
hub = each.value.hub
labels = each.value.labels
description = each.value.description
dynamic "auto_accept" {
for_each = try(each.value.auto_accept != null, false) ? [""] : []
content {
auto_accept_projects = each.value.auto_accept
}
}
depends_on = [google_network_connectivity_hub.default]
}
resource "google_network_connectivity_spoke" "tunnels" {
for_each = local.ncc_vpn_spokes
project = each.value.project_id
name = each.value.name
location = each.value.location
description = each.value.description
labels = each.value.labels
hub = each.value.hub
linked_vpn_tunnels {
uris = each.value.tunnel_self_link
site_to_site_data_transfer = true
include_import_ranges = ["ALL_IPV4_RANGES"]
}
depends_on = [module.vpn-ha]
}
Reference in New Issue View Git Blame Copy Permalink