/** * Copyright 2022 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ locals { subnets = { for x in var.subnets : "${x.subnet_region}/${x.subnet_name}" => x } peer_project_id = element(split("/", data.google_compute_network_peering.servicenetworking.peer_network), 6) gcve_network_name = var.create_gcve_network ? google_vmwareengine_network.gcve_network[0].name : data.google_vmwareengine_network.gcve_network[0].name } data "google_compute_network" "network" { count = var.create_network ? 0 : 1 project = var.project_id name = var.network_name } resource "google_compute_network" "network" { count = var.create_network ? 1 : 0 name = var.network_name auto_create_subnetworks = var.auto_create_subnetworks routing_mode = var.routing_mode project = var.project_id description = var.network_description delete_default_routes_on_create = var.delete_default_internet_gateway_routes mtu = var.mtu } resource "google_compute_subnetwork" "subnetwork" { for_each = local.subnets name = each.value.subnet_name ip_cidr_range = each.value.subnet_ip region = each.value.subnet_region private_ip_google_access = lookup(each.value, "subnet_private_access", "false") private_ipv6_google_access = lookup(each.value, "subnet_private_ipv6_access", null) dynamic "log_config" { for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC") flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", "0.5") metadata = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA") filter_expr = lookup(each.value, "subnet_flow_logs_filter", "true") }] : [] content { aggregation_interval = log_config.value.aggregation_interval flow_sampling = log_config.value.flow_sampling metadata = log_config.value.metadata filter_expr = log_config.value.filter_expr } } network = var.create_network ? google_compute_network.network[0].id : data.google_compute_network.network[0].id project = var.project_id description = lookup(each.value, "description", null) secondary_ip_range = [ for i in range( length( contains( keys(var.secondary_ranges), each.value.subnet_name) == true ? var.secondary_ranges[each.value.subnet_name] : [] )) : var.secondary_ranges[each.value.subnet_name][i] ] purpose = lookup(each.value, "purpose", null) role = lookup(each.value, "role", null) stack_type = lookup(each.value, "stack", null) ipv6_access_type = lookup(each.value, "ipv6_type", null) } resource "google_compute_global_address" "private_ip_alloc" { for_each = var.private_ip_allocation_details project = var.project_id name = each.key address = each.value.address purpose = var.address_purpose address_type = var.address_type prefix_length = each.value.prefix_length network = var.create_network ? google_compute_network.network[0].id : data.google_compute_network.network[0].id } resource "google_service_networking_connection" "gcve_psa" { network = var.create_network ? google_compute_network.network[0].id : data.google_compute_network.network[0].id service = var.service reserved_peering_ranges = [google_compute_global_address.private_ip_alloc[var.primary_private_ip_alloc].name] depends_on = [google_compute_network.network] } resource "google_compute_network_peering_routes_config" "peering_routes" { project = var.project_id peering = var.peering network = var.create_network ? google_compute_network.network[0].name : var.network_name import_custom_routes = true export_custom_routes = true depends_on = [google_service_networking_connection.gcve_psa] } data "google_compute_network_peering" "servicenetworking" { name = "servicenetworking-googleapis-com" network = google_compute_network.network[0].self_link depends_on = [ google_compute_network_peering_routes_config.peering_routes, google_service_networking_connection.gcve_psa, google_compute_global_address.private_ip_alloc ] } data "google_vmwareengine_network" "gcve_network" { count = var.create_gcve_network ? 0 : 1 provider = google-beta name = var.gcve_network_name location = var.gcve_network_location } resource "google_vmwareengine_network" "gcve_network" { count = var.create_gcve_network ? 1 : 0 provider = google-beta project = var.project_id name = var.gcve_network_name location = var.gcve_network_location type = var.gcve_network_type description = var.gcve_network_description } module "gcve_private_connection" { source = "terraform-google-modules/gcloud/google" platform = "linux" additional_components = ["beta"] create_cmd_entrypoint = "${path.module}/scripts/create_gcve_private_connection.sh" create_cmd_body = "${var.gcve_connection_name} ${var.pc_location} ${var.project_id} ${local.gcve_network_name} ${var.pc_description} ${var.pc_routing_mode} ${local.peer_project_id} ${var.pc_connection_type}" destroy_cmd_entrypoint = "${path.module}/scripts/delete_gcve_private_connection.sh" destroy_cmd_body = "${var.gcve_connection_name} ${var.pc_location} ${var.project_id}" }