Terraform Network Module

This modules makes it easy to set up a new VPC Network in GCP by defining your network and subnet ranges in a concise syntax.

It supports creating:

• A Google Virtual Private Network (VPC)
• Subnets within the VPC
• Secondary ranges for the subnets (if applicable)

Usage

You can go to the examples folder, however the usage of the module could be like this in your own main.tf file:

module "vpc" {
    source = "github.com/terraform-google-modules/terraform-google-network"
    project_id   = "<PROJECT ID>"
    network_name = "example-vpc"

    subnets = [
        {
            subnet_name           = "subnet-01"
            subnet_ip             = "10.10.10.0/24"
            subnet_region         = "us-west1"
        },
        {
            subnet_name           = "subnet-02"
            subnet_ip             = "10.10.20.0/24"
            subnet_region         = "us-west1"
            subnet_private_access = true
            subnet_flow_logs      = true
        },
    ]

    secondary_ranges = {
        subnet-01 = [
            {
                range_name    = "subnet-01-secondary-01"
                ip_cidr_range = "192.168.64.0/24"
            },
        ]

        subnet-02 = []
    }
}

Then perform the following commands on the root folder:

• terraform init to get the plugins
• terraform plan to see the infrastructure plan
• terraform apply to apply the infrastructure build
• terraform destroy to destroy the built infrastructure

Inputs

Name	Description	Type	Default	Required
network_name	The name of the network being created	string	-	yes
project_id	The ID of the project where this VPC will be created	string	-	yes
shared_vpc_host	Makes this project a Shared VPC host if 'true' (default 'false')	string	false	no
subnets	The list of subnets being created	list	-	yes
secondary_ranges	Secondary ranges that will be used in some of the subnets	map	-	yes

Subnet Inputs

The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references):

Name	Description	Type	Default	Required
subnet_name	The name of the subnet being created	string	-	yes
subnet_ip	The IP and CIDR range of the subnet being created	string	-	yes
subnet_region	The region where the subnet will be created	string	-	yes
subnet_private_access	Whether this subnet will have private Google access enabled	boolean	false	no
subnet_flow_logs	Whether the subnet will record and send flow log data to logging	boolean	false	no

Outputs

Name	Description
network_name	The name of the VPC being created
network_self_link	The URI of the VPC being created
subnets_ips	The IPs and CIDRs of the subnets being created
subnets_names	The names of the subnets being created
subnets_private_access	Whether the subnets will have access to Google API's without a public IP
subnets_flow_logs	Whether the subnets will have VPC flow logs enabled
subnets_regions	The region where the subnets will be created
subnets_secondary_ranges	The secondary ranges associated with these subnets

Requirements

Terraform plugins

• Terraform 0.10.x
• terraform-provider-google plugin v1.8.0

Configure a Service Account

In order to execute this module you must have a Service Account with the following roles:

• roles/compute.networkAdmin on the organization

Enable API's

In order to operate with the Service Account you must activate the following API on the project where the Service Account was created:

• Compute Engine API - compute.googleapis.com

Install

Terraform

Be sure you have the correct Terraform version (0.10.x), you can choose the binary here:

• https://releases.hashicorp.com/terraform/

File structure

The project has the following folders and files:

• /: root folder
• /examples: examples for using this module
• /test: Folders with files for testing the module (see Testing section on this file)
• /main.tf: main file for this module, contains all the resources to create
• /variables.tf: all the variables for the module
• /output.tf: the outputs of the module
• /README.md: this file

Testing and documentation generation

Requirements

• bats 0.4.0
• jq 1.5
• terraform-docs 0.3.0

Integration test

Terraform integration tests

The integration tests for this module are built with bats, basically the test checks the following:

• Perform terraform init command
• Perform terraform get command
• Perform terraform plan command and check that it'll create n resources, modify 0 resources and delete 0 resources
• Perform terraform apply -auto-approve command and check that it has created the n resources, modified 0 resources and deleted 0 resources
• Perform several gcloud commands and check the infrastructure is in the desired state
• Perform terraform destroy -force command and check that it has destroyed the n resources

You can use the following command to run the integration test in the folder /test/integration/gcloud-test

. launch.sh

Autogeneration of documentation from .tf files

Run

make generate_docs

Linting

The makefile in this project will lint or sometimes just format any shell, Python, golang, Terraform, or Dockerfiles. The linters will only be run if the makefile finds files with the appropriate file extension.

All of the linter checks are in the default make target, so you just have to run

make -s

The -s is for 'silent'. Successful output looks like this

Running shellcheck
Running flake8
Running gofmt
Running terraform validate
Running hadolint on Dockerfiles
Test passed - Verified all file Apache 2 headers

The linters are as follows:

• Shell - shellcheck. Can be found in homebrew
• Python - flake8. Can be installed with 'pip install flake8'
• Golang - gofmt. gofmt comes with the standard golang installation. golang is a compiled language so there is no standard linter.
• Terraform - terraform has a built-in linter in the 'terraform validate' command.
• Dockerfiles - hadolint. Can be found in homebrew