Expose bgpPeers from google_compute_router

[steven-edgar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The gcloud command for describing a compute router includes the "bgpPeers" block, however the equivalent resource in Terraform, google_compute_router, does not expose this information via attributes. There appears to be no other resource or datasource which will expose this. When trying to apply settings to bgpPeers via the google_compute_router_peer resource, we need to feed in several pieces of information from this bgpPeers block, namely name, interface, peer_ip_address and peer_asn, all of which would come from the bpgPeers block, if it was exposed. Without this it appears impossible (without resorting to a local-exec method) to apply settings using google_compute_router_peer to an existing bpgPeer, such as those automatically created by GCP.

New or Affected Resource(s)

• google_compute_router
• google_compute_router_peer

Potential Terraform Configuration

resource "google_compute_router" "foobar" {
  name    = "my-router"
  network = "my-network"
  bgp {
    asn               = 64514
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "1.2.3.4"
    }
    advertised_ip_ranges {
      range = "6.7.0.0/16"
    }
  }
}

#Force a route priority on an existing bgpPeer connection
resource "google_compute_router_peer" "peer" {
  name                      = google_compute_router.foobar.bgpPeers[0].name
  router                    = google_compute_router.foobar.name
  region                    = google_compute_router.foobar.region
  peer_ip_address           = google_compute_router.foobar.bgpPeers[0].peer_ip_address
  peer_asn                  = google_compute_router.foobar.bgpPeers[0].peer_asn
  advertised_route_priority = 100
  interface                 = google_compute_router.foobar.bgpPeers[0].interface_name
}

References

• #0000

[rileykarson]

I'm not sure I understand here- google_compute_router_peer is the bgpPeers block. What would change as a result of exposing this as an output-only field on the parent?

[steven-edgar]

GCP provision some bgpPeers automatically, there is no Terraform way to retrieve those peers, and so no way to change settings for them. The other alternative would be to have a google_compute_router_peers data source which we could use to retrieve all the peers on a given router.

[rileykarson]

Is terraform import not an option? https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_peer#import

[steven-edgar]

Not in any sort of automated way, consistent across environments no, as the bpgPeers have auto-generated names and interfaceNames. We'd end up with a situation where for every environment we'd have to deploy most of the infrastructure, but not the google_compute_router_peers, then manually discover the name and interfaceName of those peers, set them in variables, import them and then run the deploy again. That approach seems against the normal Terraform way of working.

[gregorycox]

The google_compute_interconnect_attachment attribute cloud_router_ip_address maps directly to that generated interface. So can there be a reference to local_interface_ip(cloud_router_ip_address), that allows for appropriate reference without having to understand the order of the peers/interfaces?

[rjouhann]

Here is another use case: automate the BGP creation with a partner (e.g. PacketFabric).

I see 2 ways to approach this: (which could be both implemented actually!)

1. Update existing data source google_compute_router and add below new element to the data source output:

items[].bgpPeers[]
items[].bgpPeers[].name
items[].bgpPeers[].ipAddress
items[].bgpPeers[].peerIpAddress
items[].bgpPeers[].peerAsn
items[].bgpPeers[].interfaceName

API reference: https://cloud.google.com/compute/docs/reference/rest/v1/routers/list

2. Create a new data source for google_compute_interconnect_attachment and add below new elements to the new data source output:

items[].cloudRouterIpAddress
items[].customerRouterIpAddress
items[].partnerAsn
items[].type
items[].operationalStatus
items[].state

API reference: https://cloud.google.com/compute/docs/reference/rest/v1/interconnectAttachments/list
GitHub Issue: #12624

[rjouhann]

I found a workaround by using the terraform-google-modules. Not the best but it works.

[Sathyam-Muppuri]

GCP provision some bgpPeers automatically, there is no Terraform way to retrieve those peers, and so no way to change settings for them. The other alternative would be to have a google_compute_router_peers data source which we could use to retrieve all the peers on a given router.

i think it would be best if we can expose the bgpPeers automatically using the google_compute_router_peers data source

[paulspiegel]

I was hoping to use the import block introduced in TF 1.5.0 to import the BGP peer created by the interconnect attachment into a google_compute_router_peer resource and then update the ASN. However given the auto generated ID and lack of a data lookup for peers I couldn't figure out how to do that.

Terraform Enterprise and Terraform Cloud have also stopped supporting the gcloud module so our previous way of handing this situation is now broken.

[rileykarson]

What made TFE/TFC stop supporting the gcloud module?

[paulspiegel]

Hi Riley, there's an issue in that module repo:
terraform-google-modules/terraform-google-gcloud#94

The TFE/TFC runners are ephemeral and we've heard from Hashi that their new custom agent images will not support installing the gcloud binary. We've tried it and it did not work.

https://developer.hashicorp.com/terraform/enterprise/admin/infrastructure/worker-to-agent-migration

[rileykarson]

Thanks! I'll flag w/ HashiCorp