E2E tests for net-vpc module

2023-11-29 14:36:03 +00:00 · 2023-11-29 14:36:03 +00:00 · 0af5e31ca3
parent b5cd2d8088
commit 0af5e31ca3
19 changed files with 212 additions and 139 deletions
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@ -29,7 +29,7 @@ This module allows creation and management of VPC networks including subnetworks
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  subnets = [
    {
@ -48,7 +48,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=5 inventory=simple.yaml
+# tftest modules=1 resources=5 inventory=simple.yaml e2e
 ```
 ### Subnet Options
@ -56,7 +56,7 @@ module "vpc" {
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  subnets = [
    # simple subnet
@ -95,7 +95,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=7 inventory=subnet-options.yaml
+# tftest modules=1 resources=7 inventory=subnet-options.yaml e2e
 ```
 ### Subnet IAM
@ -105,7 +105,7 @@ Subnet IAM variables follow our general interface, with extra keys/members for t
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  subnets = [
    {
@ -114,12 +114,12 @@ module "vpc" {
      ip_cidr_range = "10.0.1.0/24"
      iam = {
        "roles/compute.networkUser" = [
-          "user:user1@example.com", "group:group1@example.com"
+          "user:${var.user_email}", "group:${var.group_email}"
        ]
      }
      iam_bindings = {
        subnet-1-iam = {
-          members = ["group:group2@example.com"]
+          members = ["group:${var.group_email}"]
          role    = "roles/compute.networkUser"
          condition = {
            expression = "resource.matchTag('123456789012/env', 'prod')"
@ -131,10 +131,10 @@ module "vpc" {
    {
      name          = "subnet-2"
      region        = "europe-west1"
-      ip_cidr_range = "10.0.1.0/24"
+      ip_cidr_range = "10.0.2.0/24"
      iam_bindings_additive = {
        subnet-2-iam = {
-          member = "user:am1@example.com"
+          member = "user:${var.user_email}"
          role   = "roles/compute.networkUser"
          subnet = "europe-west1/subnet-2"
        }
@ -142,7 +142,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=8 inventory=subnet-iam.yaml
+# tftest modules=1 resources=8 inventory=subnet-iam.yaml e2e
 ```
 ### Peering
@ -154,7 +154,7 @@ If you only want to create the "local" side of the peering, use `peering_create_
 ```hcl
 module "vpc-hub" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "hub"
+  project_id = var.project_id
  name       = "vpc-hub"
  subnets = [{
    ip_cidr_range = "10.0.0.0/24"
@ -165,7 +165,7 @@ module "vpc-hub" {
 module "vpc-spoke-1" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "spoke1"
+  project_id = var.project_id
  name       = "vpc-spoke1"
  subnets = [{
    ip_cidr_range = "10.0.1.0/24"
@ -187,18 +187,18 @@ module "vpc-spoke-1" {
 ```hcl
 locals {
  service_project_1 = {
-    project_id                     = "project1"
+    project_id                     = var.service_project_1.project_id
-    gke_service_account            = "serviceAccount:gke"
+    gke_service_account            = "serviceAccount:${var.service_account.email}"
-    cloud_services_service_account = "serviceAccount:cloudsvc"
+    cloud_services_service_account = "serviceAccount:${var.service_account.email}"
  }
  service_project_2 = {
-    project_id = "project2"
+    project_id = var.service_project_2.project_id
  }
 }
 module "vpc-host" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-host-network"
  subnets = [
    {
@ -226,7 +226,7 @@ module "vpc-host" {
    local.service_project_2.project_id
  ]
 }
-# tftest modules=1 resources=9 inventory=shared-vpc.yaml
+# tftest modules=1 resources=9 inventory=shared-vpc.yaml e2e
 ```
 ### Private Service Networking
@ -234,7 +234,7 @@ module "vpc-host" {
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  subnets = [
    {
@ -247,7 +247,7 @@ module "vpc" {
    ranges = { myrange = "10.0.1.0/24" }
  }
 }
-# tftest modules=1 resources=7 inventory=psa.yaml
+# tftest modules=1 resources=7 inventory=psa.yaml e2e
 ```
 ### Private Service Networking with peering routes and peered Cloud DNS domains
@ -257,7 +257,7 @@ Custom routes can be optionally exported/imported through the peering formed wit
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  subnets = [
    {
@ -273,7 +273,7 @@ module "vpc" {
    peered_domains = ["gcp.example.com."]
  }
 }
-# tftest modules=1 resources=8 inventory=psa-routes.yaml
+# tftest modules=1 resources=8 inventory=psa-routes.yaml e2e
 ```
 ### Subnets for Private Service Connect, Proxy-only subnets
@ -286,7 +286,7 @@ Along with common private subnets module supports creation more service specific
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  subnets_proxy_only = [
@ -312,7 +312,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
+# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml e2e
 ```
 ### DNS Policies
@ -320,7 +320,7 @@ module "vpc" {
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  dns_policy = {
    inbound = true
@ -337,7 +337,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=5 inventory=dns-policies.yaml
+# tftest modules=1 resources=5 inventory=dns-policies.yaml e2e
 ```
 ### Subnet Factory
@ -347,7 +347,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../b
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  factories_config = {
    subnets_folder = "config/subnets"
@ -430,7 +430,7 @@ locals {
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
  for_each   = local.route_types
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network-with-route-${replace(each.key, "_", "-")}"
  routes = {
    next-hop = {
@ -460,7 +460,7 @@ By default the VPC module creates IPv4 routes for the [Private Google Access ran
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-vpc"
  create_googleapis_routes = {
    restricted   = false
@ -469,7 +469,7 @@ module "vpc" {
    private-6    = true
  }
 }
-# tftest modules=1 resources=3 inventory=googleapis.yaml
+# tftest modules=1 resources=3 inventory=googleapis.yaml e2e
 ```
 ### Allow Firewall Policy to be evaluated before Firewall Rules
@ -477,7 +477,7 @@ module "vpc" {
 ```hcl
 module "vpc" {
  source                            = "./fabric/modules/net-vpc"
-  project_id                        = "my-project"
+  project_id                        = var.project_id
  name                              = "my-network"
  firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL"
  subnets = [
@ -497,7 +497,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
+# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml e2e
 ```
 ### IPv6
@ -507,12 +507,12 @@ A non-overlapping private IPv6 address space can be configured for the VPC via t
 ```hcl
 module "vpc" {
  source     = "./fabric/modules/net-vpc"
-  project_id = "my-project"
+  project_id = var.project_id
  name       = "my-network"
  ipv6_config = {
    # internal_range is optional
    enable_ula_internal = true
-    internal_range      = "fd20:6b2:27e5:0:0:0:0:0/48"
+    # internal_range      = "fd20:6b2:27e5::/48"
  }
  subnets = [
    {
@ -531,7 +531,7 @@ module "vpc" {
    }
  ]
 }
-# tftest modules=1 resources=5 inventory=ipv6.yaml
+# tftest modules=1 resources=5 inventory=ipv6.yaml e2e
 ```
 <!-- BEGIN TFDOC -->
 ## Variables
--- a/modules/net-vpc/routes.tf
+++ b/modules/net-vpc/routes.tf
@ -19,9 +19,9 @@
 locals {
  _googleapis_ranges = {
    private      = "199.36.153.8/30"
-    private-6    = "2600:2d00:0002:2000::/64"
+    private-6    = "2600:2d00:2:2000::/64"
    restricted   = "199.36.153.4/30"
-    restricted-6 = "2600:2d00:0002:1000::/64"
+    restricted-6 = "2600:2d00:2:1000::/64"
  }
  _googleapis_routes = {
    for k, v in local._googleapis_ranges : "${k}-googleapis" => {
--- a/tests/examples/variables.tf
+++ b/tests/examples/variables.tf
@ -22,6 +22,10 @@ variable "billing_account_id" {
  default = "123456-123456-123456"
 }
 variable "user_email" {
  default = "user1@example.org"
 }
 variable "group_email" {
  default = "organization-admins@example.org"
 }
@ -94,3 +98,15 @@ variable "vpc2" {
 variable "zone" {
  default = "zone"
 }
 variable "service_project_1" {
  default = {
    project_id = "service-project-1-project-id"
  }
 }
 variable "service_project_2" {
  default = {
    project_id = "service-project-2-project-id"
  }
 }
--- a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl
+++ b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl
@ -17,10 +17,17 @@ billing_account_id = "${billing_account_id}"
 kms_key = {
    id = "${kms_key_id}"
 }
 user_email = "${user_email}"
 group_email = "${group_email}"
 organization_id = "organizations/${organization_id}"
 folder_id = "folders/${folder_id}"
 project_id = "${project_id}"
 service_project_1 = {
  project_id = "${service_project_1.project_id}"
 }
 service_project_2 = {
  project_id = "${service_project_2.project_id}"
 }
 region = "${region}"
 service_account = {
    id        = "${service_account.id}"
--- a/tests/examples_e2e/setup_module/main.tf
+++ b/tests/examples_e2e/setup_module/main.tf
@ -35,6 +35,15 @@ locals {
    "storage-component.googleapis.com",
    "storage.googleapis.com",
    "vpcaccess.googleapis.com",
    "servicenetworking.googleapis.com",
    "dns.googleapis.com",
  ]
  services-svc = [
    # trimmed down list of services, to be extended as needed
    "cloudresourcemanager.googleapis.com",
    "compute.googleapis.com",
    "iam.googleapis.com",
    "serviceusage.googleapis.com",
  ]
 }
@ -57,6 +66,34 @@ resource "google_project_service" "project_service" {
  disable_dependent_services = true
 }
 resource "google_project" "service_project_1" {
  name            = "${local.prefix}-prj-1"
  billing_account = var.billing_account
  folder_id       = google_folder.folder.id
  project_id      = "${local.prefix}-prj-1"
 }
 resource "google_project_service" "service_project_1_service" {
  for_each                   = toset(local.services-svc)
  service                    = each.value
  project                    = google_project.service_project_1.project_id
  disable_dependent_services = true
 }
 resource "google_project" "service_project_2" {
  name            = "${local.prefix}-prj-2"
  billing_account = var.billing_account
  folder_id       = google_folder.folder.id
  project_id      = "${local.prefix}-prj-2"
 }
 resource "google_project_service" "service_project_2_service" {
  for_each                   = toset(local.services-svc)
  service                    = each.value
  project                    = google_project.service_project_2.project_id
  disable_dependent_services = true
 }
 resource "google_storage_bucket" "bucket" {
  location      = var.region
  name          = "${local.prefix}-bucket"
@ -115,9 +152,16 @@ resource "local_file" "terraform_tfvars" {
    billing_account_id = var.billing_account
    folder_id          = google_folder.folder.folder_id
    group_email        = var.group_email
    user_email         = var.user_email
    kms_key_id         = google_kms_crypto_key.key.id
    organization_id    = var.organization_id
    project_id         = google_project.project.project_id
    service_project_1 = {
      project_id = google_project.service_project_1.project_id
    }
    service_project_2 = {
      project_id = google_project.service_project_2.project_id
    }
    region             = var.region
    service_account = {
      id        = google_service_account.service_account.id
--- a/tests/examples_e2e/setup_module/variables.tf
+++ b/tests/examples_e2e/setup_module/variables.tf
@ -18,6 +18,9 @@ variable "billing_account" {
 variable "group_email" {
  type = string
 }
 variable "user_email" {
  type = string
 }
 variable "organization_id" {
  type = string
 }
--- a/tests/modules/net_vpc/examples/dns-policies.yaml
+++ b/tests/modules/net_vpc/examples/dns-policies.yaml
@ -15,7 +15,7 @@
 values:
  module.vpc.google_compute_network.network[0]:
    name: my-network
-    project: my-project
+    project: project-id
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
  module.vpc.google_dns_policy.default[0]:
    alternative_name_server_config:
@ -30,9 +30,9 @@ values:
    name: my-network
    networks:
    - {}
-    project: my-project
+    project: project-id
 counts:
  google_compute_network: 1
  google_compute_subnetwork: 1
-  google_dns_policy: 1
+  google_dns_policy: 1
