kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Start the deprecation process of the old networking stages (#3451)

Browse Source 
This PR renames `2-networking-foo` stages to `2-networking-legacy-foo` - including references of stages in docs and tests.

**Breaking Changes**

```upgrade-note
`fast/stages/2-networking-a-simple`: The stage is being deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-b-nva`: The stage is being deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-c-separate-envs`: The stage is being deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
`modules/net-vpc-factory`:  The module has been deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
```
This commit is contained in:
Simone Ruffilli
2025-10-22 16:31:14 +02:00
committed by GitHub
parent 7ea9612b07
commit de8ebefe17
215 changed files with 32 additions and 5714 deletions
Download Patch File Download Diff File Expand all files Collapse all files

832
modules/net-vpc-factory/README.md
View File

File diff suppressed because one or more lines are too long

28
modules/net-vpc-factory/data/firewall/dev-spoke/default-ingress.yaml
View File

@@ -1,28 +0,0 @@
# skip boilerplate check
---
# start of document (---) avoids errors if the file only contains comments
# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
ingress:
ingress-icmp-allow:
description: "Allow ICMP from anywhere."
rules:
- protocol: icmp
ports: []
priority: 1000
ingress-ssh-from-iap-allow:
description: "Allow SSH connections from IAP ranges."
source_ranges:
- 35.235.240.0/20
rules:
- protocol: tcp
ports:
- 22
priority: 1001
ingress-default-deny:
description: "Deny and log any unmatched ingress traffic."
deny: true
priority: 65535
enable_logging:
include_metadata: false

28
modules/net-vpc-factory/data/firewall/hub/default-ingress.yaml
View File

@@ -1,28 +0,0 @@
# skip boilerplate check
---
# start of document (---) avoids errors if the file only contains comments
# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
ingress:
ingress-icmp-allow:
description: "Allow ICMP from anywhere."
rules:
- protocol: icmp
ports: []
priority: 1000
ingress-ssh-from-iap-allow:
description: "Allow SSH connections from IAP ranges."
source_ranges:
- 35.235.240.0/20
rules:
- protocol: tcp
ports:
- 22
priority: 1001
ingress-default-deny:
description: "Deny and log any unmatched ingress traffic."
deny: true
priority: 65535
enable_logging:
include_metadata: false

28
modules/net-vpc-factory/data/firewall/prod-spoke/default-ingress.yaml
View File

@@ -1,28 +0,0 @@
# skip boilerplate check
---
# start of document (---) avoids errors if the file only contains comments
# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
ingress:
ingress-icmp-allow:
description: "Allow ICMP from anywhere."
rules:
- protocol: icmp
ports: []
priority: 1000
ingress-ssh-from-iap-allow:
description: "Allow SSH connections from IAP ranges."
source_ranges:
- 35.235.240.0/20
rules:
- protocol: tcp
ports:
- 22
priority: 1001
ingress-default-deny:
description: "Deny and log any unmatched ingress traffic."
deny: true
priority: 65535
enable_logging:
include_metadata: false

8
modules/net-vpc-factory/data/subnets/dev-spoke/dev-default.yaml
View File

@@ -1,8 +0,0 @@
# skip boilerplate check
# yaml-language-server: $schema=../../../schemas/subnet.schema.json
name: dev-default
region: europe-west8
ip_cidr_range: 10.68.0.0/24
description: Default europe-west8 subnet for dev

8
modules/net-vpc-factory/data/subnets/hub/hub-default.yaml
View File

@@ -1,8 +0,0 @@
# skip boilerplate check
# yaml-language-server: $schema=../../../schemas/subnet.schema.json
name: hub-default
region: europe-west12
ip_cidr_range: 10.70.0.0/24
description: Default europe-west12 subnet for hub

8
modules/net-vpc-factory/data/subnets/prod-spoke/prod-default.yaml
View File

@@ -1,8 +0,0 @@
# skip boilerplate check
# yaml-language-server: $schema=../../../schemas/subnet.schema.json
name: prod-default
region: europe-west12
ip_cidr_range: 10.69.0.0/24
description: Default europe-west12 subnet for prod

87
modules/net-vpc-factory/factory-dns.tf
View File

@@ -1,87 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description DNS factory.
locals {
dns_zone_entries = flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for zone_key, zone in try(vpc_config.dns_zones, {}) : {
key = "${factory_key}/${vpc_key}/${zone_key}"
value = merge(
{
name = replace("${vpc_key}-${zone_key}", "/", "-")
project_id = module.projects[factory_key].id
description = try(zone.description, "Terraform-managed.")
force_destroy = try(zone.force_destroy, null)
iam = try(zone.iam, null)
recordsets = try(zone.recordsets, null)
},
{
zone_config = merge(
{ domain = try(zone.zone_config.domain, null) },
contains(keys(try(zone.zone_config, {})), "private") ? {
private = {
service_directory_namespace = try(zone.zone_config.private.service_directory_namespace, null)
client_networks = [
for net in zone.zone_config.private.client_networks :
try(module.vpc[net].self_link, net)
]
}
} : {},
contains(keys(try(zone.zone_config, {})), "peering") ? {
peering = {
peer_network = try(module.vpc[zone.zone_config.peering.peer_network].self_link, zone.zone_config.peering.peer_network),
client_networks = [
for net in zone.zone_config.peering.client_networks :
try(module.vpc[net].self_link, net)
]
}
} : {},
contains(keys(try(zone.zone_config, {})), "forwarding") ? {
forwarding = {
forwarders = try(zone.zone_config.forwarding.forwarders, {}),
client_networks = [
for net in zone.zone_config.forwarding.client_networks :
try(module.vpc[net].self_link, net)
]
}
} : {}
)
}
)
}
]
]
])
# Convert the flattened list into a map.
dns_zones = { for entry in local.dns_zone_entries : entry.key => entry.value }
}
module "dns-zones" {
source = "../dns"
for_each = local.dns_zones
project_id = each.value.project_id
name = each.value.name
description = each.value.description
force_destroy = each.value.force_destroy
iam = each.value.iam
zone_config = each.value.zone_config
recordsets = each.value.recordsets
depends_on = [module.vpc]
}

62
modules/net-vpc-factory/factory-nat.tf
View File

@@ -1,62 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description Cloud NAT factory.
locals {
nat_configs = merge(flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for nat_key, nat_config in try(vpc_config.nat_config, {}) : {
"${factory_key}/${vpc_key}/${nat_key}" = merge(nat_config, {
name = replace("${vpc_key}/${nat_key}", "/", "-")
project_id = module.projects[factory_key].id
addresses = try(nat_config.addresses, [])
config_port_allocation = try(nat_config.config_port_allocation, {})
config_source_subnetworks = try(nat_config.config_source_subnetworks, {})
config_timeouts = try(nat_config.config_timeouts, {})
endpoint_types = try(nat_config.endpoint_types, null)
logging_filter = try(nat_config.logging_filter, null)
router_asn = try(nat_config.router_asn, null)
router_create = try(nat_config.router_create, true)
router_network = module.vpc["${factory_key}/${vpc_key}"].self_link
rules = try(nat_config.rules, [])
type = try(nat_config.type, "PUBLIC")
})
}
]
]
])...)
}
module "nat" {
source = "../net-cloudnat"
for_each = local.nat_configs
project_id = each.value.project_id
name = each.value.name
addresses = each.value.addresses
config_port_allocation = each.value.config_port_allocation
config_source_subnetworks = each.value.config_source_subnetworks
config_timeouts = each.value.config_timeouts
endpoint_types = each.value.endpoint_types
logging_filter = each.value.logging_filter
region = each.value.region
router_asn = each.value.router_asn
router_create = each.value.router_create
router_network = each.value.router_network
rules = each.value.rules
type = each.value.type
}

