From db44be9803d47e17746570e04edfab652f83ae78 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 17 May 2024 16:30:57 +0300 Subject: [PATCH] Ignore test resource data in new network stage, split out fast variables (#2288) * ignore test resource data, split out fast vars * tfdoc --- fast/stages/2-networking-a-simple/README.md | 37 ++++--- .../2-networking-a-simple/test-resources.tf | 4 +- .../2-networking-a-simple/variables-fast.tf | 103 ++++++++++++++++++ .../stages/2-networking-a-simple/variables.tf | 85 --------------- 4 files changed, 124 insertions(+), 105 deletions(-) create mode 100644 fast/stages/2-networking-a-simple/variables-fast.tf diff --git a/fast/stages/2-networking-a-simple/README.md b/fast/stages/2-networking-a-simple/README.md index f2316f17..b2c30b42 100644 --- a/fast/stages/2-networking-a-simple/README.md +++ b/fast/stages/2-networking-a-simple/README.md @@ -431,6 +431,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [spoke-peerings.tf](./spoke-peerings.tf) | Peerings between landing and spokes. | net-vpc-peering | | | [spoke-vpns.tf](./spoke-vpns.tf) | VPN between landing and spokes. | net-vpn-ha | | | [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | | +| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | | | [variables.tf](./variables.tf) | Module variables. | | | | [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | @@ -438,25 +439,25 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| -| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | -| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | -| [folder_ids](variables.tf#L132) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman | -| [organization](variables.tf#L142) | Organization details. | object({…}) | ✓ | | 0-bootstrap | -| [prefix](variables.tf#L158) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [automation](variables-fast.tf#L19) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | +| [billing_account](variables-fast.tf#L27) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | +| [folder_ids](variables-fast.tf#L59) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman | +| [organization](variables-fast.tf#L69) | Organization details. | object({…}) | ✓ | | 0-bootstrap | +| [prefix](variables-fast.tf#L79) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | -| [create_test_instances](variables.tf#L63) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | | -| [custom_roles](variables.tf#L69) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L78) | DNS configuration. | object({…}) | | {} | | -| [enable_cloud_nat](variables.tf#L88) | Deploy Cloud NAT. | bool | | false | | -| [essential_contacts](variables.tf#L95) | Email used for essential contacts, unset if null. | string | | null | | -| [factories_config](variables.tf#L101) | Configuration for network resource factories. | object({…}) | | {…} | | -| [fast_features](variables.tf#L122) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap | -| [outputs_location](variables.tf#L152) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L169) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | {} | | -| [regions](variables.tf#L189) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L201) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [spoke_configs](variables.tf#L215) | Spoke connectivity configurations. | object({…}) | | {…} | | -| [vpn_onprem_primary_config](variables.tf#L265) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | | +| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | +| [dns](variables.tf#L48) | DNS configuration. | object({…}) | | {} | | +| [enable_cloud_nat](variables.tf#L58) | Deploy Cloud NAT. | bool | | false | | +| [essential_contacts](variables.tf#L65) | Email used for essential contacts, unset if null. | string | | null | | +| [factories_config](variables.tf#L71) | Configuration for network resource factories. | object({…}) | | {…} | | +| [fast_features](variables-fast.tf#L49) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap | +| [outputs_location](variables.tf#L92) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [psa_ranges](variables.tf#L98) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | {} | | +| [regions](variables.tf#L118) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables-fast.tf#L90) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [spoke_configs](variables.tf#L130) | Spoke connectivity configurations. | object({…}) | | {…} | | +| [vpn_onprem_primary_config](variables.tf#L180) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | ## Outputs diff --git a/fast/stages/2-networking-a-simple/test-resources.tf b/fast/stages/2-networking-a-simple/test-resources.tf index a9993cfb..39613f66 100644 --- a/fast/stages/2-networking-a-simple/test-resources.tf +++ b/fast/stages/2-networking-a-simple/test-resources.tf @@ -17,7 +17,7 @@ # tfdoc:file:description Temporary instances for testing locals { - test-vms = { + test-vms = var.create_test_instances != true ? {} : { dev-spoke-primary = { region = var.regions.primary project_id = module.dev-spoke-project.project_id @@ -43,7 +43,7 @@ locals { } module "test-vms" { - for_each = var.create_test_instances ? local.test-vms : {} + for_each = local.test-vms # for_each = {} source = "../../../modules/compute-vm" project_id = each.value.project_id diff --git a/fast/stages/2-networking-a-simple/variables-fast.tf