From f07e4f64e9d8d4bc304baa8982720f16f2c039ad Mon Sep 17 00:00:00 2001 From: Liam Nesteroff <35284740+lnesteroff@users.noreply.github.com> Date: Thu, 3 Jul 2025 09:12:05 +1000 Subject: [PATCH] Standardise reuse variable from project module and implement for net-vpc (#3205) * exposing the network_id from the net-vpc module for use with tag bindings * convert vpc_create to vpc_reuse * Changed the reuse vars to standardised attributes * fixed readme tests and schemas * modified apigee blueprint to use vpc_reuse with network_id passthrough --------- Co-authored-by: Ludovico Magnocavallo --- .../apigee/apigee-x-foundations/README.md | 16 +++--- .../apigee/apigee-x-foundations/main.tf | 16 +++++- .../apigee/apigee-x-foundations/northbound.tf | 8 +-- .../apigee/apigee-x-foundations/variables.tf | 9 +++- .../apigee/bigquery-analytics/README.md | 2 +- blueprints/apigee/bigquery-analytics/main.tf | 2 +- .../apigee/bigquery-analytics/variables.tf | 20 +++++-- .../data-solutions/sqlserver-alwayson/vpc.tf | 7 ++- blueprints/gke/autopilot/README.md | 4 +- blueprints/gke/autopilot/variables.tf | 24 ++++++--- blueprints/gke/autopilot/vpc.tf | 2 +- .../gke/patterns/autopilot-cluster/main.tf | 7 ++- .../tenant-fast-automation.tf | 2 +- .../schemas/project.schema.md | 2 +- .../3-data-platform-dev/data-domains.tf | 2 +- .../3-data-platform-dev/data-products.tf | 2 +- .../api-gateway/recipe-multi-region/main.tf | 4 +- modules/apigee/recipe-apigee-swp/main.tf | 4 +- modules/compute-vm/README.md | 2 +- modules/gcs/README.md | 4 +- .../recipe-cloud-run-iap/main.tf | 4 +- .../main.tf | 4 +- .../net-lb-int/recipe-ilb-next-hop/main.tf | 4 +- modules/net-vpc-factory/README.md | 2 +- .../factory-projects-object.tf | 12 ++--- .../schemas/network-project.schema.json | 2 +- .../schemas/network-project.schema.md | 2 +- modules/net-vpc-factory/variables.tf | 6 +-- modules/net-vpc/README.md | 2 +- modules/net-vpc/main.tf | 53 ++++++++++++------- modules/net-vpc/routes.tf | 2 +- modules/net-vpc/variables.tf | 20 +++++-- modules/net-vpn-ha/recipe-vpn-aws-gcp/gcp.tf | 6 +-- modules/project-factory/README.md | 2 +- .../factory-projects-object.tf | 12 ++--- modules/project-factory/main.tf | 2 +- .../schemas/project.schema.json | 2 +- .../project-factory/schemas/project.schema.md | 2 +- modules/project-factory/variables.tf | 2 +- modules/project/README.md | 4 +- modules/project/main.tf | 4 +- modules/project/service-agents.tf | 2 +- modules/project/variables.tf | 6 +-- 43 files changed, 190 insertions(+), 106 deletions(-) diff --git a/blueprints/apigee/apigee-x-foundations/README.md b/blueprints/apigee/apigee-x-foundations/README.md index a5b3f2fe0..89820ae05 100644 --- a/blueprints/apigee/apigee-x-foundations/README.md +++ b/blueprints/apigee/apigee-x-foundations/README.md @@ -79,7 +79,8 @@ module "apigee-x-foundations" { } network_config = { shared_vpc = { - name = "my-shared-vpc" + name = "my-shared-vpc" + network_id = "111222333444555" subnets = { europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-ew1" } @@ -181,7 +182,8 @@ module "apigee-x-foundations" { } network_config = { shared_vpc = { - name = "my-shared-vpc" + name = "my-shared-vpc" + network_id = "111222333444555" subnets = { europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-eu1" europe-west4 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-eu4" @@ -192,7 +194,7 @@ module "apigee-x-foundations" { } } apigee_vpc = { - auto_create = true + name = "apigee-vpc" } } ext_lb_config = { @@ -274,7 +276,8 @@ module "apigee-x-foundations" { } network_config = { shared_vpc = { - name = "my-shared-vpc" + name = "my-shared-vpc" + network_id = "111222333444555" subnets = { europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-ew1" } @@ -428,7 +431,6 @@ module "apigee-x-foundations" { } network_config = { apigee_vpc = { - auto_create = true subnets = { europe-west1 = { ip_cidr_range = "10.0.0.0/29" @@ -476,12 +478,12 @@ module "apigee-x-foundations" { | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [apigee_config](variables.tf#L17) | Apigee configuration. | object({…}) | ✓ | | | -| [project_config](variables.tf#L333) | Project configuration. | object({…}) | ✓ | | | +| [project_config](variables.tf#L338) | Project configuration. | object({…}) | ✓ | | | | [enable_monitoring](variables.tf#L116) | Boolean flag indicating whether an custom metric to monitor instances should be created