feat: Composer module improvement (#12)

* feat: composer module

* feat: cloud composer module improvement

* fix: white spaces

* fix: fmt

* fix: test modules

* fix: test modules

* feat: readme

* feat: cloud composer module improvement

* fix: Vpc native

* feat: Makefile + tests

* feat: additional resources for testing.

* fix: provider version

Author: diegolnasc

README.md

@@ -19,6 +19,8 @@ module "composer" {
   region            = "us-central1"
   composer_env_name = "composer-env-test"
   composer_sa       = "project-service-account@<PROJECT_ID>.iam.gserviceaccount.com"
+  network           = "test-network"
+  subnetwork        = "composer-subnet"
 }
 ```
 
@@ -31,9 +33,10 @@ Functional examples are included in the
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | composer\_env\_name | Name of Cloud Composer Environment | `string` | n/a | yes |
-| composer\_sa | Service Account to be used for running Cloud Composer Environment. | `string` | n/a | yes |
+| network | Network where Cloud Composer is created. | `string` | n/a | yes |
 | project\_id | Project ID where Cloud Composer Environment is created. | `string` | n/a | yes |
 | region | Region where the Cloud Composer Environment is created. | `string` | n/a | yes |
+| subnetwork | Subetwork where Cloud Composer is created. | `string` | n/a | yes |
 
 ## Outputs
 

examples/simple_composer_env/README.md

@@ -9,8 +9,12 @@ This example illustrates how to use the `composer` module.
 |------|-------------|------|---------|:--------:|
 | composer\_env\_name | Name of Cloud Composer Environment. | `string` | n/a | yes |
 | composer\_service\_account | Service Account to be used for running Cloud Composer Environment. | `string` | n/a | yes |
+| network | Network where Cloud Composer is created. | `string` | n/a | yes |
+| pod\_ip\_allocation\_range\_name | The name of the cluster's secondary range used to allocate IP addresses to pods. | `string` | n/a | yes |
 | project\_id | Project ID where Cloud Composer Environment is created. | `string` | n/a | yes |
 | region | Region where Cloud Composer Environment is created. | `string` | n/a | yes |
+| service\_ip\_allocation\_range\_name | The name of the services' secondary range used to allocate IP addresses to the cluster. | `string` | n/a | yes |
+| subnetwork | Subetwork where Cloud Composer is created. | `string` | n/a | yes |
 
 ## Outputs
 

examples/simple_composer_env/main.tf

@@ -28,9 +28,13 @@ provider "google-beta" {
 module "simple-composer-environment" {
   source = "../../modules/create_environment"
 
-  project_id        = var.project_id
-  composer_env_name = var.composer_env_name
-  region            = var.region
-
-  composer_service_account = var.composer_service_account
+  project_id                       = var.project_id
+  composer_env_name                = var.composer_env_name
+  region                           = var.region
+  composer_service_account         = var.composer_service_account
+  network                          = var.network
+  subnetwork                       = var.subnetwork
+  use_ip_aliases                   = true
+  pod_ip_allocation_range_name     = var.pod_ip_allocation_range_name
+  service_ip_allocation_range_name = var.service_ip_allocation_range_name
 }

examples/simple_composer_env/variables.tf

@@ -33,3 +33,23 @@ variable "composer_service_account" {
   description = "Service Account to be used for running Cloud Composer Environment."
   type        = string
 }
+
+variable "network" {
+  description = "Network where Cloud Composer is created."
+  type        = string
+}
+
+variable "subnetwork" {
+  description = "Subetwork where Cloud Composer is created."
+  type        = string
+}
+
+variable "pod_ip_allocation_range_name" {
+  description = "The name of the cluster's secondary range used to allocate IP addresses to pods."
+  type        = string
+}
+
+variable "service_ip_allocation_range_name" {
+  type        = string
+  description = "The name of the services' secondary range used to allocate IP addresses to the cluster."
+}

main.tf

@@ -17,8 +17,9 @@
 module "composer-environment" {
   source = "./modules/create_environment"
 
-  project_id               = var.project_id
-  composer_env_name        = var.composer_env_name
-  region                   = var.region
-  composer_service_account = var.composer_sa
