Moved apigee bigquery analytics blueprint, added apigee network patterns

.gitignore

@@ -37,8 +37,11 @@ examples/cloud-operations/adfs/ansible/gssh.sh
 examples/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/vars.yaml
 examples/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/gssh.sh
 blueprints/cloud-operations/network-dashboard/cloud-function.zip
-blueprints/cloud-operations/apigee/bundle-export.zip
-blueprints/cloud-operations/apigee/bundle-gcs2bq.zip
-blueprints/cloud-operations/apigee/apiproxy.zip
-blueprints/cloud-operations/apigee/create-datastore.sh
-blueprints/cloud-operations/apigee/deploy-apiproxy.sh
+blueprints/apigee/bigquery-analytics/bundle-export.zip
+blueprints/apigee/bigquery-analytics/bundle-gcs2bq.zip
+blueprints/apigee/bigquery-analytics/apiproxy.zip
+blueprints/apigee/bigquery-analytics/create-datastore.sh
+blueprints/apigee/bigquery-analytics/deploy-apiproxy.sh
+blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/targets/default.xml
+blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle.zip
+blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/deploy-apiproxy.sh

blueprints/apigee/README.md

@@ -0,0 +1,8 @@
+# Apigee Examples
+
+This repository contains the following Apigee examples:
+
+* [Apigee BigQuery analytics](./bigquery-analytics/README.md)
+* Apigee network patterns
+    * [Apigee X - Northbound GLB with PSC Neg, Southbouth PSC with ILB (L7) and Hybrid NEG
+](./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md)

blueprints/apigee/bigquery-analytics/terraform.tfvars.sample

@@ -1,10 +1,10 @@
 project_create = {
-  billing_account_id = "011D94-9C86C1-ADD197"
-  parent             = "folders/586929298360"
+  billing_account_id = "12345-12345-123456"
+  parent             = "folders/123456789"
 }
-project_id = "g-prj-cd-sb-apigee-bq-10"
+project_id = "my-project"
 envgroups = {
-  test = ["test.cool-demos.space"]
+  test = ["test.myorg.org"]
 }
 environments = {
   apis-test = {

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md

@@ -0,0 +1,68 @@
+# Apigee X - Northbound GLB with PSC Neg, Southbouth PSC with ILB (L7) and Hybrid NEG
+
+The following example shows how to expose an on-prem target backend to clients in the internet.
+
+The architecture is the one depicted below.
+
+![Diagram](diagram.png)
+
+To emulate an service deployed on-premise, we have used a managed instance group of instances running Nginx exposed via a regional internalload balancer (L7). The service is accesible through VPN.
+
+## Running the blueprint
+
+1. Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=blueprints%2F%apigee%2F/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg), then go through the following steps to create resources:
+
+2. Copy the file [terraform.tfvars.sample](./terraform.tfvars.sample) to a file called ```terraform.tfvars``` and update the values if required.
+
+3. Initialize the terraform configuration
+
+    ```terraform init```
+
+4. Apply the terraform configuration
+
+    ```terraform apply```
+
+Once the resources have been created, do the following:
+
+Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.
+
+## Testing the blueprint
+
+Do the following to verify that everything works as expected.
+
+1. Deploy the API proxy
+
+        ./deploy-apiproxy.sh
+
+2. Send a request
+
+        curl -v https://HOSTNAME/test/
+
+    You should get back an HTTP 200 OK response.
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [apigee_project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ |  |
+| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | <code>string</code> | ✓ |  |
+| [hostname](variables.tf#L52) | Host name. | <code>string</code> | ✓ |  |
+| [onprem_project_id](variables.tf#L57) | Project ID. | <code>string</code> | ✓ |  |
+| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ |  |
+| [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.1.0&#47;24&#34;</code> |
+| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.4.0&#47;22&#34;</code> |
+| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.2.0&#47;24&#34;</code> |
+| [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.0.0&#47;24&#34;</code> |
+| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.1.0&#47;24&#34;</code> |
+| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;24&#34;</code> |
+| [region](variables.tf#L80) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [zone](variables.tf#L86) | Zone. | <code>string</code> |  | <code>&#34;europe-west1-c&#34;</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [ip_address](outputs.tf#L17) | GLB IP address. |  |
+
+<!-- END TFDOC -->

