Changes related to PR review

renato-rudnicki · Dec 27, 2024 · 1557bd0 · 1557bd0
1 parent e9867b6
commit 1557bd0
Show file tree

Hide file tree

Showing 11 changed files with 24 additions and 30 deletions.
diff --git a/3-networks-dual-svpc/envs/production/main.tf b/3-networks-dual-svpc/envs/production/main.tf
@@ -15,7 +15,7 @@
  */
 
 locals {
-  env              = "nonproduction"
+  env              = "production"
   environment_code = substr(local.env, 0, 1)
   /*
    * Base network ranges

diff --git a/3-networks-dual-svpc/modules/base_env/README.md b/3-networks-dual-svpc/modules/base_env/README.md
@@ -57,6 +57,6 @@
 | restricted\_subnets\_names | The names of the subnets being created |
 | restricted\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets |
 | restricted\_subnets\_self\_links | The self-links of subnets being created |
-| target\_name\_server\_addresses | List of IPv4 address of target name servers for the forwarding zone configuration |
+| target\_name\_server\_addresses | List of IPv4 addresses of the target name servers for the forwarding zone configuration. These IP addresses should point to the name server responsible for replying to DNS queries. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/3-networks-dual-svpc/modules/base_env/main.tf b/3-networks-dual-svpc/modules/base_env/main.tf
@@ -169,11 +169,9 @@ locals {
 module "restricted_shared_vpc" {
   source = "../restricted_shared_vpc"
 
-  project_id                 = local.restricted_project_id
-  project_number             = local.restricted_project_number
-  prod_restricted_project_id = local.prod_restricted_project_id
-
-
+  project_id                       = local.restricted_project_id
+  project_number                   = local.restricted_project_number
+  production_restricted_project_id = local.production_restricted_project_id
   environment_code                 = var.environment_code
   access_context_manager_policy_id = var.access_context_manager_policy_id
   restricted_services              = local.restricted_services
@@ -267,7 +265,7 @@ module "base_shared_vpc" {
   source = "../base_shared_vpc"
 
   project_id                   = local.base_project_id
-  production_project_id        = local.prod_base_project_id
+  production_project_id        = local.production_base_project_id
   environment_code             = var.environment_code
   private_service_cidr         = var.base_private_service_cidr
   private_service_connect_ip   = var.base_private_service_connect_ip

diff --git a/3-networks-dual-svpc/modules/base_env/outputs.tf b/3-networks-dual-svpc/modules/base_env/outputs.tf
@@ -16,7 +16,7 @@
 
 output "target_name_server_addresses" {
   value       = var.target_name_server_addresses
-  description = "List of IPv4 address of target name servers for the forwarding zone configuration"
+  description = "List of IPv4 addresses of the target name servers for the forwarding zone configuration. These IP addresses should point to the name server responsible for replying to DNS queries."
 }
 
 

diff --git a/3-networks-dual-svpc/modules/base_env/remote.tf b/3-networks-dual-svpc/modules/base_env/remote.tf
@@ -15,16 +15,15 @@
  */
 
 locals {
-  restricted_project_id        = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_id
-  base_project_id              = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].base_shared_vpc_project_id
-  restricted_project_number    = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_number
-  interconnect_project_number  = data.terraform_remote_state.org.outputs.interconnect_project_number
-  organization_service_account = data.terraform_remote_state.bootstrap.outputs.organization_step_terraform_service_account_email
-  networks_service_account     = data.terraform_remote_state.bootstrap.outputs.networks_step_terraform_service_account_email
-  projects_service_account     = data.terraform_remote_state.bootstrap.outputs.projects_step_terraform_service_account_email
-  prod_restricted_project_id   = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].restricted_shared_vpc_project_id
-  prod_base_project_id         = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].base_shared_vpc_project_id
-
+  restricted_project_id            = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_id
+  base_project_id                  = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].base_shared_vpc_project_id
+  restricted_project_number        = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_number
+  interconnect_project_number      = data.terraform_remote_state.org.outputs.interconnect_project_number
+  organization_service_account     = data.terraform_remote_state.bootstrap.outputs.organization_step_terraform_service_account_email
+  networks_service_account         = data.terraform_remote_state.bootstrap.outputs.networks_step_terraform_service_account_email
+  projects_service_account         = data.terraform_remote_state.bootstrap.outputs.projects_step_terraform_service_account_email
+  production_restricted_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].restricted_shared_vpc_project_id
+  production_base_project_id       = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].base_shared_vpc_project_id
 }
 
