From e6b84ac6c5a61636ceb1b29c2ed75fafbb73ecbb Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 17 Oct 2022 15:41:37 -0400
Subject: [PATCH] fix

---
 vpn-transit-gateway/vpn-config.tf | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/vpn-transit-gateway/vpn-config.tf b/vpn-transit-gateway/vpn-config.tf
index d488fe6..dca44f0 100644
--- a/vpn-transit-gateway/vpn-config.tf
+++ b/vpn-transit-gateway/vpn-config.tf
@@ -1,6 +1,9 @@
 locals {
-  single_vpn_tunnel_loopback   = try(element([for k, v in local.vpn_settings : v.tunnel_loopback], 0), "")
-  single_vpn_tunnel_ip_address = try(element([for k, v in local.vpn_settings : v.ip_address], 0), "")
+  vpn_tunnel_sites = distinct([for k, v in local.vpn_settings : v.site])
+  #  single_vpn_tunnel_loopback   = try(element([for k, v in local.vpn_settings : v.tunnel_loopback], 0), "")
+  #  single_vpn_tunnel_ip_address = try(element([for k, v in local.vpn_settings : v.ip_address], 0), "")
+  single_vpn_tunnel_loopback   = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_settings : v.tunnel_loopback if v.site == s]) }
+  single_vpn_tunnel_ip_address = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_settings : v.ip_address if v.site == s]) }
   vpn_tunnel_outputs = { for k, v in local.vpn_settings : k => {
     vpn_name          = k
     site              = v.site
@@ -28,7 +31,7 @@ locals {
     tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
     tunnel1_interface_number   = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[0] : ""
     tunnel1_track_number       = length(v.tunnel_track) == 2 ? v.tunnel_track[0] : ""
-    tunnel1_loopback           = v.tunnel_loopback != null ? (var.use_single_cgw ? local.single_vpn_tunnel_loopback : v.tunnel_loopback) : ""
+    tunnel1_loopback           = v.tunnel_loopback != null ? (var.use_single_cgw ? local.single_vpn_tunnel_loopback[v.site][0] : v.tunnel_loopback) : ""
     # tunnel1_loopback = v.tunnel_loopback != null ? v.tunnel_loopback : ""
 
     tunnel2_label              = format("%v %v %v %v %v", aws_vpn_connection.vpn[k].tunnel2_inside_cidr, local.account_id, local.region_short, var.vpc_short_name, v.label)
@@ -39,7 +42,7 @@ locals {
     tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
     tunnel2_interface_number   = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[1] : ""
     tunnel2_track_number       = length(v.tunnel_track) == 2 ? v.tunnel_track[1] : ""
-    tunnel2_loopback           = v.tunnel_loopback != null ? (var.use_single_cgw ? local.single_vpn_tunnel_loopback : v.tunnel_loopback) : ""
+    tunnel2_loopback           = v.tunnel_loopback != null ? (var.use_single_cgw ? local.single_vpn_tunnel_loopback[v.site][0] : v.tunnel_loopback) : ""
     # tunnel2_loopback = v.tunnel_loopback != null ? v.tunnel_loopback : ""
     }
   }
@@ -48,16 +51,15 @@ locals {
     tunnel2_preshared_key = aws_vpn_connection.vpn[k].tunnel2_preshared_key
     }
   }
-  vpn_tunnel_sites = distinct([for k, v in local.vpn_tunnel_outputs : v.site])
   # use tunnel secrets if needed
   vpn_site_tunnel_outputs = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_tunnel_outputs : merge(v, local.vpn_tunnel_secrets[k]) if v.site == s]) }
   # vpn_site_tunnel_outputs  = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_tunnel_outputs : v if v.site == s]) }
   vpn_site_common_settings = ["account_alias", "account_id", "region", "region_short", "vpc_cidr_block", "vpc_name", "vpc_short_name", "vpn_environment"]
-  single_cgw_settings = {
+  single_cgw_settings = { for s in local.vpn_tunnel_sites : s => {
     single_cgw       = var.use_single_cgw ? true : false
-    customer_address = var.use_single_cgw ? local.single_vpn_tunnel_ip_address : ""
-    loopback         = var.use_single_cgw ? local.single_vpn_tunnel_loopback : ""
-  }
+    customer_address = var.use_single_cgw ? local.single_vpn_tunnel_ip_address[s][0] : ""
+    loopback         = var.use_single_cgw ? local.single_vpn_tunnel_loopback[s][0] : ""
+  } }
 }
 
 ## output "debug" {
@@ -114,14 +116,14 @@ resource "local_sensitive_file" "vpn_details_yaml" {
 resource "local_sensitive_file" "vpn_site_details_json" {
   for_each = var.generate_json_files ? local.vpn_site_tunnel_outputs : {}
   #  content         = yamlencode({ version = local._module_version, site = each.key, vpns = each.value })
-  content         = jsonencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, local.single_cgw_settings, { for k in local.vpn_site_common_settings : k => each.value[0][k] }))
+  content         = jsonencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, local.single_cgw_settings[each.key], { for k in local.vpn_site_common_settings : k => each.value[0][k] }))
   filename        = format("%v/%v/site.%v.%v.%v.json", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key)
   file_permission = "0644"
 }
 
 resource "local_sensitive_file" "vpn_site_details_yaml" {
   for_each        = var.generate_yaml_files ? local.vpn_site_tunnel_outputs : {}
-  content         = yamlencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, local.single_cgw_settings, { for k in local.vpn_site_common_settings : k => each.value[0][k] }))
+  content         = yamlencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, local.single_cgw_settings[each.key], { for k in local.vpn_site_common_settings : k => each.value[0][k] }))
   filename        = format("%v/%v/site.%v.%v.%v.yml", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key)
   file_permission = "0644"
 }