diff --git a/adrs/fast/README.md b/adrs/fast/README.md
index d6c722c23..1d687e9ab 100644
--- a/adrs/fast/README.md
+++ b/adrs/fast/README.md
@@ -1,3 +1,3 @@
# FAST architectural documents
-This folder contains assorted bits of documentation used to log current architectural choices, or past decisions. Format is inspired by [Michael Nygard's decision record template](https://github.com/joelparkerhenderson/architecture-decision-record/blob/main/templates/decision-record-template-by-michael-nygard/index.md).
+This folder contains assorted bits of documentation used to log current architectural choices, or past decisions. Format is inspired by [Michael Nygard's decision record template](https://github.com/joelparkerhenderson/architecture-decision-record/blob/main/locales/en/templates/decision-record-template-by-michael-nygard/index.md).
diff --git a/adrs/modules/README.md b/adrs/modules/README.md
index da5c91819..dcbb07457 100644
--- a/adrs/modules/README.md
+++ b/adrs/modules/README.md
@@ -1,3 +1,3 @@
# Fabric modules architectural documents
-This folder contains assorted bits of documentation used to log current architectural choices, or past decisions. Format is inspired by [Michael Nygard's decision record template](https://github.com/joelparkerhenderson/architecture-decision-record/blob/main/templates/decision-record-template-by-michael-nygard/index.md).
+This folder contains assorted bits of documentation used to log current architectural choices, or past decisions. Format is inspired by [Michael Nygard's decision record template](https://github.com/joelparkerhenderson/architecture-decision-record/blob/main/locales/en/templates/decision-record-template-by-michael-nygard/index.md).
diff --git a/fast/project-templates/devops-azure-wif/README.md b/fast/project-templates/devops-azure-wif/README.md
index eaecb49f9..f5ab45ec3 100644
--- a/fast/project-templates/devops-azure-wif/README.md
+++ b/fast/project-templates/devops-azure-wif/README.md
@@ -209,7 +209,7 @@ Three sample pipelines are provided as examples:
- `pr-pipeline.yaml`: a "PR pipeline" that runs Terraform init, validate, and plan on pull requests. It posts the plan output as a comment to the PR and updates the PR status.
- `merge-pipeline.yaml`: a "merge pipeline" that runs Terraform init, validate, and apply on merges to the main branch.
-Each of the above pipelines needs to be edited to match your project id and resource names. Once that has been done, the code can be copy/pasted on a new pipeline in Azure Devops. On first run, you might be asked to grant permissions to the pipeline on the service connection. Refer to the Azure Devops [Pipelines Schema Reference](https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema/view=azure-pipelines) can be used for further customizations.
+Each of the above pipelines needs to be edited to match your project id and resource names. Once that has been done, the code can be copy/pasted on a new pipeline in Azure Devops. On first run, you might be asked to grant permissions to the pipeline on the service connection. Refer to the Azure Devops [Pipelines Schema Reference](https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema/?view=azure-pipelines) can be used for further customizations.
### Branch Policies and Permissions
diff --git a/fast/project-templates/managed-kafka/README.md b/fast/project-templates/managed-kafka/README.md
index dec061fbc..57588511b 100644
--- a/fast/project-templates/managed-kafka/README.md
+++ b/fast/project-templates/managed-kafka/README.md
@@ -1,6 +1,6 @@
# Managed Kafka Cluster with Topics
-This setup allows creating and configuring a managed Kafka cluster using [Google Cloud Managed Service for Apache Kafka](https://cloud.google.com/managed-service-for-apache-kafka), with configurable topics, networking, and labels. It is designed to be FAST-compliant and integrates seamlessly with existing Google Cloud infrastructure.
+This setup allows creating and configuring a managed Kafka cluster using [Google Cloud Managed Service for Apache Kafka](https://cloud.google.com/products/managed-service-for-apache-kafka), with configurable topics, networking, and labels. It is designed to be FAST-compliant and integrates seamlessly with existing Google Cloud infrastructure.
## Prerequisites
diff --git a/fast/stages/0-org-setup/schemas/folder.schema.md b/fast/stages/0-org-setup/schemas/folder.schema.md
index d71e11920..846d18c6b 100644
--- a/fast/stages/0-org-setup/schemas/folder.schema.md
+++ b/fast/stages/0-org-setup/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -237,7 +259,7 @@
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
- *additional properties: String*
+
*additional properties: string*
- **partner**: *string*
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
diff --git a/fast/stages/0-org-setup/schemas/organization.schema.md b/fast/stages/0-org-setup/schemas/organization.schema.md
index 093a4021e..b0c6ed0bf 100644
--- a/fast/stages/0-org-setup/schemas/organization.schema.md
+++ b/fast/stages/0-org-setup/schemas/organization.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **id**: *string*
- **contacts**: *object*
*additional properties: false*
diff --git a/fast/stages/0-org-setup/schemas/project.schema.json b/fast/stages/0-org-setup/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/0-org-setup/schemas/project.schema.json
+++ b/fast/stages/0-org-setup/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/0-org-setup/schemas/project.schema.md b/fast/stages/0-org-setup/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/0-org-setup/schemas/project.schema.md
+++ b/fast/stages/0-org-setup/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/2-networking/README.md b/fast/stages/2-networking/README.md
index a08a03178..88820d6eb 100644
--- a/fast/stages/2-networking/README.md
+++ b/fast/stages/2-networking/README.md
@@ -302,7 +302,7 @@ Internally created resources are mapped to context namespaces, and use specific
| [factory-peering.tf](./factory-peering.tf) | VPC Peering factory. | | google_compute_network_peering |
| [factory-projects.tf](./factory-projects.tf) | Projects factory. | project-factory | |
| [factory-routers.tf](./factory-routers.tf) | Routers factory. | | google_compute_router |
-| [factory-vpcs.tf](./factory-vpcs.tf) | VPC and firewall rules factory. | net-vpc · net-vpc-firewall | |
+| [factory-vpcs.tf](./factory-vpcs.tf) | VPC and firewall rules factory. | net-vpc · net-vpc-factory | |
| [factory-vpns.tf](./factory-vpns.tf) | VPNs factory. | net-vpn-ha | google_compute_ha_vpn_gateway |
| [main.tf](./main.tf) | Module-level locals and resources. | | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
diff --git a/fast/stages/2-networking/factory-cloudnat.tf b/fast/stages/2-networking/factory-cloudnat.tf
index a891bf830..b9c03efbb 100644
--- a/fast/stages/2-networking/factory-cloudnat.tf
+++ b/fast/stages/2-networking/factory-cloudnat.tf
@@ -31,7 +31,7 @@ locals {
logging_filter = try(nat_config.logging_filter, null)
router_asn = try(nat_config.router_asn, null)
router_create = try(nat_config.router_create, true)
- router_network = module.vpcs[vpc_key].self_link
+ router_network = module.vpc-factory.vpcs[vpc_key].id
rules = try(nat_config.rules, [])
type = try(nat_config.type, "PUBLIC")
})
diff --git a/fast/stages/2-networking/factory-dns.tf b/fast/stages/2-networking/factory-dns.tf
index d51c99936..754dcc29f 100644
--- a/fast/stages/2-networking/factory-dns.tf
+++ b/fast/stages/2-networking/factory-dns.tf
@@ -116,7 +116,7 @@ module "dns-zones" {
project_ids = local.ctx_projects.project_ids
networks = local.ctx_vpcs.self_links
}
- depends_on = [module.vpcs]
+ depends_on = [module.vpc-factory]
}
module "dns-response-policies" {
@@ -130,5 +130,5 @@ module "dns-response-policies" {
project_ids = local.ctx_projects.project_ids
networks = local.ctx_vpcs.self_links
}
- depends_on = [module.vpcs]
+ depends_on = [module.vpc-factory]
}
diff --git a/fast/stages/2-networking/factory-vpcs.tf b/fast/stages/2-networking/factory-vpcs.tf
index 9ae6e83b2..b51481fc0 100644
--- a/fast/stages/2-networking/factory-vpcs.tf
+++ b/fast/stages/2-networking/factory-vpcs.tf
@@ -36,17 +36,6 @@ locals {
_vpcs = {
for v in local._vpcs_preprocess : v.factory_dirname => v
}
- ctx_vpcs = {
- ids = { for k, v in module.vpcs : k => v.id }
- names = { for k, v in module.vpcs : k => v.name }
- self_links = { for k, v in module.vpcs : k => v.self_link }
- subnets_by_vpc = merge([
- for vpc_key, vpc in module.vpcs : {
- for subnet_key, subnet_self_link in vpc.subnet_self_links :
- "${vpc_key}/${subnet_key}" => subnet_self_link
- }
- ]...)
- }
vpcs = {
for k, v in local._vpcs : k => merge(
local.vpc_defaults, v,
@@ -79,47 +68,53 @@ locals {
}
)
}
+ ctx_vpcs = {
+ ids = { for k, v in module.vpc-factory.vpcs : k => v.id }
+ names = { for k, v in module.vpc-factory.vpcs : k => v.name }
+ self_links = { for k, v in module.vpc-factory.vpcs : k => v.self_link }
+ subnets_by_vpc = merge([
+ for vpc_key, vpc in module.vpc-factory.vpcs : {
+ for subnet_key, subnet_self_link in vpc.subnet_self_links :
+ "${vpc_key}/${subnet_key}" => subnet_self_link
+ }
+ ]...)
+ }
}
-module "vpcs" {
- source = "../../../modules/net-vpc"
- for_each = local.vpcs
- project_id = each.value.project_id
- name = each.value.name
- auto_create_subnetworks = each.value.auto_create_subnetworks
- create_googleapis_routes = each.value.create_googleapis_routes
- delete_default_routes_on_create = each.value.delete_default_routes_on_create
- description = each.value.description
- dns_policy = each.value.dns_policy
- factories_config = each.value.subnets_factory_config
- firewall_policy_enforcement_order = each.value.firewall_policy_enforcement_order
- ipv6_config = each.value.ipv6_config
- mtu = each.value.mtu
- network_attachments = each.value.network_attachments
- policy_based_routes = each.value.policy_based_routes
- psa_configs = each.value.psa_configs
- routing_mode = each.value.routing_mode
- subnets = each.value.subnets
- subnets_private_nat = each.value.subnets_private_nat
- subnets_proxy_only = each.value.subnets_proxy_only
- subnets_psc = each.value.subnets_psc
+moved {
+ from = module.vpcs
+ to = module.vpc-factory.module.vpcs
+}
+
+moved {
+ from = module.firewall
+ to = module.vpc-factory.module.firewall
+}
+
+module "vpc-factory" {
+ source = "../../../modules/net-vpc-factory"
+ factories_config = var.factories_config
context = {
project_ids = local.ctx_projects.project_ids
locations = local.ctx.locations
}
- depends_on = [module.projects]
}
-module "vpc_routes" {
+moved {
+ from = module.vpc_routes
+ to = module.vpc-routes
+}
+
+module "vpc-routes" {
source = "../../../modules/net-vpc"
for_each = local.vpcs
vpc_reuse = {
use_data_source = false
- attributes = { network_id = module.vpcs[each.key].network_id }
+ attributes = { network_id = module.vpc-factory.vpcs[each.key].network_id }
}
project_id = each.value.project_id
name = each.value.name
- routes = each.value.routes
+ routes = try(each.value.routes, {})
context = {
project_ids = local.ctx_projects.project_ids
locations = local.ctx.locations
@@ -127,21 +122,6 @@ module "vpc_routes" {
}
depends_on = [
module.projects,
- module.vpcs
+ module.vpc-factory
]
}
-
-module "firewall" {
- source = "../../../modules/net-vpc-firewall"
- for_each = {
- for k, v in local.vpcs : k => v if v.firewall_factory_config != null
- }
- project_id = each.value.project_id
- network = each.value.name
- factories_config = each.value.firewall_factory_config
- default_rules_config = { disabled = true }
- context = {
- project_ids = local.ctx_projects.project_ids
- }
- depends_on = [module.vpcs]
-}
diff --git a/fast/stages/2-networking/factory-vpns.tf b/fast/stages/2-networking/factory-vpns.tf
index 357938de0..1d5702216 100644
--- a/fast/stages/2-networking/factory-vpns.tf
+++ b/fast/stages/2-networking/factory-vpns.tf
@@ -61,7 +61,7 @@ resource "google_compute_ha_vpn_gateway" "default" {
)
name = replace(each.key, "/", "-")
stack_type = try(each.value.stack_type, null)
- depends_on = [module.vpcs]
+ depends_on = [module.vpc-factory]
}
module "vpn-ha" {
diff --git a/fast/stages/2-networking/outputs.tf b/fast/stages/2-networking/outputs.tf
index 5a8ccf2e2..28026f382 100644
--- a/fast/stages/2-networking/outputs.tf
+++ b/fast/stages/2-networking/outputs.tf
@@ -19,20 +19,20 @@ locals {
host_project_ids = module.projects.project_ids
host_project_numbers = module.projects.project_numbers
subnet_self_links = {
- for vpc_key, vpc in module.vpcs : vpc_key => vpc.subnet_ids
+ for vpc_key, vpc in module.vpc-factory.vpcs : vpc_key => vpc.subnet_ids
}
subnet_proxy_only_self_links = {
- for vpc_key, vpc in module.vpcs : vpc_key => {
+ for vpc_key, vpc in module.vpc-factory.vpcs : vpc_key => {
for subnet_key, subnet in vpc.subnets_proxy_only : subnet_key => subnet.id
}
}
subnet_psc_self_links = {
- for vpc_key, vpc in module.vpcs : vpc_key => {
+ for vpc_key, vpc in module.vpc-factory.vpcs : vpc_key => {
for subnet_key, subnet in vpc.subnets_psc : subnet_key => subnet.id
}
}
vpc_self_links = {
- for vpc_key, vpc in module.vpcs : vpc_key => vpc.id
+ for vpc_key, vpc in module.vpc-factory.vpcs : vpc_key => vpc.id
}
}
}
diff --git a/fast/stages/2-networking/schemas/folder.schema.md b/fast/stages/2-networking/schemas/folder.schema.md
index 52c48b342..846d18c6b 100644
--- a/fast/stages/2-networking/schemas/folder.schema.md
+++ b/fast/stages/2-networking/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -90,6 +112,7 @@
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
+- **assured_workload_config**: *reference([assured_workload_config](#refs-assured_workload_config))*
- **parent**: *string*
*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
@@ -227,3 +250,21 @@
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*
+- **assured_workload_config**: *object*
+
*additional properties: false*
+ - ⁺**compliance_regime**: *string*
+
*enum: ['ASSURED_WORKLOADS_FOR_PARTNERS', 'AU_REGIONS_AND_US_SUPPORT', 'CA_PROTECTED_B', 'CA_REGIONS_AND_SUPPORT', 'CJIS', 'COMPLIANCE_REGIME_UNSPECIFIED', 'EU_REGIONS_AND_SUPPORT', 'FEDRAMP_HIGH', 'FEDRAMP_MODERATE', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS', 'HIPAA', 'HITRUST', 'IL2', 'IL4', 'IL5', 'IRS_1075', 'ISR_REGIONS_AND_SUPPORT', 'ISR_REGIONS', 'ITAR', 'JP_REGIONS_AND_SUPPORT', 'KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS', 'REGIONAL_CONTROLS', 'US_REGIONAL_ACCESS']*
+ - ⁺**display_name**: *string*
+ - ⁺**location**: *string*
+ - ⁺**organization**: *string*
+ - **enable_sovereign_controls**: *boolean*
+ - **labels**: *object*
+
*additional properties: string*
+ - **partner**: *string*
+
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
+ - **partner_permissions**: *object*
+
*additional properties: false*
+ - **assured_workloads_monitoring**: *boolean*
+ - **data_logs_viewer**: *boolean*
+ - **service_access_approver**: *boolean*
+ - **violation_notifications_enabled**: *boolean*
diff --git a/fast/stages/2-networking/schemas/project.schema.json b/fast/stages/2-networking/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/2-networking/schemas/project.schema.json
+++ b/fast/stages/2-networking/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/2-networking/schemas/project.schema.md b/fast/stages/2-networking/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/2-networking/schemas/project.schema.md
+++ b/fast/stages/2-networking/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/2-project-factory/schemas/folder.schema.md b/fast/stages/2-project-factory/schemas/folder.schema.md
index d71e11920..846d18c6b 100644
--- a/fast/stages/2-project-factory/schemas/folder.schema.md
+++ b/fast/stages/2-project-factory/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -237,7 +259,7 @@
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
- *additional properties: String*
+
*additional properties: string*
- **partner**: *string*
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
diff --git a/fast/stages/2-project-factory/schemas/project.schema.json b/fast/stages/2-project-factory/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/2-project-factory/schemas/project.schema.json
+++ b/fast/stages/2-project-factory/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/2-project-factory/schemas/project.schema.md b/fast/stages/2-project-factory/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/2-project-factory/schemas/project.schema.md
+++ b/fast/stages/2-project-factory/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/2-security/schemas/folder.schema.md b/fast/stages/2-security/schemas/folder.schema.md
index 52c48b342..846d18c6b 100644
--- a/fast/stages/2-security/schemas/folder.schema.md
+++ b/fast/stages/2-security/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -90,6 +112,7 @@
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
+- **assured_workload_config**: *reference([assured_workload_config](#refs-assured_workload_config))*
- **parent**: *string*
*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
@@ -227,3 +250,21 @@
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*
+- **assured_workload_config**: *object*
+
*additional properties: false*
+ - ⁺**compliance_regime**: *string*
+
*enum: ['ASSURED_WORKLOADS_FOR_PARTNERS', 'AU_REGIONS_AND_US_SUPPORT', 'CA_PROTECTED_B', 'CA_REGIONS_AND_SUPPORT', 'CJIS', 'COMPLIANCE_REGIME_UNSPECIFIED', 'EU_REGIONS_AND_SUPPORT', 'FEDRAMP_HIGH', 'FEDRAMP_MODERATE', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS', 'HIPAA', 'HITRUST', 'IL2', 'IL4', 'IL5', 'IRS_1075', 'ISR_REGIONS_AND_SUPPORT', 'ISR_REGIONS', 'ITAR', 'JP_REGIONS_AND_SUPPORT', 'KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS', 'REGIONAL_CONTROLS', 'US_REGIONAL_ACCESS']*
+ - ⁺**display_name**: *string*
+ - ⁺**location**: *string*
+ - ⁺**organization**: *string*
+ - **enable_sovereign_controls**: *boolean*
+ - **labels**: *object*
+
*additional properties: string*
+ - **partner**: *string*
+
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
+ - **partner_permissions**: *object*
+
*additional properties: false*
+ - **assured_workloads_monitoring**: *boolean*
+ - **data_logs_viewer**: *boolean*
+ - **service_access_approver**: *boolean*
+ - **violation_notifications_enabled**: *boolean*
diff --git a/fast/stages/2-security/schemas/project.schema.json b/fast/stages/2-security/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/2-security/schemas/project.schema.json
+++ b/fast/stages/2-security/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/2-security/schemas/project.schema.md b/fast/stages/2-security/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/2-security/schemas/project.schema.md
+++ b/fast/stages/2-security/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/3-gke-dev/README.md b/fast/stages/3-gke-dev/README.md
index cf8a63421..1a523822b 100644
--- a/fast/stages/3-gke-dev/README.md
+++ b/fast/stages/3-gke-dev/README.md
@@ -30,7 +30,7 @@ Some high level choices applied here:
- Logging and monitoring uses Cloud Operations for system components and user workloads.
