diff --git a/3-networks-dual-svpc/envs/shared/README.md b/3-networks-dual-svpc/envs/shared/README.md index 239eca0f0..88d0209b2 100644 --- a/3-networks-dual-svpc/envs/shared/README.md +++ b/3-networks-dual-svpc/envs/shared/README.md @@ -12,14 +12,6 @@ The purpose of this step is to set up the global [DNS Hub](https://cloud.google. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_context\_manager\_policy\_id | The id of the default Access Context Manager policy created in step `1-org`. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`. | `number` | n/a | yes | -| base\_hub\_dns\_enable\_inbound\_forwarding | Toggle inbound query forwarding for Base Hub VPC DNS. | `bool` | `true` | no | -| base\_hub\_dns\_enable\_logging | Toggle DNS logging for Base Hub VPC DNS. | `bool` | `true` | no | -| base\_hub\_firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls in Base Hub VPC. | `bool` | `true` | no | -| base\_hub\_nat\_bgp\_asn | BGP ASN for first NAT cloud routes in Base Hub. | `number` | `64514` | no | -| base\_hub\_nat\_enabled | Toggle creation of NAT cloud router in Base Hub. | `bool` | `false` | no | -| base\_hub\_nat\_num\_addresses\_region1 | Number of external IPs to reserve for first Cloud NAT in Base Hub. | `number` | `2` | no | -| base\_hub\_nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT in Base Hub. | `number` | `2` | no | | bgp\_asn\_dns | BGP Autonomous System Number (ASN). | `number` | `64667` | no | | dns\_enable\_logging | Toggle DNS logging for VPC DNS. | `bool` | `true` | no | | domain | The DNS name of forwarding managed zone, for instance 'example.com'. Must end with a period. | `string` | n/a | yes | @@ -27,17 +19,8 @@ The purpose of this step is to set up the global [DNS Hub](https://cloud.google. | firewall\_policies\_enable\_logging | Toggle hierarchical firewall logging. | `bool` | `true` | no | | preactivate\_partner\_interconnect | Preactivate Partner Interconnect VLAN attachment in the environment. | `bool` | `false` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | -| restricted\_hub\_dns\_enable\_inbound\_forwarding | Toggle inbound query forwarding for Restricted Hub VPC DNS. | `bool` | `true` | no | -| restricted\_hub\_dns\_enable\_logging | Toggle DNS logging for Restricted Hub VPC DNS. | `bool` | `true` | no | -| restricted\_hub\_firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls in Restricted Hub VPC. | `bool` | `true` | no | -| restricted\_hub\_nat\_bgp\_asn | BGP ASN for first NAT cloud routes in Restricted Hub. | `number` | `64514` | no | -| restricted\_hub\_nat\_enabled | Toggle creation of NAT cloud router in Restricted Hub. | `bool` | `false` | no | -| restricted\_hub\_nat\_num\_addresses\_region1 | Number of external IPs to reserve for first Cloud NAT in Restricted Hub. | `number` | `2` | no | -| restricted\_hub\_nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT in Restricted Hub. | `number` | `2` | no | -| restricted\_hub\_windows\_activation\_enabled | Enable Windows license activation for Windows workloads in Restricted Hub. | `bool` | `false` | no | | subnetworks\_enable\_logging | Toggle subnetworks flow logging for VPC Subnetworks. | `bool` | `true` | no | | target\_name\_server\_addresses | List of IPv4 address of target name servers for the forwarding zone configuration. See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones for details on target name servers in the context of Cloud DNS forwarding zones. | `list(map(any))` | n/a | yes | -| terraform\_service\_account | Service account email of the account to be added to the VPC-SC perimeter. | `string` | n/a | yes | ## Outputs diff --git a/3-networks-dual-svpc/envs/shared/variables.tf b/3-networks-dual-svpc/envs/shared/variables.tf index 562b9de8b..a0354aabb 100644 --- a/3-networks-dual-svpc/envs/shared/variables.tf +++ b/3-networks-dual-svpc/envs/shared/variables.tf @@ -19,16 +19,6 @@ variable "remote_state_bucket" { type = string } -variable "terraform_service_account" { - type = string - description = "Service account email of the account to be added to the VPC-SC perimeter." -} - -variable "access_context_manager_policy_id" { - type = number - description = "The id of the default Access Context Manager policy created in step `1-org`. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format=\"value(name)\"`." -} - variable "dns_enable_logging" { type = bool description = "Toggle DNS logging for VPC DNS." @@ -57,96 +47,6 @@ variable "target_name_server_addresses" { type = list(map(any)) } -variable "restricted_hub_windows_activation_enabled" { - type = bool - description = "Enable Windows license activation for Windows workloads in Restricted Hub." - default = false -} - -variable "base_hub_dns_enable_inbound_forwarding" { - type = bool - description = "Toggle inbound query forwarding for Base Hub VPC DNS." - default = true -} - -variable "restricted_hub_dns_enable_inbound_forwarding" { - type = bool - description = "Toggle inbound query forwarding for Restricted Hub VPC DNS." - default = true -} - -variable "base_hub_dns_enable_logging" { - type = bool - description = "Toggle DNS logging for Base Hub VPC DNS." - default = true -} - -variable "restricted_hub_dns_enable_logging" { - type = bool - description = "Toggle DNS logging for Restricted Hub VPC DNS." - default = true -} - -variable "base_hub_firewall_enable_logging" { - type = bool - description = "Toggle firewall logging for VPC Firewalls in Base Hub VPC." - default = true -} - -variable "restricted_hub_firewall_enable_logging" { - type = bool - description = "Toggle firewall logging for VPC Firewalls in Restricted Hub VPC." - default = true -} - -variable "base_hub_nat_enabled" { - type = bool - description = "Toggle creation of NAT cloud router in Base Hub." - default = false -} - -variable "restricted_hub_nat_enabled" { - type = bool - description = "Toggle creation of NAT cloud router in Restricted Hub." - default = false -} - -variable "base_hub_nat_bgp_asn" { - type = number - description = "BGP ASN for first NAT cloud routes in Base Hub." - default = 64514 -} - -variable "restricted_hub_nat_bgp_asn" { - type = number - description = "BGP ASN for first NAT cloud routes in Restricted Hub." - default = 64514 -} - -variable "base_hub_nat_num_addresses_region1" { - type = number - description = "Number of external IPs to reserve for first Cloud NAT in Base Hub." - default = 2 -} - -variable "restricted_hub_nat_num_addresses_region1" { - type = number - description = "Number of external IPs to reserve for first Cloud NAT in Restricted Hub." - default = 2 -} - -variable "base_hub_nat_num_addresses_region2" { - type = number - description = "Number of external IPs to reserve for second Cloud NAT in Base Hub." - default = 2 -} - -variable "restricted_hub_nat_num_addresses_region2" { - type = number - description = "Number of external IPs to reserve for second Cloud NAT in Restricted Hub." - default = 2 -} - variable "firewall_policies_enable_logging" { type = bool description = "Toggle hierarchical firewall logging." diff --git a/test/integration/shared/shared_test.go b/test/integration/shared/shared_test.go index 56db8d89d..ab182cdce 100644 --- a/test/integration/shared/shared_test.go +++ b/test/integration/shared/shared_test.go @@ -52,18 +52,17 @@ func TestShared(t *testing.T) { utils.SetEnv(t, "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", terraformSA) backend_bucket := bootstrap.GetStringOutput("gcs_bucket_tfstate") - vars := map[string]interface{}{ - "access_context_manager_policy_id": policyID, - "remote_state_bucket": backend_bucket, - "terraform_service_account": terraformSA, - } - backendConfig := map[string]interface{}{ "bucket": backend_bucket, } + vars := map[string]interface{}{ + "remote_state_bucket": backend_bucket, + } var tfdDir string if isHubAndSpokeMode(t) { + vars["access_context_manager_policy_id"] = policyID + vars["terraform_service_account"] = terraformSA tfdDir = "../../../3-networks-hub-and-spoke/envs/shared" } else { tfdDir = "../../../3-networks-dual-svpc/envs/shared"