diff --git a/Gemfile b/Gemfile index 27b9430c..db8effbc 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -ruby '2.5.3' +ruby '2.6.3' source 'https://rubygems.org/' do gem 'kitchen-terraform', '~> 4.3' diff --git a/Makefile b/Makefile index 4dec7146..15befa12 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ SHELL := /usr/bin/env bash # Docker build config variables CREDENTIALS_PATH ?= /cft/workdir/credentials.json DOCKER_ORG := gcr.io/cloud-foundation-cicd -DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.10_216.0.0_1.19.1_0.1.10 +DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 2.0.0 DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM} # All is the first target in the file so it will get picked up when you just run 'make' on its own diff --git a/codelabs/simple/main.tf b/codelabs/simple/main.tf index f02f801a..e8b23922 100644 --- a/codelabs/simple/main.tf +++ b/codelabs/simple/main.tf @@ -28,7 +28,7 @@ module "vpc" { version = "~> 0.4.0" # Give the network a name and project - project_id = "${google_project_service.compute.project}" + project_id = google_project_service.compute.project network_name = "my-custom-vpc-${random_id.network_id.hex}" subnets = [ @@ -67,7 +67,7 @@ resource "random_id" "instance_id" { # Launch a VM on it resource "google_compute_instance" "default" { name = "vm-${random_id.instance_id.hex}" - project = "${google_project_service.compute.project}" + project = google_project_service.compute.project machine_type = "f1-micro" zone = "us-west1-a" @@ -78,8 +78,8 @@ resource "google_compute_instance" "default" { } network_interface { - subnetwork = "${module.vpc.subnets_names[0]}" - subnetwork_project = "${google_project_service.compute.project}" + subnetwork = module.vpc.subnets_names[0] + subnetwork_project = google_project_service.compute.project access_config { # Include this section to give the VM an external ip address @@ -93,8 +93,8 @@ resource "google_compute_instance" "default" { # Allow traffic to the VM resource "google_compute_firewall" "allow-ping" { name = "default-ping" - network = "${module.vpc.network_name}" - project = "${google_project_service.compute.project}" + network = module.vpc.network_name + project = google_project_service.compute.project allow { protocol = "icmp" @@ -106,5 +106,5 @@ resource "google_compute_firewall" "allow-ping" { } output "ip" { - value = "${google_compute_instance.default.network_interface.0.access_config.0.nat_ip}" + value = google_compute_instance.default.network_interface.0.access_config.0.nat_ip } diff --git a/examples/delete_default_gateway_routes/main.tf b/examples/delete_default_gateway_routes/main.tf index 2fea7ac0..3244acc4 100644 --- a/examples/delete_default_gateway_routes/main.tf +++ b/examples/delete_default_gateway_routes/main.tf @@ -20,13 +20,13 @@ locals { module "test-vpc-module" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_name}" + project_id = var.project_id + network_name = var.network_name delete_default_internet_gateway_routes = "true" subnets = [ { - subnet_name = "${local.subnet_01}" + subnet_name = local.subnet_01 subnet_ip = "10.20.30.0/24" subnet_region = "us-west1" }, diff --git a/examples/delete_default_gateway_routes/outputs.tf b/examples/delete_default_gateway_routes/outputs.tf index b7afd555..d135aa8f 100644 --- a/examples/delete_default_gateway_routes/outputs.tf +++ b/examples/delete_default_gateway_routes/outputs.tf @@ -15,46 +15,46 @@ */ output "network_name" { - value = "${module.test-vpc-module.network_name}" + value = module.test-vpc-module.network_name description = "The name of the VPC being created" } output "network_self_link" { - value = "${module.test-vpc-module.network_self_link}" + value = module.test-vpc-module.network_self_link description = "The URI of the VPC being created" } output "subnets_names" { - value = "${module.test-vpc-module.subnets_names}" + value = module.test-vpc-module.subnets_names description = "The names of the subnets being created" } output "subnets_ips" { - value = "${module.test-vpc-module.subnets_ips}" + value = module.test-vpc-module.subnets_ips description = "The IP and cidrs of the subnets being created" } output "subnets_regions" { - value = "${module.test-vpc-module.subnets_regions}" + value = module.test-vpc-module.subnets_regions description = "The region where subnets will be created" } output "subnets_private_access" { - value = "${module.test-vpc-module.subnets_private_access}" + value = module.test-vpc-module.subnets_private_access description = "Whether the subnets will have access to Google API's without a public IP" } output "subnets_flow_logs" { - value = "${module.test-vpc-module.subnets_flow_logs}" + value = module.test-vpc-module.subnets_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "subnets_secondary_ranges" { - value = "${module.test-vpc-module.subnets_secondary_ranges}" + value = module.test-vpc-module.subnets_secondary_ranges description = "The secondary ranges associated with these subnets" } output "routes" { - value = "${module.test-vpc-module.routes}" + value = module.test-vpc-module.routes description = "The routes associated with this VPC" } diff --git a/examples/multi_vpc/main.tf b/examples/multi_vpc/main.tf index 9ac302d2..ba2791f2 100644 --- a/examples/multi_vpc/main.tf +++ b/examples/multi_vpc/main.tf @@ -51,26 +51,26 @@ locals { module "test-vpc-module-01" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_01_name}" + project_id = var.project_id + network_name = var.network_01_name subnets = [ { - subnet_name = "${local.network_01_subnet_01}" + subnet_name = local.network_01_subnet_01 subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" subnet_private_access = "false" subnet_flow_logs = "true" }, { - subnet_name = "${local.network_01_subnet_02}" + subnet_name = local.network_01_subnet_02 subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" subnet_private_access = "false" subnet_flow_logs = "true" }, { - subnet_name = "${local.network_01_subnet_03}" + subnet_name = local.network_01_subnet_03 subnet_ip = "10.10.30.0/24" subnet_region = "us-west1" subnet_private_access = "false" @@ -105,8 +105,8 @@ module "test-vpc-module-01" { module "test-vpc-module-02" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_02_name}" + project_id = var.project_id + network_name = var.network_02_name subnets = [ { @@ -136,5 +136,5 @@ module "test-vpc-module-02" { "${local.network_02_subnet_02}" = [] } - routes = "${local.network_02_routes}" + routes = local.network_02_routes } diff --git a/examples/multi_vpc/outputs.tf b/examples/multi_vpc/outputs.tf index 7b6ad103..fe6cedf7 100644 --- a/examples/multi_vpc/outputs.tf +++ b/examples/multi_vpc/outputs.tf @@ -16,92 +16,92 @@ # vpc 1 output "network_01_name" { - value = "${module.test-vpc-module-01.network_name}" + value = module.test-vpc-module-01.network_name description = "The name of the VPC network-01" } output "network_01_self_link" { - value = "${module.test-vpc-module-01.network_self_link}" + value = module.test-vpc-module-01.network_self_link description = "The URI of the VPC network-01" } output "network_01_subnets" { - value = "${module.test-vpc-module-01.subnets_names}" + value = module.test-vpc-module-01.subnets_names description = "The names of the subnets being created on network-01" } output "network_01_subnets_ips" { - value = "${module.test-vpc-module-01.subnets_ips}" + value = module.test-vpc-module-01.subnets_ips description = "The IP and cidrs of the subnets being created on network-01" } output "network_01_subnets_regions" { - value = "${module.test-vpc-module-01.subnets_regions}" + value = module.test-vpc-module-01.subnets_regions description = "The region where the subnets will be created on network-01" } output "network_01_subnets_private_access" { - value = "${module.test-vpc-module-01.subnets_private_access}" + value = module.test-vpc-module-01.subnets_private_access description = "Whether the subnets will have access to Google API's without a public IP on network-01" } output "network_01_subnets_flow_logs" { - value = "${module.test-vpc-module-01.subnets_flow_logs}" + value = module.test-vpc-module-01.subnets_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "network_01_subnets_secondary_ranges" { - value = "${module.test-vpc-module-01.subnets_secondary_ranges}" + value = module.test-vpc-module-01.subnets_secondary_ranges description = "The secondary ranges associated with these subnets on network-01" } output "network_01_routes" { - value = "${module.test-vpc-module-01.routes}" + value = module.test-vpc-module-01.routes description = "The routes associated with network-01" } # vpc 2 output "network_02_name" { - value = "${module.test-vpc-module-02.network_name}" + value = module.test-vpc-module-02.network_name description = "The name of the VPC network-02" } output "network_02_self_link" { - value = "${module.test-vpc-module-02.network_self_link}" + value = module.test-vpc-module-02.network_self_link description = "The URI of the VPC network-02" } output "network_02_subnets" { - value = "${module.test-vpc-module-02.subnets_names}" + value = module.test-vpc-module-02.subnets_names description = "The names of the subnets being created on network-02" } output "network_02_subnets_ips" { - value = "${module.test-vpc-module-02.subnets_ips}" + value = module.test-vpc-module-02.subnets_ips description = "The IP and cidrs of the subnets being created on network-02" } output "network_02_subnets_regions" { - value = "${module.test-vpc-module-02.subnets_regions}" + value = module.test-vpc-module-02.subnets_regions description = "The region where the subnets will be created on network-02" } output "network_02_subnets_private_access" { - value = "${module.test-vpc-module-02.subnets_private_access}" + value = module.test-vpc-module-02.subnets_private_access description = "Whether the subnets will have access to Google API's without a public IP on network-02" } output "network_02_subnets_flow_logs" { - value = "${module.test-vpc-module-02.subnets_flow_logs}" + value = module.test-vpc-module-02.subnets_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "network_02_subnets_secondary_ranges" { - value = "${module.test-vpc-module-02.subnets_secondary_ranges}" + value = module.test-vpc-module-02.subnets_secondary_ranges description = "The secondary ranges associated with these subnets on network-02" } output "network_02_routes" { - value = "${module.test-vpc-module-02.routes}" + value = module.test-vpc-module-02.routes description = "The routes associated with network-02" } diff --git a/examples/secondary_ranges/main.tf b/examples/secondary_ranges/main.tf index c33ea5a4..f580644d 100644 --- a/examples/secondary_ranges/main.tf +++ b/examples/secondary_ranges/main.tf @@ -22,8 +22,8 @@ locals { module "vpc-secondary-ranges" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_name}" + project_id = var.project_id + network_name = var.network_name subnets = [ { diff --git a/examples/secondary_ranges/outputs.tf b/examples/secondary_ranges/outputs.tf index d1c7ad47..891e32ff 100644 --- a/examples/secondary_ranges/outputs.tf +++ b/examples/secondary_ranges/outputs.tf @@ -15,46 +15,46 @@ */ output "network_name" { - value = "${module.vpc-secondary-ranges.network_name}" + value = module.vpc-secondary-ranges.network_name description = "The name of the VPC being created" } output "network_self_link" { - value = "${module.vpc-secondary-ranges.network_self_link}" + value = module.vpc-secondary-ranges.network_self_link description = "The URI of the VPC being created" } output "subnets_names" { - value = "${module.vpc-secondary-ranges.subnets_names}" + value = module.vpc-secondary-ranges.subnets_names description = "The names of the subnets being created" } output "subnets_ips" { - value = "${module.vpc-secondary-ranges.subnets_ips}" + value = module.vpc-secondary-ranges.subnets_ips description = "The IP and cidrs of the subnets being created" } output "subnets_regions" { - value = "${module.vpc-secondary-ranges.subnets_regions}" + value = module.vpc-secondary-ranges.subnets_regions description = "The region where subnets will be created" } output "subnets_private_access" { - value = "${module.vpc-secondary-ranges.subnets_private_access}" + value = module.vpc-secondary-ranges.subnets_private_access description = "Whether the subnets will have access to Google API's without a public IP" } output "subnets_flow_logs" { - value = "${module.vpc-secondary-ranges.subnets_flow_logs}" + value = module.vpc-secondary-ranges.subnets_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "subnets_secondary_ranges" { - value = "${flatten(module.vpc-secondary-ranges.subnets_secondary_ranges)}" + value = flatten(module.vpc-secondary-ranges.subnets_secondary_ranges) description = "The secondary ranges associated with these subnets" } output "routes" { - value = "${module.vpc-secondary-ranges.routes}" + value = module.vpc-secondary-ranges.routes description = "The routes associated with this VPC" } diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf index 4863e17f..e24b69e0 100644 --- a/examples/simple_project/main.tf +++ b/examples/simple_project/main.tf @@ -20,8 +20,8 @@ locals { module "test-vpc-module" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_name}" + project_id = var.project_id + network_name = var.network_name subnets = [ { diff --git a/examples/simple_project/outputs.tf b/examples/simple_project/outputs.tf index b7afd555..d135aa8f 100644 --- a/examples/simple_project/outputs.tf +++ b/examples/simple_project/outputs.tf @@ -15,46 +15,46 @@ */ output "network_name" { - value = "${module.test-vpc-module.network_name}" + value = module.test-vpc-module.network_name description = "The name of the VPC being created" } output "network_self_link" { - value = "${module.test-vpc-module.network_self_link}" + value = module.test-vpc-module.network_self_link description = "The URI of the VPC being created" } output "subnets_names" { - value = "${module.test-vpc-module.subnets_names}" + value = module.test-vpc-module.subnets_names description = "The names of the subnets being created" } output "subnets_ips" { - value = "${module.test-vpc-module.subnets_ips}" + value = module.test-vpc-module.subnets_ips description = "The IP and cidrs of the subnets being created" } output "subnets_regions" { - value = "${module.test-vpc-module.subnets_regions}" + value = module.test-vpc-module.subnets_regions description = "The region where subnets will be created" } output "subnets_private_access" { - value = "${module.test-vpc-module.subnets_private_access}" + value = module.test-vpc-module.subnets_private_access description = "Whether the subnets will have access to Google API's without a public IP" } output "subnets_flow_logs" { - value = "${module.test-vpc-module.subnets_flow_logs}" + value = module.test-vpc-module.subnets_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "subnets_secondary_ranges" { - value = "${module.test-vpc-module.subnets_secondary_ranges}" + value = module.test-vpc-module.subnets_secondary_ranges description = "The secondary ranges associated with these subnets" } output "routes" { - value = "${module.test-vpc-module.routes}" + value = module.test-vpc-module.routes description = "The routes associated with this VPC" } diff --git a/examples/simple_project_with_regional_network/main.tf b/examples/simple_project_with_regional_network/main.tf index 25d44676..5c0a5a00 100644 --- a/examples/simple_project_with_regional_network/main.tf +++ b/examples/simple_project_with_regional_network/main.tf @@ -21,8 +21,8 @@ locals { module "test-vpc-module" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_name}" + project_id = var.project_id + network_name = var.network_name routing_mode = "REGIONAL" subnets = [ diff --git a/examples/simple_project_with_regional_network/outputs.tf b/examples/simple_project_with_regional_network/outputs.tf index b7afd555..d135aa8f 100644 --- a/examples/simple_project_with_regional_network/outputs.tf +++ b/examples/simple_project_with_regional_network/outputs.tf @@ -15,46 +15,46 @@ */ output "network_name" { - value = "${module.test-vpc-module.network_name}" + value = module.test-vpc-module.network_name description = "The name of the VPC being created" } output "network_self_link" { - value = "${module.test-vpc-module.network_self_link}" + value = module.test-vpc-module.network_self_link description = "The URI of the VPC being created" } output "subnets_names" { - value = "${module.test-vpc-module.subnets_names}" + value = module.test-vpc-module.subnets_names description = "The names of the subnets being created" } output "subnets_ips" { - value = "${module.test-vpc-module.subnets_ips}" + value = module.test-vpc-module.subnets_ips description = "The IP and cidrs of the subnets being created" } output "subnets_regions" { - value = "${module.test-vpc-module.subnets_regions}" + value = module.test-vpc-module.subnets_regions description = "The region where subnets will be created" } output "subnets_private_access" { - value = "${module.test-vpc-module.subnets_private_access}" + value = module.test-vpc-module.subnets_private_access description = "Whether the subnets will have access to Google API's without a public IP" } output "subnets_flow_logs" { - value = "${module.test-vpc-module.subnets_flow_logs}" + value = module.test-vpc-module.subnets_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "subnets_secondary_ranges" { - value = "${module.test-vpc-module.subnets_secondary_ranges}" + value = module.test-vpc-module.subnets_secondary_ranges description = "The secondary ranges associated with these subnets" } output "routes" { - value = "${module.test-vpc-module.routes}" + value = module.test-vpc-module.routes description = "The routes associated with this VPC" } diff --git a/examples/submodule_firewall/main.tf b/examples/submodule_firewall/main.tf index c9448800..13c60b08 100644 --- a/examples/submodule_firewall/main.tf +++ b/examples/submodule_firewall/main.tf @@ -20,17 +20,17 @@ locals { module "test-vpc-module" { source = "../../" - project_id = "${var.project_id}" - network_name = "${var.network_name}" + project_id = var.project_id + network_name = var.network_name subnets = [ { - subnet_name = "${local.subnet_01}" + subnet_name = local.subnet_01 subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" }, { - subnet_name = "${local.subnet_02}" + subnet_name = local.subnet_02 subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" subnet_private_access = "true" @@ -46,14 +46,14 @@ module "test-vpc-module" { module "test-firewall-submodule" { source = "../../modules/fabric-net-firewall" - project_id = "${var.project_id}" - network = "${module.test-vpc-module.network_name}" + project_id = var.project_id + network = module.test-vpc-module.network_name internal_ranges_enabled = true - internal_ranges = ["${module.test-vpc-module.subnets_ips}"] + internal_ranges = module.test-vpc-module.subnets_ips internal_allow = [{ protocol = "icmp" - }, + }, { protocol = "tcp" }, diff --git a/examples/submodule_firewall/outputs.tf b/examples/submodule_firewall/outputs.tf index 41159161..f6084c14 100644 --- a/examples/submodule_firewall/outputs.tf +++ b/examples/submodule_firewall/outputs.tf @@ -15,16 +15,16 @@ */ output "network_name" { - value = "${module.test-vpc-module.network_name}" + value = module.test-vpc-module.network_name description = "The name of the VPC being created" } output "internal_ranges" { description = "Firewall attributes for internal ranges." - value = "${module.test-firewall-submodule.internal_ranges}" + value = module.test-firewall-submodule.internal_ranges } output "admin_ranges" { description = "Firewall attributes for admin ranges." - value = "${module.test-firewall-submodule.admin_ranges}" + value = module.test-firewall-submodule.admin_ranges } diff --git a/examples/submodule_svpc_access/main.tf b/examples/submodule_svpc_access/main.tf index ee591c1b..59e146d6 100644 --- a/examples/submodule_svpc_access/main.tf +++ b/examples/submodule_svpc_access/main.tf @@ -21,8 +21,8 @@ locals { module "net-vpc-shared" { source = "../../" - project_id = "${var.host_project_id}" - network_name = "${var.network_name}" + project_id = var.host_project_id + network_name = var.network_name shared_vpc_host = "true" subnets = [ @@ -46,14 +46,14 @@ module "net-vpc-shared" { module "net-svpc-access" { source = "../../modules/fabric-net-svpc-access" - host_project_id = "${module.net-vpc-shared.svpc_host_project_id}" + host_project_id = module.net-vpc-shared.svpc_host_project_id service_project_num = 1 - service_project_ids = ["${var.service_project_id_full_access}"] - host_subnets = ["${module.net-vpc-shared.subnets_names}"] - host_subnet_regions = ["${module.net-vpc-shared.subnets_regions}"] + service_project_ids = var.service_project_id_full_access + host_subnets = module.net-vpc-shared.subnets_names + host_subnet_regions = module.net-vpc-shared.subnets_regions host_subnet_users = { first = "${local.first_gce_sa},${local.second_gce_sa}" - second = "${local.second_gce_sa}" + second = local.second_gce_sa } } diff --git a/main.tf b/main.tf index abd22d0e..cef2cdb6 100644 --- a/main.tf +++ b/main.tf @@ -18,86 +18,83 @@ VPC configuration *****************************************/ resource "google_compute_network" "network" { - name = "${var.network_name}" + name = var.network_name auto_create_subnetworks = "false" - routing_mode = "${var.routing_mode}" - project = "${var.project_id}" + routing_mode = var.routing_mode + project = var.project_id } /****************************************** Shared VPC *****************************************/ resource "google_compute_shared_vpc_host_project" "shared_vpc_host" { - count = "${var.shared_vpc_host == "true" ? 1 : 0}" - project = "${var.project_id}" - depends_on = ["google_compute_network.network"] - + count = var.shared_vpc_host == "true" ? 1 : 0 + project = var.project_id + depends_on = [google_compute_network.network] } /****************************************** Subnet configuration *****************************************/ resource "google_compute_subnetwork" "subnetwork" { - count = "${length(var.subnets)}" - - name = "${lookup(var.subnets[count.index], "subnet_name")}" - ip_cidr_range = "${lookup(var.subnets[count.index], "subnet_ip")}" - region = "${lookup(var.subnets[count.index], "subnet_region")}" - private_ip_google_access = "${lookup(var.subnets[count.index], "subnet_private_access", "false")}" - enable_flow_logs = "${lookup(var.subnets[count.index], "subnet_flow_logs", "false")}" - network = "${google_compute_network.network.name}" - project = "${var.project_id}" + count = length(var.subnets) - secondary_ip_range = "${var.secondary_ranges[lookup(var.subnets[count.index], "subnet_name")]}" + name = var.subnets[count.index]["subnet_name"] + ip_cidr_range = var.subnets[count.index]["subnet_ip"] + region = var.subnets[count.index]["subnet_region"] + private_ip_google_access = lookup(var.subnets[count.index], "subnet_private_access", "false") + enable_flow_logs = lookup(var.subnets[count.index], "subnet_flow_logs", "false") + network = google_compute_network.network.name + project = var.project_id + secondary_ip_range = var.secondary_ranges[lookup(var.subnets[count.index], "subnet_name", null)] } data "google_compute_subnetwork" "created_subnets" { - count = "${length(var.subnets)}" - - name = "${element(google_compute_subnetwork.subnetwork.