+  project_id        = var.project_id
+  composer_env_name = var.composer_env_name
+  region            = var.region
+  network           = var.network
+  subnetwork        = var.subnetwork
 }

modules/create_environment/README.md

@@ -16,11 +16,8 @@ module "composer" {
     node_config {
       zone         = "us-central1-f"
       machine_type = "n1-standard-1"
-
       network    = "test-network"
       subnetwork = "test-subnetwork"
-
-      service_account = [email protected]
     }
   }
 }
@@ -30,15 +27,32 @@ module "composer" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| airflow\_config\_overrides | Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example "core-dags\_are\_paused\_at\_creation". | `map(string)` | `{}` | no |
+| cloud\_sql\_ipv4\_cidr | The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. | `string` | `null` | no |
 | composer\_env\_name | Name of Cloud Composer Environment | `string` | n/a | yes |
-| composer\_service\_account | Service Account for running Cloud Composer. | `string` | n/a | yes |
-| ip\_cidr\_range | CIDR range for the Cloud Composer Subnet. | `string` | `"10.0.0.0/14"` | no |
+| composer\_service\_account | Service Account for running Cloud Composer. | `string` | `null` | no |
+| disk\_size | The disk size for nodes. | `string` | `"100"` | no |
+| enable\_private\_endpoint | Configure public access to the cluster endpoint. | `bool` | `false` | no |
+| env\_variables | Variables of the airflow environment. | `map(string)` | `{}` | no |
+| image\_version | The version of the aiflow running in the cloud composer environment. | `string` | `null` | no |
+| labels | The resource labels (a map of key/value pairs) to be applied to the Cloud Composer. | `map(string)` | `{}` | no |
 | machine\_type | Machine type of Cloud Composer nodes. | `string` | `"n1-standard-8"` | no |
-| network\_name | Name of network created for Cloud Composer Environment. | `string` | `"composer-network-01"` | no |
+| master\_ipv4\_cidr | The CIDR block from which IP range in tenant project will be reserved for the master. | `string` | `null` | no |
+| network | The VPC network to host the composer cluster. | `string` | n/a | yes |
+| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
 | node\_count | Number of worker nodes in Cloud Composer Environment. | `number` | `3` | no |
+| oauth\_scopes | Google API scopes to be made available on all node. | `set(string)` | <pre>[<br>  "https://www.googleapis.com/auth/cloud-platform"<br>]</pre> | no |
+| pod\_ip\_allocation\_range\_name | The name of the cluster's secondary range used to allocate IP addresses to pods. | `string` | `null` | no |
 | project\_id | Project ID where Cloud Composer Environment is created. | `string` | n/a | yes |
+| pypi\_packages | Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. "numpy"). | `map(string)` | `{}` | no |
+| python\_version | The default version of Python used to run the Airflow scheduler, worker, and webserver processes. | `string` | `"3"` | no |
 | region | Region where the Cloud Composer Environment is created. | `string` | `"us-central1"` | no |
-| subnet\_name | Name of subnetwork created for Cloud Composer Environment. | `string` | `"composer-subnet-01"` | no |
+| service\_ip\_allocation\_range\_name | The name of the services' secondary range used to allocate IP addresses to the cluster. | `string` | `null` | no |
+| subnetwork | The subnetwork to host the composer cluster. | `string` | n/a | yes |
+| subnetwork\_region | The subnetwork region of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| tags | Tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls. | `set(string)` | `[]` | no |
+| use\_ip\_aliases | Enable Alias IPs in the GKE cluster. If true, a VPC-native cluster is created. | `bool` | `false` | no |
+| web\_server\_ipv4\_cidr | The CIDR block from which IP range in tenant project will be reserved for the web server. | `string` | `null` | no |
 | zone | Zone where the Cloud Composer nodes are created. | `string` | `"us-central1-f"` | no |
 
 ## Outputs

modules/create_environment/main.tf

@@ -14,36 +14,72 @@
  * limitations under the License.
  */
 
+locals {
+  network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
+  subnetwork_region  = var.subnetwork_region != "" ? var.subnetwork_region : join("-", slice(split("-", var.zone), 0, 2))
