From 24b5e03c80ea2192356e3300045708cc91765267 Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Wed, 4 Aug 2021 17:09:44 +0200 Subject: [PATCH 1/7] initial scaffold for an Apigee tf module --- modules/apigee-x-instance/README.md | 30 ++++++++++ modules/apigee-x-instance/main.tf | 14 +++++ modules/apigee-x-instance/outputs.tf | 4 ++ modules/apigee-x-instance/variables.tf | 29 ++++++++++ modules/apigee/README.md | 68 ++++++++++++++++++++++ modules/apigee/main.tf | 72 +++++++++++++++++++++++ modules/apigee/outputs.tf | 14 +++++ modules/apigee/variables.tf | 79 ++++++++++++++++++++++++++ 8 files changed, 310 insertions(+) create mode 100644 modules/apigee-x-instance/README.md create mode 100644 modules/apigee-x-instance/main.tf create mode 100644 modules/apigee-x-instance/outputs.tf create mode 100644 modules/apigee-x-instance/variables.tf create mode 100644 modules/apigee/README.md create mode 100644 modules/apigee/main.tf create mode 100644 modules/apigee/outputs.tf create mode 100644 modules/apigee/variables.tf diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md new file mode 100644 index 000000000..90d29a68f --- /dev/null +++ b/modules/apigee-x-instance/README.md @@ -0,0 +1,30 @@ +# Apigee Module + +This module allows managing a single Apigee X instance and its environment attachments. + +## TODO + +- [ ] N/A + +## Examples + +### Apigee X Evaluation Instance + +```hcl +module "apigee-x-instance" { + source = "./modules/apigee-x-instance" + name = "my-us-instance" + region = "us-central1" + cidr_mask = 22 + + apigee_org_id = "my-project" + apigee_environments = [ + "eval1", + "eval2" + ] +} +# tftest:modules=1:resources=3 +``` + + + diff --git a/modules/apigee-x-instance/main.tf b/modules/apigee-x-instance/main.tf new file mode 100644 index 000000000..0e5f6fbd1 --- /dev/null +++ b/modules/apigee-x-instance/main.tf @@ -0,0 +1,14 @@ +resource "google_apigee_instance" "apigee_instance" { + org_id = var.apigee_org_id + name = var.name + location = var.region + peering_cidr_range = "SLASH_${var.cidr_mask}" + #disk_encryption_key_name = google_kms_crypto_key.apigee_key.id +} + + +resource "google_apigee_instance_attachment" "apigee_instance_attchment" { + for_each = toset(var.apigee_environments) + instance_id = google_apigee_instance.apigee_instance.id + environment = each.key +} diff --git a/modules/apigee-x-instance/outputs.tf b/modules/apigee-x-instance/outputs.tf new file mode 100644 index 000000000..be9531336 --- /dev/null +++ b/modules/apigee-x-instance/outputs.tf @@ -0,0 +1,4 @@ +output "endpoint" { + description = "Internal endpoint of the Apigee instance." + value = google_apigee_instance.apigee_instance.host +} \ No newline at end of file diff --git a/modules/apigee-x-instance/variables.tf b/modules/apigee-x-instance/variables.tf new file mode 100644 index 000000000..9bc09f1f9 --- /dev/null +++ b/modules/apigee-x-instance/variables.tf @@ -0,0 +1,29 @@ +variable "name" { + description = "Apigee instance name." + type = string +} + +variable "apigee_org_id" { + description = "Apigee Organization ID" + type = string +} + +variable "apigee_environments" { + description = "Apigee Environment Names." + type = list(string) + default = [] +} + +variable "cidr_mask" { + description = "CIDR mask for the Apigee instance" + type = number + validation { + condition = contains([16, 20, 22], var.cidr_mask) + error_message = "Allowed Values for cidr_mask [16, 20, 22]." + } +} + +variable "region" { + description = "Compute region." + type = string +} diff --git a/modules/apigee/README.md b/modules/apigee/README.md new file mode 100644 index 000000000..f8be0b244 --- /dev/null +++ b/modules/apigee/README.md @@ -0,0 +1,68 @@ +# Apigee Module + +This module allows managing a single Apigee organization and its environments and environmentgrous. + +## TODO + +- [ ] N/A + +## Examples + +### Apigee X Evaluation Organization + +```hcl +module "apigee" { + source = "./modules/apigee" + project_id = "my-project" + analytics_region = "us-central1" + runtime_type = "CLOUD" + peering_network = "my-vpc" + peering_range = "10.0.0.0/16" + apigee_environments = [ + "eval1", + "eval2" + ] + apigee_envgroups = { + eval = { + environments = [ + "eval1", + "eval2" + ] + hostnames = [ + "eval.api.example.com" + ] + } + } +} +# tftest:modules=1:resources=10 +``` + +### Apigee hybrid Evaluation Organization + +```hcl +module "apigee" { + source = "./modules/apigee" + project_id = "my-project" + analytics_region = "us-central1" + runtime_type = "HYBRID" + apigee_environments = [ + "eval1", + "eval2" + ] + apigee_envgroups = { + eval = { + environments = [ + "eval1", + "eval2" + ] + hostnames = [ + "eval.api.example.com" + ] + } + } +} +# tftest:modules=1:resources=6 +``` + + + diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf new file mode 100644 index 000000000..c1c3b6602 --- /dev/null +++ b/modules/apigee/main.tf @@ -0,0 +1,72 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + env_envgroup_pairs = flatten([ + for eg_name, eg in var.apigee_envgroups: [ + for e in eg.environments : { + envgroup = eg_name + env = e + } + ] + ]) +} + +resource "google_apigee_organization" "apigee_org" { + project_id = var.project_id + analytics_region = var.analytics_region + display_name = var.display_name + description = var.description + runtime_type = var.runtime_type + authorized_network = var.peering_network +} + +resource "google_apigee_environment" "apigee_env" { + for_each = toset(var.apigee_environments) + org_id = google_apigee_organization.apigee_org.id + name = each.key +} + +resource "google_apigee_envgroup" "apigee_envgroup" { + for_each = var.apigee_envgroups + org_id = google_apigee_organization.apigee_org.id + name = each.key + hostnames = each.value.hostnames +} + +resource "google_apigee_envgroup_attachment" "env_to_envgroup_attachment" { + for_each = { for pair in local.env_envgroup_pairs : "${pair.envgroup}-${pair.env}" => pair } + envgroup_id = google_apigee_envgroup.apigee_envgroup[each.value.envgroup].id + environment = google_apigee_environment.apigee_env[each.value.env].name +} + +resource "google_compute_global_address" "apigee_peering_range" { + count = var.peering_range == null ? 0 : 1 + project = var.project_id + name = "${var.project_id}-apigee-peering" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + address = split("/", var.peering_range)[0] + prefix_length = split("/", var.peering_range)[1] + network = var.peering_network +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + count = var.peering_network == null ? 0 : 1 + network = "projects/${var.project_id}/global/networks/${var.peering_network}" + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_peering_range.0.name] +} diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf new file mode 100644 index 000000000..5db63b341 --- /dev/null +++ b/modules/apigee/outputs.tf @@ -0,0 +1,14 @@ +output "subscription_type" { + description = "Apigee subscription type." + value = google_apigee_organization.apigee_org.subscription_type +} + +output "org_ca_certificate" { + description = "Apigee organization CA certificate." + value = google_apigee_organization.apigee_org.ca_certificate +} + +output "org_id" { + description = "Apigee Organization ID." + value = google_apigee_organization.apigee_org.id +} \ No newline at end of file diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf new file mode 100644 index 000000000..3f4cd9921 --- /dev/null +++ b/modules/apigee/variables.tf @@ -0,0 +1,79 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "Project ID to host this Apigee organization (will also become the Apigee Org name)." + type = string +} + +variable "analytics_region" { + description = "Analytics Region for the Apgiee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli." + type = string + default = "us-central1" +} + +variable "display_name" { + description = "Display Name of the Apigee Organization." + type = string + default = null +} + +variable "description" { + description = "Description of the Apigee Organization." + type = string + default = "Apigee Organization created by tf module" +} + +variable "runtime_type" { + type = string + + validation { + condition = contains(["CLOUD", "HYBRID"], var.runtime_type) + error_message = "Allowed values for runtime_type \"CLOUD\" or \"HYBRID\"." + } +} + +variable "peering_network" { + description = "VPC Network used for peering Apigee (Used in Apigee X only)." + type = string + default = null + + # validation { + # condition = var.runtime_type == "CLOUD" ? var.peering_vpc != null : true + # error_message = "A peering_vpc must be provided for Apigee Organizations of runtime_type \"CLOUD\"." + # } +} + +variable "peering_range" { + description = "RFC1919 CIDR range used for peering the Apigee tennant project. Min size for trial is /22 min size for PAID is /20" + type = string + default = null +} + +variable "apigee_environments" { + description = "Apigee Environment Names." + type = list(string) + default = [] +} + +variable "apigee_envgroups" { + description = "Apigee Environment Groups." + type = map(object({ + environments = list(string) + hostnames = list(string) + })) + default = {} +} From 9c4bb0562f4d2cf9f3d2bff5d210d0dec29bb6be Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Thu, 5 Aug 2021 11:57:22 +0200 Subject: [PATCH 2/7] apigee module without service networking --- .../{apigee => apigee-organization}/README.md | 8 +-- .../{apigee => apigee-organization}/main.tf | 28 ++------ modules/apigee-organization/outputs.tf | 35 ++++++++++ .../variables.tf | 66 ++++++++----------- modules/apigee-x-instance/README.md | 2 +- modules/apigee-x-instance/main.tf | 17 ++++- modules/apigee-x-instance/outputs.tf | 27 +++++++- modules/apigee-x-instance/variables.tf | 51 ++++++++++---- modules/apigee/outputs.tf | 14 ---- 9 files changed, 151 insertions(+), 97 deletions(-) rename modules/{apigee => apigee-organization}/README.md (88%) rename modules/{apigee => apigee-organization}/main.tf (64%) create mode 100644 modules/apigee-organization/outputs.tf rename modules/{apigee => apigee-organization}/variables.tf (76%) delete mode 100644 modules/apigee/outputs.tf diff --git a/modules/apigee/README.md