diff --git a/.github/actions/fabric-tests/action.yml b/.github/actions/fabric-tests/action.yml
index ea89b252da..aaf8290941 100644
--- a/.github/actions/fabric-tests/action.yml
+++ b/.github/actions/fabric-tests/action.yml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,13 +28,13 @@ runs:
echo '{"type": "service_account", "project_id": "test-only"}' \
| tee -a $GOOGLE_APPLICATION_CREDENTIALS
- name: Set up Python
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: ${{ inputs.PYTHON_VERSION }}
cache: 'pip'
cache-dependency-path: 'tests/requirements.txt'
- name: Set up Terraform
- uses: hashicorp/setup-terraform@v2
+ uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.TERRAFORM_VERSION }}
terraform_wrapper: false
@@ -47,12 +47,12 @@ runs:
| tee -a /home/runner/.terraformrc
mkdir -p ${{ env.TF_PLUGIN_CACHE_DIR }}
- name: Download lockfile
- uses: actions/download-artifact@v3
+ uses: actions/download-artifact@v4
with:
name: lockfile
path: tools/lockfile
- name: Download Terraform provider cache
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-${{ hashFiles('tools/lockfile/.terraform.lock.hcl') }}
diff --git a/.github/actions/post-fabric-tests/action.yml b/.github/actions/post-fabric-tests/action.yml
new file mode 100644
index 0000000000..8fe774d6f2
--- /dev/null
+++ b/.github/actions/post-fabric-tests/action.yml
@@ -0,0 +1,33 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: post-fabric-tests
+description: Create test reports
+inputs:
+ MODULE:
+ required: true
+runs:
+ using: composite
+ steps:
+ - name: Reformat test-results.xml
+ shell: bash
+ run: |
+ sed -e 's/\\n/\n/g' test-results-raw.xml > test-results.xml
+
+ - name: Test report
+ uses: pmeier/pytest-results-action@035bda205f160abee0b277db11ac6ca01175ca7d # v0.6.0
+ with:
+ path: test-results.xml
+ title: ${{ inputs.MODULE }} Test report
+
diff --git a/.github/workflows/daily-tag.yml b/.github/workflows/daily-tag.yml
index 7ae775a37b..6a95e649cc 100644
--- a/.github/workflows/daily-tag.yml
+++ b/.github/workflows/daily-tag.yml
@@ -28,7 +28,7 @@ jobs:
name: "Create tag on master if there was activity in last 24 hours"
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: "Check changes and tag"
run: |
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 939f76a9ec..e297471abd 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,17 +22,17 @@ jobs:
linting:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: "3.10"
cache: 'pip'
cache-dependency-path: 'tools/requirements.txt'
- name: Set up Terraform
- uses: hashicorp/setup-terraform@v2
+ uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.7.4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 55e3f58e6e..b4e30d9633 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ jobs:
name: "Release new version"
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: "Validate input"
run: |
@@ -42,23 +42,6 @@ jobs:
[[ -n "${{ github.event.inputs.version }}" ]] || { echo 'Version not specified!'; exit 1; }
[[ "${{ github.event.inputs.version }}" != v* ]] && { echo 'Version does not start with v!' ; exit 1; }
- - uses: actions/setup-go@v3
- with:
- go-version: "1.16"
-
- - name: "Update all module names"
- run: |
- cd tools/tfeditor
- go build .
- ./tfeditor -path ../.. -module-name "google-pso-tool/cloud-foundation-fabric/{{ .Module }}/${{ github.event.inputs.version }}"
- cd ../..
