From 0822531b7832aaf04a57051872d5037233015941 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Thu, 7 Sep 2023 10:49:33 +0200 Subject: [PATCH] Allow creating organizations/instances without VPC Peering --- modules/apigee/README.md | 6 +++--- modules/apigee/main.tf | 19 ++++++++++++------- modules/apigee/variables.tf | 25 +++++++++++++++++++++++-- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/modules/apigee/README.md b/modules/apigee/README.md index 645abea9..bff54678 100644 --- a/modules/apigee/README.md +++ b/modules/apigee/README.md @@ -180,13 +180,13 @@ module "apigee" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L96) | Project ID. | string | ✓ | | +| [project_id](variables.tf#L117) | Project ID. | string | ✓ | | | [addons_config](variables.tf#L17) | Addons configuration. | object({…}) | | null | | [endpoint_attachments](variables.tf#L29) | Endpoint attachments. | map(object({…})) | | {} | | [envgroups](variables.tf#L39) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | {} | | [environments](variables.tf#L46) | Environments. | map(object({…})) | | {} | -| [instances](variables.tf#L65) | Instances ([REGION] => [INSTANCE]). | map(object({…})) | | {} | -| [organization](variables.tf#L81) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null | +| [instances](variables.tf#L65) | Instances ([REGION] => [INSTANCE]). | map(object({…})) | | {} | +| [organization](variables.tf#L89) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null | ## Outputs diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf index c5c0918a..8efc3daf 100644 --- a/modules/apigee/main.tf +++ b/modules/apigee/main.tf @@ -28,6 +28,7 @@ resource "google_apigee_organization" "organization" { runtime_type = var.organization.runtime_type runtime_database_encryption_key_name = var.organization.database_encryption_key retention = var.organization.retention + disable_vpc_peering = var.organization.disable_vpc_peering } resource "google_apigee_envgroup" "envgroups" { @@ -85,13 +86,17 @@ resource "google_apigee_environment_iam_binding" "binding" { } resource "google_apigee_instance" "instances" { - for_each = var.instances - name = coalesce(each.value.name, "instance-${each.key}") - display_name = each.value.display_name - description = each.value.description - location = each.key - org_id = local.org_id - ip_range = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}" + for_each = var.instances + name = coalesce(each.value.name, "instance-${each.key}") + display_name = each.value.display_name + description = each.value.description + location = each.key + org_id = local.org_id + ip_range = ( + compact([each.value.runtime_ip_cidr_range, each.value.troubleshooting_ip_cidr_range]) != [] + ? join(",", compact([each.value.runtime_ip_cidr_range, each.value.troubleshooting_ip_cidr_range])) + : null + ) disk_encryption_key_name = each.value.disk_encryption_key consumer_accept_list = each.value.consumer_accept_list } diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf index 59469c7a..bca101d6 100644 --- a/modules/apigee/variables.tf +++ b/modules/apigee/variables.tf @@ -68,12 +68,20 @@ variable "instances" { name = optional(string) display_name = optional(string) description = optional(string, "Terraform-managed") - runtime_ip_cidr_range = string - troubleshooting_ip_cidr_range = string + runtime_ip_cidr_range = optional(string) + troubleshooting_ip_cidr_range = optional(string) disk_encryption_key = optional(string) consumer_accept_list = optional(list(string)) enable_nat = optional(bool, false) })) + validation { + condition = alltrue([ + for k, v in var.instances : + # has troubleshooting_ip => has runtime_ip + v.runtime_ip_cidr_range != null || v.troubleshooting_ip_cidr_range == null + ]) + error_message = "Using a troubleshooting range requires specifying a runtime range too." + } default = {} nullable = false } @@ -89,7 +97,20 @@ variable "organization" { database_encryption_key = optional(string) analytics_region = optional(string, "europe-west1") retention = optional(string) + disable_vpc_peering = optional(bool, false) }) + validation { + condition = var.organization == null || ( + try(var.organization.runtime_type, null) == "CLOUD" || !try(var.organization.disable_vpc_peering, false) + ) + error_message = "Disabling the VPC peering can only be done in organization using the CLOUD runtime" + } + validation { + condition = var.organization == null || ( + try(var.organization.authorized_network, null) == null || !try(var.organization.disable_vpc_peering, false) + ) + error_message = "Disabling the VPC peering is mutually exclusive with authorized_network." + } default = null }