terraform-google-modules
diff --git a/‎build/int.cloudbuild.yaml‎
Lines changed: 50 additions & 91 deletions b/‎build/int.cloudbuild.yaml‎
Lines changed: 50 additions & 91 deletions
diff --git a/‎modules/instance_template/README.md‎
Lines changed: 5 additions & 1 deletion b/‎modules/instance_template/README.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎modules/instance_template/main.tf‎
Lines changed: 16 additions & 3 deletions b/‎modules/instance_template/main.tf‎
Lines changed: 16 additions & 3 deletions
diff --git a/‎modules/instance_template/metadata.display.yaml‎
Lines changed: 58 additions & 45 deletions b/‎modules/instance_template/metadata.display.yaml‎
Lines changed: 58 additions & 45 deletions
@@ -15,7 +15,7 @@ See the [simple](../../examples/instance_template/simple) for a usage example.
 |------|-------------|------|---------|:--------:|
 | access\_config | Access configurations, i.e. IPs via which the VM instance can be accessed via the Internet. | <pre>list(object({<br>    nat_ip       = optional(string)<br>    network_tier = string<br>  }))</pre> | `[]` | no |
 | additional\_disks | List of maps of additional disks. See https://www.terraform.io/docs/providers/google/r/compute_instance_template#disk_name | <pre>list(object({<br>    auto_delete     = optional(bool, true)<br>    boot            = optional(bool, false)<br>    device_name     = optional(string)<br>    disk_name       = optional(string)<br>    disk_size_gb    = optional(number)<br>    disk_type       = optional(string)<br>    disk_labels     = optional(map(string), {})<br>    interface       = optional(string)<br>    mode            = optional(string)<br>    source          = optional(string)<br>    source_image    = optional(string)<br>    source_snapshot = optional(string)<br>  }))</pre> | `[]` | no |
-| additional\_networks | Additional network interface details for GCE, if any. | <pre>list(object({<br>    network            = string<br>    subnetwork         = string<br>    subnetwork_project = string<br>    network_ip         = string<br>    nic_type           = string<br>    stack_type         = string<br>    queue_count        = number<br>    access_config = list(object({<br>      nat_ip       = string<br>      network_tier = string<br>    }))<br>    ipv6_access_config = list(object({<br>      network_tier = string<br>    }))<br>    alias_ip_range = list(object({<br>      ip_cidr_range         = string<br>      subnetwork_range_name = string<br>    }))<br>  }))</pre> | `[]` | no |
+| additional\_networks | Additional network interface details for GCE, if any. | <pre>list(object({<br>    network            = optional(string)<br>    subnetwork         = optional(string)<br>    subnetwork_project = optional(string)<br>    network_ip         = optional(string)<br>    nic_type           = optional(string)<br>    stack_type         = optional(string)<br><br>    # New Fields<br>    queue_count        = optional(number) # Multi-queue count (Rx/Tx)<br>    network_attachment = optional(string) # Consumer link for PSC-I<br>    vlan               = optional(number) # VLAN tag (2-255)<br><br>    # Access Config (External IPv4)<br>    access_config = optional(list(object({<br>      nat_ip       = optional(string)<br>      network_tier = optional(string) # PREMIUM or STANDARD<br>    })), [])<br><br>    # IPv6 Access Config (External IPv6)<br>    ipv6_access_config = optional(list(object({<br>      network_tier = string # Always PREMIUM for IPv6<br>    })), [])<br><br>    # Alias IP Ranges (Secondary ranges)<br>    alias_ip_range = optional(list(object({<br>      ip_cidr_range         = string<br>      subnetwork_range_name = optional(string)<br>    })), [])<br>  }))</pre> | `[]` | no |
 | alias\_ip\_range | An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.<br>ip\_cidr\_range: The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.<br>subnetwork\_range\_name: The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. | <pre>object({<br>    ip_cidr_range         = string<br>    subnetwork_range_name = string<br>  })</pre> | `null` | no |
 | auto\_delete | Whether or not the boot disk should be auto-deleted | `string` | `"true"` | no |
 | automatic\_restart | (Optional) Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). | `bool` | `true` | no |
@@ -41,6 +41,7 @@ See the [simple](../../examples/instance_template/simple) for a usage example.
 | min\_cpu\_platform | Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake. See the complete list: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform | `string` | `null` | no |
 | name\_prefix | Name prefix for the instance template | `string` | `"default-instance-template"` | no |
 | network | The name or self\_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks. | `string` | `""` | no |
+| network\_attachment | The self\_link of the network attachment for PSC-I connection. | `string` | `null` | no |
 | network\_ip | Private IP address to assign to the instance if desired. | `string` | `""` | no |
 | nic\_type | Valid values are "VIRTIO\_NET", "GVNIC" or set to null to accept API default behavior. | `string` | `null` | no |
 | on\_host\_maintenance | Instance availability Policy | `string` | `"MIGRATE"` | no |
@@ -59,17 +60,20 @@ See the [simple](../../examples/instance_template/simple) for a usage example.