in Cloud monitoring. | bool | | false | | | [ext_lb_config](variables.tf#L122) | External application load balancer configuration. | object({…}) | | null | | | [int_cross_region_lb_config](variables.tf#L194) | Internal application load balancer configuration. | object({…}) | | null | | | [int_lb_config](variables.tf#L254) | Internal application load balancer configuration. | object({…}) | | null | | -| [network_config](variables.tf#L290) | Network configuration. | object({…}) | | {} | | +| [network_config](variables.tf#L290) | Network configuration. | object({…}) | | {} | | ## Outputs diff --git a/blueprints/apigee/apigee-x-foundations/main.tf b/blueprints/apigee/apigee-x-foundations/main.tf index 9050a6912..04312710b 100644 --- a/blueprints/apigee/apigee-x-foundations/main.tf +++ b/blueprints/apigee/apigee-x-foundations/main.tf @@ -63,7 +63,19 @@ module "shared_vpc" { source = "../../../modules/net-vpc" project_id = var.project_config.shared_vpc_service_config.host_project name = var.network_config.shared_vpc.name - vpc_create = false + vpc_reuse = ( + var.network_config.shared_vpc.network_id == null + ? { + use_data_source = true + attributes = null + } + : { + use_data_source = false + attributes = { + network_id = var.network_config.shared_vpc.network_id + } + } + ) } module "apigee_vpc" { @@ -71,7 +83,7 @@ module "apigee_vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id name = coalesce(var.network_config.apigee_vpc.name, "apigee-vpc") - vpc_create = var.network_config.apigee_vpc.auto_create + vpc_reuse = var.network_config.apigee_vpc.vpc_reuse psa_configs = [{ ranges = merge(flatten([for k, v in var.apigee_config.instances : merge( v.runtime_ip_cidr_range == null ? {} : { "apigee-22-${k}" = v.runtime_ip_cidr_range }, diff --git a/blueprints/apigee/apigee-x-foundations/northbound.tf b/blueprints/apigee/apigee-x-foundations/northbound.tf index 25e39e54d..fc14c63cb 100644 --- a/blueprints/apigee/apigee-x-foundations/northbound.tf +++ b/blueprints/apigee/apigee-x-foundations/northbound.tf @@ -29,15 +29,15 @@ locals { } network = try(module.shared_vpc[0].id, module.apigee_vpc[0].id) neg_subnets = (var.network_config.shared_vpc == null ? - (try(var.network_config.apigee_vpc.auto_create, false) ? + (try(var.network_config.apigee_vpc.vpc_reuse, null) == null ? { for k, v in module.apigee_vpc[0].subnets_psc : v.region => v.id } : - { for k, v in var.network_config.apigee_vpc.subnets_psc : v => v.id }) : + { for k, v in var.network_config.apigee_vpc.subnets_psc : k => v.id }) : var.network_config.shared_vpc.subnets_psc ) ilb_subnets = (var.network_config.shared_vpc == null ? - (try(var.network_config.apigee_vpc.auto_create, false) ? + (try(var.network_config.apigee_vpc.vpc_reuse, null) == null ? { for k, v in module.apigee_vpc[0].subnets : v.region => v.id } : - { for k, v in var.network_config.apigee_vpc.subnets : v => v.id }) : + { for k, v in var.network_config.apigee_vpc.subnets : k => v.id }) : var.network_config.shared_vpc.subnets ) ext_instances = var.ext_lb_config == null ? {} : { for k, v in local.neg_subnets : k => module.apigee.instances[k] } diff --git a/blueprints/apigee/apigee-x-foundations/variables.tf b/blueprints/apigee/apigee-x-foundations/variables.tf index cc0b1a6a4..ecb5a03fe 100644 --- a/blueprints/apigee/apigee-x-foundations/variables.tf +++ b/blueprints/apigee/apigee-x-foundations/variables.tf @@ -292,12 +292,17 @@ variable "network_config" { type = object({ shared_vpc = optional(object({ name = string + network_id = optional(number) subnets = map(string) subnets_psc = map(string) })) apigee_vpc = optional(object({ - name = optional(string) - auto_create = optional(bool, true) + name = optional(string) + vpc_reuse = optional(object({ + use_data_source = optional(bool, true) + attributes = optional(object({ + network_id = number + })) })) subnets = optional(map(object({ id = optional(string) name = optional(string) diff --git a/blueprints/apigee/bigquery-analytics/README.md b/blueprints/apigee/bigquery-analytics/README.md index 77e8464e2..e46b66433 100644 --- a/blueprints/apigee/bigquery-analytics/README.md +++ b/blueprints/apigee/bigquery-analytics/README.md @@ -66,7 +66,7 @@ Do the following to verify that everything works as expected. | [organization](variables.tf#L59) | Apigee organization. | object({…}) | | {…} | | [path](variables.tf#L75) | Bucket path. | string | | "/analytics" | | [project_create](variables.tf#L82) | Parameters for the creation of the new project. | object({…}) | | null | -| [vpc_create](variables.tf#L103) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | +| [vpc_reuse](variables.tf#L103) | Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used. | object({…}) | | null | ## Outputs diff --git a/blueprints/apigee/bigquery-analytics/main.tf b/blueprints/apigee/bigquery-analytics/main.tf index a6a1bf863..48eb87ffd 100644 --- a/blueprints/apigee/bigquery-analytics/main.tf +++ b/blueprints/apigee/bigquery-analytics/main.tf @@ -59,7 +59,7 @@ module "vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id name = var.organization.authorized_network - vpc_create = var.vpc_create + vpc_reuse = var.vpc_reuse subnets_psc = [for k, v in var.psc_config : { ip_cidr_range = v name = "subnet-psc-${k}" diff --git a/blueprints/apigee/bigquery-analytics/variables.tf b/blueprints/apigee/bigquery-analytics/variables.tf index 3552d58e4..a45cd71e6 100644 --- a/blueprints/apigee/bigquery-analytics/variables.tf +++ b/blueprints/apigee/bigquery-analytics/variables.tf @@ -100,8 +100,20 @@ variable "psc_config" { nullable = false } -variable "vpc_create" { - description = "Boolean flag indicating whether the VPC should be created or not." - type = bool - default = true +variable "vpc_reuse" { + description = "Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used." + type = object({ + use_data_source = optional(bool, true) + attributes = optional(object({ + network_id = number + })) + }) + default = null + validation { + condition = ( + try(var.vpc_reuse.use_data_source, null) != false || + try(var.vpc_reuse.attributes, null) != null + ) + error_message = "Reuse datasource can be disabled only if attributes are set." + } } diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf index 1e53b3b05..576c66c45 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf @@ -72,7 +72,12 @@ module "vpc" { region = var.region } ] : [] - vpc_create = var.project_create != null ? true : false + vpc_reuse = ( + var.project_create == null + ? { + use_data_source = true + } : null + ) } module "firewall" { diff --git a/blueprints/gke/autopilot/README.md b/blueprints/gke/autopilot/README.md index 526f3d3bf..e31fc60c7 100644 --- a/blueprints/gke/autopilot/README.md +++ b/blueprints/gke/autopilot/README.md @@ -69,8 +69,8 @@ Alternatively you can also check all the above using the dashboards available in | [mgmt_subnet_cidr_block](variables.tf#L60) | Management subnet IP CIDR range. | string | | "10.0.2.0/24" | | [project_create](variables.tf#L66) | Parameters for the creation of the new project. | object({…}) | | null | | [region](variables.tf#L80) | Region. | string | | "europe-west1" | -| [vpc_create](variables.tf#L86) | Flag indicating whether the VPC should be created or not. | bool | | true | -| [vpc_name](variables.tf#L92) | VPC name. | string | | "vpc" | +| [vpc_name](variables.tf#L86) | VPC name. | string | | "vpc" | +| [vpc_reuse](variables.tf#L93) | Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used. | object({…}) | | null | ## Outputs diff --git a/blueprints/gke/autopilot/variables.tf b/blueprints/gke/autopilot/variables.tf index 65d6c3463..37101d3eb 100644 --- a/blueprints/gke/autopilot/variables.tf +++ b/blueprints/gke/autopilot/variables.tf @@ -83,15 +83,27 @@ variable "region" { default = "europe-west1" } -variable "vpc_create" { - description = "Flag indicating whether the VPC should be created or not." - type = bool - default = true -} - variable "vpc_name" { description = "VPC name." type = string nullable = false default = "vpc" } + +variable "vpc_reuse" { + description = "Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used." + type = object({ + use_data_source = optional(bool, true) + attributes = optional(object({ + network_id = number + })) + }) + default = null + validation { + condition = ( + try(var.vpc_reuse.use_data_source, null) != false || + try(var.vpc_reuse.attributes, null) != null + ) + error_message = "Reuse datasource can be disabled only if attributes are set." + } +} diff --git a/blueprints/gke/autopilot/vpc.tf b/blueprints/gke/autopilot/vpc.tf index b7400162c..6dd76266a 100644 --- a/blueprints/gke/autopilot/vpc.tf +++ b/blueprints/gke/autopilot/vpc.tf @@ -18,7 +18,7 @@ module "vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id name = var.vpc_name - vpc_create = var.vpc_create + vpc_reuse = var.vpc_reuse subnets = [ { ip_cidr_range = var.mgmt_subnet_cidr_block diff --git a/blueprints/gke/patterns/autopilot-cluster/main.tf b/blueprints/gke/patterns/autopilot-cluster/main.tf index 90d6c76d9..8680bc485 100644 --- a/blueprints/gke/patterns/autopilot-cluster/main.tf +++ b/blueprints/gke/patterns/autopilot-cluster/main.tf @@ -56,7 +56,12 @@ module "project" { parent = try(var.project_create.parent, null) billing_account = try(var.project_create.billing_account, null) name = var.project_id - project_create = var.project_create != null + project_reuse = ( + var.project_create == null + ? { + use_data_source = true + } : null + ) services = compact([ "anthos.googleapis.com", var.registry_create ? "artifactregistry.googleapis.com" : null, diff --git a/fast/addons/1-resman-tenants/tenant-fast-automation.tf b/fast/addons/1-resman-tenants/tenant-fast-automation.tf index b5c3cc0d8..6135f2d9e 100644 --- a/fast/addons/1-resman-tenants/tenant-fast-automation.tf +++ b/fast/addons/1-resman-tenants/tenant-fast-automation.tf @@ -94,7 +94,7 @@ module "tenant-automation-project-iam" { name = module.tenant-automation-project[each.key].project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = module.tenant-automation-project[each.key].name number = module.tenant-automation-project[each.key].number } diff --git a/fast/stages/2-project-factory/schemas/project.schema.md b/fast/stages/2-project-factory/schemas/project.schema.md index 0be198251..2f7583511 100644 --- a/fast/stages/2-project-factory/schemas/project.schema.md +++ b/fast/stages/2-project-factory/schemas/project.schema.md @@ -73,7 +73,7 @@ - **project_reuse**: *object*
*additional properties: false* - **use_data_source**: *boolean* - - **project_attributes**: *object* + - **attributes**: *object* - ⁺**name**: *string* - ⁺**number**: *number* - **services_enabled**: *array* diff --git a/fast/stages/3-data-platform-dev/data-domains.tf b/fast/stages/3-data-platform-dev/data-domains.tf index 70fae18df..8e434611e 100644 --- a/fast/stages/3-data-platform-dev/data-domains.tf +++ b/fast/stages/3-data-platform-dev/data-domains.tf @@ -118,7 +118,7 @@ module "dd-projects-iam" { name = module.dd-projects[each.key].project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = module.dd-projects[each.key].name number = module.dd-projects[each.key].number services_enabled = local.dd_services[each.key] diff --git a/fast/stages/3-data-platform-dev/data-products.tf b/fast/stages/3-data-platform-dev/data-products.tf index 5095f4a8a..1a2ce5c76 100644 --- a/fast/stages/3-data-platform-dev/data-products.tf +++ b/fast/stages/3-data-platform-dev/data-products.tf @@ -48,7 +48,7 @@ module "dp-projects-iam" { name = module.dp-projects[each.key].project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = module.dp-projects[each.key].name number = module.dp-projects[each.key].number services_enabled = each.value.services diff --git a/modules/api-gateway/recipe-multi-region/main.tf b/modules/api-gateway/recipe-multi-region/main.tf index 21b55b1dc..e48dd364e 100644 --- a/modules/api-gateway/recipe-multi-region/main.tf +++ b/modules/api-gateway/recipe-multi-region/main.tf @@ -55,8 +55,8 @@ module "project" { source = "../../../modules/project" name = var.project_id project_reuse = { - use_data_source = var._testing == null - project_attributes = var._testing + use_data_source = var._testing == null + attributes = var._testing } services = [ "apigateway.googleapis.com", diff --git a/modules/apigee/recipe-apigee-swp/main.tf b/modules/apigee/recipe-apigee-swp/main.tf index c1f8d0bc4..962ba11e2 100644 --- a/modules/apigee/recipe-apigee-swp/main.tf +++ b/modules/apigee/recipe-apigee-swp/main.tf @@ -41,8 +41,8 @@ module "project" { source = "../../../modules/project" name = var.project_id project_reuse = { - use_data_source = var._testing == null - project_attributes = var._testing + use_data_source = var._testing == null + attributes = var._testing } services = [ "apigee.googleapis.com", diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md index 962ddabb0..610f6713b 100644 --- a/modules/compute-vm/README.md +++ b/modules/compute-vm/README.md @@ -776,7 +776,7 @@ module "project" { name = var.project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = var.project_id number = var.project_number services_enabled = ["compute.googleapis.com"] diff --git a/modules/gcs/README.md