ip_ranges var

skalolazka · skalolazka · commit 0411dbbd518d · 2022-10-06T07:58:48.000Z
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/README.md b/blueprints/third-party-solutions/wordpress/cloudrun/README.md
@@ -107,24 +107,25 @@ The above command will delete the associated resources so there will be no billa
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L51) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ |  |
-| [wordpress_image](variables.tf#L75) | Image to run with Cloud Run, starts with \"gcr.io\" | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L66) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ |  |
+| [wordpress_image](variables.tf#L77) | Image to run with Cloud Run, starts with \"gcr.io\" | <code>string</code> | ✓ |  |
 | [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone) | <code>string</code> |  | <code>&#34;allUsers&#34;</code> |
-| [connector_cidr](variables.tf#L24) | CIDR block for the VPC serverless connector (10.8.0.0/28 by default) | <code>string</code> |  | <code>&#34;10.8.0.0&#47;28&#34;</code> |
-| [prefix](variables.tf#L30) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> |  | <code>&#34;&#34;</code> |
-| [principals](variables.tf#L36) | List of emails of people/service accounts to give rights to, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
-| [project_create](variables.tf#L42) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [psa_cidr](variables.tf#L57) | CIDR block for Private Service Access for CloudSQL (10.60.0.0/24 by default) | <code>string</code> |  | <code>&#34;10.60.0.0&#47;24&#34;</code> |
-| [region](variables.tf#L63) | Region for the created resources | <code>string</code> |  | <code>&#34;europe-west4&#34;</code> |
-| [sql_vpc_cidr](variables.tf#L69) | CIDR block for the VPC for the CloudSQL (10.0.0.0/20 by default) | <code>string</code> |  | <code>&#34;10.0.0.0&#47;20&#34;</code> |
-| [wordpress_port](variables.tf#L80) | Port for the Wordpress image (8080 by default) | <code>number</code> |  | <code>8080</code> |
+| [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default) | <code>string</code> |  | <code>null</code> |
+| [ip_ranges](variables.tf#L31) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC | <code title="object&#40;&#123;&#10;  connector &#61; string&#10;  psa       &#61; string&#10;  sql_vpc   &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  connector &#61; &#34;10.8.0.0&#47;28&#34;&#10;  psa       &#61; &#34;10.60.0.0&#47;24&#34;&#10;  sql_vpc   &#61; &#34;10.0.0.0&#47;20&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> |  | <code>&#34;&#34;</code> |
+| [principals](variables.tf#L51) | List of emails of people/service accounts to give rights to, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [project_create](variables.tf#L57) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [region](variables.tf#L71) | Region for the created resources | <code>string</code> |  | <code>&#34;europe-west4&#34;</code> |
+| [wordpress_password](variables.tf#L88) | Password for the Wordpress user (will be randomly generated by default) | <code>string</code> |  | <code>null</code> |
+| [wordpress_port](variables.tf#L82) | Port for the Wordpress image (8080 by default) | <code>number</code> |  | <code>8080</code> |
 
 ## Outputs
 
 | name | description | sensitive |
 |---|---|:---:|
 | [cloud_run_service](outputs.tf#L17) | CloudRun service URL | ✓ |
-| [wp_password](outputs.tf#L28) | Wordpress user password | ✓ |
-| [wp_user](outputs.tf#L23) | Wordpress username |  |
+| [cloudsql_password](outputs.tf#L23) | CloudSQL password | ✓ |
+| [wp_password](outputs.tf#L34) | Wordpress user password | ✓ |
+| [wp_user](outputs.tf#L29) | Wordpress username |  |
 
 <!-- END TFDOC -->
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf
@@ -120,7 +120,7 @@ module "cloud_run" {
 
   # create a VPC connector for the ClouSQL VPC
   vpc_connector_create = {
-    ip_cidr_range = var.connector_cidr
+    ip_cidr_range = var.ip_ranges.connector
     name          = "${local.prefix}wp-connector"
     vpc_self_link = module.vpc.self_link
   }
@@ -134,7 +134,7 @@ module "vpc" {
   name       = "${local.prefix}sql-vpc"
   subnets = [
     {
-      ip_cidr_range      = var.sql_vpc_cidr
+      ip_cidr_range      = var.ip_ranges.sql_vpc
       name               = "subnet"
       region             = var.region
       secondary_ip_range = {}
@@ -144,7 +144,7 @@ module "vpc" {
   # Private Service Access
   psa_config = {
     ranges = {
-      cloud-sql = var.psa_cidr
+      cloud-sql = var.ip_ranges.psa
     }
     routes = null
   }
@@ -156,7 +156,7 @@ module "firewall" {
   source       = "../../../../modules/net-vpc-firewall"
   project_id   = module.project.project_id
   network      = module.vpc.name
-  admin_ranges = [var.sql_vpc_cidr]
+  admin_ranges = [var.ip_ranges.sql_vpc]
 }
 
 
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
@@ -27,10 +27,19 @@ variable "cloudsql_password" {
   default     = null
 }
 
-variable "connector_cidr" {
-  type        = string
-  description = "CIDR block for the VPC serverless connector (10.8.0.0/28 by default)"
-  default     = "10.8.0.0/28"
+# PSA: documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
+variable "ip_ranges" {
+  description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC"
+  type = object({
+    connector = string
+    psa       = string
+    sql_vpc   = string
+  })
+  default = {
+    connector = "10.8.0.0/28"
+    psa       = "10.60.0.0/24"
+    sql_vpc   = "10.0.0.0/20"
+  }
 }
 
 variable "prefix" {
@@ -59,25 +68,12 @@ variable "project_id" {
   type        = string
 }
 
-# Documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
-variable "psa_cidr" {
-  type        = string
-  description = "CIDR block for Private Service Access for CloudSQL (10.60.0.0/24 by default)"
-  default     = "10.60.0.0/24"
-}
-
 variable "region" {
   type        = string
   description = "Region for the created resources"
   default     = "europe-west4"
 }
 
-variable "sql_vpc_cidr" {
-  type        = string
-  description = "CIDR block for the VPC for the CloudSQL (10.0.0.0/20 by default)"
-  default     = "10.0.0.0/20"
-}
-
 variable "wordpress_image" {
   type        = string
   description = "Image to run with Cloud Run, starts with \"gcr.io\""
