Module net-vpc fix for reserved ranges (#2538)

* fix the reserved ranges * updated readme * formatting * fix example test --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-08-30 07:10:28 +02:00
parent dc0a27b8c2
commit 8ca3bc390f
3 changed files with 201 additions and 8 deletions
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -277,6 +277,42 @@ module "vpc" {
 # tftest modules=1 resources=7 inventory=psa-prefix.yaml e2e
 ```

+Each PSA service can set a different prefix. Ranges will be allocated to the service they are defined in, as in the following example:
+
+```hcl
+module "vpc" {
+  source     = "./fabric/modules/net-vpc"
+  project_id = var.project_id
+  name       = "my-network"
+  subnets = [
+    {
+      ip_cidr_range = "10.0.0.0/24"
+      name          = "production"
+      region        = "europe-west1"
+    }
+  ]
+  psa_configs = [
+    {
+      ranges       = { myrange = "10.0.1.0/24" }
+      range_prefix = ""
+    },
+    {
+      ranges           = { netapp = "10.0.2.0/24" }
+      service_producer = "netapp.servicenetworking.goog"
+      range_prefix     = ""
+    },
+    {
+      ranges = {
+        example  = "10.0.3.0/24",
+        example2 = "10.0.4.0/24"
+      }
+      service_producer = "example.servicenetworking.goog"
+    }
+  ]
+}
+# tftest modules=1 resources=14 inventory=psa-prefix-services.yaml e2e
+```
+
 ### Private Service Networking with peering routes and peered Cloud DNS domains

 Custom routes can be optionally exported/imported through the peering formed with the Google managed PSA VPC.
--- a/modules/net-vpc/psa.tf
+++ b/modules/net-vpc/psa.tf
@@ -63,14 +63,11 @@ resource "google_compute_global_address" "psa_ranges" {
 }

 resource "google_service_networking_connection" "psa_connection" {
-  for_each = local.psa_configs
-  network  = local.network.id
-  service  = each.key
-  reserved_peering_ranges = [
-    for k, v in google_compute_global_address.psa_ranges :
-    v.name if startswith(k, each.value.key)
-  ]
-  deletion_policy = each.value.deletion_policy
+  for_each                = local.psa_configs
+  network                 = local.network.id
+  service                 = each.key
+  reserved_peering_ranges = formatlist("${each.value.key}%s", keys(each.value.ranges))
+  deletion_policy         = each.value.deletion_policy
 }

 resource "google_compute_network_peering_routes_config" "psa_routes" {