From 6aed84f070476c4105b76d92307587781a8358cf Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Mon, 20 Jan 2025 09:41:35 +0100 Subject: [PATCH] FAST add-on for networking test resources (#2825) * needs testing * add-on README, test, remove test resources from net stages * tfdoc --- fast/addons/2-networking-swp/README.md | 2 +- fast/addons/2-networking-test/.fast-stage.env | 4 + fast/addons/2-networking-test/README.md | 115 ++++++++++++++ .../assets/server-nginx-cloud-config.yaml | 79 ++++++++++ fast/addons/2-networking-test/context.tf | 69 +++++++++ .../data/instances/client-0.yaml | 22 +++ .../data/instances/server-0.yaml | 24 +++ .../data/service-accounts/client-0.yaml | 20 +++ .../data/service-accounts/server-0.yaml | 20 +++ fast/addons/2-networking-test/factory.tf | 50 +++++++ fast/addons/2-networking-test/main.tf | 81 ++++++++++ fast/addons/2-networking-test/outputs.tf | 31 ++++ .../schemas/instance.schema.json | 64 ++++++++ .../schemas/service-account.schema.json | 32 ++++ .../2-networking-test/variables-fast.tf | 49 ++++++ fast/addons/2-networking-test/variables.tf | 61 ++++++++ fast/stages/2-networking-a-simple/README.md | 27 ++-- fast/stages/2-networking-a-simple/outputs.tf | 5 - .../2-networking-a-simple/test-resources.tf | 78 ---------- .../stages/2-networking-a-simple/variables.tf | 6 - fast/stages/2-networking-b-nva/README.md | 31 ++-- fast/stages/2-networking-b-nva/outputs.tf | 5 - .../2-networking-b-nva/test-resources.tf | 141 ------------------ fast/stages/2-networking-b-nva/variables.tf | 6 - .../2-networking-c-separate-envs/README.md | 1 - .../test-resources.tf | 83 ----------- .../addons/a2_networking_test/__init__.py | 13 ++ .../addons/a2_networking_test/simple.tfvars | 14 ++ .../addons/a2_networking_test/simple.yaml | 20 +++ .../addons/a2_networking_test/tftest.yaml | 18 +++ 30 files changed, 813 insertions(+), 358 deletions(-) create mode 100644 fast/addons/2-networking-test/.fast-stage.env create mode 100644 fast/addons/2-networking-test/README.md create mode 100644 fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml create mode 100644 fast/addons/2-networking-test/context.tf create mode 100644 fast/addons/2-networking-test/data/instances/client-0.yaml create mode 100644 fast/addons/2-networking-test/data/instances/server-0.yaml create mode 100644 fast/addons/2-networking-test/data/service-accounts/client-0.yaml create mode 100644 fast/addons/2-networking-test/data/service-accounts/server-0.yaml create mode 100644 fast/addons/2-networking-test/factory.tf create mode 100644 fast/addons/2-networking-test/main.tf create mode 100644 fast/addons/2-networking-test/outputs.tf create mode 100644 fast/addons/2-networking-test/schemas/instance.schema.json create mode 100644 fast/addons/2-networking-test/schemas/service-account.schema.json create mode 100644 fast/addons/2-networking-test/variables-fast.tf create mode 100644 fast/addons/2-networking-test/variables.tf delete mode 100644 fast/stages/2-networking-a-simple/test-resources.tf delete mode 100644 fast/stages/2-networking-b-nva/test-resources.tf delete mode 100644 fast/stages/2-networking-c-separate-envs/test-resources.tf create mode 100644 tests/fast/addons/a2_networking_test/__init__.py create mode 100644 tests/fast/addons/a2_networking_test/simple.tfvars create mode 100644 tests/fast/addons/a2_networking_test/simple.yaml create mode 100644 tests/fast/addons/a2_networking_test/tftest.yaml diff --git a/fast/addons/2-networking-swp/README.md b/fast/addons/2-networking-swp/README.md index e286895f49..4b12543a54 100644 --- a/fast/addons/2-networking-swp/README.md +++ b/fast/addons/2-networking-swp/README.md @@ -136,7 +136,7 @@ terraform init terraform apply ``` - + ## Files diff --git a/fast/addons/2-networking-test/.fast-stage.env b/fast/addons/2-networking-test/.fast-stage.env new file mode 100644 index 0000000000..b4f7a0aae7 --- /dev/null +++ b/fast/addons/2-networking-test/.fast-stage.env @@ -0,0 +1,4 @@ +FAST_STAGE_DESCRIPTION="Test resources networking add-on" +FAST_STAGE_LEVEL=2 +FAST_STAGE_NAME=networking-test +FAST_STAGE_DEPS="2-networking" diff --git a/fast/addons/2-networking-test/README.md b/fast/addons/2-networking-test/README.md new file mode 100644 index 0000000000..28de8715b7 --- /dev/null +++ b/fast/addons/2-networking-test/README.md @@ -0,0 +1,115 @@ +# Network Test Resources + +This add-on allows creating an arbitrary number of Compute instances and service accounts, and is designed to simplify testing of the FAST networking stage. + + +- [Design overview and choices](#design-overview-and-choices) +- [How to run this stage](#how-to-run-this-stage) + - [Provider and Terraform variables](#provider-and-terraform-variables) + - [Impersonating the automation service account](#impersonating-the-automation-service-account) + - [Variable configuration](#variable-configuration) + - [Running the stage](#running-the-stage) +- [Files](#files) +- [Variables](#variables) +- [Outputs](#outputs) + + +## Design overview and choices + +The add-on is very simple, as it just deals with creating service accounts and instances