diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml index 08fc32fb08e4..4aa6f88ce934 100644 --- a/mmv1/products/compute/api.yaml +++ b/mmv1/products/compute/api.yaml @@ -4036,6 +4036,9 @@ objects: and internal TCP/UDP load balancers. EXTERNAL_MANAGED is used for regional external HTTP(S) load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers. + + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set to "" + if the target is an URI of a service attachment. values: - :EXTERNAL - :EXTERNAL_MANAGED diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index bfa469fb6c5a..b0a8edeb2b77 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -949,6 +949,24 @@ overrides: !ruby/object:Overrides::ResourceOverrides - "port_range" - "target" - "ip_address" + - !ruby/object:Provider::Terraform::Examples + name: "forwarding_rule_vpc_psc" + min_version: 'beta' + primary_resource_id: "default" + vars: + forwarding_rule_name: "psc-endpoint" + consumer_network_name: "consumer-net" + ip_name: "website-ip" + producer_network_name: "producer-net" + producer_psc_network_name: "producer-psc-net" + service_attachment_name: "producer-service" + producer_forwarding_rule_name: "producer-forwarding-rule" + producer_backend_name: "producer-service-backend" + producer_healthcheck_name: "producer-service-health-check" + ignore_read_extra: + - "port_range" + - "target" + - "ip_address" custom_code: !ruby/object:Provider::Terraform::CustomCode post_create: templates/terraform/post_create/labels.erb properties: diff --git a/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb b/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb new file mode 100644 index 000000000000..3cd600278dd8 --- /dev/null +++ b/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb @@ -0,0 +1,108 @@ +// Forwarding rule for VPC private service connect +resource "google_compute_forwarding_rule" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + name = "<%= ctx[:vars]['forwarding_rule_name'] %>" + region = "us-central1" + load_balancing_scheme = "" + target = google_compute_service_attachment.producer_service_attachment.id + network = google_compute_network.consumer_net.name + ip_address = google_compute_address.consumer_address.id +} + +// Consumer service endpoint + +resource "google_compute_network" "consumer_net" { + provider = google-beta + name = "<%= ctx[:vars]['consumer_network_name'] %>" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "consumer_subnet" { + provider = google-beta + name = "<%= ctx[:vars]['consumer_network_name'] %>" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.consumer_net.id +} + +resource "google_compute_address" "consumer_address" { + name = "<%= ctx[:vars]['ip_name'] %>-1" + provider = google-beta + region = "us-central1" + subnetwork = google_compute_subnetwork.consumer_subnet.id + address_type = "INTERNAL" +} + + +// Producer service attachment + +resource "google_compute_network" "producer_net" { + provider = google-beta + name = "<%= ctx[:vars]['producer_network_name'] %>" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "producer_subnet" { + provider = google-beta + name = "<%= ctx[:vars]['producer_network_name'] %>" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.producer_net.id +} + +resource "google_compute_subnetwork" "psc_producer_subnet" { + provider = google-beta + name = "<%= ctx[:vars]['producer_psc_network_name'] %>" + ip_cidr_range = "10.1.0.0/16" + region = "us-central1" + + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.producer_net.id +} + +resource "google_compute_service_attachment" "producer_service_attachment" { + provider = google-beta + name = "<%= ctx[:vars]['service_attachment_name'] %>" + region = "us-central1" + description = "A service attachment configured with Terraform" + + enable_proxy_protocol = true + connection_preference = "ACCEPT_AUTOMATIC" + nat_subnets = [google_compute_subnetwork.psc_producer_subnet.name] + target_service = google_compute_forwarding_rule.producer_target_service.id + + +} + +resource "google_compute_forwarding_rule" "producer_target_service" { + provider = google-beta + name = "<%= ctx[:vars]['producer_forwarding_rule_name'] %>" + region = "us-central1" + + load_balancing_scheme = "INTERNAL" + backend_service = google_compute_region_backend_service.producer_service_backend.id + all_ports = true + network = google_compute_network.producer_net.name + subnetwork = google_compute_subnetwork.producer_subnet.name + + +} + +resource "google_compute_region_backend_service" "producer_service_backend" { + provider = google-beta + name = "<%= ctx[:vars]['producer_backend_name'] %>" + region = "us-central1" + + health_checks = [google_compute_health_check.producer_service_health_check.id] +} + +resource "google_compute_health_check" "producer_service_health_check" { + provider = google-beta + name = "<%= ctx[:vars]['producer_healthcheck_name'] %>" + + check_interval_sec = 1 + timeout_sec = 1 + tcp_health_check { + port = "80" + } +}