├── CODEOWNERS ├── samples ├── x-iac-pipeline │ ├── .terraformignore │ ├── infra │ │ ├── .gcloudignore │ │ ├── setupRepo.sh │ │ └── environments │ │ │ └── poc │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ └── x-demo.tfvars │ ├── sample-architecture.png │ ├── sample-bootstrap-project.png │ ├── app │ │ ├── setupRepo.sh │ │ ├── httpbin │ │ │ ├── apiproxy │ │ │ │ ├── targets │ │ │ │ │ └── default.xml │ │ │ │ └── proxies │ │ │ │ │ └── default.xml │ │ │ └── pom.xml │ │ └── cloudbuild.yaml │ ├── x-demo.tfvars │ └── variables.tf ├── .DS_Store ├── x-nb-psc-mig-l7xlb │ ├── .DS_Store │ ├── sample-architecture.png │ └── x-demo.tfvars ├── x-multi-region │ ├── sample-architecture.png │ └── x-demo.tfvars ├── x-l4xlb-mtls │ ├── outputs.tf │ ├── setup.sh │ └── x-demo.tfvars ├── x-sb-psc │ ├── outputs.tf │ └── x-demo.tfvars ├── x-basic │ ├── x-demo.tfvars │ ├── main.tf │ └── variables.tf ├── x-non-vpc-peering │ ├── x-demo.tfvars │ └── variables.tf ├── x-l7xlb │ ├── x-demo.tfvars │ ├── main.tf │ └── variables.tf ├── x-dns-peering │ └── x-demo.tfvars ├── x-shared-vpc │ └── x-demo.tfvars ├── x-controlled-internet-egress │ └── x-demo.tfvars ├── x-nb-psc-xlb │ └── x-demo.tfvars ├── x-ilb-mtls │ └── x-demo.tfvars ├── x-transitive-peering │ └── x-demo.tfvars └── x-nb-psc-l7ilb │ └── x-demo.tfvars ├── .DS_Store ├── tests ├── requirements.txt ├── .DS_Store ├── __init__.py ├── samples │ ├── __init__.py │ ├── test_iac_pipeline.py │ ├── test_x_basic.py │ ├── test_ilb_mtls.py │ ├── test_transtive_peering.py │ ├── test_l7xlb.py │ ├── test_shared_vpc.py │ ├── test_multi_region.py │ ├── test_l4xlb_mtls.py │ ├── test_dns_peering.py │ ├── test_nb_psc_xlb.py │ ├── test_x_non_vpc_peering.py │ ├── utils.py │ ├── test_sb_psc.py │ ├── test_nb_psc_mig_l7xlb.py │ └── test_controlled_internet_egress.py └── conftest.py ├── .github ├── actions │ ├── tftest │ │ ├── requirements.txt │ │ ├── fake-key.json │ │ ├── action.yaml │ │ └── Dockerfile │ ├── license-check │ │ ├── Dockerfile │ │ └── action.yaml │ └── update-docs │ │ ├── Dockerfile │ │ ├── action.yaml │ │ ├── sample-instructions.template.md │ │ └── entrypoint.sh ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── check-docs.yml │ ├── license-check.yml │ ├── release-please.yml │ ├── test-samples.yml │ ├── daily-tag.yml │ └── linter.yml ├── .gitignore ├── .hadolint.yaml ├── modules ├── apigee-x-bridge-mig │ ├── outputs.tf │ ├── versions.tf │ ├── variables.tf │ ├── main.tf │ └── README.md ├── routing-appliance │ ├── outputs.tf │ ├── versions.tf │ ├── setup.sh │ ├── variables.tf │ └── README.md ├── apigee-x-mtls-mig │ ├── outputs.tf │ ├── versions.tf │ ├── setup.sh │ ├── variables.tf │ └── envoy-config-template.yaml ├── l4xlb │ ├── versions.tf │ ├── variables.tf │ ├── README.md │ └── main.tf ├── mig-l7xlb │ ├── versions.tf │ ├── main.tf │ ├── variables.tf │ └── README.md ├── apigee-x-core │ ├── versions.tf │ ├── outputs.tf │ └── main.tf ├── nb-psc-l7xlb │ ├── versions.tf │ ├── variables.tf │ ├── main.tf │ └── README.md ├── development-backend │ ├── versions.tf │ ├── outputs.tf │ ├── variables.tf │ ├── README.md │ └── main.tf ├── nb-psc-l7ilb │ ├── versions.tf │ ├── variables.tf │ └── README.md ├── nip-development-hostname │ ├── versions.tf │ ├── variables.tf │ ├── output.tf │ ├── main.tf │ └── README.md └── sb-psc-attachment │ ├── versions.tf │ ├── outputs.tf │ ├── main.tf │ ├── variables.tf │ └── README.md ├── tools ├── format-repo.sh └── update-docs.sh └── CONTRIBUTING.md /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @danistrebel @g-greatdevaks 2 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/.terraformignore: -------------------------------------------------------------------------------- 1 | /app/** 2 | /infra/** 3 | -------------------------------------------------------------------------------- /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/.DS_Store -------------------------------------------------------------------------------- /samples/x-iac-pipeline/infra/.gcloudignore: -------------------------------------------------------------------------------- 1 | .gcloudignore 2 | .git 3 | .gitignore 4 | -------------------------------------------------------------------------------- /tests/requirements.txt: -------------------------------------------------------------------------------- 1 | pytest>=4.6.0 2 | PyYAML>=5.3 3 | tftest>=1.5.2 4 | marko>=0.9.1 -------------------------------------------------------------------------------- /tests/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/tests/.DS_Store -------------------------------------------------------------------------------- /samples/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/samples/.DS_Store -------------------------------------------------------------------------------- /.github/actions/tftest/requirements.txt: -------------------------------------------------------------------------------- 1 | pytest>=4.6.0 2 | PyYAML>=5.3 3 | tftest>=1.5.2 4 | marko>=0.9.1 -------------------------------------------------------------------------------- /.github/actions/tftest/fake-key.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "test-only" 4 | } -------------------------------------------------------------------------------- /samples/x-nb-psc-mig-l7xlb/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/samples/x-nb-psc-mig-l7xlb/.DS_Store -------------------------------------------------------------------------------- /samples/x-iac-pipeline/sample-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/samples/x-iac-pipeline/sample-architecture.png -------------------------------------------------------------------------------- /samples/x-multi-region/sample-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/samples/x-multi-region/sample-architecture.png -------------------------------------------------------------------------------- /samples/x-iac-pipeline/sample-bootstrap-project.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/samples/x-iac-pipeline/sample-bootstrap-project.png -------------------------------------------------------------------------------- /samples/x-nb-psc-mig-l7xlb/sample-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/terraform-modules/HEAD/samples/x-nb-psc-mig-l7xlb/sample-architecture.png -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | What's changed, or what was fixed? 2 | 3 | - item 1 4 | - item 2 5 | 6 | **Fixes:** #issue 7 | 8 | - [ ] I have run all the tests locally and they all pass. 9 | - [ ] I have followed the relevant style guide for my changes. -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | .state 3 | **/terraform.tfstate 4 | **/terraform.tfstate.backup 5 | .terraform.lock* 6 | .terraform.tfstate.lock.info 7 | install_asm_* 8 | .outdir-asm 9 | .tfstate.*.backup 10 | modules/apigee-hybrid-workload/overrides/ 11 | **.crt 12 | **.csr 13 | **.key 14 | modules/apigee-hybrid-workload/apigeectl_* 15 | __pycache__ 16 | .venv -------------------------------------------------------------------------------- /samples/x-iac-pipeline/app/setupRepo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright 2023 Google LLC. 4 | # This software is provided as-is, without warranty or representation for any use or purpose. 5 | # Your use of it is subject to your agreement with Google. 6 | 7 | PROJECT_ID=$1 8 | git init 9 | git checkout -b poc 10 | git add . 11 | git commit -m 'Initial commit' 12 | git config --global credential.https://source.developers.google.com.helper gcloud.sh 13 | git remote add google https://source.developers.google.com/p/"${PROJECT_ID}"/r/app-repo 14 | git push --all google 15 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/infra/setupRepo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright 2023 Google LLC. 4 | # This software is provided as-is, without warranty or representation for any use or purpose. 5 | # Your use of it is subject to your agreement with Google. 6 | 7 | PROJECT_ID=$1 8 | git init 9 | git checkout -b poc 10 | git add . 11 | git commit -m 'Initial commit' 12 | git config --global credential.https://source.developers.google.com.helper gcloud.sh 13 | git remote add google https://source.developers.google.com/p/"${PROJECT_ID}"/r/infra-repo 14 | git push --all google 15 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /tests/samples/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | region = "europe-west1" 18 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/infra/environments/poc/backend.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | terraform { 17 | backend "gcs" { 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /.hadolint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ignored: 16 | - DL3018 # Hadolint check for version pinning ignored. No need for version pinning as of now. Reference: https://github.com/hadolint/hadolint/wiki/DL3018 -------------------------------------------------------------------------------- /.github/actions/license-check/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FROM golang:alpine3.14 16 | RUN apk add --no-cache git && go install github.com/google/addlicense@latest 17 | WORKDIR /home 18 | CMD ["addlicense", "-check", "."] 19 | -------------------------------------------------------------------------------- /.github/actions/update-docs/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FROM quay.io/terraform-docs/terraform-docs:0.16.0 16 | 17 | RUN apk add --no-cache git perl 18 | 19 | COPY ./entrypoint.sh /opt/entrypoint.sh 20 | 21 | ENTRYPOINT ["/opt/entrypoint.sh"] -------------------------------------------------------------------------------- /modules/apigee-x-bridge-mig/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "instance_group" { 18 | description = "Proxy MIGs for mTLS termination" 19 | value = module.bridge-mig.group_manager.instance_group 20 | } 21 | -------------------------------------------------------------------------------- /modules/routing-appliance/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "instance_group" { 18 | description = "Routing Appliance MIG" 19 | value = module.routing-appliance-mig.group_manager.instance_group 20 | } 21 | -------------------------------------------------------------------------------- /modules/apigee-x-mtls-mig/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "instance_group" { 18 | description = "Proxy MIGs for mTLS termination" 19 | value = module.apigee-mtls-proxy-mig.group_manager.instance_group 20 | } 21 | -------------------------------------------------------------------------------- /.github/actions/license-check/action.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: "License Check Action" 17 | description: "Check License Headers" 18 | outputs: 19 | stdout: 20 | description: "License Check" 21 | runs: 22 | using: "docker" 23 | image: "Dockerfile" 24 | -------------------------------------------------------------------------------- /tools/format-repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright 2022 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -e 17 | 18 | SCRIPT_FOLDER=$( (cd "$(dirname "$0")" && pwd )) 19 | 20 | for TYPE in samples modules; do 21 | for D in "$SCRIPT_FOLDER/../$TYPE"/*; do 22 | (cd "$D" && terraform fmt) 23 | done 24 | done 25 | -------------------------------------------------------------------------------- /samples/x-l4xlb-mtls/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "nip_hostnames" { 18 | description = "Map of envgroup name -> hostnames." 19 | value = [for name, _ in var.apigee_envgroups : "${name}.${module.nip-development-hostname.hostname}"] 20 | } 21 | -------------------------------------------------------------------------------- /.github/actions/update-docs/action.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: "Update Docs" 17 | description: "Updates the TF Module documentation if needed" 18 | outputs: 19 | stdout: 20 | description: "Docs Update Output" 21 | runs: 22 | using: "docker" 23 | image: "Dockerfile" 24 | env: 25 | FAIL_ON_OUTDATED: "true" 26 | -------------------------------------------------------------------------------- /modules/l4xlb/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/mig-l7xlb/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/apigee-x-core/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.4.4" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 5.4.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/nb-psc-l7xlb/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.32.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.32.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/apigee-x-bridge-mig/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/apigee-x-mtls-mig/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/development-backend/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/nb-psc-l7ilb/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.32.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.32.0" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /modules/routing-appliance/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/nip-development-hostname/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.1.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.20.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.20.0" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/sb-psc-attachment/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.83, <6" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 4.83, <6" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /.github/workflows/check-docs.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: Check Docs 17 | on: 18 | pull_request: 19 | branches: 20 | - main 21 | jobs: 22 | update-docs: 23 | name: Check Docs 24 | runs-on: ubuntu-latest 25 | steps: 26 | - name: Checkout Code 27 | uses: actions/checkout@v2 28 | - name: Check that docs are current 29 | uses: ./.github/actions/update-docs 30 | -------------------------------------------------------------------------------- /.github/actions/tftest/action.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: "TFtest Action" 17 | description: "Runs a Terraform Test Suite" 18 | inputs: 19 | test-dir: 20 | description: "Test directory to run against" 21 | required: true 22 | outputs: 23 | stdout: 24 | description: "TF output" 25 | runs: 26 | using: "docker" 27 | image: "Dockerfile" 28 | args: 29 | - -vv 30 | - ${{ inputs.test-dir }} -------------------------------------------------------------------------------- /tools/update-docs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -e 17 | 18 | SCRIPT_FOLDER=$( (cd "$(dirname "$0")" && pwd )) 19 | UPDATE_DOCS_GH_ACTION="$SCRIPT_FOLDER/../.github/actions/update-docs" 20 | 21 | docker build -t apigee-terraform-docs-generator:latest "$UPDATE_DOCS_GH_ACTION" 22 | 23 | docker run -v "$SCRIPT_FOLDER"/..:/opt/apigee-terraform-modules -w /opt/apigee-terraform-modules apigee-terraform-docs-generator:latest 24 | -------------------------------------------------------------------------------- /.github/workflows/license-check.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: License Check 17 | on: 18 | push: 19 | pull_request: 20 | branches: 21 | - main 22 | workflow_dispatch: 23 | jobs: 24 | test-examples: 25 | name: License Check 26 | runs-on: ubuntu-latest 27 | steps: 28 | - name: Checkout Code 29 | uses: actions/checkout@v2 30 | - name: Run License Check 31 | uses: ./.github/actions/license-check 32 | -------------------------------------------------------------------------------- /modules/routing-appliance/setup.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Configure Health Check 18 | mkdir /var/health-check 19 | echo "OK" > /var/health-check/index.html 20 | (cd /var/health-check && python3 -m http.server 80 &) 21 | echo "Configured Health Check on Port 80" 22 | 23 | iptables -F 24 | iptables -t nat -A POSTROUTING -j MASQUERADE 25 | echo "Configured IP Table NAT" 26 | 27 | echo 1 > /proc/sys/net/ipv4/ip_forward 28 | echo "Enabled IP Forwarding" 29 | -------------------------------------------------------------------------------- /samples/x-sb-psc/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "psc_endpoint_attachment_host" { 18 | description = "Hostname of the PSC endpoint attachment." 19 | value = module.southbound-psc.endpoint_attachment_host 20 | } 21 | 22 | output "psc_endpoint_attachment_connection_state" { 23 | description = "Underlying connection state of the PSC endpoint attachment." 24 | value = module.southbound-psc.endpoint_attachment_connection_state 25 | } 26 | -------------------------------------------------------------------------------- /modules/nip-development-hostname/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "GCP Project ID." 19 | type = string 20 | } 21 | 22 | variable "address_name" { 23 | description = "Name for the external IP address" 24 | type = string 25 | } 26 | 27 | variable "subdomain_prefixes" { 28 | description = "Subdomain prefixes for the nip hostname (Optional)." 29 | type = list(string) 30 | default = [] 31 | } 32 | -------------------------------------------------------------------------------- /.github/workflows/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | name: Release Please 16 | on: 17 | push: 18 | branches: 19 | - main 20 | 21 | jobs: 22 | release-please: 23 | name: Create Release 24 | runs-on: ubuntu-latest 25 | environment: tf_modules 26 | steps: 27 | - uses: google-github-actions/release-please-action@v3 28 | with: 29 | token: ${{ secrets.RELEASE_PR_TOKEN }} 30 | release-type: terraform-module 31 | package-name: apigee-terraform-modules -------------------------------------------------------------------------------- /modules/sb-psc-attachment/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "endpoint_attachment_host" { 18 | description = "Host for the endpoint attachment to be used in Apigee." 19 | value = google_apigee_endpoint_attachment.endpoint_attachment.host 20 | } 21 | 22 | output "endpoint_attachment_connection_state" { 23 | description = "Underlying connection state for the endpoint attachment." 24 | value = google_apigee_endpoint_attachment.endpoint_attachment.connection_state 25 | } 26 | -------------------------------------------------------------------------------- /.github/actions/update-docs/sample-instructions.template.md: -------------------------------------------------------------------------------- 1 | 2 | ## Setup Instructions 3 | 4 | Set the project ID where you want your Apigee Organization to be deployed to: 5 | 6 | ```sh 7 | PROJECT_ID=my-project-id 8 | ``` 9 | 10 | ```sh 11 | cd samples/... # Sample from above 12 | cp ./x-demo.tfvars ./my-config.tfvars 13 | ``` 14 | 15 | Decide on a [backend](https://www.terraform.io/language/settings/backends) and create the necessary config. To use a backend on Google Cloud Storage (GCS) use: 16 | 17 | ```sh 18 | gsutil mb "gs://$PROJECT_ID-tf" 19 | 20 | cat <terraform.tf 21 | terraform { 22 | backend "gcs" { 23 | bucket = "$PROJECT_ID-tf" 24 | prefix = "terraform/state" 25 | } 26 | } 27 | EOF 28 | ``` 29 | 30 | Validate your config: 31 | 32 | ```sh 33 | terraform init 34 | terraform plan --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID" 35 | ``` 36 | 37 | and provision everything (takes roughly 25min): 38 | 39 | ```sh 40 | terraform apply --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID" 41 | ``` 42 | 43 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/app/httpbin/apiproxy/targets/default.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | https://httpbin.org 29 | 30 | 31 | -------------------------------------------------------------------------------- /.github/workflows/test-samples.