fix: make partner interconnect comply with guide (#915)

daniel-cit · web-flow · commit 4b4f8d8a8207 · 2022-12-16T13:00:36.000-06:00
diff --git a/3-networks-dual-svpc/README.md b/3-networks-dual-svpc/README.md
@@ -105,7 +105,11 @@ If you provisioned the prerequisites listed in the [Dedicated Interconnect READM
 
 If you provisioned the prerequisites listed in the [Partner Interconnect README](./modules/partner_interconnect/README.md) follow this steps to enable Partner Interconnect to access on-premises resources.
 
+1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the shared envs folder in `3-networks-dual-svpc/envs/shared`
+1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-dual-svpc/envs/shared`
+1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info.
 1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the base-env folder in `3-networks-dual-svpc/modules/base_env` .
+1. Update the `enable_partner_interconnect` to `true` in each `main.tf` file in the environment folder in `3-networks-dual-svpc/envs/<environment>` .
 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations, and candidate subnetworks.
 1. The candidate subnetworks variable can be set to `null` to allow the interconnect module to auto generate this value.
 
diff --git a/3-networks-dual-svpc/envs/shared/interconnect.auto.tfvars.example b/3-networks-dual-svpc/envs/shared/interconnect.auto.tfvars.example
diff --git a/3-networks-dual-svpc/envs/shared/partner_interconnect.auto.tfvars.example b/3-networks-dual-svpc/envs/shared/partner_interconnect.auto.tfvars.example
@@ -0,0 +1,18 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+enable_partner_interconnect      = true
+preactivate_partner_interconnect = true
diff --git a/3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example b/3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example
@@ -14,57 +14,26 @@
  * limitations under the License.
  */
 
-module "shared_restricted_interconnect" {
+module "dns_hub_interconnect" {
   source = "../../modules/partner_interconnect"
 
-  attachment_project_id = local.restricted_net_hub_project_id
-  vpc_name              = "${local.environment_code}-shared-restricted"
+  vpc_name              = "c-dns-hub"
+  attachment_project_id = local.dns_hub_project_id
   preactivate           = var.preactivate_partner_interconnect
 
   region1                         = local.default_region1
-  region1_router1_name            = module.restricted_shared_vpc[0].region1_router1.router.name
+  region1_router1_name            = module.dns_hub_region1_router1.router.name
   region1_interconnect1_location  = "las-zone1-770"
   region1_interconnect1_onprem_dc = "onprem-dc1"
-  region1_router2_name            = module.restricted_shared_vpc[0].region1_router2.router.name
+  region1_router2_name            = module.dns_hub_region1_router2.router.name
   region1_interconnect2_location  = "las-zone1-770"
   region1_interconnect2_onprem_dc = "onprem-dc2"
 
   region2                         = local.default_region2
-  region2_router1_name            = module.restricted_shared_vpc[0].region2_router1.router.name
+  region2_router1_name            = module.dns_hub_region2_router1.router.name
   region2_interconnect1_location  = "lax-zone2-19"
   region2_interconnect1_onprem_dc = "onprem-dc3"
-  region2_router2_name            = module.restricted_shared_vpc[0].region2_router2.router.name
-  region2_interconnect2_location  = "lax-zone1-403"
-  region2_interconnect2_onprem_dc = "onprem-dc4"
-
-  cloud_router_labels = {
-    vlan_1 = "cr5",
-    vlan_2 = "cr6",
-    vlan_3 = "cr7",
-    vlan_4 = "cr8"
-  }
-}
-
-module "shared_base_interconnect" {
-  source = "../../modules/partner_interconnect"
-
-  attachment_project_id = local.base_net_hub_project_id
-  vpc_name              = "${local.environment_code}-shared-base"
-  preactivate           = var.preactivate_partner_interconnect
-
-  region1                         = local.default_region1
-  region1_router1_name            = module.base_shared_vpc[0].region1_router1.router.name
-  region1_interconnect1_location  = "las-zone1-770"
-  region1_interconnect1_onprem_dc = "onprem-dc1"
-  region1_router2_name            = module.base_shared_vpc[0].region1_router2.router.name
-  region1_interconnect2_location  = "las-zone1-770"
-  region1_interconnect2_onprem_dc = "onprem-dc2"
-
-  region2                         = local.default_region2
-  region2_router1_name            = module.base_shared_vpc[0].region2_router1.router.name
-  region2_interconnect1_location  = "lax-zone2-19"
-  region2_interconnect1_onprem_dc = "onprem-dc3"
-  region2_router2_name            = module.base_shared_vpc[0].region2_router2.router.name
+  region2_router2_name            = module.dns_hub_region2_router2.router.name
   region2_interconnect2_location  = "lax-zone1-403"
   region2_interconnect2_onprem_dc = "onprem-dc4"
 