 

diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/README.md b/3-networks-dual-svpc/modules/base_shared_vpc/README.md
@@ -19,7 +19,7 @@
 | nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT. | `number` | `2` | no |
 | private\_service\_cidr | CIDR range for private service networking. Used for Cloud SQL and other managed services. | `string` | `null` | no |
 | private\_service\_connect\_ip | Internal IP to be used as the private service connect endpoint | `string` | n/a | yes |
-| production\_project\_id | production project | `string` | `""` | no |
+| production\_project\_id | Project ID for Base Shared. | `string` | `""` | no |
 | project\_id | Project ID for Private Shared VPC. | `string` | n/a | yes |
 | secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
 | subnets | The list of subnets being created | <pre>list(object({<br>    subnet_name                      = string<br>    subnet_ip                        = string<br>    subnet_region                    = string<br>    subnet_private_access            = optional(string, "false")<br>    subnet_private_ipv6_access       = optional(string)<br>    subnet_flow_logs                 = optional(string, "false")<br>    subnet_flow_logs_interval        = optional(string, "INTERVAL_5_SEC")<br>    subnet_flow_logs_sampling        = optional(string, "0.5")<br>    subnet_flow_logs_metadata        = optional(string, "INCLUDE_ALL_METADATA")<br>    subnet_flow_logs_filter          = optional(string, "true")<br>    subnet_flow_logs_metadata_fields = optional(list(string), [])<br>    description                      = optional(string)<br>    purpose                          = optional(string)<br>    role                             = optional(string)<br>    stack_type                       = optional(string)<br>    ipv6_access_type                 = optional(string)<br>  }))</pre> | `[]` | no |

diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/dns.tf b/3-networks-dual-svpc/modules/base_shared_vpc/dns.tf
@@ -44,7 +44,6 @@ module "peering_zone" {
   version = "~> 5.0"
 
   count = var.environment_code != "p" ? 1 : 0
-  #count = var.environment_code != "d" ? 1 : 0
 
   project_id  = var.project_id
   type        = "peering"
@@ -56,7 +55,6 @@ module "peering_zone" {
     module.main.network_self_link
   ]
   target_network = data.google_compute_network.vpc_dns_hub[0].self_link
-  #target_network = data.google_compute_network.vpc_dns_hub.self_link
 }
 
 /******************************************
@@ -66,7 +64,7 @@ module "dns_forwarding_zone" {
   source  = "terraform-google-modules/cloud-dns/google"
   version = "~> 5.0"
 
-  count = var.environment_code == "p" ? 1 : 0 ####added
+  count = var.environment_code == "p" ? 1 : 0
 
   project_id = var.project_id
   type       = "forwarding"

diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/variables.tf b/3-networks-dual-svpc/modules/base_shared_vpc/variables.tf
@@ -26,7 +26,7 @@ variable "base_network_name" {
 }
 
 variable "production_project_id" {
-  description = "production project"
+  description = "Project ID for Base Shared."
   type        = string
   default     = ""
 }

diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/README.md b/3-networks-dual-svpc/modules/restricted_shared_vpc/README.md
@@ -26,7 +26,7 @@
 | nat\_num\_addresses\_region2 | Number of external IPs to reserve for region 2 Cloud NAT. | `number` | `2` | no |
 | private\_service\_cidr | CIDR range for private service networking. Used for Cloud SQL and other managed services. | `string` | `null` | no |
 | private\_service\_connect\_ip | Internal IP to be used as the private service connect endpoint. | `string` | n/a | yes |
-| prod\_restricted\_project\_id | production project | `string` | `""` | no |
+| production\_restricted\_project\_id | Project ID for Restricted Shared. | `string` | `""` | no |
 | project\_id | Project ID for Restricted Shared VPC. | `string` | n/a | yes |
 | project\_number | Project number for Restricted Shared VPC. It is the project INSIDE the regular service perimeter. | `number` | n/a | yes |
 | restricted\_net\_hub\_project\_id | The restricted net hub project ID | `string` | `""` | no |

diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf b/3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf
@@ -36,7 +36,7 @@ data "google_compute_network" "vpc_dns_hub" {
   count = var.environment_code != "p" ? 1 : 0
 
   name    = "vpc-p-shared-restricted"
-  project = var.prod_restricted_project_id
+  project = var.production_restricted_project_id
 }
 
 module "peering_zone" {
@@ -64,7 +64,7 @@ module "dns_forwarding_zone" {
   source  = "terraform-google-modules/cloud-dns/google"
   version = "~> 5.0"
 
-  count = var.environment_code == "p" ? 1 : 0 ####added
+  count = var.environment_code == "p" ? 1 : 0
 
   project_id = var.project_id
   type       = "forwarding"

diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/variables.tf b/3-networks-dual-svpc/modules/restricted_shared_vpc/variables.tf
@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-variable "prod_restricted_project_id" {
-  description = "production project"
+variable "production_restricted_project_id" {
+  description = "Project ID for Restricted Shared."
   type        = string
   default     = ""
 }
@@ -35,7 +35,6 @@ variable "restricted_network_name" {
   type        = string
   description = "The name of the VPC being created"
   default     = ""
-  #default     = module.base_shared_vpc.network_name
 }
 
 variable "access_context_manager_policy_id" {