From 303862d8dc800b51af7601aa86aa3336755183e6 Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Fri, 9 Aug 2024 07:36:47 +0000 Subject: [PATCH] Add new submodule for service-networking --- Makefile | 1 + examples/service-networking/README.md | 17 ++ examples/service-networking/main.tf | 13 ++ examples/service-networking/outputs.tf | 9 + examples/service-networking/variables.tf | 4 + modules/service-networking/README.md | 31 ++++ modules/service-networking/main.tf | 36 ++-- modules/service-networking/metadata.yaml | 156 ++++++++++++++++++ modules/service-networking/outputs.tf | 9 + modules/service-networking/variables.tf | 80 +++++++++ modules/service-networking/versions.tf | 18 ++ .../service_networking_test.go | 35 ++++ 12 files changed, 394 insertions(+), 15 deletions(-) create mode 100644 examples/service-networking/README.md create mode 100644 examples/service-networking/main.tf create mode 100644 examples/service-networking/outputs.tf create mode 100644 examples/service-networking/variables.tf create mode 100644 modules/service-networking/README.md create mode 100644 modules/service-networking/metadata.yaml create mode 100644 test/integration/service-networking/service_networking_test.go diff --git a/Makefile b/Makefile index 279246407..c49665d66 100644 --- a/Makefile +++ b/Makefile @@ -89,6 +89,7 @@ docker_restore_examples: .PHONY: docker_generate_docs docker_generate_docs: docker run --rm -it \ + -e ENABLE_BPMETADATA \ -v $(CURDIR):/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' diff --git a/examples/service-networking/README.md b/examples/service-networking/README.md new file mode 100644 index 000000000..bfa73ded6 --- /dev/null +++ b/examples/service-networking/README.md @@ -0,0 +1,17 @@ +# Terraform service networking example +This example creates service networking with a global address. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| project\_id | Project ID | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| peering | Service networking peering output | +| project\_id | Project ID | + + diff --git a/examples/service-networking/main.tf b/examples/service-networking/main.tf new file mode 100644 index 000000000..e1e06b4ed --- /dev/null +++ b/examples/service-networking/main.tf @@ -0,0 +1,13 @@ +resource "google_compute_network" "peering_network" { + name = "private-network" + auto_create_subnetworks = "false" +} + +module "service_networking" { + source = "terraform-google-modules/network/google//modules/service-networking" + version = "~> 9.0" + + project_id = var.project_id + network_id = google_compute_network.peering_network.id + address_name = "global-address" +} diff --git a/examples/service-networking/outputs.tf b/examples/service-networking/outputs.tf new file mode 100644 index 000000000..01a549fb0 --- /dev/null +++ b/examples/service-networking/outputs.tf @@ -0,0 +1,9 @@ +output "project_id" { + description = "Project ID" + value = var.project_id +} + +output "peering" { + description = "Service networking peering output" + value = module.service_networking.peering +} diff --git a/examples/service-networking/variables.tf b/examples/service-networking/variables.tf new file mode 100644 index 000000000..9867b3060 --- /dev/null +++ b/examples/service-networking/variables.tf @@ -0,0 +1,4 @@ +variable "project_id" { + description = "Project ID" + type = string +} diff --git a/modules/service-networking/README.md b/modules/service-networking/README.md new file mode 100644 index 000000000..df7d4efaf --- /dev/null +++ b/modules/service-networking/README.md @@ -0,0 +1,31 @@ +# Terraform Google service networking + +This module creates global network address and a service networking + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| address\_name | Global address name | `string` | n/a | yes | +| address\_prefix\_length | Global address prefix length | `number` | `16` | no | +| address\_purpose | Global address purpose | `string` | `"VPC_PEERING"` | no | +| address\_type | Global address type | `string` | `"INTERNAL"` | no | +| create\_peered\_dns\_domain | Create peered dns domain | `bool` | `false` | no | +| create\_peering\_routes\_config | Create peering route config | `bool` | `false` | no | +| deletion\_policy | Deletion policy for service networking resource | `string` | `null` | no | +| dns\_suffix | Dns suffix | `string` | `null` | no | +| domain\_name | Domain name | `string` | `null` | no | +| export\_custom\_routes | Export custom routes | `bool` | `false` | no | +| import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no | +| network\_id | Network id | `string` | n/a | yes | +| network\_name | Network name | `string` | `null` | no | +| project\_id | Project ID | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| address\_id | Global address id | +| peering | Service networking connection peering | + + diff --git a/modules/service-networking/main.tf b/modules/service-networking/main.tf index 99b287f01..0361fba5d 100644 --- a/modules/service-networking/main.tf +++ b/modules/service-networking/main.tf @@ -1,27 +1,33 @@ -resource "google_compute_global_address" "private_ip_address" { - name = "private-ip-address" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 16 - network = google_compute_network.peering_network.id +resource "google_compute_global_address" "global_address" { + project = var.project_id + name = var.address_name + purpose = var.address_purpose + address_type = var.address_type + prefix_length = var.address_prefix_length + network = var.network_id } resource "google_service_networking_connection" "default" { - network = google_compute_network.peering_network.id + network = var.network_id service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.private_ip_address.name] + reserved_peering_ranges = [google_compute_global_address.global_address.name] + deletion_policy = var.deletion_policy } resource "google_compute_network_peering_routes_config" "peering_routes" { + count = var.create_peering_routes_config ? 