b/modules/apigee-organization/README.md similarity index 88% rename from modules/apigee/README.md rename to modules/apigee-organization/README.md index f8be0b244..becd82aff 100644 --- a/modules/apigee/README.md +++ b/modules/apigee-organization/README.md @@ -1,6 +1,6 @@ -# Apigee Module +# Google Apigee Organization Module -This module allows managing a single Apigee organization and its environments and environmentgrous. +This module allows managing a single Apigee organization and its environments and environmentgroups. ## TODO @@ -16,7 +16,7 @@ module "apigee" { project_id = "my-project" analytics_region = "us-central1" runtime_type = "CLOUD" - peering_network = "my-vpc" + authorized_network = "my-vpc" peering_range = "10.0.0.0/16" apigee_environments = [ "eval1", @@ -34,7 +34,7 @@ module "apigee" { } } } -# tftest:modules=1:resources=10 +# tftest:modules=1:resources=6 ``` ### Apigee hybrid Evaluation Organization diff --git a/modules/apigee/main.tf b/modules/apigee-organization/main.tf similarity index 64% rename from modules/apigee/main.tf rename to modules/apigee-organization/main.tf index c1c3b6602..66eaae529 100644 --- a/modules/apigee/main.tf +++ b/modules/apigee-organization/main.tf @@ -16,10 +16,10 @@ locals { env_envgroup_pairs = flatten([ - for eg_name, eg in var.apigee_envgroups: [ + for eg_name, eg in var.apigee_envgroups : [ for e in eg.environments : { - envgroup = eg_name - env = e + envgroup = eg_name + env = e } ] ]) @@ -31,7 +31,7 @@ resource "google_apigee_organization" "apigee_org" { display_name = var.display_name description = var.description runtime_type = var.runtime_type - authorized_network = var.peering_network + authorized_network = var.authorized_network } resource "google_apigee_environment" "apigee_env" { @@ -51,22 +51,4 @@ resource "google_apigee_envgroup_attachment" "env_to_envgroup_attachment" { for_each = { for pair in local.env_envgroup_pairs : "${pair.envgroup}-${pair.env}" => pair } envgroup_id = google_apigee_envgroup.apigee_envgroup[each.value.envgroup].id environment = google_apigee_environment.apigee_env[each.value.env].name -} - -resource "google_compute_global_address" "apigee_peering_range" { - count = var.peering_range == null ? 0 : 1 - project = var.project_id - name = "${var.project_id}-apigee-peering" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - address = split("/", var.peering_range)[0] - prefix_length = split("/", var.peering_range)[1] - network = var.peering_network -} - -resource "google_service_networking_connection" "apigee_vpc_connection" { - count = var.peering_network == null ? 0 : 1 - network = "projects/${var.project_id}/global/networks/${var.peering_network}" - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.apigee_peering_range.0.name] -} +} \ No newline at end of file diff --git a/modules/apigee-organization/outputs.tf b/modules/apigee-organization/outputs.tf new file mode 100644 index 000000000..6ff012500 --- /dev/null +++ b/modules/apigee-organization/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "org" { + description = "Apigee Organization." + value = google_apigee_organization.apigee_org +} + +output "org_ca_certificate" { + description = "Apigee organization CA certificate." + value = google_apigee_organization.apigee_org.ca_certificate +} + +output "org_id" { + description = "Apigee Organization ID." + value = google_apigee_organization.apigee_org.id +} + +output "subscription_type" { + description = "Apigee subscription type." + value = google_apigee_organization.apigee_org.subscription_type +} diff --git a/modules/apigee/variables.tf b/modules/apigee-organization/variables.tf similarity index 76% rename from modules/apigee/variables.tf rename to modules/apigee-organization/variables.tf index 3f4cd9921..1bec6f1fc 100644 --- a/modules/apigee/variables.tf +++ b/modules/apigee-organization/variables.tf @@ -14,15 +14,36 @@ * limitations under the License. */ -variable "project_id" { - description = "Project ID to host this Apigee organization (will also become the Apigee Org name)." - type = string +variable "authorized_network" { + description = "VPC network id (requires service network peering enabled (Used in Apigee X only)." + type = string + default = null } variable "analytics_region" { description = "Analytics Region for the Apgiee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli." type = string - default = "us-central1" +} + +variable "apigee_envgroups" { + description = "Apigee Environment Groups." + type = map(object({ + environments = list(string) + hostnames = list(string) + })) + default = {} +} + +variable "apigee_environments" { + description = "Apigee Environment Names." + type = list(string) + default = [] +} + +variable "description" { + description = "Description of the Apigee Organization." + type = string + default = "Apigee Organization created by tf module" } variable "display_name" { @@ -31,10 +52,9 @@ variable "display_name" { default = null } -variable "description" { - description = "Description of the Apigee Organization." - type = string - default = "Apigee Organization created by tf