Small fixes (#1425)
* fix serverless connector plugin outputs * add internal and lb to allowed ingress org policy * add validation condition on cloud run ingress settings * tfdoc * plugin tfdoc * allow disabling googleapis routes with a single instruction in net-vpc * fix variable def * fix variable description * fix cr variable validation * fix usage of create_googleapis_routes in examples and stages
This commit is contained in:
parent
4876161003
commit
7bd6e5d57b
|
@ -35,6 +35,6 @@ To enable the plugin, simply copy or link its files in the networking stage.
|
||||||
|
|
||||||
| name | description | sensitive | consumers |
|
| name | description | sensitive | consumers |
|
||||||
|---|---|:---:|---|
|
|---|---|:---:|---|
|
||||||
| [plugin_sc_connectors](local-serverless-connector-outputs.tf#L43) | VPC Access Connectors. | | |
|
| [plugin_sc_connectors](local-serverless-connector-outputs.tf#L47) | VPC Access Connectors. | | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
@ -29,13 +29,17 @@ resource "local_file" "plugin_sc_tfvars" {
|
||||||
for_each = var.outputs_location == null ? {} : { 1 = 1 }
|
for_each = var.outputs_location == null ? {} : { 1 = 1 }
|
||||||
file_permission = "0644"
|
file_permission = "0644"
|
||||||
filename = "${try(pathexpand(var.outputs_location), "")}/tfvars/2-networking-serverless-connnector.auto.tfvars.json"
|
filename = "${try(pathexpand(var.outputs_location), "")}/tfvars/2-networking-serverless-connnector.auto.tfvars.json"
|
||||||
content = jsonencode(local.plugin_sc_tfvars)
|
content = jsonencode({
|
||||||
|
vpc_connectors = local.plugin_sc_tfvars
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_storage_bucket_object" "plugin_sc_tfvars" {
|
resource "google_storage_bucket_object" "plugin_sc_tfvars" {
|
||||||
bucket = var.automation.outputs_bucket
|
bucket = var.automation.outputs_bucket
|
||||||
name = "tfvars/2-networking-serverless-connnector.auto.tfvars.json"
|
name = "tfvars/2-networking-serverless-connnector.auto.tfvars.json"
|
||||||
content = jsonencode(local.plugin_sc_tfvars)
|
content = jsonencode({
|
||||||
|
vpc_connectors = local.plugin_sc_tfvars
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
# outputs
|
# outputs
|
||||||
|
|
|
@ -39,12 +39,7 @@ module "dev-spoke-vpc-serverless" {
|
||||||
region = var.regions.primary
|
region = var.regions.primary
|
||||||
}]
|
}]
|
||||||
# these should be create from the main VPC
|
# these should be create from the main VPC
|
||||||
create_googleapis_routes = {
|
create_googleapis_routes = null
|
||||||
private = false
|
|
||||||
private-6 = false
|
|
||||||
restricted = false
|
|
||||||
restricted-6 = false
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "prod-spoke-vpc-serverless" {
|
module "prod-spoke-vpc-serverless" {
|
||||||
|
@ -59,12 +54,7 @@ module "prod-spoke-vpc-serverless" {
|
||||||
region = var.regions.primary
|
region = var.regions.primary
|
||||||
}]
|
}]
|
||||||
# these should be create from the main VPC
|
# these should be create from the main VPC
|
||||||
create_googleapis_routes = {
|
create_googleapis_routes = null
|
||||||
private = false
|
|
||||||
private-6 = false
|
|
||||||
restricted = false
|
|
||||||
restricted-6 = false
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_vpc_access_connector" "dev-primary" {
|
resource "google_vpc_access_connector" "dev-primary" {
|
||||||
|
|
|
@ -7,6 +7,7 @@ run.allowedIngress:
|
||||||
- allow:
|
- allow:
|
||||||
values:
|
values:
|
||||||
- is:internal
|
- is:internal
|
||||||
|
- is:internal-and-cloud-load-balancing
|
||||||
|
|
||||||
# run.allowedVPCEgress:
|
# run.allowedVPCEgress:
|
||||||
# rules:
|
# rules:
|
||||||
|
|
|
@ -53,11 +53,8 @@ module "landing-untrusted-vpc" {
|
||||||
inbound = false
|
inbound = false
|
||||||
logging = false
|
logging = false
|
||||||
}
|
}
|
||||||
create_googleapis_routes = {
|
create_googleapis_routes = null
|
||||||
private = false
|
data_folder = "${var.factories_config.data_dir}/subnets/landing-untrusted"
|
||||||
restricted = false
|
|
||||||
}
|
|
||||||
data_folder = "${var.factories_config.data_dir}/subnets/landing-untrusted"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "landing-untrusted-firewall" {
|
module "landing-untrusted-firewall" {
|
||||||
|
|
|
@ -54,11 +54,8 @@ module "landing-untrusted-vpc" {
|
||||||
inbound = false
|
inbound = false
|
||||||
logging = false
|
logging = false
|
||||||
}
|
}
|
||||||
create_googleapis_routes = {
|
create_googleapis_routes = null
|
||||||
private = false
|
data_folder = "${var.factories_config.data_dir}/subnets/landing-untrusted"
|
||||||
restricted = false
|
|
||||||
}
|
|
||||||
data_folder = "${var.factories_config.data_dir}/subnets/landing-untrusted"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "landing-untrusted-firewall" {
|
module "landing-untrusted-firewall" {
|
||||||
|
|
|
@ -310,24 +310,24 @@ module "cloud_run" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [name](variables.tf#L123) | Name used for cloud run service. | <code>string</code> | ✓ | |
|
| [name](variables.tf#L130) | Name used for cloud run service. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L138) | Project id used for all resources. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L145) | Project id used for all resources. | <code>string</code> | ✓ | |
|
||||||
| [container_concurrency](variables.tf#L18) | Maximum allowed in-flight (concurrent) requests per container of the revision. | <code>string</code> | | <code>null</code> |
|
| [container_concurrency](variables.tf#L18) | Maximum allowed in-flight (concurrent) requests per container of the revision. | <code>string</code> | | <code>null</code> |
|
||||||
| [containers](variables.tf#L24) | Containers in arbitrary key => attributes format. | <code title="map(object({ image = string args = optional(list(string)) command = optional(list(string)) env = optional(map(string), {}) env_from_key = optional(map(object({ key = string name = string })), {}) liveness_probe = optional(object({ action = object({ grcp = optional(object({ port = optional(number) service = optional(string) })) http_get = optional(object({ http_headers = optional(map(string), {}) path = optional(string) })) }) failure_threshold = optional(number) initial_delay_seconds = optional(number) period_seconds = optional(number) timeout_seconds = optional(number) })) ports = optional(map(object({ container_port = optional(number) name = optional(string) protocol = optional(string) })), {}) resources = optional(object({ limits = optional(object({ cpu = string memory = string })) requests = optional(object({ cpu = string memory = string })) })) startup_probe = optional(object({ action = object({ grcp = optional(object({ port = optional(number) service = optional(string) })) http_get = optional(object({ http_headers = optional(map(string), {}) path = optional(string) })) tcp_socket = optional(object({ port = optional(number) })) }) failure_threshold = optional(number) initial_delay_seconds = optional(number) period_seconds = optional(number) timeout_seconds = optional(number) })) volume_mounts = optional(map(string), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [containers](variables.tf#L24) | Containers in arbitrary key => attributes format. | <code title="map(object({ image = string args = optional(list(string)) command = optional(list(string)) env = optional(map(string), {}) env_from_key = optional(map(object({ key = string name = string })), {}) liveness_probe = optional(object({ action = object({ grcp = optional(object({ port = optional(number) service = optional(string) })) http_get = optional(object({ http_headers = optional(map(string), {}) path = optional(string) })) }) failure_threshold = optional(number) initial_delay_seconds = optional(number) period_seconds = optional(number) timeout_seconds = optional(number) })) ports = optional(map(object({ container_port = optional(number) name = optional(string) protocol = optional(string) })), {}) resources = optional(object({ limits = optional(object({ cpu = string memory = string })) requests = optional(object({ cpu = string memory = string })) })) startup_probe = optional(object({ action = object({ grcp = optional(object({ port = optional(number) service = optional(string) })) http_get = optional(object({ http_headers = optional(map(string), {}) path = optional(string) })) tcp_socket = optional(object({ port = optional(number) })) }) failure_threshold = optional(number) initial_delay_seconds = optional(number) period_seconds = optional(number) timeout_seconds = optional(number) })) volume_mounts = optional(map(string), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [eventarc_triggers](variables.tf#L91) | Event arc triggers for different sources. | <code title="object({ audit_log = optional(map(object({ method = string service = string })), {}) pubsub = optional(map(string), {}) service_account_email = optional(string) service_account_create = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
| [eventarc_triggers](variables.tf#L91) | Event arc triggers for different sources. | <code title="object({ audit_log = optional(map(object({ method = string service = string })), {}) pubsub = optional(map(string), {}) service_account_email = optional(string) service_account_create = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [iam](variables.tf#L105) | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [iam](variables.tf#L105) | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [ingress_settings](variables.tf#L111) | Ingress settings. | <code>string</code> | | <code>null</code> |
|
| [ingress_settings](variables.tf#L111) | Ingress settings. | <code>string</code> | | <code>null</code> |
|
||||||
| [labels](variables.tf#L117) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
| [labels](variables.tf#L124) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [prefix](variables.tf#L128) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
|
| [prefix](variables.tf#L135) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L143) | Region used for all resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L150) | Region used for all resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [revision_annotations](variables.tf#L149) | Configure revision template annotations. | <code title="object({ autoscaling = optional(object({ max_scale = number min_scale = number })) cloudsql_instances = optional(list(string), []) vpcaccess_connector = optional(string) vpcaccess_egress = optional(string) })">object({…})</code> | | <code>{}</code> |
|
| [revision_annotations](variables.tf#L156) | Configure revision template annotations. | <code title="object({ autoscaling = optional(object({ max_scale = number min_scale = number })) cloudsql_instances = optional(list(string), []) vpcaccess_connector = optional(string) vpcaccess_egress = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [revision_name](variables.tf#L164) | Revision name. | <code>string</code> | | <code>null</code> |
|
| [revision_name](variables.tf#L171) | Revision name. | <code>string</code> | | <code>null</code> |
|
||||||
| [service_account](variables.tf#L170) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
| [service_account](variables.tf#L177) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||||
| [service_account_create](variables.tf#L176) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
| [service_account_create](variables.tf#L183) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||||
| [timeout_seconds](variables.tf#L182) | Maximum duration the instance is allowed for responding to a request. | <code>number</code> | | <code>null</code> |
|
| [timeout_seconds](variables.tf#L189) | Maximum duration the instance is allowed for responding to a request. | <code>number</code> | | <code>null</code> |
|
||||||
| [traffic](variables.tf#L188) | Traffic steering configuration. If revision name is null the latest revision will be used. | <code title="map(object({ percent = number latest = optional(bool) tag = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [traffic](variables.tf#L195) | Traffic steering configuration. If revision name is null the latest revision will be used. | <code title="map(object({ percent = number latest = optional(bool) tag = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [volumes](variables.tf#L199) | Named volumes in containers in name => attributes format. | <code title="map(object({ secret_name = string default_mode = optional(string) items = optional(map(object({ path = string mode = optional(string) }))) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [volumes](variables.tf#L206) | Named volumes in containers in name => attributes format. | <code title="map(object({ secret_name = string default_mode = optional(string) items = optional(map(object({ path = string mode = optional(string) }))) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [vpc_connector_create](variables.tf#L213) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | <code title="object({ ip_cidr_range = optional(string) vpc_self_link = optional(string) machine_type = optional(string) name = optional(string) instances = optional(object({ max = optional(number) min = optional(number) }), {}) throughput = optional(object({ max = optional(number) min = optional(number) }), {}) subnet = optional(object({ name = optional(string) project_id = optional(string) }), {}) })">object({…})</code> | | <code>null</code> |
|
| [vpc_connector_create](variables.tf#L220) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | <code title="object({ ip_cidr_range = optional(string) vpc_self_link = optional(string) machine_type = optional(string) name = optional(string) instances = optional(object({ max = optional(number) min = optional(number) }), {}) throughput = optional(object({ max = optional(number) min = optional(number) }), {}) subnet = optional(object({ name = optional(string) project_id = optional(string) }), {}) })">object({…})</code> | | <code>null</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -112,6 +112,13 @@ variable "ingress_settings" {
|
||||||
description = "Ingress settings."
