add network_url attribute in consumer_accept_list block of google_com…

…pute_service_attachment resource (#9895) (#671) * add network_url attribute in consumer_accept_list block of google_compute_service_attachment resource * Bugfix: Use SelfLinkRelativePath check to prevent false positive resource changes [upstream:0249d74bdb046afe63b6562f40b7cfa315eeb8b2] Signed-off-by: Modular Magician <[email protected]>
terraform-google-modules · Mar 5, 2024 · 206c806 · 206c806
1 parent 8d3feac
commit 206c806
Show file tree

Hide file tree

Showing 4 changed files with 198 additions and 0 deletions.
diff --git a/service_attachment_explicit_networks/backing_file.tf b/service_attachment_explicit_networks/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}
diff --git a/service_attachment_explicit_networks/main.tf b/service_attachment_explicit_networks/main.tf
@@ -0,0 +1,97 @@
+resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
+  name        = "my-psc-ilb-${local.name_suffix}"
+  region      = "us-west2"
+  description = "A service attachment configured with Terraform"
+
+  enable_proxy_protocol    = false
+
+  connection_preference    = "ACCEPT_MANUAL"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+
+  consumer_accept_lists {
+    network_url       = google_compute_network.psc_ilb_consumer_network.self_link
+    connection_limit  = 1
+  }
+}
+
+resource "google_compute_network" "psc_ilb_consumer_network" {
+  name                    = "psc-ilb-consumer-network-${local.name_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_consumer_subnetwork" {
+  name          = "psc-ilb-consumer-network-${local.name_suffix}"
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-west2"
+  network       = google_compute_network.psc_ilb_consumer_network.id
+}
+
+resource "google_compute_address" "psc_ilb_consumer_address" {
+  name   = "psc-ilb-consumer-address-${local.name_suffix}"
+  region = "us-west2"
+
+  subnetwork   = google_compute_subnetwork.psc_ilb_consumer_subnetwork.id
+  address_type = "INTERNAL"
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
+  name   = "psc-ilb-consumer-forwarding-rule-${local.name_suffix}"
+  region = "us-west2"
+
+  target                = google_compute_service_attachment.psc_ilb_service_attachment.id
+  load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment
+  network               = google_compute_network.psc_ilb_consumer_network.id
+  subnetwork            = google_compute_subnetwork.psc_ilb_consumer_subnetwork.id
+  ip_address            = google_compute_address.psc_ilb_consumer_address.id
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  name   = "producer-forwarding-rule-${local.name_suffix}"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  name   = "producer-service-${local.name_suffix}"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  name = "producer-service-health-check-${local.name_suffix}"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  name = "psc-ilb-network-${local.name_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  name   = "psc-ilb-producer-subnetwork-${local.name_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  name   = "psc-ilb-nat-${local.name_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+}
diff --git a/service_attachment_explicit_networks/motd b/service_attachment_explicit_networks/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/service_attachment_explicit_networks/tutorial.md b/service_attachment_explicit_networks/tutorial.md
@@ -0,0 +1,79 @@
+# Service Attachment Explicit Networks - Terraform
+
+## Setup
+
+<walkthrough-author name="[email protected]" analyticsId="UA-125550242-1" tutorialName="service_attachment_explicit_networks" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+<walkthrough-project-billing-setup></walkthrough-project-billing-setup>
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```