subnets with the same name in different regions (#67)
* support for subnets with the same name in different regions * fix net-vpc tests
This commit is contained in:
parent
711f113cf0
commit
14ec791556
|
@ -31,14 +31,14 @@ module "vpc-hub" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "hub"
|
||||
subnets = {
|
||||
default = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.hub
|
||||
name = null
|
||||
name = "hub-default"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-hub-firewall" {
|
||||
|
@ -57,14 +57,14 @@ module "vpc-spoke-1" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "spoke-1"
|
||||
subnets = {
|
||||
default = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.spoke-1
|
||||
name = null
|
||||
name = "spoke-1-default"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-spoke-1-firewall" {
|
||||
|
@ -78,7 +78,7 @@ module "vpc-spoke-1-firewall" {
|
|||
module "nat-spoke-1" {
|
||||
source = "../../modules/net-cloudnat"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-1.subnet_regions.default
|
||||
region = module.vpc-spoke-1.subnet_regions["${var.region}/spoke-1-default"]
|
||||
name = "spoke-1"
|
||||
router_name = "spoke-1"
|
||||
router_network = module.vpc-spoke-1.self_link
|
||||
|
@ -100,17 +100,17 @@ module "vpc-spoke-2" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "spoke-2"
|
||||
subnets = {
|
||||
default = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.spoke-2
|
||||
name = null
|
||||
name = "spoke-2-default"
|
||||
region = var.region
|
||||
secondary_ip_range = {
|
||||
pods = var.ip_secondary_ranges.spoke-2-pods
|
||||
services = var.ip_secondary_ranges.spoke-2-services
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-spoke-2-firewall" {
|
||||
|
@ -124,7 +124,7 @@ module "vpc-spoke-2-firewall" {
|
|||
module "nat-spoke-2" {
|
||||
source = "../../modules/net-cloudnat"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-2.subnet_regions.default
|
||||
region = module.vpc-spoke-2.subnet_regions["${var.region}/spoke-2-default"]
|
||||
name = "spoke-2"
|
||||
router_name = "spoke-2"
|
||||
router_network = module.vpc-spoke-2.self_link
|
||||
|
@ -146,12 +146,12 @@ module "hub-to-spoke-2-peering" {
|
|||
module "vm-spoke-1" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-1.subnet_regions.default
|
||||
zone = "${module.vpc-spoke-1.subnet_regions.default}-b"
|
||||
region = module.vpc-spoke-1.subnet_regions["${var.region}/spoke-1-default"]
|
||||
zone = "${module.vpc-spoke-1.subnet_regions["${var.region}/spoke-1-default"]}-b"
|
||||
name = "spoke-1-test"
|
||||
network_interfaces = [{
|
||||
network = module.vpc-spoke-1.self_link,
|
||||
subnetwork = module.vpc-spoke-1.subnet_self_links.default,
|
||||
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/spoke-1-default"]
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
@ -164,12 +164,12 @@ module "vm-spoke-1" {
|
|||
module "vm-spoke-2" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-2.subnet_regions.default
|
||||
zone = "${module.vpc-spoke-2.subnet_regions.default}-b"
|
||||
region = module.vpc-spoke-2.subnet_regions["${var.region}/spoke-2-default"]
|
||||
zone = "${module.vpc-spoke-2.subnet_regions["${var.region}/spoke-2-default"]}-b"
|
||||
name = "spoke-2-test"
|
||||
network_interfaces = [{
|
||||
network = module.vpc-spoke-2.self_link,
|
||||
subnetwork = module.vpc-spoke-2.subnet_self_links.default,
|
||||
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/spoke-2-default"]
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
@ -200,9 +200,9 @@ module "cluster-1" {
|
|||
source = "../../modules/gke-cluster"
|
||||
name = "cluster-1"
|
||||
project_id = var.project_id
|
||||
location = "${module.vpc-spoke-2.subnet_regions.default}-b"
|
||||
location = "${module.vpc-spoke-2.subnet_regions["${var.region}/spoke-2-default"]}-b"
