From 0621d9c87bfd53680bebaa4d9863a735c2f99e26 Mon Sep 17 00:00:00 2001 From: Shivam Verma Date: Tue, 12 Nov 2024 21:35:13 +0530 Subject: [PATCH] feat: Making IPSEC PSK length configurable (#171) --- README.md | 1 + modules/vpn_ha/README.md | 1 + modules/vpn_ha/main.tf | 2 +- modules/vpn_ha/variables.tf | 6 ++++++ tunnel.tf | 2 +- variables.tf | 6 ++++++ 6 files changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f50bbd2..4b6cc2a 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,7 @@ References the variable descriptions below to determine the right configuration. | cr\_name | The name of cloud router for BGP routing | `string` | `""` | no | | gateway\_name | The name of VPN gateway | `string` | `"test-vpn"` | no | | ike\_version | Please enter the IKE version used by this tunnel (default is IKEv2) | `number` | `2` | no | +| ipsec\_secret\_length | The lnegth the of shared secret for VPN tunnels | `number` | `8` | no | | local\_traffic\_selector | Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
Value should be list of CIDR formatted strings and ranges should be disjoint. | `list(string)` |
[
"0.0.0.0/0"
]
| no | | network | The name of VPC being created | `string` | n/a | yes | | peer\_asn | Please enter the ASN of the BGP peer that cloud router will use | `list(string)` |
[
"65101"
]
| no | diff --git a/modules/vpn_ha/README.md b/modules/vpn_ha/README.md index a2ebf02..a1610c4 100644 --- a/modules/vpn_ha/README.md +++ b/modules/vpn_ha/README.md @@ -268,6 +268,7 @@ module "vpn_ha" { |------|-------------|------|---------|:--------:| | create\_vpn\_gateway | create a VPN gateway | `bool` | `true` | no | | external\_vpn\_gateway\_description | An optional description of external VPN Gateway | `string` | `"Terraform managed external VPN gateway"` | no | +| ipsec\_secret\_length | The lnegth the of shared secret for VPN tunnels | `number` | `8` | no | | keepalive\_interval | The interval in seconds between BGP keepalive messages that are sent to the peer. | `number` | `20` | no | | labels | Labels for vpn components | `map(string)` | `{}` | no | | name | VPN gateway name, and prefix used for dependent resources. | `string` | n/a | yes | diff --git a/modules/vpn_ha/main.tf b/modules/vpn_ha/main.tf index 2337f6d..7c6d888 100644 --- a/modules/vpn_ha/main.tf +++ b/modules/vpn_ha/main.tf @@ -167,5 +167,5 @@ resource "google_compute_vpn_tunnel" "tunnels" { } resource "random_id" "secret" { - byte_length = 8 + byte_length = var.ipsec_secret_length } diff --git a/modules/vpn_ha/variables.tf b/modules/vpn_ha/variables.tf index 1318373..0f1c75b 100644 --- a/modules/vpn_ha/variables.tf +++ b/modules/vpn_ha/variables.tf @@ -141,3 +141,9 @@ variable "external_vpn_gateway_description" { type = string default = "Terraform managed external VPN gateway" } + +variable "ipsec_secret_length" { + type = number + description = "The lnegth the of shared secret for VPN tunnels" + default = 8 +} diff --git a/tunnel.tf b/tunnel.tf index 075e3bf..c7d37ec 100644 --- a/tunnel.tf +++ b/tunnel.tf @@ -16,7 +16,7 @@ # Creating the VPN tunnel resource "random_id" "ipsec_secret" { - byte_length = 8 + byte_length = var.ipsec_secret_length } resource "google_compute_vpn_tunnel" "tunnel-static" { diff --git a/variables.tf b/variables.tf index 4555614..262ca78 100644 --- a/variables.tf +++ b/variables.tf @@ -145,3 +145,9 @@ variable "route_tags" { description = "A list of instance tags to which this route applies." default = [] } + +variable "ipsec_secret_length" { + type = number + description = "The lnegth the of shared secret for VPN tunnels" + default = 8 +}