From a4b5fc1dad286569156ddec3ff888dddf86081d9 Mon Sep 17 00:00:00 2001
From: dosullivan <daniel@osullivan.io>
Date: Fri, 16 Aug 2019 17:27:25 -0500
Subject: [PATCH 1/4] initial shared vpc network config

---
 shared-vpc/CHANGELOG.md |  12 ++++
 shared-vpc/main.tf      | 140 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 152 insertions(+)
 create mode 100644 shared-vpc/CHANGELOG.md
 create mode 100644 shared-vpc/main.tf

diff --git a/shared-vpc/CHANGELOG.md b/shared-vpc/CHANGELOG.md
new file mode 100644
index 0000000..8a9844e
--- /dev/null
+++ b/shared-vpc/CHANGELOG.md
@@ -0,0 +1,12 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+
+## 1.0.0
+
+## Added
+
+* Initial release of the `shared-vpc` module, which features public networking and VPC-native functionality for two subnetworks, `staging` and `prod`. 
\ No newline at end of file
diff --git a/shared-vpc/main.tf b/shared-vpc/main.tf
new file mode 100644
index 0000000..9e51458
--- /dev/null
+++ b/shared-vpc/main.tf
@@ -0,0 +1,140 @@
+#######################
+# Define all the variables we'll need
+#######################
+
+variable "network_name" {
+  description = "the name of the network"
+}
+
+variable "enable_flow_logs" {
+  description = "whether to turn on flow logs or not"
+}
+
+variable "region" {
+  description = "region to use"
+}
+
+variable "staging_subnetwork_name" {
+  description = "name for the staging subnetwork"
+}
+
+variable "staging_subnetwork_range" {
+  description = "CIDR for staging subnetwork nodes"
+}
+
+variable "staging_subnetwork_pods" {
+  description = "secondary CIDR for pods"
+}
+
+variable "staging_subnetwork_services" {
+  description = "secondary CIDR for services"
+}
+
+variable "prod_subnetwork_name" {
+  description = "name for the production subnetwork"
+}
+
+variable "prod_subnetwork_range" {
+  description = "CIDR for prod subnetwork nodes"
+}
+
+variable "prod_subnetwork_pods" {
+  description = "secondary CIDR for pods"
+}
+
+variable "prod_subnetwork_services" {
+  description = "secondary CIDR for services"
+}
+
+
+#######################
+# Create the network and subnetworks, including secondary IP ranges on subnetworks
+#######################
+
+resource "google_compute_network" "shared_vpc" {
+  name                    = "${var.network_name}"
+  routing_mode            = "GLOBAL"
+  auto_create_subnetworks = "false"
+}
+
+/* note that for secondary ranges necessary for GKE Alias IPs, the ranges have
+ to be manually specified with terraform currently -- no GKE automagic allowed here. */
+resource "google_compute_subnetwork" "prod_subnetwork" {
+  name                     = "${var.prod_subnetwork_name}"
+  ip_cidr_range            = "${var.prod_subnetwork_range}"
+  network                  = "${google_compute_network.shared_vpc.self_link}"
+  region                   = "${var.region}"
+  private_ip_google_access = true
+  enable_flow_logs         = "${var.enable_flow_logs}"
+  secondary_ip_range = {
+    range_name = "gke-pods-1"
+    ip_cidr_range = "${var.prod_subnetwork_pods}"
+  }
+  secondary_ip_range = {
+    range_name = "gke-services-1"
+    ip_cidr_range = "${var.prod_subnetwork_services}"
+  }
+
+  /* We ignore changes on secondary_ip_range because terraform doesn't list
+    them in the same order every time during runs. */
+  lifecycle {
+    ignore_changes = [ "secondary_ip_range" ]
+  }
+}
+
+resource "google_compute_subnetwork" "staging_subnetwork" {
+  name          = "${var.staging_subnetwork_name}"
+  ip_cidr_range = "${var.staging_subnetwork_range}"
+  network       = "${google_compute_network.shared_vpc.self_link}"
+  region        = "${var.region}"
+  secondary_ip_range = {
+    range_name = "gke-pods-1"
+    ip_cidr_range = "${var.staging_subnetwork_pods}"
+  }
+  secondary_ip_range = {
+    range_name = "gke-services-1"
+    ip_cidr_range = "${var.staging_subnetwork_services}"
+  }
+
+  lifecycle {
+    ignore_changes = [ "secondary_ip_range" ]
+  }
+}
+/** provide outputs to be used in GKE cluster creation **/
+output "shared_vpc" {
+  value = "${google_compute_network.shared_vpc.self_link}"
+}
+
+/* production network details */
+output "prod_subnetwork" {
+  value = "${google_compute_subnetwork.prod_subnetwork.self_link}"
+}
+
+output "prod_subnetwork_pods" {
+  value = "${var.prod_subnetwork_pods}"
+}
+
+output "prod_gke_pods_1" {
+  value = "gke-pods-1"
+}
+
+output "prod_gke_services_1" {
+  value = "gke-services-1"
+}
+
+/*staging network details */
+output "staging_subnetwork" {
+  value = "${google_compute_subnetwork.staging_subnetwork.self_link}"
+}
+
+output "staging_subnetwork_pods" {
+  value = "${var.staging_subnetwork_pods}"
+}
+
+output "staging_gke_pods_1" {
+  value = "gke-pods-1"
+}
+
+output "staging_gke_services_1" {
+  value = "gke-services-1"
+}