|
||||
network = module.vpc-spoke-2.self_link
|
||||
subnetwork = module.vpc-spoke-2.subnet_self_links.default
|
||||
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/spoke-2-default"]
|
||||
secondary_range_pods = "pods"
|
||||
secondary_range_services = "services"
|
||||
default_max_pods_per_node = 32
|
||||
|
@ -273,7 +273,7 @@ module "vpn-spoke-2" {
|
|||
# routes exchanged via peering
|
||||
remote_ranges = ["10.0.0.0/8"]
|
||||
tunnels = {
|
||||
spoke-2 = {
|
||||
hub = {
|
||||
ike_version = 2
|
||||
peer_ip = module.vpn-hub.address
|
||||
shared_secret = module.vpn-hub.random_secret
|
||||
|
|
|
@ -14,7 +14,8 @@
|
|||
|
||||
locals {
|
||||
vm-instances = concat(
|
||||
module.vm-spoke-1.instances, module.vm-spoke-2.instances
|
||||
module.vm-spoke-1.instances,
|
||||
module.vm-spoke-2.instances
|
||||
)
|
||||
vm-startup-script = join("\n", [
|
||||
"#! /bin/bash",
|
||||
|
@ -30,20 +31,20 @@ module "vpc-hub" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "hub"
|
||||
subnets = {
|
||||
a = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.hub-a
|
||||
name = null
|
||||
name = "hub-a"
|
||||
region = var.regions.a
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
b = {
|
||||
},
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.hub-b
|
||||
name = null
|
||||
name = "hub-b"
|
||||
region = var.regions.b
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-hub-firewall" {
|
||||
|
@ -57,7 +58,7 @@ module "vpc-hub-firewall" {
|
|||
module "vpn-hub-a" {
|
||||
source = "../../modules/net-vpn-dynamic"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-hub.subnet_regions["a"]
|
||||
region = module.vpc-hub.subnet_regions["${var.regions.a}/hub-a"]
|
||||
network = module.vpc-hub.name
|
||||
name = "hub-a"
|
||||
router_asn = var.bgp_asn.hub
|
||||
|
@ -86,7 +87,7 @@ module "vpn-hub-a" {
|
|||
module "vpn-hub-b" {
|
||||
source = "../../modules/net-vpn-dynamic"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-hub.subnet_regions["b"]
|
||||
region = module.vpc-hub.subnet_regions["${var.regions.b}/hub-b"]
|
||||
network = module.vpc-hub.name
|
||||
name = "hub-b"
|
||||
router_asn = var.bgp_asn.hub
|
||||
|
@ -120,20 +121,20 @@ module "vpc-spoke-1" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "spoke-1"
|
||||
subnets = {
|
||||
a = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.spoke-1-a
|
||||
name = null
|
||||
name = "spoke-1-a"
|
||||
region = var.regions.a
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
b = {
|
||||
},
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.spoke-1-b
|
||||
name = null
|
||||
region = var.regions.a
|
||||
name = "spoke-1-b"
|
||||
region = var.regions.b
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-spoke-1-firewall" {
|
||||
|
@ -147,7 +148,7 @@ module "vpc-spoke-1-firewall" {
|
|||
module "vpn-spoke-1" {
|
||||
source = "../../modules/net-vpn-dynamic"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-1.subnet_regions["a"]
|
||||
region = module.vpc-spoke-1.subnet_regions["${var.regions.a}/spoke-1-a"]
|
||||
network = module.vpc-spoke-1.name
|
||||
name = "spoke-1"
|
||||
router_asn = var.bgp_asn.spoke-1
|
||||
|
@ -169,7 +170,7 @@ module "vpn-spoke-1" {
|
|||
module "nat-spoke-1" {
|
||||
source = "../../modules/net-cloudnat"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-1.subnet_regions["a"]
|
||||
region = module.vpc-spoke-1.subnet_regions["${var.regions.a}/spoke-1-a"]
|
||||
name = "spoke-1"
|
||||
router_create = false
|
||||
router_name = module.vpn-spoke-1.router_name
|
||||
|
@ -183,20 +184,20 @@ module "vpc-spoke-2" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "spoke-2"
|
||||
subnets = {
|
||||
a = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.spoke-2-a
|
||||
name = null
|
||||
region = var.regions.b
|
||||
