From e7222382f1e44268252f5387c583c2be6a203b3e Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Mon, 31 Mar 2025 21:17:33 +0200 Subject: [PATCH] Added conditional project designation feature for relevant modules. --- README.md | 18 ++++++++++++++---- main.tf | 22 +++++++++++++++------- modules/cloud-vpn-tunnel/main.tf | 6 +++++- modules/cloud-vpn-tunnel/variables.tf | 7 +++++++ modules/cloud-vpn/main.tf | 9 ++++++++- modules/cloud-vpn/variables.tf | 7 +++++++ modules/dns-managed-zone/main.tf | 6 ++++-- modules/dns-managed-zone/variables.tf | 4 +++- modules/linux-vm/main.tf | 8 ++++++-- modules/linux-vm/variables.tf | 7 +++++++ modules/network/main.tf | 6 ++++++ modules/network/variables.tf | 7 +++++++ variables.tf | 2 -- 13 files changed, 89 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 54250e1..c44dd9e 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,18 @@ There are two submodules: * Network - a module that creates a VPC with defined subnets * Cloud VPN - a module that creates a Cloud VPN -Compute Engine free tier regions: +Compute Engine free tier regions: -* Oregon - **us-west1** -* Iowa - **us-central1** -* South Carolina - **us-east1** +* Oregon (**us-west1**) + * `us-west1-a` + * `us-west1-b` + * `us-west1-c` +* Iowa (**us-central1**) + * `us-central1-a` + * `us-central1-b` + * `us-central1-c` + * `us-central1-f` +* South Carolina (**us-east1**) + * `us-east1-b` + * `us-east1-c` + * `us-east1-d` diff --git a/main.tf b/main.tf index 3790a41..5922177 100644 --- a/main.tf +++ b/main.tf @@ -7,9 +7,14 @@ terraform { } } +locals { + hub_region = substr(var.hub.zone, 0, length(var.hub.zone) - 2) + spoke_region = substr(var.spoke.zone, 0, length(var.spoke.zone) - 2) +} + provider "google" { # Configuration options - region = var.hub.region + region = local.hub_region zone = var.hub.zone project = var.hub.project } @@ -18,10 +23,11 @@ module "hub_network" { source = "./modules/network" name = "${var.hub.name}-vpc" + subnets = [{ name = "${var.hub.name}-network" cidr = var.hub.cidr - region = var.hub.region + region = local.hub_region }] nat = true @@ -30,12 +36,14 @@ module "hub_network" { module "spoke_network" { source = "./modules/network" - name = "${var.spoke.name}-vpc" + name = "${var.spoke.name}-vpc" + project_id = var.spoke.project + subnets = [ { name = "${var.spoke.name}-network" cidr = var.spoke.cidr - region = var.spoke.region + region = local.spoke_region } ] @@ -70,7 +78,7 @@ module "gw" { name = "${var.hub.name}-vpn" network_name = module.hub_network.name - region = var.hub.region + region = local.hub_region vpn_external_ip = var.vpn_external_ip } @@ -102,6 +110,7 @@ module "vm_spoke" { source = "./modules/linux-vm" name = "vm-${var.spoke.name}" + project_id = var.spoke.project network_name = "${var.spoke.name}-vpc" subnet_name = "${var.spoke.name}-network" ssh = var.ssh @@ -112,8 +121,7 @@ module "vm_spoke" { module "koszewscy_internal_zone" { source = "./modules/dns-managed-zone" - project_id = var.hub.project - dns_name = "koszewscy.waw.pl." + dns_name = "koszewscy.waw.pl." network_id = module.hub_network.id diff --git a/modules/cloud-vpn-tunnel/main.tf b/modules/cloud-vpn-tunnel/main.tf index 09cab9c..23c1453 100644 --- a/modules/cloud-vpn-tunnel/main.tf +++ b/modules/cloud-vpn-tunnel/main.tf @@ -1,3 +1,5 @@ +data "google_client_config" "default" {} + data "google_compute_vpn_gateway" "gw" { name = var.gw_name } @@ -6,12 +8,13 @@ locals { vpc_name = regex("networks/([^/]+)$", data.google_compute_vpn_gateway.gw.network)[0] } -data google_compute_network network { +data "google_compute_network" "network" { name = local.vpc_name } resource "google_compute_vpn_tunnel" "tunnel" { name = var.name + project = var.project_id != null ? var.project_id : data.google_client_config.default.project target_vpn_gateway = data.google_compute_vpn_gateway.gw.id shared_secret = var.shared_secret @@ -25,6 +28,7 @@ resource "google_compute_vpn_tunnel" "tunnel" { resource "google_compute_route" "route_to_remote_network" { count = length(var.remote_selectors) name = "${data.google_compute_network.network.name}-to-${replace(var.remote_selectors[count.index], "/[./]/", "-")}" + project = var.project_id != null ? var.project_id : data.google_client_config.default.project network = data.google_compute_network.network.name dest_range = var.remote_selectors[count.index] next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel.id diff --git a/modules/cloud-vpn-tunnel/variables.tf b/modules/cloud-vpn-tunnel/variables.tf index 613c7e6..ff3c901 100644 --- a/modules/cloud-vpn-tunnel/variables.tf +++ b/modules/cloud-vpn-tunnel/variables.tf @@ -3,6 +3,13 @@ variable "name" { type = string } +variable "project_id" { + description = "The GCP project ID. If not provided, the default project will be used." + type = string + nullable = true + default = null +} + variable "gw_name" { description = "The name of the VPN gateway" type = string diff --git a/modules/cloud-vpn/main.tf b/modules/cloud-vpn/main.tf index de165ab..d8f16c1 100644 --- a/modules/cloud-vpn/main.tf +++ b/modules/cloud-vpn/main.tf @@ -1,14 +1,18 @@ +data "google_client_config" "default" {} + # Cloud VPN resource "google_compute_vpn_gateway" "gw" { name = var.name network = var.network_name region = var.region + project = var.project_id != null ? var.project_id : data.google_client_config.default.project } resource "google_compute_address" "vpn_ip" { count = var.vpn_external_ip != null ? 0 : 1 name = "${var.name}-ip" + project = var.project_id != null ? var.project_id : data.google_client_config.default.project region = var.region address_type = "EXTERNAL" } @@ -16,11 +20,12 @@ resource "google_compute_address" "vpn_ip" { data "google_compute_address" "vpn_ip" { count = var.vpn_external_ip != null ? 1 : 0 - name = var.vpn_external_ip + name = var.vpn_external_ip } resource "google_compute_forwarding_rule" "gw_fw_esp" { name = "fwd-esp" + project = var.project_id != null ? var.project_id : data.google_client_config.default.project ip_protocol = "ESP" ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address target = google_compute_vpn_gateway.gw.id @@ -28,6 +33,7 @@ resource "google_compute_forwarding_rule" "gw_fw_esp" { resource "google_compute_forwarding_rule" "gw_fw_udp_500" { name = "fwd-udp-500" + project = var.project_id != null ? var.project_id : data.google_client_config.default.project ip_protocol = "UDP" ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address port_range = "500" @@ -36,6 +42,7 @@ resource "google_compute_forwarding_rule" "gw_fw_udp_500" { resource "google_compute_forwarding_rule" "gw_fw_udp_4500" { name = "fwd-udp-4500" + project = var.project_id != null ? var.project_id : data.google_client_config.default.project ip_protocol = "UDP" ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address port_range = "4500" diff --git a/modules/cloud-vpn/variables.tf b/modules/cloud-vpn/variables.tf index 4018a55..124b05b 100644 --- a/modules/cloud-vpn/variables.tf +++ b/modules/cloud-vpn/variables.tf @@ -3,6 +3,13 @@ variable "name" { type = string } +variable "project_id" { + description = "The GCP project ID. If not provided, the default project will be used." + type = string + nullable = true + default = null +} + variable "network_name" { description = "The name of the network." type = string diff --git a/modules/dns-managed-zone/main.tf b/modules/dns-managed-zone/main.tf index 11263ad..9c00129 100644 --- a/modules/dns-managed-zone/main.tf +++ b/modules/dns-managed-zone/main.tf @@ -1,7 +1,9 @@ +data "google_client_config" "default" {} + resource "google_dns_managed_zone" "zone" { dns_name = var.dns_name name = var.zone_name != null ? var.zone_name : "${replace(replace(var.dns_name, "/\\.$/", ""), ".", "-")}-zone" - project = var.project_id + project = var.project_id != null ? var.project_id : data.google_client_config.default.project visibility = var.network_id != null ? "private" : "public" @@ -38,7 +40,7 @@ resource "google_dns_managed_zone" "zone" { resource "google_dns_record_set" "records" { count = length(var.resource_records) - project = var.project_id + project = var.project_id != null ? var.project_id : data.google_client_config.default.project managed_zone = google_dns_managed_zone.zone.name name = var.resource_records[count.index].name diff --git a/modules/dns-managed-zone/variables.tf b/modules/dns-managed-zone/variables.tf index 69f9a01..a95d8f2 100644 --- a/modules/dns-managed-zone/variables.tf +++ b/modules/dns-managed-zone/variables.tf @@ -1,6 +1,8 @@ variable "project_id" { - description = "The project ID where the managed zone will be created." + description = "The GCP project ID. If not provided, the default project will be used." type = string + nullable = true + default = null } variable "dns_name" { diff --git a/modules/linux-vm/main.tf b/modules/linux-vm/main.tf index 5b8ee58..b131a09 100644 --- a/modules/linux-vm/main.tf +++ b/modules/linux-vm/main.tf @@ -1,7 +1,10 @@ +data "google_client_config" "default" {} + resource "google_compute_instance" "vm_hub" { name = var.name machine_type = var.machine_type can_ip_forward = var.can_ip_forward + project = var.project_id != null ? var.project_id : data.google_client_config.default.project description = var.description boot_disk { @@ -11,8 +14,9 @@ resource "google_compute_instance" "vm_hub" { } network_interface { - network = var.network_name - subnetwork = var.subnet_name + network = var.network_name + subnetwork = var.subnet_name + subnetwork_project = var.project_id != null ? var.project_id : data.google_client_config.default.project } metadata = { diff --git a/modules/linux-vm/variables.tf b/modules/linux-vm/variables.tf index 4964e94..0c57cab 100644 --- a/modules/linux-vm/variables.tf +++ b/modules/linux-vm/variables.tf @@ -3,6 +3,13 @@ variable "name" { type = string } +variable "project_id" { + description = "The GCP project ID. If not provided, the default project will be used." + type = string + nullable = true + default = null +} + variable "machine_type" { description = "The machine type of the VM instance." type = string diff --git a/modules/network/main.tf b/modules/network/main.tf index 06792d1..8640cc3 100644 --- a/modules/network/main.tf +++ b/modules/network/main.tf @@ -1,13 +1,17 @@ +data "google_client_config" "default" {} + # VPC resource "google_compute_network" "network" { name = var.name auto_create_subnetworks = false + project = var.project_id != null ? var.project_id : data.google_client_config.default.project } # Subnets resource "google_compute_subnetwork" "subnet" { count = length(var.subnets) name = var.subnets[count.index].name + project = var.project_id != null ? var.project_id : data.google_client_config.default.project ip_cidr_range = var.subnets[count.index].cidr region = var.subnets[count.index].region != null ? var.subnets[count.index].region : var.subnets[0].region network = google_compute_network.network.id @@ -18,6 +22,7 @@ resource "google_compute_router" "cr" { count = var.nat ? 1 : 0 name = "${var.name}-router" network = var.name + project = var.project_id != null ? var.project_id : data.google_client_config.default.project depends_on = [google_compute_network.network] } @@ -25,6 +30,7 @@ resource "google_compute_router" "cr" { resource "google_compute_router_nat" "nat" { count = var.nat ? 1 : 0 name = "${var.name}-nat" + project = var.project_id != null ? var.project_id : data.google_client_config.default.project router = google_compute_router.cr[0].name nat_ip_allocate_option = "AUTO_ONLY" source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" diff --git a/modules/network/variables.tf b/modules/network/variables.tf index 428123e..f09b386 100644 --- a/modules/network/variables.tf +++ b/modules/network/variables.tf @@ -3,6 +3,13 @@ variable "name" { type = string } +variable "project_id" { + description = "The GCP project ID. If not provided, the default project will be used." + type = string + nullable = true + default = null +} + # A Cloud NAT will be created in the same region as the first subnet. variable "subnets" { description = "A list of subnets with names and CIDRs." diff --git a/variables.tf b/variables.tf index ad6f84a..80c0dfb 100644 --- a/variables.tf +++ b/variables.tf @@ -1,7 +1,6 @@ variable "hub" { type = object({ name = string - region = string zone = string project = string cidr = string @@ -11,7 +10,6 @@ variable "hub" { variable "spoke" { type = object({ name = string - region = string zone = string project = string cidr = string