using pre-existing projects, networks and subnets. + +To allow creation of portable configurations, it extensively leverages FAST output variables so that project ids, network ids, regions, and subnet ids can refer to the relevant FAST aliases. + +A simple factory is also provided, so that YAML configurations can be used instead of Terraform tfvars. + +## How to run this stage + +Once the main networking stage has been configured and applied, the following configuration is added the the resource management `fast_addon` variable to create the add-on provider files, and its optional CI/CD resources if those are also required. The add-on name (`networking-test`) is customizable, in case the add-on needs to be run multiple times to create gateways in different projects. + +```hcl +fast_addon = { + networking-test = { + parent_stage = "2-networking" + } +} +``` + +### Provider and Terraform variables + +As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here. + +The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following example uses local files but GCS behaves identically. + +```bash +# File linking commands for Test resources networking add-on stage + +# provider file +ln -s ~/fast-config/providers/2-networking-test-providers.tf ./ + +# input files from other stages +ln -s ~/fast-config/tfvars/2-networking.auto.tfvars.json ./ + +# conventional place for stage tfvars (manually created) +ln -s ~/fast-config/2-networking-test.auto.tfvars ./ +``` + +If a factory is used and neither the default factory paths nor the resource name prefix in the `name` variable need to be changed, the last file is unnecessary as there's no additional configuration for this add-on. + +### Impersonating the automation service account + +The preconfigured provider file uses impersonation to run with this stage's automation service account's credentials. The `gcp-devops` and `organization-admins` groups have the necessary IAM bindings in place to do that, so make sure the current user is a member of one of those groups. + +### Variable configuration + +Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets: + +- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above +- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above +- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file + +The first two sets are defined in the `variables-fast.tf` file, the latter set in the `variables.tf` file. The full list of variables can be found in the [Variables](#variables) table at the bottom of this document. + +Once output files are in place, define your addon configuration in a tfvars file if needed (see section above). + +### Running the stage + +Once provider and variable values are in place and the correct user is configured, the stage can be run: + +```bash +terraform init +terraform apply +``` + + + +## Files + +| name | description | modules | +|---|---|---| +| [context.tf](./context.tf) | FAST context locals | | +| [factory.tf](./factory.tf) | Factory locals. | | +| [main.tf](./main.tf) | Module-level locals and resources. | compute-vm · iam-service-account | +| [outputs.tf](./outputs.tf) | Module outputs. | | +| [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | +| [variables.tf](./variables.tf) | Module variables. | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| [factories_config](variables.tf#L17) | Configuration for the resource factories. | object({…}) | | {} | | +| [host_project_ids](variables-fast.tf#L19) | Networking stage host project id aliases. | map(string) | | {} | 2-networking | +| [name](variables.tf#L27) | Prefix used for all resource names. | string | | "test" | | +| [regions](variables-fast.tf#L27) | Region aliases. | map(string) | | {} | 2-networking | +| [subnet_self_links](variables-fast.tf#L35) | Subnet self links. | map(map(string)) | | {} | 2-networking | +| [test_instances](variables.tf#L34) | Test instances to be created. | map(object({…})) | | {} | | +| [test_service_accounts](variables.tf#L52) | Service accounts used by instances. | map(object({…})) | | {} | | +| [vpc_self_links](variables-fast.tf#L43) | VPC network self links. | map(string) | | {} | 2-networking | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| [instance_addresses](outputs.tf#L17) | Instance names and addresses. | | | +| [instance_ssh](outputs.tf#L24) | Instance SSH commands. | | | + diff --git a/fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml b/fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml new file mode 100644 index 0000000000..d3c081e039 --- /dev/null +++ b/fast/addons/2-networking-test/assets/server-nginx-cloud-config.yaml @@ -0,0 +1,79 @@ +#cloud-config + +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# https://hub.docker.com/r/nginx/nginx/ +# https://nginx.io/manual/toc/#installation + +users: + - name: nginx + uid: 2000 + +write_files: + - path: /var/lib/docker/daemon.json + permissions: 0644 + owner: root + content: | + { + "live-restore": true, + "storage-driver": "overlay2", + "log-opts": { + "max-size": "1024m" + } + } + + - path: /etc/nginx/nginx.conf + permissions: 0644 + owner: root + content: | + server { + listen 80; + listen 8080; + listen [::]:80; + listen [::]:8080; + + location / { + default_type text/plain; + expires -1; + return 200 'Server address: $server_addr:$server_port\nRemote address: $remote_addr\nServer name: $hostname\nDate: $time_local\nURI: $request_uri\nRequest ID: $request_id\n'; + } + } + + # nginx container service + - path: /etc/systemd/system/nginx.service + permissions: 0644 + owner: root + content: | + [Unit] + Description=Start nginx container + After=gcr-online.target docker.socket + Wants=gcr-online.target docker.socket docker-events-collector.service + [Service] + Environment="HOME=/home/nginx" + ExecStartPre=/usr/bin/docker-credential-gcr configure-docker + ExecStart=/usr/bin/docker run --rm --name=nginx \ + --network host \ + -v /etc/nginx:/etc/nginx/conf.d \ + nginxdemos/hello:plain-text + ExecStop=/usr/bin/docker stop nginx + +bootcmd: + - systemctl start node-problem-detector + +runcmd: + - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT + - iptables -I INPUT 1 -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT + - systemctl daemon-reload + - systemctl start nginx diff --git a/fast/addons/2-networking-test/context.tf b/fast/addons/2-networking-test/context.tf new file mode 100644 index 0000000000..9f95ecc734 --- /dev/null +++ b/fast/addons/2-networking-test/context.tf @@ -0,0 +1,69 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description FAST context locals + +locals { + # extract the map of all subnet ids and their networks + _subnet_ids = { + for k, v in local._all_instances : v.subnet_id => v.network_id... + } + # extract attributes from subnet ids + _subnet_attrs = { + for k, v in local._subnet_ids : k => merge( + { + id = k + network_id = v[0] + region = split("/", k)[0] + region_alias = lookup(var.regions, split("/", k)[0], null) + }, + !startswith(k, "projects/") ? {} : { + region = split("/", k)[3] + } + ) + } + # recompose subnet ids checking for context substitutions + _subnets = { + for k, v in local._subnet_attrs : k => merge(v, v.region_alias == null ? {} : { + id = try(replace(v.id, v.region, v.region_alias)) + }) + } + # derive product of instances and zones and expand instance contexts + instances = flatten([ + for k, v in local._all_instances : [ + for z in v.zones : merge(v, { + name = "${var.name}-${k}-${z}" + network_id = lookup(var.vpc_self_links, v.network_id, v.network_id) + project_id = lookup(var.host_project_ids, v.project_id, v.project_id) + subnet_id = try( + var.subnet_self_links[v.network_id][local._subnets[v.subnet_id].id], + v.subnet_id + ) + zone = "${local._subnets[v.subnet_id].region}-${z}" + }) + ] + ]) + # extract service account emails for easy reference + service_account_emails = { + for k, v in module.service-accounts : k => v.email + } + # expand service account projects + service_accounts = { + for k, v in local._all_service_accounts : k => merge(v, { + project_id = lookup(var.host_project_ids, v.project_id, v.project_id) + }) + } +} diff --git a/fast/addons/2-networking-test/data/instances/client-0.yaml b/fast/addons/2-networking-test/data/instances/client-0.yaml new file mode 100644 index 0000000000..905cd76cfb --- /dev/null +++ b/fast/addons/2-networking-test/data/instances/client-0.yaml @@ -0,0 +1,22 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../schemas/instance.schema.json + +# file name can be overridden via 'name' property if needed +# name: client-0 +network_id: dev-spoke-0 +project_id: dev-spoke-0 +service_account: client-0 +subnet_id: primary/default diff --git a/fast/addons/2-networking-test/data/instances/server-0.yaml b/fast/addons/2-networking-test/data/instances/server-0.yaml new file mode 100644 index 0000000000..c9d2191cc1 --- /dev/null +++ b/fast/addons/2-networking-test/data/instances/server-0.yaml @@ -0,0 +1,24 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../schemas/instance.schema.json + +# file name can be overridden via 'name' property if needed +# name: server-0 +network_id: dev-spoke-0 +project_id: dev-spoke-0 +service_account: server-0 +subnet_id: primary/default +image: projects/cos-cloud/global/images/family/cos-stable +user_data_file: assets/server-nginx-cloud-config.yaml \ No newline at end of file diff --git a/fast/addons/2-networking-test/data/service-accounts/client-0.yaml b/fast/addons/2-networking-test/data/service-accounts/client-0.yaml new file mode 100644 index 0000000000..f6a79c8cbb --- /dev/null +++ b/fast/addons/2-networking-test/data/service-accounts/client-0.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../schemas/service-account.schema.json + +# file name can be overridden via 'name' property if needed +# name: client-0 +project_id: dev-spoke-0 +display_name: Test client instances service account. \ No newline at end of file diff --git a/fast/addons/2-networking-test/data/service-accounts/server-0.yaml b/fast/addons/2-networking-test/data/service-accounts/server-0.yaml new file mode 100644 index 0000000000..5733113807 --- /dev/null +++ b/fast/addons/2-networking-test/data/service-accounts/server-0.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../schemas/service-account.schema.json + +# file name can be overridden via 'name' property if needed +# name: server-0 +project_id: dev-spoke-0 +display_name: Test server instances service account. \ No newline at end of file diff --git a/fast/addons/2-networking-test/factory.tf b/fast/addons/2-networking-test/factory.tf new file mode 100644 index 0000000000..76679e356f --- /dev/null +++ b/fast/addons/2-networking-test/factory.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Factory locals. + +locals { + _factory_i_data = { + for f in try(fileset(var.factories_config.instances, "*.yaml"), []) : + replace(f, ".yaml", "") => yamldecode( + file("${var.factories_config.instances}/${f}") + ) + } + _factory_sa_data = { + for f in try(fileset(var.factories_config.service_accounts, "*.yaml"), []) : + replace(f, ".yaml", "") => yamldecode( + file("${var.factories_config.service_accounts}/${f}") + ) + } + factory_instances = { + for k, v in local._factory_i_data : + lookup(v, "name", k) => merge(v, { + image = lookup(v, "image", null) + metadata = lookup(v, "metadata", {}) + tags = lookup(v, "tags", ["ssh"]) + type = lookup(v, "type", "e2-micro") + user_data_file = lookup(v, "user_data_file", null) + zones = lookup(v, "zones", ["b"]) + }) + } + factory_service_accounts = { + for k, v in local._factory_sa_data : + lookup(v, "name", k) => merge(v, { + display_name = lookup(v, "display_name", null) + iam_project_roles = lookup(v, "iam_project_roles", {}) + }) + } +} diff --git a/fast/addons/2-networking-test/main.tf b/fast/addons/2-networking-test/main.tf new file mode 100644 index 0000000000..416bf1ff0f --- /dev/null +++ b/fast/addons/2-networking-test/main.tf @@ -0,0 +1,81 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + # combine factory and variable instances, clean up subnet self links + _all_instances = { + for k, v in merge(var.test_instances, local.factory_instances) : + k => merge(v, { + subnet_id = replace( + v.subnet_id, "https://www.googleapis.com/compute/v1/", "" + ) + }) + } + _all_service_accounts = merge( + var.test_service_accounts, local.factory_service_accounts + ) +} + +module "service-accounts" { + source = "../../../modules/iam-service-account" + for_each = local.service_accounts + project_id = each.value.project_id + name = "${var.name}-${each.key}" + display_name = each.value.display_name + iam_project_roles = merge( + each.value.iam_project_roles, + { + (each.value.project_id) = distinct(concat( + lookup(each.value.iam_project_roles, each.value.project_id, []), + [ + "roles/logging.logWriter", + "roles/monitoring.metricWriter" + ] + )) + } + ) +} + +module "instances" { + source = "../../../modules/compute-vm" + for_each = { for k in local.instances : k.name => k } + project_id = each.value.project_id + zone = each.value.zone + name = each.key + instance_type = each.value.type + boot_disk = { + initialize_params = { + image = each.value.image + } + } + network_interfaces = [{ + network = each.value.network_id + subnetwork = each.value.subnet_id + }] + tags = each.value.tags + metadata = merge( + each.value.metadata, each.value.user_data_file == null ? {} : { + user-data = file(each.value.user_data_file) + } + ) + service_account = { + email = lookup( + local.service_account_emails, + each.value.service_account, + each.value.service_account + ) + } +} diff --git a/fast/addons/2-networking-test/outputs.tf b/fast/addons/2-networking-test/outputs.tf new file mode 100644 index 0000000000..2273805f29 --- /dev/null +++ b/fast/addons/2-networking-test/outputs.tf @@ -0,0 +1,31 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "instance_addresses" { + description = "Instance names and addresses." + value = { + for k, v in module.instances : k => v.internal_ip + } +} + +output "instance_ssh" { + description = "Instance SSH commands." + value = { + for k, v in module.instances : k => ( + "gcloud compute ssh ${k} --project ${v.instance.project} --zone ${v.instance.zone}" + ) + } +} diff --git a/fast/addons/2-networking-test/schemas/instance.schema.json b/fast/addons/2-networking-test/schemas/instance.schema.json new file mode 100644 index 0000000000..f0a5f9fe18 --- /dev/null +++ b/fast/addons/2-networking-test/schemas/instance.schema.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Instance", + "type": "object", + "additionalProperties": false, + "required": [ + "project_id", + "network_id", + "service_account", + "subnet_id" + ], + "properties": { + "project_id": { + "type": "string" + }, + "network_id": { + "type": "string" + }, + "service_account": { + "type": "string" + }, + "subnet_id": { + "type": "string" + }, + "image": { + "type": "string" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "nullable": true + }, + "name": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "default": [ + "ssh" + ] + }, + "type": { + "type": "string", + "default": "e2-micro" + }, + "user_data_file": { + "type": "string" + }, + "zones": { + "type": "array", + "items": { + "type": "string" + }, + "default": [ + "b" + ] + } + } +} \ No newline at end of file diff --git a/fast/addons/2-networking-test/schemas/service-account.schema.json b/fast/addons/2-networking-test/schemas/service-account.schema.json new file mode 100644 index 0000000000..d2eaea4170 --- /dev/null +++ b/fast/addons/2-networking-test/schemas/service-account.schema.