139
modules/net-vpc-factory/factory-ncc.tf
View File

@@ -1,139 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description NCC factory.
locals {
ncc_hubs = { for k, v in local.network_projects : "${k}/${v.ncc_hub_config.name}" =>
{
name = v.ncc_hub_config.name
project_id = module.projects[k].id
description = try(v.ncc_hub_config.description, "Terraform-managed")
export_psc = try(v.ncc_hub_config.export_psc, true)
preset_topology = try(v.ncc_hub_config.preset_topology, "MESH")
}
if try(v.ncc_hub_config != null, false)
}
ncc_groups = merge(flatten([for k, v in local.network_projects :
{
for gk, gv in try(v.ncc_hub_config.groups, {}) : "${k}/${v.ncc_hub_config.name}/${gk}" =>
{
name = gk
project = module.projects[k].id
hub = google_network_connectivity_hub.default["${k}/${v.ncc_hub_config.name}"].id
description = try(gv.description, "Terraform-managed")
labels = try(gv.labels, {})
auto_accept = [for project_key in try(gv.auto_accept, []) : module.projects[project_key].id]
}
}
if try(v.ncc_hub_config != null, false)
])...)
ncc_vpn_spokes = merge(flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for vpn_key, vpn_config in try(vpc_config.vpn_config, {}) : {
"${factory_key}/${vpc_key}/${vpn_key}" = {
name = replace("${factory_key}/${vpc_key}/${vpn_key}", "/", "-")
project_id = module.projects[factory_key].id
hub = google_network_connectivity_hub.default[vpn_config.ncc_spoke_config.hub].id
location = vpn_config.region
description = lookup(vpn_config.ncc_spoke_config, "description", "Terraform-managed.")
labels = lookup(vpn_config.ncc_spoke_config, "labels", {})
tunnel_self_link = [for t, _ in vpn_config.tunnels : module.vpn-ha["${factory_key}/${vpc_key}/${vpn_key}"].tunnel_self_links[t]]
}
}
if try(vpn_config.ncc_spoke_config != null, false)
]
]
])...)
ncc_vpc_spokes = merge(flatten([
for factory_key, factory_config in local.network_projects : {
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : "${factory_key}/${vpc_key}" => merge(vpc_config.ncc_config, {
project_id = module.projects[factory_key].id
network_self_link = module.vpc["${factory_key}/${vpc_key}"].self_link
labels = try(vpc_config.ncc_config.labels, {})
hub = google_network_connectivity_hub.default[vpc_config.ncc_config.hub].id
description = try(vpc_config.ncc_config.description, "Terraform-managed")
exclude_export_ranges = try(vpc_config.ncc_config.exclude_export_ranges, null)
include_export_ranges = try(vpc_config.ncc_config.include_export_ranges, null)
group = try(google_network_connectivity_group.default[vpc_config.ncc_config.group].id, null)
})
if try(vpc_config.ncc_config != null, false)
}
])...)
}
resource "google_network_connectivity_hub" "default" {
for_each = local.ncc_hubs
name = each.value.name
description = each.value.description
export_psc = each.value.export_psc
preset_topology = each.value.preset_topology
project = each.value.project_id
}
resource "google_network_connectivity_spoke" "vpcs" {
for_each = local.ncc_vpc_spokes
project = each.value.project_id
name = replace(each.key, "/", "-")
location = "global"
description = each.value.description
labels = each.value.labels
hub = each.value.hub
linked_vpc_network {
uri = each.value.network_self_link
exclude_export_ranges = each.value.exclude_export_ranges
include_export_ranges = each.value.include_export_ranges
}
depends_on = [google_network_connectivity_hub.default]
group = each.value.group
}
resource "google_network_connectivity_group" "default" {
for_each = local.ncc_groups
project = each.value.project
name = each.value.name
hub = each.value.hub
labels = each.value.labels
description = each.value.description
dynamic "auto_accept" {
for_each = try(each.value.auto_accept != null, false) ? [""] : []
content {
auto_accept_projects = each.value.auto_accept
}
}
depends_on = [google_network_connectivity_hub.default]
}
resource "google_network_connectivity_spoke" "tunnels" {
for_each = local.ncc_vpn_spokes
project = each.value.project_id
name = each.value.name
location = each.value.location
description = each.value.description
labels = each.value.labels
hub = each.value.hub
linked_vpn_tunnels {
uris = each.value.tunnel_self_link
site_to_site_data_transfer = true
include_import_ranges = ["ALL_IPV4_RANGES"]
}
depends_on = [module.vpn-ha]
}

51
modules/net-vpc-factory/factory-peering.tf
View File

@@ -1,51 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description Peering factory.
locals {
peerings = merge(flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for k, v in try(vpc_config.peering_config, {}) : {
"${factory_key}/${vpc_key}/${k}" = {
project = factory_key
name = replace("${vpc_key}/${k}", "/", "-")
local_network = module.vpc["${factory_key}/${vpc_key}"].self_link
peer_network = module.vpc[v.peer_network].self_link
export_custom_routes = try(v.routes_config.export, true)
import_custom_routes = try(v.routes_config.import, true)
export_subnet_routes_with_public_ip = try(v.routes_config.public_export, null)
import_subnet_routes_with_public_ip = try(v.routes_config.public_import, null)
stack_type = try(v.stack_type, null)
}
}
]
]
])...)
}
resource "google_compute_network_peering" "default" {
for_each = local.peerings
name = each.value.name
network = each.value.local_network
peer_network = each.value.peer_network
export_custom_routes = each.value.export_custom_routes
import_custom_routes = each.value.import_custom_routes
export_subnet_routes_with_public_ip = each.value.export_subnet_routes_with_public_ip
import_subnet_routes_with_public_ip = each.value.import_subnet_routes_with_public_ip
stack_type = each.value.stack_type
}

49
modules/net-vpc-factory/factory-project.tf
View File

@@ -1,49 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description Dedicated project factory.
locals {
_projects_input = { for k, v in local.network_projects : k => v.project_config }
_projects_config = {
data_defaults = {
billing_account = var.billing_account
prefix = var.prefix
parent = var.parent_id
project_reuse = var.project_reuse
}
}
projects = local._projects_output
}
module "projects" {
source = "../project"
for_each = local.projects
billing_account = each.value.billing_account
name = each.value.name
parent = each.value.parent
prefix = each.value.prefix
services = each.value.services
shared_vpc_host_config = each.value.shared_vpc_host_config
iam = each.value.iam
iam_bindings = each.value.iam_bindings
iam_bindings_additive = each.value.iam_bindings_additive
iam_by_principals = each.value.iam_by_principals
iam_by_principals_additive = each.value.iam_by_principals_additive
org_policies = each.value.org_policies
project_reuse = each.value.project_reuse
quotas = each.value.quotas
}

