feat(TPG beta)!: add support for BGP Route Policy in vpn_ha sub-module (#188)

Author: cvanwijck-hub24

modules/vpn_ha/README.md

@@ -283,7 +283,7 @@ module "vpn_ha" {
 | router\_asn | Router ASN used for auto-created router. | `number` | `64514` | no |
 | router\_name | Name of router, leave blank to create one. | `string` | `""` | no |
 | stack\_type | The IP stack type will apply to all the tunnels associated with this VPN gateway. | `string` | `"IPV4_ONLY"` | no |
-| tunnels | VPN tunnel configurations, bgp\_peer\_options is usually null. | <pre>map(object({<br>    bgp_peer = object({<br>      address = string<br>      asn     = number<br>    })<br>    bgp_session_name = optional(string)<br>    bgp_peer_options = optional(object({<br>      ip_address          = optional(string)<br>      advertise_groups    = optional(list(string))<br>      advertise_ip_ranges = optional(map(string))<br>      advertise_mode      = optional(string)<br>      route_priority      = optional(number)<br>    }))<br>    bgp_session_range               = optional(string)<br>    ike_version                     = optional(number)<br>    vpn_gateway_interface           = optional(number)<br>    peer_external_gateway_self_link = optional(string, null)<br>    peer_external_gateway_interface = optional(number)<br>    shared_secret                   = optional(string, "")<br>  }))</pre> | `{}` | no |
+| tunnels | VPN tunnel configurations, bgp\_peer\_options is usually null. | <pre>map(object({<br>    bgp_peer = object({<br>      address = string<br>      asn     = number<br>    })<br>    bgp_session_name = optional(string)<br>    bgp_peer_options = optional(object({<br>      ip_address          = optional(string)<br>      advertise_groups    = optional(list(string))<br>      advertise_ip_ranges = optional(map(string))<br>      advertise_mode      = optional(string)<br>      route_priority      = optional(number)<br>      import_policies     = optional(list(string))<br>      export_policies     = optional(list(string))<br>    }))<br>    bgp_session_range               = optional(string)<br>    ike_version                     = optional(number)<br>    vpn_gateway_interface           = optional(number)<br>    peer_external_gateway_self_link = optional(string, null)<br>    peer_external_gateway_interface = optional(number)<br>    shared_secret                   = optional(string, "")<br>  }))</pre> | `{}` | no |
 | vpn\_gateway\_self\_link | self\_link of existing VPN gateway to be used for the vpn tunnel. create\_vpn\_gateway should be set to false | `string` | `null` | no |
 
 ## Outputs

modules/vpn_ha/main.tf

@@ -106,6 +106,7 @@ resource "google_compute_router" "router" {
 }
 
 resource "google_compute_router_peer" "bgp_peer" {
+  provider        = google-beta
   for_each        = var.tunnels
   region          = var.region
   project         = var.project_id
@@ -131,6 +132,12 @@ resource "google_compute_router_peer" "bgp_peer" {
       : each.value.bgp_peer_options.advertise_groups
     )
   )
+  import_policies = (
+    each.value.bgp_peer_options == null ? null : each.value.bgp_peer_options.import_policies
+  )
+  export_policies = (
+    each.value.bgp_peer_options == null ? null : each.value.bgp_peer_options.export_policies
+  )
   dynamic "advertised_ip_ranges" {
     for_each = (
       each.value.bgp_peer_options == null ? {} : (

modules/vpn_ha/variables.tf

@@ -113,6 +113,8 @@ variable "tunnels" {
       advertise_ip_ranges = optional(map(string))
       advertise_mode      = optional(string)
       route_priority      = optional(number)
+      import_policies     = optional(list(string))
+      export_policies     = optional(list(string))
     }))
     bgp_session_range               = optional(string)
     ike_version                     = optional(number)