Skip to content

feat!: Add support for reserved_internal_range in secondary IP ranges #640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat!: Add support for reserved_internal_range in secondary IP ranges #640

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e717edd
feat: support reserved_internal_range
mclavel Oct 11, 2025
0189ca8
Merge branch 'main' into main
mclavel Oct 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,10 @@ module "vpc" {
range_name = "subnet-01-secondary-01"
ip_cidr_range = "192.168.64.0/24"
},
{
range_name = "subnet-01-secondary-02"
reserved_internal_range = "networkconnectivity.googleapis.com/projects/my-project/locations/global/internalRanges/my-range"
},
]

subnet-02 = []
Expand Down Expand Up @@ -128,7 +132,7 @@ Then perform the following commands on the root folder:
| project\_id | The ID of the project where this VPC will be created | `string` | n/a | yes |
| routes | List of routes being created in this VPC | `list(map(string))` | `[]` | no |
| routing\_mode | The network routing mode (default 'GLOBAL') | `string` | `"GLOBAL"` | no |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))` | `{}` | no |
| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
| subnets | The list of subnets being created | <pre>list(object({<br> subnet_name = string<br> subnet_ip = string<br> subnet_region = string<br> subnet_private_access = optional(string)<br> subnet_private_ipv6_access = optional(string)<br> subnet_flow_logs = optional(string)<br> subnet_flow_logs_interval = optional(string)<br> subnet_flow_logs_sampling = optional(string)<br> subnet_flow_logs_metadata = optional(string)<br> subnet_flow_logs_filter = optional(string)<br> subnet_flow_logs_metadata_fields = optional(list(string))<br> description = optional(string)<br> purpose = optional(string)<br> role = optional(string)<br> stack_type = optional(string)<br> ipv6_access_type = optional(string)<br> }))</pre> | n/a | yes |

Expand Down
2 changes: 2 additions & 0 deletions examples/secondary_ranges/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ ranges and the third being given a single secondary range.

| Name | Description |
|------|-------------|
| internal\_range\_id | The ID of the created internal range |
| internal\_range\_name | The name of the created internal range |
| network\_name | The name of the VPC being created |
| network\_self\_link | The URI of the VPC being created |
| project\_id | VPC project id |
Expand Down
14 changes: 14 additions & 0 deletions examples/secondary_ranges/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ module "vpc-secondary-ranges" {
range_name = "${local.subnet_03}-01"
ip_cidr_range = "192.168.66.0/24"
},
{
range_name = "${local.subnet_03}-02"
reserved_internal_range = "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.internal_range.id}"
},
]
}

Expand Down Expand Up @@ -103,3 +107,13 @@ module "vpc-secondary-ranges" {
},
]
}

resource "google_network_connectivity_internal_range" "internal_range" {
project = var.project_id
name = "${var.network_name}-internal-range"
description = "Example internal range for secondary subnet ranges"
ip_cidr_range = "172.16.0.0/24"
network = module.vpc-secondary-ranges.network_id
usage = "FOR_VPC"
peering = "FOR_SELF"
}
10 changes: 10 additions & 0 deletions examples/secondary_ranges/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,13 @@ output "route_names" {
value = module.vpc-secondary-ranges.route_names
description = "The routes associated with this VPC"
}

output "internal_range_id" {
value = google_network_connectivity_internal_range.internal_range.id
description = "The ID of the created internal range"
}

output "internal_range_name" {
value = google_network_connectivity_internal_range.internal_range.name
description = "The name of the created internal range"
}
3 changes: 2 additions & 1 deletion examples/secondary_ranges/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ terraform {

required_providers {
google = {
source = "hashicorp/google"
source = "hashicorp/google"
version = ">= 6.0"
}
null = {
version = ">= 3.0"
Expand Down
6 changes: 3 additions & 3 deletions metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ spec:
required: true
- name: secondary_ranges
description: Secondary ranges that will be used in some of the subnets
varType: map(list(object({ range_name = string, ip_cidr_range = string })))
varType: map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))
defaultValue: {}
- name: routes
description: List of routes being created in this VPC
Expand Down Expand Up @@ -354,6 +354,6 @@ spec:
- servicenetworking.googleapis.com
providerVersions:
- source: hashicorp/google
version: ">= 4.64, < 8"
version: ">= 6.0, < 8"
- source: hashicorp/google-beta
version: ">= 4.64, < 8"
version: ">= 6.0, < 8"
6 changes: 5 additions & 1 deletion modules/subnets-beta/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ module "vpc" {
range_name = "subnet-01-secondary-01"
ip_cidr_range = "192.168.64.0/24"
},
{
range_name = "subnet-01-secondary-02"
reserved_internal_range = "networkconnectivity.googleapis.com/projects/my-project/locations/global/internalRanges/my-range"
},
]

subnet-02 = []
Expand All @@ -67,7 +71,7 @@ module "vpc" {
| module\_depends\_on | List of modules or resources this module depends on. | `list(any)` | `[]` | no |
| network\_name | The name of the network where subnets will be created | `string` | n/a | yes |
| project\_id | The ID of the project where subnets will be created | `string` | n/a | yes |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))` | `{}` | no |
| subnets | The list of subnets being created | <pre>list(object({<br> subnet_name = string<br> subnet_ip = string<br> subnet_region = string<br> subnet_private_access = optional(string, "false")<br> subnet_private_ipv6_access = optional(string)<br> subnet_flow_logs = optional(bool, false)<br> subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")<br> subnet_flow_logs_sampling = optional(string, "0.5")<br> subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")<br> subnet_flow_logs_filter = optional(string, "true")<br> subnet_flow_logs_metadata_fields = optional(list(string), [])<br> description = optional(string)<br> purpose = optional(string)<br> role = optional(string)<br> stack_type = optional(string)<br> ipv6_access_type = optional(string)<br> }))</pre> | n/a | yes |

