Fix backwards compatibility for vpc subnet descriptions

modules/net-vpc/README.md

@@ -276,8 +276,8 @@ flow_logs:                        # enable, set to empty map to use defaults
 | [subnet_iam](variables.tf#L133) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [subnets](variables.tf#L139) | Subnet configuration. | <code title="list&#40;object&#40;&#123;&#10;  name                  &#61; string&#10;  ip_cidr_range         &#61; string&#10;  region                &#61; string&#10;  description           &#61; optional&#40;string&#41;&#10;  enable_private_access &#61; optional&#40;bool, true&#41;&#10;  flow_logs_config &#61; optional&#40;object&#40;&#123;&#10;    aggregation_interval &#61; optional&#40;string&#41;&#10;    filter_expression    &#61; optional&#40;string&#41;&#10;    flow_sampling        &#61; optional&#40;number&#41;&#10;    metadata             &#61; optional&#40;string&#41;&#10;    metadata_fields &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  ipv6 &#61; optional&#40;object&#40;&#123;&#10;    access_type           &#61; optional&#40;string&#41;&#10;    enable_private_access &#61; optional&#40;bool, true&#41;&#10;  &#125;&#41;&#41;&#10;  secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
 | [subnets_proxy_only](variables.tf#L164) | List of proxy-only subnets for Regional HTTPS  or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;  description   &#61; optional&#40;string&#41;&#10;  active        &#61; bool&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
-| [subnets_psc](variables.tf#L176) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
-| [vpc_create](variables.tf#L186) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> |  | <code>true</code> |
+| [subnets_psc](variables.tf#L176) | List of subnets for Private Service Connect service producers. | <code title="list&#40;object&#40;&#123;&#10;  name          &#61; string&#10;  ip_cidr_range &#61; string&#10;  region        &#61; string&#10;  description   &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
+| [vpc_create](variables.tf#L187) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> |  | <code>true</code> |
 
 ## Outputs
 

modules/net-vpc/subnets.tf

@@ -72,13 +72,17 @@ locals {
 }
 
 resource "google_compute_subnetwork" "subnetwork" {
-  for_each                 = local.subnets
-  project                  = var.project_id
-  network                  = local.network.name
-  name                     = each.value.name
-  region                   = each.value.region
-  ip_cidr_range            = each.value.ip_cidr_range
-  description              = try(each.value.description, "Terraform-managed.")
+  for_each      = local.subnets
+  project       = var.project_id
+  network       = local.network.name
+  name          = each.value.name
+  region        = each.value.region
+  ip_cidr_range = each.value.ip_cidr_range
+  description = (
+    each.value.description == null
+    ? "Terraform-managed."
+    : each.value.description
+  )
   private_ip_google_access = each.value.enable_private_access
   secondary_ip_range = each.value.secondary_ip_ranges == null ? [] : [
     for name, range in each.value.secondary_ip_ranges :
@@ -107,9 +111,10 @@ resource "google_compute_subnetwork" "proxy_only" {
   name          = each.value.name
   region        = each.value.region
   ip_cidr_range = each.value.ip_cidr_range
-  description = try(
-    each.value.description,
-    "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
+  description = (
+    each.value.description == null
+    ? "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
+    : each.value.description
   )
   purpose = "REGIONAL_MANAGED_PROXY"
   role = (
@@ -124,9 +129,10 @@ resource "google_compute_subnetwork" "psc" {
   name          = each.value.name
   region        = each.value.region
   ip_cidr_range = each.value.ip_cidr_range
-  description = try(
-    each.value.description,
-    "Terraform-managed subnet for Private Service Connect (PSC NAT)."
+  description = (
+    each.value.description == null
+    ? "Terraform-managed subnet for Private Service Connect (PSC NAT)."
+    : each.value.description
   )
   purpose = "PRIVATE_SERVICE_CONNECT"
 }

modules/net-vpc/variables.tf

@@ -179,6 +179,7 @@ variable "subnets_psc" {
     name          = string
     ip_cidr_range = string
     region        = string
+    description   = optional(string)
   }))
   default = []
 }