From 6fd58e33c9b6c18a62423d18714945cf22f3002e Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Mon, 16 Oct 2023 08:57:18 +0200 Subject: [PATCH] Add support for psa peered domains to fast stages (#1760) * add support for psa peered domains * tfdoc --- fast/stages/2-networking-a-peering/README.md | 8 ++++---- fast/stages/2-networking-a-peering/variables.tf | 14 ++++++++------ fast/stages/2-networking-b-vpn/README.md | 8 ++++---- fast/stages/2-networking-b-vpn/variables.tf | 14 ++++++++------ fast/stages/2-networking-c-nva/README.md | 10 +++++----- fast/stages/2-networking-c-nva/variables.tf | 14 ++++++++------ fast/stages/2-networking-d-separate-envs/README.md | 10 +++++----- .../2-networking-d-separate-envs/variables.tf | 14 ++++++++------ fast/stages/2-networking-e-nva-bgp/README.md | 12 ++++++------ fast/stages/2-networking-e-nva-bgp/variables.tf | 14 ++++++++------ 10 files changed, 64 insertions(+), 54 deletions(-) diff --git a/fast/stages/2-networking-a-peering/README.md b/fast/stages/2-networking-a-peering/README.md index ca604a6b..05478d79 100644 --- a/fast/stages/2-networking-a-peering/README.md +++ b/fast/stages/2-networking-a-peering/README.md @@ -398,10 +398,10 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [factories_config](variables.tf#L80) | Configuration for network resource factories. | object({…}) | | {…} | | | [outputs_location](variables.tf#L121) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | | [peering_configs](variables-peerings.tf#L19) | Peering configurations. | object({…}) | | {} | | -| [psa_ranges](variables.tf#L138) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | null | | -| [regions](variables.tf#L155) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L167) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [vpn_onprem_primary_config](variables.tf#L181) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [psa_ranges](variables.tf#L138) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | null | | +| [regions](variables.tf#L157) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L169) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [vpn_onprem_primary_config](variables.tf#L183) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | ## Outputs diff --git a/fast/stages/2-networking-a-peering/variables.tf b/fast/stages/2-networking-a-peering/variables.tf index d0190dfa..42d068d7 100644 --- a/fast/stages/2-networking-a-peering/variables.tf +++ b/fast/stages/2-networking-a-peering/variables.tf @@ -139,14 +139,16 @@ variable "psa_ranges" { description = "IP ranges used for Private Service Access (CloudSQL, etc.)." type = object({ dev = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) prod = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) }) default = null diff --git a/fast/stages/2-networking-b-vpn/README.md b/fast/stages/2-networking-b-vpn/README.md index d4c71012..4de2666e 100644 --- a/fast/stages/2-networking-b-vpn/README.md +++ b/fast/stages/2-networking-b-vpn/README.md @@ -421,11 +421,11 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [dns](variables.tf#L72) | Onprem DNS resolvers. | map(list(string)) | | {…} | | | [factories_config](variables.tf#L80) | Configuration for network resource factories. | object({…}) | | {…} | | | [outputs_location](variables.tf#L121) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L138) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | null | | -| [regions](variables.tf#L155) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L167) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [psa_ranges](variables.tf#L138) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | null | | +| [regions](variables.tf#L157) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L169) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | | [vpn_configs](variables-vpn.tf#L17) | Hub to spokes VPN configurations. | object({…}) | | {…} | | -| [vpn_onprem_primary_config](variables.tf#L181) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpn_onprem_primary_config](variables.tf#L183) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | ## Outputs diff --git a/fast/stages/2-networking-b-vpn/variables.tf b/fast/stages/2-networking-b-vpn/variables.tf index d0190dfa..42d068d7 100644 --- a/fast/stages/2-networking-b-vpn/variables.tf +++ b/fast/stages/2-networking-b-vpn/variables.tf @@ -139,14 +139,16 @@ variable "psa_ranges" { description = "IP ranges used for Private Service Access (CloudSQL, etc.)." type = object({ dev = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) prod = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) }) default = null diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md index 142d8d5f..d61baf57 100644 --- a/fast/stages/2-networking-c-nva/README.md +++ b/fast/stages/2-networking-c-nva/README.md @@ -468,11 +468,11 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [gcp_ranges](variables.tf#L111) | GCP address ranges in name => range format. | map(string) | | {…} | | | [onprem_cidr](variables.tf#L126) | Onprem addresses in name => range format. | map(string) | | {…} | | | [outputs_location](variables.tf#L144) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L161) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | null | | -| [regions](variables.tf#L178) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L190) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [vpn_onprem_primary_config](variables.tf#L204) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | -| [vpn_onprem_secondary_config](variables.tf#L247) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | +| [psa_ranges](variables.tf#L161) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | null | | +| [regions](variables.tf#L180) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L192) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [vpn_onprem_primary_config](variables.tf#L206) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpn_onprem_secondary_config](variables.tf#L249) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | ## Outputs diff --git a/fast/stages/2-networking-c-nva/variables.tf b/fast/stages/2-networking-c-nva/variables.tf index 0780cfd9..508584d0 100644 --- a/fast/stages/2-networking-c-nva/variables.tf +++ b/fast/stages/2-networking-c-nva/variables.tf @@ -162,14 +162,16 @@ variable "psa_ranges" { description = "IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format." type = object({ dev = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) prod = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) }) default = null diff --git a/fast/stages/2-networking-d-separate-envs/README.md b/fast/stages/2-networking-d-separate-envs/README.md index 5647dc5f..e84530e8 100644 --- a/fast/stages/2-networking-d-separate-envs/README.md +++ b/fast/stages/2-networking-d-separate-envs/README.md @@ -340,11 +340,11 @@ Regions are defined via the `regions` variable which sets up a mapping between t | [dns](variables.tf#L72) | Onprem DNS resolvers. | map(list(string)) | | {…} | | | [factories_config](variables.tf#L81) | Configuration for network resource factories. | object({…}) | | {…} | | | [outputs_location](variables.tf#L122) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L139) | IP ranges used for Private Service Access (e.g. CloudSQL). | object({…}) | | null | | -| [regions](variables.tf#L156) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L166) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [vpn_onprem_dev_primary_config](variables.tf#L180) | VPN gateway configuration for onprem interconnection from dev in the primary region. | object({…}) | | null | | -| [vpn_onprem_prod_primary_config](variables.tf#L223) | VPN gateway configuration for onprem interconnection from prod in the primary region. | object({…}) | | null | | +| [psa_ranges](variables.tf#L139) | IP ranges used for Private Service Access (e.g. CloudSQL). | object({…}) | | null | | +| [regions](variables.tf#L158) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L168) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [vpn_onprem_dev_primary_config](variables.tf#L182) | VPN gateway configuration for onprem interconnection from dev in the primary region. | object({…}) | | null | | +| [vpn_onprem_prod_primary_config](variables.tf#L225) | VPN gateway configuration for onprem interconnection from prod in the primary region. | object({…}) | | null | | ## Outputs diff --git a/fast/stages/2-networking-d-separate-envs/variables.tf b/fast/stages/2-networking-d-separate-envs/variables.tf index 8edcd72c..d8cb8d83 100644 --- a/fast/stages/2-networking-d-separate-envs/variables.tf +++ b/fast/stages/2-networking-d-separate-envs/variables.tf @@ -140,14 +140,16 @@ variable "psa_ranges" { description = "IP ranges used for Private Service Access (e.g. CloudSQL)." type = object({ dev = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) prod = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) }) default = null diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md index 95e9b0cb..4b3d6fad 100644 --- a/fast/stages/2-networking-e-nva-bgp/README.md +++ b/fast/stages/2-networking-e-nva-bgp/README.md @@ -495,12 +495,12 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [ncc_asn](variables.tf#L126) | The NCC Cloud Routers ASN configuration. | map(number) | | {…} | | | [onprem_cidr](variables.tf#L137) | Onprem addresses in name => range format. | map(string) | | {…} | | | [outputs_location](variables.tf#L155) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L172) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | null | | -| [regions](variables.tf#L189) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L201) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [vpn_onprem_primary_config](variables.tf#L215) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | -| [vpn_onprem_secondary_config](variables.tf#L258) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | -| [zones](variables.tf#L301) | Zones in which NVAs are deployed. | list(string) | | ["b", "c"] | | +| [psa_ranges](variables.tf#L172) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | null | | +| [regions](variables.tf#L191) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L203) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [vpn_onprem_primary_config](variables.tf#L217) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpn_onprem_secondary_config](variables.tf#L260) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | +| [zones](variables.tf#L303) | Zones in which NVAs are deployed. | list(string) | | ["b", "c"] | | ## Outputs diff --git a/fast/stages/2-networking-e-nva-bgp/variables.tf b/fast/stages/2-networking-e-nva-bgp/variables.tf index 7ae8c048..3e443c44 100644 --- a/fast/stages/2-networking-e-nva-bgp/variables.tf +++ b/fast/stages/2-networking-e-nva-bgp/variables.tf @@ -173,14 +173,16 @@ variable "psa_ranges" { description = "IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format." type = object({ dev = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) prod = object({ - ranges = map(string) - export_routes = optional(bool, false) - import_routes = optional(bool, false) + ranges = map(string) + export_routes = optional(bool, false) + import_routes = optional(bool, false) + peered_domains = optional(list(string), []) }) }) default = null