terraform-google-modules · bharathkkb · Oct 25, 2022 · Oct 13, 2022 · Oct 14, 2022 · Oct 25, 2022
@@ -12,32 +12,15 @@ The purpose of this step is to set up the global [DNS Hub](https://cloud.google.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| access\_context\_manager\_policy\_id | The id of the default Access Context Manager policy created in step `1-org`. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`. | `number` | n/a | yes |
-| base\_hub\_dns\_enable\_inbound\_forwarding | Toggle inbound query forwarding for Base Hub VPC DNS. | `bool` | `true` | no |
-| base\_hub\_dns\_enable\_logging | Toggle DNS logging for Base Hub VPC DNS. | `bool` | `true` | no |
-| base\_hub\_firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls in Base Hub VPC. | `bool` | `true` | no |
-| base\_hub\_nat\_bgp\_asn | BGP ASN for first NAT cloud routes in Base Hub. | `number` | `64514` | no |
-| base\_hub\_nat\_enabled | Toggle creation of NAT cloud router in Base Hub. | `bool` | `false` | no |
-| base\_hub\_nat\_num\_addresses\_region1 | Number of external IPs to reserve for first Cloud NAT in Base Hub. | `number` | `2` | no |
-| base\_hub\_nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT in Base Hub. | `number` | `2` | no |
 | bgp\_asn\_dns | BGP Autonomous System Number (ASN). | `number` | `64667` | no |
 | dns\_enable\_logging | Toggle DNS logging for VPC DNS. | `bool` | `true` | no |
 | domain | The DNS name of forwarding managed zone, for instance 'example.com'. Must end with a period. | `string` | n/a | yes |
 | enable\_partner\_interconnect | Enable Partner Interconnect in the environment. | `bool` | `false` | no |
 | firewall\_policies\_enable\_logging | Toggle hierarchical firewall logging. | `bool` | `true` | no |
 | preactivate\_partner\_interconnect | Preactivate Partner Interconnect VLAN attachment in the environment. | `bool` | `false` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
-| restricted\_hub\_dns\_enable\_inbound\_forwarding | Toggle inbound query forwarding for Restricted Hub VPC DNS. | `bool` | `true` | no |
-| restricted\_hub\_dns\_enable\_logging | Toggle DNS logging for Restricted Hub VPC DNS. | `bool` | `true` | no |
-| restricted\_hub\_firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls in Restricted Hub VPC. | `bool` | `true` | no |
-| restricted\_hub\_nat\_bgp\_asn | BGP ASN for first NAT cloud routes in Restricted Hub. | `number` | `64514` | no |
-| restricted\_hub\_nat\_enabled | Toggle creation of NAT cloud router in Restricted Hub. | `bool` | `false` | no |
-| restricted\_hub\_nat\_num\_addresses\_region1 | Number of external IPs to reserve for first Cloud NAT in Restricted Hub. | `number` | `2` | no |
-| restricted\_hub\_nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT in Restricted Hub. | `number` | `2` | no |
-| restricted\_hub\_windows\_activation\_enabled | Enable Windows license activation for Windows workloads in Restricted Hub. | `bool` | `false` | no |
 | subnetworks\_enable\_logging | Toggle subnetworks flow logging for VPC Subnetworks. | `bool` | `true` | no |
 | target\_name\_server\_addresses | List of IPv4 address of target name servers for the forwarding zone configuration. See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones for details on target name servers in the context of Cloud DNS forwarding zones. | `list(map(any))` | n/a | yes |
-| terraform\_service\_account | Service account email of the account to be added to the VPC-SC perimeter. | `string` | n/a | yes |
 
 ## Outputs
 

@@ -19,16 +19,6 @@ variable "remote_state_bucket" {
   type        = string
 }
 
-variable "terraform_service_account" {
-  type        = string
-  description = "Service account email of the account to be added to the VPC-SC perimeter."
-}
-
-variable "access_context_manager_policy_id" {
-  type        = number
-  description = "The id of the default Access Context Manager policy created in step `1-org`. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format=\"value(name)\"`."
-}
-
 variable "dns_enable_logging" {
   type        = bool
   description = "Toggle DNS logging for VPC DNS."
@@ -57,96 +47,6 @@ variable "target_name_server_addresses" {
   type        = list(map(any))
 }
 
-variable "restricted_hub_windows_activation_enabled" {
-  type        = bool
-  description = "Enable Windows license activation for Windows workloads in Restricted Hub."
-  default     = false
-}
-
-variable "base_hub_dns_enable_inbound_forwarding" {
-  type        = bool
-  description = "Toggle inbound query forwarding for Base Hub VPC DNS."
-  default     = true
-}
-
-variable "restricted_hub_dns_enable_inbound_forwarding" {
-  type        = bool
-  description = "Toggle inbound query forwarding for Restricted Hub VPC DNS."
-  default     = true
-}
-
-variable "base_hub_dns_enable_logging" {
-  type        = bool
-  description = "Toggle DNS logging for Base Hub VPC DNS."
-  default     = true
-}
-
-variable "restricted_hub_dns_enable_logging" {
-  type        = bool
-  description = "Toggle DNS logging for Restricted Hub VPC DNS."
-  default     = true
-}
-
-variable "base_hub_firewall_enable_logging" {
-  type        = bool
-  description = "Toggle firewall logging for VPC Firewalls in Base Hub VPC."
-  default     = true
-}
-
-variable "restricted_hub_firewall_enable_logging" {
-  type        = bool
-  description = "Toggle firewall logging for VPC Firewalls in Restricted Hub VPC."
-  default     = true
-}
-
-variable "base_hub_nat_enabled" {
-  type        = bool
-  description = "Toggle creation of NAT cloud router in Base Hub."
-  default     = false
-}
-
-variable "restricted_hub_nat_enabled" {
-  type        = bool
-  description = "Toggle creation of NAT cloud router in Restricted Hub."
-  default     = false
-}
-
-variable "base_hub_nat_bgp_asn" {
-  type        = number
-  description = "BGP ASN for first NAT cloud routes in Base Hub."
-  default     = 64514
-}
-
-variable "restricted_hub_nat_bgp_asn" {
-  type        = number
-  description = "BGP ASN for first NAT cloud routes in Restricted Hub."
-  default     = 64514
-}
-
-variable "base_hub_nat_num_addresses_region1" {
-  type        = number
-  description = "Number of external IPs to reserve for first Cloud NAT in Base Hub."
-  default     = 2
-}
-
-variable "restricted_hub_nat_num_addresses_region1" {
-  type        = number
-  description = "Number of external IPs to reserve for first Cloud NAT in Restricted Hub."
-  default     = 2
-}
-
-variable "base_hub_nat_num_addresses_region2" {
-  type        = number
-  description = "Number of external IPs to reserve for second Cloud NAT in Base Hub."
-  default     = 2
-}
-
-variable "restricted_hub_nat_num_addresses_region2" {
-  type        = number
-  description = "Number of external IPs to reserve for second Cloud NAT in Restricted Hub."
-  default     = 2
-}
-
 variable "firewall_policies_enable_logging" {
   type        = bool
   description = "Toggle hierarchical firewall logging."

@@ -52,18 +52,17 @@ func TestShared(t *testing.T) {
 	utils.SetEnv(t, "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", terraformSA)
 	backend_bucket := bootstrap.GetStringOutput("gcs_bucket_tfstate")
 
-	vars := map[string]interface{}{
-		"access_context_manager_policy_id": policyID,
-		"remote_state_bucket":              backend_bucket,
-		"terraform_service_account":        terraformSA,
-	}
-
 	backendConfig := map[string]interface{}{
 		"bucket": backend_bucket,
 	}
 
+	vars := map[string]interface{}{
+		"remote_state_bucket": backend_bucket,
+	}
 	var tfdDir string
 	if isHubAndSpokeMode(t) {
+		vars["access_context_manager_policy_id"] = policyID
+		vars["terraform_service_account"] = terraformSA
 		tfdDir = "../../../3-networks-hub-and-spoke/envs/shared"
 	} else {
 		tfdDir = "../../../3-networks-dual-svpc/envs/shared"