From b044a9670b5c232baeabe068b136c2879015186e Mon Sep 17 00:00:00 2001 From: Andrey Kumanov Date: Sun, 9 Sep 2018 15:16:43 -0700 Subject: [PATCH 1/4] Add vpc flow logs option to subnets --- examples/multi_vpc/main.tf | 5 +++++ examples/simple_project/main.tf | 2 ++ main.tf | 1 + outputs.tf | 5 +++++ 4 files changed, 13 insertions(+) diff --git a/examples/multi_vpc/main.tf b/examples/multi_vpc/main.tf index 3f6b1c32..e5fbf686 100644 --- a/examples/multi_vpc/main.tf +++ b/examples/multi_vpc/main.tf @@ -25,18 +25,21 @@ module "test-vpc-module-01" { subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, { subnet_name = "test-network-01-subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, { subnet_name = "test-network-01-subnet-03" subnet_ip = "10.10.30.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, ] @@ -74,12 +77,14 @@ module "test-vpc-module-02" { subnet_ip = "10.10.40.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, { subnet_name = "test-network-02-subnet-02" subnet_ip = "10.10.50.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, ] diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf index 0c62235f..57d9d7a3 100644 --- a/examples/simple_project/main.tf +++ b/examples/simple_project/main.tf @@ -25,12 +25,14 @@ module "test-vpc-module" { subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, ] diff --git a/main.tf b/main.tf index c0369794..47ffd673 100644 --- a/main.tf +++ b/main.tf @@ -34,6 +34,7 @@ resource "google_compute_subnetwork" "subnetwork" { ip_cidr_range = "${lookup(var.subnets[count.index], "subnet_ip")}" region = "${lookup(var.subnets[count.index], "subnet_region")}" private_ip_google_access = "${lookup(var.subnets[count.index], "subnet_private_access")}" + enable_flow_logs = "${lookup(var.subnets[count.index], "subnet_flow_logs")}" network = "${google_compute_network.network.name}" project = "${var.project_id}" diff --git a/outputs.tf b/outputs.tf index c27d1e44..a56be6e4 100644 --- a/outputs.tf +++ b/outputs.tf @@ -39,6 +39,11 @@ output "subnets_private_access" { description = "Whether the subnets will have access to Google API's without a public IP" } +output "subnets_flow_logs" { + value = "${google_compute_subnetwork.subnetwork.*.enable_flow_logs}" + description = "Whether the subnets will have VPC flow logs enabled" +} + output "subnets_secondary_ranges" { value = "${google_compute_subnetwork.subnetwork.*.secondary_ip_range}" description = "The secondary ranges associated with these subnets" From 679c13c2894a7ee84f9212ab676131759fdc309e Mon Sep 17 00:00:00 2001 From: Andrey Kumanov Date: Sun, 9 Sep 2018 15:40:21 -0700 Subject: [PATCH 2/4] Update README.md for flow logs --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 4144ae3a..5772f50b 100644 --- a/README.md +++ b/README.md @@ -23,12 +23,14 @@ module "vpc" { subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" subnet_private_access = false + subnet_flow_logs = true }, ] @@ -73,6 +75,7 @@ Then perform the following commands on the root folder: | subnets_ips | The IP and cidrs of the subnets being created | | subnets_names | The names of the subnets being created | | subnets_private_access | Whether the subnets will have access to Google API's without a public IP | +| subnet_flow_logs | Whether the subnets will have VPC flow logs enabled | | subnets_regions | The region where the subnets will be created | | subnets_secondary_ranges | The secondary ranges associated with these subnets | From 783b5edf7c7c14cdd531f157ce038fa2909ece99 Mon Sep 17 00:00:00 2001 From: Andrey Kumanov Date: Mon, 10 Sep 2018 17:34:31 -0700 Subject: [PATCH 3/4] Add false default to vpc flow logs and private google access. Updated README.md, examples, and outputs --- README.md | 18 +++++++++++++----- examples/multi_vpc/outputs.tf | 10 ++++++++++ examples/simple_project/main.tf | 4 +--- examples/simple_project/outputs.tf | 5 +++++ examples/simple_project/variables.tf | 1 + main.tf | 4 ++-- outputs.tf | 2 +- 7 files changed, 33 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 5772f50b..bd7ab983 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,12 @@ module "vpc" { subnet_name = "subnet-01" subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" - subnet_private_access = false - subnet_flow_logs = true }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" - subnet_private_access = false + subnet_private_access = true subnet_flow_logs = true }, ] @@ -63,16 +61,26 @@ Then perform the following commands on the root folder: |------|-------------|:----:|:-----:|:-----:| | network_name | The name of the network being created | string | - | yes | | project_id | The ID of the project where this VPC will be created | string | - | yes | -| secondary_ranges | Secondary ranges that will be used in some of the subnets | map | - | yes | | shared_vpc_host | Makes this project a Shared VPC host if 'true' (default 'false') | string | `false` | no | | subnets | The list of subnets being created | list | - | yes | +| secondary_ranges | Secondary ranges that will be used in some of the subnets | map | - | yes | + +### Subnet Inputs +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet_name | The name of the subnet being created | string | - | yes | +| subnet_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet_region | The region