311
modules/net-vpc-factory/factory-projects-object.tf
View File

@@ -1,311 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# inputs
# local._projects_input - parsed data from yaml as map
# local._projects_config = object({
# data_overrides = ...
# data_defaults = ...
# })
# outputs:
# local._projects_output - map
locals {
__projects_config = {
data_defaults = merge({
billing_account = null
contacts = {}
deletion_policy = null
factories_config = merge({
custom_roles = null
observability = null
org_policies = null
quotas = null
}, try(local._projects_config.data_defaults.factories_config, {
custom_roles = null
observability = null
org_policies = null
quotas = null
})
)
labels = {}
metric_scopes = []
parent = null
prefix = null
project_reuse = merge({
use_data_source = true
attributes = null
}, try(local._projects_config.data_defaults.project_reuse, {
use_data_source = true
attributes = null
})
)
service_encryption_key_ids = {}
services = []
shared_vpc_service_config = merge(
{
host_project = null
iam_bindings_additive = {}
network_users = []
service_agent_iam = {}
service_agent_subnet_iam = {}
service_iam_grants = []
network_subnet_users = {}
},
try(local._projects_config.data_defaults.shared_vpc_service_config, {
host_project = null
iam_bindings_additive = {}
network_users = []
service_agent_iam = {}
service_agent_subnet_iam = {}
service_iam_grants = []
network_subnet_users = {}
}
)
)
storage_location = null
tag_bindings = {}
service_accounts = {}
vpc_sc = merge({
perimeter_name = null
is_dry_run = false
}, try(local._projects_config.data_defaults.vpc_sc, {
perimeter_name = null
is_dry_run = false
})
)
logging_data_access = {}
},
try(local._projects_config.data_defaults, {})
)
# data_overrides default to null's, to mark that they should not override
data_overrides = merge({
billing_account = null
contacts = null
deletion_policy = null
factories_config = merge({
custom_roles = null
observability = null
org_policies = null
quotas = null
}, try(local._projects_config.data_overrides.factories_config, {
custom_roles = null
observability = null
org_policies = null
quotas = null
})
)
parent = null
prefix = null
service_encryption_key_ids = null
storage_location = null
tag_bindings = null
services = null
service_accounts = null
vpc_sc = try(
merge(
{
perimeter_name = null
is_dry_run = false
},
local._projects_config.data_overrides.vpc_sc
),
null
)
logging_data_access = null
},
try(local._projects_config.data_overrides, {})
)
}
_projects_output = {
# Semantics of the merges are:
# * if data_overrides.<field> is not null, use this value
# * if _projects_inputs.<field> is not null, use this value
# * use data_default value, which if not set, will provide "empty" type
# This logic is easily implemented using coalesce, even on maps and list and allows to
# set data_overrides.<field> to "", [] or {} to ensure, that empty value is always passed, or do
# the same in _projects_input to prevent falling back to default value
for k, v in local._projects_input : k => merge(v, {
billing_account = try(coalesce( # type: string
local.__projects_config.data_overrides.billing_account,
try(v.billing_account, null),
local.__projects_config.data_defaults.billing_account
), null)
deletion_policy = try(coalesce( # type: string
local.__projects_config.data_overrides.deletion_policy,
try(v.deletion_policy, null),
local.__projects_config.data_defaults.deletion_policy
), null)
contacts = coalesce( # type: map
local.__projects_config.data_overrides.contacts,
try(v.contacts, null),
local.__projects_config.data_defaults.contacts
)
factories_config = { # type: object
custom_roles = try( # type: string
coalesce(
local.__projects_config.data_overrides.factories_config.custom_roles,
try(v.factories_config.custom_roles, null),
local.__projects_config.data_defaults.factories_config.custom_roles
),
null
)
observability = try( # type: string
coalesce(
local.__projects_config.data_overrides.factories_config.observability,
try(v.factories_config.observability, null),
local.__projects_config.data_defaults.factories_config.observability
),
null)
org_policies = try( # type: string
coalesce(
local.__projects_config.data_overrides.factories_config.org_policies,
try(v.factories_config.org_policies, null),
local.__projects_config.data_defaults.factories_config.org_policies
),
null)
quotas = try( # type: string
coalesce(
local.__projects_config.data_overrides.factories_config.quotas,
try(v.factories_config.quotas, null),
local.__projects_config.data_defaults.factories_config.quotas
),
null)
}
iam = try(v.iam, {}) # type: map(list(string))
iam_bindings = try(v.iam_bindings, {}) # type: map(object({...}))
iam_bindings_additive = try(v.iam_bindings_additive, {}) # type: map(object({...}))
iam_by_principals_additive = try(v.iam_by_principals_additive, {}) # type: map(list(string))
iam_by_principals = try(v.iam_by_principals, {}) # map(list(string))
labels = coalesce( # type: map(string)
try(v.labels, null),
local.__projects_config.data_defaults.labels
)
metric_scopes = coalesce( # type: list(string)
try(v.metric_scopes, null),
local.__projects_config.data_defaults.metric_scopes
)
name = lookup(v, "name", basename(k)) # type: string
org_policies = try(v.org_policies, {}) # type: map(object({...}))
parent = try( # type: string, nullable
coalesce(
local.__projects_config.data_overrides.parent,
try(v.parent, null),
local.__projects_config.data_defaults.parent
), null
)
prefix = try( # type: string, nullable
coalesce(
local.__projects_config.data_overrides.prefix,
try(v.prefix, null),
local.__projects_config.data_defaults.prefix
), null
)
project_reuse = ( # type: object({...})
try(v.project_reuse, null) != null
? merge(
{
use_data_source = true
attributes = null
},
v.project_reuse
)
: local.__projects_config.data_defaults.project_reuse
)
service_encryption_key_ids = coalesce( # type: map(list(string))
local.__projects_config.data_overrides.service_encryption_key_ids,
try(v.service_encryption_key_ids, null),
local.__projects_config.data_defaults.service_encryption_key_ids
)
services = coalesce( # type: list(string)
local.__projects_config.data_overrides.services,
try(v.services, null),
local.__projects_config.data_defaults.services
)
shared_vpc_host_config = ( # type: object({...})
try(v.shared_vpc_host_config, null) != null
? merge(
{ service_projects = [] },
v.shared_vpc_host_config
)
: null
)
shared_vpc_service_config = ( # type: object({...})
try(v.shared_vpc_service_config, null) != null
? merge(
{
host_project = null
iam_bindings_additive = {}
network_users = []
service_agent_iam = {}
service_agent_subnet_iam = {}
service_iam_grants = []
network_subnet_users = {}
},
v.shared_vpc_service_config
)
: local.__projects_config.data_defaults.shared_vpc_service_config
)
tag_bindings = coalesce( # type: map(string)
local.__projects_config.data_overrides.tag_bindings,
try(v.tag_bindings, null),
local.__projects_config.data_defaults.tag_bindings
)
tags = {
for tag_name, tag_data in try(v.tags, {}) : tag_name => {
description = try(tag_data.description, "Managed by the Terraform project-factory module.")
id = try(tag_data.id, null)
iam = try(tag_data.iam, {})
iam_bindings = try(tag_data.iam_bindings, {})
iam_bindings_additive = try(tag_data.iam_bindings_additive, {})
values = {
for value_name, value_data in try(tag_data.values, {}) : value_name => {
description = try(value_data.description, "Managed by the Terraform project-factory module.")
id = try(value_data.id, null)
iam = try(value_data.iam, {})
iam_bindings = try(value_data.iam_bindings, {})
iam_bindings_additive = try(value_data.iam_bindings_additive, {})
}
}
}
}
vpc_sc = (
local.__projects_config.data_overrides.vpc_sc != null
? local.__projects_config.data_overrides.vpc_sc
: (
try(v.vpc_sc, null) != null
? merge({
perimeter_name = null
is_dry_run = false
}, v.vpc_sc)
: local.__projects_config.data_defaults.vpc_sc
)
)
logging_data_access = coalesce( # type: map(object({...}))
local.__projects_config.data_overrides.logging_data_access,
try(v.logging_data_access, null),
local.__projects_config.data_defaults.logging_data_access
)
quotas = try(v.quotas, {})
})
}
# tflint-ignore: terraform_unused_declarations
_projects_uniqueness_validation = {
# will raise error, if the same project (derived from file name, or provided in the YAML file)
# is used more than once
for k, v in local._projects_output :
"${v.prefix != null ? v.prefix : ""}-${v.name}" => k
}
}

80
modules/net-vpc-factory/factory-vpc.tf
View File

@@ -1,80 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description VPC and firewall factory.
locals {
_vpcs_preprocess = [for factory_key, factory_config in local.network_projects : {
for k, v in try(factory_config.vpc_config, {}) : "${factory_key}/${k}" => {
project_id = module.projects[factory_key].id
name = k
auto_create_subnetworks = try(v.auto_create_subnetworks, false)
create_googleapis_routes = try(v.create_googleapis_routes, {})
delete_default_routes_on_create = try(v.delete_default_routes_on_create, false)
description = try(v.description, "Terraform-managed.")
dns_policy = try(v.dns_policy, {})
firewall_policy_enforcement_order = try(v.firewall_policy_enforcement_order, "AFTER_CLASSIC_FIREWALL")
ipv6_config = try(v.ipv6_config, {})
mtu = try(v.mtu, null)
network_attachments = try(v.network_attachments, {})
policy_based_routes = try(v.policy_based_routes, {})
psa_config = try(v.psa_config, [])
routes = try(v.routes, {})
routing_mode = try(v.routing_mode, "GLOBAL")
subnets_factory_config = try(v.subnets_factory_config, {})
firewall_factory_config = try(v.firewall_factory_config, {})
peering_config = try(v.peering_config, {})
vpn_config = try(v.vpn_config, {})
}
}]
vpcs = merge(
merge(local._vpcs_preprocess...),
var.network_project_config
)
}
module "vpc" {
source = "../net-vpc"
for_each = local.vpcs
project_id = each.value.project_id
name = each.value.name
description = each.value.description
auto_create_subnetworks = each.value.auto_create_subnetworks
create_googleapis_routes = each.value.create_googleapis_routes
delete_default_routes_on_create = each.value.delete_default_routes_on_create
dns_policy = each.value.dns_policy
factories_config = each.value.subnets_factory_config
firewall_policy_enforcement_order = each.value.firewall_policy_enforcement_order
ipv6_config = each.value.ipv6_config
mtu = each.value.mtu
network_attachments = each.value.network_attachments
policy_based_routes = each.value.policy_based_routes
psa_configs = each.value.psa_config
routes = each.value.routes
routing_mode = each.value.routing_mode
depends_on = [module.projects]
}
module "firewall" {
source = "../net-vpc-firewall"
for_each = { for k, v in local.vpcs : k => v if v.firewall_factory_config != null }
project_id = each.value.project_id
network = each.value.name
factories_config = each.value.firewall_factory_config
default_rules_config = { disabled = true }
depends_on = [module.vpc]
}