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: TF Samples Test 17 | on: 18 | push: 19 | pull_request: 20 | branches: 21 | - main 22 | workflow_dispatch: 23 | schedule: 24 | - cron: "0 0 * * *" 25 | jobs: 26 | test-examples: 27 | name: Test Example Modules 28 | runs-on: ubuntu-latest 29 | 30 | steps: 31 | - name: Checkout Code 32 | uses: actions/checkout@v2 33 | 34 | - name: Run TFTest on Examples 35 | uses: ./.github/actions/tftest 36 | with: 37 | test-dir: tests/samples 38 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/app/httpbin/apiproxy/proxies/default.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | /httpbin 29 | 30 | 31 | default 32 | 33 | 34 | -------------------------------------------------------------------------------- /modules/nip-development-hostname/output.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "ssl_certificate" { 18 | description = "Google-managed SSL certificate" 19 | value = google_compute_managed_ssl_certificate.google_cert.id 20 | } 21 | 22 | output "ip_address" { 23 | description = "Reserved external IP address." 24 | value = google_compute_global_address.external_address.address 25 | } 26 | 27 | output "hostname" { 28 | description = "Generated hostname (nip.io encoded IP address)." 29 | value = local.hostname 30 | } 31 | 32 | output "subdomains" { 33 | description = "List of generated subdomains (subdomain prefixes plus nip.io encoded IP address)" 34 | value = local.subdomains 35 | } 36 | -------------------------------------------------------------------------------- /modules/development-backend/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "instance_group" { 18 | description = "Backend Service MIG." 19 | value = module.demo-backend-mig.group_manager.instance_group 20 | } 21 | 22 | output "ilb_forwarding_rule_address" { 23 | description = "ILB forwarding rule IP address." 24 | value = module.ilb-backend.forwarding_rule_addresses[""] 25 | } 26 | 27 | output "ilb_forwarding_rule_self_link" { 28 | description = "ILB forwarding rule self link." 29 | value = module.ilb-backend.forwarding_rule_self_links[""] 30 | } 31 | 32 | output "region" { 33 | description = "Backend Service region." 34 | value = module.ilb-backend.forwarding_rules[""].region 35 | } 36 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/infra/environments/poc/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | module "infra" { 16 | source = "../../" 17 | apigee_project_id = var.apigee_project_id 18 | host_project_id = var.host_project_id 19 | billing_account = var.billing_account 20 | ax_region = var.ax_region 21 | apigee_environments = var.apigee_environments 22 | apigee_instances = var.apigee_instances 23 | apigee_envgroups = var.apigee_envgroups 24 | network = var.network 25 | exposure_subnets = var.exposure_subnets 26 | peering_range = var.peering_range 27 | support_range = var.support_range 28 | project_create = var.project_create 29 | project_parent = var.project_parent 30 | } 31 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/app/httpbin/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 20 | 21 | parent-pom 22 | apigee 23 | 1.0 24 | ../parent-pom.xml 25 | 26 | 4.0.0 27 | apigee 28 | httpbin 29 | 1.0 30 | httpbin 31 | pom 32 | 33 | -------------------------------------------------------------------------------- /.github/actions/tftest/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FROM python:3-alpine 16 | 17 | RUN apk add --no-cache \ 18 | git 19 | 20 | ENV TERRAFORM_VERSION=1.4.4 21 | 22 | RUN wget -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" && \ 23 | unzip "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" && rm "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" && \ 24 | mv terraform /usr/bin/terraform 25 | 26 | # Fake path for testing 27 | COPY fake-key.json /var/fake-key.json 28 | ENV GOOGLE_APPLICATION_CREDENTIALS="/var/fake-key.json" 29 | 30 | COPY requirements.txt /var/requirements.txt 31 | RUN pip3 install --no-cache-dir --no-warn-script-location -r /var/requirements.txt 32 | 33 | ENTRYPOINT [ "python3", "-m", "pytest" ] -------------------------------------------------------------------------------- /modules/l4xlb/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id." 19 | type = string 20 | } 21 | 22 | variable "backend_migs" { 23 | description = "List of MIGs to be used as backends." 24 | type = list(string) 25 | } 26 | 27 | variable "external_ip" { 28 | description = "External IP for the L7 XLB." 29 | type = string 30 | default = null 31 | } 32 | 33 | variable "name" { 34 | description = "External LB name." 35 | type = string 36 | } 37 | 38 | variable "labels" { 39 | type = map(string) 40 | default = {} 41 | description = <<-EOD 42 | An optional map of label key:value pairs to assign to the forwarding rule. 43 | Default is an empty map. 44 | EOD 45 | } 46 | -------------------------------------------------------------------------------- /tests/samples/test_iac_pipeline.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-iac-pipeline") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="boottestonly", 29 | apigee_project_id="apigeetestonly", 30 | host_project_id="hosttestonly", 31 | billing_account="testaccount", 32 | project_create="true" 33 | ) 34 | return resources 35 | 36 | 37 | def test_resource_count(resources): 38 | "Test total number of resources created." 39 | assert len(resources) == 24 40 | -------------------------------------------------------------------------------- /modules/nip-development-hostname/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_compute_global_address" "external_address" { 18 | name = var.address_name 19 | project = var.project_id 20 | address_type = "EXTERNAL" 21 | } 22 | 23 | locals { 24 | hostname = "${replace(google_compute_global_address.external_address.address, ".", "-")}.nip.io" 25 | subdomains = [for subdomain in var.subdomain_prefixes : "${subdomain}.${local.hostname}"] 26 | certname = "cert-${replace(google_compute_global_address.external_address.address, ".", "")}" 27 | domains = concat([local.hostname], local.subdomains) 28 | } 29 | 30 | resource "google_compute_managed_ssl_certificate" "google_cert" { 31 | project = var.project_id 32 | name = local.certname 33 | managed { 34 | domains = local.domains 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /modules/development-backend/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "GCP Project id." 19 | type = string 20 | } 21 | 22 | variable "name" { 23 | description = "Name of the Example Backend." 24 | type = string 25 | default = "demo-backend" 26 | } 27 | 28 | variable "network" { 29 | description = "VPC network for running the MIGs (needs to be peered with the Apigee tenant project)." 30 | type = string 31 | } 32 | 33 | variable "subnet" { 34 | description = "VPC subnet for running the MIGs" 35 | type = string 36 | } 37 | 38 | variable "region" { 39 | description = "GCP Region for the MIGs." 40 | type = string 41 | } 42 | 43 | variable "machine_type" { 44 | description = "GCE Machine type." 45 | type = string 46 | default = "e2-small" 47 | } 48 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/app/cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | steps: 17 | - id: "branch name" 18 | name: "alpine" 19 | entrypoint: "sh" 20 | args: 21 | - "-c" 22 | - | 23 | echo "***********************" 24 | echo "$BRANCH_NAME" 25 | echo "***********************" 26 | - name: gcr.io/cloud-builders/gcloud-slim 27 | id: fetch-token 28 | entrypoint: "bash" 29 | args: 30 | - "-c" 31 | - | 32 | # Fetch a GCP bearer token 33 | gcloud auth print-access-token > /workspace/token 34 | - name: "gcr.io/cloud-builders/mvn" 35 | id: deploy-api 36 | entrypoint: "bash" 37 | args: 38 | - "-c" 39 | - | 40 | # Deploy the API 41 | cd httpbin 42 | mvn install -Phttpbin -Dorg=${_APIGEE_ORG} -Denv=${_APIGEE_ENV} -Dbearer=$(cat /workspace/token) 43 | rm /workspace/token 44 | -------------------------------------------------------------------------------- /.github/workflows/daily-tag.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | name: | 16 | Create daily release tags 17 | 18 | on: 19 | workflow_dispatch: 20 | schedule: 21 | - cron: "0 2 * * *" 22 | 23 | permissions: 24 | contents: write 25 | 26 | jobs: 27 | daily-tag: 28 | name: "Create tag on master if there was activity in last 24 hours" 29 | runs-on: ubuntu-latest 30 | steps: 31 | - name: "Code Checkout" 32 | uses: actions/checkout@v2 33 | 34 | - name: "Check changes and tag" 35 | run: | 36 | CHANGES=$(git log --since="1 day ago" --name-only --pretty=format: ) 37 | 38 | if [ "x$CHANGES" != "x" ] ; then 39 | TAG="daily-$(date +%Y.%m.%d)" 40 | git tag "$TAG" 41 | git push origin "$TAG" 42 | 43 | echo "Created new tag: $TAG" 44 | else 45 | echo "No changes in last 24 hours" 46 | fi -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to Contribute 2 | 3 | We'd love to accept your patches and contributions to this project. There are 4 | just a few small guidelines you need to follow. 5 | 6 | ## Contributor License Agreement 7 | 8 | Contributions to this project must be accompanied by a Contributor License 9 | Agreement (CLA). You (or your employer) retain the copyright to your 10 | contribution; this simply gives us permission to use and redistribute your 11 | contributions as part of the project. Head over to 12 | to see your current agreements on file or 13 | to sign a new one. 14 | 15 | You generally only need to submit a CLA once, so if you've already submitted one 16 | (even if it was for a different project), you probably don't need to do it 17 | again. 18 | 19 | ## Code Reviews 20 | 21 | All submissions, including submissions by project members, require review. We 22 | use GitHub pull requests for this purpose. Consult 23 | [GitHub Help](https://docs.github.com/articles/about-pull-requests/) for more 24 | information on using pull requests. 25 | 26 | ## Community Guidelines 27 | 28 | This project follows 29 | [Google's Open Source Community Guidelines](https://opensource.google/conduct/). 30 | 31 | ## Commits 32 | 33 | All commit messages should adhere to the 34 | [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) standards. 35 | 36 | e.g. 37 | 38 | `feat: Added New Feature` 39 | 40 | Would indicate a new feature and a minor [SemVer](https://semver.org/) version increase. -------------------------------------------------------------------------------- /samples/x-basic/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | type = null 27 | } 28 | test2 = { 29 | display_name = "Test 2" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | } 37 | 38 | apigee_envgroups = { 39 | test = { 40 | hostnames = ["test.api.example.com"] 41 | } 42 | } 43 | 44 | apigee_instances = { 45 | euw1-instance = { 46 | region = "europe-west1" 47 | ip_range = "10.0.0.0/22" 48 | environments = ["test1", "test2"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | peering_range = "10.0.0.0/22" 55 | 56 | support_range = "10.1.0.0/28" 57 | -------------------------------------------------------------------------------- /modules/routing-appliance/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "GCP Project id." 19 | type = string 20 | } 21 | 22 | variable "network" { 23 | description = "VPC network for running the routing appliance MIGs." 24 | type = string 25 | } 26 | 27 | variable "name" { 28 | description = "Name to use for the routing appliance." 29 | type = string 30 | default = "routing-appliance" 31 | } 32 | 33 | variable "subnet" { 34 | description = "VPC subnet for running the MIGs" 35 | type = string 36 | } 37 | 38 | variable "region" { 39 | description = "GCP Region for the MIGs." 40 | type = string 41 | } 42 | 43 | variable "machine_type" { 44 | description = "GCE Machine type." 45 | type = string 46 | default = "e2-small" 47 | } 48 | 49 | variable "forwarded_ranges" { 50 | description = "CDIR ranges that should route via appliance" 51 | type = map(object({ 52 | range = string 53 | priority = number 54 | })) 55 | default = {} 56 | } 57 | -------------------------------------------------------------------------------- /samples/x-l4xlb-mtls/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2023 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | mkdir -p /var/apigee/certs 18 | 19 | BUCKET=$(curl -s http://metadata.google.internal/computeMetadata/v1/instance/attributes/BUCKET -H "Metadata-Flavor: Google") 20 | 21 | gsutil cp "gs://$BUCKET/cacert.pem" /var/apigee/certs 22 | gsutil cp "gs://$BUCKET/servercert.pem" /var/apigee/certs 23 | gsutil cp "gs://$BUCKET/serverkey.pem" /var/apigee/certs 24 | gsutil cp "gs://$BUCKET/envoy-config.yaml" /var/apigee/config.yaml 25 | 26 | curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 27 | echo \ 28 | "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ 29 | $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 30 | 31 | apt-get update 32 | apt-get install -y docker-ce docker-ce-cli containerd.io 33 | 34 | sudo docker run \ 35 | -p 9901:9901 \ 36 | -p 443:10000 \ 37 | -v /var/apigee:/opt/apigee \ 38 | envoyproxy/envoy:v1.18-latest -c /opt/apigee/config.yaml -------------------------------------------------------------------------------- /modules/apigee-x-mtls-mig/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | mkdir -p /var/apigee/certs 18 | 19 | BUCKET=$(curl -s http://metadata.google.internal/computeMetadata/v1/instance/attributes/BUCKET -H "Metadata-Flavor: Google") 20 | 21 | gsutil cp "gs://$BUCKET/cacert.pem" /var/apigee/certs 22 | gsutil cp "gs://$BUCKET/servercert.pem" /var/apigee/certs 23 | gsutil cp "gs://$BUCKET/serverkey.pem" /var/apigee/certs 24 | gsutil cp "gs://$BUCKET/envoy-config.yaml" /var/apigee/config.yaml 25 | 26 | curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 27 | echo \ 28 | "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ 29 | $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 30 | 31 | apt-get update 32 | apt-get install -y docker-ce docker-ce-cli containerd.io 33 | 34 | sudo docker run \ 35 | -p 9901:9901 \ 36 | -p 443:10000 \ 37 | -v /var/apigee:/opt/apigee \ 38 | envoyproxy/envoy:v1.18-latest -c /opt/apigee/config.yaml -------------------------------------------------------------------------------- /samples/x-non-vpc-peering/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "us-west1" 18 | 19 | apigee_instances = { 20 | usw1-instance = { 21 | region = "us-west1" 22 | environments = ["test1", "test2"] 23 | } 24 | } 25 | 26 | apigee_environments = { 27 | test1 = { 28 | display_name = "Test 1" 29 | description = "Environment created by apigee/terraform-modules" 30 | node_config = null 31 | iam = null 32 | envgroups = ["test"] 33 | type = null 34 | } 35 | test2 = { 36 | display_name = "Test 2" 37 | description = "Environment created by apigee/terraform-modules" 38 | node_config = null 39 | iam = null 40 | envgroups = ["test"] 41 | type = null 42 | } 43 | } 44 | 45 | apigee_envgroups = { 46 | test = { 47 | hostnames = ["test.api.example.com"] 48 | } 49 | } 50 | 51 | psc_ingress_network = "psc-ingress-vpc" 52 | 53 | psc_ingress_subnets = [ 54 | { 55 | name = "apigee-psc-usw1" 56 | ip_cidr_range = "10.100.0.0/24" 57 | region = "us-west1" 58 | secondary_ip_range = null 59 | } 60 | ] -------------------------------------------------------------------------------- /samples/x-l7xlb/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_instances = { 20 | euw1-instance = { 21 | region = "europe-west1" 22 | ip_range = "10.0.0.0/22" 23 | environments = ["test1", "test2"] 24 | } 25 | } 26 | 27 | apigee_environments = { 28 | test1 = { 29 | display_name = "Test 1" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | test2 = { 37 | display_name = "Test 2" 38 | description = "Environment created by apigee/terraform-modules" 39 | node_config = null 40 | iam = null 41 | envgroups = ["test"] 42 | type = null 43 | } 44 | } 45 | 46 | apigee_envgroups = { 47 | test = { 48 | hostnames = ["test.api.example.com"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | exposure_subnets = [ 55 | { 56 | name = "apigee-exposure" 57 | ip_cidr_range = "10.100.0.0/24" 58 | region = "europe-west1" 59 | secondary_ip_range = null 60 | } 61 | ] 62 | 63 | peering_range = "10.0.0.0/22" 64 | support_range = "10.1.0.0/28" 65 | -------------------------------------------------------------------------------- /samples/x-dns-peering/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | } 27 | test2 = { 28 | display_name = "Test 2" 29 | description = "Environment created by apigee/terraform-modules" 30 | node_config = null 31 | iam = null 32 | envgroups = ["test"] 33 | } 34 | } 35 | 36 | apigee_envgroups = { 37 | test = { 38 | hostnames = ["test.api.example.com"] // + ${group_name}-api.internal 39 | } 40 | } 41 | 42 | apigee_instances = { 43 | euw1-instance = { 44 | region = "europe-west1" 45 | ip_range = "10.0.0.0/22" 46 | environments = ["test1", "test2"] 47 | } 48 | } 49 | 50 | backend = { 51 | name = "demo" 52 | region = "europe-west1" 53 | subnet = "demo-backend" 54 | subnet_cidr = "10.100.0.0/24" 55 | } 56 | 57 | dns = { 58 | name = "intenal-dns" 59 | domain = "internal." 60 | } 61 | 62 | network = "apigee-network" 63 | 64 | peering_range = "10.0.0.0/22" 65 | 66 | support_range = "10.1.0.0/28" 67 | -------------------------------------------------------------------------------- /samples/x-shared-vpc/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_instances = { 20 | euw1-instance = { 21 | region = "europe-west1" 22 | ip_range = "10.0.0.0/22" 23 | environments = ["test1", "test2"] 24 | } 25 | } 26 | 27 | apigee_environments = { 28 | test1 = { 29 | display_name = "Test 1" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | test2 = { 37 | display_name = "Test 2" 38 | description = "Environment created by apigee/terraform-modules" 39 | node_config = null 40 | iam = null 41 | envgroups = ["test"] 42 | type = null 43 | } 44 | } 45 | 46 | apigee_envgroups = { 47 | test = { 48 | hostnames = ["test.api.example.com"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | exposure_subnets = [ 55 | { 56 | name = "apigee-exposure" 57 | ip_cidr_range = "10.100.0.0/24" 58 | region = "europe-west1" 59 | secondary_ip_range = null 60 | } 61 | ] 62 | 63 | peering_range = "10.0.0.0/22" 64 | support_range = "10.1.0.0/28" 65 | -------------------------------------------------------------------------------- /modules/l4xlb/README.md: -------------------------------------------------------------------------------- 1 | # External TCP Proxy for Managed Instance Group Backend 2 | 3 | 4 | ## Providers 5 | 6 | | Name | Version | 7 | |------|---------| 8 | | [google](#provider\_google) | >= 4.20.0 | 9 | 10 | ## Modules 11 | 12 | No modules. 13 | 14 | ## Resources 15 | 16 | | Name | Type | 17 | |------|------| 18 | | [google_compute_backend_service.mig_backend](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource | 19 | | [google_compute_global_forwarding_rule.forwarding_rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource | 20 | | [google_compute_health_check.mig_lb_hc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_health_check) | resource | 21 | | [google_compute_target_tcp_proxy.proxy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_tcp_proxy) | resource | 22 | 23 | ## Inputs 24 | 25 | | Name | Description | Type | Default | Required | 26 | |------|-------------|------|---------|:--------:| 27 | | [backend\_migs](#input\_backend\_migs) | List of MIGs to be used as backends. | `list(string)` | n/a | yes | 28 | | [external\_ip](#input\_external\_ip) | External IP for the L7 XLB. | `string` | `null` | no | 29 | | [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.
