zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into wiktorn-e2e-setup-fixes

This commit is contained in:
Wiktor Niesiobędzki 2023-11-30 19:51:03 +01:00 committed by GitHub
parent 4d909dee5f a69e828313
commit e36b4fcec8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 349 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/bigquery-dataset/README.md
View File

@ -294,10 +294,10 @@ module "bigquery-dataset" {
| [iam](variables.tf#L92) | IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L103) | Dataset labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [location](variables.tf#L109) | Dataset location. | <code>string</code> | | <code>&#34;EU&#34;</code> |
| [materialized_views](variables.tf#L115) | Materialized views definitions. | <code title="map&#40;object&#40;&#123;&#10; query &#61; string&#10; allow_non_incremental_definition &#61; optional&#40;bool&#41;&#10; deletion_protection &#61; optional&#40;bool&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; enable_refresh &#61; optional&#40;bool&#41;&#10; friendly_name &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; refresh_interval_ms &#61; optional&#40;bool&#41;&#10; options &#61; optional&#40;object&#40;&#123;&#10; clustering &#61; optional&#40;list&#40;string&#41;&#41;&#10; expiration_time &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; partitioning &#61; optional&#40;object&#40;&#123;&#10; field &#61; optional&#40;string&#41;&#10; range &#61; optional&#40;object&#40;&#123;&#10; end &#61; number&#10; interval &#61; number&#10; start &#61; number&#10; &#125;&#41;&#41;&#10; time &#61; optional&#40;object&#40;&#123;&#10; type &#61; string&#10; expiration_ms &#61; optional&#40;number&#41;&#10; field &#61; optional&#40;string&#41;&#10; require_partition_filter &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [materialized_views](variables.tf#L115) | Materialized views definitions. | <code title="map&#40;object&#40;&#123;&#10; query &#61; string&#10; allow_non_incremental_definition &#61; optional&#40;bool&#41;&#10; deletion_protection &#61; optional&#40;bool&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; enable_refresh &#61; optional&#40;bool&#41;&#10; friendly_name &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; refresh_interval_ms &#61; optional&#40;bool&#41;&#10; require_partition_filter &#61; optional&#40;bool&#41;&#10; options &#61; optional&#40;object&#40;&#123;&#10; clustering &#61; optional&#40;list&#40;string&#41;&#41;&#10; expiration_time &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; partitioning &#61; optional&#40;object&#40;&#123;&#10; field &#61; optional&#40;string&#41;&#10; range &#61; optional&#40;object&#40;&#123;&#10; end &#61; number&#10; interval &#61; number&#10; start &#61; number&#10; &#125;&#41;&#41;&#10; time &#61; optional&#40;object&#40;&#123;&#10; type &#61; string&#10; expiration_ms &#61; optional&#40;number&#41;&#10; field &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [options](variables.tf#L148) | Dataset options. | <code title="object&#40;&#123;&#10; default_collation &#61; optional&#40;string&#41;&#10; default_table_expiration_ms &#61; optional&#40;number&#41;&#10; default_partition_expiration_ms &#61; optional&#40;number&#41;&#10; delete_contents_on_destroy &#61; optional&#40;bool, false&#41;&#10; is_case_insensitive &#61; optional&#40;bool&#41;&#10; max_time_travel_hours &#61; optional&#40;number, 168&#41;&#10; storage_billing_model &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [tables](variables.tf#L167) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map&#40;object&#40;&#123;&#10; deletion_protection &#61; optional&#40;bool&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; friendly_name &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; schema &#61; optional&#40;string&#41;&#10; options &#61; optional&#40;object&#40;&#123;&#10; clustering &#61; optional&#40;list&#40;string&#41;&#41;&#10; encryption_key &#61; optional&#40;string&#41;&#10; expiration_time &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; partitioning &#61; optional&#40;object&#40;&#123;&#10; field &#61; optional&#40;string&#41;&#10; range &#61; optional&#40;object&#40;&#123;&#10; end &#61; number&#10; interval &#61; number&#10; start &#61; number&#10; &#125;&#41;&#41;&#10; time &#61; optional&#40;object&#40;&#123;&#10; type &#61; string&#10; expiration_ms &#61; optional&#40;number&#41;&#10; field &#61; optional&#40;string&#41;&#10; require_partition_filter &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [views](variables.tf#L198) | View definitions. | <code title="map&#40;object&#40;&#123;&#10; query &#61; string&#10; deletion_protection &#61; optional&#40;bool&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; friendly_name &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; use_legacy_sql &#61; optional&#40;bool&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [tables](variables.tf#L167) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map&#40;object&#40;&#123;&#10; deletion_protection &#61; optional&#40;bool&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; friendly_name &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; require_partition_filter &#61; optional&#40;bool&#41;&#10; schema &#61; optional&#40;string&#41;&#10; external_data_configuration &#61; optional&#40;object&#40;&#123;&#10; autodetect &#61; bool&#10; source_uris &#61; list&#40;string&#41;&#10; avro_logical_types &#61; optional&#40;bool&#41;&#10; compression &#61; optional&#40;string&#41;&#10; connection_id &#61; optional&#40;string&#41;&#10; file_set_spec_type &#61; optional&#40;string&#41;&#10; ignore_unknown_values &#61; optional&#40;bool&#41;&#10; metadata_cache_mode &#61; optional&#40;string&#41;&#10; object_metadata &#61; optional&#40;string&#41;&#10; json_options_encoding &#61; optional&#40;string&#41;&#10; reference_file_schema_uri &#61; optional&#40;string&#41;&#10; schema &#61; optional&#40;string&#41;&#10; source_format &#61; optional&#40;string&#41;&#10; max_bad_records &#61; optional&#40;number&#41;&#10; csv_options &#61; optional&#40;object&#40;&#123;&#10; quote &#61; string&#10; allow_jagged_rows &#61; optional&#40;bool&#41;&#10; allow_quoted_newlines &#61; optional&#40;bool&#41;&#10; encoding &#61; optional&#40;string&#41;&#10; field_delimiter &#61; optional&#40;string&#41;&#10; skip_leading_rows &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; google_sheets_options &#61; optional&#40;object&#40;&#123;&#10; range &#61; optional&#40;string&#41;&#10; skip_leading_rows &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; hive_partitioning_options &#61; optional&#40;object&#40;&#123;&#10; mode &#61; optional&#40;string&#41;&#10; require_partition_filter &#61; optional&#40;bool&#41;&#10; source_uri_prefix &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; parquet_options &#61; optional&#40;object&#40;&#123;&#10; enum_as_string &#61; optional&#40;bool&#41;&#10; enable_list_inference &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10;&#10;&#10; &#125;&#41;&#41;&#10; options &#61; optional&#40;object&#40;&#123;&#10; clustering &#61; optional&#40;list&#40;string&#41;&#41;&#10; encryption_key &#61; optional&#40;string&#41;&#10; expiration_time &#61; optional&#40;number&#41;&#10; max_staleness &#61; optional&#40;string&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; partitioning &#61; optional&#40;object&#40;&#123;&#10; field &#61; optional&#40;string&#41;&#10; range &#61; optional&#40;object&#40;&#123;&#10; end &#61; number&#10; interval &#61; number&#10; start &#61; number&#10; &#125;&#41;&#41;&#10; time &#61; optional&#40;object&#40;&#123;&#10; type &#61; string&#10; expiration_ms &#61; optional&#40;number&#41;&#10; field &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; table_constraints &#61; optional&#40;object&#40;&#123;&#10; primary_key_columns &#61; optional&#40;list&#40;string&#41;&#41;&#10; foreign_keys &#61; optional&#40;object&#40;&#123;&#10; referenced_table &#61; object&#40;&#123;&#10; project_id &#61; string&#10; dataset_id &#61; string&#10; table_id &#61; string&#10; &#125;&#41;&#10; column_references &#61; object&#40;&#123;&#10; referencing_column &#61; string&#10; referenced_column &#61; string&#10; &#125;&#41;&#10; name &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [views](variables.tf#L252) | View definitions. | <code title="map&#40;object&#40;&#123;&#10; query &#61; string&#10; deletion_protection &#61; optional&#40;bool&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; friendly_name &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; use_legacy_sql &#61; optional&#40;bool&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs

154
modules/bigquery-dataset/main.tf
View File

@ -209,18 +209,20 @@ resource "google_bigquery_dataset_iam_binding" "bindings" {
}
resource "google_bigquery_table" "default" {
provider = google-beta
for_each = var.tables
project = var.project_id
dataset_id = google_bigquery_dataset.default.dataset_id
table_id = each.key
friendly_name = each.value.friendly_name
description = each.value.description
clustering = each.value.options.clustering
expiration_time = each.value.options.expiration_time
labels = each.value.labels
schema = each.value.schema
deletion_protection = each.value.deletion_protection
provider = google-beta
for_each = var.tables
project = var.project_id
dataset_id = google_bigquery_dataset.default.dataset_id
table_id = each.key
friendly_name = each.value.friendly_name
description = each.value.description
clustering = each.value.options.clustering
