add sub-module for valkey

Author: imrannayer

.terraform.lock

@@ -1,7 +1,11 @@
 # Google Cloud Memorystore Terraform Module
 [terraform registry](https://registry.terraform.io/modules/terraform-google-modules/memorystore/google/)
 
-A Terraform module for creating a fully functional Google Memorystore Redis instance. For Memcache and Redis Cluster see [sub-modules](./modules/)
+A Terraform module for creating a fully functional Google Memorystore Redis instance. For other memory store engine use [sub-modules](https://github.com/terraform-google-modules/terraform-google-memorystore/tree/master/modules).
+
+- Memcache [sub-modules](https://github.com/terraform-google-modules/terraform-google-memorystore/tree/master/modules/memcache)
+- Redis Cluster [sub-modules](https://github.com/terraform-google-modules/terraform-google-memorystore/tree/master/modules/redis-cluster)
+- Valkey [sub-modules](https://github.com/terraform-google-modules/terraform-google-memorystore/tree/master/modules/valkey)
 
 ## Compatibility
 This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3+. If you find incompatibilities using Terraform >=1.3, please open an issue.
@@ -19,7 +23,7 @@ Current version is 11.0. Upgrade guides:
 
 ## Usage
 
-Check the [examples/](./examples/) directory for more.
+Check the [examples/](https://github.com/terraform-google-modules/terraform-google-memorystore/tree/master/examples) directory for more.
 
 ```hcl
 module "memorystore" {

README.md

@@ -0,0 +1,27 @@
+# Valkey Test
+
+This test will create a new valkey cluster.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | Google cloud project id to create valkey cluster. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| authorization\_mode | The valkey cluster authorization mode |
+| cluster | The valkey cluster created |
+| cluster\_id | The valkey cluster instance ID |
+| cluster\_name | The valkey cluster name |
+| cluster\_region | The valkey cluster region |
+| node\_type | The valkey cluster node type |
+| replica\_count | The valkey cluster replica count |
+| shard\_count | The valkey cluster shard count |
+| size\_gb | The valkey cluster size |
+| transit\_encryption\_mode | The valkey cluster transit encryption mode |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/valkey/README.md

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+## Enable Service Identity and assign Network Connectivity Service Agent role
+## https://cloud.google.com/vpc/docs/configure-service-connection-policies#configure-service-project
+
+resource "google_project_service_identity" "network_connectivity_sa" {
+  provider = google-beta
+
+  project = var.project_id
+  service = "networkconnectivity.googleapis.com"
+}
+
+resource "google_project_iam_member" "network_connectivity_sa" {
+  project = var.project_id
+  role    = "roles/networkconnectivity.serviceAgent"
+  member  = "serviceAccount:${google_project_service_identity.network_connectivity_sa.email}"
+}

examples/valkey/iam.tf

@@ -0,0 +1,74 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "enable_apis" {
+  source  = "terraform-google-modules/project-factory/google//modules/project_services"
+  version = "~> 17.0"
+
+  project_id  = var.project_id
+  enable_apis = true
+
+  disable_services_on_destroy = false
+  disable_dependent_services  = false
+
+  activate_apis = [
+    "memorystore.googleapis.com",
+    "serviceconsumermanagement.googleapis.com",
+    "networkconnectivity.googleapis.com",
+    "compute.googleapis.com",
+  ]
+}
+
+
+module "valkey_cluster" {
+  source  = "terraform-google-modules/memorystore/google//modules/valkey"
+  version = "~> 11.0"
+
+  instance_id                 = "test-valkey-cluster"
+  project                     = var.project_id
+  location                    = "us-central1"
+  node_type                   = "HIGHMEM_MEDIUM"
+  deletion_protection_enabled = false
+  engine_version              = "VALKEY_8_0"
+
+  network = local.network_name
+
+  service_connection_policies = {
+    test-net-valkey-cluster-scp = {
+      subnet_names = [
+        "valkey-subnet-100",
+        "valkey-subnet-101",
+      ]
+    }
+  }
+
+  persistence_config = {
+    mode = "RDB"
+    rdb_config = {
+      rdb_snapshot_period     = "ONE_HOUR"
+      rdb_snapshot_start_time = "2024-10-02T15:01:23Z"
+    }
+  }
+
+  engine_configs = {
+    maxmemory-policy = "volatile-ttl"
+  }
+
+  depends_on = [
+    module.test_vpc,
