From ee1e66320cb1686687a2faac8dd118c9ea101e5d Mon Sep 17 00:00:00 2001 From: Daniel Dubnikov Date: Mon, 13 Jan 2025 09:52:34 +0000 Subject: [PATCH 1/6] feat(networksecurity): Add examples for creating consumer and producer mirroring --- .../mirroring/basic/consumer/main.tf | 51 ++++++++++++ .../mirroring/basic/producer/main.tf | 77 +++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 network_security/mirroring/basic/consumer/main.tf create mode 100644 network_security/mirroring/basic/producer/main.tf diff --git a/network_security/mirroring/basic/consumer/main.tf b/network_security/mirroring/basic/consumer/main.tf new file mode 100644 index 00000000..87fd82f0 --- /dev/null +++ b/network_security/mirroring/basic/consumer/main.tf @@ -0,0 +1,51 @@ +/** +* Copyright 2025 Google LLC +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +# [START networksecurity_mirroring_basic_consumer] +resource "google_compute_network" "producer_network" { + provider = google-beta + name = "producer-network" + auto_create_subnetworks = false +} + +resource "google_compute_network" "consumer_network" { + provider = google-beta + name = "consumer-network" + auto_create_subnetworks = false +} + +resource "google_network_security_mirroring_deployment_group" "deployment_group" { + provider = google-beta + mirroring_deployment_group_id = "mirroring-deployment-group" + location = "global" + network = google_compute_network.producer_network.id +} + +resource "google_network_security_mirroring_endpoint_group" "endpoint_group" { + provider = google-beta + mirroring_endpoint_group_id = "mirroring-endpoint-group" + location = "global" + mirroring_deployment_group = google_network_security_mirroring_deployment_group.deployment_group.id +} + +resource "google_network_security_mirroring_endpoint_group_association" "endpoint_group_association" { + provider = google-beta + mirroring_endpoint_group_association_id = "mirroring-endpoint-group-association" + location = "global" + network = google_compute_network.consumer_network.id + mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.endpoint_group.id +} +# [END networksecurity_mirroring_basic_consumer] diff --git a/network_security/mirroring/basic/producer/main.tf b/network_security/mirroring/basic/producer/main.tf new file mode 100644 index 00000000..3e6fa947 --- /dev/null +++ b/network_security/mirroring/basic/producer/main.tf @@ -0,0 +1,77 @@ +/** +* Copyright 2025 Google LLC +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +# [START networksecurity_mirroring_basic_producer] +resource "google_compute_network" "network" { + provider = google-beta + name = "producer-network" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + name = "producer-subnet" + region = "us-central1" + ip_cidr_range = "10.1.0.0/16" + network = google_compute_network.network.name +} + +resource "google_compute_region_health_check" "health_check" { + provider = google-beta + name = "deploymnet-hc" + region = "us-central1" + http_health_check { + port = 80 + } +} + +resource "google_compute_region_backend_service" "backend_service" { + provider = google-beta + name = "deployment-svc" + region = "us-central1" + health_checks = [google_compute_region_health_check.health_check.id] + protocol = "UDP" + load_balancing_scheme = "INTERNAL" +} + +resource "google_compute_forwarding_rule" "forwarding_rule" { + provider = google-beta + name = "deployment-fr" + region = "us-central1" + network = google_compute_network.network.name + subnetwork = google_compute_subnetwork.subnetwork.name + backend_service = google_compute_region_backend_service.backend_service.id + load_balancing_scheme = "INTERNAL" + ports = [6081] + ip_protocol = "UDP" + is_mirroring_collector = true +} + +resource "google_network_security_mirroring_deployment_group" "deployment_group" { + provider = google-beta + mirroring_deployment_group_id = "mirroring-deployment-group" + location = "global" + network = google_compute_network.network.id +} + +resource "google_network_security_mirroring_deployment" "deployment" { + provider = google-beta + mirroring_deployment_id = "mirroring-deployment" + location = "us-central1-a" + forwarding_rule = google_compute_forwarding_rule.forwarding_rule.id + mirroring_deployment_group = google_network_security_mirroring_deployment_group.deployment_group.id +} +# [END networksecurity_mirroring_basic_producer] From 6df313b16fd269ceebc05a97e3c62a05eebc72f3 Mon Sep 17 00:00:00 2001 From: Daniel Dubnikov Date: Mon, 13 Jan 2025 12:46:53 +0000 Subject: [PATCH 2/6] Enable networksecurity API --- test/setup/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/test/setup/main.tf b/test/setup/main.tf index 2348d252..6968242d 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -64,6 +64,7 @@ module "projects" { "looker.googleapis.com", "networkconnectivity.googleapis.com", "networkmanagement.googleapis.com", + "networksecurity.googleapis.com", "notebooks.googleapis.com", "privateca.googleapis.com", "pubsub.googleapis.com", From a349bab47c28502be2238d0da25fe5b043f84083 Mon Sep 17 00:00:00 2001 From: Daniel Dubnikov Date: Mon, 13 Jan 2025 12:56:44 +0000 Subject: [PATCH 3/6] Add codeowners for network security's mirroring samples --- .github/CODEOWNERS | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 78039ad0..f165ca3d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,25 +1,26 @@ # Overall sample owners -* @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/terraform-samples-reviewers -/* @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/terraform-samples-reviewers @terraform-google-modules/cloud-samples-infra -/.github/ @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/cloud-samples-infra -/test/ @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/cft-admins @terraform-google-modules/cloud-samples-infra -/build/ @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/cft-admins @terraform-google-modules/cloud-samples-infra +* @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/terraform-samples-reviewers +/* @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/terraform-samples-reviewers @terraform-google-modules/cloud-samples-infra +/.github/ @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/cloud-samples-infra +/test/ @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/cft-admins @terraform-google-modules/cloud-samples-infra +/build/ @terraform-google-modules/terraform-samples-git-admins @terraform-google-modules/cft-admins @terraform-google-modules/cloud-samples-infra -/bigquery/ @terraform-google-modules/bigquery-terraform-swe @terraform-google-modules/terraform-samples-reviewers -/cloud_sql/ @terraform-google-modules/terraform-samples-reviewers -/cloudvpn/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/composer/ @terraform-google-modules/cloud-dpes-composer @terraform-google-modules/terraform-samples-reviewers -/compute/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/dns/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/gke/ @terraform-google-modules/eks-team @terraform-google-modules/terraform-samples-reviewers -/lb/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/looker/ @terraform-google-modules/cloud-looker-docs @terraform-google-modules/terraform-samples-reviewers -/media_cdn/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/network_connectivity/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/privateca/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/storage/ @terraform-google-modules/cloud-storage-dpe @terraform-google-modules/terraform-samples-reviewers -/traffic_director/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/vpc/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/managedkafka/ @terraform-google-modules/managedkafka-dev-team @terraform-google-modules/terraform-samples-reviewers -/backupdr/ @terraform-google-modules/gcbdr-samples-team @terraform-google-modules/terraform-samples-reviewers +/bigquery/ @terraform-google-modules/bigquery-terraform-swe @terraform-google-modules/terraform-samples-reviewers +/cloud_sql/ @terraform-google-modules/terraform-samples-reviewers +/cloudvpn/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/composer/ @terraform-google-modules/cloud-dpes-composer @terraform-google-modules/terraform-samples-reviewers +/compute/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/dns/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/gke/ @terraform-google-modules/eks-team @terraform-google-modules/terraform-samples-reviewers +/lb/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/looker/ @terraform-google-modules/cloud-looker-docs @terraform-google-modules/terraform-samples-reviewers +/media_cdn/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/network_connectivity/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/network_security/mirroring/ @terraform-google-modules/pm2-team @terraform-google-modules/terraform-samples-reviewers +/privateca/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/storage/ @terraform-google-modules/cloud-storage-dpe @terraform-google-modules/terraform-samples-reviewers +/traffic_director/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/vpc/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers +/managedkafka/ @terraform-google-modules/managedkafka-dev-team @terraform-google-modules/terraform-samples-reviewers +/backupdr/ @terraform-google-modules/gcbdr-samples-team @terraform-google-modules/terraform-samples-reviewers From eaa4e13dbb50f0b5b77da699509bd3ebf44083ea Mon Sep 17 00:00:00 2001 From: Daniel Dubnikov Date: Mon, 13 Jan 2025 13:39:59 +0000 Subject: [PATCH 4/6] Use default as Terraform resource names where possible --- .../mirroring/basic/consumer/main.tf | 8 ++--- .../mirroring/basic/producer/main.tf | 30 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/network_security/mirroring/basic/consumer/main.tf b/network_security/mirroring/basic/consumer/main.tf index 87fd82f0..7d37616e 100644 --- a/network_security/mirroring/basic/consumer/main.tf +++ b/network_security/mirroring/basic/consumer/main.tf @@ -27,18 +27,18 @@ resource "google_compute_network" "consumer_network" { auto_create_subnetworks = false } -resource "google_network_security_mirroring_deployment_group" "deployment_group" { +resource "google_network_security_mirroring_deployment_group" "default" { provider = google-beta mirroring_deployment_group_id = "mirroring-deployment-group" location = "global" network = google_compute_network.producer_network.id } -resource "google_network_security_mirroring_endpoint_group" "endpoint_group" { +resource "google_network_security_mirroring_endpoint_group" "default" { provider = google-beta mirroring_endpoint_group_id = "mirroring-endpoint-group" location = "global" - mirroring_deployment_group = google_network_security_mirroring_deployment_group.deployment_group.id + mirroring_deployment_group = google_network_security_mirroring_deployment_group.default.id } resource "google_network_security_mirroring_endpoint_group_association" "endpoint_group_association" { @@ -46,6 +46,6 @@ resource "google_network_security_mirroring_endpoint_group_association" "endpoin