--- a/tests/modules/net_vpc/examples/factory.yaml
+++ b/tests/modules/net_vpc/examples/factory.yaml
@ -20,7 +20,7 @@ values:
    enable_ula_internal_ipv6: null
    name: my-network
    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
    timeouts: null
  module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -32,7 +32,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -44,7 +44,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
@ -53,7 +53,7 @@ values:
    ipv6_access_type: null
    log_config: []
    name: subnet-proxy
-    project: my-project
+    project: project-id
    purpose: REGIONAL_MANAGED_PROXY
    region: europe-west4
    role: ACTIVE
@ -64,7 +64,7 @@ values:
    ipv6_access_type: null
    log_config: []
    name: subnet-proxy-global
-    project: my-project
+    project: project-id
    purpose: GLOBAL_MANAGED_PROXY
    region: australia-southeast2
    role: ACTIVE
@ -75,7 +75,7 @@ values:
    ipv6_access_type: null
    log_config: []
    name: subnet-psc
-    project: my-project
+    project: project-id
    purpose: PRIVATE_SERVICE_CONNECT
    region: europe-west4
    role: null
@ -92,7 +92,7 @@ values:
      metadata_fields: null
    name: subnet-detailed
    private_ip_google_access: false
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range:
@ -106,7 +106,7 @@ values:
    log_config: []
    name: simple
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west4
    role: null
    secondary_ip_range: []
@ -118,7 +118,7 @@ values:
    log_config: []
    name: simple
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west8
    role: null
    secondary_ip_range: []
@ -129,7 +129,7 @@ values:
    - group:lorem@example.com
    - serviceAccount:fbz@prj.iam.gserviceaccount.com
    - user:foobar@example.com
-    project: my-project
+    project: project-id
    region: europe-west1
    role: roles/compute.networkUser
    subnetwork: subnet-detailed
@ -142,4 +142,4 @@ counts:
  modules: 1
  resources: 10
-outputs: {}
+outputs: {}
--- a/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml
+++ b/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml
@ -18,7 +18,7 @@ values:
    delete_default_routes_on_create: false
    description: Terraform-managed.
    name: my-network
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
    network_firewall_policy_enforcement_order: BEFORE_CLASSIC_FIREWALL
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
@ -27,7 +27,7 @@ values:
    log_config: []
    name: production
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range:
@ -41,11 +41,11 @@ values:
    log_config: []
    name: production
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west2
    role: null
    secondary_ip_range: []
 counts:
  google_compute_network: 1
-  google_compute_subnetwork: 2
+  google_compute_subnetwork: 2
--- a/tests/modules/net_vpc/examples/googleapis.yaml
+++ b/tests/modules/net_vpc/examples/googleapis.yaml
@ -13,27 +13,30 @@
 # limitations under the License.
 values:
  module.vpc.google_compute_network.network[0]:
    name: my-vpc
    project: project-id
  module.vpc.google_compute_route.gateway["private-6-googleapis"]:
-    dest_range: 2600:2d00:0002:2000::/64
+    dest_range: 2600:2d00:2:2000::/64
    name: my-vpc-private-6-googleapis
    next_hop_gateway: default-internet-gateway
    next_hop_ilb: null
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
  module.vpc.google_compute_route.gateway["restricted-6-googleapis"]:
-    dest_range: 2600:2d00:0002:1000::/64
+    dest_range: 2600:2d00:2:1000::/64
    name: my-vpc-restricted-6-googleapis
    next_hop_gateway: default-internet-gateway
    next_hop_ilb: null
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
 counts:
  google_compute_network: 1
-  google_compute_route: 2
+  google_compute_route: 2
--- a/tests/modules/net_vpc/examples/ipv6.yaml
+++ b/tests/modules/net_vpc/examples/ipv6.yaml
@ -18,10 +18,10 @@ values:
    delete_default_routes_on_create: false
    description: Terraform-managed.