where the subnet will be created | string | - | yes | +| subnet_private_access | Whether this subnet will have private Google access enabled | boolean | false | no | +| subnet_flow_logs | Whether the subnet will record and send flow log data to logging | boolean | false | no | ## Outputs | Name | Description | |------|-------------| | network_name | The name of the VPC being created | -| subnets_ips | The IP and cidrs of the subnets being created | +| subnets_ips | The IPs and CIDRs of the subnets being created | | subnets_names | The names of the subnets being created | | subnets_private_access | Whether the subnets will have access to Google API's without a public IP | | subnet_flow_logs | Whether the subnets will have VPC flow logs enabled | diff --git a/examples/multi_vpc/outputs.tf b/examples/multi_vpc/outputs.tf index 2b652bda..d8cdb507 100644 --- a/examples/multi_vpc/outputs.tf +++ b/examples/multi_vpc/outputs.tf @@ -40,6 +40,11 @@ output "network_01_subnets_private_access" { description = "Whether the subnets will have access to Google API's without a public IP on network-01" } +output "network_01_subnets_flow_logs" { + value = "${module.test-vpc-module-01.subnets_flow_logs}" + description = "Whether the subnets will have VPC flow logs enabled" +} + output "network_01_subnets_secondary_ranges" { value = "${module.test-vpc-module-01.subnets_secondary_ranges}" description = "The secondary ranges associated with these subnets on network-01" @@ -71,6 +76,11 @@ output "network_02_subnets_private_access" { description = "Whether the subnets will have access to Google API's without a public IP on network-02" } +output "network_02_subnets_flow_logs" { + value = "${module.test-vpc-module-02.subnets_flow_logs}" + description = "Whether the subnets will have VPC flow logs enabled" +} + output "network_02_subnets_secondary_ranges" { value = "${module.test-vpc-module-02.subnets_secondary_ranges}" description = "The secondary ranges associated with these subnets on network-02" diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf index 57d9d7a3..f9484551 100644 --- a/examples/simple_project/main.tf +++ b/examples/simple_project/main.tf @@ -24,14 +24,12 @@ module "test-vpc-module" { subnet_name = "subnet-01" subnet_ip = "10.10.10.0/24" subnet_region = "us-west1" - subnet_private_access = false - subnet_flow_logs = true }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = "us-west1" - subnet_private_access = false + subnet_private_access = true subnet_flow_logs = true }, ] diff --git a/examples/simple_project/outputs.tf b/examples/simple_project/outputs.tf index 0c25f9b1..86db62e8 100644 --- a/examples/simple_project/outputs.tf +++ b/examples/simple_project/outputs.tf @@ -39,6 +39,11 @@ output "subnets_private_access" { description = "Whether the subnets will have access to Google API's without a public IP" } +output "subnets_flow_logs" { + value = "${module.test-vpc-module.subnets_flow_logs}" + description = "Whether the subnets will have VPC flow logs enabled" +} + output "subnets_secondary_ranges" { value = "${module.test-vpc-module.subnets_secondary_ranges}" description = "The secondary ranges associated with these subnets" diff --git a/examples/simple_project/variables.tf b/examples/simple_project/variables.tf index b69e2b2e..fe45706a 100644 --- a/examples/simple_project/variables.tf +++ b/examples/simple_project/variables.tf @@ -16,4 +16,5 @@ variable "project_id" { description = "The project ID to host the network in" + default="ref-gke-shared-svc" } diff --git a/main.tf b/main.tf index 47ffd673..f5ac5265 100644 --- a/main.tf +++ b/main.tf @@ -33,8 +33,8 @@ resource "google_compute_subnetwork" "subnetwork" { name = "${lookup(var.subnets[count.index], "subnet_name")}" ip_cidr_range = "${lookup(var.subnets[count.index], "subnet_ip")}" region = "${lookup(var.subnets[count.index], "subnet_region")}" - private_ip_google_access = "${lookup(var.subnets[count.index], "subnet_private_access")}" - enable_flow_logs = "${lookup(var.subnets[count.index], "subnet_flow_logs")}" + private_ip_google_access = "${lookup(var.subnets[count.index], "subnet_private_access", false)}" + enable_flow_logs = "${lookup(var.subnets[count.index], "subnet_flow_logs", false)}" network = "${google_compute_network.network.name}" project = "${var.project_id}" diff --git a/outputs.tf b/outputs.tf index a56be6e4..b5fb6d69 100644 --- a/outputs.tf +++ b/outputs.tf @@ -26,7 +26,7 @@ output "subnets_names" { output "subnets_ips" { value = "${google_compute_subnetwork.subnetwork.*.ip_cidr_range}" - description = "The IP and cidrs of the subnets being created" + description = "The IPs and CIDRs of the subnets being created" } output "subnets_regions" { From 65198d9ea001fc960326489616c9de023960439f Mon Sep 17 00:00:00 2001 From: andreyk-code <43050331+andreyk-code@users.noreply.github.com> Date: Mon, 10 Sep 2018 17:38:50 -0700 Subject: [PATCH 4/4] remove test id --- examples/simple_project/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/simple_project/variables.tf b/examples/simple_project/variables.tf index fe45706a..b69e2b2e 100644 --- a/examples/simple_project/variables.tf +++ b/examples/simple_project/variables.tf @@ -16,5 +16,4 @@ variable "project_id" { description = "The project ID to host the network in" - default="ref-gke-shared-svc" }