module" +variable "project_id" { + description = "Project ID to host this Apigee organization (will also become the Apigee Org name)." + type = string } variable "runtime_type" { @@ -46,34 +66,4 @@ variable "runtime_type" { } } -variable "peering_network" { - description = "VPC Network used for peering Apigee (Used in Apigee X only)." - type = string - default = null - # validation { - # condition = var.runtime_type == "CLOUD" ? var.peering_vpc != null : true - # error_message = "A peering_vpc must be provided for Apigee Organizations of runtime_type \"CLOUD\"." - # } -} - -variable "peering_range" { - description = "RFC1919 CIDR range used for peering the Apigee tennant project. Min size for trial is /22 min size for PAID is /20" - type = string - default = null -} - -variable "apigee_environments" { - description = "Apigee Environment Names." - type = list(string) - default = [] -} - -variable "apigee_envgroups" { - description = "Apigee Environment Groups." - type = map(object({ - environments = list(string) - hostnames = list(string) - })) - default = {} -} diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md index 90d29a68f..caa8577a0 100644 --- a/modules/apigee-x-instance/README.md +++ b/modules/apigee-x-instance/README.md @@ -1,4 +1,4 @@ -# Apigee Module +# Google Apigee X Instance Module This module allows managing a single Apigee X instance and its environment attachments. diff --git a/modules/apigee-x-instance/main.tf b/modules/apigee-x-instance/main.tf index 0e5f6fbd1..82497b6fc 100644 --- a/modules/apigee-x-instance/main.tf +++ b/modules/apigee-x-instance/main.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + resource "google_apigee_instance" "apigee_instance" { org_id = var.apigee_org_id name = var.name @@ -6,7 +22,6 @@ resource "google_apigee_instance" "apigee_instance" { #disk_encryption_key_name = google_kms_crypto_key.apigee_key.id } - resource "google_apigee_instance_attachment" "apigee_instance_attchment" { for_each = toset(var.apigee_environments) instance_id = google_apigee_instance.apigee_instance.id diff --git a/modules/apigee-x-instance/outputs.tf b/modules/apigee-x-instance/outputs.tf index be9531336..3d754d24a 100644 --- a/modules/apigee-x-instance/outputs.tf +++ b/modules/apigee-x-instance/outputs.tf @@ -1,4 +1,25 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * limitations under the License. + * See the License for the specific language governing permissions and + */ + +output "instance" { + description = "Apigee instance." + value = google_apigee_instance.apigee_instance +} + output "endpoint" { - description = "Internal endpoint of the Apigee instance." - value = google_apigee_instance.apigee_instance.host -} \ No newline at end of file + description = "Internal endpoint of the Apigee instance." + value = google_apigee_instance.apigee_instance.host +} diff --git a/modules/apigee-x-instance/variables.tf b/modules/apigee-x-instance/variables.tf index 9bc09f1f9..88047176f 100644 --- a/modules/apigee-x-instance/variables.tf +++ b/modules/apigee-x-instance/variables.tf @@ -1,28 +1,53 @@ -variable "name" { - description = "Apigee instance name." - type = string -} +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ -variable "apigee_org_id" { - description = "Apigee Organization ID" - type = string +variable "apigee_envgroups" { + description = "Apigee Environment Groups." + type = map(object({ + environments = list(string) + hostnames = list(string) + })) + default = {} } variable "apigee_environments" { description = "Apigee Environment Names." - type = list(string) - default = [] + type = list(string) + default = [] +} + +variable "apigee_org_id" { + description = "Apigee Organization ID" + type = string } variable "cidr_mask" { - description = "CIDR mask for the Apigee instance" - type = number - validation { + description = "CIDR mask for the Apigee instance" + type = number + validation { condition = contains([16, 20, 22], var.cidr_mask) - error_message = "Allowed Values for cidr_mask [16, 20, 22]." + error_message = "Invalid CIDR mask; Allowed values for cidr_mask: [16, 20, 22]." } } +variable "name" { + description = "Apigee instance name." + type = string +} + variable "region" { description = "Compute region." type = string diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf deleted file mode 100644 index 5db63b341..000000000 --- a/modules/apigee/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "subscription_type" { - description = "Apigee subscription type." - value = google_apigee_organization.apigee_org.subscription_type -} - -output "org_ca_certificate" { - description = "Apigee organization CA certificate." - value = google_apigee_organization.apigee_org.ca_certificate -} - -output "org_id" { - description = "Apigee Organization ID." - value = google_apigee_organization.apigee_org.id -} \ No newline at end of file From e8b01064f6f80c3b24f4e70a3b333ac50df54753 Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Thu, 5 Aug 2021 13:21:57 +0200 Subject: [PATCH 3/7] Apigee add paid only variables and examples --- modules/apigee-organization/README.md | 55 +++++++++++++++++++----- modules/apigee-organization/main.tf | 13 +++--- modules/apigee-organization/variables.tf | 6 +++ modules/apigee-x-instance/README.md | 25 +++++++++-- modules/apigee-x-instance/main.tf | 10 ++--- modules/apigee-x-instance/outputs.tf | 16 +++++-- modules/apigee-x-instance/variables.tf | 6 +++ 7 files changed, 103 insertions(+), 28 deletions(-) diff --git a/modules/apigee-organization/README.md b/modules/apigee-organization/README.md index becd82aff..b4b35d453 100644 --- a/modules/apigee-organization/README.md +++ b/modules/apigee-organization/README.md @@ -2,22 +2,17 @@ This module allows managing a single Apigee organization and its environments and environmentgroups. -## TODO - -- [ ] N/A - ## Examples ### Apigee X Evaluation Organization ```hcl -module "apigee" { - source = "./modules/apigee" +module "apigee-organization" { + source = "./modules/apigee-organization" project_id = "my-project" analytics_region = "us-central1" runtime_type = "CLOUD" authorized_network = "my-vpc" - peering_range = "10.0.0.0/16" apigee_environments = [ "eval1", "eval2" @@ -37,11 +32,51 @@ module "apigee" { # tftest:modules=1:resources=6 ``` -### Apigee hybrid Evaluation Organization +### Apigee X Paid Organization ```hcl -module "apigee" { - source = "./modules/apigee" +module "apigee-organization" { + source = "./modules/apigee-organization" + project_id = "my-project" + analytics_region = "us-central1" + runtime_type = "CLOUD" + authorized_network = "my-vpc" + database_encryption_key = "my-data-key" + apigee_environments = [ + "dev1", + "dev2", + "test1", + "test2" + ] + apigee_envgroups = { + dev = { + environments = [ + "dev1", + "dev2" + ] + hostnames = [ + "dev.api.example.com" + ] + } + test = { + environments = [ + "test1", + "test2" + ] + hostnames = [ + "test.api.example.com" + ] + } + } +} +# tftest:modules=1:resources=11 +``` + +### Apigee hybrid Organization + +```hcl +module "apigee-organization" { + source = "./modules/apigee-organization" project_id = "my-project" analytics_region = "us-central1" runtime_type = "HYBRID" diff --git a/modules/apigee-organization/main.tf b/modules/apigee-organization/main.tf index 66eaae529..b1c134814 100644 --- a/modules/apigee-organization/main.tf +++ b/modules/apigee-organization/main.tf @@ -26,12 +26,13 @@ locals { } resource "google_apigee_organization" "apigee_org" { - project_id = var.project_id - analytics_region = var.analytics_region - display_name = var.display_name - description = var.description - runtime_type = var.runtime_type - authorized_network = var.authorized_network + project_id = var.project_id + analytics_region = var.analytics_region + display_name = var.display_name + description = var.description + runtime_type = var.runtime_type + authorized_network = var.authorized_network + runtime_database_encryption_key_name = var.database_encryption_key } resource "google_apigee_environment" "apigee_env" { diff --git a/modules/apigee-organization/variables.tf b/modules/apigee-organization/variables.tf index 1bec6f1fc..5e792be51 100644 --- a/modules/apigee-organization/variables.tf +++ b/modules/apigee-organization/variables.tf @@ -40,6 +40,12 @@ variable "apigee_environments" { default = [] } +variable "database_encryption_key" { + description = "Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only)." + type = string + default = null +} + variable "description" { description = "Description of the Apigee Organization." type = string diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md index caa8577a0..e407a5f61 100644 --- a/modules/apigee-x-instance/README.md +++ b/modules/apigee-x-instance/README.md @@ -2,10 +2,6 @@ This module allows managing a single Apigee X instance and its environment attachments. -## TODO - -- [ ] N/A - ## Examples ### Apigee X Evaluation Instance @@ -26,5 +22,26 @@ module "apigee-x-instance" { # tftest:modules=1:resources=3 ``` +### Apigee X Paid Instance + +```hcl +module "apigee-x-instance" { + source = "./modules/apigee-x-instance" + name = "my-us-instance" + region = "us-central1" + cidr_mask = 16 + disk_encryption_key = "my-disk-key" + + apigee_org_id = "my-project" + apigee_environments = [ + "dev1", + "dev2", + "test1", + "test2" + ] +} +# tftest:modules=1:resources=5 +``` + diff --git a/modules/apigee-x-instance/main.tf b/modules/apigee-x-instance/main.tf index 82497b6fc..9c3008283 100644 --- a/modules/apigee-x-instance/main.tf +++ b/modules/apigee-x-instance/main.tf @@ -15,11 +15,11 @@ */ resource "google_apigee_instance" "apigee_instance" { - org_id = var.apigee_org_id - name = var.name - location = var.region - peering_cidr_range = "SLASH_${var.cidr_mask}" - #disk_encryption_key_name = google_kms_crypto_key.apigee_key.id + org_id = var.apigee_org_id + name = var.name + location = var.region + peering_cidr_range = "SLASH_${var.cidr_mask}" + disk_encryption_key_name = var.disk_encryption_key } resource "google_apigee_instance_attachment" "apigee_instance_attchment" { diff --git a/modules/apigee-x-instance/outputs.tf b/modules/apigee-x-instance/outputs.tf index 3d754d24a..0f2d5d6bb 100644 --- a/modules/apigee-x-instance/outputs.tf +++ b/modules/apigee-x-instance/outputs.tf @@ -14,12 +14,22 @@ * See the License for the specific language governing permissions and */ +output "endpoint" { + description = "Internal endpoint of the Apigee instance." + value = google_apigee_instance.apigee_instance.host +} + +output "id" { + description = "Apigee instance ID." + value = google_apigee_instance.apigee_instance.id +} + output "instance" { description = "Apigee instance." value = google_apigee_instance.apigee_instance } -output "endpoint" { - description = "Internal endpoint of the Apigee instance." - value = google_apigee_instance.apigee_instance.host +output "port" { + description = "Port number of the internal endpoint of the Apigee instance." + value = google_apigee_instance.apigee_instance.port } diff --git a/modules/apigee-x-instance/variables.tf b/modules/apigee-x-instance/variables.tf index 88047176f..37d8a3f5a 100644 --- a/modules/apigee-x-instance/variables.tf +++ b/modules/apigee-x-instance/variables.tf @@ -43,6 +43,12 @@ variable "cidr_mask" { } } +variable "disk_encryption_key" { + description = "Customer Managed Encryption Key (CMEK) used for disk and volume encryption (required for PAID Apigee Orgs only)." + type = string + default = null +} + variable "name" { description = "Apigee instance name." type = string From cb6ded05284971688a1543b5adef439fa127806c Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Thu, 5 Aug 2021 14:25:50 +0200 Subject: [PATCH 4/7] Adding TFDOC to Apigee modules --- modules/apigee-organization/README.md | 22 ++++++++++++++++++++++ modules/apigee-x-instance/README.md | 20 ++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/modules/apigee-organization/README.md b/modules/apigee-organization/README.md index b4b35d453..669aa2b4a 100644 --- a/modules/apigee-organization/README.md +++ b/modules/apigee-organization/README.md @@ -100,4 +100,26 @@ module "apigee-organization" { ``` +## Variables + +| name | description | type | required | default | +|---|---|:---: |:---:|:---:| +| analytics_region | Analytics Region for the Apgiee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli. | string | ✓ | | +| project_id | Project ID to host this Apigee organization (will also become the Apigee Org name). | string | ✓ | | +| runtime_type | None | string | ✓ | | +| *apigee_envgroups* | Apigee Environment Groups. | map(object({...})) | | {} | +| *apigee_environments* | Apigee Environment Names. | list(string) | | [] | +| *authorized_network* | VPC network id (requires service network peering enabled (Used in Apigee X only). | string | | null | +| *database_encryption_key* | Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only). | string | | null | +| *description* | Description of the Apigee Organization. | string | | Apigee Organization created by tf module | +| *display_name* | Display Name of the Apigee Organization. | string | | null | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| org | Apigee Organization. | | +| org_ca_certificate | Apigee organization CA certificate. | | +| org_id | Apigee Organization ID. | | +| subscription_type | Apigee subscription type. | | diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md index e407a5f61..6d162fb98 100644 --- a/modules/apigee-x-instance/README.md +++ b/modules/apigee-x-instance/README.md @@ -44,4 +44,24 @@ module "apigee-x-instance" { ``` +## Variables + +| name | description | type | required | default | +|---|---|:---: |:---:|:---:| +| apigee_org_id | Apigee Organization ID | string | ✓ | | +| cidr_mask | CIDR mask for the Apigee instance | number | ✓ | | +| name | Apigee instance name. | string | ✓ | | +| region | Compute region. | string | ✓ | | +| *apigee_envgroups* | Apigee Environment Groups. | map(object({...})) | | {} | +| *apigee_environments* | Apigee Environment Names. | list(string) | | [] | +| *disk_encryption_key* | Customer Managed Encryption Key (CMEK) used for disk and volume encryption (required for PAID Apigee Orgs only). | string | | null | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| endpoint | Internal endpoint of the Apigee instance. | | +| id | Apigee instance ID. | | +| instance | Apigee instance. | | +| port | Port number of the internal endpoint of the Apigee instance. | | From ed6ebc0c823d91b07c3436b9fe07f8242aa1ceb8 Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Thu, 5 Aug 2021 15:47:00 +0200 Subject: [PATCH 5/7] pytests for apigee modules --- tests/modules/apigee_organization/__init__.py | 13 +++++ .../apigee_organization/fixture/main.tf | 38 ++++++++++++++ .../apigee_organization/fixture/variables.tf | 25 ++++++++++ .../modules/apigee_organization/test_plan.py | 49 ++++++++++++++++++ tests/modules/apigee_x_instance/__init__.py | 13 +++++ .../modules/apigee_x_instance/fixture/main.tf | 28 +++++++++++ .../apigee_x_instance/fixture/variables.tf | 25 ++++++++++ tests/modules/apigee_x_instance/test_plan.py | 50 +++++++++++++++++++ 8 files changed, 241 insertions(+) create mode 100644 tests/modules/apigee_organization/__init__.py create mode 100644 