    enable_ula_internal_ipv6: true
-    internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
+    # internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
    name: my-network
    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
    timeouts: null
  module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -33,7 +33,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -45,7 +45,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test"]:
@ -55,7 +55,7 @@ values:
    log_config: []
    name: test
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range: []
@ -68,7 +68,7 @@ values:
    log_config: []
    name: test
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west3
    role: null
    secondary_ip_range: []
@ -82,4 +82,4 @@ counts:
  modules: 1
  resources: 5
-outputs: {}
+outputs: {}
--- a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
+++ b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
@ -15,13 +15,13 @@
 values:
  module.vpc.google_compute_network.network[0]:
    name: my-network
-    project: my-project
+    project: project-id
  module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
    description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
    ip_cidr_range: 10.0.1.0/24
    log_config: []
    name: regional-proxy
-    project: my-project
+    project: project-id
    purpose: REGIONAL_MANAGED_PROXY
    region: europe-west1
    role: ACTIVE
@ -30,7 +30,7 @@ values:
    ip_cidr_range: 10.0.4.0/24
    log_config: []
    name: global-proxy
-    project: my-project
+    project: project-id
    purpose: GLOBAL_MANAGED_PROXY
    region: australia-southeast2
    role: ACTIVE
@ -39,11 +39,11 @@ values:
    ip_cidr_range: 10.0.3.0/24
    log_config: []
    name: psc
-    project: my-project
+    project: project-id
    purpose: PRIVATE_SERVICE_CONNECT
    region: europe-west1
    role: null
 counts:
  google_compute_network: 1
-  google_compute_subnetwork: 3
+  google_compute_subnetwork: 3
--- a/tests/modules/net_vpc/examples/psa-routes.yaml
+++ b/tests/modules/net_vpc/examples/psa-routes.yaml
@ -18,21 +18,21 @@ values:
    address_type: INTERNAL
    name: myrange
    prefix_length: 24
-    project: my-project
+    project: project-id
    purpose: VPC_PEERING
  module.vpc.google_compute_network.network[0]:
    name: my-network
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
    export_custom_routes: true
    import_custom_routes: true
-    project: my-project
+    project: project-id
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
    ip_cidr_range: 10.0.0.0/24
    name: production
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    secondary_ip_range: []
  module.vpc.google_service_networking_connection.psa_connection[0]:
@ -42,7 +42,7 @@ values:
  module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]:
    dns_suffix: gcp.example.com.
    name: gcp-example-com
-    project: my-project
+    project: project-id
    service: servicenetworking.googleapis.com
 counts:
@ -51,4 +51,4 @@ counts:
  google_compute_network_peering_routes_config: 1
  google_compute_subnetwork: 1
  google_service_networking_connection: 1
-  google_service_networking_peered_dns_domain: 1
+  google_service_networking_peered_dns_domain: 1
--- a/tests/modules/net_vpc/examples/psa.yaml
+++ b/tests/modules/net_vpc/examples/psa.yaml
@ -18,19 +18,19 @@ values:
    address_type: INTERNAL
    name: myrange
    prefix_length: 24
-    project: my-project
+    project: project-id
    purpose: VPC_PEERING
  module.vpc.google_compute_network.network[0]:
    name: my-network
-    project: my-project
+    project: project-id
  module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
    export_custom_routes: false
    import_custom_routes: false
-    project: my-project
+    project: project-id
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
    ip_cidr_range: 10.0.0.0/24
    name: production
-    project: my-project
+    project: project-id
  module.vpc.google_service_networking_connection.psa_connection[0]:
    reserved_peering_ranges:
    - myrange
@ -43,4 +43,4 @@ counts:
  google_compute_subnetwork: 1
  google_service_networking_connection: 1
-outputs: {}
+outputs: {}
--- a/tests/modules/net_vpc/examples/routes.yaml
+++ b/tests/modules/net_vpc/examples/routes.yaml
@ -15,7 +15,7 @@
 values:
  module.vpc["gateway"].google_compute_network.network[0]:
    name: my-network-with-route-gateway
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc["gateway"].google_compute_route.gateway["gateway"]:
    description: Terraform-managed.
