diff --git a/fast/addons/2-networking-swp/README.md b/fast/addons/2-networking-swp/README.md
index e286895f49..4b12543a54 100644
--- a/fast/addons/2-networking-swp/README.md
+++ b/fast/addons/2-networking-swp/README.md
@@ -136,7 +136,7 @@ terraform init
terraform apply
```
-
+
## Files
diff --git a/fast/addons/2-networking-test/.fast-stage.env b/fast/addons/2-networking-test/.fast-stage.env
new file mode 100644
index 0000000000..b4f7a0aae7
--- /dev/null
+++ b/fast/addons/2-networking-test/.fast-stage.env
@@ -0,0 +1,4 @@
+FAST_STAGE_DESCRIPTION="Test resources networking add-on"
+FAST_STAGE_LEVEL=2
+FAST_STAGE_NAME=networking-test
+FAST_STAGE_DEPS="2-networking"
diff --git a/fast/addons/2-networking-test/README.md b/fast/addons/2-networking-test/README.md
new file mode 100644
index 0000000000..28de8715b7
--- /dev/null
+++ b/fast/addons/2-networking-test/README.md
@@ -0,0 +1,115 @@
+# Network Test Resources
+
+This add-on allows creating an arbitrary number of Compute instances and service accounts, and is designed to simplify testing of the FAST networking stage.
+
+
+- [Design overview and choices](#design-overview-and-choices)
+- [How to run this stage](#how-to-run-this-stage)
+ - [Provider and Terraform variables](#provider-and-terraform-variables)
+ - [Impersonating the automation service account](#impersonating-the-automation-service-account)
+ - [Variable configuration](#variable-configuration)
+ - [Running the stage](#running-the-stage)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+
+
+## Design overview and choices
+
+The add-on is very simple, as it just deals with creating service accounts and instances using pre-existing projects, networks and subnets.
+
+To allow creation of portable configurations, it extensively leverages FAST output variables so that project ids, network ids, regions, and subnet ids can refer to the relevant FAST aliases.
+
+A simple factory is also provided, so that YAML configurations can be used instead of Terraform tfvars.
+
+## How to run this stage
+
+Once the main networking stage has been configured and applied, the following configuration is added the the resource management `fast_addon` variable to create the add-on provider files, and its optional CI/CD resources if those are also required. The add-on name (`networking-test`) is customizable, in case the add-on needs to be run multiple times to create gateways in different projects.
+
+```hcl
+fast_addon = {
+ networking-test = {
+ parent_stage = "2-networking"
+ }
+}
+```
+
+### Provider and Terraform variables
+
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+
+The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following example uses local files but GCS behaves identically.
+
+```bash
+# File linking commands for Test resources networking add-on stage
+
+# provider file
+ln -s ~/fast-config/providers/2-networking-test-providers.tf ./
+
+# input files from other stages
+ln -s ~/fast-config/tfvars/2-networking.auto.tfvars.json ./
+
+# conventional place for stage tfvars (manually created)
+ln -s ~/fast-config/2-networking-test.auto.tfvars ./
+```
+
+If a factory is used and neither the default factory paths nor the resource name prefix in the `name` variable need to be changed, the last file is unnecessary as there's no additional configuration for this add-on.
+
+### Impersonating the automation service account
+
+The preconfigured provider file uses impersonation to run with this stage's automation service account's credentials. The `gcp-devops` and `organization-admins` groups have the necessary IAM bindings in place to do that, so make sure the current user is a member of one of those groups.
+
+### Variable configuration
+
+Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
+
+- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
+- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
+
+The first two sets are defined in the `variables-fast.tf` file, the latter set in the `variables.tf` file. The full list of variables can be found in the [Variables](#variables) table at the bottom of this document.
+
+Once output files are in place, define your addon configuration in a tfvars file if needed (see section above).
