zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated docs and added test

This commit is contained in:
Christoph Grotz 2023-02-24 17:02:50 +00:00
parent 3d8822d365
commit d97426633e
9 changed files with 153 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
blueprints/networking/psc-glb-and-armor/README.md
View File

@ -99,8 +99,11 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [consumer_project_id](variables.tf#L17) | The consumer project, in which the GCLB and Cloud Armor should be created. | <code></code> | ✓ | |
| [producer_project_id](variables.tf#L20) | The producer project, in which the ILB, PSC Service Attachment and Cloud Run service should be created | <code></code> | ✓ | |
| [region](variables.tf#L24) | The GCP region in which the resources should be deployed. | <code></code> | | <code>europe-west1</code> |
| [consumer_project_id](variables.tf#L32) | The consumer project, in which the GCLB and Cloud Armor should be created. | <code></code> | ✓ | |
| [prefix](variables.tf#L17) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [producer_project_id](variables.tf#L36) | The producer project, in which the ILB, PSC Service Attachment and Cloud Run service should be created | <code></code> | ✓ | |
| [project_create](variables.tf#L26) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
| [region](variables.tf#L40) | The GCP region in which the resources should be deployed. | <code></code> | | <code>europe-west1</code> |
| [zone](variables.tf#L45) | The GCP zone for the VM. | <code></code> | | <code>europe-west1-b</code> |
<!-- END TFDOC -->

37
blueprints/networking/psc-glb-and-armor/consumer.tf
View File

@ -14,26 +14,20 @@
* limitations under the License.
*/
locals {
consumer_apis = ["iam.googleapis.com", "compute.googleapis.com"]
}
data "google_project" "consumer" {
project_id = var.consumer_project_id
}
resource "google_project_service" "consumer" {
for_each = toset(local.consumer_apis)
project = data.google_project.consumer.project_id
service = each.key
disable_on_destroy = false
module "consumer_project" {
source = "../../../modules/project"
name = var.consumer_project_id
project_create = var.project_create
services = [
"iam.googleapis.com",
"compute.googleapis.com",
]
}
resource "google_compute_region_network_endpoint_group" "psc_neg" {
name = "psc-neg"
region = var.region
project = var.consumer_project_id
project = module.consumer_project.project_id
network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
psc_target_service = google_compute_service_attachment.psc_ilb_service_attachment.self_link
@ -42,7 +36,7 @@ resource "google_compute_region_network_endpoint_group" "psc_neg" {
}
resource "google_compute_global_forwarding_rule" "default" {
project = var.consumer_project_id
project = module.consumer_project.project_id
name = "global-rule"
load_balancing_scheme = "EXTERNAL_MANAGED"
target = google_compute_target_http_proxy.default.id
@ -54,14 +48,14 @@ output "lb_ip" {
}
resource "google_compute_target_http_proxy" "default" {
project = var.consumer_project_id
project = module.consumer_project.project_id
name = "target-proxy"
description = "a description"
url_map = google_compute_url_map.default.id
}
resource "google_compute_url_map" "default" {
project = var.consumer_project_id
project = module.consumer_project.project_id
name = "url-map-target-proxy"
description = "A simple URL Map, routing all traffic to the PSC NEG"
default_service = google_compute_backend_service.default.id
@ -84,21 +78,18 @@ resource "google_compute_url_map" "default" {
resource "google_compute_security_policy" "policy" {
provider = google-beta
project = var.consumer_project_id
project = module.consumer_project.project_id
name = "ddos-protection"
adaptive_protection_config {
layer_7_ddos_defense_config {
enable = true
}
}
depends_on = [
google_project_service.consumer
]
}
resource "google_compute_backend_service" "default" {
provider = google-beta
project = var.consumer_project_id
project = module.consumer_project.project_id
name = "backend"
load_balancing_scheme = "EXTERNAL_MANAGED"
protocol = "HTTPS"