expiration_time = each.value.options.expiration_time
labels = each.value.labels
max_staleness = each.value.options.max_staleness
schema = each.value.schema
deletion_protection = each.value.deletion_protection
require_partition_filter = each.value.require_partition_filter
dynamic "encryption_configuration" {
for_each = each.value.options.encryption_key != null ? [""] : []
@ -229,6 +231,97 @@ resource "google_bigquery_table" "default" {
}
}
dynamic "external_data_configuration" {
for_each = each.value.external_data_configuration != null ? [""] : []
content {
autodetect = each.value.external_data_configuration.autodetect
compression = each.value.external_data_configuration.compression
connection_id = each.value.external_data_configuration.connection_id
file_set_spec_type = each.value.external_data_configuration.file_set_spec_type
ignore_unknown_values = each.value.external_data_configuration.ignore_unknown_values
max_bad_records = each.value.external_data_configuration.max_bad_records
metadata_cache_mode = each.value.external_data_configuration.metadata_cache_mode
object_metadata = each.value.external_data_configuration.object_metadata
reference_file_schema_uri = each.value.external_data_configuration.reference_file_schema_uri
schema = each.value.external_data_configuration.schema
source_format = each.value.external_data_configuration.source_format
source_uris = each.value.external_data_configuration.source_uris
dynamic "avro_options" {
for_each = each.value.external_data_configuration.avro_logical_types != null ? [""] : []
content {
use_avro_logical_types = each.value.external_data_configuration.avro_logical_types
}
}
dynamic "csv_options" {
for_each = each.value.external_data_configuration.csv_options != null ? [""] : []
content {
quote = each.value.external_data_configuration.csv_options.quote
allow_jagged_rows = each.value.external_data_configuration.csv_options.allow_jagged_rows
allow_quoted_newlines = each.value.external_data_configuration.csv_options.allow_quoted_newlines
encoding = each.value.external_data_configuration.csv_options.encoding
field_delimiter = each.value.external_data_configuration.csv_options.field_delimiter
skip_leading_rows = each.value.external_data_configuration.csv_options.skip_leading_rows
}
}
dynamic "json_options" {
for_each = each.value.external_data_configuration.json_options_encoding != null ? [""] : []
content {
encoding = each.value.external_data_configuration.json_options_encoding
}
}
dynamic "google_sheets_options" {
for_each = each.value.external_data_configuration.google_sheets_options != null ? [""] : []
content {
range = each.value.external_data_configuration.google_sheets_options.range
skip_leading_rows = each.value.external_data_configuration.google_sheets_options.skip_leading_rows
}
}
dynamic "hive_partitioning_options" {
for_each = each.value.external_data_configuration.hive_partitioning_options != null ? [""] : []
content {
mode = each.value.external_data_configuration.hive_partitioning_options.mode
require_partition_filter = each.value.external_data_configuration.hive_partitioning_options.require_partition_filter
source_uri_prefix = each.value.external_data_configuration.hive_partitioning_options.source_uri_prefix
}
}
dynamic "parquet_options" {
for_each = each.value.external_data_configuration.parquet_options != null ? [""] : []
content {
enum_as_string = each.value.external_data_configuration.parquet_options.enum_as_string
enable_list_inference = each.value.external_data_configuration.parquet_options.enable_list_inference
}
}
}
}
dynamic "table_constraints" {
for_each = each.value.table_constraints != null ? [""] : []
content {
dynamic "primary_key" {
for_each = each.value.table_constraints.primary_key_columns != null ? [""] : []
content {
columns = each.value.table_constraints.primary_key_columns
}
}
dynamic "foreign_keys" {
for_each = each.value.table_constraints.foreign_keys != null ? [""] : []
content {
name = each.value.table_constraints.foreign_keys.name
referenced_table {
project_id = each.value.table_constraints.foreign_keys.referenced_table.project_id
dataset_id = each.value.table_constraints.foreign_keys.referenced_table.dataset_id
table_id = each.value.table_constraints.foreign_keys.referenced_table.table_id
}
column_references {
referencing_column = each.value.table_constraints.foreign_keys.column_references.referencing_column
referenced_column = each.value.table_constraints.foreign_keys.column_references.referenced_column
}
}
}
}
}
dynamic "range_partitioning" {
for_each = try(each.value.partitioning.range, null) != null ? [""] : []
content {
@ -244,10 +337,9 @@ resource "google_bigquery_table" "default" {
dynamic "time_partitioning" {
for_each = try(each.value.partitioning.time, null) != null ? [""] : []
content {