+    module.enable_apis,
+  ]
+}

examples/valkey/main.tf

@@ -0,0 +1,45 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  network_name = "test-valkey-network"
+}
+
+module "test_vpc" {
+  source       = "terraform-google-modules/network/google"
+  version      = "~> 9.2"
+  project_id   = var.project_id
+  network_name = local.network_name
+  mtu          = 1460
+
+  subnets = [
+    {
+      subnet_name   = "valkey-subnet-100"
+      subnet_ip     = "10.10.100.0/24"
+      subnet_region = "us-central1"
+    },
+    {
+      subnet_name   = "valkey-subnet-101"
+      subnet_ip     = "10.10.101.0/24"
+      subnet_region = "us-central1"
+    },
+    {
+      subnet_name   = "valkey-subnet-102"
+      subnet_ip     = "10.10.102.0/24"
+      subnet_region = "us-east1"
+    },
+  ]
+}

examples/valkey/network.tf

@@ -0,0 +1,65 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "cluster_id" {
+  description = "The valkey cluster instance ID"
+  value       = module.valkey_cluster.id
+}
+
+output "size_gb" {
+  description = "The valkey cluster size"
+  value       = module.valkey_cluster.valkey_cluster.node_config[0].size_gb
+}
+
+output "cluster_region" {
+  description = "The valkey cluster region"
+  value       = module.valkey_cluster.valkey_cluster.location
+}
+
+output "replica_count" {
+  description = "The valkey cluster replica count"
+  value       = module.valkey_cluster.valkey_cluster.replica_count
+}
+
+output "transit_encryption_mode" {
+  description = "The valkey cluster transit encryption mode"
+  value       = module.valkey_cluster.valkey_cluster.transit_encryption_mode
+}
+
+output "cluster_name" {
+  description = "The valkey cluster name"
+  value       = module.valkey_cluster.valkey_cluster.instance_id
+}
+
+output "shard_count" {
+  description = "The valkey cluster shard count"
+  value       = module.valkey_cluster.valkey_cluster.shard_count
+}
+
+output "authorization_mode" {
+  description = "The valkey cluster authorization mode"
+  value       = module.valkey_cluster.valkey_cluster.authorization_mode
+}
+
+output "node_type" {
+  description = "The valkey cluster node type"
+  value       = module.valkey_cluster.valkey_cluster.node_type
+}
+
+output "cluster" {
+  description = "The valkey cluster created"
+  value       = module.valkey_cluster
+}

examples/valkey/outputs.tf

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "Google cloud project id to create valkey cluster."
+  type        = string
+}

examples/valkey/variables.tf

@@ -0,0 +1,100 @@
+# Memorystore Valkey Terraform Module
+
+A Terraform module for creating Google [Memorystore for Valkey](https://cloud.google.com/memorystore/docs/valkey/product-overview). It can also create [service connection policies](https://cloud.google.com/vpc/docs/about-service-connection-policies). You can also create service connection policy outside of this module. If you are not creating service connection policy as part of this module then make sure they exist before creating valkey cluster. You can find more details [here](https://cloud.google.com/memorystore/docs/valkey/networking)
+
+## Compatibility
+This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3+. If you find incompatibilities using Terraform >=1.3, please open an issue.
+
+## Usage
+
+```
+module "valkey_cluster" {
+  source  = "terraform-google-modules/memorystore/google//modules/valkey"
+  version = "~> 11.0"
+
+  instance_id                 = "test-valkey-cluster"
+  project                     = var.project_id
+  location                    = "us-central1"
+  node_type                   = "HIGHMEM_MEDIUM"
+  deletion_protection_enabled = false
+  engine_version              = "VALKEY_8_0"
+
+  network         = "valkey-network"
+
+  service_connection_policies = {
+    test-net-valkey-cluster-scp = {
+      subnet_names = [
+        "valkey-subnet-100",
+        "valkey-subnet-101",
+      ]
+    }
+  }
+
+  engine_configs = {
+    maxmemory-policy = "volatile-ttl"
+  }
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| authorization\_mode | The Immutable. Authorization mode of the instance. Possible values: AUTH\_DISABLED IAM\_AUTH | `string` | `"AUTH_DISABLED"` | no |
+| deletion\_protection\_enabled | If set to true deletion of the instance will fail | `bool` | `true` | no |
+| enable\_apis | Flag for enabling memcache.googleapis.com in your project | `bool` | `false` | no |
