diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index ea86930ea..e3cc75fd1 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -12,7 +12,7 @@ This module allows creation and management of VPC networks including subnetworks
- [Peering](#peering)
- [Shared VPC](#shared-vpc)
- [Private Service Networking](#private-service-networking)
- - [Private Service Networking with peering routes](#private-service-networking-with-peering-routes)
+ - [Private Service Networking with peering routes and peered Cloud DNS domains](#private-service-networking-with-peering-routes-and-peered-cloud-dns-domains)
- [Subnets for Private Service Connect, Proxy-only subnets](#subnets-for-private-service-connect-proxy-only-subnets)
- [DNS Policies](#dns-policies)
- [Subnet Factory](#subnet-factory)
@@ -247,10 +247,10 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" }
}
}
-# tftest modules=1 resources=7 inventory=psc.yaml
+# tftest modules=1 resources=7 inventory=psa.yaml
```
-### Private Service Networking with peering routes
+### Private Service Networking with peering routes and peered Cloud DNS domains
Custom routes can be optionally exported/imported through the peering formed with the Google managed PSA VPC.
@@ -267,12 +267,13 @@ module "vpc" {
}
]
psa_config = {
- ranges = { myrange = "10.0.1.0/24" }
- export_routes = true
- import_routes = true
+ ranges = { myrange = "10.0.1.0/24" }
+ export_routes = true
+ import_routes = true
+ peered_domains = ["gcp.example.com."]
}
}
-# tftest modules=1 resources=7 inventory=psc-routes.yaml
+# tftest modules=1 resources=8 inventory=psa-routes.yaml
```
### Subnets for Private Service Connect, Proxy-only subnets
@@ -549,15 +550,15 @@ module "vpc" {
| [ipv6_config](variables.tf#L79) | Optional IPv6 configuration for this network. | object({…}) | | {} |
| [mtu](variables.tf#L89) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | number | | null |
| [peering_config](variables.tf#L100) | VPC peering configuration. | object({…}) | | null |
-| [psa_config](variables.tf#L116) | The Private Service Access configuration for Service Networking. | object({…}) | | null |
-| [routes](variables.tf#L126) | Network routes, keyed by name. | map(object({…})) | | {} |
-| [routing_mode](variables.tf#L147) | The network routing mode (default 'GLOBAL'). | string | | "GLOBAL" |
-| [shared_vpc_host](variables.tf#L157) | Enable shared VPC for this project. | bool | | false |
-| [shared_vpc_service_projects](variables.tf#L163) | Shared VPC service projects to register with this host. | list(string) | | [] |
-| [subnets](variables.tf#L169) | Subnet configuration. | list(object({…})) | | [] |
-| [subnets_proxy_only](variables.tf#L216) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
-| [subnets_psc](variables.tf#L250) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
-| [vpc_create](variables.tf#L282) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
+| [psa_config](variables.tf#L116) | The Private Service Access configuration for Service Networking. | object({…}) | | null |
+| [routes](variables.tf#L127) | Network routes, keyed by name. | map(object({…})) | | {} |
+| [routing_mode](variables.tf#L148) | The network routing mode (default 'GLOBAL'). | string | | "GLOBAL" |
+| [shared_vpc_host](variables.tf#L158) | Enable shared VPC for this project. | bool | | false |
+| [shared_vpc_service_projects](variables.tf#L164) | Shared VPC service projects to register with this host. | list(string) | | [] |
+| [subnets](variables.tf#L170) | Subnet configuration. | list(object({…})) | | [] |
+| [subnets_proxy_only](variables.tf#L217) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
+| [subnets_psc](variables.tf#L251) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
+| [vpc_create](variables.tf#L283) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
## Outputs
diff --git a/modules/net-vpc/psa.tf b/modules/net-vpc/psa.tf
index 19c47d4d0..29fe04082 100644
--- a/modules/net-vpc/psa.tf
+++ b/modules/net-vpc/psa.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,20 +31,40 @@ resource "google_compute_global_address" "psa_ranges" {
network = local.network.id
}
+moved {
+ from = google_service_networking_connection.psa_connection["1"]
+ to = google_service_networking_connection.psa_connection[0]
+}
+
resource "google_service_networking_connection" "psa_connection" {
- for_each = var.psa_config != null ? { 1 = 1 } : {}
- network = local.network.id
- service = "servicenetworking.googleapis.com"
+ count = var.psa_config != null ? 1 : 0
+ network = local.network.id
+ service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [
for k, v in google_compute_global_address.psa_ranges : v.name
]
}
+moved {
+ from = google_compute_network_peering_routes_config.psa_routes["1"]
+ to = google_compute_network_peering_routes_config.psa_routes[0]
+}
+
resource "google_compute_network_peering_routes_config" "psa_routes" {
- for_each = var.psa_config != null ? { 1 = 1 } : {}
+ count = var.psa_config != null ? 1 : 0
project = var.project_id
- peering = google_service_networking_connection.psa_connection["1"].peering
+ peering = google_service_networking_connection.psa_connection[0].peering
network = local.network.name
export_custom_routes = var.psa_config.export_routes
import_custom_routes = var.psa_config.import_routes
}
+
+resource "google_service_networking_peered_dns_domain" "name" {
+ for_each = toset(try(var.psa_config.peered_domains, []))
+ project = var.project_id
+ name = trimsuffix(replace(each.value, ".", "-"), "-")
+ network = local.network.name
+ dns_suffix = each.value
+ service = "servicenetworking.googleapis.com"
+ depends_on = [google_service_networking_connection.psa_connection]
+}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 5c4cc692d..f463470d1 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -116,9 +116,10 @@ variable "project_id" {
variable "psa_config" {
description = "The Private Service Access configuration for Service Networking."