name = "spoke-2-a"
|
||||
region = var.regions.a
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
b = {
|
||||
},
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.spoke-2-b
|
||||
name = null
|
||||
name = "spoke-2-b"
|
||||
region = var.regions.b
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-spoke-2-firewall" {
|
||||
|
@ -210,7 +211,7 @@ module "vpc-spoke-2-firewall" {
|
|||
module "vpn-spoke-2" {
|
||||
source = "../../modules/net-vpn-dynamic"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-2.subnet_regions["a"]
|
||||
region = module.vpc-spoke-2.subnet_regions["${var.regions.a}/spoke-2-a"]
|
||||
network = module.vpc-spoke-2.name
|
||||
name = "spoke-2"
|
||||
router_asn = var.bgp_asn.spoke-2
|
||||
|
@ -232,7 +233,7 @@ module "vpn-spoke-2" {
|
|||
module "nat-spoke-2" {
|
||||
source = "../../modules/net-cloudnat"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-2.subnet_regions["a"]
|
||||
region = module.vpc-spoke-2.subnet_regions["${var.regions.a}/spoke-2-a"]
|
||||
name = "spoke-2"
|
||||
router_create = false
|
||||
router_name = module.vpn-spoke-2.router_name
|
||||
|
@ -245,12 +246,12 @@ module "nat-spoke-2" {
|
|||
module "vm-spoke-1" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-1.subnet_regions.b
|
||||
zone = "${module.vpc-spoke-1.subnet_regions.b}-b"
|
||||
region = module.vpc-spoke-1.subnet_regions["${var.regions.b}/spoke-1-b"]
|
||||
zone = "${module.vpc-spoke-1.subnet_regions["${var.regions.b}/spoke-1-b"]}-b"
|
||||
name = "spoke-1-test"
|
||||
network_interfaces = [{
|
||||
network = module.vpc-spoke-1.self_link,
|
||||
subnetwork = module.vpc-spoke-1.subnet_self_links.b,
|
||||
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.regions.b}/spoke-1-b"]
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
@ -261,12 +262,12 @@ module "vm-spoke-1" {
|
|||
module "vm-spoke-2" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
region = module.vpc-spoke-2.subnet_regions.b
|
||||
zone = "${module.vpc-spoke-2.subnet_regions.b}-b"
|
||||
region = module.vpc-spoke-2.subnet_regions["${var.regions.b}/spoke-2-b"]
|
||||
zone = "${module.vpc-spoke-2.subnet_regions["${var.regions.b}/spoke-2-b"]}-b"
|
||||
name = "spoke-2-test"
|
||||
network_interfaces = [{
|
||||
network = module.vpc-spoke-2.self_link,
|
||||
subnetwork = module.vpc-spoke-2.subnet_self_links.b,
|
||||
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.regions.b}/spoke-2-b"],
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
|
|
@ -52,14 +52,14 @@ module "vpc" {
|
|||
source = "../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "to-onprem"
|
||||
subnets = {
|
||||
default = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.gcp
|
||||
name = null
|
||||
name = "subnet"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-firewall" {
|
||||
|
@ -74,7 +74,7 @@ module "vpc-firewall" {
|
|||
module "vpn" {
|
||||
source = "../../modules/net-vpn-dynamic"
|
||||
project_id = var.project_id
|
||||
region = module.vpc.subnet_regions["default"]
|
||||
region = module.vpc.subnet_regions["${var.region}/subnet"]
|
||||
network = module.vpc.name
|
||||
name = "to-onprem"
|
||||
router_asn = var.bgp_asn.gcp
|
||||
|
@ -105,7 +105,7 @@ module "vpn" {
|
|||
module "nat" {
|
||||
source = "../../modules/net-cloudnat"
|
||||
project_id = var.project_id
|
||||
region = module.vpc.subnet_regions.default
|
||||
region = module.vpc.subnet_regions["${var.region}/subnet"]
|
||||
name = "default"
|
||||
router_create = false
|
||||
router_name = module.vpn.router_name
|
||||
|
@ -184,12 +184,12 @@ module "service-account-gce" {
|
|||
module "vm-test" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
region = module.vpc.subnet_regions.default
|
||||
zone = "${module.vpc.subnet_regions.default}-b"
|
||||
region = module.vpc.subnet_regions["${var.region}/subnet"]