 | spot\_instance\_termination\_action | Action to take when Compute Engine preempts a Spot VM. | `string` | `"STOP"` | no |
 | stack\_type | The stack type for this network interface to identify whether the IPv6 feature is enabled or not. Values are `IPV4_IPV6` or `IPV4_ONLY`. Default behavior is equivalent to IPV4\_ONLY. | `string` | `null` | no |
 | startup\_script | User startup script to run when instances spin up | `string` | `""` | no |
+| subnets | Optional: A map containing subnet details Used to derive the subnetwork URI if subnetwork is not provided. | <pre>list(object({<br>    id      = string<br>    region  = string<br>    purpose = string<br>  }))</pre> | `[]` | no |
 | subnetwork | The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided. | `string` | `""` | no |
 | subnetwork\_project | The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used. | `string` | `""` | no |
 | tags | Network tags, provided as a list | `list(string)` | `[]` | no |
 | threads\_per\_core | The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. | `number` | `null` | no |
 | total\_egress\_bandwidth\_tier | Egress bandwidth tier setting for supported VM families | `string` | `"DEFAULT"` | no |
+| vlan | The VLAN ID for the primary network interface (Dynamic NIC), must be an integer from 2 to 255. | `number` | `null` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | name | Name of instance template |
+| network\_interface\_details | The names and VLAN tags of the template interfaces. |
 | self\_link | Self-link of instance template |
 | self\_link\_unique | Unique self-link of instance template (recommended output to use instead of self\_link) |
 | service\_account\_info | Service account id and email |
 
@@ -158,12 +158,23 @@ resource "google_compute_instance_template" "tpl" {
   }
 
   network_interface {
-    network            = var.network
-    subnetwork         = var.subnetwork
+    network = var.network
+    subnetwork = (
+      var.subnetwork != "" ? var.subnetwork :
+      try(
+        [
+          for s in var.subnets : s.id
+          if s.region == var.region && (s.purpose == "PRIVATE")
+        ][0],
+        ""
+      )
+    )
     subnetwork_project = var.subnetwork_project
     network_ip         = length(var.network_ip) > 0 ? var.network_ip : null
     nic_type           = var.nic_type
     stack_type         = var.stack_type
+    vlan               = var.vlan
+    network_attachment = var.network_attachment
     dynamic "access_config" {
       for_each = var.access_config
       content {
@@ -192,9 +203,11 @@ resource "google_compute_instance_template" "tpl" {
       network            = network_interface.value.network
       subnetwork         = network_interface.value.subnetwork
       subnetwork_project = network_interface.value.subnetwork_project
-      network_ip         = length(network_interface.value.network_ip) > 0 ? network_interface.value.network_ip : null
+      network_ip         = try(length(network_interface.value.network_ip), 0) > 0 ? network_interface.value.network_ip : null
       nic_type           = network_interface.value.nic_type
       stack_type         = network_interface.value.stack_type
+      network_attachment = network_interface.value.network_attachment
+      vlan               = network_interface.value.vlan
       queue_count        = network_interface.value.queue_count
       dynamic "access_config" {
         for_each = network_interface.value.access_config
 
@@ -31,6 +31,11 @@ spec:
         access_config:
           name: access_config
           title: Access Config
+          altDefaults:
+            - type: ALTERNATE_TYPE_DC
+              value:
+                - nat_ip: null
+                  network_tier: PREMIUM
           properties:
             network_tier:
               name: network_tier
@@ -42,11 +47,6 @@ spec:
                   value: STANDARD
                 - label: FIXED_STANDARD
                   value: FIXED_STANDARD
-          altDefaults:
-            - type: ALTERNATE_TYPE_DC
-              value:
-                - nat_ip: null
-                  network_tier: PREMIUM
         additional_disks:
           name: additional_disks
           title: Additional Disks
@@ -89,20 +89,41 @@ spec:
           name: additional_networks
           title: Additional Networks
           properties:
+            access_config:
+              name: access_config
+              title: Access Config
+              properties:
+                network_tier:
+                  name: network_tier
+                  title: Network Tier
+                  enumValueLabels:
+                    - label: PREMIUM
+                      value: PREMIUM
+                    - label: STANDARD
+                      value: STANDARD
+                    - label: FIXED_STANDARD
+                      value: FIXED_STANDARD
+            ipv6_access_config:
+              name: ipv6_access_config
+              title: Ipv6 Access Config
+              properties:
+                network_tier:
+                  name: network_tier
+                  title: Network Tier
+                  enumValueLabels:
+                    - label: PREMIUM
+                      value: PREMIUM
+                    - label: STANDARD
+                      value: STANDARD
             network:
               name: network
               title: Network
-              regexValidation: "^(?:[a-z0-9-]{1,63}|projects/[a-z0-9-]+/global/networks/[a-z0-9-]{1,63})$"
+              regexValidation: ^(?:[a-z0-9-]{1,63}|projects/[a-z0-9-]+/global/networks/[a-z0-9-]{1,63})$
               validation: Invalid network format. Must be a network name or a self link.
