Merge branch 'main' into dependabot/go_modules/test/integration/golang.org/x/net-0.38.0

Author: g-awmalik

CHANGELOG.md

@@ -7,6 +7,24 @@ The format is based on
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.0.0](https://github.com/terraform-google-modules/terraform-google-cloud-router/compare/v6.3.0...v7.0.0) (2025-04-28)
+
+
+### ⚠ BREAKING CHANGES
+
+* **TPG >= 5.12:** update interface module min provider version >= 5.12 ([#153](https://github.com/terraform-google-modules/terraform-google-cloud-router/issues/153))
+* MD5 authentication for BGP support
+
+### Features
+
+* MD5 authentication for BGP support ([e6f8b6c](https://github.com/terraform-google-modules/terraform-google-cloud-router/commit/e6f8b6c73f564faea90b90b468757e5e35b244a6))
+* partner interconnect ([#147](https://github.com/terraform-google-modules/terraform-google-cloud-router/issues/147)) ([0cff190](https://github.com/terraform-google-modules/terraform-google-cloud-router/commit/0cff1905735f4de59b65e12793adec7d3d6fa777))
+
+
+### Bug Fixes
+
+* **TPG >= 5.12:** update interface module min provider version >= 5.12 ([#153](https://github.com/terraform-google-modules/terraform-google-cloud-router/issues/153)) ([532c95d](https://github.com/terraform-google-modules/terraform-google-cloud-router/commit/532c95d348055bc8d8eac198837f83352409c3a5))
+
 ## [6.3.0](https://github.com/terraform-google-modules/terraform-google-cloud-router/compare/v6.2.0...v6.3.0) (2025-03-05)
 
 

Makefile

@@ -69,6 +69,7 @@ docker_test_integration:
 docker_test_lint:
 	docker run --rm -it \
 		-v "$(CURDIR)":/workspace \
+		-e ENABLE_BPMETADATA=1 \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_lint.sh
 
@@ -77,8 +78,9 @@ docker_test_lint:
 docker_generate_docs:
 	docker run --rm -it \
 		-v "$(CURDIR)":/workspace \
+		-e ENABLE_BPMETADATA=1 \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
-		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
 
