zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding support for NAT in Apigee

This commit is contained in:
Rob Heckel 2023-08-23 15:49:56 -05:00
parent d36c53bbae
commit 6c33d34c28
4 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/apigee/README.md
View File

@ -42,10 +42,12 @@ module "apigee" {
}
instances = {
europe-west1 = {
nat_required = true
runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
}
europe-west3 = {
nat_required = false
runtime_ip_cidr_range = "10.0.8.0/22"
troubleshooting_ip_cidr_range = "10.1.16.0/28"
}
@ -179,13 +181,13 @@ module "apigee" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L90) | Project ID. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L91) | Project ID. | <code>string</code> | ✓ | |
| [addons_config](variables.tf#L17) | Addons configuration. | <code title="object&#40;&#123;&#10; advanced_api_ops &#61; optional&#40;bool, false&#41;&#10; api_security &#61; optional&#40;bool, false&#41;&#10; connectors_platform &#61; optional&#40;bool, false&#41;&#10; integration &#61; optional&#40;bool, false&#41;&#10; monetization &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [endpoint_attachments](variables.tf#L29) | Endpoint attachments. | <code title="map&#40;object&#40;&#123;&#10; region &#61; string&#10; service_attachment &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [envgroups](variables.tf#L38) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> |
| [environments](variables.tf#L44) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; deployment_type &#61; optional&#40;string&#41;&#10; api_proxy_type &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; optional&#40;list&#40;string&#41;&#41;&#10; regions &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [instances](variables.tf#L62) | Instances ([REGION] => [INSTANCE]). | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; runtime_ip_cidr_range &#61; string&#10; troubleshooting_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [organization](variables.tf#L75) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; authorized_network &#61; optional&#40;string&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10; retention &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [instances](variables.tf#L62) | Instances ([REGION] => [INSTANCE]). | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; runtime_ip_cidr_range &#61; string&#10; troubleshooting_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10; nat_required &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [organization](variables.tf#L76) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; authorized_network &#61; optional&#40;string&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10; retention &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs
@ -194,9 +196,10 @@ module "apigee" {
| [endpoint_attachment_hosts](outputs.tf#L17) | Endpoint hosts. | |
| [envgroups](outputs.tf#L22) | Environment groups. | |
| [environments](outputs.tf#L27) | Environment. | |
| [instances](outputs.tf#L32) | Instances. | |
| [org_id](outputs.tf#L37) | Organization ID. | |
| [org_name](outputs.tf#L42) | Organization name. | |
| [organization](outputs.tf#L47) | Organization. | |
| [service_attachments](outputs.tf#L52) | Service attachments. | |
| [instance_nat_ips](outputs.tf#L32) | NAT IP addresses used in instances. | |
| [instances](outputs.tf#L37) | Instances. | |
| [org_id](outputs.tf#L42) | Organization ID. | |
| [org_name](outputs.tf#L47) | Organization name. | |
| [organization](outputs.tf#L52) | Organization. | |
| [service_attachments](outputs.tf#L57) | Service attachments. | |
<!-- END TFDOC -->

10
modules/apigee/main.tf
View File

@ -100,6 +100,16 @@ resource "google_apigee_instance" "instances" {
consumer_accept_list = each.value.consumer_accept_list
}
resource "google_apigee_nat_address" "apigee_nat" {
for_each = {
for instance_name, instance_config in local.instances :
instance_name => instance_config.nat_required ? instance_config : null
}
name = "nat-${each.key}"
instance_id = google_apigee_instance.instances[each.key].id
}
resource "google_apigee_instance_attachment" "instance_attachments" {
for_each = merge(concat([for k1, v1 in local.environments : {
for v2 in coalesce(v1.regions, []) :

7
modules/apigee/outputs.tf
View File

@ -29,6 +29,11 @@ output "environments" {
value = try(google_apigee_environment.environments, null)
}
output "instance_nat_ips" {
description = "NAT IP addresses used in instances."
value = try(google_apigee_nat_address.apigee_nat, null)
}
output "instances" {
description = "Instances."
value = try(google_apigee_instance.instances, null)
@ -52,4 +57,4 @@ output "organization" {
output "service_attachments" {
description = "Service attachments."
value = { for k, v in google_apigee_instance.instances : k => v.service_attachment }
}
}

1
modules/apigee/variables.tf
View File

@ -68,6 +68,7 @@ variable "instances" {
troubleshooting_ip_cidr_range = string
disk_encryption_key = optional(string)
consumer_accept_list = optional(list(string))
nat_required = optional(bool, false)
}))
default = null
}