diff --git a/3-networks-dual-svpc/modules/partner_interconnect/README.md b/3-networks-dual-svpc/modules/partner_interconnect/README.md
@@ -4,13 +4,14 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail
 
 ## Prerequisites
 
-1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` under the folder `fldr-common` in case of Hub and Spoke architecture.
-
-Without Hub and Spoke enabled VLAN attachments will be created in `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder.
+1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-c-dns-hub` under the folder `fldr-common`.
 
 ## Usage
 
-1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the environment folder in `3-networks-dual-svpc/modules/base_env` .
+1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the shared envs folder in `3-networks-dual-svpc/envs/shared`
+1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-dual-svpc/envs/shared`
+1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info.
+1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the base-env folder in `3-networks-dual-svpc/modules/base_env` .
 1. Update the `enable_partner_interconnect` to `true` in each `main.tf` file in the environment folder in `3-networks-dual-svpc/envs/<environment>` .
 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations.
 
diff --git a/3-networks-dual-svpc/modules/partner_interconnect/main.tf b/3-networks-dual-svpc/modules/partner_interconnect/main.tf
@@ -44,7 +44,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment2_regi
 }
 
 resource "google_compute_interconnect_attachment" "interconnect_attachment1_region2" {
-  name    = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix1}"
+  name    = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix3}"
   project = var.attachment_project_id
   region  = var.region2
   router  = var.region2_router1_name
@@ -55,7 +55,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment1_regi
 }
 
 resource "google_compute_interconnect_attachment" "interconnect_attachment2_region2" {
-  name    = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix2}"
+  name    = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix4}"
   project = var.attachment_project_id
   region  = var.region2
   router  = var.region2_router2_name
diff --git a/3-networks-hub-and-spoke/README.md b/3-networks-hub-and-spoke/README.md
@@ -103,16 +103,17 @@ To see the version that makes use of the **Dual Shared VPC** architecture mode c
 
 If you provisioned the prerequisites listed in the [Dedicated Interconnect README](./modules/dedicated_interconnect/README.md), follow these steps to enable Dedicated Interconnect to access on-premises resources.
 
-1. Rename `interconnect.tf.example` to `interconnect.tf` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`
-1. Rename `interconnect.auto.tfvars.example` to `interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`
+1. Rename `interconnect.tf.example` to `interconnect.tf` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`.
+1. Rename `interconnect.auto.tfvars.example` to `interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`.
 1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info.
 1. The candidate subnetworks and vlan_tag8021q variables can be set to `null` to allow the interconnect module to auto generate these values.
 
 ### Using Partner Interconnect
 
 If you provisioned the prerequisites listed in the [Partner Interconnect README](./modules/partner_interconnect/README.md) follow this steps to enable Partner Interconnect to access on-premises resources.
 
