From 064430c89b88623a398cdd7a1debb3a31fba9edc Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Fri, 9 Aug 2024 07:38:07 +0000 Subject: [PATCH 1/4] Add new submodule for service-networking --- Makefile | 1 + examples/service-networking/README.md | 17 ++ examples/service-networking/main.tf | 13 ++ examples/service-networking/outputs.tf | 9 + examples/service-networking/variables.tf | 4 + modules/service-networking/README.md | 31 ++++ modules/service-networking/main.tf | 33 ++++ modules/service-networking/metadata.yaml | 156 ++++++++++++++++++ modules/service-networking/outputs.tf | 9 + modules/service-networking/variables.tf | 80 +++++++++ modules/service-networking/versions.tf | 18 ++ .../service_networking_test.go | 35 ++++ 12 files changed, 406 insertions(+) create mode 100644 examples/service-networking/README.md create mode 100644 examples/service-networking/main.tf create mode 100644 examples/service-networking/outputs.tf create mode 100644 examples/service-networking/variables.tf create mode 100644 modules/service-networking/README.md create mode 100644 modules/service-networking/main.tf create mode 100644 modules/service-networking/metadata.yaml create mode 100644 modules/service-networking/outputs.tf create mode 100644 modules/service-networking/variables.tf create mode 100644 modules/service-networking/versions.tf create mode 100644 test/integration/service-networking/service_networking_test.go diff --git a/Makefile b/Makefile index 27924640..c49665d6 100644 --- a/Makefile +++ b/Makefile @@ -89,6 +89,7 @@ docker_restore_examples: .PHONY: docker_generate_docs docker_generate_docs: docker run --rm -it \ + -e ENABLE_BPMETADATA \ -v $(CURDIR):/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' diff --git a/examples/service-networking/README.md b/examples/service-networking/README.md new file mode 100644 index 00000000..bfa73ded --- /dev/null +++ b/examples/service-networking/README.md @@ -0,0 +1,17 @@ +# Terraform service networking example +This example creates service networking with a global address. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| project\_id | Project ID | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| peering | Service networking peering output | +| project\_id | Project ID | + + diff --git a/examples/service-networking/main.tf b/examples/service-networking/main.tf new file mode 100644 index 00000000..e1e06b4e --- /dev/null +++ b/examples/service-networking/main.tf @@ -0,0 +1,13 @@ +resource "google_compute_network" "peering_network" { + name = "private-network" + auto_create_subnetworks = "false" +} + +module "service_networking" { + source = "terraform-google-modules/network/google//modules/service-networking" + version = "~> 9.0" + + project_id = var.project_id + network_id = google_compute_network.peering_network.id + address_name = "global-address" +} diff --git a/examples/service-networking/outputs.tf b/examples/service-networking/outputs.tf new file mode 100644 index 00000000..01a549fb --- /dev/null +++ b/examples/service-networking/outputs.tf @@ -0,0 +1,9 @@ +output "project_id" { + description = "Project ID" + value = var.project_id +} + +output "peering" { + description = "Service networking peering output" + value = module.service_networking.peering +} diff --git a/examples/service-networking/variables.tf b/examples/service-networking/variables.tf new file mode 100644 index 00000000..9867b306 --- /dev/null +++ b/examples/service-networking/variables.tf @@ -0,0 +1,4 @@ +variable "project_id" { + description = "Project ID" + type = string +} diff --git a/modules/service-networking/README.md b/modules/service-networking/README.md new file mode 100644 index 00000000..df7d4efa --- /dev/null +++ b/modules/service-networking/README.md @@ -0,0 +1,31 @@ +# Terraform Google service networking + +This module creates global network address and a service networking + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| address\_name | Global address name | `string` | n/a | yes | +| address\_prefix\_length | Global address prefix length | `number` | `16` | no | +| address\_purpose | Global address purpose | `string` | `"VPC_PEERING"` | no | +| address\_type | Global address type | `string` | `"INTERNAL"` | no | +| create\_peered\_dns\_domain | Create peered dns domain | `bool` | `false` | no | +| create\_peering\_routes\_config | Create peering route config | `bool` | `false` | no | +| deletion\_policy | Deletion policy for service networking resource | `string` | `null` | no | +| dns\_suffix | Dns suffix | `string` | `null` | no | +| domain\_name | Domain name | `string` | `null` | no | +| export\_custom\_routes | Export custom routes | `bool` | `false` | no | +| import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no | +| network\_id | Network id | `string` | n/a | yes | +| network\_name | Network name | `string` | `null` | no | +| project\_id | Project ID | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| address\_id | Global address id | +| peering | Service networking connection peering | + + diff --git a/modules/service-networking/main.tf b/modules/service-networking/main.tf new file mode 100644 index 00000000..0361fba5 --- /dev/null +++ b/modules/service-networking/main.tf @@ -0,0 +1,33 @@ +resource "google_compute_global_address" "global_address" { + project = var.project_id + name = var.address_name + purpose = var.address_purpose + address_type = var.address_type + prefix_length = var.address_prefix_length + network = var.network_id +} + +resource "google_service_networking_connection" "default" { + network = var.network_id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.global_address.name] + deletion_policy = var.deletion_policy +} + +resource "google_compute_network_peering_routes_config" "peering_routes" { + count = var.create_peering_routes_config ? 1 : 0 + project = var.project_id + peering = google_service_networking_connection.default.peering + network = var.network_name + import_custom_routes = var.import_custom_routes + export_custom_routes = var.export_custom_routes +} + +resource "google_service_networking_peered_dns_domain" "default" { + count = var.create_peered_dns_domain ? 1 : 0 + project = var.project_id + name = var.domain_name + network = var.network_name + dns_suffix = var.dns_suffix + service = "servicenetworking.googleapis.com" +} diff --git a/modules/service-networking/metadata.yaml b/modules/service-networking/metadata.yaml new file mode 100644 index 00000000..dd4dc9eb --- /dev/null +++ b/modules/service-networking/metadata.yaml @@ -0,0 +1,156 @@ +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-network-service-networking + annotations: + config.kubernetes.io/local-config: "true" +spec: + info: + title: Terraform Google service networking + source: + repo: https://github.com/q2w/terraform-google-network.git + sourceType: git + dir: /modules/service-networking + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: service-networking + location: examples/service-networking + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: address_name + description: Global address name + varType: string + required: true + - name: address_prefix_length + description: Global address prefix length + varType: number + defaultValue: 16 + - name: address_purpose + description: Global address purpose + varType: string + defaultValue: VPC_PEERING + - name: address_type + description: Global address type + varType: string + defaultValue: INTERNAL + - name: create_peered_dns_domain + description: Create peered dns domain + varType: bool + defaultValue: false + - name: create_peering_routes_config + description: Create peering route config + varType: bool + defaultValue: false + - name: deletion_policy + description: Deletion policy for service networking resource + varType: string + - name: dns_suffix + description: Dns suffix + varType: string + - name: domain_name + description: Domain name + varType: string + - name: export_custom_routes + description: Export custom routes + varType: bool + defaultValue: false + - name: import_custom_routes + description: Import custom routes to peering rout config + varType: bool + defaultValue: false + - name: network_id + description: Network id + varType: string + required: true + - name: network_name + description: Network name + varType: string + - name: project_id + description: Project ID + varType: string + required: true + outputs: + - name: address_id + description: Global address id + - name: peering + description: Service networking connection peering + requirements: + roles: + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/service-networking/outputs.tf b/modules/service-networking/outputs.tf new file mode 100644 index 00000000..6a1f5c3f --- /dev/null +++ b/modules/service-networking/outputs.tf @@ -0,0 +1,9 @@ +output "address_id" { + description = "Global address id" + value = google_compute_global_address.global_address.id +} + +output "peering" { + description = "Service networking connection peering" + value = google_service_networking_connection.default.peering +} diff --git a/modules/service-networking/variables.tf b/modules/service-networking/variables.tf new file mode 100644 index 00000000..4c45a74f --- /dev/null +++ b/modules/service-networking/variables.tf @@ -0,0 +1,80 @@ +variable "project_id" { + description = "Project ID" + type = string +} + +variable "address_name" { + description = "Global address name" + type = string +} + +variable "address_purpose" { + description = "Global address purpose" + type = string + default = "VPC_PEERING" +} + +variable "address_type" { + description = "Global address type" + type = string + default = "INTERNAL" +} + +variable "address_prefix_length" { + description = "Global