diff --git a/modules/service-directory/README.md b/modules/service-directory/README.md
index 3b16cbeb..c89fe143 100644
--- a/modules/service-directory/README.md
+++ b/modules/service-directory/README.md
@@ -90,20 +90,59 @@ module "dns-sd" {
}
# tftest modules=2 resources=5 inventory=dns.yaml
```
-
+### Services with endpoints using Private Network Access
+
+[Private Network Access](https://cloud.google.com/service-directory/docs/private-network-access-overview) enables supported Google Cloud products to send HTTP requests to resources inside a VPC.
+
+```hcl
+locals {
+ project_number = "123456789012"
+}
+
+module "service-directory" {
+ source = "./fabric/modules/service-directory"
+ project_id = "my-project"
+ location = "europe-west1"
+ name = "sd-1"
+ services = {
+ one = {
+ endpoints = ["first", "second"]
+ metadata = null
+ }
+ }
+ endpoint_config = {
+ "one/first" = {
+ address = "10.0.0.11",
+ port = 443,
+ network = "projects/${local.project_number}/locations/global/networks/${var.vpc.name}"
+ metadata = {}
+ }
+ "one/second" = {
+ address = "10.0.0.12",
+ port = 443,
+ network = "projects/${local.project_number}/locations/global/networks/${var.vpc.name}"
+ metadata = {}
+ }
+ }
+}
+# tftest modules=1 resources=4 inventory=pna.yaml
+```
+
+Note that the `network` argument is unusual in that it requires the project number, instead of the more common project ID.
+
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L40) | Namespace location. | string | ✓ | |
-| [name](variables.tf#L45) | Namespace name. | string | ✓ | |
-| [project_id](variables.tf#L50) | Project used for resources. | string | ✓ | |
-| [endpoint_config](variables.tf#L18) | Map of endpoint attributes, keys are in service/endpoint format. | map(object({…})) | | {} |
-| [iam](variables.tf#L28) | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| [labels](variables.tf#L34) | Labels. | map(string) | | {} |
-| [service_iam](variables.tf#L55) | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} |
-| [services](variables.tf#L61) | Service configuration, using service names as keys. | map(object({…})) | | {} |
+| [location](variables.tf#L41) | Namespace location. | string | ✓ | |
+| [name](variables.tf#L46) | Namespace name. | string | ✓ | |
+| [project_id](variables.tf#L51) | Project used for resources. | string | ✓ | |
+| [endpoint_config](variables.tf#L18) | Map of endpoint attributes, keys are in service/endpoint format. | map(object({…})) | | {} |
+| [iam](variables.tf#L29) | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [labels](variables.tf#L35) | Labels. | map(string) | | {} |
+| [service_iam](variables.tf#L56) | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} |
+| [services](variables.tf#L62) | Service configuration, using service names as keys. | map(object({…})) | | {} |
## Outputs
@@ -116,5 +155,4 @@ module "dns-sd" {
| [service_id](outputs.tf#L40) | Service ids (short names). | |
| [service_names](outputs.tf#L50) | Service ids (long names). | |
| [services](outputs.tf#L60) | Service resources. | |
-
diff --git a/modules/service-directory/main.tf b/modules/service-directory/main.tf
index 781bae60..25017a28 100644
--- a/modules/service-directory/main.tf
+++ b/modules/service-directory/main.tf
@@ -75,4 +75,5 @@ resource "google_service_directory_endpoint" "default" {
metadata = try(var.endpoint_config[each.key].metadata, null)
address = try(var.endpoint_config[each.key].address, null)
port = try(var.endpoint_config[each.key].port, null)
+ network = try(var.endpoint_config[each.key].network, null)
}
diff --git a/modules/service-directory/variables.tf b/modules/service-directory/variables.tf
index 326aeff8..8212081e 100644
--- a/modules/service-directory/variables.tf
+++ b/modules/service-directory/variables.tf
@@ -20,6 +20,7 @@ variable "endpoint_config" {
type = map(object({
address = string
port = number
+ network = optional(string, null)
metadata = map(string)
}))
default = {}
diff --git a/tests/modules/service_directory/examples/pna.yaml b/tests/modules/service_directory/examples/pna.yaml
new file mode 100644
index 00000000..167c5f82
--- /dev/null
+++ b/tests/modules/service_directory/examples/pna.yaml
@@ -0,0 +1,37 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.service-directory.google_service_directory_endpoint.default["one/first"]:
+ address: 10.0.0.11
+ endpoint_id: first
+ port: 443
+ network: projects/123456789012/locations/global/networks/vpc-name
+ module.service-directory.google_service_directory_endpoint.default["one/second"]:
+ address: 10.0.0.12
+ endpoint_id: second
+ port: 443
+ network: projects/123456789012/locations/global/networks/vpc-name
+ module.service-directory.google_service_directory_namespace.default:
+ location: europe-west1
+ namespace_id: sd-1
+ project: my-project
+ module.service-directory.google_service_directory_service.default["one"]:
+ metadata: null
+ service_id: one
+
+counts:
+ google_service_directory_endpoint: 2
+ google_service_directory_namespace: 1
+ google_service_directory_service: 1