- [GKE metering](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-usage-metering) is enabled by default and stored in a BigQuery dataset created within the project.
- [GKE Fleet](https://cloud.google.com/kubernetes-engine/docs/fleets-overview) can be optionally with support for the following features:
- - [Fleet workload identity](https://cloud.google.com/anthos/fleet-management/docs/use-workload-identity)
+ - [Fleet workload identity](https://docs.cloud.google.com/kubernetes-engine/fleet-management/docs/use-workload-identity)
- [Config Management](https://cloud.google.com/anthos-config-management/docs/overview)
- [Service Mesh](https://cloud.google.com/service-mesh/docs/overview)
- [Identity Service](https://cloud.google.com/anthos/identity/setup/fleet)
@@ -158,7 +158,7 @@ If clusters share similar configurations, those can be centralized via `locals`
Fleet management is entirely optional, and uses two separate variables:
-- `fleet_config`: specifies the [GKE fleet](https://cloud.google.com/anthos/fleet-management/docs/fleet-concepts#fleet-enabled-components) features to activate
+- `fleet_config`: specifies the [GKE fleet](https://docs.cloud.google.com/kubernetes-engine/fleet-management/docs/fleet-concepts#fleet-enabled-components) features to activate
- `fleet_configmanagement_templates`: defines configuration templates for specific sets of features ([Config Management](https://cloud.google.com/anthos-config-management/docs/how-to/install-anthos-config-management) currently)
Clusters can then be configured for fleet registration and one of the config management templates attached via the cluster-level `fleet_config` attribute.
diff --git a/modules/folder/README.md b/modules/folder/README.md
index c917a982d..56e1a555a 100644
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@@ -130,7 +130,7 @@ module "folder" {
## Privileged Access Manager (PAM) Entitlements
-[Privileged Access Manager](https://cloud.google.com/iam/docs/privileged-access-manager-overview) entitlements can be defined via the `pam_entitlements` variable.
+[Privileged Access Manager](https://docs.cloud.google.com/iam/docs/pam-overview) entitlements can be defined via the `pam_entitlements` variable.
Note that using PAM entitlements requires specific roles to be granted to the users and groups that will be using them. For more information, see the [official documentation](https://cloud.google.com/iam/docs/pam-permissions-and-setup#before-you-begin).
diff --git a/modules/folder/schemas/scc-mute-config.schema.md b/modules/folder/schemas/scc-mute-config.schema.md
index 3d542a312..d103af2d6 100644
--- a/modules/folder/schemas/scc-mute-config.schema.md
+++ b/modules/folder/schemas/scc-mute-config.schema.md
@@ -8,7 +8,7 @@
- **description**: *string*
- ⁺**filter**: *string*
- **type**: *string*
- - enum: `DYNAMIC`, `STATIC`
+
*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
## Definitions
diff --git a/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/README.md b/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/README.md
index 1bdd5a9a6..e6cbb3489 100644
--- a/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/README.md
+++ b/modules/net-lb-app-int-cross-region/recipe-cross-reg-int-app-lb-vm-dns/README.md
@@ -3,7 +3,7 @@
This recipe shows an actual usage scenario for the [cross-region internal application load balancer](../README.md) by implementing the [example provided in the GCP documentation](https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-cross-reg-internal).
- 
+ 
diff --git a/modules/net-vpc-factory/README.md b/modules/net-vpc-factory/README.md
new file mode 100644
index 000000000..59918598b
--- /dev/null
+++ b/modules/net-vpc-factory/README.md
@@ -0,0 +1,197 @@
+# Net VPC Factory
+
+This module implements the creation of VPCs, subnets, and firewall rules via YAML configurations. It is designed to be embedded in other factories such as the [FAST networking stage](../../fast/stages/2-networking).
+
+It supports:
+
+- **VPCs** and **Subnets** leveraging the [net-vpc](../net-vpc/) module.
+- **Firewall rules** leveraging the [net-vpc-firewall](../net-vpc-firewall/) module.
+- **Context-based interpolation** for referring to resources dynamically (e.g., project IDs, IAM principals, Locations).
+
+The factory is implemented as a thin data translation layer over the underlying modules, ensuring transparency and ease of debugging.
+
+The factory is implemented as a thin data translation layer over the underlying modules, so that no "magic" or hidden side effects are implemented in code, and debugging or integration of new features are simple.
+
+The code is meant to be executed by a principal with permissions over the network infrastructure across the projects where VPCs are defined:
+
+- **Network Admin** (`roles/compute.networkAdmin`): to manage VPCs, subnets, routes, and firewall rules.
+- **DNS Admin** (`roles/dns.admin`): to manage DNS policies.
+- **Security Admin** (`roles/compute.securityAdmin`): to manage firewall policies.
+
+## Contents
+
+
+- [VPC Factory](#vpc-factory)
+ - [Defaults](#defaults)
+ - [Subnets](#subnets)
+ - [Firewall rules](#firewall-rules)
+- [Context-based interpolation](#context-based-interpolation)
+ - [Project context ids](#project-context-ids)
+ - [Other context ids](#other-context-ids)
+- [Example](#example)
+- [Variables](#variables)
+- [Outputs](#outputs)
+
+
+## VPC Factory
+
+The VPC factory is configured via the `factories_config.vpcs` variable, which sets the path containing the YAML definitions for VPCs, where each VPC and their dependent resources are defined in a dedicated directory.
+
+Each VPC directory contains a `.config.yaml` file. The structure of the YAML file mirrors the variables of the [`net-vpc`](../net-vpc/) module.
+
+```yaml
+project_id: $project_ids:my-project # Or use the project id directly
+description: "My VPC"
+routing_mode: GLOBAL
+subnets:
+ - name: subnet-a
+ region: europe-west1
+ ip_cidr_range: 10.0.0.0/24
+```
+
+### Defaults
+
+In addition to the YAML-based VPC configurations, the factory accepts three additional sets of inputs via Terraform variables to control defaults:
+
+- `data_defaults`: defaults for specific VPC attributes, used if not present in YAML.
+- `data_overrides`: overrides that take precedence over YAML values.
+- `factories_config.defaults`: path to a YAML file containing global context and VPC defaults.
+
+```hcl
+module "net-vpc-factory" {
+ source = "./modules/net-vpc-factory"
+ data_defaults = {
+ routing_mode = "REGIONAL"
+ }
+ factories_config = {
+ vpcs = "data/vpcs"
+ }
+}
+```
+
+### Subnets
+
+Subnets can be defined inline in the VPC `.config.yaml` file (as shown above) or in separate files within a `subnets` subdirectory in the VPC's folder. The factory automatically scans the `subnets` folder if it exists.
+
+```text
+data/vpcs/
+└── my-vpc/
+ ├── .config.yaml
+ └── subnets/
+ ├── subnet-a.yaml
+ └── subnet-b.yaml
+```
+
+This allows splitting complex subnet configurations (like those with massive secondary ranges or specialized IAM bindings) into manageable files.
+
+### Firewall rules
+
+Firewall rules are managed via a `firewall-rules` subdirectory in the VPC's folder. The factory uses the [`net-vpc-firewall`](../net-vpc-firewall/) module to provision these rules - the YAML format for firewall rules follows the structure expected by the module itself.
+
+```text
+data/vpcs/
+└── my-vpc/
+ ├── .config.yaml
+ └── firewall-rules/
+ ├── allow-ssh.yaml
+ └── allow-internal.yaml
+```
+
+## Context-based interpolation
+
+Interpolation allows referring to resources which are external or created at runtime via short aliases. This is particularly useful for Project IDs, which might be generated by the Project Factory.
+
+Contexts are passed via the `context` variable or the `factories_config.defaults` file.
+
+### Project context ids
+
+Project IDs use the `$project_ids:` namespace. This allows decoupling the VPC definition from the actual Project ID string.
+
+```yaml
+# data/vpcs/vpc-0/.config.yaml
+project_id: $project_ids:data-project
+name: vpc-0
+```
+
+```hcl
+module "net-vpc-factory" {
+ # ...
+ context = {
+ project_ids = {
+ data-project = "prefix-prod-data-app-0"
+ }
+ }
+}
+```
+
+### Other context ids
+
+Other contexts can be defined freely. Common uses include:
+
+- `$locations:` for GCP regions.
+- `$iam_principals:` for IAM principals.
+
+## Example
+
+```hcl
+module "net-vpc-factory" {
+ source = "./fabric/modules/net-vpc-factory"
+
+ context = {
+ project_ids = {
+ net-project = "my-host-project-id"
+ }
+ locations = {
+ primary = "europe-west1"
+ }
+ }
+
+ factories_config = {
+ vpcs = "data/vpcs"
+ }
+}
+# tftest files=vpc,fw modules=3 inventory=example.yaml
+```
+
+**data/vpcs/shared-vpc/.config.yaml**
+```yaml
+project_id: $project_ids:net-project
+name: data-vpc-0
+subnets:
+ - name: primary-subnet
+ region: $locations:primary
+ ip_cidr_range: 10.10.0.0/24
+# tftest-file id=vpc path=data/vpcs/data-vpc-0/.config.yaml schema=vpc.schema.json
+```
+
+**data/vpcs/data-vpc-0/firewall-rules/allow-iap.yaml**
+```yaml
+ingress:
+ allow-iap:
+ description: Allow IAP for SSH
+ source_ranges:
+ - 35.235.240.0/20
+ rules:
+ - protocol: tcp
+ ports: [22]
+ targets: ["ssh"]
+# tftest-file id=fw path=data/vpcs/data-vpc-0/firewall-rules/allow-iap.yaml schema=firewall-rules.schema.json
+```
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [context](variables.tf#L17) | Context-specific interpolations. | object({…}) | | {} |
+| [data_defaults](variables.tf#L27) | Optional default values used when corresponding vpc data from files are missing. | object({…}) | | {} |
+| [data_overrides](variables.tf#L62) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} |
+| [factories_config](variables.tf#L97) | Path to folder with YAML resource description data files. | object({…}) | | {} |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [firewall_rules](outputs.tf#L17) | Firewall rules. | |
+| [vpcs](outputs.tf#L22) | VPCs. | |
+| [vpcs_config](outputs.tf#L27) | Processed VPC configuration data. | |
+
diff --git a/modules/net-vpc-factory/data/defaults.yaml b/modules/net-vpc-factory/data/defaults.yaml
new file mode 100644
index 000000000..ec4d438a0
--- /dev/null
+++ b/modules/net-vpc-factory/data/defaults.yaml
@@ -0,0 +1,35 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/defaults.schema.json
+
+context:
+ cidr_ranges_sets:
+ healthchecks:
+ - 35.191.0.0/16
+ - 130.211.0.0/22
+ - 209.85.152.0/22
+ - 209.85.204.0/22
+ rfc1918:
+ - 10.0.0.0/8
+ - 172.16.0.0/12
+ - 192.168.0.0/16
+ locations:
+ primary: europe-west1
+ secondary: europe-west3
+ iam_principals: {}
+vpcs:
+ auto_create_subnetworks: false
+ delete_default_route_on_create: true
+ mtu: 1500
diff --git a/modules/net-vpc-factory/data/example/.config.yaml b/modules/net-vpc-factory/data/example/.config.yaml
new file mode 100644
index 000000000..c23ea6046
--- /dev/null
+++ b/modules/net-vpc-factory/data/example/.config.yaml
@@ -0,0 +1,13 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../schemas/vpc.schema.json
+
+name: example
+project_id: $project_ids:net
+auto_create_subnetworks: false
+subnets:
+ - name: example-default-primary
+ region: $locations:primary
+ ip_cidr_range: 172.16.0.0/24
diff --git a/modules/net-vpc-factory/data/example/firewall-rules/default-ingress.yaml b/modules/net-vpc-factory/data/example/firewall-rules/default-ingress.yaml
new file mode 100644
index 000000000..b06302ff0
--- /dev/null
+++ b/modules/net-vpc-factory/data/example/firewall-rules/default-ingress.yaml
@@ -0,0 +1,13 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/firewall-rules.schema.json
+
+ingress:
+ ingress-default-prod-deny:
+ description: "Deny and log any unmatched ingress traffic."
+ deny: true
+ priority: 65535
+ enable_logging:
+ include_metadata: false
diff --git a/modules/net-vpc-factory/data/example/subnets/example-default-secondary.yaml b/modules/net-vpc-factory/data/example/subnets/example-default-secondary.yaml
new file mode 100644
index 000000000..485d34826
--- /dev/null
+++ b/modules/net-vpc-factory/data/example/subnets/example-default-secondary.yaml
@@ -0,0 +1,8 @@
+# skip boilerplate check
+
+# yaml-language-server: $schema=../../../../schemas/subnet.schema.json
+
+name: example-default-secondary
+region: $locations:secondary
+ip_cidr_range: 10.0.0.0/24
+description: Default primary-region subnet for prod
diff --git a/modules/net-vpc-factory/main.tf b/modules/net-vpc-factory/main.tf
new file mode 100644
index 000000000..621fe50f0
--- /dev/null
+++ b/modules/net-vpc-factory/main.tf
@@ -0,0 +1,102 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ _vpcs_path = try(
+ pathexpand(var.factories_config.vpcs), null
+ )
+ _vpcs_files = try(
+ fileset(local._vpcs_path, "**/.config.yaml"),
+ []
+ )
+ _defaults = try(
+ yamldecode(file(var.factories_config.defaults)), {}
+ )
+ context = {
+ locations = merge(var.context.locations, try(local._defaults.context.locations, {}))
+ project_ids = merge(var.context.project_ids, try(local._defaults.context.project_ids, {}))
+ cidr_ranges_sets = try(local._defaults.context.cidr_ranges_sets, {})
+ iam_principals = try(local._defaults.context.iam_principals, {})
+ }
+ _vpcs_preprocess = [
+ for f in local._vpcs_files : merge(
+ yamldecode(file("${coalesce(local._vpcs_path, "-")}/${f}")),
+ {
+ factory_dirname = dirname(f)
+ factory_basepath = "${local._vpcs_path}/${dirname(f)}"
+ }
+ )
+ if f != "defaults.yaml"
+ ]
+ _vpcs = {
+ for v in local._vpcs_preprocess : v.factory_dirname => v
+ }
+ vpcs = {
+ for k, v in local._vpcs : k => merge(
+ try(local._defaults.vpcs, {}),
+ { for k, v in var.data_defaults : k => v if v != null },
+ v,
+ { for k, v in var.data_overrides : k => v if v != null },
+ {
+ subnets_factory_config = {
+ subnets_folder = "${v.factory_basepath}/subnets"
+ }
+ firewall_factory_config = {
+ rules_folder = "${v.factory_basepath}/firewall-rules"
+ }
+ }
+ )
+ }
+}
+
+module "vpcs" {
+ source = "../net-vpc"
+ for_each = local.vpcs
+ project_id = try(each.value.project_id, null)
+ name = try(each.value.name, null)
+ auto_create_subnetworks = try(each.value.auto_create_subnetworks, null)
+ create_googleapis_routes = try(each.value.create_googleapis_routes, null)
+ delete_default_routes_on_create = try(each.value.delete_default_routes_on_create, true)
+ description = try(each.value.description, "Terraform managed")
+ dns_policy = try(each.value.dns_policy, null)
+ factories_config = each.value.subnets_factory_config
+ firewall_policy_enforcement_order = try(each.value.firewall_policy_enforcement_order, "AFTER_CLASSIC_FIREWALL")
+ ipv6_config = try(each.value.ipv6_config, null)
+ mtu = try(each.value.mtu, null)
+ network_attachments = try(each.value.network_attachments, {})
+ psa_configs = try(each.value.psa_configs, [])
+ routing_mode = try(each.value.routing_mode, "GLOBAL")
+ subnets = try(each.value.subnets, [])
+ subnets_private_nat = try(each.value.subnets_private_nat, [])
+ subnets_proxy_only = try(each.value.subnets_proxy_only, [])
+ subnets_psc = try(each.value.subnets_psc, [])
+ context = local.context
+}
+
+module "firewall" {
+ source = "../net-vpc-firewall"
+ for_each = {
+ for k, v in local.vpcs : k => v if v.firewall_factory_config != null
+ }
+ project_id = each.value.project_id
+ network = each.value.name
+ factories_config = each.value.firewall_factory_config
+ default_rules_config = { disabled = true }
+ context = {
+ project_ids = local.context.project_ids
+ }
+ depends_on = [module.vpcs]
+}
diff --git a/modules/net-vpc-factory/outputs.tf b/modules/net-vpc-factory/outputs.tf
new file mode 100644
index 000000000..2ce2e2537
--- /dev/null
+++ b/modules/net-vpc-factory/outputs.tf
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "firewall_rules" {
+ description = "Firewall rules."