address prefix length" + type = number + default = 16 +} + +variable "network_name" { + description = "Network name" + type = string + default = null +} + +variable "network_id" { + description = "Network id" + type = string +} + +variable "deletion_policy" { + description = "Deletion policy for service networking resource" + type = string + default = null +} + +variable "create_peering_routes_config" { + description = "Create peering route config" + type = bool + default = false +} + +variable "import_custom_routes" { + description = "Import custom routes to peering rout config" + type = bool + default = false +} + +variable "export_custom_routes" { + description = "Export custom routes" + type = bool + default = false +} + +variable "create_peered_dns_domain" { + description = "Create peered dns domain" + type = bool + default = false +} + +variable "domain_name" { + description = "Domain name" + type = string + default = null +} + +variable "dns_suffix" { + description = "Dns suffix" + type = string + default = null +} diff --git a/modules/service-networking/versions.tf b/modules/service-networking/versions.tf new file mode 100644 index 00000000..9ae855d1 --- /dev/null +++ b/modules/service-networking/versions.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 0.13.0" + + required_providers { + google = { + source = "hashicorp/google" + version = ">= 5.8, < 6" + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.0, < 6" + } + } + + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-network:service-networking/v9.1.0" + } +} diff --git a/test/integration/service-networking/service_networking_test.go b/test/integration/service-networking/service_networking_test.go new file mode 100644 index 00000000..e2333cb9 --- /dev/null +++ b/test/integration/service-networking/service_networking_test.go @@ -0,0 +1,35 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package servicenetworking + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" +) + +func TestServiceNetworking(t *testing.T) { + net := tft.NewTFBlueprintTest(t) + net.DefineVerify( + func(assert *assert.Assertions) { + net.DefaultVerify(assert) + projectID := net.GetStringOutput("project_id") + peering := net.GetStringOutput("peering") + + assert.Contains(peering, "xyz") + }) + net.Test() +} From b3d62032b0405016b818e17ae7107a00b2d61c33 Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Sun, 11 Aug 2024 13:49:20 +0000 Subject: [PATCH 2/4] Add new test as part of cloudbuild --- build/int.cloudbuild.yaml | 17 ++++++++++++++++- examples/service-networking/main.tf | 17 +++++++++++++++++ examples/service-networking/outputs.tf | 16 ++++++++++++++++ examples/service-networking/variables.tf | 16 ++++++++++++++++ modules/service-networking/main.tf | 16 ++++++++++++++++ modules/service-networking/metadata.yaml | 14 ++++++++++++++ modules/service-networking/outputs.tf | 16 ++++++++++++++++ modules/service-networking/variables.tf | 16 ++++++++++++++++ modules/service-networking/versions.tf | 16 ++++++++++++++++ .../service_networking_test.go | 3 +-- test/setup/main.tf | 1 + 11 files changed, 145 insertions(+), 3 deletions(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 8c80949b..7661274d 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -31,10 +31,25 @@ steps: - prepare name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && source_test_env && init_credentials && cd test/integration && RUN_STAGE=init go test -v ./... -p 1 -timeout 0'] -- id: converge simple-project-local +- id: converge service-networking waitFor: - create all name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestServiceNetworking --stage apply --verbose'] +- id: verify service-networking + waitFor: + - converge service-networking + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestServiceNetworking --stage verify --verbose'] +- id: destroy service-networking + waitFor: + - verify service-networking + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestServiceNetworking --stage teardown --verbose'] +- id: converge simple-project-local + waitFor: + - destroy service-networking + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && source_test_env && init_credentials && cd test/integration && RUN_STAGE=apply go test -v ./... -p 1 -timeout 0 -run ^TestSimpleProject$'] - id: verify simple-project-local waitFor: diff --git a/examples/service-networking/main.tf b/examples/service-networking/main.tf index e1e06b4e..00907a34 100644 --- a/examples/service-networking/main.tf +++ b/examples/service-networking/main.tf @@ -1,6 +1,23 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + resource "google_compute_network" "peering_network" { name = "private-network" auto_create_subnetworks = "false" + project = var.project_id } module "service_networking" { diff --git a/examples/service-networking/outputs.tf b/examples/service-networking/outputs.tf index 01a549fb..1ce92dae 100644 --- a/examples/service-networking/outputs.tf +++ b/examples/service-networking/outputs.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + output "project_id" { description = "Project ID" value = var.project_id diff --git a/examples/service-networking/variables.tf b/examples/service-networking/variables.tf index 9867b306..4c2ad67f 100644 --- a/examples/service-networking/variables.tf +++ b/examples/service-networking/variables.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + variable "project_id" { description = "Project ID" type = string diff --git a/modules/service-networking/main.tf b/modules/service-networking/main.tf index 0361fba5..f9578f15 100644 --- a/modules/service-networking/main.tf +++ b/modules/service-networking/main.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + resource "google_compute_global_address" "global_address" { project = var.project_id name = var.address_name diff --git a/modules/service-networking/metadata.yaml b/modules/service-networking/metadata.yaml index dd4dc9eb..196bb5c5 100644 --- a/modules/service-networking/metadata.yaml +++ b/modules/service-networking/metadata.yaml @@ -1,3 +1,17 @@ + # Copyright 2024 Google LLC + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + apiVersion: blueprints.cloud.google.com/v1alpha1 kind: BlueprintMetadata metadata: diff --git a/modules/service-networking/outputs.tf b/modules/service-networking/outputs.tf index 6a1f5c3f..a3a9a153 100644 --- a/modules/service-networking/outputs.tf +++ b/modules/service-networking/outputs.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + output "address_id" { description = "Global address id" value = google_compute_global_address.global_address.id diff --git a/modules/service-networking/variables.tf b/modules/service-networking/variables.tf index 4c45a74f..5b1048e1 100644 --- a/modules/service-networking/variables.tf +++ b/modules/service-networking/variables.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + variable "project_id" { description = "Project ID" type = string diff --git a/modules/service-networking/versions.tf b/modules/service-networking/versions.tf index 9ae855d1..dc20a141 100644 --- a/modules/service-networking/versions.tf +++ b/modules/service-networking/versions.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + terraform { required_version = ">= 0.13.0" diff --git a/test/integration/service-networking/service_networking_test.go b/test/integration/service-networking/service_networking_test.go index e2333cb9..8b31ac60 100644 --- a/test/integration/service-networking/service_networking_test.go +++ b/test/integration/service-networking/service_networking_test.go @@ -26,10 +26,9 @@ func TestServiceNetworking(t *testing.T) { net.DefineVerify( func(assert *assert.Assertions) { net.DefaultVerify(assert) - projectID := net.GetStringOutput("project_id") peering := net.GetStringOutput("peering") - assert.Contains(peering, "xyz") + assert.Contains(peering, "servicenetworking-googleapis-com") }) net.Test() } diff --git a/test/setup/main.tf b/test/setup/main.tf index 79cbb95d..02a94910 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -54,5 +54,6 @@ module "project" { "dns.googleapis.com", "networksecurity.googleapis.com", "iam.googleapis.com", + "servicenetworking.googleapis.com", ] } From 7990faedd4452795f784728af377fb4e83d7bb82 Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Wed, 14 Aug 2024 18:39:54 +0000 Subject: [PATCH 3/4] Add multiple global address support for service networking connection --- examples/service-networking/main.tf | 7 ++-- modules/service-networking/README.md | 11 +++--- modules/service-networking/main.tf | 25 ++++++------- modules/service-networking/metadata.yaml | 46 ++++++++++++------------ modules/service-networking/outputs.tf | 4 +-- modules/service-networking/variables.tf | 43 +++++++++------------- 6 files changed, 62 insertions(+), 74 deletions(-) diff --git a/examples/service-networking/main.tf b/examples/service-networking/main.tf index 00907a34..8c38e264 100644 --- a/examples/service-networking/main.tf +++ b/examples/service-networking/main.tf @@ -24,7 +24,8 @@ module "service_networking" { source = "terraform-google-modules/network/google//modules/service-networking" version = "~> 9.0" - project_id = var.project_id - network_id = google_compute_network.peering_network.id - address_name = "global-address" + project_id = var.project_id + network = { id : google_compute_network.peering_network.id } + global_addresses = [{ name : "global-address" }] + service = "servicenetworking.googleapis.com" } diff --git a/modules/service-networking/README.md b/modules/service-networking/README.md index df7d4efa..0544ab29 100644 --- a/modules/service-networking/README.md +++ b/modules/service-networking/README.md @@ -6,26 +6,23 @@ This module creates global network address and a