Update docs using tfdoc format (#28)

* update README files * set all types on variables
2020-01-10 13:44:54 +01:00 · 2020-01-10 13:44:54 +01:00 · 253c51d07c
parent 0a63efa5ea
commit 253c51d07c
8 changed files with 150 additions and 123 deletions
--- a/foundations/business-units/README.md
+++ b/foundations/business-units/README.md
@ -25,45 +25,44 @@ The number of resources in this sample is kept to a minimum so as to make it gen

 This sample uses a top-level folder to encapsulate projects that host resources that are not specific to a single environment. If no shared services are needed,the Terraform and audit modules can be easily attached to the root node, and the shared services folder and project removed from `main.tf`.

-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
+<!-- BEGIN TFDOC -->
+## Variables

-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| audit\_viewers | Audit project viewers, in IAM format. | list | `<list>` | no |
-| billing\_account\_id | Billing account id used as default for new projects. | string | n/a | yes |
-| business\_unit\_1\_name | Business unit 1 short name. | string | n/a | yes |
-| business\_unit\_2\_name | Business unit 2 short name. | string | n/a | yes |
-| business\_unit\_3\_name | Business unit 3 short name. | string | n/a | yes |
-| environments | Environment short names. | list(string) | n/a | yes |
-| gcs\_location | GCS bucket location. | string | `"EU"` | no |
-| generate\_service\_account\_keys | Generate and store service account keys in the state file. | string | `"false"` | no |
-| organization\_id | Organization id. | string | n/a | yes |
-| prefix | Prefix used for resources that need unique names. | string | n/a | yes |
-| project\_services | Service APIs enabled by default in new projects. | list | `<list>` | no |
-| root\_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | n/a | yes |
-| shared\_bindings\_members | List of comma-delimited IAM-format members for the additional shared project bindings. | list | `<list>` | no |
-| shared\_bindings\_roles | List of roles for additional shared project bindings. | list | `<list>` | no |
-| terraform\_owners | Terraform project owners, in IAM format. | list | `<list>` | no |
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| billing_account_id | Billing account id used as default for new projects. | <code title="">string</code> | ✓ |  |
+| business_unit_1_name | Business unit 1 short name. | <code title="">string</code> | ✓ |  |
+| business_unit_2_name | Business unit 2 short name. | <code title="">string</code> | ✓ |  |
+| business_unit_3_name | Business unit 3 short name. | <code title="">string</code> | ✓ |  |
+| environments | Environment short names. | <code title="list&#40;string&#41;">list(string)</code> | ✓ |  |
+| organization_id | Organization id. | <code title="">string</code> | ✓ |  |
+| prefix | Prefix used for resources that need unique names. | <code title="">string</code> | ✓ |  |
+| root_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code title="">string</code> | ✓ |  |
+| *audit_viewers* | Audit project viewers, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *gcs_location* | GCS bucket location. | <code title="">string</code> |  | <code title="">EU</code> |
+| *generate_service_account_keys* | Generate and store service account keys in the state file. | <code title="">bool</code> |  | <code title="">false</code> |
+| *project_services* | Service APIs enabled by default in new projects. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="&#91;&#10;&#34;resourceviews.googleapis.com&#34;,&#10;&#34;stackdriver.googleapis.com&#34;,&#10;&#93;">...</code> |
+| *shared_bindings_members* | List of comma-delimited IAM-format members for the additional shared project bindings. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *shared_bindings_roles* | List of roles for additional shared project bindings. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *terraform_owners* | Terraform project owners, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |

 ## Outputs

-| Name | Description |
-|------|-------------|
-| audit\_logs\_bq\_dataset | Bigquery dataset for the audit logs export. |
-| audit\_logs\_project | Project that holds the audit logs export resources. |
-| bootstrap\_tf\_gcs\_bucket | GCS bucket used for the bootstrap Terraform state. |
-| business\_unit\_1\_environment\_folders\_ids | Business unit 1 environment folders. |
-| business\_unit\_1\_folder\_id | Business unit 1 top-level folder ID. |
-| business\_unit\_2\_environment\_folders\_ids | Business unit 2 environment folders. |
-| business\_unit\_2\_folder\_id | Business unit 2 top-level folder ID. |
-| business\_unit\_3\_environment\_folders\_ids | Business unit 3 environment folders. |
-| business\_unit\_3\_folder\_id | Business unit 3 top-level folder ID. |
-| environment\_service\_account\_keys | Service account keys used to run each environment Terraform modules. |
-| environment\_service\_accounts | Service accounts used to run each environment Terraform modules. |
-| environment\_tf\_gcs\_buckets | GCS buckets used for each environment Terraform state. |
-| shared\_folder\_id | Shared folder ID. |
-| shared\_resources\_project | Project that holdes resources shared across business units. |
-| terraform\_project | Project that holds the base Terraform resources. |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| name | description | sensitive |
+|---|---|:---:|
+| audit_logs_bq_dataset | Bigquery dataset for the audit logs export. |  |
+| audit_logs_project | Project that holds the audit logs export resources. |  |
+| bootstrap_tf_gcs_bucket | GCS bucket used for the bootstrap Terraform state. |  |
+| business_unit_1_environment_folders_ids | Business unit 1 environment folders. |  |
+| business_unit_1_folder_id | Business unit 1 top-level folder ID. |  |
+| business_unit_2_environment_folders_ids | Business unit 2 environment folders. |  |
+| business_unit_2_folder_id | Business unit 2 top-level folder ID. |  |
+| business_unit_3_environment_folders_ids | Business unit 3 environment folders. |  |
+| business_unit_3_folder_id | Business unit 3 top-level folder ID. |  |
+| environment_service_account_keys | Service account keys used to run each environment Terraform modules. | ✓ |
+| environment_service_accounts | Service accounts used to run each environment Terraform modules. |  |
+| environment_tf_gcs_buckets | GCS buckets used for each environment Terraform state. |  |
+| shared_folder_id | Shared folder ID. |  |
+| shared_resources_project | Project that holdes resources shared across business units. |  |
+| terraform_project | Project that holds the base Terraform resources. |  |
+<!-- END TFDOC -->
--- a/foundations/business-units/variables.tf
+++ b/foundations/business-units/variables.tf
@ -14,6 +14,7 @@

 variable "audit_viewers" {
  description = "Audit project viewers, in IAM format."
+  type        = list(string)
  default     = []
 }

@ -44,11 +45,13 @@ variable "environments" {

 variable "generate_service_account_keys" {
  description = "Generate and store service account keys in the state file."
+  type        = bool
  default     = false
 }

 variable "gcs_location" {
  description = "GCS bucket location."
+  type        = string
  default     = "EU"
 }

@ -70,21 +73,25 @@ variable "root_node" {
 variable "shared_bindings_members" {
  description = "List of comma-delimited IAM-format members for the additional shared project bindings."
  # example: ["user:a@example.com,b@example.com", "user:c@example.com"]
+  type    = list(string)
  default = []
 }
 variable "shared_bindings_roles" {
  description = "List of roles for additional shared project bindings."
  # example: ["roles/storage.objectViewer", "roles/storage.admin"]
+  type    = list(string)
  default = []
 }

 variable "terraform_owners" {
  description = "Terraform project owners, in IAM format."
+  type        = list(string)
  default     = []
 }

 variable "project_services" {
  description = "Service APIs enabled by default in new projects."
+  type        = list(string)
  default = [
    "resourceviews.googleapis.com",
    "stackdriver.googleapis.com",
--- a/foundations/environments/README.md
+++ b/foundations/environments/README.md
@ -27,38 +27,37 @@ For more complex setups where multiple shared services projects are needed to en

 If no shared services are needed, the shared service project module can of course be removed from `main.tf`.