b/modules/gcs/README.md index e4e55beff..95df868de 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -40,7 +40,7 @@ module "project" { name = var.project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = var.project_id number = var.project_number services_enabled = ["storage.googleapis.com"] @@ -133,7 +133,7 @@ module "project" { name = var.project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = var.project_id number = var.project_number services_enabled = ["storage.googleapis.com"] diff --git a/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf b/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf index b223016ca..a224a3a3d 100644 --- a/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf +++ b/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf @@ -23,8 +23,8 @@ module "project" { source = "../../../modules/project" name = var.project_id project_reuse = { - use_data_source = var._testing == null - project_attributes = var._testing + use_data_source = var._testing == null + attributes = var._testing } services = [ "cloudbuild.googleapis.com", diff --git a/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/main.tf b/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/main.tf index 237eb606b..67a58e74e 100644 --- a/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/main.tf +++ b/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/main.tf @@ -26,7 +26,9 @@ module "vpc" { count = var.vpc_config.proxy_subnets_config == null ? 0 : 1 project_id = regex("projects/([^/]+)/", var.vpc_config.network)[0] name = regex("global/networks/([^/]+)$", var.vpc_config.network)[0] - vpc_create = false + vpc_reuse = { + use_data_source = true + } subnets_proxy_only = [ for k, v in var.vpc_config.proxy_subnets_config : { ip_cidr_range = v diff --git a/modules/net-lb-int/recipe-ilb-next-hop/main.tf b/modules/net-lb-int/recipe-ilb-next-hop/main.tf index efdc0f08b..7f50799a7 100644 --- a/modules/net-lb-int/recipe-ilb-next-hop/main.tf +++ b/modules/net-lb-int/recipe-ilb-next-hop/main.tf @@ -26,8 +26,8 @@ module "project" { source = "../../../modules/project" name = var.project_id project_reuse = { - use_data_source = var._testing == null - project_attributes = var._testing + use_data_source = var._testing == null + attributes = var._testing } services = [ "compute.googleapis.com", diff --git a/modules/net-vpc-factory/README.md b/modules/net-vpc-factory/README.md index a5a1ccf22..9e838f16b 100644 --- a/modules/net-vpc-factory/README.md +++ b/modules/net-vpc-factory/README.md @@ -816,7 +816,7 @@ vpc_config: | [prefix](variables.tf#L379) | Prefix used for projects. | string | ✓ | | | [factories_config](variables.tf#L22) | Configuration for network resource factories. | object({…}) | | {…} | | [network_project_config](variables.tf#L33) | Consolidated configuration for project, VPCs and their associated resources. | map(object({…})) | | null | -| [project_reuse](variables.tf#L384) | Reuse existing project if not null. If name and number are not passed in, a data source is used. | object({…}) | | null | +| [project_reuse](variables.tf#L384) | Reuse existing project if not null. If name and number are not passed in, a data source is used. | object({…}) | | null | ## Outputs diff --git a/modules/net-vpc-factory/factory-projects-object.tf b/modules/net-vpc-factory/factory-projects-object.tf index 15fa9d7d6..5621993b8 100644 --- a/modules/net-vpc-factory/factory-projects-object.tf +++ b/modules/net-vpc-factory/factory-projects-object.tf @@ -45,11 +45,11 @@ locals { parent = null prefix = null project_reuse = merge({ - use_data_source = true - project_attributes = null + use_data_source = true + attributes = null }, try(local._projects_config.data_defaults.project_reuse, { - use_data_source = true - project_attributes = null + use_data_source = true + attributes = null }) ) service_encryption_key_ids = {} @@ -220,8 +220,8 @@ locals { try(v.project_reuse, null) != null ? merge( { - use_data_source = true - project_attributes = null + use_data_source = true + attributes = null }, v.project_reuse ) diff --git a/modules/net-vpc-factory/schemas/network-project.schema.json b/modules/net-vpc-factory/schemas/network-project.schema.json index 37e9d02b8..cfd245f89 100644 --- a/modules/net-vpc-factory/schemas/network-project.schema.json +++ b/modules/net-vpc-factory/schemas/network-project.schema.json @@ -42,7 +42,7 @@ "use_data_source": { "type": "boolean" }, - "project_attributes": { + "attributes": { "type": "object", "required": [ "name", diff --git a/modules/net-vpc-factory/schemas/network-project.schema.md b/modules/net-vpc-factory/schemas/network-project.schema.md index cbc8e925b..54a554589 100644 --- a/modules/net-vpc-factory/schemas/network-project.schema.md +++ b/modules/net-vpc-factory/schemas/network-project.schema.md @@ -20,7 +20,7 @@ - **project_reuse**: *object*
