feat: Add beta provider support for routes and subnets (#124)

Fixes #68

Author: nick4fake

.kitchen.yml

@@ -147,3 +147,16 @@ suites:
           backend: local
           controls:
             - gcloud
+  - name: "ilb_routing"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/ilb_routing/
+    verifier:
+      name: terraform
+      color: true
+      systems:
+        - name: local
+          backend: local
+          controls:
+            - gcloud

examples/ilb_routing/README.md

@@ -0,0 +1,33 @@
+# ILB routing example
+
+This example configures a single VPC inside of a project.
+
+This VPC has three subnets and a forwarding rule. Please note, that this is simply example resource usage, this module
+wouldn't work as is.
+
+More information:
+- https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop
+- https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| network\_name | The name of the VPC network being created | string | n/a | yes |
+| project\_id | The project ID to host the network in | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| forwarding\_rule | Forwarding rule link |
+| network\_name | The name of the VPC being created |
+| network\_self\_link | The URI of the VPC being created |
+| project\_id | VPC project id |
+| route\_names | The routes associated with this VPC |
+| subnets\_ips | The IP and cidrs of the subnets being created |
+| subnets\_names | The names of the subnets being created |
+| subnets\_regions | The region where subnets will be created |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/ilb_routing/main.tf

@@ -0,0 +1,127 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  version = "~> 2.19.0"
+}
+
+provider "google-beta" {
+  version = "~> 2.19.0"
+}
+
+provider "null" {
+  version = "~> 2.1"
+}
+
+module "vpc" {
+  source       = "../../modules/vpc"
+  network_name = var.network_name
+  project_id   = var.project_id
+}
+
+module "subnets" {
+  source       = "../../modules/subnets-beta"
+  project_id   = var.project_id
+  network_name = module.vpc.network_name
+
+  subnets = [
+    {
+      subnet_name   = "${var.network_name}-subnet"
+      subnet_ip     = "10.10.10.0/24"
+      subnet_region = "us-west1"
+    },
+    {
+      subnet_name   = "${var.network_name}-subnet-01"
+      subnet_ip     = "10.20.10.0/24"
+      subnet_region = "us-west1"
+      purpose       = "INTERNAL_HTTPS_LOAD_BALANCER"
+      role          = "ACTIVE"
+    }
+  ]
+}
+
+module "subnets-backup" {
+  source       = "../../modules/subnets-beta"
+  project_id   = var.project_id
+  network_name = module.vpc.network_name
+
+  subnets = [
+    {
+      subnet_name   = "${var.network_name}-subnet-02"
+      subnet_ip     = "10.20.20.0/24"
+      subnet_region = "us-west1"
+      purpose       = "INTERNAL_HTTPS_LOAD_BALANCER"
+      role          = "BACKUP"
+    }
+  ]
+
+  module_depends_on = [module.subnets.subnets]
+}
+
+resource "google_compute_health_check" "this" {
+  project            = var.project_id
+  name               = "${var.network_name}-test"
+  check_interval_sec = 1
+  timeout_sec        = 1
+
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_region_backend_service" "this" {
+  project       = var.project_id
+  name          = "${var.network_name}-test"
+  region        = "us-west1"
+  health_checks = [google_compute_health_check.this.self_link]
+}
+
+resource "google_compute_forwarding_rule" "this" {
+  project = var.project_id
+  name    = "${var.network_name}-fw-role"
+
+  network               = module.vpc.network_name
+  subnetwork            = module.subnets.subnets["us-west1/${var.network_name}-subnet"].name
+  backend_service       = google_compute_region_backend_service.this.self_link
+  region                = "us-west1"
+  load_balancing_scheme = "INTERNAL"
+  all_ports             = true
+}
+
+module "routes" {
+  source       = "../../modules/routes-beta"
+  project_id   = var.project_id
+  network_name = module.vpc.network_name
+  routes_count = 2
+
+  routes = [
+    {
+      name              = "${var.network_name}-egress-inet"
+      description       = "route through IGW to access internet"
+      destination_range = "0.0.0.0/0"
+      tags              = "egress-inet"
+      next_hop_internet = "true"
+    },
+    {
+      name              = "${var.network_name}-ilb"
+      description       = "route through ilb"
+      destination_range = "10.10.20.0/24"
+      next_hop_ilb      = google_compute_forwarding_rule.this.self_link
+    },
+  ]
+
+  module_depends_on = [module.subnets.subnets, module.subnets-backup.subnets]
+}