-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
+<!-- BEGIN TFDOC -->
+## Variables

-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| audit\_viewers | Audit project viewers, in IAM format. | list | `<list>` | no |
-| billing\_account\_id | Billing account id used as default for new projects. | string | n/a | yes |
-| environments | Environment short names. | list(string) | n/a | yes |
-| gcs\_location | GCS bucket location. | string | `"EU"` | no |
-| generate\_service\_account\_keys | Generate and store service account keys in the state file. | string | `"false"` | no |
-| grant\_xpn\_folder\_roles | Grant roles needed for Shared VPC creation to service accounts at the environment folder level. | string | `"true"` | no |
-| grant\_xpn\_org\_roles | Grant roles needed for Shared VPC creation to service accounts at the organization level. | string | `"false"` | no |
-| organization\_id | Organization id. | string | n/a | yes |
-| prefix | Prefix used for resources that need unique names. | string | n/a | yes |
-| project\_services | Service APIs enabled by default in new projects. | list | `<list>` | no |
-| root\_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | n/a | yes |
-| shared\_bindings\_members | List of comma-delimited IAM-format members for the additional shared project bindings. | list | `<list>` | no |
-| shared\_bindings\_roles | List of roles for additional shared project bindings. | list | `<list>` | no |
-| terraform\_owners | Terraform project owners, in IAM format. | list | `<list>` | no |
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| billing_account_id | Billing account id used as default for new projects. | <code title="">string</code> | ✓ |  |
+| environments | Environment short names. | <code title="list&#40;string&#41;">list(string)</code> | ✓ |  |
+| organization_id | Organization id. | <code title="">string</code> | ✓ |  |
+| prefix | Prefix used for resources that need unique names. | <code title="">string</code> | ✓ |  |
+| root_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code title="">string</code> | ✓ |  |
+| *audit_viewers* | Audit project viewers, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *gcs_location* | GCS bucket location. | <code title="">string</code> |  | <code title="">EU</code> |
+| *generate_service_account_keys* | Generate and store service account keys in the state file. | <code title="">bool</code> |  | <code title="">false</code> |
+| *grant_xpn_folder_roles* | Grant roles needed for Shared VPC creation to service accounts at the environment folder level. | <code title="">bool</code> |  | <code title="">true</code> |
+| *grant_xpn_org_roles* | Grant roles needed for Shared VPC creation to service accounts at the organization level. | <code title="">bool</code> |  | <code title="">false</code> |
+| *project_services* | Service APIs enabled by default in new projects. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="&#91;&#10;&#34;resourceviews.googleapis.com&#34;,&#10;&#34;stackdriver.googleapis.com&#34;,&#10;&#93;">...</code> |
+| *shared_bindings_members* | List of comma-delimited IAM-format members for the additional shared project bindings. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *shared_bindings_roles* | List of roles for additional shared project bindings. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *terraform_owners* | Terraform project owners, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |

 ## Outputs

-| Name | Description |
-|------|-------------|
-| audit\_logs\_bq\_dataset | Bigquery dataset for the audit logs export. |
-| audit\_logs\_project | Project that holds the audit logs export resources. |
-| bootstrap\_tf\_gcs\_bucket | GCS bucket used for the bootstrap Terraform state. |
-| environment\_folders | Top-level environment folders. |
-| environment\_service\_account\_keys | Service account keys used to run each environment Terraform modules. |
-| environment\_service\_accounts | Service accounts used to run each environment Terraform modules. |
-| environment\_tf\_gcs\_buckets | GCS buckets used for each environment Terraform state. |
-| shared\_resources\_project | Project that holdes resources shared across environments. |
-| terraform\_project | Project that holds the base Terraform resources. |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| name | description | sensitive |
+|---|---|:---:|
+| audit_logs_bq_dataset | Bigquery dataset for the audit logs export. |  |
+| audit_logs_project | Project that holds the audit logs export resources. |  |
+| bootstrap_tf_gcs_bucket | GCS bucket used for the bootstrap Terraform state. |  |
+| environment_folders | Top-level environment folders. |  |
+| environment_service_account_keys | Service account keys used to run each environment Terraform modules. | ✓ |
+| environment_service_accounts | Service accounts used to run each environment Terraform modules. |  |
+| environment_tf_gcs_buckets | GCS buckets used for each environment Terraform state. |  |
+| shared_resources_project | Project that holdes resources shared across environments. |  |
+| terraform_project | Project that holds the base Terraform resources. |  |
+<!-- END TFDOC -->
--- a/foundations/environments/variables.tf
+++ b/foundations/environments/variables.tf
@ -14,6 +14,7 @@

 variable "audit_viewers" {
  description = "Audit project viewers, in IAM format."
+  type        = list(string)
  default     = []
 }

