Skip to content

Commit

Permalink
Merge pull request #1567 from GoogleCloudPlatform/jccb/route-description
Browse files Browse the repository at this point in the history 
Allow custom route descriptions in net-vpc module
  • Loading branch information
@juliocc
juliocc committed Aug 4, 2023
2 parents 24bd617 + ce51058 commit a6c90f2
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 17 deletions.
23 changes: 11 additions & 12 deletions modules/net-vpc/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,7 @@ module "vpc" {
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
description = "Route to internal range."
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = each.key
Expand Down Expand Up @@ -475,7 +476,6 @@ module "vpc" {
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
```
<!-- BEGIN TFDOC -->

## Variables

| name | description | type | required | default |
Expand All @@ -492,16 +492,16 @@ module "vpc" {
| [mtu](variables.tf#L77) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
| [peering_config](variables.tf#L88) | VPC peering configuration. | <code title="object&#40;&#123;&#10; peer_vpc_self_link &#61; string&#10; create_remote_peer &#61; optional&#40;bool, true&#41;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [psa_config](variables.tf#L104) | The Private Service Access configuration for Service Networking. | <code title="object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10; dest_range &#61; string&#10; next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10; next_hop &#61; string&#10; priority &#61; optional&#40;number&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [routing_mode](variables.tf#L134) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>&#34;GLOBAL&#34;</code> |
| [shared_vpc_host](variables.tf#L144) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
| [shared_vpc_service_projects](variables.tf#L150) | Shared VPC service projects to register with this host. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [subnet_iam](variables.tf#L156) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnet_iam_additive](variables.tf#L162) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnets](variables.tf#L169) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; flow_logs_config &#61; optional&#40;object&#40;&#123;&#10; aggregation_interval &#61; optional&#40;string&#41;&#10; filter_expression &#61; optional&#40;string&#41;&#10; flow_sampling &#61; optional&#40;number&#41;&#10; metadata &#61; optional&#40;string&#41;&#10; metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; ipv6 &#61; optional&#40;object&#40;&#123;&#10; access_type &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;&#41;&#10; secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_proxy_only](variables.tf#L194) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; active &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_psc](variables.tf#L206) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc_create](variables.tf#L217) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10; dest_range &#61; string&#10; next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10; next_hop &#61; string&#10; priority &#61; optional&#40;number&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>&#34;GLOBAL&#34;</code> |
| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [subnets](variables.tf#L170) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; flow_logs_config &#61; optional&#40;object&#40;&#123;&#10; aggregation_interval &#61; optional&#40;string&#41;&#10; filter_expression &#61; optional&#40;string&#41;&#10; flow_sampling &#61; optional&#40;number&#41;&#10; metadata &#61; optional&#40;string&#41;&#10; metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; ipv6 &#61; optional&#40;object&#40;&#123;&#10; access_type &#61; optional&#40;string&#41;&#10; enable_private_access &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;&#41;&#10; secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10; active &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; ip_cidr_range &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |

## Outputs

Expand All @@ -521,5 +521,4 @@ module "vpc" {
| [subnets](outputs.tf#L118) | Subnet resources. | |
| [subnets_proxy_only](outputs.tf#L123) | L7 ILB or L7 Regional LB subnet resources. | |
| [subnets_psc](outputs.tf#L128) | Private Service Connect subnet resources. | |

<!-- END TFDOC -->
11 changes: 6 additions & 5 deletions modules/net-vpc/routes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ locals {
}
_googleapis_routes = {
for k, v in local._googleapis_ranges : "${k}-googleapis" => {
description = "Terraform-managed."
dest_range = v
next_hop = "default-internet-gateway"
next_hop_type = "gateway"
Expand All @@ -51,7 +52,7 @@ resource "google_compute_route" "gateway" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
Expand All @@ -63,7 +64,7 @@ resource "google_compute_route" "ilb" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
Expand All @@ -75,7 +76,7 @@ resource "google_compute_route" "instance" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
Expand All @@ -89,7 +90,7 @@ resource "google_compute_route" "ip" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
Expand All @@ -101,7 +102,7 @@ resource "google_compute_route" "vpn_tunnel" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
description = "Terraform-managed."
description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
Expand Down
1 change: 1 addition & 0 deletions modules/net-vpc/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ variable "psa_config" {
variable "routes" {
description = "Network routes, keyed by name."
type = map(object({
description = optional(string, "Terraform-managed.")
dest_range = string
next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb
next_hop = string
Expand Down
10 changes: 10 additions & 0 deletions tests/modules/net_vpc/examples/routes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-gateway-gateway
next_hop_gateway: global/gateways/default-internet-gateway
Expand All @@ -29,6 +30,7 @@ values:
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-gateway-next-hop
next_hop_gateway: global/gateways/default-internet-gateway
Expand All @@ -43,6 +45,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-ilb-gateway
next_hop_gateway: global/gateways/default-internet-gateway
Expand All @@ -54,6 +57,7 @@ values:
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-ilb-next-hop
next_hop_gateway: null
Expand All @@ -68,6 +72,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-instance-gateway
next_hop_gateway: global/gateways/default-internet-gateway
Expand All @@ -79,6 +84,7 @@ values:
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-instance-next-hop
next_hop_gateway: null
Expand All @@ -94,6 +100,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-ip-gateway
next_hop_gateway: global/gateways/default-internet-gateway
Expand All @@ -105,6 +112,7 @@ values:
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-ip-next-hop
next_hop_gateway: null
Expand All @@ -120,6 +128,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-vpn-tunnel-gateway
next_hop_gateway: global/gateways/default-internet-gateway
Expand All @@ -131,6 +140,7 @@ values:
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-vpn-tunnel-next-hop
next_hop_gateway: null
Expand Down

0 comments on commit a6c90f2

Please sign in to comment.