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Service Account", + "type": "object", + "additionalProperties": false, + "required": [ + "project_id" + ], + "properties": { + "project_id": { + "type": "string" + }, + "display_name": { + "type": "string" + }, + "name": { + "type": "string" + }, + "iam_project_roles": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9-]+$": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } +} \ No newline at end of file diff --git a/fast/addons/2-networking-test/variables-fast.tf b/fast/addons/2-networking-test/variables-fast.tf new file mode 100644 index 0000000000..4b5595e40f --- /dev/null +++ b/fast/addons/2-networking-test/variables-fast.tf @@ -0,0 +1,49 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description FAST stage interface. + +variable "host_project_ids" { + # tfdoc:variable:source 2-networking + description = "Networking stage host project id aliases." + type = map(string) + nullable = false + default = {} +} + +variable "regions" { + # tfdoc:variable:source 2-networking + description = "Region aliases." + type = map(string) + nullable = false + default = {} +} + +variable "subnet_self_links" { + # tfdoc:variable:source 2-networking + description = "Subnet self links." + type = map(map(string)) + nullable = false + default = {} +} + +variable "vpc_self_links" { + # tfdoc:variable:source 2-networking + description = "VPC network self links." + type = map(string) + nullable = false + default = {} +} diff --git a/fast/addons/2-networking-test/variables.tf b/fast/addons/2-networking-test/variables.tf new file mode 100644 index 0000000000..fba0972bde --- /dev/null +++ b/fast/addons/2-networking-test/variables.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "factories_config" { + description = "Configuration for the resource factories." + type = object({ + instances = optional(string, "data/instances") + service_accounts = optional(string, "data/service-accounts") + }) + nullable = false + default = {} +} + +variable "name" { + description = "Prefix used for all resource names." + type = string + nullable = true + default = "test" +} + +variable "test_instances" { + description = "Test instances to be created." + type = map(object({ + project_id = string + network_id = string + service_account = string + subnet_id = string + image = optional(string) + metadata = optional(map(string), {}) + tags = optional(list(string), ["ssh"]) + type = optional(string, "e2-micro") + user_data_file = optional(string) + zones = optional(list(string), ["b"]) + })) + nullable = false + default = {} +} + +variable "test_service_accounts" { + description = "Service accounts used by instances." + type = map(object({ + project_id = string + display_name = optional(string) + iam_project_roles = optional(map(list(string)), {}) + })) + nullable = false + default = {} +} diff --git a/fast/stages/2-networking-a-simple/README.md b/fast/stages/2-networking-a-simple/README.md index 926209c9ad..37dbc95b5a 100644 --- a/fast/stages/2-networking-a-simple/README.md +++ b/fast/stages/2-networking-a-simple/README.md @@ -490,7 +490,6 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [spoke-ncc.tf](./spoke-ncc.tf) | Peerings between landing and spokes. | | google_network_connectivity_hub · google_network_connectivity_spoke | | [spoke-peerings.tf](./spoke-peerings.tf) | Peerings between landing and spokes. | net-vpc-peering | | | [spoke-vpns.tf](./spoke-vpns.tf) | VPN between landing and spokes. | net-vpn-ha | | -| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | | | [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | | | [variables.tf](./variables.tf) | Module variables. | | | | [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | @@ -505,20 +504,19 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [folder_ids](variables-fast.tf#L66) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. | object({…}) | ✓ | | 1-resman | | [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | -| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | | | [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L48) | DNS configuration. | object({…}) | | {} | | -| [essential_contacts](variables.tf#L57) | Email used for essential contacts, unset if null. | string | | null | | -| [factories_config](variables.tf#L63) | Configuration for network resource factories. | object({…}) | | {} | | -| [outputs_location](variables.tf#L84) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L90) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | {} | | -| [regions](variables.tf#L110) | Region definitions. | object({…}) | | {…} | | +| [dns](variables.tf#L42) | DNS configuration. | object({…}) | | {} | | +| [essential_contacts](variables.tf#L51) | Email used for essential contacts, unset if null. | string | | null | | +| [factories_config](variables.tf#L57) | Configuration for network resource factories. | object({…}) | | {} | | +| [outputs_location](variables.tf#L78) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [psa_ranges](variables.tf#L84) | IP ranges used for Private Service Access (CloudSQL, etc.). | object({…}) | | {} | | +| [regions](variables.tf#L104) | Region definitions. | object({…}) | | {…} | | | [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | map(string) | | {} | 2-networking-ngfw | -| [spoke_configs](variables.tf#L122) | Spoke connectivity configurations. | object({…}) | | {…} | | +| [spoke_configs](variables.tf#L116) | Spoke connectivity configurations. | object({…}) | | {…} | | | [stage_config](variables-fast.tf#L94) | FAST stage configuration. | object({…}) | | {} | 1-resman | | [tag_values](variables-fast.tf#L108) | Root-level tag values. | map(string) | | {} | 1-resman | -| [vpc_configs](variables.tf#L191) | Optional VPC network configurations. | object({…}) | | {} | | -| [vpn_onprem_primary_config](variables.tf#L244) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpc_configs](variables.tf#L185) | Optional VPC network configurations. | object({…}) | | {} | | +| [vpn_onprem_primary_config](variables.tf#L238) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | ## Outputs @@ -527,8 +525,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [cloud_dns_inbound_policy](outputs.tf#L88) | IP Addresses for Cloud DNS inbound policy. | | | | [host_project_ids](outputs.tf#L93) | Network project ids. | | | | [host_project_numbers](outputs.tf#L98) | Network project numbers. | | | -| [ping_commands](outputs.tf#L103) | Ping commands for test instances to be run to check VPC reachability. | | | -| [shared_vpc_self_links](outputs.tf#L108) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L113) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L119) | External IP Addresses for the GCP VPN gateways. | | | +| [shared_vpc_self_links](outputs.tf#L103) | Shared VPC host projects. | | | +| [tfvars](outputs.tf#L108) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L114) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/2-networking-a-simple/outputs.tf b/fast/stages/2-networking-a-simple/outputs.tf index 092028f1d1..a339678365 100644 --- a/fast/stages/2-networking-a-simple/outputs.tf +++ b/fast/stages/2-networking-a-simple/outputs.tf @@ -100,11 +100,6 @@ output "host_project_numbers" { value = local.host_project_numbers } -output "ping_commands" { - description = "Ping commands for test instances to be run to check VPC reachability." - value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : "" -} - output "shared_vpc_self_links" { description = "Shared VPC host projects." value = local.vpc_self_links diff --git a/fast/stages/2-networking-a-simple/test-resources.tf b/fast/stages/2-networking-a-simple/test-resources.tf deleted file mode 100644 index 16b16662a8..0000000000 --- a/fast/stages/2-networking-a-simple/test-resources.tf +++ /dev/null @@ -1,78 +0,0 @@ -/** - * Copyright 2024 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -# tfdoc:file:description Temporary instances for testing - -locals { - test-vms = var.create_test_instances != true ? {} : merge( - { - dev-spoke-primary = { - region = var.regions.primary - project_id = module.dev-spoke-project.project_id - zone = "b" - network = module.dev-spoke-vpc.self_link - subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default"] - } - prod-spoke-primary = { - region = var.regions.primary - project_id = module.prod-spoke-project.project_id - zone = "b" - network = module.prod-spoke-vpc.self_link - subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.primary}/prod-default"] - } - }, - local.spoke_connection == "ncc" ? {} : - { - landing-primary = { - region = var.regions.primary - project_id = module.landing-project.project_id - zone = "b" - network = module.landing-vpc.self_link - subnetwork = module.landing-vpc.subnet_self_links["${var.regions.primary}/landing-default"] - } - }) -} - -module "test-vms" { - for_each = local.test-vms - # for_each = {} - source = "../../../modules/compute-vm" - project_id = each.value.project_id - zone = "${each.value.region}-${each.value.zone}" - name = "test-vm-${each.key}" - network_interfaces = [{ - network = each.value.network - # change the subnet name to match the values you are actually using - subnetwork = each.value.subnetwork - }] - instance_type = "e2-micro" - tags = ["ssh"] - boot_disk = { - initialize_params = { - image = "projects/debian-cloud/global/images/family/debian-11" - } - } - options = { - spot = true - termination_action = "STOP" - } - metadata = { - startup-script = <simple-nva | | | [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file | | [regions.tf](./regions.tf) | Compute short names for regions. | | | -| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | | | [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | | | [variables.tf](./variables.tf) | Module variables. | | | | [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | @@ -566,22 +565,21 