@ -29,21 +30,25 @@ variable "environments" {

 variable "generate_service_account_keys" {
  description = "Generate and store service account keys in the state file."
+  type        = bool
  default     = false
 }

 variable "gcs_location" {
  description = "GCS bucket location."
+  type        = string
  default     = "EU"
 }

 variable "grant_xpn_org_roles" {
  description = "Grant roles needed for Shared VPC creation to service accounts at the organization level."
+  type        = bool
  default     = false
 }

 variable "grant_xpn_folder_roles" {
  description = "Grant roles needed for Shared VPC creation to service accounts at the environment folder level."
+  type        = bool
  default     = true
 }

@ -65,21 +70,25 @@ variable "root_node" {
 variable "shared_bindings_members" {
  description = "List of comma-delimited IAM-format members for the additional shared project bindings."
  # example: ["user:a@example.com,b@example.com", "user:c@example.com"]
+  type    = list(string)
  default = []
 }
 variable "shared_bindings_roles" {
  description = "List of roles for additional shared project bindings."
  # example: ["roles/storage.objectViewer", "roles/storage.admin"]
+  type    = list(string)
  default = []
 }

 variable "terraform_owners" {
  description = "Terraform project owners, in IAM format."
+  type        = list(string)
  default     = []
 }

 variable "project_services" {
  description = "Service APIs enabled by default in new projects."
+  type        = list(string)
  default = [
    "resourceviews.googleapis.com",
    "stackdriver.googleapis.com",
--- a/infrastructure/hub-and-spoke-vpns/README.md
+++ b/infrastructure/hub-and-spoke-vpns/README.md
@ -48,34 +48,32 @@ SSH access to instances is configured via [OS Login](https://cloud.google.com/co
   -  Please refer to the [bug](https://github.com/terraform-providers/terraform-provider-google/issues/3753) for more details.
   -  Please refer to the [documentation](https://cloud.google.com/dns/zones/#creating_a_dns_policy_that_enables_inbound_dns_forwarding) on how to get the IPs with `gcloud`.

-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
+<!-- BEGIN TFDOC -->
+## Variables

