Allow custom route descriptions in net-vpc module

modules/net-vpc/README.md

@@ -410,6 +410,7 @@ module "vpc" {
   name       = "my-network-with-route-${replace(each.key, "_", "-")}"
   routes = {
     next-hop = {
+      description   = "Route to internal range."
       dest_range    = "192.168.128.0/24"
       tags          = null
       next_hop_type = each.key
@@ -475,7 +476,6 @@ module "vpc" {
 # tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
 ```
 <!-- BEGIN TFDOC -->
-
 ## Variables
 
 | name | description | type | required | default |
@@ -492,16 +492,16 @@ module "vpc" {
 | [mtu](variables.tf#L77) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> |  | <code>null</code> |
 | [peering_config](variables.tf#L88) | VPC peering configuration. | <code title="object&#40;&#123;&#10;  peer_vpc_self_link &#61; string&#10;  create_remote_peer &#61; optional&#40;bool, true&#41;&#10;  export_routes      &#61; optional&#40;bool&#41;&#10;  import_routes      &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 | [psa_config](variables.tf#L104) | The Private Service Access configuration for Service Networking. | <code title="object&#40;&#123;&#10;  ranges        &#61; map&#40;string&#41;&#10;  export_routes &#61; optional&#40;bool, false&#41;&#10;  import_routes &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10;  dest_range    &#61; string&#10;  next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10;  next_hop      &#61; string&#10;  priority      &#61; optional&#40;number&#41;&#10;  tags          &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [routing_mode](variables.tf#L134) | The network routing mode (default 'GLOBAL'). | <code>string</code> |  | <code>&#34;GLOBAL&#34;</code> |
-| [shared_vpc_host](variables.tf#L144) | Enable shared VPC for this project. | <code>bool</code> |  | <code>false</code> |
-| [shared_vpc_service_projects](variables.tf#L150) | Shared VPC service projects to register with this host. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
-| [subnet_iam](variables.tf#L156) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [subnet_iam_additive](variables.tf#L162) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [subnets](variables.tf#L169) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10;  name                  &#61; string&#10;  ip_cidr_range         &#61; string&#10;  region                &#61; string&#10;  description           &#61; optional&#40;string&#41;&#10;  enable_private_access &#61; optional&#40;bool, true&#41;&#10;  flow_logs_config &#61; optional&#40;object&#40;&#123;&#10;    aggregation_interval &#61; optional&#40;string&#41;&#10;    filter_expression    &#61; optional&#40;string&#41;&#10;    flow_sampling        &#61; optional&#40;number&#41;&#10;    metadata             &#61; optional&#40;string&#41;&#10;    metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  ipv6 &#61; optional&#40;object&#40;&#123;&#10;    access_type           &#61; optional&#40;string&#41;&#10;    enable_private_access &#61; optional&#40;bool, true&#41;&#10;  &#125;&#41;&#41;&#10;  secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
-| [subnets_proxy_only](variables.tf#L194) | List of proxy-only subnets for Regional HTTPS  or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;  description   &#61; optional&#40;string&#41;&#10;  active        &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
-| [subnets_psc](variables.tf#L206) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;  description   &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
-| [vpc_create](variables.tf#L217) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> |  | <code>true</code> |
+| [routes](variables.tf#L114) | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10;  description   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;  dest_range    &#61; string&#10;  next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10;  next_hop      &#61; string&#10;  priority      &#61; optional&#40;number&#41;&#10;  tags          &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | <code>string</code> |  | <code>&#34;GLOBAL&#34;</code> |
+| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | <code>bool</code> |  | <code>false</code> |
+| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [subnets](variables.tf#L170) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10;  name                  &#61; string&#10;  ip_cidr_range         &#61; string&#10;  region                &#61; string&#10;  description           &#61; optional&#40;string&#41;&#10;  enable_private_access &#61; optional&#40;bool, true&#41;&#10;  flow_logs_config &#61; optional&#40;object&#40;&#123;&#10;    aggregation_interval &#61; optional&#40;string&#41;&#10;    filter_expression    &#61; optional&#40;string&#41;&#10;    flow_sampling        &#61; optional&#40;number&#41;&#10;    metadata             &#61; optional&#40;string&#41;&#10;    metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  ipv6 &#61; optional&#40;object&#40;&#123;&#10;    access_type           &#61; optional&#40;string&#41;&#10;    enable_private_access &#61; optional&#40;bool, true&#41;&#10;  &#125;&#41;&#41;&#10;  secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
+| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS  or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;  description   &#61; optional&#40;string&#41;&#10;  active        &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
+| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;  description   &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
+| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> |  | <code>true</code> |
 
 ## Outputs
 
@@ -521,5 +521,4 @@ module "vpc" {
 | [subnets](outputs.tf#L118) | Subnet resources. |  |
 | [subnets_proxy_only](outputs.tf#L123) | L7 ILB or L7 Regional LB subnet resources. |  |
 | [subnets_psc](outputs.tf#L128) | Private Service Connect subnet resources. |  |
-
 <!-- END TFDOC -->

modules/net-vpc/routes.tf

@@ -51,7 +51,7 @@ resource "google_compute_route" "gateway" {
   project          = var.project_id
   network          = local.network.name
   name             = "${var.name}-${each.key}"
-  description      = "Terraform-managed."
+  description      = each.value.description
   dest_range       = each.value.dest_range
   priority         = each.value.priority
   tags             = each.value.tags
@@ -63,7 +63,7 @@ resource "google_compute_route" "ilb" {
   project      = var.project_id
   network      = local.network.name
   name         = "${var.name}-${each.key}"
-  description  = "Terraform-managed."
+  description  = each.value.description
   dest_range   = each.value.dest_range
   priority     = each.value.priority
   tags         = each.value.tags
@@ -75,7 +75,7 @@ resource "google_compute_route" "instance" {
   project           = var.project_id
   network           = local.network.name
   name              = "${var.name}-${each.key}"
-  description       = "Terraform-managed."
+  description       = each.value.description
   dest_range        = each.value.dest_range
   priority          = each.value.priority
   tags              = each.value.tags
@@ -89,7 +89,7 @@ resource "google_compute_route" "ip" {
   project     = var.project_id
   network     = local.network.name
   name        = "${var.name}-${each.key}"
-  description = "Terraform-managed."
+  description = each.value.description
   dest_range  = each.value.dest_range
   priority    = each.value.priority
   tags        = each.value.tags
@@ -101,7 +101,7 @@ resource "google_compute_route" "vpn_tunnel" {
   project             = var.project_id
   network             = local.network.name
   name                = "${var.name}-${each.key}"
-  description         = "Terraform-managed."
+  description         = each.value.description
   dest_range          = each.value.dest_range
   priority            = each.value.priority
   tags                = each.value.tags

modules/net-vpc/variables.tf

@@ -114,6 +114,7 @@ variable "psa_config" {
 variable "routes" {
   description = "Network routes, keyed by name."
   type = map(object({
+    description   = optional(string, "Terraform-managed.")
     dest_range    = string
     next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb
     next_hop      = string

tests/modules/net_vpc/examples/routes.yaml

@@ -18,6 +18,7 @@ values:
     project: my-project
     routing_mode: GLOBAL
   module.vpc["gateway"].google_compute_route.gateway["gateway"]:
+    description: Terraform-managed.
     dest_range: 0.0.0.0/0
     name: my-network-with-route-gateway-gateway
     next_hop_gateway: global/gateways/default-internet-gateway
@@ -29,6 +30,7 @@ values:
     tags:
     - tag-a
   module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
+    description: Route to internal range.
     dest_range: 192.168.128.0/24
     name: my-network-with-route-gateway-next-hop
     next_hop_gateway: global/gateways/default-internet-gateway
@@ -43,6 +45,7 @@ values:
     project: my-project
     routing_mode: GLOBAL
   module.vpc["ilb"].google_compute_route.gateway["gateway"]:
+    description: Terraform-managed.
     dest_range: 0.0.0.0/0
     name: my-network-with-route-ilb-gateway
     next_hop_gateway: global/gateways/default-internet-gateway
@@ -54,6 +57,7 @@ values:
     tags:
     - tag-a
   module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
+    description: Route to internal range.
     dest_range: 192.168.128.0/24
     name: my-network-with-route-ilb-next-hop
     next_hop_gateway: null
@@ -68,6 +72,7 @@ values:
     project: my-project
     routing_mode: GLOBAL
   module.vpc["instance"].google_compute_route.gateway["gateway"]:
+    description: Terraform-managed.
     dest_range: 0.0.0.0/0
     name: my-network-with-route-instance-gateway
     next_hop_gateway: global/gateways/default-internet-gateway
@@ -79,6 +84,7 @@ values:
     tags:
     - tag-a
   module.vpc["instance"].google_compute_route.instance["next-hop"]:
+    description: Route to internal range.
     dest_range: 192.168.128.0/24
     name: my-network-with-route-instance-next-hop
     next_hop_gateway: null
@@ -94,6 +100,7 @@ values:
     project: my-project
     routing_mode: GLOBAL
   module.vpc["ip"].google_compute_route.gateway["gateway"]:
+    description: Terraform-managed.
     dest_range: 0.0.0.0/0
     name: my-network-with-route-ip-gateway
     next_hop_gateway: global/gateways/default-internet-gateway
@@ -105,6 +112,7 @@ values:
     tags:
     - tag-a
   module.vpc["ip"].google_compute_route.ip["next-hop"]:
+    description: Route to internal range.
     dest_range: 192.168.128.0/24
     name: my-network-with-route-ip-next-hop
     next_hop_gateway: null
@@ -120,6 +128,7 @@ values:
     project: my-project
     routing_mode: GLOBAL
   module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
+    description: Terraform-managed.
     dest_range: 0.0.0.0/0
     name: my-network-with-route-vpn-tunnel-gateway
     next_hop_gateway: global/gateways/default-internet-gateway
@@ -131,6 +140,7 @@ values:
     tags:
     - tag-a
   module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
+    description: Route to internal range.
     dest_range: 192.168.128.0/24
     name: my-network-with-route-vpn-tunnel-next-hop
     next_hop_gateway: null