-
- git config --global user.name "Release Automation"
- git config --global user.email "cloud-foundation-fabric@google.com"
-
- git commit -a -m "Release version ${{ github.event.inputs.version }}"
- git push origin master
-
- name: "Tag and release"
run: |
git tag ${{ github.event.inputs.version }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 8adef331ca..379eca5528 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -32,9 +32,9 @@ jobs:
setup-tf-providers:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- - uses: hashicorp/setup-terraform@v2
+ - uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TF_VERSION }}
terraform_wrapper: false
@@ -51,23 +51,24 @@ jobs:
terraform init -upgrade=true
- name: Upload Terraform provider cache
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-${{ hashFiles('tools/lockfile/.terraform.lock.hcl') }}
- name: Upload lockfile
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: lockfile
path: tools/lockfile/.terraform.lock.hcl
+ overwrite: true
examples-blueprints:
runs-on: ubuntu-latest
needs: setup-tf-providers
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Call composite action fabric-tests
uses: ./.github/actions/fabric-tests
@@ -76,13 +77,19 @@ jobs:
TERRAFORM_VERSION: ${{ env.TF_VERSION }}
- name: Run tests on documentation examples
- run: pytest -vv -n4 --tb=line -k blueprints/ tests/examples
+ run: pytest -vv -n4 --tb=line --junit-xml=test-results-raw.xml -k blueprints/ tests/examples
+
+ - name: Create report
+ uses: ./.github/actions/post-fabric-tests
+ if: always()
+ with:
+ MODULE: Blueprint Examples
examples-modules:
runs-on: ubuntu-latest
needs: setup-tf-providers
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Call composite action fabric-tests
uses: ./.github/actions/fabric-tests
@@ -91,13 +98,19 @@ jobs:
TERRAFORM_VERSION: ${{ env.TF_VERSION }}
- name: Run tests on documentation examples
- run: pytest -vv -n4 --tb=line -k modules/ tests/examples
+ run: pytest -vv -n4 --tb=line --junit-xml=test-results-raw.xml -k modules/ tests/examples
+
+ - name: Create report
+ uses: ./.github/actions/post-fabric-tests
+ if: always()
+ with:
+ MODULE: Module Examples
blueprints:
runs-on: ubuntu-latest
needs: setup-tf-providers
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Call composite action fabric-tests
uses: ./.github/actions/fabric-tests
@@ -106,13 +119,19 @@ jobs:
TERRAFORM_VERSION: ${{ env.TF_VERSION }}
- name: Run tests environments
- run: pytest -vv -n4 --tb=line tests/blueprints
+ run: pytest -vv -n4 --tb=line --junit-xml=test-results-raw.xml tests/blueprints
+
+ - name: Create report
+ uses: ./.github/actions/post-fabric-tests
+ if: always()
+ with:
+ MODULE: Blueprints
modules:
runs-on: ubuntu-latest
needs: setup-tf-providers
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Call composite action fabric-tests
uses: ./.github/actions/fabric-tests
@@ -121,13 +140,19 @@ jobs:
TERRAFORM_VERSION: ${{ env.TF_VERSION }}
- name: Run tests modules
- run: pytest -vv -n4 --tb=line tests/modules
+ run: pytest -vv -n4 --tb=line --junit-xml=test-results-raw.xml tests/modules
+
+ - name: Create report
+ uses: ./.github/actions/post-fabric-tests
+ if: always()
+ with:
+ MODULE: Modules
fast:
runs-on: ubuntu-latest
needs: setup-tf-providers
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Call composite action fabric-tests
uses: ./.github/actions/fabric-tests
@@ -136,4 +161,10 @@ jobs:
TERRAFORM_VERSION: ${{ env.TF_VERSION }}
- name: Run tests on FAST stages
- run: pytest -vv -n4 --tb=line tests/fast
+ run: pytest -vv -n4 --tb=line --junit-xml=test-results-raw.xml tests/fast
+
+ - name: Create report
+ uses: ./.github/actions/post-fabric-tests
+ if: always()
+ with:
+ MODULE: FAST
diff --git a/blueprints/cloud-operations/README.md b/blueprints/cloud-operations/README.md
index 9ee59b99b1..e4421f7bef 100644
--- a/blueprints/cloud-operations/README.md
+++ b/blueprints/cloud-operations/README.md
@@ -66,7 +66,7 @@ This [blueprint](./onprem-sa-key-management) shows how to manage IAM Service Acc
## Workload identity federation with Terraform Cloud workflows
-
This [blueprint](./terraform-cloud-dynamic-credentials) shows how to configure [Wokload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation) between [Terraform Cloud/Enterprise](https://developer.hashicorp.com/terraform/enterprise) instance and Google Cloud.
+ This [blueprint](./terraform-cloud-dynamic-credentials) shows how to configure [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation) between [Terraform Cloud/Enterprise](https://developer.hashicorp.com/terraform/enterprise) instance and Google Cloud.
@@ -78,7 +78,7 @@ This [blueprint](./onprem-sa-key-management) shows how to manage IAM Service Acc
## Migrate for Compute Engine (v5)
-
This set of [blueprints](./vm-migration) shows how to deploy Migrate for Compute Engine (v5) on top of existing Cloud Foundations on different scenarios. An blueprint on how to deploy the M4CE connector on VMWare ESXi is also part of the blueprints.
