Merge branch 'main' into doc/submodule_network_peering_example

Author: imrannayer

CHANGELOG.md

@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [11.1.1](https://github.com/terraform-google-modules/terraform-google-network/compare/v11.1.0...v11.1.1) (2025-05-27)
+
+
+### Bug Fixes
+
+* default value for bgp_inter_region_cost and bgp_best_path_selection_mode ([#616](https://github.com/terraform-google-modules/terraform-google-network/issues/616)) ([1bb1b32](https://github.com/terraform-google-modules/terraform-google-network/commit/1bb1b32a72583122b18cebe417b2c0b4d253b2aa))
+
+## [11.1.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v11.0.0...v11.1.0) (2025-05-08)
+
+
+### Features
+
+* added bgp_best_path_selection_mode bgp_always_compare_med bgp_inter_region_cost in VPC module ([#610](https://github.com/terraform-google-modules/terraform-google-network/issues/610)) ([aab974a](https://github.com/terraform-google-modules/terraform-google-network/commit/aab974aa485132f97edab4e404108e874baaa0a2))
+
+## [11.0.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v10.0.0...v11.0.0) (2025-04-23)
+
+
+### ⚠ BREAKING CHANGES
+
+* **TPG>6.28:** added support for packet mirroring firewall policy rule,  src_networks, src_network_scope and dest_network_scope ([#596](https://github.com/terraform-google-modules/terraform-google-network/issues/596))
+
+### Features
+
+* added security profile rule support in network firewall policy ([#602](https://github.com/terraform-google-modules/terraform-google-network/issues/602)) ([339e6f6](https://github.com/terraform-google-modules/terraform-google-network/commit/339e6f6013d5d7b749f4e8eb18410dc59f1d6ab3))
+* **TPG>6.28:** added support for packet mirroring firewall policy rule,  src_networks, src_network_scope and dest_network_scope ([#596](https://github.com/terraform-google-modules/terraform-google-network/issues/596)) ([3ac6496](https://github.com/terraform-google-modules/terraform-google-network/commit/3ac64964bd2fd7f9f4f763d6f5152e9456f2e175))
+
 ## [10.0.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v9.3.0...v10.0.0) (2024-12-11)
 
 