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf

@@ -0,0 +1,96 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  envgroup    = "test"
+  environment = "apis-test"
+}
+
+module "apigee_project" {
+  source          = "../../../../modules/project"
+  billing_account = var.billing_account_id
+  parent          = var.parent
+  name            = var.apigee_project_id
+  services = [
+    "apigee.googleapis.com",
+    "compute.googleapis.com",
+    "servicenetworking.googleapis.com",
+  ]
+}
+
+module "apigee_vpc" {
+  source     = "../../../../modules/net-vpc"
+  project_id = module.apigee_project.project_id
+  name       = "vpc"
+  subnets_proxy_only = [
+    {
+      ip_cidr_range = var.apigee_proxy_only_subnet_ip_cidr_range
+      name          = "regional-proxy"
+      region        = var.region
+      active        = true
+    }
+  ]
+  subnets = [
+    {
+      ip_cidr_range = var.apigee_subnet_ip_cidr_range
+      name          = "subnet"
+      region        = var.region
+    }
+  ]
+  subnets_psc = [{
+    ip_cidr_range = var.apigee_psc_subnet_ip_cidr_range
+    name          = "subnet-psc"
+    region        = var.region
+  }]
+  psa_config = {
+    ranges = {
+      "apigee" = var.apigee_psa_ip_cidr_range
+    }
+  }
+}
+
+module "apigee" {
+  source     = "../../../../modules/apigee"
+  project_id = module.apigee_project.project_id
+  organization = {
+    authorized_network = module.apigee_vpc.network.name
+    analytics_region   = var.region
+  }
+  envgroups = {
+    (local.envgroup) = [var.hostname]
+  }
+  environments = {
+    (local.environment) = {
+      envgroups = [local.envgroup]
+    }
+  }
+  instances = {
+    instance-1 = {
+      region            = var.region
+      environments      = [local.environment]
+      psa_ip_cidr_range = var.apigee_psa_ip_cidr_range
+    }
+  }
+  endpoint_attachments = {
+    backend = {
+      region             = var.region
+      service_attachment = google_compute_service_attachment.service_attachment.id
+    }
+  }
+  depends_on = [
+    module.apigee_vpc
+  ]
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_nb.tf

@@ -0,0 +1,50 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "glb" {
+  source              = "../../../../modules/net-glb"
+  name                = "glb"
+  project_id          = module.apigee_project.project_id
+  protocol            = "HTTPS"
+  use_classic_version = false
+  backend_service_configs = {
+    default = {
+      backends      = [{ backend = "neg-0" }]
+      protocol      = "HTTPS"
+      health_checks = []
+    }
+  }
+  neg_configs = {
+    neg-0 = {
+      psc = {
+        region         = var.region
+        target_service = module.apigee.instances["instance-1"].service_attachment
+        network        = module.apigee_vpc.network.self_link
+        subnetwork = (
+          module.apigee_vpc.subnets_psc["${var.region}/subnet-psc"].self_link
+        )
+      }
+    }
+  }
+  ssl_certificates = {
+    managed_configs = {
+      default = {
+        domains = [var.hostname]
+      }
+    }
+  }
+
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_sb.tf

@@ -0,0 +1,68 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "apigee_ilb_l7" {
+  source     = "../../../../modules/net-ilb-l7"
+  name       = "apigee-ilb"
+  project_id = module.apigee_project.project_id
+  region     = var.region
+  backend_service_configs = {
+    default = {
+      backends = [{
+        balancing_mode = "RATE"
+        group          = "my-neg"
+        max_rate       = { per_endpoint = 1 }
+      }]
+    }
+  }
+  neg_configs = {
+    my-neg = {
+      hybrid = {
+        zone = var.zone
+        endpoints = {
+          e-0 = {
+            ip_address = module.onprem_ilb_l7.address
+            port       = 80
+          }
+        }
+      }
+    }
+  }
+  health_check_configs = {
+    default = {
+      http = {
+        port = 80
+      }
+    }
+  }
+  vpc_config = {
+    network    = module.apigee_vpc.self_link
+    subnetwork = module.apigee_vpc.subnet_self_links["${var.region}/subnet"]
+  }
+  depends_on = [
+    module.apigee_vpc.subnets_proxy_only
+  ]
+}
+
+resource "google_compute_service_attachment" "service_attachment" {
+  name                  = "service-attachment"
+  project               = module.apigee_project.project_id
+  region                = var.region
+  enable_proxy_protocol = false
+  connection_preference = "ACCEPT_AUTOMATIC"
+  nat_subnets           = [module.apigee_vpc.subnets_psc["${var.region}/subnet-psc"].self_link]
+  target_service        = module.apigee_ilb_l7.forwarding_rule.id
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apiproxy.tf