 # Alias for backwards compatibility
 .PHONY: generate_docs

README.md

@@ -19,7 +19,7 @@ Basic usage of this module is as follows:
 ```hcl
 module "cloud_router" {
   source  = "terraform-google-modules/cloud-router/google"
-  version = "~> 6.3"
+  version = "~> 7.0"
 
   name    = "example-router"
   region  = "us-central1"

examples/interconnect_attachment/main.tf

@@ -16,7 +16,7 @@
 
 module "cloud_router" {
   source  = "terraform-google-modules/cloud-router/google"
-  version = "~> 6.0"
+  version = "~> 7.0"
 
   name    = "example-router"
   project = "example-project"
@@ -31,7 +31,7 @@ module "cloud_router" {
 
 module "interconnect_attachment" {
   source  = "terraform-google-modules/cloud-router/google//modules/interconnect_attachment"
-  version = "~> 6.0"
+  version = "~> 7.0"
 
   name    = "example-attachment"
   project = "example-project"

examples/nat/main.tf

@@ -16,7 +16,7 @@
 
 module "vpc" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 10.0"
+  version = "~> 11.0"
 
   project_id   = var.project_id
   network_name = "test-network"
@@ -42,7 +42,7 @@ module "vpc" {
 # [START cloudnat_simple_create]
 module "cloud_router" {
   source  = "terraform-google-modules/cloud-router/google"
-  version = "~> 6.0"
+  version = "~> 7.0"
   name    = "my-cloud-router"
   project = var.project_id
   network = module.vpc.network_name

examples/simple_example/main.tf

@@ -16,7 +16,7 @@
 
 module "vpc" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 10.0"
+  version = "~> 11.0"
 
   project_id   = var.project_id
   network_name = "test-network"
@@ -28,7 +28,7 @@ module "vpc" {
 # [START cloudrouter_create]
 module "cloud_router" {
   source  = "terraform-google-modules/cloud-router/google"
-  version = "~> 6.0"
+  version = "~> 7.0"
 
   name   = "my-router"
   region = "us-central1"

metadata.display.yaml

@@ -0,0 +1,52 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-cloud-router-display
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  info:
+    source:
+      repo: https://github.com/terraform-google-modules/terraform-google-cloud-router.git
+      sourceType: git
+  ui:
+    input:
+      variables:
+        bgp:
+          name: bgp
+          title: Bgp
+        description:
+          name: description
+          title: Description
+        encrypted_interconnect_router:
+          name: encrypted_interconnect_router
+          title: Encrypted Interconnect Router
+        name:
+          name: name
+          title: Name
+        nats:
+          name: nats
+          title: Nats
+        network:
+          name: network
+          title: Network
+        project:
+          name: project
+          title: Project
+        region:
+          name: region
+          title: Region

metadata.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ spec:
     source:
       repo: https://github.com/terraform-google-modules/terraform-google-cloud-router.git
       sourceType: git
-    version: 6.3.0
+    version: 7.0.0
     actuationTool:
       flavor: Terraform
       version: ">= 1.3"
@@ -43,6 +43,29 @@ spec:
         location: examples/simple_example
   interfaces:
     variables:
+      - name: name
+        description: Name of the router
+        varType: string
+        required: true
+      - name: network
+        description: A reference to the network to which this router belongs
+        varType: string
+        required: true
+      - name: project
+        description: The project ID to deploy to
+        varType: string
+        required: true
+      - name: region
+        description: Region where the router resides
+        varType: string
+        required: true
+      - name: description
+        description: An optional description of this resource
+        varType: string
+      - name: encrypted_interconnect_router
+        description: An optional field to indicate if a router is dedicated to use with encrypted Interconnect Attachment
+        varType: bool
+        defaultValue: false
       - name: bgp
         description: BGP information specific to this router.
         varType: |-
@@ -56,13 +79,6 @@ spec:
               })), [])
               keepalive_interval = optional(number)
             })
-      - name: description
-        description: An optional description of this resource
-        varType: string
-      - name: name
-        description: Name of the router
-        varType: string
-        required: true
       - name: nats
         description: NATs to deploy on this router.
         varType: |-
@@ -71,6 +87,7 @@ spec:
               nat_ip_allocate_option              = optional(string)
               source_subnetwork_ip_ranges_to_nat  = optional(string)
               nat_ips                             = optional(list(string), [])
+              drain_nat_ips                       = optional(list(string), [])
               min_ports_per_vm                    = optional(number)
               max_ports_per_vm                    = optional(number)
               udp_idle_timeout_sec                = optional(number)
@@ -94,18 +111,6 @@ spec:
 
             }))
         defaultValue: []
-      - name: network
-        description: A reference to the network to which this router belongs
-        varType: string
-        required: true
-      - name: project
-        description: The project ID to deploy to
-        varType: string
-        required: true
-      - name: region
-        description: Region where the router resides
-        varType: string
-        required: true
     outputs:
       - name: nat
         description: Created NATs