|
||||
zone = "${module.vpc.subnet_regions["${var.region}/subnet"]}-b"
|
||||
name = "test"
|
||||
network_interfaces = [{
|
||||
network = module.vpc.self_link,
|
||||
subnetwork = module.vpc.subnet_self_links.default,
|
||||
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"]
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
@ -251,7 +251,7 @@ module "vm-onprem" {
|
|||
}
|
||||
network_interfaces = [{
|
||||
network = module.vpc.name
|
||||
subnetwork = module.vpc.subnet_self_links.default
|
||||
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"]
|
||||
nat = true,
|
||||
addresses = null
|
||||
}]
|
||||
|
|
|
@ -98,34 +98,34 @@ module "vpc-shared" {
|
|||
module.project-svc-gce.project_id,
|
||||
module.project-svc-gke.project_id
|
||||
]
|
||||
subnets = {
|
||||
gce = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.gce
|
||||
name = null
|
||||
name = "gce"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
gke = {
|
||||
},
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.gke
|
||||
name = null
|
||||
name = "gke"
|
||||
region = var.region
|
||||
secondary_ip_range = {
|
||||
pods = var.ip_secondary_ranges.gke-pods
|
||||
services = var.ip_secondary_ranges.gke-services
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
iam_roles = {
|
||||
gke = ["roles/compute.networkUser", "roles/compute.securityAdmin"]
|
||||
gce = ["roles/compute.networkUser"]
|
||||
"${var.region}/gke" = ["roles/compute.networkUser", "roles/compute.securityAdmin"]
|
||||
"${var.region}/gce" = ["roles/compute.networkUser"]
|
||||
}
|
||||
iam_members = {
|
||||
gce = {
|
||||
"${var.region}/gce" = {
|
||||
"roles/compute.networkUser" = concat(var.owners_gce, [
|
||||
"serviceAccount:${module.project-svc-gce.cloudsvc_service_account}",
|
||||
])
|
||||
}
|
||||
gke = {
|
||||
"${var.region}/gke" = {
|
||||
"roles/compute.networkUser" = concat(var.owners_gke, [
|
||||
"serviceAccount:${module.project-svc-gke.cloudsvc_service_account}",
|
||||
"serviceAccount:${module.project-svc-gke.gke_service_account}",
|
||||
|
@ -178,12 +178,12 @@ module "host-dns" {
|
|||
module "vm-bastion" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = module.project-svc-gce.project_id
|
||||
region = module.vpc-shared.subnet_regions.gce
|
||||
zone = "${module.vpc-shared.subnet_regions.gce}-b"
|
||||
region = module.vpc-shared.subnet_regions["${var.region}/gce"]
|
||||
zone = "${module.vpc-shared.subnet_regions["${var.region}/gce"]}-b"
|
||||
name = "bastion"
|
||||
network_interfaces = [{
|
||||
network = module.vpc-shared.self_link,
|
||||
subnetwork = lookup(module.vpc-shared.subnet_self_links, "gce", null),
|
||||
subnetwork = lookup(module.vpc-shared.subnet_self_links, "${var.region}/gce", null),
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
@ -207,9 +207,9 @@ module "cluster-1" {
|
|||
source = "../../modules/gke-cluster"
|
||||
name = "cluster-1"
|
||||
project_id = module.project-svc-gke.project_id
|
||||
location = "${module.vpc-shared.subnet_regions.gke}-b"
|
||||
location = "${module.vpc-shared.subnet_regions["${var.region}/gke"]}-b"
|
||||
network = module.vpc-shared.self_link
|
||||
subnetwork = module.vpc-shared.subnet_self_links.gke
|
||||
subnetwork = module.vpc-shared.subnet_self_links["${var.region}/gke"]
|
||||
secondary_range_pods = "pods"
|
||||
secondary_range_services = "services"
|
||||
default_max_pods_per_node = 32
|
||||
|
|
|
@ -13,8 +13,8 @@ module "vpc" {
|
|||
source = "../modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = {
|
||||
subnet-1 = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
name = "production"
|
||||
region = "europe-west1"
|
||||
|
@ -22,14 +22,14 @@ module "vpc" {
|
|||
pods = "172.16.0.0/20"
|
||||
services = "192.168.0.0/24"
|
||||
}
|
||||
}
|
||||
subnet-2 = {
|
||||
},
|
||||
{
|
