Fix vgw bug (#4)

cdaniluk · web-flow · commit 8eda17223e00 · 2020-06-01T17:24:44.000-04:00
* correct typo in first interface

* use try instead or this fails when vgw is specified
diff --git a/README.md b/README.md
@@ -3,27 +3,40 @@
 Creates a site-to-site VPN connection intended to terminate to a FortiGate firewall. Creates a template configuration file that can be used to easily configure the connection.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+| local | n/a |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| account\_name | Name for AWS account side of tunnel | string | n/a | yes |
-| customer\_bgp\_asn | BGP for customer side of tunnel | number | n/a | yes |
-| customer\_gateway\_type | Type for customer gateway | string | `"ipsec.1"` | no |
-| customer\_ip\_address | IP address for customer side | string | n/a | yes |
-| customer\_name | Name for customer side of tunnel | string | n/a | yes |
-| generate\_fortigate\_config | Generate a FortiGate config template \(does not include PSKs\) | bool | `"true"` | no |
-| tags | Tags to add to supported resources | string | n/a | yes |
-| transit\_gateway\_id | Transit gateway to attach VPN to \(required if `vpn\_gateway\_id` not set\) | string | `"null"` | no |
-| tunnel1\_inside\_cidr | Specify a Tunnel 1 inside CIDR \(optional\) | string | `""` | no |
-| tunnel1\_psk | Specify a Tunnel 1 PSK explicitly \(optional\) | string | `""` | no |
-| tunnel1\_psk\_version | Version to use for PSK \(increment to generate a new PSK\) | number | `"1"` | no |
-| tunnel2\_inside\_cidr | Specify a Tunnel 2 inside CIDR \(optional\) | string | `""` | no |
-| tunnel2\_psk | Specify a Tunnel 2 PSK explicitly \(optional\) | string | `""` | no |
-| tunnel2\_psk\_version | Version to use for PSK \(increment to generate a new PSK\) | number | `"1"` | no |
-| use\_secrets\_manager | Use Secrets Manager to store/manage PSKs | bool | `"true"` | no |
-| vgw\_id | Virtual Private Gateway to attach VPN to \(required if `transit\_gateway\_id` not set\) | string | `"null"` | no |
-| wan\_interface | WAN interface to use in fortigate config template | string | `"wan1"` | no |
+|------|-------------|------|---------|:--------:|
+| account\_name | Name for AWS account side of tunnel | `string` | n/a | yes |
+| customer\_bgp\_asn | BGP for customer side of tunnel | `number` | n/a | yes |
+| customer\_gateway\_type | Type for customer gateway | `string` | `"ipsec.1"` | no |
+| customer\_ip\_address | IP address for customer side | `string` | n/a | yes |
+| customer\_name | Name for customer side of tunnel | `string` | n/a | yes |
+| generate\_fortigate\_config | Generate a FortiGate config template (does not include PSKs) | `bool` | `true` | no |
+| tags | Tags to add to supported resources | `any` | n/a | yes |
+| transit\_gateway\_id | Transit gateway to attach VPN to (required if `vpn_gateway_id` not set) | `string` | `null` | no |
+| tunnel1\_inside\_cidr | Specify a Tunnel 1 inside CIDR (optional) | `string` | `""` | no |
+| tunnel1\_psk | Specify a Tunnel 1 PSK explicitly (optional) | `string` | `""` | no |
+| tunnel1\_psk\_version | Version to use for PSK (increment to generate a new PSK) | `number` | `1` | no |
+| tunnel2\_inside\_cidr | Specify a Tunnel 2 inside CIDR (optional) | `string` | `""` | no |
+| tunnel2\_psk | Specify a Tunnel 2 PSK explicitly (optional) | `string` | `""` | no |
+| tunnel2\_psk\_version | Version to use for PSK (increment to generate a new PSK) | `number` | `1` | no |
+| use\_secrets\_manager | Use Secrets Manager to store/manage PSKs | `bool` | `true` | no |
+| vgw\_id | Virtual Private Gateway to attach VPN to (required if `transit_gateway_id` not set) | `string` | `null` | no |
+| wan\_interface | WAN interface to use in fortigate config template | `string` | `"wan1"` | no |
 
 ## Outputs
 
diff --git a/fortigate_config.txt.tpl b/fortigate_config.txt.tpl
@@ -31,7 +31,7 @@ config system interface
   set type tunnel
   set tcp-mss 1379
   set remote-ip ${tunnel1_inside_address_amazon} 255.255.255.255
-  set comments "${account_name}<->${customer_name}1"
+  set description "${account_name}<->${customer_name}1"
   set interface "${wan_interface}"
  next
 end
diff --git a/main.tf b/main.tf
@@ -42,7 +42,7 @@ locals {
   tunnel2_psk = var.use_secrets_manager ? module.psk2.secret : var.tunnel2_psk
 
   # compute aws bgp asn
-  amazon_bgp_asn = var.vgw_id == null ? data.aws_ec2_transit_gateway.this[0].amazon_side_asn : data.aws_vpn_gateway.this[0].amazon_side_asn
+  amazon_bgp_asn = try(data.aws_ec2_transit_gateway.this[0].amazon_side_asn, data.aws_vpn_gateway.this[0].amazon_side_asn)
 }
 
 resource "aws_customer_gateway" "this" {

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ locals {`
`42`	`42`	`tunnel2_psk = var.use_secrets_manager ? module.psk2.secret : var.tunnel2_psk`
`43`	`43`
`44`	`44`	`# compute aws bgp asn`
`45`		`- amazon_bgp_asn = var.vgw_id == null ? data.aws_ec2_transit_gateway.this[0].amazon_side_asn : data.aws_vpn_gateway.this[0].amazon_side_asn`
	`45`	`+ amazon_bgp_asn = try(data.aws_ec2_transit_gateway.this[0].amazon_side_asn, data.aws_vpn_gateway.this[0].amazon_side_asn)`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`resource "aws_customer_gateway" "this" {`