|
description = "Ingress settings."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
default = null
|
||||||
|
validation {
|
||||||
|
condition = contains(
|
||||||
|
["all", "internal", "internal-and-cloud-load-balancing"],
|
||||||
|
coalesce(var.ingress_settings, "all")
|
||||||
|
)
|
||||||
|
error_message = "Ingress settings can be one of 'all', 'internal', 'internal-and-cloud-load-balancing'."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "labels" {
|
variable "labels" {
|
||||||
|
|
|
@ -422,17 +422,12 @@ module "vpc" {
|
||||||
next_hop = "global/gateways/default-internet-gateway"
|
next_hop = "global/gateways/default-internet-gateway"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
create_googleapis_routes = {
|
create_googleapis_routes = null
|
||||||
restricted = false
|
|
||||||
restricted-6 = false
|
|
||||||
private = false
|
|
||||||
private-6 = false
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
# tftest modules=5 resources=15 inventory=routes.yaml
|
# tftest modules=5 resources=15 inventory=routes.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
### Private Google Access routes
|
### Private Google Access routes
|
||||||
|
|
||||||
By default the VPC module creates IPv4 routes for the [Private Google Access ranges](https://cloud.google.com/vpc/docs/configure-private-google-access#config-routing). This behavior can be controlled through the `create_googleapis_routes` variable:
|
By default the VPC module creates IPv4 routes for the [Private Google Access ranges](https://cloud.google.com/vpc/docs/configure-private-google-access#config-routing). This behavior can be controlled through the `create_googleapis_routes` variable:
|
||||||
|
|
||||||
|
@ -451,7 +446,6 @@ module "vpc" {
|
||||||
# tftest modules=1 resources=3 inventory=googleapis.yaml
|
# tftest modules=1 resources=3 inventory=googleapis.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
### Allow Firewall Policy to be evaluated before Firewall Rules
|
### Allow Firewall Policy to be evaluated before Firewall Rules
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
|
@ -485,28 +479,28 @@ module "vpc" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [name](variables.tf#L84) | The name of the network being created. | <code>string</code> | ✓ | |
|
| [name](variables.tf#L83) | The name of the network being created. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L100) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L99) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||||
| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | <code>bool</code> | | <code>false</code> |
|
| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | <code>bool</code> | | <code>false</code> |
|
||||||
| [create_googleapis_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. | <code title="object({ private = optional(bool, true) private-6 = optional(bool, false) restricted = optional(bool, true) restricted-6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
| [create_googleapis_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. Set to null to disable creation. | <code title="object({ private = optional(bool, true) private-6 = optional(bool, false) restricted = optional(bool, true) restricted-6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [data_folder](variables.tf#L35) | An optional folder containing the subnet configurations in YaML format. | <code>string</code> | | <code>null</code> |
|
| [data_folder](variables.tf#L34) | An optional folder containing the subnet configurations in YaML format. | <code>string</code> | | <code>null</code> |
|
||||||
| [delete_default_routes_on_create](variables.tf#L41) | Set to true to delete the default routes at creation time. | <code>bool</code> | | <code>false</code> |
|
| [delete_default_routes_on_create](variables.tf#L40) | Set to true to delete the default routes at creation time. | <code>bool</code> | | <code>false</code> |
|
||||||
| [description](variables.tf#L47) | An optional description of this resource (triggers recreation on change). | <code>string</code> | | <code>"Terraform-managed."</code> |
|
| [description](variables.tf#L46) | An optional description of this resource (triggers recreation on change). | <code>string</code> | | <code>"Terraform-managed."</code> |
|
||||||
