diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 26f59296e8..143816ca02 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -410,6 +410,7 @@ module "vpc" {
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
+ description = "Route to internal range."
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = each.key
@@ -475,7 +476,6 @@ module "vpc" {
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
```
-
## Variables
| name | description | type | required | default |
@@ -492,16 +492,16 @@ module "vpc" {
| [mtu](variables.tf#L77) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | number
| | null
|
| [peering_config](variables.tf#L88) | VPC peering configuration. | object({…})
| | null
|
| [psa_config](variables.tf#L104) | The Private Service Access configuration for Service Networking. | object({…})
| | null
|
-| [routes](variables.tf#L114) | Network routes, keyed by name. | map(object({…}))
| | {}
|
-| [routing_mode](variables.tf#L134) | The network routing mode (default 'GLOBAL'). | string
| | "GLOBAL"
|
-| [shared_vpc_host](variables.tf#L144) | Enable shared VPC for this project. | bool
| | false
|
-| [shared_vpc_service_projects](variables.tf#L150) | Shared VPC service projects to register with this host. | list(string)
| | []
|
-| [subnet_iam](variables.tf#L156) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string)))
| | {}
|
-| [subnet_iam_additive](variables.tf#L162) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | map(map(list(string)))
| | {}
|
-| [subnets](variables.tf#L169) | Subnet configuration. | list(object({…}))
| | []
|
-| [subnets_proxy_only](variables.tf#L194) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…}))
| | []
|
-| [subnets_psc](variables.tf#L206) | List of subnets for Private Service Connect service producers. | list(object({…}))
| | []
|
-| [vpc_create](variables.tf#L217) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool
| | true
|
+| [routes](variables.tf#L114) | Network routes, keyed by name. | map(object({…}))
| | {}
|
+| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | string
| | "GLOBAL"
|
+| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | bool
| | false
|
+| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | list(string)
| | []
|
+| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string)))
| | {}
|
+| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | map(map(list(string)))
| | {}
|
+| [subnets](variables.tf#L170) | Subnet configuration. | list(object({…}))
| | []
|
+| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…}))
| | []
|
+| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | list(object({…}))
| | []
|
+| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool
| | true
|
## Outputs
@@ -521,5 +521,4 @@ module "vpc" {
| [subnets](outputs.tf#L118) | Subnet resources. | |
| [subnets_proxy_only](outputs.tf#L123) | L7 ILB or L7 Regional LB subnet resources. | |
| [subnets_psc](outputs.tf#L128) | Private Service Connect subnet resources. | |
-
diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf
index 8b7ae7aec4..2c2430e431 100644
--- a/modules/net-vpc/routes.tf
+++ b/modules/net-vpc/routes.tf
@@ -51,7 +51,7 @@ resource "google_compute_route" "gateway" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
- description = "Terraform-managed."
+ description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -63,7 +63,7 @@ resource "google_compute_route" "ilb" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
- description = "Terraform-managed."
+ description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -75,7 +75,7 @@ resource "google_compute_route" "instance" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
- description = "Terraform-managed."
+ description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -89,7 +89,7 @@ resource "google_compute_route" "ip" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
- description = "Terraform-managed."
+ description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
@@ -101,7 +101,7 @@ resource "google_compute_route" "vpn_tunnel" {
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
- description = "Terraform-managed."
+ description = each.value.description
dest_range = each.value.dest_range
priority = each.value.priority
tags = each.value.tags
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 40a8bb2cf9..7bcf3b9063 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -114,6 +114,7 @@ variable "psa_config" {
variable "routes" {
description = "Network routes, keyed by name."
type = map(object({
+ description = optional(string, "Terraform-managed.")
dest_range = string
next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb
next_hop = string
diff --git a/tests/modules/net_vpc/examples/routes.yaml b/tests/modules/net_vpc/examples/routes.yaml
index 205197c825..24f356f4dc 100644
--- a/tests/modules/net_vpc/examples/routes.yaml
+++ b/tests/modules/net_vpc/examples/routes.yaml
@@ -18,6 +18,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
+ description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-gateway-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -29,6 +30,7 @@ values:
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
+ description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-gateway-next-hop
next_hop_gateway: global/gateways/default-internet-gateway
@@ -43,6 +45,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
+ description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-ilb-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -54,6 +57,7 @@ values:
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
+ description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-ilb-next-hop
next_hop_gateway: null
@@ -68,6 +72,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
+ description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-instance-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -79,6 +84,7 @@ values:
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
+ description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-instance-next-hop
next_hop_gateway: null
@@ -94,6 +100,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
+ description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-ip-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -105,6 +112,7 @@ values:
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
+ description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-ip-next-hop
next_hop_gateway: null
@@ -120,6 +128,7 @@ values:
project: my-project
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
+ description: Terraform-managed.
dest_range: 0.0.0.0/0
name: my-network-with-route-vpn-tunnel-gateway
next_hop_gateway: global/gateways/default-internet-gateway
@@ -131,6 +140,7 @@ values:
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
+ description: Route to internal range.
dest_range: 192.168.128.0/24
name: my-network-with-route-vpn-tunnel-next-hop
next_hop_gateway: null