feat: added producer VPC network spoke (#634)

Author: imrannayer

Makefile

@@ -89,7 +89,7 @@ docker_restore_examples:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
-		-e ENABLE_BPMETADATA \
+		-e ENABLE_BPMETADATA=1 \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'

docs/upgrading_to_v12.0.0.md

@@ -0,0 +1,6 @@
+# Upgrading to v12.0.0
+
+The v12.0 release contains backwards-incompatible changes.
+
+This update requires upgrading:
+- minimum provider version of `hashicorp/google` to `6.49` for network-connectivity-center sub-module.

examples/network_connectivity_center/main.tf

@@ -15,7 +15,9 @@
  */
 
 module "network_connectivity_center" {
-  source       = "terraform-google-modules/network/google//modules/network-connectivity-center"
+  source  = "terraform-google-modules/network/google//modules/network-connectivity-center"
+  version = "~> 12.0"
+
   project_id   = var.project_id
   ncc_hub_name = var.ncc_hub_name
   ncc_hub_labels = {
@@ -24,14 +26,33 @@ module "network_connectivity_center" {
   spoke_labels = {
     "created-by" = "terraform-google-ncc-example"
   }
+
   vpc_spokes = {
     "vpc-1" = {
       uri = module.vpc_spoke_vpc.network_id
       labels = {
         "spoke-type" = "vpc"
       }
     }
+    "producer-conn" = {
+      uri = google_compute_network.producer_connected_network.id
+      labels = {
+        "spoke-type" = "producer-connected"
+      }
+      link_producer_vpc_network = {
+        network_name = google_compute_network.producer_connected_network.name
+        peering      = google_service_networking_connection.producer_connected_network_peering.peering
+        labels = {
+          "spoke-type" = "linked-producer"
+        }
+        exclude_export_ranges = [
+          "198.51.100.0/24",
+          "10.10.0.0/16"
+        ]
+      }
+    }
   }
+
   hybrid_spokes = {
     "vpn-1" = {
       type                       = "vpn"
@@ -245,3 +266,28 @@ resource "google_compute_instance" "router_appliance_1" {
     }
   }
 }
+
+################################
+#     Producer VPC Spoke       #
+################################
+resource "google_compute_network" "producer_connected_network" {
+  name                    = "producer-connected-network"
+  project                 = var.project_id
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_global_address" "producer_connected_network_psa_ip" {
+  name          = "producer-connected-network-psa"
+  project       = var.project_id
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.producer_connected_network.id
+}
+
+resource "google_service_networking_connection" "producer_connected_network_peering" {
+  network                 = google_compute_network.producer_connected_network.id
+  service                 = "servicenetworking.googleapis.com"
+  deletion_policy         = "ABANDON"
+  reserved_peering_ranges = [google_compute_global_address.producer_connected_network_psa_ip.name]
+}

examples/network_connectivity_center/versions.tf

@@ -15,12 +15,12 @@
  */
 
 terraform {
-  required_version = ">=0.13.0"
+  required_version = ">=1.3.0"
 
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5.40.0"
+      version = ">= 6.49"
 