@@ -0,0 +1,41 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "local_file" "target_endpoint_file" {
+  content = templatefile("${path.module}/templates/targets/default.xml.tpl", {
+    ip_address = module.apigee.endpoint_attachment_hosts["backend"]
+  })
+  filename        = "${path.module}/bundle/apiproxy/targets/default.xml"
+  file_permission = "0777"
+}
+
+data "archive_file" "bundle" {
+  type        = "zip"
+  source_dir  = "${path.module}/bundle"
+  output_path = "${path.module}/bundle.zip"
+  depends_on = [
+    local_file.target_endpoint_file
+  ]
+}
+
+resource "local_file" "deploy_apiproxy_file" {
+  content = templatefile("${path.module}/templates/deploy-apiproxy.sh.tpl", {
+    organization = module.apigee.org_name
+    environment  = local.environment
+  })
+  filename        = "${path.module}/deploy-apiproxy.sh"
+  file_permission = "0777"
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/proxies/default.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ProxyEndpoint name="default">
+  <PreFlow name="PreFlow">
+    <Request/>
+    <Response/>
+  </PreFlow>
+  <Flows/>
+  <PostFlow name="PostFlow">
+    <Request/>
+    <Response/>
+  </PostFlow>
+  <HTTPProxyConnection>
+    <BasePath>/test</BasePath>
+  </HTTPProxyConnection>
+  <RouteRule name="default">
+    <TargetEndpoint>default</TargetEndpoint>
+  </RouteRule>
+</ProxyEndpoint>

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/test.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<APIProxy revision="1" name="test">
+  <BasePaths>/test</BasePaths>
+  <ProxyEndpoints>
+    <ProxyEndpoint>default</ProxyEndpoint>
+  </ProxyEndpoints>
+  <TargetEndpoints>
+    <TargetEndpoint>default</TargetEndpoint>
+  </TargetEndpoints>
+</APIProxy>

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/onprem.tf

@@ -0,0 +1,152 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "onprem_project" {
+  source          = "../../../../modules/project"
+  billing_account = var.billing_account_id
+  parent          = var.parent
+  name            = var.onprem_project_id
+  services = [
+    "compute.googleapis.com"
+  ]
+}
+
+module "onprem_vpc" {
+  source     = "../../../../modules/net-vpc"
+  project_id = module.onprem_project.project_id
+  name       = "vpc"
+  subnets_proxy_only = [
+    {
+      ip_cidr_range = var.onprem_proxy_only_subnet_ip_cidr_range
+      name          = "regional-proxy"
+      region        = var.region
+      active        = true
+    }
+  ]
+  subnets = [
+    {
+      ip_cidr_range = var.onprem_subnet_ip_cidr_range
+      name          = "subnet"
+      region        = var.region
+    }
+  ]
+}
+
+module "firewall" {
+  source     = "../../../../modules/net-vpc-firewall"
+  project_id = module.onprem_project.project_id
+  network    = module.onprem_vpc.network.name
+  default_rules_config = {
+    disabled = true
+  }
+  ingress_rules = {
+    fw-allow-health-check = {
+      source_ranges = ["35.191.0.0/16", "130.211.0.0/22"]
+      targets       = ["http-server"]
+      rules         = [{ protocol = "tcp", ports = ["80"] }]
+    }
+    fw-allow-proxies = {
+      source_ranges = [var.onprem_proxy_only_subnet_ip_cidr_range]
+      targets       = ["http-server"]
+      rules         = [{ protocol = "tcp", ports = ["80"] }]
+    }
+  }
+}
+
+module "cos-nginx" {
+  source = "../../../../modules/cloud-config-container/nginx"
+}
+
+module "instance_template" {
+  source     = "../../../../modules/compute-vm"
+  project_id = module.onprem_project.project_id
+  name       = "nginx-template"
+  zone       = var.zone
+  tags       = ["http-server", "ssh"]
+  network_interfaces = [{
+    network    = module.onprem_vpc.self_link
+    subnetwork = module.onprem_vpc.subnet_self_links["${var.region}/subnet"]
+    nat        = false
+    addresses  = null
+  }]
+  boot_disk = {
+    image = "projects/cos-cloud/global/images/family/cos-stable"
+    type  = "pd-ssd"
+    size  = 10
+  }
+  create_template = true
+  metadata = {
+    user-data = module.cos-nginx.cloud_config
+  }
+}
+
+module "mig" {
+  source            = "../../../../modules/compute-mig"
+  project_id        = module.onprem_project.project_id
+  location          = var.region
+  name              = "mig"
+  target_size       = 2
+  instance_template = module.instance_template.template.self_link
+  named_ports = {
+    http = 80
+  }
+  health_check_config = {
+    check_interval_sec = 1
+    enable_logging     = true
+    healthy_threshold  = 1
+    http = {
+      port_name = "http"
+    }
+    timeout_sec         = 1
+    unhealthy_threshold = 1
+  }
+}
+
+module "onprem_ilb_l7" {
+  source     = "../../../../modules/net-ilb-l7"
+  name       = "ilb"
+  project_id = module.onprem_project.project_id
+  region     = var.region
+  backend_service_configs = {
+    default = {
+      port_name = "http"
+      backends = [{
+        group = module.mig.group_manager.instance_group
+      }]
+    }
+  }
+  health_check_configs = {
+    default = {
+      check_interval_sec = 1
+      enable_logging     = true
+      healthy_threshold  = 1
+      http = {
+        port_name          = "http"
+        port_specification = "USE_NAMED_PORT"
+        request_path       = "/"
+      }
+      timeout_sec         = 1
+      unhealthy_threshold = 1
+    }
+  }
+  vpc_config = {
+    network    = module.onprem_vpc.self_link
+    subnetwork = module.onprem_vpc.subnet_self_links["${var.region}/subnet"]
+  }
+  depends_on = [
+    module.onprem_vpc.subnets_proxy_only
+  ]
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/outputs.tf

