Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloud Composer connection subnetwork #10724

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/5523.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
composer: added support for Private Service Connect by adding field `cloud_composer_connection_subnetwork` in `google_composer_environment`
```
75 changes: 31 additions & 44 deletions google/resource_composer_environment.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,13 @@ var (
"config.0.private_environment_config",
}

composerPrivateEnvironmentConfig = []string{
"config.0.private_environment_config.0.enable_private_endpoint",
"config.0.private_environment_config.0.master_ipv4_cidr_block",
"config.0.private_environment_config.0.cloud_sql_ipv4_cidr_block",
"config.0.private_environment_config.0.web_server_ipv4_cidr_block",
}

composerIpAllocationPolicyKeys = []string{
"config.0.node_config.0.ip_allocation_policy.0.use_ip_aliases",
"config.0.node_config.0.ip_allocation_policy.0.cluster_secondary_range_name",
Expand Down Expand Up @@ -321,56 +328,36 @@ func resourceComposerEnvironment() *schema.Resource {
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enable_private_endpoint": {
Type: schema.TypeBool,
Optional: true,
Default: true,
AtLeastOneOf: []string{
"config.0.private_environment_config.0.enable_private_endpoint",
"config.0.private_environment_config.0.master_ipv4_cidr_block",
"config.0.private_environment_config.0.cloud_sql_ipv4_cidr_block",
"config.0.private_environment_config.0.web_server_ipv4_cidr_block",
},
ForceNew: true,
Description: `If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.`,
Type: schema.TypeBool,
Optional: true,
Default: true,
AtLeastOneOf: composerPrivateEnvironmentConfig,
ForceNew: true,
Description: `If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.`,
},
"master_ipv4_cidr_block": {
Type: schema.TypeString,
Optional: true,
Computed: true,
AtLeastOneOf: []string{
"config.0.private_environment_config.0.enable_private_endpoint",
"config.0.private_environment_config.0.master_ipv4_cidr_block",
"config.0.private_environment_config.0.cloud_sql_ipv4_cidr_block",
"config.0.private_environment_config.0.web_server_ipv4_cidr_block",
},
ForceNew: true,
Description: `The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.`,
Type: schema.TypeString,
Optional: true,
Computed: true,
AtLeastOneOf: composerPrivateEnvironmentConfig,
ForceNew: true,
Description: `The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.`,
},
"web_server_ipv4_cidr_block": {
Type: schema.TypeString,
Optional: true,
Computed: true,
AtLeastOneOf: []string{
"config.0.private_environment_config.0.enable_private_endpoint",
"config.0.private_environment_config.0.master_ipv4_cidr_block",
"config.0.private_environment_config.0.cloud_sql_ipv4_cidr_block",
"config.0.private_environment_config.0.web_server_ipv4_cidr_block",
},
ForceNew: true,
Description: `The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.`,
Type: schema.TypeString,
Optional: true,
Computed: true,
AtLeastOneOf: composerPrivateEnvironmentConfig,
ForceNew: true,
Description: `The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.`,
},
"cloud_sql_ipv4_cidr_block": {
Type: schema.TypeString,
Optional: true,
Computed: true,
AtLeastOneOf: []string{
"config.0.private_environment_config.0.enable_private_endpoint",
"config.0.private_environment_config.0.master_ipv4_cidr_block",
"config.0.private_environment_config.0.cloud_sql_ipv4_cidr_block",
"config.0.private_environment_config.0.web_server_ipv4_cidr_block",
},
ForceNew: true,
Description: `The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.`,
Type: schema.TypeString,
Optional: true,
Computed: true,
AtLeastOneOf: composerPrivateEnvironmentConfig,
ForceNew: true,
Description: `The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.`,
},
},
},
Expand Down
7 changes: 7 additions & 0 deletions website/docs/r/composer_environment.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -747,6 +747,13 @@ See [documentation](https://cloud.google.com/composer/docs/how-to/managing/confi
(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
When enabled, IPs from public (non-RFC1918) ranges can be used for
`ip_allocation_policy.cluster_ipv4_cidr_block` and `ip_allocation_policy.service_ipv4_cidr_block`.

* `cloud_composer_connection_subnetwork"` -
(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
When specified, the environment will use Private Service Connect instead of VPC peerings to connect
to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP
address from this subnetwork. This field is supported for Cloud Composer environments in
versions `composer-2.*.*-airflow-*.*.*` and newer.


The `ip_allocation_policy` block supports:
Expand Down
36 changes: 18 additions & 18 deletions website/docs/r/os_config_os_policy_assignment.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -703,6 +703,24 @@ The `disruption_budget` block supports:
(Optional)
Specifies the relative value defined as a percentage, which will be multiplied by a reference value.

The `source` block supports:

* `allow_insecure` -
(Optional)
Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.

* `gcs` -
(Optional)
A Cloud Storage object.

* `local_path` -
(Optional)
A local path within the VM to use.

* `remote` -
(Optional)
A generic remote file.

- - -

* `description` -
Expand Down Expand Up @@ -952,24 +970,6 @@ The `zypper` block supports:
(Required)
Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.

The `file` block supports:

* `allow_insecure` -
(Optional)
Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.

* `gcs` -
(Optional)
A Cloud Storage object.

* `local_path` -
(Optional)
A local path within the VM to use.

* `remote` -
(Optional)
A generic remote file.

The `gcs` block supports:

* `bucket` -
Expand Down