diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index e171125bc7..a2fdde4b99 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -29,7 +29,7 @@ This module allows creation and management of VPC networks including subnetworks ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -48,7 +48,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=simple.yaml +# tftest modules=1 resources=5 inventory=simple.yaml e2e ``` ### Subnet Options @@ -56,7 +56,7 @@ module "vpc" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ # simple subnet @@ -95,7 +95,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=7 inventory=subnet-options.yaml +# tftest modules=1 resources=7 inventory=subnet-options.yaml e2e ``` ### Subnet IAM @@ -105,7 +105,7 @@ Subnet IAM variables follow our general interface, with extra keys/members for t ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -114,12 +114,12 @@ module "vpc" { ip_cidr_range = "10.0.1.0/24" iam = { "roles/compute.networkUser" = [ - "user:user1@example.com", "group:group1@example.com" + "group:${var.group_email}" ] } iam_bindings = { subnet-1-iam = { - members = ["group:group2@example.com"] + members = ["group:${var.group_email}"] role = "roles/compute.networkUser" condition = { expression = "resource.matchTag('123456789012/env', 'prod')" @@ -131,10 +131,10 @@ module "vpc" { { name = "subnet-2" region = "europe-west1" - ip_cidr_range = "10.0.1.0/24" + ip_cidr_range = "10.0.2.0/24" iam_bindings_additive = { subnet-2-iam = { - member = "user:am1@example.com" + member = "group:${var.group_email}" role = "roles/compute.networkUser" subnet = "europe-west1/subnet-2" } @@ -142,7 +142,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=8 inventory=subnet-iam.yaml +# tftest modules=1 resources=8 inventory=subnet-iam.yaml e2e ``` ### Peering @@ -154,7 +154,7 @@ If you only want to create the "local" side of the peering, use `peering_create_ ```hcl module "vpc-hub" { source = "./fabric/modules/net-vpc" - project_id = "hub" + project_id = var.project_id name = "vpc-hub" subnets = [{ ip_cidr_range = "10.0.0.0/24" @@ -165,7 +165,7 @@ module "vpc-hub" { module "vpc-spoke-1" { source = "./fabric/modules/net-vpc" - project_id = "spoke1" + project_id = var.project_id name = "vpc-spoke1" subnets = [{ ip_cidr_range = "10.0.1.0/24" @@ -185,20 +185,24 @@ module "vpc-spoke-1" { [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) is a project-level functionality which enables a project to share its VPCs with other projects. The `shared_vpc_host` variable is here to help with rapid prototyping, we recommend leveraging the project module for production usage. ```hcl -locals { - service_project_1 = { - project_id = "project1" - gke_service_account = "serviceAccount:gke" - cloud_services_service_account = "serviceAccount:cloudsvc" - } - service_project_2 = { - project_id = "project2" - } + +module "service-project" { + source = "./fabric/modules/project" + billing_account = var.billing_account_id + name = "prj1" + prefix = var.prefix + parent = var.folder_id + services = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "iam.googleapis.com", + "serviceusage.googleapis.com" + ] } module "vpc-host" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-host-network" subnets = [ { @@ -211,22 +215,20 @@ module "vpc-host" { } iam = { "roles/compute.networkUser" = [ - local.service_project_1.cloud_services_service_account, - local.service_project_1.gke_service_account + "serviceAccount:${var.service_account.email}" ] "roles/compute.securityAdmin" = [ - local.service_project_1.gke_service_account + "serviceAccount:${var.service_account.email}" ] } } ] shared_vpc_host = true shared_vpc_service_projects = [ - local.service_project_1.project_id, - local.service_project_2.project_id + module.service-project.project_id ] } -# tftest modules=1 resources=9 inventory=shared-vpc.yaml +# tftest modules=2 resources=13 inventory=shared-vpc.yaml e2e ``` ### Private Service Networking @@ -234,7 +236,7 @@ module "vpc-host" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -247,7 +249,7 @@ module "vpc" { ranges = { myrange = "10.0.1.0/24" } } } -# tftest modules=1 resources=7 inventory=psa.yaml +# tftest modules=1 resources=7 inventory=psa.yaml e2e ``` ### Private Service Networking with peering routes and peered Cloud DNS domains @@ -257,7 +259,7 @@ Custom routes can be optionally exported/imported through the peering formed wit ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -273,7 +275,7 @@ module "vpc" { peered_domains = ["gcp.example.com."] } } -# tftest modules=1 resources=8 inventory=psa-routes.yaml +# tftest modules=1 resources=8 inventory=psa-routes.yaml e2e ``` ### Subnets for Private Service Connect, Proxy-only subnets @@ -286,7 +288,7 @@ Along with common private subnets module supports creation more service specific ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets_proxy_only = [ @@ -312,7 +314,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml +# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml e2e ``` ### DNS Policies @@ -320,7 +322,7 @@ module "vpc" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" dns_policy = { inbound = true @@ -337,7 +339,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=dns-policies.yaml +# tftest modules=1 resources=5 inventory=dns-policies.yaml e2e ``` ### Subnet Factory @@ -347,7 +349,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../b ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" factories_config = { subnets_folder = "config/subnets" @@ -430,7 +432,7 @@ locals { module "vpc" { source = "./fabric/modules/net-vpc" for_each = local.route_types - project_id = "my-project" + project_id = var.project_id name = "my-network-with-route-${replace(each.key, "_", "-")}" routes = { next-hop = { @@ -460,7 +462,7 @@ By default the VPC module creates IPv4 routes for the [Private Google Access ran ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-vpc" create_googleapis_routes = { restricted = false @@ -469,7 +471,7 @@ module "vpc" { private-6 = true } } -# tftest modules=1 resources=3 inventory=googleapis.yaml +# tftest modules=1 resources=3 inventory=googleapis.yaml e2e ``` ### Allow Firewall Policy to be evaluated before Firewall Rules @@ -477,7 +479,7 @@ module "vpc" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL" subnets = [ @@ -497,7 +499,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml +# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml e2e ``` ### IPv6 @@ -507,12 +509,12 @@ A non-overlapping private IPv6 address space can be configured for the VPC via t ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" ipv6_config = { # internal_range is optional enable_ula_internal = true - internal_range = "fd20:6b2:27e5:0:0:0:0:0/48" + # internal_range = "fd20:6b2:27e5::/48" } subnets = [ { @@ -531,7 +533,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=ipv6.yaml +# tftest modules=1 resources=5 inventory=ipv6.yaml e2e ``` ## Variables diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf index e6904e8486..065ea5fda0 100644 --- a/modules/net-vpc/routes.tf +++ b/modules/net-vpc/routes.tf @@ -19,9 +19,9 @@ locals { _googleapis_ranges = { private = "199.36.153.8/30" - private-6 = "2600:2d00:0002:2000::/64" + private-6 = "2600:2d00:2:2000::/64" restricted = "199.36.153.4/30" - restricted-6 = "2600:2d00:0002:1000::/64" + restricted-6 = "2600:2d00:2:1000::/64" } _googleapis_routes = { for k, v in local._googleapis_ranges : "${k}-googleapis" => { diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index cd2fc8152b..4d09f80f82 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -26,10 +26,12 @@ locals { "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", "compute.googleapis.com", + "dns.googleapis.com", "eventarc.googleapis.com", "iam.googleapis.com", "run.googleapis.com", "secretmanager.googleapis.com", + "servicenetworking.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com", "storage-component.googleapis.com", diff --git a/tests/modules/net_vpc/examples/dns-policies.yaml b/tests/modules/net_vpc/examples/dns-policies.yaml index 3999e91fff..540c3e30d4 100644 --- a/tests/modules/net_vpc/examples/dns-policies.yaml +++ b/tests/modules/net_vpc/examples/dns-policies.yaml @@ -15,7 +15,7 @@ values: module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {} module.vpc.google_dns_policy.default[0]: alternative_name_server_config: @@ -30,9 +30,9 @@ values: name: my-network networks: - {} - project: my-project + project: project-id counts: google_compute_network: 1 google_compute_subnetwork: 1 - google_dns_policy: 1 + google_dns_policy: 1 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/factory.yaml b/tests/modules/net_vpc/examples/factory.yaml index 50aa01e147..35227c7734 100644 --- a/tests/modules/net_vpc/examples/factory.yaml +++ b/tests/modules/net_vpc/examples/factory.yaml @@ -20,7 +20,7 @@ values: enable_ula_internal_ipv6: null name: my-network network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL - project: my-project + project: project-id routing_mode: GLOBAL timeouts: null module.vpc.google_compute_route.gateway["private-googleapis"]: @@ -32,7 +32,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -44,7 +44,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]: @@ -53,7 +53,7 @@ values: ipv6_access_type: null log_config: [] name: subnet-proxy - project: my-project + project: project-id purpose: REGIONAL_MANAGED_PROXY region: europe-west4 role: ACTIVE @@ -64,7 +64,7 @@ values: ipv6_access_type: null log_config: [] name: subnet-proxy-global - project: my-project + project: project-id purpose: GLOBAL_MANAGED_PROXY region: australia-southeast2 role: ACTIVE @@ -75,7 +75,7 @@ values: ipv6_access_type: null log_config: [] name: subnet-psc - project: my-project + project: project-id purpose: PRIVATE_SERVICE_CONNECT region: europe-west4 role: null @@ -92,7 +92,7 @@ values: metadata_fields: null name: subnet-detailed private_ip_google_access: false - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -106,7 +106,7 @@ values: log_config: [] name: simple private_ip_google_access: true - project: my-project + project: project-id region: europe-west4 role: null secondary_ip_range: [] @@ -118,7 +118,7 @@ values: log_config: [] name: simple private_ip_google_access: true - project: my-project + project: project-id region: europe-west8 role: null secondary_ip_range: [] @@ -129,7 +129,7 @@ values: - group:lorem@example.com - serviceAccount:fbz@prj.iam.gserviceaccount.com - user:foobar@example.com - project: my-project + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-detailed @@ -142,4 +142,4 @@ counts: modules: 1 resources: 10 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml b/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml index 7fd0f97bc7..6a9523396f 100644 --- a/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml +++ b/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml @@ -18,7 +18,7 @@ values: delete_default_routes_on_create: false description: Terraform-managed. name: my-network - project: my-project + project: project-id routing_mode: GLOBAL network_firewall_policy_enforcement_order: BEFORE_CLASSIC_FIREWALL module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: @@ -27,7 +27,7 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -41,11 +41,11 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west2 role: null secondary_ip_range: [] counts: google_compute_network: 1 - google_compute_subnetwork: 2 + google_compute_subnetwork: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/googleapis.yaml b/tests/modules/net_vpc/examples/googleapis.yaml index 6248db51e5..ba40ad8a5e 100644 --- a/tests/modules/net_vpc/examples/googleapis.yaml +++ b/tests/modules/net_vpc/examples/googleapis.yaml @@ -13,27 +13,30 @@ # limitations under the License. values: + module.vpc.google_compute_network.network[0]: + name: my-vpc + project: project-id module.vpc.google_compute_route.gateway["private-6-googleapis"]: - dest_range: 2600:2d00:0002:2000::/64 + dest_range: 2600:2d00:2:2000::/64 name: my-vpc-private-6-googleapis next_hop_gateway: default-internet-gateway next_hop_ilb: null next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc.google_compute_route.gateway["restricted-6-googleapis"]: - dest_range: 2600:2d00:0002:1000::/64 + dest_range: 2600:2d00:2:1000::/64 name: my-vpc-restricted-6-googleapis next_hop_gateway: default-internet-gateway next_hop_ilb: null next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null counts: google_compute_network: 1 - google_compute_route: 2 + google_compute_route: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/ipv6.yaml b/tests/modules/net_vpc/examples/ipv6.yaml index 3d98c45d55..267a24b759 100644 --- a/tests/modules/net_vpc/examples/ipv6.yaml +++ b/tests/modules/net_vpc/examples/ipv6.yaml @@ -18,10 +18,10 @@ values: delete_default_routes_on_create: false description: Terraform-managed. enable_ula_internal_ipv6: true - internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48 + # internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48 name: my-network network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL - project: my-project + project: project-id routing_mode: GLOBAL timeouts: null module.vpc.google_compute_route.gateway["private-googleapis"]: @@ -33,7 +33,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -45,7 +45,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test"]: @@ -55,7 +55,7 @@ values: log_config: [] name: test private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] @@ -68,7 +68,7 @@ values: log_config: [] name: test private_ip_google_access: true - project: my-project + project: project-id region: europe-west3 role: null secondary_ip_range: [] @@ -82,4 +82,4 @@ counts: modules: 1 resources: 5 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml index cf32912df2..83f94d4dd1 100644 --- a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml +++ b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml @@ -15,13 +15,13 @@ values: module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]: description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB. ip_cidr_range: 10.0.1.0/24 log_config: [] name: regional-proxy - project: my-project + project: project-id purpose: REGIONAL_MANAGED_PROXY region: europe-west1 role: ACTIVE @@ -30,7 +30,7 @@ values: ip_cidr_range: 10.0.4.0/24 log_config: [] name: global-proxy - project: my-project + project: project-id purpose: GLOBAL_MANAGED_PROXY region: australia-southeast2 role: ACTIVE @@ -39,11 +39,11 @@ values: ip_cidr_range: 10.0.3.0/24 log_config: [] name: psc - project: my-project + project: project-id purpose: PRIVATE_SERVICE_CONNECT region: europe-west1 role: null counts: google_compute_network: 1 - google_compute_subnetwork: 3 + google_compute_subnetwork: 3 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/psa-routes.yaml b/tests/modules/net_vpc/examples/psa-routes.yaml index fe2697813f..efbcb2da7c 100644 --- a/tests/modules/net_vpc/examples/psa-routes.yaml +++ b/tests/modules/net_vpc/examples/psa-routes.yaml @@ -18,21 +18,21 @@ values: address_type: INTERNAL name: myrange prefix_length: 24 - project: my-project + project: project-id purpose: VPC_PEERING