fix(examples/hub_spoke_common): fix broken example build (#101)

examples/hub_spoke_common/README.md

@@ -312,8 +312,8 @@ rm ~/.ssh/gcp-demo
 | <a name="module_bootstrap"></a> [bootstrap](#module\_bootstrap) | ../../modules/bootstrap/ | n/a |
 | <a name="module_iam_service_account"></a> [iam\_service\_account](#module\_iam\_service\_account) | ../../modules/iam_service_account/ | n/a |
 | <a name="module_lb_external"></a> [lb\_external](#module\_lb\_external) | ../../modules/lb_external/ | n/a |
-| <a name="module_lb_internal"></a> [lb\_internal](#module\_lb\_internal) | ../../modules/lb_internal | n/a |
-| <a name="module_spoke1_ilb"></a> [spoke1\_ilb](#module\_spoke1\_ilb) | ../../modules/lb_internal | n/a |
+| <a name="module_lb_internal"></a> [lb\_internal](#module\_lb\_internal) | ../../modules/lb_internal/ | n/a |
+| <a name="module_spoke1_ilb"></a> [spoke1\_ilb](#module\_spoke1\_ilb) | ../../modules/lb_internal/ | n/a |
 | <a name="module_vmseries"></a> [vmseries](#module\_vmseries) | ../../modules/vmseries | n/a |
 | <a name="module_vpc_mgmt"></a> [vpc\_mgmt](#module\_vpc\_mgmt) | terraform-google-modules/network/google | ~> 4.0 |
 | <a name="module_vpc_spoke1"></a> [vpc\_spoke1](#module\_vpc\_spoke1) | terraform-google-modules/network/google | ~> 4.0 |
@@ -355,6 +355,7 @@ rm ~/.ssh/gcp-demo
 | <a name="input_spoke_vm_image"></a> [spoke\_vm\_image](#input\_spoke\_vm\_image) | The image path for the compute instances deployed in the spoke networks. | `string` | `"ubuntu-os-cloud/ubuntu-2004-lts"` | no |
 | <a name="input_spoke_vm_scopes"></a> [spoke\_vm\_scopes](#input\_spoke\_vm\_scopes) | A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform | `list(string)` | <pre>[<br>  "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br>  "https://www.googleapis.com/auth/devstorage.read_only",<br>  "https://www.googleapis.com/auth/logging.write",<br>  "https://www.googleapis.com/auth/monitoring.write"<br>]</pre> | no |
 | <a name="input_spoke_vm_type"></a> [spoke\_vm\_type](#input\_spoke\_vm\_type) | The GCP machine type for the compute instances in the spoke networks. | `string` | `"f1-micro"` | no |
+| <a name="input_spoke_vm_user"></a> [spoke\_vm\_user](#input\_spoke\_vm\_user) | The username for the compute instance in the spoke networks. | `string` | `null` | no |
 
 ## Outputs
 

examples/hub_spoke_common/example.tfvars

@@ -2,12 +2,13 @@ project_id      = null
 public_key_path = "~/.ssh/gcp-demo.pub"
 region          = "us-east1"
 fw_image_name   = "vmseries-flex-bundle2-1010"
-fw_machine_type = "n2-standard-4"
+fw_machine_type = "n1-standard-4"
 allowed_sources = ["0.0.0.0/0"]
 
 cidr_mgmt      = "192.168.0.0/28"
 cidr_untrust   = "192.168.1.0/28"
 cidr_trust     = "192.168.2.0/28"
 cidr_spoke1    = "10.1.0.0/28"
 cidr_spoke2    = "10.2.0.0/28"
-spoke_vm_image = "https://www.googleapis.com/compute/v1/projects/panw-gcp-team-testing/global/images/ubuntu-2004-lts-apache"
+spoke_vm_image = "https://www.googleapis.com/compute/v1/projects/panw-gcp-team-testing/global/images/ubuntu-2004-lts-apache"
+spoke_vm_user  = "paloalto"

examples/hub_spoke_common/main.tf

@@ -137,7 +137,7 @@ module "vpc_trust" {
 module "iam_service_account" {
   source = "../../modules/iam_service_account/"
 
-  service_account_id = "${local.prefix}panw-sa"
+  service_account_id = "${local.prefix}vmseries-sa"
 }
 
 # Create storage bucket to bootstrap VM-Series.
@@ -171,7 +171,7 @@ module "vmseries" {
   network_interfaces = [
     {
       subnetwork       = module.vpc_untrust.subnets_self_links[0]
-      create_public_ip = false
+      create_public_ip = true
     },
     {
       subnetwork       = module.vpc_mgmt.subnets_self_links[0]
@@ -190,7 +190,7 @@ module "vmseries" {
 # Due to intranet load balancer solution - DNAT for healthchecks traffic should be configured on firewall.
 # Source: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP9QCAW
 module "lb_internal" {
-  source = "../../modules/lb_internal"
+  source = "../../modules/lb_internal/"
 
   name       = "${local.prefix}fw-ilb"
   backends   = { for k, v in module.vmseries : k => v.instance_group_self_link }
@@ -371,11 +371,10 @@ resource "google_compute_instance_group" "spoke1_ig" {
 }
 
 module "spoke1_ilb" {
-  source = "../../modules/lb_internal"
+  source = "../../modules/lb_internal/"
 
-  name     = "${local.prefix}spoke1-ilb"
-  backends = { 0 = google_compute_instance_group.spoke1_lb.self_link }
-  # backends = tomap({"0" = google_compute_instance_group.spoke1_lb.self_link})
+  name       = "${local.prefix}spoke1-ilb"
+  backends   = { 0 = google_compute_instance_group.spoke1_ig.self_link }
   ip_address = cidrhost(var.cidr_spoke1, 10)
   subnetwork = module.vpc_spoke1.subnets_self_links[0]
   network    = module.vpc_spoke1.network_id

examples/hub_spoke_common/variables.tf

@@ -73,6 +73,12 @@ variable "spoke_vm_image" {
   default     = "ubuntu-os-cloud/ubuntu-2004-lts"
 }
 
+variable "spoke_vm_user" {
+  description = "The username for the compute instance in the spoke networks."
+  type        = string
+  default     = null
+}
+
 variable "spoke_vm_scopes" {
   description = "A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform"
   type        = list(string)