*additional properties: false* - **use_data_source**: *boolean* - - **project_attributes**: *object* + - **attributes**: *object* - ⁺**name**: *string* - ⁺**number**: *number* - **services_enabled**: *array* diff --git a/modules/net-vpc-factory/variables.tf b/modules/net-vpc-factory/variables.tf index 37f8f0231..bdc679b45 100644 --- a/modules/net-vpc-factory/variables.tf +++ b/modules/net-vpc-factory/variables.tf @@ -385,7 +385,7 @@ variable "project_reuse" { description = "Reuse existing project if not null. If name and number are not passed in, a data source is used." type = object({ use_data_source = optional(bool, true) - project_attributes = optional(object({ + attributes = optional(object({ name = string number = number services_enabled = optional(list(string), []) @@ -395,8 +395,8 @@ variable "project_reuse" { validation { condition = ( try(var.project_reuse.use_data_source, null) != false || - try(var.project_reuse.project_attributes, null) != null + try(var.project_reuse.attributes, null) != null ) - error_message = "Reuse datasource can be disabled only if project attributes are set." + error_message = "Reuse datasource can be disabled only if attributes are set." } } diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 61ab2bd46..7d6083924 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -782,7 +782,7 @@ module "vpc" { | [subnets_private_nat](variables.tf#L305) | List of private NAT subnets. | list(object({…})) | | [] | | [subnets_proxy_only](variables.tf#L317) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] | | [subnets_psc](variables.tf#L351) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] | -| [vpc_create](variables.tf#L383) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true | +| [vpc_reuse](variables.tf#L383) | Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used. | object({…}) | | null | ## Outputs diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf index dd9a19295..c7c12ae77 100644 --- a/modules/net-vpc/main.tf +++ b/modules/net-vpc/main.tf @@ -16,25 +16,36 @@ locals { network = ( - var.vpc_create + var.vpc_reuse == null ? { - id = try(google_compute_network.network[0].id, null) - name = try(google_compute_network.network[0].name, null) - self_link = try(google_compute_network.network[0].self_link, null) - } - : { - id = format( - "projects/%s/global/networks/%s", - var.project_id, - var.name - ) - name = var.name - self_link = format( - "https://www.googleapis.com/compute/v1/projects/%s/global/networks/%s", - var.project_id, - var.name - ) + id = try(google_compute_network.network[0].id, null) + name = try(google_compute_network.network[0].name, null) + network_id = try(google_compute_network.network[0].network_id, null) + self_link = try(google_compute_network.network[0].self_link, null) } + : ( + try(var.vpc_reuse.use_data_source, null) == false + ? { + id = format( + "projects/%s/global/networks/%s", + var.project_id, + var.name + ) + name = var.name + network_id = try(var.vpc_reuse.attributes.network_id, null) + self_link = format( + "https://www.googleapis.com/compute/v1/projects/%s/global/networks/%s", + var.project_id, + var.name + ) + } + : { + id = try(data.google_compute_network.network[0].id, null) + name = try(data.google_compute_network.network[0].name, null) + network_id = try(data.google_compute_network.network[0].network_id, null) + self_link = try(data.google_compute_network.network[0].self_link, null) + } + ) ) peer_network = ( var.peering_config == null @@ -43,8 +54,14 @@ locals { ) } +data "google_compute_network" "network" { + count = try(var.vpc_reuse.use_data_source, null) == true ? 1 : 0 + name = var.name + project = var.project_id +} + resource "google_compute_network" "network" { - count = var.vpc_create ? 1 : 0 + count = var.vpc_reuse == null ? 