diff --git a/blueprints/apigee/bigquery-analytics/README.md b/blueprints/apigee/bigquery-analytics/README.md
index d674a841..5261f72e 100644
--- a/blueprints/apigee/bigquery-analytics/README.md
+++ b/blueprints/apigee/bigquery-analytics/README.md
@@ -105,5 +105,5 @@ module "test" {
europe-west1 = "10.0.0.0/28"
}
}
-# tftest modules=10 resources=65
+# tftest modules=10 resources=64
```
diff --git a/blueprints/apigee/hybrid-gke/README.md b/blueprints/apigee/hybrid-gke/README.md
index e2151d47..5d79f1f8 100644
--- a/blueprints/apigee/hybrid-gke/README.md
+++ b/blueprints/apigee/hybrid-gke/README.md
@@ -80,5 +80,5 @@ module "test" {
project_id = "my-project"
hostname = "test.myorg.org"
}
-# tftest modules=18 resources=62
+# tftest modules=18 resources=61
```
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
index 8abca3c3..51534dda 100644
--- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
+++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
@@ -79,5 +79,5 @@ module "test" {
onprem_project_id = "my-onprem-project"
hostname = "test.myorg.org"
}
-# tftest modules=14 resources=78
+# tftest modules=14 resources=77
```
diff --git a/modules/apigee/README.md b/modules/apigee/README.md
index 353fb528..5a8eb525 100644
--- a/modules/apigee/README.md
+++ b/modules/apigee/README.md
@@ -48,6 +48,7 @@ module "apigee" {
europe-west3 = {
runtime_ip_cidr_range = "10.0.8.0/22"
troubleshooting_ip_cidr_range = "10.1.16.0/28"
+ enable_nat = true
}
}
endpoint_attachments = {
@@ -96,7 +97,7 @@ module "apigee" {
}
}
}
-# tftest modules=1 resources=9
+# tftest modules=1 resources=8
```
### New environment group
@@ -109,7 +110,7 @@ module "apigee" {
test = ["test.example.com"]
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1
```
### New environment
@@ -125,7 +126,7 @@ module "apigee" {
}
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1
```
### New instance
@@ -141,7 +142,7 @@ module "apigee" {
}
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1
```
### New endpoint attachment
@@ -159,7 +160,7 @@ module "apigee" {
}
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1
```
### Apigee add-ons
@@ -179,13 +180,13 @@ module "apigee" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L90) | Project ID. | string | ✓ | |
+| [project_id](variables.tf#L95) | Project ID. | string | ✓ | |
| [addons_config](variables.tf#L17) | Addons configuration. | object({…}) | | null |
-| [endpoint_attachments](variables.tf#L29) | Endpoint attachments. | map(object({…})) | | null |
-| [envgroups](variables.tf#L38) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | null |
-| [environments](variables.tf#L44) | Environments. | map(object({…})) | | null |
-| [instances](variables.tf#L62) | Instances ([REGION] => [INSTANCE]). | map(object({…})) | | null |
-| [organization](variables.tf#L75) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null |
+| [endpoint_attachments](variables.tf#L29) | Endpoint attachments. | map(object({…})) | | {} |
+| [envgroups](variables.tf#L39) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | {} |
+| [environments](variables.tf#L46) | Environments. | map(object({…})) | | {} |
+| [instances](variables.tf#L65) | Instances ([REGION] => [INSTANCE]). | map(object({…})) | | {} |
+| [organization](variables.tf#L80) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null |
## Outputs
@@ -195,8 +196,9 @@ module "apigee" {
| [envgroups](outputs.tf#L22) | Environment groups. | |
| [environments](outputs.tf#L27) | Environment. | |
| [instances](outputs.tf#L32) | Instances. | |
-| [org_id](outputs.tf#L37) | Organization ID. | |
-| [org_name](outputs.tf#L42) | Organization name. | |
-| [organization](outputs.tf#L47) | Organization. | |
-| [service_attachments](outputs.tf#L52) | Service attachments. | |
+| [nat_ips](outputs.tf#L37) | NAT IP addresses used in instances. | |
+| [org_id](outputs.tf#L45) | Organization ID. | |
+| [org_name](outputs.tf#L50) | Organization name. | |
+| [organization](outputs.tf#L55) | Organization. | |
+| [service_attachments](outputs.tf#L60) | Service attachments. | |
diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf
index e68c5f90..4a2e3d25 100644
--- a/modules/apigee/main.tf
+++ b/modules/apigee/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,12 +15,8 @@
*/
locals {
- org_id = try(google_apigee_organization.organization[0].id, "organizations/${var.project_id}")
- org_name = try(google_apigee_organization.organization[0].name, var.project_id)
- envgroups = coalesce(var.envgroups, {})
- environments = coalesce(var.environments, {})
- instances = coalesce(var.instances, {})
- endpoint_attachments = coalesce(var.endpoint_attachments, {})
+ org_id = try(google_apigee_organization.organization[0].id, "organizations/${var.project_id}")
+ org_name = try(google_apigee_organization.organization[0].name, var.project_id)
}
resource "google_apigee_organization" "organization" {
@@ -35,14 +31,14 @@ resource "google_apigee_organization" "organization" {
}
resource "google_apigee_envgroup" "envgroups" {
- for_each = local.envgroups
+ for_each = var.envgroups
name = each.key
hostnames = each.value
org_id = local.org_id
}
resource "google_apigee_environment" "environments" {
- for_each = local.environments
+ for_each = var.environments
