0

I'm trying to figure out how to document and build some HA-VPN's in GCP using terraform, and I don't know the number of HA-VPN's that will be required.

I have a module that builds them which I need to pass all the required information into (called once for each VPN that is built.)

So I have the config in a map:

"sec_ha_vpn_config": {
      "vpn1": {
        "customer_redundancy_prod1": "TWO_IPS_REDUNDANCY",
        "customer_redundancy_prod2": "SINGLE_IP_INTERNALLY_REDUNDANT",
        "prod1_key": "secretkey1",
        "prod2_key": "secretkey2",
        "redundant_tunnel_enabled_prod1": true,
        "redundant_tunnel_enabled_prod2": false,
        "prod1_peers": [
          {
            "id": "0",
            "peer_ip": "1.2.3.4"
          },
          {
            "id": "1",
            "peer_ip": "11.22.33.44"
          }
        ],
        "prod2_peers": [
          {
            "id": "0",
            "peer_ip": "1.2.3.4"
          }
        ],
        "cust_asn": "64512",
        ...... (cut down for shortness.)
      },
      "vpn2": {
      ....
      }
}

Part of my issue is defining this in the variables.tf file, as using Object seems to then require specifying the parts of the map to be generated, and some parts are optional. If I just specify it as a map instead of an object, I still have the same problem with the optional parts? What is the correct way of defining an object such as this which can vary with the number of parameters?

Also, how would the values within the object be accessed, so far I've figured I think they will be such as each.value.customer_redundancy_prod1 when using for_each = { for k, v in var.sec_ha_vpn_config : k => v } ?

The code where this config is used:

module "secondary_vpn_ha_gateway" {
  source                      = "./modules/terraform-gcp-vpn-ha"
  for_each                    = { for k, v in var.sec_ha_vpn_config : k => v }
  alias                       = local.alias
  project                     = local.project
  region1                     = local.region1
  region2                     = local.region2
  network1                    = module.prod1_ingress_vpc.self_link
  network2                    = module.prod2_ingress_vpc.self_link
  customer_redundancy_prod1   = each.value.customer_redundancy_prod1
  customer_redundancy_prod2   = each.value.customer_redundancy_prod2
  customer_ha_vpn_prod1_peers = each.value.prod1_peers
  customer_ha_vpn_prod2_peers = each.value.prod2_peers
  shared_secret               = each.value.prod1_key
  shared_secret_second_tunnel = each.value.prod1_key
  sec_shared_secret           = each.value.prod2_key
  sec_shared_secret_second_tunnel = each.value.prod2_key
  asn                         = each.value.prod2_key
  asn2                        = each.value.prod2_key
  cust_asn                    = each.value.cust_asn
  cust_asn2                   = each.value.cust_asn2
  cust_asn_sec_tunnel         = each.value.cust_asn_sec_tunnel
  cust_asn2_sec_tunnel        = each.value.cust_asn2_sec_tunnel
  advertised_ip_ranges_prod1  = local.advertised_ip_ranges_prod1
  advertised_ip_ranges_prod2  = local.advertised_ip_ranges_prod2
  router1_interface1_bgp_range = each.value.router1_interface1_bgp_range
  router1_tunnel1_peer_ip      = each.value.router1_tunnel1_peer_ip
  router1_interface2_bgp_range = each.value.router1_interface2_bgp_range
  router1_tunnel2_peer_ip      = each.value.router1_tunnel2_peer_ip
  router2_interface1_bgp_range = each.value.router2_interface1_bgp_range
  router2_tunnel1_peer_ip      = each.value.router2_tunnel1_peer_ip
  router2_interface2_bgp_range = each.value.router2_interface2_bgp_range
  router2_tunnel2_peer_ip      = each.value.router2_tunnel2_peer_ip
  redundant_tunnel_enabled_prod1 = each.value.redundant_tunnel_enabled_prod1
  redundant_tunnel_enabled_prod2 = each.value.redundant_tunnel_enabled_prod2
  advertised_route_priority_router1_peer1 = each.value.advertised_route_priority_router1_peer1
  advertised_route_priority_router1_peer2 = each.value.advertised_route_priority_router1_peer2
  advertised_route_priority_router2_peer1 = each.value.advertised_route_priority_router2_peer1
  advertised_route_priority_router2_peer2 = each.value.advertised_route_priority_router2_peer2
}

I realise currently, I may have a case where a value doesn't exist in the provided config which would trip the terraform up, and I planned to fix this once I got to that point.

Improve this question
2
  • 2
    Can you add the part of code where you plan on using this? Also, what is the error you see? Commented Jul 31, 2023 at 14:33
  • Ah sure, added it. Right now I don't know if I'm accessing the values correctly, because I first need to get the definition of the variable nailed down. Commented Jul 31, 2023 at 14:40
Related questions
0
Terraform/HCL - for_each iteration over map of maps to set unique first level map name
4
Terraform Import Resources and Looping Over Those Resources
2
How to create a single dynamic block for a module from a map or object definition?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.