+ value = module.firewall
+}
+
+output "vpcs" {
+ description = "VPCs."
+ value = module.vpcs
+}
+
+output "vpcs_config" {
+ description = "Processed VPC configuration data."
+ value = local.vpcs
+}
diff --git a/modules/net-vpc-factory/schemas/firewall-rules.schema.json b/modules/net-vpc-factory/schemas/firewall-rules.schema.json
new file mode 100644
index 000000000..029bf85a6
--- /dev/null
+++ b/modules/net-vpc-factory/schemas/firewall-rules.schema.json
@@ -0,0 +1,104 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Firewall Rules",
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "egress": {
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^[a-z0-9_-]+$": {
+ "$ref": "#/$defs/rule"
+ }
+ }
+ },
+ "ingress": {
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^[a-z0-9_-]+$": {
+ "$ref": "#/$defs/rule"
+ }
+ }
+ }
+ },
+ "$defs": {
+ "rule": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "deny": {
+ "type": "boolean"
+ },
+ "description": {
+ "type": "string"
+ },
+ "destination_ranges": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "disabled": {
+ "type": "boolean"
+ },
+ "enable_logging": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "include_metadata": {
+ "type": "boolean"
+ }
+ }
+ },
+ "priority": {
+ "type": "number"
+ },
+ "source_ranges": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "sources": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "targets": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "use_service_accounts": {
+ "type": "boolean"
+ },
+ "rules": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "protocol": {
+ "type": "string"
+ },
+ "ports": {
+ "type": "array",
+ "items": {
+ "type": [
+ "integer",
+ "string"
+ ],
+ "pattern": "^[0-9]+(?:-[0-9]+)?$"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/net-vpc-factory/schemas/firewall-rules.schema.md b/modules/net-vpc-factory/schemas/firewall-rules.schema.md
new file mode 100644
index 000000000..40dd6d8e8
--- /dev/null
+++ b/modules/net-vpc-factory/schemas/firewall-rules.schema.md
@@ -0,0 +1,42 @@
+# Firewall Rules
+
+
+
+## Properties
+
+*additional properties: false*
+
+- **egress**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9_-]+$`**: *reference([rule](#refs-rule))*
+- **ingress**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9_-]+$`**: *reference([rule](#refs-rule))*
+
+## Definitions
+
+- **rule**: *object*
+
*additional properties: false*
+ - **deny**: *boolean*
+ - **description**: *string*
+ - **destination_ranges**: *array*
+ - items: *string*
+ - **disabled**: *boolean*
+ - **enable_logging**: *object*
+
*additional properties: false*
+ - **include_metadata**: *boolean*
+ - **priority**: *number*
+ - **source_ranges**: *array*
+ - items: *string*
+ - **sources**: *array*
+ - items: *string*
+ - **targets**: *array*
+ - items: *string*
+ - **use_service_accounts**: *boolean*
+ - **rules**: *array*
+ - items: *object*
+
*additional properties: false*
+ - **protocol**: *string*
+ - **ports**: *array*
+ - items: *(integer|string)*
+
*pattern: `^[0-9]+(?:-[0-9]+)?$`*
diff --git a/modules/net-vpc-factory/schemas/subnet.schema.json b/modules/net-vpc-factory/schemas/subnet.schema.json
new file mode 100644
index 000000000..6e1095692
--- /dev/null
+++ b/modules/net-vpc-factory/schemas/subnet.schema.json
@@ -0,0 +1,231 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Subnet",
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "region"
+ ],
+ "anyOf": [
+ {"required": ["ip_cidr_range"]},
+ {"required": ["reserved_internal_range"]},
+ {"required": ["ip_collection"]},
+ {
+ "allOf": [
+ {"not": {"required": ["ip_cidr_range"]}},
+ {"not": {"required": ["reserved_internal_range"]}},
+ {"not": {"required": ["ip_collection"]}},
+ {"properties": {"ipv6": {"properties": {"ipv6_only": {"const": true}}}}, "required": ["ipv6"]}
+ ]
+ }
+ ],
+ "properties": {
+ "active": {
+ "type": "boolean"
+ },
+ "description": {
+ "type": "string"
+ },
+ "enable_private_access": {
+ "type": "boolean"
+ },
+ "allow_subnet_cidr_routes_overlap": {
+ "type": "boolean"
+ },
+ "flow_logs_config": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "aggregation_interval": {
+ "type": "string"
+ },
+ "filter_expression": {
+ "type": "string"
+ },
+ "flow_sampling": {
+ "type": "number"
+ },
+ "metadata": {
+ "type": "string"
+ },
+ "metadata_fields": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "global": {
+ "type": "boolean"
+ },
+ "ip_cidr_range": {
+ "type": "string"
+ },
+ "reserved_internal_range": {
+ "type": "string",
+ "description": "Name of the internal range to use for this subnet. Mutually exclusive with ip_cidr_range and ip_collection."
+ },
+ "ipv6": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "access_type": {
+ "type": "string"
+ },
+ "ipv6_only": {
+ "type": "boolean"
+ }
+ }
+ },
+ "ip_collection": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "region": {
+ "type": "string"
+ },
+ "psc": {
+ "type": "boolean"
+ },
+ "proxy_only": {
+ "type": "boolean"
+ },
+ "secondary_ip_ranges": {
+ "type": "object",
+ "additionalProperties": {
+ "oneOf": [
+ {
+ "type": "string",
+ "description": "IP CIDR range for backward compatibility"
+ },
+ {
+ "type": "object",
+ "additionalProperties": false,
+ "anyOf": [
+ {"required": ["ip_cidr_range"]},
+ {"required": ["reserved_internal_range"]}
+ ],
+ "properties": {
+ "ip_cidr_range": {
+ "type": "string",
+ "description": "IP CIDR range for this secondary range"
+ },
+ "reserved_internal_range": {
+ "type": "string",
+ "description": "Name of the internal range to use for this secondary range"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "iam": {
+ "$ref": "#/$defs/iam"
+ },
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ }
+ },
+ "$defs": {
+ "iam": {
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^roles/": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)"
+ }
+ }
+ }
+ },
+ "iam_bindings": {
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^[a-z0-9_-]+$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "members": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)"
+ }
+ },
+ "role": {
+ "type": "string",
+ "pattern": "^roles/"
+ },
+ "condition": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "expression",
+ "title"
+ ],
+ "properties": {
+ "expression": {
+ "type": "string"
+ },
+ "title": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "iam_bindings_additive": {
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^[a-z0-9_-]+$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "member": {
+ "type": "string",
+ "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)"
+ },
+ "role": {
+ "type": "string",
+ "pattern": "^roles/"
+ },
+ "condition": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "expression",
+ "title"
+ ],
+ "properties": {
+ "expression": {
+ "type": "string"
+ },
+ "title": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/modules/net-vpc-factory/schemas/subnet.schema.md b/modules/net-vpc-factory/schemas/subnet.schema.md
new file mode 100644
index 000000000..26e23fcd8
--- /dev/null
+++ b/modules/net-vpc-factory/schemas/subnet.schema.md
@@ -0,0 +1,77 @@
+# Subnet
+
+
+
+## Properties
+
+*additional properties: false*
+
+- **active**: *boolean*
+- **description**: *string*
+- **enable_private_access**: *boolean*
+- **allow_subnet_cidr_routes_overlap**: *boolean*
+- **flow_logs_config**: *object*
+
*additional properties: false*
+ - **aggregation_interval**: *string*
+ - **filter_expression**: *string*
+ - **flow_sampling**: *number*
+ - **metadata**: *string*
+ - **metadata_fields**: *array*
+ - items: *string*
+- **global**: *boolean*
+- **ip_cidr_range**: *string*
+- **reserved_internal_range**: *string*
+- **ipv6**: *object*
+
*additional properties: false*
+ - **access_type**: *string*
+ - **ipv6_only**: *boolean*
+- **ip_collection**: *string*
+- **name**: *string*
+- ⁺**region**: *string*
+- **psc**: *boolean*
+- **proxy_only**: *boolean*
+- **secondary_ip_ranges**: *object*
+
*additional properties: oneof*
+ - *string*
+ - *object*
+
*additional properties: false*
+ - **ip_cidr_range**: *string*
+ - **reserved_internal_range**: *string*
+- **iam**: *reference([iam](#refs-iam))*
+- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
+
+## Definitions
+
+- **iam**: *object*
+
*additional properties: false*
+ - **`^roles/`**: *array*
+ - items: *string*
+
*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)*
+- **iam_bindings**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9_-]+$`**: *object*
+
*additional properties: false*
+ - **members**: *array*
+ - items: *string*
+
*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)*
+ - **role**: *string*
+
*pattern: ^roles/*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - ⁺**title**: *string*
+ - **description**: *string*
+- **iam_bindings_additive**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9_-]+$`**: *object*
+
*additional properties: false*
+ - **member**: *string*
+
*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)*
+ - **role**: *string*
+
*pattern: ^roles/*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - ⁺**title**: *string*
+ - **description**: *string*
diff --git a/modules/net-vpc-factory/schemas/vpc.schema.json b/modules/net-vpc-factory/schemas/vpc.schema.json
new file mode 100644
index 000000000..3d42a1a60
--- /dev/null
+++ b/modules/net-vpc-factory/schemas/vpc.schema.json
@@ -0,0 +1,402 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "VPC Configuration",
+ "description": "Schema for a VPC .config.yaml file.",
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "name",
+ "project_id"
+ ],
+ "properties": {
+ "project_id": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "auto_create_subnetworks": {
+ "type": "boolean"
+ },
+ "delete_default_routes_on_create": {
+ "type": "boolean"
+ },
+ "mtu": {
+ "type": "number"
+ },
+ "routing_mode": {
+ "type": "string",
+ "enum": [
+ "GLOBAL",
+ "REGIONAL"
+ ]
+ },
+ "firewall_policy_enforcement_order": {
+ "type": "string",
+ "enum": [
+ "BEFORE_CLASSIC_FIREWALL",
+ "AFTER_CLASSIC_FIREWALL"
+ ]
+ },
+ "create_googleapis_routes": {
+ "$ref": "#/$defs/create_googleapis_routes"
+ },
+ "dns_policy": {
+ "$ref": "#/$defs/dns_policy"
+ },
+ "ipv6_config": {
+ "$ref": "#/$defs/ipv6_config"
+ },
+ "network_attachments": {
+ "$ref": "#/$defs/network_attachments"
+ },
+ "routers": {
+ "$ref": "#/$defs/routers"
+ },
+ "peering_config": {
+ "$ref": "#/$defs/peering_config"
+ },
+ "psa_configs": {
+ "type": "array",
+ "items": {
+ "$ref": "#/$defs/psa_config"
+ }
+ },
+ "subnets": {
+ "type": "array",
+ "items": {
+ "$ref": "#/$defs/subnet"
+ }
+ },
+ "subnets_private_nat": {
+ "type": "array",
+ "items": {
+ "$ref": "#/$defs/simple_subnet"
+ }
+ },
+ "subnets_proxy_only": {
+ "type": "array",
+ "items": {
+ "$ref": "#/$defs/proxy_only_subnet"
+ }
+ },
+ "subnets_psc": {
+ "type": "array",
+ "items": {
+ "$ref": "#/$defs/simple_subnet"
+ }
+ },
+ "nat_config": {
+ "$ref": "#/$defs/nat_config"
+ },
+ "ncc_config": {
+ "$ref": "#/$defs/ncc_config"
+ },
+ "routes": {
+ "type": "object"
+ },
+ "policy_based_routes": {
+ "type": "object"
+ },
+ "vpn_config": {
+ "type": "object"
+ }
+ },
+ "$defs": {
+ "create_googleapis_routes": {
+ "type": "object",
+ "properties": {
+ "directpath": {
+ "type": "boolean"
+ },
+ "directpath-6": {
+ "type": "boolean"
+ },
+ "private": {
+ "type": "boolean"
+ },
+ "private-6": {
+ "type": "boolean"
+ },
+ "restricted": {
+ "type": "boolean"
+ },
+ "restricted-6": {
+ "type": "boolean"
+ }
+ }
+ },
+ "dns_policy": {
+ "type": "object",
+ "properties": {
+ "inbound": {
+ "type": "boolean"
+ },
+ "logging": {
+ "type": "boolean"
+ },
+ "outbound": {
+ "type": "object",
+ "properties": {
+ "private_ns": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "public_ns": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ },
+ "ipv6_config": {
+ "type": "object",
+ "properties": {
+ "enable_ula_internal": {
+ "type": "boolean"
+ },
+ "internal_range": {
+ "type": "string"
+ }
+ }
+ },
+ "nat_config": {
+ "type": "object",
+ "patternProperties": {
+ "^[a-z0-9-]+$": {
+ "type": "object",
+ "required": [
+ "region"
+ ],
+ "properties": {
+ "region": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ },
+ "ncc_config": {
+ "type": "object",
+ "required": [
+ "hub"
+ ],
+ "properties": {
+ "hub": {
+ "type": "string"
+ },
+ "group": {
+ "type": "string"
+ }
+ }
+ },
+ "network_attachments": {
+ "type": "object",
+ "patternProperties": {
+ "^[a-z0-9-]+$": {
+ "type": "object",
+ "properties": {
+ "subnet": {
+ "type": "string"
+ },
+ "automatic_connection": {
+ "type": "boolean"
+ },
+ "description": {
+ "type": "string"
+ },
+ "producer_accept_lists": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "producer_reject_lists": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ },
+ "peering_config": {
+ "type": "object",
+ "properties": {
+ "peer_vpc_self_link": {
+ "type": "string"
+ },
+ "create_remote_peer": {
+ "type": "boolean"
+ },
+ "export_routes": {
+ "type": "boolean"
+ },
+ "import_routes": {
+ "type": "boolean"
+ }
+ }
+ },
+ "psa_config": {
+ "type": "object",
+ "properties": {
+ "deletion_policy": {
+ "type": "string"
+ },
+ "ranges": {
+ "type": "object",
+ "patternProperties": {
+ "^[a-z0-9-]+$": {
+ "type": "string"
+ }
+ }
+ },
+ "export_routes": {
+ "type": "boolean"
+ },
+ "import_routes": {
+ "type": "boolean"
+ },
+ "peered_domains": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "range_prefix": {
+ "type": "string"
+ },
+ "service_producer": {
+ "type": "string"
+ }
+ }
+ },
+ "routers": {
+ "type": "object",
+ "description": "A map of Cloud Routers to create in this VPC.",
+ "patternProperties": {
+ "^[a-z0-9-]+$": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "region",
+ "asn"
+ ],
+ "properties": {
+ "region": {
+ "type": "string"
+ },
+ "asn": {
+ "type": "number"
+ },
+ "custom_advertise": {
+ "type": "object",
+ "properties": {
+ "all_subnets": {
+ "type": "boolean"
+ },
+ "ip_ranges": {
+ "type": "object",
+ "patternProperties": {
+ ".*": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "simple_subnet": {
+ "type": "object",
+ "required": [
+ "name",
+ "ip_cidr_range",
+ "region"
+ ],
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "ip_cidr_range": {
+ "type": "string"
+ },
+ "region": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ }
+ }
+ },
+ "subnet": {
+ "type": "object",
+ "required": [
+ "name",
+ "region"
+ ],
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "ip_cidr_range": {
+ "type": "string"
+ },
+ "region": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "enable_private_access": {
+ "type": "boolean"
+ },
+ "allow_subnet_cidr_routes_overlap": {
+ "type": "boolean"
+ },
+ "reserved_internal_range": {
+ "type": "string"
+ }
+ }
+ },
+ "proxy_only_subnet": {
+ "type": "object",
+ "required": [
+ "name",
+ "ip_cidr_range",
+ "region"
+ ],
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "ip_cidr_range": {
+ "type": "string"
+ },
+ "region": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "active": {
+ "type": "boolean"
+ },
+ "global": {
+ "type": "boolean"
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/net-vpc-factory/schemas/vpc.schema.md b/modules/net-vpc-factory/schemas/vpc.schema.md
new file mode 100644
index 000000000..1b70f1bea
--- /dev/null
+++ b/modules/net-vpc-factory/schemas/vpc.schema.md
@@ -0,0 +1,119 @@
+# VPC Configuration
+
+
+
+## Properties
+
+*additional properties: false*
+
+- ⁺**project_id**: *string*
+- ⁺**name**: *string*
+- **description**: *string*
+- **auto_create_subnetworks**: *boolean*
+- **delete_default_routes_on_create**: *boolean*
+- **mtu**: *number*
+- **routing_mode**: *string*
+
*enum: ['GLOBAL', 'REGIONAL']*
+- **firewall_policy_enforcement_order**: *string*
+
*enum: ['BEFORE_CLASSIC_FIREWALL', 'AFTER_CLASSIC_FIREWALL']*
+- **create_googleapis_routes**: *reference([create_googleapis_routes](#refs-create_googleapis_routes))*
+- **dns_policy**: *reference([dns_policy](#refs-dns_policy))*
+- **ipv6_config**: *reference([ipv6_config](#refs-ipv6_config))*
+- **network_attachments**: *reference([network_attachments](#refs-network_attachments))*
+- **routers**: *reference([routers](#refs-routers))*
+- **peering_config**: *reference([peering_config](#refs-peering_config))*
+- **psa_configs**: *array*
+ - items: *reference([psa_config](#refs-psa_config))*
+- **subnets**: *array*
+ - items: *reference([subnet](#refs-subnet))*
+- **subnets_private_nat**: *array*
+ - items: *reference([simple_subnet](#refs-simple_subnet))*
+- **subnets_proxy_only**: *array*
+ - items: *reference([proxy_only_subnet](#refs-proxy_only_subnet))*
+- **subnets_psc**: *array*
+ - items: *reference([simple_subnet](#refs-simple_subnet))*
+- **nat_config**: *reference([nat_config](#refs-nat_config))*
+- **ncc_config**: *reference([ncc_config](#refs-ncc_config))*
+- **routes**: *object*
+- **policy_based_routes**: *object*
+- **vpn_config**: *object*
+
+## Definitions
+
+- **create_googleapis_routes**: *object*
+ - **directpath**: *boolean*
+ - **directpath-6**: *boolean*
+ - **private**: *boolean*
+ - **private-6**: *boolean*
+ - **restricted**: *boolean*
+ - **restricted-6**: *boolean*
+- **dns_policy**: *object*
+ - **inbound**: *boolean*
+ - **logging**: *boolean*
+ - **outbound**: *object*
+ - **private_ns**: *array*
+ - items: *string*
+ - **public_ns**: *array*
+ - items: *string*
+- **ipv6_config**: *object*
+ - **enable_ula_internal**: *boolean*
+ - **internal_range**: *string*
+- **nat_config**: *object*
+ - **`^[a-z0-9-]+$`**: *object*
+ - ⁺**region**: *string*
+- **ncc_config**: *object*
+ - ⁺**hub**: *string*
+ - **group**: *string*
+- **network_attachments**: *object*
+ - **`^[a-z0-9-]+$`**: *object*
+ - **subnet**: *string*
+ - **automatic_connection**: *boolean*
+ - **description**: *string*
+ - **producer_accept_lists**: *array*
+ - items: *string*
+ - **producer_reject_lists**: *array*
+ - items: *string*
+- **peering_config**: *object*
+ - **peer_vpc_self_link**: *string*
+ - **create_remote_peer**: *boolean*
+ - **export_routes**: *boolean*
+ - **import_routes**: *boolean*
+- **psa_config**: *object*
+ - **deletion_policy**: *string*
+ - **ranges**: *object*
+ - **`^[a-z0-9-]+$`**: *string*
+ - **export_routes**: *boolean*
+ - **import_routes**: *boolean*
+ - **peered_domains**: *array*
+ - items: *string*
+ - **range_prefix**: *string*
+ - **service_producer**: *string*
+- **routers**: *object*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**region**: *string*
+ - ⁺**asn**: *number*
+ - **custom_advertise**: *object*
+ - **all_subnets**: *boolean*
+ - **ip_ranges**: *object*
+ - **`.*`**: *string*
+- **simple_subnet**: *object*
+ - ⁺**name**: *string*
+ - ⁺**ip_cidr_range**: *string*
+ - ⁺**region**: *string*
+ - **description**: *string*
+- **subnet**: *object*
+ - ⁺**name**: *string*
+ - **ip_cidr_range**: *string*
+ - ⁺**region**: *string*
+ - **description**: *string*
+ - **enable_private_access**: *boolean*
+ - **allow_subnet_cidr_routes_overlap**: *boolean*
+ - **reserved_internal_range**: *string*
+- **proxy_only_subnet**: *object*
+ - ⁺**name**: *string*
+ - ⁺**ip_cidr_range**: *string*
+ - ⁺**region**: *string*
+ - **description**: *string*
+ - **active**: *boolean*
+ - **global**: *boolean*
diff --git a/modules/net-vpc-factory/variables.tf b/modules/net-vpc-factory/variables.tf
new file mode 100644
index 000000000..2ce00f819
--- /dev/null
+++ b/modules/net-vpc-factory/variables.tf
@@ -0,0 +1,105 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "context" {
+ description = "Context-specific interpolations."