service networking | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| address\_name | Global address name | `string` | n/a | yes | -| address\_prefix\_length | Global address prefix length | `number` | `16` | no | -| address\_purpose | Global address purpose | `string` | `"VPC_PEERING"` | no | -| address\_type | Global address type | `string` | `"INTERNAL"` | no | | create\_peered\_dns\_domain | Create peered dns domain | `bool` | `false` | no | | create\_peering\_routes\_config | Create peering route config | `bool` | `false` | no | | deletion\_policy | Deletion policy for service networking resource | `string` | `null` | no | | dns\_suffix | Dns suffix | `string` | `null` | no | | domain\_name | Domain name | `string` | `null` | no | | export\_custom\_routes | Export custom routes | `bool` | `false` | no | +| global\_addresses | List of global addresses to be created | 
list(object({
    name : string,
    purpose : optional(string, "VPC_PEERING"),
    type : optional(string, "INTERNAL"),
    prefix_length : optional(number, 16)
  }))
| n/a | yes | | import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no | -| network\_id | Network id | `string` | n/a | yes | -| network\_name | Network name | `string` | `null` | no | +| network | Network details including name and id | 
object({
    name = optional(string, null),
    id   = string
  })
| n/a | yes | | project\_id | Project ID | `string` | n/a | yes | +| service | Service to create service networking connection | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| address\_id | Global address id | +| address\_ids | Global address id | | peering | Service networking connection peering | diff --git a/modules/service-networking/main.tf b/modules/service-networking/main.tf index f9578f15..ff417f92 100644 --- a/modules/service-networking/main.tf +++ b/modules/service-networking/main.tf @@ -14,19 +14,20 @@ * limitations under the License. */ -resource "google_compute_global_address" "global_address" { +resource "google_compute_global_address" "global_addresses" { + for_each = { for address in var.global_addresses : address.name => address } project = var.project_id - name = var.address_name - purpose = var.address_purpose - address_type = var.address_type - prefix_length = var.address_prefix_length - network = var.network_id + name = each.value.name + purpose = each.value.purpose + address_type = each.value.type + prefix_length = each.value.prefix_length + network = var.network.id } resource "google_service_networking_connection" "default" { - network = var.network_id - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.global_address.name] + network = var.network.id + service = var.service + reserved_peering_ranges = [for name, _ in google_compute_global_address.global_addresses : name] deletion_policy = var.deletion_policy } @@ -34,7 +35,7 @@ resource "google_compute_network_peering_routes_config" "peering_routes" { count = var.create_peering_routes_config ? 1 : 0 project = var.project_id peering = google_service_networking_connection.default.peering - network = var.network_name + network = var.network.name import_custom_routes = var.import_custom_routes export_custom_routes = var.export_custom_routes } @@ -43,7 +44,7 @@ resource "google_service_networking_peered_dns_domain" "default" { count = var.create_peered_dns_domain ? 1 : 0 project = var.project_id name = var.domain_name - network = var.network_name + network = var.network.name dns_suffix = var.dns_suffix - service = "servicenetworking.googleapis.com" + service = var.service } diff --git a/modules/service-networking/metadata.yaml b/modules/service-networking/metadata.yaml index 196bb5c5..36fac5bc 100644 --- a/modules/service-networking/metadata.yaml +++ b/modules/service-networking/metadata.yaml @@ -90,22 +90,6 @@ spec: location: examples/submodule_vpc_serverless_connector interfaces: variables: - - name: address_name - description: Global address name - varType: string - required: true - - name: address_prefix_length - description: Global address prefix length - varType: number - defaultValue: 16 - - name: address_purpose - description: Global address purpose - varType: string - defaultValue: VPC_PEERING - - name: address_type - description: Global address type - varType: string - defaultValue: INTERNAL - name: create_peered_dns_domain description: Create peered dns domain varType: bool @@ -127,23 +111,38 @@ spec: description: Export custom routes varType: bool defaultValue: false + - name: global_addresses + description: List of global addresses to be created + varType: |- + list(object({ + name : string, + purpose : optional(string, "VPC_PEERING"), + type : optional(string, "INTERNAL"), + prefix_length : optional(number, 16) + })) + required: true - name: import_custom_routes description: Import custom routes to peering rout config varType: bool defaultValue: false - - name: network_id - description: Network id - varType: string + - name: network + description: Network details including name and id + varType: |- + object({ + name = optional(string, null), + id = string + }) required: true - - name: network_name - description: Network name - varType: string - name: project_id description: Project ID varType: string required: true + - name: service + description: Service to create service networking connection + varType: string + required: true outputs: - - name: address_id + - name: address_ids description: Global address id - name: peering description: Service networking connection peering @@ -168,3 +167,4 @@ spec: - dns.googleapis.com - networksecurity.googleapis.com - iam.googleapis.com + - servicenetworking.googleapis.com diff --git a/modules/service-networking/outputs.tf b/modules/service-networking/outputs.tf index a3a9a153..25a3b270 100644 --- a/modules/service-networking/outputs.tf +++ b/modules/service-networking/outputs.tf @@ -14,9 +14,9 @@ * limitations under the License. */ -output "address_id" { +output "address_ids" { description = "Global address id" - value = google_compute_global_address.global_address.id + value = [for id, _ in google_compute_global_address.global_addresses : id] } output "peering" { diff --git a/modules/service-networking/variables.tf b/modules/service-networking/variables.tf index 5b1048e1..8bc3c5ad 100644 --- a/modules/service-networking/variables.tf +++ b/modules/service-networking/variables.tf @@ -19,37 +19,26 @@ variable "project_id" { type = string } -variable "address_name" { - description = "Global address name" - type = string -} - -variable "address_purpose" { - description = "Global address purpose" - type = string - default = "VPC_PEERING" +variable "global_addresses" { + description = "List of global addresses to be created" + type = list(object({ + name : string, + purpose : optional(string, "VPC_PEERING"), + type : optional(string, "INTERNAL"), + prefix_length : optional(number, 16) + })) } -variable "address_type" { - description = "Global address type" - type = string - default = "INTERNAL" -} - -variable "address_prefix_length" { - description = "Global address prefix length" - type = number - default = 16 -} - -variable "network_name" { - description = "Network name" - type = string - default = null +variable "network" { + description = "Network details including name and id" + type = object({ + name = optional(string, null), + id = string + }) } -variable "network_id" { - description = "Network id" +variable "service" { + description = "Service to create service networking connection" type = string } From a207449bd99e8e19593a48684832a7c0954c8b62 Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Thu, 22 Aug 2024 12:45:30 +0000 Subject: [PATCH 4/4] Update input variables and update README --- examples/service-networking/README.md | 21 +++++++++++++++++++++ examples/service-networking/main.tf | 2 +- modules/service-networking/README.md | 7 ++++--- modules/service-networking/main.tf | 9 +++++---- modules/service-networking/metadata.yaml | 11 ++++------- modules/service-networking/variables.tf | 10 ++++------ 6 files changed, 39 insertions(+), 21 deletions(-) diff --git a/examples/service-networking/README.md b/examples/service-networking/README.md index bfa73ded..32c7f600 100644 --- a/examples/service-networking/README.md +++ b/examples/service-networking/README.md @@ -1,5 +1,26 @@ # Terraform service networking example This example creates service networking with a global address. + +``` +resource "google_compute_network" "peering_network" { + name = "private-network" + auto_create_subnetworks = "false" + project = var.project_id +} + +module "service_networking" { + source = "terraform-google-modules/network/google//modules/service-networking" + version = "~> 9.0" + + project_id = var.project_id + network_name = google_compute_network.peering_network.name + global_addresses = [{ name : "global-address" }] + service = "servicenetworking.googleapis.com" +} +``` + +In the above terraform, a service networking connection is created. It enables managed services (cloud sql, memorystore) on internal IP addresses (VPC) to service consumers (cloud-run). Service consumers use private services access to privately connect to the service. + ## Inputs diff --git a/examples/service-networking/main.tf b/examples/service-networking/main.tf index 8c38e264..3a777f8b 100644 --- a/examples/service-networking/main.tf +++ b/examples/service-networking/main.tf @@ -25,7 +25,7 @@ module "service_networking" { version = "~> 9.0" project_id = var.project_id - network = { id : google_compute_network.peering_network.id } + network_name = google_compute_network.peering_network.name global_addresses = [{ name : "global-address" }] service = "servicenetworking.googleapis.com" } diff --git a/modules/service-networking/README.md