Support for net-vlan-attachments in 2-networking (#3789)

tests/fast/stages/s2_networking/data-testvlan/defaults.yaml

@@ -0,0 +1,48 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/defaults.schema.json
+
+context:
+  cidr_ranges_sets:
+    healthchecks:
+      - 35.191.0.0/16
+      - 130.211.0.0/22
+      - 209.85.152.0/22
+      - 209.85.204.0/22
+    rfc1918:
+      - 10.0.0.0/8
+      - 172.16.0.0/12
+      - 192.168.0.0/16
+  locations:
+    primary: europe-west1
+    secondary: europe-west3
+  iam_principals: {}
+projects:
+  defaults:
+    locations:
+      storage: eu
+  # edit and uncomment for vpc-sc cooperative configuration
+  # overrides:
+  #   vpc_sc:
+  #     perimeter_name: $vpc_sc_perimeters:default
+  #     is_dry_run: true
+vpcs:
+  auto_create_subnetworks: false
+  delete_default_route_on_create: true
+  mtu: 1500
+output_files:
+  # local path is optional but recommended when starting
+  # local_path: ~/fast-config/fast-test-00
+  storage_bucket: $storage_buckets:iac-0/iac-outputs

tests/fast/stages/s2_networking/data-testvlan/ncc-hubs/hub.yaml

@@ -0,0 +1,14 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../schemas/ncc-hub.schema.json
+
+name: hub
+project_id: $project_ids:net-core-0
+groups:
+  default:
+    auto_accept:
+      - $project_ids:net-core-0
+      - $project_ids:net-prod-0
+      - $project_ids:net-dev-0

tests/fast/stages/s2_networking/data-testvlan/projects/net-core-0.yaml

@@ -0,0 +1,19 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../schemas/project.schema.json
+name: prod-net-core-0
+parent: $folder_ids:networking
+services:
+  - container.googleapis.com
+  - compute.googleapis.com
+  - dns.googleapis.com
+  - iap.googleapis.com
+  - networkmanagement.googleapis.com
+  - networksecurity.googleapis.com
+  - servicenetworking.googleapis.com
+  - stackdriver.googleapis.com
+  - vpcaccess.googleapis.com
+shared_vpc_host_config:
+  enabled: true

tests/fast/stages/s2_networking/data-testvlan/vpcs/hub/.config.yaml

@@ -0,0 +1,18 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/vpc.schema.json
+
+project_id: $project_ids:net-core-0
+name: hub-0
+delete_default_routes_on_create: true
+routers:
+  hybrid-connectivity-router:
+    region: $locations:primary
+    asn: 64514
+routes:
+  default:
+    dest_range: 0.0.0.0/0
+    next_hop_type: "gateway"
+    next_hop: "default-internet-gateway"

tests/fast/stages/s2_networking/data-testvlan/vpcs/hub/subnets/hub-default.yaml

@@ -0,0 +1,8 @@
+# skip boilerplate check
+
+# yaml-language-server: $schema=../../../../../schemas/subnet.schema.json
+
+name: hub-default
+region: $locations:primary
+ip_cidr_range: 10.71.0.0/24
+description: Default primary-region subnet for hub

tests/fast/stages/s2_networking/data-testvlan/vpcs/hub/vlan-attachments/onprem-0.yaml

@@ -0,0 +1,28 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../schemas/vlan-attachments.schema.json
+
+name: to-onprem-vlan-0
+region: $locations:primary
+router_config:
+  create: false
+  name: $routers:hub/hybrid-connectivity-router
+ncc_spoke_config:
+  hub: $ncc_hubs:hub
+peer_asn: "64513"
+dedicated_interconnect_config:
+  bandwidth: BPS_10G
+  interconnect: "https://www.googleapis.com/compute/v1/projects/my-project/global/interconnects/my-interconnect-0"
+  vlan_tag: "123"

tests/fast/stages/s2_networking/data-testvlan/vpcs/hub/vlan-attachments/onprem-1.yaml

@@ -0,0 +1,28 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../schemas/vlan-attachments.schema.json
+
+name: to-onprem-vlan-1
+region: $locations:primary
+router_config:
+  create: false
+  name: $routers:hub/hybrid-connectivity-router
+ncc_spoke_config:
+  hub: $ncc_hubs:hub
+peer_asn: "64513"
+dedicated_interconnect_config:
+  bandwidth: BPS_10G
+  interconnect: "https://www.googleapis.com/compute/v1/projects/my-project/global/interconnects/my-interconnect-1"
+  vlan_tag: "124"

tests/fast/stages/s2_networking/data-testvlan/vpcs/hub/vpns/onprem.yaml

@@ -0,0 +1,46 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../schemas/vpn.schema.json
+
+name: to-onprem
+region: $locations:primary
+peer_gateways:
+  default:
+    external:
+      redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
+      interfaces:
+        - 8.8.8.8
+router_config:
+  create: false
+  name: $routers:hub/hybrid-connectivity-router
+ncc_spoke_config:
+  hub: $ncc_hubs:hub
+tunnels:
+  remote-0:
+    bgp_peer:
+      address: 169.254.128.1
+      asn: 64513
+    bgp_session_range: "169.254.128.2/30"
+    peer_external_gateway_interface: 0
+    shared_secret: "mySecret"
+    vpn_gateway_interface: 0
+  remote-1:
+    bgp_peer:
+      address: 169.254.128.5
+      asn: 64513
+    bgp_session_range: "169.254.128.6/30"
+    peer_external_gateway_interface: 0
+    shared_secret: "mySecret"
+    vpn_gateway_interface: 1

tests/fast/stages/s2_networking/ncc.yaml

@@ -1,4 +1,4 @@
-# Copyright 2025 Google LLC
+# Copyright 2026 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

tests/fast/stages/s2_networking/nva.yaml

@@ -1,4 +1,4 @@
-# Copyright 2025 Google LLC
+# Copyright 2026 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

tests/fast/stages/s2_networking/simple.yaml

@@ -1,4 +1,4 @@
-# Copyright 2025 Google LLC
+# Copyright 2026 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

tests/fast/stages/s2_networking/tftest.yaml

@@ -1,4 +1,4 @@
-# Copyright 2025 Google LLC
+# Copyright 2026 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,4 +19,9 @@ tests:
   simple:
   ncc:
   nva:
+  vlan_attachments:
+    inventory:
+      - vlan_attachments.yaml
+    extra_dirs:
+      - ../../../tests/fast/stages/s2_networking/data-testvlan
   vpns:

tests/fast/stages/s2_networking/vlan_attachments.tfvars

@@ -0,0 +1,34 @@
+automation = {
+  outputs_bucket = "test"
+}
+billing_account = {
+  id = "000000-111111-222222"
+}
+factories_config = {
+  dataset = "./data-testvlan"
+  paths = {
+    defaults = "defaults.yaml"
+  }
+}
+folder_ids = {
+  "networking"      = "folders/12345678"
+  "networking/prod" = "folders/23456789"
+  "networking/dev"  = "folders/34567890"
+}
+organization = {
+  domain      = "fast.example.com"
+  id          = 123456789012
+  customer_id = "C00000000"
+}
+prefix = "fast"
+service_accounts = {
+  "iac-0/iac-pf-rw" = "iac-pf-rw@test.iam.gserviceaccount.com"
+  "iac-0/iac-pf-ro" = "iac-pf-ro@test.iam.gserviceaccount.com"
+}
+storage_buckets = {
+  "iac-0/iac-outputs" = "test"
+}
+tag_values = {
+  "environment/development" = "tagValues/12345"
+  "environment/production"  = "tagValues/12346"
+}

tests/fast/stages/s2_networking/vlan_attachments.yaml

@@ -0,0 +1,38 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+counts:
+  google_compute_external_vpn_gateway: 1
+  google_compute_ha_vpn_gateway: 1
+  google_compute_interconnect_attachment: 2
+  google_compute_network: 1
+  google_compute_route: 4
+  google_compute_router: 1
+  google_compute_router_interface: 4
+  google_compute_router_peer: 4
+  google_compute_shared_vpc_host_project: 1
+  google_compute_subnetwork: 1
+  google_compute_vpn_tunnel: 2
+  google_network_connectivity_group: 1
+  google_network_connectivity_hub: 1
+  google_network_connectivity_spoke: 3
+  google_project: 1
+  google_project_iam_member: 7
+  google_project_service: 9
+  google_project_service_identity: 7
+  google_storage_bucket_object: 2
+  modules: 9
+  random_id: 5
+  resources: 60
+  terraform_data: 2

tests/fast/stages/s2_networking/vpns.yaml

@@ -1,4 +1,4 @@
-# Copyright 2025 Google LLC
+# Copyright 2026 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ counts:
   google_compute_ha_vpn_gateway: 5
   google_compute_network: 3
   google_compute_route: 12
-  google_compute_router: 4
+  google_compute_router: 5
   google_compute_router_interface: 10
   google_compute_router_nat: 1
   google_compute_router_peer: 10
@@ -39,5 +39,5 @@ counts:
   google_storage_bucket_object: 2
   modules: 30
   random_id: 15
-  resources: 215
+  resources: 216
   terraform_data: 2