terraform-google-modules · q2w · Aug 9, 2024 · Aug 11, 2024 · Aug 14, 2024 · Aug 19, 2024
diff --git a/Makefile b/Makefile
@@ -89,6 +89,7 @@ docker_restore_examples:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
+		-e ENABLE_BPMETADATA \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'

@@ -31,10 +31,25 @@ steps:
     - prepare
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && source_test_env && init_credentials && cd test/integration && RUN_STAGE=init go test -v ./... -p 1 -timeout 0']
-- id: converge simple-project-local
+- id: converge service-networking
   waitFor:
     - create all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestServiceNetworking --stage apply --verbose']
+- id: verify service-networking
+  waitFor:
+    - converge service-networking
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestServiceNetworking --stage verify --verbose']
+- id: destroy service-networking
+  waitFor:
+    - verify service-networking
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestServiceNetworking --stage teardown --verbose']
+- id: converge simple-project-local
+  waitFor:
+    - destroy service-networking
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && source_test_env && init_credentials && cd test/integration && RUN_STAGE=apply go test -v ./... -p 1 -timeout 0 -run ^TestSimpleProject$']
 - id: verify simple-project-local
   waitFor:

@@ -0,0 +1,17 @@
+# Terraform service networking example
+This example creates service networking with a global address.
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | Project ID | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| peering | Service networking peering output |
+| project\_id | Project ID |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_compute_network" "peering_network" {
+  name                    = "private-network"
+  auto_create_subnetworks = "false"
+  project                 = var.project_id
+}
+
+module "service_networking" {
+  source  = "terraform-google-modules/network/google//modules/service-networking"
+  version = "~> 9.0"
+
+  project_id   = var.project_id
+  network_id   = google_compute_network.peering_network.id
+  address_name = "global-address"
+}
@@ -0,0 +1,25 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "project_id" {
+  description = "Project ID"
+  value       = var.project_id
+}
+
+output "peering" {
+  description = "Service networking peering output"
+  value       = module.service_networking.peering
+}
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "Project ID"
+  type        = string
+}
@@ -0,0 +1,31 @@
+# Terraform Google service networking
+
+This module creates global network address and a service networking
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| address\_name | Global address name | `string` | n/a | yes |
+| address\_prefix\_length | Global address prefix length | `number` | `16` | no |
+| address\_purpose | Global address purpose | `string` | `"VPC_PEERING"` | no |
+| address\_type | Global address type | `string` | `"INTERNAL"` | no |
+| create\_peered\_dns\_domain | Create peered dns domain | `bool` | `false` | no |
+| create\_peering\_routes\_config | Create peering route config | `bool` | `false` | no |
+| deletion\_policy | Deletion policy for service networking resource | `string` | `null` | no |
+| dns\_suffix | Dns suffix | `string` | `null` | no |
+| domain\_name | Domain name | `string` | `null` | no |
+| export\_custom\_routes | Export custom routes | `bool` | `false` | no |
+| import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no |
+| network\_id | Network id | `string` | n/a | yes |
+| network\_name | Network name | `string` | `null` | no |
+| project\_id | Project ID | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| address\_id | Global address id |
+| peering | Service networking connection peering |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,49 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_compute_global_address" "global_address" {
+  project       = var.project_id
+  name          = var.address_name
+  purpose       = var.address_purpose
+  address_type  = var.address_type
+  prefix_length = var.address_prefix_length
+  network       = var.network_id
+}
+
+resource "google_service_networking_connection" "default" {
+  network                 = var.network_id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.global_address.name]
+  deletion_policy         = var.deletion_policy
+}
+
+resource "google_compute_network_peering_routes_config" "peering_routes" {
+  count                = var.create_peering_routes_config ? 1 : 0
+  project              = var.project_id
+  peering              = google_service_networking_connection.default.peering
+  network              = var.network_name
+  import_custom_routes = var.import_custom_routes
+  export_custom_routes = var.export_custom_routes
+}
+
+resource "google_service_networking_peered_dns_domain" "default" {
+  count      = var.create_peered_dns_domain ? 1 : 0
+  project    = var.project_id
+  name       = var.domain_name
+  network    = var.network_name
+  dns_suffix = var.dns_suffix
+  service    = "servicenetworking.googleapis.com"
+}
@@ -0,0 +1,170 @@
+ # Copyright 2024 Google LLC
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ #      http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-network-service-networking
