diff --git a/3-networks-dual-svpc/envs/production/main.tf b/3-networks-dual-svpc/envs/production/main.tf index 6505a4478..233cafe53 100644 --- a/3-networks-dual-svpc/envs/production/main.tf +++ b/3-networks-dual-svpc/envs/production/main.tf @@ -15,7 +15,7 @@ */ locals { - env = "nonproduction" + env = "production" environment_code = substr(local.env, 0, 1) /* * Base network ranges diff --git a/3-networks-dual-svpc/modules/base_env/README.md b/3-networks-dual-svpc/modules/base_env/README.md index 596c740e5..4ce102cfc 100644 --- a/3-networks-dual-svpc/modules/base_env/README.md +++ b/3-networks-dual-svpc/modules/base_env/README.md @@ -57,6 +57,6 @@ | restricted\_subnets\_names | The names of the subnets being created | | restricted\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets | | restricted\_subnets\_self\_links | The self-links of subnets being created | -| target\_name\_server\_addresses | List of IPv4 address of target name servers for the forwarding zone configuration | +| target\_name\_server\_addresses | List of IPv4 addresses of the target name servers for the forwarding zone configuration. These IP addresses should point to the name server responsible for replying to DNS queries. | diff --git a/3-networks-dual-svpc/modules/base_env/main.tf b/3-networks-dual-svpc/modules/base_env/main.tf index 941b0f653..c5679eea7 100644 --- a/3-networks-dual-svpc/modules/base_env/main.tf +++ b/3-networks-dual-svpc/modules/base_env/main.tf @@ -169,11 +169,9 @@ locals { module "restricted_shared_vpc" { source = "../restricted_shared_vpc" - project_id = local.restricted_project_id - project_number = local.restricted_project_number - prod_restricted_project_id = local.prod_restricted_project_id - - + project_id = local.restricted_project_id + project_number = local.restricted_project_number + production_restricted_project_id = local.production_restricted_project_id environment_code = var.environment_code access_context_manager_policy_id = var.access_context_manager_policy_id restricted_services = local.restricted_services @@ -267,7 +265,7 @@ module "base_shared_vpc" { source = "../base_shared_vpc" project_id = local.base_project_id - production_project_id = local.prod_base_project_id + production_project_id = local.production_base_project_id environment_code = var.environment_code private_service_cidr = var.base_private_service_cidr private_service_connect_ip = var.base_private_service_connect_ip diff --git a/3-networks-dual-svpc/modules/base_env/outputs.tf b/3-networks-dual-svpc/modules/base_env/outputs.tf index fd3a574fb..c67e52119 100644 --- a/3-networks-dual-svpc/modules/base_env/outputs.tf +++ b/3-networks-dual-svpc/modules/base_env/outputs.tf @@ -16,7 +16,7 @@ output "target_name_server_addresses" { value = var.target_name_server_addresses - description = "List of IPv4 address of target name servers for the forwarding zone configuration" + description = "List of IPv4 addresses of the target name servers for the forwarding zone configuration. These IP addresses should point to the name server responsible for replying to DNS queries." } diff --git a/3-networks-dual-svpc/modules/base_env/remote.tf b/3-networks-dual-svpc/modules/base_env/remote.tf index fea9bb6e7..80db5b34a 100644 --- a/3-networks-dual-svpc/modules/base_env/remote.tf +++ b/3-networks-dual-svpc/modules/base_env/remote.tf @@ -15,16 +15,15 @@ */ locals { - restricted_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_id - base_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].base_shared_vpc_project_id - restricted_project_number = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_number - interconnect_project_number = data.terraform_remote_state.org.outputs.interconnect_project_number - organization_service_account = data.terraform_remote_state.bootstrap.outputs.organization_step_terraform_service_account_email - networks_service_account = data.terraform_remote_state.bootstrap.outputs.networks_step_terraform_service_account_email - projects_service_account = data.terraform_remote_state.bootstrap.outputs.projects_step_terraform_service_account_email - prod_restricted_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].restricted_shared_vpc_project_id - prod_base_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].base_shared_vpc_project_id - + restricted_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_id + base_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].base_shared_vpc_project_id + restricted_project_number = data.terraform_remote_state.org.outputs.shared_vpc_projects[var.env].restricted_shared_vpc_project_number + interconnect_project_number = data.terraform_remote_state.org.outputs.interconnect_project_number + organization_service_account = data.terraform_remote_state.bootstrap.outputs.organization_step_terraform_service_account_email + networks_service_account = data.terraform_remote_state.bootstrap.outputs.networks_step_terraform_service_account_email + projects_service_account = data.terraform_remote_state.bootstrap.outputs.projects_step_terraform_service_account_email + production_restricted_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].restricted_shared_vpc_project_id + production_base_project_id = data.terraform_remote_state.org.outputs.shared_vpc_projects["production"].base_shared_vpc_project_id } diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/README.md b/3-networks-dual-svpc/modules/base_shared_vpc/README.md index 8c9187057..1372cc47e 100644 --- a/3-networks-dual-svpc/modules/base_shared_vpc/README.md +++ b/3-networks-dual-svpc/modules/base_shared_vpc/README.md @@ -19,7 +19,7 @@ | nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT. | `number` | `2` | no | | private\_service\_cidr | CIDR range for private service networking. Used for Cloud SQL and other managed services. | `string` | `null` | no | | private\_service\_connect\_ip | Internal IP to be used as the private service connect endpoint | `string` | n/a | yes | -| production\_project\_id | production project | `string` | `""` | no | +| production\_project\_id | Project ID for Base Shared. | `string` | `""` | no | | project\_id | Project ID for Private Shared VPC. | `string` | n/a | yes | | secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no | | subnets | The list of subnets being created | 
list(object({
    subnet_name                      = string
    subnet_ip                        = string
    subnet_region                    = string
    subnet_private_access            = optional(string, "false")
    subnet_private_ipv6_access       = optional(string)
    subnet_flow_logs                 = optional(string, "false")
    subnet_flow_logs_interval        = optional(string, "INTERVAL_5_SEC")
    subnet_flow_logs_sampling        = optional(string, "0.5")
    subnet_flow_logs_metadata        = optional(string, "INCLUDE_ALL_METADATA")
    subnet_flow_logs_filter          = optional(string, "true")
    subnet_flow_logs_metadata_fields = optional(list(string), [])
    description                      = optional(string)
    purpose                          = optional(string)
    role                             = optional(string)
    stack_type                       = optional(string)
    ipv6_access_type                 = optional(string)
  }))
| `[]` | no | diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/dns.tf b/3-networks-dual-svpc/modules/base_shared_vpc/dns.tf index 5f37d7f56..9ed5abc34 100644 --- a/3-networks-dual-svpc/modules/base_shared_vpc/dns.tf +++ b/3-networks-dual-svpc/modules/base_shared_vpc/dns.tf @@ -44,7 +44,6 @@ module "peering_zone" { version = "~> 5.0" count = var.environment_code != "p" ? 1 : 0 - #count = var.environment_code != "d" ? 1 : 0 project_id = var.project_id type = "peering" @@ -56,7 +55,6 @@ module "peering_zone" { module.main.network_self_link ] target_network = data.google_compute_network.vpc_dns_hub[0].self_link - #target_network = data.google_compute_network.vpc_dns_hub.self_link } /****************************************** @@ -66,7 +64,7 @@ module "dns_forwarding_zone" { source = "terraform-google-modules/cloud-dns/google" version = "~> 5.0" - count = var.environment_code == "p" ? 1 : 0 ####added + count = var.environment_code == "p" ? 1 : 0 project_id = var.project_id type = "forwarding" diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/variables.tf b/3-networks-dual-svpc/modules/base_shared_vpc/variables.tf index 7da2f0901..5afba9883 100644 --- a/3-networks-dual-svpc/modules/base_shared_vpc/variables.tf +++ b/3-networks-dual-svpc/modules/base_shared_vpc/variables.tf @@ -26,7 +26,7 @@ variable "base_network_name" { } variable "production_project_id" { - description = "production project" + description = "Project ID for Base Shared." type = string default = "" } diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/README.md b/3-networks-dual-svpc/modules/restricted_shared_vpc/README.md index ef6dd02de..f0937fcb1 100644 --- a/3-networks-dual-svpc/modules/restricted_shared_vpc/README.md +++ b/3-networks-dual-svpc/modules/restricted_shared_vpc/README.md @@ -26,7 +26,7 @@ | nat\_num\_addresses\_region2 | Number of external IPs to reserve for region 2 Cloud NAT. | `number` | `2` | no | | private\_service\_cidr | CIDR range for private service networking. Used for Cloud SQL and other managed services. | `string` | `null` | no | | private\_service\_connect\_ip | Internal IP to be used as the private service connect endpoint. | `string` | n/a | yes | -| prod\_restricted\_project\_id | production project | `string` | `""` | no | +| production\_restricted\_project\_id | Project ID for Restricted Shared. | `string` | `""` | no | | project\_id | Project ID for Restricted Shared VPC. | `string` | n/a | yes | | project\_number | Project number for Restricted Shared VPC. It is the project INSIDE the regular service perimeter. | `number` | n/a | yes | | restricted\_net\_hub\_project\_id | The restricted net hub project ID | `string` | `""` | no | diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf b/3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf index ee45c198a..2d07d80a9 100644 --- a/3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf +++ b/3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf @@ -36,7 +36,7 @@ data "google_compute_network" "vpc_dns_hub" { count = var.environment_code != "p" ? 1 : 0 name = "vpc-p-shared-restricted" - project = var.prod_restricted_project_id + project = var.production_restricted_project_id } module "peering_zone" { @@ -64,7 +64,7 @@ module "dns_forwarding_zone" { source = "terraform-google-modules/cloud-dns/google" version = "~> 5.0" - count = var.environment_code == "p" ? 1 : 0 ####added + count = var.environment_code == "p" ? 1 : 0 project_id = var.project_id type = "forwarding" diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/variables.tf b/3-networks-dual-svpc/modules/restricted_shared_vpc/variables.tf index 7e707e13d..f73965b07 100644 --- a/3-networks-dual-svpc/modules/restricted_shared_vpc/variables.tf +++ b/3-networks-dual-svpc/modules/restricted_shared_vpc/variables.tf @@ -14,8 +14,8 @@ * limitations under the License. */ -variable "prod_restricted_project_id" { - description = "production project" +variable "production_restricted_project_id" { + description = "Project ID for Restricted Shared." type = string default = "" } @@ -35,7 +35,6 @@ variable "restricted_network_name" { type = string description = "The name of the VPC being created" default = "" - #default = module.base_shared_vpc.network_name } variable "access_context_manager_policy_id" {