111
modules/net-vpc-factory/factory-vpn.tf
View File

@@ -1,111 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description VPN factory.
locals {
routers = merge(flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for router_key, router_config in try(vpc_config.routers, {}) : {
"${factory_key}/${vpc_key}/${router_key}" = merge(router_config, {
vpc_self_link = module.vpc["${factory_key}/${vpc_key}"].self_link
project_id = module.projects[factory_key].id
custom_advertise = try(router_config.custom_advertise, {})
advertise_mode = try(router_config.custom_advertise != null, false) ? "CUSTOM" : "DEFAULT"
advertised_groups = try(router_config.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : []
keepalive = try(router_config.keepalive, null)
asn = try(router_config.asn, null)
})
}
]
]
])...)
vpns = merge(flatten([
for factory_key, factory_config in local.network_projects : [
for vpc_key, vpc_config in try(factory_config.vpc_config, {}) : [
for k, v in try(vpc_config.vpn_config, {}) : {
"${factory_key}/${vpc_key}/${k}" = merge(v, {
vpc_name = module.vpc["${factory_key}/${vpc_key}"].name
vpn_name = replace("${factory_key}/${vpc_key}/${k}", "/", "-")
project_id = module.projects[factory_key].id
},
{
router_config = merge(v.router_config,
try(v.router_config.create, false) == false && can(v.router_config.name) ? {
name = try(google_compute_router.default[v.router_config.name].name, v.router_config.name)
} : {}
)
}
)
}
]
]
])...)
}
resource "google_compute_router" "default" {
for_each = local.routers
name = replace(each.key, "/", "-")
project = each.value.project_id
region = each.value.region
network = each.value.vpc_self_link
bgp {
advertise_mode = each.value.advertise_mode
advertised_groups = each.value.advertised_groups
dynamic "advertised_ip_ranges" {
for_each = try(each.value.custom_advertise.ip_ranges, {})
iterator = range
content {
range = range.key
description = range.value
}
}
keepalive_interval = each.value.keepalive
asn = each.value.asn
}
}
resource "google_compute_ha_vpn_gateway" "default" {
for_each = local.vpns
project = each.value.project_id
region = each.value.region
name = replace(each.key, "/", "-")
network = each.value.vpc_name
stack_type = try(each.value.stack_type, null)
depends_on = [module.vpc]
}
module "vpn-ha" {
source = "../net-vpn-ha"
for_each = local.vpns
project_id = each.value.project_id
name = replace(each.key, "/", "-")
network = each.value.vpc_name
region = each.value.region
router_config = each.value.router_config
tunnels = each.value.tunnels
vpn_gateway = google_compute_ha_vpn_gateway.default[each.key].id
vpn_gateway_create = null
peer_gateways = {
for k, gw in each.value.peer_gateways : k => {
for gw_type, value in gw : gw_type => (
gw_type == "gcp" ? try(google_compute_ha_vpn_gateway.default[value].id, value) : value
)
}
}
}

38
modules/net-vpc-factory/main.tf
View File

@@ -1,38 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description Read and process YaML factory files and variables.
locals {
_network_factory_path = try(
pathexpand(var.factories_config.vpcs), null
)
_network_factory_files = try(
fileset(local._network_factory_path, "**/*.yaml"),
[]
)
_network_projects_from_files = {
for f in local._network_factory_files :
f => yamldecode(file("${local._network_factory_path}/${f}"))
}
_network_projects = {
for _, v in local._network_projects_from_files :
v.project_config.name => v
}
network_projects = merge(local._network_projects, var.network_project_config)
}

64
modules/net-vpc-factory/outputs.tf
View File

@@ -1,64 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "host_project_ids" {
description = "Network project ids."
value = { for k, v in module.projects : k => v.project_id }
}
output "host_project_numbers" {
description = "Network project numbers."
value = { for k, v in module.projects : k => v.number }
}
output "subnet_ids" {
description = "IDs of subnets created within each VPC."
value = { for k, v in module.vpc : k => v.subnet_ids }
}
output "subnet_proxy_only_self_links" {
description = "IDs of proxy-only subnets created within each VPC."
value = {
for k, v in module.vpc : k =>
{
for subnet_key, subnet_value in v.subnets_proxy_only : subnet_key => subnet_value.id
}
}
}
output "subnet_psc_self_links" {
description = "IDs of PSC subnets created within each VPC."
value = {
for k, v in module.vpc : k =>
{
for subnet_key, subnet_value in v.subnets_psc : subnet_key => subnet_value.id
}
}
}
output "vpc_self_links" {
description = "Self-links for the VPCs created on each project."
value = { for k, v in module.vpc : k => v.self_link }
}
output "vpn_gateway_endpoints" {
description = "External IP Addresses for the GCP VPN gateways."
value = { for k, v in google_compute_ha_vpn_gateway.default : k =>
{
for interface_key, interface_value in v.vpn_interfaces : interface_key => interface_value.ip_address
}
}
}

58
modules/net-vpc-factory/recipes/hub-and-spoke-ncc/net-dev-01.yaml
View File

@@ -1,58 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-dev-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
dev-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
dns_zones:
root-peering:
zone_config:
domain: .
peering:
peer_network: net-land-01/hub
client_networks:
- net-dev-01/dev-spoke
subnets_factory_config:
subnets_folder: data/subnets/dev-spoke
firewall_factory_config:
rules_folder: data/firewall/dev-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
ncc_config:
hub: net-land-01/hub
group: net-land-01/hub/default

109
modules/net-vpc-factory/recipes/hub-and-spoke-ncc/net-land-01.yaml
View File

@@ -1,109 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-land-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
ncc_hub_config:
name: hub
groups:
default:
auto_accept:
- net-prod-01
- net-dev-01
vpc_config:
test:
delete_default_routes_on_create: false
mtu: 1500
auto_create_subnetworks: true
hub:
delete_default_routes_on_create: false
mtu: 1500
routers:
vpn-router:
region: europe-west8
asn: 64514
dns_zones:
onprem-fwd:
zone_config:
domain: .
forwarding:
forwarders:
"8.8.8.8": default
"1.1.1.1": default
client_networks:
- net-land-01/hub
dot-test:
zone_config:
domain: test.
private:
client_networks:
- net-land-01/hub
recordsets:
"A localhost":
records: ["127.0.0.1"]
subnets_factory_config:
subnets_folder: data/subnets/hub
firewall_factory_config:
rules_folder: data/firewall/hub
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
vpn_config:
to-onprem:
ncc_spoke_config:
hub: net-land-01/hub
region: europe-west8
peer_gateways:
default:
external:
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
interfaces:
- 8.8.8.8
router_config:
create: false
name: net-land-01/hub/vpn-router
tunnels:
remote-0:
bgp_peer:
address: 169.254.128.1
asn: 64513
bgp_session_range: "169.254.128.2/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 0
remote-1:
bgp_peer:
address: 169.254.128.5
asn: 64513
bgp_session_range: "169.254.128.6/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 1

58
modules/net-vpc-factory/recipes/hub-and-spoke-ncc/net-prod-01.yaml
View File

@@ -1,58 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-prod-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
prod-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
dns_zones:
root-peering:
zone_config:
domain: .
peering:
peer_network: net-land-01/hub
client_networks:
- net-prod-01/prod-spoke
subnets_factory_config:
subnets_folder: data/subnets/prod-spoke
firewall_factory_config:
rules_folder: data/firewall/prod-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
ncc_config:
hub: net-land-01/hub
group: net-land-01/hub/default

58
modules/net-vpc-factory/recipes/hub-and-spoke-peering/net-dev-01.yaml
View File

@@ -1,58 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-dev-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
dev-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
dns_zones:
root-peering:
zone_config:
domain: .
peering:
peer_network: net-land-01/hub
client_networks:
- net-dev-01/dev-spoke
subnets_factory_config:
subnets_folder: data/subnets/dev-spoke
firewall_factory_config:
rules_folder: data/firewall/dev-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
peering_config:
to-hub:
peer_network: net-land-01/hub

113
modules/net-vpc-factory/recipes/hub-and-spoke-peering/net-land-01.yaml
View File

@@ -1,113 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-land-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
test:
delete_default_routes_on_create: false
mtu: 1500
auto_create_subnetworks: true
peering_config:
to-hub:
peer_network: net-land-01/hub
hub:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
routers:
vpn-router:
region: europe-west8
asn: 64514
dns_zones:
onprem-fwd:
zone_config:
domain: .
forwarding:
forwarders:
"8.8.8.8": default
"1.1.1.1": default
client_networks:
- net-land-01/hub
dot-test:
zone_config:
domain: test.
private:
client_networks:
- net-land-01/hub
recordsets:
"A localhost":
records: ["127.0.0.1"]
subnets_factory_config:
subnets_folder: data/subnets/hub
firewall_factory_config:
rules_folder: data/firewall/hub
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
peering_config:
to-prod:
peer_network: net-prod-01/prod-spoke
to-dev:
peer_network: net-dev-01/dev-spoke
to-test:
peer_network: net-land-01/test
vpn_config:
to-onprem:
region: europe-west8
peer_gateways:
default:
external:
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
interfaces:
- 8.8.8.8
router_config:
create: false
name: net-land-01/hub/vpn-router
tunnels:
remote-0:
bgp_peer:
address: 169.254.128.1
asn: 64513
bgp_session_range: "169.254.128.2/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 0
remote-1:
bgp_peer:
address: 169.254.128.5
asn: 64513
bgp_session_range: "169.254.128.6/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 1

58
modules/net-vpc-factory/recipes/hub-and-spoke-peering/net-prod-01.yaml
View File

@@ -1,58 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-prod-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
prod-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
dns_zones:
root-peering:
zone_config:
domain: .
peering:
peer_network: net-land-01/hub
client_networks:
- net-prod-01/prod-spoke
subnets_factory_config:
subnets_folder: data/subnets/prod-spoke
firewall_factory_config:
rules_folder: data/firewall/prod-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
peering_config:
to-hub:
peer_network: net-land-01/hub

