From 4e4e715a03f53d97f504b689f2a78daeaf11caeb Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 3 Aug 2022 08:59:29 +0200 Subject: [PATCH 1/3] add region trigram variable --- fast/stages/02-networking-nva/README.md | 7 ++++--- fast/stages/02-networking-nva/variables.tf | 9 +++++++++ fast/stages/02-networking-peering/README.md | 7 ++++--- fast/stages/02-networking-peering/main.tf | 4 ---- fast/stages/02-networking-peering/spoke-dev.tf | 2 +- fast/stages/02-networking-peering/spoke-prod.tf | 2 +- fast/stages/02-networking-peering/variables.tf | 9 +++++++++ fast/stages/02-networking-vpn/README.md | 8 +++++--- fast/stages/02-networking-vpn/main.tf | 4 ---- fast/stages/02-networking-vpn/spoke-dev.tf | 2 +- fast/stages/02-networking-vpn/spoke-prod.tf | 2 +- fast/stages/02-networking-vpn/variables.tf | 9 +++++++++ tests/fast/stages/s02_networking_peering/fixture/main.tf | 5 +++++ tests/fast/stages/s02_networking_vpn/fixture/main.tf | 5 +++++ 14 files changed, 54 insertions(+), 21 deletions(-) diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md index 9f17f99742..706f89f1c1 100644 --- a/fast/stages/02-networking-nva/README.md +++ b/fast/stages/02-networking-nva/README.md @@ -377,9 +377,10 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [onprem_cidr](variables.tf#L107) | Onprem addresses in name => range format. | map(string) | | {…} | | | [outputs_location](variables.tf#L125) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | | [psa_ranges](variables.tf#L142) | IP ranges used for Private Service Access (e.g. CloudSQL). | object({…}) | | null | | -| [router_configs](variables.tf#L183) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | -| [service_accounts](variables.tf#L206) | Automation service accounts in name => email format. | object({…}) | | null | 01-resman | -| [vpn_onprem_configs](variables.tf#L218) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| [region_trigram](variables.tf#L183) | Short names for GCP regions. | map(string) | | {…} | | +| [router_configs](variables.tf#L192) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | +| [service_accounts](variables.tf#L215) | Automation service accounts in name => email format. | object({…}) | | null | 01-resman | +| [vpn_onprem_configs](variables.tf#L227) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | ## Outputs diff --git a/fast/stages/02-networking-nva/variables.tf b/fast/stages/02-networking-nva/variables.tf index bc06729bcb..b0d844b391 100644 --- a/fast/stages/02-networking-nva/variables.tf +++ b/fast/stages/02-networking-nva/variables.tf @@ -180,6 +180,15 @@ variable "psa_ranges" { # } } +variable "region_trigram" { + description = "Short names for GCP regions." + type = map(string) + default = { + europe-west1 = "ew1" + europe-west3 = "ew3" + } +} + variable "router_configs" { description = "Configurations for CRs and onprem routers." type = map(object({ diff --git a/fast/stages/02-networking-peering/README.md b/fast/stages/02-networking-peering/README.md index 626af1b8ba..3dfbabe943 100644 --- a/fast/stages/02-networking-peering/README.md +++ b/fast/stages/02-networking-peering/README.md @@ -301,9 +301,10 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [outputs_location](variables.tf#L112) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | | [peering_configs](variables-peerings.tf#L19) | Peering configurations. | map(object({…})) | | {…} | | | [psa_ranges](variables.tf#L129) | IP ranges used for Private Service Access (e.g. CloudSQL). | object({…}) | | null | | -| [router_onprem_configs](variables.tf#L166) | Configurations for routers used for onprem connectivity. | map(object({…})) | | {…} | | -| [service_accounts](variables.tf#L184) | Automation service accounts in name => email format. | object({…}) | | null | 01-resman | -| [vpn_onprem_configs](variables.tf#L196) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| [region_trigram](variables.tf#L166) | Short names for GCP regions. | map(string) | | {…} | | +| [router_onprem_configs](variables.tf#L175) | Configurations for routers used for onprem connectivity. | map(object({…})) | | {…} | | +| [service_accounts](variables.tf#L193) | Automation service accounts in name => email format. | object({…}) | | null | 01-resman | +| [vpn_onprem_configs](variables.tf#L205) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | ## Outputs diff --git a/fast/stages/02-networking-peering/main.tf b/fast/stages/02-networking-peering/main.tf index 9e013fd178..ba25bdb194 100644 --- a/fast/stages/02-networking-peering/main.tf +++ b/fast/stages/02-networking-peering/main.tf @@ -25,10 +25,6 @@ locals { name = "${env}-l7ilb-${s.region}" })] } - region_trigram = { - europe-west1 = "ew1" - europe-west3 = "ew3" - } stage3_sas_delegated_grants = [ "roles/composer.sharedVpcAgent", "roles/compute.networkUser", diff --git a/fast/stages/02-networking-peering/spoke-dev.tf b/fast/stages/02-networking-peering/spoke-dev.tf index a65c71cec9..42ae5b73b6 100644 --- a/fast/stages/02-networking-peering/spoke-dev.tf +++ b/fast/stages/02-networking-peering/spoke-dev.tf @@ -91,7 +91,7 @@ module "dev-spoke-cloudnat" { source = "../../../modules/net-cloudnat" project_id = module.dev-spoke-project.project_id region = each.value - name = "dev-nat-${local.region_trigram[each.value]}" + name = "dev-nat-${var.region_trigram[each.value]}" router_create = true router_network = module.dev-spoke-vpc.name router_asn = 4200001024 diff --git a/fast/stages/02-networking-peering/spoke-prod.tf b/fast/stages/02-networking-peering/spoke-prod.tf index 6856df96dc..461156433b 100644 --- a/fast/stages/02-networking-peering/spoke-prod.tf +++ b/fast/stages/02-networking-peering/spoke-prod.tf @@ -91,7 +91,7 @@ module "prod-spoke-cloudnat" { source = "../../../modules/net-cloudnat" project_id = module.prod-spoke-project.project_id region = each.value - name = "prod-nat-${local.region_trigram[each.value]}" + name = "prod-nat-${var.region_trigram[each.value]}" router_create = true router_network = module.prod-spoke-vpc.name router_asn = 4200001024 diff --git a/fast/stages/02-networking-peering/variables.tf b/fast/stages/02-networking-peering/variables.tf index 60bd8be1d3..f1cc25dc6b 100644 --- a/fast/stages/02-networking-peering/variables.tf +++ b/fast/stages/02-networking-peering/variables.tf @@ -163,6 +163,15 @@ variable "psa_ranges" { # } } +variable "region_trigram" { + description = "Short names for GCP regions." + type = map(string) + default = { + europe-west1 = "ew1" + europe-west3 = "ew3" + } +} + variable "router_onprem_configs" { description = "Configurations for routers used for onprem connectivity." type = map(object({ diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md index a1de758c15..979b65f650 100644 --- a/fast/stages/02-networking-vpn/README.md +++ b/fast/stages/02-networking-vpn/README.md @@ -296,6 +296,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns | | | [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | | [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | +| [ludo-vms.tf](./ludo-vms.tf) | None | compute-vm | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder | | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | | [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file | @@ -325,10 +326,11 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [l7ilb_subnets](variables.tf#L84) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | | [outputs_location](variables.tf#L112) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | | [psa_ranges](variables.tf#L129) | IP ranges used for Private Service Access (e.g. CloudSQL). | object({…}) | | null | | -| [router_onprem_configs](variables.tf#L166) | Configurations for routers used for onprem connectivity. | map(object({…})) | | {…} | | +| [region_trigram](variables.tf#L166) | Short names for GCP regions. | map(string) | | {…} | | +| [router_onprem_configs](variables.tf#L175) | Configurations for routers used for onprem connectivity. | map(object({…})) | | {…} | | | [router_spoke_configs](variables-vpn.tf#L18) | Configurations for routers used for internal connectivity. | map(object({…})) | | {…} | | -| [service_accounts](variables.tf#L184) | Automation service accounts in name => email format. | object({…}) | | null | 01-resman | -| [vpn_onprem_configs](variables.tf#L196) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| [service_accounts](variables.tf#L193) | Automation service accounts in name => email format. | object({…}) | | null | 01-resman | +| [vpn_onprem_configs](variables.tf#L205) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | | [vpn_spoke_configs](variables-vpn.tf#L37) | VPN gateway configuration for spokes. | map(object({…})) | | {…} | | ## Outputs diff --git a/fast/stages/02-networking-vpn/main.tf b/fast/stages/02-networking-vpn/main.tf index 9e013fd178..ba25bdb194 100644 --- a/fast/stages/02-networking-vpn/main.tf +++ b/fast/stages/02-networking-vpn/main.tf @@ -25,10 +25,6 @@ locals { name = "${env}-l7ilb-${s.region}" })] } - region_trigram = { - europe-west1 = "ew1" - europe-west3 = "ew3" - } stage3_sas_delegated_grants = [ "roles/composer.sharedVpcAgent", "roles/compute.networkUser", diff --git a/fast/stages/02-networking-vpn/spoke-dev.tf b/fast/stages/02-networking-vpn/spoke-dev.tf index