-1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the base-env folder in `3-networks-hub-and-spoke/modules/base_env` .
+1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf`in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`.
+1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`.
 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations, and candidate subnetworks.
 1. The candidate subnetworks variable can be set to `null` to allow the interconnect module to auto generate this value.
 
diff --git a/3-networks-hub-and-spoke/envs/shared/dns-hub.tf b/3-networks-hub-and-spoke/envs/shared/dns-hub.tf
@@ -96,7 +96,7 @@ module "dns_hub_region1_router1" {
   network = module.dns_hub_vpc.network_name
   region  = local.default_region1
   bgp = {
-    asn                  = var.bgp_asn_dns
+    asn                  = local.dns_bgp_asn_number
     advertised_ip_ranges = [{ range = "35.199.192.0/19" }]
   }
 }
@@ -109,7 +109,7 @@ module "dns_hub_region1_router2" {
   network = module.dns_hub_vpc.network_name
   region  = local.default_region1
   bgp = {
-    asn                  = var.bgp_asn_dns
+    asn                  = local.dns_bgp_asn_number
     advertised_ip_ranges = [{ range = "35.199.192.0/19" }]
   }
 }
@@ -122,7 +122,7 @@ module "dns_hub_region2_router1" {
   network = module.dns_hub_vpc.network_name
   region  = local.default_region2
   bgp = {
-    asn                  = var.bgp_asn_dns
+    asn                  = local.dns_bgp_asn_number
     advertised_ip_ranges = [{ range = "35.199.192.0/19" }]
   }
 }
@@ -135,7 +135,7 @@ module "dns_hub_region2_router2" {
   network = module.dns_hub_vpc.network_name
   region  = local.default_region2
   bgp = {
-    asn                  = var.bgp_asn_dns
+    asn                  = local.dns_bgp_asn_number
     advertised_ip_ranges = [{ range = "35.199.192.0/19" }]
   }
 }
diff --git a/3-networks-hub-and-spoke/envs/shared/main.tf b/3-networks-hub-and-spoke/envs/shared/main.tf
@@ -18,6 +18,7 @@ locals {
   env                               = "common"
   environment_code                  = "c"
   bgp_asn_number                    = var.enable_partner_interconnect ? "16550" : "64514"
+  dns_bgp_asn_number                = var.enable_partner_interconnect ? "16550" : var.bgp_asn_dns
   default_region1                   = "us-west1"
   default_region2                   = "us-central1"
   dns_hub_project_id                = data.terraform_remote_state.org.outputs.dns_hub_project_id
diff --git a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example
@@ -14,6 +14,5 @@
  * limitations under the License.
  */
 
-enable_partner_interconnect = true
+enable_partner_interconnect      = true
 preactivate_partner_interconnect = true
-
diff --git a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example
@@ -14,6 +14,38 @@
  * limitations under the License.
  */
 
+
+module "dns_hub_interconnect" {
+  source = "../../modules/partner_interconnect"
+
+  vpc_name              = "c-dns-hub"
+  attachment_project_id = local.dns_hub_project_id
+  preactivate           = var.preactivate_partner_interconnect
+
+  region1                         = local.default_region1
+  region1_router1_name            = module.dns_hub_region1_router1.router.name
+  region1_interconnect1_location  = "las-zone1-770"
+  region1_interconnect1_onprem_dc = "onprem-dc-1"
+  region1_router2_name            = module.dns_hub_region1_router2.router.name
+  region1_interconnect2_location  = "las-zone1-770"
+  region1_interconnect2_onprem_dc = "onprem-dc-2"
+
+  region2                         = local.default_region2
+  region2_router1_name            = module.dns_hub_region2_router1.router.name
+  region2_interconnect1_location  = "lax-zone2-19"
+  region2_interconnect1_onprem_dc = "onprem-dc-3"
+  region2_router2_name            = module.dns_hub_region2_router2.router.name
+  region2_interconnect2_location  = "lax-zone1-403"
+  region2_interconnect2_onprem_dc = "onprem-dc-4"
+
+  cloud_router_labels = {
+    vlan_1 = "cr1",
+    vlan_2 = "cr2",
+    vlan_3 = "cr3",
+    vlan_4 = "cr4"
+  }
+}
+
 module "shared_restricted_interconnect" {
   source = "../../modules/partner_interconnect"
 
diff --git a/3-networks-hub-and-spoke/modules/base_env/partner_interconnect.tf.example b/3-networks-hub-and-spoke/modules/base_env/partner_interconnect.tf.example
diff --git a/3-networks-hub-and-spoke/modules/partner_interconnect/README.md b/3-networks-hub-and-spoke/modules/partner_interconnect/README.md
@@ -4,14 +4,12 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail
 