+
+### Running the stage
+
+Once provider and variable values are in place and the correct user is configured, the stage can be run:
+
+```bash
+terraform init
+terraform apply
+```
+
+
+
+## Files
+
+| name | description | modules |
+|---|---|---|
+| [context.tf](./context.tf) | FAST context locals | |
+| [factory.tf](./factory.tf) | Factory locals. | |
+| [main.tf](./main.tf) | Module-level locals and resources. | compute-vm · iam-service-account |
+| [outputs.tf](./outputs.tf) | Module outputs. | |
+| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | |
+| [variables.tf](./variables.tf) | Module variables. | |
+
+## Variables
+
+| name | description | type | required | default | producer |
+|---|---|:---:|:---:|:---:|:---:|
+| [factories_config](variables.tf#L17) | Configuration for the resource factories. | object({…}) | | {} | |
+| [host_project_ids](variables-fast.tf#L19) | Networking stage host project id aliases. | map(string) | | {} | 2-networking |
+| [name](variables.tf#L27) | Prefix used for all resource names. | string | | "test" | |
+| [regions](variables-fast.tf#L27) | Region aliases. | map(string) | | {} | 2-networking |
+| [subnet_self_links](variables-fast.tf#L35) | Subnet self links. | map(map(string)) | | {} | 2-networking |
+| [test_instances](variables.tf#L34) | Test instances to be created. | map(object({…})) | | {} | |
+| [test_service_accounts](variables.tf#L52) | Service accounts used by instances. | map(object({…})) | | {} | |
+| [vpc_self_links](variables-fast.tf#L43) | VPC network self links. | map(string) | | {} | 2-networking |
+
+## Outputs
+
+| name | description | sensitive | consumers |
+|---|---|:---:|---|
+| [instance_addresses](outputs.tf#L17) | Instance names and addresses. | | |
+| [instance_ssh](outputs.tf#L24) | Instance SSH commands. | | |
+
diff --git a/fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml b/fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml
new file mode 100644
index 0000000000..d3c081e039
--- /dev/null
+++ b/fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml
@@ -0,0 +1,79 @@
+#cloud-config
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# https://hub.docker.com/r/nginx/nginx/
+# https://nginx.io/manual/toc/#installation
+
+users:
+ - name: nginx
+ uid: 2000
+
+write_files:
+ - path: /var/lib/docker/daemon.json
+ permissions: 0644
+ owner: root
+ content: |
+ {
+ "live-restore": true,
+ "storage-driver": "overlay2",
+ "log-opts": {
+ "max-size": "1024m"
+ }
+ }
+
+ - path: /etc/nginx/nginx.conf
+ permissions: 0644
+ owner: root
+ content: |
+ server {
+ listen 80;
+ listen 8080;
+ listen [::]:80;
+ listen [::]:8080;
+
+ location / {
+ default_type text/plain;
+ expires -1;
+ return 200 'Server address: $server_addr:$server_port\nRemote address: $remote_addr\nServer name: $hostname\nDate: $time_local\nURI: $request_uri\nRequest ID: $request_id\n';
+ }
+ }
+
+ # nginx container service
+ - path: /etc/systemd/system/nginx.service
+ permissions: 0644
+ owner: root
+ content: |
+ [Unit]
+ Description=Start nginx container
+ After=gcr-online.target docker.socket
+ Wants=gcr-online.target docker.socket docker-events-collector.service
+ [Service]
+ Environment="HOME=/home/nginx"
+ ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
+ ExecStart=/usr/bin/docker run --rm --name=nginx \
+ --network host \
+ -v /etc/nginx:/etc/nginx/conf.d \
+ nginxdemos/hello:plain-text
+ ExecStop=/usr/bin/docker stop nginx
+
+bootcmd:
+ - systemctl start node-problem-detector
+
+runcmd:
+ - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+ - iptables -I INPUT 1 -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
+ - systemctl daemon-reload
+ - systemctl start nginx
diff --git a/fast/addons/2-networking-test/context.tf b/fast/addons/2-networking-test/context.tf
new file mode 100644
index 0000000000..9f95ecc734
--- /dev/null
+++ b/fast/addons/2-networking-test/context.tf
@@ -0,0 +1,69 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+# tfdoc:file:description FAST context locals
+
+locals {
+ # extract the map of all subnet ids and their networks
+ _subnet_ids = {
+ for k, v in local._all_instances : v.subnet_id => v.network_id...