| [dns_policy](variables.tf#L53) | DNS policy setup for the VPC. | <code title="object({ inbound = optional(bool) logging = optional(bool) outbound = optional(object({ private_ns = list(string) public_ns = list(string) })) })">object({…})</code> | | <code>null</code> |
|
| [dns_policy](variables.tf#L52) | DNS policy setup for the VPC. | <code title="object({ inbound = optional(bool) logging = optional(bool) outbound = optional(object({ private_ns = list(string) public_ns = list(string) })) })">object({…})</code> | | <code>null</code> |
|
||||||
| [firewall_policy_enforcement_order](variables.tf#L66) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | <code>string</code> | | <code>"AFTER_CLASSIC_FIREWALL"</code> |
|
| [firewall_policy_enforcement_order](variables.tf#L65) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | <code>string</code> | | <code>"AFTER_CLASSIC_FIREWALL"</code> |
|
||||||
| [mtu](variables.tf#L78) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
|
| [mtu](variables.tf#L77) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
|
||||||
| [peering_config](variables.tf#L89) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
| [peering_config](variables.tf#L88) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||||
| [psa_config](variables.tf#L105) | The Private Service Access configuration for Service Networking. | <code title="object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
| [psa_config](variables.tf#L104) | The Private Service Access configuration for Service Networking. | <code title="object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||||
| [routes](variables.tf#L115) | Network routes, keyed by name. | <code title="map(object({ dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map(object({ dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
| [routing_mode](variables.tf#L134) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||||
| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
| [shared_vpc_host](variables.tf#L144) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||||
| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
| [shared_vpc_service_projects](variables.tf#L150) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
| [subnet_iam](variables.tf#L156) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||||
| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
| [subnet_iam_additive](variables.tf#L162) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||||
| [subnets](variables.tf#L170) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string) enable_private_access = optional(bool, true) })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
| [subnets](variables.tf#L169) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string) enable_private_access = optional(bool, true) })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
| [subnets_proxy_only](variables.tf#L194) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
| [subnets_psc](variables.tf#L206) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
| [vpc_create](variables.tf#L217) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ locals {
|
||||||
priority = 1000
|
priority = 1000
|
||||||
tags = null
|
tags = null
|
||||||
}
|
}
|
||||||
if var.create_googleapis_routes[k]
|
if lookup(coalesce(var.create_googleapis_routes, {}), k, false)
|
||||||
}
|
}
|
||||||
_routes = merge(local._googleapis_routes, coalesce(var.routes, {}))
|
_routes = merge(local._googleapis_routes, coalesce(var.routes, {}))
|
||||||
routes = {
|
routes = {
|
||||||
|
|
|
@ -21,15 +21,14 @@ variable "auto_create_subnetworks" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "create_googleapis_routes" {
|
variable "create_googleapis_routes" {
|
||||||
description = "Toggle creation of googleapis private/restricted routes."
|
description = "Toggle creation of googleapis private/restricted routes. Set to null to disable creation."
|
||||||
type = object({
|
type = object({
|
||||||
private = optional(bool, true)
|
private = optional(bool, true)
|
||||||
private-6 = optional(bool, false)
|
private-6 = optional(bool, false)
|
||||||
restricted = optional(bool, true)
|
restricted = optional(bool, true)
|
||||||
restricted-6 = optional(bool, false)
|
restricted-6 = optional(bool, false)
|
||||||
})
|
})
|
||||||
default = {}
|
default = {}
|
||||||
nullable = false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "data_folder" {
|
variable "data_folder" {
|
||||||
|
|
Loading…
Reference in New Issue