kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow custom route descriptions in net-vpc module

Browse Source 
Related: #1491
This commit is contained in:
Julio Castillo
2023-08-04 14:11:10 +02:00
parent 24bd6179a7
commit bbe778e095
4 changed files with 27 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/net-vpc/README.md
View File

@@ -410,6 +410,7 @@ module "vpc" {
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
description = "Route to internal range."
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = each.key
@@ -475,7 +476,6 @@ module "vpc" {
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
@@ -492,16 +492,16 @@ module "vpc" {
| [mtu](variables.tf#L77) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
| [peering_config](variables.tf#L88) | VPC peering configuration. | <code title="object&#40;&#123;&#10; peer_vpc_self_link &#61; string&#10; create_remote_peer &#61; optional&#40;bool, true&#41;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [psa_config](variables.tf#L104) | The Private Service Access configuration for Service Networking. | <code title="object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10; dest_range &#61; string&#10; next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10; next_hop &#61; string&#10; priority &#61; optional&#40;number&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [routing_mode](variables.tf#L134) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>&#34;GLOBAL&#34;</code> |
| [shared_vpc_host](variables.tf#L144) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
| [shared_vpc_service_projects](variables.tf#L150) | Shared VPC service projects to register with this host. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [subnet_iam](variables.tf#L156) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnet_iam_additive](variables.tf#L162) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnets](variables.tf#L169) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; flow_logs_config &#61; optional&#40;object&#40;&#123;&#10; aggregation_interval &#61; optional&#40;string&#41;&#10; filter_expression &#61; optional&#40;string&#41;&#10; flow_sampling &#61; optional&#40;number&#41;&#10; metadata &#61; optional&#40;string&#41;&#10; metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; ipv6 &#61; optional&#40;object&#40;&#123;&#10; access_type &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;&#41;&#10; secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_proxy_only](variables.tf#L194) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; active &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_psc](variables.tf#L206) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc_create](variables.tf#L217) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10; dest_range &#61; string&#10; next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10; next_hop &#61; string&#10; priority &#61; optional&#40;number&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>&#34;GLOBAL&#34;</code> |
| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnets](variables.tf#L170) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; flow_logs_config &#61; optional&#40;object&#40;&#123;&#10; aggregation_interval &#61; optional&#40;string&#41;&#10; filter_expression &#61; optional&#40;string&#41;&#10; flow_sampling &#61; optional&#40;number&#41;&#10; metadata &#61; optional&#40;string&#41;&#10; metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; ipv6 &#61; optional&#40;object&#40;&#123;&#10; access_type &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;&#41;&#10; secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; active &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
## Outputs
@@ -521,5 +521,4 @@ module "vpc" {
| [subnets](outputs.tf#L118) | Subnet resources. | |
| [subnets_proxy_only](outputs.tf#L123) | L7 ILB or L7 Regional LB subnet resources. | |
| [subnets_psc](outputs.tf#L128) | Private Service Connect subnet resources. | |
<!-- END TFDOC -->

10
modules/net-vpc/routes.tf
View File

@@ -51,7 +51,7 @@ resource "google_compute_route" "gateway" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -63,7 +63,7 @@ resource "google_compute_route" "ilb" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -75,7 +75,7 @@ resource "google_compute_route" "instance" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -89,7 +89,7 @@ resource "google_compute_route" "ip" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -101,7 +101,7 @@ resource "google_compute_route" "vpn_tunnel" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags

1
modules/net-vpc/variables.tf
View File

@@ -114,6 +114,7 @@ variable "psa_config" {
variable "routes" {
description = "Network routes, keyed by name."
type = map(object({
description = optional(string, "Terraform-managed.")
dest_range = string
next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb
next_hop = string

10
tests/modules/net_vpc/examples/routes.yaml
View File

@@ -18,6 +18,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-gateway-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -29,6 +30,7 @@ values:
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-gateway-next-hop
next_hop_gateway: global/gateways/default-internet-gateway
@@ -43,6 +45,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-ilb-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -54,6 +57,7 @@ values:
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-ilb-next-hop
next_hop_gateway: null
@@ -68,6 +72,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-instance-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -79,6 +84,7 @@ values:
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-instance-next-hop
next_hop_gateway: null
@@ -94,6 +100,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-ip-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -105,6 +112,7 @@ values:
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-ip-next-hop
next_hop_gateway: null
@@ -120,6 +128,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-vpn-tunnel-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -131,6 +140,7 @@ values:
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-vpn-tunnel-next-hop
next_hop_gateway: null