Merge pull request #1666 from dgulli/global_managed_proxy_support
added support for global proxy only subnets
This commit is contained in:
commit
efac8e48bb
|
@ -299,6 +299,13 @@ module "vpc" {
|
|||
name = "regional-proxy"
|
||||
region = "europe-west1"
|
||||
active = true
|
||||
},
|
||||
{
|
||||
ip_cidr_range = "10.0.4.0/24"
|
||||
name = "global-proxy"
|
||||
region = "australia-southeast2"
|
||||
active = true
|
||||
global = true
|
||||
}
|
||||
]
|
||||
subnets_psc = [
|
||||
|
@ -309,7 +316,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=proxy-only-subnets.yaml
|
||||
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
|
||||
```
|
||||
|
||||
### DNS Policies
|
||||
|
@ -348,7 +355,7 @@ module "vpc" {
|
|||
name = "my-network"
|
||||
data_folder = "config/subnets"
|
||||
}
|
||||
# tftest modules=1 resources=9 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-psc inventory=factory.yaml
|
||||
# tftest modules=1 resources=10 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-proxy-global,subnet-psc inventory=factory.yaml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -392,6 +399,13 @@ ip_cidr_range: 10.1.0.0/24
|
|||
purpose: REGIONAL_MANAGED_PROXY
|
||||
```
|
||||
|
||||
```yaml
|
||||
# tftest-file id=subnet-proxy-global path=config/subnets/subnet-proxy-global.yaml
|
||||
region: australia-southeast2
|
||||
ip_cidr_range: 10.4.0.0/24
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
```
|
||||
|
||||
```yaml
|
||||
# tftest-file id=subnet-psc path=config/subnets/subnet-psc.yaml
|
||||
region: europe-west4
|
||||
|
@ -546,9 +560,9 @@ module "vpc" {
|
|||
| [subnet_iam_bindings](variables.tf#L173) | Authoritative IAM bindings in {REGION/NAME => {ROLE => {members = [], condition = {}}}}. | <code title="map(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
| [subnet_iam_bindings_additive](variables.tf#L187) | Individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string subnet = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [subnets](variables.tf#L203) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L230) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L243) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L255) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
| [subnets_proxy_only](variables.tf#L230) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool global = optional(bool, false) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L244) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L256) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -136,4 +136,4 @@ output "subnets_proxy_only" {
|
|||
output "subnets_psc" {
|
||||
description = "Private Service Connect subnet resources."
|
||||
value = { for k, v in google_compute_subnetwork.psc : k => v }
|
||||
}
|
||||
}
|
|
@ -35,6 +35,7 @@ locals {
|
|||
iam_members = try(v.iam_members, [])
|
||||
purpose = try(v.purpose, null)
|
||||
active = try(v.active, null)
|
||||
global = null
|
||||
}
|
||||
}
|
||||
_factory_subnets_iam = [
|
||||
|
@ -73,7 +74,8 @@ locals {
|
|||
)
|
||||
subnets_proxy_only = merge(
|
||||
{ for s in var.subnets_proxy_only : "${s.region}/${s.name}" => s },
|
||||
{ for k, v in local._factory_subnets : k => v if v.purpose == "REGIONAL_MANAGED_PROXY" }
|
||||
{ for k, v in local._factory_subnets : k => v if v.purpose == "REGIONAL_MANAGED_PROXY" },
|
||||
{ for k, v in local._factory_subnets : k => v if v.purpose == "GLOBAL_MANAGED_PROXY" }
|
||||
)
|
||||
subnets_psc = merge(
|
||||
{ for s in var.subnets_psc : "${s.region}/${s.name}" => s },
|
||||
|
@ -130,11 +132,17 @@ resource "google_compute_subnetwork" "proxy_only" {
|
|||
ip_cidr_range = each.value.ip_cidr_range
|
||||
description = (
|
||||
each.value.description == null
|
||||
? "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
|
||||
? "Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB."
|
||||
: each.value.description
|
||||
)
|
||||
purpose = "REGIONAL_MANAGED_PROXY"
|
||||
role = each.value.active != false ? "ACTIVE" : "BACKUP"
|
||||
purpose = try(
|
||||
each.value.purpose,
|
||||
each.value.global != false
|
||||
? "GLOBAL_MANAGED_PROXY"
|
||||
: "REGIONAL_MANAGED_PROXY"
|
||||
)
|
||||
|
||||
role = each.value.active != false ? "ACTIVE" : "BACKUP"
|
||||
}
|
||||
|
||||
resource "google_compute_subnetwork" "psc" {
|
||||
|
|
|
@ -228,13 +228,14 @@ variable "subnets" {
|
|||
}
|
||||
|
||||
variable "subnets_proxy_only" {
|
||||
description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
|
||||
description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
region = string
|
||||
description = optional(string)
|
||||
active = bool
|
||||
global = optional(bool, false)
|
||||
}))
|
||||
default = []
|
||||
nullable = false
|
||||
|
|
|
@ -48,8 +48,7 @@ values:
|
|||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal
|
||||
HTTPS LB.
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
|
||||
ip_cidr_range: 10.1.0.0/24
|
||||
ipv6_access_type: null
|
||||
log_config: []
|
||||
|
@ -59,6 +58,17 @@ values:
|
|||
region: europe-west4
|
||||
role: ACTIVE
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.proxy_only["australia-southeast2/subnet-proxy-global"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
|
||||
ip_cidr_range: 10.4.0.0/24
|
||||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: subnet-proxy-global
|
||||
project: my-project
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
region: australia-southeast2
|
||||
role: ACTIVE
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.psc["europe-west4/subnet-psc"]:
|
||||
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
|
||||
ip_cidr_range: 10.2.0.0/24
|
||||
|
@ -127,9 +137,9 @@ values:
|
|||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_route: 2
|
||||
google_compute_subnetwork: 5
|
||||
google_compute_subnetwork: 6
|
||||
google_compute_subnetwork_iam_binding: 1
|
||||
modules: 1
|
||||
resources: 9
|
||||
resources: 10
|
||||
|
||||
outputs: {}
|
||||
|
|
|
@ -17,7 +17,7 @@ values:
|
|||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: regional-proxy
|
||||
|
@ -25,6 +25,15 @@ values:
|
|||
purpose: REGIONAL_MANAGED_PROXY
|
||||
region: europe-west1
|
||||
role: ACTIVE
|
||||
module.vpc.google_compute_subnetwork.proxy_only["australia-southeast2/global-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
|
||||
ip_cidr_range: 10.0.4.0/24
|
||||
log_config: []
|
||||
name: global-proxy
|
||||
project: my-project
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
region: australia-southeast2
|
||||
role: ACTIVE
|
||||
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
|
||||
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
|
||||
ip_cidr_range: 10.0.3.0/24
|
||||
|
@ -37,4 +46,4 @@ values:
|
|||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
||||
google_compute_subnetwork: 3
|
||||
|
|
Loading…
Reference in New Issue