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [folder_ids](variables-fast.tf#L66) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. | object({…}) | ✓ | | 1-resman | | [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | -| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | | | [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L48) | DNS configuration. | object({…}) | | {} | | -| [essential_contacts](variables.tf#L57) | Email used for essential contacts, unset if null. | string | | null | | -| [factories_config](variables.tf#L63) | Configuration for network resource factories. | object({…}) | | {} | | -| [gcp_ranges](variables.tf#L84) | GCP address ranges in name => range format. | map(string) | | {…} | | -| [network_mode](variables.tf#L101) | Selection of the network design to deploy. | string | | "simple" | | -| [outputs_location](variables.tf#L112) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L118) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | | -| [regions](variables.tf#L138) | Region definitions. | object({…}) | | {…} | | +| [dns](variables.tf#L42) | DNS configuration. | object({…}) | | {} | | +| [essential_contacts](variables.tf#L51) | Email used for essential contacts, unset if null. | string | | null | | +| [factories_config](variables.tf#L57) | Configuration for network resource factories. | object({…}) | | {} | | +| [gcp_ranges](variables.tf#L78) | GCP address ranges in name => range format. | map(string) | | {…} | | +| [network_mode](variables.tf#L95) | Selection of the network design to deploy. | string | | "simple" | | +| [outputs_location](variables.tf#L106) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [psa_ranges](variables.tf#L112) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | | +| [regions](variables.tf#L132) | Region definitions. | object({…}) | | {…} | | | [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | map(string) | | {} | 2-networking-ngfw | | [stage_config](variables-fast.tf#L94) | FAST stage configuration. | object({…}) | | {} | 1-resman | | [tag_values](variables-fast.tf#L108) | Root-level tag values. | map(string) | | {} | 1-resman | -| [vpc_configs](variables.tf#L150) | Optional VPC network configurations. | object({…}) | | {} | | -| [vpn_onprem_primary_config](variables.tf#L233) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | -| [vpn_onprem_secondary_config](variables.tf#L276) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | +| [vpc_configs](variables.tf#L144) | Optional VPC network configurations. | object({…}) | | {} | | +| [vpn_onprem_primary_config](variables.tf#L227) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpn_onprem_secondary_config](variables.tf#L270) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | ## Outputs @@ -589,8 +587,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS |---|---|:---:|---| | [host_project_ids](outputs.tf#L107) | Network project ids. | | | | [host_project_numbers](outputs.tf#L112) | Network project numbers. | | | -| [ping_commands](outputs.tf#L117) | Ping commands for test instances to be run to check VPC reachability. | | | -| [shared_vpc_self_links](outputs.tf#L122) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L127) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L133) | External IP Addresses for the GCP VPN gateways. | | | +| [shared_vpc_self_links](outputs.tf#L117) | Shared VPC host projects. | | | +| [tfvars](outputs.tf#L122) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L128) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/2-networking-b-nva/outputs.tf b/fast/stages/2-networking-b-nva/outputs.tf index 6969be18a9..ef4a4f0e1f 100644 --- a/fast/stages/2-networking-b-nva/outputs.tf +++ b/fast/stages/2-networking-b-nva/outputs.tf @@ -114,11 +114,6 @@ output "host_project_numbers" { value = local.host_project_numbers } -output "ping_commands" { - description = "Ping commands for test instances to be run to check VPC reachability." - value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : "" -} - output "shared_vpc_self_links" { description = "Shared VPC host projects." value = local.vpc_self_links diff --git a/fast/stages/2-networking-b-nva/test-resources.tf b/fast/stages/2-networking-b-nva/test-resources.tf deleted file mode 100644 index ff510b12af..0000000000 --- a/fast/stages/2-networking-b-nva/test-resources.tf +++ /dev/null @@ -1,141 +0,0 @@ -/** - * Copyright 2024 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -# tfdoc:file:description Temporary instances for testing - -locals { - test-vms = merge( - { - dev-spoke-primary = { - network = module.dev-spoke-vpc.self_link - project_id = module.dev-spoke-project.project_id - region = var.regions.primary - subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default"] - tags = [local.region_shortnames[var.regions.primary]] - zone = "b" - } - dev-spoke-secondary = { - network = module.dev-spoke-vpc.self_link - project_id = module.dev-spoke-project.project_id - region = var.regions.secondary - subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.secondary}/dev-default"] - tags = [local.region_shortnames[var.regions.secondary]] - zone = "b" - } - dmz-primary = { - network = module.dmz-vpc.self_link - project_id = module.landing-project.project_id - region = var.regions.primary - subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.primary}/dmz-default"] - tags = [local.region_shortnames[var.regions.primary]] - zone = "b" - } - dmz-secondary = { - network = module.dmz-vpc.self_link - project_id = module.landing-project.project_id - region = var.regions.secondary - subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.secondary}/dmz-default"] - tags = [local.region_shortnames[var.regions.secondary]] - zone = "b" - } - landing-primary = { - network = module.landing-vpc.self_link - project_id = module.landing-project.project_id - region = var.regions.primary - subnetwork = module.landing-vpc.subnet_self_links["${var.regions.primary}/landing-default"] - tags = [local.region_shortnames[var.regions.primary]] - zone = "b" - } - landing-secondary = { - network = module.landing-vpc.self_link - project_id = module.landing-project.project_id - region = var.regions.secondary - subnetwork = module.landing-vpc.subnet_self_links["${var.regions.secondary}/landing-default"] - tags = [local.region_shortnames[var.regions.secondary]] - zone = "b" - } - prod-spoke-primary = { - network = module.prod-spoke-vpc.self_link - project_id = module.prod-spoke-project.project_id - region = var.regions.primary - subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.primary}/prod-default"] - tags = [local.region_shortnames[var.regions.primary]] - zone = "b" - } - prod-spoke-secondary = { - network = module.prod-spoke-vpc.self_link - project_id = module.prod-spoke-project.project_id - region = var.regions.secondary - subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.secondary}/prod-default"] - tags = [local.region_shortnames[var.regions.secondary]] - zone = "b" - } - }, - (var.network_mode == "regional_vpc") ? - { - regional-vpc-primary = { - network = module.regional-primary-vpc[0].self_link - project_id = module.landing-project.project_id - region = var.regions.primary - subnetwork = module.regional-primary-vpc[0].subnet_self_links["${var.regions.primary}/regional-default"] - tags = [local.region_shortnames[var.regions.primary]] - zone = "b" - } - regional-vpc-secondary = { - network = module.regional-secondary-vpc[0].self_link - project_id = module.landing-project.project_id - region = var.regions.secondary - subnetwork = module.regional-secondary-vpc[0].subnet_self_links["${var.regions.secondary}/regional-default"] - tags = [local.region_shortnames[var.regions.secondary]] - zone = "b" - } - } : {} - ) -} - -module "test-vms" { - for_each = var.create_test_instances ? local.test-vms : {} - # for_each = {} - source = "../../../modules/compute-vm" - project_id = each.value.project_id - zone = "${each.value.region}-${each.value.zone}" - name = "test-vm-${each.key}" - network_interfaces = [{ - network = each.value.network - # change the subnet name to match the values you are actually using - subnetwork = each.value.subnetwork - }] - instance_type = "e2-micro" - tags = concat( - ["ssh"], - each.value.tags == null ? [] : each.value.tags - ) - boot_disk = { - initialize_params = { - image = "projects/debian-cloud/global/images/family/debian-11" - } - } - options = { - spot = true - termination_action = "STOP" - } - metadata = { - startup-script = <net-cloudnat · net-firewall-policy · net-vpc · net-vpc-firewall · project | | | [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file | | [regions.tf](./regions.tf) | Compute short names for regions. | | | -| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | compute-vm | | | [variables-fast.tf](./variables-fast.tf) | FAST stage interface. | | | | [variables.tf](./variables.tf) | Module variables. | | | | [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | diff --git a/fast/stages/2-networking-c-separate-envs/test-resources.tf b/fast/stages/2-networking-c-separate-envs/test-resources.tf deleted file mode 100644 index 55c42c2510..0000000000 --- a/fast/stages/2-networking-c-separate-envs/test-resources.tf +++ /dev/null @@ -1,83 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -# tfdoc:file:description Temporary instances for testing - -# module "test-vm-dev-0" { -# source = "../../../modules/compute-vm" -# project_id = module.dev-spoke-project.project_id -# zone = "${var.regions.primary}-b" -# name = "test-vm-0" -# network_interfaces = [{ -# network = module.dev-spoke-vpc.self_link -# # change the subnet name to match the values you are actually using -# subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default-${local.region_shortnames[var.regions.primary]}"] -# alias_ips = {} -# nat = false -# addresses = null -# }] -# tags = ["ssh"] -# service_account_create = true -# boot_disk = { -# image = "projects/debian-cloud/global/images/family/debian-10" -# type = "pd-balanced" -# size = 10 -# } -# options = { -# allow_stopping_for_update = true -# deletion_protection = false -# spot = true -# } -# metadata = { -# startup-script = <