+ }
+ # extract attributes from subnet ids
+ _subnet_attrs = {
+ for k, v in local._subnet_ids : k => merge(
+ {
+ id = k
+ network_id = v[0]
+ region = split("/", k)[0]
+ region_alias = lookup(var.regions, split("/", k)[0], null)
+ },
+ !startswith(k, "projects/") ? {} : {
+ region = split("/", k)[3]
+ }
+ )
+ }
+ # recompose subnet ids checking for context substitutions
+ _subnets = {
+ for k, v in local._subnet_attrs : k => merge(v, v.region_alias == null ? {} : {
+ id = try(replace(v.id, v.region, v.region_alias))
+ })
+ }
+ # derive product of instances and zones and expand instance contexts
+ instances = flatten([
+ for k, v in local._all_instances : [
+ for z in v.zones : merge(v, {
+ name = "${var.name}-${k}-${z}"
+ network_id = lookup(var.vpc_self_links, v.network_id, v.network_id)
+ project_id = lookup(var.host_project_ids, v.project_id, v.project_id)
+ subnet_id = try(
+ var.subnet_self_links[v.network_id][local._subnets[v.subnet_id].id],
+ v.subnet_id
+ )
+ zone = "${local._subnets[v.subnet_id].region}-${z}"
+ })
+ ]
+ ])
+ # extract service account emails for easy reference
+ service_account_emails = {
+ for k, v in module.service-accounts : k => v.email
+ }
+ # expand service account projects
+ service_accounts = {
+ for k, v in local._all_service_accounts : k => merge(v, {
+ project_id = lookup(var.host_project_ids, v.project_id, v.project_id)
+ })
+ }
+}
diff --git a/fast/addons/2-networking-test/data/instances/client-0.yaml b/fast/addons/2-networking-test/data/instances/client-0.yaml
new file mode 100644
index 0000000000..905cd76cfb
--- /dev/null
+++ b/fast/addons/2-networking-test/data/instances/client-0.yaml
@@ -0,0 +1,22 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/instance.schema.json
+
+# file name can be overridden via 'name' property if needed
+# name: client-0
+network_id: dev-spoke-0
+project_id: dev-spoke-0
+service_account: client-0
+subnet_id: primary/default
diff --git a/fast/addons/2-networking-test/data/instances/server-0.yaml b/fast/addons/2-networking-test/data/instances/server-0.yaml
new file mode 100644
index 0000000000..c9d2191cc1
--- /dev/null
+++ b/fast/addons/2-networking-test/data/instances/server-0.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/instance.schema.json
+
+# file name can be overridden via 'name' property if needed
+# name: server-0
+network_id: dev-spoke-0
+project_id: dev-spoke-0
+service_account: server-0
+subnet_id: primary/default
+image: projects/cos-cloud/global/images/family/cos-stable
+user_data_file: assets/server-nginx-cloud-config.yaml
\ No newline at end of file
diff --git a/fast/addons/2-networking-test/data/service-accounts/client-0.yaml b/fast/addons/2-networking-test/data/service-accounts/client-0.yaml
new file mode 100644
index 0000000000..f6a79c8cbb
--- /dev/null
+++ b/fast/addons/2-networking-test/data/service-accounts/client-0.yaml
@@ -0,0 +1,20 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/service-account.schema.json
+
+# file name can be overridden via 'name' property if needed
+# name: client-0
+project_id: dev-spoke-0
+display_name: Test client instances service account.
\ No newline at end of file
diff --git a/fast/addons/2-networking-test/data/service-accounts/server-0.yaml b/fast/addons/2-networking-test/data/service-accounts/server-0.yaml
new file mode 100644
index 0000000000..5733113807
--- /dev/null
+++ b/fast/addons/2-networking-test/data/service-accounts/server-0.yaml
@@ -0,0 +1,20 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/service-account.schema.json
+
+# file name can be overridden via 'name' property if needed
+# name: server-0
+project_id: dev-spoke-0
+display_name: Test server instances service account.
\ No newline at end of file
diff --git a/fast/addons/2-networking-test/factory.tf b/fast/addons/2-networking-test/factory.tf
new file mode 100644
index 0000000000..76679e356f
--- /dev/null
+++ b/fast/addons/2-networking-test/factory.tf
@@ -0,0 +1,50 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+# tfdoc:file:description Factory locals.