1 : 0 project = var.project_id name = var.name description = var.description diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf index 4314b28ae..e8fd8812b 100644 --- a/modules/net-vpc/routes.tf +++ b/modules/net-vpc/routes.tf @@ -35,7 +35,7 @@ locals { tags = null } if( - var.vpc_create && + var.vpc_reuse == null && lookup(coalesce(var.create_googleapis_routes, {}), k, false) ) } diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf index ebbe9655c..f5dc16936 100644 --- a/modules/net-vpc/variables.tf +++ b/modules/net-vpc/variables.tf @@ -380,8 +380,20 @@ variable "subnets_psc" { nullable = false } -variable "vpc_create" { - description = "Create VPC. When set to false, uses a data source to reference existing VPC." - type = bool - default = true +variable "vpc_reuse" { + description = "Reuse existing VPC if not null. If the network_id number is not passed in, a data source is used." + type = object({ + use_data_source = optional(bool, true) + attributes = optional(object({ + network_id = number + })) + }) + default = null + validation { + condition = ( + try(var.vpc_reuse.use_data_source, null) != false || + try(var.vpc_reuse.attributes, null) != null + ) + error_message = "Reuse datasource can be disabled only if attributes are set." + } } diff --git a/modules/net-vpn-ha/recipe-vpn-aws-gcp/gcp.tf b/modules/net-vpn-ha/recipe-vpn-aws-gcp/gcp.tf index 11d602f50..1a837a248 100644 --- a/modules/net-vpn-ha/recipe-vpn-aws-gcp/gcp.tf +++ b/modules/net-vpn-ha/recipe-vpn-aws-gcp/gcp.tf @@ -18,8 +18,8 @@ module "project" { source = "../../../modules/project" name = var.project_id project_reuse = { - use_data_source = var._testing == null - project_attributes = var._testing + use_data_source = var._testing == null + attributes = var._testing } services = [ "compute.googleapis.com", @@ -102,4 +102,4 @@ module "gcp_vpn" { vpn_gateway_interface = 1 } } -} \ No newline at end of file +} diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md index 6faa885aa..f3e79a188 100644 --- a/modules/project-factory/README.md +++ b/modules/project-factory/README.md @@ -527,7 +527,7 @@ service_accounts: | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [factories_config](variables.tf#L140) | Path to folder with YAML resource description data files. | object({…}) | ✓ | | -| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | +| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | | [data_merges](variables.tf#L82) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} | | [data_overrides](variables.tf#L101) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} | | [factories_data](variables.tf#L168) | Alternate factory data input allowing to use this module as a library. Merged with local YAML data. | object({…}) | | {} | diff --git a/modules/project-factory/factory-projects-object.tf b/modules/project-factory/factory-projects-object.tf index 15fa9d7d6..5621993b8 100644 --- a/modules/project-factory/factory-projects-object.tf +++ b/modules/project-factory/factory-projects-object.tf @@ -45,11 +45,11 @@ locals { parent = null prefix = null project_reuse = merge({ - use_data_source = true - project_attributes = null + use_data_source = true + attributes = null }, try(local._projects_config.data_defaults.project_reuse, { - use_data_source = true - project_attributes = null + use_data_source = true + attributes = null }) ) service_encryption_key_ids = {} @@ -220,8 +220,8 @@ locals { try(v.project_reuse, null) != null ? merge( { - use_data_source = true - project_attributes = null + use_data_source = true + attributes = null }, v.project_reuse ) diff --git a/modules/project-factory/main.tf b/modules/project-factory/main.tf index f9e2e9ef7..505eed66a 100644 --- a/modules/project-factory/main.tf +++ b/modules/project-factory/main.tf @@ -129,7 +129,7 @@ module "projects-iam" { name = module.projects[each.key].project_id project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = module.projects[each.key].name number = module.projects[each.key].number services_enabled = module.projects[each.key].services diff --git a/modules/project-factory/schemas/project.schema.json b/modules/project-factory/schemas/project.schema.json index 15ab12e98..e0307996e 100644 --- a/modules/project-factory/schemas/project.schema.json +++ b/modules/project-factory/schemas/project.schema.json @@ -210,7 +210,7 @@ "use_data_source": { "type": "boolean" }, - "project_attributes": { + "attributes": { "type": "object", "required": [ "name", diff --git a/modules/project-factory/schemas/project.schema.md b/modules/project-factory/schemas/project.schema.md index 0be198251..2f7583511 100644 --- a/modules/project-factory/schemas/project.schema.md +++ b/modules/project-factory/schemas/project.schema.md @@ -73,7 +73,7 @@ - **project_reuse**: *object*
