From 24b5e03c80ea2192356e3300045708cc91765267 Mon Sep 17 00:00:00 2001
From: Daniel Strebel <strebel@google.com>
Date: Wed, 4 Aug 2021 17:09:44 +0200
Subject: [PATCH] initial scaffold for an Apigee tf module

---
 modules/apigee-x-instance/README.md    | 30 ++++++++++
 modules/apigee-x-instance/main.tf      | 14 +++++
 modules/apigee-x-instance/outputs.tf   |  4 ++
 modules/apigee-x-instance/variables.tf | 29 ++++++++++
 modules/apigee/README.md               | 68 ++++++++++++++++++++++
 modules/apigee/main.tf                 | 72 +++++++++++++++++++++++
 modules/apigee/outputs.tf              | 14 +++++
 modules/apigee/variables.tf            | 79 ++++++++++++++++++++++++++
 8 files changed, 310 insertions(+)
 create mode 100644 modules/apigee-x-instance/README.md
 create mode 100644 modules/apigee-x-instance/main.tf
 create mode 100644 modules/apigee-x-instance/outputs.tf
 create mode 100644 modules/apigee-x-instance/variables.tf
 create mode 100644 modules/apigee/README.md
 create mode 100644 modules/apigee/main.tf
 create mode 100644 modules/apigee/outputs.tf
 create mode 100644 modules/apigee/variables.tf

diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md
new file mode 100644
index 00000000..90d29a68
--- /dev/null
+++ b/modules/apigee-x-instance/README.md
@@ -0,0 +1,30 @@
+# Apigee Module
+
+This module allows managing a single Apigee X instance and its environment attachments.
+
+## TODO
+
+- [ ] N/A
+
+## Examples
+
+### Apigee X Evaluation Instance
+
+```hcl
+module "apigee-x-instance" {
+  source             = "./modules/apigee-x-instance"
+  name               = "my-us-instance"
+  region             = "us-central1"
+  cidr_mask          = 22
+
+  apigee_org_id      = "my-project"
+  apigee_environments = [
+    "eval1",
+    "eval2"
+  ]
+}
+# tftest:modules=1:resources=3
+```
+
+<!-- BEGIN TFDOC -->
+<!-- END TFDOC -->
diff --git a/modules/apigee-x-instance/main.tf b/modules/apigee-x-instance/main.tf
new file mode 100644
index 00000000..0e5f6fbd
--- /dev/null
+++ b/modules/apigee-x-instance/main.tf
@@ -0,0 +1,14 @@
+resource "google_apigee_instance" "apigee_instance" {
+  org_id             = var.apigee_org_id
+  name               = var.name
+  location           = var.region
+  peering_cidr_range = "SLASH_${var.cidr_mask}"
+  #disk_encryption_key_name = google_kms_crypto_key.apigee_key.id
+}
+
+
+resource "google_apigee_instance_attachment" "apigee_instance_attchment" {
+  for_each     = toset(var.apigee_environments)
+  instance_id  = google_apigee_instance.apigee_instance.id
+  environment  = each.key
+}
diff --git a/modules/apigee-x-instance/outputs.tf b/modules/apigee-x-instance/outputs.tf
new file mode 100644
index 00000000..be953133
--- /dev/null
+++ b/modules/apigee-x-instance/outputs.tf
@@ -0,0 +1,4 @@
+output "endpoint" {
+    description = "Internal endpoint of the Apigee instance."
+    value = google_apigee_instance.apigee_instance.host
+}
\ No newline at end of file
diff --git a/modules/apigee-x-instance/variables.tf b/modules/apigee-x-instance/variables.tf
new file mode 100644
index 00000000..9bc09f1f
--- /dev/null
+++ b/modules/apigee-x-instance/variables.tf
@@ -0,0 +1,29 @@
+variable "name" {
+    description = "Apigee instance name."
+    type = string
+}
+
+variable "apigee_org_id" {
+    description = "Apigee Organization ID"
+    type = string
+}
+
+variable "apigee_environments" {
+  description = "Apigee Environment Names."
+  type = list(string)
+  default = []
+}
+
+variable "cidr_mask" {
+    description = "CIDR mask for the Apigee instance"
+    type        = number
+    validation {
+    condition     = contains([16, 20, 22], var.cidr_mask)
+    error_message = "Allowed Values for cidr_mask [16, 20, 22]."
+  }
+}
+
+variable "region" {
+  description = "Compute region."
+  type        = string
+}
diff --git a/modules/apigee/README.md b/modules/apigee/README.md
new file mode 100644
index 00000000..f8be0b24
--- /dev/null
+++ b/modules/apigee/README.md
@@ -0,0 +1,68 @@
+# Apigee Module
+
+This module allows managing a single Apigee organization and its environments and environmentgrous.