@ -26,7 +26,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 100
-    project: my-project
+    project: project-id
    tags:
    - tag-a
  module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
@ -38,11 +38,11 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
  module.vpc["ilb"].google_compute_network.network[0]:
    name: my-network-with-route-ilb
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc["ilb"].google_compute_route.gateway["gateway"]:
    description: Terraform-managed.
@ -53,7 +53,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 100
-    project: my-project
+    project: project-id
    tags:
    - tag-a
  module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
@ -65,11 +65,11 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
  module.vpc["instance"].google_compute_network.network[0]:
    name: my-network-with-route-instance
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc["instance"].google_compute_route.gateway["gateway"]:
    description: Terraform-managed.
@ -80,7 +80,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 100
-    project: my-project
+    project: project-id
    tags:
    - tag-a
  module.vpc["instance"].google_compute_route.instance["next-hop"]:
@ -93,11 +93,11 @@ values:
    next_hop_instance_zone: europe-west1-b
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
  module.vpc["ip"].google_compute_network.network[0]:
    name: my-network-with-route-ip
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc["ip"].google_compute_route.gateway["gateway"]:
    description: Terraform-managed.
@ -108,7 +108,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 100
-    project: my-project
+    project: project-id
    tags:
    - tag-a
  module.vpc["ip"].google_compute_route.ip["next-hop"]:
@ -121,11 +121,11 @@ values:
    next_hop_ip: 192.168.0.128
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
  module.vpc["vpn_tunnel"].google_compute_network.network[0]:
    name: my-network-with-route-vpn-tunnel
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
    description: Terraform-managed.
@ -136,7 +136,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 100
-    project: my-project
+    project: project-id
    tags:
    - tag-a
  module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
@ -148,9 +148,9 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
 counts:
  google_compute_network: 5
-  google_compute_route: 10
+  google_compute_route: 10
--- a/tests/modules/net_vpc/examples/shared-vpc.yaml
+++ b/tests/modules/net_vpc/examples/shared-vpc.yaml
@ -15,15 +15,15 @@
 values:
  module.vpc-host.google_compute_network.network[0]:
    name: my-host-network
-    project: my-project
+    project: project-id
  module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
-    project: my-project
+    project: project-id
-  module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
+  module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-1-project-id"]:
-    host_project: my-project
+    host_project: project-id
-    service_project: project1
+    service_project: service-project-1-project-id
-  module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
+  module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-2-project-id"]:
-    host_project: my-project
+    host_project: project-id
-    service_project: project2
+    service_project: service-project-2-project-id
  module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
    secondary_ip_range:
    - ip_cidr_range: 172.16.0.0/20
@ -33,17 +33,17 @@ values:
  module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
    condition: []
    members:
-    - serviceAccount:cloudsvc
+    - serviceAccount:service_account_email
-    - serviceAccount:gke
+    # - serviceAccount:gke
-    project: my-project
+    project: project-id
    region: europe-west1
    role: roles/compute.networkUser
    subnetwork: subnet-1
  module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]:
    condition: []
    members:
-    - serviceAccount:gke
+    - serviceAccount:service_account_email
-    project: my-project
+    project: project-id
    region: europe-west1
    role: roles/compute.securityAdmin
    subnetwork: subnet-1
@ -53,4 +53,4 @@ counts:
  google_compute_shared_vpc_host_project: 1
  google_compute_shared_vpc_service_project: 2
  google_compute_subnetwork: 1
-  google_compute_subnetwork_iam_binding: 2
+  google_compute_subnetwork_iam_binding: 2
--- a/tests/modules/net_vpc/examples/simple.yaml
+++ b/tests/modules/net_vpc/examples/simple.yaml
@ -18,7 +18,7 @@ values:
    delete_default_routes_on_create: false
    description: Terraform-managed.
    name: my-network
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
    description: Terraform-managed.