-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| forwarding\_dns\_zone\_domain | Forwarding DNS Zone Domain. | string | `"on-prem.local."` | no |
-| forwarding\_dns\_zone\_name | Forwarding DNS Zone Name. | string | `"on-prem-local"` | no |
-| forwarding\_zone\_server\_addresses | Forwarding DNS Zone Server Addresses | list(string) | `<list>` | no |
-| hub\_bgp\_asn | Hub BGP ASN. | number | `"64515"` | no |
-| hub\_project\_id | Hub Project id. Same project can be used for hub and spokes. | string | n/a | yes |
-| hub\_subnets | Hub VPC subnets configuration. | object | `<list>` | no |
-| private\_dns\_zone\_domain | Private DNS Zone Domain. | string | `"gcp.local."` | no |
-| private\_dns\_zone\_name | Private DNS Zone Name. | string | `"gcp-local"` | no |
-| spoke\_1\_bgp\_asn | Spoke 1 BGP ASN. | number | `"64516"` | no |
-| spoke\_1\_project\_id | Spoke 1 Project id. Same project can be used for hub and spokes. | string | n/a | yes |
-| spoke\_1\_subnets | Spoke 1 VPC subnets configuration. | list | `<list>` | no |
-| spoke\_2\_bgp\_asn | Spoke 2 BGP ASN. | number | `"64517"` | no |
-| spoke\_2\_project\_id | Spoke 2 Project id. Same project can be used for hub and spokes. | string | n/a | yes |
-| spoke\_2\_subnets | Spoke 2 VPC subnets configuration. | list | `<list>` | no |
-| spoke\_to\_spoke\_route\_advertisement | Use custom route advertisement in hub routers to advertise all spoke subnets. | bool | `"true"` | no |
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| hub_project_id | Hub Project id. Same project can be used for hub and spokes. | <code title="">string</code> | ✓ |  |
+| spoke_1_project_id | Spoke 1 Project id. Same project can be used for hub and spokes. | <code title="">string</code> | ✓ |  |
+| spoke_2_project_id | Spoke 2 Project id. Same project can be used for hub and spokes. | <code title="">string</code> | ✓ |  |
+| *forwarding_dns_zone_domain* | Forwarding DNS Zone Domain. | <code title="">string</code> |  | <code title="">on-prem.local.</code> |
+| *forwarding_dns_zone_name* | Forwarding DNS Zone Name. | <code title="">string</code> |  | <code title="">on-prem-local</code> |
+| *forwarding_zone_server_addresses* | Forwarding DNS Zone Server Addresses | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">["8.8.8.8", "8.8.4.4"]</code> |
+| *hub_bgp_asn* | Hub BGP ASN. | <code title="">number</code> |  | <code title="">64515</code> |
+| *hub_subnets* | Hub VPC subnets configuration. | <code title="list&#40;object&#40;&#123;&#10;subnet_name   &#61; string&#10;subnet_ip     &#61; string&#10;subnet_region &#61; string&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="&#91;&#123;&#10;subnet_name   &#61; &#34;subnet-a&#34;&#10;subnet_ip     &#61; &#34;10.10.10.0&#47;24&#34;&#10;subnet_region &#61; &#34;europe-west1&#34;&#10;&#125;,&#10;&#123;&#10;subnet_name   &#61; &#34;subnet-b&#34;&#10;subnet_ip     &#61; &#34;10.10.20.0&#47;24&#34;&#10;subnet_region &#61; &#34;europe-west2&#34;&#10;&#125;,&#10;&#93;">...</code> |
+| *private_dns_zone_domain* | Private DNS Zone Domain. | <code title="">string</code> |  | <code title="">gcp.local.</code> |
+| *private_dns_zone_name* | Private DNS Zone Name. | <code title="">string</code> |  | <code title="">gcp-local</code> |
+| *spoke_1_bgp_asn* | Spoke 1 BGP ASN. | <code title="">number</code> |  | <code title="">64516</code> |
+| *spoke_1_subnets* | Spoke 1 VPC subnets configuration. | <code title=""></code> |  | <code title="&#91;&#123;&#10;subnet_name   &#61; &#34;spoke-1-subnet-a&#34;&#10;subnet_ip     &#61; &#34;10.20.10.0&#47;24&#34;&#10;subnet_region &#61; &#34;europe-west1&#34;&#10;&#125;,&#10;&#123;&#10;subnet_name   &#61; &#34;spoke-1-subnet-b&#34;&#10;subnet_ip     &#61; &#34;10.20.20.0&#47;24&#34;&#10;subnet_region &#61; &#34;europe-west2&#34;&#10;&#125;,&#10;&#93;">...</code> |
+| *spoke_2_bgp_asn* | Spoke 2 BGP ASN. | <code title="">number</code> |  | <code title="">64517</code> |
+| *spoke_2_subnets* | Spoke 2 VPC subnets configuration. | <code title=""></code> |  | <code title="&#91;&#123;&#10;subnet_name   &#61; &#34;spoke-2-subnet-a&#34;&#10;subnet_ip     &#61; &#34;10.30.10.0&#47;24&#34;&#10;subnet_region &#61; &#34;europe-west1&#34;&#10;&#125;,&#10;&#123;&#10;subnet_name   &#61; &#34;spoke-2-subnet-b&#34;&#10;subnet_ip     &#61; &#34;10.30.20.0&#47;24&#34;&#10;subnet_region &#61; &#34;europe-west2&#34;&#10;&#125;,&#10;&#93;">...</code> |
+| *spoke_to_spoke_route_advertisement* | Use custom route advertisement in hub routers to advertise all spoke subnets. | <code title="">bool</code> |  | <code title="">true</code> |