From a319c301a4893aff7d4037c9e35c72ffb1c5140b Mon Sep 17 00:00:00 2001
From: dosullivan <daniel@osullivan.io>
Date: Tue, 27 Aug 2019 19:42:03 -0500
Subject: [PATCH 2/4] change *_subnetwork outputs to provide name rather than
 self_link

---
 shared-vpc/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/shared-vpc/main.tf b/shared-vpc/main.tf
index 9e51458..c7d576e 100644
--- a/shared-vpc/main.tf
+++ b/shared-vpc/main.tf
@@ -107,7 +107,7 @@ output "shared_vpc" {
 
 /* production network details */
 output "prod_subnetwork" {
-  value = "${google_compute_subnetwork.prod_subnetwork.self_link}"
+  value = "${google_compute_subnetwork.prod_subnetwork.name}"
 }
 
 output "prod_subnetwork_pods" {
@@ -124,7 +124,7 @@ output "prod_gke_services_1" {
 
 /*staging network details */
 output "staging_subnetwork" {
-  value = "${google_compute_subnetwork.staging_subnetwork.self_link}"
+  value = "${google_compute_subnetwork.staging_subnetwork.name}"
 }
 
 output "staging_subnetwork_pods" {

From 375cd9ac81141b6d253a58bf7210705949b6f7e7 Mon Sep 17 00:00:00 2001
From: dosullivan <daniel@osullivan.io>
Date: Tue, 27 Aug 2019 19:53:24 -0500
Subject: [PATCH 3/4] add readme

---
 shared-vpc/README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 shared-vpc/README.md

diff --git a/shared-vpc/README.md b/shared-vpc/README.md
new file mode 100644
index 0000000..1a9b5b7
--- /dev/null
+++ b/shared-vpc/README.md
@@ -0,0 +1,26 @@
+### shared-vpc module example parameters
+This `shared-vpc` module is similar to the `default`module, but is intended for use with the [terraform-gcp-gke-shared-vpc](https://github.com/FairwindsOps/terraform-gcp-gke-shared-vpc) module. It provides two subnetworks, called `staging` and `prod`, within one VPC. Each subnetwork is intended for association with an individual service project.
+
+To use the `shared-vpc` module, you'd fill out your `network.tf` like so: 
+
+```
+module "network" {
+  source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc?ref=shared-vpc-v0.0.1"
+  // base network parameters
+  network_name                 = "example-shared-vpc-1"
+  staging_subnetwork_name      = "example-staging-1"
+  prod_subnetwork_name         = "example-production-1"
+  region                       = "us-central1"
+  enable_flow_logs             = "false"
+
+  // specify the staging subnetwork primary and secondary CIDRs for IP aliasing
+  staging_subnetwork_range     = "172.16.0.0/24"
+  staging_subnetwork_pods      = "172.16.128.0/17"
+  staging_subnetwork_services  = "172.16.64.0/18"
+
+  // specify the staging subnetwork primary and secondary CIDRs for IP aliasing
+  prod_subnetwork_range        = "172.17.0.0/24"
+  prod_subnetwork_pods         = "172.17.128.0/17"
+  prod_subnetwork_services     = "172.17.64.0/18"
+}
+```
\ No newline at end of file