||||
ip_cidr_range = "10.0.16.0/24"
|
||||
name = "production"
|
||||
region = "europe-west2"
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -42,17 +42,17 @@ module "vpc-spoke-1" {
|
|||
source = "../modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = {
|
||||
subnet-1 = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
name = null
|
||||
name = "subnet-1"
|
||||
region = "europe-west1"
|
||||
secondary_ip_range = {
|
||||
pods = "172.16.0.0/20"
|
||||
services = "192.168.0.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
peering_config = {
|
||||
peer_vpc_self_link = module.vpc-hub.self_link
|
||||
export_routes = false
|
||||
|
@ -68,30 +68,30 @@ module "vpc-host" {
|
|||
source = "../modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-host-network"
|
||||
subnets = {
|
||||
subnet-1 = {
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
name = null
|
||||
name = "subnet-1"
|
||||
region = "europe-west1"
|
||||
secondary_ip_range = {
|
||||
pods = "172.16.0.0/20"
|
||||
services = "192.168.0.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
shared_vpc_host = true
|
||||
shared_vpc_service_projects = [
|
||||
local.service_project_1.project_id,
|
||||
local.service_project_2.project_id
|
||||
]
|
||||
iam_roles = {
|
||||
subnet-1 = [
|
||||
"europe-west1/subnet-1" = [
|
||||
"roles/compute.networkUser",
|
||||
"roles/compute.securityAdmin"
|
||||
]
|
||||
}
|
||||
iam_members = {
|
||||
subnet-1 = {
|
||||
"europe-west1/subnet-1" = {
|
||||
"roles/compute.networkUser" = [
|
||||
local.service_project_1.cloudsvc_sa,
|
||||
local.service_project_1.gke_sa
|
||||
|
@ -113,19 +113,19 @@ module "vpc-host" {
|
|||
| project_id | The ID of the project where this VPC will be created | <code title="">string</code> | ✓ | |
|
||||
| *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *description* | An optional description of this resource (triggers recreation on change). | <code title="">string</code> | | <code title="">Terraform-managed.</code> |
|
||||
| *iam_members* | List of IAM members keyed by subnet and role. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">null</code> |
|
||||
| *iam_roles* | List of IAM roles keyed by subnet. | <code title="map(list(string))">map(list(string))</code> | | <code title="">null</code> |
|
||||
| *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">null</code> |
|
||||
| *iam_roles* | List of IAM roles keyed by subnet 'region/name'. | <code title="map(list(string))">map(list(string))</code> | | <code title="">null</code> |
|
||||
| *log_config_defaults* | Default configuration for flow logs when enabled. | <code title="object({ aggregation_interval = string flow_sampling = number metadata = string })">object({...})</code> | | <code title="{ aggregation_interval = "INTERVAL_5_SEC" flow_sampling = 0.5 metadata = "INCLUDE_ALL_METADATA" }">...</code> |
|
||||
| *log_configs* | Map of per-subnet optional configurations for flow logs when enabled. | <code title="map(map(string))">map(map(string))</code> | | <code title="">null</code> |
|
||||
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | <code title="map(map(string))">map(map(string))</code> | | <code title="">null</code> |
|
||||
| *peering_config* | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string export_routes = bool import_routes = bool })">object({...})</code> | | <code title="">null</code> |
|
||||
| *routes* | Network routes, keyed by name. | <code title="map(object({ dest_range = string priority = number tags = list(string) next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string }))">map(object({...}))</code> | | <code title="">null</code> |
|
||||
| *routing_mode* | The network routing mode (default 'GLOBAL') | <code title="">string</code> | | <code title="">GLOBAL</code> |
|
||||
