feat: Community Netapp Networking Components Enable #291 (#292)

frozentank · saschjmil · web-flow · commit c83a222d114b · 2025-07-30T15:24:27.000-04:00
* feat: Community Netapp Networking Components Enable * Adding support for a new community flag providing options to disable deployment of Netapp Networking Components Signed-off-by: Thomas M <frozentank@gmail.com> * Updating documentation #291 Adding an example of when the community_netapp_networking_components_enabled field should be set to false. Signed-off-by: Thomas M <frozentank@gmail.com> --------- Signed-off-by: Thomas M <frozentank@gmail.com> Co-authored-by: Chris Miller <53184971+saschjmil@users.noreply.github.com>
diff --git a/docs/community/community-config-vars.md b/docs/community/community-config-vars.md
@@ -9,7 +9,10 @@ Community contributed configuration variables are listed in the tables below. Th
 
 ## Table of Contents
 
-* [Community Feature](#community_feature)
+- [Community-Contributed Configuration Variables](#community-contributed-configuration-variables)
+  - [Table of Contents](#table-of-contents)
+  - [Community Feature](#community-feature)
+  - [Netapp Networking Components Enabled](#netapp-networking-components-enabled)
 
 <a name="community_feature"></a>
 ## Community Feature
@@ -22,4 +25,17 @@ Here is a table with the variables you would use to configure it
 
 | Name | Description | Type | Default | Release Added | Notes |
 | :--- | ---: | ---: | ---: | ---: | ---: |
-| community_enable_community_feature | Enable community feature | bool | false | vMajor.Minor.Patch | |
+| community_enable_community_feature | Enable community feature | bool | false | vMajor.Minor.Patch | |
+
+<a name="netapp_networking_components_enabled"></a>
+## Netapp Networking Components Enabled
+
+Netapp Networking Components Enabling allows for control of the deployment of Netapp networking components when deploying HA with Netapp Volumes as the backend. This leaves the expectation that the Network Peering and IP ranges for Netapp have already been configured for the subscription and this Terraform project is just deploying some extra volumes. 
+
+An example case where this would be necessary: two clusters using HA with Netapp Volumes are being deployed to the same project. In this case, the first cluster will be able to register the private IP range and the peering. The second cluster will need to disable the deployment of these components.
+
+There are no checks that the Netapp Peering and IP Ranges have been properly configured. That is left to the Terraform Apply to detect any deployment issues or the usability of the resulting platform to determine any permission issues.
+
+| Name | Description | Type | Default | Release Added | Notes |
+| :--- | ---: | ---: | ---: | ---: | ---: |
+| community_netapp_networking_components_enabled | Enable Netapp networking components | bool | true | v7.6.3 | |
diff --git a/main.tf b/main.tf
@@ -319,4 +319,6 @@ module "google_netapp" {
   volume_path        = "${var.prefix}-${var.netapp_volume_path}"
   allowed_clients    = join(",", [local.gke_subnet_cidr, local.misc_subnet_cidr])
   depends_on         = [ module.gke ]
+
+  community_netapp_networking_components_enabled = var.community_netapp_networking_components_enabled
 }
diff --git a/modules/google_netapp/main.tf b/modules/google_netapp/main.tf
@@ -7,6 +7,8 @@
 
 # Reserve compute address CIDR for NetApp Volumes to use
 resource "google_compute_global_address" "private_ip_alloc" {
+  count         = var.community_netapp_networking_components_enabled ? 1 : 0
+
   name          = "${var.network}-ip-range"
   purpose       = "VPC_PEERING"
   address_type  = "INTERNAL"
@@ -17,16 +19,20 @@ resource "google_compute_global_address" "private_ip_alloc" {
 
 # Create the PSA peering
 resource "google_service_networking_connection" "default" {
+  count         = var.community_netapp_networking_components_enabled ? 1 : 0
+
   network                 = var.network
   service                 = "netapp.servicenetworking.goog"
-  reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
+  reserved_peering_ranges = [google_compute_global_address.private_ip_alloc[0].name]
 
   deletion_policy = "ABANDON"
 }
 
 # Modify the PSA Connection to allow import/export of custom routes
 resource "google_compute_network_peering_routes_config" "route_updates" {
-  peering = google_service_networking_connection.default.peering
+  count         = var.community_netapp_networking_components_enabled ? 1 : 0
+
+  peering = google_service_networking_connection.default[0].peering
   network = var.network
 