name = each.key
display_name = each.value.display_name
description = each.value.description
@@ -64,7 +60,7 @@ resource "google_apigee_environment" "environments" {
}
resource "google_apigee_envgroup_attachment" "envgroup_attachments" {
- for_each = merge(concat([for k1, v1 in local.environments : {
+ for_each = merge(concat([for k1, v1 in var.environments : {
for v2 in coalesce(v1.envgroups, []) : "${k1}-${v2}" => {
environment = k1
envgroup = v2
@@ -75,7 +71,7 @@ resource "google_apigee_envgroup_attachment" "envgroup_attachments" {
}
resource "google_apigee_environment_iam_binding" "binding" {
- for_each = merge(concat([for k1, v1 in local.environments : {
+ for_each = merge(concat([for k1, v1 in var.environments : {
for k2, v2 in coalesce(v1.iam, {}) : "${k1}-${k2}" => {
environment = "${k1}"
role = k2
@@ -89,7 +85,7 @@ resource "google_apigee_environment_iam_binding" "binding" {
}
resource "google_apigee_instance" "instances" {
- for_each = local.instances
+ for_each = var.instances
name = "instance-${each.key}"
display_name = each.value.display_name
description = each.value.description
@@ -100,8 +96,18 @@ resource "google_apigee_instance" "instances" {
consumer_accept_list = each.value.consumer_accept_list
}
+resource "google_apigee_nat_address" "apigee_nat" {
+ for_each = {
+ for k, v in var.instances :
+ k => google_apigee_instance.instances[k].id
+ if v.enable_nat
+ }
+ name = each.key
+ instance_id = each.value
+}
+
resource "google_apigee_instance_attachment" "instance_attachments" {
- for_each = merge(concat([for k1, v1 in local.environments : {
+ for_each = merge(concat([for k1, v1 in var.environments : {
for v2 in coalesce(v1.regions, []) :
"${k1}-${v2}" => {
environment = k1
@@ -114,7 +120,7 @@ resource "google_apigee_instance_attachment" "instance_attachments" {
}
resource "google_apigee_endpoint_attachment" "endpoint_attachments" {
- for_each = local.endpoint_attachments
+ for_each = var.endpoint_attachments
org_id = local.org_id
endpoint_attachment_id = each.key
location = each.value.region
@@ -122,39 +128,37 @@ resource "google_apigee_endpoint_attachment" "endpoint_attachments" {
}
resource "google_apigee_addons_config" "test_organization" {
- org = local.org_name
- dynamic "addons_config" {
- for_each = var.addons_config == null ? [] : [""]
- content {
- dynamic "advanced_api_ops_config" {
- for_each = var.addons_config.advanced_api_ops ? [] : [""]
- content {
- enabled = true
- }
+ for_each = toset(var.addons_config == null ? [] : [""])
+ org = local.org_name
+ addons_config {
+ dynamic "advanced_api_ops_config" {
+ for_each = var.addons_config.advanced_api_ops ? [] : [""]
+ content {
+ enabled = true
}
- dynamic "api_security_config" {
- for_each = var.addons_config.api_security ? [] : [""]
- content {
- enabled = true
- }
+ }
+ dynamic "api_security_config" {
+ for_each = var.addons_config.api_security ? [] : [""]
+ content {
+ enabled = true
}
- dynamic "connectors_platform_config" {
- for_each = var.addons_config.connectors_platform ? [] : [""]
- content {
- enabled = true
- }
+ }
+ dynamic "connectors_platform_config" {
+ for_each = var.addons_config.connectors_platform ? [] : [""]
+ content {
+ enabled = true
}
- dynamic "integration_config" {
- for_each = var.addons_config.integration ? [] : [""]
- content {
- enabled = true
- }
+ }
+ dynamic "integration_config" {
+ for_each = var.addons_config.integration ? [] : [""]
+ content {
+ enabled = true
}
- dynamic "monetization_config" {
- for_each = var.addons_config.monetization ? [] : [""]
- content {
- enabled = true
- }
+ }
+ dynamic "monetization_config" {
+ for_each = var.addons_config.monetization ? [] : [""]
+ content {
+ enabled = true
}
}
}
diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf
index 74ad9f18..eb3ab2cc 100644
--- a/modules/apigee/outputs.tf
+++ b/modules/apigee/outputs.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -34,6 +34,14 @@ output "instances" {
value = try(google_apigee_instance.instances, null)
}
+output "nat_ips" {
+ description = "NAT IP addresses used in instances."
+ value = {
+ for k, v in google_apigee_nat_address.apigee_nat :
+ k => v.ip_address
+ }
+}
+
output "org_id" {
description = "Organization ID."
value = local.org_id
diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf
index 4c2f0308..c5832e33 100644
--- a/modules/apigee/variables.tf
+++ b/modules/apigee/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -32,13 +32,15 @@ variable "endpoint_attachments" {
region = string
service_attachment = string
}))
- default = null
+ default = {}
+ nullable = false
}
variable "envgroups" {
description = "Environment groups (NAME => [HOSTNAMES])."
type = map(list(string))
- default = null
+ default = {}
+ nullable = false
}
variable "environments" {
@@ -56,7 +58,8 @@ variable "environments" {
envgroups = optional(list(string))
regions = optional(list(string))
}))
- default = null
+ default = {}
+ nullable = false
}
variable "instances" {
@@ -68,8 +71,10 @@ variable "instances" {
troubleshooting_ip_cidr_range = string
disk_encryption_key = optional(string)
consumer_accept_list = optional(list(string))
+ enable_nat = optional(bool, false)
}))
- default = null
+ default = {}
+ nullable = false
}
variable "organization" {