@ -26,7 +26,7 @@ values:
    log_config: []
    name: production
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range:
@ -40,7 +40,7 @@ values:
    log_config: []
    name: production
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west2
    role: null
    secondary_ip_range: []
@ -52,7 +52,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -64,11 +64,11 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
 counts:
  google_compute_network: 1
  google_compute_subnetwork: 2
-  google_compute_route: 2
+  google_compute_route: 2
--- a/tests/modules/net_vpc/examples/subnet-iam.yaml
+++ b/tests/modules/net_vpc/examples/subnet-iam.yaml
@ -20,7 +20,7 @@ values:
    enable_ula_internal_ipv6: null
    name: my-network
    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
-    project: my-project
+    project: project-id
    routing_mode: GLOBAL
    timeouts: null
  module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -32,7 +32,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -44,7 +44,7 @@ values:
    next_hop_instance: null
    next_hop_vpn_tunnel: null
    priority: 1000
-    project: my-project
+    project: project-id
    tags: null
    timeouts: null
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
@ -54,19 +54,19 @@ values:
    log_config: []
    name: subnet-1
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range: []
    timeouts: null
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
    description: Terraform-managed.
-    ip_cidr_range: 10.0.1.0/24
+    ip_cidr_range: 10.0.2.0/24
    ipv6_access_type: null
    log_config: []
    name: subnet-2
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range: []
@ -74,9 +74,9 @@ values:
  module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
    condition: []
    members:
-    - group:group1@example.com
+    - group:organization-admins@example.org
-    - user:user1@example.com
+    - user:user1@example.org
-    project: my-project
+    project: project-id
    region: europe-west1
    role: roles/compute.networkUser
    subnetwork: subnet-1
@ -86,15 +86,15 @@ values:
      expression: resource.matchTag('123456789012/env', 'prod')
      title: test_condition
    members:
-    - group:group2@example.com
+    - group:organization-admins@example.org
-    project: my-project
+    project: project-id
    region: europe-west1
    role: roles/compute.networkUser
    subnetwork: subnet-1
  module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]:
    condition: []
-    member: user:am1@example.com
+    member: user:user1@example.org
-    project: my-project
+    project: project-id
    region: europe-west1
    role: roles/compute.networkUser
    subnetwork: subnet-2
@ -108,4 +108,4 @@ counts:
  modules: 1
  resources: 8
-outputs: {}
+outputs: {}
--- a/tests/modules/net_vpc/examples/subnet-options.yaml
+++ b/tests/modules/net_vpc/examples/subnet-options.yaml
@ -15,14 +15,14 @@
 values:
  module.vpc.google_compute_network.network[0]:
    name: my-network
-    project: my-project
+    project: project-id
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
    description: Subnet b
    ip_cidr_range: 10.0.1.0/24
    log_config: []
    name: no-pga
    private_ip_google_access: false
-    project: my-project
+    project: project-id
    region: europe-west1
    secondary_ip_range: []
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
@ -31,7 +31,7 @@ values:
    log_config: []
    name: simple
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    secondary_ip_range: []
  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
@ -46,7 +46,7 @@ values:
      metadata_fields: null
    name: with-flow-logs
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range: []
@ -56,7 +56,7 @@ values:
    log_config: []
    name: with-secondary-ranges
    private_ip_google_access: true
-    project: my-project
+    project: project-id
    region: europe-west1
    role: null
    secondary_ip_range:
@ -67,4 +67,4 @@ values:
 counts:
  google_compute_network: 1
-  google_compute_subnetwork: 4
+  google_compute_subnetwork: 4