+
+locals {
+ _factory_i_data = {
+ for f in try(fileset(var.factories_config.instances, "*.yaml"), []) :
+ replace(f, ".yaml", "") => yamldecode(
+ file("${var.factories_config.instances}/${f}")
+ )
+ }
+ _factory_sa_data = {
+ for f in try(fileset(var.factories_config.service_accounts, "*.yaml"), []) :
+ replace(f, ".yaml", "") => yamldecode(
+ file("${var.factories_config.service_accounts}/${f}")
+ )
+ }
+ factory_instances = {
+ for k, v in local._factory_i_data :
+ lookup(v, "name", k) => merge(v, {
+ image = lookup(v, "image", null)
+ metadata = lookup(v, "metadata", {})
+ tags = lookup(v, "tags", ["ssh"])
+ type = lookup(v, "type", "e2-micro")
+ user_data_file = lookup(v, "user_data_file", null)
+ zones = lookup(v, "zones", ["b"])
+ })
+ }
+ factory_service_accounts = {
+ for k, v in local._factory_sa_data :
+ lookup(v, "name", k) => merge(v, {
+ display_name = lookup(v, "display_name", null)
+ iam_project_roles = lookup(v, "iam_project_roles", {})
+ })
+ }
+}
diff --git a/fast/addons/2-networking-test/main.tf b/fast/addons/2-networking-test/main.tf
new file mode 100644
index 0000000000..416bf1ff0f
--- /dev/null
+++ b/fast/addons/2-networking-test/main.tf
@@ -0,0 +1,81 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ # combine factory and variable instances, clean up subnet self links
+ _all_instances = {
+ for k, v in merge(var.test_instances, local.factory_instances) :
+ k => merge(v, {
+ subnet_id = replace(
+ v.subnet_id, "https://www.googleapis.com/compute/v1/", ""
+ )
+ })
+ }
+ _all_service_accounts = merge(
+ var.test_service_accounts, local.factory_service_accounts
+ )
+}
+
+module "service-accounts" {
+ source = "../../../modules/iam-service-account"
+ for_each = local.service_accounts
+ project_id = each.value.project_id
+ name = "${var.name}-${each.key}"
+ display_name = each.value.display_name
+ iam_project_roles = merge(
+ each.value.iam_project_roles,
+ {
+ (each.value.project_id) = distinct(concat(
+ lookup(each.value.iam_project_roles, each.value.project_id, []),
+ [
+ "roles/logging.logWriter",
+ "roles/monitoring.metricWriter"
+ ]
+ ))
+ }
+ )
+}
+
+module "instances" {
+ source = "../../../modules/compute-vm"
+ for_each = { for k in local.instances : k.name => k }
+ project_id = each.value.project_id
+ zone = each.value.zone
+ name = each.key
+ instance_type = each.value.type
+ boot_disk = {
+ initialize_params = {
+ image = each.value.image
+ }
+ }
+ network_interfaces = [{
+ network = each.value.network_id
+ subnetwork = each.value.subnet_id
+ }]
+ tags = each.value.tags
+ metadata = merge(
+ each.value.metadata, each.value.user_data_file == null ? {} : {
+ user-data = file(each.value.user_data_file)
+ }
+ )
+ service_account = {
+ email = lookup(
+ local.service_account_emails,
+ each.value.service_account,
+ each.value.service_account
+ )
+ }
+}
diff --git a/fast/addons/2-networking-test/outputs.tf b/fast/addons/2-networking-test/outputs.tf
new file mode 100644
index 0000000000..2273805f29
--- /dev/null
+++ b/fast/addons/2-networking-test/outputs.tf
@@ -0,0 +1,31 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "instance_addresses" {
+ description = "Instance names and addresses."
+ value = {
+ for k, v in module.instances : k => v.internal_ip
+ }
+}
+
+output "instance_ssh" {
+ description = "Instance SSH commands."
+ value = {
+ for k, v in module.instances : k => (
+ "gcloud compute ssh ${k} --project ${v.instance.project} --zone ${v.instance.zone}"
+ )
+ }
+}
diff --git a/fast/addons/2-networking-test/schemas/instance.schema.json b/fast/addons/2-networking-test/schemas/instance.schema.json
new file mode 100644
index 0000000000..f0a5f9fe18
--- /dev/null
+++ b/fast/addons/2-networking-test/schemas/instance.schema.json
@@ -0,0 +1,64 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Instance",
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "project_id",
+ "network_id",
+ "service_account",
+ "subnet_id"
+ ],
+ "properties": {
+ "project_id": {
+ "type": "string"
+ },
+ "network_id": {
+ "type": "string"
+ },
+ "service_account": {
+ "type": "string"
+ },
+ "subnet_id": {
+ "type": "string"
+ },
+ "image": {
+ "type": "string"
+ },
+ "metadata": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "nullable": true
+ },
+ "name": {
+ "type": "string"
+ },
+ "tags": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "default": [
+ "ssh"
+ ]
+ },
+ "type": {
+ "type": "string",
+ "default": "e2-micro"
+ },
+ "user_data_file": {
+ "type": "string"
+ },
+ "zones": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "default": [
+ "b"
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/fast/addons/2-networking-test/schemas/service-account.schema.json b/fast/addons/2-networking-test/schemas/service-account.schema.json
new file mode 100644
index 0000000000..d2eaea4170
--- /dev/null
+++ b/fast/addons/2-networking-test/schemas/service-account.schema.json
@@ -0,0 +1,32 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Service Account",
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "project_id"
+ ],
+ "properties": {
+ "project_id": {
+ "type": "string"
+ },
+ "display_name": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "iam_project_roles": {
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^[a-z0-9-]+$": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/fast/addons/2-networking-test/variables-fast.tf b/fast/addons/2-networking-test/variables-fast.tf
new file mode 100644
index 0000000000..4b5595e40f
--- /dev/null
+++ b/fast/addons/2-networking-test/variables-fast.tf
@@ -0,0 +1,49 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+# tfdoc:file:description FAST stage interface.