83
modules/net-vpc-factory/recipes/hub-and-spoke-vpn/net-dev-01.yaml
View File

@@ -1,83 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-dev-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
dev-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
routers:
vpn-router:
region: europe-west8
asn: 64520
dns_zones:
root-peering:
zone_config:
domain: .
peering:
peer_network: net-land-01/hub
client_networks:
- net-dev-01/dev-spoke
subnets_factory_config:
subnets_folder: data/subnets/dev-spoke
firewall_factory_config:
rules_folder: data/firewall/dev-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
vpn_config:
to-hub:
region: europe-west8
peer_gateways:
default:
gcp: net-land-01/hub/to-dev
router_config:
create: false
name: net-dev-01/dev-spoke/vpn-router
tunnels:
remote-0:
shared_secret: foobar
bgp_peer:
address: 169.254.2.1
asn: 64514
bgp_session_range: "169.254.2.2/30"
vpn_gateway_interface: 0
remote-1:
shared_secret: foobar
bgp_peer:
address: 169.254.2.5
asn: 64514
bgp_session_range: "169.254.2.6/30"
vpn_gateway_interface: 1

153
modules/net-vpc-factory/recipes/hub-and-spoke-vpn/net-land-01.yaml
View File

@@ -1,153 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-land-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
test:
delete_default_routes_on_create: false
mtu: 1500
auto_create_subnetworks: true
hub:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
routers:
vpn-router:
region: europe-west8
asn: 64514
custom_advertise:
all_subnets: false
ip_ranges:
"10.0.0.0/8": "rfc1918_10"
dns_zones:
onprem-fwd:
zone_config:
domain: .
forwarding:
forwarders:
"8.8.8.8": default
"1.1.1.1": default
client_networks:
- net-land-01/hub
dot-test:
zone_config:
domain: test.
private:
client_networks:
- net-land-01/hub
recordsets:
"A localhost":
records: ["127.0.0.1"]
subnets_factory_config:
subnets_folder: data/subnets/hub
firewall_factory_config:
rules_folder: data/firewall/hub
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
vpn_config:
to-onprem:
region: europe-west8
peer_gateways:
default:
external:
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
interfaces:
- 8.8.8.8
router_config:
create: false
name: net-land-01/hub/vpn-router
tunnels:
remote-0:
bgp_peer:
address: 169.254.128.1
asn: 64513
bgp_session_range: "169.254.128.2/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 0
remote-1:
bgp_peer:
address: 169.254.128.5
asn: 64513
bgp_session_range: "169.254.128.6/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 1
to-dev:
region: europe-west8
peer_gateways:
default:
gcp: net-dev-01/dev-spoke/to-hub
router_config:
create: false
name: net-land-01/hub/vpn-router
tunnels:
remote-0:
shared_secret: foobar
bgp_peer:
address: 169.254.2.2
asn: 64520
bgp_session_range: "169.254.2.1/30"
vpn_gateway_interface: 0
remote-1:
shared_secret: foobar
bgp_peer:
address: 169.254.2.6
asn: 64520
bgp_session_range: "169.254.2.5/30"
vpn_gateway_interface: 1
to-prod:
region: europe-west8
peer_gateways:
default:
gcp: net-prod-01/prod-spoke/to-hub
router_config:
create: false
name: net-land-01/hub/vpn-router
tunnels:
remote-0:
shared_secret: foobar
bgp_peer:
address: 169.254.3.2
asn: 64523
bgp_session_range: "169.254.3.1/30"
vpn_gateway_interface: 0
remote-1:
shared_secret: foobar
bgp_peer:
address: 169.254.3.6
asn: 64523
bgp_session_range: "169.254.3.5/30"
vpn_gateway_interface: 1

83
modules/net-vpc-factory/recipes/hub-and-spoke-vpn/net-prod-01.yaml
View File

@@ -1,83 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-prod-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
prod-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
routers:
vpn-router:
region: europe-west8
asn: 64523
dns_zones:
root-peering:
zone_config:
domain: .
peering:
peer_network: net-land-01/hub
client_networks:
- net-prod-01/prod-spoke
subnets_factory_config:
subnets_folder: data/subnets/prod-spoke
firewall_factory_config:
rules_folder: data/firewall/prod-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
vpn_config:
to-hub:
region: europe-west8
peer_gateways:
default:
gcp: net-land-01/hub/to-prod
router_config:
create: false
name: net-prod-01/prod-spoke/vpn-router
tunnels:
remote-0:
shared_secret: foobar
bgp_peer:
address: 169.254.3.1
asn: 64514
bgp_session_range: "169.254.3.2/30"
vpn_gateway_interface: 0
remote-1:
shared_secret: foobar
bgp_peer:
address: 169.254.3.5
asn: 64514
bgp_session_range: "169.254.3.6/30"
vpn_gateway_interface: 1

28
modules/net-vpc-factory/recipes/only-projects/net-dev-01.yaml
View File

@@ -1,28 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-dev-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com

30
modules/net-vpc-factory/recipes/only-projects/net-land-01.yaml
View File

@@ -1,30 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
# This file creates an empty project, and exists to keep consistency with the other recipes.
project_config:
name: net-land-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com

28
modules/net-vpc-factory/recipes/only-projects/net-prod-01.yaml
View File

@@ -1,28 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-prod-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com

72
modules/net-vpc-factory/recipes/separate-envs/net-dev-01.yaml
View File

@@ -1,72 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-dev-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
dev-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
routers:
vpn-router:
region: europe-west8
asn: 64514
subnets_factory_config:
subnets_folder: data/subnets/dev-spoke
firewall_factory_config:
rules_folder: data/firewall/dev-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
vpn_config:
to-onprem:
region: europe-west8
peer_gateways:
default:
external:
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
interfaces:
- 8.8.8.8
router_config:
create: false
name: net-dev-01/dev-spoke/vpn-router
tunnels:
remote-0:
bgp_peer:
address: 169.254.1.1
asn: 64513
bgp_session_range: "169.254.1.2/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 0

30
modules/net-vpc-factory/recipes/separate-envs/net-land-01.yaml
View File

@@ -1,30 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
# This file creates an empty project, and exists to keep consistency with the other recipes.
project_config:
name: net-land-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com

72
modules/net-vpc-factory/recipes/separate-envs/net-prod-01.yaml
View File

@@ -1,72 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# yaml-language-server: $schema=../../schemas/network-project.schema.json
project_config:
name: net-prod-01
services:
- container.googleapis.com
- compute.googleapis.com
- dns.googleapis.com
- iap.googleapis.com
- networkmanagement.googleapis.com
- networksecurity.googleapis.com
- servicenetworking.googleapis.com
- stackdriver.googleapis.com
- vpcaccess.googleapis.com
shared_vpc_host_config:
enabled: true
vpc_config:
prod-spoke:
delete_default_routes_on_create: false
mtu: 1500
nat_config:
nat-ew8:
region: europe-west8
routers:
vpn-router:
region: europe-west8
asn: 64514
subnets_factory_config:
subnets_folder: data/subnets/prod-spoke
firewall_factory_config:
rules_folder: data/firewall/prod-spoke
routes:
gateway:
dest_range: "8.8.8.8/32"
priority: 100
next_hop_type: "gateway"
next_hop: "default-internet-gateway"
vpn_config:
to-onprem:
region: europe-west8
peer_gateways:
default:
external:
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
interfaces:
- 8.8.8.8
router_config:
create: false
name: net-prod-01/prod-spoke/vpn-router
tunnels:
remote-0:
bgp_peer:
address: 169.254.1.1
asn: 64513
bgp_session_range: "169.254.1.2/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
vpn_gateway_interface: 0