README.md

@@ -36,7 +36,7 @@ Comprehensive examples are available in [examples](https://github.com/terraform-
 ```hcl
 module "vpc" {
     source  = "terraform-google-modules/network/google"
-    version = "~> 11.0"
+    version = "~> 11.1"
 
     project_id   = "<PROJECT ID>"
     network_name = "example-vpc"
@@ -111,11 +111,14 @@ Then perform the following commands on the root folder:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | `bool` | `false` | no |
+| bgp\_always\_compare\_med | If set to true, the Cloud Router will use MED values from the peer even if the AS paths differ. Default is false. | `bool` | `false` | no |
+| bgp\_best\_path\_selection\_mode | Specifies the BGP best path selection mode. Valid values are `STANDARD` or `LEGACY`. Default is `LEGACY`. | `string` | `"LEGACY"` | no |
+| bgp\_inter\_region\_cost | Specifies the BGP inter-region cost mode. Valid values are `DEFAULT` or `ADD_COST_TO_MED`. | `string` | `null` | no |
 | delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | `bool` | `false` | no |
 | description | An optional description of this resource. The resource must be recreated to modify this field. | `string` | `""` | no |
 | egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
-| enable\_ipv6\_ula | Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false') | `bool` | `false` | no |
-| firewall\_rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| enable\_ipv6\_ula | Enabled IPv6 ULA, this is a permanent change and cannot be undone! (default 'false') | `bool` | `false` | no |
+| firewall\_rules | This is DEPRECATED and available for backward compatibility. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 | ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 | internal\_ipv6\_range | When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) | `string` | `null` | no |
 | mtu | The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | `number` | `0` | no |

main.tf

@@ -31,6 +31,9 @@ module "vpc" {
   internal_ipv6_range                       = var.internal_ipv6_range
   network_firewall_policy_enforcement_order = var.network_firewall_policy_enforcement_order
   network_profile                           = var.network_profile
+  bgp_always_compare_med                    = var.bgp_always_compare_med
+  bgp_best_path_selection_mode              = var.bgp_best_path_selection_mode
+  bgp_inter_region_cost                     = var.bgp_inter_region_cost
 }
 
 /******************************************

metadata.yaml

@@ -24,7 +24,7 @@ spec:
     source:
       repo: https://github.com/terraform-google-modules/terraform-google-network.git
       sourceType: git
-    version: 10.0.0
+    version: 11.1.1
     actuationTool:
       flavor: Terraform
       version: ">= 1.3"
@@ -159,11 +159,11 @@ spec:
             }))
         defaultValue: []
       - name: enable_ipv6_ula
-        description: Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false')
+        description: Enabled IPv6 ULA, this is a permanent change and cannot be undone! (default 'false')
         varType: bool
         defaultValue: false
       - name: firewall_rules
-        description: This is DEPRICATED and available for backward compatiblity. Use ingress_rules and egress_rules variables. List of firewall rules
+        description: This is DEPRECATED and available for backward compatibility. Use ingress_rules and egress_rules variables. List of firewall rules
         varType: |-
           list(object({
               name                    = string

modules/fabric-net-firewall/metadata.yaml

@@ -25,7 +25,7 @@ spec:
       repo: https://github.com/terraform-google-modules/terraform-google-network.git
       sourceType: git
       dir: /modules/fabric-net-firewall
-    version: 10.0.0
+    version: 11.1.1
     actuationTool:
       flavor: Terraform
       version: ">= 1.3"

modules/fabric-net-firewall/versions.tf

@@ -25,6 +25,6 @@ terraform {
   }
 
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-network:fabric-net-firewall/v10.0.0"
+    module_name = "blueprints/terraform/terraform-google-network:fabric-net-firewall/v11.1.1"
   }
 }

modules/fabric-net-svpc-access/metadata.yaml

@@ -25,7 +25,7 @@ spec:
       repo: https://github.com/terraform-google-modules/terraform-google-network.git
       sourceType: git
       dir: /modules/fabric-net-svpc-access
-    version: 10.0.0
+    version: 11.1.1
     actuationTool:
       flavor: Terraform
       version: ">= 0.13.0"

modules/fabric-net-svpc-access/versions.tf

@@ -29,9 +29,9 @@ terraform {
   }
 
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-network:fabric-net-svpc-access/v10.0.0"
+    module_name = "blueprints/terraform/terraform-google-network:fabric-net-svpc-access/v11.1.1"
   }
   provider_meta "google-beta" {
-    module_name = "blueprints/terraform/terraform-google-network:fabric-net-svpc-access/v10.0.0"
+    module_name = "blueprints/terraform/terraform-google-network:fabric-net-svpc-access/v11.1.1"
   }
 }

modules/firewall-rules/README.md

@@ -44,7 +44,7 @@ module "firewall_rules" {
 | ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 | network\_name | Name of the network this set of firewall rules applies to. | `string` | n/a | yes |
 | project\_id | Project id of the project that holds the network. | `string` | n/a | yes |
-| rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of custom rule definitions | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| rules | This is DEPRECATED and available for backward compatibility. Use ingress\_rules and egress\_rules variables. List of custom rule definitions | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 

modules/firewall-rules/metadata.yaml

@@ -25,7 +25,7 @@ spec:
       repo: https://github.com/terraform-google-modules/terraform-google-network.git
       sourceType: git
       dir: /modules/firewall-rules
-    version: 10.0.0
+    version: 11.1.1
     actuationTool:
       flavor: Terraform
       version: ">= 1.3.0"
@@ -155,7 +155,7 @@ spec:
         varType: string
         required: true
       - name: rules
-        description: This is DEPRICATED and available for backward compatiblity. Use ingress_rules and egress_rules variables. List of custom rule definitions
+        description: This is DEPRECATED and available for backward compatibility. Use ingress_rules and egress_rules variables. List of custom rule definitions
         varType: |-
           list(object({
               name                    = string