diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index d0aec4e4a..c9b92cf1c 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -66,6 +66,22 @@ jobs:
- name: TFLint Modules
run: cd modules && tflint --recursive -f compact
+ - name: TFLint FAST
+ run: |
+ # TODO: try to generalize this
+ tflint --chdir fast/stages/0-bootstrap --var-file ../../../tests/fast/stages/s0_bootstrap/simple.tfvars
+ tflint --chdir fast/stages/1-resman --var-file ../../../tests/fast/stages/s1_resman/simple.tfvars
+ tflint --chdir fast/stages/2-networking-a-peering --var-file ../../../tests/fast/stages/s2_networking_a_peering/common.tfvars
+ tflint --chdir fast/stages/2-networking-b-vpn --var-file ../../../tests/fast/stages/s2_networking_b_vpn/common.tfvars
+ tflint --chdir fast/stages/2-networking-c-nva --var-file ../../../tests/fast/stages/s2_networking_c_nva/common.tfvars
+ tflint --chdir fast/stages/2-networking-d-separate-envs --var-file ../../../tests/fast/stages/s2_networking_d_separate_envs/common.tfvars
+ tflint --chdir fast/stages/2-security --var-file ../../../tests/fast/stages/s2_security/common.tfvars
+ tflint --chdir fast/stages/3-data-platform/dev --var-file ../../../../tests/fast/stages/s3_data_platform/common.tfvars
+ tflint --chdir fast/stages/3-gcve/prod/ --var-file ../../../../tests/fast/stages/s3_gcve_minimal/simple.tfvars
+ tflint --chdir fast/stages/3-data-platform/dev --var-file ../../../../tests/fast/stages/s3_data_platform/common.tfvars
+ tflint --chdir fast/stages/3-gke-multitenant/dev --var-file ../../../../tests/fast/stages/s3_gke_multitenant/common.tfvars
+ tflint --chdir fast/stages/3-project-factory/dev --var-file ../../../../tests/fast/stages/s3_project_factory/common.tfvars
+
- name: Check documentation
id: documentation-fabric
run: |
diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md
index ee1990644..5e466e4d1 100644
--- a/fast/stages/2-networking-c-nva/README.md
+++ b/fast/stages/2-networking-c-nva/README.md
@@ -459,8 +459,8 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap |
| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
| [folder_ids](variables.tf#L126) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman |
-| [organization](variables.tf#L159) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
-| [prefix](variables.tf#L175) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap |
+| [organization](variables.tf#L151) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
+| [prefix](variables.tf#L167) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | |
| [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap |
| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | |
@@ -469,13 +469,12 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [factories_config](variables.tf#L95) | Configuration for network resource factories. | object({…}) | | {…} | |
| [fast_features](variables.tf#L116) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap |
| [gcp_ranges](variables.tf#L136) | GCP address ranges in name => range format. | map(string) | | {…} | |
-| [onprem_cidr](variables.tf#L151) | Onprem addresses in name => range format. | map(string) | | {…} | |
-| [outputs_location](variables.tf#L169) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [psa_ranges](variables.tf#L186) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
-| [regions](variables.tf#L206) | Region definitions. | object({…}) | | {…} | |
-| [service_accounts](variables.tf#L218) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman |
-| [vpn_onprem_primary_config](variables.tf#L232) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
-| [vpn_onprem_secondary_config](variables.tf#L275) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
+| [outputs_location](variables.tf#L161) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [psa_ranges](variables.tf#L178) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
+| [regions](variables.tf#L198) | Region definitions. | object({…}) | | {…} | |
+| [service_accounts](variables.tf#L210) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman |
+| [vpn_onprem_primary_config](variables.tf#L224) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
+| [vpn_onprem_secondary_config](variables.tf#L267) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
## Outputs
diff --git a/fast/stages/2-networking-c-nva/variables.tf b/fast/stages/2-networking-c-nva/variables.tf
index c600271cd..72fcdb6d4 100644
--- a/fast/stages/2-networking-c-nva/variables.tf
+++ b/fast/stages/2-networking-c-nva/variables.tf
@@ -148,14 +148,6 @@ variable "gcp_ranges" {
}
}
-variable "onprem_cidr" {
- description = "Onprem addresses in name => range format."
- type = map(string)
- default = {
- main = "10.0.0.0/24"
- }
-}
-
variable "organization" {
# tfdoc:variable:source 0-bootstrap
description = "Organization details."
diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md
index 4e2d7d258..72f994c41 100644
--- a/fast/stages/2-networking-e-nva-bgp/README.md
+++ b/fast/stages/2-networking-e-nva-bgp/README.md
@@ -485,8 +485,8 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap |
| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
| [folder_ids](variables.tf#L126) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman |
-| [organization](variables.tf#L170) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
-| [prefix](variables.tf#L186) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap |
+| [organization](variables.tf#L162) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
+| [prefix](variables.tf#L178) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | |
| [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap |
| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | |
@@ -496,14 +496,13 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [fast_features](variables.tf#L116) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap |
| [gcp_ranges](variables.tf#L136) | GCP address ranges in name => range format. | map(string) | | {…} | |
| [ncc_asn](variables.tf#L151) | The NCC Cloud Routers ASN configuration. | map(number) | | {…} | |
-| [onprem_cidr](variables.tf#L162) | Onprem addresses in name => range format. | map(string) | | {…} | |
-| [outputs_location](variables.tf#L180) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [psa_ranges](variables.tf#L197) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
-| [regions](variables.tf#L217) | Region definitions. | object({…}) | | {…} | |
-| [service_accounts](variables.tf#L229) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman |
-| [vpn_onprem_primary_config](variables.tf#L243) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
-| [vpn_onprem_secondary_config](variables.tf#L286) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
-| [zones](variables.tf#L329) | Zones in which NVAs are deployed. | list(string) | | ["b", "c"] | |
+| [outputs_location](variables.tf#L172) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [psa_ranges](variables.tf#L189) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
+| [regions](variables.tf#L209) | Region definitions. | object({…}) | | {…} | |
+| [service_accounts](variables.tf#L221) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman |
+| [vpn_onprem_primary_config](variables.tf#L235) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
+| [vpn_onprem_secondary_config](variables.tf#L278) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
+| [zones](variables.tf#L321) | Zones in which NVAs are deployed. | list(string) | | ["b", "c"] | |
## Outputs
diff --git a/fast/stages/2-networking-e-nva-bgp/ncc.tf b/fast/stages/2-networking-e-nva-bgp/ncc.tf
index 0d1f1f516..dfcceda0d 100644
--- a/fast/stages/2-networking-e-nva-bgp/ncc.tf
+++ b/fast/stages/2-networking-e-nva-bgp/ncc.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2023 Google LLC
+ * Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -64,12 +64,12 @@ module "spokes-landing" {
custom_advertise = {
all_subnets = false
ip_ranges = {
- "${var.gcp_ranges.gcp_landing_primary}" = "GCP landing primary."
- "${var.gcp_ranges.gcp_landing_secondary}" = "GCP landing secondary."
- "${var.gcp_ranges.gcp_dev_primary}" = "GCP dev primary.",
- "${var.gcp_ranges.gcp_dev_secondary}" = "GCP dev secondary.",
- "${var.gcp_ranges.gcp_prod_primary}" = "GCP prod primary.",
- "${var.gcp_ranges.gcp_prod_secondary}" = "GCP prod secondary.",
+ (var.gcp_ranges.gcp_landing_primary) = "GCP landing primary."
+ (var.gcp_ranges.gcp_landing_secondary) = "GCP landing secondary."
+ (var.gcp_ranges.gcp_dev_primary) = "GCP dev primary.",
+ (var.gcp_ranges.gcp_dev_secondary) = "GCP dev secondary.",
+ (var.gcp_ranges.gcp_prod_primary) = "GCP prod primary.",
+ (var.gcp_ranges.gcp_prod_secondary) = "GCP prod secondary.",
}
}
}
diff --git a/fast/stages/2-networking-e-nva-bgp/variables.tf b/fast/stages/2-networking-e-nva-bgp/variables.tf
index 6377f6405..415f02e4c 100644
--- a/fast/stages/2-networking-e-nva-bgp/variables.tf
+++ b/fast/stages/2-networking-e-nva-bgp/variables.tf
@@ -159,14 +159,6 @@ variable "ncc_asn" {
}
}
-variable "onprem_cidr" {
- description = "Onprem addresses in name => range format."
- type = map(string)
- default = {
- main = "10.0.0.0/24"
- }
-}
-
variable "organization" {
# tfdoc:variable:source 0-bootstrap
description = "Organization details."