type = object({
- ranges = map(string)
- export_routes = optional(bool, false)
- import_routes = optional(bool, false)
+ ranges = map(string)
+ export_routes = optional(bool, false)
+ import_routes = optional(bool, false)
+ peered_domains = optional(list(string), [])
})
default = null
}
diff --git a/tests/modules/net_vpc/examples/psc-routes.yaml b/tests/modules/net_vpc/examples/psa-routes.yaml
similarity index 81%
rename from tests/modules/net_vpc/examples/psc-routes.yaml
rename to tests/modules/net_vpc/examples/psa-routes.yaml
index 6f459f4b7..fe2697813 100644
--- a/tests/modules/net_vpc/examples/psc-routes.yaml
+++ b/tests/modules/net_vpc/examples/psa-routes.yaml
@@ -16,8 +16,6 @@ values:
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
- description: null
- ip_version: null
name: myrange
prefix_length: 24
project: my-project
@@ -26,18 +24,26 @@ values:
name: my-network
project: my-project
routing_mode: GLOBAL
- module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
+ module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: true
import_custom_routes: true
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
+ private_ip_google_access: true
project: my-project
- module.vpc.google_service_networking_connection.psa_connection["1"]:
+ region: europe-west1
+ secondary_ip_range: []
+ module.vpc.google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- myrange
service: servicenetworking.googleapis.com
+ module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]:
+ dns_suffix: gcp.example.com.
+ name: gcp-example-com
+ project: my-project
+ service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 1
@@ -45,3 +51,4 @@ counts:
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1
+ google_service_networking_peered_dns_domain: 1
diff --git a/tests/modules/net_vpc/examples/psc.yaml b/tests/modules/net_vpc/examples/psa.yaml
similarity index 98%
rename from tests/modules/net_vpc/examples/psc.yaml
rename to tests/modules/net_vpc/examples/psa.yaml
index c08fcb453..695678c47 100644
--- a/tests/modules/net_vpc/examples/psc.yaml
+++ b/tests/modules/net_vpc/examples/psa.yaml
@@ -23,7 +23,7 @@ values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
- module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
+ module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: false
import_custom_routes: false
project: my-project
@@ -31,7 +31,7 @@ values:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
- module.vpc.google_service_networking_connection.psa_connection["1"]:
+ module.vpc.google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- myrange
service: servicenetworking.googleapis.com
diff --git a/tests/modules/net_vpc/psa_routes_export.yaml b/tests/modules/net_vpc/psa_routes_export.yaml
index fd9239e81..a2ca40ea2 100644
--- a/tests/modules/net_vpc/psa_routes_export.yaml
+++ b/tests/modules/net_vpc/psa_routes_export.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,11 +30,11 @@ values:
name: test
project: test-project
routing_mode: GLOBAL
- google_compute_network_peering_routes_config.psa_routes["1"]:
+ google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: true
import_custom_routes: false
project: test-project
- google_service_networking_connection.psa_connection["1"]:
+ google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- bar
service: servicenetworking.googleapis.com
diff --git a/tests/modules/net_vpc/psa_routes_import.yaml b/tests/modules/net_vpc/psa_routes_import.yaml
index dc0e5704b..5d7708ae2 100644
--- a/tests/modules/net_vpc/psa_routes_import.yaml
+++ b/tests/modules/net_vpc/psa_routes_import.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,11 +30,11 @@ values:
name: test
project: test-project
routing_mode: GLOBAL
- google_compute_network_peering_routes_config.psa_routes["1"]:
+ google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: false
import_custom_routes: true
project: test-project
- google_service_networking_connection.psa_connection["1"]:
+ google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- bar
service: servicenetworking.googleapis.com
diff --git a/tests/modules/net_vpc/psa_routes_import_export.yaml b/tests/modules/net_vpc/psa_routes_import_export.yaml
index 23db6b26b..42b8460d1 100644
--- a/tests/modules/net_vpc/psa_routes_import_export.yaml
+++ b/tests/modules/net_vpc/psa_routes_import_export.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,11 +30,11 @@ values:
name: test
project: test-project
routing_mode: GLOBAL
- google_compute_network_peering_routes_config.psa_routes["1"]:
+ google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: true
import_custom_routes: true
project: test-project
- google_service_networking_connection.psa_connection["1"]:
+ google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- bar
service: servicenetworking.googleapis.com