+| engine\_configs | User-provided engine configurations for the instance | <pre>object({<br>    maxmemory               = optional(string)<br>    maxmemory-clients       = optional(string)<br>    maxmemory-policy        = optional(string)<br>    notify-keyspace-events  = optional(string)<br>    slowlog-log-slower-than = optional(number)<br>    maxclients              = optional(number)<br>  })</pre> | `null` | no |
+| engine\_version | Immutable. Engine version of the instance | `string` | `"VALKEY_8_0"` | no |
+| instance\_id | The ID to use for the instance, which will become the final component of the instance's resource name. Must be 4-63 characters in length with lowercase letters, digits, and hyphens. Must not end with a hyphen. Must be unique within a location | `string` | n/a | yes |
+| labels | The resource labels to represent user provided metadata. | `map(string)` | `{}` | no |
+| location | The region where valkey cluster will be created | `string` | n/a | yes |
+| network | Name of the consumer network where the network address of the discovery endpoint will be reserved | `string` | n/a | yes |
+| network\_project | project ID of the consumer network where the network address of the discovery endpoint will be reserved. Required for Shared VPC host | `string` | `null` | no |
+| node\_type | The nodeType for the valkey cluster. Possible values are: SHARED\_CORE\_NANO, HIGHMEM\_MEDIUM, HIGHMEM\_XLARGE, STANDARD\_SMALL | `string` | `null` | no |
+| persistence\_config | User-provided persistence configurations for the instance | <pre>object({<br>    mode = optional(string)<br>    rdb_config = optional(object({<br>      rdb_snapshot_period     = optional(string)<br>      rdb_snapshot_start_time = optional(string)<br>    }), null)<br>    aof_config = optional(object({<br>      append_fsync = string<br>    }), null)<br>  })</pre> | `{}` | no |
+| project | The ID of the project in which the resource belongs to. | `string` | n/a | yes |
+| replica\_count | Number of replica nodes per shard. If omitted the default is 0 replicas | `number` | `0` | no |
+| service\_connection\_policies | The Service Connection Policies to create. Required to create service connection policy. Not needed if service connection policy already exist | <pre>map(object({<br>    subnet_names = list(string)<br>    description  = optional(string)<br>    limit        = optional(number)<br>    labels       = optional(map(string), {})<br>  }))</pre> | `{}` | no |
+| shard\_count | Number of shards for the instance | `number` | `3` | no |
+| transit\_encryption\_mode | Immutable. In-transit encryption mode of the instance. Possible values: TRANSIT\_ENCRYPTION\_DISABLED SERVER\_AUTHENTICATION | `string` | `"TRANSIT_ENCRYPTION_DISABLED"` | no |
+| zone\_distribution\_config\_mode | The mode for zone distribution for Memorystore valkey cluster (Immutable). If not provided, MULTI\_ZONE will be used as default value. Possible values are: MULTI\_ZONE, SINGLE\_ZONE | `string` | `"MULTI_ZONE"` | no |
+| zone\_distribution\_config\_zone | The zone for single zone Memorystore valkey cluster (Immutable) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| discovery\_endpoints | Endpoints created on each given network, for valkey clients to connect to the cluster. Currently only one endpoint is supported |
+| id | The valkey cluster instance ID |
+| psc\_connections | PSC connections for discovery of the cluster topology and accessing the cluster |
+| valkey\_cluster | The valkey cluster created |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Requirements
+
+These sections describe requirements for using this module.
+
+### Software
+
+The following dependencies must be available:
+
+- [Terraform][terraform] v1.3+
+- [Terraform Provider for GCP][terraform-provider-gcp] plugin v6.3+
+
+### Service Account
+
+Following roles contain permissions to deploy resource.
+
+- Cloud Memorystore valkey Admin: `roles/memorystore.admin`
+- Compute Network Admin: `roles/compute.networkAdmin`
+
+### Enable API's
+In order to operate with the Service Account you must activate the following API on the project where the Service Account was created:
+
+- Memorystore for valkey API - `memorystore.googleapis.com`
+- Service Consumer Management API - `serviceconsumermanagement.googleapis.com`
+- Network Connectivity API - `networkconnectivity.googleapis.com`
+- Compute Engine API - `compute.googleapis.com`
+