Add custom routes for directpath to net-vpc module (GoogleCloudPlatform#2966)

* add custom routes for directpath to net-vpc module

* blueprint tests

* blueprint tests

* blueprint tests

* fast tests

* tfdoc

* module examples

Author: ludoo

blueprints/apigee/apigee-x-foundations/README.md

@@ -218,7 +218,7 @@ module "apigee-x-foundations" {
     }
   }
 }
-# tftest modules=8 resources=62
+# tftest modules=8 resources=63
 ```
 
 ### Apigee X in service project with peering disabled and exposed using Global LB
@@ -376,7 +376,7 @@ module "apigee-x-foundations" {
     }
   }
 }
-# tftest modules=6 resources=48
+# tftest modules=6 resources=49
 ```
 
 ### Apigee X in standalone project with peering disabled and exposed using Global External Application LB
@@ -453,7 +453,7 @@ module "apigee-x-foundations" {
   }
   enable_monitoring = true
 }
-# tftest modules=6 resources=63
+# tftest modules=6 resources=64
 ```
 
 <!-- TFDOC OPTS files:1 show_extra:1 -->

blueprints/apigee/bigquery-analytics/README.md

@@ -11,8 +11,8 @@ In addition to this it also creates the setup depicted in the diagram below to e
 Find below a description on how the analytics export to BigQuery works:
 
 1. A Cloud Scheduler Job runs daily at a selected time, publishing a message to a Pub/Sub topic.
-2. The message published triggers the execution of a function that makes a call to the Apigee Analytics Export API to export the analytical data available for the previous day. 
-3. The export function is passed the Apigee organization, environments, datastore name as environment variables. The service account used to run the function needs to be granted the Apigee Admin role on the project. The Apigee Analytics engine asynchronously exports the analytical data to a GCS bucket. This requires the _Apigee Service Agent_ service account to be granted the _Storage Admin_ role on the project. 
+2. The message published triggers the execution of a function that makes a call to the Apigee Analytics Export API to export the analytical data available for the previous day.
+3. The export function is passed the Apigee organization, environments, datastore name as environment variables. The service account used to run the function needs to be granted the Apigee Admin role on the project. The Apigee Analytics engine asynchronously exports the analytical data to a GCS bucket. This requires the _Apigee Service Agent_ service account to be granted the _Storage Admin_ role on the project.
 4. A notification of the files created on GCS is received in a Pub/Sub topic that triggers the execution of the cloud function in charge of loading the data from GCS to the right BigQuery table partition. This function is passed the name of the BigQuery dataset, its location and the name of the table inside that dataset as environment variables. The service account used to run the function needs to be granted the _Storage Object Viewer_ role on the GCS bucket, the _BigQuery Job User_ role on the project and the _BigQuery Data Editor_ role on the table.
 
 Note: This setup only works if you are not using custom analytics.
@@ -103,5 +103,5 @@ module "test" {
     europe-west1 = "10.0.0.0/28"
   }
 }
-# tftest modules=10 resources=72
+# tftest modules=10 resources=73
 ```

blueprints/apigee/hybrid-gke/README.md

@@ -78,5 +78,5 @@ module "test" {
   project_id = "my-project"
   hostname   = "test.myorg.org"
 }
-# tftest modules=18 resources=67
+# tftest modules=18 resources=68
 ```

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md

@@ -79,5 +79,5 @@ module "test" {
   onprem_project_id  = "my-onprem-project"
   hostname           = "test.myorg.org"
 }
-# tftest modules=14 resources=84
+# tftest modules=14 resources=86
 ```

blueprints/cloud-operations/adfs/README.md

@@ -42,7 +42,7 @@ Once the resources have been created, do the following:
 
         https://adfs.my-domain.org/adfs/ls/IdpInitiatedSignOn.aspx
 
-2. Enter the username and password of one of the users provisioned. The username has to be in the format: username@my-domain.org
+2. Enter the username and password of one of the users provisioned. The username has to be in the format: <username@my-domain.org>
 3. Verify that you have successfully signed in.
 
 Once done testing, you can clean up resources by running `terraform destroy`.
@@ -89,5 +89,5 @@ module "test" {
   ad_dns_domain_name   = "example.com"
   adfs_dns_domain_name = "adfs.example.com"
 }
-# tftest modules=5 resources=25
+# tftest modules=5 resources=26
 ```

blueprints/cloud-operations/asset-inventory-feed-remediation/README.md

@@ -26,7 +26,6 @@ The resources created in this blueprint are shown in the high level diagram belo
 
 <img src="diagram.png" width="640px">
 
-
 ## Running the blueprint
 
 Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=blueprints%2Fcloud-operations%2Fasset-inventory-feed-remediation), then go through the following steps to create resources:
@@ -82,5 +81,5 @@ module "test" {
   project_id     = "project-1"
 }
 
-# tftest modules=7 resources=28
+# tftest modules=7 resources=29
 ```