From b4f8557198246211453c4109bfe9941f0dc27a86 Mon Sep 17 00:00:00 2001
From: dosullivan <daniel@osullivan.io>
Date: Wed, 28 Aug 2019 10:52:21 -0500
Subject: [PATCH 4/4] break shared vpc into two modules

---
 shared-vpc/README.md          |  47 +++++++-----
 shared-vpc/main.tf            | 140 ----------------------------------
 shared-vpc/network/main.tf    |  33 ++++++++
 shared-vpc/subnetwork/main.tf |  72 +++++++++++++++++
 4 files changed, 135 insertions(+), 157 deletions(-)
 delete mode 100644 shared-vpc/main.tf
 create mode 100644 shared-vpc/network/main.tf
 create mode 100644 shared-vpc/subnetwork/main.tf

diff --git a/shared-vpc/README.md b/shared-vpc/README.md
index 1a9b5b7..b5b58ec 100644
--- a/shared-vpc/README.md
+++ b/shared-vpc/README.md
@@ -1,26 +1,39 @@
-### shared-vpc module example parameters
-This `shared-vpc` module is similar to the `default`module, but is intended for use with the [terraform-gcp-gke-shared-vpc](https://github.com/FairwindsOps/terraform-gcp-gke-shared-vpc) module. It provides two subnetworks, called `staging` and `prod`, within one VPC. Each subnetwork is intended for association with an individual service project.
+### shared-vpc modules example parameters
+This directory contains two modules intended for use with each other, in order to create VPC intended to be shared. The first module, `network`, simply creates the network resource`, while the second module, `subnetwork`, creates a subnetwork within that network. The subnetwork is configured to create secondary IP alias ranges necessary for VPC-native GKE functionality. 
 