expiration_ms = each.value.partitioning.time.expiration_ms
field = each.value.partitioning.time.field
type = each.value.partitioning.time.type
require_partition_filter = each.value.partitioning.time.require_partition_filter
expiration_ms = each.value.partitioning.time.expiration_ms
field = each.value.partitioning.time.field
type = each.value.partitioning.time.type
}
}
}
@ -270,17 +362,18 @@ resource "google_bigquery_table" "views" {
}
resource "google_bigquery_table" "materialized_view" {
depends_on = [google_bigquery_table.default]
for_each = var.materialized_views
project = var.project_id
dataset_id = google_bigquery_dataset.default.dataset_id
table_id = each.key
friendly_name = each.value.friendly_name
description = each.value.description
labels = each.value.labels
clustering = each.value.options.clustering
expiration_time = each.value.options.expiration_time
deletion_protection = each.value.deletion_protection
depends_on = [google_bigquery_table.default]
for_each = var.materialized_views
project = var.project_id
dataset_id = google_bigquery_dataset.default.dataset_id
table_id = each.key
friendly_name = each.value.friendly_name
description = each.value.description
labels = each.value.labels
clustering = each.value.options.clustering
expiration_time = each.value.options.expiration_time
deletion_protection = each.value.deletion_protection
require_partition_filter = each.value.require_partition_filter
dynamic "range_partitioning" {
for_each = try(each.value.partitioning.range, null) != null ? [""] : []
@ -297,10 +390,9 @@ resource "google_bigquery_table" "materialized_view" {
dynamic "time_partitioning" {
for_each = try(each.value.partitioning.time, null) != null ? [""] : []
content {
expiration_ms = each.value.partitioning.time.expiration_ms
field = each.value.partitioning.time.field
type = each.value.partitioning.time.type
require_partition_filter = each.value.partitioning.time.require_partition_filter
expiration_ms = each.value.partitioning.time.expiration_ms
field = each.value.partitioning.time.field
type = each.value.partitioning.time.type
}
}

80
modules/bigquery-dataset/variables.tf
View File

@ -123,6 +123,7 @@ variable "materialized_views" {
friendly_name = optional(string)
labels = optional(map(string), {})
refresh_interval_ms = optional(bool)
require_partition_filter = optional(bool)
options = optional(object({
clustering = optional(list(string))
expiration_time = optional(number)
@ -135,10 +136,9 @@ variable "materialized_views" {
start = number
}))
time = optional(object({
type = string
expiration_ms = optional(number)
field = optional(string)
require_partition_filter = optional(bool)
type = string
expiration_ms = optional(number)
field = optional(string)
}))
}))
}))
@ -167,15 +167,55 @@ variable "project_id" {
variable "tables" {
description = "Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null."
type = map(object({
deletion_protection = optional(bool)
description = optional(string, "Terraform managed.")
friendly_name = optional(string)
labels = optional(map(string), {})
schema = optional(string)
deletion_protection = optional(bool)
description = optional(string, "Terraform managed.")
friendly_name = optional(string)
labels = optional(map(string), {})
require_partition_filter = optional(bool)
schema = optional(string)
external_data_configuration = optional(object({
autodetect = bool
source_uris = list(string)
avro_logical_types = optional(bool)
compression = optional(string)
connection_id = optional(string)
file_set_spec_type = optional(string)
ignore_unknown_values = optional(bool)
metadata_cache_mode = optional(string)
object_metadata = optional(string)
json_options_encoding = optional(string)
reference_file_schema_uri = optional(string)
schema = optional(string)
source_format = optional(string)
max_bad_records = optional(number)
csv_options = optional(object({
quote = string
allow_jagged_rows = optional(bool)
allow_quoted_newlines = optional(bool)
encoding = optional(string)
field_delimiter = optional(string)
skip_leading_rows = optional(number)
}))
google_sheets_options = optional(object({
range = optional(string)
skip_leading_rows = optional(number)
}))
hive_partitioning_options = optional(object({
mode = optional(string)
require_partition_filter = optional(bool)
source_uri_prefix = optional(string)
}))
parquet_options = optional(object({
enum_as_string = optional(bool)
enable_list_inference = optional(bool)
}))
}))
options = optional(object({
clustering = optional(list(string))
encryption_key = optional(string)
expiration_time = optional(number)
max_staleness = optional(string)
}), {})
partitioning = optional(object({
field = optional(string)
@ -185,10 +225,24 @@ variable "tables" {
start = number
}))
time = optional(object({
type = string
expiration_ms = optional(number)