+
+variable "host_project_ids" {
+ # tfdoc:variable:source 2-networking
+ description = "Networking stage host project id aliases."
+ type = map(string)
+ nullable = false
+ default = {}
+}
+
+variable "regions" {
+ # tfdoc:variable:source 2-networking
+ description = "Region aliases."
+ type = map(string)
+ nullable = false
+ default = {}
+}
+
+variable "subnet_self_links" {
+ # tfdoc:variable:source 2-networking
+ description = "Subnet self links."
+ type = map(map(string))
+ nullable = false
+ default = {}
+}
+
+variable "vpc_self_links" {
+ # tfdoc:variable:source 2-networking
+ description = "VPC network self links."
+ type = map(string)
+ nullable = false
+ default = {}
+}
diff --git a/fast/addons/2-networking-test/variables.tf b/fast/addons/2-networking-test/variables.tf
new file mode 100644
index 0000000000..fba0972bde
--- /dev/null
+++ b/fast/addons/2-networking-test/variables.tf
@@ -0,0 +1,61 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "factories_config" {
+ description = "Configuration for the resource factories."
+ type = object({
+ instances = optional(string, "data/instances")
+ service_accounts = optional(string, "data/service-accounts")
+ })
+ nullable = false
+ default = {}
+}
+
+variable "name" {
+ description = "Prefix used for all resource names."
+ type = string
+ nullable = true
+ default = "test"
+}
+
+variable "test_instances" {
+ description = "Test instances to be created."
+ type = map(object({
+ project_id = string
+ network_id = string
+ service_account = string
+ subnet_id = string
+ image = optional(string)
+ metadata = optional(map(string), {})
+ tags = optional(list(string), ["ssh"])
+ type = optional(string, "e2-micro")
+ user_data_file = optional(string)
+ zones = optional(list(string), ["b"])
+ }))
+ nullable = false
+ default = {}
+}
+
+variable "test_service_accounts" {
+ description = "Service accounts used by instances."
+ type = map(object({
+ project_id = string
+ display_name = optional(string)
+ iam_project_roles = optional(map(list(string)), {})
+ }))
+ nullable = false
+ default = {}
+}
diff --git a/fast/stages/2-networking-a-simple/README.md b/fast/stages/2-networking-a-simple/README.md
index 926209c9ad..37dbc95b5a 100644
--- a/fast/stages/2-networking-a-simple/README.md
+++ b/fast/stages/2-networking-a-simple/README.md
@@ -490,7 +490,6 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [spoke-ncc.tf](./spoke-ncc.tf) | Peerings between landing and spokes. | | google_network_connectivity_hub · google_network_connectivity_spoke |
| [spoke-peerings.tf](./spoke-peerings.tf) | Peerings between landing and spokes. | net-vpc-peering | |
| [spoke-vpns.tf](./spoke-vpns.tf) | VPN between landing and spokes. | net-vpn-ha | |
-| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | |
| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
@@ -505,20 +504,19 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [folder_ids](variables-fast.tf#L66) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. | object({…}) | ✓ | | 1-resman |
| [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-bootstrap |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | |
-| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | |
| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap |
-| [dns](variables.tf#L48) | DNS configuration. | object({…}) | | {} | |
-| [essential_contacts](variables.tf#L57) | Email used for essential contacts, unset if null. | string | | null | |
-| [factories_config](variables.tf#L63) | Configuration for network resource factories. | object({…}) | | {} | |
-| [outputs_location](variables.tf#L84) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [psa_ranges](variables.tf#L90) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | {} | |
-| [regions](variables.tf#L110) | Region definitions. | object({…}) | | {…} | |
+| [dns](variables.tf#L42) | DNS configuration. | object({…}) | | {} | |
+| [essential_contacts](variables.tf#L51) | Email used for essential contacts, unset if null. | string | | null | |
+| [factories_config](variables.tf#L57) | Configuration for network resource factories. | object({…}) | | {} | |
+| [outputs_location](variables.tf#L78) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [psa_ranges](variables.tf#L84) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | {} | |
+| [regions](variables.tf#L104) | Region definitions. | object({…}) | | {…} | |
