feat(networksecurity): Add examples for creating consumer and producer mirroring (terraform-google-modules#798)

duvni · glasnt · iennae · niharika-98 · commit 2b3bb1105e75 · 2025-09-07T14:29:47.000Z
* feat(networksecurity): Add examples for creating consumer and producer mirroring

* Enable networksecurity API

* Add codeowners for network security's mirroring samples

* Use default as Terraform resource names where possible

* Rename association resource to default

* Fix tab discrepancy in CODEOWNERS file

---------

Co-authored-by: Katie McLaughlin &lt;katie@glasnt.com&gt;
Co-authored-by: Jennifer Davis &lt;sigje@google.com&gt;
diff --git a/network_security/mirroring/basic/consumer/main.tf b/network_security/mirroring/basic/consumer/main.tf
@@ -0,0 +1,51 @@
+/**
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+# [START networksecurity_mirroring_basic_consumer]
+resource "google_compute_network" "producer_network" {
+  provider                = google-beta
+  name                    = "producer-network"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_network" "consumer_network" {
+  provider                = google-beta
+  name                    = "consumer-network"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_security_mirroring_deployment_group" "default" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "mirroring-deployment-group"
+  location                      = "global"
+  network                       = google_compute_network.producer_network.id
+}
+
+resource "google_network_security_mirroring_endpoint_group" "default" {
+  provider                    = google-beta
+  mirroring_endpoint_group_id = "mirroring-endpoint-group"
+  location                    = "global"
+  mirroring_deployment_group  = google_network_security_mirroring_deployment_group.default.id
+}
+
+resource "google_network_security_mirroring_endpoint_group_association" "default" {
+  provider                                = google-beta
+  mirroring_endpoint_group_association_id = "mirroring-endpoint-group-association"
+  location                                = "global"
+  network                                 = google_compute_network.consumer_network.id
+  mirroring_endpoint_group                = google_network_security_mirroring_endpoint_group.default.id
+}
+# [END networksecurity_mirroring_basic_consumer]
diff --git a/network_security/mirroring/basic/producer/main.tf b/network_security/mirroring/basic/producer/main.tf
@@ -0,0 +1,77 @@
+/**
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+# [START networksecurity_mirroring_basic_producer]
+resource "google_compute_network" "default" {
+  provider                = google-beta
+  name                    = "producer-network"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "default" {
+  provider      = google-beta
+  name          = "producer-subnet"
+  region        = "us-central1"
+  ip_cidr_range = "10.1.0.0/16"
+  network       = google_compute_network.default.name
+}
+
+resource "google_compute_region_health_check" "default" {
+  provider = google-beta
+  name     = "deploymnet-hc"
+  region   = "us-central1"
+  http_health_check {
+    port = 80
+  }
+}
+
+resource "google_compute_region_backend_service" "default" {
+  provider              = google-beta
+  name                  = "deployment-svc"
+  region                = "us-central1"
+  health_checks         = [google_compute_region_health_check.default.id]
+  protocol              = "UDP"
+  load_balancing_scheme = "INTERNAL"
+}
+
+resource "google_compute_forwarding_rule" "default" {
+  provider               = google-beta
+  name                   = "deployment-fr"
+  region                 = "us-central1"
+  network                = google_compute_network.default.name
+  subnetwork             = google_compute_subnetwork.default.name
+  backend_service        = google_compute_region_backend_service.default.id
+  load_balancing_scheme  = "INTERNAL"
+  ports                  = [6081]
+  ip_protocol            = "UDP"
+  is_mirroring_collector = true
+}
+
+resource "google_network_security_mirroring_deployment_group" "default" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "mirroring-deployment-group"
+  location                      = "global"
+  network                       = google_compute_network.default.id
+}
+
+resource "google_network_security_mirroring_deployment" "default" {
+  provider                   = google-beta
+  mirroring_deployment_id    = "mirroring-deployment"
+  location                   = "us-central1-a"
+  forwarding_rule            = google_compute_forwarding_rule.default.id
+  mirroring_deployment_group = google_network_security_mirroring_deployment_group.default.id
+}
+# [END networksecurity_mirroring_basic_producer]
