diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 21b1a4937..8e7f530c6 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -627,15 +627,15 @@ module "vpc" {
| [network_attachments](variables.tf#L100) | PSC network attachments, names as keys. | map(object({…})) | | {} |
| [peering_config](variables.tf#L113) | VPC peering configuration. | object({…}) | | null |
| [policy_based_routes](variables.tf#L124) | Policy based routes, keyed by name. | map(object({…})) | | {} |
-| [psa_config](variables.tf#L177) | The Private Service Access configuration for Service Networking. | object({…}) | | null |
-| [routes](variables.tf#L188) | Network routes, keyed by name. | map(object({…})) | | {} |
-| [routing_mode](variables.tf#L209) | The network routing mode (default 'GLOBAL'). | string | | "GLOBAL" |
-| [shared_vpc_host](variables.tf#L219) | Enable shared VPC for this project. | bool | | false |
-| [shared_vpc_service_projects](variables.tf#L225) | Shared VPC service projects to register with this host. | list(string) | | [] |
-| [subnets](variables.tf#L231) | Subnet configuration. | list(object({…})) | | [] |
-| [subnets_proxy_only](variables.tf#L278) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
-| [subnets_psc](variables.tf#L312) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
-| [vpc_create](variables.tf#L344) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
+| [psa_config](variables.tf#L177) | The Private Service Access configuration. | object({…}) | | null |
+| [routes](variables.tf#L189) | Network routes, keyed by name. | map(object({…})) | | {} |
+| [routing_mode](variables.tf#L210) | The network routing mode (default 'GLOBAL'). | string | | "GLOBAL" |
+| [shared_vpc_host](variables.tf#L220) | Enable shared VPC for this project. | bool | | false |
+| [shared_vpc_service_projects](variables.tf#L226) | Shared VPC service projects to register with this host. | list(string) | | [] |
+| [subnets](variables.tf#L232) | Subnet configuration. | list(object({…})) | | [] |
+| [subnets_proxy_only](variables.tf#L279) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
+| [subnets_psc](variables.tf#L313) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
+| [vpc_create](variables.tf#L345) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
## Outputs
diff --git a/modules/net-vpc/psa.tf b/modules/net-vpc/psa.tf
index 29fe04082..6f7146a19 100644
--- a/modules/net-vpc/psa.tf
+++ b/modules/net-vpc/psa.tf
@@ -39,7 +39,7 @@ moved {
resource "google_service_networking_connection" "psa_connection" {
count = var.psa_config != null ? 1 : 0
network = local.network.id
- service = "servicenetworking.googleapis.com"
+ service = var.psa_config.service_producer
reserved_peering_ranges = [
for k, v in google_compute_global_address.psa_ranges : v.name
]
@@ -65,6 +65,6 @@ resource "google_service_networking_peered_dns_domain" "name" {
name = trimsuffix(replace(each.value, ".", "-"), "-")
network = local.network.name
dns_suffix = each.value
- service = "servicenetworking.googleapis.com"
+ service = var.psa_config.service_producer
depends_on = [google_service_networking_connection.psa_connection]
}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 6fc763740..f50297c22 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -175,12 +175,13 @@ variable "project_id" {
}
variable "psa_config" {
- description = "The Private Service Access configuration for Service Networking."
+ description = "The Private Service Access configuration."
type = object({
- ranges = map(string)
- export_routes = optional(bool, false)
- import_routes = optional(bool, false)
- peered_domains = optional(list(string), [])
+ ranges = map(string)
+ export_routes = optional(bool, false)
+ import_routes = optional(bool, false)
+ peered_domains = optional(list(string), [])
+ service_producer = optional(string, "servicenetworking.googleapis.com")
})
default = null
}