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "ip_address" {
+  description = "GLB IP address."
+  value       = module.glb.address
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/deploy-apiproxy.sh.tpl

@@ -0,0 +1,34 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+ 
+#!/bin/bash
+
+ORGANIZATION=${organization}
+ENVIRONMENT=${environment}
+
+export TOKEN=$(gcloud auth print-access-token)
+
+curl -v -X POST \
+-H "Authorization: Bearer $TOKEN" \
+-H "Content-Type:application/octet-stream" \
+-T 'bundle.zip' \
+"https://apigee.googleapis.com/v1/organizations/$ORGANIZATION/apis?name=test&action=import"
+
+curl -v -X POST \
+-H "Authorization: Bearer $TOKEN" \
+"https://apigee.googleapis.com/v1/organizations/$ORGANIZATION/environments/$ENVIRONMENT/apis/test/revisions/1/deployments"
+
+curl -v \
+-H "Authorization: Bearer $TOKEN" \
+"https://apigee.googleapis.com/v1/organizations/$ORGANIZATION/environments/$ENVIRONMENT/apis/test/revisions/1/deployments"

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/targets/default.xml.tpl

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TargetEndpoint name="default">
+  <PreFlow name="PreFlow">
+    <Request/>
+    <Response/>
+  </PreFlow>
+  <Flows/>
+  <PostFlow name="PostFlow">
+    <Request/>
+    <Response/>
+  </PostFlow>
+  <HTTPTargetConnection>
+    <URL>http://${ip_address}</URL>
+  </HTTPTargetConnection>
+</TargetEndpoint>

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/terraform.tfvars.sample

@@ -0,0 +1,5 @@
+billing_account_id = "12345-12345-123456"
+parent             = "folders/123456789"
+apigee_project_id  = "my-apigee-project"
+onprem_project_id  = "my-onprem-project"
+hostname           = "test.myorg.org"

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf

@@ -0,0 +1,90 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "apigee_project_id" {
+  description = "Project ID."
+  type        = string
+  nullable    = false
+}
+
+variable "apigee_proxy_only_subnet_ip_cidr_range" {
+  description = "Subnet IP CIDR range."
+  type        = string
+  default     = "10.2.1.0/24"
+}
+
+variable "apigee_psa_ip_cidr_range" {
+  description = "Apigee PSA IP CIDR range."
+  type        = string
+  default     = "10.0.4.0/22"
+}
+
+variable "apigee_psc_subnet_ip_cidr_range" {
+  description = "Subnet IP CIDR range."
+  type        = string
+  default     = "10.2.2.0/24"
+}
+
+variable "apigee_subnet_ip_cidr_range" {
+  description = "Subnet IP CIDR range."
+  type        = string
+  default     = "10.2.0.0/24"
+}
+
+variable "billing_account_id" {
+  description = "Parameters for the creation of the new project."
+  type        = string
+}
+
+variable "hostname" {
+  description = "Host name."
+  type        = string
+}
+
+variable "onprem_project_id" {
+  description = "Project ID."
+  type        = string
+  nullable    = false
+}
+
+variable "onprem_proxy_only_subnet_ip_cidr_range" {
+  description = "Subnet IP CIDR range."
+  type        = string
+  default     = "10.1.1.0/24"
+}
+
+variable "onprem_subnet_ip_cidr_range" {
+  description = "Subnet IP CIDR range."
+  type        = string
+  default     = "10.1.0.0/24"
+}
+
+variable "parent" {
+  description = "Parent (organizations/organizationID or folders/folderID)."
+  type        = string
+}
+
+variable "region" {
+  description = "Region."
+  type        = string
+  default     = "europe-west1"
+}
+
+variable "zone" {
+  description = "Zone."
+  type        = string
+  default     = "europe-west1-c"
+}