@@ -120,3 +125,6 @@ spec:
       - cloudresourcemanager.googleapis.com
       - serviceusage.googleapis.com
       - compute.googleapis.com
+    providerVersions:
+      - source: hashicorp/google
+        version: ">= 4.51, < 7"

modules/interconnect_attachment/README.md

@@ -8,14 +8,16 @@
 | admin\_enabled | Whether the VLAN attachment is enabled or disabled | `bool` | `true` | no |
 | bandwidth | Provisioned bandwidth capacity for the interconnect attachment | `string` | `"BPS_10G"` | no |
 | candidate\_subnets | Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment. All prefixes must be within link-local address space (169.254.0.0/16) and must be /29 or shorter (/28, /27, etc). | `list(string)` | `null` | no |
+| create\_interface | Whether to create router interface (and peer) for this attachment. Set this to false for PARTNER type. | `bool` | `true` | no |
 | description | An optional description of this resource | `string` | `null` | no |
+| edge\_availability\_domain | Desired availability domain for the attachment. Only available for type PARTNER, at creation time. | `string` | `null` | no |
 | encryption | Indicates the user-supplied encryption option of this interconnect attachment. | `string` | `"NONE"` | no |
-| interconnect | URL of the underlying Interconnect object that this attachment's traffic will traverse through. | `string` | n/a | yes |
-| interface | Interface to deploy for this attachment. | <pre>object({<br>    name = string<br>  })</pre> | n/a | yes |
+| interconnect | URL of the underlying Interconnect object that this attachment's traffic will traverse through. | `string` | `""` | no |
+| interface | Interface to deploy for this attachment. | <pre>object({<br>    name = string<br>  })</pre> | `null` | no |
 | ipsec\_internal\_addresses | URL of addresses that have been reserved for the interconnect attachment, Used only for interconnect attachment that has the encryption option as IPSEC. | `list(string)` | `[]` | no |
 | mtu | Maximum Transmission Unit (MTU), in bytes, of packets passing through this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. | `string` | `null` | no |
 | name | The name of the interconnect attachment | `string` | n/a | yes |
-| peer | BGP Peer for this attachment. | <pre>object({<br>    name                      = string<br>    peer_asn                  = string<br>    advertised_route_priority = optional(number)<br>    bfd = optional(object({<br>      session_initialization_mode = string<br>      min_transmit_interval       = optional(number)<br>      min_receive_interval        = optional(number)<br>      multiplier                  = optional(number)<br>    }))<br>  })</pre> | n/a | yes |
+| peer | BGP Peer for this attachment. | <pre>object({<br>    name                      = string<br>    peer_asn                  = string<br>    advertised_route_priority = optional(number)<br>    bfd = optional(object({<br>      session_initialization_mode = string<br>      min_transmit_interval       = optional(number)<br>      min_receive_interval        = optional(number)<br>      multiplier                  = optional(number)<br>    }))<br>    md5_authentication_key = optional(object({<br>      name = string<br>      key  = string<br>    }))<br>  })</pre> | `null` | no |
 | project | The project ID to deploy to | `string` | n/a | yes |
 | region | Region where the attachment resides | `string` | n/a | yes |
 | router | Name of the router the attachment resides | `string` | n/a | yes |

modules/interconnect_attachment/main.tf

@@ -22,8 +22,9 @@ resource "google_compute_interconnect_attachment" "attachment" {
   interconnect             = var.interconnect
   admin_enabled            = var.admin_enabled
   type                     = var.type
+  edge_availability_domain = var.edge_availability_domain
   description              = var.description
-  bandwidth                = var.bandwidth
+  bandwidth                = var.type == "DEDICATED" ? var.bandwidth : null
   mtu                      = var.mtu
   candidate_subnets        = var.candidate_subnets
   vlan_tag8021q            = var.vlan_tag8021q
@@ -32,20 +33,28 @@ resource "google_compute_interconnect_attachment" "attachment" {
 }
 
 module "interface" {
+  count = var.create_interface ? 1 : 0
+
   source                  = "../interface"
-  name                    = var.interface.name
+  name                    = try(var.interface.name, null)
   project                 = var.project
   router                  = var.router
   region                  = var.region
   ip_range                = google_compute_interconnect_attachment.attachment.cloud_router_ip_address
   interconnect_attachment = google_compute_interconnect_attachment.attachment.self_link
   peers = [{
-    name = var.peer.name
+    name = try(var.peer.name, null)
 
     # Peer IP Address must not contain the subnet mask, else will throw an invalid IP address error.
     peer_ip_address           = element(split("/", google_compute_interconnect_attachment.attachment.customer_router_ip_address), 0)
-    peer_asn                  = var.peer.peer_asn
-    advertised_route_priority = lookup(var.peer, "advertised_route_priority", null)
-    bfd                       = lookup(var.peer, "bfd", null)
+    peer_asn                  = try(var.peer.peer_asn, null)
+    advertised_route_priority = try(var.peer.advertised_route_priority, null)
+    bfd                       = try(var.peer.bfd, null)
+    md5_authentication_key    = try(var.peer.md5_authentication_key, null)
   }]
 }
+
+moved {
+  from = module.interface
+  to   = module.interface[0]
+}