+ This set of [blueprints](./vm-migration) shows how to deploy Migrate for Compute Engine (v5) on top of existing Cloud Foundations on different scenarios. A blueprint on how to deploy the M4CE connector on VMWare ESXi is also part of the blueprints.
diff --git a/modules/net-ipsec-over-interconnect/README.md b/modules/net-ipsec-over-interconnect/README.md
index 5cadae3222..8dd0a64713 100644
--- a/modules/net-ipsec-over-interconnect/README.md
+++ b/modules/net-ipsec-over-interconnect/README.md
@@ -64,6 +64,11 @@ module "vpngw-a" {
bgp_peer = {
address = "169.254.1.2"
asn = 64514
+ # MD5 Authentication is optional
+ md5_authentication_key = {
+ name = "foo"
+ key = "bar"
+ }
}
bgp_session_range = "169.254.1.1/30"
shared_secret = "foobar"
@@ -112,7 +117,7 @@ module "vpngw-a" {
| [project_id](variables.tf#L54) | The project id. | string | ✓ | |
| [region](variables.tf#L59) | GCP Region. | string | ✓ | |
| [router_config](variables.tf#L64) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
-| [tunnels](variables.tf#L79) | VPN tunnel configurations. | map(object({…})) | | {} |
+| [tunnels](variables.tf#L79) | VPN tunnel configurations. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/net-ipsec-over-interconnect/main.tf b/modules/net-ipsec-over-interconnect/main.tf
index 06294add99..9fe30d15db 100644
--- a/modules/net-ipsec-over-interconnect/main.tf
+++ b/modules/net-ipsec-over-interconnect/main.tf
@@ -116,6 +116,15 @@ resource "google_compute_router_peer" "default" {
description = range.value
}
}
+
+ dynamic "md5_authentication_key" {
+ for_each = each.value.bgp_peer.md5_authentication_key != null ? [each.value.bgp_peer.md5_authentication_key] : []
+ content {
+ name = md5_authentication_key.value.name
+ key = md5_authentication_key.value.key
+ }
+ }
+
interface = google_compute_router_interface.default[each.key].name
}
diff --git a/modules/net-ipsec-over-interconnect/variables.tf b/modules/net-ipsec-over-interconnect/variables.tf
index 25cf0cf240..780d40b962 100644
--- a/modules/net-ipsec-over-interconnect/variables.tf
+++ b/modules/net-ipsec-over-interconnect/variables.tf
@@ -80,15 +80,19 @@ variable "tunnels" {
description = "VPN tunnel configurations."
type = map(object({
bgp_peer = object({
- address = string
- asn = number
- route_priority = optional(number, 1000)
+ address = string
+ asn = number
custom_advertise = optional(object({
all_subnets = bool
all_vpc_subnets = bool
all_peer_vpc_subnets = bool
ip_ranges = map(string)
}))
+ md5_authentication_key = optional(object({
+ name = string
+ key = string
+ }))
+ route_priority = optional(number, 1000)
})
# each BGP session on the same Cloud Router must use a unique /30 CIDR
# from the 169.254.0.0/16 block.
diff --git a/modules/net-vlan-attachment/README.md b/modules/net-vlan-attachment/README.md
index a17117096f..6520ebc2c7 100644
--- a/modules/net-vlan-attachment/README.md
+++ b/modules/net-vlan-attachment/README.md
@@ -47,6 +47,60 @@ module "example-va" {
# tftest modules=1 resources=4
```
+### Dedicated Interconnect - Single VLAN Attachment (No SLA) - BFD and MD5 Auth
+
+```hcl
+resource "google_compute_router" "interconnect-router" {
+ name = "interconnect-router"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ advertise_mode = "CUSTOM"
+ asn = 64514
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment"
+ description = "Example vlan attachment"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ bfd = {
+ min_receive_interval = 1000
+ min_transmit_interval = 1000
+ multiplier = 5
+ session_initialization_mode = "ACTIVE"
+ }
+ md5_authentication_key = {
+ name = "foo"
+ key = "bar"
+ }
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.0/30"
+ interconnect = "interconnect-a"
+ vlan_tag = 12345
+ }
+}
+
+# tftest modules=1 resources=4
+```
+
### Partner Interconnect - Single VLAN Attachment (No SLA)
```hcl
@@ -434,7 +488,7 @@ module "example-va-b-ew12" {
# tftest modules=4 resources=6
```
-### IPSec for Dedicated Interconnect
+### IPSec for Dedicated Interconnect
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
@@ -495,7 +549,7 @@ module "example-va-b" {
# tftest modules=2 resources=9
```
-### IPSec for Partner Interconnect
+### IPSec for Partner Interconnect
```hcl
module "example-va-a" {
@@ -533,10 +587,7 @@ module "example-va-b" {