1559
modules/net-vpc-factory/schemas/network-project.schema.json
View File

File diff suppressed because it is too large Load Diff

479
modules/net-vpc-factory/schemas/network-project.schema.md
View File

@@ -1,479 +0,0 @@
# Network Project Configuration (Single)
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **project_config**: *reference([projectConfig](#refs-projectConfig))*
- **ncc_hub_config**: *reference([nccHubConfig](#refs-nccHubConfig))*
- **vpc_config**: *reference([vpcConfigMap](#refs-vpcConfigMap))*
## Definitions
- **projectConfig**<a name="refs-projectConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- **prefix**: *string*
- **parent**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **billing_account**: *string*
- **deletion_policy**: *string*
<br>*enum: ['DELETE', 'ABANDON']*
- **default_service_account**: *string*
<br>*enum: ['deprovision', 'disable', 'keep']*
- **auto_create_network**: *boolean*
- **project_create**: *boolean*
- **shared_vpc_host_config**: *object*
<br>*additional properties: false*
- ⁺**enabled**: *boolean*
- **service_projects**: *array*
- items: *string*
- **services**: *array*
- items: *string*
<br>*pattern: ^[a-z-]+\.googleapis\.com$*
- **org_policies**: *reference([orgPolicies](#refs-orgPolicies))*
- **metric_scopes**: *array*
- items: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iamBindings](#refs-iamBindings))*
- **iam_bindings_additive**: *reference([iamBindingsAdditive](#refs-iamBindingsAdditive))*
- **iam_by_principals**: *reference([iamByPrincipals](#refs-iamByPrincipals))*
- **iam_by_principals_additive**: *reference([iamByPrincipals](#refs-iamByPrincipals))*
- **quotas**: *reference([quotas](#refs-quotas))*
- **nccHubConfig**<a name="refs-nccHubConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- **description**: *string*
- **preset_topology**: *string*
<br>*enum: ['MESH', 'STAR', 'PLANETARY']*
- **export_psc**: *boolean*
- **groups**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_-]+$`**: *reference([nccGroup](#refs-nccGroup))*
- **nccGroup**<a name="refs-nccGroup"></a>: *object*
<br>*additional properties: false*
- **labels**: *reference([stringMap](#refs-stringMap))*
- **description**: *string*
- **auto_accept**: *array*
- items: *string*
- **vpcConfigMap**<a name="refs-vpcConfigMap"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([vpcConfigEntry](#refs-vpcConfigEntry))*
- **vpcConfigEntry**<a name="refs-vpcConfigEntry"></a>: *object*
<br>*additional properties: false*
- **auto_create_subnetworks**: *boolean*
- **create_googleapis_routes**: *object*
<br>*additional properties: false*
- **private**: *boolean*
- **private-6**: *boolean*
- **restricted**: *boolean*
- **restricted-6**: *boolean*
- **delete_default_routes_on_create**: *boolean*
- **description**: *string*
- **dns_policy**: *object*
<br>*additional properties: false*
- **inbound**: *boolean*
- **logging**: *boolean*
- **outbound**: *object*
<br>*additional properties: false*
- **private_ns**: *array*
- items: *string*
- **public_ns**: *array*
- items: *string*
- **dns_zones**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([dnsZone](#refs-dnsZone))*
- **firewall_policy_enforcement_order**: *string*
<br>*enum: ['AFTER_CLASSIC_FIREWALL', 'BEFORE_CLASSIC_FIREWALL']*
- **ipv6_config**: *object*
<br>*additional properties: false*
- **enable_ula_internal**: *boolean*
- **internal_range**: *string*
- **mtu**: *number*
- **nat_config**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([natConfig](#refs-natConfig))*
- **network_attachments**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([networkAttachment](#refs-networkAttachment))*
- **policy_based_routes**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([policyBasedRoute](#refs-policyBasedRoute))*
- **psa_config**: *array*
- items: *reference([psaConfig](#refs-psaConfig))*
- **routers**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([routerConfig](#refs-routerConfig))*
- **routes**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([routeConfig](#refs-routeConfig))*
- **routing_mode**: *string*
<br>*enum: ['GLOBAL', 'REGIONAL']*
- **subnets_factory_config**: *object*
<br>*additional properties: false*
- **context**: *object*
<br>*additional properties: false*
- **regions**: *reference([stringMap](#refs-stringMap))*
- **subnets_folder**: *string*
- **firewall_factory_config**: *object*
<br>*additional properties: false*
- **cidr_tpl_file**: *string*
- **rules_folder**: *string*
- **vpn_config**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([vpnConfig](#refs-vpnConfig))*
- **peering_config**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([peeringConfig](#refs-peeringConfig))*
- **ncc_config**: *reference([vpcNccConfig](#refs-vpcNccConfig))*
- **dnsZone**<a name="refs-dnsZone"></a>: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **zone_config**: *reference([dnsZoneConfig](#refs-dnsZoneConfig))*
- **recordsets**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_. -]+$`**: *reference([dnsRecordSet](#refs-dnsRecordSet))*
- **dnsZoneConfig**<a name="refs-dnsZoneConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forwarding**: *object*
<br>*additional properties: false*
- **forwarders**: *reference([stringMap](#refs-stringMap))*
- **client_networks**: *array*
- items: *string*
- **peering**: *object*
<br>*additional properties: false*
- **client_networks**: *array*
- items: *string*
- ⁺**peer_network**: *string*
- **public**: *object*
<br>*additional properties: false*
- **dnssec_config**: *reference([dnssecConfig](#refs-dnssecConfig))*
- **enable_logging**: *boolean*
- **private**: *object*
<br>*additional properties: false*
- **client_networks**: *array*
- items: *string*
- **service_directory_namespace**: *string*
- **dnssecConfig**<a name="refs-dnssecConfig"></a>: *object*
<br>*additional properties: false*
- **non_existence**: *string*
<br>*enum: ['nsec', 'nsec3']*
- ⁺**state**: *string*
<br>*enum: ['on', 'off', 'transfer']*
- **key_signing_key**: *reference([dnsKeySpec](#refs-dnsKeySpec))*
- **zone_signing_key**: *reference([dnsKeySpec](#refs-dnsKeySpec))*
- **dnsKeySpec**<a name="refs-dnsKeySpec"></a>: *object*
<br>*additional properties: false*
- ⁺**algorithm**: *string*
<br>*enum: ['rsasha1', 'rsasha256', 'rsasha512', 'ecdsap256sha256', 'ecdsap384sha384']*
- ⁺**key_length**: *number*
- **dnsRecordSet**<a name="refs-dnsRecordSet"></a>: *object*
<br>*additional properties: false*
- **ttl**: *number*
- **records**: *array*
- items: *string*
- **geo_routing**: *array*
- items: *reference([dnsGeoRoutingRule](#refs-dnsGeoRoutingRule))*
- **wrr_routing**: *array*
- items: *reference([dnsWrrRoutingRule](#refs-dnsWrrRoutingRule))*
- **dnsGeoRoutingRule**<a name="refs-dnsGeoRoutingRule"></a>: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- **records**: *array*
- items: *string*
- **health_checked_targets**: *array*
- items: *reference([dnsHealthCheckedTarget](#refs-dnsHealthCheckedTarget))*
- **dnsHealthCheckedTarget**<a name="refs-dnsHealthCheckedTarget"></a>: *object*
<br>*additional properties: false*
- ⁺**load_balancer_type**: *string*
- ⁺**ip_address**: *string*
- ⁺**port**: *string*
- ⁺**ip_protocol**: *string*
- ⁺**network_url**: *string*
- ⁺**project**: *string*
- **region**: *string*
- **dnsWrrRoutingRule**<a name="refs-dnsWrrRoutingRule"></a>: *object*
<br>*additional properties: false*
- ⁺**weight**: *number*
- ⁺**records**: *array*
- items: *string*
- **natConfig**<a name="refs-natConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**region**: *string*
- **router_create**: *boolean*
- **router_name**: *string*
- **router_network**: *string*
- **router_asn**: *number*
- **type**: *string*
<br>*enum: ['PUBLIC', 'PRIVATE']*
- **addresses**: *array*
- items: *string*
- **endpoint_types**: *array*
- items: *string*
<br>*enum: ['ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG', 'ENDPOINT_TYPE_MANAGED_PROXY_LB']*
- **logging_filter**: *string*
<br>*enum: ['ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL']*
- **config_port_allocation**: *object*
<br>*additional properties: false*
- **enable_endpoint_independent_mapping**: *boolean*
- **enable_dynamic_port_allocation**: *boolean*
- **min_ports_per_vm**: *number*
- **max_ports_per_vm**: *number*
- **config_source_subnetworks**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **primary_ranges_only**: *boolean*
- **subnetworks**: *array*
