kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

subnets with the same name in different regions (#67)

Browse Source 
* support for subnets with the same name in different regions

* fix net-vpc tests
This commit is contained in:
Roberto Jung Drebes
2020-05-04 08:25:53 +02:00
committed by GitHub
parent 711f113cf0
commit 14ec791556
9 changed files with 166 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
modules/net-vpc/README.md
View File

@@ -13,8 +13,8 @@ module "vpc" {
source = "../modules/net-vpc"
project_id = "my-project"
name = "my-network"
subnets = {
subnet-1 = {
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = "production"
region = "europe-west1"
@@ -22,14 +22,14 @@ module "vpc" {
pods = "172.16.0.0/20"
services = "192.168.0.0/24"
}
}
subnet-2 = {
},
{
ip_cidr_range = "10.0.16.0/24"
name = "production"
region = "europe-west2"
secondary_ip_range = {}
}
}
]
}
```
@@ -42,17 +42,17 @@ module "vpc-spoke-1" {
source = "../modules/net-vpc"
project_id = "my-project"
name = "my-network"
subnets = {
subnet-1 = {
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = null
name = "subnet-1"
region = "europe-west1"
secondary_ip_range = {
pods = "172.16.0.0/20"
services = "192.168.0.0/24"
}
}
}
]
peering_config = {
peer_vpc_self_link = module.vpc-hub.self_link
export_routes = false
@@ -68,30 +68,30 @@ module "vpc-host" {
source = "../modules/net-vpc"
project_id = "my-project"
name = "my-host-network"
subnets = {
subnet-1 = {
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = null
name = "subnet-1"
region = "europe-west1"
secondary_ip_range = {
pods = "172.16.0.0/20"
services = "192.168.0.0/24"
}
}
}
]
shared_vpc_host = true
shared_vpc_service_projects = [
local.service_project_1.project_id,
local.service_project_2.project_id
]
iam_roles = {
subnet-1 = [
"europe-west1/subnet-1" = [
"roles/compute.networkUser",
"roles/compute.securityAdmin"
]
}
iam_members = {
subnet-1 = {
"europe-west1/subnet-1" = {
"roles/compute.networkUser" = [
local.service_project_1.cloudsvc_sa,
local.service_project_1.gke_sa
@@ -113,19 +113,19 @@ module "vpc-host" {
| project_id | The ID of the project where this VPC will be created | <code title="">string</code> | ✓ | |
| *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | <code title="">bool</code> | | <code title="">false</code> |
| *description* | An optional description of this resource (triggers recreation on change). | <code title="">string</code> | | <code title="">Terraform-managed.</code> |
| *iam_members* | List of IAM members keyed by subnet and role. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> | | <code title="">null</code> |
| *iam_roles* | List of IAM roles keyed by subnet. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> | | <code title="">null</code> |
| *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> | | <code title="">null</code> |
| *iam_roles* | List of IAM roles keyed by subnet 'region/name'. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> | | <code title="">null</code> |
| *log_config_defaults* | Default configuration for flow logs when enabled. | <code title="object&#40;&#123;&#10;aggregation_interval &#61; string&#10;flow_sampling &#61; number&#10;metadata &#61; string&#10;&#125;&#41;">object({...})</code> | | <code title="&#123;&#10;aggregation_interval &#61; &#34;INTERVAL_5_SEC&#34;&#10;flow_sampling &#61; 0.5&#10;metadata &#61; &#34;INCLUDE_ALL_METADATA&#34;&#10;&#125;">...</code> |
| *log_configs* | Map of per-subnet optional configurations for flow logs when enabled. | <code title="map&#40;map&#40;string&#41;&#41;">map(map(string))</code> | | <code title="">null</code> |
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | <code title="map&#40;map&#40;string&#41;&#41;">map(map(string))</code> | | <code title="">null</code> |
| *peering_config* | VPC peering configuration. | <code title="object&#40;&#123;&#10;peer_vpc_self_link &#61; string&#10;export_routes &#61; bool&#10;import_routes &#61; bool&#10;&#125;&#41;">object({...})</code> | | <code title="">null</code> |
| *routes* | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10;dest_range &#61; string&#10;priority &#61; number&#10;tags &#61; list&#40;string&#41;&#10;next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10;next_hop &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">null</code> |
| *routing_mode* | The network routing mode (default 'GLOBAL') | <code title="">string</code> | | <code title="">GLOBAL</code> |
| *shared_vpc_host* | Enable shared VPC for this project. | <code title="">bool</code> | | <code title="">false</code> |
| *shared_vpc_service_projects* | Shared VPC service projects to register with this host | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">[]</code> |
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet name. | <code title="map&#40;string&#41;">map(string)</code> | | <code title="">{}</code> |
| *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet name. | <code title="map&#40;bool&#41;">map(bool)</code> | | <code title="">{}</code> |
| *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet name. | <code title="map&#40;bool&#41;">map(bool)</code> | | <code title="">{}</code> |
| *subnets* | Subnets being created. If name is set to null, a default will be used combining network name and this map key. | <code title="map&#40;object&#40;&#123;&#10;ip_cidr_range &#61; string&#10;name &#61; string&#10;region &#61; string&#10;secondary_ip_range &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">null</code> |
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | <code title="map&#40;string&#41;">map(string)</code> | | <code title="">{}</code> |
