Making ipsec PSK length configurable

shivamverma182 · shivamverma182 · commit 63057b9b2bb5 · 2024-11-12T18:33:10.000+05:30
diff --git a/README.md b/README.md
@@ -97,6 +97,7 @@ References the variable descriptions below to determine the right configuration.
 | cr\_name | The name of cloud router for BGP routing | `string` | `""` | no |
 | gateway\_name | The name of VPN gateway | `string` | `"test-vpn"` | no |
 | ike\_version | Please enter the IKE version used by this tunnel (default is IKEv2) | `number` | `2` | no |
+| ipsec\_secret\_length | The lnegth the of shared secret for VPN tunnels | `number` | `8` | no |
 | local\_traffic\_selector | Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.<br>Value should be list of CIDR formatted strings and ranges should be disjoint. | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | network | The name of VPC being created | `string` | n/a | yes |
 | peer\_asn | Please enter the ASN of the BGP peer that cloud router will use | `list(string)` | <pre>[<br>  "65101"<br>]</pre> | no |
diff --git a/modules/vpn_ha/README.md b/modules/vpn_ha/README.md
@@ -268,6 +268,7 @@ module "vpn_ha" {
 |------|-------------|------|---------|:--------:|
 | create\_vpn\_gateway | create a VPN gateway | `bool` | `true` | no |
 | external\_vpn\_gateway\_description | An optional description of external VPN Gateway | `string` | `"Terraform managed external VPN gateway"` | no |
+| ipsec\_secret\_length | The lnegth the of shared secret for VPN tunnels | `number` | `8` | no |
 | keepalive\_interval | The interval in seconds between BGP keepalive messages that are sent to the peer. | `number` | `20` | no |
 | labels | Labels for vpn components | `map(string)` | `{}` | no |
 | name | VPN gateway name, and prefix used for dependent resources. | `string` | n/a | yes |
diff --git a/modules/vpn_ha/main.tf b/modules/vpn_ha/main.tf
@@ -167,5 +167,5 @@ resource "google_compute_vpn_tunnel" "tunnels" {
 }
 
 resource "random_id" "secret" {
-  byte_length = 8
+  byte_length = var.ipsec_secret_length
 }
diff --git a/modules/vpn_ha/variables.tf b/modules/vpn_ha/variables.tf
@@ -141,3 +141,9 @@ variable "external_vpn_gateway_description" {
   type        = string
   default     = "Terraform managed external VPN gateway"
 }
+
+variable "ipsec_secret_length" {
+  type        = number
+  description = "The lnegth the of shared secret for VPN tunnels"
+  default     = 8
+}
diff --git a/tunnel.tf b/tunnel.tf
@@ -16,7 +16,7 @@
 
 # Creating the VPN tunnel
 resource "random_id" "ipsec_secret" {
-  byte_length = 8
+  byte_length = var.ipsec_secret_length
 }
 
 resource "google_compute_vpn_tunnel" "tunnel-static" {
diff --git a/variables.tf b/variables.tf
@@ -145,3 +145,9 @@ variable "route_tags" {
   description = "A list of instance tags to which this route applies."
   default     = []
 }
+
+variable "ipsec_secret_length" {
+  type        = number
+  description = "The lnegth the of shared secret for VPN tunnels"
+  default     = 8
+}

Original file line number	Diff line number	Diff line change
`@@ -167,5 +167,5 @@ resource "google_compute_vpn_tunnel" "tunnels" {`
`167`	`167`	`}`
`168`	`168`
`169`	`169`	`resource "random_id" "secret" {`
`170`		`- byte_length = 8`
	`170`	`+ byte_length = var.ipsec_secret_length`
`171`	`171`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`
`17`	`17`	`# Creating the VPN tunnel`
`18`	`18`	`resource "random_id" "ipsec_secret" {`
`19`		`- byte_length = 8`
	`19`	`+ byte_length = var.ipsec_secret_length`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`resource "google_compute_vpn_tunnel" "tunnel-static" {`