field = optional(string)
require_partition_filter = optional(bool)
type = string
expiration_ms = optional(number)
field = optional(string)
}))
}))
table_constraints = optional(object({
primary_key_columns = optional(list(string))
foreign_keys = optional(object({
referenced_table = object({
project_id = string
dataset_id = string
table_id = string
})
column_references = object({
referencing_column = string
referenced_column = string
})
name = optional(string)
}))
}))
}))

92
modules/net-vpc/README.md
View File

@ -29,7 +29,7 @@ This module allows creation and management of VPC networks including subnetworks
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -48,7 +48,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=simple.yaml
# tftest modules=1 resources=5 inventory=simple.yaml e2e
```
### Subnet Options
@ -56,7 +56,7 @@ module "vpc" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
# simple subnet
@ -95,7 +95,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=7 inventory=subnet-options.yaml
# tftest modules=1 resources=7 inventory=subnet-options.yaml e2e
```
### Subnet IAM
@ -105,7 +105,7 @@ Subnet IAM variables follow our general interface, with extra keys/members for t
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -114,12 +114,12 @@ module "vpc" {
ip_cidr_range = "10.0.1.0/24"
iam = {
"roles/compute.networkUser" = [
"user:user1@example.com", "group:group1@example.com"
"group:${var.group_email}"
]
}
iam_bindings = {
subnet-1-iam = {
members = ["group:group2@example.com"]
members = ["group:${var.group_email}"]
role = "roles/compute.networkUser"
condition = {
expression = "resource.matchTag('123456789012/env', 'prod')"
@ -131,10 +131,10 @@ module "vpc" {
{
name = "subnet-2"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24"
ip_cidr_range = "10.0.2.0/24"
iam_bindings_additive = {
subnet-2-iam = {
member = "user:am1@example.com"
member = "group:${var.group_email}"
role = "roles/compute.networkUser"
subnet = "europe-west1/subnet-2"
}
@ -142,7 +142,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=8 inventory=subnet-iam.yaml
# tftest modules=1 resources=8 inventory=subnet-iam.yaml e2e
```
### Peering
@ -154,7 +154,7 @@ If you only want to create the "local" side of the peering, use `peering_create_
```hcl
module "vpc-hub" {
source = "./fabric/modules/net-vpc"
project_id = "hub"
project_id = var.project_id
name = "vpc-hub"
subnets = [{
ip_cidr_range = "10.0.0.0/24"
@ -165,7 +165,7 @@ module "vpc-hub" {
module "vpc-spoke-1" {
source = "./fabric/modules/net-vpc"
project_id = "spoke1"
project_id = var.project_id
name = "vpc-spoke1"
subnets = [{
ip_cidr_range = "10.0.1.0/24"
@ -185,20 +185,24 @@ module "vpc-spoke-1" {
[Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) is a project-level functionality which enables a project to share its VPCs with other projects. The `shared_vpc_host` variable is here to help with rapid prototyping, we recommend leveraging the project module for production usage.
```hcl
locals {
service_project_1 = {
project_id = "project1"
gke_service_account = "serviceAccount:gke"
cloud_services_service_account = "serviceAccount:cloudsvc"
}
service_project_2 = {
project_id = "project2"
}
module "service-project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
name = "prj1"
prefix = var.prefix
parent = var.folder_id
services = [
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"iam.googleapis.com",
"serviceusage.googleapis.com"
]
}
module "vpc-host" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-host-network"
subnets = [
{
@ -211,22 +215,20 @@ module "vpc-host" {
}
iam = {
"roles/compute.networkUser" = [
local.service_project_1.cloud_services_service_account,
local.service_project_1.gke_service_account
"serviceAccount:${var.service_account.email}"
]
"roles/compute.securityAdmin" = [
local.service_project_1.gke_service_account
"serviceAccount:${var.service_account.email}"
]
}
}
]
shared_vpc_host = true
shared_vpc_service_projects = [
local.service_project_1.project_id,
local.service_project_2.project_id
module.service-project.project_id
]
}
# tftest modules=1 resources=9 inventory=shared-vpc.yaml
# tftest modules=2 resources=13 inventory=shared-vpc.yaml e2e
```
### Private Service Networking
@ -234,7 +236,7 @@ module "vpc-host" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -247,7 +249,7 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" }
}
}
# tftest modules=1 resources=7 inventory=psa.yaml
# tftest modules=1 resources=7 inventory=psa.yaml e2e
```
### Private Service Networking with peering routes and peered Cloud DNS domains
@ -257,7 +259,7 @@ Custom routes can be optionally exported/imported through the peering formed wit
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -273,7 +275,7 @@ module "vpc" {
peered_domains = ["gcp.example.com."]
