From 1e0053548a68e3c8f4c6229fc6fa4cb686ae6b7b Mon Sep 17 00:00:00 2001 From: Andrea Gandolfi Date: Tue, 20 Jul 2021 09:31:54 +0200 Subject: [PATCH] Networking examples: Few fixes to "private cloud function from onprem" code --- .../README.md | 10 ++-- .../main.tf | 57 ++++++++++--------- .../variables.tf | 27 +++++---- 3 files changed, 52 insertions(+), 42 deletions(-) diff --git a/networking/private-cloud-function-from-onprem/README.md b/networking/private-cloud-function-from-onprem/README.md index 0ea102a4..4455030e 100644 --- a/networking/private-cloud-function-from-onprem/README.md +++ b/networking/private-cloud-function-from-onprem/README.md @@ -9,7 +9,7 @@ The Terraform script in this folder will create two projects connected via VPN: The "on-prem" project contains a small VM that can be used to test the accessibility to the private Cloud Function: ```bash -curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/my-hello-function +curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME ``` ![Cloud Function via Private Service Connect](diagram.png "High-level diagram") @@ -21,11 +21,11 @@ curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/my-hello-function |---|---|:---: |:---:|:---:| | billing_account_id | Billing account id used as default for new projects. | string | ✓ | | | cloud_function_gcs_bucket | Google Storage Bucket used as staging location for the Cloud Function source code. | string | ✓ | | -| function_project_id | ID of the project that will contain the Cloud Function. | string | ✓ | | -| onprem_project_id | None | string | ✓ | | -| root_id | Root folder or organization under which the projects will be created. | string | ✓ | | +| projects_id | ID of the projects used in this solution. | object({...}) | ✓ | | +| root_node | Root folder or organization under which the projects will be created. | string | ✓ | | | *create_projects* | Whether need to create the projects. | bool | | true | -| *ip_ranges* | IP ranges used for the VPCs. | map(string) | | ... | +| *ip_ranges* | IP ranges used for the VPCs. | object({...}) | | ... | +| *prefix* | Prefix used for resources that need unique names. | string | | | | *psc_endpoint* | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | string | | 10.100.100.100 | | *region* | Region where the resources will be created. | string | | europe-west1 | | *zone* | Zone where the test VM will be created. | string | | europe-west1-b | diff --git a/networking/private-cloud-function-from-onprem/main.tf b/networking/private-cloud-function-from-onprem/main.tf index 13581641..df742952 100644 --- a/networking/private-cloud-function-from-onprem/main.tf +++ b/networking/private-cloud-function-from-onprem/main.tf @@ -14,6 +14,13 @@ * limitations under the License. */ +############################################################################### +# locals # +############################################################################### +locals { + prefix = var.prefix != null ? "${var.prefix}-" : "" +} + ############################################################################### # projects # ############################################################################### @@ -21,9 +28,10 @@ module "project-onprem" { source = "../../modules/project" billing_account = var.billing_account_id - name = var.onprem_project_id - parent = var.root_id + name = var.projects_id.onprem + parent = var.root_node project_create = var.create_projects + prefix = var.prefix services = [ "compute.googleapis.com", "dns.googleapis.com" @@ -34,9 +42,10 @@ module "project-onprem" { module "project-hub" { source = "../../modules/project" billing_account = var.billing_account_id - name = var.function_project_id - parent = var.root_id + name = var.projects_id.function + parent = var.root_node project_create = var.create_projects + prefix = var.prefix services = [ "compute.googleapis.com", "cloudfunctions.googleapis.com", @@ -51,11 +60,11 @@ module "project-hub" { module "vpc-onprem" { source = "../../modules/net-vpc" project_id = module.project-onprem.project_id - name = "onprem" + name = "${local.prefix}onprem" subnets = [ { ip_cidr_range = var.ip_ranges.onprem - name = "onprem-subnet" + name = "${local.prefix}onprem" region = var.region secondary_ip_range = {} } @@ -74,11 +83,11 @@ module "firewall-onprem" { module "vpc-hub" { source = "../../modules/net-vpc" project_id = module.project-hub.project_id - name = "hub" + name = "${local.prefix}hub" subnets = [ { ip_cidr_range = var.ip_ranges.hub - name = "hub-subnet" + name = "${local.prefix}hub" region = var.region secondary_ip_range = {} } @@ -94,7 +103,7 @@ module "vpn-onprem" { project_id = module.project-onprem.project_id region = var.region network = module.vpc-onprem.self_link - name = "onprem-to-hub" + name = "${local.prefix}onprem-to-hub" router_asn = 65001 router_advertise_config = { groups = ["ALL_SUBNETS"] @@ -138,7 +147,7 @@ module "vpn-hub" { project_id = module.project-hub.project_id region = var.region network = module.vpc-hub.name - name = "hub-to-onprem" + name = "${local.prefix}hub-to-onprem" router_asn = 65002 peer_gcp_gateway = module.vpn-onprem.self_link router_advertise_config = { @@ -187,7 +196,7 @@ module "test-vm" { project_id = module.project-onprem.project_id region = var.region zones = ["${var.zone}"] - name = "test-vm" + name = "${local.prefix}test-vm" instance_type = "e2-micro" instance_count = 1 boot_disk = { image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104", type = "pd-standard", size = 10 } @@ -195,10 +204,10 @@ module "test-vm" { network_interfaces = [ { network = module.vpc-onprem.self_link, - subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/onprem-subnet"], + subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${local.prefix}onprem"], nat = false, addresses = { - internal = [cidrhost(var.ip_ranges.onprem, 2)] + internal = [] external = [] }, alias_ips = null @@ -222,28 +231,22 @@ module "test-vm" { module "function-hello" { source = "../../modules/cloud-function" project_id = module.project-hub.project_id - name = "my-hello-function" - bucket_name = module.bucket-functions.bucket.name + name = "${local.prefix}my-hello-function" + bucket_name = var.cloud_function_gcs_bucket ingress_settings = "ALLOW_INTERNAL_ONLY" bundle_config = { source_dir = "assets" output_path = "bundle.zip" } + bucket_config = { + location = var.region + lifecycle_delete_age = null + } iam = { "roles/cloudfunctions.invoker" = ["allUsers"] } } -############################################################################### -# GCS # -############################################################################### - -module "bucket-functions" { - source = "../../modules/gcs" - project_id = module.project-hub.project_id - name = var.cloud_function_gcs_bucket -} - ############################################################################### # DNS # ############################################################################### @@ -252,8 +255,8 @@ module "private-dns-onprem" { source = "../../modules/dns" project_id = module.project-onprem.project_id type = "private" - name = "private-cloud-function" - domain = "${var.region}-${var.function_project_id}.cloudfunctions.net." + name = "${local.prefix}private-cloud-function" + domain = "${var.region}-${local.prefix}${var.projects_id.function}.cloudfunctions.net." client_networks = [module.vpc-onprem.self_link] recordsets = [{ name = "", diff --git a/networking/private-cloud-function-from-onprem/variables.tf b/networking/private-cloud-function-from-onprem/variables.tf index 681f9e29..f263694d 100644 --- a/networking/private-cloud-function-from-onprem/variables.tf +++ b/networking/private-cloud-function-from-onprem/variables.tf @@ -30,19 +30,23 @@ variable "zone" { default = "europe-west1-b" } +variable "prefix" { + description = "Prefix used for resources that need unique names." + type = string + default = null +} + variable "billing_account_id" { description = "Billing account id used as default for new projects." type = string } -variable "onprem_project_id" { - description = "ID of the project used for the \"onprem\" environment." - type = string -} - -variable "function_project_id" { - description = "ID of the project that will contain the Cloud Function." - type = string +variable "projects_id" { + description = "ID of the projects used in this solution." + type = object({ + onprem = string + function = string + }) } variable "create_projects" { @@ -51,7 +55,7 @@ variable "create_projects" { default = true } -variable "root_id" { +variable "root_node" { description = "Root folder or organization under which the projects will be created." type = string } @@ -63,7 +67,10 @@ variable "cloud_function_gcs_bucket" { variable "ip_ranges" { description = "IP ranges used for the VPCs." - type = map(string) + type = object({ + onprem = string + hub = string + }) default = { onprem = "10.0.1.0/24", hub = "10.0.2.0/24"