mirroring_endpoint_group_association_id = "mirroring-endpoint-group-association" location = "global" network = google_compute_network.consumer_network.id - mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.endpoint_group.id + mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.default.id } # [END networksecurity_mirroring_basic_consumer] diff --git a/network_security/mirroring/basic/producer/main.tf b/network_security/mirroring/basic/producer/main.tf index 3e6fa947..ec1eeed0 100644 --- a/network_security/mirroring/basic/producer/main.tf +++ b/network_security/mirroring/basic/producer/main.tf @@ -15,21 +15,21 @@ */ # [START networksecurity_mirroring_basic_producer] -resource "google_compute_network" "network" { +resource "google_compute_network" "default" { provider = google-beta name = "producer-network" auto_create_subnetworks = false } -resource "google_compute_subnetwork" "subnetwork" { +resource "google_compute_subnetwork" "default" { provider = google-beta name = "producer-subnet" region = "us-central1" ip_cidr_range = "10.1.0.0/16" - network = google_compute_network.network.name + network = google_compute_network.default.name } -resource "google_compute_region_health_check" "health_check" { +resource "google_compute_region_health_check" "default" { provider = google-beta name = "deploymnet-hc" region = "us-central1" @@ -38,40 +38,40 @@ resource "google_compute_region_health_check" "health_check" { } } -resource "google_compute_region_backend_service" "backend_service" { +resource "google_compute_region_backend_service" "default" { provider = google-beta name = "deployment-svc" region = "us-central1" - health_checks = [google_compute_region_health_check.health_check.id] + health_checks = [google_compute_region_health_check.default.id] protocol = "UDP" load_balancing_scheme = "INTERNAL" } -resource "google_compute_forwarding_rule" "forwarding_rule" { +resource "google_compute_forwarding_rule" "default" { provider = google-beta name = "deployment-fr" region = "us-central1" - network = google_compute_network.network.name - subnetwork = google_compute_subnetwork.subnetwork.name - backend_service = google_compute_region_backend_service.backend_service.id + network = google_compute_network.default.name + subnetwork = google_compute_subnetwork.default.name + backend_service = google_compute_region_backend_service.default.id load_balancing_scheme = "INTERNAL" ports = [6081] ip_protocol = "UDP" is_mirroring_collector = true } -resource "google_network_security_mirroring_deployment_group" "deployment_group" { +resource "google_network_security_mirroring_deployment_group" "default" { provider = google-beta mirroring_deployment_group_id = "mirroring-deployment-group" location = "global" - network = google_compute_network.network.id + network = google_compute_network.default.id } -resource "google_network_security_mirroring_deployment" "deployment" { +resource "google_network_security_mirroring_deployment" "default" { provider = google-beta mirroring_deployment_id = "mirroring-deployment" location = "us-central1-a" - forwarding_rule = google_compute_forwarding_rule.forwarding_rule.id - mirroring_deployment_group = google_network_security_mirroring_deployment_group.deployment_group.id + forwarding_rule = google_compute_forwarding_rule.default.id + mirroring_deployment_group = google_network_security_mirroring_deployment_group.default.id } # [END networksecurity_mirroring_basic_producer] From 1436dc5b7b384e036cb20152aadb1d4f3f0ac7aa Mon Sep 17 00:00:00 2001 From: Daniel Dubnikov Date: Mon, 13 Jan 2025 13:42:17 +0000 Subject: [PATCH 5/6] Rename association resource to default --- network_security/mirroring/basic/consumer/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network_security/mirroring/basic/consumer/main.tf b/network_security/mirroring/basic/consumer/main.tf index 7d37616e..e80c3917 100644 --- a/network_security/mirroring/basic/consumer/main.tf +++ b/network_security/mirroring/basic/consumer/main.tf @@ -41,7 +41,7 @@ resource "google_network_security_mirroring_endpoint_group" "default" { mirroring_deployment_group = google_network_security_mirroring_deployment_group.default.id } -resource "google_network_security_mirroring_endpoint_group_association" "endpoint_group_association" { +resource "google_network_security_mirroring_endpoint_group_association" "default" { provider = google-beta mirroring_endpoint_group_association_id = "mirroring-endpoint-group-association" location = "global" From db2ce5534f9c3b3f140106749e043e1d69d4e632 Mon Sep 17 00:00:00 2001 From: Daniel Dubnikov Date: Mon, 13 Jan 2025 13:47:33 +0000 Subject: [PATCH 6/6] Fix tab discrepancy in CODEOWNERS file --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f165ca3d..5ce49f22 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -14,7 +14,7 @@ /dns/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers /gke/ @terraform-google-modules/eks-team @terraform-google-modules/terraform-samples-reviewers /lb/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers -/looker/ @terraform-google-modules/cloud-looker-docs @terraform-google-modules/terraform-samples-reviewers +/looker/ @terraform-google-modules/cloud-looker-docs @terraform-google-modules/terraform-samples-reviewers /media_cdn/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers /network_connectivity/ @terraform-google-modules/dee-infra @terraform-google-modules/terraform-samples-reviewers /network_security/mirroring/ @terraform-google-modules/pm2-team @terraform-google-modules/terraform-samples-reviewers