-To use the `shared-vpc` module, you'd fill out your `network.tf` like so: 
+Each subnetwork is intended for association with an individual service project. You can instantiate the subnetwork module as many times as you'd like within a given network to fit your needs. Just be sure to adjust your names and IP ranges accordingly for no conflicts. 
+
+To use these modules, you'd fill out your `network.tf` like this: 
 
 ```
-module "network" {
-  source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc?ref=shared-vpc-v0.0.1"
+ module "network" {
+  source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/network?ref=shared-vpc-v0.0.1"
   // base network parameters
   network_name                 = "example-shared-vpc-1"
-  staging_subnetwork_name      = "example-staging-1"
-  prod_subnetwork_name         = "example-production-1"
   region                       = "us-central1"
+}
+module "staging_subnetwork" {
+  source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/subnetwork?ref=shared-vpc-v0.0.1"
+  // base subnetwork parameters
+  shared_vpc                   = "${module.network.shared_vpc}"
+  subnetwork_name              = "example-staging-1"
+  region                       = "${module.network.region}"
+  enable_flow_logs             = "false" 
+  //specify the staging subnetwork primary and secondary CIDRs for IP aliasing
+  subnetwork_range             = "172.16.0.0/24"
+  subnetwork_pods              = "172.16.128.0/17"
+  subnetwork_services          = "172.16.64.0/18"
+}
+module "prod_subnetwork" {
+  source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/subnetwork?ref=shared-vpc-v0.0.1"
+  // base subnetwork parameters
+  shared_vpc                   = "${module.network.shared_vpc}"
+  subnetwork_name              = "example-production-1"
+  region                       = "${module.network.region}"
   enable_flow_logs             = "false"
-
-  // specify the staging subnetwork primary and secondary CIDRs for IP aliasing
-  staging_subnetwork_range     = "172.16.0.0/24"
-  staging_subnetwork_pods      = "172.16.128.0/17"
-  staging_subnetwork_services  = "172.16.64.0/18"
-
-  // specify the staging subnetwork primary and secondary CIDRs for IP aliasing
-  prod_subnetwork_range        = "172.17.0.0/24"
-  prod_subnetwork_pods         = "172.17.128.0/17"
-  prod_subnetwork_services     = "172.17.64.0/18"
+  //specify the prod subnetwork primary and secondary CIDRs for IP aliasing
+  subnetwork_range             = "172.17.0.0/24"
+  subnetwork_pods              = "172.17.128.0/17"
+  subnetwork_services          = "172.17.64.0/18"
 }
 ```
\ No newline at end of file
diff --git a/shared-vpc/main.tf b/shared-vpc/main.tf
deleted file mode 100644
index c7d576e..0000000
--- a/shared-vpc/main.tf
+++ /dev/null
@@ -1,140 +0,0 @@
-#######################
-# Define all the variables we'll need
-#######################
-
-variable "network_name" {
-  description = "the name of the network"
-}
-
-variable "enable_flow_logs" {
-  description = "whether to turn on flow logs or not"
-}
-
-variable "region" {
-  description = "region to use"
-}
-
-variable "staging_subnetwork_name" {
-  description = "name for the staging subnetwork"
-}
-
-variable "staging_subnetwork_range" {
-  description = "CIDR for staging subnetwork nodes"
-}
-
-variable "staging_subnetwork_pods" {
-  description = "secondary CIDR for pods"
-}
-
-variable "staging_subnetwork_services" {
-  description = "secondary CIDR for services"
-}
-
-variable "prod_subnetwork_name" {
-  description = "name for the production subnetwork"
-}
-
-variable "prod_subnetwork_range" {
-  description = "CIDR for prod subnetwork nodes"
-}
-
-variable "prod_subnetwork_pods" {
-  description = "secondary CIDR for pods"
-}
-
-variable "prod_subnetwork_services" {
-  description = "secondary CIDR for services"
-}
-
-
-#######################
-# Create the network and subnetworks, including secondary IP ranges on subnetworks
-#######################
-
-resource "google_compute_network" "shared_vpc" {
-  name                    = "${var.network_name}"
-  routing_mode            = "GLOBAL"
-  auto_create_subnetworks = "false"
-}
-
-/* note that for secondary ranges necessary for GKE Alias IPs, the ranges have
- to be manually specified with terraform currently -- no GKE automagic allowed here. */
-resource "google_compute_subnetwork" "prod_subnetwork" {
-  name                     = "${var.prod_subnetwork_name}"
-  ip_cidr_range            = "${var.prod_subnetwork_range}"
-  network                  = "${google_compute_network.shared_vpc.self_link}"
-  region                   = "${var.region}"
-  private_ip_google_access = true
-  enable_flow_logs         = "${var.enable_flow_logs}"
-  secondary_ip_range = {
-    range_name = "gke-pods-1"
-    ip_cidr_range = "${var.prod_subnetwork_pods}"
-  }
-  secondary_ip_range = {