Default is an empty map. | `map(string)` | `{}` | no | 30 | | [name](#input\_name) | External LB name. | `string` | n/a | yes | 31 | | [project\_id](#input\_project\_id) | Project id. | `string` | n/a | yes | 32 | 33 | ## Outputs 34 | 35 | No outputs. 36 | 37 | -------------------------------------------------------------------------------- /samples/x-controlled-internet-egress/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | type = null 27 | } 28 | test2 = { 29 | display_name = "Test 2" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | } 37 | 38 | apigee_envgroups = { 39 | test = { 40 | hostnames = ["test.api.example.com"] 41 | } 42 | } 43 | 44 | apigee_instances = { 45 | euw1-instance = { 46 | region = "europe-west1" 47 | ip_range = "10.0.0.0/22" 48 | environments = ["test1", "test2"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | peering_range = "10.0.0.0/22" 55 | support_range = "10.1.0.0/28" 56 | 57 | firewall_appliance_zone = "europe-west1-c" 58 | firewall_appliance_subnet = { 59 | name = "egress" 60 | region = "europe-west1" 61 | ip_cidr_range = "10.100.0.0/28" 62 | secondary_ip_range = null 63 | } 64 | -------------------------------------------------------------------------------- /tests/samples/test_x_basic.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-basic") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 31 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | -------------------------------------------------------------------------------- /tests/samples/test_ilb_mtls.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-ilb-mtls") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 49 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | -------------------------------------------------------------------------------- /samples/x-nb-psc-xlb/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_instances = { 20 | euw1-instance = { 21 | region = "europe-west1" 22 | ip_range = "10.0.0.0/22" 23 | environments = ["test1", "test2"] 24 | } 25 | } 26 | 27 | apigee_environments = { 28 | test1 = { 29 | display_name = "Test 1" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | test2 = { 37 | display_name = "Test 2" 38 | description = "Environment created by apigee/terraform-modules" 39 | node_config = null 40 | iam = null 41 | envgroups = ["test"] 42 | type = null 43 | } 44 | } 45 | 46 | apigee_envgroups = { 47 | test = { 48 | hostnames = ["test.api.example.com"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | psc_ingress_network = "psc-ingress" 55 | 56 | psc_ingress_subnets = [ 57 | { 58 | name = "apigee-psc-euw1" 59 | ip_cidr_range = "10.100.0.0/24" 60 | region = "europe-west1" 61 | secondary_ip_range = null 62 | } 63 | ] 64 | 65 | peering_range = "10.0.0.0/20" 66 | support_range = "10.1.0.0/28" 67 | -------------------------------------------------------------------------------- /modules/nb-psc-l7xlb/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id." 19 | type = string 20 | } 21 | 22 | variable "ssl_certificate" { 23 | description = "A list of SSL certificates for the HTTPS LB." 24 | type = list(string) 25 | } 26 | 27 | variable "external_ip" { 28 | description = "External IP for the L7 XLB." 29 | type = string 30 | default = null 31 | } 32 | 33 | variable "name" { 34 | description = "External LB name." 35 | type = string 36 | } 37 | 38 | variable "security_policy" { 39 | description = "(Optional) The security policy associated with this backend service." 40 | type = string 41 | default = null 42 | } 43 | 44 | variable "edge_security_policy" { 45 | description = "(Optional) The edge security policy associated with this backend service." 46 | type = string 47 | default = null 48 | } 49 | 50 | variable "psc_negs" { 51 | description = "List of PSC NEGs to be used as backends." 52 | type = list(string) 53 | } 54 | 55 | variable "labels" { 56 | type = map(string) 57 | default = {} 58 | description = <<-EOD 59 | An optional map of label key:value pairs to assign to the forwarding rule. 60 | Default is an empty map. 61 | EOD 62 | } 63 | -------------------------------------------------------------------------------- /modules/apigee-x-core/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "instance_endpoints" { 18 | description = "Map of instance name -> internal runtime endpoint IP address" 19 | value = tomap({ 20 | for name, instance in module.apigee.instances : instance.name => instance.host 21 | }) 22 | } 23 | 24 | output "instance_service_attachments" { 25 | description = "Map of instance region -> instance PSC service attachment" 26 | value = tomap({ 27 | for name, instance in module.apigee.instances : instance.location => instance.service_attachment 28 | }) 29 | } 30 | 31 | output "instance_map" { 32 | description = "Map of instance region -> instance object" 33 | value = tomap({ 34 | for name, instance in module.apigee.instances : instance.location => instance 35 | }) 36 | } 37 | 38 | output "org_id" { 39 | description = "Apigee Organization ID in the format of 'organizations/'" 40 | value = module.apigee.org_id 41 | } 42 | 43 | output "organization" { 44 | description = "Apigee Organization." 45 | value = module.apigee.organization 46 | } 47 | 48 | output "environments" { 49 | description = "Apigee Environments" 50 | value = module.apigee.environments 51 | } 52 | 53 | output "envgroups" { 54 | description = "Apigee Environment Groups" 55 | value = module.apigee.envgroups 56 | } -------------------------------------------------------------------------------- /samples/x-basic/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "project" { 18 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/project?ref=v28.0.0" 19 | name = var.project_id 20 | parent = var.project_parent 21 | billing_account = var.billing_account 22 | project_create = var.project_create 23 | services = [ 24 | "apigee.googleapis.com", 25 | "cloudkms.googleapis.com", 26 | "compute.googleapis.com", 27 | "servicenetworking.googleapis.com" 28 | ] 29 | } 30 | 31 | module "vpc" { 32 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc?ref=v28.0.0" 33 | project_id = module.project.project_id 34 | name = var.network 35 | subnets = [] 36 | psa_config = { 37 | ranges = { 38 | apigee-range = var.peering_range 39 | apigee-support-range = var.support_range 40 | } 41 | } 42 | } 43 | 44 | module "apigee-x-core" { 45 | source = "../../modules/apigee-x-core" 46 | project_id = module.project.project_id 47 | apigee_environments = var.apigee_environments 48 | ax_region = var.ax_region 49 | apigee_envgroups = var.apigee_envgroups 50 | network = module.vpc.network.id 51 | apigee_instances = var.apigee_instances 52 | } 53 | 54 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/infra/environments/poc/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | } 27 | } 28 | 29 | apigee_envgroups = { 30 | test = { 31 | hostnames = ["test.api.example.com"] 32 | } 33 | } 34 | apigee_instances = { 35 | # Single instance only for eval, add a second instance for prod setups 36 | euw1-instance = { 37 | region = "europe-west1" 38 | ip_range = "10.0.0.0/22" 39 | environments = ["test1"] 40 | } 41 | } 42 | 43 | network = "apigee-network" 44 | 45 | exposure_subnets = [ 46 | { 47 | name = "apigee-exposure-1" 48 | ip_cidr_range = "10.100.0.0/24" 49 | region = "europe-west1" 50 | instance = "euw1-instance" 51 | secondary_ip_range = null 52 | }, 53 | { 54 | name = "apigee-exposure-2" 55 | ip_cidr_range = "10.200.0.0/24" 56 | region = "europe-west2" 57 | instance = "euw1-instance" 58 | secondary_ip_range = null 59 | } 60 | ] 61 | 62 | peering_range = "10.0.0.0/22" 63 | support_range = "10.1.0.0/28" 64 | -------------------------------------------------------------------------------- /modules/l4xlb/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_compute_health_check" "mig_lb_hc" { 18 | project = var.project_id 19 | name = "${var.name}-hc" 20 | tcp_health_check { 21 | port = "443" 22 | } 23 | } 24 | 25 | resource "google_compute_backend_service" "mig_backend" { 26 | project = var.project_id 27 | name = "${var.name}-backend" 28 | port_name = "https" 29 | protocol = "TCP" 30 | timeout_sec = 10 31 | health_checks = [google_compute_health_check.mig_lb_hc.id] 32 | dynamic "backend" { 33 | for_each = var.backend_migs 34 | content { 35 | group = backend.value 36 | balancing_mode = "UTILIZATION" 37 | max_utilization = 1.0 38 | capacity_scaler = 1.0 39 | } 40 | } 41 | } 42 | 43 | resource "google_compute_global_forwarding_rule" "forwarding_rule" { 44 | project = var.project_id 45 | name = "${var.name}-forwarding-rule" 46 | target = google_compute_target_tcp_proxy.proxy.id 47 | ip_address = var.external_ip != null ? var.external_ip : null 48 | port_range = "443" 49 | labels = var.labels 50 | } 51 | 52 | resource "google_compute_target_tcp_proxy" "proxy" { 53 | project = var.project_id 54 | name = "${var.name}-tcp-proxy" 55 | backend_service = google_compute_backend_service.mig_backend.id 56 | } 57 | -------------------------------------------------------------------------------- /samples/x-ilb-mtls/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | type = null 27 | } 28 | test2 = { 29 | display_name = "Test 2" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | } 37 | 38 | apigee_envgroups = { 39 | test = { 40 | hostnames = ["test.api.example.com"] 41 | } 42 | } 43 | 44 | apigee_instances = { 45 | euw1-instance = { 46 | region = "europe-west1" 47 | ip_range = "10.0.0.0/22" 48 | environments = ["test1", "test2"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | exposure_subnets = [ 55 | { 56 | name = "apigee-exposure" 57 | ip_cidr_range = "10.100.0.0/24" 58 | region = "europe-west1" 59 | secondary_ip_range = null 60 | } 61 | ] 62 | 63 | peering_range = "10.0.0.0/22" 64 | support_range = "10.1.0.0/28" 65 | 66 | ca_cert_path = "./certs/client-ca.crt" 67 | tls_cert_path = "./certs/server.crt" 68 | tls_key_path = "./certs/server.key" 69 | -------------------------------------------------------------------------------- /samples/x-l4xlb-mtls/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | type = null 27 | } 28 | test2 = { 29 | display_name = "Test 2" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | } 37 | 38 | apigee_envgroups = { 39 | test = { 40 | hostnames = ["test.api.example.com"] 41 | } 42 | } 43 | 44 | apigee_instances = { 45 | euw1-instance = { 46 | region = "europe-west1" 47 | ip_range = "10.0.0.0/22" 48 | environments = ["test1", "test2"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | exposure_subnets = [ 55 | { 56 | name = "apigee-exposure" 57 | ip_cidr_range = "10.100.0.0/24" 58 | region = "europe-west1" 59 | secondary_ip_range = null 60 | } 61 | ] 62 | 63 | peering_range = "10.0.0.0/22" 64 | support_range = "10.1.0.0/28" 65 | 66 | ca_cert_path = "./certs/client-ca.crt" 67 | tls_cert_path = "./certs/server.crt" 68 | tls_key_path = "./certs/server.key" 69 | -------------------------------------------------------------------------------- /modules/nb-psc-l7ilb/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "ID of the GCP Project." 19 | type = string 20 | } 21 | 22 | variable "vpc_network_name" { 23 | description = "Name of the VPC Network." 24 | type = string 25 | } 26 | 27 | variable "region" { 28 | description = "GCP Region in which the resources should be created." 29 | type = string 30 | } 31 | 32 | variable "l7_ilb_proxy_subnet_name" { 33 | description = "Name of the L7 ILB Proxy-only Subnet." 34 | type = string 35 | default = "l7ilb-proxy-subnet" 36 | } 37 | 38 | variable "l7_ilb_proxy_subnet_cidr_range" { 39 | description = "IP CIDR Range for the L7 ILB Proxy-only Subnet." 40 | type = string 41 | } 42 | 43 | variable "l7_ilb_subnet_id" { 44 | description = "Subnet in which the Forwarding Rule should be created." 45 | type = string 46 | } 47 | 48 | variable "l7_ilb_name_prefix" { 49 | description = "Prefix for the Load Balancer resources." 50 | type = string 51 | } 52 | 53 | variable "psc_neg" { 54 | description = "PSC NEG to be used as backend." 55 | type = string 56 | } 57 | 58 | variable "labels" { 59 | description = <<-EOD 60 | An optional map of label key:value pairs to assign to the forwarding rule. 61 | Default is an empty map. 62 | EOD 63 | type = map(string) 64 | default = {} 65 | } 66 | -------------------------------------------------------------------------------- /modules/nip-development-hostname/README.md: -------------------------------------------------------------------------------- 1 | # NIP.io Hostname for Development 2 | 3 | Creates an external IP address and a Google-managed certificate (for the hostname encoded IP) to be used with an external load balancer during development. 4 | 5 | 6 | ## Providers 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [google](#provider\_google) | >= 4.20.0 | 11 | 12 | ## Modules 13 | 14 | No modules. 