Module: net-vpc-factory (#2982)

This pull request introduces the `net-vpc-factory` module. This new factory handles: 

* Project setup (most of what's supported by the `project` module)
* VPC setup
  * Routing
  * Subnets
* Connectivity options
  * NCC (hub, VPC spokes and VPN hybrid spokes)
  * Peerings
  * VPN (GCP-to-onprem and GCP-to-GCP)
* NAT (everything supported by the `net-cloudnat` module)
* DNS (everything supported by the `dns` module)
* Firewall (everything supported by the `net-vpc-firewall` module)

modules/net-vpc-factory/data/firewall/dev-spoke/default-ingress.yaml

@@ -0,0 +1,28 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
+
+ingress:
+  ingress-icmp-allow:
+    description: "Allow ICMP from anywhere."
+    rules:
+      - protocol: icmp
+        ports: []
+    priority: 1000
+  ingress-ssh-from-iap-allow:
+    description: "Allow SSH connections from IAP ranges."
+    source_ranges:
+      - 35.235.240.0/20
+    rules:
+      - protocol: tcp
+        ports:
+          - 22
+    priority: 1001
+  ingress-default-deny:
+    description: "Deny and log any unmatched ingress traffic."
+    deny: true
+    priority: 65535
+    enable_logging:
+      include_metadata: false

modules/net-vpc-factory/data/firewall/hub/default-ingress.yaml

@@ -0,0 +1,28 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
+
+ingress:
+  ingress-icmp-allow:
+    description: "Allow ICMP from anywhere."
+    rules:
+      - protocol: icmp
+        ports: []
+    priority: 1000
+  ingress-ssh-from-iap-allow:
+    description: "Allow SSH connections from IAP ranges."
+    source_ranges:
+      - 35.235.240.0/20
+    rules:
+      - protocol: tcp
+        ports:
+          - 22
+    priority: 1001
+  ingress-default-deny:
+    description: "Deny and log any unmatched ingress traffic."
+    deny: true
+    priority: 65535
+    enable_logging:
+      include_metadata: false

modules/net-vpc-factory/data/firewall/prod-spoke/default-ingress.yaml

@@ -0,0 +1,28 @@
+# skip boilerplate check
+---
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
+
+ingress:
+  ingress-icmp-allow:
+    description: "Allow ICMP from anywhere."
+    rules:
+      - protocol: icmp
+        ports: []
+    priority: 1000
+  ingress-ssh-from-iap-allow:
+    description: "Allow SSH connections from IAP ranges."
+    source_ranges:
+      - 35.235.240.0/20
+    rules:
+      - protocol: tcp
+        ports:
+          - 22
+    priority: 1001
+  ingress-default-deny:
+    description: "Deny and log any unmatched ingress traffic."
+    deny: true
+    priority: 65535
+    enable_logging:
+      include_metadata: false

modules/net-vpc-factory/data/subnets/dev-spoke/dev-default.yaml

@@ -0,0 +1,8 @@
+# skip boilerplate check
+
+# yaml-language-server: $schema=../../../schemas/subnet.schema.json
+
+name: dev-default
+region: europe-west8
+ip_cidr_range: 10.68.0.0/24
+description: Default europe-west8 subnet for dev

modules/net-vpc-factory/data/subnets/hub/hub-default.yaml

@@ -0,0 +1,8 @@
+# skip boilerplate check
+
+# yaml-language-server: $schema=../../../schemas/subnet.schema.json
+
+name: hub-default
+region: europe-west12
+ip_cidr_range: 10.70.0.0/24
+description: Default europe-west12 subnet for hub

modules/net-vpc-factory/data/subnets/prod-spoke/prod-default.yaml

@@ -0,0 +1,8 @@
+# skip boilerplate check
+
+# yaml-language-server: $schema=../../../schemas/subnet.schema.json
+
+name: prod-default
+region: europe-west12
+ip_cidr_range: 10.69.0.0/24
+description: Default europe-west12 subnet for prod