feat: Add option to use an existing vpn_gateway (#48)

terraform-google-modules · Feb 3, 2021 · 712720a · 712720a
1 parent 2e55b02
commit 712720a
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 3 deletions.
diff --git a/modules/vpn_ha/README.md b/modules/vpn_ha/README.md
@@ -131,6 +131,7 @@ module "vpn_ha" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| create\_vpn\_gateway | create a VPN gateway | `bool` | `true` | no |
 | name | VPN gateway name, and prefix used for dependent resources. | `string` | n/a | yes |
 | network | VPC used for the gateway and routes. | `string` | n/a | yes |
 | peer\_external\_gateway | Configuration of an external VPN gateway to which this VPN is connected. | <pre>object({<br> redundancy_type = string<br> interfaces = list(object({<br> id = number<br> ip_address = string<br> }))<br> })</pre> | `null` | no |
@@ -142,6 +143,7 @@ module "vpn_ha" {
 | router\_asn | Router ASN used for auto-created router. | `number` | `64514` | no |
 | router\_name | Name of router, leave blank to create one. | `string` | `""` | no |
 | tunnels | VPN tunnel configurations, bgp\_peer\_options is usually null. | <pre>map(object({<br> bgp_peer = object({<br> address = string<br> asn = number<br> })<br> bgp_peer_options = object({<br> advertise_groups = list(string)<br> advertise_ip_ranges = map(string)<br> advertise_mode = string<br> route_priority = number<br> })<br> bgp_session_range = string<br> ike_version = number<br> vpn_gateway_interface = number<br> peer_external_gateway_interface = number<br> shared_secret = string<br> }))</pre> | `{}` | no |
+| vpn\_gateway\_self\_link | self\_link of existing VPN gateway to be used for the vpn tunnel | `any` | `null` | no |
 
 ## Outputs
 

diff --git a/modules/vpn_ha/main.tf b/modules/vpn_ha/main.tf
@@ -28,9 +28,15 @@ locals {
 
  )
  secret = random_id.secret.b64_url
+ vpn_gateway_self_link = (
+ var.create_vpn_gateway
+ ? google_compute_ha_vpn_gateway.ha_gateway[0].self_link
+ : var.vpn_gateway_self_link
+ )
 }
 
 resource "google_compute_ha_vpn_gateway" "ha_gateway" {
+ count = var.create_vpn_gateway == true ? 1 : 0
  provider = google-beta
  name = var.name
  project = var.project_id
@@ -158,7 +164,7 @@ resource "google_compute_vpn_tunnel" "tunnels" {
  vpn_gateway_interface = each.value.vpn_gateway_interface
  ike_version = each.value.ike_version
  shared_secret = each.value.shared_secret == "" ? local.secret : each.value.shared_secret
- vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.self_link
+ vpn_gateway = local.vpn_gateway_self_link
 }
 
 resource "random_id" "secret" {

diff --git a/modules/vpn_ha/outputs.tf b/modules/vpn_ha/outputs.tf
@@ -30,7 +30,7 @@ output "external_gateway" {
 
 output "name" {
  description = "VPN gateway name."
- value = google_compute_ha_vpn_gateway.ha_gateway.name
+ value = regex("[\\w-]+$", lower(local.vpn_gateway_self_link))
 }
 
 output "router" {
@@ -45,7 +45,7 @@ output "router_name" {
 
 output "self_link" {
  description = "HA VPN gateway self link."
- value = google_compute_ha_vpn_gateway.ha_gateway.self_link
+ value = local.vpn_gateway_self_link
 }
 
 output "tunnels" {

diff --git a/modules/vpn_ha/variables.tf b/modules/vpn_ha/variables.tf
@@ -101,3 +101,14 @@ variable "tunnels" {
  }))
  default = {}
 }
+
+variable "vpn_gateway_self_link" {
+ description = "self_link of existing VPN gateway to be used for the vpn tunnel"
+ default = null
+}
+
+variable "create_vpn_gateway" {
+ description = "create a VPN gateway"
+ default = true
+ type = bool
+}