15 | 16 | ## Resources 17 | 18 | | Name | Type | 19 | |------|------| 20 | | [google_compute_global_address.external_address](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource | 21 | | [google_compute_managed_ssl_certificate.google_cert](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_managed_ssl_certificate) | resource | 22 | 23 | ## Inputs 24 | 25 | | Name | Description | Type | Default | Required | 26 | |------|-------------|------|---------|:--------:| 27 | | [address\_name](#input\_address\_name) | Name for the external IP address | `string` | n/a | yes | 28 | | [project\_id](#input\_project\_id) | GCP Project ID. | `string` | n/a | yes | 29 | | [subdomain\_prefixes](#input\_subdomain\_prefixes) | Subdomain prefixes for the nip hostname (Optional). | `list(string)` | `[]` | no | 30 | 31 | ## Outputs 32 | 33 | | Name | Description | 34 | |------|-------------| 35 | | [hostname](#output\_hostname) | Generated hostname (nip.io encoded IP address). | 36 | | [ip\_address](#output\_ip\_address) | Reserved external IP address. | 37 | | [ssl\_certificate](#output\_ssl\_certificate) | Google-managed SSL certificate | 38 | | [subdomains](#output\_subdomains) | List of generated subdomains (subdomain prefixes plus nip.io encoded IP address) | 39 | -------------------------------------------------------------------------------- /samples/x-sb-psc/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_environments = { 20 | test1 = { 21 | display_name = "Test 1" 22 | description = "Environment created by apigee/terraform-modules" 23 | node_config = null 24 | iam = null 25 | envgroups = ["test"] 26 | type = null 27 | } 28 | test2 = { 29 | display_name = "Test 2" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | } 37 | 38 | apigee_envgroups = { 39 | test = { 40 | hostnames = ["test.api.example.com"] 41 | } 42 | } 43 | 44 | apigee_instances = { 45 | euw1-instance = { 46 | region = "europe-west1" 47 | ip_range = "10.0.0.0/22" 48 | environments = ["test1", "test2"] 49 | } 50 | } 51 | 52 | network = "apigee-network" 53 | 54 | peering_range = "10.0.0.0/22" 55 | 56 | support_range = "10.1.0.0/28" 57 | 58 | backend_network = "backend-network" 59 | backend_region = "europe-west1" 60 | backend_subnet = { 61 | name = "backend-euw1" 62 | ip_cidr_range = "10.200.0.0/28" 63 | region = "europe-west1" 64 | secondary_ip_range = null 65 | } 66 | backend_psc_nat_subnet = { 67 | ip_cidr_range = "10.0.4.0/22" 68 | name = "psc-nat-euw1" 69 | } 70 | 71 | psc_name = "demopsc" 72 | -------------------------------------------------------------------------------- /samples/x-iac-pipeline/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Bootstrap Project Id (used to bootstrap the remaining resources)." 19 | type = string 20 | } 21 | 22 | variable "host_project_id" { 23 | description = "Shared VPC Host Project Id" 24 | type = string 25 | } 26 | 27 | variable "apigee_project_id" { 28 | description = "Shared VPC Service Project Id for Apigee Organization." 29 | type = string 30 | } 31 | 32 | variable "region" { 33 | description = "Region for the bootstrap resources." 34 | type = string 35 | } 36 | 37 | variable "environment" { 38 | description = "Build environment" 39 | type = string 40 | default = "poc" 41 | } 42 | 43 | variable "billing_account" { 44 | description = "Billing account id." 45 | type = string 46 | default = null 47 | } 48 | 49 | variable "project_parent" { 50 | description = "Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format." 51 | type = string 52 | default = null 53 | validation { 54 | condition = var.project_parent == null || can(regex("(organizations|folders)/[0-9]+", var.project_parent)) 55 | error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." 56 | } 57 | } 58 | 59 | variable "project_create" { 60 | description = "Create project. When set to false, uses a data source to reference existing project." 61 | type = bool 62 | default = false 63 | } 64 | -------------------------------------------------------------------------------- /samples/x-nb-psc-mig-l7xlb/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | ax_region = "europe-west1" 19 | billing_account = "" 20 | billing_type = "EVAL" 21 | project_parent = "organizations/406283053755" 22 | 23 | vpc_name = "apigeexvpc" 24 | peering_range = "10.1.0.0/16" 25 | support_range1 = "10.2.0.0/28" 26 | 27 | lb_name = "apigeexlb" 28 | ssl_crt_domains = ["xyz.com"] 29 | 30 | 31 | 32 | # Apigee configurations 33 | apigee_envgroups = { 34 | "testgroup" = { hostnames = ["example.xyz.com"] } 35 | # Add more environment groups if needed 36 | } 37 | 38 | apigee_instances = { 39 | "euw1-instance" = { 40 | region = "europe-west1" 41 | ip_range = "10.1.4.0/22" 42 | environments = ["test"] 43 | }, 44 | 45 | } 46 | 47 | apigee_environments = { 48 | "test" = { 49 | display_name = "TEST" 50 | description = "" 51 | iam = null 52 | envgroups = ["testgroup"] 53 | 54 | } 55 | # Add more environments if needed 56 | } 57 | 58 | 59 | exposure_subnets = [ 60 | { 61 | name = "apigee-exposure-1" 62 | ip_cidr_range = "10.100.0.0/24" 63 | region = "europe-west1" 64 | instance = "euw1-instance" 65 | secondary_ip_range = null 66 | }, 67 | 68 | ] 69 | 70 | psc_subnets = [ 71 | { 72 | name = "psc-subnet-1" 73 | ip_cidr_range = "10.100.255.240/29" 74 | region = "europe-west1" 75 | instance = "euw1-instance" 76 | secondary_ip_range = null 77 | }, 78 | 79 | ] 80 | 81 | -------------------------------------------------------------------------------- /.github/actions/update-docs/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -e 18 | 19 | template_string="$(cat .github/actions/update-docs/sample-instructions.template.md)" 20 | export template_string 21 | 22 | 23 | # create a copy to compare docs updates 24 | workdir=$PWD 25 | original_content_clone=$PWD/../docs-clone 26 | (cd .. && cp -r "$workdir" "$original_content_clone") 27 | 28 | # run terraform docs 29 | for TYPE in samples modules; do 30 | for D in "$TYPE"/*; do 31 | # set the generic sample instructions if required 32 | perl -i.bkp -0pe 's||$ENV{template_string}|gs;' "$D/README.md" 33 | rm "$D/README.md.bkp" 34 | 35 | # run terraform docs 36 | terraform-docs --lockfile=false --hide header --hide requirements markdown table --output-file README.md --output-mode inject "$D" 37 | done 38 | done 39 | 40 | changes=$(git diff --name-only --no-index -- "$original_content_clone" "$workdir" | grep 'README.md$' || true ) 41 | 42 | if [ -z "$changes" ];then 43 | echo "Docs Are up to date 🎉" 44 | elif [ "$FAIL_ON_OUTDATED" = "true" ]; then 45 | echo "The Documentation in the following README files is out of date:" 46 | echo "$changes" 47 | git diff 48 | echo "Please run the docs generator workflow manually and commit your changes:" 49 | echo "./tools/update-docs.sh" 50 | exit 1 51 | else 52 | echo "Updated documentation for the following README files:" 53 | echo "$changes" 54 | echo "Make sure you commit them to this branch before you create your PR." 55 | fi -------------------------------------------------------------------------------- /modules/nb-psc-l7xlb/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_compute_backend_service" "psc_backend" { 18 | project = var.project_id 19 | name = "${var.name}-backend" 20 | port_name = "https" 21 | protocol = "HTTPS" 22 | load_balancing_scheme = "EXTERNAL_MANAGED" 23 | security_policy = var.security_policy 24 | edge_security_policy = var.edge_security_policy 25 | dynamic "backend" { 26 | for_each = var.psc_negs 27 | content { 28 | group = backend.value 29 | } 30 | } 31 | lifecycle { 32 | create_before_destroy = true 33 | } 34 | } 35 | 36 | resource "google_compute_url_map" "url_map" { 37 | project = var.project_id 38 | name = var.name 39 | default_service = google_compute_backend_service.psc_backend.id 40 | } 41 | 42 | resource "google_compute_target_https_proxy" "https_proxy" { 43 | project = var.project_id 44 | name = "${var.name}-proxy" 45 | url_map = google_compute_url_map.url_map.id 46 | ssl_certificates = var.ssl_certificate 47 | } 48 | 49 | resource "google_compute_global_forwarding_rule" "forwarding_rule" { 50 | project = var.project_id 51 | name = "${var.name}-fr" 52 | target = google_compute_target_https_proxy.https_proxy.id 53 | ip_address = var.external_ip != null ? var.external_ip : null 54 | port_range = "443" 55 | load_balancing_scheme = "EXTERNAL_MANAGED" 56 | labels = var.labels 57 | } 58 | 59 | -------------------------------------------------------------------------------- /.github/workflows/linter.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | name: Code Linter 17 | on: 18 | push: 19 | pull_request: 20 | branches: 21 | - main 22 | workflow_dispatch: 23 | schedule: 24 | - cron: "0 0 * * *" 25 | jobs: 26 | linter: 27 | name: Lint Codebase 28 | runs-on: ubuntu-latest 29 | steps: 30 | - name: Checkout Code 31 | uses: actions/checkout@v2 32 | - name: Setup Node 33 | uses: actions/setup-node@v2 34 | with: 35 | node-version: "14" 36 | - name: Install Linter dependencies 37 | run: npm install 38 | - name: Run Mega Linter 39 | uses: oxsecurity/megalinter@v6 40 | env: 41 | DEFAULT_BRANCH: main 42 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 43 | DISABLE_LINTERS: TERRAFORM_KICS,TERRAFORM_CHECKOV,TERRAFORM_TERRASCAN,YAML_YAMLLINT,SPELL_CSPELL,SPELL_PROSELINT,PYTHON_BANDIT,PYTHON_FLAKE8,PYTHON_PYRIGHT,PYTHON_RUFF,JSON_NPM_PACKAGE_JSON_LINT,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GITLEAKS,REPOSITORY_GOODCHECK,REPOSITORY_SEMGREP,REPOSITORY_SYFT,REPOSITORY_TRIVY,COPYPASTE_JSCPD 44 | MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true 45 | PRE_COMMANDS: >- 46 | [{"command": "pip install pytest tftest", "venv": "pylint"}] 47 | MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_EXCLUDE: "(CONTRIBUTING\\.md|CHANGELOG\\.md)" 48 | LINTER_RULES_PATH: '.' 49 | commitlint: 50 | name: Conventional Commits Lint 51 | runs-on: ubuntu-latest 52 | steps: 53 | - uses: actions/checkout@v3 54 | with: 55 | fetch-depth: 0 56 | - uses: wagoid/commitlint-github-action@v4 57 | with: 58 | failOnWarnings: true 59 | -------------------------------------------------------------------------------- /tests/samples/test_transtive_peering.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join( 21 | os.path.dirname(__file__), "../../samples/x-transitive-peering" 22 | ) 23 | 24 | 25 | @pytest.fixture(scope="module") 26 | def resources(recursive_plan_runner): 27 | _, resources = recursive_plan_runner( 28 | FIXTURES_DIR, 29 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 30 | project_id="testonly", 31 | project_create="true" 32 | ) 33 | return resources 34 | 35 | 36 | def test_resource_count(resources): 37 | "Test total number of resources created." 38 | assert len(resources) == 60 39 | 40 | 41 | def test_apigee_instance(resources): 42 | "Test Apigee Instance Resource" 43 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 44 | 45 | 46 | def test_apigee_instance_attachment(resources): 47 | "Test Apigee Instance Attachments." 48 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 49 | 50 | 51 | def test_envgroup_attachment(resources): 52 | "Test Apigee Envgroup Attachments." 53 | assert_envgroup_attachment(resources, ["test1", "test2"]) 54 | 55 | 56 | def test_envgroup(resources): 57 | "Test env group." 58 | assert_envgroup_name(resources, "test") 59 | 60 | 61 | def test_firewall_appliance(resources): 62 | "Test the firewall for network appliance" 63 | appliance_firewalls = [ 64 | r["values"] for r in resources if r["name"] == "allow-appliance-ingress" 65 | ] 66 | assert len(appliance_firewalls) == 1 67 | assert set(appliance_firewalls[0]["source_ranges"]) == set( 68 | ["10.0.0.0/22", "10.200.0.0/28"] 69 | ) 70 | -------------------------------------------------------------------------------- /modules/nb-psc-l7xlb/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Providers 3 | 4 | | Name | Version | 5 | |------|---------| 6 | | [google](#provider\_google) | >= 4.32.0 | 7 | 8 | ## Modules 9 | 10 | No modules. 11 | 12 | ## Resources 13 | 14 | | Name | Type | 15 | |------|------| 16 | | [google_compute_backend_service.psc_backend](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource | 17 | | [google_compute_global_forwarding_rule.forwarding_rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource | 18 | | [google_compute_target_https_proxy.https_proxy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy) | resource | 19 | | [google_compute_url_map.url_map](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map) | resource | 20 | 21 | ## Inputs 22 | 23 | | Name | Description | Type | Default | Required | 24 | |------|-------------|------|---------|:--------:| 25 | | [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no | 26 | | [external\_ip](#input\_external\_ip) | External IP for the L7 XLB. | `string` | `null` | no | 27 | | [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.
Default is an empty map. | `map(string)` | `{}` | no | 28 | | [name](#input\_name) | External LB name. | `string` | n/a | yes | 29 | | [project\_id](#input\_project\_id) | Project id. | `string` | n/a | yes | 30 | | [psc\_negs](#input\_psc\_negs) | List of PSC NEGs to be used as backends. | `list(string)` | n/a | yes | 31 | | [security\_policy](#input\_security\_policy) | (Optional) The security policy associated with this backend service. | `string` | `null` | no | 32 | | [ssl\_certificate](#input\_ssl\_certificate) | A list of SSL certificates for the HTTPS LB. | `list(string)` | n/a | yes | 33 | 34 | ## Outputs 35 | 36 | No outputs. 37 | 38 | -------------------------------------------------------------------------------- /samples/x-transitive-peering/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_instances = { 20 | euw1-instance = { 21 | region = "europe-west1" 22 | ip_range = "10.0.0.0/22" 23 | environments = ["test1", "test2"] 24 | } 25 | } 26 | 27 | apigee_environments = { 28 | test1 = { 29 | display_name = "Test 1" 30 | description = "Environment created by apigee/terraform-modules" 31 | node_config = null 32 | iam = null 33 | envgroups = ["test"] 34 | type = null 35 | } 36 | test2 = { 37 | display_name = "Test 2" 38 | description = "Environment created by apigee/terraform-modules" 39 | node_config = null 40 | iam = null 41 | envgroups = ["test"] 42 | type = null 43 | } 44 | } 45 | 46 | apigee_envgroups = { 47 | test = { 48 | hostnames = ["test.api.example.com"] 49 | } 50 | } 51 | 52 | apigee_network = "apigee-network" 53 | peering_range = "10.0.0.0/22" 54 | support_range = "10.1.0.0/28" 55 | appliance_region = "europe-west1" 56 | appliance_subnet = { 57 | name = "appliance-euw1" 58 | ip_cidr_range = "10.100.0.0/28" 59 | region = "europe-west1" 60 | secondary_ip_range = null 61 | } 62 | 63 | backend_network = "backend-network" 64 | backend_region = "europe-west1" 65 | backend_subnet = { 66 | name = "backend-euw1" 67 | ip_cidr_range = "10.200.0.0/28" 68 | region = "europe-west1" 69 | secondary_ip_range = null 70 | } 71 | 72 | appliance_forwarded_ranges = { 73 | backend-routes = { 74 | range = "10.200.0.0/27" 75 | priority = 800 76 | } 77 | apigee-routes = { 78 | range = "10.0.0.0/21" 79 | priority = 800 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /tests/samples/test_l7xlb.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-l7xlb") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 44 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | 58 | 59 | def test_instance_bidge_location_parity(resources): 60 | "Test that the instance and bridge VM are in the same location" 61 | instance = [ 62 | r["values"] for r in resources if r["type"] == "google_apigee_instance" 63 | ][0] 64 | instance_group_mgr = [ 65 | r["values"] 66 | for r in resources 67 | if r["type"] == "google_compute_region_instance_group_manager" 68 | ][0] 69 | assert instance["location"] == instance_group_mgr["region"] 70 | -------------------------------------------------------------------------------- /tests/samples/test_shared_vpc.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-shared-vpc") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 53 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | 58 | 59 | def test_instance_bidge_location_parity(resources): 60 | "Test that the instance and bridge VM are in the same location" 61 | instance = [ 62 | r["values"] for r in resources if r["type"] == "google_apigee_instance" 63 | ][0] 64 | instance_group_mgr = [ 65 | r["values"] 66 | for r in resources 67 | if r["type"] == "google_compute_region_instance_group_manager" 68 | ][0] 69 | assert instance["location"] == instance_group_mgr["region"] 70 | -------------------------------------------------------------------------------- /tests/samples/test_multi_region.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-multi-region") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 60 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | 58 | 59 | def test_instance_bidge_location_parity(resources): 60 | "Test that the instance and bridge VM are in the same location" 61 | instance = [ 62 | r["values"] for r in resources if r["type"] == "google_apigee_instance" 63 | ][0] 64 | instance_group_mgr = [ 65 | r["values"] 66 | for r in resources 67 | if r["type"] == "google_compute_region_instance_group_manager" 68 | ][0] 69 | assert instance["location"] == instance_group_mgr["region"] 70 | -------------------------------------------------------------------------------- /tests/samples/test_l4xlb_mtls.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-l4xlb-mtls") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 52 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | def test_envgroup_attachment(resources): 49 | "Test Apigee Envgroup Attachments." 50 | assert_envgroup_attachment(resources, ["test1", "test2"]) 51 | 52 | 53 | def test_envgroup(resources): 54 | "Test env group." 55 | assert_envgroup_name(resources, "test") 56 | 57 | def test_named_ports_match(resources): 58 | migBackendMatches = [r for r in resources if r['address'] == 'module.mig-l4xlb.google_compute_backend_service.mig_backend'] 59 | instanceGroups = [r for r in resources if r['address'] == 'module.apigee-x-mtls-mig["euw1-instance"].module.apigee-mtls-proxy-mig.google_compute_region_instance_group_manager.default[0]'] 60 | assert len(migBackendMatches) == 1 61 | assert len(instanceGroups) == 1 62 | assert migBackendMatches[0]['values']['port_name'] == instanceGroups[0]['values']['named_port'][0]['name'] 63 | -------------------------------------------------------------------------------- /modules/mig-l7xlb/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_compute_health_check" "mig_lb_hc" { 18 | project = var.project_id 19 | name = "${var.name}-hc" 20 | https_health_check { 21 | port = "443" 22 | request_path = "/healthz/ingress" 23 | } 24 | } 25 | 26 | resource "google_compute_backend_service" "mig_backend" { 27 | project = var.project_id 28 | name = "${var.name}-backend" 29 | port_name = "https" 30 | protocol = "HTTPS" 31 | timeout_sec = var.backend_timeout 32 | health_checks = [google_compute_health_check.mig_lb_hc.id] 33 | security_policy = var.security_policy 34 | edge_security_policy = var.edge_security_policy 35 | dynamic "backend" { 36 | for_each = var.backend_migs 37 | content { 38 | group = backend.value 39 | } 40 | } 41 | log_config { 42 | enable = var.logs_enabled 43 | sample_rate = var.logs_sample_rate 44 | } 45 | } 46 | 47 | resource "google_compute_url_map" "url_map" { 48 | project = var.project_id 49 | name = var.name 50 | default_service = google_compute_backend_service.mig_backend.id 51 | } 52 | 53 | resource "google_compute_target_https_proxy" "https_proxy" { 54 | project = var.project_id 55 | name = "${var.name}-target-proxy" 56 | url_map = google_compute_url_map.url_map.id 57 | ssl_certificates = var.ssl_certificate 58 | ssl_policy = var.ssl_policy 59 | } 60 | 61 | resource "google_compute_global_forwarding_rule" "forwarding_rule" { 62 | project = var.project_id 63 | name = "${var.name}-forwarding-rule" 64 | target = google_compute_target_https_proxy.https_proxy.id 65 | ip_address = var.external_ip != null ? var.external_ip : null 66 | port_range = "443" 67 | labels = var.labels 68 | } 69 | -------------------------------------------------------------------------------- /samples/x-multi-region/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | apigee_instances = { 20 | # Single instance only for eval, add a second instance for prod setups 21 | euw1-instance = { 22 | region = "europe-west1" 23 | ip_range = "10.0.0.0/22" 24 | environments = ["test1", "test2"] 25 | } 26 | # Example of second instance 27 | # euw2-instance = { 28 | # region = "europe-west2" 29 | # ip_range = "10.0.8.0/22" 30 | # environments = ["test1", "test2"] 31 | # } 32 | } 33 | 34 | apigee_environments = { 35 | test1 = { 36 | display_name = "Test 1" 37 | description = "Environment created by apigee/terraform-modules" 38 | node_config = null 39 | iam = null 40 | envgroups = ["test"] 41 | type = null 42 | } 43 | test2 = { 44 | display_name = "Test 2" 45 | description = "Environment created by apigee/terraform-modules" 46 | node_config = null 47 | iam = null 48 | envgroups = ["test"] 49 | type = null 50 | } 51 | } 52 | 53 | apigee_envgroups = { 54 | test = { 55 | hostnames = ["test.api.example.com"] 56 | } 57 | } 58 | 59 | network = "apigee-network" 60 | 61 | exposure_subnets = [ 62 | { 63 | name = "apigee-exposure-1" 64 | ip_cidr_range = "10.100.0.0/24" 65 | region = "europe-west1" 66 | instance = "euw1-instance" 67 | secondary_ip_range = null 68 | }, 69 | { 70 | name = "apigee-exposure-2" 71 | ip_cidr_range = "10.200.0.0/24" 72 | region = "europe-west2" 73 | instance = "euw1-instance" 74 | secondary_ip_range = null 75 | } 76 | ] 77 | 78 | peering_range = "10.0.0.0/16" 79 | support_range1 = "10.1.0.0/28" 80 | # support_range2 = "10.2.0.0/28" # Support range for second instance 81 | -------------------------------------------------------------------------------- /tests/samples/test_dns_peering.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | import json 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-dns-peering") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 45 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | 58 | def test_envgroup_hostnames(resources): 59 | "Test env group." 60 | assert_envgroup_hostnames(resources, ["test-api.internal", "test.api.example.com"]) 61 | 62 | def test_dns_entries(resources): 63 | "Test the necessary DNS entries" 64 | record_sets = [ 65 | r["values"] for r in resources if r["type"] == "google_dns_record_set" 66 | ] 67 | assert len(record_sets) == 2 68 | record_names = [ 69 | r["name"] for r in record_sets if r["type"] == "A" 70 | ] 71 | assert set(record_names) == set(["test-api.internal.", "demo.internal."]) 72 | -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | "Shared fixtures" 16 | 17 | import os 18 | import pytest 19 | import tftest 20 | 21 | BASEDIR = os.path.dirname(os.path.dirname(__file__)) 22 | 23 | 24 | @pytest.fixture(scope="session") 25 | def _plan_runner(): 26 | "Returns a function to run Terraform plan on a fixture." 27 | 28 | def run_plan(fixture_path, tf_var_file=None, targets=None, refresh=True, **tf_vars): 29 | "Runs Terraform plan and returns parsed output." 30 | tf = tftest.TerraformTest( 31 | fixture_path, BASEDIR, os.environ.get("TERRAFORM", "terraform") 32 | ) 33 | tf.setup() 34 | return tf.plan( 35 | output=True, 36 | refresh=refresh, 37 | tf_vars=tf_vars, 38 | tf_var_file=tf_var_file, 39 | targets=targets, 40 | ) 41 | 42 | return run_plan 43 | 44 | 45 | def recursive_resources(module): 46 | if "child_modules" in module: 47 | child_resources = [ 48 | recursive_resources(child_module) 49 | for child_module in module["child_modules"] 50 | ] 51 | else: 52 | child_resources = [] 53 | 54 | flattened_child_resources = [i for l in child_resources for i in l] 55 | 56 | if "resources" not in module: 57 | return flattened_child_resources 58 | return module["resources"] + flattened_child_resources 59 | 60 | 61 | @pytest.fixture(scope="session") 62 | def recursive_plan_runner(_plan_runner): 63 | "Returns a function to run Terraform plan on a module fixture." 64 | 65 | def run_plan(fixture_path, tf_var_file=None, targets=None, **tf_vars): 66 | "Runs Terraform plan and returns plan and module resources." 67 | plan = _plan_runner( 68 | fixture_path, tf_var_file=tf_var_file, targets=targets, **tf_vars 69 | ) 70 | return plan, recursive_resources(plan.root_module) 71 | 72 | return run_plan 73 | -------------------------------------------------------------------------------- /modules/development-backend/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Providers 3 | 4 | | Name | Version | 5 | |------|---------| 6 | | [google](#provider\_google) | >= 4.20.0 | 7 | 8 | ## Modules 9 | 10 | | Name | Source | Version | 11 | |------|--------|---------| 12 | | [demo-backend-mig](#module\_demo-backend-mig) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-mig | v28.0.0 | 13 | | [demo-backend-template](#module\_demo-backend-template) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-vm | v28.0.0 | 14 | | [ilb-backend](#module\_ilb-backend) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-lb-int | v28.0.0 | 15 | 16 | ## Resources 17 | 18 | | Name | Type | 19 | |------|------| 20 | | [google_compute_firewall.hc-allow](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | [machine\_type](#input\_machine\_type) | GCE Machine type. | `string` | `"e2-small"` | no | 27 | | [name](#input\_name) | Name of the Example Backend. | `string` | `"demo-backend"` | no | 28 | | [network](#input\_network) | VPC network for running the MIGs (needs to be peered with the Apigee tenant project). | `string` | n/a | yes | 29 | | [project\_id](#input\_project\_id) | GCP Project id. | `string` | n/a | yes | 30 | | [region](#input\_region) | GCP Region for the MIGs. | `string` | n/a | yes | 31 | | [subnet](#input\_subnet) | VPC subnet for running the MIGs | `string` | n/a | yes | 32 | 33 | ## Outputs 34 | 35 | | Name | Description | 36 | |------|-------------| 37 | | [ilb\_forwarding\_rule\_address](#output\_ilb\_forwarding\_rule\_address) | ILB forwarding rule IP address. | 38 | | [ilb\_forwarding\_rule\_self\_link](#output\_ilb\_forwarding\_rule\_self\_link) | ILB forwarding rule self link. | 39 | | [instance\_group](#output\_instance\_group) | Backend Service MIG. | 40 | | [region](#output\_region) | Backend Service region. | 41 | -------------------------------------------------------------------------------- /modules/apigee-x-bridge-mig/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "endpoint_ip" { 18 | description = "Apigee X Instance Endpoint IP." 19 | type = string 20 | } 21 | 22 | variable "network" { 23 | description = "VPC network for running the MIGs (needs to be peered with the Apigee tenant project)." 24 | type = string 25 | } 26 | 27 | variable "subnet" { 28 | description = "VPC subnet for running the MIGs" 29 | type = string 30 | } 31 | 32 | variable "project_id" { 33 | description = "GCP Project id." 34 | type = string 35 | } 36 | 37 | variable "name" { 38 | description = "Name for the bridge VMs/MIG (using apigee-$REGION as a fallback)." 39 | type = string 40 | default = null 41 | } 42 | 43 | variable "network_tags" { 44 | description = "Network tags for the Bridge VMs." 45 | type = list(string) 46 | default = ["apigee-bridge"] 47 | } 48 | 49 | variable "region" { 50 | description = "GCP Region for the MIGs." 51 | type = string 52 | } 53 | 54 | variable "machine_type" { 55 | description = "GCE Machine type." 56 | type = string 57 | default = "e2-small" 58 | } 59 | 60 | variable "target_size" { 61 | description = "Group target size, leave null when using an autoscaler." 62 | type = number 63 | default = 2 64 | } 65 | 66 | variable "autoscaler_config" { 67 | description = "Optional autoscaler configuration. Only one of 'cpu_utilization_target' 'load_balancing_utilization_target' or 'metric' can be not null." 68 | type = object({ 69 | max_replicas = number 70 | min_replicas = number 71 | cooldown_period = number 72 | cpu_utilization_target = number 73 | load_balancing_utilization_target = number 74 | metric = object({ 75 | name = string 76 | single_instance_assignment = number 77 | target = number 78 | type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE 79 | filter = string 80 | }) 81 | }) 82 | default = null 83 | } -------------------------------------------------------------------------------- /tests/samples/test_nb_psc_xlb.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-nb-psc-xlb") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 42 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 42 | 43 | 44 | def test_apigee_instance_attachment(resources): 45 | "Test Apigee Instance Attachments." 46 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 47 | 48 | 49 | def test_envgroup_attachment(resources): 50 | "Test Apigee Envgroup Attachments." 51 | assert_envgroup_attachment(resources, ["test1", "test2"]) 52 | 53 | 54 | def test_envgroup(resources): 55 | "Test env group." 56 | assert_envgroup_name(resources, "test") 57 | 58 | def test_vpcs(resources): 59 | "Test that the Apigee instance and the NEG are in two different VPCs." 60 | attachments = [ 61 | r["values"] 62 | for r in resources 63 | if r["type"] == "google_compute_network" 64 | ] 65 | assert len(attachments) == 2 66 | assert set(a["name"] for a in attachments) == set(["apigee-network", "psc-ingress"]) 67 | 68 | def test_same_region(resources): 69 | "Test that Apigee instance and the NEG are in the same region." 70 | instances = [ 71 | r for r in resources if r["type"] == "google_apigee_instance" 72 | ] 73 | negs = [ 74 | r for r in resources if r["type"] == "google_compute_region_network_endpoint_group" 75 | ] 76 | assert len(instances) == 1 77 | assert len(negs) == 1 78 | assert instances[0]["values"]["location"] == negs[0]["values"]["region"] 79 | -------------------------------------------------------------------------------- /tests/samples/test_x_non_vpc_peering.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | import os 16 | import pytest 17 | from .utils import * 18 | 19 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-non-vpc-peering") 20 | 21 | @pytest.fixture(scope="module") 22 | def resources(recursive_plan_runner): 23 | _, resources = recursive_plan_runner( 24 | FIXTURES_DIR, 25 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 26 | project_id="testonly", 27 | project_create="true" 28 | ) 29 | return resources 30 | 31 | def test_resource_count(resources): 32 | "Test total number of resources created." 33 | assert len(resources) == 32 34 | 35 | def test_apigee_instance(resources): 36 | "Test Apigee Instance Resource" 37 | assert_instance(resources, "us-west1", ip_range=None) # Not providing the ip_range as it dynamic/internal for non-vpc peering setup. 38 | 39 | def test_apigee_instance_attachment(resources): 40 | "Test Apigee Instance Attachments." 41 | assert_instance_attachment(resources, ["us-west1-test1", "us-west1-test2"]) 42 | 43 | def test_envgroup_attachment(resources): 44 | "Test Apigee Envgroup Attachments." 45 | assert_envgroup_attachment(resources, ["test1", "test2"]) 46 | 47 | def test_envgroup(resources): 48 | "Test env group." 49 | assert_envgroup_name(resources, "test") 50 | 51 | def test_vpcs(resources): 52 | "Test that there is one VPC for PSC NEG" 53 | attachments = [ 54 | r["values"] 55 | for r in resources 56 | if r["type"] == "google_compute_network" 57 | ] 58 | assert len(attachments) == 1 59 | assert set(a["name"] for a in attachments) == set(["psc-ingress-vpc"]) 60 | 61 | def test_same_region(resources): 62 | "Test that Apigee instance and the NEG are in the same region." 63 | instances = [ 64 | r for r in resources if r["type"] == "google_apigee_instance" 65 | ] 66 | negs = [ 67 | r for r in resources if r["type"] == "google_compute_region_network_endpoint_group" 68 | ] 69 | assert len(instances) == 1 70 | assert len(negs) == 1 71 | assert instances[0]["values"]["location"] == negs[0]["values"]["region"] -------------------------------------------------------------------------------- /tests/samples/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | import pprint 16 | 17 | def assert_envgroup_attachment(resources, envs): 18 | "Test Apigee Envgroup Attachments." 19 | attachments = resources_by_type(resources, "google_apigee_envgroup_attachment") 20 | assert len(attachments) == len(envs) 21 | for a in attachments: 22 | pprint.pprint(a) 23 | assert set(a["values"]["environment"] for a in attachments) == set(envs) 24 | 25 | 26 | def assert_envgroup_name(resources, name, index=0): 27 | "Test env group." 28 | envgroups = resources_by_type(resources, "google_apigee_envgroup") 29 | assert len(envgroups) >= index+1 30 | assert envgroups[index]["values"]["name"] == name 31 | 32 | def assert_envgroup_hostnames(resources, hostnames, index=0): 33 | "Test env group hostnames." 34 | envgroups = resources_by_type(resources, "google_apigee_envgroup") 35 | assert len(envgroups) >= index+1 36 | assert set(envgroups[index]["values"]["hostnames"]) == set(hostnames) 37 | 38 | def assert_instance(resources, location, ip_range=None, index=0): 39 | "Test Apigee Instance Resource" 40 | instances = resources_by_type(resources, "google_apigee_instance") 41 | assert len(instances) >= index+1 42 | assert instances[index]["values"]["location"] == location 43 | if ip_range is not None: 44 | assert instances[index]["values"]["ip_range"] == ip_range 45 | 46 | 47 | def assert_instance_attachment(resources, attachment_ids): 48 | "Test Apigee Instance Attachments." 49 | attachments = resources_by_type(resources, "google_apigee_instance_attachment") 50 | assert len(attachments) == len(attachment_ids) 51 | attachment_ids_found = set(a["index"] for a in attachments) 52 | print(attachment_ids_found) 53 | assert set(attachment_ids_found) == set(attachment_ids) 54 | 55 | def resources_by_type(resources, resourceType): 56 | "Filter resources by type." 57 | return [r for r in resources if r["type"] == resourceType ] 58 | 59 | def resource_by_address(resources, address): 60 | "Finds resource by address and fails if address is not unique or does not exist." 61 | matched = [r for r in resources if r["address"] == address ] 62 | assert len(matched) == 1 63 | return matched[0] -------------------------------------------------------------------------------- /tests/samples/test_sb_psc.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pprint 18 | import pytest 19 | from .utils import * 20 | 21 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-sb-psc") 22 | 23 | 24 | @pytest.fixture(scope="module") 25 | def resources(recursive_plan_runner): 26 | _, resources = recursive_plan_runner( 27 | FIXTURES_DIR, 28 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 29 | project_id="testonly", 30 | project_create="true" 31 | ) 32 | return resources 33 | 34 | 35 | def test_resource_count(resources): 36 | "Test total number of resources created." 37 | assert len(resources) == 46 38 | 39 | 40 | def test_apigee_instance(resources): 41 | "Test Apigee Instance Resource" 42 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 43 | 44 | 45 | def test_apigee_instance_attachment(resources): 46 | "Test Apigee Instance Attachments." 47 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 48 | 49 | 50 | def test_envgroup_attachment(resources): 51 | "Test Apigee Envgroup Attachments." 52 | assert_envgroup_attachment(resources, ["test1", "test2"]) 53 | 54 | 55 | 56 | def test_envgroup(resources): 57 | "Test env group." 58 | assert_envgroup_name(resources, "test") 59 | 60 | def test_vpcs(resources): 61 | "Test two different VPCs." 62 | attachments = [ 63 | r["values"] 64 | for r in resources 65 | if r["type"] == "google_compute_network" 66 | ] 67 | assert len(attachments) == 2 68 | assert set(a["name"] for a in attachments) == set(["apigee-network", "backend-network"]) 69 | 70 | def test_same_region(resources): 71 | "Test that the service attachment and the endpoint attachment are in the same region." 72 | endpointAttachments = [ 73 | r for r in resources if r["type"] == "google_apigee_endpoint_attachment" 74 | ] 75 | serviceAttachments = [ 76 | r for r in resources if r["type"] == "google_compute_service_attachment" 77 | ] 78 | assert len(endpointAttachments) == 1 79 | assert len(serviceAttachments) == 1 80 | assert endpointAttachments[0]["values"]["location"] == serviceAttachments[0]["values"]["region"] 81 | -------------------------------------------------------------------------------- /modules/sb-psc-attachment/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_compute_service_attachment" "psc_service_attachment" { 18 | name = var.name 19 | region = var.region 20 | project = var.project_id 21 | description = "A service attachment to be used by Apigee" 22 | 23 | enable_proxy_protocol = false 24 | connection_preference = "ACCEPT_AUTOMATIC" 25 | nat_subnets = var.nat_subnets 26 | target_service = var.target_service 27 | } 28 | 29 | resource "google_apigee_endpoint_attachment" "endpoint_attachment" { 30 | org_id = var.apigee_organization 31 | endpoint_attachment_id = var.name 32 | location = var.region 33 | service_attachment = google_compute_service_attachment.psc_service_attachment.id 34 | } 35 | 36 | 37 | resource "google_apigee_target_server" "target_server" { 38 | for_each = var.target_servers 39 | 40 | name = each.value.name 41 | description = "Target server for ${var.name} endpoint attachment" 42 | env_id = each.value.environment_id 43 | protocol = each.value.protocol 44 | host = google_apigee_endpoint_attachment.endpoint_attachment.host 45 | port = each.value.port 46 | is_enabled = each.value.enabled 47 | 48 | dynamic "s_sl_info" { 49 | for_each = each.value.s_sl_info != null ? [1] : [] 50 | content { 51 | enabled = each.value.s_sl_info.enabled 52 | client_auth_enabled = each.value.s_sl_info.client_auth_enabled 53 | key_store = each.value.s_sl_info.key_store 54 | key_alias = each.value.s_sl_info.key_alias 55 | trust_store = each.value.s_sl_info.trust_store 56 | ignore_validation_errors = each.value.s_sl_info.ignore_validation_errors 57 | protocols = each.value.s_sl_info.protocols 58 | ciphers = each.value.s_sl_info.ciphers 59 | dynamic "common_name" { 60 | for_each = each.value.s_sl_info.common_name != null ? [1] : [] 61 | content { 62 | value = each.value.s_sl_info.common_name.value 63 | wildcard_match = each.value.s_sl_info.common_name.wildcard_match 64 | } 65 | } 66 | } 67 | } 68 | } -------------------------------------------------------------------------------- /modules/mig-l7xlb/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id." 19 | type = string 20 | } 21 | 22 | variable "backend_migs" { 23 | description = "List of MIGs to be used as backends." 24 | type = list(string) 25 | } 26 | 27 | variable "ssl_certificate" { 28 | description = "A list of SSL certificates for the HTTPS LB." 29 | type = list(string) 30 | } 31 | 32 | variable "external_ip" { 33 | description = "(Optional) External IP for the L7 XLB." 34 | type = string 35 | default = null 36 | } 37 | 38 | variable "name" { 39 | description = "External LB name." 40 | type = string 41 | } 42 | 43 | variable "security_policy" { 44 | description = "(Optional) The security policy associated with this backend service." 45 | type = string 46 | default = null 47 | } 48 | 49 | variable "edge_security_policy" { 50 | description = "(Optional) The edge security policy associated with this backend service." 51 | type = string 52 | default = null 53 | } 54 | 55 | variable "logs_enabled" { 56 | type = bool 57 | default = false 58 | description = "Whether to enable logging for the load balancer traffic served by this backend service." 59 | } 60 | 61 | variable "backend_timeout" { 62 | type = number 63 | default = 10 64 | description = "Backend timeout in seconds" 65 | } 66 | 67 | variable "logs_sample_rate" { 68 | default = null 69 | type = number 70 | description = <<-EOD 71 | This field can only be specified if logging is enabled for this backend service. 72 | The value of the field must be in [0, 1]. 73 | EOD 74 | } 75 | 76 | variable "labels" { 77 | type = map(string) 78 | default = {} 79 | description = <<-EOD 80 | An optional map of label key:value pairs to assign to the forwarding rule. 81 | Default is an empty map. 82 | EOD 83 | } 84 | 85 | variable "ssl_policy" { 86 | type = string 87 | default = null 88 | description = <<-EOD 89 | A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. 90 | If not set, the TargetHttpsProxy resource will not have any SSL policy configured. 91 | EOD 92 | } 93 | -------------------------------------------------------------------------------- /modules/sb-psc-attachment/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id." 19 | type = string 20 | } 21 | 22 | variable "region" { 23 | description = "GCP region where the service attachment should be created." 24 | type = string 25 | } 26 | 27 | variable "name" { 28 | description = "Name for the service attachment." 29 | type = string 30 | } 31 | 32 | variable "nat_subnets" { 33 | description = "One or more NAT subnets to be used for PSC." 34 | type = list(string) 35 | } 36 | 37 | variable "target_service" { 38 | description = "Target Service for the service attachment e.g. a forwarding rule." 39 | type = string 40 | } 41 | 42 | variable "apigee_organization" { 43 | description = "Apigee organization where the Endpoint Attachment should be added to. Apigee Organization ID should be prefixed with 'organizations/'" 44 | type = string 45 | validation { 46 | condition = can(regex("^(organizations/[a-zA-Z0-9-_]+)$", var.apigee_organization)) 47 | error_message = "Invalid Apigee Organization ID. Please use the format \"organizations/[a-zA-Z0-9-_]+\"." 48 | } 49 | } 50 | 51 | variable "target_servers" { 52 | description = "Map of target servers to be created and associated with the endpoint attachment." 53 | default = {} 54 | type = map(object({ 55 | environment_id = string 56 | name = string 57 | protocol = optional(string, "HTTP") 58 | port = optional(number, 80) 59 | enabled = optional(bool, true) 60 | s_sl_info = optional(object({ 61 | enabled = bool 62 | client_auth_enabled = optional(bool, null) 63 | key_store = optional(string, null) 64 | key_alias = optional(string, null) 65 | trust_store = optional(string, null) 66 | ignore_validation_errors = optional(bool, null) 67 | protocols = optional(list(string), null) 68 | ciphers = optional(list(string), null) 69 | common_name = optional(object({ 70 | value = optional(string, null) 71 | wildcard_match = optional(bool, null) 72 | })) 73 | })) 74 | })) 75 | } 76 | -------------------------------------------------------------------------------- /tests/samples/test_nb_psc_mig_l7xlb.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | 20 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-nb-psc-mig-l7xlb") 21 | 22 | 23 | @pytest.fixture(scope="module") 24 | def resources(recursive_plan_runner): 25 | _, resources = recursive_plan_runner( 26 | FIXTURES_DIR, 27 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 28 | project_id="testonly", 29 | project_create="true" 30 | ) 31 | return resources 32 | 33 | 34 | def test_resource_count(resources): 35 | "Test total number of resources created." 36 | assert len(resources) == 46 37 | 38 | 39 | def test_apigee_instance(resources): 40 | "Test Apigee Instance Resource" 41 | assert_instance(resources, "europe-west1", "10.1.4.0/22") 42 | 43 | 44 | 45 | def test_apigee_instance_attachment(resources): 46 | "Test Apigee Instance Attachments." 47 | assert_instance_attachment(resources, ["europe-west1-test"]) 48 | 49 | 50 | def test_envgroup_attachment(resources): 51 | "Test Apigee Envgroup Attachments." 52 | assert_envgroup_attachment(resources, ["test"]) 53 | 54 | 55 | def test_envgroup(resources): 56 | "Test env group." 57 | assert_envgroup_name(resources, "testgroup") 58 | 59 | 60 | def test_instance_bidge_location_parity(resources): 61 | "Test that the instance and bridge VM are in the same location" 62 | instance = [ 63 | r["values"] for r in resources if r["type"] == "google_apigee_instance" 64 | ][0] 65 | instance_group_mgr = [ 66 | r["values"] 67 | for r in resources 68 | if r["type"] == "google_compute_region_instance_group_manager" 69 | ][0] 70 | assert instance["location"] == instance_group_mgr["region"] 71 | 72 | def test_same_region_psc(resources): 73 | "Test that Apigee instance and the PSC are in the same region." 74 | instances = [ 75 | r for r in resources if r["type"] == "google_apigee_instance" 76 | ] 77 | psc = [ 78 | r for r in resources if r["type"] == "google_compute_forwarding_rule" 79 | ] 80 | assert len(instances) == 1 81 | assert len(psc) == 1 82 | assert instances[0]["values"]["location"] == psc[0]["values"]["region"] 83 | 84 | -------------------------------------------------------------------------------- /modules/apigee-x-bridge-mig/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | bridge_name = var.name == null ? "apigee-${var.region}" : var.name 19 | } 20 | 21 | module "bridge-template" { 22 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-vm?ref=v28.0.0" 23 | project_id = var.project_id 24 | name = local.bridge_name 25 | zone = "${var.region}-b" 26 | tags = var.network_tags 27 | instance_type = var.machine_type 28 | network_interfaces = [{ 29 | network = var.network, 30 | subnetwork = var.subnet 31 | nat = false 32 | addresses = null 33 | alias_ips = null 34 | }] 35 | boot_disk = { 36 | initialize_params = { 37 | image = "debian-cloud/debian-11" 38 | type = "pd-standard" 39 | size = 20 40 | } 41 | } 42 | create_template = true 43 | metadata = { 44 | ENDPOINT = var.endpoint_ip 45 | startup-script-url = "gs://apigee-5g-saas/apigee-envoy-proxy-release/latest/conf/startup-script.sh" 46 | } 47 | service_account = { 48 | auto_create = true 49 | scopes = ["cloud-platform"] 50 | } 51 | } 52 | 53 | module "bridge-mig" { 54 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-mig?ref=v28.0.0" 55 | project_id = var.project_id 56 | location = var.region 57 | name = local.bridge_name 58 | target_size = var.target_size 59 | autoscaler_config = var.autoscaler_config 60 | instance_template = module.bridge-template.template.self_link 61 | named_ports = { 62 | https = 443 63 | } 64 | auto_healing_policies = { 65 | health_check = module.bridge-mig.health_check.self_link 66 | initial_delay_sec = 30 67 | } 68 | health_check_config = { 69 | https = { 70 | port = 443, 71 | request_path = "/healthz/ingress" 72 | } 73 | } 74 | } 75 | 76 | resource "google_compute_firewall" "allow_glb_to_mig_bridge" { 77 | name = "hc-${local.bridge_name}" 78 | project = split("/", "google_compute_network.${var.network}")[1] 79 | network = var.network 80 | source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] 81 | target_tags = var.network_tags 82 | allow { 83 | protocol = "tcp" 84 | ports = ["443"] 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /modules/nb-psc-l7ilb/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Providers 3 | 4 | | Name | Version | 5 | |------|---------| 6 | | [google](#provider\_google) | >= 4.32.0 | 7 | 8 | ## Modules 9 | 10 | No modules. 11 | 12 | ## Resources 13 | 14 | | Name | Type | 15 | |------|------| 16 | | [google_compute_forwarding_rule.forwarding_rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_forwarding_rule) | resource | 17 | | [google_compute_region_backend_service.psc_backend](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_backend_service) | resource | 18 | | [google_compute_region_target_http_proxy.http_proxy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_target_http_proxy) | resource | 19 | | [google_compute_region_url_map.url_map](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_url_map) | resource | 20 | | [google_compute_subnetwork.proxy_subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | 21 | | [google_compute_network.vpc_network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_network) | data source | 22 | 23 | ## Inputs 24 | 25 | | Name | Description | Type | Default | Required | 26 | |------|-------------|------|---------|:--------:| 27 | | [l7\_ilb\_name\_prefix](#input\_l7\_ilb\_name\_prefix) | Prefix for the Load Balancer resources. | `string` | n/a | yes | 28 | | [l7\_ilb\_proxy\_subnet\_cidr\_range](#input\_l7\_ilb\_proxy\_subnet\_cidr\_range) | IP CIDR Range for the L7 ILB Proxy-only Subnet. | `string` | n/a | yes | 29 | | [l7\_ilb\_proxy\_subnet\_name](#input\_l7\_ilb\_proxy\_subnet\_name) | Name of the L7 ILB Proxy-only Subnet. | `string` | `"l7ilb-proxy-subnet"` | no | 30 | | [l7\_ilb\_subnet\_id](#input\_l7\_ilb\_subnet\_id) | Subnet in which the Forwarding Rule should be created. | `string` | n/a | yes | 31 | | [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.
Default is an empty map. | `map(string)` | `{}` | no | 32 | | [project\_id](#input\_project\_id) | ID of the GCP Project. | `string` | n/a | yes | 33 | | [psc\_neg](#input\_psc\_neg) | PSC NEG to be used as backend. | `string` | n/a | yes | 34 | | [region](#input\_region) | GCP Region in which the resources should be created. | `string` | n/a | yes | 35 | | [vpc\_network\_name](#input\_vpc\_network\_name) | Name of the VPC Network. | `string` | n/a | yes | 36 | 37 | ## Outputs 38 | 39 | No outputs. 40 | 41 | -------------------------------------------------------------------------------- /modules/apigee-x-mtls-mig/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "GCP Project id." 19 | type = string 20 | } 21 | 22 | variable "endpoint_ip" { 23 | description = "Apigee X Instance Endpoint IP." 24 | type = string 25 | } 26 | 27 | variable "ca_cert_path" { 28 | description = "local CA Cert File Path for Client Authenication." 29 | type = string 30 | } 31 | 32 | variable "tls_cert_path" { 33 | description = "local TLS Cert File Path for Client Authenication." 34 | type = string 35 | } 36 | 37 | variable "tls_key_path" { 38 | description = "local TLS Cert File Path for Client Authenication." 39 | type = string 40 | } 41 | 42 | variable "network_tags" { 43 | description = "network tags for the mTLS mig" 44 | type = list(string) 45 | } 46 | 47 | variable "network" { 48 | description = "VPC network for running the MIGs (needs to be peered with the Apigee tenant project)." 49 | type = string 50 | } 51 | 52 | variable "subnet" { 53 | description = "VPC subnet for running the MIGs" 54 | type = string 55 | } 56 | 57 | variable "region" { 58 | description = "GCP Region for the MIGs." 59 | type = string 60 | } 61 | 62 | variable "machine_type" { 63 | description = "GCE Machine type." 64 | type = string 65 | default = "e2-small" 66 | } 67 | 68 | variable "target_size" { 69 | description = "Group target size, leave null when using an autoscaler." 70 | type = number 71 | default = 2 72 | } 73 | 74 | variable "autoscaler_config" { 75 | description = "Optional autoscaler configuration. Only one of 'cpu_utilization_target' 'load_balancing_utilization_target' or 'metric' can be not null." 76 | type = object({ 77 | max_replicas = number 78 | min_replicas = number 79 | cooldown_period = number 80 | cpu_utilization_target = number 81 | load_balancing_utilization_target = number 82 | metric = object({ 83 | name = string 84 | single_instance_assignment = number 85 | target = number 86 | type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE 87 | filter = string 88 | }) 89 | }) 90 | default = null 91 | } 92 | -------------------------------------------------------------------------------- /tests/samples/test_controlled_internet_egress.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | import os 17 | import pytest 18 | from .utils import * 19 | import pprint 20 | 21 | FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "../../samples/x-controlled-internet-egress") 22 | 23 | 24 | @pytest.fixture(scope="module") 25 | def resources(recursive_plan_runner): 26 | _, resources = recursive_plan_runner( 27 | FIXTURES_DIR, 28 | tf_var_file=os.path.join(FIXTURES_DIR, "x-demo.tfvars"), 29 | project_id="testonly", 30 | project_create="true" 31 | ) 32 | return resources 33 | 34 | 35 | def test_resource_count(resources): 36 | "Test total number of resources created." 37 | assert len(resources) == 39 38 | 39 | 40 | def test_apigee_instance(resources): 41 | "Test Apigee Instance Resource" 42 | assert_instance(resources, "europe-west1", "10.0.0.0/22") 43 | 44 | 45 | def test_apigee_instance_attachment(resources): 46 | "Test Apigee Instance Attachments." 47 | assert_instance_attachment(resources, ["europe-west1-test1", "europe-west1-test2"]) 48 | 49 | 50 | def test_envgroup_attachment(resources): 51 | "Test Apigee Envgroup Attachments." 52 | pprint.pprint(resources) 53 | assert_envgroup_attachment(resources, ["test1", "test2"]) 54 | 55 | 56 | def test_envgroup(resources): 57 | "Test env group." 58 | assert_envgroup_name(resources, "test") 59 | 60 | def test_firewall_tags(resources): 61 | "Test firewall tags match the VM." 62 | expectedTags = set(["egress-fw"]) 63 | assert set(resource_by_address(resources, "module.mock-firewall.google_compute_instance.default[0]")["values"]["tags"]) == expectedTags 64 | assert set(resource_by_address(resources, "google_compute_route.firewall_to_internet")["values"]["tags"]) == expectedTags 65 | assert set(resource_by_address(resources, "google_compute_firewall.allow_glb_to_mig_bridge")["values"]["target_tags"]) == expectedTags 66 | 67 | def test_two_internet_routes(resources): 68 | "Test two default routes exist." 69 | routeViaFirewall = resource_by_address(resources, "google_compute_route.egress_via_firewall") 70 | routeForFirewall = resource_by_address(resources, "google_compute_route.firewall_to_internet") 71 | assert routeForFirewall["values"]["priority"] < routeViaFirewall["values"]["priority"] 72 | assert routeForFirewall["values"]["dest_range"] == "0.0.0.0/0" 73 | assert routeViaFirewall["values"]["dest_range"] == "0.0.0.0/0" 74 | -------------------------------------------------------------------------------- /modules/development-backend/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "demo-backend-template" { 18 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-vm?ref=v28.0.0" 19 | project_id = var.project_id 20 | name = var.name 21 | zone = "${var.region}-b" 22 | instance_type = var.machine_type 23 | tags = [var.name] 24 | network_interfaces = [{ 25 | network = var.network, 26 | subnetwork = var.subnet 27 | nat = false 28 | addresses = null 29 | alias_ips = null 30 | }] 31 | boot_disk = { 32 | initialize_params = { 33 | image = "projects/debian-cloud/global/images/family/debian-11" 34 | type = "pd-standard" 35 | size = 10 36 | } 37 | } 38 | create_template = true 39 | metadata = { 40 | startup-script = "sudo mkdir -p /var/www && cd /var/www && echo \"hello from $(hostname)\" > index.html && python3 -m http.server 80" 41 | } 42 | service_account = { 43 | auto_create = true 44 | scopes = ["cloud-platform"] 45 | } 46 | } 47 | 48 | module "demo-backend-mig" { 49 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-mig?ref=v28.0.0" 50 | project_id = var.project_id 51 | location = var.region 52 | name = "${var.name}-${var.region}" 53 | target_size = 2 54 | instance_template = module.demo-backend-template.template.self_link 55 | } 56 | 57 | module "ilb-backend" { 58 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-lb-int?ref=v28.0.0" 59 | project_id = var.project_id 60 | region = var.region 61 | name = var.name 62 | service_label = var.name 63 | vpc_config = { 64 | network = var.network 65 | subnetwork = var.subnet 66 | } 67 | forwarding_rules_config = { 68 | "" = { 69 | ports = [80] 70 | } 71 | } 72 | backends = [ 73 | { 74 | group = module.demo-backend-mig.group_manager.instance_group, 75 | failover = false 76 | balancing_mode = "CONNECTION" 77 | } 78 | ] 79 | health_check_config = { 80 | tcp = { port = 80 } 81 | } 82 | } 83 | 84 | resource "google_compute_firewall" "hc-allow" { 85 | name = "allow-hc-${var.name}" 86 | project = var.project_id 87 | network = var.network 88 | source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] 89 | target_tags = [var.name] 90 | allow { 91 | protocol = "tcp" 92 | ports = ["80"] 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /samples/x-basic/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id (also used for the Apigee Organization)." 19 | type = string 20 | } 21 | 22 | variable "ax_region" { 23 | description = "GCP region for storing Apigee analytics data (see https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli)." 24 | type = string 25 | } 26 | 27 | variable "apigee_envgroups" { 28 | description = "Apigee Environment Groups." 29 | type = map(object({ 30 | hostnames = list(string) 31 | })) 32 | default = null 33 | } 34 | 35 | variable "apigee_instances" { 36 | description = "Apigee Instances (only one instance for EVAL orgs)." 37 | type = map(object({ 38 | region = string 39 | ip_range = string 40 | environments = list(string) 41 | })) 42 | default = null 43 | } 44 | 45 | variable "apigee_environments" { 46 | description = "Apigee Environments." 47 | type = map(object({ 48 | display_name = optional(string) 49 | description = optional(string) 50 | node_config = optional(object({ 51 | min_node_count = optional(number) 52 | max_node_count = optional(number) 53 | })) 54 | iam = optional(map(list(string))) 55 | envgroups = list(string) 56 | type = optional(string) 57 | })) 58 | default = null 59 | } 60 | 61 | variable "network" { 62 | description = "Name of the VPC network to peer with the Apigee tennant project." 63 | type = string 64 | } 65 | 66 | variable "peering_range" { 67 | description = "Service Peering CIDR range." 68 | type = string 69 | } 70 | 71 | variable "support_range" { 72 | description = "Support CIDR range of length /28 (required by Apigee for troubleshooting purposes)." 73 | type = string 74 | } 75 | 76 | variable "billing_account" { 77 | description = "Billing account id." 78 | type = string 79 | default = null 80 | } 81 | 82 | variable "project_parent" { 83 | description = "Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format." 84 | type = string 85 | default = null 86 | validation { 87 | condition = var.project_parent == null || can(regex("(organizations|folders)/[0-9]+", var.project_parent)) 88 | error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." 89 | } 90 | } 91 | 92 | variable "project_create" { 93 | description = "Create project. When set to false, uses a data source to reference existing project." 94 | type = bool 95 | default = false 96 | } 97 | -------------------------------------------------------------------------------- /modules/routing-appliance/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Providers 3 | 4 | | Name | Version | 5 | |------|---------| 6 | | [google](#provider\_google) | >= 4.20.0 | 7 | | [random](#provider\_random) | n/a | 8 | 9 | ## Modules 10 | 11 | | Name | Source | Version | 12 | |------|--------|---------| 13 | | [appliance-sa](#module\_appliance-sa) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/iam-service-account | v28.0.0 | 14 | | [config-bucket](#module\_config-bucket) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/gcs | v28.0.0 | 15 | | [ilb-appliance](#module\_ilb-appliance) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-lb-int | v28.0.0 | 16 | | [routing-appliance-mig](#module\_routing-appliance-mig) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-mig | v28.0.0 | 17 | | [routing-appliance-template](#module\_routing-appliance-template) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-vm | v28.0.0 | 18 | 19 | ## Resources 20 | 21 | | Name | Type | 22 | |------|------| 23 | | [google_compute_firewall.hc-allow](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 24 | | [google_compute_route.appliance](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource | 25 | | [google_storage_bucket_object.setup_script](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_object) | resource | 26 | | [random_id.bucket](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | 27 | 28 | ## Inputs 29 | 30 | | Name | Description | Type | Default | Required | 31 | |------|-------------|------|---------|:--------:| 32 | | [forwarded\_ranges](#input\_forwarded\_ranges) | CDIR ranges that should route via appliance | 
map(object({
    range    = string
    priority = number
  }))
| `{}` | no | 33 | | [machine\_type](#input\_machine\_type) | GCE Machine type. | `string` | `"e2-small"` | no | 34 | | [name](#input\_name) | Name to use for the routing appliance. | `string` | `"routing-appliance"` | no | 35 | | [network](#input\_network) | VPC network for running the routing appliance MIGs. | `string` | n/a | yes | 36 | | [project\_id](#input\_project\_id) | GCP Project id. | `string` | n/a | yes | 37 | | [region](#input\_region) | GCP Region for the MIGs. | `string` | n/a | yes | 38 | | [subnet](#input\_subnet) | VPC subnet for running the MIGs | `string` | n/a | yes | 39 | 40 | ## Outputs 41 | 42 | | Name | Description | 43 | |------|-------------| 44 | | [instance\_group](#output\_instance\_group) | Routing Appliance MIG | 45 | -------------------------------------------------------------------------------- /samples/x-l7xlb/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | subnet_region_name = { for subnet in var.exposure_subnets : 19 | subnet.region => "${subnet.region}/${subnet.name}" 20 | } 21 | } 22 | 23 | module "project" { 24 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/project?ref=v28.0.0" 25 | name = var.project_id 26 | parent = var.project_parent 27 | billing_account = var.billing_account 28 | project_create = var.project_create 29 | services = [ 30 | "apigee.googleapis.com", 31 | "cloudkms.googleapis.com", 32 | "compute.googleapis.com", 33 | "servicenetworking.googleapis.com" 34 | ] 35 | } 36 | 37 | module "vpc" { 38 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc?ref=v28.0.0" 39 | project_id = module.project.project_id 40 | name = var.network 41 | subnets = var.exposure_subnets 42 | psa_config = { 43 | ranges = { 44 | apigee-range = var.peering_range 45 | apigee-support-range = var.support_range 46 | } 47 | } 48 | } 49 | 50 | module "nip-development-hostname" { 51 | source = "../../modules/nip-development-hostname" 52 | project_id = module.project.project_id 53 | address_name = "apigee-external" 54 | subdomain_prefixes = [for name, _ in var.apigee_envgroups : name] 55 | } 56 | 57 | module "apigee-x-core" { 58 | source = "../../modules/apigee-x-core" 59 | project_id = module.project.project_id 60 | ax_region = var.ax_region 61 | apigee_environments = var.apigee_environments 62 | apigee_envgroups = var.apigee_envgroups 63 | apigee_instances = var.apigee_instances 64 | network = module.vpc.network.id 65 | } 66 | 67 | module "apigee-x-bridge-mig" { 68 | for_each = var.apigee_instances 69 | source = "../../modules/apigee-x-bridge-mig" 70 | project_id = module.project.project_id 71 | network = module.vpc.network.id 72 | subnet = module.vpc.subnet_self_links[local.subnet_region_name[each.value.region]] 73 | region = each.value.region 74 | endpoint_ip = module.apigee-x-core.instance_endpoints[each.key] 75 | } 76 | 77 | module "mig-l7xlb" { 78 | source = "../../modules/mig-l7xlb" 79 | project_id = module.project.project_id 80 | name = "apigee-xlb" 81 | backend_migs = [for _, mig in module.apigee-x-bridge-mig : mig.instance_group] 82 | ssl_certificate = [module.nip-development-hostname.ssl_certificate] 83 | external_ip = module.nip-development-hostname.ip_address 84 | } 85 | -------------------------------------------------------------------------------- /modules/apigee-x-mtls-mig/envoy-config-template.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | static_resources: 16 | listeners: 17 | - name: listener_0 18 | address: 19 | socket_address: 20 | address: 0.0.0.0 21 | port_value: 10000 22 | filter_chains: 23 | - filters: 24 | - name: envoy.filters.network.http_connection_manager 25 | typed_config: 26 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 27 | stat_prefix: ingress_http 28 | set_current_client_cert_details: 29 | subject: true 30 | http_filters: 31 | - name: envoy.filters.http.router 32 | typed_config: 33 | "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router 34 | route_config: 35 | name: local_route 36 | virtual_hosts: 37 | - name: local_service 38 | domains: ["*"] 39 | routes: 40 | - match: 41 | prefix: "/" 42 | route: 43 | cluster: apigee_instance_1 44 | transport_socket: 45 | name: envoy.transport_sockets.tls 46 | typed_config: 47 | "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext 48 | require_client_certificate: true 49 | common_tls_context: 50 | validation_context: 51 | trusted_ca: 52 | filename: /opt/apigee/certs/cacert.pem 53 | tls_certificates: 54 | - certificate_chain: 55 | filename: /opt/apigee/certs/servercert.pem 56 | private_key: 57 | filename: /opt/apigee/certs/serverkey.pem 58 | 59 | clusters: 60 | - name: apigee_instance_1 61 | connect_timeout: 30s 62 | type: LOGICAL_DNS 63 | dns_lookup_family: V4_ONLY 64 | load_assignment: 65 | cluster_name: apigee_instance_1 66 | endpoints: 67 | - lb_endpoints: 68 | - endpoint: 69 | address: 70 | socket_address: 71 | address: #ENDPOINT_IP# 72 | port_value: 443 73 | transport_socket: 74 | name: envoy.transport_sockets.tls 75 | typed_config: 76 | "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext 77 | -------------------------------------------------------------------------------- /modules/apigee-x-bridge-mig/README.md: -------------------------------------------------------------------------------- 1 | # Apigee Network Bridge Managed Instance Group 2 | 3 | 4 | ## Providers 5 | 6 | | Name | Version | 7 | |------|---------| 8 | | [google](#provider\_google) | >= 4.20.0 | 9 | 10 | ## Modules 11 | 12 | | Name | Source | Version | 13 | |------|--------|---------| 14 | | [bridge-mig](#module\_bridge-mig) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-mig | v28.0.0 | 15 | | [bridge-template](#module\_bridge-template) | github.com/terraform-google-modules/cloud-foundation-fabric//modules/compute-vm | v28.0.0 | 16 | 17 | ## Resources 18 | 19 | | Name | Type | 20 | |------|------| 21 | | [google_compute_firewall.allow_glb_to_mig_bridge](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 22 | 23 | ## Inputs 24 | 25 | | Name | Description | Type | Default | Required | 26 | |------|-------------|------|---------|:--------:| 27 | | [autoscaler\_config](#input\_autoscaler\_config) | Optional autoscaler configuration. Only one of 'cpu\_utilization\_target' 'load\_balancing\_utilization\_target' or 'metric' can be not null. | 