| *shared_vpc_host* | Enable shared VPC for this project. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *shared_vpc_service_projects* | Shared VPC service projects to register with this host | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet name. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet name. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet name. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *subnets* | Subnets being created. If name is set to null, a default will be used combining network name and this map key. | <code title="map(object({ ip_cidr_range = string name = string region = string secondary_ip_range = map(string) }))">map(object({...}))</code> | | <code title="">null</code> |
|
||||
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *subnets* | The list of subnets being created | <code title="map(object({ ip_cidr_range = string region = string secondary_ip_range = map(string) }))">map(object({...}))</code> | | <code title="">null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
@ -136,10 +136,10 @@ module "vpc-host" {
|
|||
| network | Network resource. | |
|
||||
| project_id | Shared VPC host project id. | |
|
||||
| self_link | The URI of the VPC being created. | |
|
||||
| subnet_ips | Map of subnet address ranges keyed by name. | |
|
||||
| subnet_regions | Map of subnet regions keyed by name. | |
|
||||
| subnet_secondary_ranges | Map of subnet secondary ranges keyed by name. | |
|
||||
| subnet_self_links | Map of subnet self links keyed by name. | |
|
||||
| subnet_ips | Map of subnet address ranges keyed by 'region/name'. | |
|
||||
| subnet_regions | Map of subnet regions keyed by 'region/name'. | |
|
||||
| subnet_secondary_ranges | Map of subnet secondary ranges keyed by 'region/name'. | |
|
||||
| subnet_self_links | Map of subnet self links keyed by 'region/name'. | |
|
||||
| subnets | Subnet resources. | |
|
||||
<!-- END TFDOC -->
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ locals {
|
|||
name => data if data.next_hop_type == "vpn_tunnel"
|
||||
}
|
||||
subnet_log_configs = {
|
||||
for name, attrs in local.subnets : name => (
|
||||
for name, attrs in { for s in local.subnets : format("%s/%s", s.region, s.name) => s } : name => (
|
||||
lookup(var.subnet_flow_logs, name, false)
|
||||
? [{
|
||||
for key, value in var.log_config_defaults : key => lookup(
|
||||
|
@ -62,15 +62,19 @@ locals {
|
|||
: []
|
||||
)
|
||||
}
|
||||
subnets = var.subnets == null ? {} : var.subnets
|
||||
subnets = {
|
||||
for subnet in var.subnets :
|
||||
"${subnet.region}/${subnet.name}" => subnet
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_network" "network" {
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
description = var.description
|
||||
auto_create_subnetworks = var.auto_create_subnetworks
|
||||
routing_mode = var.routing_mode
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
description = var.description
|
||||
auto_create_subnetworks = var.auto_create_subnetworks
|
||||
delete_default_routes_on_create = var.delete_default_routes_on_create
|
||||
routing_mode = var.routing_mode
|
||||
}
|
||||
|
||||
resource "google_compute_network_peering" "local" {
|
||||
|
@ -116,16 +120,16 @@ resource "google_compute_subnetwork" "subnetwork" {
|
|||
project = var.project_id
|
||||
network = google_compute_network.network.name
|
||||
region = each.value.region
|
||||
name = each.value.name != null ? each.value.name : "${var.name}-${each.key}"
|
||||
name = each.value.name
|
||||
ip_cidr_range = each.value.ip_cidr_range
|
||||
secondary_ip_range = each.value.secondary_ip_range == null ? [] : [
|
||||
for name, range in each.value.secondary_ip_range :
|
||||
{ range_name = name, ip_cidr_range = range }
|
||||
]
|
||||
description = lookup(var.subnet_descriptions, each.key, "Terraform-managed.")
