Skip to content

Commit

Permalink
Merge branch 'master' into apigee-module-fix
Browse files Browse the repository at this point in the history
  • Loading branch information
apichick authored Sep 13, 2023
2 parents fdb133f + efac8e4 commit 008abe4
Show file tree
Hide file tree
Showing 7 changed files with 63 additions and 17 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ All notable changes to this project will be documented in this file.

### FAST

- [[#1664](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1664)] Align pf stage sample data to new format ([ludoo](https://github.com/ludoo)) <!-- 2023-09-09 08:04:19+00:00 -->
- [[#1663](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1663)] [#1661] Make FAST stage 1 resman tf destroy more reliable ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-09-08 10:09:31+00:00 -->
- [[#1659](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1659)] Link project factory documentation from FAST stage ([ludoo](https://github.com/ludoo)) <!-- 2023-09-08 07:14:16+00:00 -->
- [[#1658](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1658)] **incompatible change:** Change type of `iam_bindings` variable to allow multiple conditional bindings ([ludoo](https://github.com/ludoo)) <!-- 2023-09-08 06:56:31+00:00 -->
Expand All @@ -47,6 +48,9 @@ All notable changes to this project will be documented in this file.

### MODULES

- [[#1669](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1669)] Fix for partner interconnect ([apichick](https://github.com/apichick)) <!-- 2023-09-12 13:29:35+00:00 -->
- [[#1668](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1668)] fix(compute-mig): add correct type optionality for metrics in autosca… ([NotArpit](https://github.com/NotArpit)) <!-- 2023-09-12 11:58:09+00:00 -->
- [[#1667](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1667)] fix(compute-mig): add mode property to compute_region_autoscaler ([NotArpit](https://github.com/NotArpit)) <!-- 2023-09-11 11:25:32+00:00 -->
- [[#1658](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1658)] **incompatible change:** Change type of `iam_bindings` variable to allow multiple conditional bindings ([ludoo](https://github.com/ludoo)) <!-- 2023-09-08 06:56:31+00:00 -->
- [[#1653](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1653)] Fixes to the apigee module ([juliocc](https://github.com/juliocc)) <!-- 2023-09-07 15:02:56+00:00 -->
- [[#1642](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1642)] New phpIPAM serverless third parties solution in blueprints ([simonebruzzechesse](https://github.com/simonebruzzechesse)) <!-- 2023-09-07 13:30:23+00:00 -->
Expand Down
24 changes: 19 additions & 5 deletions modules/net-vpc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,13 @@ module "vpc" {
name = "regional-proxy"
region = "europe-west1"
active = true
},
{
ip_cidr_range = "10.0.4.0/24"
name = "global-proxy"
region = "australia-southeast2"
active = true
global = true
}
]
subnets_psc = [
Expand All @@ -309,7 +316,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=proxy-only-subnets.yaml
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
```

### DNS Policies
Expand Down Expand Up @@ -348,7 +355,7 @@ module "vpc" {
name = "my-network"
data_folder = "config/subnets"
}
# tftest modules=1 resources=9 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-psc inventory=factory.yaml
# tftest modules=1 resources=10 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-proxy-global,subnet-psc inventory=factory.yaml
```

```yaml
Expand Down Expand Up @@ -392,6 +399,13 @@ ip_cidr_range: 10.1.0.0/24
purpose: REGIONAL_MANAGED_PROXY
```
```yaml
# tftest-file id=subnet-proxy-global path=config/subnets/subnet-proxy-global.yaml
region: australia-southeast2
ip_cidr_range: 10.4.0.0/24
purpose: GLOBAL_MANAGED_PROXY
```
```yaml
# tftest-file id=subnet-psc path=config/subnets/subnet-psc.yaml
region: europe-west4
Expand Down Expand Up @@ -546,9 +560,9 @@ module "vpc" {
| [subnet_iam_bindings](variables.tf#L173) | Authoritative IAM bindings in {REGION/NAME => {ROLE => {members = [], condition = {}}}}. | <code title="map&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;&#41;">map&#40;map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnet_iam_bindings_additive](variables.tf#L187) | Individual additive IAM bindings. Keys are arbitrary. | <code title="map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; subnet &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnets](variables.tf#L203) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; flow_logs_config &#61; optional&#40;object&#40;&#123;&#10; aggregation_interval &#61; optional&#40;string&#41;&#10; filter_expression &#61; optional&#40;string&#41;&#10; flow_sampling &#61; optional&#40;number&#41;&#10; metadata &#61; optional&#40;string&#41;&#10; metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; ipv6 &#61; optional&#40;object&#40;&#123;&#10; access_type &#61; optional&#40;string, &#34;INTERNAL&#34;&#41;&#10; &#125;&#41;&#41;&#10; secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_proxy_only](variables.tf#L230) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; active &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_psc](variables.tf#L243) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc_create](variables.tf#L255) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