examples/ilb_routing/outputs.tf

@@ -0,0 +1,55 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "network_name" {
+  value       = module.vpc.network_name
+  description = "The name of the VPC being created"
+}
+
+output "network_self_link" {
+  value       = module.vpc.network_self_link
+  description = "The URI of the VPC being created"
+}
+
+output "project_id" {
+  value       = module.vpc.project_id
+  description = "VPC project id"
+}
+
+output "subnets_names" {
+  value       = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.name]
+  description = "The names of the subnets being created"
+}
+
+output "subnets_ips" {
+  value       = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.ip_cidr_range]
+  description = "The IP and cidrs of the subnets being created"
+}
+
+output "subnets_regions" {
+  value       = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.region]
+  description = "The region where subnets will be created"
+}
+
+output "route_names" {
+  value       = [for route in module.routes.routes : route.name]
+  description = "The routes associated with this VPC"
+}
+
+output "forwarding_rule" {
+  value       = google_compute_forwarding_rule.this.self_link
+  description = "Forwarding rule link"
+}

examples/ilb_routing/variables.tf

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to host the network in"
+}
+
+variable "network_name" {
+  description = "The name of the VPC network being created"
+}

examples/ilb_routing/versions.tf

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = "~> 0.12.6"
+}

modules/routes-beta/README.md

@@ -0,0 +1,91 @@
+# Terraform Network Beta Module
+
+This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes.
+
+It supports creating:
+
+- Routes within vpc network.
+- Optionally deletes the default internet gateway routes.
+
+It also uses google beta provider to support the following resource fields:
+
+-  google_compute_route.next_hop_ilb
+
+## Usage
+
+Basic usage of this submodule is as follows:
+
+```hcl
+module "vpc" {
+    source  = "terraform-google-modules/network/google//modules/routes-beta"
+    version = "~> 2.0.0"
+
+    project_id   = "<PROJECT ID>"
+    network_name = "example-vpc"
+
+    delete_default_internet_gateway_routes = false
+
+    routes = [
+        {
+            name                   = "egress-internet"
+            description            = "route through IGW to access internet"
+            destination_range      = "0.0.0.0/0"
+            tags                   = "egress-inet"
+            next_hop_internet      = "true"
+        },
+        {
+            name                   = "app-proxy"
+            description            = "route through proxy to reach app"
+            destination_range      = "10.50.10.0/24"
+            tags                   = "app-proxy"
+            next_hop_instance      = "app-proxy-instance"
+            next_hop_instance_zone = "us-west1-a"
+        },
+        {
+            name                   = "test-proxy"
+            description            = "route through idp to reach app"
+            destination_range      = "10.50.10.0/24"
+            tags                   = "app-proxy"
+            next_hop_ilb           = var.ilb_link
+        },
+    ]
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no |
+| module\_depends\_on | List of modules or resources this module depends on. | list | `<list>` | no |
+| network\_name | The name of the network where routes will be created | string | n/a | yes |
+| project\_id | The ID of the project where the routes will be created | string | n/a | yes |
+| routes | List of routes being created in this VPC | list(map(string)) | `<list>` | no |
+| routes\_count | Amount of routes being created in this VPC | number | `"0"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| routes | The created routes resources |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+
+### Routes Input
+
+The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references):
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| name | The name of the route being created  | string | - | no |
+| description | The description of the route being created | string | - | no |
+| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes |
+| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes
+| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes |
+| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes |
+| next\_hop\_instance |  URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes |
+| next\_hop\_instance\_zone |  The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no |
+| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes |
+| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes |