Allow to specify function egress settings without using a VPC connector (#2967)

2025-03-19 11:38:33 +01:00
parent c8e4179f2b
commit ffb1452dbd
4 changed files with 12 additions and 12 deletions
--- a/modules/cloud-function-v2/README.md
+++ b/modules/cloud-function-v2/README.md
@@ -331,8 +331,8 @@ module "cf-http" {
 | [service_account](variables.tf#L185) | Service account email. Unused if service account is auto-created. | <code>string</code> |  | <code>null</code> |
 | [service_account_create](variables.tf#L191) | Auto-create service account. | <code>bool</code> |  | <code>false</code> |
 | [trigger_config](variables.tf#L197) | Function trigger configuration. Leave null for HTTP trigger. | <code title="object&#40;&#123;&#10;  event_type   &#61; string&#10;  pubsub_topic &#61; optional&#40;string&#41;&#10;  region       &#61; optional&#40;string&#41;&#10;  event_filters &#61; optional&#40;list&#40;object&#40;&#123;&#10;    attribute &#61; string&#10;    value     &#61; string&#10;    operator  &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;, &#91;&#93;&#41;&#10;  service_account_email  &#61; optional&#40;string&#41;&#10;  service_account_create &#61; optional&#40;bool, false&#41;&#10;  retry_policy           &#61; optional&#40;string, &#34;RETRY_POLICY_DO_NOT_RETRY&#34;&#41; &#35; default to avoid permadiff&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [vpc_connector](variables.tf#L215) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | <code title="object&#40;&#123;&#10;  create          &#61; bool&#10;  name            &#61; string&#10;  egress_settings &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [vpc_connector_config](variables.tf#L225) | VPC connector network configuration. Must be provided if new VPC connector is being created. | <code title="object&#40;&#123;&#10;  ip_cidr_range &#61; string&#10;  network       &#61; string&#10;  instances &#61; optional&#40;object&#40;&#123;&#10;    max &#61; optional&#40;number&#41;&#10;    min &#61; optional&#40;number, 2&#41;&#10;  &#125;&#41;&#41;&#10;  throughput &#61; optional&#40;object&#40;&#123;&#10;    max &#61; optional&#40;number, 300&#41;&#10;    min &#61; optional&#40;number, 200&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [vpc_connector](variables.tf#L215) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | <code title="object&#40;&#123;&#10;  create          &#61; optional&#40;bool, false&#41;&#10;  name            &#61; optional&#40;string&#41;&#10;  egress_settings &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [vpc_connector_config](variables.tf#L226) | VPC connector network configuration. Must be provided if new VPC connector is being created. | <code title="object&#40;&#123;&#10;  ip_cidr_range &#61; string&#10;  network       &#61; string&#10;  instances &#61; optional&#40;object&#40;&#123;&#10;    max &#61; optional&#40;number&#41;&#10;    min &#61; optional&#40;number, 2&#41;&#10;  &#125;&#41;&#41;&#10;  throughput &#61; optional&#40;object&#40;&#123;&#10;    max &#61; optional&#40;number, 300&#41;&#10;    min &#61; optional&#40;number, 200&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |

 ## Outputs

--- a/modules/cloud-function-v2/main.tf
+++ b/modules/cloud-function-v2/main.tf
@@ -39,10 +39,10 @@ locals {
    null
  )
  vpc_connector = (
-    var.vpc_connector == null
+    var.vpc_connector.name == null
    ? null
    : (
-      try(var.vpc_connector.create, false) == false
+      var.vpc_connector.create == false
      ? var.vpc_connector.name
      : google_vpc_access_connector.connector[0].id
    )
@@ -50,7 +50,7 @@ locals {
 }

 resource "google_vpc_access_connector" "connector" {
-  count          = try(var.vpc_connector.create, false) == true ? 1 : 0
+  count          = var.vpc_connector.create == true ? 1 : 0
  project        = var.project_id
  name           = var.vpc_connector.name
  region         = var.region
@@ -121,8 +121,7 @@ resource "google_cloudfunctions2_function" "function" {
    all_traffic_on_latest_revision = true
    service_account_email          = local.service_account_email
    vpc_connector                  = local.vpc_connector
-    vpc_connector_egress_settings = try(
-    var.vpc_connector.egress_settings, null)
+    vpc_connector_egress_settings  = var.vpc_connector.egress_settings

    dynamic "secret_environment_variables" {
      for_each = { for k, v in var.secrets : k => v if !v.is_volume }
--- a/modules/cloud-function-v2/variables.tf
+++ b/modules/cloud-function-v2/variables.tf
@@ -215,11 +215,12 @@ variable "trigger_config" {
 variable "vpc_connector" {
  description = "VPC connector configuration. Set create to 'true' if a new connector needs to be created."
  type = object({
-    create          = bool
-    name            = string
-    egress_settings = string
+    create          = optional(bool, false)
+    name            = optional(string)
+    egress_settings = optional(string)
  })
-  default = null
+  nullable = false
+  default  = {}
 }

 variable "vpc_connector_config" {