added support for labels with google_compute_global_address resource (#3622)
Co-authored-by: Julio Castillo <jccb@google.com>
This commit is contained in:
David Liebert
@@ -321,7 +321,7 @@ module "vpc" {
|
||||
|
||||
### Private Service Networking with peering routes and peered Cloud DNS domains
|
||||
|
||||
Custom routes can be optionally exported/imported through the peering formed with the Google managed PSA VPC.
|
||||
Custom routes can be optionally exported/imported through the peering formed with the Google managed PSA VPC. Labels are applied to the google_compute_global_address resource.
|
||||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
@@ -339,6 +339,7 @@ module "vpc" {
|
||||
ranges = { myrange = "10.0.1.0/24" }
|
||||
export_routes = true
|
||||
import_routes = true
|
||||
labels = { environment = "test", data_classification = "sensitive" }
|
||||
peered_domains = ["gcp.example.com."]
|
||||
}]
|
||||
}
|
||||
@@ -915,16 +916,16 @@ secondary_ip_ranges:
|
||||
| [network_attachments](variables.tf#L189) | PSC network attachments, names as keys. | <code title="map(object({ subnet = string automatic_connection = optional(bool, false) description = optional(string, "Terraform-managed.") producer_accept_lists = optional(list(string)) producer_reject_lists = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [peering_config](variables.tf#L202) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [policy_based_routes](variables.tf#L213) | Policy based routes, keyed by name. | <code title="map(object({ description = optional(string, "Terraform-managed.") labels = optional(map(string)) priority = optional(number) next_hop_ilb_ip = optional(string) use_default_routing = optional(bool, false) filter = optional(object({ ip_protocol = optional(string) dest_range = optional(string) src_range = optional(string) }), {}) target = optional(object({ interconnect_attachment = optional(string) tags = optional(list(string)) }), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psa_configs](variables.tf#L266) | The Private Service Access configuration. | <code title="list(object({ deletion_policy = optional(string, null) ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) range_prefix = optional(string) service_producer = optional(string, "servicenetworking.googleapis.com") }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [routes](variables.tf#L297) | Network routes, keyed by name. | <code title="map(object({ description = optional(string, "Terraform-managed.") dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [routing_mode](variables.tf#L318) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L328) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L334) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnets](variables.tf#L340) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = optional(string) region = string description = optional(string) enable_private_access = optional(bool, true) allow_subnet_cidr_routes_overlap = optional(bool, null) reserved_internal_range = optional(string) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") ipv6_only = optional(bool, false) })) ip_collection = optional(string, null) secondary_ip_ranges = optional(map(object({ ip_cidr_range = optional(string) reserved_internal_range = optional(string) }))) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_private_nat](variables.tf#L420) | List of private NAT subnets. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L432) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = optional(bool, true) global = optional(bool, false) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L466) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_reuse](variables.tf#L498) | Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used. | <code title="object({ use_data_source = optional(bool, true) attributes = optional(object({ network_id = number })) })">object({…})</code> | | <code>null</code> |
|
||||
| [psa_configs](variables.tf#L266) | The Private Service Access configuration. | <code title="list(object({ deletion_policy = optional(string, null) ranges = map(string) labels = optional(map(string), {}) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) range_prefix = optional(string) service_producer = optional(string, "servicenetworking.googleapis.com") }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [routes](variables.tf#L298) | Network routes, keyed by name. | <code title="map(object({ description = optional(string, "Terraform-managed.") dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [routing_mode](variables.tf#L319) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L329) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L335) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnets](variables.tf#L341) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = optional(string) region = string description = optional(string) enable_private_access = optional(bool, true) allow_subnet_cidr_routes_overlap = optional(bool, null) reserved_internal_range = optional(string) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") ipv6_only = optional(bool, false) })) ip_collection = optional(string, null) secondary_ip_ranges = optional(map(object({ ip_cidr_range = optional(string) reserved_internal_range = optional(string) }))) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_private_nat](variables.tf#L421) | List of private NAT subnets. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L433) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = optional(bool, true) global = optional(bool, false) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L467) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_reuse](variables.tf#L499) | Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used. | <code title="object({ use_data_source = optional(bool, true) attributes = optional(object({ network_id = number })) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -20,8 +20,9 @@ locals {
|
||||
_psa_configs_ranges = flatten([
|
||||
for config in local.psa_configs : [
|
||||
for k, v in config.ranges : {
|
||||
key = "${config.key}${k}"
|
||||
value = v
|
||||
key = "${config.key}${k}"
|
||||
value = v
|
||||
labels = config.labels
|
||||
}
|
||||
]
|
||||
])
|
||||
@@ -47,6 +48,12 @@ locals {
|
||||
for v in local._psa_configs_ranges :
|
||||
v.key => lookup(local.ctx.cidr_ranges, v.value, v.value)
|
||||
}
|
||||
|
||||
psa_configs_labels = {
|
||||
for v in local._psa_configs_ranges :
|
||||
v.key => v.labels
|
||||
}
|
||||
|
||||
psa_peered_domains = {
|
||||
for v in local._psa_peered_domains : v.key => v
|
||||
}
|
||||
@@ -56,6 +63,7 @@ resource "google_compute_global_address" "psa_ranges" {
|
||||
for_each = local.psa_configs_ranges
|
||||
project = local.project_id
|
||||
network = local.network.id
|
||||
labels = local.psa_configs_labels[each.key]
|
||||
name = each.key
|
||||
purpose = "VPC_PEERING"
|
||||
address_type = "INTERNAL"
|
||||
|
||||
@@ -268,6 +268,7 @@ variable "psa_configs" {
|
||||
type = list(object({
|
||||
deletion_policy = optional(string, null)
|
||||
ranges = map(string)
|
||||
labels = optional(map(string), {})
|
||||
export_routes = optional(bool, false)
|
||||
import_routes = optional(bool, false)
|
||||
peered_domains = optional(list(string), [])
|
||||
|
||||
Reference in New Issue
Block a user