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  info:
+    title: Terraform Google service networking
+    source:
+      repo: https://github.com/q2w/terraform-google-network.git
+      sourceType: git
+      dir: /modules/service-networking
+    version: 9.1.0
+    actuationTool:
+      flavor: Terraform
+      version: ">= 0.13.0"
+    description: {}
+  content:
+    examples:
+      - name: basic_auto_mode
+        location: examples/basic_auto_mode
+      - name: basic_custom_mode
+        location: examples/basic_custom_mode
+      - name: basic_firewall_rule
+        location: examples/basic_firewall_rule
+      - name: basic_secondary_ranges
+        location: examples/basic_secondary_ranges
+      - name: basic_shared_vpc
+        location: examples/basic_shared_vpc
+      - name: basic_vpc_peering
+        location: examples/basic_vpc_peering
+      - name: bidirectional-firewall-rules
+        location: examples/bidirectional-firewall-rules
+      - name: delete_default_gateway_routes
+        location: examples/delete_default_gateway_routes
+      - name: firewall_logging
+        location: examples/firewall_logging
+      - name: global-network-firewall-policy
+        location: examples/global-network-firewall-policy
+      - name: hierarchical-firewall-policy
+        location: examples/hierarchical-firewall-policy
+      - name: ilb_routing
+        location: examples/ilb_routing
+      - name: multi_vpc
+        location: examples/multi_vpc
+      - name: network_service_tiers
+        location: examples/network_service_tiers
+      - name: packet_mirroring
+        location: examples/packet_mirroring
+      - name: private_service_connect
+        location: examples/private_service_connect
+      - name: private_service_connect_google_apis
+        location: examples/private_service_connect_google_apis
+      - name: regional-network-firewall-policy
+        location: examples/regional-network-firewall-policy
+      - name: routes
+        location: examples/routes
+      - name: secondary_ranges
+        location: examples/secondary_ranges
+      - name: service-networking
+        location: examples/service-networking
+      - name: simple_ipv6_project
+        location: examples/simple_ipv6_project
+      - name: simple_project
+        location: examples/simple_project
+      - name: simple_project_with_regional_network
+        location: examples/simple_project_with_regional_network
+      - name: submodule_firewall
+        location: examples/submodule_firewall
+      - name: submodule_network_peering
+        location: examples/submodule_network_peering
+      - name: submodule_svpc_access
+        location: examples/submodule_svpc_access
+      - name: submodule_vpc_serverless_connector
+        location: examples/submodule_vpc_serverless_connector
+  interfaces:
+    variables:
+      - name: address_name
+        description: Global address name
+        varType: string
+        required: true
+      - name: address_prefix_length
+        description: Global address prefix length
+        varType: number
+        defaultValue: 16
+      - name: address_purpose
+        description: Global address purpose
+        varType: string
+        defaultValue: VPC_PEERING
+      - name: address_type
+        description: Global address type
+        varType: string
+        defaultValue: INTERNAL
+      - name: create_peered_dns_domain
+        description: Create peered dns domain
+        varType: bool
+        defaultValue: false
+      - name: create_peering_routes_config
+        description: Create peering route config
+        varType: bool
+        defaultValue: false
+      - name: deletion_policy
+        description: Deletion policy for service networking resource
+        varType: string
+      - name: dns_suffix
+        description: Dns suffix
+        varType: string
+      - name: domain_name
+        description: Domain name
+        varType: string
+      - name: export_custom_routes
+        description: Export custom routes
+        varType: bool
+        defaultValue: false
+      - name: import_custom_routes
+        description: Import custom routes to peering rout config
+        varType: bool
+        defaultValue: false
+      - name: network_id
+        description: Network id
+        varType: string
+        required: true
+      - name: network_name
+        description: Network name
+        varType: string
+      - name: project_id
+        description: Project ID
+        varType: string
+        required: true
+    outputs:
+      - name: address_id
+        description: Global address id
+      - name: peering
+        description: Service networking connection peering
+  requirements:
+    roles:
+      - level: Project
+        roles:
+          - roles/compute.networkAdmin
+          - roles/compute.securityAdmin
+          - roles/iam.serviceAccountUser
+          - roles/vpcaccess.admin
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/dns.admin
+          - roles/resourcemanager.tagAdmin
+          - roles/iam.serviceAccountAdmin
+          - roles/compute.orgFirewallPolicyAdmin
+    services:
+      - cloudresourcemanager.googleapis.com
+      - compute.googleapis.com
+      - serviceusage.googleapis.com
+      - vpcaccess.googleapis.com
+      - dns.googleapis.com
+      - networksecurity.googleapis.com
+      - iam.googleapis.com