diff --git a/fast/stages/2-networking-a-simple/README.md b/fast/stages/2-networking-a-simple/README.md
index f2316f17f4..b2c30b42f5 100644
--- a/fast/stages/2-networking-a-simple/README.md
+++ b/fast/stages/2-networking-a-simple/README.md
@@ -431,6 +431,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [spoke-peerings.tf](./spoke-peerings.tf) | Peerings between landing and spokes. | net-vpc-peering
| |
| [spoke-vpns.tf](./spoke-vpns.tf) | VPN between landing and spokes. | net-vpn-ha
| |
| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | |
+| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha
| |
@@ -438,25 +439,25 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:|
-| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…})
| ✓ | | 0-bootstrap
|
-| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…})
| ✓ | | 0-bootstrap
|
-| [folder_ids](variables.tf#L132) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…})
| ✓ | | 1-resman
|
-| [organization](variables.tf#L142) | Organization details. | object({…})
| ✓ | | 0-bootstrap
|
-| [prefix](variables.tf#L158) | Prefix used for resources that need unique names. Use 9 characters or less. | string
| ✓ | | 0-bootstrap
|
+| [automation](variables-fast.tf#L19) | Automation resources created by the bootstrap stage. | object({…})
| ✓ | | 0-bootstrap
|
+| [billing_account](variables-fast.tf#L27) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…})
| ✓ | | 0-bootstrap
|
+| [folder_ids](variables-fast.tf#L59) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…})
| ✓ | | 1-resman
|
+| [organization](variables-fast.tf#L69) | Organization details. | object({…})
| ✓ | | 0-bootstrap
|
+| [prefix](variables-fast.tf#L79) | Prefix used for resources that need unique names. Use 9 characters or less. | string
| ✓ | | 0-bootstrap
|
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…})
| | {…}
| |
-| [create_test_instances](variables.tf#L63) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool
| | false
| |
-| [custom_roles](variables.tf#L69) | Custom roles defined at the org level, in key => id format. | object({…})
| | null
| 0-bootstrap
|
-| [dns](variables.tf#L78) | DNS configuration. | object({…})
| | {}
| |
-| [enable_cloud_nat](variables.tf#L88) | Deploy Cloud NAT. | bool
| | false
| |
-| [essential_contacts](variables.tf#L95) | Email used for essential contacts, unset if null. | string
| | null
| |
-| [factories_config](variables.tf#L101) | Configuration for network resource factories. | object({…})
| | {…}
| |
-| [fast_features](variables.tf#L122) | Selective control for top-level FAST features. | object({…})
| | {}
| 0-0-bootstrap
|
-| [outputs_location](variables.tf#L152) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string
| | null
| |
-| [psa_ranges](variables.tf#L169) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…})
| | {}
| |
-| [regions](variables.tf#L189) | Region definitions. | object({…})
| | {…}
| |
-| [service_accounts](variables.tf#L201) | Automation service accounts in name => email format. | object({…})
| | null
| 1-resman
|
-| [spoke_configs](variables.tf#L215) | Spoke connectivity configurations. | object({…})
| | {…}
| |
-| [vpn_onprem_primary_config](variables.tf#L265) | VPN gateway configuration for onprem interconnection in the primary region. | object({…})
| | null
| |
+| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool
| | false
| |
+| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | object({…})
| | null
| 0-bootstrap
|
+| [dns](variables.tf#L48) | DNS configuration. | object({…})
| | {}
| |
+| [enable_cloud_nat](variables.tf#L58) | Deploy Cloud NAT. | bool
| | false
| |
+| [essential_contacts](variables.tf#L65) | Email used for essential contacts, unset if null. | string
| | null
| |
+| [factories_config](variables.tf#L71) | Configuration for network resource factories. | object({…})
| | {…}
| |
+| [fast_features](variables-fast.tf#L49) | Selective control for top-level FAST features. | object({…})
| | {}
| 0-0-bootstrap
|
+| [outputs_location](variables.tf#L92) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string
| | null
| |
+| [psa_ranges](variables.tf#L98) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…})
| | {}
| |
+| [regions](variables.tf#L118) | Region definitions. | object({…})
| | {…}
| |
+| [service_accounts](variables-fast.tf#L90) | Automation service accounts in name => email format. | object({…})
| | null
| 1-resman
|
+| [spoke_configs](variables.tf#L130) | Spoke connectivity configurations. | object({…})
| | {…}
| |
+| [vpn_onprem_primary_config](variables.tf#L180) | VPN gateway configuration for onprem interconnection in the primary region. | object({…})
| | null
| |
## Outputs
diff --git a/fast/stages/2-networking-a-simple/test-resources.tf b/fast/stages/2-networking-a-simple/test-resources.tf
index a9993cfb38..39613f66dc 100644
--- a/fast/stages/2-networking-a-simple/test-resources.tf
+++ b/fast/stages/2-networking-a-simple/test-resources.tf
@@ -17,7 +17,7 @@
# tfdoc:file:description Temporary instances for testing
locals {
- test-vms = {
+ test-vms = var.create_test_instances != true ? {} : {
dev-spoke-primary = {
region = var.regions.primary
project_id = module.dev-spoke-project.project_id
@@ -43,7 +43,7 @@ locals {
}
module "test-vms" {
- for_each = var.create_test_instances ? local.test-vms : {}
+ for_each = local.test-vms
# for_each = {}
source = "../../../modules/compute-vm"
project_id = each.value.project_id
diff --git a/fast/stages/2-networking-a-simple/variables-fast.tf b/fast/stages/2-networking-a-simple/variables-fast.tf
new file mode 100644
index 0000000000..37d4031b33
--- /dev/null
+++ b/fast/stages/2-networking-a-simple/variables-fast.tf
@@ -0,0 +1,103 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+# tfdoc:file:description FAST stage interface.