- items: *reference([natSourceSubnetwork](#refs-natSourceSubnetwork))*
- **config_timeouts**: *object*
<br>*additional properties: false*
- **icmp**: *number*
- **tcp_established**: *number*
- **tcp_time_wait**: *number*
- **tcp_transitory**: *number*
- **udp**: *number*
- **rules**: *array*
- items: *reference([natRule](#refs-natRule))*
- **natSourceSubnetwork**<a name="refs-natSourceSubnetwork"></a>: *object*
<br>*additional properties: false*
- ⁺**self_link**: *string*
- **all_ranges**: *boolean*
- **primary_range**: *boolean*
- **secondary_ranges**: *array*
- items: *string*
- **natRule**<a name="refs-natRule"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- ⁺**match**: *string*
- **source_ips**: *array*
- items: *string*
- **source_ranges**: *array*
- items: *string*
- **networkAttachment**<a name="refs-networkAttachment"></a>: *object*
<br>*additional properties: false*
- ⁺**subnet**: *string*
- **automatic_connection**: *boolean*
- **description**: *string*
- **producer_accept_lists**: *array*
- items: *string*
- **producer_reject_lists**: *array*
- items: *string*
- **policyBasedRoute**<a name="refs-policyBasedRoute"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- **labels**: *reference([stringMap](#refs-stringMap))*
- **priority**: *number*
- **next_hop_ilb_ip**: *string*
- **use_default_routing**: *boolean*
- **filter**: *object*
<br>*additional properties: false*
- **ip_protocol**: *string*
- **dest_range**: *string*
- **src_range**: *string*
- **target**: *object*
<br>*additional properties: false*
- **interconnect_attachment**: *string*
- **tags**: *array*
- items: *string*
- **psaConfig**<a name="refs-psaConfig"></a>: *object*
<br>*additional properties: false*
- **deletion_policy**: *string*
<br>*enum: ['delete', 'abandon']*
- **ranges**: *reference([stringMap](#refs-stringMap))*
- **export_routes**: *boolean*
- **import_routes**: *boolean*
- **peered_domains**: *array*
- items: *string*
- **range_prefix**: *string*
- **service_producer**: *string*
- **routerConfig**<a name="refs-routerConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**region**: *string*
- **asn**: *number*
- **custom_advertise**: *reference([customAdvertiseConfig](#refs-customAdvertiseConfig))*
- **keepalive**: *number*
- **name**: *string*
- **routeConfig**<a name="refs-routeConfig"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- ⁺**dest_range**: *string*
- ⁺**next_hop_type**: *string*
- ⁺**next_hop**: *string*
- **priority**: *number*
- **tags**: *array*
- items: *string*
- **vpnConfig**<a name="refs-vpnConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**region**: *string*
- **ncc_spoke_config**: *object*
<br>*additional properties: false*
- **hub**: *string*
- **description**: *string*
- **labels**: *reference([stringMap](#refs-stringMap))*
- ⁺**peer_gateways**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([peerGateway](#refs-peerGateway))*
- **router_config**: *reference([vpnRouterConfig](#refs-vpnRouterConfig))*
- **stack_type**: *string*
<br>*enum: ['IPV4_ONLY', 'IPV4_IPV6']*
- ⁺**tunnels**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9-]+$`**: *reference([vpnTunnel](#refs-vpnTunnel))*
- **peerGateway**<a name="refs-peerGateway"></a>: *object*
<br>*additional properties: false*
- **external**: *reference([externalPeerGateway](#refs-externalPeerGateway))*
- **gcp**: *string*
- **externalPeerGateway**<a name="refs-externalPeerGateway"></a>: *object*
<br>*additional properties: false*
- ⁺**redundancy_type**: *string*
<br>*enum: ['SINGLE_IP_INTERNALLY_REDUNDANT', 'TWO_IPS_REDUNDANCY', 'FOUR_IPS_REDUNDANCY']*
- ⁺**interfaces**: *array*
- items: *string*
- **description**: *string*
- **name**: *string*
- **vpnRouterConfig**<a name="refs-vpnRouterConfig"></a>: *object*
<br>*additional properties: false*
- **asn**: *number*
- **create**: *boolean*
- **custom_advertise**: *reference([customAdvertiseConfig](#refs-customAdvertiseConfig))*
- **keepalive**: *number*
- **name**: *string*
- **override_name**: *string*
- **vpnTunnel**<a name="refs-vpnTunnel"></a>: *object*
<br>*additional properties: false*
- **bgp_peer**: *reference([bgpPeerConfig](#refs-bgpPeerConfig))*
- ⁺**bgp_session_range**: *string*
- **ike_version**: *number*
<br>*enum: [1, 2]*
- **name**: *string*
- **peer_external_gateway_interface**: *number*
- **peer_router_interface_name**: *string*
- **peer_gateway**: *string*
- **router**: *string*
- **shared_secret**: *string*
- ⁺**vpn_gateway_interface**: *number*
- **bgpPeerConfig**<a name="refs-bgpPeerConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**address**: *string*
- ⁺**asn**: *number*
- **route_priority**: *number*
- **custom_advertise**: *reference([customAdvertiseConfig](#refs-customAdvertiseConfig))*
- **md5_authentication_key**: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- **key**: *string*
- **ipv6**: *object*
<br>*additional properties: false*
- **nexthop_address**: *string*
- **peer_nexthop_address**: *string*
- **name**: *string*
- **customAdvertiseConfig**<a name="refs-customAdvertiseConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**all_subnets**: *boolean*
- **ip_ranges**: *reference([stringMap](#refs-stringMap))*
- **peeringConfig**<a name="refs-peeringConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**peer_network**: *string*
- **routes_config**: *object*
<br>*additional properties: false*
- **export**: *boolean*
- **import**: *boolean*
- **public_export**: *boolean*
- **public_import**: *boolean*
- **stack_type**: *string*
<br>*enum: ['IPV4_ONLY', 'IPV4_IPV6']*
- **vpcNccConfig**<a name="refs-vpcNccConfig"></a>: *object*
<br>*additional properties: false*
- ⁺**hub**: *string*
- **description**: *string*
- **labels**: *reference([stringMap](#refs-stringMap))*
- **group**: *string*
- **exclude_export_ranges**: *array*
- items: *string*
- **include_export_ranges**: *array*
- items: *string*
- **stringMap**<a name="refs-stringMap"></a>: *object*
*additional properties: String*
- **condition**<a name="refs-condition"></a>: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **principalPattern**<a name="refs-principalPattern"></a>: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **rolePattern**<a name="refs-rolePattern"></a>: *string*
<br>*pattern: ^roles/*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^roles/`**: *array*
- items: *reference([principalPattern](#refs-principalPattern))*
- **iamBindings**<a name="refs-iamBindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- ⁺**members**: *array*
- items: *reference([principalPattern](#refs-principalPattern))*
- **role**: *reference([rolePattern](#refs-rolePattern))*
- **condition**: *reference([condition](#refs-condition))*
- **iamBindingsAdditive**<a name="refs-iamBindingsAdditive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *reference([principalPattern](#refs-principalPattern))*
- **role**: *reference([rolePattern](#refs-rolePattern))*
- **condition**: *reference([condition](#refs-condition))*
- **iamByPrincipals**<a name="refs-iamByPrincipals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])`**: *array*
- items: *reference([rolePattern](#refs-rolePattern))*
- **orgPolicies**<a name="refs-orgPolicies"></a>: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *reference([orgPolicyConfig](#refs-orgPolicyConfig))*
- **orgPolicyConfig**<a name="refs-orgPolicyConfig"></a>: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *reference([orgPolicyRule](#refs-orgPolicyRule))*
- **orgPolicyRule**<a name="refs-orgPolicyRule"></a>: *object*
<br>*additional properties: false*
- **allow**: *reference([orgPolicyRuleAllowDeny](#refs-orgPolicyRuleAllowDeny))*
- **deny**: *reference([orgPolicyRuleAllowDeny](#refs-orgPolicyRuleAllowDeny))*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **orgPolicyRuleAllowDeny**<a name="refs-orgPolicyRuleAllowDeny"></a>: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **quotas**<a name="refs-quotas"></a>: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_-]+$`**: *object*
<br>*additional properties: false*
- ⁺**service**: *string*
- ⁺**quota_id**: *string*
- ⁺**preferred_value**: *number*
- **dimensions**: *object*
*additional properties: String*
- **justification**: *string*
- **contact_email**: *string*
- **annotations**: *object*
*additional properties: String*
- **ignore_safety_checks**: *string*
<br>*enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']*

402
modules/net-vpc-factory/variables.tf
View File

@@ -1,402 +0,0 @@
/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "billing_account" {
description = "Billing account id."
type = string
}
variable "factories_config" {
description = "Configuration for network resource factories."
type = object({
vpcs = optional(string, "recipes/hub-and-spoke-ncc")
firewall_policy_name = optional(string, "net-default")
})
default = {
vpcs = "recipes/hub-and-spoke-ncc"
}
}
variable "network_project_config" {
description = "Consolidated configuration for project, VPCs and their associated resources."
type = map(object({
project_config = object({
name = string
prefix = optional(string)
parent = optional(string)
billing_account = optional(string)
deletion_policy = optional(string, "DELETE")
default_service_account = optional(string, "keep")
auto_create_network = optional(bool, false)
project_create = optional(bool, true)
shared_vpc_host_config = optional(object({
enabled = bool
service_projects = optional(list(string), [])
}))
services = optional(list(string), )
org_policies = optional(map(object({
inherit_from_parent = optional(bool)
reset = optional(bool)
rules = optional(list(object({
allow = optional(object({
all = optional(bool)
values = optional(list(string))
}))
deny = optional(object({
all = optional(bool)
values = optional(list(string))
}))
enforce = optional(bool)
condition = optional(object({
description = optional(string)
expression = optional(string)
location = optional(string)
title = optional(string)
}), {})
})), )
})), {})
metric_scopes = optional(list(string), [])
iam = optional(map(list(string)), {})
iam_bindings = optional(map(object({
members = list(string)
role = string
condition = optional(object({
expression = string
title = string
description = optional(string)
}))
})), {})
iam_bindings_additive = optional(map(object({
member = string
role = string
condition = optional(object({
expression = string
title = string
description = optional(string)
}))
})), {})
iam_by_principals_additive = optional(map(list(string)), {})
iam_by_principals = optional(map(list(string)), {})
})
ncc_hub_config = optional(object({
name = string
description = optional(string, "Terraform-managed.")
preset_topology = optional(string, "MESH")
export_psc = optional(bool, true)
groups = optional(map(object({
labels = optional(map(string))
description = optional(string, "Terraform-managed.")
auto_accept = optional(list(string), [])
})))
}))
vpc_config = optional(map(object({
auto_create_subnetworks = optional(bool, false)
create_googleapis_routes = optional(object({
private = optional(bool, true)
private-6 = optional(bool, false)
restricted = optional(bool, true)
restricted-6 = optional(bool, false)
}), {})
delete_default_routes_on_create = optional(bool, false)
description = optional(string, "Terraform-managed.")
dns_policy = optional(object({
inbound = optional(bool)
logging = optional(bool)
outbound = optional(object({
private_ns = list(string)
public_ns = list(string)
}))
}))
dns_zones = optional(map(object({
force_destroy = optional(bool)
description = optional(string, "Terraform managed.")
iam = optional(map(list(string)), {})
zone_config = object({
domain = string
forwarding = optional(object({
forwarders = optional(map(string), {})
client_networks = optional(list(string), )
}))
peering = optional(object({
client_networks = optional(list(string), )
peer_network = string
}))
public = optional(object({
dnssec_config = optional(object({
non_existence = optional(string, "nsec3")
state = string
key_signing_key = optional(object(
{ algorithm = string, key_length = number }),
{ algorithm = "rsasha256", key_length = 2048 }
)
zone_signing_key = optional(object(
{ algorithm = string, key_length = number }),
{ algorithm = "rsasha256", key_length = 1024 }
)
}))
enable_logging = optional(bool, false)
}))
private = optional(object({
client_networks = optional(list(string), )
service_directory_namespace = optional(string)
}))
})
recordsets = optional(map(object({
ttl = optional(number, 300)
records = optional(list(string))
geo_routing = optional(list(object({
location = string
records = optional(list(string))
health_checked_targets = optional(list(object({
load_balancer_type = string
ip_address = string
port = string
ip_protocol = string
network_url = string
project = string
region = optional(string)
})))
})))
wrr_routing = optional(list(object({
weight = number
records = list(string)
})))
})), {})
})))
firewall_policy_enforcement_order = optional(string, "AFTER_CLASSIC_FIREWALL")
ipv6_config = optional(object({
enable_ula_internal = optional(bool)
internal_range = optional(string)
}), {})
mtu = optional(number)
name = string
nat_config = optional(map(object({
region = string
router_create = optional(bool, true)
router_name = optional(string)
router_network = optional(string)
router_asn = optional(number)
type = optional(string, "PUBLIC")
addresses = optional(list(string), [])
endpoint_types = optional(list(string))
logging_filter = optional(string)
config_port_allocation = optional(object({
enable_endpoint_independent_mapping = optional(bool, true)
enable_dynamic_port_allocation = optional(bool, false)
min_ports_per_vm = optional(number)
max_ports_per_vm = optional(number, 65536)
}), {})
config_source_subnetworks = optional(object({
all = optional(bool, true)
primary_ranges_only = optional(bool)
subnetworks = optional(list(object({
self_link = string
all_ranges = optional(bool, true)
primary_range = optional(bool, false)
secondary_ranges = optional(list(string))
})), [])
}), {})
config_timeouts = optional(object({
icmp = optional(number)
tcp_established = optional(number)
tcp_time_wait = optional(number)
tcp_transitory = optional(number)
udp = optional(number)
}), {})
rules = optional(list(object({
description = optional(string)
match = string
source_ips = optional(list(string))
source_ranges = optional(list(string))
})), [])
})))
network_attachments = optional(map(object({
subnet = string
automatic_connection = optional(bool, false)
description = optional(string, "Terraform-managed.")
producer_accept_lists = optional(list(string))
producer_reject_lists = optional(list(string))
})), {})
policy_based_routes = optional(map(object({
description = optional(string, "Terraform-managed.")
labels = optional(map(string))
priority = optional(number)
next_hop_ilb_ip = optional(string)
use_default_routing = optional(bool, false)
filter = optional(object({
ip_protocol = optional(string)
dest_range = optional(string)
src_range = optional(string)
}), {})
target = optional(object({
interconnect_attachment = optional(string)
tags = optional(list(string))
}), {})
})), {})
psa_config = optional(list(object({
deletion_policy = optional(string, null)
ranges = map(string)
export_routes = optional(bool, false)
import_routes = optional(bool, false)
peered_domains = optional(list(string), [])
range_prefix = optional(string)
service_producer = optional(string, "servicenetworking.googleapis.com")
})), [])
routers = optional(map(object({
region = string
asn = optional(number)
custom_advertise = optional(object({
all_subnets = bool
ip_ranges = map(string)
}))
keepalive = optional(number)
name = optional(string)
})))
routes = optional(map(object({
description = optional(string, "Terraform-managed.")
dest_range = string
next_hop_type = string
next_hop = string
priority = optional(number)
tags = optional(list(string))
})), {})
routing_mode = optional(string, "GLOBAL")
subnets_factory_config = optional(object({
context = optional(object({
regions = optional(map(string), {})
}), {})
subnets_folder = optional(string)
}), {})
firewall_factory_config = optional(object({
cidr_tpl_file = optional(string)
rules_folder = optional(string)
}), {})
vpn_config = optional(map(object({
#TOFIX: are we even using name?
name = string
region = string
ncc_spoke_config = optional(object({
hub = string
description = string
labels = map(string)
}))
peer_gateways = map(object({
external = optional(object({
redundancy_type = string
interfaces = list(string)
description = optional(string, "Terraform managed external VPN gateway")
name = optional(string)
}))
gcp = optional(string)
}))
router_config = object({
asn = optional(number)
create = optional(bool, true)
custom_advertise = optional(object({
all_subnets = bool
ip_ranges = map(string)
}))
keepalive = optional(number)
name = optional(string)
override_name = optional(string)
})
stack_type = optional(string)
tunnels = map(object({
bgp_peer = object({
address = string
asn = number
route_priority = optional(number, 1000)
custom_advertise = optional(object({
all_subnets = bool
ip_ranges = map(string)
}))
md5_authentication_key = optional(object({
name = string
key = optional(string)
}))
ipv6 = optional(object({
nexthop_address = optional(string)
peer_nexthop_address = optional(string)
}))
name = optional(string)
})
# each BGP session on the same Cloud Router must use a unique /30 CIDR
# from the 169.254.0.0/16 block.
bgp_session_range = string
ike_version = optional(number, 2)
name = optional(string)
peer_external_gateway_interface = optional(number)
peer_router_interface_name = optional(string)
peer_gateway = optional(string, "default")
router = optional(string)
shared_secret = optional(string)
vpn_gateway_interface = number
}))
})), {})
peering_config = optional(map(object({
peer_network = string
routes_config = optional(object({
export = optional(bool, true)
import = optional(bool, true)
public_export = optional(bool)
public_import = optional(bool)
}
), {})
stack_type = optional(string)
})), {})
ncc_config = optional(object({
hub = string
description = optional(string, "Terraform-managed.")
labels = optional(map(string))
group = optional(string)
exclude_export_ranges = optional(list(string), null)
include_export_ranges = optional(list(string), null)
}))
})))
}))
default = null
}
variable "parent_id" {
description = "Root node for the projects created by the factory. Must be either organizations/XXXXXXXX or folders/XXXXXXXX."
type = string
}
variable "prefix" {
description = "Prefix used for projects."
type = string
}
variable "project_reuse" {
description = "Reuse existing project if not null. If name and number are not passed in, a data source is used."
type = object({
use_data_source = optional(bool, true)
attributes = optional(object({
name = string
number = number
services_enabled = optional(list(string), [])
}))
})
default = null
validation {
condition = (
try(var.project_reuse.use_data_source, null) != false ||
try(var.project_reuse.attributes, null) != null
)
error_message = "Reuse datasource can be disabled only if attributes are set."
}
}

35
modules/net-vpc-factory/versions.tf generated
View File

@@ -1,35 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Fabric release: v45.0.0
terraform {
required_version = ">= 1.12.2"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 7.6.0, < 8.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 7.6.0, < 8.0.0" # tftest
}
}
provider_meta "google" {
module_name = "google-pso-tool/cloud-foundation-fabric/modules/net-vpc-factory:v45.0.0-tf"
}
provider_meta "google-beta" {
module_name = "google-pso-tool/cloud-foundation-fabric/modules/net-vpc-factory:v45.0.0-tf"
}
}

35
modules/net-vpc-factory/versions.tofu generated
View File

@@ -1,35 +0,0 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Fabric release: v45.0.0
terraform {
required_version = ">= 1.10.0"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 7.6.0, < 8.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 7.6.0, < 8.0.0" # tftest
}
}
provider_meta "google" {
module_name = "google-pso-tool/cloud-foundation-fabric/modules/net-vpc-factory:v45.0.0-tofu"
}
provider_meta "google-beta" {
module_name = "google-pso-tool/cloud-foundation-fabric/modules/net-vpc-factory:v45.0.0-tofu"
}
}