*.name, count.index)}" - region = "${element(google_compute_subnetwork.subnetwork.*.region, count.index)}" - project = "${var.project_id}" + count = length(var.subnets) + name = element(google_compute_subnetwork.subnetwork.*.name, count.index) + region = element(google_compute_subnetwork.subnetwork.*.region, count.index) + project = var.project_id } /****************************************** Routes *****************************************/ resource "google_compute_route" "route" { - count = "${length(var.routes)}" - project = "${var.project_id}" - network = "${var.network_name}" - - name = "${lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route",count.index))}" - description = "${lookup(var.routes[count.index], "description","")}" - tags = "${compact(split(",",lookup(var.routes[count.index], "tags","")))}" - dest_range = "${lookup(var.routes[count.index], "destination_range","")}" - next_hop_gateway = "${lookup(var.routes[count.index], "next_hop_internet","") == "true" ? "default-internet-gateway":""}" - next_hop_ip = "${lookup(var.routes[count.index], "next_hop_ip","")}" - next_hop_instance = "${lookup(var.routes[count.index], "next_hop_instance","")}" - next_hop_instance_zone = "${lookup(var.routes[count.index], "next_hop_instance_zone","")}" - next_hop_vpn_tunnel = "${lookup(var.routes[count.index], "next_hop_vpn_tunnel","")}" - priority = "${lookup(var.routes[count.index], "priority", "1000")}" + count = length(var.routes) + project = var.project_id + network = var.network_name + name = lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route", count.index)) + description = lookup(var.routes[count.index], "description", "") + tags = compact(split(",", lookup(var.routes[count.index], "tags", ""))) + dest_range = lookup(var.routes[count.index], "destination_range", "") + next_hop_gateway = lookup(var.routes[count.index], "next_hop_internet", "") == "true" ? "default-internet-gateway" : "" + next_hop_ip = lookup(var.routes[count.index], "next_hop_ip", "") + next_hop_instance = lookup(var.routes[count.index], "next_hop_instance", "") + next_hop_instance_zone = lookup(var.routes[count.index], "next_hop_instance_zone", "") + next_hop_vpn_tunnel = lookup(var.routes[count.index], "next_hop_vpn_tunnel", "") + priority = lookup(var.routes[count.index], "priority", "1000") depends_on = [ - "google_compute_network.network", - "google_compute_subnetwork.subnetwork", + google_compute_network.network, + google_compute_subnetwork.subnetwork, ] } resource "null_resource" "delete_default_internet_gateway_routes" { - count = "${var.delete_default_internet_gateway_routes ? 1 : 0}" + count = var.delete_default_internet_gateway_routes ? 1 : 0 provisioner "local-exec" { command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" } - triggers { - number_of_routes = "${length(var.routes)}" + triggers = { + number_of_routes = length(var.routes) } depends_on = [ - "google_compute_network.network", - "google_compute_subnetwork.subnetwork", - "google_compute_route.route", + google_compute_network.network, + google_compute_subnetwork.subnetwork, + google_compute_route.route, ] } + diff --git a/modules/fabric-net-firewall/main.tf b/modules/fabric-net-firewall/main.tf index 5ca69653..f867db8b 100644 --- a/modules/fabric-net-firewall/main.tf +++ b/modules/fabric-net-firewall/main.tf @@ -19,22 +19,29 @@ ############################################################################### resource "google_compute_firewall" "allow-internal" { - count = "${var.internal_ranges_enabled && length(var.internal_allow) > 0 ? 1 : 0}" + count = var.internal_ranges_enabled == true && length(var.internal_allow) > 0 ? 1 : 0 name = "${var.network}-ingress-internal" description = "Allow ingress traffic from internal IP ranges" - network = "${var.network}" - project = "${var.project_id}" - source_ranges = ["${var.internal_ranges}"] - allow = ["${var.internal_allow}"] + network = var.network + project = var.project_id + source_ranges = var.internal_ranges + + dynamic "allow" { + for_each = [var.internal_allow] + content { + protocol = lookup(allow.value[count.index], "protocol", null) + ports = lookup(allow.value[count.index], "ports", null) + } + } } resource "google_compute_firewall" "allow-admins" { - count = "${var.admin_ranges_enabled > 0 ? 1 : 0}" + count = var.admin_ranges_enabled == true ? 1 : 0 name = "${var.network}-ingress-admins" description = "Access from the admin subnet to all subnets" - network = "${var.network}" - project = "${var.project_id}" - source_ranges = ["${var.admin_ranges}"] + network = var.network + project = var.project_id + source_ranges = var.admin_ranges allow { protocol = "icmp" @@ -54,12 +61,12 @@ resource "google_compute_firewall" "allow-admins" { ############################################################################### resource "google_compute_firewall" "allow-tag-ssh" { - count = "${length(var.ssh_source_ranges) > 0 ? 1 : 0}" + count = length(var.ssh_source_ranges) > 0 ? 