Add net-vpc-factory and starter-gcd dataset to 0-org-setup, fix context in net-vpc-factory (#3860)

* feat(fast/0-org-setup): integrate net-vpc-factory into stage 0 * initial starter dataset * starter pack * fix(fast/0-org-setup): correct factory vpcs paths definition and update test inventory * feat(fast/0-org-setup): add VPC and subnet outputs and update stage tfvars * test(fast/0-org-setup): update gcd starter defaults and regenerate inventory * fix(modules/net-vpc-factory): remove internal defaults logic and pass context correctly * fix typo in dataset fw rule, add missing boilerplate, set sane defaults for net vpc factory * terraform fmt * tfdoc, copyright year * schema docs * yamllint
2026-04-13 09:42:03 +02:00
parent 6847fae28d
commit 85b0871085
55 changed files with 3754 additions and 131 deletions
--- a/modules/net-vpc-factory/README.md
+++ b/modules/net-vpc-factory/README.md
@@ -181,10 +181,10 @@ ingress:

 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [factories_config](variables.tf#L97) | Path to folder with YAML resource description data files. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [factories_config](variables.tf#L99) | Path to folder with YAML resource description data files. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
 | [context](variables.tf#L17) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [data_defaults](variables.tf#L27) | Optional default values used when corresponding vpc data from files are missing. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [data_overrides](variables.tf#L62) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [data_defaults](variables.tf#L29) | Optional default values used when corresponding vpc data from files are missing. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [data_overrides](variables.tf#L64) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |

 ## Outputs

--- a/modules/net-vpc-factory/data/defaults.yaml
+++ b/modules/net-vpc-factory/data/defaults.yaml
@@ -1,35 +0,0 @@
-# Copyright 2025 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# yaml-language-server: $schema=../schemas/defaults.schema.json
-
-context:
-  cidr_ranges_sets:
-    healthchecks:
-      - 35.191.0.0/16
-      - 130.211.0.0/22
-      - 209.85.152.0/22
-      - 209.85.204.0/22
-    rfc1918:
-      - 10.0.0.0/8
-      - 172.16.0.0/12
-      - 192.168.0.0/16
-  locations:
-    primary: europe-west1
-    secondary: europe-west3
-  iam_principals: {}
-vpcs:
-  auto_create_subnetworks: false
-  delete_default_route_on_create: true
-  mtu: 1500
--- a/modules/net-vpc-factory/main.tf
+++ b/modules/net-vpc-factory/main.tf
@@ -15,23 +15,11 @@
 */

 locals {
+  ctx = var.context
  _vpcs_files = try(
    fileset(local.paths.vpcs, "**/.config.yaml"),
    []
  )
-  _defaults = try(
-    yamldecode(file(local.paths.defaults)), {}
-  )
-  context = {
-    locations = merge(
-      var.context.locations, try(local._defaults.context.locations, {})
-    )
-    project_ids = merge(
-      var.context.project_ids, try(local._defaults.context.project_ids, {})
-    )
-    cidr_ranges_sets = try(local._defaults.context.cidr_ranges_sets, {})
-    iam_principals   = try(local._defaults.context.iam_principals, {})
-  }
  _vpcs_preprocess = [
    for f in local._vpcs_files : merge(
      yamldecode(file("${coalesce(local.paths.vpcs, "-")}/${f}")),
@@ -54,7 +42,6 @@ locals {
  }
  vpcs = {
    for k, v in local._vpcs : k => merge(
-      try(local._defaults.vpcs, {}),
      { for k, v in var.data_defaults : k => v if v != null },
      v,
      { for k, v in var.data_overrides : k => v if v != null },
@@ -81,6 +68,7 @@ locals {
 module "vpcs" {
  source                            = "../net-vpc"
  for_each                          = local.vpcs
+  context                           = local.ctx
  project_id                        = try(each.value.project_id, null)
  name                              = try(each.value.name, null)
  auto_create_subnetworks           = try(each.value.auto_create_subnetworks, null)
@@ -95,7 +83,6 @@ module "vpcs" {
  network_attachments               = try(each.value.network_attachments, {})
  psa_configs                       = try(each.value.psa_configs, [])
  routing_mode                      = try(each.value.routing_mode, "GLOBAL")
-  context                           = local.context
 }

 module "firewall" {
@@ -103,12 +90,10 @@ module "firewall" {
  for_each = {
    for k, v in local.vpcs : k => v if v.firewall_factory_config != null
  }
+  context              = local.ctx
  project_id           = each.value.project_id
  network              = each.value.name
  factories_config     = each.value.firewall_factory_config
  default_rules_config = { disabled = true }
-  context = {
-    project_ids = local.context.project_ids
-  }
-  depends_on = [module.vpcs]
+  depends_on           = [module.vpcs]
 }
--- a/modules/net-vpc-factory/variables.tf
+++ b/modules/net-vpc-factory/variables.tf
@@ -17,8 +17,10 @@
 variable "context" {
  description = "Context-specific interpolations."
  type = object({
-    locations   = optional(map(string), {})
-    project_ids = optional(map(string), {})
+    cidr_ranges_sets = optional(map(list(string)), {})
+    iam_principals   = optional(map(string), {})
+    locations        = optional(map(string), {})
+    project_ids      = optional(map(string), {})
  })
  default  = {}
  nullable = false
@@ -29,9 +31,9 @@ variable "data_defaults" {
  type = object({
    project_id                        = optional(string)
    description                       = optional(string, "Terraform managed")
-    auto_create_subnetworks           = optional(bool)
+    auto_create_subnetworks           = optional(bool, false)
    delete_default_routes_on_create   = optional(bool, true)
-    mtu                               = optional(number)
+    mtu                               = optional(number, 1500)
    routing_mode                      = optional(string, "GLOBAL")
    firewall_policy_enforcement_order = optional(string, "AFTER_CLASSIC_FIREWALL")
    create_googleapis_routes = optional(object({
@@ -99,8 +101,7 @@ variable "factories_config" {
  type = object({
    basepath = string
    paths = optional(object({
-      defaults = optional(string, "defaults.yaml")
-      vpcs     = optional(string, "vpcs")
+      vpcs = optional(string, "vpcs")
    }), {})
  })
  nullable = false