verify subnetwork ranges are unique

modules/network/vpc/README.md

@@ -211,7 +211,7 @@ limitations under the License.
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | Project in which the HPC deployment will be created | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The default region for Cloud resources | `string` | n/a | yes |
 | <a name="input_secondary_ranges"></a> [secondary\_ranges](#input\_secondary\_ranges) | "Secondary ranges associated with the subnets.<br/>This will be deprecated in favour of secondary\_ranges\_list at a later date.<br/>Please migrate to using the same." | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
-| <a name="input_secondary_ranges_list"></a> [secondary\_ranges\_list](#input\_secondary\_ranges\_list) | List of secondary ranges associated with the subnets. | <pre>list(object({<br/>    subnetwork_name = string,<br/>    ranges = list(object({<br/>      range_name    = string,<br/>      ip_cidr_range = string<br/>    }))<br/>  }))</pre> | `[]` | no |
+| <a name="input_secondary_ranges_list"></a> [secondary\_ranges\_list](#input\_secondary\_ranges\_list) | "List of secondary ranges associated with the subnetworks.<br/>Each subnetwork must be specified at most once in this list." | <pre>list(object({<br/>    subnetwork_name = string,<br/>    ranges = list(object({<br/>      range_name    = string,<br/>      ip_cidr_range = string<br/>    }))<br/>  }))</pre> | `[]` | no |
 | <a name="input_shared_vpc_host"></a> [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
 | <a name="input_subnetwork_name"></a> [subnetwork\_name](#input\_subnetwork\_name) | The name of the network to be created (if unsupplied, will default to "{deployment\_name}-primary-subnet") | `string` | `null` | no |
 | <a name="input_subnetwork_size"></a> [subnetwork\_size](#input\_subnetwork\_size) | DEPRECATED: please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions | `number` | `null` | no |

modules/network/vpc/main.tf

@@ -14,6 +14,15 @@
  * limitations under the License.
 */
 
+resource "terraform_data" "secondary_ranges_validation" {
+  lifecycle {
+    precondition {
+      condition     = !(length(var.secondary_ranges) > 0 && length(var.secondary_ranges_list) > 0)
+      error_message = "Only one of var.secondary_ranges or var.secondary_ranges_list should be specified"
+    }
+  }
+}
+
 locals {
   # This label allows for billing report tracking based on module.
   labels = merge(var.labels, { ghpc_module = "vpc", ghpc_role = "network" })

modules/network/vpc/variables.tf

@@ -165,8 +165,16 @@ variable "secondary_ranges_list" {
       ip_cidr_range = string
     }))
   }))
-  description = "List of secondary ranges associated with the subnets."
+  description = <<-EOT
+  "List of secondary ranges associated with the subnetworks.
+  Each subnetwork must be specified at most once in this list."
+  EOT
   default     = []
+  validation {
+    condition = (length(var.secondary_ranges_list[*].subnetwork_name) ==
+    length(distinct(var.secondary_ranges_list[*].subnetwork_name)))
+    error_message = "Each subnetwork should be specified at most once in this list. Remove any duplicates."
+  }
 }
 
 variable "network_routing_mode" {
@@ -267,15 +275,6 @@ variable "firewall_log_config" {
   }
 }
 
-resource "terraform_data" "secondary_ranges_validation" {
-  lifecycle {
-    precondition {
-      condition     = length(var.secondary_ranges) == 0 || length(var.secondary_ranges_list) == 0
-      error_message = "Only one of var.secondary_ranges or var.secondary_ranges_list should be specified"
-    }
-  }
-}
-
 variable "network_profile" {
   type        = string
   description = <<-EOT