+}
+
 resource "google_composer_environment" "composer_env" {
   project = var.project_id
   name    = var.composer_env_name
   region  = var.region
+  labels  = var.labels
 
   config {
     node_count = var.node_count
 
     node_config {
-      zone         = var.zone
-      machine_type = var.machine_type
-
-      network    = google_compute_network.composer_network.name
-      subnetwork = google_compute_subnetwork.composer_subnetwork.name
-
+      zone            = var.zone
+      machine_type    = var.machine_type
+      network         = "projects/${local.network_project_id}/global/networks/${var.network}"
+      subnetwork      = "projects/${local.network_project_id}/regions/${local.subnetwork_region}/subnetworks/${var.subnetwork}"
       service_account = var.composer_service_account
+      disk_size_gb    = var.disk_size
+      oauth_scopes    = var.oauth_scopes
+      tags            = var.tags
+
+      dynamic "ip_allocation_policy" {
+        for_each = var.use_ip_aliases ? [1] : []
+        content {
+          use_ip_aliases                = var.use_ip_aliases
+          cluster_secondary_range_name  = var.pod_ip_allocation_range_name
+          services_secondary_range_name = var.service_ip_allocation_range_name
+        }
+      }
     }
-  }
-}
 
-resource "google_compute_network" "composer_network" {
-  project                 = var.project_id
-  name                    = var.network_name
-  auto_create_subnetworks = false
-}
+    dynamic "private_environment_config" {
+      for_each = var.use_ip_aliases ? [
+        {
+          enable_private_endpoint    = var.enable_private_endpoint
+          cloud_sql_ipv4_cidr_block  = var.cloud_sql_ipv4_cidr
+          web_server_ipv4_cidr_block = var.web_server_ipv4_cidr
+          master_ipv4_cidr_block     = var.master_ipv4_cidr
+      }] : []
+      content {
+        enable_private_endpoint    = private_environment_config.value["enable_private_endpoint"]
+        cloud_sql_ipv4_cidr_block  = private_environment_config.value["cloud_sql_ipv4_cidr_block"]
+        web_server_ipv4_cidr_block = private_environment_config.value["web_server_ipv4_cidr_block"]
+        master_ipv4_cidr_block     = private_environment_config.value["master_ipv4_cidr_block"]
+      }
+    }
 
-resource "google_compute_subnetwork" "composer_subnetwork" {
-  project       = var.project_id
-  name          = var.subnet_name
-  ip_cidr_range = var.ip_cidr_range
-  region        = var.region
-  network       = google_compute_network.composer_network.self_link
+    dynamic "software_config" {
+      for_each = var.python_version != "" ? [
+        {
+          airflow_config_overrides = var.airflow_config_overrides
+          env_variables            = var.env_variables
+          image_version            = var.image_version
+          pypi_packages            = var.pypi_packages
+          python_version           = var.python_version
+      }] : []
+      content {
+        airflow_config_overrides = software_config.value["airflow_config_overrides"]
+        env_variables            = software_config.value["env_variables"]
+        image_version            = software_config.value["image_version"]
+        pypi_packages            = software_config.value["pypi_packages"]
+        python_version           = software_config.value["python_version"]
+      }
+    }
+  }
 }

modules/create_environment/variables.tf

@@ -30,6 +30,34 @@ variable "region" {
   default     = "us-central1"
 }
 
+variable "labels" {
+  type        = map(string)
+  description = "The resource labels (a map of key/value pairs) to be applied to the Cloud Composer."
+  default     = {}
+}
+
+variable "network" {
+  type        = string
+  description = "The VPC network to host the composer cluster."
+}
+
+variable "network_project_id" {
+  type        = string
+  description = "The project ID of the shared VPC's host (for shared vpc support)"
+  default     = ""
+}
+
+variable "subnetwork" {
+  type        = string
+  description = "The subnetwork to host the composer cluster."
+}
+
+variable "subnetwork_region" {
+  type        = string
+  description = "The subnetwork region of the shared VPC's host (for shared vpc support)"
+  default     = ""
+}
+
 variable "zone" {
   description = "Zone where the Cloud Composer nodes are created."
   type        = string
@@ -48,25 +76,98 @@ variable "machine_type" {
   default     = "n1-standard-8"
 }
 
-variable "network_name" {
-  description = "Name of network created for Cloud Composer Environment."
+variable "composer_service_account" {
+  description = "Service Account for running Cloud Composer."
   type        = string
-  default     = "composer-network-01"
+  default     = null
 }
 
-variable "subnet_name" {
-  description = "Name of subnetwork created for Cloud Composer Environment."
+variable "disk_size" {
+  description = "The disk size for nodes."
   type        = string
-  default     = "composer-subnet-01"
+  default     = "100"
+}
+
+variable "oauth_scopes" {
+  description = "Google API scopes to be made available on all node."
+  type        = set(string)
+  default     = ["https://www.googleapis.com/auth/cloud-platform"]
 }
 
-variable "ip_cidr_range" {
-  description = "CIDR range for the Cloud Composer Subnet."
+variable "tags" {
+  description = "Tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls."
+  type        = set(string)
+  default     = []
+}
+
+variable "use_ip_aliases" {
+  description = "Enable Alias IPs in the GKE cluster. If true, a VPC-native cluster is created."
+  type        = bool
+  default     = false
+}
+
+variable "pod_ip_allocation_range_name" {
+  description = "The name of the cluster's secondary range used to allocate IP addresses to pods."
   type        = string
-  default     = "10.0.0.0/14"
+  default     = null
 }
 
-variable "composer_service_account" {
-  description = "Service Account for running Cloud Composer."
+variable "service_ip_allocation_range_name" {
   type        = string
+  description = "The name of the services' secondary range used to allocate IP addresses to the cluster."
+  default     = null
+}
+
+variable "airflow_config_overrides" {
+  type        = map(string)
+  description = "Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\"."
+  default     = {}
+}
+
+variable "env_variables" {
+  type        = map(string)
+  description = "Variables of the airflow environment."
+  default     = {}
+}
+
+variable "image_version" {
+  type        = string
+  description = "The version of the aiflow running in the cloud composer environment."
+  default     = null
+}
+
+variable "pypi_packages" {
+  type        = map(string)
+  description = " Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\")."
+  default     = {}
+}
+
+variable "python_version" {
+  description = "The default version of Python used to run the Airflow scheduler, worker, and webserver processes."
+  type        = string
+  default     = "3"
+}
+
+variable "cloud_sql_ipv4_cidr" {
+  description = "The CIDR block from which IP range in tenant project will be reserved for Cloud SQL."
+  type        = string
+  default     = null
+}
+
+variable "web_server_ipv4_cidr" {
+  description = "The CIDR block from which IP range in tenant project will be reserved for the web server."
+  type        = string
+  default     = null
+}
+
+variable "master_ipv4_cidr" {
+  description = "The CIDR block from which IP range in tenant project will be reserved for the master."
+  type        = string
+  default     = null
+}
+
+variable "enable_private_endpoint" {
+  description = "Configure public access to the cluster endpoint."
+  type        = bool
+  default     = false
 }

test/fixtures/simple-composer-env/main.tf

@@ -17,10 +17,14 @@
 module "simple-composer" {
   source = "../../../examples/simple_composer_env"
 
-  project_id               = var.project_id
-  composer_env_name        = "composer-env-${random_id.random_suffix.hex}"
-  region                   = "us-central1"
-  composer_service_account = var.composer_sa
+  project_id                       = var.project_id
+  composer_env_name                = "composer-env-${random_id.random_suffix.hex}"
+  region                           = var.region
+  composer_service_account         = var.composer_sa
+  network                          = google_compute_network.main.name
+  subnetwork                       = google_compute_subnetwork.main.name
+  pod_ip_allocation_range_name     = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+  service_ip_allocation_range_name = google_compute_subnetwork.main.secondary_ip_range[1].range_name
 }
 
 resource "random_id" "random_suffix" {