|
||||
private_ip_google_access = lookup(var.subnet_private_access, each.key, true)
|
||||
description = lookup(var.subnet_descriptions, "${each.value.region}/${each.value.name}", "Terraform-managed.")
|
||||
private_ip_google_access = lookup(var.subnet_private_access, "${each.value.region}/${each.value.name}", true)
|
||||
dynamic "log_config" {
|
||||
for_each = local.subnet_log_configs[each.key]
|
||||
for_each = local.subnet_log_configs["${each.value.region}/${each.value.name}"]
|
||||
iterator = config
|
||||
content {
|
||||
aggregation_interval = config.value.aggregation_interval
|
||||
|
|
|
@ -20,6 +20,12 @@ variable "auto_create_subnetworks" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "delete_default_routes_on_create" {
|
||||
description = "Set to true to delete the default routes at creation time."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "An optional description of this resource (triggers recreation on change)."
|
||||
type = string
|
||||
|
@ -27,19 +33,19 @@ variable "description" {
|
|||
}
|
||||
|
||||
variable "iam_roles" {
|
||||
description = "List of IAM roles keyed by subnet."
|
||||
description = "List of IAM roles keyed by subnet 'region/name'."
|
||||
type = map(list(string))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
description = "List of IAM members keyed by subnet and role."
|
||||
description = "List of IAM members keyed by subnet 'region/name' and role."
|
||||
type = map(map(list(string)))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "log_configs" {
|
||||
description = "Map of per-subnet optional configurations for flow logs when enabled."
|
||||
description = "Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled."
|
||||
type = map(map(string))
|
||||
default = null
|
||||
}
|
||||
|
@ -109,30 +115,31 @@ variable "shared_vpc_service_projects" {
|
|||
}
|
||||
|
||||
variable "subnets" {
|
||||
description = "Subnets being created. If name is set to null, a default will be used combining network name and this map key."
|
||||
type = map(object({
|
||||
description = "The list of subnets being created"
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
name = string
|
||||
region = string
|
||||
secondary_ip_range = map(string)
|
||||
}))
|
||||
default = null
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subnet_descriptions" {
|
||||
description = "Optional map of subnet descriptions, keyed by subnet name."
|
||||
description = "Optional map of subnet descriptions, keyed by subnet 'region/name'."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "subnet_flow_logs" {
|
||||
description = "Optional map of boolean to control flow logs (default is disabled), keyed by subnet name."
|
||||
description = "Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'."
|
||||
type = map(bool)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "subnet_private_access" {
|
||||
description = "Optional map of boolean to control private Google access (default is enabled), keyed by subnet name."
|
||||
description = "Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'."