1 : 0 name = "${var.network}-ingress-tag-ssh" description = "Allow SSH to machines with the 'ssh' tag" - network = "${var.network}" - project = "${var.project_id}" - source_ranges = ["${var.ssh_source_ranges}"] + network = var.network + project = var.project_id + source_ranges = var.ssh_source_ranges target_tags = ["ssh"] allow { @@ -69,12 +76,12 @@ resource "google_compute_firewall" "allow-tag-ssh" { } resource "google_compute_firewall" "allow-tag-http" { - count = "${length(var.http_source_ranges) > 0 ? 1 : 0}" + count = length(var.http_source_ranges) > 0 ? 1 : 0 name = "${var.network}-ingress-tag-http" description = "Allow HTTP to machines with the 'http-server' tag" - network = "${var.network}" - project = "${var.project_id}" - source_ranges = ["${var.http_source_ranges}"] + network = var.network + project = var.project_id + source_ranges = var.http_source_ranges target_tags = ["http-server"] allow { @@ -84,12 +91,12 @@ resource "google_compute_firewall" "allow-tag-http" { } resource "google_compute_firewall" "allow-tag-https" { - count = "${length(var.https_source_ranges) > 0 ? 1 : 0}" + count = length(var.https_source_ranges) > 0 ? 1 : 0 name = "${var.network}-ingress-tag-https" description = "Allow HTTPS to machines with the 'https' tag" - network = "${var.network}" - project = "${var.project_id}" - source_ranges = ["${var.https_source_ranges}"] + network = var.network + project = var.project_id + source_ranges = var.https_source_ranges target_tags = ["https-server"] allow { diff --git a/modules/fabric-net-firewall/outputs.tf b/modules/fabric-net-firewall/outputs.tf index 2ffd37fd..117d1c18 100644 --- a/modules/fabric-net-firewall/outputs.tf +++ b/modules/fabric-net-firewall/outputs.tf @@ -18,8 +18,8 @@ output "internal_ranges" { description = "Internal ranges." value = { - enabled = "${var.internal_ranges_enabled}" - ranges = "${var.internal_ranges_enabled ? join(",", var.internal_ranges) : ""}" + enabled = var.internal_ranges_enabled + ranges = var.internal_ranges_enabled ? join(",", var.internal_ranges) : "" } } @@ -27,7 +27,8 @@ output "admin_ranges" { description = "Admin ranges data." value = { - enabled = "${var.admin_ranges_enabled}" - ranges = "${var.admin_ranges_enabled ? join(",", var.admin_ranges) : ""}" + enabled = var.admin_ranges_enabled + ranges = var.admin_ranges_enabled ? join(",", var.admin_ranges) : "" } } + diff --git a/modules/fabric-net-firewall/variables.tf b/modules/fabric-net-firewall/variables.tf index 802a1d59..e581c542 100644 --- a/modules/fabric-net-firewall/variables.tf +++ b/modules/fabric-net-firewall/variables.tf @@ -34,7 +34,6 @@ variable "internal_ranges" { variable "internal_allow" { description = "Allow rules for internal ranges." - default = [ { protocol = "icmp" diff --git a/modules/fabric-net-svpc-access/main.tf b/modules/fabric-net-svpc-access/main.tf index c2e62823..2b9766ef 100644 --- a/modules/fabric-net-svpc-access/main.tf +++ b/modules/fabric-net-svpc-access/main.tf @@ -15,19 +15,19 @@ */ resource "google_compute_shared_vpc_service_project" "projects" { - count = "${var.service_project_num}" - host_project = "${var.host_project_id}" - service_project = "${element(var.service_project_ids, count.index)}" + count = var.service_project_num + host_project = var.host_project_id + service_project = element(var.service_project_ids, count.index) } resource "google_compute_subnetwork_iam_binding" "subnets" { - count = "${length(var.host_subnets)}" - project = "${var.host_project_id}" - region = "${element(var.host_subnet_regions, count.index)}" - subnetwork = "${element(var.host_subnets, count.index)}" + count = length(var.host_subnets) + project = var.host_project_id + region = element(var.host_subnet_regions, count.index) + subnetwork = element(var.host_subnets, count.index) role = "roles/compute.networkUser" - members = ["${compact(split(",", - lookup(var.host_subnet_users, element(var.host_subnets, count.index)) - ))}"] + members = compact(split(",", lookup(var.host_subnet_users, + element(var.host_subnets, count.index)) + )) } diff --git a/modules/fabric-net-svpc-access/outputs.tf b/modules/fabric-net-svpc-access/outputs.tf index ac5b38a4..7831565c 100644 --- a/modules/fabric-net-svpc-access/outputs.tf +++ b/modules/fabric-net-svpc-access/outputs.tf @@ -16,5 +16,5 @@ output "service_projects" { description = "Project ids of the services with access to all subnets." - value = ["${google_compute_shared_vpc_service_project.projects.*.service_project}"] + value = google_compute_shared_vpc_service_project.projects.service_project } diff --git a/outputs.tf b/outputs.tf index 038330d9..b0a40c21 100644 --- a/outputs.tf +++ b/outputs.tf @@ -15,56 +15,57 @@ */ output "network_name" { - value = "${google_compute_network.network.name}" + value = google_compute_network.network.name description = "The name of the VPC being created" } output "network_self_link" { - value = "${google_compute_network.network.self_link}" + value = google_compute_network.network.self_link description = "The URI of the VPC being created" } output "svpc_host_project_id" { - value = "${element(concat(google_compute_shared_vpc_host_project.shared_vpc_host.*.project, list("")), 0)}" + value = element(concat(google_compute_shared_vpc_host_project.shared_vpc_host.*.project, list("")), 0) description = "Shared VPC host project id." } output "subnets_names" { - value = "${google_compute_subnetwork.subnetwork.*.name}" + value = google_compute_subnetwork.subnetwork.*.name description = "The names of the subnets being created" } output "subnets_ips" { - value = "${google_compute_subnetwork.subnetwork.*.ip_cidr_range}" + value = google_compute_subnetwork.subnetwork.