tests/modules/apigee_organization/fixture/main.tf create mode 100644 tests/modules/apigee_organization/fixture/variables.tf create mode 100644 tests/modules/apigee_organization/test_plan.py create mode 100644 tests/modules/apigee_x_instance/__init__.py create mode 100644 tests/modules/apigee_x_instance/fixture/main.tf create mode 100644 tests/modules/apigee_x_instance/fixture/variables.tf create mode 100644 tests/modules/apigee_x_instance/test_plan.py diff --git a/tests/modules/apigee_organization/__init__.py b/tests/modules/apigee_organization/__init__.py new file mode 100644 index 000000000..d46dbae5e --- /dev/null +++ b/tests/modules/apigee_organization/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/modules/apigee_organization/fixture/main.tf b/tests/modules/apigee_organization/fixture/main.tf new file mode 100644 index 000000000..7f5aa1649 --- /dev/null +++ b/tests/modules/apigee_organization/fixture/main.tf @@ -0,0 +1,38 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "test" { + source = "../../../../modules/apigee-organization" + project_id = "my-project" + analytics_region = var.analytics_region + runtime_type = "CLOUD" + authorized_network = var.network + apigee_environments = [ + "eval1", + "eval2" + ] + apigee_envgroups = { + eval = { + environments = [ + "eval1", + "eval2" + ] + hostnames = [ + "eval.api.example.com" + ] + } + } +} diff --git a/tests/modules/apigee_organization/fixture/variables.tf b/tests/modules/apigee_organization/fixture/variables.tf new file mode 100644 index 000000000..3e9109347 --- /dev/null +++ b/tests/modules/apigee_organization/fixture/variables.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "analytics_region" { + type = string + default = "europe-west1" +} + +variable "network" { + type = string + default = "apigee-vpc" +} \ No newline at end of file diff --git a/tests/modules/apigee_organization/test_plan.py b/tests/modules/apigee_organization/test_plan.py new file mode 100644 index 000000000..680d3cab3 --- /dev/null +++ b/tests/modules/apigee_organization/test_plan.py @@ -0,0 +1,49 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import os +import pytest + + +FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture') + + +@pytest.fixture +def resources(plan_runner): + _, resources = plan_runner(FIXTURES_DIR) + return resources + + +def test_resource_count(resources): + "Test number of resources created." + assert len(resources) == 6 + + +def test_envgroup_attachment(resources): + "Test Apigee Envgroup Attachments." + attachments = [r['values'] for r in resources if r['type'] + == 'google_apigee_envgroup_attachment'] + assert len(attachments) == 2 + assert set(a['environment'] for a in attachments) == set(['eval1', 'eval2']) + + +def test_envgroup(resources): + "Test env group." + envgroups = [r['values'] for r in resources if r['type'] + == 'google_apigee_envgroup'] + assert len(envgroups) == 1 + assert envgroups[0]['name'] == 'eval' + assert len(envgroups[0]['hostnames']) == 1 + assert envgroups[0]['hostnames'][0] == 'eval.api.example.com' diff --git a/tests/modules/apigee_x_instance/__init__.py b/tests/modules/apigee_x_instance/__init__.py new file mode 100644 index 000000000..d46dbae5e --- /dev/null +++ b/tests/modules/apigee_x_instance/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/modules/apigee_x_instance/fixture/main.tf b/tests/modules/apigee_x_instance/fixture/main.tf new file mode 100644 index 000000000..7a4b73b55 --- /dev/null +++ b/tests/modules/apigee_x_instance/fixture/main.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "apigee-x-instance" { + source = "../../../../modules/apigee-x-instance" + name = var.name + region = var.region + cidr_mask = 22 + + apigee_org_id = "my-project" + apigee_environments = [ + "eval1", + "eval2" + ] +} \ No newline at end of file diff --git a/tests/modules/apigee_x_instance/fixture/variables.tf b/tests/modules/apigee_x_instance/fixture/variables.tf new file mode 100644 index 000000000..603ec5085 --- /dev/null +++ b/tests/modules/apigee_x_instance/fixture/variables.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "name" { + type = string + default = "my-test-instance" +} + +variable "region" { + type = string + default = "europe-west1" +} \ No newline at end of file diff --git a/tests/modules/apigee_x_instance/test_plan.py b/tests/modules/apigee_x_instance/test_plan.py new file mode 100644 index 000000000..4b3a9256d --- /dev/null +++ b/tests/modules/apigee_x_instance/test_plan.py @@ -0,0 +1,50 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import os +import pytest + + +FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture') + + +@pytest.fixture +def resources(plan_runner): + _, resources = plan_runner(FIXTURES_DIR) + return resources + + +def test_resource_count(resources): + "Test number of resources created." + assert len(resources) == 3 + + +def test_instance_attachment(resources): + "Test Apigee Instance Attachments." + attachments = [r['values'] for r in resources if r['type'] + == 'google_apigee_instance_attachment'] + assert len(attachments) == 2 + assert set(a['environment'] for a in