terraform-example-foundation
terraform-example-foundation copied to clipboard
terraform-google-modules
Eliminate the hardcoding of IP addresses in "3-networks hub & spoke" - use module variables and tfvars
TL;DR
Examples
envs/development/main.tf
envs/non-production/main.tf
envs/production/main.tf
locals
...
module "base_env" {
...
enable_partner_interconnect = false
base_private_service_connect_ip = "10.17.0.2"
restricted_private_service_connect_ip = "10.17.0.6"
Also as an example in envs/shared/hierarchical_firewall.tf module "hierarchical_firewall_policy" { rules = { envs/shared/net-hubs-transitivity.tf, envs/shared/net-hubs.tf : in locals
etc...
Terraform Resources
No response
Detailed design
Ideally provide top level configuration propagated to modules
Or at least package top-level tfvar, included beneath, files with instructions on parameterization
Additional information
No response
It is much more hardcoding around - hundreds of instances of it deep down in the code: 48 occurrences in the main.tf under 3-networks-hub-and-spoke/envs/ (development, production and non-production) 37 occurrences under 3-networks-hub-and-spoke/envs/shared/dns-hub.tf (dns-hub.tf, hierarchical_firewall.tf, net-hub-transitivity.tf, net-hubs.tf) and 14 more under 3-networks-hub-and-spoke/modules Similarly under 3-networks-dual-svpc
Then under 4-projects the subnet IP range is hardcodes in main.tf for each of the environments (development, production, non-production) for each of business_unit_1 and _2
All this hardcoding must be replaced with var-based expressions
And I would suggest to label it not as "enhancement" but "fixing poor coding practice"
stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21