| [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | map(string) | | {} | 2-networking-ngfw |
-| [spoke_configs](variables.tf#L122) | Spoke connectivity configurations. | object({…}) | | {…} | |
+| [spoke_configs](variables.tf#L116) | Spoke connectivity configurations. | object({…}) | | {…} | |
| [stage_config](variables-fast.tf#L94) | FAST stage configuration. | object({…}) | | {} | 1-resman |
| [tag_values](variables-fast.tf#L108) | Root-level tag values. | map(string) | | {} | 1-resman |
-| [vpc_configs](variables.tf#L191) | Optional VPC network configurations. | object({…}) | | {} | |
-| [vpn_onprem_primary_config](variables.tf#L244) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
+| [vpc_configs](variables.tf#L185) | Optional VPC network configurations. | object({…}) | | {} | |
+| [vpn_onprem_primary_config](variables.tf#L238) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
## Outputs
@@ -527,8 +525,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [cloud_dns_inbound_policy](outputs.tf#L88) | IP Addresses for Cloud DNS inbound policy. | | |
| [host_project_ids](outputs.tf#L93) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L98) | Network project numbers. | | |
-| [ping_commands](outputs.tf#L103) | Ping commands for test instances to be run to check VPC reachability. | | |
-| [shared_vpc_self_links](outputs.tf#L108) | Shared VPC host projects. | | |
-| [tfvars](outputs.tf#L113) | Terraform variables file for the following stages. | ✓ | |
-| [vpn_gateway_endpoints](outputs.tf#L119) | External IP Addresses for the GCP VPN gateways. | | |
+| [shared_vpc_self_links](outputs.tf#L103) | Shared VPC host projects. | | |
+| [tfvars](outputs.tf#L108) | Terraform variables file for the following stages. | ✓ | |
+| [vpn_gateway_endpoints](outputs.tf#L114) | External IP Addresses for the GCP VPN gateways. | | |
diff --git a/fast/stages/2-networking-a-simple/outputs.tf b/fast/stages/2-networking-a-simple/outputs.tf
index 092028f1d1..a339678365 100644
--- a/fast/stages/2-networking-a-simple/outputs.tf
+++ b/fast/stages/2-networking-a-simple/outputs.tf
@@ -100,11 +100,6 @@ output "host_project_numbers" {
value = local.host_project_numbers
}
-output "ping_commands" {
- description = "Ping commands for test instances to be run to check VPC reachability."
- value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : ""
-}
-
output "shared_vpc_self_links" {
description = "Shared VPC host projects."
value = local.vpc_self_links
diff --git a/fast/stages/2-networking-a-simple/test-resources.tf b/fast/stages/2-networking-a-simple/test-resources.tf
deleted file mode 100644
index 16b16662a8..0000000000
--- a/fast/stages/2-networking-a-simple/test-resources.tf
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Copyright 2024 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-# tfdoc:file:description Temporary instances for testing
-
-locals {
- test-vms = var.create_test_instances != true ? {} : merge(
- {
- dev-spoke-primary = {
- region = var.regions.primary
- project_id = module.dev-spoke-project.project_id
- zone = "b"
- network = module.dev-spoke-vpc.self_link
- subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default"]
- }
- prod-spoke-primary = {
- region = var.regions.primary
- project_id = module.prod-spoke-project.project_id
- zone = "b"
- network = module.prod-spoke-vpc.self_link
- subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.primary}/prod-default"]
- }
- },
- local.spoke_connection == "ncc" ? {} :
- {
- landing-primary = {
- region = var.regions.primary
- project_id = module.landing-project.project_id
- zone = "b"
- network = module.landing-vpc.self_link
- subnetwork = module.landing-vpc.subnet_self_links["${var.regions.primary}/landing-default"]
- }
- })
-}
-
-module "test-vms" {
- for_each = local.test-vms
- # for_each = {}
- source = "../../../modules/compute-vm"
- project_id = each.value.project_id
- zone = "${each.value.region}-${each.value.zone}"
- name = "test-vm-${each.key}"
- network_interfaces = [{
- network = each.value.network
- # change the subnet name to match the values you are actually using
- subnetwork = each.value.subnetwork
- }]
- instance_type = "e2-micro"
- tags = ["ssh"]
- boot_disk = {
- initialize_params = {
- image = "projects/debian-cloud/global/images/family/debian-11"
- }
- }
- options = {
- spot = true
- termination_action = "STOP"
- }
- metadata = {
- startup-script = <simple-nva | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | |
| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
@@ -566,22 +565,21 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [folder_ids](variables-fast.tf#L66) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. | object({…}) | ✓ | | 1-resman |
| [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-bootstrap |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | |
-| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | |
| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap |
-| [dns](variables.tf#L48) | DNS configuration. | object({…}) | | {} | |
-| [essential_contacts](variables.tf#L57) | Email used for essential contacts, unset if null. | string | | null | |
-| [factories_config](variables.tf#L63) | Configuration for network resource factories. | object({…}) | | {} | |
-| [gcp_ranges](variables.tf#L84) | GCP address ranges in name => range format. | map(string) | | {…} | |
-| [network_mode](variables.tf#L101) | Selection of the network design to deploy. | string | | "simple" | |
-| [outputs_location](variables.tf#L112) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [psa_ranges](variables.tf#L118) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
-| [regions](variables.tf#L138) | Region definitions. | object({…}) | | {…} | |
+| [dns](variables.tf#L42) | DNS configuration. | object({…}) | | {} | |
+| [essential_contacts](variables.tf#L51) | Email used for essential contacts, unset if null. | string | | null | |
+| [factories_config](variables.tf#L57) | Configuration for network resource factories. | object({…}) | | {} | |
+| [gcp_ranges](variables.tf#L78) | GCP address ranges in name => range format. | map(string) | | {…} | |
+| [network_mode](variables.tf#L95) | Selection of the network design to deploy. | string | | "simple" | |
+| [outputs_location](variables.tf#L106) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [psa_ranges](variables.tf#L112) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
+| [regions](variables.tf#L132) | Region definitions. | object({…}) | | {…} | |
| [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | map(string) | | {} | 2-networking-ngfw |
| [stage_config](variables-fast.tf#L94) | FAST stage configuration. | object({…}) | | {} | 1-resman |
| [tag_values](variables-fast.tf#L108) | Root-level tag values. | map(string) | | {} | 1-resman |
-| [vpc_configs](variables.tf#L150) | Optional VPC network configurations. | object({…}) | | {} | |
-| [vpn_onprem_primary_config](variables.tf#L233) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
-| [vpn_onprem_secondary_config](variables.tf#L276) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
+| [vpc_configs](variables.tf#L144) | Optional VPC network configurations. | object({…}) | | {} | |
+| [vpn_onprem_primary_config](variables.tf#L227) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
+| [vpn_onprem_secondary_config](variables.tf#L270) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
## Outputs
@@ -589,8 +587,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|---|---|:---:|---|
| [host_project_ids](outputs.tf#L107) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L112) | Network project numbers. | | |
-| [ping_commands](outputs.tf#L117) | Ping commands for test instances to be run to check VPC reachability. | | |
-| [shared_vpc_self_links](outputs.tf#L122) | Shared VPC host projects. | | |
-| [tfvars](outputs.tf#L127) | Terraform variables file for the following stages. | ✓ | |
-| [vpn_gateway_endpoints](outputs.tf#L133) | External IP Addresses for the GCP VPN gateways. | | |
+| [shared_vpc_self_links](outputs.tf#L117) | Shared VPC host projects. | | |
+| [tfvars](outputs.tf#L122) | Terraform variables file for the following stages. | ✓ | |
+| [vpn_gateway_endpoints](outputs.tf#L128) | External IP Addresses for the GCP VPN gateways. | | |
diff --git a/fast/stages/2-networking-b-nva/outputs.tf b/fast/stages/2-networking-b-nva/outputs.tf
index 6969be18a9..ef4a4f0e1f 100644
--- a/fast/stages/2-networking-b-nva/outputs.tf
+++ b/fast/stages/2-networking-b-nva/outputs.tf
@@ -114,11 +114,6 @@ output "host_project_numbers" {
value = local.host_project_numbers
}
-output "ping_commands" {
- description = "Ping commands for test instances to be run to check VPC reachability."
- value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : ""
-}
-
output "shared_vpc_self_links" {
description = "Shared VPC host projects."