|
||||
type = map(bool)
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -97,13 +97,14 @@ variable "shared_vpc_service_projects" {
|
|||
|
||||
variable "subnets" {
|
||||
description = "The list of subnets being created"
|
||||
type = map(object({
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
name = string
|
||||
region = string
|
||||
secondary_ip_range = map(string)
|
||||
}))
|
||||
default = null
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subnet_descriptions" {
|
||||
|
|
|
@ -19,22 +19,14 @@ import pytest
|
|||
|
||||
FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
|
||||
_VAR_SUBNETS = (
|
||||
'{ '
|
||||
'a={region = "europe-west1", ip_cidr_range = "10.0.0.0/24",'
|
||||
' name=null, secondary_ip_range=null},'
|
||||
'b={region = "europe-west1", ip_cidr_range = "10.0.1.0/24",'
|
||||
' name=null, secondary_ip_range=null},'
|
||||
'c={region = "europe-west1", ip_cidr_range = "10.0.2.0/24",'
|
||||
' name="c", secondary_ip_range={a="192.168.0.0/24", b="192.168.1.0/24"}},'
|
||||
'}'
|
||||
)
|
||||
_VAR_LOG_CONFIG = '{a = { flow_sampling = 0.1 }}'
|
||||
_VAR_LOG_CONFIG_DEFAULTS = (
|
||||
'{'
|
||||
'aggregation_interval = "INTERVAL_10_MIN", '
|
||||
'flow_sampling = 0.5, '
|
||||
'metadata = "INCLUDE_ALL_METADATA"'
|
||||
'}'
|
||||
'[ '
|
||||
'{name = "a", region = "europe-west1", ip_cidr_range = "10.0.0.0/24",'
|
||||
' secondary_ip_range=null},'
|
||||
'{name = "b", region = "europe-west1", ip_cidr_range = "10.0.1.0/24",'
|
||||
' secondary_ip_range=null},'
|
||||
'{name = "c", region = "europe-west1", ip_cidr_range = "10.0.2.0/24",'
|
||||
' secondary_ip_range={a="192.168.0.0/24", b="192.168.1.0/24"}},'
|
||||
']'
|
||||
)
|
||||
|
||||
|
||||
|
@ -45,16 +37,22 @@ def test_subnets_simple(plan_runner):
|
|||
subnets = [r['values']
|
||||
for r in resources if r['type'] == 'google_compute_subnetwork']
|
||||
assert set(s['name'] for s in subnets) == set(
|
||||
['my-vpc-a', 'my-vpc-b', 'c'])
|
||||
['a', 'b', 'c'])
|
||||
assert set(len(s['secondary_ip_range']) for s in subnets) == set([0, 0, 2])
|
||||
|
||||
|
||||
def test_subnet_log_configs(plan_runner):
|
||||
"Test subnets flow logs configuration and defaults."
|
||||
log_config = '{"europe-west1/a" = { flow_sampling = 0.1 }}'
|
||||
log_config_defaults = (
|
||||
'{aggregation_interval = "INTERVAL_10_MIN", flow_sampling = 0.5, '
|
||||
'metadata = "INCLUDE_ALL_METADATA"}'
|
||||
)
|
||||
subnet_flow_logs = '{"europe-west1/a"=true, "europe-west1/b"=true}'
|
||||
_, resources = plan_runner(FIXTURES_DIR, subnets=_VAR_SUBNETS,
|
||||
log_configs=_VAR_LOG_CONFIG,
|
||||
log_config_defaults=_VAR_LOG_CONFIG_DEFAULTS,
|
||||
subnet_flow_logs='{a=true, b=true}')
|
||||
log_configs=log_config,
|
||||
log_config_defaults=log_config_defaults,
|
||||
subnet_flow_logs=subnet_flow_logs)
|
||||
assert len(resources) == 4
|
||||
flow_logs = {}
|
||||
for r in resources:
|
||||
|
@ -63,13 +61,13 @@ def test_subnet_log_configs(plan_runner):
|
|||
flow_logs[r['values']['name']] = r['values']['log_config']
|
||||
assert flow_logs == {
|
||||
# enable, override one default option
|
||||
'my-vpc-a': [{
|
||||
'a': [{
|
||||
'aggregation_interval': 'INTERVAL_10_MIN',
|
||||
'flow_sampling': 0.1,
|
||||
'metadata': 'INCLUDE_ALL_METADATA'
|
||||
}],
|
||||
# enable, use defaults
|
||||
'my-vpc-b': [{
|
||||
'b': [{
|
||||
'aggregation_interval': 'INTERVAL_10_MIN',
|
||||
'flow_sampling': 0.5,
|
||||
'metadata': 'INCLUDE_ALL_METADATA'
|
||||
|
|
Loading…
Reference in New Issue