+ type = object({
+ locations = optional(map(string), {})
+ project_ids = optional(map(string), {})
+ })
+ default = {}
+ nullable = false
+}
+
+variable "data_defaults" {
+ description = "Optional default values used when corresponding vpc data from files are missing."
+ type = object({
+ project_id = optional(string)
+ description = optional(string, "Terraform managed")
+ auto_create_subnetworks = optional(bool)
+ delete_default_routes_on_create = optional(bool, true)
+ mtu = optional(number)
+ routing_mode = optional(string, "GLOBAL")
+ firewall_policy_enforcement_order = optional(string, "AFTER_CLASSIC_FIREWALL")
+ create_googleapis_routes = optional(object({
+ directpath = optional(bool)
+ directpath-6 = optional(bool)
+ private = optional(bool)
+ private-6 = optional(bool)
+ restricted = optional(bool)
+ restricted-6 = optional(bool)
+ }), {})
+ dns_policy = optional(object({
+ inbound = optional(bool)
+ logging = optional(bool)
+ outbound = optional(object({
+ private_ns = optional(list(string))
+ public_ns = optional(list(string))
+ }))
+ }))
+ ipv6_config = optional(object({
+ enable_ula_internal = optional(bool)
+ internal_range = optional(string)
+ }), {})
+ })
+ default = {}
+ nullable = false
+}
+
+variable "data_overrides" {
+ description = "Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`."
+ type = object({
+ project_id = optional(string)
+ description = optional(string)
+ auto_create_subnetworks = optional(bool)
+ delete_default_routes_on_create = optional(bool)
+ mtu = optional(number)
+ routing_mode = optional(string)
+ firewall_policy_enforcement_order = optional(string)
+ create_googleapis_routes = optional(object({
+ directpath = optional(bool)
+ directpath-6 = optional(bool)
+ private = optional(bool)
+ private-6 = optional(bool)
+ restricted = optional(bool)
+ restricted-6 = optional(bool)
+ }))
+ dns_policy = optional(object({
+ inbound = optional(bool)
+ logging = optional(bool)
+ outbound = optional(object({
+ private_ns = optional(list(string))
+ public_ns = optional(list(string))
+ }))
+ }))
+ ipv6_config = optional(object({
+ enable_ula_internal = optional(bool)
+ internal_range = optional(string)
+ }))
+ })
+ default = {}
+ nullable = false
+}
+
+variable "factories_config" {
+ description = "Path to folder with YAML resource description data files."
+ type = object({
+ vpcs = optional(string)
+ defaults = optional(string)
+ })
+ default = {}
+ nullable = false
+}
diff --git a/modules/organization/README.md b/modules/organization/README.md
index 7ad46d206..1b8fd2126 100644
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@@ -263,7 +263,7 @@ custom.dataprocNoMoreThan10Workers:
## Privileged Access Manager (PAM) Entitlements
-[Privileged Access Manager](https://cloud.google.com/iam/docs/privileged-access-manager-overview) entitlements can be defined via the `pam_entitlements` variable.
+[Privileged Access Manager](https://docs.cloud.google.com/iam/docs/pam-overview) entitlements can be defined via the `pam_entitlements` variable.
Note that using PAM entitlements requires specific roles to be granted to the users and groups that will be using them. For more information, see the [official documentation](https://cloud.google.com/iam/docs/pam-permissions-and-setup#before-you-begin).
diff --git a/modules/organization/schemas/scc-mute-config.schema.md b/modules/organization/schemas/scc-mute-config.schema.md
index 3d542a312..d103af2d6 100644
--- a/modules/organization/schemas/scc-mute-config.schema.md
+++ b/modules/organization/schemas/scc-mute-config.schema.md
@@ -8,7 +8,7 @@
- **description**: *string*
- ⁺**filter**: *string*
- **type**: *string*
- - enum: `DYNAMIC`, `STATIC`
+
*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
## Definitions
diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index 0875c08bc..91e3df336 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -640,6 +640,10 @@ service_accounts:
iam:
roles/iam.serviceAccountUser:
- $iam_principals:service_accounts/_self_/app-0-fe
+ iam_bindings_additive:
+ test:
+ role: roles/iam.serviceAccountUser
+ member: group:team-a-admins@example.org
iam_sa_roles:
$service_account_ids:_self_/app-0-fe:
- roles/iam.serviceAccountUser
diff --git a/modules/project-factory/projects-service-accounts.tf b/modules/project-factory/projects-service-accounts.tf
index 1e1c69af4..afbdc71ef 100644
--- a/modules/project-factory/projects-service-accounts.tf
+++ b/modules/project-factory/projects-service-accounts.tf
@@ -28,6 +28,8 @@ locals {
"Terraform-managed."
)
iam = try(opts.iam, {})
+ iam_bindings = try(opts.iam_bindings, {})
+ iam_bindings_additive = try(opts.iam_bindings_additive, {})
iam_billing_roles = try(opts.iam_billing_roles, {})
iam_organization_roles = try(opts.iam_organization_roles, {})
iam_sa_roles = try(opts.iam_sa_roles, {})
@@ -119,6 +121,8 @@ module "service_accounts-iam" {
lookup(local.self_sas_ids, each.value.project_key, {})
)
})
- iam = each.value.iam
- iam_sa_roles = each.value.iam_sa_roles
-}
\ No newline at end of file
+ iam = each.value.iam
+ iam_bindings = each.value.iam_bindings
+ iam_bindings_additive = each.value.iam_bindings_additive
+ iam_sa_roles = each.value.iam_sa_roles
+}
diff --git a/modules/project-factory/schemas/folder.schema.md b/modules/project-factory/schemas/folder.schema.md
index d71e11920..846d18c6b 100644
--- a/modules/project-factory/schemas/folder.schema.md
+++ b/modules/project-factory/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -237,7 +259,7 @@
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
- *additional properties: String*
+
*additional properties: string*
- **partner**: *string*
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
diff --git a/modules/project-factory/schemas/project.schema.json b/modules/project-factory/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/modules/project-factory/schemas/project.schema.json
+++ b/modules/project-factory/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/modules/project-factory/schemas/project.schema.md b/modules/project-factory/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/modules/project-factory/schemas/project.schema.md
+++ b/modules/project-factory/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/modules/project/README.md b/modules/project/README.md
index 33e9b91a9..a28ac5213 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -1530,7 +1530,7 @@ cpus-ew8:
## Privileged Access Manager (PAM) Entitlements
-[Privileged Access Manager](https://cloud.google.com/iam/docs/privileged-access-manager-overview) entitlements can be defined via the `pam_entitlements` variable.
+[Privileged Access Manager](https://docs.cloud.google.com/iam/docs/pam-overview) entitlements can be defined via the `pam_entitlements` variable.
Note that using PAM entitlements requires specific roles to be granted to the users and groups that will be using them. For more information, see the [official documentation](https://cloud.google.com/iam/docs/pam-permissions-and-setup#before-you-begin).
diff --git a/modules/project/schemas/scc-mute-config.schema.md b/modules/project/schemas/scc-mute-config.schema.md
index 3d542a312..d103af2d6 100644
--- a/modules/project/schemas/scc-mute-config.schema.md
+++ b/modules/project/schemas/scc-mute-config.schema.md
@@ -8,7 +8,7 @@
- **description**: *string*
- ⁺**filter**: *string*
- **type**: *string*
- - enum: `DYNAMIC`, `STATIC`
+
*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
## Definitions
diff --git a/modules/projects-data-source/README.md b/modules/projects-data-source/README.md
index c5a19d76c..d5cc30474 100644
--- a/modules/projects-data-source/README.md
+++ b/modules/projects-data-source/README.md
@@ -1,6 +1,6 @@
# Projects Data Source Module
-This module extends functionality of [google_projects](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/projects) data source by retrieving all the projects under a specific `parent` recursively with only one API call against [Cloud Asset Inventory](https://cloud.google.com/asset-inventory) service.
+This module extends functionality of [google_projects](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/projects) data source by retrieving all the projects under a specific `parent` recursively with only one API call against [Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs) service.
A good usage pattern would be when we want all the projects under a specific folder (including nested subfolders) to be included into [VPC Service Controls](../vpc-sc/). Instead of manually maintaining the list of project numbers as an input to the `vpc-sc` module we can use that module to retrieve all the project numbers dynamically.
diff --git a/tests/fast/stages/s2_networking/ncc.yaml b/tests/fast/stages/s2_networking/ncc.yaml
index 4f3907118..c8b3d7c92 100644
--- a/tests/fast/stages/s2_networking/ncc.yaml
+++ b/tests/fast/stages/s2_networking/ncc.yaml
@@ -12,2003 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-values:
- google_compute_ha_vpn_gateway.default["hub/to-onprem"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: hub-to-onprem
- network: hub-0
- project: fast-prod-net-core-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_router.default["hub/vpn-router"]:
- bgp:
- - advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- asn: 64514
- keepalive_interval: 20
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: hub-vpn-router
- project: fast-prod-net-core-0
- region: europe-west1
- timeouts: null
- google_network_connectivity_group.default["hub/default"]:
- auto_accept:
- - auto_accept_projects:
- - fast-prod-net-core-0
- - fast-prod-net-spoke-0
- - fast-dev-net-spoke-0
- description: Terraform-managed
- effective_labels:
- goog-terraform-provisioned: 'true'
- labels: null
- name: default
- project: fast-prod-net-core-0
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_network_connectivity_hub.default["hub"]:
- description: Terraform-managed
- effective_labels:
- goog-terraform-provisioned: 'true'
- export_psc: true
- labels: null
- name: hub
- preset_topology: MESH
- project: fast-prod-net-core-0
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_network_connectivity_spoke.tunnels["hub/to-onprem/hub"]:
- description: Terraform-managed.
- effective_labels:
- goog-terraform-provisioned: 'true'
- labels: null
- linked_interconnect_attachments: []
- linked_producer_vpc_network: []
- linked_router_appliance_instances: []
- linked_vpc_network: []
- linked_vpn_tunnels:
- - include_import_ranges:
- - ALL_IPV4_RANGES
- site_to_site_data_transfer: true
- location: europe-west1
- name: hub-to-onprem-hub
- project: fast-prod-net-core-0
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_network_connectivity_spoke.vpcs["dev/hub"]:
- description: Terraform-managed
- effective_labels:
- goog-terraform-provisioned: 'true'
- labels: null
- linked_interconnect_attachments: []
- linked_producer_vpc_network: []
- linked_router_appliance_instances: []
- linked_vpc_network:
- - exclude_export_ranges: null
- include_export_ranges: null
- linked_vpn_tunnels: []
- location: global
- name: dev-hub
- project: fast-dev-net-spoke-0
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_network_connectivity_spoke.vpcs["prod/hub"]:
- description: Terraform-managed
- effective_labels:
- goog-terraform-provisioned: 'true'
- labels: null
- linked_interconnect_attachments: []
- linked_producer_vpc_network: []
- linked_router_appliance_instances: []
- linked_vpc_network:
- - exclude_export_ranges: null
- include_export_ranges: null
- linked_vpn_tunnels: []
- location: global
- name: prod-hub
- project: fast-prod-net-spoke-0
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_storage_bucket_object.tfvars[0]:
- bucket: test
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: null
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: tfvars/2-networking.auto.tfvars.json
- retention: []
- source: null
- temporary_hold: null
- timeouts: null
- google_storage_bucket_object.version[0]:
- bucket: test
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: null
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: versions/2-networking-version.txt
- retention: []
- source: fast_version.txt
- temporary_hold: null
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy.default[0]:
- description: Terraform managed.
- gke_clusters: []
- networks:
- - {}
- - {}
- - {}
- project: fast-prod-net-core-0
- response_policy_name: net-core-0
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["accounts"]:
- behavior: bypassResponsePolicy
- dns_name: accounts.google.com.
- local_data: []
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: accounts
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["aiplatform-notebook-cloud-all"]:
- behavior: null
- dns_name: '*.aiplatform-notebook.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.aiplatform-notebook.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: aiplatform-notebook-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["aiplatform-notebook-gu-all"]:
- behavior: null
- dns_name: '*.aiplatform-notebook.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.aiplatform-notebook.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: aiplatform-notebook-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["appengine"]:
- behavior: null
- dns_name: appengine.google.com.
- local_data:
- - local_datas:
- - name: appengine.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: appengine
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["appspot-all"]:
- behavior: null
- dns_name: '*.appspot.com.'
- local_data:
- - local_datas:
- - name: '*.appspot.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: appspot-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-cloud"]:
- behavior: null
- dns_name: backupdr.cloud.google.com.
- local_data:
- - local_datas:
- - name: backupdr.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-cloud
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-cloud-all"]:
- behavior: null
- dns_name: '*.backupdr.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.backupdr.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-gu"]:
- behavior: null
- dns_name: backupdr.googleusercontent.google.com.
- local_data:
- - local_datas:
- - name: backupdr.googleusercontent.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-gu-all"]:
- behavior: null
- dns_name: '*.backupdr.googleusercontent.google.com.'
- local_data:
- - local_datas:
- - name: '*.backupdr.googleusercontent.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["cloudfunctions"]:
- behavior: null
- dns_name: '*.cloudfunctions.net.'
- local_data:
- - local_datas:
- - name: '*.cloudfunctions.net.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: cloudfunctions
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["cloudproxy"]:
- behavior: null
- dns_name: '*.cloudproxy.app.'
- local_data:
- - local_datas:
- - name: '*.cloudproxy.app.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: cloudproxy
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["composer-cloud-all"]:
- behavior: null
- dns_name: '*.composer.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.composer.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: composer-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["composer-gu-all"]:
- behavior: null
- dns_name: '*.composer.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.composer.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: composer-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["datafusion-all"]:
- behavior: null
- dns_name: '*.datafusion.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.datafusion.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: datafusion-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["datafusion-gu-all"]:
- behavior: null
- dns_name: '*.datafusion.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.datafusion.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: datafusion-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc"]:
- behavior: null
- dns_name: dataproc.cloud.google.com.
- local_data:
- - local_datas:
- - name: dataproc.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-all"]:
- behavior: null
- dns_name: '*.dataproc.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.dataproc.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-gu"]:
- behavior: null
- dns_name: dataproc.googleusercontent.com.
- local_data:
- - local_datas:
- - name: dataproc.googleusercontent.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-gu-all"]:
- behavior: null
- dns_name: '*.dataproc.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.dataproc.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dl"]:
- behavior: null
- dns_name: dl.google.com.
- local_data:
- - local_datas:
- - name: dl.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dl
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gcr"]:
- behavior: null
- dns_name: gcr.io.
- local_data:
- - local_datas:
- - name: gcr.io.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gcr
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gcr-all"]:
- behavior: null
- dns_name: '*.gcr.io.'
- local_data:
- - local_datas:
- - name: '*.gcr.io.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gcr-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gke-all"]:
- behavior: null
- dns_name: '*.gke.goog.'
- local_data:
- - local_datas:
- - name: '*.gke.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gke-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-all"]:
- behavior: null
- dns_name: '*.googleapis.com.'
- local_data:
- - local_datas:
- - name: '*.googleapis.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-private"]:
- behavior: null
- dns_name: private.googleapis.com.
- local_data:
- - local_datas:
- - name: private.googleapis.com.
- rrdatas:
- - 199.36.153.8
- - 199.36.153.9
- - 199.36.153.10
- - 199.36.153.11
- ttl: null
- type: A
- - name: private.googleapis.com.
- rrdatas:
- - '2600:2d00:2:2000::'
- ttl: null
- type: AAAA
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-private
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-restricted"]:
- behavior: null
- dns_name: restricted.googleapis.com.
- local_data:
- - local_datas:
- - name: restricted.googleapis.com.
- rrdatas:
- - 199.36.153.4
- - 199.36.153.5
- - 199.36.153.6
- - 199.36.153.7
- ttl: null
- type: A
- - name: restricted.googleapis.com.
- rrdatas:
- - '2600:2d00:2:1000::'
- ttl: null
- type: AAAA
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-restricted
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gstatic-all"]:
- behavior: null
- dns_name: '*.gstatic.com.'
- local_data:
- - local_datas:
- - name: '*.gstatic.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gstatic-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["kernels-gu"]:
- behavior: null
- dns_name: kernels.googleusercontent.com.
- local_data:
- - local_datas:
- - name: kernels.googleusercontent.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: kernels-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["kernels-gu-all"]:
- behavior: null
- dns_name: '*.kernels.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.kernels.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: kernels-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["ltsapis-all"]:
- behavior: null
- dns_name: '*.ltsapis.goog.'
- local_data:
- - local_datas:
- - name: '*.ltsapis.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: ltsapis-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks"]:
- behavior: null
- dns_name: notebooks.cloud.google.com.
- local_data:
- - local_datas:
- - name: notebooks.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks-all"]:
- behavior: null
- dns_name: '*.notebooks.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.notebooks.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks-gu-all"]:
- behavior: null
- dns_name: '*.notebooks.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.notebooks.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["packages-cloud"]:
- behavior: null
- dns_name: packages.cloud.google.com.
- local_data:
- - local_datas:
- - name: packages.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: packages-cloud
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["packages-cloud-all"]:
- behavior: null
- dns_name: '*.packages.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.packages.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: packages-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkgdev"]:
- behavior: null
- dns_name: pkg.dev.
- local_data:
- - local_datas:
- - name: pkg.dev.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkgdev
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkgdev-all"]:
- behavior: null
- dns_name: '*.pkg.dev.'
- local_data:
- - local_datas:
- - name: '*.pkg.dev.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkgdev-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkigoog"]:
- behavior: null
- dns_name: pki.goog.
- local_data:
- - local_datas:
- - name: pki.goog.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkigoog
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkigoog-all"]:
- behavior: null
- dns_name: '*.pki.goog.'
- local_data:
- - local_datas:
- - name: '*.pki.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkigoog-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["run-all"]:
- behavior: null
- dns_name: '*.run.app.'
- local_data:
- - local_datas:
- - name: '*.run.app.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: run-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["source"]:
- behavior: null
- dns_name: source.developers.google.com.
- local_data:
- - local_datas:
- - name: source.developers.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: source
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["storage"]:
- behavior: null
- dns_name: storage.cloud.google.com.
- local_data:
- - local_datas:
- - name: storage.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: storage
- timeouts: null
- module.dns-zones["net-core-0/fwd-root"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: onprem.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config:
- - target_name_servers:
- - domain_name: ''
- forwarding_path: default
- ipv4_address: 1.1.1.1
- - domain_name: ''
- forwarding_path: default
- ipv4_address: 8.8.8.8
- labels: null
- name: net-core-0-fwd-root
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/peer-root"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: .
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-core-0-peer-root
- peering_config:
- - target_network:
- - {}
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/pvt-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-core-0-pvt-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/pvt-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-core-0-pvt-test
- name: localhost.test.
- project: fast-prod-net-core-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.dns-zones["net-dev-0/pvt-dev-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: dev.test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-dev-0-pvt-dev-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-dev-net-spoke-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-dev-0/pvt-dev-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-dev-0-pvt-dev-test
- name: localhost.dev.test.
- project: fast-dev-net-spoke-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.dns-zones["net-prod-0/pvt-prod-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: prod.test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-prod-0-pvt-prod-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-prod-net-spoke-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-prod-0/pvt-prod-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-prod-0-pvt-prod-test
- name: localhost.prod.test.
- project: fast-prod-net-spoke-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.firewall["dev"].google_compute_firewall.custom-rules["ingress-default-dev-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-dev-deny
- network: dev-0
- priority: 65535
- project: fast-dev-net-spoke-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall["prod"].google_compute_firewall.custom-rules["ingress-default-prod-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-prod-deny
- network: prod-0
- priority: 65535
- project: fast-prod-net-spoke-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy.hierarchical[0]:
- description: null
- parent: folders/12345678
- short_name: network-policy
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_association.hierarchical["networking"]:
- attachment_target: folders/12345678
- name: network-policy-networking
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["egress/deny-example-ip"]:
- action: deny
- description: Allow internal traffic within the VPC
- direction: EGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges:
- - 1.2.3.4/32
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: all
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges: null
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 2000
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-healthchecks"]:
- action: allow
- description: Enable SSH, HTTP and HTTPS healthchecks
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: tcp
- ports:
- - '22'
- - '80'
- - '443'
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 35.191.0.0/16
- - 130.211.0.0/22
- - 209.85.152.0/22
- - 209.85.204.0/22
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1001
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-icmp"]:
- action: allow
- description: Enable ICMP
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: icmp
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 0.0.0.0/0
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1003
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-nat-ranges"]:
- action: allow
- description: Enable NAT ranges for VPC serverless connector
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: all
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 107.178.230.64/26
- - 35.199.224.0/19
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1004
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-ssh-from-iap"]:
- action: allow
- description: Enable SSH from IAP
- direction: INGRESS
- disabled: false
- enable_logging: true
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: tcp
- ports:
- - '22'
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 35.235.240.0/20
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1002
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.nat["dev/nat-primary"].google_compute_router.router[0]:
- bgp: []
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: dev-nat-primary-nat
- project: fast-dev-net-spoke-0
- region: europe-west1
- timeouts: null
- module.nat["dev/nat-primary"].google_compute_router_nat.nat:
- enable_dynamic_port_allocation: false
- enable_endpoint_independent_mapping: true
- icmp_idle_timeout_sec: 30
- initial_nat_ips: null
- log_config:
- - enable: false
- filter: ALL
- max_ports_per_vm: 65536
- name: dev-nat-primary
- nat64_subnetwork: []
- nat_ip_allocate_option: AUTO_ONLY
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-nat-primary-nat
- rules: []
- source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
- source_subnetwork_ip_ranges_to_nat64: null
- subnetwork: []
- tcp_established_idle_timeout_sec: 1200
- tcp_time_wait_timeout_sec: 120
- tcp_transitory_idle_timeout_sec: 30
- timeouts: null
- type: PUBLIC
- udp_idle_timeout_sec: 30
- module.nat["prod/nat-primary"].google_compute_router.router[0]:
- bgp: []
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: prod-nat-primary-nat
- project: fast-prod-net-spoke-0
- region: europe-west1
- timeouts: null
- module.nat["prod/nat-primary"].google_compute_router_nat.nat:
- enable_dynamic_port_allocation: false
- enable_endpoint_independent_mapping: true
- icmp_idle_timeout_sec: 30
- initial_nat_ips: null
- log_config:
- - enable: false
- filter: ALL
- max_ports_per_vm: 65536
- name: prod-nat-primary
- nat64_subnetwork: []
- nat_ip_allocate_option: AUTO_ONLY
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-nat-primary-nat
- rules: []
- source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
- source_subnetwork_ip_ranges_to_nat64: null
- subnetwork: []
- tcp_established_idle_timeout_sec: 1200
- tcp_time_wait_timeout_sec: 120
- tcp_transitory_idle_timeout_sec: 30
- timeouts: null
- type: PUBLIC
- udp_idle_timeout_sec: 30
- module.projects.module.projects-iam["net-core-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-prod-net-core-0
- timeouts: null
- module.projects.module.projects-iam["net-dev-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-dev-net-spoke-0
- timeouts: null
- module.projects.module.projects-iam["net-prod-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-prod-net-spoke-0
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '12345678'
- labels: null
- name: fast-prod-net-core-0
- org_id: null
- project_id: fast-prod-net-core-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-prod-net-core-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-prod-net-core-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-prod-net-core-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-prod-net-core-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-prod-net-core-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-prod-net-core-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-prod-net-core-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '34567890'
- labels: null
- name: fast-dev-net-spoke-0
- org_id: null
- project_id: fast-dev-net-spoke-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '23456789'
- labels: null
- name: fast-prod-net-spoke-0
- org_id: null
- project_id: fast-prod-net-spoke-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.terraform_data.defaults_preconditions:
- input: null
- output: null
- triggers_replace: null
- module.projects.terraform_data.project-preconditions:
- input: null
- output: null
- triggers_replace: null
- module.vpc_routes["hub"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: hub-0-default
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpc_routes["dev"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: dev-0-default
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpc_routes["prod"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: prod-0-default
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: dev-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-dev-net-spoke-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: dev-0-directpath-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: dev-0-private-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: dev-0-restricted-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_subnetwork.subnetwork["europe-west1/dev-default"]:
- description: Default primary-region subnet for dev
- ip_cidr_range: 10.73.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: dev-default
- network: dev-0
- private_ip_google_access: true
- project: fast-dev-net-spoke-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["hub"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: hub-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-prod-net-core-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: hub-0-directpath-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: hub-0-private-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: hub-0-restricted-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_subnetwork.subnetwork["europe-west1/hub-default"]:
- description: Default primary-region subnet for hub
- ip_cidr_range: 10.71.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: hub-default
- network: hub-0
- private_ip_google_access: true
- project: fast-prod-net-core-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["prod"].google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-psa"]:
- address: 10.72.224.0
- address_type: INTERNAL
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ip_version: null
- labels: null
- name: servicenetworking-googleapis-com-psa
- prefix_length: 24
- project: fast-prod-net-spoke-0
- purpose: VPC_PEERING
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.vpcs["prod"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: prod-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-prod-net-spoke-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["prod"].google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
- export_custom_routes: true
- import_custom_routes: true
- network: prod-0
- project: fast-prod-net-spoke-0
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: prod-0-directpath-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: prod-0-private-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: prod-0-restricted-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_subnetwork.proxy_only["europe-west1/primary-region-proxy-only"]:
- description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal
- HTTPS or Cross-Regional HTTPS Internal LB.
- ip_cidr_range: 10.72.240.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: primary-region-proxy-only
- network: prod-0
- project: fast-prod-net-spoke-0
- purpose: REGIONAL_MANAGED_PROXY
- region: europe-west1
- reserved_internal_range: null
- role: ACTIVE
- send_secondary_ip_range_if_empty: null
- timeouts: null
- module.vpcs["prod"].google_compute_subnetwork.subnetwork["europe-west1/prod-default"]:
- description: Default primary-region subnet for prod
- ip_cidr_range: 10.72.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: prod-default
- network: prod-0
- private_ip_google_access: true
- project: fast-prod-net-spoke-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["prod"].google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
- deletion_policy: null
- reserved_peering_ranges:
- - servicenetworking-googleapis-com-psa
- service: servicenetworking.googleapis.com
- timeouts: null
- update_on_creation_fail: null
- module.vpcs["prod"].google_service_networking_peered_dns_domain.name["servicenetworking-googleapis-com-test"]:
- dns_suffix: test.
- name: servicenetworking-googleapis-com-test
- network: prod-0
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.vpn-ha["hub/to-onprem"].google_compute_external_vpn_gateway.external_gateway["default"]:
- description: Terraform managed external VPN gateway
- effective_labels:
- goog-terraform-provisioned: 'true'
- interface:
- - id: 0
- ip_address: 8.8.8.8
- ipv6_address: null
- labels: null
- name: hub-to-onprem-default
- project: fast-prod-net-core-0
- redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.vpn-ha["hub/to-onprem"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.128.2/30
- name: hub-to-onprem-remote-0
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-onprem-remote-0
- module.vpn-ha["hub/to-onprem"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.128.6/30
- name: hub-to-onprem-remote-1
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-onprem-remote-1
- module.vpn-ha["hub/to-onprem"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-onprem-remote-0
- md5_authentication_key: []
- name: hub-to-onprem-remote-0
- peer_asn: 64513
- peer_ip_address: 169.254.128.1
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-onprem"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-onprem-remote-1
- md5_authentication_key: []
- name: hub-to-onprem-remote-1
- peer_asn: 64513
- peer_ip_address: 169.254.128.5
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-onprem"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-onprem-remote-0
- peer_external_gateway_interface: 0
- peer_gcp_gateway: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: mySecret
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["hub/to-onprem"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-onprem-remote-1
- peer_external_gateway_interface: 0
- peer_gcp_gateway: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: mySecret
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["hub/to-onprem"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
-
counts:
google_compute_external_vpn_gateway: 1
google_compute_firewall: 2
@@ -2041,21 +44,7 @@ counts:
google_service_networking_connection: 1
google_service_networking_peered_dns_domain: 1
google_storage_bucket_object: 2
- modules: 25
+ modules: 26
random_id: 3
resources: 183
terraform_data: 2
-
-outputs:
- host_project_ids:
- net-core-0: fast-prod-net-core-0
- net-dev-0: fast-dev-net-spoke-0
- net-prod-0: fast-prod-net-spoke-0
- host_project_numbers: __missing__
- subnet_proxy_only_self_links: __missing__
- subnet_psc_self_links:
- dev: {}
- hub: {}
- prod: {}
- subnet_self_links: __missing__
- vpc_self_links: __missing__
diff --git a/tests/fast/stages/s2_networking/nva.yaml b/tests/fast/stages/s2_networking/nva.yaml
index 4b6a50138..a17f6f35f 100644
--- a/tests/fast/stages/s2_networking/nva.yaml
+++ b/tests/fast/stages/s2_networking/nva.yaml
@@ -42,7 +42,7 @@ counts:
google_project_service: 27
google_project_service_identity: 21
google_storage_bucket_object: 2
- modules: 35
+ modules: 36
random_id: 3
resources: 199
terraform_data: 2
diff --git a/tests/fast/stages/s2_networking/simple.yaml b/tests/fast/stages/s2_networking/simple.yaml
index 34275ea11..930c593b7 100644
--- a/tests/fast/stages/s2_networking/simple.yaml
+++ b/tests/fast/stages/s2_networking/simple.yaml
@@ -12,2012 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-values:
- google_compute_ha_vpn_gateway.default["hub/to-onprem"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: hub-to-onprem
- network: hub-0
- project: fast-prod-net-core-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_network_peering.default["dev/to-hub"]:
- export_custom_routes: true
- export_subnet_routes_with_public_ip: true
- import_custom_routes: true
- import_subnet_routes_with_public_ip: null
- name: dev-to-hub
- stack_type: IPV4_ONLY
- timeouts: null
- update_strategy: INDEPENDENT
- google_compute_network_peering.default["hub/to-dev"]:
- export_custom_routes: true
- export_subnet_routes_with_public_ip: true
- import_custom_routes: true
- import_subnet_routes_with_public_ip: null
- name: hub-to-dev
- stack_type: IPV4_ONLY
- timeouts: null
- update_strategy: INDEPENDENT
- google_compute_network_peering.default["hub/to-prod"]:
- export_custom_routes: true
- export_subnet_routes_with_public_ip: true
- import_custom_routes: true
- import_subnet_routes_with_public_ip: null
- name: hub-to-prod
- stack_type: IPV4_ONLY
- timeouts: null
- update_strategy: INDEPENDENT
- google_compute_network_peering.default["prod/to-hub"]:
- export_custom_routes: true
- export_subnet_routes_with_public_ip: true
- import_custom_routes: true
- import_subnet_routes_with_public_ip: null
- name: prod-to-hub
- stack_type: IPV4_ONLY
- timeouts: null
- update_strategy: INDEPENDENT
- google_compute_router.default["hub/vpn-router"]:
- bgp:
- - advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- asn: 64514
- keepalive_interval: 20
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: hub-vpn-router
- project: fast-prod-net-core-0
- region: europe-west1
- timeouts: null
- google_storage_bucket_object.tfvars[0]:
- bucket: test
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: null
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: tfvars/2-networking.auto.tfvars.json
- retention: []
- source: null
- temporary_hold: null
- timeouts: null
- google_storage_bucket_object.version[0]:
- bucket: test
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: null
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: versions/2-networking-version.txt
- retention: []
- source: fast_version.txt
- temporary_hold: null
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy.default[0]:
- description: Terraform managed.
- gke_clusters: []
- networks:
- - {}
- - {}
- - {}
- project: fast-prod-net-core-0
- response_policy_name: net-core-0
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["accounts"]:
- behavior: bypassResponsePolicy
- dns_name: accounts.google.com.
- local_data: []
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: accounts
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["aiplatform-notebook-cloud-all"]:
- behavior: null
- dns_name: '*.aiplatform-notebook.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.aiplatform-notebook.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: aiplatform-notebook-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["aiplatform-notebook-gu-all"]:
- behavior: null
- dns_name: '*.aiplatform-notebook.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.aiplatform-notebook.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: aiplatform-notebook-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["appengine"]:
- behavior: null
- dns_name: appengine.google.com.
- local_data:
- - local_datas:
- - name: appengine.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: appengine
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["appspot-all"]:
- behavior: null
- dns_name: '*.appspot.com.'
- local_data:
- - local_datas:
- - name: '*.appspot.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: appspot-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-cloud"]:
- behavior: null
- dns_name: backupdr.cloud.google.com.
- local_data:
- - local_datas:
- - name: backupdr.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-cloud
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-cloud-all"]:
- behavior: null
- dns_name: '*.backupdr.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.backupdr.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-gu"]:
- behavior: null
- dns_name: backupdr.googleusercontent.google.com.
- local_data:
- - local_datas:
- - name: backupdr.googleusercontent.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-gu-all"]:
- behavior: null
- dns_name: '*.backupdr.googleusercontent.google.com.'
- local_data:
- - local_datas:
- - name: '*.backupdr.googleusercontent.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["cloudfunctions"]:
- behavior: null
- dns_name: '*.cloudfunctions.net.'
- local_data:
- - local_datas:
- - name: '*.cloudfunctions.net.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: cloudfunctions
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["cloudproxy"]:
- behavior: null
- dns_name: '*.cloudproxy.app.'
- local_data:
- - local_datas:
- - name: '*.cloudproxy.app.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: cloudproxy
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["composer-cloud-all"]:
- behavior: null
- dns_name: '*.composer.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.composer.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: composer-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["composer-gu-all"]:
- behavior: null
- dns_name: '*.composer.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.composer.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: composer-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["datafusion-all"]:
- behavior: null
- dns_name: '*.datafusion.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.datafusion.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: datafusion-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["datafusion-gu-all"]:
- behavior: null
- dns_name: '*.datafusion.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.datafusion.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: datafusion-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc"]:
- behavior: null
- dns_name: dataproc.cloud.google.com.
- local_data:
- - local_datas:
- - name: dataproc.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-all"]:
- behavior: null
- dns_name: '*.dataproc.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.dataproc.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-gu"]:
- behavior: null
- dns_name: dataproc.googleusercontent.com.
- local_data:
- - local_datas:
- - name: dataproc.googleusercontent.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-gu-all"]:
- behavior: null
- dns_name: '*.dataproc.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.dataproc.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dl"]:
- behavior: null
- dns_name: dl.google.com.
- local_data:
- - local_datas:
- - name: dl.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dl
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gcr"]:
- behavior: null
- dns_name: gcr.io.
- local_data:
- - local_datas:
- - name: gcr.io.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gcr
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gcr-all"]:
- behavior: null
- dns_name: '*.gcr.io.'
- local_data:
- - local_datas:
- - name: '*.gcr.io.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gcr-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gke-all"]:
- behavior: null
- dns_name: '*.gke.goog.'
- local_data:
- - local_datas:
- - name: '*.gke.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gke-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-all"]:
- behavior: null
- dns_name: '*.googleapis.com.'
- local_data:
- - local_datas:
- - name: '*.googleapis.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-private"]:
- behavior: null
- dns_name: private.googleapis.com.
- local_data:
- - local_datas:
- - name: private.googleapis.com.
- rrdatas:
- - 199.36.153.8
- - 199.36.153.9
- - 199.36.153.10
- - 199.36.153.11
- ttl: null
- type: A
- - name: private.googleapis.com.
- rrdatas:
- - '2600:2d00:2:2000::'
- ttl: null
- type: AAAA
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-private
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-restricted"]:
- behavior: null
- dns_name: restricted.googleapis.com.
- local_data:
- - local_datas:
- - name: restricted.googleapis.com.
- rrdatas:
- - 199.36.153.4
- - 199.36.153.5
- - 199.36.153.6
- - 199.36.153.7
- ttl: null
- type: A
- - name: restricted.googleapis.com.
- rrdatas:
- - '2600:2d00:2:1000::'
- ttl: null
- type: AAAA
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-restricted
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gstatic-all"]:
- behavior: null
- dns_name: '*.gstatic.com.'
- local_data:
- - local_datas:
- - name: '*.gstatic.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gstatic-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["kernels-gu"]:
- behavior: null
- dns_name: kernels.googleusercontent.com.
- local_data:
- - local_datas:
- - name: kernels.googleusercontent.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: kernels-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["kernels-gu-all"]:
- behavior: null
- dns_name: '*.kernels.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.kernels.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: kernels-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["ltsapis-all"]:
- behavior: null
- dns_name: '*.ltsapis.goog.'
- local_data:
- - local_datas:
- - name: '*.ltsapis.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: ltsapis-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks"]:
- behavior: null
- dns_name: notebooks.cloud.google.com.
- local_data:
- - local_datas:
- - name: notebooks.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks-all"]:
- behavior: null
- dns_name: '*.notebooks.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.notebooks.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks-gu-all"]:
- behavior: null
- dns_name: '*.notebooks.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.notebooks.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["packages-cloud"]:
- behavior: null
- dns_name: packages.cloud.google.com.
- local_data:
- - local_datas:
- - name: packages.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: packages-cloud
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["packages-cloud-all"]:
- behavior: null
- dns_name: '*.packages.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.packages.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: packages-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkgdev"]:
- behavior: null
- dns_name: pkg.dev.
- local_data:
- - local_datas:
- - name: pkg.dev.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkgdev
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkgdev-all"]:
- behavior: null
- dns_name: '*.pkg.dev.'
- local_data:
- - local_datas:
- - name: '*.pkg.dev.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkgdev-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkigoog"]:
- behavior: null
- dns_name: pki.goog.
- local_data:
- - local_datas:
- - name: pki.goog.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkigoog
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkigoog-all"]:
- behavior: null
- dns_name: '*.pki.goog.'
- local_data:
- - local_datas:
- - name: '*.pki.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkigoog-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["run-all"]:
- behavior: null
- dns_name: '*.run.app.'
- local_data:
- - local_datas:
- - name: '*.run.app.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: run-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["source"]:
- behavior: null
- dns_name: source.developers.google.com.
- local_data:
- - local_datas:
- - name: source.developers.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: source
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["storage"]:
- behavior: null
- dns_name: storage.cloud.google.com.
- local_data:
- - local_datas:
- - name: storage.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: storage
- timeouts: null
- module.dns-zones["net-core-0/fwd-root"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: onprem.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config:
- - target_name_servers:
- - domain_name: ''
- forwarding_path: default
- ipv4_address: 1.1.1.1
- - domain_name: ''
- forwarding_path: default
- ipv4_address: 8.8.8.8
- labels: null
- name: net-core-0-fwd-root
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/peer-root"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: .
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-core-0-peer-root
- peering_config:
- - target_network:
- - {}
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/pvt-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-core-0-pvt-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/pvt-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-core-0-pvt-test
- name: localhost.test.
- project: fast-prod-net-core-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.dns-zones["net-dev-0/pvt-dev-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: dev.test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-dev-0-pvt-dev-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-dev-net-spoke-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-dev-0/pvt-dev-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-dev-0-pvt-dev-test
- name: localhost.dev.test.
- project: fast-dev-net-spoke-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.dns-zones["net-prod-0/pvt-prod-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: prod.test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-prod-0-pvt-prod-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-prod-net-spoke-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-prod-0/pvt-prod-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-prod-0-pvt-prod-test
- name: localhost.prod.test.
- project: fast-prod-net-spoke-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.firewall["dev"].google_compute_firewall.custom-rules["ingress-default-dev-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-dev-deny
- network: dev-0
- priority: 65535
- project: fast-dev-net-spoke-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall["hub"].google_compute_firewall.custom-rules["ingress-default-landing-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-landing-deny
- network: hub-0
- priority: 65535
- project: fast-prod-net-core-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall["prod"].google_compute_firewall.custom-rules["ingress-default-prod-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-prod-deny
- network: prod-0
- priority: 65535
- project: fast-prod-net-spoke-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy.hierarchical[0]:
- description: null
- parent: folders/12345678
- short_name: network-policy
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_association.hierarchical["networking"]:
- attachment_target: folders/12345678
- name: network-policy-networking
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["egress/deny-example-ip"]:
- action: deny
- description: Allow internal traffic within the VPC
- direction: EGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges:
- - 1.2.3.4/32
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: all
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges: null
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 2000
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-healthchecks"]:
- action: allow
- description: Enable SSH, HTTP and HTTPS healthchecks
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: tcp
- ports:
- - '22'
- - '80'
- - '443'
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 35.191.0.0/16
- - 130.211.0.0/22
- - 209.85.152.0/22
- - 209.85.204.0/22
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1001
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-icmp"]:
- action: allow
- description: Enable ICMP
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: icmp
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 0.0.0.0/0
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1003
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-nat-ranges"]:
- action: allow
- description: Enable NAT ranges for VPC serverless connector
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: all
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 107.178.230.64/26
- - 35.199.224.0/19
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1004
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-ssh-from-iap"]:
- action: allow
- description: Enable SSH from IAP
- direction: INGRESS
- disabled: false
- enable_logging: true
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: tcp
- ports:
- - '22'
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 35.235.240.0/20
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1002
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.nat["dev/nat-ew8"].google_compute_router.router[0]:
- bgp: []
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: dev-nat-ew8-nat
- project: fast-dev-net-spoke-0
- region: europe-west1
- timeouts: null
- module.nat["dev/nat-ew8"].google_compute_router_nat.nat:
- enable_dynamic_port_allocation: false
- enable_endpoint_independent_mapping: true
- icmp_idle_timeout_sec: 30
- initial_nat_ips: null
- log_config:
- - enable: false
- filter: ALL
- max_ports_per_vm: 65536
- name: dev-nat-ew8
- nat64_subnetwork: []
- nat_ip_allocate_option: AUTO_ONLY
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-nat-ew8-nat
- rules: []
- source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
- source_subnetwork_ip_ranges_to_nat64: null
- subnetwork: []
- tcp_established_idle_timeout_sec: 1200
- tcp_time_wait_timeout_sec: 120
- tcp_transitory_idle_timeout_sec: 30
- timeouts: null
- type: PUBLIC
- udp_idle_timeout_sec: 30
- module.nat["hub/nat-ew8"].google_compute_router.router[0]:
- bgp: []
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: hub-nat-ew8-nat
- project: fast-prod-net-core-0
- region: europe-west1
- timeouts: null
- module.nat["hub/nat-ew8"].google_compute_router_nat.nat:
- enable_dynamic_port_allocation: false
- enable_endpoint_independent_mapping: true
- icmp_idle_timeout_sec: 30
- initial_nat_ips: null
- log_config:
- - enable: false
- filter: ALL
- max_ports_per_vm: 65536
- name: hub-nat-ew8
- nat64_subnetwork: []
- nat_ip_allocate_option: AUTO_ONLY
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-nat-ew8-nat
- rules: []
- source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
- source_subnetwork_ip_ranges_to_nat64: null
- subnetwork: []
- tcp_established_idle_timeout_sec: 1200
- tcp_time_wait_timeout_sec: 120
- tcp_transitory_idle_timeout_sec: 30
- timeouts: null
- type: PUBLIC
- udp_idle_timeout_sec: 30
- module.nat["prod/nat-ew8"].google_compute_router.router[0]:
- bgp: []
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: prod-nat-ew8-nat
- project: fast-prod-net-spoke-0
- region: europe-west1
- timeouts: null
- module.nat["prod/nat-ew8"].google_compute_router_nat.nat:
- enable_dynamic_port_allocation: false
- enable_endpoint_independent_mapping: true
- icmp_idle_timeout_sec: 30
- initial_nat_ips: null
- log_config:
- - enable: false
- filter: ALL
- max_ports_per_vm: 65536
- name: prod-nat-ew8
- nat64_subnetwork: []
- nat_ip_allocate_option: AUTO_ONLY
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-nat-ew8-nat
- rules: []
- source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
- source_subnetwork_ip_ranges_to_nat64: null
- subnetwork: []
- tcp_established_idle_timeout_sec: 1200
- tcp_time_wait_timeout_sec: 120
- tcp_transitory_idle_timeout_sec: 30
- timeouts: null
- type: PUBLIC
- udp_idle_timeout_sec: 30
- module.projects.module.projects-iam["net-core-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-prod-net-core-0
- timeouts: null
- module.projects.module.projects-iam["net-dev-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-dev-net-spoke-0
- timeouts: null
- module.projects.module.projects-iam["net-prod-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-prod-net-spoke-0
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '12345678'
- labels: null
- name: fast-prod-net-core-0
- org_id: null
- project_id: fast-prod-net-core-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-prod-net-core-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-prod-net-core-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-prod-net-core-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-prod-net-core-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-prod-net-core-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-prod-net-core-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-prod-net-core-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '34567890'
- labels: null
- name: fast-dev-net-spoke-0
- org_id: null
- project_id: fast-dev-net-spoke-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '23456789'
- labels: null
- name: fast-prod-net-spoke-0
- org_id: null
- project_id: fast-prod-net-spoke-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.terraform_data.defaults_preconditions:
- input: null
- output: null
- triggers_replace: null
- module.projects.terraform_data.project-preconditions:
- input: null
- output: null
- triggers_replace: null
- module.vpc_routes["hub"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: hub-0-default
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpc_routes["dev"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: dev-0-default
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpc_routes["prod"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: prod-0-default
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: dev-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-dev-net-spoke-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: dev-0-directpath-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: dev-0-private-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: dev-0-restricted-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_subnetwork.subnetwork["europe-west1/dev-default"]:
- description: Default primary-region subnet for dev
- ip_cidr_range: 10.73.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: dev-default
- network: dev-0
- private_ip_google_access: true
- project: fast-dev-net-spoke-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["hub"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: hub-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-prod-net-core-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: hub-0-directpath-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: hub-0-private-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: hub-0-restricted-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_subnetwork.subnetwork["europe-west1/hub-default"]:
- description: Default primary-region subnet for hub
- ip_cidr_range: 10.71.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: hub-default
- network: hub-0
- private_ip_google_access: true
- project: fast-prod-net-core-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["prod"].google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-psa"]:
- address: 10.72.224.0
- address_type: INTERNAL
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ip_version: null
- labels: null
- name: servicenetworking-googleapis-com-psa
- prefix_length: 24
- project: fast-prod-net-spoke-0
- purpose: VPC_PEERING
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.vpcs["prod"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: prod-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-prod-net-spoke-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["prod"].google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
- export_custom_routes: true
- import_custom_routes: true
- network: prod-0
- project: fast-prod-net-spoke-0
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: prod-0-directpath-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: prod-0-private-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: prod-0-restricted-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_subnetwork.proxy_only["europe-west1/primary-region-proxy-only"]:
- description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal
- HTTPS or Cross-Regional HTTPS Internal LB.
- ip_cidr_range: 10.72.240.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: primary-region-proxy-only
- network: prod-0
- project: fast-prod-net-spoke-0
- purpose: REGIONAL_MANAGED_PROXY
- region: europe-west1
- reserved_internal_range: null
- role: ACTIVE
- send_secondary_ip_range_if_empty: null
- timeouts: null
- module.vpcs["prod"].google_compute_subnetwork.subnetwork["europe-west1/prod-default"]:
- description: Default primary-region subnet for prod
- ip_cidr_range: 10.72.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: prod-default
- network: prod-0
- private_ip_google_access: true
- project: fast-prod-net-spoke-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["prod"].google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
- deletion_policy: null
- reserved_peering_ranges:
- - servicenetworking-googleapis-com-psa
- service: servicenetworking.googleapis.com
- timeouts: null
- update_on_creation_fail: null
- module.vpcs["prod"].google_service_networking_peered_dns_domain.name["servicenetworking-googleapis-com-test"]:
- dns_suffix: test.
- name: servicenetworking-googleapis-com-test
- network: prod-0
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.vpn-ha["hub/to-onprem"].google_compute_external_vpn_gateway.external_gateway["default"]:
- description: Terraform managed external VPN gateway
- effective_labels:
- goog-terraform-provisioned: 'true'
- interface:
- - id: 0
- ip_address: 8.8.8.8
- ipv6_address: null
- labels: null
- name: hub-to-onprem-default
- project: fast-prod-net-core-0
- redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.vpn-ha["hub/to-onprem"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.128.2/30
- name: hub-to-onprem-remote-0
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-onprem-remote-0
- module.vpn-ha["hub/to-onprem"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.128.6/30
- name: hub-to-onprem-remote-1
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-onprem-remote-1
- module.vpn-ha["hub/to-onprem"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-onprem-remote-0
- md5_authentication_key: []
- name: hub-to-onprem-remote-0
- peer_asn: 64513
- peer_ip_address: 169.254.128.1
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-onprem"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-onprem-remote-1
- md5_authentication_key: []
- name: hub-to-onprem-remote-1
- peer_asn: 64513
- peer_ip_address: 169.254.128.5
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-onprem"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-onprem-remote-0
- peer_external_gateway_interface: 0
- peer_gcp_gateway: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: mySecret
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["hub/to-onprem"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-onprem-remote-1
- peer_external_gateway_interface: 0
- peer_gcp_gateway: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: mySecret
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["hub/to-onprem"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
-
counts:
google_compute_external_vpn_gateway: 1
google_compute_firewall: 3
@@ -2048,7 +42,7 @@ counts:
google_service_networking_connection: 1
google_service_networking_peered_dns_domain: 1
google_storage_bucket_object: 2
- modules: 27
+ modules: 28
random_id: 3
resources: 185
terraform_data: 2
diff --git a/tests/fast/stages/s2_networking/vpns.yaml b/tests/fast/stages/s2_networking/vpns.yaml
index 34cf473b3..08dc9463c 100644
--- a/tests/fast/stages/s2_networking/vpns.yaml
+++ b/tests/fast/stages/s2_networking/vpns.yaml
@@ -12,2435 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-values:
- google_compute_ha_vpn_gateway.default["dev/to-hub"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: dev-to-hub
- network: dev-0
- project: fast-dev-net-spoke-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_ha_vpn_gateway.default["hub/to-dev"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: hub-to-dev
- network: hub-0
- project: fast-prod-net-core-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_ha_vpn_gateway.default["hub/to-onprem"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: hub-to-onprem
- network: hub-0
- project: fast-prod-net-core-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_ha_vpn_gateway.default["hub/to-prod"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: hub-to-prod
- network: hub-0
- project: fast-prod-net-core-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_ha_vpn_gateway.default["prod/to-hub"]:
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- gateway_ip_version: IPV4
- labels: null
- name: prod-to-hub
- network: prod-0
- project: fast-prod-net-spoke-0
- region: europe-west1
- stack_type: IPV4_ONLY
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- google_compute_router.default["dev/vpn-router"]:
- bgp:
- - advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- asn: 64516
- keepalive_interval: 20
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: dev-vpn-router
- project: fast-dev-net-spoke-0
- region: europe-west1
- timeouts: null
- google_compute_router.default["hub/vpn-router"]:
- bgp:
- - advertise_mode: CUSTOM
- advertised_groups: []
- advertised_ip_ranges:
- - description: rfc1918-10
- range: 10.0.0.0/8
- - description: rfc1918-172
- range: 172.16.0.0/12
- - description: rfc1918-192
- range: 192.168.0.0/16
- asn: 64514
- keepalive_interval: 20
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: hub-vpn-router
- project: fast-prod-net-core-0
- region: europe-west1
- timeouts: null
- google_compute_router.default["prod/vpn-router"]:
- bgp:
- - advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- asn: 64515
- keepalive_interval: 20
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: prod-vpn-router
- project: fast-prod-net-spoke-0
- region: europe-west1
- timeouts: null
- google_storage_bucket_object.tfvars[0]:
- bucket: test
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: null
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: tfvars/2-networking.auto.tfvars.json
- retention: []
- source: null
- temporary_hold: null
- timeouts: null
- google_storage_bucket_object.version[0]:
- bucket: test
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: null
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: versions/2-networking-version.txt
- retention: []
- source: fast_version.txt
- temporary_hold: null
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy.default[0]:
- description: Terraform managed.
- gke_clusters: []
- networks:
- - {}
- - {}
- - {}
- project: fast-prod-net-core-0
- response_policy_name: net-core-0
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["accounts"]:
- behavior: bypassResponsePolicy
- dns_name: accounts.google.com.
- local_data: []
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: accounts
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["aiplatform-notebook-cloud-all"]:
- behavior: null
- dns_name: '*.aiplatform-notebook.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.aiplatform-notebook.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: aiplatform-notebook-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["aiplatform-notebook-gu-all"]:
- behavior: null
- dns_name: '*.aiplatform-notebook.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.aiplatform-notebook.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: aiplatform-notebook-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["appengine"]:
- behavior: null
- dns_name: appengine.google.com.
- local_data:
- - local_datas:
- - name: appengine.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: appengine
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["appspot-all"]:
- behavior: null
- dns_name: '*.appspot.com.'
- local_data:
- - local_datas:
- - name: '*.appspot.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: appspot-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-cloud"]:
- behavior: null
- dns_name: backupdr.cloud.google.com.
- local_data:
- - local_datas:
- - name: backupdr.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-cloud
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-cloud-all"]:
- behavior: null
- dns_name: '*.backupdr.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.backupdr.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-gu"]:
- behavior: null
- dns_name: backupdr.googleusercontent.google.com.
- local_data:
- - local_datas:
- - name: backupdr.googleusercontent.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["backupdr-gu-all"]:
- behavior: null
- dns_name: '*.backupdr.googleusercontent.google.com.'
- local_data:
- - local_datas:
- - name: '*.backupdr.googleusercontent.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: backupdr-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["cloudfunctions"]:
- behavior: null
- dns_name: '*.cloudfunctions.net.'
- local_data:
- - local_datas:
- - name: '*.cloudfunctions.net.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: cloudfunctions
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["cloudproxy"]:
- behavior: null
- dns_name: '*.cloudproxy.app.'
- local_data:
- - local_datas:
- - name: '*.cloudproxy.app.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: cloudproxy
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["composer-cloud-all"]:
- behavior: null
- dns_name: '*.composer.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.composer.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: composer-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["composer-gu-all"]:
- behavior: null
- dns_name: '*.composer.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.composer.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: composer-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["datafusion-all"]:
- behavior: null
- dns_name: '*.datafusion.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.datafusion.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: datafusion-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["datafusion-gu-all"]:
- behavior: null
- dns_name: '*.datafusion.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.datafusion.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: datafusion-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc"]:
- behavior: null
- dns_name: dataproc.cloud.google.com.
- local_data:
- - local_datas:
- - name: dataproc.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-all"]:
- behavior: null
- dns_name: '*.dataproc.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.dataproc.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-gu"]:
- behavior: null
- dns_name: dataproc.googleusercontent.com.
- local_data:
- - local_datas:
- - name: dataproc.googleusercontent.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dataproc-gu-all"]:
- behavior: null
- dns_name: '*.dataproc.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.dataproc.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dataproc-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["dl"]:
- behavior: null
- dns_name: dl.google.com.
- local_data:
- - local_datas:
- - name: dl.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: dl
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gcr"]:
- behavior: null
- dns_name: gcr.io.
- local_data:
- - local_datas:
- - name: gcr.io.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gcr
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gcr-all"]:
- behavior: null
- dns_name: '*.gcr.io.'
- local_data:
- - local_datas:
- - name: '*.gcr.io.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gcr-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gke-all"]:
- behavior: null
- dns_name: '*.gke.goog.'
- local_data:
- - local_datas:
- - name: '*.gke.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gke-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-all"]:
- behavior: null
- dns_name: '*.googleapis.com.'
- local_data:
- - local_datas:
- - name: '*.googleapis.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-private"]:
- behavior: null
- dns_name: private.googleapis.com.
- local_data:
- - local_datas:
- - name: private.googleapis.com.
- rrdatas:
- - 199.36.153.8
- - 199.36.153.9
- - 199.36.153.10
- - 199.36.153.11
- ttl: null
- type: A
- - name: private.googleapis.com.
- rrdatas:
- - '2600:2d00:2:2000::'
- ttl: null
- type: AAAA
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-private
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["googleapis-restricted"]:
- behavior: null
- dns_name: restricted.googleapis.com.
- local_data:
- - local_datas:
- - name: restricted.googleapis.com.
- rrdatas:
- - 199.36.153.4
- - 199.36.153.5
- - 199.36.153.6
- - 199.36.153.7
- ttl: null
- type: A
- - name: restricted.googleapis.com.
- rrdatas:
- - '2600:2d00:2:1000::'
- ttl: null
- type: AAAA
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: googleapis-restricted
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["gstatic-all"]:
- behavior: null
- dns_name: '*.gstatic.com.'
- local_data:
- - local_datas:
- - name: '*.gstatic.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: gstatic-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["kernels-gu"]:
- behavior: null
- dns_name: kernels.googleusercontent.com.
- local_data:
- - local_datas:
- - name: kernels.googleusercontent.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: kernels-gu
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["kernels-gu-all"]:
- behavior: null
- dns_name: '*.kernels.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.kernels.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: kernels-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["ltsapis-all"]:
- behavior: null
- dns_name: '*.ltsapis.goog.'
- local_data:
- - local_datas:
- - name: '*.ltsapis.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: ltsapis-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks"]:
- behavior: null
- dns_name: notebooks.cloud.google.com.
- local_data:
- - local_datas:
- - name: notebooks.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks-all"]:
- behavior: null
- dns_name: '*.notebooks.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.notebooks.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["notebooks-gu-all"]:
- behavior: null
- dns_name: '*.notebooks.googleusercontent.com.'
- local_data:
- - local_datas:
- - name: '*.notebooks.googleusercontent.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: notebooks-gu-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["packages-cloud"]:
- behavior: null
- dns_name: packages.cloud.google.com.
- local_data:
- - local_datas:
- - name: packages.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: packages-cloud
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["packages-cloud-all"]:
- behavior: null
- dns_name: '*.packages.cloud.google.com.'
- local_data:
- - local_datas:
- - name: '*.packages.cloud.google.com.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: packages-cloud-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkgdev"]:
- behavior: null
- dns_name: pkg.dev.
- local_data:
- - local_datas:
- - name: pkg.dev.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkgdev
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkgdev-all"]:
- behavior: null
- dns_name: '*.pkg.dev.'
- local_data:
- - local_datas:
- - name: '*.pkg.dev.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkgdev-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkigoog"]:
- behavior: null
- dns_name: pki.goog.
- local_data:
- - local_datas:
- - name: pki.goog.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkigoog
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["pkigoog-all"]:
- behavior: null
- dns_name: '*.pki.goog.'
- local_data:
- - local_datas:
- - name: '*.pki.goog.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: pkigoog-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["run-all"]:
- behavior: null
- dns_name: '*.run.app.'
- local_data:
- - local_datas:
- - name: '*.run.app.'
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: run-all
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["source"]:
- behavior: null
- dns_name: source.developers.google.com.
- local_data:
- - local_datas:
- - name: source.developers.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: source
- timeouts: null
- module.dns-response-policies["net-core-0"].google_dns_response_policy_rule.default["storage"]:
- behavior: null
- dns_name: storage.cloud.google.com.
- local_data:
- - local_datas:
- - name: storage.cloud.google.com.
- rrdatas:
- - private.googleapis.com.
- ttl: null
- type: CNAME
- project: fast-prod-net-core-0
- response_policy: net-core-0
- rule_name: storage
- timeouts: null
- module.dns-zones["net-core-0/fwd-root"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: onprem.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config:
- - target_name_servers:
- - domain_name: ''
- forwarding_path: default
- ipv4_address: 1.1.1.1
- - domain_name: ''
- forwarding_path: default
- ipv4_address: 8.8.8.8
- labels: null
- name: net-core-0-fwd-root
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/peer-root"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: .
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-core-0-peer-root
- peering_config:
- - target_network:
- - {}
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/pvt-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-core-0-pvt-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- project: fast-prod-net-core-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-core-0/pvt-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-core-0-pvt-test
- name: localhost.test.
- project: fast-prod-net-core-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.dns-zones["net-dev-0/pvt-dev-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: dev.test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-dev-0-pvt-dev-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-dev-net-spoke-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-dev-0/pvt-dev-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-dev-0-pvt-dev-test
- name: localhost.dev.test.
- project: fast-dev-net-spoke-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.dns-zones["net-prod-0/pvt-prod-test"].google_dns_managed_zone.dns_managed_zone[0]:
- cloud_logging_config:
- - enable_logging: false
- description: Terraform-managed.
- dns_name: prod.test.
- effective_labels:
- goog-terraform-provisioned: 'true'
- force_destroy: false
- forwarding_config: []
- labels: null
- name: net-prod-0-pvt-prod-test
- peering_config: []
- private_visibility_config:
- - gke_clusters: []
- networks:
- - {}
- - {}
- project: fast-prod-net-spoke-0
- reverse_lookup: false
- service_directory_config: []
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- visibility: private
- module.dns-zones["net-prod-0/pvt-prod-test"].google_dns_record_set.dns_record_set["A localhost"]:
- managed_zone: net-prod-0-pvt-prod-test
- name: localhost.prod.test.
- project: fast-prod-net-spoke-0
- routing_policy: []
- rrdatas:
- - 127.0.0.1
- ttl: 300
- type: A
- module.firewall["dev"].google_compute_firewall.custom-rules["ingress-default-dev-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-dev-deny
- network: dev-0
- priority: 65535
- project: fast-dev-net-spoke-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall["hub"].google_compute_firewall.custom-rules["ingress-default-landing-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-landing-deny
- network: hub-0
- priority: 65535
- project: fast-prod-net-core-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall["prod"].google_compute_firewall.custom-rules["ingress-default-prod-deny"]:
- allow: []
- deny:
- - ports: []
- protocol: all
- description: Deny and log any unmatched ingress traffic.
- direction: INGRESS
- disabled: false
- log_config:
- - metadata: EXCLUDE_ALL_METADATA
- name: ingress-default-prod-deny
- network: prod-0
- priority: 65535
- project: fast-prod-net-spoke-0
- source_ranges:
- - 0.0.0.0/0
- source_service_accounts: null
- source_tags: null
- target_service_accounts: null
- target_tags: null
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy.hierarchical[0]:
- description: null
- parent: folders/12345678
- short_name: network-policy
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_association.hierarchical["networking"]:
- attachment_target: folders/12345678
- name: network-policy-networking
- timeouts: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["egress/deny-example-ip"]:
- action: deny
- description: Allow internal traffic within the VPC
- direction: EGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges:
- - 1.2.3.4/32
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: all
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges: null
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 2000
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-healthchecks"]:
- action: allow
- description: Enable SSH, HTTP and HTTPS healthchecks
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: tcp
- ports:
- - '22'
- - '80'
- - '443'
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 35.191.0.0/16
- - 130.211.0.0/22
- - 209.85.152.0/22
- - 209.85.204.0/22
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1001
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-icmp"]:
- action: allow
- description: Enable ICMP
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: icmp
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 0.0.0.0/0
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1003
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-nat-ranges"]:
- action: allow
- description: Enable NAT ranges for VPC serverless connector
- direction: INGRESS
- disabled: false
- enable_logging: null
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: all
- ports: null
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 107.178.230.64/26
- - 35.199.224.0/19
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1004
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-ssh-from-iap"]:
- action: allow
- description: Enable SSH from IAP
- direction: INGRESS
- disabled: false
- enable_logging: true
- match:
- - dest_address_groups: null
- dest_fqdns: null
- dest_ip_ranges: null
- dest_region_codes: null
- dest_threat_intelligences: null
- layer4_configs:
- - ip_protocol: tcp
- ports:
- - '22'
- src_address_groups: null
- src_fqdns: null
- src_ip_ranges:
- - 35.235.240.0/20
- src_region_codes: null
- src_secure_tags: []
- src_threat_intelligences: null
- priority: 1002
- security_profile_group: null
- target_resources: null
- target_secure_tags: []
- target_service_accounts: null
- timeouts: null
- tls_inspect: null
- module.nat["hub/nat-ew8"].google_compute_router.router[0]:
- bgp: []
- description: null
- encrypted_interconnect_router: null
- md5_authentication_keys: []
- name: hub-nat-ew8-nat
- project: fast-prod-net-core-0
- region: europe-west1
- timeouts: null
- module.nat["hub/nat-ew8"].google_compute_router_nat.nat:
- enable_dynamic_port_allocation: false
- enable_endpoint_independent_mapping: true
- icmp_idle_timeout_sec: 30
- initial_nat_ips: null
- log_config:
- - enable: false
- filter: ALL
- max_ports_per_vm: 65536
- name: hub-nat-ew8
- nat64_subnetwork: []
- nat_ip_allocate_option: AUTO_ONLY
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-nat-ew8-nat
- rules: []
- source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
- source_subnetwork_ip_ranges_to_nat64: null
- subnetwork: []
- tcp_established_idle_timeout_sec: 1200
- tcp_time_wait_timeout_sec: 120
- tcp_transitory_idle_timeout_sec: 30
- timeouts: null
- type: PUBLIC
- udp_idle_timeout_sec: 30
- module.projects.module.projects-iam["net-core-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-prod-net-core-0
- timeouts: null
- module.projects.module.projects-iam["net-dev-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-dev-net-spoke-0
- timeouts: null
- module.projects.module.projects-iam["net-prod-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
- project: fast-prod-net-spoke-0
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '12345678'
- labels: null
- name: fast-prod-net-core-0
- org_id: null
- project_id: fast-prod-net-core-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-prod-net-core-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-core-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-core-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-prod-net-core-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-prod-net-core-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-prod-net-core-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-prod-net-core-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-prod-net-core-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-prod-net-core-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-core-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-prod-net-core-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '34567890'
- labels: null
- name: fast-dev-net-spoke-0
- org_id: null
- project_id: fast-dev-net-spoke-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-dev-net-spoke-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-dev-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-dev-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-dev-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project.project[0]:
- auto_create_network: false
- billing_account: 000000-111111-222222
- deletion_policy: DELETE
- effective_labels:
- goog-terraform-provisioned: 'true'
- folder_id: '23456789'
- labels: null
- name: fast-prod-net-spoke-0
- org_id: null
- project_id: fast-prod-net-spoke-0
- tags: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["compute-system"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/compute.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["container-engine-robot"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/container.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["dns"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/dns.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["gkenode"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/container.defaultNodeServiceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["networkmanagement"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/networkmanagement.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["service-networking"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/servicenetworking.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_iam_member.service_agents["vpcaccess"]:
- condition: []
- project: fast-prod-net-spoke-0
- role: roles/vpcaccess.serviceAgent
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["compute.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: compute.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["container.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["dns.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["iap.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["networkmanagement.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["stackdriver.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: stackdriver.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service.project_services["vpcaccess.googleapis.com"]:
- disable_dependent_services: false
- disable_on_destroy: false
- project: fast-prod-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["container.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: container.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["dns.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: dns.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["iap.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: iap.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["networkmanagement.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: networkmanagement.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["networksecurity.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: networksecurity.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["servicenetworking.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: servicenetworking.googleapis.com
- timeouts: null
- module.projects.module.projects["net-prod-0"].google_project_service_identity.default["vpcaccess.googleapis.com"]:
- project: fast-prod-net-spoke-0
- service: vpcaccess.googleapis.com
- timeouts: null
- module.projects.terraform_data.defaults_preconditions:
- input: null
- output: null
- triggers_replace: null
- module.projects.terraform_data.project-preconditions:
- input: null
- output: null
- triggers_replace: null
- module.vpc_routes["hub"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: hub-0-default
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpc_routes["dev"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: dev-0-default
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpc_routes["prod"].google_compute_route.gateway["default"]:
- description: Terraform-managed.
- dest_range: 0.0.0.0/0
- name: prod-0-default
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: dev-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-dev-net-spoke-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: dev-0-directpath-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: dev-0-private-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: dev-0-restricted-googleapis
- network: dev-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-dev-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["dev"].google_compute_subnetwork.subnetwork["europe-west1/dev-default"]:
- description: Default primary-region subnet for dev
- ip_cidr_range: 10.73.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: dev-default
- network: dev-0
- private_ip_google_access: true
- project: fast-dev-net-spoke-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["hub"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: hub-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-prod-net-core-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: hub-0-directpath-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: hub-0-private-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: hub-0-restricted-googleapis
- network: hub-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-core-0
- tags: null
- timeouts: null
- module.vpcs["hub"].google_compute_subnetwork.subnetwork["europe-west1/hub-default"]:
- description: Default primary-region subnet for hub
- ip_cidr_range: 10.71.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: hub-default
- network: hub-0
- private_ip_google_access: true
- project: fast-prod-net-core-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpcs["prod"].google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: true
- description: Terraform managed
- enable_ula_internal_ipv6: null
- mtu: 1500
- name: prod-0
- network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
- network_profile: null
- project: fast-prod-net-spoke-0
- routing_mode: GLOBAL
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["directpath-googleapis"]:
- description: Terraform-managed.
- dest_range: 34.126.0.0/18
- name: prod-0-directpath-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["private-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.8/30
- name: prod-0-private-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_route.gateway["restricted-googleapis"]:
- description: Terraform-managed.
- dest_range: 199.36.153.4/30
- name: prod-0-restricted-googleapis
- network: prod-0
- next_hop_gateway: default-internet-gateway
- next_hop_ilb: null
- next_hop_instance: null
- next_hop_vpn_tunnel: null
- priority: 1000
- project: fast-prod-net-spoke-0
- tags: null
- timeouts: null
- module.vpcs["prod"].google_compute_subnetwork.subnetwork["europe-west1/prod-default"]:
- description: Default primary-region subnet for prod
- ip_cidr_range: 10.72.0.0/24
- ip_collection: null
- ipv6_access_type: null
- log_config: []
- name: prod-default
- network: prod-0
- private_ip_google_access: true
- project: fast-prod-net-spoke-0
- region: europe-west1
- reserved_internal_range: null
- role: null
- send_secondary_ip_range_if_empty: true
- timeouts: null
- module.vpn-ha["dev/to-hub"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.3.1/30
- name: dev-to-hub-remote-0
- private_ip_address: null
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: dev-to-hub-remote-0
- module.vpn-ha["dev/to-hub"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.3.5/30
- name: dev-to-hub-remote-1
- private_ip_address: null
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: dev-to-hub-remote-1
- module.vpn-ha["dev/to-hub"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: dev-to-hub-remote-0
- md5_authentication_key: []
- name: dev-to-hub-remote-0
- peer_asn: 64514
- peer_ip_address: 169.254.3.2
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["dev/to-hub"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: dev-to-hub-remote-1
- md5_authentication_key: []
- name: dev-to-hub-remote-1
- peer_asn: 64514
- peer_ip_address: 169.254.3.6
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["dev/to-hub"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: dev-to-hub-remote-0
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["dev/to-hub"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: dev-to-hub-remote-1
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-dev-net-spoke-0
- region: europe-west1
- router: dev-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["dev/to-hub"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["dev/to-hub"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["dev/to-hub"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-dev"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.3.2/30
- name: hub-to-dev-remote-0
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-dev-remote-0
- module.vpn-ha["hub/to-dev"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.3.6/30
- name: hub-to-dev-remote-1
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-dev-remote-1
- module.vpn-ha["hub/to-dev"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-dev-remote-0
- md5_authentication_key: []
- name: hub-to-dev-remote-0
- peer_asn: 64516
- peer_ip_address: 169.254.3.1
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-dev"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-dev-remote-1
- md5_authentication_key: []
- name: hub-to-dev-remote-1
- peer_asn: 64516
- peer_ip_address: 169.254.3.5
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-dev"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-dev-remote-0
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["hub/to-dev"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-dev-remote-1
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["hub/to-dev"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-dev"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-dev"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].google_compute_external_vpn_gateway.external_gateway["default"]:
- description: Terraform managed external VPN gateway
- effective_labels:
- goog-terraform-provisioned: 'true'
- interface:
- - id: 0
- ip_address: 8.8.8.8
- ipv6_address: null
- labels: null
- name: hub-to-onprem-default
- project: fast-prod-net-core-0
- redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- module.vpn-ha["hub/to-onprem"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.128.2/30
- name: hub-to-onprem-remote-0
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-onprem-remote-0
- module.vpn-ha["hub/to-onprem"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.128.6/30
- name: hub-to-onprem-remote-1
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-onprem-remote-1
- module.vpn-ha["hub/to-onprem"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-onprem-remote-0
- md5_authentication_key: []
- name: hub-to-onprem-remote-0
- peer_asn: 64513
- peer_ip_address: 169.254.128.1
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-onprem"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-onprem-remote-1
- md5_authentication_key: []
- name: hub-to-onprem-remote-1
- peer_asn: 64513
- peer_ip_address: 169.254.128.5
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-onprem"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-onprem-remote-0
- peer_external_gateway_interface: 0
- peer_gcp_gateway: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: mySecret
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["hub/to-onprem"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-onprem-remote-1
- peer_external_gateway_interface: 0
- peer_gcp_gateway: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: mySecret
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["hub/to-onprem"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-onprem"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-prod"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.2.2/30
- name: hub-to-prod-remote-0
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-prod-remote-0
- module.vpn-ha["hub/to-prod"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.2.6/30
- name: hub-to-prod-remote-1
- private_ip_address: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: hub-to-prod-remote-1
- module.vpn-ha["hub/to-prod"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-prod-remote-0
- md5_authentication_key: []
- name: hub-to-prod-remote-0
- peer_asn: 64515
- peer_ip_address: 169.254.2.1
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-prod"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: hub-to-prod-remote-1
- md5_authentication_key: []
- name: hub-to-prod-remote-1
- peer_asn: 64515
- peer_ip_address: 169.254.2.5
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["hub/to-prod"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-prod-remote-0
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["hub/to-prod"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: hub-to-prod-remote-1
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-prod-net-core-0
- region: europe-west1
- router: hub-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["hub/to-prod"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-prod"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["hub/to-prod"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
- module.vpn-ha["prod/to-hub"].google_compute_router_interface.router_interface["remote-0"]:
- interconnect_attachment: null
- ip_range: 169.254.2.1/30
- name: prod-to-hub-remote-0
- private_ip_address: null
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: prod-to-hub-remote-0
- module.vpn-ha["prod/to-hub"].google_compute_router_interface.router_interface["remote-1"]:
- interconnect_attachment: null
- ip_range: 169.254.2.5/30
- name: prod-to-hub-remote-1
- private_ip_address: null
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-vpn-router
- subnetwork: null
- timeouts: null
- vpn_tunnel: prod-to-hub-remote-1
- module.vpn-ha["prod/to-hub"].google_compute_router_peer.bgp_peer["remote-0"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: prod-to-hub-remote-0
- md5_authentication_key: []
- name: prod-to-hub-remote-0
- peer_asn: 64514
- peer_ip_address: 169.254.2.2
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["prod/to-hub"].google_compute_router_peer.bgp_peer["remote-1"]:
- advertise_mode: DEFAULT
- advertised_groups: []
- advertised_ip_ranges: []
- advertised_route_priority: 1000
- custom_learned_ip_ranges: []
- custom_learned_route_priority: null
- enable: true
- enable_ipv6: false
- export_policies: null
- import_policies: null
- interface: prod-to-hub-remote-1
- md5_authentication_key: []
- name: prod-to-hub-remote-1
- peer_asn: 64514
- peer_ip_address: 169.254.2.6
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-vpn-router
- router_appliance_instance: null
- timeouts: null
- zero_advertised_route_priority: null
- zero_custom_learned_route_priority: false
- module.vpn-ha["prod/to-hub"].google_compute_vpn_tunnel.tunnels["remote-0"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: prod-to-hub-remote-0
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 0
- module.vpn-ha["prod/to-hub"].google_compute_vpn_tunnel.tunnels["remote-1"]:
- cipher_suite: []
- description: null
- effective_labels:
- goog-terraform-provisioned: 'true'
- ike_version: 2
- labels: null
- name: prod-to-hub-remote-1
- peer_external_gateway: null
- peer_external_gateway_interface: null
- project: fast-prod-net-spoke-0
- region: europe-west1
- router: prod-vpn-router
- shared_secret: foobar
- shared_secret_wo: null
- shared_secret_wo_version: null
- target_vpn_gateway: null
- terraform_labels:
- goog-terraform-provisioned: 'true'
- timeouts: null
- vpn_gateway_interface: 1
- module.vpn-ha["prod/to-hub"].random_id.md5_keys["remote-0"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["prod/to-hub"].random_id.md5_keys["remote-1"]:
- byte_length: 12
- keepers: null
- prefix: null
- module.vpn-ha["prod/to-hub"].random_id.secret:
- byte_length: 8
- keepers: null
- prefix: null
-
counts:
google_compute_external_vpn_gateway: 1
google_compute_firewall: 3
@@ -2466,7 +37,7 @@ counts:
google_project_service: 27
google_project_service_identity: 21
google_storage_bucket_object: 2
- modules: 29
+ modules: 30
random_id: 15
resources: 214
terraform_data: 2
diff --git a/tests/modules/net_vpc_factory/examples/example.yaml b/tests/modules/net_vpc_factory/examples/example.yaml
new file mode 100644
index 000000000..3de086ee7
--- /dev/null
+++ b/tests/modules/net_vpc_factory/examples/example.yaml
@@ -0,0 +1,120 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.net-vpc-factory.module.firewall["data-vpc-0"].google_compute_firewall.custom-rules["allow-iap"]:
+ allow:
+ - ports:
+ - '22'
+ protocol: tcp
+ deny: []
+ description: Allow IAP for SSH
+ direction: INGRESS
+ disabled: false
+ log_config: []
+ name: allow-iap
+ network: data-vpc-0
+ params: []
+ priority: 1000
+ project: my-host-project-id
+ source_ranges:
+ - 35.235.240.0/20
+ source_service_accounts: null
+ source_tags: null
+ target_service_accounts: null
+ target_tags:
+ - ssh
+ timeouts: null
+ module.net-vpc-factory.module.vpcs["data-vpc-0"].google_compute_network.network[0]:
+ auto_create_subnetworks: true
+ delete_bgp_always_compare_med: false
+ delete_default_routes_on_create: true
+ description: Terraform managed
+ enable_ula_internal_ipv6: null
+ name: data-vpc-0
+ network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
+ network_profile: null
+ params: []
+ project: my-host-project-id
+ routing_mode: GLOBAL
+ timeouts: null
+ module.net-vpc-factory.module.vpcs["data-vpc-0"].google_compute_route.gateway["directpath-googleapis"]:
+ description: Terraform-managed.
+ dest_range: 34.126.0.0/18
+ name: data-vpc-0-directpath-googleapis
+ network: data-vpc-0
+ next_hop_gateway: default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ params: []
+ priority: 1000
+ project: my-host-project-id
+ tags: null
+ timeouts: null
+ module.net-vpc-factory.module.vpcs["data-vpc-0"].google_compute_route.gateway["private-googleapis"]:
+ description: Terraform-managed.
+ dest_range: 199.36.153.8/30
+ name: data-vpc-0-private-googleapis
+ network: data-vpc-0
+ next_hop_gateway: default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ params: []
+ priority: 1000
+ project: my-host-project-id
+ tags: null
+ timeouts: null
+ module.net-vpc-factory.module.vpcs["data-vpc-0"].google_compute_route.gateway["restricted-googleapis"]:
+ description: Terraform-managed.
+ dest_range: 199.36.153.4/30
+ name: data-vpc-0-restricted-googleapis
+ network: data-vpc-0
+ next_hop_gateway: default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ params: []
+ priority: 1000
+ project: my-host-project-id
+ tags: null
+ timeouts: null
+ module.net-vpc-factory.module.vpcs["data-vpc-0"].google_compute_subnetwork.subnetwork["europe-west1/primary-subnet"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.10.0.0/24
+ ip_collection: null
+ ipv6_access_type: null
+ log_config: []
+ name: primary-subnet
+ network: data-vpc-0
+ params: []
+ private_ip_google_access: true
+ project: my-host-project-id
+ region: europe-west1
+ reserved_internal_range: null
+ resolve_subnet_mask: null
+ role: null
+ send_secondary_ip_range_if_empty: true
+ timeouts: null
+
+counts:
+ google_compute_firewall: 1
+ google_compute_network: 1
+ google_compute_route: 3
+ google_compute_subnetwork: 1
+ modules: 3
+ resources: 6
+
+outputs: {}
diff --git a/tests/modules/project_factory/examples/example.yaml b/tests/modules/project_factory/examples/example.yaml
index 03fbd3e97..01337b178 100644
--- a/tests/modules/project_factory/examples/example.yaml
+++ b/tests/modules/project_factory/examples/example.yaml
@@ -827,6 +827,10 @@ values:
: condition: []
role: roles/iam.serviceAccountUser
service_account_id: projects/test-pf-dev-ta-app0-be/serviceAccounts/app-0-fe@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
+ ? module.project-factory.module.service_accounts-iam["dev-ta-app0-be/app-0-be"].google_service_account_iam_member.bindings["test"]
+ : condition: []
+ member: group:team-a-admins@example.org
+ role: roles/iam.serviceAccountUser
? module.project-factory.module.service_accounts-iam["dev-tb-app0-0/vm-default"].google_service_account_iam_binding.authoritative["roles/iam.serviceAccountTokenCreator"]
: condition: []
members:
@@ -867,7 +871,7 @@ counts:
google_pubsub_topic_iam_binding: 1
google_service_account: 6
google_service_account_iam_binding: 2
- google_service_account_iam_member: 1
+ google_service_account_iam_member: 2
google_storage_bucket: 1
google_storage_bucket_iam_binding: 2
google_storage_project_service_account: 4
@@ -876,5 +880,5 @@ counts:
google_tags_tag_value: 2
google_tags_tag_value_iam_binding: 1
modules: 30
- resources: 108
+ resources: 109
terraform_data: 2