-    range_name = "gke-services-1"
-    ip_cidr_range = "${var.prod_subnetwork_services}"
-  }
-
-  /* We ignore changes on secondary_ip_range because terraform doesn't list
-    them in the same order every time during runs. */
-  lifecycle {
-    ignore_changes = [ "secondary_ip_range" ]
-  }
-}
-
-resource "google_compute_subnetwork" "staging_subnetwork" {
-  name          = "${var.staging_subnetwork_name}"
-  ip_cidr_range = "${var.staging_subnetwork_range}"
-  network       = "${google_compute_network.shared_vpc.self_link}"
-  region        = "${var.region}"
-  secondary_ip_range = {
-    range_name = "gke-pods-1"
-    ip_cidr_range = "${var.staging_subnetwork_pods}"
-  }
-  secondary_ip_range = {
-    range_name = "gke-services-1"
-    ip_cidr_range = "${var.staging_subnetwork_services}"
-  }
-
-  lifecycle {
-    ignore_changes = [ "secondary_ip_range" ]
-  }
-}
-/** provide outputs to be used in GKE cluster creation **/
-output "shared_vpc" {
-  value = "${google_compute_network.shared_vpc.self_link}"
-}
-
-/* production network details */
-output "prod_subnetwork" {
-  value = "${google_compute_subnetwork.prod_subnetwork.name}"
-}
-
-output "prod_subnetwork_pods" {
-  value = "${var.prod_subnetwork_pods}"
-}
-
-output "prod_gke_pods_1" {
-  value = "gke-pods-1"
-}
-
-output "prod_gke_services_1" {
-  value = "gke-services-1"
-}
-
-/*staging network details */
-output "staging_subnetwork" {
-  value = "${google_compute_subnetwork.staging_subnetwork.name}"
-}
-
-output "staging_subnetwork_pods" {
-  value = "${var.staging_subnetwork_pods}"
-}
-
-output "staging_gke_pods_1" {
-  value = "gke-pods-1"
-}
-
-output "staging_gke_services_1" {
-  value = "gke-services-1"
-}
diff --git a/shared-vpc/network/main.tf b/shared-vpc/network/main.tf
new file mode 100644
index 0000000..4e44e16
--- /dev/null
+++ b/shared-vpc/network/main.tf
@@ -0,0 +1,33 @@
+#######################
+# Define all the variables we'll need
+#######################
+
+variable "network_name" {
+  description = "the name of the network"
+}
+
+variable "region" {
+  description = "region to use"
+}
+
+#######################
+# Create the network and subnetworks, including secondary IP ranges on subnetworks
+#######################
+
+resource "google_compute_network" "shared_vpc" {
+  name                    = "${var.network_name}"
+  routing_mode            = "GLOBAL"
+  auto_create_subnetworks = "false"
+}
+
+#######################
+# Provide outputs to be used in subnetwork and GKE cluster creation
+#######################
+output "shared_vpc" {
+  value = "${google_compute_network.shared_vpc.self_link}"
+}
+
+output "region" {
+  description = "The region in which this network exists"
+  value       = "${var.region}"
+}
\ No newline at end of file
diff --git a/shared-vpc/subnetwork/main.tf b/shared-vpc/subnetwork/main.tf
new file mode 100644
index 0000000..5c4a3fa
--- /dev/null
+++ b/shared-vpc/subnetwork/main.tf
@@ -0,0 +1,72 @@
+variable "shared_vpc" {
+  description = "self_link of the shared vpc to create subnetwork in"
+}
+
+variable "region" {
+  description = "region to use"
+}
+
+variable "subnetwork_name" {
+  description = "name for the subnetwork"
+}
+
+variable "enable_flow_logs" {
+  description = "whether to turn on flow logs or not"
+}
+
+variable "subnetwork_range" {
+  description = "CIDR for subnetwork nodes"
+}
+
+variable "subnetwork_pods" {
+  description = "secondary CIDR for pods"
+}
+
+variable "subnetwork_services" {
+  description = "secondary CIDR for services"
+}
+
+
+/* note that for secondary ranges necessary for GKE Alias IPs, the ranges have
+ to be manually specified with terraform currently -- no GKE automagic allowed here. */
+resource "google_compute_subnetwork" "subnetwork" {
+  name                     = "${var.subnetwork_name}"
+  ip_cidr_range            = "${var.subnetwork_range}"
+  network                  = "${var.shared_vpc}"
+  region                   = "${var.region}"
+  private_ip_google_access = true
+  enable_flow_logs         = "${var.enable_flow_logs}"
+  secondary_ip_range = {
+    range_name = "gke-pods-1"
+    ip_cidr_range = "${var.subnetwork_pods}"
+  }
+  secondary_ip_range = {
+    range_name = "gke-services-1"
+    ip_cidr_range = "${var.subnetwork_services}"
+  }
+
+  /* We ignore changes on secondary_ip_range because terraform doesn't list
+    them in the same order every time during runs. */
+  lifecycle {
+    ignore_changes = [ "secondary_ip_range" ]
+  }
+}
+
+#######################
+# Provide outputs to be used in GKE cluster creation
+#######################
+output "subnetwork" {
+  value = "${google_compute_subnetwork.subnetwork.name}"
+}
+
+output "subnetwork_pods" {
+  value = "${var.subnetwork_pods}"
+}
+
+output "gke_pods_1" {
+  value = "gke-pods-1"
+}
+
+output "gke_services_1" {
+  value = "gke-services-1"
+}