}
# tftest modules=2 resources=6
```
-
-
-
## Variables
| name | description | type | required | default |
@@ -547,14 +598,14 @@ module "example-va-b" {
| [peer_asn](variables.tf#L74) | The on-premises underlay router ASN. | string | ✓ | |
| [project_id](variables.tf#L79) | The project id where resources are created. | string | ✓ | |
| [region](variables.tf#L84) | The region where resources are created. | string | ✓ | |
-| [router_config](variables.tf#L89) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
+| [router_config](variables.tf#L89) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
| [admin_enabled](variables.tf#L17) | Whether the VLAN attachment is enabled. | bool | | true |
| [dedicated_interconnect_config](variables.tf#L23) | Partner interconnect configuration. | object({…}) | | null |
| [ipsec_gateway_ip_ranges](variables.tf#L40) | IPSec Gateway IP Ranges. | map(string) | | {} |
| [mtu](variables.tf#L46) | The MTU associated to the VLAN attachment (1440 / 1500). | number | | 1500 |
| [partner_interconnect_config](variables.tf#L62) | Partner interconnect configuration. | object({…}) | | null |
-| [vlan_tag](variables.tf#L110) | The VLAN id to be used for this VLAN attachment. | number | | null |
-| [vpn_gateways_ip_range](variables.tf#L116) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | string | | null |
+| [vlan_tag](variables.tf#L114) | The VLAN id to be used for this VLAN attachment. | number | | null |
+| [vpn_gateways_ip_range](variables.tf#L120) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | string | | null |
## Outputs
@@ -567,5 +618,4 @@ module "example-va-b" {
| [router](outputs.tf#L37) | Router resource (only if auto-created). | |
| [router_interface](outputs.tf#L42) | Router interface created for the VLAN attachment. | |
| [router_name](outputs.tf#L47) | Router name. | |
-
diff --git a/modules/net-vlan-attachment/main.tf b/modules/net-vlan-attachment/main.tf
index 5cf5c328e4..5b59933f7f 100644
--- a/modules/net-vlan-attachment/main.tf
+++ b/modules/net-vlan-attachment/main.tf
@@ -136,10 +136,18 @@ resource "google_compute_router_peer" "default" {
dynamic "bfd" {
for_each = var.router_config.bfd != null ? toset([var.router_config.bfd]) : []
content {
- session_initialization_mode = bfd.session_initialization_mode
- min_receive_interval = bfd.min_receive_interval
- min_transmit_interval = bfd.min_transmit_interval
- multiplier = bfd.multiplier
+ session_initialization_mode = bfd.value.session_initialization_mode
+ min_receive_interval = bfd.value.min_receive_interval
+ min_transmit_interval = bfd.value.min_transmit_interval
+ multiplier = bfd.value.multiplier
+ }
+ }
+
+ dynamic "md5_authentication_key" {
+ for_each = var.router_config.md5_authentication_key != null ? [var.router_config.md5_authentication_key] : []
+ content {
+ name = md5_authentication_key.value.name
+ key = md5_authentication_key.value.key
}
}
diff --git a/modules/net-vlan-attachment/variables.tf b/modules/net-vlan-attachment/variables.tf
index 941003f923..fd2b47530f 100644
--- a/modules/net-vlan-attachment/variables.tf
+++ b/modules/net-vlan-attachment/variables.tf
@@ -89,20 +89,24 @@ variable "region" {
variable "router_config" {
description = "Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router."
type = object({
- create = optional(bool, true)
- asn = optional(number, 65001)
- name = optional(string, "router")
- keepalive = optional(number)
- custom_advertise = optional(object({
- all_subnets = bool
- ip_ranges = map(string)
- }))
+ create = optional(bool, true)
+ asn = optional(number, 65001)
bfd = optional(object({
- session_initialization_mode = optional(string, "ACTIVE")
min_receive_interval = optional(number)
min_transmit_interval = optional(number)
multiplier = optional(number)
+ session_initialization_mode = optional(string, "ACTIVE")
}))
+ custom_advertise = optional(object({
+ all_subnets = bool
+ ip_ranges = map(string)
+ }))
+ md5_authentication_key = optional(object({
+ name = string
+ key = string
+ }))
+ keepalive = optional(number)
+ name = optional(string, "router")
})
nullable = false
}
diff --git a/modules/net-vpn-ha/README.md b/modules/net-vpn-ha/README.md
index 46e39b3fe8..2de72f54ea 100644
--- a/modules/net-vpn-ha/README.md
+++ b/modules/net-vpn-ha/README.md
