From 6ab121a836b5bad7b34f8a5c5ad2c39340f01b67 Mon Sep 17 00:00:00 2001 From: Aleksandr Averbukh Date: Tue, 12 Apr 2022 12:57:33 +0200 Subject: [PATCH] Add support for Private Service Connect and Reginal Managed Proxy subnets for net-vpc module --- CHANGELOG.md | 1 + modules/net-vpc/README.md | 4 +++- modules/net-vpc/subnets.tf | 43 ++++++++++++++++++++++++++++++++++++ modules/net-vpc/variables.tf | 21 ++++++++++++++++++ 4 files changed, 68 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61962c3a..32db3f32 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. - CloudSQ: fixed Terraform change detection when backup is disabled - Allow multiple CIDR blocks in the ip_range for Apigee Instance - Add prefix to project factory SA bindings +- Add support for Private Service Connect and Reginal Managed Proxy subnets for `net-vpc` module **FAST** diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 4102d92e..a963b671 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -258,7 +258,9 @@ flow_logs: # enable, set to empty map to use defaults | [subnet_private_access](variables.tf#L169) | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | map(bool) | | {} | | [subnets](variables.tf#L175) | List of subnets being created. | list(object({…})) | | [] | | [subnets_l7ilb](variables.tf#L186) | List of subnets for private HTTPS load balancer. | list(object({…})) | | [] | -| [vpc_create](variables.tf#L197) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true | +| [subnets_l7rlb](variables.tf#L197) | List of proxy-only subnets for HTTPS regional load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] | +| [subnets_psc](variables.tf#L208) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] | +| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true | ## Outputs diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf index 05ad0aa3..c46c394e 100644 --- a/modules/net-vpc/subnets.tf +++ b/modules/net-vpc/subnets.tf @@ -89,6 +89,14 @@ locals { for subnet in var.subnets_l7ilb : "${subnet.region}/${subnet.name}" => subnet } + subnets_l7rlb = { + for subnet in var.subnets_l7rlb : + "${subnet.region}/${subnet.name}" => subnet + } + subnets_psc = { + for subnet in var.subnets_psc : + "${subnet.region}/${subnet.name}" => subnet + } } resource "google_compute_subnetwork" "subnetwork" { @@ -142,6 +150,41 @@ resource "google_compute_subnetwork" "l7ilb" { ) } +resource "google_compute_subnetwork" "l7rlb" { + provider = google-beta + for_each = local.subnets_l7rlb + project = var.project_id + network = local.network.name + region = each.value.region + name = each.value.name + ip_cidr_range = each.value.ip_cidr_range + purpose = "REGIONAL_MANAGED_PROXY" + role = ( + each.value.active || each.value.active == null ? "ACTIVE" : "BACKUP" + ) + description = lookup( + local.subnet_descriptions, + "${each.value.region}/${each.value.name}", + "Terraform-managed." + ) +} + +resource "google_compute_subnetwork" "psc" { + provider = google-beta + for_each = local.subnets_psc + project = var.project_id + network = local.network.name + region = each.value.region + name = each.value.name + ip_cidr_range = each.value.ip_cidr_range + purpose = "PRIVATE_SERVICE_CONNECT" + description = lookup( + local.subnet_descriptions, + "${each.value.region}/${each.value.name}", + "Terraform-managed." + ) +} + resource "google_compute_subnetwork_iam_binding" "binding" { for_each = { for binding in local.subnet_iam_members : diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf index 464ccfa0..5a85e921 100644 --- a/modules/net-vpc/variables.tf +++ b/modules/net-vpc/variables.tf @@ -194,6 +194,27 @@ variable "subnets_l7ilb" { default = [] } +variable "subnets_l7rlb" { + description = "List of proxy-only subnets for HTTPS regional load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active." + type = list(object({ + active = bool + name = string + ip_cidr_range = string + region = string + })) + default = [] +} + +variable "subnets_psc" { + description = "List of subnets for Private Service Connect service producers." + type = list(object({ + name = string + ip_cidr_range = string + region = string + })) + default = [] +} + variable "vpc_create" { description = "Create VPC. When set to false, uses a data source to reference existing VPC." type = bool