+
+## TODO
+
+- [ ] N/A
+
+## Examples
+
+### Apigee X Evaluation Organization
+
+```hcl
+module "apigee" {
+  source     = "./modules/apigee"
+  project_id = "my-project"
+  analytics_region = "us-central1"
+  runtime_type = "CLOUD"
+  peering_network = "my-vpc"
+  peering_range = "10.0.0.0/16"
+  apigee_environments = [
+    "eval1",
+    "eval2"
+  ]
+  apigee_envgroups = {
+    eval = {
+      environments = [
+        "eval1",
+        "eval2"
+      ]
+      hostnames    = [
+        "eval.api.example.com"
+      ]
+    }
+  }
+}
+# tftest:modules=1:resources=10
+```
+
+### Apigee hybrid Evaluation Organization
+
+```hcl
+module "apigee" {
+  source     = "./modules/apigee"
+  project_id = "my-project"
+  analytics_region = "us-central1"
+  runtime_type = "HYBRID"
+  apigee_environments = [
+    "eval1",
+    "eval2"
+  ]
+  apigee_envgroups = {
+    eval = {
+      environments = [
+        "eval1",
+        "eval2"
+      ]
+      hostnames    = [
+        "eval.api.example.com"
+      ]
+    }
+  }
+}
+# tftest:modules=1:resources=6
+```
+
+<!-- BEGIN TFDOC -->
+<!-- END TFDOC -->
diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf
new file mode 100644
index 00000000..c1c3b660
--- /dev/null
+++ b/modules/apigee/main.tf
@@ -0,0 +1,72 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  env_envgroup_pairs = flatten([
+    for eg_name, eg in var.apigee_envgroups: [
+      for e in eg.environments : {
+        envgroup   = eg_name
+        env = e
+      }
+    ]
+  ])
+}
+
+resource "google_apigee_organization" "apigee_org" {
+  project_id         = var.project_id
+  analytics_region   = var.analytics_region
+  display_name       = var.display_name
+  description        = var.description
+  runtime_type       = var.runtime_type
+  authorized_network = var.peering_network
+}
+
+resource "google_apigee_environment" "apigee_env" {
+  for_each = toset(var.apigee_environments)
+  org_id   = google_apigee_organization.apigee_org.id
+  name     = each.key
+}
+
+resource "google_apigee_envgroup" "apigee_envgroup" {
+  for_each  = var.apigee_envgroups
+  org_id    = google_apigee_organization.apigee_org.id
+  name      = each.key
+  hostnames = each.value.hostnames
+}
+
+resource "google_apigee_envgroup_attachment" "env_to_envgroup_attachment" {
+  for_each    = { for pair in local.env_envgroup_pairs : "${pair.envgroup}-${pair.env}" => pair }
+  envgroup_id = google_apigee_envgroup.apigee_envgroup[each.value.envgroup].id
+  environment = google_apigee_environment.apigee_env[each.value.env].name
+}
+
+resource "google_compute_global_address" "apigee_peering_range" {
+  count         = var.peering_range == null ? 0 : 1
+  project       = var.project_id
+  name          = "${var.project_id}-apigee-peering"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  address       = split("/", var.peering_range)[0]
+  prefix_length = split("/", var.peering_range)[1]
+  network       = var.peering_network
+}
+
+resource "google_service_networking_connection" "apigee_vpc_connection" {
+  count                   = var.peering_network == null ? 0 : 1
+  network                 = "projects/${var.project_id}/global/networks/${var.peering_network}"
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.apigee_peering_range.0.name]
+}
diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf
new file mode 100644
index 00000000..5db63b34
--- /dev/null
+++ b/modules/apigee/outputs.tf
@@ -0,0 +1,14 @@
+output "subscription_type" {
+    description = "Apigee subscription type."
+    value       = google_apigee_organization.apigee_org.subscription_type
+}
+
+output "org_ca_certificate" {
+    description = "Apigee organization CA certificate."
+    value       = google_apigee_organization.apigee_org.ca_certificate
+}
+
+output "org_id" {
+    description = "Apigee Organization ID."
+    value       = google_apigee_organization.apigee_org.id
+}
\ No newline at end of file
diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf
new file mode 100644
index 00000000..3f4cd992
--- /dev/null
+++ b/modules/apigee/variables.tf
@@ -0,0 +1,79 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "Project ID to host this Apigee organization (will also become the Apigee Org name)."
+  type        = string
+}
+
+variable "analytics_region" {
+  description = "Analytics Region for the Apgiee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli."
+  type = string
+  default = "us-central1"
+}
+
+variable "display_name" {
+  description = "Display Name of the Apigee Organization."
+  type = string
+  default = null
+}
+
+variable "description" {
+  description = "Description of the Apigee Organization."
+  type = string
+  default = "Apigee Organization created by tf module"
+}
+
+variable "runtime_type" {
+  type    = string
+
+  validation {
+    condition     = contains(["CLOUD", "HYBRID"], var.runtime_type)
+    error_message = "Allowed values for runtime_type \"CLOUD\" or \"HYBRID\"."
+  }
+}
+
+variable "peering_network" {
+  description = "VPC Network used for peering Apigee (Used in Apigee X only)."
+  type = string
+  default = null
+
+  # validation {
+  #   condition = var.runtime_type == "CLOUD" ? var.peering_vpc != null : true
+  #   error_message = "A peering_vpc must be provided for Apigee Organizations of runtime_type \"CLOUD\"."
+  # }
+}
+
+variable "peering_range" {
+  description = "RFC1919 CIDR range used for peering the Apigee tennant project. Min size for trial is /22 min size for PAID is /20"
+  type = string
+  default = null
+}
+
+variable "apigee_environments" {
+  description = "Apigee Environment Names."
+  type = list(string)
+  default = []
+}
+
+variable "apigee_envgroups" {
+  description = "Apigee Environment Groups."
+  type = map(object({
+    environments      = list(string)
+    hostnames         = list(string)
+  }))
+  default = {}
+}