From 36a40f12065feb220d9fce6ec3888fc1fb79a0b2 Mon Sep 17 00:00:00 2001 From: IIBenII Date: Wed, 23 Nov 2022 17:53:18 +0100 Subject: [PATCH 1/3] Update documentation of forwarding rule for vpc psc endpoint --- mmv1/products/compute/api.yaml | 3 ++ mmv1/products/compute/terraform.yaml | 12 ++++++++ .../examples/forwarding_rule_vpc_psc.tf.erb | 29 +++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml index 08fc32fb08e4..d1861a105dfe 100644 --- a/mmv1/products/compute/api.yaml +++ b/mmv1/products/compute/api.yaml @@ -4036,6 +4036,9 @@ objects: and internal TCP/UDP load balancers. EXTERNAL_MANAGED is used for regional external HTTP(S) load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers. + + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" + if the target is an URI of a service attachment. values: - :EXTERNAL - :EXTERNAL_MANAGED diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index bfa469fb6c5a..2e7077e5d2e8 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -949,6 +949,18 @@ overrides: !ruby/object:Overrides::ResourceOverrides - "port_range" - "target" - "ip_address" + - !ruby/object:Provider::Terraform::Examples + name: "forwarding_rule_vpc_psc" + min_version: 'beta' + primary_resource_id: "default" + vars: + forwarding_rule_name: "website-forwarding-rule" + network_name: "website-net" + fw_name: "website-fw" + ip_name: "website-ip" + ignore_read_extra: + - "port_range" + - "target" custom_code: !ruby/object:Provider::Terraform::CustomCode post_create: templates/terraform/post_create/labels.erb properties: diff --git a/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb b/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb new file mode 100644 index 000000000000..964d586c8e0b --- /dev/null +++ b/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb @@ -0,0 +1,29 @@ +// Forwarding rule for VPC private service connect endpoint +resource "google_compute_forwarding_rule" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + name = "<%= ctx[:vars]['forwarding_rule_name'] %>" + region = "us-central1" + load_balancing_scheme = "" + target = "projects/SERVICE_PROJECT/regions/REGION/serviceAttachments/SERVICE_NAME" + network = google_compute_network.default.name + ip_address = google_compute_address.default.id +} + +resource "google_compute_network" "default" { + name = "<%= ctx[:vars]['network_name'] %>" + auto_create_subnetworks = false +} +resource "google_compute_subnetwork" "default" { + name = "<%= ctx[:vars]['network_name'] %>" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.default.id +} + +resource "google_compute_address" "default" { + name = "<%= ctx[:vars]['ip_name'] %>-1" + provider = google-beta + region = "us-central1" + subnetwork = google_compute_subnetwork.default.id + address_type = "INTERNAL" +} \ No newline at end of file From a716b4f6f42f4b27f686a86732dbd1373081db77 Mon Sep 17 00:00:00 2001 From: IIBenII Date: Thu, 24 Nov 2022 00:54:08 +0100 Subject: [PATCH 2/3] Fix feedback --- mmv1/products/compute/api.yaml | 2 +- mmv1/products/compute/terraform.yaml | 11 +- .../examples/forwarding_rule_vpc_psc.tf.erb | 109 +++++++++++++++--- 3 files changed, 103 insertions(+), 19 deletions(-) diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml index d1861a105dfe..4aa6f88ce934 100644 --- a/mmv1/products/compute/api.yaml +++ b/mmv1/products/compute/api.yaml @@ -4037,7 +4037,7 @@ objects: EXTERNAL_MANAGED is used for regional external HTTP(S) load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers. - ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set to "" if the target is an URI of a service attachment. values: - :EXTERNAL diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index 2e7077e5d2e8..12b60be1fbb0 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -954,10 +954,15 @@ overrides: !ruby/object:Overrides::ResourceOverrides min_version: 'beta' primary_resource_id: "default" vars: - forwarding_rule_name: "website-forwarding-rule" - network_name: "website-net" - fw_name: "website-fw" + forwarding_rule_name: "psc-endpoint" + consumer_network_name: "consumer-net" ip_name: "website-ip" + producer_network_name: "producer-net" + producer_psc_network_name: "producer-psc-net" + service_attachment_name: "producer-service" + producer_forwarding_rule_name: "producer-forwarding-rule" + producer_backend_name: "producer-service-backend" + producer_healthcheck_name: "producer-service-health-check" ignore_read_extra: - "port_range" - "target" diff --git a/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb b/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb index 964d586c8e0b..3cd600278dd8 100644 --- a/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb +++ b/mmv1/templates/terraform/examples/forwarding_rule_vpc_psc.tf.erb @@ -1,29 +1,108 @@ -// Forwarding rule for VPC private service connect endpoint +// Forwarding rule for VPC private service connect resource "google_compute_forwarding_rule" "<%= ctx[:primary_resource_id] %>" { provider = google-beta name = "<%= ctx[:vars]['forwarding_rule_name'] %>" region = "us-central1" load_balancing_scheme = "" - target = "projects/SERVICE_PROJECT/regions/REGION/serviceAttachments/SERVICE_NAME" - network = google_compute_network.default.name - ip_address = google_compute_address.default.id + target = google_compute_service_attachment.producer_service_attachment.id + network = google_compute_network.consumer_net.name + ip_address = google_compute_address.consumer_address.id } -resource "google_compute_network" "default" { - name = "<%= ctx[:vars]['network_name'] %>" +// Consumer service endpoint + +resource "google_compute_network" "consumer_net" { + provider = google-beta + name = "<%= ctx[:vars]['consumer_network_name'] %>" auto_create_subnetworks = false } -resource "google_compute_subnetwork" "default" { - name = "<%= ctx[:vars]['network_name'] %>" + +resource "google_compute_subnetwork" "consumer_subnet" { + provider = google-beta + name = "<%= ctx[:vars]['consumer_network_name'] %>" ip_cidr_range = "10.0.0.0/16" region = "us-central1" - network = google_compute_network.default.id + network = google_compute_network.consumer_net.id } -resource "google_compute_address" "default" { - name = "<%= ctx[:vars]['ip_name'] %>-1" - provider = google-beta - region = "us-central1" - subnetwork = google_compute_subnetwork.default.id +resource "google_compute_address" "consumer_address" { + name = "<%= ctx[:vars]['ip_name'] %>-1" + provider = google-beta + region = "us-central1" + subnetwork = google_compute_subnetwork.consumer_subnet.id address_type = "INTERNAL" -} \ No newline at end of file +} + + +// Producer service attachment + +resource "google_compute_network" "producer_net" { + provider = google-beta + name = "<%= ctx[:vars]['producer_network_name'] %>" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "producer_subnet" { + provider = google-beta + name = "<%= ctx[:vars]['producer_network_name'] %>" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.producer_net.id +} + +resource "google_compute_subnetwork" "psc_producer_subnet" { + provider = google-beta + name = "<%= ctx[:vars]['producer_psc_network_name'] %>" + ip_cidr_range = "10.1.0.0/16" + region = "us-central1" + + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.producer_net.id +} + +resource "google_compute_service_attachment" "producer_service_attachment" { + provider = google-beta + name = "<%= ctx[:vars]['service_attachment_name'] %>" + region = "us-central1" + description = "A service attachment configured with Terraform" + + enable_proxy_protocol = true + connection_preference = "ACCEPT_AUTOMATIC" + nat_subnets = [google_compute_subnetwork.psc_producer_subnet.name] + target_service = google_compute_forwarding_rule.producer_target_service.id + + +} + +resource "google_compute_forwarding_rule" "producer_target_service" { + provider = google-beta + name = "<%= ctx[:vars]['producer_forwarding_rule_name'] %>" + region = "us-central1" + + load_balancing_scheme = "INTERNAL" + backend_service = google_compute_region_backend_service.producer_service_backend.id + all_ports = true + network = google_compute_network.producer_net.name + subnetwork = google_compute_subnetwork.producer_subnet.name + + +} + +resource "google_compute_region_backend_service" "producer_service_backend" { + provider = google-beta + name = "<%= ctx[:vars]['producer_backend_name'] %>" + region = "us-central1" + + health_checks = [google_compute_health_check.producer_service_health_check.id] +} + +resource "google_compute_health_check" "producer_service_health_check" { + provider = google-beta + name = "<%= ctx[:vars]['producer_healthcheck_name'] %>" + + check_interval_sec = 1 + timeout_sec = 1 + tcp_health_check { + port = "80" + } +} From bdb96f27cd36214d91f22b7d4ab36cd2a1fd1b2d Mon Sep 17 00:00:00 2001 From: IIBenII Date: Mon, 28 Nov 2022 20:24:26 +0100 Subject: [PATCH 3/3] Add ip_address as ignore --- mmv1/products/compute/terraform.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index 12b60be1fbb0..b0a8edeb2b77 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -966,6 +966,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides ignore_read_extra: - "port_range" - "target" + - "ip_address" custom_code: !ruby/object:Provider::Terraform::CustomCode post_create: templates/terraform/post_create/labels.erb properties: