diff --git a/README.md b/README.md
index f40ac0d6..774e8544 100644
--- a/README.md
+++ b/README.md
@@ -110,7 +110,7 @@ Then perform the following commands on the root folder:
| routing\_mode | The network routing mode (default 'GLOBAL') | `string` | `"GLOBAL"` | no |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
-| subnets | The list of subnets being created | list(object({
subnet_name = string
subnet_ip = string
subnet_region = string
subnet_private_access = optional(string)
subnet_private_ipv6_access = optional(string)
subnet_flow_logs = optional(string)
subnet_flow_logs_interval = optional(string)
subnet_flow_logs_sampling = optional(string)
subnet_flow_logs_metadata = optional(string)
subnet_flow_logs_filter = optional(string)
subnet_flow_logs_metadata_fields = optional(list(string))
description = optional(string)
})) | n/a | yes |
+| subnets | The list of subnets being created | list(object({
subnet_name = string
subnet_ip = string
subnet_region = string
subnet_private_access = optional(string)
subnet_private_ipv6_access = optional(string)
subnet_flow_logs = optional(string)
subnet_flow_logs_interval = optional(string)
subnet_flow_logs_sampling = optional(string)
subnet_flow_logs_metadata = optional(string)
subnet_flow_logs_filter = optional(string)
subnet_flow_logs_metadata_fields = optional(list(string))
description = optional(string)
purpose = optional(string)
role = optional(string)
stack_type = optional(string)
ipv6_access_type = optional(string)
})) | n/a | yes |
## Outputs
@@ -138,13 +138,25 @@ Then perform the following commands on the root folder:
The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references):
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| subnet\_name | The name of the subnet being created | string | - | yes |
-| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes |
-| subnet\_region | The region where the subnet will be created | string | - | yes |
-| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no |
-| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no |
+| Name | Description | Type | Default | Required |
+| ---------------------------- | --------------------------------------------------------------------------------------------------------------- | :----: | :----------------------: | :------: |
+| subnet\_name | The name of the subnet being created | string | - | yes |
+| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes |
+| subnet\_region | The region where the subnet will be created | string | - | yes |
+| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no |
+| subnet\_private\_ipv6\_access| The private IPv6 google access type for the VMs in this subnet | string | - | no |
+| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no |
+| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no |
+| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no |
+| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no |
+| subnet\_flow\_logs\_filter | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details | string | `"true"` | no |
+| subnet\_flow\_logs\_metadata\_fields | List of metadata fields that should be added to reported logs. Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. | any | - | no |
+| description | An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time | string | - | no |
+| purpose | The purpose of the subnet usage. Whether it is to be used as a regular subnet or for proxy or loadbalacing purposes, see https://cloud.google.com/vpc/docs/subnets#purpose for more details | string | `"PRIVATE"` | no |
+| role | The role of the subnet when using it as a proxy or loadbalancer network. Whether it is to be used as the active or as a backup subnet, see https://cloud.google.com/load-balancing/docs/proxy-only-subnets#proxy_only_subnet_create for more details | string | - | no |
+| stack\_type | `IPV4_ONLY` or `IPV4_IPV6` for dual-stack networking | string | - | no |
+| ipv6\_access\_type | `INTERNAL` or `EXTERNAL`. `INTERNAL` requires ULA be enabled on the VPC | string | - | no |
+
### Route Inputs
diff --git a/modules/subnets-beta/README.md b/modules/subnets-beta/README.md
index ae589d00..5a0617c1 100644
--- a/modules/subnets-beta/README.md
+++ b/modules/subnets-beta/README.md
@@ -68,7 +68,7 @@ module "vpc" {
| network\_name | The name of the network where subnets will be created | `string` | n/a | yes |
| project\_id | The ID of the project where subnets will be created | `string` | n/a | yes |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
-| subnets | The list of subnets being created | list(object({
subnet_name = string
subnet_ip = string
subnet_region = string
subnet_private_access = optional(string)
subnet_private_ipv6_access = optional(string)
subnet_flow_logs = optional(string)
subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")
subnet_flow_logs_sampling = optional(string, "0.5")
subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")
subnet_flow_logs_filter = optional(string, "true")
subnet_flow_logs_metadata_fields = optional(list(string), [])
description = optional(string)
})) | n/a | yes |
+| subnets | The list of subnets being created | list(object({
subnet_name = string
subnet_ip = string
subnet_region = string
subnet_private_access = optional(string, "false")
subnet_private_ipv6_access = optional(string)
subnet_flow_logs = optional(bool, false)
subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")
subnet_flow_logs_sampling = optional(string, "0.5")
subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")
subnet_flow_logs_filter = optional(string, "true")
subnet_flow_logs_metadata_fields = optional(list(string), [])
description = optional(string)
purpose = optional(string)
role = optional(string)
stack_type = optional(string)
ipv6_access_type = optional(string)
})) | n/a | yes |
## Outputs
@@ -88,14 +88,15 @@ The subnets list contains maps, where each object represents a subnet. Each map
| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes |
| subnet\_region | The region where the subnet will be created | string | - | yes |
| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no |
+| subnet\_private\_ipv6\_access| The private IPv6 google access type for the VMs in this subnet | string | - | no |
| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no |
| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no |
| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no |
| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no |
-| subnet\_flow\_logs\_filter_expr | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details | string | `"true"` | no |
+| subnet\_flow\_logs\_filter | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details | string | `"true"` | no |
| subnet\_flow\_logs\_metadata\_fields | List of metadata fields that should be added to reported logs. Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. | any | - | no |
+| description | An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time | string | - | no |
| purpose | The purpose of the subnet usage. Whether it is to be used as a regular subnet or for proxy or loadbalacing purposes, see https://cloud.google.com/vpc/docs/subnets#purpose for more details | string | `"PRIVATE"` | no |
-| role | The role of the subnet when using it as a proxy or loadbalancer network. Whether it is to be used as the active or as a backup subnet, see https://cloud.google.com/load-balancing/docs/proxy-only-subnets#proxy_only_subnet_create for more details | string | - | no |
-| enable\_ipv6\_ula | Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false') | `bool` | `false` | no |
-| internal\_ipv6\_range | When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) | `string` | `null` | no |
-
+| role | The role of the subnet when using it as a proxy or loadbalancer network. Whether it is to be used as the active or as a backup subnet, see https://cloud.google.com/load-balancing/docs/proxy-only-subnets#proxy_only_subnet_create for more details | string | - | no |
+| stack\_type | `IPV4_ONLY` or `IPV4_IPV6` for dual-stack networking | string | - | no |
+| ipv6\_access\_type | `INTERNAL` or `EXTERNAL`. `INTERNAL` requires ULA be enabled on the VPC | string | - | no |
diff --git a/modules/subnets-beta/main.tf b/modules/subnets-beta/main.tf
index 19640643..d02cd4b0 100644
--- a/modules/subnets-beta/main.tf
+++ b/modules/subnets-beta/main.tf
@@ -26,12 +26,13 @@ locals {
Subnet configuration
*****************************************/
resource "google_compute_subnetwork" "subnetwork" {
- provider = google-beta
- for_each = local.subnets
- name = each.value.subnet_name
- ip_cidr_range = each.value.subnet_ip
- region = each.value.subnet_region
- private_ip_google_access = lookup(each.value, "subnet_private_access", "false")
+ provider = google-beta
+ for_each = local.subnets
+ name = each.value.subnet_name
+ ip_cidr_range = each.value.subnet_ip
+ region = each.value.subnet_region
+ private_ip_google_access = lookup(each.value, "subnet_private_access", "false")
+ private_ipv6_google_access = lookup(each.value, "subnet_private_ipv6_access", null)
dynamic "log_config" {
for_each = coalesce(lookup(each.value, "subnet_flow_logs", null), false) ? [{
aggregation_interval = each.value.subnet_flow_logs_interval
@@ -45,7 +46,7 @@ resource "google_compute_subnetwork" "subnetwork" {
flow_sampling = log_config.value.flow_sampling
metadata = log_config.value.metadata
filter_expr = log_config.value.filter_expr
- metadata_fields = log_config.value.metadata_fields
+ metadata_fields = log_config.value.metadata == "CUSTOM_METADATA" ? log_config.value.metadata_fields : null
}
}
network = var.network_name
@@ -64,8 +65,8 @@ resource "google_compute_subnetwork" "subnetwork" {
purpose = lookup(each.value, "purpose", null)
role = lookup(each.value, "role", null)
- stack_type = lookup(each.value, "stack", null)
- ipv6_access_type = lookup(each.value, "ipv6_type", null)
+ stack_type = lookup(each.value, "stack_type", null)
+ ipv6_access_type = lookup(each.value, "ipv6_access_type", null)
depends_on = [var.module_depends_on]
}
diff --git a/modules/subnets-beta/variables.tf b/modules/subnets-beta/variables.tf
index e2e3bd0f..114eed4b 100644
--- a/modules/subnets-beta/variables.tf
+++ b/modules/subnets-beta/variables.tf
@@ -29,15 +29,19 @@ variable "subnets" {
subnet_name = string
subnet_ip = string
subnet_region = string
- subnet_private_access = optional(string)
+ subnet_private_access = optional(string, "false")
subnet_private_ipv6_access = optional(string)
- subnet_flow_logs = optional(string)
+ subnet_flow_logs = optional(bool, false)
subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")
subnet_flow_logs_sampling = optional(string, "0.5")
subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")
subnet_flow_logs_filter = optional(string, "true")
subnet_flow_logs_metadata_fields = optional(list(string), [])
description = optional(string)
+ purpose = optional(string)
+ role = optional(string)
+ stack_type = optional(string)
+ ipv6_access_type = optional(string)
}))
description = "The list of subnets being created"
}
diff --git a/modules/subnets/README.md b/modules/subnets/README.md
index 50cf1f8d..7537ce72 100644
--- a/modules/subnets/README.md
+++ b/modules/subnets/README.md
@@ -67,7 +67,7 @@ module "vpc" {
| network\_name | The name of the network where subnets will be created | `string` | n/a | yes |
| project\_id | The ID of the project where subnets will be created | `string` | n/a | yes |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
-| subnets | The list of subnets being created | list(object({
subnet_name = string
subnet_ip = string
subnet_region = string
subnet_private_access = optional(string)
subnet_private_ipv6_access = optional(string)
subnet_flow_logs = optional(string)
subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")
subnet_flow_logs_sampling = optional(string, "0.5")
subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")
subnet_flow_logs_filter = optional(string, "true")
subnet_flow_logs_metadata_fields = optional(list(string), [])
description = optional(string)
})) | n/a | yes |
+| subnets | The list of subnets being created | list(object({
subnet_name = string
subnet_ip = string
subnet_region = string
subnet_private_access = optional(string, "false")
subnet_private_ipv6_access = optional(string)
subnet_flow_logs = optional(string, "false")
subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")
subnet_flow_logs_sampling = optional(string, "0.5")
subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")
subnet_flow_logs_filter = optional(string, "true")
subnet_flow_logs_metadata_fields = optional(list(string), [])
description = optional(string)
purpose = optional(string)
role = optional(string)
stack_type = optional(string)
ipv6_access_type = optional(string)
})) | n/a | yes |
## Outputs
@@ -87,13 +87,15 @@ The subnets list contains maps, where each object represents a subnet. Each map
| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes |
| subnet\_region | The region where the subnet will be created | string | - | yes |
| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no |
+| subnet\_private\_ipv6\_access| The private IPv6 google access type for the VMs in this subnet | string | - | no |
| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no |
| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no |
| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no |
| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no |
-| subnet\_flow\_logs\_filter_expr | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details | string | `"true"` | no |
+| subnet\_flow\_logs\_filter | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details | string | `"true"` | no |
| subnet\_flow\_logs\_metadata\_fields | List of metadata fields that should be added to reported logs. Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. | any | - | no |
+| description | An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time | string | - | no |
| purpose | The purpose of the subnet usage. Whether it is to be used as a regular subnet or for proxy or loadbalacing purposes, see https://cloud.google.com/vpc/docs/subnets#purpose for more details | string | `"PRIVATE"` | no |
-| role | The role of the subnet when using it as a proxy or loadbalancer network. Whether it is to be used as the active or as a backup subnet, see https://cloud.google.com/load-balancing/docs/proxy-only-subnets#proxy_only_subnet_create for more details | string | - | no |
-| stack | `IPV4_ONLY` or `IPV4_IPV6` for dual-stack networking | string | - | no |
-| ipv6\_type | `INTERNAL` or `EXTERNAL`. `INTERNAL` requires ULA be enabled on the VPC | string | - | no |
+| role | The role of the subnet when using it as a proxy or loadbalancer network. Whether it is to be used as the active or as a backup subnet, see https://cloud.google.com/load-balancing/docs/proxy-only-subnets#proxy_only_subnet_create for more details | string | - | no |
+| stack\_type | `IPV4_ONLY` or `IPV4_IPV6` for dual-stack networking | string | - | no |
+| ipv6\_access\_type | `INTERNAL` or `EXTERNAL`. `INTERNAL` requires ULA be enabled on the VPC | string | - | no |
diff --git a/modules/subnets/main.tf b/modules/subnets/main.tf
index b2e50f73..da0102d6 100644
--- a/modules/subnets/main.tf
+++ b/modules/subnets/main.tf
@@ -26,6 +26,7 @@ locals {
Subnet configuration
*****************************************/
resource "google_compute_subnetwork" "subnetwork" {
+
for_each = local.subnets
name = each.value.subnet_name
ip_cidr_range = each.value.subnet_ip
@@ -45,7 +46,7 @@ resource "google_compute_subnetwork" "subnetwork" {
flow_sampling = log_config.value.flow_sampling
metadata = log_config.value.metadata
filter_expr = log_config.value.filter_expr
- metadata_fields = log_config.value.metadata_fields
+ metadata_fields = log_config.value.metadata == "CUSTOM_METADATA" ? log_config.value.metadata_fields : null
}
}
network = var.network_name
@@ -64,6 +65,6 @@ resource "google_compute_subnetwork" "subnetwork" {
purpose = lookup(each.value, "purpose", null)
role = lookup(each.value, "role", null)
- stack_type = lookup(each.value, "stack", null)
- ipv6_access_type = lookup(each.value, "ipv6_type", null)
+ stack_type = lookup(each.value, "stack_type", null)
+ ipv6_access_type = lookup(each.value, "ipv6_access_type", null)
}
diff --git a/modules/subnets/variables.tf b/modules/subnets/variables.tf
index 7739a8ea..6992f128 100644
--- a/modules/subnets/variables.tf
+++ b/modules/subnets/variables.tf
@@ -29,15 +29,19 @@ variable "subnets" {
subnet_name = string
subnet_ip = string
subnet_region = string
- subnet_private_access = optional(string)
+ subnet_private_access = optional(string, "false")
subnet_private_ipv6_access = optional(string)
- subnet_flow_logs = optional(string)
+ subnet_flow_logs = optional(string, "false")
subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")
subnet_flow_logs_sampling = optional(string, "0.5")
subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")
subnet_flow_logs_filter = optional(string, "true")
subnet_flow_logs_metadata_fields = optional(list(string), [])
description = optional(string)
+ purpose = optional(string)
+ role = optional(string)
+ stack_type = optional(string)
+ ipv6_access_type = optional(string)
}))
description = "The list of subnets being created"
}
diff --git a/variables.tf b/variables.tf
index 295ac55e..0db1606c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -50,6 +50,10 @@ variable "subnets" {
subnet_flow_logs_filter = optional(string)
subnet_flow_logs_metadata_fields = optional(list(string))
description = optional(string)
+ purpose = optional(string)
+ role = optional(string)
+ stack_type = optional(string)
+ ipv6_access_type = optional(string)
}))
description = "The list of subnets being created"
}