   import_custom_routes = true
diff --git a/modules/google_netapp/variables.tf b/modules/google_netapp/variables.tf
@@ -52,3 +52,10 @@ variable "netapp_subnet_cidr" {
   type        = string
   default     = "192.168.5.0/24"
 }
+
+# Community Contribution
+variable "community_netapp_networking_components_enabled" {
+  description = "Community Contribution. Enable/Disable the deployment of Networking components for Netapp resources. Enabled by default."
+  type        = bool
+  default     = true
+}
diff --git a/test/nondefaultplan/netapp_test.go b/test/nondefaultplan/netapp_test.go
@@ -0,0 +1,80 @@
+// Copyright © 2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package nondefaultplan
+
+import (
+	"test/helpers"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// Test the default variables when using the sample-input-defaults.tfvars file
+// with storage_type set to "ha". This should engage the Azure NetApp Files module,
+// with the default values as tested herein.
+func TestPlanNetApp(t *testing.T) {
+	t.Parallel()
+
+	variables := helpers.GetDefaultPlanVars(t)
+	variables["prefix"] = "net-app"
+	variables["storage_type"] = "ha"
+	variables["storage_type_backend"] = "netapp"
+
+	tests := map[string]helpers.TestCase{
+		"poolExists": {
+			Expected:          `nil`,
+			ResourceMapName:   "module.google_netapp[0].google_netapp_storage_pool.netapp-tf-pool",
+			AttributeJsonPath: "{$}",
+			AssertFunction:    assert.NotEqual,
+		},
+		"poolServiceLevel": {
+			Expected:          `PREMIUM`,
+			ResourceMapName:   "module.google_netapp[0].google_netapp_storage_pool.netapp-tf-pool",
+			AttributeJsonPath: "{$.service_level}",
+		},
+		"capactityGib": {
+			Expected:          `2048`,
+			ResourceMapName:   "module.google_netapp[0].google_netapp_storage_pool.netapp-tf-pool",
+			AttributeJsonPath: "{$.capacity_gib}",
+		},
+		"volumeExists": {
+			Expected:          `nil`,
+			ResourceMapName:   "module.google_netapp[0].google_netapp_volume.netapp-nfs-volume",
+			AttributeJsonPath: "{$}",
+			AssertFunction:    assert.NotEqual,
+		},
+		"volumeProtocols": {
+			Expected:          `["NFSV3"]`,
+			ResourceMapName:   "module.google_netapp[0].google_netapp_volume.netapp-nfs-volume",
+			AttributeJsonPath: "{$.protocols}",
+			AssertFunction:    assert.Contains,
+		},
+		"shareName": {
+			Expected:          `net-app-export`,
+			ResourceMapName:   "module.google_netapp[0].google_netapp_volume.netapp-nfs-volume",
+			AttributeJsonPath: "{$.share_name}",
+		},
+		"communityNetappPrivateIpAllocEnabled": {
+			Expected:          `nil`,
+			ResourceMapName:   "module.google_netapp[0].google_compute_global_address.private_ip_alloc[0]",
+			AttributeJsonPath: "{$}",
+			AssertFunction:    assert.NotEqual,
+		},
+		"communityNetappRouteUpdatesEnabled": {
+			Expected:          `nil`,
+			ResourceMapName:   "module.google_netapp[0].google_compute_network_peering_routes_config.route_updates[0]",
+			AttributeJsonPath: "{$}",
+			AssertFunction:    assert.NotEqual,
+		},
+		"communityNetappServiceNetworkingConnectionEnabled": {
+			Expected:          `nil`,
+			ResourceMapName:   "module.google_netapp[0].google_service_networking_connection.default[0]",
+			AttributeJsonPath: "{$}",
+			AssertFunction:    assert.NotEqual,
+		},
+	}
+
+	plan := helpers.GetPlan(t, variables)
+	helpers.RunTests(t, tests, plan)
+}
diff --git a/variables.tf b/variables.tf
@@ -604,4 +604,15 @@ variable "cluster_node_pool_mode" {
   description = "Flag for predefined cluster node configurations - Values : default, minimal"
   type        = string
   default     = "default"
+}
+
+# Community Contribution
+# Disabling this feature will prevent the deployment of a new private IP range and network peeering when utilizing
+# HA storage with Netapp Volumes. This should be utilized when a project has pre-existing networking components that 
+# include the network peering configuration for Netapp. Otherwise, this feature should remain a True to allow the 
+# networking configuration to be deployed.
+variable "community_netapp_networking_components_enabled" {
+  description = "Community Contribution. Enable/Disable the deployment of Networking components for Netapp resources. Enabled by default."
+  type        = bool
+  default     = true
 }

Original file line number	Diff line number	Diff line change
`@@ -319,4 +319,6 @@ module "google_netapp" {`
`319`	`319`	`volume_path = "${var.prefix}-${var.netapp_volume_path}"`
`320`	`320`	`allowed_clients = join(",", [local.gke_subnet_cidr, local.misc_subnet_cidr])`
`321`	`321`	`depends_on = [ module.gke ]`
	`322`	`+`
	`323`	`+ community_netapp_networking_components_enabled = var.community_netapp_networking_components_enabled`
`322`	`324`	`}`