module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id routing_mode: GLOBAL module.vpc.google_compute_network_peering_routes_config.psa_routes[0]: export_custom_routes: true import_custom_routes: true - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: ip_cidr_range: 10.0.0.0/24 name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 secondary_ip_range: [] module.vpc.google_service_networking_connection.psa_connection[0]: @@ -42,7 +42,7 @@ values: module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]: dns_suffix: gcp.example.com. name: gcp-example-com - project: my-project + project: project-id service: servicenetworking.googleapis.com counts: @@ -51,4 +51,4 @@ counts: google_compute_network_peering_routes_config: 1 google_compute_subnetwork: 1 google_service_networking_connection: 1 - google_service_networking_peered_dns_domain: 1 + google_service_networking_peered_dns_domain: 1 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/psa.yaml b/tests/modules/net_vpc/examples/psa.yaml index 695678c47a..6af1a1d52a 100644 --- a/tests/modules/net_vpc/examples/psa.yaml +++ b/tests/modules/net_vpc/examples/psa.yaml @@ -18,19 +18,19 @@ values: address_type: INTERNAL name: myrange prefix_length: 24 - project: my-project + project: project-id purpose: VPC_PEERING module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_network_peering_routes_config.psa_routes[0]: export_custom_routes: false import_custom_routes: false - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: ip_cidr_range: 10.0.0.0/24 name: production - project: my-project + project: project-id module.vpc.google_service_networking_connection.psa_connection[0]: reserved_peering_ranges: - myrange @@ -43,4 +43,4 @@ counts: google_compute_subnetwork: 1 google_service_networking_connection: 1 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/routes.yaml b/tests/modules/net_vpc/examples/routes.yaml index 24f356f4dc..e52b909a49 100644 --- a/tests/modules/net_vpc/examples/routes.yaml +++ b/tests/modules/net_vpc/examples/routes.yaml @@ -15,7 +15,7 @@ values: module.vpc["gateway"].google_compute_network.network[0]: name: my-network-with-route-gateway - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["gateway"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -26,7 +26,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["gateway"].google_compute_route.gateway["next-hop"]: @@ -38,11 +38,11 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["ilb"].google_compute_network.network[0]: name: my-network-with-route-ilb - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["ilb"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -53,7 +53,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["ilb"].google_compute_route.ilb["next-hop"]: @@ -65,11 +65,11 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["instance"].google_compute_network.network[0]: name: my-network-with-route-instance - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["instance"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -80,7 +80,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["instance"].google_compute_route.instance["next-hop"]: @@ -93,11 +93,11 @@ values: next_hop_instance_zone: europe-west1-b next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["ip"].google_compute_network.network[0]: name: my-network-with-route-ip - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["ip"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -108,7 +108,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["ip"].google_compute_route.ip["next-hop"]: @@ -121,11 +121,11 @@ values: next_hop_ip: 192.168.0.128 next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["vpn_tunnel"].google_compute_network.network[0]: name: my-network-with-route-vpn-tunnel - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -136,7 +136,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]: @@ -148,9 +148,9 @@ values: next_hop_instance: null next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo priority: 1000 - project: my-project + project: project-id tags: null counts: google_compute_network: 5 - google_compute_route: 10 + google_compute_route: 10 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/shared-vpc.yaml b/tests/modules/net_vpc/examples/shared-vpc.yaml index 5f1b9d5ae6..63ba34447d 100644 --- a/tests/modules/net_vpc/examples/shared-vpc.yaml +++ b/tests/modules/net_vpc/examples/shared-vpc.yaml @@ -15,15 +15,14 @@ values: module.vpc-host.google_compute_network.network[0]: name: my-host-network - project: my-project + project: project-id module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]: - project: my-project - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]: - host_project: my-project - service_project: project1 - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]: - host_project: my-project - service_project: project2 + project: project-id + module.service-project.google_project.project[0]: + project_id: test-prj1 + module.vpc-host.google_compute_shared_vpc_service_project.service_projects["test-prj1"]: + host_project: project-id + service_project: test-prj1 module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: secondary_ip_range: - ip_cidr_range: 172.16.0.0/20 @@ -33,24 +32,26 @@ values: module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]: condition: [] members: - - serviceAccount:cloudsvc - - serviceAccount:gke - project: my-project + - serviceAccount:service_account_email + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-1 module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]: condition: [] members: - - serviceAccount:gke - project: my-project + - serviceAccount:service_account_email + project: project-id region: europe-west1 role: roles/compute.securityAdmin subnetwork: subnet-1 + counts: google_compute_network: 1 + google_compute_route: 2 google_compute_shared_vpc_host_project: 1 - google_compute_shared_vpc_service_project: 2 + google_compute_shared_vpc_service_project: 1 google_compute_subnetwork: 1 google_compute_subnetwork_iam_binding: 2 + modules: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/simple.yaml b/tests/modules/net_vpc/examples/simple.yaml index 2a5b1ee299..95e29f2e7e 100644 --- a/tests/modules/net_vpc/examples/simple.yaml +++ b/tests/modules/net_vpc/examples/simple.yaml @@ -18,7 +18,7 @@ values: delete_default_routes_on_create: false description: Terraform-managed. name: my-network - project: my-project + project: project-id routing_mode: GLOBAL module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: description: Terraform-managed. @@ -26,7 +26,7 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -40,7 +40,7 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west2 role: null secondary_ip_range: [] @@ -52,7 +52,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -64,11 +64,11 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null counts: google_compute_network: 1 google_compute_subnetwork: 2 - google_compute_route: 2 + google_compute_route: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/subnet-iam.yaml b/tests/modules/net_vpc/examples/subnet-iam.yaml index 1b925f48e2..8e15383734 100644 --- a/tests/modules/net_vpc/examples/subnet-iam.yaml +++ b/tests/modules/net_vpc/examples/subnet-iam.yaml @@ -20,7 +20,7 @@ values: enable_ula_internal_ipv6: null name: my-network network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL - project: my-project + project: project-id routing_mode: GLOBAL timeouts: null module.vpc.google_compute_route.gateway["private-googleapis"]: @@ -32,7 +32,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -44,7 +44,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: @@ -54,19 +54,19 @@ values: log_config: [] name: subnet-1 private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] timeouts: null module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]: description: Terraform-managed. - ip_cidr_range: 10.0.1.0/24 + ip_cidr_range: 10.0.2.0/24 ipv6_access_type: null log_config: [] name: subnet-2 private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] @@ -74,9 +74,8 @@ values: module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]: condition: [] members: - - group:group1@example.com - - user:user1@example.com - project: my-project + - group:organization-admins@example.org + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-1 @@ -86,15 +85,15 @@ values: expression: resource.matchTag('123456789012/env', 'prod') title: test_condition members: - - group:group2@example.com - project: my-project + - group:organization-admins@example.org + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-1 module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]: condition: [] - member: user:am1@example.com - project: my-project + member: group:organization-admins@example.org + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-2 @@ -108,4 +107,4 @@ counts: modules: 1 resources: 8 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/subnet-options.yaml b/tests/modules/net_vpc/examples/subnet-options.yaml index e3cea5ca64..9fd35fa5a1 100644 --- a/tests/modules/net_vpc/examples/subnet-options.yaml +++ b/tests/modules/net_vpc/examples/subnet-options.yaml @@ -15,14 +15,14 @@ values: module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]: description: Subnet b ip_cidr_range: 10.0.1.0/24 log_config: [] name: no-pga private_ip_google_access: false - project: my-project + project: project-id region: europe-west1 secondary_ip_range: [] module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]: @@ -31,7 +31,7 @@ values: log_config: [] name: simple private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 secondary_ip_range: [] module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]: @@ -46,7 +46,7 @@ values: metadata_fields: null name: with-flow-logs private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] @@ -56,7 +56,7 @@ values: log_config: [] name: with-secondary-ranges private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -67,4 +67,4 @@ values: counts: google_compute_network: 1 - google_compute_subnetwork: 4 + google_compute_subnetwork: 4 \ No newline at end of file