| *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | <code title="map&#40;bool&#41;">map(bool)</code> | | <code title="">{}</code> |
| *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | <code title="map&#40;bool&#41;">map(bool)</code> | | <code title="">{}</code> |
| *subnets* | The list of subnets being created | <code title="map&#40;object&#40;&#123;&#10;ip_cidr_range &#61; string&#10;region &#61; string&#10;secondary_ip_range &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">null</code> |
## Outputs
@@ -136,10 +136,10 @@ module "vpc-host" {
| network | Network resource. | |
| project_id | Shared VPC host project id. | |
| self_link | The URI of the VPC being created. | |
| subnet_ips | Map of subnet address ranges keyed by name. | |
| subnet_regions | Map of subnet regions keyed by name. | |
| subnet_secondary_ranges | Map of subnet secondary ranges keyed by name. | |
| subnet_self_links | Map of subnet self links keyed by name. | |
| subnet_ips | Map of subnet address ranges keyed by 'region/name'. | |
| subnet_regions | Map of subnet regions keyed by 'region/name'. | |
| subnet_secondary_ranges | Map of subnet secondary ranges keyed by 'region/name'. | |
| subnet_self_links | Map of subnet self links keyed by 'region/name'. | |
| subnets | Subnet resources. | |
<!-- END TFDOC -->

26
modules/net-vpc/main.tf
View File

@@ -52,7 +52,7 @@ locals {
name => data if data.next_hop_type == "vpn_tunnel"
}
subnet_log_configs = {
for name, attrs in local.subnets : name => (
for name, attrs in { for s in local.subnets : format("%s/%s", s.region, s.name) => s } : name => (
lookup(var.subnet_flow_logs, name, false)
? [{
for key, value in var.log_config_defaults : key => lookup(
@@ -62,15 +62,19 @@ locals {
: []
)
}
subnets = var.subnets == null ? {} : var.subnets
subnets = {
for subnet in var.subnets :
"${subnet.region}/${subnet.name}" => subnet
}
}
resource "google_compute_network" "network" {
project = var.project_id
name = var.name
description = var.description
auto_create_subnetworks = var.auto_create_subnetworks
routing_mode = var.routing_mode
project = var.project_id
name = var.name
description = var.description
auto_create_subnetworks = var.auto_create_subnetworks
delete_default_routes_on_create = var.delete_default_routes_on_create
routing_mode = var.routing_mode
}
resource "google_compute_network_peering" "local" {
@@ -116,16 +120,16 @@ resource "google_compute_subnetwork" "subnetwork" {
project = var.project_id
network = google_compute_network.network.name
region = each.value.region
name = each.value.name != null ? each.value.name : "${var.name}-${each.key}"
name = each.value.name
ip_cidr_range = each.value.ip_cidr_range
secondary_ip_range = each.value.secondary_ip_range == null ? [] : [
for name, range in each.value.secondary_ip_range :
{ range_name = name, ip_cidr_range = range }
]
description = lookup(var.subnet_descriptions, each.key, "Terraform-managed.")
private_ip_google_access = lookup(var.subnet_private_access, each.key, true)
description = lookup(var.subnet_descriptions, "${each.value.region}/${each.value.name}", "Terraform-managed.")
private_ip_google_access = lookup(var.subnet_private_access, "${each.value.region}/${each.value.name}", true)
dynamic "log_config" {
for_each = local.subnet_log_configs[each.key]
for_each = local.subnet_log_configs["${each.value.region}/${each.value.name}"]
iterator = config
content {
aggregation_interval = config.value.aggregation_interval

25
modules/net-vpc/variables.tf
View File

@@ -20,6 +20,12 @@ variable "auto_create_subnetworks" {
default = false
}
variable "delete_default_routes_on_create" {
description = "Set to true to delete the default routes at creation time."
type = bool
default = false
}
variable "description" {
description = "An optional description of this resource (triggers recreation on change)."
type = string
@@ -27,19 +33,19 @@ variable "description" {
}
variable "iam_roles" {
description = "List of IAM roles keyed by subnet."
description = "List of IAM roles keyed by subnet 'region/name'."
type = map(list(string))
default = null
}
variable "iam_members" {
description = "List of IAM members keyed by subnet and role."
description = "List of IAM members keyed by subnet 'region/name' and role."
type = map(map(list(string)))
default = null
}
variable "log_configs" {
description = "Map of per-subnet optional configurations for flow logs when enabled."
description = "Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled."
type = map(map(string))
default = null
}
@@ -109,30 +115,31 @@ variable "shared_vpc_service_projects" {
}
variable "subnets" {
description = "Subnets being created. If name is set to null, a default will be used combining network name and this map key."
type = map(object({
description = "The list of subnets being created"
type = list(object({
name = string
ip_cidr_range = string
name = string
region = string
secondary_ip_range = map(string)
}))
default = null
default = []
}
variable "subnet_descriptions" {
description = "Optional map of subnet descriptions, keyed by subnet name."
description = "Optional map of subnet descriptions, keyed by subnet 'region/name'."
type = map(string)
default = {}
}
variable "subnet_flow_logs" {
description = "Optional map of boolean to control flow logs (default is disabled), keyed by subnet name."
description = "Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'."
type = map(bool)
default = {}
}
variable "subnet_private_access" {
description = "Optional map of boolean to control private Google access (default is enabled), keyed by subnet name."
description = "Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'."
type = map(bool)
default = {}
}