 ## Outputs

-| Name | Description |
-|------|-------------|
-| hub | Hub network resources. |
-| spoke-1 | Spoke1 network resources. |
-| spoke-2 | Spoke2 network resources. |
-| test-instances | Test instance attributes. |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| name | description | sensitive |
+|---|---|:---:|
+| hub | Hub network resources. |  |
+| spoke-1 | Spoke1 network resources. |  |
+| spoke-2 | Spoke2 network resources. |  |
+<!-- END TFDOC -->
--- a/infrastructure/shared-vpc/README.md
+++ b/infrastructure/shared-vpc/README.md
@ -31,34 +31,31 @@ The networking and GKE instances have `dig` and the `mysql` client installed via

 There's a minor glitch that can surface running `terraform destroy`, with a simple workaround. The glitch is due to a delay between the API reporting service project removal from the Shared VPC as successful (`google_compute_shared_vpc_service_project` resources destroyed), and the Shared VPC resource being aligned with that event. This results in an error that prevents disabling the Shared VPC feature: `Error disabling Shared VPC Host [...] Cannot disable project as a shared VPC host because it has active service projects.`. The workaround is to run `terraform destroy` again after a few seconds, giving the Shared VPC resource time to be in sync with service project removal.

-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
+<!-- BEGIN TFDOC -->
+## Variables

-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| billing\_account\_id | Billing account id used as default for new projects. | string | n/a | yes |
-| kms\_keyring\_location | Location used for the KMS keyring. | string | `"europe"` | no |
-| kms\_keyring\_name | Name used for the KMS keyring. | string | `"svpc-example"` | no |
-| oslogin\_admins\_gce | GCE project oslogin admin members, in IAM format. | list | `<list>` | no |
-| oslogin\_users\_gce | GCE project oslogin user members, in IAM format. | list | `<list>` | no |
-| owners\_gce | GCE project owners, in IAM format. | list | `<list>` | no |
-| owners\_gke | GKE project owners, in IAM format. | list | `<list>` | no |
-| owners\_host | Host project owners, in IAM format. | list | `<list>` | no |
-| prefix | Prefix used for resources that need unique names. | string | n/a | yes |
-| project\_services | Service APIs enabled by default in new projects. | list | `<list>` | no |
-| root\_node | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | n/a | yes |
-| subnet\_secondary\_ranges | Shared VPC subnets secondary range definitions. | map | `<map>` | no |
-| subnets | Shared VPC subnet definitions. | list | `<list>` | no |
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| billing_account_id | Billing account id used as default for new projects. | <code title="">string</code> | ✓ |  |
+| prefix | Prefix used for resources that need unique names. | <code title="">string</code> | ✓ |  |
+| root_node | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code title="">string</code> | ✓ |  |
+| *kms_keyring_location* | Location used for the KMS keyring. | <code title="">string</code> |  | <code title="">europe</code> |
+| *kms_keyring_name* | Name used for the KMS keyring. | <code title="">string</code> |  | <code title="">svpc-example</code> |
+| *oslogin_admins_gce* | GCE project oslogin admin members, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *oslogin_users_gce* | GCE project oslogin user members, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *owners_gce* | GCE project owners, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *owners_gke* | GKE project owners, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *owners_host* | Host project owners, in IAM format. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *project_services* | Service APIs enabled by default in new projects. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="&#91;&#10;&#34;resourceviews.googleapis.com&#34;,&#10;&#34;stackdriver.googleapis.com&#34;,&#10;&#93;">...</code> |
+| *subnet_secondary_ranges* | Shared VPC subnets secondary range definitions. | <code title="map&#40;list&#40;object&#40;&#123;&#10;range_name    &#61; string&#10;ip_cidr_range &#61; string&#10;&#125;&#41;&#41;&#41;">map(list(object({...})))</code> |  | <code title="&#123;&#10;networking &#61; &#91;&#93;,&#10;gce        &#61; &#91;&#93;,&#10;gke &#61; &#91;&#10;&#123;&#10;range_name    &#61; &#34;services&#34;&#10;ip_cidr_range &#61; &#34;172.16.0.0&#47;24&#34;&#10;&#125;,&#10;&#123;&#10;range_name    &#61; &#34;pods&#34;&#10;ip_cidr_range &#61; &#34;10.128.0.0&#47;18&#34;&#10;&#125;&#10;&#93;&#10;&#125;">...</code> |
+| *subnets* | Shared VPC subnet definitions. | <code title="list&#40;object&#40;&#123;&#10;subnet_name           &#61; string&#10;subnet_ip             &#61; string&#10;subnet_region         &#61; string&#10;subnet_private_access &#61; string&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="&#91;&#10;&#123;&#10;subnet_name           &#61; &#34;networking&#34;&#10;subnet_ip             &#61; &#34;10.0.0.0&#47;24&#34;&#10;subnet_region         &#61; &#34;europe-west1&#34;&#10;subnet_private_access &#61; &#34;true&#34;&#10;&#125;,&#10;&#123;&#10;subnet_name           &#61; &#34;gce&#34;&#10;subnet_ip             &#61; &#34;10.0.16.0&#47;24&#34;&#10;subnet_region         &#61; &#34;europe-west1&#34;&#10;subnet_private_access &#61; &#34;true&#34;&#10;&#125;,&#10;&#123;&#10;subnet_name           &#61; &#34;gke&#34;&#10;subnet_ip             &#61; &#34;10.0.32.0&#47;24&#34;&#10;subnet_region         &#61; &#34;europe-west1&#34;&#10;subnet_private_access &#61; &#34;true&#34;&#10;&#125;,&#10;&#93;">...</code> |

 ## Outputs

-| Name | Description |
-|------|-------------|
-| host\_project\_id | VPC host project id. |
-| mysql-root-password | Password for the test MySQL db root user. |
-| service\_project\_ids | Service project ids. |
-| test-instances | Test instance names. |
-| vpc\_name | Shared VPC name |
-| vpc\_subnets | Shared VPC subnets. |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| name | description | sensitive |
+|---|---|:---:|
+| host_project_id | VPC host project id. |  |
+| service_project_ids | Service project ids. |  |
+| vpc_name | Shared VPC name |  |
+| vpc_subnets | Shared VPC subnets. |  |
+<!-- END TFDOC -->
--- a/infrastructure/shared-vpc/variables.tf
+++ b/infrastructure/shared-vpc/variables.tf
@ -19,36 +19,43 @@ variable "billing_account_id" {

 variable "kms_keyring_location" {
  description = "Location used for the KMS keyring."
+  type        = string
  default     = "europe"
 }

 variable "kms_keyring_name" {
  description = "Name used for the KMS keyring."
+  type        = string
  default     = "svpc-example"
 }

 variable "oslogin_admins_gce" {
  description = "GCE project oslogin admin members, in IAM format."
+  type        = list(string)
  default     = []
 }

 variable "oslogin_users_gce" {
  description = "GCE project oslogin user members, in IAM format."
+  type        = list(string)
  default     = []
 }

 variable "owners_gce" {
  description = "GCE project owners, in IAM format."
+  type        = list(string)
  default     = []
 }

 variable "owners_gke" {
  description = "GKE project owners, in IAM format."
+  type        = list(string)
  default     = []
 }

 variable "owners_host" {
  description = "Host project owners, in IAM format."
+  type        = list(string)
  default     = []
 }

@ -64,6 +71,12 @@ variable "root_node" {

 variable "subnets" {
  description = "Shared VPC subnet definitions."
+  type = list(object({
+    subnet_name           = string
+    subnet_ip             = string
+    subnet_region         = string
+    subnet_private_access = string
+  }))
  default = [
    {
      subnet_name           = "networking"
@ -88,6 +101,10 @@ variable "subnets" {

 variable "subnet_secondary_ranges" {
  description = "Shared VPC subnets secondary range definitions."
+  type = map(list(object({
+    range_name    = string
+    ip_cidr_range = string
+  })))
  default = {
    networking = [],
    gce        = [],
@ -106,6 +123,7 @@ variable "subnet_secondary_ranges" {

 variable "project_services" {
  description = "Service APIs enabled by default in new projects."
+  type        = list(string)
  default = [
    "resourceviews.googleapis.com",
    "stackdriver.googleapis.com",
--- a/tools/tfdoc/tfdoc.py
+++ b/tools/tfdoc/tfdoc.py