Merge pull request #1960 from stribioli/sd-pna
Add PNA support to Service Directory module
This commit is contained in:
commit
e112810bc8
|
@ -90,20 +90,59 @@ module "dns-sd" {
|
|||
}
|
||||
# tftest modules=2 resources=5 inventory=dns.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
### Services with endpoints using Private Network Access
|
||||
|
||||
[Private Network Access](https://cloud.google.com/service-directory/docs/private-network-access-overview) enables supported Google Cloud products to send HTTP requests to resources inside a VPC.
|
||||
|
||||
```hcl
|
||||
locals {
|
||||
project_number = "123456789012"
|
||||
}
|
||||
|
||||
module "service-directory" {
|
||||
source = "./fabric/modules/service-directory"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1"
|
||||
name = "sd-1"
|
||||
services = {
|
||||
one = {
|
||||
endpoints = ["first", "second"]
|
||||
metadata = null
|
||||
}
|
||||
}
|
||||
endpoint_config = {
|
||||
"one/first" = {
|
||||
address = "10.0.0.11",
|
||||
port = 443,
|
||||
network = "projects/${local.project_number}/locations/global/networks/${var.vpc.name}"
|
||||
metadata = {}
|
||||
}
|
||||
"one/second" = {
|
||||
address = "10.0.0.12",
|
||||
port = 443,
|
||||
network = "projects/${local.project_number}/locations/global/networks/${var.vpc.name}"
|
||||
metadata = {}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4 inventory=pna.yaml
|
||||
```
|
||||
|
||||
Note that the `network` argument is unusual in that it requires the project number, instead of the more common project ID.
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [location](variables.tf#L40) | Namespace location. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L45) | Namespace name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L50) | Project used for resources. | <code>string</code> | ✓ | |
|
||||
| [endpoint_config](variables.tf#L18) | Map of endpoint attributes, keys are in service/endpoint format. | <code title="map(object({ address = string port = number metadata = map(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [iam](variables.tf#L28) | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L34) | Labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [service_iam](variables.tf#L55) | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [services](variables.tf#L61) | Service configuration, using service names as keys. | <code title="map(object({ endpoints = list(string) metadata = map(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L41) | Namespace location. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L46) | Namespace name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L51) | Project used for resources. | <code>string</code> | ✓ | |
|
||||
| [endpoint_config](variables.tf#L18) | Map of endpoint attributes, keys are in service/endpoint format. | <code title="map(object({ address = string port = number network = optional(string, null) metadata = map(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [iam](variables.tf#L29) | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L35) | Labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [service_iam](variables.tf#L56) | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [services](variables.tf#L62) | Service configuration, using service names as keys. | <code title="map(object({ endpoints = list(string) metadata = map(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
@ -116,5 +155,4 @@ module "dns-sd" {
|
|||
| [service_id](outputs.tf#L40) | Service ids (short names). | |
|
||||
| [service_names](outputs.tf#L50) | Service ids (long names). | |
|
||||
| [services](outputs.tf#L60) | Service resources. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -75,4 +75,5 @@ resource "google_service_directory_endpoint" "default" {
|
|||
metadata = try(var.endpoint_config[each.key].metadata, null)
|
||||
address = try(var.endpoint_config[each.key].address, null)
|
||||
port = try(var.endpoint_config[each.key].port, null)
|
||||
network = try(var.endpoint_config[each.key].network, null)
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ variable "endpoint_config" {
|
|||
type = map(object({
|
||||
address = string
|
||||
port = number
|
||||
network = optional(string, null)
|
||||
metadata = map(string)
|
||||
}))
|
||||
default = {}
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.service-directory.google_service_directory_endpoint.default["one/first"]:
|
||||
address: 10.0.0.11
|
||||
endpoint_id: first
|
||||
port: 443
|
||||
network: projects/123456789012/locations/global/networks/vpc-name
|
||||
module.service-directory.google_service_directory_endpoint.default["one/second"]:
|
||||
address: 10.0.0.12
|
||||
endpoint_id: second
|
||||
port: 443
|
||||
network: projects/123456789012/locations/global/networks/vpc-name
|
||||
module.service-directory.google_service_directory_namespace.default:
|
||||
location: europe-west1
|
||||
namespace_id: sd-1
|
||||
project: my-project
|
||||
module.service-directory.google_service_directory_service.default["one"]:
|
||||
metadata: null
|
||||
service_id: one
|
||||
|
||||
counts:
|
||||
google_service_directory_endpoint: 2
|
||||
google_service_directory_namespace: 1
|
||||
google_service_directory_service: 1
|
Loading…
Reference in New Issue