module GClouder::Resources::Compute::VPNs::VPN

Public Class Methods

create(region, vpn, vpn_config) click to toggle source
# File lib/gclouder/resources/compute/vpns.rb, line 137
def self.create(region, vpn, vpn_config)
  network = vpn_config['network']
  Resource.ensure :"compute target-vpn-gateways", vpn_config["target_vpn_gateway"],
                  "--network #{network} --region #{region}"

  vpn_config.delete("network")

  return if cli_args[:dry_run]

  ip_data = gcloud("--format json compute addresses describe vpn-#{vpn} --region=#{region}", force: true)

  unless ip_data.key?("address")
    fatal "could not find address for static ip with key: vpn-#{vpn} (is key allocated in project config?)"
  end

  address = ip_data["address"]

  Resource.ensure :"compute forwarding-rules",
                  "#{vpn}-esp",
                  "--region #{region} \
                  --ip-protocol ESP \
                  --address #{address} \
                  --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
                  silent: true

  Resource.ensure :"compute forwarding-rules",
                  "#{vpn}-udp500",
                  "--region #{region} \
                  --ip-protocol UDP \
                  --ports 500 \
                  --address #{address} \
                  --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
                  silent: true

  Resource.ensure :"compute forwarding-rules",
                  "#{vpn}-udp4500",
                  "--region #{region} --ip-protocol UDP --ports 4500 --address #{address} \
                  --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
                  silent: true

  Resource.ensure :"compute vpn-tunnels", vpn,
                  "--region=#{region} #{hash_to_args(vpn_config)}",
                  silent: true

  vpn_config["remote_traffic_selector"].each_with_index do |range, index|
    Resource.ensure :"compute routes",
                    "route-#{vpn}-#{index}",
                    "--network=#{network} --next-hop-vpn-tunnel=#{vpn} \
                    --next-hop-vpn-tunnel-region=#{region} --destination-range=#{range}",
                    silent: true
  end

  GClouder::Resources::Compute::FirewallRules::Rule.ensure("vpn-#{vpn}-icmp", {
    "network"       => network,
    "source-ranges" => vpn_config["remote_traffic_selector"],
    "allow"         => "icmp"
  }, silent: true)
end