b/modules/service-networking/README.md index 0544ab29..449cade7 100644 --- a/modules/service-networking/README.md +++ b/modules/service-networking/README.md @@ -1,6 +1,7 @@ # Terraform Google service networking -This module creates global network address and a service networking +This module creates global network address and a service networking. The google_service_networking_connection terraform resource allows to establish a private connection between a Google Cloud Platform (GCP) VPC network and a supported Google service, such as Cloud SQL, BigQuery, or a third-party service. + ## Inputs @@ -12,9 +13,9 @@ This module creates global network address and a service networking | dns\_suffix | Dns suffix | `string` | `null` | no | | domain\_name | Domain name | `string` | `null` | no | | export\_custom\_routes | Export custom routes | `bool` | `false` | no | -| global\_addresses | List of global addresses to be created | 
list(object({
    name : string,
    purpose : optional(string, "VPC_PEERING"),
    type : optional(string, "INTERNAL"),
    prefix_length : optional(number, 16)
  }))
| n/a | yes | +| global\_addresses | List of global addresses to be created | 
list(object({
    name : string,
    purpose : optional(string, "VPC_PEERING"),
    type : optional(string, "INTERNAL"),
    address : optional(string, null),
    prefix_length : optional(number, 16)
  }))
| n/a | yes | | import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no | -| network | Network details including name and id | 
object({
    name = optional(string, null),
    id   = string
  })
| n/a | yes | +| network\_name | Network name | `string` | n/a | yes | | project\_id | Project ID | `string` | n/a | yes | | service | Service to create service networking connection | `string` | n/a | yes | diff --git a/modules/service-networking/main.tf b/modules/service-networking/main.tf index ff417f92..091650e0 100644 --- a/modules/service-networking/main.tf +++ b/modules/service-networking/main.tf @@ -20,12 +20,13 @@ resource "google_compute_global_address" "global_addresses" { name = each.value.name purpose = each.value.purpose address_type = each.value.type + address = each.value.address prefix_length = each.value.prefix_length - network = var.network.id + network = "projects/${var.project_id}/global/networks/${var.network_name}" } resource "google_service_networking_connection" "default" { - network = var.network.id + network = "projects/${var.project_id}/global/networks/${var.network_name}" service = var.service reserved_peering_ranges = [for name, _ in google_compute_global_address.global_addresses : name] deletion_policy = var.deletion_policy @@ -35,7 +36,7 @@ resource "google_compute_network_peering_routes_config" "peering_routes" { count = var.create_peering_routes_config ? 1 : 0 project = var.project_id peering = google_service_networking_connection.default.peering - network = var.network.name + network = var.network_name import_custom_routes = var.import_custom_routes export_custom_routes = var.export_custom_routes } @@ -44,7 +45,7 @@ resource "google_service_networking_peered_dns_domain" "default" { count = var.create_peered_dns_domain ? 1 : 0 project = var.project_id name = var.domain_name - network = var.network.name + network = var.network_name dns_suffix = var.dns_suffix service = var.service } diff --git a/modules/service-networking/metadata.yaml b/modules/service-networking/metadata.yaml index 36fac5bc..3d28a0db 100644 --- a/modules/service-networking/metadata.yaml +++ b/modules/service-networking/metadata.yaml @@ -118,6 +118,7 @@ spec: name : string, purpose : optional(string, "VPC_PEERING"), type : optional(string, "INTERNAL"), + address : optional(string, null), prefix_length : optional(number, 16) })) required: true @@ -125,13 +126,9 @@ spec: description: Import custom routes to peering rout config varType: bool defaultValue: false - - name: network - description: Network details including name and id - varType: |- - object({ - name = optional(string, null), - id = string - }) + - name: network_name + description: Network name + varType: string required: true - name: project_id description: Project ID diff --git a/modules/service-networking/variables.tf b/modules/service-networking/variables.tf index 8bc3c5ad..50800d12 100644 --- a/modules/service-networking/variables.tf +++ b/modules/service-networking/variables.tf @@ -25,16 +25,14 @@ variable "global_addresses" { name : string, purpose : optional(string, "VPC_PEERING"), type : optional(string, "INTERNAL"), + address : optional(string, null), prefix_length : optional(number, 16) })) } -variable "network" { - description = "Network details including name and id" - type = object({ - name = optional(string, null), - id = string - }) +variable "network_name" { + description = "Network name" + type = string } variable "service" {