77
blueprints/networking/psc-glb-and-armor/producer.tf
View File

@ -14,36 +14,27 @@
* limitations under the License.
*/
locals {
producer_apis = ["iam.googleapis.com", "run.googleapis.com", "compute.googleapis.com"]
}
data "google_project" "producer" {
project_id = var.producer_project_id
}
resource "google_project_service" "producer" {
for_each = toset(local.producer_apis)
project = data.google_project.producer.project_id
service = each.key
disable_on_destroy = false
module "producer_project" {
source = "../../../modules/project"
name = var.producer_project_id
project_create = var.project_create
services = [
"iam.googleapis.com",
"run.googleapis.com",
"compute.googleapis.com",
]
}
resource "google_service_account" "app" {
project = var.producer_project_id
project = module.producer_project.project_id
account_id = "example-app"
display_name = "Example App Service Account"
depends_on = [
google_project_service.producer
]
}
resource "google_cloud_run_service" "app" {
name = "example-app"
location = var.region
project = var.producer_project_id
project = module.producer_project.project_id
template {
spec {
@ -67,17 +58,13 @@ resource "google_cloud_run_service" "app" {
"run.googleapis.com/ingress" = "internal-and-cloud-load-balancing"
}
}
depends_on = [
google_project_service.producer
]
}
resource "google_compute_region_network_endpoint_group" "neg" {
name = "example-app-neg"
network_endpoint_type = "SERVERLESS"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
cloud_run {
service = google_cloud_run_service.app.name
}
@ -86,7 +73,7 @@ resource "google_compute_region_network_endpoint_group" "neg" {
resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
name = "producer-forwarding-rule"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = "443"
@ -101,14 +88,14 @@ resource "google_compute_region_target_https_proxy" "default" {
name = "l7-ilb-target-http-proxy"
provider = google-beta
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
url_map = google_compute_region_url_map.default.id
ssl_certificates = [google_compute_region_ssl_certificate.default.id]
}
resource "google_compute_region_ssl_certificate" "default" {
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
name = "my-certificate"
private_key = tls_private_key.example.private_key_pem
certificate = tls_self_signed_cert.example.cert_pem
@ -118,7 +105,7 @@ resource "google_compute_region_url_map" "default" {
name = "l7-ilb-regional-url-map"
provider = google-beta
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
default_service = google_compute_region_backend_service.producer_service_backend.id
}
@ -146,7 +133,7 @@ resource "tls_self_signed_cert" "example" {
resource "google_compute_region_backend_service" "producer_service_backend" {
name = "producer-service"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
load_balancing_scheme = "INTERNAL_MANAGED"
protocol = "HTTPS"
@ -160,16 +147,13 @@ resource "google_compute_region_backend_service" "producer_service_backend" {
resource "google_compute_network" "psc_ilb_network" {
name = "psc-ilb-network"
auto_create_subnetworks = false
project = var.producer_project_id
depends_on = [
google_project_service.consumer
]
project = module.producer_project.project_id
}
resource "google_compute_subnetwork" "ilb_subnetwork" {
name = "ilb-subnetwork"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
ip_cidr_range = "10.0.0.0/16"
@ -180,7 +164,7 @@ resource "google_compute_subnetwork" "ilb_subnetwork" {
resource "google_compute_subnetwork" "psc_private_subnetwork" {
name = "psc-private-subnetwork"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
ip_cidr_range = "10.3.0.0/16"
@ -191,7 +175,7 @@ resource "google_compute_subnetwork" "psc_private_subnetwork" {
resource "google_compute_subnetwork" "psc_ilb_nat" {
name = "psc-ilb-nat"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
purpose = "PRIVATE_SERVICE_CONNECT"
@ -201,44 +185,35 @@ resource "google_compute_subnetwork" "psc_ilb_nat" {
resource "google_compute_subnetwork" "vms" {
name = "vms"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
ip_cidr_range = "10.4.0.0/16"
}
data "google_compute_zones" "available" {
region = var.region
project = var.producer_project_id
}
resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
name = "my-psc-ilb"
region = var.region
project = var.producer_project_id
project = module.producer_project.project_id
description = "A service attachment configured with Terraform"
enable_proxy_protocol = false
connection_preference = "ACCEPT_AUTOMATIC"
nat_subnets = [google_compute_subnetwork.psc_ilb_nat.id]
target_service = google_compute_forwarding_rule.psc_ilb_target_service.id
depends_on = [
google_project_service.consumer
]
}
resource "google_service_account" "noop" {
project = var.producer_project_id
project = module.producer_project.project_id
account_id = "noop-sa"
display_name = "Service Account for NOOP VM"
}
resource "google_compute_instance" "noop-vm" {
project = var.producer_project_id
project = module.producer_project.project_id
name = "noop-ilb-vm"
machine_type = "e2-medium"
zone = data.google_compute_zones.available.names[0]
zone = var.zone
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"

21
blueprints/networking/psc-glb-and-armor/providers.tf
View File

@ -1,21 +0,0 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
provider "google" {
}
provider "google-beta" {
}

21
blueprints/networking/psc-glb-and-armor/variables.tf
View File

@ -14,9 +14,25 @@
* limitations under the License.
*/
variable "prefix" {
description = "Prefix used for resource names."
type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
}
variable "project_create" {
description = "Create project instead of using an existing one."
type = bool
default = false
}
variable "consumer_project_id" {
description = "The consumer project, in which the GCLB and Cloud Armor should be created."
}
variable "producer_project_id" {
description = "The producer project, in which the ILB, PSC Service Attachment and Cloud Run service should be created"
}
@ -24,4 +40,9 @@ variable "producer_project_id" {
variable "region" {
default = "europe-west1"
description = "The GCP region in which the resources should be deployed."
}
variable "zone" {
default = "europe-west1-b"
description = "The GCP zone for the VM."
}

13
tests/blueprints/networking/psc-glb-and-armor/__init__.py Normal file
View File

@ -0,0 +1,13 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

21
tests/blueprints/networking/psc-glb-and-armor/fixture/main.tf Normal file
View File

@ -0,0 +1,21 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module "test" {
source = "../../../../../blueprints/networking/psc-glb-and-armor"
prefix = var.prefix
project_create = var.project_create
consumer_project_id = var.consumer_project_id
producer_project_id = var.producer_project_id
}

33
tests/blueprints/networking/psc-glb-and-armor/fixture/variables.tf Normal file
View File

@ -0,0 +1,33 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "producer_project_id" {
type = string
default = "project-1"
}
variable "consumer_project_id" {
type = string
default = "project-2"
}
variable "prefix" {
type = string
default = "test"
}
variable "project_create" {
type = bool
default = true
}

19
tests/blueprints/networking/psc-glb-and-armor/test_plan.py Normal file
View File

@ -0,0 +1,19 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 2
assert len(resources) == 7