*.ip_cidr_range description = "The IPs and CIDRs of the subnets being created" } output "subnets_self_links" { - value = "${google_compute_subnetwork.subnetwork.*.self_link}" + value = google_compute_subnetwork.subnetwork.*.self_link description = "The self-links of subnets being created" } output "subnets_regions" { - value = "${google_compute_subnetwork.subnetwork.*.region}" + value = google_compute_subnetwork.subnetwork.*.region description = "The region where the subnets will be created" } output "subnets_private_access" { - value = "${google_compute_subnetwork.subnetwork.*.private_ip_google_access}" + value = google_compute_subnetwork.subnetwork.*.private_ip_google_access description = "Whether the subnets will have access to Google API's without a public IP" } output "subnets_flow_logs" { - value = "${google_compute_subnetwork.subnetwork.*.enable_flow_logs}" + value = google_compute_subnetwork.subnetwork.*.enable_flow_logs description = "Whether the subnets will have VPC flow logs enabled" } output "subnets_secondary_ranges" { - value = "${data.google_compute_subnetwork.created_subnets.*.secondary_ip_range}" + value = data.google_compute_subnetwork.created_subnets.*.secondary_ip_range description = "The secondary ranges associated with these subnets" } output "routes" { - value = "${google_compute_route.route.*.name}" + value = google_compute_route.route.*.name description = "The routes associated with this VPC" } + diff --git a/test/fixtures/all_examples/test_output.tf b/test/fixtures/all_examples/test_output.tf index dc48538e..805ccf1f 100644 --- a/test/fixtures/all_examples/test_output.tf +++ b/test/fixtures/all_examples/test_output.tf @@ -18,6 +18,6 @@ // They do not need to be included in real-world uses of this module output "project_id" { - value = "${var.project_id}" + value = var.project_id description = "The ID of the project to which resources are applied." } diff --git a/test/fixtures/delete_default_gateway_routes/main.tf b/test/fixtures/delete_default_gateway_routes/main.tf index f547cc08..83f803d5 100644 --- a/test/fixtures/delete_default_gateway_routes/main.tf +++ b/test/fixtures/delete_default_gateway_routes/main.tf @@ -20,6 +20,6 @@ locals { module "example" { source = "../../../examples/delete_default_gateway_routes" - project_id = "${var.project_id}" - network_name = "${local.network_name}" + project_id = var.project_id + network_name = local.network_name } diff --git a/test/fixtures/delete_default_gateway_routes/outputs.tf b/test/fixtures/delete_default_gateway_routes/outputs.tf index b7322e42..b7825718 100644 --- a/test/fixtures/delete_default_gateway_routes/outputs.tf +++ b/test/fixtures/delete_default_gateway_routes/outputs.tf @@ -15,11 +15,11 @@ */ output "project_id" { - value = "${var.project_id}" + value = var.project_id description = "The ID of the project being used" } output "network_name" { - value = "${module.example.network_name}" + value = module.example.network_name description = "The name of the VPC being created" } diff --git a/test/fixtures/delete_default_gateway_routes/route.tf b/test/fixtures/delete_default_gateway_routes/route.tf index 0ce579c0..8f474c5f 100644 --- a/test/fixtures/delete_default_gateway_routes/route.tf +++ b/test/fixtures/delete_default_gateway_routes/route.tf @@ -19,8 +19,8 @@ # the default internet gateway routes. resource "google_compute_route" "alternative_gateway" { - project = "${var.project_id}" - network = "${module.example.network_name}" + project = var.project_id + network = module.example.network_name name = "alternative-gateway-route" description = "Alternative gateway route" diff --git a/test/fixtures/multi_vpc/main.tf b/test/fixtures/multi_vpc/main.tf index 30c86cb7..782eef5d 100644 --- a/test/fixtures/multi_vpc/main.tf +++ b/test/fixtures/multi_vpc/main.tf @@ -20,7 +20,7 @@ locals { module "example" { source = "../../../examples/multi_vpc" - project_id = "${var.project_id}" - network_01_name = "${local.network_01_name}" - network_02_name = "${local.network_02_name}" + project_id = var.project_id + network_01_name = local.network_01_name + network_02_name = local.network_02_name } diff --git a/test/fixtures/multi_vpc/outputs.tf b/test/fixtures/multi_vpc/outputs.tf index ecf77a76..7e2a14f7 100644 --- a/test/fixtures/multi_vpc/outputs.tf +++ b/test/fixtures/multi_vpc/outputs.tf @@ -15,16 +15,16 @@ */ output "project_id" { - value = "${var.project_id}" + value = var.project_id description = "The ID of the project being used" } output "network_01_name" { - value = "${local.network_01_name}" + value = local.network_01_name description = "The name of the VPC network-01" } output "network_02_name" { - value = "${local.network_02_name}" + value = local.network_02_name description = "The name of the VPC network-01" } diff --git a/test/fixtures/secondary_ranges/main.tf b/test/fixtures/secondary_ranges/main.tf index 7a01d5f7..9c604b1d 100644 --- a/test/fixtures/secondary_ranges/main.tf +++ b/test/fixtures/secondary_ranges/main.tf @@ -20,6 +20,6 @@ locals { module "example" { source = "../../../examples/secondary_ranges" - project_id = "${var.project_id}" - network_name = "${local.network_name}" + project_id = var.project_id + network_name = local.network_name } diff --git a/test/fixtures/shared/outputs.tf b/test/fixtures/shared/outputs.tf index b7322e42..b7825718 100644 --- a/test/fixtures/shared/outputs.tf +++ b/test/fixtures/shared/outputs.tf @@ -15,11 +15,11 @@ */ output "project_id" { - value = "${var.project_id}" + value = var.project_id description = "The ID of the project being used" } output "network_name" { - value = "${module.example.network_name}" + value = module.example.network_name description = "The name of the VPC being created" } diff --git