diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 84377bd8..0d6a231e 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -276,8 +276,8 @@ flow_logs: # enable, set to empty map to use defaults
| [subnet_iam](variables.tf#L133) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} |
| [subnets](variables.tf#L139) | Subnet configuration. | list(object({…})) | | [] |
| [subnets_proxy_only](variables.tf#L164) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
-| [subnets_psc](variables.tf#L176) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
-| [vpc_create](variables.tf#L186) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
+| [subnets_psc](variables.tf#L176) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
+| [vpc_create](variables.tf#L187) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
## Outputs
diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf
index 0496405b..ae094ecf 100644
--- a/modules/net-vpc/subnets.tf
+++ b/modules/net-vpc/subnets.tf
@@ -72,13 +72,17 @@ locals {
}
resource "google_compute_subnetwork" "subnetwork" {
- for_each = local.subnets
- project = var.project_id
- network = local.network.name
- name = each.value.name
- region = each.value.region
- ip_cidr_range = each.value.ip_cidr_range
- description = try(each.value.description, "Terraform-managed.")
+ for_each = local.subnets
+ project = var.project_id
+ network = local.network.name
+ name = each.value.name
+ region = each.value.region
+ ip_cidr_range = each.value.ip_cidr_range
+ description = (
+ each.value.description == null
+ ? "Terraform-managed."
+ : each.value.description
+ )
private_ip_google_access = each.value.enable_private_access
secondary_ip_range = each.value.secondary_ip_ranges == null ? [] : [
for name, range in each.value.secondary_ip_ranges :
@@ -107,9 +111,10 @@ resource "google_compute_subnetwork" "proxy_only" {
name = each.value.name
region = each.value.region
ip_cidr_range = each.value.ip_cidr_range
- description = try(
- each.value.description,
- "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
+ description = (
+ each.value.description == null
+ ? "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
+ : each.value.description
)
purpose = "REGIONAL_MANAGED_PROXY"
role = (
@@ -124,9 +129,10 @@ resource "google_compute_subnetwork" "psc" {
name = each.value.name
region = each.value.region
ip_cidr_range = each.value.ip_cidr_range
- description = try(
- each.value.description,
- "Terraform-managed subnet for Private Service Connect (PSC NAT)."
+ description = (
+ each.value.description == null
+ ? "Terraform-managed subnet for Private Service Connect (PSC NAT)."
+ : each.value.description
)
purpose = "PRIVATE_SERVICE_CONNECT"
}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 89207479..a7aa2077 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -179,6 +179,7 @@ variable "subnets_psc" {
name = string
ip_cidr_range = string
region = string
+ description = optional(string)
}))
default = []
}