@@ -104,6 +104,18 @@ module "vpn_ha" {
bgp_peer = {
address = "169.254.1.1"
asn = 64513
+ # BFD is optional
+ bfd = {
+ min_receive_interval = 1000
+ min_transmit_interval = 1000
+ multiplier = 5
+ session_initialization_mode = "ACTIVE"
+ }
+ # MD5 Authentication is optional
+ md5_authentication_key = {
+ name = "foo"
+ key = "bar"
+ }
}
bgp_session_range = "169.254.1.2/30"
peer_external_gateway_interface = 0
@@ -114,6 +126,18 @@ module "vpn_ha" {
bgp_peer = {
address = "169.254.2.1"
asn = 64513
+ # BFD is optional
+ bfd = {
+ min_receive_interval = 1000
+ min_transmit_interval = 1000
+ multiplier = 5
+ session_initialization_mode = "ACTIVE"
+ }
+ # MD5 Authentication is optional
+ md5_authentication_key = {
+ name = "foo"
+ key = "bar"
+ }
}
bgp_session_range = "169.254.2.2/30"
peer_external_gateway_interface = 0
@@ -187,11 +211,11 @@ module "vpn_ha" {
| [network](variables.tf#L22) | VPC used for the gateway and routes. | string | ✓ | |
| [project_id](variables.tf#L47) | Project where resources will be created. | string | ✓ | |
| [region](variables.tf#L52) | Region used for resources. | string | ✓ | |
-| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
+| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | map(object({…})) | | {} |
-| [tunnels](variables.tf#L72) | VPN tunnel configurations. | map(object({…})) | | {} |
-| [vpn_gateway](variables.tf#L104) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | string | | null |
-| [vpn_gateway_create](variables.tf#L110) | Create HA VPN Gateway. Set to null to avoid creation. | object({…}) | | {} |
+| [tunnels](variables.tf#L72) | VPN tunnel configurations. | map(object({…})) | | {} |
+| [vpn_gateway](variables.tf#L114) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | string | | null |
+| [vpn_gateway_create](variables.tf#L120) | Create HA VPN Gateway. Set to null to avoid creation. | object({…}) | | {} |
## Outputs
diff --git a/modules/net-vpn-ha/main.tf b/modules/net-vpn-ha/main.tf
index cc7bc5840f..20af29015a 100644
--- a/modules/net-vpn-ha/main.tf
+++ b/modules/net-vpn-ha/main.tf
@@ -117,6 +117,22 @@ resource "google_compute_router_peer" "bgp_peer" {
description = range.value
}
}
+ dynamic "bfd" {
+ for_each = each.value.bgp_peer.bfd != null ? [each.value.bgp_peer.bfd] : []
+ content {
+ session_initialization_mode = bfd.value.session_initialization_mode
+ min_receive_interval = bfd.value.min_receive_interval
+ min_transmit_interval = bfd.value.min_transmit_interval
+ multiplier = bfd.value.multiplier
+ }
+ }
+ dynamic "md5_authentication_key" {
+ for_each = each.value.bgp_peer.md5_authentication_key != null ? toset([each.value.bgp_peer.md5_authentication_key]) : []
+ content {
+ name = md5_authentication_key.value.name
+ key = md5_authentication_key.value.key
+ }
+ }
enable_ipv6 = try(each.value.bgp_peer.ipv6, null) == null ? false : true
interface = google_compute_router_interface.router_interface[each.key].name
ipv6_nexthop_address = try(each.value.bgp_peer.ipv6.nexthop_address, null)
diff --git a/modules/net-vpn-ha/variables.tf b/modules/net-vpn-ha/variables.tf
index d0f8710fd3..d507c89881 100644
--- a/modules/net-vpn-ha/variables.tf
+++ b/modules/net-vpn-ha/variables.tf
@@ -57,14 +57,14 @@ variable "region" {
variable "router_config" {
description = "Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router."
type = object({
- create = optional(bool, true)
- asn = number
- name = optional(string)
- keepalive = optional(number)
+ asn = number
+ create = optional(bool, true)
custom_advertise = optional(object({
all_subnets = bool
ip_ranges = map(string)
}))
+ keepalive = optional(number)
+ name = optional(string)
})
nullable = false
}
@@ -76,12 +76,22 @@ variable "tunnels" {
address = string
asn = number
route_priority = optional(number, 1000)
+ bfd = optional(object({
+ min_receive_interval = optional(number)
+ min_transmit_interval = optional(number)
+ multiplier = optional(number)
+ session_initialization_mode = optional(string, "ACTIVE")
+ }))
custom_advertise = optional(object({
all_subnets = bool
all_vpc_subnets = bool
all_peer_vpc_subnets = bool
ip_ranges = map(string)
}))
+ md5_authentication_key = optional(object({
+ name = string
+ key = string
+ }))
ipv6 = optional(object({
nexthop_address = optional(string)
peer_nexthop_address = optional(string)