Module: GClouder::Resources::Compute::VPNs::VPN

Includes:
Config::CLIArgs, GCloud, Helpers, Logging, Shell
Defined in:
lib/gclouder/resources/compute/vpns.rb

Class Method Summary collapse

Methods included from Config::CLIArgs

check, #cli_args, cli_args, included, load, valid_resources

Methods included from Helpers

#hash_to_args, included, #module_exists?, #to_arg, #to_deep_merge_hash, #valid_json?

Methods included from Logging

#add, #bad, #change, #debug, #error, #fatal, #good, included, #info, log, loggers, #remove, report, #resource_state, setup, #warn, #warning

Methods included from Shell

included, #shell

Methods included from GCloud

#gcloud, included, #verify

Methods included from Config::Project

load, #project, project

Class Method Details

.create(region, vpn, vpn_config) ⇒ Object 



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
# File 'lib/gclouder/resources/compute/vpns.rb', line 137

def self.create(region, vpn, vpn_config)
  network = vpn_config['network']
  Resource.ensure :"compute target-vpn-gateways", vpn_config["target_vpn_gateway"],
                  "--network #{network} --region #{region}"

  vpn_config.delete("network")

  return if cli_args[:dry_run]

  ip_data = gcloud("--format json compute addresses describe vpn-#{vpn} --region=#{region}", force: true)

  unless ip_data.key?("address")
    fatal "could not find address for static ip with key: vpn-#{vpn} (is key allocated in project config?)"
  end

  address = ip_data["address"]

  Resource.ensure :"compute forwarding-rules",
                  "#{vpn}-esp",
                  "--region #{region} \
                  --ip-protocol ESP \
                  --address #{address} \
                  --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
                  silent: true

  Resource.ensure :"compute forwarding-rules",
                  "#{vpn}-udp500",
                  "--region #{region} \
                  --ip-protocol UDP \
                  --ports 500 \
                  --address #{address} \
                  --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
                  silent: true

  Resource.ensure :"compute forwarding-rules",
                  "#{vpn}-udp4500",
                  "--region #{region} --ip-protocol UDP --ports 4500 --address #{address} \
                  --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
                  silent: true

  Resource.ensure :"compute vpn-tunnels", vpn,
                  "--region=#{region} #{hash_to_args(vpn_config)}",
                  silent: true

  vpn_config["remote_traffic_selector"].each_with_index do |range, index|
    Resource.ensure :"compute routes",
                    "route-#{vpn}-#{index}",
                    "--network=#{network} --next-hop-vpn-tunnel=#{vpn} \
                    --next-hop-vpn-tunnel-region=#{region} --destination-range=#{range}",
                    silent: true
  end

  GClouder::Resources::Compute::FirewallRules::Rule.ensure("vpn-#{vpn}-icmp", {
    "network"       => network,
    "source-ranges" => vpn_config["remote_traffic_selector"],
    "allow"         => "icmp"
  }, silent: true)
end