value = local.vpc_self_links
diff --git a/fast/stages/2-networking-b-nva/test-resources.tf b/fast/stages/2-networking-b-nva/test-resources.tf
deleted file mode 100644
index ff510b12af..0000000000
--- a/fast/stages/2-networking-b-nva/test-resources.tf
+++ /dev/null
@@ -1,141 +0,0 @@
-/**
- * Copyright 2024 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-# tfdoc:file:description Temporary instances for testing
-
-locals {
- test-vms = merge(
- {
- dev-spoke-primary = {
- network = module.dev-spoke-vpc.self_link
- project_id = module.dev-spoke-project.project_id
- region = var.regions.primary
- subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default"]
- tags = [local.region_shortnames[var.regions.primary]]
- zone = "b"
- }
- dev-spoke-secondary = {
- network = module.dev-spoke-vpc.self_link
- project_id = module.dev-spoke-project.project_id
- region = var.regions.secondary
- subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.secondary}/dev-default"]
- tags = [local.region_shortnames[var.regions.secondary]]
- zone = "b"
- }
- dmz-primary = {
- network = module.dmz-vpc.self_link
- project_id = module.landing-project.project_id
- region = var.regions.primary
- subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.primary}/dmz-default"]
- tags = [local.region_shortnames[var.regions.primary]]
- zone = "b"
- }
- dmz-secondary = {
- network = module.dmz-vpc.self_link
- project_id = module.landing-project.project_id
- region = var.regions.secondary
- subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.secondary}/dmz-default"]
- tags = [local.region_shortnames[var.regions.secondary]]
- zone = "b"
- }
- landing-primary = {
- network = module.landing-vpc.self_link
- project_id = module.landing-project.project_id
- region = var.regions.primary
- subnetwork = module.landing-vpc.subnet_self_links["${var.regions.primary}/landing-default"]
- tags = [local.region_shortnames[var.regions.primary]]
- zone = "b"
- }
- landing-secondary = {
- network = module.landing-vpc.self_link
- project_id = module.landing-project.project_id
- region = var.regions.secondary
- subnetwork = module.landing-vpc.subnet_self_links["${var.regions.secondary}/landing-default"]
- tags = [local.region_shortnames[var.regions.secondary]]
- zone = "b"
- }
- prod-spoke-primary = {
- network = module.prod-spoke-vpc.self_link
- project_id = module.prod-spoke-project.project_id
- region = var.regions.primary
- subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.primary}/prod-default"]
- tags = [local.region_shortnames[var.regions.primary]]
- zone = "b"
- }
- prod-spoke-secondary = {
- network = module.prod-spoke-vpc.self_link
- project_id = module.prod-spoke-project.project_id
- region = var.regions.secondary
- subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.secondary}/prod-default"]
- tags = [local.region_shortnames[var.regions.secondary]]
- zone = "b"
- }
- },
- (var.network_mode == "regional_vpc") ?
- {
- regional-vpc-primary = {
- network = module.regional-primary-vpc[0].self_link
- project_id = module.landing-project.project_id
- region = var.regions.primary
- subnetwork = module.regional-primary-vpc[0].subnet_self_links["${var.regions.primary}/regional-default"]
- tags = [local.region_shortnames[var.regions.primary]]
- zone = "b"
- }
- regional-vpc-secondary = {
- network = module.regional-secondary-vpc[0].self_link
- project_id = module.landing-project.project_id
- region = var.regions.secondary
- subnetwork = module.regional-secondary-vpc[0].subnet_self_links["${var.regions.secondary}/regional-default"]
- tags = [local.region_shortnames[var.regions.secondary]]
- zone = "b"
- }
- } : {}
- )
-}
-
-module "test-vms" {
- for_each = var.create_test_instances ? local.test-vms : {}
- # for_each = {}
- source = "../../../modules/compute-vm"
- project_id = each.value.project_id
- zone = "${each.value.region}-${each.value.zone}"
- name = "test-vm-${each.key}"
- network_interfaces = [{
- network = each.value.network
- # change the subnet name to match the values you are actually using
- subnetwork = each.value.subnetwork
- }]
- instance_type = "e2-micro"
- tags = concat(
- ["ssh"],
- each.value.tags == null ? [] : each.value.tags
- )
- boot_disk = {
- initialize_params = {
- image = "projects/debian-cloud/global/images/family/debian-11"
- }
- }
- options = {
- spot = true
- termination_action = "STOP"
- }
- metadata = {
- startup-script = <net-cloudnat · net-firewall-policy · net-vpc · net-vpc-firewall · project | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | compute-vm | |
| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
diff --git a/fast/stages/2-networking-c-separate-envs/test-resources.tf b/fast/stages/2-networking-c-separate-envs/test-resources.tf
deleted file mode 100644
index 55c42c2510..0000000000
--- a/fast/stages/2-networking-c-separate-envs/test-resources.tf
+++ /dev/null
@@ -1,83 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-# tfdoc:file:description Temporary instances for testing
-
-# module "test-vm-dev-0" {
-# source = "../../../modules/compute-vm"
-# project_id = module.dev-spoke-project.project_id
-# zone = "${var.regions.primary}-b"
-# name = "test-vm-0"
-# network_interfaces = [{
-# network = module.dev-spoke-vpc.self_link
-# # change the subnet name to match the values you are actually using
-# subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default-${local.region_shortnames[var.regions.primary]}"]
-# alias_ips = {}
-# nat = false
-# addresses = null
-# }]
-# tags = ["ssh"]
-# service_account_create = true
-# boot_disk = {
-# image = "projects/debian-cloud/global/images/family/debian-10"
-# type = "pd-balanced"
-# size = 10
-# }
-# options = {
-# allow_stopping_for_update = true
-# deletion_protection = false
-# spot = true
-# }
-# metadata = {
-# startup-script = <