diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf index e0603828f0..fea9fdb80e 100644 --- a/modules/net-vpc/routes.tf +++ b/modules/net-vpc/routes.tf @@ -17,7 +17,42 @@ # tfdoc:file:description Route resources. locals { - _routes = var.routes == null ? {} : var.routes + _default_routes = { + private = { + dest_range = "199.36.153.8/30" + next_hop_type = "gateway" + next_hop = "default-internet-gateway" + tags = null + priority = 1000 + } + private-6 = { + dest_range = "2600:2d00:0002:2000::/64" + next_hop_type = "gateway" + next_hop = "default-internet-gateway" + tags = null + priority = 1000 + } + restricted = { + dest_range = "199.36.153.4/30" + next_hop_type = "gateway" + next_hop = "default-internet-gateway" + tags = null + priority = 1000 + } + restricted-6 = { + dest_range = "2600:2d00:0002:1000::/64" + next_hop_type = "gateway" + next_hop = "default-internet-gateway" + tags = null + priority = 1000 + } + } + _requested_default_routes = { + for k, v in local._default_routes : + "${k}-googleapis" => v + if var.create_default_routes[k] + } + _routes = merge(local._requested_default_routes, coalesce(var.routes, {})) routes = { gateway = { for k, v in local._routes : k => v if v.next_hop_type == "gateway" } ilb = { for k, v in local._routes : k => v if v.next_hop_type == "ilb" } @@ -89,42 +124,42 @@ resource "google_compute_route" "vpn_tunnel" { next_hop_vpn_tunnel = each.value.next_hop } -resource "google_compute_route" "private" { - count = var.create_default_routes.private ? 1 : 0 - project = var.project_id - network = local.network.name - name = "private-googleapis-default" - description = "Terraform-managed." - dest_range = "199.36.153.8/30" - next_hop_gateway = "default-internet-gateway" -} +# resource "google_compute_route" "private" { +# count = var.create_default_routes.private ? 1 : 0 +# project = var.project_id +# network = local.network.name +# name = "private-googleapis-default" +# description = "Terraform-managed." +# dest_range = "199.36.153.8/30" +# next_hop_gateway = "default-internet-gateway" +# } -resource "google_compute_route" "private6" { - count = var.create_default_routes.private6 ? 1 : 0 - project = var.project_id - network = local.network.name - name = "private6-googleapis-default" - description = "Terraform-managed." - dest_range = "2600:2d00:0002:2000::/64" - next_hop_gateway = "default-internet-gateway" -} +# resource "google_compute_route" "private-6" { +# count = var.create_default_routes.private-6 ? 1 : 0 +# project = var.project_id +# network = local.network.name +# name = "private-6-googleapis-default" +# description = "Terraform-managed." +# dest_range = "2600:2d00:0002:2000::/64" +# next_hop_gateway = "default-internet-gateway" +# } -resource "google_compute_route" "restricted" { - count = var.create_default_routes.restricted ? 1 : 0 - project = var.project_id - network = local.network.name - name = "restricted-googleapis-default" - description = "Terraform-managed." - dest_range = "199.36.153.4/30" - next_hop_gateway = "default-internet-gateway" -} +# resource "google_compute_route" "restricted" { +# count = var.create_default_routes.restricted ? 1 : 0 +# project = var.project_id +# network = local.network.name +# name = "restricted-googleapis-default" +# description = "Terraform-managed." +# dest_range = "199.36.153.4/30" +# next_hop_gateway = "default-internet-gateway" +# } -resource "google_compute_route" "restricted6" { - count = var.create_default_routes.restricted6 ? 1 : 0 - project = var.project_id - network = local.network.name - name = "restricted6-googleapis-default" - description = "Terraform-managed." - dest_range = "2600:2d00:0002:1000::/64" - next_hop_gateway = "default-internet-gateway" -} +# resource "google_compute_route" "restricted-6" { +# count = var.create_default_routes.restricted-6 ? 1 : 0 +# project = var.project_id +# network = local.network.name +# name = "restricted-6-googleapis-default" +# description = "Terraform-managed." +# dest_range = "2600:2d00:0002:1000::/64" +# next_hop_gateway = "default-internet-gateway" +# } diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf index f5f93eff03..ba9dcc405f 100644 --- a/modules/net-vpc/variables.tf +++ b/modules/net-vpc/variables.tf @@ -23,10 +23,10 @@ variable "auto_create_subnetworks" { variable "create_default_routes" { description = "Toggle creation of googleapis private/restricted routes." type = object({ - private = optional(bool, true) - private6 = optional(bool, false) - restricted = optional(bool, true) - restricted6 = optional(bool, false) + private = optional(bool, true) + private-6 = optional(bool, false) + restricted = optional(bool, true) + restricted-6 = optional(bool, false) }) default = {} nullable = false