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf

@@ -0,0 +1,29 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_version = ">= 1.3.1"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 4.47.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 4.47.0" # tftest
+    }
+  }
+}
+
+

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/vpn.tf

@@ -0,0 +1,117 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "apigee_vpn" {
+  source     = "../../../../modules/net-vpn-ha"
+  project_id = module.apigee_project.project_id
+  network    = module.apigee_vpc.self_link
+  region     = var.region
+  name       = "vpn"
+  router_config = {
+    name = "router"
+    asn  = 64513
+    custom_advertise = {
+      all_subnets = true
+      ip_ranges = {
+        "35.191.0.0/16"  = "health checks"
+        "130.211.0.0/22" = "load balancers"
+      }
+      mode = "CUSTOM"
+    }
+  }
+  peer_gateway = {
+    gcp = module.onprem_vpn.self_link
+  }
+  tunnels = {
+    0 = {
+      bgp_peer = {
+        address = "169.254.2.2"
+        asn     = 64514
+      }
+      bgp_peer_options                = null
+      bgp_session_range               = "169.254.2.1/30"
+      ike_version                     = 2
+      peer_external_gateway_interface = null
+      router                          = null
+      shared_secret                   = null
+      vpn_gateway_interface           = 0
+    }
+    1 = {
+      bgp_peer = {
+        address = "169.254.2.6"
+        asn     = 64514
+      }
+      bgp_peer_options                = null
+      bgp_session_range               = "169.254.2.5/30"
+      ike_version                     = 2
+      peer_external_gateway_interface = null
+      router                          = null
+      shared_secret                   = null
+      vpn_gateway_interface           = 1
+    }
+  }
+}
+
+module "onprem_vpn" {
+  source     = "../../../../modules/net-vpn-ha"
+  project_id = module.onprem_project.project_id
+  network    = module.onprem_vpc.self_link
+  region     = var.region
+  name       = "vpn"
+  router_config = {
+    name = "router-${var.region}"
+    asn  = 64514
+    custom_advertise = {
+      all_subnets = false
+      ip_ranges = {
+        (var.onprem_subnet_ip_cidr_range) = "subnet range"
+      }
+      mode = "CUSTOM"
+    }
+  }
+  peer_gateway = {
+    gcp = module.apigee_vpn.self_link
+  }
+  tunnels = {
+    0 = {
+      bgp_peer = {
+        address = "169.254.2.1"
+        asn     = 64513
+      }
+      bgp_peer_options                = null
+      bgp_session_range               = "169.254.2.2/30"
+      ike_version                     = 2
+      peer_external_gateway_interface = null
+      router                          = null
+      shared_secret                   = module.apigee_vpn.random_secret
+      vpn_gateway_interface           = 0
+    }
+    1 = {
+      bgp_peer = {
+        address = "169.254.2.5"
+        asn     = 64513
+      }
+      bgp_peer_options                = null
+      bgp_session_range               = "169.254.2.6/30"
+      ike_version                     = 2
+      peer_external_gateway_interface = null
+      router                          = null
+      shared_secret                   = module.apigee_vpn.random_secret
+      vpn_gateway_interface           = 1
+    }
+  }
+}
+

tests/blueprints/apigee/bigquery-analytics/tftest.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-module: blueprints/cloud-operations/apigee
+module: blueprints/apigee/bigquery-analytics
 
 tests:
   basic:

tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/__init__.py

@@ -0,0 +1,13 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.tfvars

@@ -0,0 +1,5 @@
+billing_account_id = "12345-12345-12345"
+parent             = "folders/123456789"
+apigee_project_id  = "my-apigee-project"
+onprem_project_id  = "my-onprem-project"
+hostname           = "test.myorg.org"

tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml

@@ -0,0 +1,17 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+counts:
+  modules: 13
+  resources: 72

tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/tftest.yaml

@@ -0,0 +1,18 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module: blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg
+
+tests:
+  basic: