From 1a8252f314d20ee77387dfe2be43a1600a47bf99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wawrzyniec=20=27Wawrzek=27=20Niewodnicza=C5=84ski?= Date: Thu, 10 Oct 2024 23:41:14 +0100 Subject: [PATCH] [IVYNET-90] Add LB, DNS and VM (backend) modules (#5) Add module for: Backend VM DNS Zone LB for traffic to backend Adjust network module to match the new ones --- .pre-commit-config.yaml | 9 ++++++ README.md | 17 ++++++++++ backend/README.md | 54 ++++++++++++++++++++++++++++++++ backend/firewall.tf | 44 ++++++++++++++++++++++++++ backend/main.tf | 47 ++++++++++++++++++++++++++++ backend/outputs.tf | 4 +++ backend/tests/main.tftest.hcl | 38 +++++++++++++++++++++++ backend/tests/setup/main.tf | 16 ++++++++++ backend/variables.tf | 48 ++++++++++++++++++++++++++++ dns_zone/README.md | 44 ++++++++++++++++++++++++++ dns_zone/main.tf | 5 +++ dns_zone/outputs.tf | 9 ++++++ dns_zone/tests/main.tftest.hcl | 17 ++++++++++ dns_zone/variables.tf | 15 +++++++++ lb/README.md | 48 ++++++++++++++++++++++++++++ lb/grpc.tf | 57 ++++++++++++++++++++++++++++++++++ lb/http.tf | 55 ++++++++++++++++++++++++++++++++ lb/main.tf | 21 +++++++++++++ lb/tests/main.tftest.hcl | 40 ++++++++++++++++++++++++ lb/tests/setup/main.tf | 42 +++++++++++++++++++++++++ lb/variables.tf | 31 ++++++++++++++++++ network/README.md | 11 +++++-- network/main.tf | 5 +++ network/outputs.tf | 19 ++++++++++++ network/tests/main.tftest.hcl | 19 +++++------- network/variables.tf | 6 ++-- 26 files changed, 703 insertions(+), 18 deletions(-) create mode 100644 backend/README.md create mode 100644 backend/firewall.tf create mode 100644 backend/main.tf create mode 100644 backend/outputs.tf create mode 100644 backend/tests/main.tftest.hcl create mode 100644 backend/tests/setup/main.tf create mode 100644 backend/variables.tf create mode 100644 dns_zone/README.md create mode 100644 dns_zone/main.tf create mode 100644 dns_zone/outputs.tf create mode 100644 dns_zone/tests/main.tftest.hcl create mode 100644 dns_zone/variables.tf create mode 100644 lb/README.md create mode 100644 lb/grpc.tf create mode 100644 lb/http.tf create mode 100644 lb/main.tf create mode 100644 lb/tests/main.tftest.hcl create mode 100644 lb/tests/setup/main.tf create mode 100644 lb/variables.tf create mode 100644 network/outputs.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0c894b8..99cbf0d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,6 +24,15 @@ repos: - repo: https://github.com/terraform-docs/terraform-docs rev: v0.19.0 hooks: + - id: terraform-docs-go + name: tfdocs - backend module + args: ["backend"] + - id: terraform-docs-go + name: tfdocs - dns_zone module + args: ["dns_zone"] + - id: terraform-docs-go + name: tfdocs - lb module + args: ["lb"] - id: terraform-docs-go name: tfdocs - network module args: ["network"] diff --git a/README.md b/README.md index 6ea4bf4..5127f80 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,19 @@ # otofu-modules Modules for Open Tofu (Terraform) + +## Module list + +- backend - vm for the backend +- dns_zone - dns zone in GCP +- lb - Load Balancer for Backend +- network - a GCP network (for backend) + + +# Repository Technical info + +Each module requires an extra Terraform Docs PreCommit hook. E.g.: +``` + - id: terraform-docs-go + name: tfdocs - backend module + args: ["backend"] +``` diff --git a/backend/README.md b/backend/README.md new file mode 100644 index 0000000..7a38ccc --- /dev/null +++ b/backend/README.md @@ -0,0 +1,54 @@ +# Overview + +This module a backend VM and instance group based on it. + +# Versions +- backend-1 - initial backend vm + +# TF Docs + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | 6.6.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_compute_firewall.backend_services](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_firewall.healh_check](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_firewall.ssh](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_instance.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource | +| [google_compute_instance_group.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_group) | resource | +| [google_compute_image.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [dns\_zone](#input\_dns\_zone) | Zone for DNS and SSL | `string` | `"test.ivynet.dev."` | no | +| [name](#input\_name) | The name of the VM (and instance group) | `string` | n/a | yes | +| [network-id](#input\_network-id) | The ID of the network to add VM to | `string` | n/a | yes | +| [network-proxy-cidr](#input\_network-proxy-cidr) | The CIDR range of the proxy (load balancer) | `string` | n/a | yes | +| [network-subnet-id](#input\_network-subnet-id) | The ID of the subnet toadd VM to | `string` | n/a | yes | +| [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no | +| [region](#input\_region) | Name of the region | `string` | `"us-central1"` | no | +| [region\_zone](#input\_region\_zone) | Letter for the zone (by default based on the region) | `string` | `"c"` | no | +| [vm-type](#input\_vm-type) | VM size/type | `string` | `"n2-standard-2"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [backend-group-id](#output\_backend-group-id) | ID of the Backend VM group | + diff --git a/backend/firewall.tf b/backend/firewall.tf new file mode 100644 index 0000000..f622c80 --- /dev/null +++ b/backend/firewall.tf @@ -0,0 +1,44 @@ +resource "google_compute_firewall" "ssh" { + name = "${var.name}-allow-ssh" + allow { + ports = ["22"] + protocol = "tcp" + } + direction = "INGRESS" + network = var.network-id + priority = 1000 + project = var.project + source_ranges = ["0.0.0.0/0"] + target_tags = ["ssh"] +} + +resource "google_compute_firewall" "healh_check" { + name = "${var.name}-allow-health-check" + allow { + protocol = "tcp" + } + direction = "INGRESS" + network = var.network-id + priority = 100 + project = var.project + source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] + target_tags = ["ivynet-backend"] +} + +resource "google_compute_firewall" "backend_services" { + name = "${var.name}-allow-backend-services" + allow { + ports = ["8080"] + protocol = "tcp" + } + allow { + ports = ["50050"] + protocol = "tcp" + } + direction = "INGRESS" + network = var.network-id + priority = 200 + project = var.project + source_ranges = [var.network-proxy-cidr] + target_tags = ["ivynet-backend"] +} diff --git a/backend/main.tf b/backend/main.tf new file mode 100644 index 0000000..fae0ec6 --- /dev/null +++ b/backend/main.tf @@ -0,0 +1,47 @@ +data "google_compute_image" "this" { + family = "ivynet-backend" + project = var.project +} + +resource "google_compute_instance" "this" { + name = var.name + boot_disk { + initialize_params { + image = data.google_compute_image.this.self_link + } + } + labels = { + creator = "terraform" + area = "backend" + } + machine_type = var.vm-type + network_interface { + network = var.network-id + subnetwork = var.network-subnet-id + access_config {} + } + project = var.project + tags = [ + "ivynet-backend", + "ssh" + ] + zone = "${var.region}-${var.region_zone}" +} + +resource "google_compute_instance_group" "this" { + name = var.name + description = "Instance Group with Backend VM" + instances = [ + google_compute_instance.this.id, + ] + named_port { + name = "http" + port = "8080" + } + named_port { + name = "grpc" + port = "50050" + } + project = var.project + zone = "${var.region}-${var.region_zone}" +} diff --git a/backend/outputs.tf b/backend/outputs.tf new file mode 100644 index 0000000..ef12c46 --- /dev/null +++ b/backend/outputs.tf @@ -0,0 +1,4 @@ +output "backend-group-id" { + description = "ID of the Backend VM group" + value = google_compute_instance_group.this.id +} diff --git a/backend/tests/main.tftest.hcl b/backend/tests/main.tftest.hcl new file mode 100644 index 0000000..27f0499 --- /dev/null +++ b/backend/tests/main.tftest.hcl @@ -0,0 +1,38 @@ +provider "google" {} + +mock_provider "google" { + alias = "fake" +} + +run "setup_plan" { + command = plan + module { + source = "./tests/setup" + } +} + +run "setup" { + module { + source = "./tests/setup" + } +} + +run "plan_ok" { + command = plan + variables { + name = "test44" + network-id = run.setup.net + network-subnet-id = run.setup.back-id + network-proxy-cidr = run.setup.proxy-cidr + } +} + +run "apply" { + command = apply + variables { + name = "test44" + network-id = run.setup.net + network-subnet-id = run.setup.back-id + network-proxy-cidr = run.setup.proxy-cidr + } +} diff --git a/backend/tests/setup/main.tf b/backend/tests/setup/main.tf new file mode 100644 index 0000000..bc47084 --- /dev/null +++ b/backend/tests/setup/main.tf @@ -0,0 +1,16 @@ +module "network" { + source = "../../../network" + name = "test44" +} + +output "net" { + value = module.network.network-id +} + +output "back-id" { + value = module.network.subnet-id-backend +} + +output "proxy-cidr" { + value = module.network.subnet-cidr-proxy +} diff --git a/backend/variables.tf b/backend/variables.tf new file mode 100644 index 0000000..c9dbd4c --- /dev/null +++ b/backend/variables.tf @@ -0,0 +1,48 @@ +variable "dns_zone" { + default = "test.ivynet.dev." + description = "Zone for DNS and SSL" + type = string +} + +variable "name" { + description = "The name of the VM (and instance group)" + type = string +} + +variable "network-id" { + description = "The ID of the network to add VM to" + type = string +} +variable "network-proxy-cidr" { + description = "The CIDR range of the proxy (load balancer)" + type = string +} + +variable "network-subnet-id" { + description = "The ID of the subnet toadd VM to" + type = string +} + +variable "project" { + default = "ivynet-tests" + description = "Name of the GCP project" + type = string +} + +variable "region" { + default = "us-central1" + description = "Name of the region" + type = string +} + +variable "region_zone" { + default = "c" + description = "Letter for the zone (by default based on the region)" + type = string +} + +variable "vm-type" { + default = "n2-standard-2" + description = "VM size/type" + type = string +} diff --git a/dns_zone/README.md b/dns_zone/README.md new file mode 100644 index 0000000..a1e2ee7 --- /dev/null +++ b/dns_zone/README.md @@ -0,0 +1,44 @@ +# Overview + +This module creates a DNS ZONE in GCP. + +# Versions +- dns_zone-1 - initial version of dns_zone + +# TF Docs + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | 6.6.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_dns_managed_zone.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [dns\_zone](#input\_dns\_zone) | DNS Zone to add | `string` | n/a | yes | +| [name](#input\_name) | Name for the DNS Zone | `string` | n/a | yes | +| [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [dns\_zone\_domain](#output\_dns\_zone\_domain) | the domain name | +| [dns\_zone\_name](#output\_dns\_zone\_name) | the name of the DNS Zone | + diff --git a/dns_zone/main.tf b/dns_zone/main.tf new file mode 100644 index 0000000..c1b4d74 --- /dev/null +++ b/dns_zone/main.tf @@ -0,0 +1,5 @@ +resource "google_dns_managed_zone" "this" { + name = var.name + dns_name = var.dns_zone + project = var.project +} diff --git a/dns_zone/outputs.tf b/dns_zone/outputs.tf new file mode 100644 index 0000000..43e9f48 --- /dev/null +++ b/dns_zone/outputs.tf @@ -0,0 +1,9 @@ +output "dns_zone_domain" { + description = "the domain name" + value = google_dns_managed_zone.this.dns_name +} + +output "dns_zone_name" { + description = "the name of the DNS Zone" + value = google_dns_managed_zone.this.name +} diff --git a/dns_zone/tests/main.tftest.hcl b/dns_zone/tests/main.tftest.hcl new file mode 100644 index 0000000..41ab922 --- /dev/null +++ b/dns_zone/tests/main.tftest.hcl @@ -0,0 +1,17 @@ +provider "google" {} + +run "plan_ok" { + command = plan + variables { + name = "tofutest" + dns_zone = "waw.ivynet.dev." + } +} + +run "apply" { + command = apply + variables { + name = "tofutest" + dns_zone = "waw.ivynet.dev." + } +} diff --git a/dns_zone/variables.tf b/dns_zone/variables.tf new file mode 100644 index 0000000..72e5dc1 --- /dev/null +++ b/dns_zone/variables.tf @@ -0,0 +1,15 @@ +variable "dns_zone" { + description = "DNS Zone to add" + type = string +} + +variable "name" { + description = "Name for the DNS Zone" + type = string +} + +variable "project" { + default = "ivynet-tests" + description = "Name of the GCP project" + type = string +} diff --git a/lb/README.md b/lb/README.md new file mode 100644 index 0000000..123ef79 --- /dev/null +++ b/lb/README.md @@ -0,0 +1,48 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | 6.6.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_compute_backend_service.grpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource | +| [google_compute_backend_service.http](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource | +| [google_compute_global_address.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource | +| [google_compute_global_forwarding_rule.grpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource | +| [google_compute_global_forwarding_rule.http](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource | +| [google_compute_health_check.grpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_health_check) | resource | +| [google_compute_health_check.http](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_health_check) | resource | +| [google_compute_managed_ssl_certificate.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_managed_ssl_certificate) | resource | +| [google_compute_target_https_proxy.grpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy) | resource | +| [google_compute_target_https_proxy.http](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy) | resource | +| [google_compute_url_map.grpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map) | resource | +| [google_compute_url_map.http](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map) | resource | +| [google_dns_record_set.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [dns\_domain](#input\_dns\_domain) | Domain Name used for FQDN of LB | `string` | n/a | yes | +| [dns\_zone](#input\_dns\_zone) | The name of the DNS ZONE | `string` | n/a | yes | +| [name](#input\_name) | Name of the loadbalancer | `string` | n/a | yes | +| [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no | +| [region](#input\_region) | Name of the region | `string` | `"us-central1"` | no | +| [vm-group-id](#input\_vm-group-id) | ID of the backend instance group | `string` | n/a | yes | + +## Outputs + +No outputs. + diff --git a/lb/grpc.tf b/lb/grpc.tf new file mode 100644 index 0000000..5d8cfd2 --- /dev/null +++ b/lb/grpc.tf @@ -0,0 +1,57 @@ +resource "google_compute_health_check" "grpc" { + name = "${var.name}-grpc" + check_interval_sec = 5 + healthy_threshold = 2 + http2_health_check { + port = 50050 + port_specification = "USE_FIXED_PORT" + } + project = var.project + timeout_sec = 5 + unhealthy_threshold = 2 +} + +resource "google_compute_backend_service" "grpc" { + name = "${var.name}-grpc" + backend { + group = var.vm-group-id + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + max_utilization = 0.8 + } + connection_draining_timeout_sec = 0 + health_checks = [google_compute_health_check.grpc.id] + load_balancing_scheme = "EXTERNAL" + /* log_config { + enable = true + }*/ + port_name = "grpc" + project = var.project + protocol = "HTTP2" + session_affinity = "NONE" + timeout_sec = 30 +} + +resource "google_compute_url_map" "grpc" { + name = "${var.name}-grpc" + default_service = google_compute_backend_service.grpc.id + project = var.project +} + +resource "google_compute_target_https_proxy" "grpc" { + name = "${var.name}-grpc" + project = var.project + quic_override = "DISABLE" + ssl_certificates = [google_compute_managed_ssl_certificate.this.id] + url_map = google_compute_url_map.grpc.id +} + +resource "google_compute_global_forwarding_rule" "grpc" { + name = "${var.name}-grpc" + ip_address = google_compute_global_address.this.id + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + port_range = "50050" + project = var.project + target = google_compute_target_https_proxy.grpc.id +} diff --git a/lb/http.tf b/lb/http.tf new file mode 100644 index 0000000..b8ea57c --- /dev/null +++ b/lb/http.tf @@ -0,0 +1,55 @@ +resource "google_compute_health_check" "http" { + name = "${var.name}-http" + check_interval_sec = 5 + healthy_threshold = 2 + http_health_check { + port = 8080 + port_specification = "USE_FIXED_PORT" + proxy_header = "NONE" + request_path = "/health" + } + project = var.project + timeout_sec = 5 + unhealthy_threshold = 2 +} + +resource "google_compute_backend_service" "http" { + name = "${var.name}-http" + backend { + group = var.vm-group-id + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } + connection_draining_timeout_sec = 0 + health_checks = [google_compute_health_check.http.id] + load_balancing_scheme = "EXTERNAL_MANAGED" + port_name = "http" + project = var.project + protocol = "HTTP" + session_affinity = "NONE" + timeout_sec = 30 +} + +# This seems to be a name for loadbalacner +resource "google_compute_url_map" "http" { + name = "${var.name}-http" + default_service = google_compute_backend_service.http.id + project = var.project +} + +resource "google_compute_target_https_proxy" "http" { + name = "${var.name}-http" + project = var.project + ssl_certificates = [google_compute_managed_ssl_certificate.this.id] + url_map = google_compute_url_map.http.id +} + +resource "google_compute_global_forwarding_rule" "http" { + name = "${var.name}-http" + ip_address = google_compute_global_address.this.id + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL_MANAGED" + port_range = "443" + project = var.project + target = google_compute_target_https_proxy.http.id +} diff --git a/lb/main.tf b/lb/main.tf new file mode 100644 index 0000000..82dc27f --- /dev/null +++ b/lb/main.tf @@ -0,0 +1,21 @@ +resource "google_dns_record_set" "this" { + name = "${var.name}.${var.dns_domain}" + managed_zone = var.dns_zone + project = var.project + rrdatas = [google_compute_global_forwarding_rule.http.ip_address] + type = "A" + ttl = 300 +} + +resource "google_compute_global_address" "this" { + name = var.name + project = var.project +} + +resource "google_compute_managed_ssl_certificate" "this" { + name = var.name + project = var.project + managed { + domains = ["${var.dns_domain}"] + } +} diff --git a/lb/tests/main.tftest.hcl b/lb/tests/main.tftest.hcl new file mode 100644 index 0000000..43d635e --- /dev/null +++ b/lb/tests/main.tftest.hcl @@ -0,0 +1,40 @@ +provider "google" {} + +run "setup_plan" { + command = plan + module { + source = "./tests/setup" + } +} + +run "setup" { + module { + source = "./tests/setup" + } +} + +run "plan_ok" { + command = plan + variables { + name = "test44" + dns_zone = run.setup.dns_name + dns_domain = run.setup.dns_domain + network-id = run.setup.net + network-subnet-id = run.setup.back-id + network-proxy-cidr = run.setup.proxy-cidr + vm-group-id = run.setup.backend-id + } +} + +run "apply" { + command = apply + variables { + name = "test44" + dns_zone = run.setup.dns_name + dns_domain = run.setup.dns_domain + network-id = run.setup.net + network-subnet-id = run.setup.back-id + network-proxy-cidr = run.setup.proxy-cidr + vm-group-id = run.setup.backend-id + } +} diff --git a/lb/tests/setup/main.tf b/lb/tests/setup/main.tf new file mode 100644 index 0000000..6fa9015 --- /dev/null +++ b/lb/tests/setup/main.tf @@ -0,0 +1,42 @@ +module "network" { + source = "../../../network" + name = "test44" +} + +module "vm" { + source = "../../../backend" + name = "test44" + network-id = module.network.network-id + network-subnet-id = module.network.subnet-id-backend + network-proxy-cidr = module.network.subnet-cidr-proxy +} + +module "dns" { + source = "../../../dns_zone" + name = "test44" + dns_zone = "44.ivynet.dev." +} + +output "net" { + value = module.network.network-id +} + +output "back-id" { + value = module.network.subnet-id-backend +} + +output "proxy-cidr" { + value = module.network.subnet-cidr-proxy +} + +output "backend-id" { + value = module.vm.backend-group-id +} + +output "dns_name" { + value = module.dns.dns_zone_name +} + +output "dns_domain" { + value = module.dns.dns_zone_domain +} diff --git a/lb/variables.tf b/lb/variables.tf new file mode 100644 index 0000000..5e80b62 --- /dev/null +++ b/lb/variables.tf @@ -0,0 +1,31 @@ +variable "dns_domain" { + description = "Domain Name used for FQDN of LB" + type = string +} + +variable "dns_zone" { + description = "The name of the DNS ZONE" + type = string +} + +variable "name" { + description = "Name of the loadbalancer" + type = string +} + +variable "project" { + default = "ivynet-tests" + description = "Name of the GCP project" + type = string +} + +variable "region" { + default = "us-central1" + description = "Name of the region" + type = string +} + +variable "vm-group-id" { + description = "ID of the backend instance group" + type = string +} diff --git a/network/README.md b/network/README.md index bbdeb00..2481a86 100644 --- a/network/README.md +++ b/network/README.md @@ -5,7 +5,7 @@ It 'hardcoded' for limited number of usages. At the moment it's only a network for the backend. # Versions - +- network-2 - add outputs; reorg project & region vars setup - network-1 - initial network, only for backend # TF Docs @@ -38,10 +38,15 @@ No modules. |------|-------------|------|---------|:--------:| | [name](#input\_name) | Name of the network | `string` | n/a | yes | | [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no | -| [region](#input\_region) | GCP region | `string` | `"us-central1"` | no | +| [region](#input\_region) | Name of the region | `string` | `"us-central1"` | no | | [role](#input\_role) | Network role | `string` | `"backend"` | no | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [network-id](#output\_network-id) | ID of the network | +| [subnet-cidr-proxy](#output\_subnet-cidr-proxy) | CIDR of the proxy subnet | +| [subnet-id-backend](#output\_subnet-id-backend) | ID of the backend subnet | +| [subnet-id-proxy](#output\_subnet-id-proxy) | ID of the proxy subnet | diff --git a/network/main.tf b/network/main.tf index dd34917..1aeaf53 100644 --- a/network/main.tf +++ b/network/main.tf @@ -2,6 +2,7 @@ resource "google_compute_network" "this" { name = var.name auto_create_subnetworks = false mtu = 1460 + project = var.project routing_mode = "REGIONAL" } @@ -10,7 +11,9 @@ resource "google_compute_subnetwork" "backend" { ip_cidr_range = "10.0.1.0/24" network = google_compute_network.this.id private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS" + project = var.project purpose = "PRIVATE" + region = var.region stack_type = "IPV4_ONLY" } @@ -18,6 +21,8 @@ resource "google_compute_subnetwork" "proxy" { name = "${var.name}-proxy" ip_cidr_range = "10.0.2.0/23" network = google_compute_network.this.id + project = var.project purpose = "REGIONAL_MANAGED_PROXY" + region = var.region role = "ACTIVE" } diff --git a/network/outputs.tf b/network/outputs.tf new file mode 100644 index 0000000..50f1503 --- /dev/null +++ b/network/outputs.tf @@ -0,0 +1,19 @@ +output "network-id" { + description = "ID of the network" + value = google_compute_network.this.id +} + +output "subnet-cidr-proxy" { + description = "CIDR of the proxy subnet" + value = google_compute_subnetwork.backend.ip_cidr_range +} + +output "subnet-id-backend" { + description = "ID of the backend subnet" + value = google_compute_subnetwork.backend.id +} + +output "subnet-id-proxy" { + description = "ID of the proxy subnet" + value = google_compute_subnetwork.backend.id +} diff --git a/network/tests/main.tftest.hcl b/network/tests/main.tftest.hcl index f15412b..cd641d0 100644 --- a/network/tests/main.tftest.hcl +++ b/network/tests/main.tftest.hcl @@ -1,13 +1,4 @@ -#run "setup_tests" { -# module { -# source = "./tests/setup" -# } -#} - -provider "google" { - project = var.project - region = var.region -} +provider "google" {} run "plan_ok" { command = plan @@ -32,7 +23,11 @@ run "apply" { command = apply variables { name = "test" - role = "broken" + role = "backend" + } + assert { + condition = can(output.network-id) + error_message = "The 'network-id' output does not exist" } } @@ -40,7 +35,7 @@ run "apply_region" { command = apply variables { name = "test" - role = "broken" + role = "backend" region = "europe-west2" } } diff --git a/network/variables.tf b/network/variables.tf index 9aacbfb..0220f93 100644 --- a/network/variables.tf +++ b/network/variables.tf @@ -4,20 +4,20 @@ variable "name" { } variable "project" { - description = "Name of the GCP project" default = "ivynet-tests" + description = "Name of the GCP project" type = string } variable "region" { - description = "GCP region" default = "us-central1" + description = "Name of the region" type = string } variable "role" { - description = "Network role" default = "backend" + description = "Network role" type = string validation { condition = contains(["backend"], var.role)