## Outputs
Expand Down
5 changes: 3 additions & 2 deletions modules/subnets-beta/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,9 @@ resource "google_compute_subnetwork" "subnetwork" {
for_each = contains(keys(var.secondary_ranges), each.value.subnet_name) == true ? var.secondary_ranges[each.value.subnet_name] : []

content {
range_name = secondary_ip_range.value.range_name
ip_cidr_range = secondary_ip_range.value.ip_cidr_range
range_name = secondary_ip_range.value.range_name
ip_cidr_range = secondary_ip_range.value.ip_cidr_range
reserved_internal_range = secondary_ip_range.value.reserved_internal_range
}
}

Expand Down
4 changes: 2 additions & 2 deletions modules/subnets-beta/metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ spec:
required: true
- name: secondary_ranges
description: Secondary ranges that will be used in some of the subnets
varType: map(list(object({ range_name = string, ip_cidr_range = string })))
varType: map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))
defaultValue: {}
- name: module_depends_on
description: List of modules or resources this module depends on.
Expand Down Expand Up @@ -161,4 +161,4 @@ spec:
- servicenetworking.googleapis.com
providerVersions:
- source: hashicorp/google-beta
version: ">= 2.19, < 8"
version: ">= 6.0, < 8"
2 changes: 1 addition & 1 deletion modules/subnets-beta/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ variable "subnets" {
}

variable "secondary_ranges" {
type = map(list(object({ range_name = string, ip_cidr_range = string })))
type = map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))
description = "Secondary ranges that will be used in some of the subnets"
default = {}
}
Expand Down
2 changes: 1 addition & 1 deletion modules/subnets-beta/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google-beta = {
source = "hashicorp/google-beta"
version = ">= 2.19, < 8"
version = ">= 6.0, < 8"
}
}

Expand Down
6 changes: 5 additions & 1 deletion modules/subnets/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ module "vpc" {
range_name = "subnet-01-secondary-01"
ip_cidr_range = "192.168.64.0/24"
},
{
range_name = "subnet-01-secondary-02"
reserved_internal_range = "networkconnectivity.googleapis.com/projects/my-project/locations/global/internalRanges/my-range"
},
]

subnet-02 = []
Expand All @@ -66,7 +70,7 @@ module "vpc" {
|------|-------------|------|---------|:--------:|
| network\_name | The name of the network where subnets will be created | `string` | n/a | yes |
| project\_id | The ID of the project where subnets will be created | `string` | n/a | yes |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| secondary\_ranges | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))` | `{}` | no |
| subnets | The list of subnets being created | <pre>list(object({<br> subnet_name = string<br> subnet_ip = string<br> subnet_region = string<br> subnet_private_access = optional(string, "false")<br> subnet_private_ipv6_access = optional(string)<br> subnet_flow_logs = optional(string, "false")<br> subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC")<br> subnet_flow_logs_sampling = optional(string, "0.5")<br> subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA")<br> subnet_flow_logs_filter = optional(string, "true")<br> subnet_flow_logs_metadata_fields = optional(list(string), [])<br> description = optional(string)<br> purpose = optional(string)<br> role = optional(string)<br> stack_type = optional(string)<br> ipv6_access_type = optional(string)<br> }))</pre> | n/a | yes |

## Outputs
Expand Down
5 changes: 3 additions & 2 deletions modules/subnets/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,9 @@ resource "google_compute_subnetwork" "subnetwork" {
for_each = contains(keys(var.secondary_ranges), each.value.subnet_name) == true ? var.secondary_ranges[each.value.subnet_name] : []

content {
range_name = secondary_ip_range.value.range_name
ip_cidr_range = secondary_ip_range.value.ip_cidr_range
range_name = secondary_ip_range.value.range_name
ip_cidr_range = secondary_ip_range.value.ip_cidr_range
reserved_internal_range = secondary_ip_range.value.reserved_internal_range
Copy link
Member

@bharathkkb bharathkkb Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets bump the min provider version to 6.0 when support for this field was added to the provider (for this and beta module)

https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md#600-august-26-2024

Copy link
Author

@mclavel mclavel Oct 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok 👍

}
}

Expand Down
4 changes: 2 additions & 2 deletions modules/subnets/metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ spec:
required: true
- name: secondary_ranges
description: Secondary ranges that will be used in some of the subnets
varType: map(list(object({ range_name = string, ip_cidr_range = string })))
varType: map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))
defaultValue: {}
outputs:
- name: subnets
Expand Down Expand Up @@ -157,4 +157,4 @@ spec:
- servicenetworking.googleapis.com
providerVersions:
- source: hashicorp/google
version: ">= 4.25.0, < 8"
version: ">= 6.0, < 8"
2 changes: 1 addition & 1 deletion modules/subnets/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ variable "subnets" {
}

variable "secondary_ranges" {
type = map(list(object({ range_name = string, ip_cidr_range = string })))
type = map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))
description = "Secondary ranges that will be used in some of the subnets"
default = {}
}
2 changes: 1 addition & 1 deletion modules/subnets/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.25.0, < 8"
version = ">= 6.0, < 8"
}
}

Expand Down
2 changes: 1 addition & 1 deletion variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ variable "subnets" {
}

variable "secondary_ranges" {
type = map(list(object({ range_name = string, ip_cidr_range = string })))
type = map(list(object({ range_name = string, ip_cidr_range = optional(string), reserved_internal_range = optional(string) })))
description = "Secondary ranges that will be used in some of the subnets"
default = {}
}
Expand Down
4 changes: 2 additions & 2 deletions versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64, < 8"
version = ">= 6.0, < 8"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64, < 8"
version = ">= 6.0, < 8"
}
}

Expand Down