support for peered vpn cidrs

2022-08-24 11:32:17 +06:00 · 2022-08-24 11:32:17 +06:00 · 56bd3212f9
commit 56bd3212f9
parent 9ab22c99c9
2 changed files with 54 additions and 6 deletions
--- a/data.tf
+++ b/data.tf
@ -10,7 +10,6 @@ data "aws_subnet" "selected" {
 data "aws_ami" "selected" {
  most_recent = true
  owners      = ["amazon"]
-
  filter {
    name   = "name"
    values = ["amzn2-ami-*"]
@ -19,10 +18,44 @@ data "aws_ami" "selected" {

 data "http" "relay_auth_key_response" {
  url = "https://api.tailscale.com/api/v2/tailnet/${var.tailscale_domain}/keys/${tailscale_tailnet_key.relay_auth.id}"
-
-  # Optional request headers
  request_headers = {
    Accept        = "application/json"
    Authorization = "Basic ${local.tailscale_auth_token}"
  }
 }
+
+data "aws_route_tables" "_subnet_filtered" {
+  filter {
+    name   = "association.subnet-id"
+    values = [var.subnet_id]
+  }
+}
+
+data "aws_route_table" "selected" {
+  route_table_id = (length(data.aws_route_tables._subnet_filtered.ids) > 0
+    ? data.aws_route_tables._subnet_filtered.ids[0]
+    : data.aws_vpc.selected.main_route_table_id
+  )
+}
+
+data "aws_vpc_peering_connections" "requested_peerings" {
+  filter {
+    name   = "requester-vpc-info.vpc-id"
+    values = [var.vpc_id]
+  }
+  filter {
+    name   = "status-code"
+    values = ["active"]
+  }
+}
+
+data "aws_vpc_peering_connections" "accepted_peerings" {
+  filter {
+    name   = "accepter-vpc-info.vpc-id"
+    values = [var.vpc_id]
+  }
+  filter {
+    name   = "status-code"
+    values = ["active"]
+  }
+}
--- a/locals.tf
+++ b/locals.tf
@ -2,15 +2,30 @@ locals {

  tailscale_auth_token = base64encode("${var.tailscale_api_key}:")

-  # list of cidr routes: cidrs of selected vpc + additional cidrs if defined
+  vpc_peering_connections = setunion(
+    data.aws_vpc_peering_connections.requested_peerings.ids,
+    data.aws_vpc_peering_connections.accepted_peerings.ids
+  )
+
+  # list of cidr routes: cidrs of selected vpc + cidr of peers + additional cidrs if defined
  tailscale_routes = var.advertise_routes ? concat(
    data.aws_vpc.selected.cidr_block_associations[*].cidr_block,
+    [
+      for route in data.aws_route_table.selected.routes :
+      route.cidr_block if contains(
+        local.vpc_peering_connections,
+        route.vpc_peering_connection_id
+      )
+    ],
    length(var.additional_routes) > 0 ? var.additional_routes : []
  ) : []

-  # list of vpc dns servers: each vpc cidr base + 2 & fallback_nameservers if defined
+  # list of vpc dns servers: (cidr base + 2) for vpc cidrs + fallback_nameservers if defined
  tailscale_nameservers = var.advertise_nameservers ? concat(
-    [for cidr_block in data.aws_vpc.selected.cidr_block_associations : cidrhost(cidr_block.cidr_block, 2)],
+    [
+      for cidr_block in data.aws_vpc.selected.cidr_block_associations :
+      cidrhost(cidr_block.cidr_block, 2)
+    ],
    length(var.fallback_nameservers) > 0 ? var.fallback_nameservers : []
  ) : []