blueprints/cloud-operations/dns-fine-grained-iam/README.md

@@ -128,5 +128,5 @@ module "test1" {
   project_create = true
   project_id     = "test"
 }
-# tftest modules=9 resources=32
+# tftest modules=9 resources=33
 ```

blueprints/cloud-operations/dns-shared-vpc/README.md

@@ -51,5 +51,5 @@ module "test" {
   shared_vpc_link    = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
   teams              = ["team1", "team2"]
 }
-# tftest modules=9 resources=22
+# tftest modules=9 resources=24
 ```

blueprints/cloud-operations/packer-image-builder/README.md

@@ -115,5 +115,5 @@ module "test" {
   packer_account_users = ["user:john@example.com"]
   create_packer_vars   = true
 }
-# tftest modules=7 resources=20 files=pkrvars
+# tftest modules=7 resources=21 files=pkrvars
 ```

blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md

@@ -8,29 +8,28 @@ The blueprint contains the following components:
 
 - [Cloud Scheduler](https://cloud.google.com/scheduler) to initiate a healthcheck on a schedule.
 - [Serverless VPC Connector](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access) to allow Cloud Functions TCP level access to private GCE instances.
-- **Healthchecker** Cloud Function to perform TCP checks against GCE instances. 
+- **Healthchecker** Cloud Function to perform TCP checks against GCE instances.
 - **Restarter** PubSub topic to keep track of instances which are to be restarted.
 - **Restarter** Cloud Function to perform GCE instance reset for instances which are failing TCP healthcheck.
 
-
 The resources created in this blueprint are shown in the high level diagram below:
 
 <img src="diagram.png" width="640px">
 
 ### Healthchecker configuration
+
 Healthchecker cloud function has the following configuration options:
 
 - `FILTER` to filter list of GCE instances the health check will be targeted to. For instance `(name = nginx-*) AND (labels.env = dev)`
-- `GRACE_PERIOD` time period to prevent instance check of newly created instanced allowing services to start on the instance. 
+- `GRACE_PERIOD` time period to prevent instance check of newly created instanced allowing services to start on the instance.
 - `MAX_PARALLELISM` - max amount of healthchecks performed in parallel, be aware that every check requires an open TCP connection which is limited.
-- `PUBSUB_TOPIC` topic to publish the message with instance metadata. 
-- `RECHECK_INTERVAL` time period for performing recheck, when a check is failed it will be rechecked before marking as unhealthy. 
+- `PUBSUB_TOPIC` topic to publish the message with instance metadata.
+- `RECHECK_INTERVAL` time period for performing recheck, when a check is failed it will be rechecked before marking as unhealthy.
 - `TCP_PORT` port used for health checking
 - `TIMEOUT` the timeout time of a TCP probe.
 
 **_NOTE:_** In the current example `healthchecker` is used along with the `restarter` cloud function, but restarter can be replaced with another function like [Pubsub2Inbox](https://github.com/GoogleCloudPlatform/professional-services/tree/main/tools/pubsub2inbox) for email notifications.
 
-
 ## Running the blueprint
 
 Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=blueprints%2Fcloud-operations%2Funmanaged-instances-healthcheck), then go through the following steps to create resources:
@@ -41,17 +40,21 @@ Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/c
 Once done testing, you can clean up resources by running `terraform destroy`. To persist state, check out the `backend.tf.sample` file.
 
 ## Testing the blueprint
+
 Configure `gcloud` with the project used for the deployment
+
 ```bash
 gcloud config set project <MY-PROJECT-ID>
 ```
 
 Wait until cloud scheduler executes the healthchecker function
+
 ```bash
 gcloud scheduler jobs describe healthchecker-schedule
 ```
 
 Check the healthchecker function logs to ensure instance is checked and healthy
+
 ```bash
 gcloud functions logs read cf-healthchecker --region=europe-west1
 
@@ -61,11 +64,13 @@ gcloud functions logs read cf-healthchecker --region=europe-west1
 ```
 
 Stop `nginx` service on the test instance
+
 ```
 gcloud compute ssh --zone europe-west1-b  nginx-test -- 'sudo systemctl stop nginx'
 ```
 
 Wait a few minutes to allow scheduler to execute another healthcheck and examine the function logs
+
 ```bash
 gcloud functions logs read cf-healthchecker --region=europe-west1
 
@@ -78,6 +83,7 @@ gcloud functions logs read cf-healthchecker --region=europe-west1
 ```
 
 Examine `cf-restarter` function logs
+
 ```bash
 gcloud functions logs read cf-restarter --region=europe-west1
 
@@ -88,6 +94,7 @@ gcloud functions logs read cf-restarter --region=europe-west1
 ```
 
 Verify that `nginx` service is running again and uptime shows that instance has been reset
+
 ```bash
 gcloud compute ssh --zone europe-west1-b  nginx-test -- 'sudo systemctl status nginx'
 gcloud compute ssh --zone europe-west1-b  nginx-test -- 'uptime'
@@ -128,5 +135,5 @@ module "test" {
   billing_account = "123456-123456-123456"
   project_create  = true
 }
-# tftest modules=11 resources=46
+# tftest modules=11 resources=47
 ```