-            subnetwork:
-              name: subnetwork
-              title: Subnetwork
-              regexValidation: "^(?:[a-z0-9-]{1,63}|(?:projects/[a-z0-9-]+/)?(?:regions/[a-z0-9-]+/)?subnetworks/[a-z0-9-]{1,63})$"
-              validation: Invalid subnetwork format. Must be a subnetwork name or a self link.
             network_ip:
               name: network_ip
               title: Network Ip
-              regexValidation: "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
+              regexValidation: ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
               validation: Invalid IP address format. Must be a valid IPv4 address.
             nic_type:
               name: nic_type
@@ -126,32 +147,11 @@ spec:
                   value: IPV6_ONLY
                 - label: IPV4_IPV6
                   value: IPV4_IPV6
-            access_config:
-              name: access_config
-              title: Access Config
-              properties:
-                network_tier:
-                  name: network_tier
-                  title: Network Tier
-                  enumValueLabels:
-                    - label: PREMIUM
-                      value: PREMIUM
-                    - label: STANDARD
-                      value: STANDARD
-                    - label: FIXED_STANDARD
-                      value: FIXED_STANDARD
-            ipv6_access_config:
-              name: ipv6_access_config
-              title: Ipv6 Access Config
-              properties:
-                network_tier:
-                  name: network_tier
-                  title: Network Tier
-                  enumValueLabels:
-                    - label: PREMIUM
-                      value: PREMIUM
-                    - label: STANDARD
-                      value: STANDARD
+            subnetwork:
+              name: subnetwork
+              title: Subnetwork
+              regexValidation: ^(?:[a-z0-9-]{1,63}|(?:projects/[a-z0-9-]+/)?(?:regions/[a-z0-9-]+/)?subnetworks/[a-z0-9-]{1,63})$
+              validation: Invalid subnetwork format. Must be a subnetwork name or a self link.
         alias_ip_range:
           name: alias_ip_range
           title: Alias Ip Range
@@ -209,7 +209,6 @@ spec:
         disk_type:
           name: disk_type
           title: Disk Type
-          level: 1
           enumValueLabels:
             - label: pd-standard
               value: pd-standard
@@ -225,6 +224,7 @@ spec:
               value: hyperdisk-throughput
             - label: hyperdisk-extreme
               value: hyperdisk-extreme
+          level: 1
         enable_confidential_vm:
           name: enable_confidential_vm
           title: Enable Confidential Vm
@@ -283,16 +283,19 @@ spec:
         network:
           name: network
           title: Network
-          level: 1
-          regexValidation: "^(?:[a-z0-9-]{1,63}|projects/[a-z0-9-]+/global/networks/[a-z0-9-]{1,63})$"
+          regexValidation: ^(?:[a-z0-9-]{1,63}|projects/[a-z0-9-]+/global/networks/[a-z0-9-]{1,63})$
           validation: Invalid network format. Must be a network name or a self link.
+          level: 1
           altDefaults:
             - type: ALTERNATE_TYPE_DC
               value: default
+        network_attachment:
+          name: network_attachment
+          title: Network Attachment
         network_ip:
           name: network_ip
           title: Network Ip
-          regexValidation: "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
+          regexValidation: ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
           validation: Invalid IP address format. Must be a valid IPv4 address.
         nic_type:
           name: nic_type
@@ -342,7 +345,7 @@ spec:
         service_account_project_roles:
           name: service_account_project_roles
           title: Service Account Project Roles
-          regexValidation: "^(roles/[a-zA-Z0-9_.]+|(projects/[a-z][a-z0-9-]{4,28}[a-z0-9]|organizations/[0-9]+)/roles/[a-zA-Z0-9_]+)$"
+          regexValidation: ^(roles/[a-zA-Z0-9_.]+|(projects/[a-z][a-z0-9-]{4,28}[a-z0-9]|organizations/[0-9]+)/roles/[a-zA-Z0-9_]+)$
           validation: Role must be a valid Google Cloud IAM role name, in the format of 'roles/{role_name}'.
         shielded_instance_config:
           name: shielded_instance_config
@@ -383,12 +386,15 @@ spec:
         startup_script:
           name: startup_script
           title: Startup Script
+        subnets:
+          name: subnets
+          title: Subnets
         subnetwork:
           name: subnetwork
           title: Subnetwork
-          level: 1
-          regexValidation: "^(?:[a-z0-9-]{1,63}|(?:projects/[a-z0-9-]+/)?(?:regions/[a-z0-9-]+/)?subnetworks/[a-z0-9-]{1,63})$"
+          regexValidation: ^(?:[a-z0-9-]{1,63}|(?:projects/[a-z0-9-]+/)?(?:regions/[a-z0-9-]+/)?subnetworks/[a-z0-9-]{1,63})$
           validation: Invalid subnetwork format. Must be a subnetwork name or a self link.
+          level: 1
         subnetwork_project:
           name: subnetwork_project
           title: Subnetwork Project
@@ -407,3 +413,10 @@ spec:
               value: DEFAULT
             - label: TIER_1
               value: TIER_1
+        vlan:
+          name: vlan
+          title: Vlan
+    runtime:
+      outputs:
+        network_interface_details:
+          visibility: VISIBILITY_ROOT