}
}
# tftest modules=1 resources=8 inventory=psa-routes.yaml
# tftest modules=1 resources=8 inventory=psa-routes.yaml e2e
```
### Subnets for Private Service Connect, Proxy-only subnets
@ -286,7 +288,7 @@ Along with common private subnets module supports creation more service specific
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets_proxy_only = [
@ -312,7 +314,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml e2e
```
### DNS Policies
@ -320,7 +322,7 @@ module "vpc" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
dns_policy = {
inbound = true
@ -337,7 +339,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=dns-policies.yaml
# tftest modules=1 resources=5 inventory=dns-policies.yaml e2e
```
### Subnet Factory
@ -347,7 +349,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../b
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
factories_config = {
subnets_folder = "config/subnets"
@ -430,7 +432,7 @@ locals {
module "vpc" {
source = "./fabric/modules/net-vpc"
for_each = local.route_types
project_id = "my-project"
project_id = var.project_id
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
@ -460,7 +462,7 @@ By default the VPC module creates IPv4 routes for the [Private Google Access ran
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-vpc"
create_googleapis_routes = {
restricted = false
@ -469,7 +471,7 @@ module "vpc" {
private-6 = true
}
}
# tftest modules=1 resources=3 inventory=googleapis.yaml
# tftest modules=1 resources=3 inventory=googleapis.yaml e2e
```
### Allow Firewall Policy to be evaluated before Firewall Rules
@ -477,7 +479,7 @@ module "vpc" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL"
subnets = [
@ -497,7 +499,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml e2e
```
### IPv6
@ -507,12 +509,12 @@ A non-overlapping private IPv6 address space can be configured for the VPC via t
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
ipv6_config = {
# internal_range is optional
enable_ula_internal = true
internal_range = "fd20:6b2:27e5:0:0:0:0:0/48"
# internal_range = "fd20:6b2:27e5::/48"
}
subnets = [
{
@ -531,7 +533,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=ipv6.yaml
# tftest modules=1 resources=5 inventory=ipv6.yaml e2e
```
<!-- BEGIN TFDOC -->
## Variables

4
modules/net-vpc/routes.tf
View File

@ -19,9 +19,9 @@
locals {
_googleapis_ranges = {
private = "199.36.153.8/30"
private-6 = "2600:2d00:0002:2000::/64"
private-6 = "2600:2d00:2:2000::/64"
restricted = "199.36.153.4/30"
restricted-6 = "2600:2d00:0002:1000::/64"
restricted-6 = "2600:2d00:2:1000::/64"
}
_googleapis_routes = {
for k, v in local._googleapis_ranges : "${k}-googleapis" => {

2
tests/examples_e2e/setup_module/main.tf
View File

@ -26,10 +26,12 @@ locals {
"cloudkms.googleapis.com",
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"dns.googleapis.com",
"eventarc.googleapis.com",
"iam.googleapis.com",
"run.googleapis.com",
"secretmanager.googleapis.com",
"servicenetworking.googleapis.com",
"serviceusage.googleapis.com",
"stackdriver.googleapis.com",
"storage-component.googleapis.com",

6
tests/modules/net_vpc/examples/dns-policies.yaml
View File

@ -15,7 +15,7 @@
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
module.vpc.google_dns_policy.default[0]:
alternative_name_server_config:
@ -30,9 +30,9 @@ values:
name: my-network
networks:
- {}
project: my-project
project: project-id
counts:
google_compute_network: 1
google_compute_subnetwork: 1
google_dns_policy: 1
google_dns_policy: 1

22
tests/modules/net_vpc/examples/factory.yaml
View File

@ -20,7 +20,7 @@ values:
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
project: my-project
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -32,7 +32,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -44,7 +44,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
@ -53,7 +53,7 @@ values:
ipv6_access_type: null
log_config: []
name: subnet-proxy
project: my-project
project: project-id
purpose: REGIONAL_MANAGED_PROXY
region: europe-west4
role: ACTIVE
@ -64,7 +64,7 @@ values:
ipv6_access_type: null
log_config: []
name: subnet-proxy-global
project: my-project
project: project-id
purpose: GLOBAL_MANAGED_PROXY
region: australia-southeast2
role: ACTIVE
@ -75,7 +75,7 @@ values:
ipv6_access_type: null
log_config: []
name: subnet-psc
project: my-project
project: project-id
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west4
role: null
@ -92,7 +92,7 @@ values:
metadata_fields: null
name: subnet-detailed
private_ip_google_access: false
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -106,7 +106,7 @@ values:
log_config: []
name: simple
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west4
role: null
secondary_ip_range: []
@ -118,7 +118,7 @@ values:
log_config: []
name: simple
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west8
role: null
secondary_ip_range: []
@ -129,7 +129,7 @@ values:
- group:lorem@example.com
- serviceAccount:fbz@prj.iam.gserviceaccount.com
- user:foobar@example.com
project: my-project
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-detailed
@ -142,4 +142,4 @@ counts:
modules: 1
resources: 10
outputs: {}
outputs: {}

8
tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml
View File

@ -18,7 +18,7 @@ values:
delete_default_routes_on_create: false
description: Terraform-managed.
name: my-network
project: my-project
project: project-id
routing_mode: GLOBAL
network_firewall_policy_enforcement_order: BEFORE_CLASSIC_FIREWALL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
@ -27,7 +27,7 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -41,11 +41,11 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west2
role: null
secondary_ip_range: []
counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_subnetwork: 2

13
tests/modules/net_vpc/examples/googleapis.yaml
View File

@ -13,27 +13,30 @@
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-vpc
project: project-id
module.vpc.google_compute_route.gateway["private-6-googleapis"]:
dest_range: 2600:2d00:0002:2000::/64
dest_range: 2600:2d00:2:2000::/64
name: my-vpc-private-6-googleapis
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc.google_compute_route.gateway["restricted-6-googleapis"]:
dest_range: 2600:2d00:0002:1000::/64
dest_range: 2600:2d00:2:1000::/64
name: my-vpc-restricted-6-googleapis
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
counts:
google_compute_network: 1
google_compute_route: 2
google_compute_route: 2

14
tests/modules/net_vpc/examples/ipv6.yaml
View File

@ -18,10 +18,10 @@ values:
delete_default_routes_on_create: false
description: Terraform-managed.
enable_ula_internal_ipv6: true
internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
# internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
project: my-project
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -33,7 +33,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -45,7 +45,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test"]:
@ -55,7 +55,7 @@ values:
log_config: []
name: test
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
@ -68,7 +68,7 @@ values:
log_config: []
name: test
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west3
role: null
secondary_ip_range: []
@ -82,4 +82,4 @@ counts:
modules: 1
resources: 5
outputs: {}
outputs: {}

10
tests/modules/net_vpc/examples/proxy-only-subnets.yaml
View File

@ -15,13 +15,13 @@
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: regional-proxy
project: my-project
project: project-id
purpose: REGIONAL_MANAGED_PROXY
region: europe-west1
role: ACTIVE
@ -30,7 +30,7 @@ values:
ip_cidr_range: 10.0.4.0/24
log_config: []
name: global-proxy
project: my-project
project: project-id
purpose: GLOBAL_MANAGED_PROXY
region: australia-southeast2
role: ACTIVE
@ -39,11 +39,11 @@ values:
ip_cidr_range: 10.0.3.0/24
log_config: []
name: psc
project: my-project
project: project-id
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west1
role: null
counts:
google_compute_network: 1
google_compute_subnetwork: 3
google_compute_subnetwork: 3

12
tests/modules/net_vpc/examples/psa-routes.yaml
View File

@ -18,21 +18,21 @@ values:
address_type: INTERNAL
name: myrange
prefix_length: 24
project: my-project
project: project-id
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: true
import_custom_routes: true
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
secondary_ip_range: []
module.vpc.google_service_networking_connection.psa_connection[0]:
@ -42,7 +42,7 @@ values:
module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]:
dns_suffix: gcp.example.com.
name: gcp-example-com
project: my-project
project: project-id
service: servicenetworking.googleapis.com
counts:
@ -51,4 +51,4 @@ counts:
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1
google_service_networking_peered_dns_domain: 1
google_service_networking_peered_dns_domain: 1

10
tests/modules/net_vpc/examples/psa.yaml
View File

@ -18,19 +18,19 @@ values:
address_type: INTERNAL
name: myrange
prefix_length: 24
project: my-project
project: project-id
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: false
import_custom_routes: false
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
project: project-id
module.vpc.google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- myrange
@ -43,4 +43,4 @@ counts:
google_compute_subnetwork: 1
google_service_networking_connection: 1
outputs: {}
outputs: {}

32
tests/modules/net_vpc/examples/routes.yaml
View File

@ -15,7 +15,7 @@
values:
module.vpc["gateway"].google_compute_network.network[0]:
name: my-network-with-route-gateway
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -26,7 +26,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
@ -38,11 +38,11 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["ilb"].google_compute_network.network[0]:
name: my-network-with-route-ilb
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -53,7 +53,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
@ -65,11 +65,11 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["instance"].google_compute_network.network[0]:
name: my-network-with-route-instance
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -80,7 +80,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
@ -93,11 +93,11 @@ values:
next_hop_instance_zone: europe-west1-b
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["ip"].google_compute_network.network[0]:
name: my-network-with-route-ip
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -108,7 +108,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
@ -121,11 +121,11 @@ values:
next_hop_ip: 192.168.0.128
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["vpn_tunnel"].google_compute_network.network[0]:
name: my-network-with-route-vpn-tunnel
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -136,7 +136,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
@ -148,9 +148,9 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
priority: 1000
project: my-project
project: project-id
tags: null
counts:
google_compute_network: 5
google_compute_route: 10
google_compute_route: 10

29
tests/modules/net_vpc/examples/shared-vpc.yaml
View File

@ -15,15 +15,14 @@
values:
module.vpc-host.google_compute_network.network[0]:
name: my-host-network
project: my-project
project: project-id
module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: my-project
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
host_project: my-project
service_project: project1
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
host_project: my-project
service_project: project2
project: project-id
module.service-project.google_project.project[0]:
project_id: test-prj1
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["test-prj1"]:
host_project: project-id
service_project: test-prj1
module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
secondary_ip_range:
- ip_cidr_range: 172.16.0.0/20
@ -33,24 +32,26 @@ values:
module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- serviceAccount:cloudsvc
- serviceAccount:gke
project: my-project
- serviceAccount:service_account_email
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]:
condition: []
members:
- serviceAccount:gke
project: my-project
- serviceAccount:service_account_email
project: project-id
region: europe-west1
role: roles/compute.securityAdmin
subnetwork: subnet-1
counts:
google_compute_network: 1
google_compute_route: 2
google_compute_shared_vpc_host_project: 1
google_compute_shared_vpc_service_project: 2
google_compute_shared_vpc_service_project: 1
google_compute_subnetwork: 1
google_compute_subnetwork_iam_binding: 2
modules: 2

12
tests/modules/net_vpc/examples/simple.yaml
View File

@ -18,7 +18,7 @@ values:
delete_default_routes_on_create: false
description: Terraform-managed.
name: my-network
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
description: Terraform-managed.
@ -26,7 +26,7 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -40,7 +40,7 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west2
role: null
secondary_ip_range: []
@ -52,7 +52,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -64,11 +64,11 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_route: 2
google_compute_route: 2

27
tests/modules/net_vpc/examples/subnet-iam.yaml
View File

@ -20,7 +20,7 @@ values:
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
project: my-project
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -32,7 +32,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -44,7 +44,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
@ -54,19 +54,19 @@ values:
log_config: []
name: subnet-1
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
description: Terraform-managed.
ip_cidr_range: 10.0.1.0/24
ip_cidr_range: 10.0.2.0/24
ipv6_access_type: null
log_config: []
name: subnet-2
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
@ -74,9 +74,8 @@ values:
module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- group:group1@example.com
- user:user1@example.com
project: my-project
- group:organization-admins@example.org
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
@ -86,15 +85,15 @@ values:
expression: resource.matchTag('123456789012/env', 'prod')
title: test_condition
members:
- group:group2@example.com
project: my-project
- group:organization-admins@example.org
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]:
condition: []
member: user:am1@example.com
project: my-project
member: group:organization-admins@example.org
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-2
@ -108,4 +107,4 @@ counts:
modules: 1
resources: 8
outputs: {}
outputs: {}

12
tests/modules/net_vpc/examples/subnet-options.yaml
View File

@ -15,14 +15,14 @@
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
description: Subnet b
ip_cidr_range: 10.0.1.0/24
log_config: []
name: no-pga
private_ip_google_access: false
project: my-project
project: project-id
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
@ -31,7 +31,7 @@ values:
log_config: []
name: simple
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
@ -46,7 +46,7 @@ values:
metadata_fields: null
name: with-flow-logs
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
@ -56,7 +56,7 @@ values:
log_config: []
name: with-secondary-ranges
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -67,4 +67,4 @@ values:
counts:
google_compute_network: 1
google_compute_subnetwork: 4
google_compute_subnetwork: 4