Add support for PSC global access to net-address (#2480)
* Add support for PSC global access to net-address Fixes #2479 * Fix example formatting
This commit is contained in:
Julio Castillo
@@ -159,6 +159,27 @@ module "addresses" {
|
||||
# tftest modules=1 resources=2 inventory=psc-service-attachment-all-apis.yaml e2e
|
||||
```
|
||||
|
||||
Set `global_access` to true to enable global access for regional addresses used by a service attachment.
|
||||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
psc_addresses = {
|
||||
cloudsql-one = {
|
||||
address = "10.0.16.32"
|
||||
subnet_self_link = var.subnet.self_link
|
||||
region = var.region
|
||||
service_attachment = {
|
||||
psc_service_attachment_link = module.cloudsql-instance.psc_service_attachment_link
|
||||
global_access = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=3 fixtures=fixtures/cloudsql-instance.tf inventory=psc-global.yaml e2e
|
||||
```
|
||||
|
||||
|
||||
|
||||
### IPSec Interconnect addresses
|
||||
@@ -216,7 +237,7 @@ module "addresses" {
|
||||
| [ipsec_interconnect_addresses](variables.tf#L65) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") name = optional(string) prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [network_attachments](variables.tf#L84) | PSC network attachments, names as keys. | <code title="map(object({ subnet_self_link = string automatic_connection = optional(bool, false) description = optional(string, "Terraform-managed.") producer_accept_lists = optional(list(string)) producer_reject_lists = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psa_addresses](variables.tf#L102) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string prefix_length = number description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psc_addresses](variables.tf#L114) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string description = optional(string, "Terraform managed.") name = optional(string) network = optional(string) region = optional(string) subnet_self_link = optional(string) service_attachment = optional(object({ # so we can safely check if service_attachemnt != null in for_each psc_service_attachment_link = string })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psc_addresses](variables.tf#L114) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string description = optional(string, "Terraform managed.") name = optional(string) network = optional(string) region = optional(string) subnet_self_link = optional(string) service_attachment = optional(object({ # so we can safely check if service_attachemnt != null in for_each psc_service_attachment_link = string global_access = optional(bool) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -64,6 +64,7 @@ resource "google_compute_global_address" "psc" {
|
||||
}
|
||||
|
||||
resource "google_compute_global_forwarding_rule" "psc_consumer" {
|
||||
provider = google-beta
|
||||
for_each = { for name, psc in local.global_psc : name => psc if psc.service_attachment != null }
|
||||
name = coalesce(each.value.name, each.key)
|
||||
project = var.project_id
|
||||
@@ -71,6 +72,10 @@ resource "google_compute_global_forwarding_rule" "psc_consumer" {
|
||||
ip_address = google_compute_global_address.psc[each.key].self_link
|
||||
load_balancing_scheme = ""
|
||||
target = each.value.service_attachment.psc_service_attachment_link
|
||||
# allow_psc_global_access is not currently supported for global
|
||||
# forwarding rules. This parameter is included for potential future
|
||||
# compatibility.
|
||||
allow_psc_global_access = each.value.service_attachment.global_access
|
||||
}
|
||||
|
||||
# regional PSC services
|
||||
@@ -90,13 +95,15 @@ resource "google_compute_address" "psc" {
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "psc_consumer" {
|
||||
for_each = { for name, psc in local.regional_psc : name => psc if psc.service_attachment != null }
|
||||
name = coalesce(each.value.name, each.key)
|
||||
project = var.project_id
|
||||
region = each.value.region
|
||||
subnetwork = each.value.subnet_self_link
|
||||
ip_address = google_compute_address.psc[each.key].self_link
|
||||
load_balancing_scheme = ""
|
||||
recreate_closed_psc = true
|
||||
target = each.value.service_attachment.psc_service_attachment_link
|
||||
provider = google-beta
|
||||
for_each = { for name, psc in local.regional_psc : name => psc if psc.service_attachment != null }
|
||||
name = coalesce(each.value.name, each.key)
|
||||
project = var.project_id
|
||||
region = each.value.region
|
||||
subnetwork = each.value.subnet_self_link
|
||||
ip_address = google_compute_address.psc[each.key].self_link
|
||||
load_balancing_scheme = ""
|
||||
recreate_closed_psc = true
|
||||
target = each.value.service_attachment.psc_service_attachment_link
|
||||
allow_psc_global_access = each.value.service_attachment.global_access
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -122,6 +122,7 @@ variable "psc_addresses" {
|
||||
subnet_self_link = optional(string)
|
||||
service_attachment = optional(object({ # so we can safely check if service_attachemnt != null in for_each
|
||||
psc_service_attachment_link = string
|
||||
global_access = optional(bool)
|
||||
}))
|
||||
}))
|
||||
default = {}
|
||||
|
||||
47
tests/modules/net_address/examples/psc-global.yaml
Normal file
47
tests/modules/net_address/examples/psc-global.yaml
Normal file
@@ -0,0 +1,47 @@
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.addresses.google_compute_address.psc["cloudsql-one"]:
|
||||
address: 10.0.16.32
|
||||
address_type: INTERNAL
|
||||
description: Terraform managed.
|
||||
ip_version: null
|
||||
ipv6_endpoint_type: null
|
||||
labels: null
|
||||
name: cloudsql-one
|
||||
network: null
|
||||
project: project-id
|
||||
region: europe-west8
|
||||
subnetwork: subnet_self_link
|
||||
timeouts: null
|
||||
module.addresses.google_compute_forwarding_rule.psc_consumer["cloudsql-one"]:
|
||||
all_ports: null
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: true
|
||||
backend_service: null
|
||||
description: null
|
||||
is_mirroring_collector: null
|
||||
labels: null
|
||||
load_balancing_scheme: ''
|
||||
name: cloudsql-one
|
||||
no_automate_dns_zone: null
|
||||
ports: null
|
||||
project: project-id
|
||||
recreate_closed_psc: true
|
||||
region: europe-west8
|
||||
service_label: null
|
||||
source_ip_ranges: null
|
||||
subnetwork: subnet_self_link
|
||||
timeouts: null
|
||||
Reference in New Issue
Block a user