diff --git a/blueprints/README.md b/blueprints/README.md
index 75e2d21e5f..b9851bde99 100644
--- a/blueprints/README.md
+++ b/blueprints/README.md
@@ -9,7 +9,7 @@ Currently available blueprints:
- **data solutions** - [GCE and GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion), [Data Platform](./data-solutions/data-platform-foundations), [Minimal Data Platform](./data-solutions/data-platform-minimal), [Spinning up a foundation data pipeline on Google Cloud using Cloud Storage, Dataflow and BigQuery](./data-solutions/gcs-to-bq-with-least-privileges), [#SQL Server Always On Groups blueprint](./data-solutions/sqlserver-alwayson), [Data Playground](./data-solutions/data-playground), [MLOps with Vertex AI](./data-solutions/vertex-mlops), [Shielded Folder](./data-solutions/shielded-folder), [BigQuery ML and Vertex AI Pipeline](./data-solutions/bq-ml)
- **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory)
- **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot)
-- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [Network filtering with Squid](./networking/filtering-proxy), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), [Network filtering with Squid with isolated VPCs using Private Service Connect](./networking/filtering-proxy-psc), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
+- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
- **serverless** - [Cloud Run series](./serverless/cloud-run-explore)
- **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun)
diff --git a/blueprints/networking/README.md b/blueprints/networking/README.md
index 40660022d9..9dca3f97ff 100644
--- a/blueprints/networking/README.md
+++ b/blueprints/networking/README.md
@@ -73,14 +73,14 @@ The emulated on-premises environment can be used to test access to different ser
--->
-
### Network filtering with Squid
This [blueprint](./filtering-proxy/) how to deploy a filtering HTTP proxy to restrict Internet access, in a simplified setup using a VPC with two subnets and a Cloud DNS zone, and an optional MIG for scaling.
+-->
+
### Shared VPC with GKE and per-subnet support
This [blueprint](./shared-vpc-gke/) shows how to configure a Shared VPC, including the specific IAM configurations needed for GKE, and to give different level of access to the VPC subnets to different identities.
diff --git a/blueprints/networking/__need_fixing/README.md b/blueprints/networking/__need_fixing/README.md
index 21d3e67413..44a0006d79 100644
--- a/blueprints/networking/__need_fixing/README.md
+++ b/blueprints/networking/__need_fixing/README.md
@@ -3,3 +3,4 @@
The blueprints in this folder are either deprecated or need work on them.
- nginx reverse proxy cluster needs tests and resolving a cycle
+- filtering-proxy needs upstream `cloud-config-container/__need_fixing/squid` to be fixed
diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/__need_fixing/filtering-proxy-psc/README.md
similarity index 97%
rename from blueprints/networking/filtering-proxy-psc/README.md
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/README.md
index dd9f058582..db5149bc3a 100644
--- a/blueprints/networking/filtering-proxy-psc/README.md
+++ b/blueprints/networking/__need_fixing/filtering-proxy-psc/README.md
@@ -29,10 +29,9 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each
## Test
-
```hcl
module "test" {
- source = "./fabric/blueprints/networking/filtering-proxy-psc"
+ source = "./fabric/blueprints/networking/__need_fixing/filtering-proxy-psc"
prefix = "fabric"
project_create = {
billing_account = "123456-ABCDEF-123456"
diff --git a/blueprints/networking/filtering-proxy-psc/consumer.tf b/blueprints/networking/__need_fixing/filtering-proxy-psc/consumer.tf
similarity index 95%
rename from blueprints/networking/filtering-proxy-psc/consumer.tf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/consumer.tf
index 08f5b41386..38849ee062 100644
--- a/blueprints/networking/filtering-proxy-psc/consumer.tf
+++ b/blueprints/networking/__need_fixing/filtering-proxy-psc/consumer.tf
@@ -19,7 +19,7 @@
###############################################################################
module "vpc-consumer" {
- source = "../../../modules/net-vpc"
+ source = "../../../../modules/net-vpc"
project_id = module.project.project_id
name = "${var.prefix}-app"
subnets = [
@@ -36,7 +36,7 @@ module "vpc-consumer" {
###############################################################################
module "test-vm-consumer" {
- source = "../../../modules/compute-vm"
+ source = "../../../../modules/compute-vm"
project_id = module.project.project_id
zone = "${var.region}-b"
name = "${var.prefix}-test-vm"
@@ -83,7 +83,7 @@ resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
###############################################################################
module "private-dns" {
- source = "../../../modules/dns"
+ source = "../../../../modules/dns"
project_id = module.project.project_id
name = "${var.prefix}-internal"
zone_config = {
@@ -99,7 +99,7 @@ module "private-dns" {
}
module "firewall-consumer" {
- source = "../../../modules/net-vpc-firewall"
+ source = "../../../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc-consumer.name
}
diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/__need_fixing/filtering-proxy-psc/main.tf
similarity index 92%
rename from blueprints/networking/filtering-proxy-psc/main.tf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/main.tf
index 6908197fe3..ed35be3a99 100644
--- a/blueprints/networking/filtering-proxy-psc/main.tf
+++ b/blueprints/networking/__need_fixing/filtering-proxy-psc/main.tf
@@ -19,7 +19,7 @@
###############################################################################
module "project" {
- source = "../../../modules/project"
+ source = "../../../../modules/project"
project_create = var.project_create != null
billing_account = try(var.project_create.billing_account, null)
parent = try(var.project_create.parent, null)
@@ -33,7 +33,7 @@ module "project" {
}
module "vpc" {
- source = "../../../modules/net-vpc"
+ source = "../../../../modules/net-vpc"
project_id = module.project.project_id
name = "${var.prefix}-vpc"
subnets = [
@@ -53,7 +53,7 @@ module "vpc" {
}
module "firewall" {
- source = "../../../modules/net-vpc-firewall"
+ source = "../../../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc.name
ingress_rules = {
@@ -73,7 +73,7 @@ module "firewall" {
}
module "nat" {
- source = "../../../modules/net-cloudnat"
+ source = "../../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
name = "default"
@@ -118,7 +118,7 @@ resource "google_compute_service_attachment" "service_attachment" {
###############################################################################
module "service-account-squid" {
- source = "../../../modules/iam-service-account"
+ source = "../../../../modules/iam-service-account"
project_id = module.project.project_id
name = "svc-squid"
iam_project_roles = {
@@ -130,7 +130,7 @@ module "service-account-squid" {
}
module "cos-squid" {
- source = "../../../modules/cloud-config-container/squid"
+ source = "../../../../modules/cloud-config-container/__need_fixing/squid"
allow = var.allowed_domains
clients = [var.cidrs.app]
squid_config = "${path.module}/squid.conf"
@@ -140,7 +140,7 @@ module "cos-squid" {
}
module "squid-vm" {
- source = "../../../modules/compute-vm"
+ source = "../../../../modules/compute-vm"
project_id = module.project.project_id
zone = "${var.region}-b"
name = "squid-vm"
@@ -165,7 +165,7 @@ module "squid-vm" {
}
module "squid-mig" {
- source = "../../../modules/compute-mig"
+ source = "../../../../modules/compute-mig"
project_id = module.project.project_id
location = "${var.region}-b"
name = "squid-mig"
@@ -202,7 +202,7 @@ module "squid-mig" {
}
module "squid-ilb" {
- source = "../../../modules/net-lb-int"
+ source = "../../../../modules/net-lb-int"
project_id = module.project.project_id
region = var.region
name = "squid-ilb"
diff --git a/blueprints/networking/filtering-proxy-psc/squid.conf b/blueprints/networking/__need_fixing/filtering-proxy-psc/squid.conf
similarity index 100%
rename from blueprints/networking/filtering-proxy-psc/squid.conf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/squid.conf
diff --git a/blueprints/networking/filtering-proxy-psc/startup.sh b/blueprints/networking/__need_fixing/filtering-proxy-psc/startup.sh
similarity index 100%
rename from blueprints/networking/filtering-proxy-psc/startup.sh
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/startup.sh
diff --git a/blueprints/networking/filtering-proxy-psc/variables.tf b/blueprints/networking/__need_fixing/filtering-proxy-psc/variables.tf
similarity index 100%
rename from blueprints/networking/filtering-proxy-psc/variables.tf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/variables.tf
diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/__need_fixing/filtering-proxy/README.md
similarity index 95%
rename from blueprints/networking/filtering-proxy/README.md
rename to blueprints/networking/__need_fixing/filtering-proxy/README.md
index 70dcf6df5b..b2c1d38ef0 100644
--- a/blueprints/networking/filtering-proxy/README.md
+++ b/blueprints/networking/__need_fixing/filtering-proxy/README.md
@@ -41,7 +41,7 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c
```hcl
module "test1" {
- source = "./fabric/blueprints/networking/filtering-proxy"
+ source = "./fabric/blueprints/networking/__need_fixing/filtering-proxy"
billing_account = "123456-123456-123456"
mig = true
prefix = "fabric"
@@ -52,7 +52,7 @@ module "test1" {
```hcl
module "test2" {
- source = "./fabric/blueprints/networking/filtering-proxy"
+ source = "./fabric/blueprints/networking/__need_fixing/filtering-proxy"
billing_account = "123456-123456-123456"
mig = false
prefix = "fabric"
diff --git a/blueprints/networking/filtering-proxy/main.tf b/blueprints/networking/__need_fixing/filtering-proxy/main.tf
similarity index 90%
rename from blueprints/networking/filtering-proxy/main.tf
rename to blueprints/networking/__need_fixing/filtering-proxy/main.tf
index 107ca1f785..d8036cb243 100644
--- a/blueprints/networking/filtering-proxy/main.tf
+++ b/blueprints/networking/__need_fixing/filtering-proxy/main.tf
@@ -27,7 +27,7 @@ locals {
###############################################################################
module "folder-netops" {
- source = "../../../modules/folder"
+ source = "../../../../modules/folder"
parent = var.root_node
name = "netops"
}
@@ -37,7 +37,7 @@ module "folder-netops" {
###############################################################################
module "project-host" {
- source = "../../../modules/project"
+ source = "../../../../modules/project"
billing_account = var.billing_account
name = "host"
parent = module.folder-netops.id
@@ -53,7 +53,7 @@ module "project-host" {
}
module "vpc" {
- source = "../../../modules/net-vpc"
+ source = "../../../../modules/net-vpc"
project_id = module.project-host.project_id
name = "vpc"
subnets = [
@@ -71,7 +71,7 @@ module "vpc" {
}
module "firewall" {
- source = "../../../modules/net-vpc-firewall"
+ source = "../../../../modules/net-vpc-firewall"
project_id = module.project-host.project_id
network = module.vpc.name
ingress_rules = {
@@ -91,7 +91,7 @@ module "firewall" {
}
module "nat" {
- source = "../../../modules/net-cloudnat"
+ source = "../../../../modules/net-cloudnat"
project_id = module.project-host.project_id
region = var.region
name = "default"
@@ -114,7 +114,7 @@ module "nat" {
}
module "private-dns" {
- source = "../../../modules/dns"
+ source = "../../../../modules/dns"
project_id = module.project-host.project_id
name = "internal"
zone_config = {
@@ -134,7 +134,7 @@ module "private-dns" {
###############################################################################
module "service-account-squid" {
- source = "../../../modules/iam-service-account"
+ source = "../../../../modules/iam-service-account"
project_id = module.project-host.project_id
name = "svc-squid"
iam_project_roles = {
@@ -146,13 +146,13 @@ module "service-account-squid" {
}
module "cos-squid" {
- source = "../../../modules/cloud-config-container/squid"
+ source = "../../../../modules/cloud-config-container/__need_fixing/squid"
allow = var.allowed_domains
clients = [var.cidrs.apps]
}
module "squid-vm" {
- source = "../../../modules/compute-vm"
+ source = "../../../../modules/compute-vm"
project_id = module.project-host.project_id
zone = "${var.region}-b"
name = "squid-vm"
@@ -177,7 +177,7 @@ module "squid-vm" {
module "squid-mig" {
count = var.mig ? 1 : 0
- source = "../../../modules/compute-mig"
+ source = "../../../../modules/compute-mig"
project_id = module.project-host.project_id
location = "${var.region}-b"
name = "squid-mig"
@@ -206,7 +206,7 @@ module "squid-mig" {
module "squid-ilb" {
count = var.mig ? 1 : 0
- source = "../../../modules/net-lb-int"
+ source = "../../../../modules/net-lb-int"
project_id = module.project-host.project_id
region = var.region
name = "squid-ilb"
@@ -236,7 +236,7 @@ module "squid-ilb" {
###############################################################################
module "folder-apps" {
- source = "../../../modules/folder"
+ source = "../../../../modules/folder"
parent = var.root_node
name = "apps"
org_policies = {
@@ -248,7 +248,7 @@ module "folder-apps" {
}
module "project-app" {
- source = "../../../modules/project"
+ source = "../../../../modules/project"
billing_account = var.billing_account
name = "app1"
parent = module.folder-apps.id
@@ -263,7 +263,7 @@ module "project-app" {
}
module "test-vm" {
- source = "../../../modules/compute-vm"
+ source = "../../../../modules/compute-vm"
project_id = module.project-app.project_id
zone = "${var.region}-b"
name = "test-vm"
diff --git a/blueprints/networking/filtering-proxy/outputs.tf b/blueprints/networking/__need_fixing/filtering-proxy/outputs.tf
similarity index 100%
rename from blueprints/networking/filtering-proxy/outputs.tf
rename to blueprints/networking/__need_fixing/filtering-proxy/outputs.tf
diff --git a/blueprints/networking/filtering-proxy/squid.png b/blueprints/networking/__need_fixing/filtering-proxy/squid.png
similarity index 100%
rename from blueprints/networking/filtering-proxy/squid.png
rename to blueprints/networking/__need_fixing/filtering-proxy/squid.png
diff --git a/blueprints/networking/filtering-proxy/variables.tf b/blueprints/networking/__need_fixing/filtering-proxy/variables.tf
similarity index 100%
rename from blueprints/networking/filtering-proxy/variables.tf
rename to blueprints/networking/__need_fixing/filtering-proxy/variables.tf
diff --git a/modules/cloud-config-container/README.md b/modules/cloud-config-container/README.md
index 2307a76d62..d7017dcb77 100644
--- a/modules/cloud-config-container/README.md
+++ b/modules/cloud-config-container/README.md
@@ -14,7 +14,6 @@ These modules are designed for several use cases:
- [CoreDNS](./coredns)
- [MySQL](./mysql)
- [Nginx](./nginx)
-- [Squid forward proxy](./squid)
- On-prem in Docker (*needs fixing*)
## Using the modules
diff --git a/modules/cloud-config-container/squid/README.md b/modules/cloud-config-container/__need_fixing/squid/README.md
similarity index 97%
rename from modules/cloud-config-container/squid/README.md
rename to modules/cloud-config-container/__need_fixing/squid/README.md
index eceff67d32..dd0ac01b79 100644
--- a/modules/cloud-config-container/squid/README.md
+++ b/modules/cloud-config-container/__need_fixing/squid/README.md
@@ -14,7 +14,7 @@ Logging and monitoring are enabled via the [Google Cloud Logging agent](https://
The module renders the generated cloud config in the `cloud_config` output, to be used in instances or instance templates via the `user-data` metadata.
-For convenience during development or for simple use cases, the module can optionally manage a single instance via the `test_instance` variable. If the instance is not needed the `instance*tf` files can be safely removed. Refer to the [top-level README](../README.md) for more details on the included instance.
+For convenience during development or for simple use cases, the module can optionally manage a single instance via the `test_instance` variable. If the instance is not needed the `instance*tf` files can be safely removed. Refer to the [top-level README](../../README.md) for more details on the included instance.
## Examples
@@ -24,7 +24,7 @@ This example will create a `cloud-config` that allows any client in the 10.0.0.0
```hcl
module "cos-squid" {
- source = "./fabric/modules/cloud-config-container/squid"
+ source = "./fabric/modules/cloud-config-container/__need_fixing/squid"
allow = [".github.com"]
clients = ["10.0.0.0/8"]
}
diff --git a/modules/cloud-config-container/squid/cloud-config.yaml b/modules/cloud-config-container/__need_fixing/squid/cloud-config.yaml
similarity index 100%
rename from modules/cloud-config-container/squid/cloud-config.yaml
rename to modules/cloud-config-container/__need_fixing/squid/cloud-config.yaml
diff --git a/modules/cloud-config-container/squid/docker/Dockerfile b/modules/cloud-config-container/__need_fixing/squid/docker/Dockerfile
similarity index 100%
rename from modules/cloud-config-container/squid/docker/Dockerfile
rename to modules/cloud-config-container/__need_fixing/squid/docker/Dockerfile
diff --git a/modules/cloud-config-container/squid/docker/cloudbuild.yaml b/modules/cloud-config-container/__need_fixing/squid/docker/cloudbuild.yaml
similarity index 100%
rename from modules/cloud-config-container/squid/docker/cloudbuild.yaml
rename to modules/cloud-config-container/__need_fixing/squid/docker/cloudbuild.yaml
diff --git a/modules/cloud-config-container/squid/docker/entrypoint.sh b/modules/cloud-config-container/__need_fixing/squid/docker/entrypoint.sh
similarity index 100%
rename from modules/cloud-config-container/squid/docker/entrypoint.sh
rename to modules/cloud-config-container/__need_fixing/squid/docker/entrypoint.sh
diff --git a/modules/cloud-config-container/squid/main.tf b/modules/cloud-config-container/__need_fixing/squid/main.tf
similarity index 100%
rename from modules/cloud-config-container/squid/main.tf
rename to modules/cloud-config-container/__need_fixing/squid/main.tf
diff --git a/modules/cloud-config-container/squid/outputs.tf b/modules/cloud-config-container/__need_fixing/squid/outputs.tf
similarity index 100%
rename from modules/cloud-config-container/squid/outputs.tf
rename to modules/cloud-config-container/__need_fixing/squid/outputs.tf
diff --git a/modules/cloud-config-container/squid/squid.conf b/modules/cloud-config-container/__need_fixing/squid/squid.conf
similarity index 100%
rename from modules/cloud-config-container/squid/squid.conf
rename to modules/cloud-config-container/__need_fixing/squid/squid.conf
diff --git a/modules/cloud-config-container/squid/variables.tf b/modules/cloud-config-container/__need_fixing/squid/variables.tf
similarity index 100%
rename from modules/cloud-config-container/squid/variables.tf
rename to modules/cloud-config-container/__need_fixing/squid/variables.tf
diff --git a/modules/cloud-config-container/squid/versions.tf b/modules/cloud-config-container/__need_fixing/squid/versions.tf
similarity index 100%
rename from modules/cloud-config-container/squid/versions.tf
rename to modules/cloud-config-container/__need_fixing/squid/versions.tf