+
+variable "automation" {
+ # tfdoc:variable:source 0-bootstrap
+ description = "Automation resources created by the bootstrap stage."
+ type = object({
+ outputs_bucket = string
+ })
+}
+
+variable "billing_account" {
+ # tfdoc:variable:source 0-bootstrap
+ description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
+ type = object({
+ id = string
+ is_org_level = optional(bool, true)
+ })
+ validation {
+ condition = var.billing_account.is_org_level != null
+ error_message = "Invalid `null` value for `billing_account.is_org_level`."
+ }
+}
+
+variable "custom_roles" {
+ # tfdoc:variable:source 0-bootstrap
+ description = "Custom roles defined at the org level, in key => id format."
+ type = object({
+ service_project_network_admin = string
+ })
+ default = null
+}
+
+variable "fast_features" {
+ # tfdoc:variable:source 0-0-bootstrap
+ description = "Selective control for top-level FAST features."
+ type = object({
+ gcve = optional(bool, false)
+ })
+ default = {}
+ nullable = false
+}
+
+variable "folder_ids" {
+ # tfdoc:variable:source 1-resman
+ description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
+ type = object({
+ networking = string
+ networking-dev = string
+ networking-prod = string
+ })
+}
+
+variable "organization" {
+ # tfdoc:variable:source 0-bootstrap
+ description = "Organization details."
+ type = object({
+ domain = string
+ id = number
+ customer_id = string
+ })
+}
+
+variable "prefix" {
+ # tfdoc:variable:source 0-bootstrap
+ description = "Prefix used for resources that need unique names. Use 9 characters or less."
+ type = string
+
+ validation {
+ condition = try(length(var.prefix), 0) < 10
+ error_message = "Use a maximum of 9 characters for prefix."
+ }
+}
+
+variable "service_accounts" {
+ # tfdoc:variable:source 1-resman
+ description = "Automation service accounts in name => email format."
+ type = object({
+ data-platform-dev = string
+ data-platform-prod = string
+ gke-dev = string
+ gke-prod = string
+ project-factory-dev = string
+ project-factory-prod = string
+ })
+ default = null
+}
+
diff --git a/fast/stages/2-networking-a-simple/variables.tf b/fast/stages/2-networking-a-simple/variables.tf
index dd097bdd80..bf92791e42 100644
--- a/fast/stages/2-networking-a-simple/variables.tf
+++ b/fast/stages/2-networking-a-simple/variables.tf
@@ -39,42 +39,12 @@ variable "alert_config" {
}
}
-variable "automation" {
- # tfdoc:variable:source 0-bootstrap
- description = "Automation resources created by the bootstrap stage."
- type = object({
- outputs_bucket = string
- })
-}
-
-variable "billing_account" {
- # tfdoc:variable:source 0-bootstrap
- description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
- type = object({
- id = string
- is_org_level = optional(bool, true)
- })
- validation {
- condition = var.billing_account.is_org_level != null
- error_message = "Invalid `null` value for `billing_account.is_org_level`."
- }
-}
-
variable "create_test_instances" {
description = "Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity."
type = bool
default = false
}
-variable "custom_roles" {
- # tfdoc:variable:source 0-bootstrap
- description = "Custom roles defined at the org level, in key => id format."
- type = object({
- service_project_network_admin = string
- })
- default = null
-}
-
variable "dns" {
description = "DNS configuration."
type = object({
@@ -119,53 +89,12 @@ variable "factories_config" {
}
}
-variable "fast_features" {
- # tfdoc:variable:source 0-0-bootstrap
- description = "Selective control for top-level FAST features."
- type = object({
- gcve = optional(bool, false)
- })
- default = {}
- nullable = false
-}
-
-variable "folder_ids" {
- # tfdoc:variable:source 1-resman
- description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
- type = object({
- networking = string
- networking-dev = string
- networking-prod = string
- })
-}
-
-variable "organization" {
- # tfdoc:variable:source 0-bootstrap
- description = "Organization details."
- type = object({
- domain = string
- id = number
- customer_id = string
- })
-}
-
variable "outputs_location" {
description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable."
type = string
default = null
}
-variable "prefix" {
- # tfdoc:variable:source 0-bootstrap
- description = "Prefix used for resources that need unique names. Use 9 characters or less."
- type = string
-
- validation {
- condition = try(length(var.prefix), 0) < 10
- error_message = "Use a maximum of 9 characters for prefix."
- }
-}
-
variable "psa_ranges" {
description = "IP ranges used for Private Service Access (CloudSQL, etc.)."
type = object({
@@ -198,20 +127,6 @@ variable "regions" {
}
}
-variable "service_accounts" {
- # tfdoc:variable:source 1-resman
- description = "Automation service accounts in name => email format."
- type = object({
- data-platform-dev = string
- data-platform-prod = string
- gke-dev = string
- gke-prod = string
- project-factory-dev = string
- project-factory-prod = string
- })
- default = null
-}
-
variable "spoke_configs" {
description = "Spoke connectivity configurations."
type = object({