     }
   }

metadata.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -118,28 +118,62 @@ spec:
         location: examples/submodule_vpc_serverless_connector
   interfaces:
     variables:
-      - name: auto_create_subnetworks
-        description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources.
-        varType: bool
-        defaultValue: false
-      - name: delete_default_internet_gateway_routes
-        description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted
+      - name: project_id
+        description: The ID of the project where this VPC will be created
+        varType: string
+        required: true
+      - name: network_name
+        description: The name of the network being created
+        varType: string
+        required: true
+      - name: routing_mode
+        description: The network routing mode (default 'GLOBAL')
+        varType: string
+        defaultValue: GLOBAL
+      - name: shared_vpc_host
+        description: Makes this project a Shared VPC host if 'true' (default 'false')
         varType: bool
         defaultValue: false
-      - name: description
-        description: An optional description of this resource. The resource must be recreated to modify this field.
-        varType: string
-        defaultValue: ""
-      - name: egress_rules
-        description: List of egress rules. This will be ignored if variable 'rules' is non-empty
+      - name: subnets
+        description: The list of subnets being created
+        varType: |-
+          list(object({
+              subnet_name                      = string
+              subnet_ip                        = string
+              subnet_region                    = string
+              subnet_private_access            = optional(string)
+              subnet_private_ipv6_access       = optional(string)
+              subnet_flow_logs                 = optional(string)
+              subnet_flow_logs_interval        = optional(string)
+              subnet_flow_logs_sampling        = optional(string)
+              subnet_flow_logs_metadata        = optional(string)
+              subnet_flow_logs_filter          = optional(string)
+              subnet_flow_logs_metadata_fields = optional(list(string))
+              description                      = optional(string)
+              purpose                          = optional(string)
+              role                             = optional(string)
+              stack_type                       = optional(string)
+              ipv6_access_type                 = optional(string)
+            }))
+        required: true
+      - name: secondary_ranges
+        description: Secondary ranges that will be used in some of the subnets
+        varType: map(list(object({ range_name = string, ip_cidr_range = string })))
+        defaultValue: {}
+      - name: routes
+        description: List of routes being created in this VPC
+        varType: list(map(string))
+        defaultValue: []
+      - name: firewall_rules
+        description: This is DEPRECATED and available for backward compatibility. Use ingress_rules and egress_rules variables. List of firewall rules
         varType: |-
           list(object({
               name                    = string
               description             = optional(string, null)
+              direction               = optional(string, "INGRESS")
               disabled                = optional(bool, null)
               priority                = optional(number, null)
-              destination_ranges      = optional(list(string), [])
-              source_ranges           = optional(list(string), [])
+              ranges                  = optional(list(string), [])
               source_tags             = optional(list(string))
               source_service_accounts = optional(list(string))
               target_tags             = optional(list(string))
@@ -158,20 +192,32 @@ spec:
               }))
             }))
         defaultValue: []
-      - name: enable_ipv6_ula
-        description: Enabled IPv6 ULA, this is a permanent change and cannot be undone! (default 'false')
+      - name: delete_default_internet_gateway_routes
+        description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted
         varType: bool
         defaultValue: false
-      - name: firewall_rules
-        description: This is DEPRECATED and available for backward compatibility. Use ingress_rules and egress_rules variables. List of firewall rules
+      - name: description
+        description: An optional description of this resource. The resource must be recreated to modify this field.
+        varType: string
+        defaultValue: ""
+      - name: auto_create_subnetworks
+        description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources.
+        varType: bool
+        defaultValue: false
+      - name: mtu
+        description: "The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively."
+        varType: number
+        defaultValue: 0
+      - name: ingress_rules
+        description: List of ingress rules. This will be ignored if variable 'rules' is non-empty
         varType: |-
           list(object({
               name                    = string
               description             = optional(string, null)
-              direction               = optional(string, "INGRESS")
               disabled                = optional(bool, null)
               priority                = optional(number, null)
-              ranges                  = optional(list(string), [])
+              destination_ranges      = optional(list(string), [])
+              source_ranges           = optional(list(string), [])
               source_tags             = optional(list(string))
               source_service_accounts = optional(list(string))
               target_tags             = optional(list(string))
@@ -190,8 +236,8 @@ spec:
               }))
             }))
         defaultValue: []
-      - name: ingress_rules
-        description: List of ingress rules. This will be ignored if variable 'rules' is non-empty
+      - name: egress_rules
+        description: List of egress rules. This will be ignored if variable 'rules' is non-empty
         varType: |-
           list(object({
               name                    = string
@@ -218,20 +264,16 @@ spec:
               }))
             }))
         defaultValue: []
+      - name: enable_ipv6_ula
+        description: Enabled IPv6 ULA, this is a permanent change and cannot be undone! (default 'false')
+        varType: bool
+        defaultValue: false
       - name: internal_ipv6_range
         description: When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null)
         varType: string
-      - name: mtu
-        description: "The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively."
-        varType: number
-        defaultValue: 0
       - name: network_firewall_policy_enforcement_order
         description: Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`)
         varType: string
-      - name: network_name
-        description: The name of the network being created
-        varType: string
-        required: true
       - name: network_profile
         description: |
           "A full or partial URL of the network profile to apply to this network.
@@ -240,48 +282,17 @@ spec:
             * https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
             * projects/{projectId}/global/networkProfiles/{network_profile_name}
         varType: string
-      - name: project_id
-        description: The ID of the project where this VPC will be created
-        varType: string
-        required: true
-      - name: routes
-        description: List of routes being created in this VPC
-        varType: list(map(string))
-        defaultValue: []
-      - name: routing_mode
-        description: The network routing mode (default 'GLOBAL')
-        varType: string
-        defaultValue: GLOBAL
-      - name: secondary_ranges
-        description: Secondary ranges that will be used in some of the subnets
-        varType: map(list(object({ range_name = string, ip_cidr_range = string })))
-        defaultValue: {}
-      - name: shared_vpc_host
-        description: Makes this project a Shared VPC host if 'true' (default 'false')
+      - name: bgp_always_compare_med
+        description: If set to true, the Cloud Router will use MED values from the peer even if the AS paths differ. Default is false.
         varType: bool
         defaultValue: false
-      - name: subnets
-        description: The list of subnets being created
-        varType: |-
-          list(object({
-              subnet_name                      = string
-              subnet_ip                        = string
-              subnet_region                    = string
-              subnet_private_access            = optional(string)
-              subnet_private_ipv6_access       = optional(string)
-              subnet_flow_logs                 = optional(string)
-              subnet_flow_logs_interval        = optional(string)
-              subnet_flow_logs_sampling        = optional(string)
-              subnet_flow_logs_metadata        = optional(string)
-              subnet_flow_logs_filter          = optional(string)
-              subnet_flow_logs_metadata_fields = optional(list(string))
-              description                      = optional(string)
-              purpose                          = optional(string)
-              role                             = optional(string)
-              stack_type                       = optional(string)
-              ipv6_access_type                 = optional(string)
-            }))
-        required: true
+      - name: bgp_best_path_selection_mode
+        description: Specifies the BGP best path selection mode. Valid values are `STANDARD` or `LEGACY`. Default is `LEGACY`.
+        varType: string
+        defaultValue: LEGACY
+      - name: bgp_inter_region_cost
+        description: Specifies the BGP inter-region cost mode. Valid values are `DEFAULT` or `ADD_COST_TO_MED`.
+        varType: string
     outputs:
       - name: network
         description: The created network
@@ -340,8 +351,9 @@ spec:
       - networksecurity.googleapis.com
       - networkconnectivity.googleapis.com
       - iam.googleapis.com
+      - servicenetworking.googleapis.com
     providerVersions:
       - source: hashicorp/google
-        version: ">= 4.64, < 7"
+        version: ">= 4.64, < 8"
       - source: hashicorp/google-beta
-        version: ">= 4.64, < 7"
+        version: ">= 4.64, < 8"