1 : 0 + project = var.project_id peering = google_service_networking_connection.default.peering - network = google_compute_network.peering_network.name - import_custom_routes = true - export_custom_routes = true + network = var.network_name + import_custom_routes = var.import_custom_routes + export_custom_routes = var.export_custom_routes } resource "google_service_networking_peered_dns_domain" "default" { - name = "example-com" - network = google_compute_network.peering_network.name - dns_suffix = "example.com." + count = var.create_peered_dns_domain ? 1 : 0 + project = var.project_id + name = var.domain_name + network = var.network_name + dns_suffix = var.dns_suffix service = "servicenetworking.googleapis.com" -} \ No newline at end of file +} diff --git a/modules/service-networking/metadata.yaml b/modules/service-networking/metadata.yaml new file mode 100644 index 000000000..dd4dc9eb5 --- /dev/null +++ b/modules/service-networking/metadata.yaml @@ -0,0 +1,156 @@ +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-network-service-networking + annotations: + config.kubernetes.io/local-config: "true" +spec: + info: + title: Terraform Google service networking + source: + repo: https://github.com/q2w/terraform-google-network.git + sourceType: git + dir: /modules/service-networking + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: service-networking + location: examples/service-networking + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: address_name + description: Global address name + varType: string + required: true + - name: address_prefix_length + description: Global address prefix length + varType: number + defaultValue: 16 + - name: address_purpose + description: Global address purpose + varType: string + defaultValue: VPC_PEERING + - name: address_type + description: Global address type + varType: string + defaultValue: INTERNAL + - name: create_peered_dns_domain + description: Create peered dns domain + varType: bool + defaultValue: false + - name: create_peering_routes_config + description: Create peering route config + varType: bool + defaultValue: false + - name: deletion_policy + description: Deletion policy for service networking resource + varType: string + - name: dns_suffix + description: Dns suffix + varType: string + - name: domain_name + description: Domain name + varType: string + - name: export_custom_routes + description: Export custom routes + varType: bool + defaultValue: false + - name: import_custom_routes + description: Import custom routes to peering rout config + varType: bool + defaultValue: false + - name: network_id + description: Network id + varType: string + required: true + - name: network_name + description: Network name + varType: string + - name: project_id + description: Project ID + varType: string + required: true + outputs: + - name: address_id + description: Global address id + - name: peering + description: Service networking connection peering + requirements: + roles: + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/service-networking/outputs.tf b/modules/service-networking/outputs.tf index e69de29bb..6a1f5c3fe 100644 --- a/modules/service-networking/outputs.tf +++ b/modules/service-networking/outputs.tf @@ -0,0 +1,9 @@ +output "address_id" { + description = "Global address id" + value = google_compute_global_address.global_address.id +} + +output "peering" { + description = "Service networking connection peering" + value = google_service_networking_connection.default.peering +} diff --git a/modules/service-networking/variables.tf b/modules/service-networking/variables.tf index e69de29bb..4c45a74f7 100644 --- a/modules/service-networking/variables.tf +++ b/modules/service-networking/variables.tf @@ -0,0 +1,80 @@ +variable "project_id" { + description = "Project ID" + type = string +} + +variable "address_name" { + description = "Global address name" + type = string +} + +variable "address_purpose" { + description = "Global address purpose" + type = string + default = "VPC_PEERING" +} + +variable "address_type" { + description = "Global address type" + type = string + default = "INTERNAL" +} + +variable "address_prefix_length" { + description = "Global address prefix length" + type = number + default = 16 +} + +variable "network_name" { + description = "Network name" + type = string + default = null +} + +variable "network_id" { + description = "Network id" + type = string +} + +variable "deletion_policy" { + description = "Deletion policy for service networking resource" + type = string + default = null +} + +variable "create_peering_routes_config" { + description = "Create peering route config" + type = bool + default = false +} + +variable "import_custom_routes" { + description = "Import custom routes to peering rout config" + type = bool + default = false +} + +variable "export_custom_routes" { + description = "Export custom routes" + type = bool + default = false +} + +variable "create_peered_dns_domain" { + description = "Create peered dns domain" + type = bool + default = false +} + +variable "domain_name" { + description = "Domain name" + type = string + default = null +} + +variable "dns_suffix" { + description = "Dns suffix" + type = string + default = null +} diff --git a/modules/service-networking/versions.tf b/modules/service-networking/versions.tf index e69de29bb..9ae855d10 100644 --- a/modules/service-networking/versions.tf +++ b/modules/service-networking/versions.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 0.13.0" + + required_providers { + google = { + source = "hashicorp/google" + version = ">= 5.8, < 6" + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.0, < 6" + } + } + + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-network:service-networking/v9.1.0" + } +} diff --git a/test/integration/service-networking/service_networking_test.go b/test/integration/service-networking/service_networking_test.go new file mode 100644 index 000000000..e2333cb9b --- /dev/null +++ b/test/integration/service-networking/service_networking_test.go @@ -0,0 +1,35 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package servicenetworking + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" +) + +func TestServiceNetworking(t *testing.T) { + net := tft.NewTFBlueprintTest(t) + net.DefineVerify( + func(assert *assert.Assertions) { + net.DefaultVerify(assert) + projectID := net.GetStringOutput("project_id") + peering := net.GetStringOutput("peering") + + assert.Contains(peering, "xyz") + }) + net.Test() +}