add l7ilb subnets to net-vpc module

modules/net-vpc/README.md

@@ -195,7 +195,8 @@ module "vpc" {
 | *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
-| *subnets* | The list of subnets being created | <code title="list&#40;object&#40;&#123;&#10;name               &#61; string&#10;ip_cidr_range      &#61; string&#10;name               &#61; string&#10;region             &#61; string&#10;secondary_ip_range &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
+| *subnets* | List of subnets being created. | <code title="list&#40;object&#40;&#123;&#10;name               &#61; string&#10;ip_cidr_range      &#61; string&#10;region             &#61; string&#10;secondary_ip_range &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
+| *subnets_l7ilb* | List of subnets for private HTTPS load balancer. | <code title="list&#40;object&#40;&#123;&#10;active        &#61; bool&#10;name          &#61; string&#10;ip_cidr_range &#61; string&#10;region        &#61; string&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
 | *vpc_create* | Create VPC. When set to false, uses a data source to reference existing VPC. | <code title="">bool</code> |  | <code title="">true</code> |
 
 ## Outputs
@@ -212,6 +213,7 @@ module "vpc" {
 | subnet_secondary_ranges | Map of subnet secondary ranges keyed by name. |  |
 | subnet_self_links | Map of subnet self links keyed by name. |  |
 | subnets | Subnet resources. |  |
+| subnets_l7ilb | L7 ILB subnet resources. |  |
 <!-- END TFDOC -->
 
 The key format is `subnet_region/subnet_name`. For example `europe-west1/my_subnet`.

modules/net-vpc/main.tf

@@ -68,6 +68,10 @@ locals {
     for subnet in var.subnets :
     "${subnet.region}/${subnet.name}" => subnet
   }
+  subnets_l7ilb = {
+    for subnet in var.subnets_l7ilb :
+    "${subnet.region}/${subnet.name}" => subnet
+  }
   network = (
     var.vpc_create
     ? try(google_compute_network.network.0, null)
@@ -141,8 +145,14 @@ resource "google_compute_subnetwork" "subnetwork" {
     for name, range in each.value.secondary_ip_range :
     { range_name = name, ip_cidr_range = range }
   ]
-  description              = lookup(var.subnet_descriptions, "${each.value.region}/${each.value.name}", "Terraform-managed.")
-  private_ip_google_access = lookup(var.subnet_private_access, "${each.value.region}/${each.value.name}", true)
+  description = lookup(
+    var.subnet_descriptions,
+    "${each.value.region}/${each.value.name}",
+    "Terraform-managed."
+  )
+  private_ip_google_access = lookup(
+    var.subnet_private_access, "${each.value.region}/${each.value.name}", true
+  )
   dynamic "log_config" {
     for_each = local.subnet_log_configs["${each.value.region}/${each.value.name}"]
     iterator = config
@@ -154,6 +164,25 @@ resource "google_compute_subnetwork" "subnetwork" {
   }
 }
 
+resource "google_compute_subnetwork" "l7ilb" {
+  provider      = google-beta
+  for_each      = local.subnets_l7ilb
+  project       = var.project_id
+  network       = local.network.name
+  region        = each.value.region
+  name          = each.value.name
+  ip_cidr_range = each.value.ip_cidr_range
+  purpose       = "INTERNAL_HTTPS_LOAD_BALANCER"
+  role = (
+    each.value.active || each.value.active == null ? "ACTIVE" : "BACKUP"
+  )
+  description = lookup(
+    var.subnet_descriptions,
+    "${each.value.region}/${each.value.name}",
+    "Terraform-managed."
+  )
+}
+
 resource "google_compute_subnetwork_iam_binding" "binding" {
   for_each = {
     for binding in local.subnet_iam_members :

modules/net-vpc/outputs.tf

@@ -70,12 +70,16 @@ output "self_link" {
 
 output "subnet_ips" {
   description = "Map of subnet address ranges keyed by name."
-  value       = { for k, v in google_compute_subnetwork.subnetwork : k => v.ip_cidr_range }
+  value = {
+    for k, v in google_compute_subnetwork.subnetwork : k => v.ip_cidr_range
+  }
 }
 
 output "subnet_regions" {
   description = "Map of subnet regions keyed by name."
-  value       = { for k, v in google_compute_subnetwork.subnetwork : k => v.region }
+  value = {
+    for k, v in google_compute_subnetwork.subnetwork : k => v.region
+  }
 }
 
 output "subnet_secondary_ranges" {
@@ -99,3 +103,8 @@ output "subnets" {
   description = "Subnet resources."
   value       = { for k, v in google_compute_subnetwork.subnetwork : k => v }
 }
+
+output "subnets_l7ilb" {
+  description = "L7 ILB subnet resources."
+  value       = { for k, v in google_compute_subnetwork.l7ilb : k => v }
+}

modules/net-vpc/variables.tf

@@ -168,17 +168,27 @@ variable "subnet_private_access" {
 }
 
 variable "subnets" {
-  description = "The list of subnets being created"
+  description = "List of subnets being created."
   type = list(object({
     name               = string
     ip_cidr_range      = string
-    name               = string
     region             = string
     secondary_ip_range = map(string)
   }))
   default = []
 }
 
+variable "subnets_l7ilb" {
+  description = "List of subnets for private HTTPS load balancer."
+  type = list(object({
+    active        = bool
+    name          = string
+    ip_cidr_range = string
+    region        = string
+  }))
+  default = []
+}
+
 variable "vpc_create" {
   description = "Create VPC. When set to false, uses a data source to reference existing VPC."
   type        = bool