 ## Prerequisites
 
-1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` under the folder `fldr-common` in case of Hub and Spoke architecture.
-
-Without Hub and Spoke enabled VLAN attachments will be created in `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder.
+1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and  `prj-c-dns-hub` under the folder `fldr-common` in case of Hub and Spoke architecture.
 
 ## Usage
 
-1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the environment folder in `3-networks-hub-and-spoke/modules/base_env` .
-1. Update the `enable_partner_interconnect` to `true` in each `main.tf` file in the environment folder in `3-networks-hub-and-spoke/envs/<environment>` .
+1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf`in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`.
+1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`.
 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/3-networks-hub-and-spoke/modules/partner_interconnect/main.tf b/3-networks-hub-and-spoke/modules/partner_interconnect/main.tf
@@ -45,7 +45,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment2_regi
 }
 
 resource "google_compute_interconnect_attachment" "interconnect_attachment1_region2" {
-  name    = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix1}"
+  name    = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix3}"
   project = var.attachment_project_id
   region  = var.region2
   router  = var.region2_router1_name
@@ -56,7 +56,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment1_regi
 }
 
 resource "google_compute_interconnect_attachment" "interconnect_attachment2_region2" {
-  name    = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix2}"
+  name    = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix4}"
   project = var.attachment_project_id
   region  = var.region2
   router  = var.region2_router2_name

Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ module "dns_hub_region1_router1" {`
`96`	`96`	`network = module.dns_hub_vpc.network_name`
`97`	`97`	`region = local.default_region1`
`98`	`98`	`bgp = {`
`99`		`- asn = var.bgp_asn_dns`
	`99`	`+ asn = local.dns_bgp_asn_number`
`100`	`100`	`advertised_ip_ranges = [{ range = "35.199.192.0/19" }]`
`101`	`101`	`}`
`102`	`102`	`}`
`@@ -109,7 +109,7 @@ module "dns_hub_region1_router2" {`
`109`	`109`	`network = module.dns_hub_vpc.network_name`
`110`	`110`	`region = local.default_region1`
`111`	`111`	`bgp = {`
`112`		`- asn = var.bgp_asn_dns`
	`112`	`+ asn = local.dns_bgp_asn_number`
`113`	`113`	`advertised_ip_ranges = [{ range = "35.199.192.0/19" }]`
`114`	`114`	`}`
`115`	`115`	`}`
`@@ -122,7 +122,7 @@ module "dns_hub_region2_router1" {`
`122`	`122`	`network = module.dns_hub_vpc.network_name`
`123`	`123`	`region = local.default_region2`
`124`	`124`	`bgp = {`
`125`		`- asn = var.bgp_asn_dns`
	`125`	`+ asn = local.dns_bgp_asn_number`
`126`	`126`	`advertised_ip_ranges = [{ range = "35.199.192.0/19" }]`
`127`	`127`	`}`
`128`	`128`	`}`
`@@ -135,7 +135,7 @@ module "dns_hub_region2_router2" {`
`135`	`135`	`network = module.dns_hub_vpc.network_name`
`136`	`136`	`region = local.default_region2`
`137`	`137`	`bgp = {`
`138`		`- asn = var.bgp_asn_dns`
	`138`	`+ asn = local.dns_bgp_asn_number`
`139`	`139`	`advertised_ip_ranges = [{ range = "35.199.192.0/19" }]`
`140`	`140`	`}`
`141`	`141`	`}`