# calculate subnet information; rounds up based on the number regions provided (divided by 2) locals{ subnets = {for x in var.regions : x => cidrsubnet(bluecat_ip4_network.gcp_network.cidr, ceil(length(var.regions)/2), index(var.regions, x))} } data "bluecat_entity" "config" { name = "UMNET" type = "Configuration" } data "bluecat_ip4_network-block-range" "gcp_block" { container_id = data.bluecat_entity.config.id address = "10.238.0.0" type = "IP4Block" } resource "bluecat_ip4_network" "gcp_network" { parent_id = data.bluecat_ip4_network-block-range.gcp_block.id name = var.project_id size = var.network_size } resource "random_password" "vpn_password" { length = 32 special = true } resource "google_compute_network" "vpn_vpc" { project = var.project_id name = "${var.vpc_prefix}-vpn" routing_mode = "GLOBAL" auto_create_subnetworks = false } resource "google_compute_subnetwork" "vpn_subnet" { for_each = local.subnets project = var.project_id name = "vpn-${each.key}" region = each.key ip_cidr_range = each.value network = google_compute_network.vpn_vpc.self_link } # # create vpn gateway resource "google_compute_vpn_gateway" "vpn_gw" { name = "${var.prefix}-bgp-vpn-gateway" project = var.project_id network = google_compute_network.vpn_vpc.self_link region = var.regions[0] } # reserve static IP for vpn gateway resource "google_compute_address" "vpn_gw_ip" { name = google_compute_vpn_gateway.vpn_gw.name project = var.project_id region = var.regions[0] } # create forwarding rules resource "google_compute_forwarding_rule" "fr_esp" { name = "fr-esp" project = var.project_id region = var.regions[0] ip_protocol = "ESP" ip_address = "${google_compute_address.vpn_gw_ip.address}" target = "${google_compute_vpn_gateway.vpn_gw.self_link}" } resource "google_compute_forwarding_rule" "fr_udp500" { name = "fr-udp500" project = var.project_id region = var.regions[0] ip_protocol = "UDP" port_range = "500" ip_address = "${google_compute_address.vpn_gw_ip.address}" target = "${google_compute_vpn_gateway.vpn_gw.self_link}" } resource "google_compute_forwarding_rule" "fr_udp4500" { name = "fr-udp4500" project = var.project_id region = var.regions[0] ip_protocol = "UDP" port_range = "4500" ip_address = "${google_compute_address.vpn_gw_ip.address}" target = "${google_compute_vpn_gateway.vpn_gw.self_link}" } resource "google_compute_router" "vpn_router" { name = "${var.prefix}-bgp-vpn-router" project = var.project_id network = google_compute_network.vpn_vpc.self_link region = var.regions[0] bgp { asn = var.cloud_asn } } # Create a BGP Interface/Session based on the number of bgp networks specified in resource "google_compute_router_interface" "bgp_interface" { count = length(var.bgp_network) name = "bgp-vpn-interface${count.index}" # should use var/count project = var.project_id router = "${google_compute_router.vpn_router.name}" region = var.regions[0] ip_range = var.bgp_network[count.index] vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel[count.index].name}" # need to write for this to be multiple tunnels } resource "google_compute_router_peer" "bgp_peer" { count = length(var.bgp_network) name = "${var.prefix}-bgp-peer${count.index}" project = var.project_id router = google_compute_router.vpn_router.name region = var.regions[0] peer_ip_address = cidrhost(var.bgp_network[count.index],2) peer_asn = var.um_vpn_endpoint[count.index].asn interface = google_compute_router_interface.bgp_interface[count.index].name } resource "google_compute_vpn_tunnel" "vpn_tunnel" { count = length(var.bgp_network) name = "bgp-vpn-tunnel${count.index}" # need a count project = var.project_id peer_ip = var.um_vpn_endpoint[count.index].ip # supply in var shared_secret = random_password.vpn_password.result target_vpn_gateway = "${google_compute_vpn_gateway.vpn_gw.self_link}" router = "${google_compute_router.vpn_router.self_link}" depends_on = [ "google_compute_forwarding_rule.fr_esp", "google_compute_forwarding_rule.fr_udp500", "google_compute_forwarding_rule.fr_udp4500", ] }