a/test/fixtures/simple_project/main.tf b/test/fixtures/simple_project/main.tf index 7bca5985..61120c7a 100644 --- a/test/fixtures/simple_project/main.tf +++ b/test/fixtures/simple_project/main.tf @@ -20,6 +20,6 @@ locals { module "example" { source = "../../../examples/simple_project" - project_id = "${var.project_id}" - network_name = "${local.network_name}" + project_id = var.project_id + network_name = local.network_name } diff --git a/test/fixtures/simple_project_with_regional_network/main.tf b/test/fixtures/simple_project_with_regional_network/main.tf index bea3c879..fd2a54be 100644 --- a/test/fixtures/simple_project_with_regional_network/main.tf +++ b/test/fixtures/simple_project_with_regional_network/main.tf @@ -20,6 +20,6 @@ locals { module "example" { source = "../../../examples/simple_project_with_regional_network" - project_id = "${var.project_id}" - network_name = "${local.network_name}" + project_id = var.project_id + network_name = local.network_name } diff --git a/test/fixtures/simulated_ci_environment/main.tf b/test/fixtures/simulated_ci_environment/main.tf index 7c4b0cc3..0f20e736 100644 --- a/test/fixtures/simulated_ci_environment/main.tf +++ b/test/fixtures/simulated_ci_environment/main.tf @@ -15,8 +15,8 @@ */ provider "google" { - project = "${local.project_id}" - region = "${var.region}" + project = local.project_id + region = var.region } locals { @@ -34,32 +34,32 @@ locals { } resource "google_project" "network" { - name = "${local.project_id}" - project_id = "${local.project_id}" - folder_id = "${var.folder_id}" - billing_account = "${var.billing_account}" + name = local.project_id + project_id = local.project_id + folder_id = var.folder_id + billing_account = var.billing_account } resource "google_project_service" "network" { - count = "${length(local.services)}" - project = "${google_project.network.id}" - service = "${element(local.services, count.index)}" + count = length(local.services) + project = google_project.network.id + service = element(local.services, count.index) disable_on_destroy = "true" } resource "google_service_account" "network" { - project = "${google_project.network.id}" + project = google_project.network.id account_id = "ci-network" display_name = "ci-network" } resource "google_project_iam_member" "network" { - count = "${length(local.required_service_account_project_roles)}" - project = "${google_project.network.id}" - role = "${element(local.required_service_account_project_roles, count.index)}" + count = length(local.required_service_account_project_roles) + project = google_project.network.id + role = element(local.required_service_account_project_roles, count.index) member = "serviceAccount:${google_service_account.network.email}" } resource "google_service_account_key" "network" { - service_account_id = "${google_service_account.network.id}" + service_account_id = google_service_account.network.id } diff --git a/test/fixtures/simulated_ci_environment/outputs.tf b/test/fixtures/simulated_ci_environment/outputs.tf index 34140f4b..61e7e31a 100644 --- a/test/fixtures/simulated_ci_environment/outputs.tf +++ b/test/fixtures/simulated_ci_environment/outputs.tf @@ -15,5 +15,5 @@ */ output "service_account_private_key" { description = "The SA KEY JSON content. Store in GOOGLE_CREDENTIALS." - value = "${base64decode(google_service_account_key.network.private_key)}" + value = base64decode(google_service_account_key.network.private_key) } diff --git a/test/fixtures/submodule_firewall/main.tf b/test/fixtures/submodule_firewall/main.tf index a325b189..20f2dee2 100644 --- a/test/fixtures/submodule_firewall/main.tf +++ b/test/fixtures/submodule_firewall/main.tf @@ -20,6 +20,6 @@ locals { module "example" { source = "../../../examples/submodule_firewall" - project_id = "${var.project_id}" - network_name = "${local.network_name}" + project_id = var.project_id + network_name = local.network_name } diff --git a/test/make.sh b/test/make.sh index fcf56ddc..d55324df 100755 --- a/test/make.sh +++ b/test/make.sh @@ -74,11 +74,16 @@ function docker() { # directory paths which contain *.tf files. function check_terraform() { echo "Running terraform validate" - find_files . -name "*.tf" -print0 \ - | compat_xargs -0 -n1 dirname \ - | sort -u \ - | grep -xv './test/fixtures/shared' \ - | compat_xargs -t -n1 terraform validate --check-variables=false + find . -name "*.tf" \ + -not -path "./.terraform/*" \ + -not -path "./test/fixtures/*/.terraform/*" \ + -not -path "./test/fixtures/all_examples/*" \ + -not -path "./test/fixtures/shared/*" \ + -print0 \ + | xargs -0 dirname | sort | uniq \ + | xargs -L 1 -i{} bash -c 'terraform init "{}" > /dev/null && terraform validate "{}"' + echo "Running terraform fmt" + terraform fmt -check=true -write=false } # This function runs 'go fmt' and 'go vet' on every file diff --git a/variables.tf b/variables.tf index 622363c6..d0bdabc9 100644 --- a/variables.tf +++ b/variables.tf @@ -23,29 +23,29 @@ variable "network_name" { } variable "routing_mode" { - type = "string" + type = string default = "GLOBAL" description = "The network routing mode (default 'GLOBAL')" } variable "shared_vpc_host" { - type = "string" + type = string description = "Makes this project a Shared VPC host if 'true' (default 'false')" default = "false" } variable "subnets" { - type = "list" + type = list(map(string)) description = "The list of subnets being created" } variable "secondary_ranges" { - type = "map" + type = list(map(object)) description = "Secondary ranges that will be used in some of the subnets" } variable "routes" { - type = "list" + type = list(map(string)) description = "List of routes being created in this VPC" default = [] }