a65c71cec9..42ae5b73b6 100644 --- a/fast/stages/02-networking-vpn/spoke-dev.tf +++ b/fast/stages/02-networking-vpn/spoke-dev.tf @@ -91,7 +91,7 @@ module "dev-spoke-cloudnat" { source = "../../../modules/net-cloudnat" project_id = module.dev-spoke-project.project_id region = each.value - name = "dev-nat-${local.region_trigram[each.value]}" + name = "dev-nat-${var.region_trigram[each.value]}" router_create = true router_network = module.dev-spoke-vpc.name router_asn = 4200001024 diff --git a/fast/stages/02-networking-vpn/spoke-prod.tf b/fast/stages/02-networking-vpn/spoke-prod.tf index 6856df96dc..461156433b 100644 --- a/fast/stages/02-networking-vpn/spoke-prod.tf +++ b/fast/stages/02-networking-vpn/spoke-prod.tf @@ -91,7 +91,7 @@ module "prod-spoke-cloudnat" { source = "../../../modules/net-cloudnat" project_id = module.prod-spoke-project.project_id region = each.value - name = "prod-nat-${local.region_trigram[each.value]}" + name = "prod-nat-${var.region_trigram[each.value]}" router_create = true router_network = module.prod-spoke-vpc.name router_asn = 4200001024 diff --git a/fast/stages/02-networking-vpn/variables.tf b/fast/stages/02-networking-vpn/variables.tf index 60bd8be1d3..f1cc25dc6b 100644 --- a/fast/stages/02-networking-vpn/variables.tf +++ b/fast/stages/02-networking-vpn/variables.tf @@ -163,6 +163,15 @@ variable "psa_ranges" { # } } +variable "region_trigram" { + description = "Short names for GCP regions." + type = map(string) + default = { + europe-west1 = "ew1" + europe-west3 = "ew3" + } +} + variable "router_onprem_configs" { description = "Configurations for routers used for onprem connectivity." type = map(object({ diff --git a/tests/fast/stages/s02_networking_peering/fixture/main.tf b/tests/fast/stages/s02_networking_peering/fixture/main.tf index 4204095901..33011e3db8 100644 --- a/tests/fast/stages/s02_networking_peering/fixture/main.tf +++ b/tests/fast/stages/s02_networking_peering/fixture/main.tf @@ -32,6 +32,11 @@ module "stage" { networking-dev = null networking-prod = null } + region_trigram = { + europe-west1 = "ew1" + europe-west3 = "ew3" + europe-west8 = "ew8" + } service_accounts = { data-platform-dev = "string" data-platform-prod = "string" diff --git a/tests/fast/stages/s02_networking_vpn/fixture/main.tf b/tests/fast/stages/s02_networking_vpn/fixture/main.tf index 6d7b8840fc..57d2eabbdc 100644 --- a/tests/fast/stages/s02_networking_vpn/fixture/main.tf +++ b/tests/fast/stages/s02_networking_vpn/fixture/main.tf @@ -32,6 +32,11 @@ module "stage" { networking-dev = null networking-prod = null } + region_trigram = { + europe-west1 = "ew1" + europe-west3 = "ew3" + europe-west8 = "ew8" + } service_accounts = { data-platform-dev = "string" data-platform-prod = "string" From 8132a7b4974d5e516619f2328fce5c8a4039cb46 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 3 Aug 2022 09:06:57 +0200 Subject: [PATCH 2/3] debug check documentation --- .github/workflows/linting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 61b0b0ce50..19103a60ce 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -56,7 +56,7 @@ jobs: - name: Check documentation (fabric) id: documentation-fabric run: | - python3 tools/check_documentation.py examples modules fast + python3 tools/check_documentation.py --show-diffs examples modules fast - name: Check documentation links (fabric) id: documentation-links-fabric From e327cad9f31c7b7f11e26c0182ae5f83915e25d0 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 3 Aug 2022 09:09:34 +0200 Subject: [PATCH 3/3] fix linting --- .github/workflows/linting.yml | 2 +- fast/stages/02-networking-vpn/README.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 19103a60ce..61b0b0ce50 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -56,7 +56,7 @@ jobs: - name: Check documentation (fabric) id: documentation-fabric run: | - python3 tools/check_documentation.py --show-diffs examples modules fast + python3 tools/check_documentation.py examples modules fast - name: Check documentation links (fabric) id: documentation-links-fabric diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md index 979b65f650..043d8ff112 100644 --- a/fast/stages/02-networking-vpn/README.md +++ b/fast/stages/02-networking-vpn/README.md @@ -296,7 +296,6 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns | | | [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | | [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | -| [ludo-vms.tf](./ludo-vms.tf) | None | compute-vm | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder | | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | | [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |