Merge pull request #230 from terraform-google-modules/jccb/psn
Add support for private service connect
This commit is contained in:
commit
fce410372d
|
@ -121,6 +121,26 @@ module "vpc-host" {
|
|||
# tftest:modules=1:resources=7
|
||||
```
|
||||
|
||||
### Private Service Networking
|
||||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
name = "production"
|
||||
region = "europe-west1"
|
||||
secondary_ip_range = null
|
||||
}
|
||||
]
|
||||
private_service_networking_range = "10.10.0.0/16"
|
||||
}
|
||||
# tftest:modules=1:resources=4
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -137,6 +157,7 @@ module "vpc-host" {
|
|||
| *mtu* | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes. | <code title=""></code> | | <code title="">null</code> |
|
||||
| *peering_config* | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string export_routes = bool import_routes = bool })">object({...})</code> | | <code title="">null</code> |
|
||||
| *peering_create_remote_end* | Skip creation of peering on the remote end when using peering_config | <code title="">bool</code> | | <code title="">true</code> |
|
||||
| *private_service_networking_range* | RFC1919 CIDR range used for Google services that support private service networking. | <code title="">string</code> | | <code title="null validation { condition = ( var.private_service_networking_range == null || can(cidrnetmask(var.private_service_networking_range)) ) error_message = "Specify a valid RFC1918 CIDR range for private service networking." }">...</code> |
|
||||
| *routes* | Network routes, keyed by name. | <code title="map(object({ dest_range = string priority = number tags = list(string) next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *routing_mode* | The network routing mode (default 'GLOBAL') | <code title="">string</code> | | <code title="GLOBAL validation { condition = var.routing_mode == "GLOBAL" || var.routing_mode == "REGIONAL" error_message = "Routing type must be GLOBAL or REGIONAL." }">...</code> |
|
||||
| *shared_vpc_host* | Enable shared VPC for this project. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
|
|
|
@ -227,3 +227,21 @@ resource "google_compute_route" "vpn_tunnel" {
|
|||
tags = each.value.tags
|
||||
next_hop_vpn_tunnel = each.value.next_hop
|
||||
}
|
||||
|
||||
resource "google_compute_global_address" "psn_range" {
|
||||
count = var.private_service_networking_range == null ? 0 : 1
|
||||
project = var.project_id
|
||||
name = "google-private-service-networking"
|
||||
purpose = "VPC_PEERING"
|
||||
address_type = "INTERNAL"
|
||||
address = split("/", var.private_service_networking_range)[0]
|
||||
prefix_length = split("/", var.private_service_networking_range)[1]
|
||||
network = local.network.id
|
||||
}
|
||||
|
||||
resource "google_service_networking_connection" "psn_connection" {
|
||||
count = var.private_service_networking_range == null ? 0 : 1
|
||||
network = local.network.id
|
||||
service = "servicenetworking.googleapis.com"
|
||||
reserved_peering_ranges = [google_compute_global_address.psn_range.0.name]
|
||||
}
|
||||
|
|
|
@ -17,16 +17,25 @@
|
|||
output "network" {
|
||||
description = "Network resource."
|
||||
value = local.network
|
||||
depends_on = [
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
||||
output "name" {
|
||||
description = "The name of the VPC being created."
|
||||
value = local.network.name
|
||||
depends_on = [
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
||||
output "self_link" {
|
||||
description = "The URI of the VPC being created."
|
||||
value = local.network.self_link
|
||||
depends_on = [
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
||||
output "project_id" {
|
||||
|
@ -38,7 +47,8 @@ output "project_id" {
|
|||
)
|
||||
depends_on = [
|
||||
google_compute_shared_vpc_host_project.shared_vpc_host,
|
||||
google_compute_shared_vpc_service_project.service_projects
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -159,3 +159,16 @@ variable "vpc_create" {
|
|||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "private_service_networking_range" {
|
||||
description = "RFC1919 CIDR range used for Google services that support private service networking."
|
||||
type = string
|
||||
default = null
|
||||
validation {
|
||||
condition = (
|
||||
var.private_service_networking_range == null ||
|
||||
can(cidrnetmask(var.private_service_networking_range))
|
||||
)
|
||||
error_message = "Specify a valid RFC1918 CIDR range for private service networking."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,19 +15,20 @@
|
|||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = var.name
|
||||
iam = var.iam
|
||||
log_configs = var.log_configs
|
||||
log_config_defaults = var.log_config_defaults
|
||||
peering_config = var.peering_config
|
||||
routes = var.routes
|
||||
shared_vpc_host = var.shared_vpc_host
|
||||
shared_vpc_service_projects = var.shared_vpc_service_projects
|
||||
subnets = var.subnets
|
||||
subnet_descriptions = var.subnet_descriptions
|
||||
subnet_flow_logs = var.subnet_flow_logs
|
||||
subnet_private_access = var.subnet_private_access
|
||||
auto_create_subnetworks = var.auto_create_subnetworks
|
||||
source = "../../../../modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = var.name
|
||||
iam = var.iam
|
||||
log_configs = var.log_configs
|
||||
log_config_defaults = var.log_config_defaults
|
||||
peering_config = var.peering_config
|
||||
routes = var.routes
|
||||
shared_vpc_host = var.shared_vpc_host
|
||||
shared_vpc_service_projects = var.shared_vpc_service_projects
|
||||
subnets = var.subnets
|
||||
subnet_descriptions = var.subnet_descriptions
|
||||
subnet_flow_logs = var.subnet_flow_logs
|
||||
subnet_private_access = var.subnet_private_access
|
||||
auto_create_subnetworks = var.auto_create_subnetworks
|
||||
private_service_networking_range = var.private_service_networking_range
|
||||
}
|
||||
|
|
|
@ -119,3 +119,9 @@ variable "subnet_private_access" {
|
|||
type = map(bool)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "private_service_networking_range" {
|
||||
description = "RFC1919 CIDR range used for Google services that support private service networking."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
|
|
@ -88,3 +88,20 @@ def test_vpc_routes(plan_runner):
|
|||
resource = [r for r in resources if r['values']
|
||||
['name'] == 'my-vpc-next-hop-test'][0]
|
||||
assert resource['values']['next_hop_%s' % next_hop_type]
|
||||
|
||||
|
||||
def test_vpc_psn(plan_runner):
|
||||
_, resources = plan_runner(
|
||||
FIXTURES_DIR, private_service_networking_range="10.10.0.0/16"
|
||||
)
|
||||
assert len(resources) == 3
|
||||
|
||||
address = [r["values"] for r in resources if r["type"] == "google_compute_global_address"][0]
|
||||
assert address["address"] == "10.10.0.0"
|
||||
assert address["address_type"] == "INTERNAL"
|
||||
assert address["prefix_length"] == 16
|
||||
assert address["purpose"] == "VPC_PEERING"
|
||||
|
||||
connection = [r["values"] for r in resources if r["type"] == "google_service_networking_connection"][0]
|
||||
assert connection["service"] == "servicenetworking.googleapis.com"
|
||||
assert connection["reserved_peering_ranges"] == ["google-private-service-networking"]
|
||||
|
|
Loading…
Reference in New Issue