*additional properties: false* - **use_data_source**: *boolean* - - **project_attributes**: *object* + - **attributes**: *object* - ⁺**name**: *string* - ⁺**number**: *number* - **services_enabled**: *array* diff --git a/modules/project-factory/variables.tf b/modules/project-factory/variables.tf index cceabcfb9..dd54c24f2 100644 --- a/modules/project-factory/variables.tf +++ b/modules/project-factory/variables.tf @@ -32,7 +32,7 @@ variable "data_defaults" { prefix = optional(string) project_reuse = optional(object({ use_data_source = optional(bool, true) - project_attributes = optional(object({ + attributes = optional(object({ name = string number = number services_enabled = optional(list(string), []) diff --git a/modules/project/README.md b/modules/project/README.md index e734e5bb3..79a94c39e 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -1342,7 +1342,7 @@ module "project" { # avoid use of a data source when project attributes are available project_reuse = { use_data_source = false - project_attributes = { + attributes = { name = module.create-project.name number = module.create-project.number } @@ -1760,7 +1760,7 @@ alerts: | [org_policies](variables.tf#L123) | Organization policies applied to this project keyed by policy name. | map(object({…})) | | {} | | [parent](variables.tf#L151) | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | | [prefix](variables.tf#L161) | Optional prefix used to generate project id and name. | string | | null | -| [project_reuse](variables.tf#L171) | Reuse existing project if not null. If name and number are not passed in, a data source is used. | object({…}) | | null | +| [project_reuse](variables.tf#L171) | Reuse existing project if not null. If name and number are not passed in, a data source is used. | object({…}) | | null | | [quotas](variables-quotas.tf#L17) | Service quota configuration. | map(object({…})) | | {} | | [service_agents_config](variables.tf#L191) | Automatic service agent configuration options. | object({…}) | | {} | | [service_config](variables.tf#L201) | Configure service API activation. | object({…}) | | {…} | diff --git a/modules/project/main.tf b/modules/project/main.tf index 066a1febd..64e639f2b 100644 --- a/modules/project/main.tf +++ b/modules/project/main.tf @@ -38,8 +38,8 @@ locals { try(var.project_reuse.use_data_source, null) == false ? { project_id = local.project_id - number = try(var.project_reuse.project_attributes.number, null) - name = try(var.project_reuse.project_attributes.name, null) + number = try(var.project_reuse.attributes.number, null) + name = try(var.project_reuse.attributes.name, null) } : { project_id = local.project_id diff --git a/modules/project/service-agents.tf b/modules/project/service-agents.tf index 181b6c5c4..1e9febd03 100644 --- a/modules/project/service-agents.tf +++ b/modules/project/service-agents.tf @@ -18,7 +18,7 @@ locals { services = distinct(concat( - local.available_services, try(var.project_reuse.project_attributes.services_enabled, []) + local.available_services, try(var.project_reuse.attributes.services_enabled, []) )) _service_agents_data = yamldecode(file("${path.module}/service-agents.yaml")) # map of api => list of agents diff --git a/modules/project/variables.tf b/modules/project/variables.tf index 99b9d9a74..61b35984f 100644 --- a/modules/project/variables.tf +++ b/modules/project/variables.tf @@ -172,7 +172,7 @@ variable "project_reuse" { description = "Reuse existing project if not null. If name and number are not passed in, a data source is used." type = object({ use_data_source = optional(bool, true) - project_attributes = optional(object({ + attributes = optional(object({ name = string number = number services_enabled = optional(list(string), []) @@ -182,9 +182,9 @@ variable "project_reuse" { validation { condition = ( try(var.project_reuse.use_data_source, null) != false || - try(var.project_reuse.project_attributes, null) != null + try(var.project_reuse.attributes, null) != null ) - error_message = "Reuse datasource can be disabled only if project attributes are set." + error_message = "Reuse datasource can be disabled only if attributes are set." } }