attachments) == set(['eval1', 'eval2']) + + +def test_instance(resources): + "Test Instance." + instances = [r['values'] for r in resources if r['type'] + == 'google_apigee_instance'] + assert len(instances) == 1 + assert instances[0]['peering_cidr_range'] == 'SLASH_22' + assert instances[0]['name'] == 'my-test-instance' + assert instances[0]['location'] == 'europe-west1' + From 109bd80f431846d9156a98f3457c67086ca1ad05 Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Thu, 5 Aug 2021 15:53:44 +0200 Subject: [PATCH 6/7] Apigee module variable description fixes --- modules/apigee-organization/variables.tf | 6 +++--- modules/apigee-x-instance/variables.tf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/apigee-organization/variables.tf b/modules/apigee-organization/variables.tf index 5e792be51..eff016c8c 100644 --- a/modules/apigee-organization/variables.tf +++ b/modules/apigee-organization/variables.tf @@ -15,13 +15,13 @@ */ variable "authorized_network" { - description = "VPC network id (requires service network peering enabled (Used in Apigee X only)." + description = "VPC network self link (requires service network peering enabled (Used in Apigee X only)." type = string default = null } variable "analytics_region" { - description = "Analytics Region for the Apgiee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli." + description = "Analytics Region for the Apigee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli." type = string } @@ -41,7 +41,7 @@ variable "apigee_environments" { } variable "database_encryption_key" { - description = "Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only)." + description = "Cloud KMS key self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only)." type = string default = null } diff --git a/modules/apigee-x-instance/variables.tf b/modules/apigee-x-instance/variables.tf index 37d8a3f5a..219ee7d6a 100644 --- a/modules/apigee-x-instance/variables.tf +++ b/modules/apigee-x-instance/variables.tf @@ -44,7 +44,7 @@ variable "cidr_mask" { } variable "disk_encryption_key" { - description = "Customer Managed Encryption Key (CMEK) used for disk and volume encryption (required for PAID Apigee Orgs only)." + description = "Customer Managed Encryption Key (CMEK) self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for disk and volume encryption (required for PAID Apigee Orgs only)." type = string default = null } From a0b3f2fb7fe0df37e117a0124c15acc25e6db076 Mon Sep 17 00:00:00 2001 From: Daniel Strebel Date: Thu, 5 Aug 2021 15:55:23 +0200 Subject: [PATCH 7/7] Apigee tfdoc update --- modules/apigee-organization/README.md | 6 +++--- modules/apigee-x-instance/README.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/apigee-organization/README.md b/modules/apigee-organization/README.md index 669aa2b4a..b62950f40 100644 --- a/modules/apigee-organization/README.md +++ b/modules/apigee-organization/README.md @@ -104,13 +104,13 @@ module "apigee-organization" { | name | description | type | required | default | |---|---|:---: |:---:|:---:| -| analytics_region | Analytics Region for the Apgiee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli. | string | ✓ | | +| analytics_region | Analytics Region for the Apigee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli. | string | ✓ | | | project_id | Project ID to host this Apigee organization (will also become the Apigee Org name). | string | ✓ | | | runtime_type | None | string | ✓ | | | *apigee_envgroups* | Apigee Environment Groups. | map(object({...})) | | {} | | *apigee_environments* | Apigee Environment Names. | list(string) | | [] | -| *authorized_network* | VPC network id (requires service network peering enabled (Used in Apigee X only). | string | | null | -| *database_encryption_key* | Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only). | string | | null | +| *authorized_network* | VPC network self link (requires service network peering enabled (Used in Apigee X only). | string | | null | +| *database_encryption_key* | Cloud KMS key self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only). | string | | null | | *description* | Description of the Apigee Organization. | string | | Apigee Organization created by tf module | | *display_name* | Display Name of the Apigee Organization. | string | | null | diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md index 6d162fb98..371f8f0b7 100644 --- a/modules/apigee-x-instance/README.md +++ b/modules/apigee-x-instance/README.md @@ -54,7 +54,7 @@ module "apigee-x-instance" { | region | Compute region. | string | ✓ | | | *apigee_envgroups* | Apigee Environment Groups. | map(object({...})) | | {} | | *apigee_environments* | Apigee Environment Names. | list(string) | | [] | -| *disk_encryption_key* | Customer Managed Encryption Key (CMEK) used for disk and volume encryption (required for PAID Apigee Orgs only). | string | | null | +| *disk_encryption_key* | Customer Managed Encryption Key (CMEK) self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for disk and volume encryption (required for PAID Apigee Orgs only). | string | | null | ## Outputs