| [subnets_proxy_only](variables.tf#L230) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; active &#61; bool&#10; global &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_psc](variables.tf#L244) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc_create](variables.tf#L256) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |

## Outputs

Expand Down
2 changes: 1 addition & 1 deletion modules/net-vpc/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -136,4 +136,4 @@ output "subnets_proxy_only" {
output "subnets_psc" {
description = "Private Service Connect subnet resources."
value = { for k, v in google_compute_subnetwork.psc : k => v }
}
}
16 changes: 12 additions & 4 deletions modules/net-vpc/subnets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ locals {
iam_members = try(v.iam_members, [])
purpose = try(v.purpose, null)
active = try(v.active, null)
global = null
}
}
_factory_subnets_iam = [
Expand Down Expand Up @@ -73,7 +74,8 @@ locals {
)
subnets_proxy_only = merge(
{ for s in var.subnets_proxy_only : "${s.region}/${s.name}" => s },
{ for k, v in local._factory_subnets : k => v if v.purpose == "REGIONAL_MANAGED_PROXY" }
{ for k, v in local._factory_subnets : k => v if v.purpose == "REGIONAL_MANAGED_PROXY" },
{ for k, v in local._factory_subnets : k => v if v.purpose == "GLOBAL_MANAGED_PROXY" }
)
subnets_psc = merge(
{ for s in var.subnets_psc : "${s.region}/${s.name}" => s },
Expand Down Expand Up @@ -130,11 +132,17 @@ resource "google_compute_subnetwork" "proxy_only" {
ip_cidr_range = each.value.ip_cidr_range
description = (
each.value.description == null
? "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
? "Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB."
: each.value.description
)
purpose = "REGIONAL_MANAGED_PROXY"
role = each.value.active != false ? "ACTIVE" : "BACKUP"
purpose = try(
each.value.purpose,
each.value.global != false
? "GLOBAL_MANAGED_PROXY"
: "REGIONAL_MANAGED_PROXY"
)

role = each.value.active != false ? "ACTIVE" : "BACKUP"
}

resource "google_compute_subnetwork" "psc" {
Expand Down
3 changes: 2 additions & 1 deletion modules/net-vpc/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -228,13 +228,14 @@ variable "subnets" {
}

variable "subnets_proxy_only" {
description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
type = list(object({
name = string
ip_cidr_range = string
region = string
description = optional(string)
active = bool
global = optional(bool, false)
}))
default = []
nullable = false
Expand Down
18 changes: 14 additions & 4 deletions tests/modules/net_vpc/examples/factory.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,7 @@ values:
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal
HTTPS LB.
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.1.0.0/24
ipv6_access_type: null
log_config: []
Expand All @@ -59,6 +58,17 @@ values:
region: europe-west4
role: ACTIVE
timeouts: null
module.vpc.google_compute_subnetwork.proxy_only["australia-southeast2/subnet-proxy-global"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.4.0.0/24
ipv6_access_type: null
log_config: []
name: subnet-proxy-global
project: my-project
purpose: GLOBAL_MANAGED_PROXY
region: australia-southeast2
role: ACTIVE
timeouts: null
module.vpc.google_compute_subnetwork.psc["europe-west4/subnet-psc"]:
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.2.0.0/24
Expand Down Expand Up @@ -127,9 +137,9 @@ values:
counts:
google_compute_network: 1
google_compute_route: 2
google_compute_subnetwork: 5
google_compute_subnetwork: 6
google_compute_subnetwork_iam_binding: 1
modules: 1
resources: 9
resources: 10

outputs: {}
13 changes: 11 additions & 2 deletions tests/modules/net_vpc/examples/proxy-only-subnets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,23 @@ values:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: regional-proxy
project: my-project
purpose: REGIONAL_MANAGED_PROXY
region: europe-west1
role: ACTIVE
module.vpc.google_compute_subnetwork.proxy_only["australia-southeast2/global-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.0.4.0/24
log_config: []
name: global-proxy
project: my-project
purpose: GLOBAL_MANAGED_PROXY
region: australia-southeast2
role: ACTIVE
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.3.0/24
Expand All @@ -37,4 +46,4 @@ values:

counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_subnetwork: 3

0 comments on commit 008abe4

Please sign in to comment.