b/fast/stages/2-networking-a-simple/variables-fast.tf new file mode 100644 index 00000000..37d4031b --- /dev/null +++ b/fast/stages/2-networking-a-simple/variables-fast.tf @@ -0,0 +1,103 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description FAST stage interface. + +variable "automation" { + # tfdoc:variable:source 0-bootstrap + description = "Automation resources created by the bootstrap stage." + type = object({ + outputs_bucket = string + }) +} + +variable "billing_account" { + # tfdoc:variable:source 0-bootstrap + description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false." + type = object({ + id = string + is_org_level = optional(bool, true) + }) + validation { + condition = var.billing_account.is_org_level != null + error_message = "Invalid `null` value for `billing_account.is_org_level`." + } +} + +variable "custom_roles" { + # tfdoc:variable:source 0-bootstrap + description = "Custom roles defined at the org level, in key => id format." + type = object({ + service_project_network_admin = string + }) + default = null +} + +variable "fast_features" { + # tfdoc:variable:source 0-0-bootstrap + description = "Selective control for top-level FAST features." + type = object({ + gcve = optional(bool, false) + }) + default = {} + nullable = false +} + +variable "folder_ids" { + # tfdoc:variable:source 1-resman + description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." + type = object({ + networking = string + networking-dev = string + networking-prod = string + }) +} + +variable "organization" { + # tfdoc:variable:source 0-bootstrap + description = "Organization details." + type = object({ + domain = string + id = number + customer_id = string + }) +} + +variable "prefix" { + # tfdoc:variable:source 0-bootstrap + description = "Prefix used for resources that need unique names. Use 9 characters or less." + type = string + + validation { + condition = try(length(var.prefix), 0) < 10 + error_message = "Use a maximum of 9 characters for prefix." + } +} + +variable "service_accounts" { + # tfdoc:variable:source 1-resman + description = "Automation service accounts in name => email format." + type = object({ + data-platform-dev = string + data-platform-prod = string + gke-dev = string + gke-prod = string + project-factory-dev = string + project-factory-prod = string + }) + default = null +} + diff --git a/fast/stages/2-networking-a-simple/variables.tf b/fast/stages/2-networking-a-simple/variables.tf index dd097bdd..bf92791e 100644 --- a/fast/stages/2-networking-a-simple/variables.tf +++ b/fast/stages/2-networking-a-simple/variables.tf @@ -39,42 +39,12 @@ variable "alert_config" { } } -variable "automation" { - # tfdoc:variable:source 0-bootstrap - description = "Automation resources created by the bootstrap stage." - type = object({ - outputs_bucket = string - }) -} - -variable "billing_account" { - # tfdoc:variable:source 0-bootstrap - description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false." - type = object({ - id = string - is_org_level = optional(bool, true) - }) - validation { - condition = var.billing_account.is_org_level != null - error_message = "Invalid `null` value for `billing_account.is_org_level`." - } -} - variable "create_test_instances" { description = "Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity." type = bool default = false } -variable "custom_roles" { - # tfdoc:variable:source 0-bootstrap - description = "Custom roles defined at the org level, in key => id format." - type = object({ - service_project_network_admin = string - }) - default = null -} - variable "dns" { description = "DNS configuration." type = object({ @@ -119,53 +89,12 @@ variable "factories_config" { } } -variable "fast_features" { - # tfdoc:variable:source 0-0-bootstrap - description = "Selective control for top-level FAST features." - type = object({ - gcve = optional(bool, false) - }) - default = {} - nullable = false -} - -variable "folder_ids" { - # tfdoc:variable:source 1-resman - description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." - type = object({ - networking = string - networking-dev = string - networking-prod = string - }) -} - -variable "organization" { - # tfdoc:variable:source 0-bootstrap - description = "Organization details." - type = object({ - domain = string - id = number - customer_id = string - }) -} - variable "outputs_location" { description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable." type = string default = null } -variable "prefix" { - # tfdoc:variable:source 0-bootstrap - description = "Prefix used for resources that need unique names. Use 9 characters or less." - type = string - - validation { - condition = try(length(var.prefix), 0) < 10 - error_message = "Use a maximum of 9 characters for prefix." - } -} - variable "psa_ranges" { description = "IP ranges used for Private Service Access (CloudSQL, etc.)." type = object({ @@ -198,20 +127,6 @@ variable "regions" { } } -variable "service_accounts" { - # tfdoc:variable:source 1-resman - description = "Automation service accounts in name => email format." - type = object({ - data-platform-dev = string - data-platform-prod = string - gke-dev = string - gke-prod = string - project-factory-dev = string - project-factory-prod = string - }) - default = null -} - variable "spoke_configs" { description = "Spoke connectivity configurations." type = object({