object({
    max_replicas                      = number
    min_replicas                      = number
    cooldown_period                   = number
    cpu_utilization_target            = number
    load_balancing_utilization_target = number
    metric = object({
      name                       = string
      single_instance_assignment = number
      target                     = number
      type                       = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
      filter                     = string
    })
  })
| `null` | no | 28 | | [endpoint\_ip](#input\_endpoint\_ip) | Apigee X Instance Endpoint IP. | `string` | n/a | yes | 29 | | [machine\_type](#input\_machine\_type) | GCE Machine type. | `string` | `"e2-small"` | no | 30 | | [name](#input\_name) | Name for the bridge VMs/MIG (using apigee-$REGION as a fallback). | `string` | `null` | no | 31 | | [network](#input\_network) | VPC network for running the MIGs (needs to be peered with the Apigee tenant project). | `string` | n/a | yes | 32 | | [network\_tags](#input\_network\_tags) | Network tags for the Bridge VMs. | `list(string)` | 
[
  "apigee-bridge"
]
| no | 33 | | [project\_id](#input\_project\_id) | GCP Project id. | `string` | n/a | yes | 34 | | [region](#input\_region) | GCP Region for the MIGs. | `string` | n/a | yes | 35 | | [subnet](#input\_subnet) | VPC subnet for running the MIGs | `string` | n/a | yes | 36 | | [target\_size](#input\_target\_size) | Group target size, leave null when using an autoscaler. | `number` | `2` | no | 37 | 38 | ## Outputs 39 | 40 | | Name | Description | 41 | |------|-------------| 42 | | [instance\_group](#output\_instance\_group) | Proxy MIGs for mTLS termination | 43 | -------------------------------------------------------------------------------- /samples/x-non-vpc-peering/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id (also used for the Apigee Organization)." 19 | type = string 20 | } 21 | 22 | variable "billing_account" { 23 | description = "Billing account id." 24 | type = string 25 | default = null 26 | } 27 | 28 | variable "project_create" { 29 | description = "Create project. When set to false, uses a data source to reference existing project." 30 | type = bool 31 | default = false 32 | } 33 | 34 | variable "project_parent" { 35 | description = "Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format." 36 | type = string 37 | default = null 38 | validation { 39 | condition = var.project_parent == null || can(regex("(organizations|folders)/[0-9]+", var.project_parent)) 40 | error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." 41 | } 42 | } 43 | 44 | variable "ax_region" { 45 | description = "GCP region for storing Apigee analytics data (see https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli)." 46 | type = string 47 | } 48 | 49 | variable "apigee_instances" { 50 | description = "Apigee Instances (only one instance for EVAL orgs)." 51 | type = map(object({ 52 | region = string 53 | environments = list(string) 54 | })) 55 | default = null 56 | } 57 | 58 | variable "apigee_envgroups" { 59 | description = "Apigee Environment Groups." 60 | type = map(object({ 61 | hostnames = list(string) 62 | })) 63 | default = null 64 | } 65 | 66 | variable "apigee_environments" { 67 | description = "Apigee Environments." 68 | type = map(object({ 69 | display_name = optional(string) 70 | description = optional(string) 71 | node_config = optional(object({ 72 | min_node_count = optional(number) 73 | max_node_count = optional(number) 74 | })) 75 | iam = optional(map(list(string))) 76 | envgroups = list(string) 77 | type = optional(string) 78 | })) 79 | default = null 80 | } 81 | 82 | /** 83 | * Below are the variables required for creating XLB + PSC NEG. 84 | */ 85 | 86 | variable "psc_ingress_network" { 87 | description = "PSC ingress VPC name." 88 | type = string 89 | } 90 | 91 | variable "psc_ingress_subnets" { 92 | description = "Subnets for exposing Apigee services via PSC" 93 | type = list(object({ 94 | name = string 95 | ip_cidr_range = string 96 | region = string 97 | secondary_ip_range = map(string) 98 | })) 99 | default = [] 100 | } 101 | -------------------------------------------------------------------------------- /modules/apigee-x-core/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | envgroups = { for key, value in var.apigee_envgroups : key => value.hostnames } 19 | instances = { for key, value in var.apigee_instances : value.region => { 20 | name = key 21 | environments = value.environments 22 | runtime_ip_cidr_range = value.ip_range 23 | disk_encryption_key = module.kms-inst-disk[key].key_ids[value.key_name] 24 | consumer_accept_list = value.consumer_accept_list 25 | } } 26 | } 27 | 28 | resource "google_project_service_identity" "apigee_sa" { 29 | provider = google-beta 30 | project = var.project_id 31 | service = "apigee.googleapis.com" 32 | } 33 | 34 | module "kms-org-db" { 35 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/kms?ref=v28.0.0" 36 | project_id = var.project_id 37 | iam = { 38 | "roles/cloudkms.cryptoKeyEncrypterDecrypter" = ["serviceAccount:${google_project_service_identity.apigee_sa.email}"] 39 | } 40 | keyring = { 41 | location = coalesce(var.org_kms_keyring_location, var.ax_region) 42 | name = var.org_kms_keyring_name 43 | } 44 | keyring_create = var.org_kms_keyring_create 45 | keys = { 46 | org-db = { rotation_period = var.org_key_rotation_period, labels = null } 47 | } 48 | } 49 | 50 | module "kms-inst-disk" { 51 | for_each = var.apigee_instances 52 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/kms?ref=v28.0.0" 53 | project_id = var.project_id 54 | iam = { 55 | "roles/cloudkms.cryptoKeyEncrypterDecrypter" = ["serviceAccount:${google_project_service_identity.apigee_sa.email}"] 56 | } 57 | keyring = { 58 | location = coalesce(each.value.keyring_location, each.value.region) 59 | name = coalesce(each.value.keyring_name, "apigee-${each.key}") 60 | } 61 | keyring_create = each.value.keyring_create 62 | keys = { 63 | (each.value.key_name) = { 64 | rotation_period = each.value.key_rotation_period 65 | labels = each.value.key_labels 66 | } 67 | } 68 | } 69 | 70 | module "apigee" { 71 | source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/apigee?ref=v28.0.0" 72 | project_id = var.project_id 73 | organization = { 74 | display_name = var.org_display_name 75 | description = var.org_description 76 | authorized_network = var.network 77 | runtime_type = "CLOUD" 78 | billing_type = var.billing_type 79 | database_encryption_key = module.kms-org-db.key_ids["org-db"] 80 | analytics_region = var.ax_region 81 | disable_vpc_peering = var.disable_vpc_peering 82 | } 83 | envgroups = local.envgroups 84 | environments = var.apigee_environments 85 | instances = local.instances 86 | } 87 | -------------------------------------------------------------------------------- /modules/sb-psc-attachment/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Providers 3 | 4 | | Name | Version | 5 | |------|---------| 6 | | [google](#provider\_google) | >= 4.83, <6 | 7 | 8 | ## Modules 9 | 10 | No modules. 11 | 12 | ## Resources 13 | 14 | | Name | Type | 15 | |------|------| 16 | | [google_apigee_endpoint_attachment.endpoint_attachment](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apigee_endpoint_attachment) | resource | 17 | | [google_apigee_target_server.target_server](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apigee_target_server) | resource | 18 | | [google_compute_service_attachment.psc_service_attachment](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_service_attachment) | resource | 19 | 20 | ## Inputs 21 | 22 | | Name | Description | Type | Default | Required | 23 | |------|-------------|------|---------|:--------:| 24 | | [apigee\_organization](#input\_apigee\_organization) | Apigee organization where the Endpoint Attachment should be added to. Apigee Organization ID should be prefixed with 'organizations/' | `string` | n/a | yes | 25 | | [name](#input\_name) | Name for the service attachment. | `string` | n/a | yes | 26 | | [nat\_subnets](#input\_nat\_subnets) | One or more NAT subnets to be used for PSC. | `list(string)` | n/a | yes | 27 | | [project\_id](#input\_project\_id) | Project id. | `string` | n/a | yes | 28 | | [region](#input\_region) | GCP region where the service attachment should be created. | `string` | n/a | yes | 29 | | [target\_servers](#input\_target\_servers) | Map of target servers to be created and associated with the endpoint attachment. | 
map(object({
    environment_id = string
    name           = string
    protocol       = optional(string, "HTTP")
    port           = optional(number, 80)
    enabled        = optional(bool, true)
    s_sl_info = optional(object({
      enabled                  = bool
      client_auth_enabled      = optional(bool, null)
      key_store                = optional(string, null)
      key_alias                = optional(string, null)
      trust_store              = optional(string, null)
      ignore_validation_errors = optional(bool, null)
      protocols                = optional(list(string), null)
      ciphers                  = optional(list(string), null)
      common_name = optional(object({
        value          = optional(string, null)
        wildcard_match = optional(bool, null)
      }))
    }))
  }))
| `{}` | no | 30 | | [target\_service](#input\_target\_service) | Target Service for the service attachment e.g. a forwarding rule. | `string` | n/a | yes | 31 | 32 | ## Outputs 33 | 34 | | Name | Description | 35 | |------|-------------| 36 | | [endpoint\_attachment\_connection\_state](#output\_endpoint\_attachment\_connection\_state) | Underlying connection state for the endpoint attachment. | 37 | | [endpoint\_attachment\_host](#output\_endpoint\_attachment\_host) | Host for the endpoint attachment to be used in Apigee. | 38 | 39 | -------------------------------------------------------------------------------- /modules/mig-l7xlb/README.md: -------------------------------------------------------------------------------- 1 | # HTTPS Loadbalancer for Managed Instance Group Backend 2 | 3 | 4 | ## Providers 5 | 6 | | Name | Version | 7 | |------|---------| 8 | | [google](#provider\_google) | >= 4.20.0 | 9 | 10 | ## Modules 11 | 12 | No modules. 13 | 14 | ## Resources 15 | 16 | | Name | Type | 17 | |------|------| 18 | | [google_compute_backend_service.mig_backend](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource | 19 | | [google_compute_global_forwarding_rule.forwarding_rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource | 20 | | [google_compute_health_check.mig_lb_hc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_health_check) | resource | 21 | | [google_compute_target_https_proxy.https_proxy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy) | resource | 22 | | [google_compute_url_map.url_map](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map) | resource | 23 | 24 | ## Inputs 25 | 26 | | Name | Description | Type | Default | Required | 27 | |------|-------------|------|---------|:--------:| 28 | | [backend\_migs](#input\_backend\_migs) | List of MIGs to be used as backends. | `list(string)` | n/a | yes | 29 | | [backend\_timeout](#input\_backend\_timeout) | Backend timeout in seconds | `number` | `10` | no | 30 | | [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no | 31 | | [external\_ip](#input\_external\_ip) | (Optional) External IP for the L7 XLB. | `string` | `null` | no | 32 | | [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.
Default is an empty map. | `map(string)` | `{}` | no | 33 | | [logs\_enabled](#input\_logs\_enabled) | Whether to enable logging for the load balancer traffic served by this backend service. | `bool` | `false` | no | 34 | | [logs\_sample\_rate](#input\_logs\_sample\_rate) | This field can only be specified if logging is enabled for this backend service.
The value of the field must be in [0, 1]. | `number` | `null` | no | 35 | | [name](#input\_name) | External LB name. | `string` | n/a | yes | 36 | | [project\_id](#input\_project\_id) | Project id. | `string` | n/a | yes | 37 | | [security\_policy](#input\_security\_policy) | (Optional) The security policy associated with this backend service. | `string` | `null` | no | 38 | | [ssl\_certificate](#input\_ssl\_certificate) | A list of SSL certificates for the HTTPS LB. | `list(string)` | n/a | yes | 39 | | [ssl\_policy](#input\_ssl\_policy) | A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource.
If not set, the TargetHttpsProxy resource will not have any SSL policy configured. | `string` | `null` | no | 40 | 41 | ## Outputs 42 | 43 | No outputs. 44 | 45 | -------------------------------------------------------------------------------- /samples/x-l7xlb/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "Project id (also used for the Apigee Organization)." 19 | type = string 20 | } 21 | 22 | variable "ax_region" { 23 | description = "GCP region for storing Apigee analytics data (see https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli)." 24 | type = string 25 | } 26 | 27 | variable "apigee_envgroups" { 28 | description = "Apigee Environment Groups." 29 | type = map(object({ 30 | hostnames = list(string) 31 | })) 32 | default = null 33 | } 34 | 35 | variable "apigee_instances" { 36 | description = "Apigee Instances (only one instance for EVAL orgs)." 37 | type = map(object({ 38 | region = string 39 | ip_range = string 40 | environments = list(string) 41 | })) 42 | default = null 43 | } 44 | 45 | variable "apigee_environments" { 46 | description = "Apigee Environments." 47 | type = map(object({ 48 | display_name = optional(string) 49 | description = optional(string) 50 | node_config = optional(object({ 51 | min_node_count = optional(number) 52 | max_node_count = optional(number) 53 | })) 54 | iam = optional(map(list(string))) 55 | envgroups = list(string) 56 | type = optional(string) 57 | })) 58 | default = null 59 | } 60 | 61 | variable "exposure_subnets" { 62 | description = "Subnets for exposing Apigee services" 63 | type = list(object({ 64 | name = string 65 | ip_cidr_range = string 66 | region = string 67 | secondary_ip_range = map(string) 68 | })) 69 | default = [] 70 | } 71 | 72 | variable "network" { 73 | description = "VPC name." 74 | type = string 75 | } 76 | 77 | variable "peering_range" { 78 | description = "Peering CIDR range" 79 | type = string 80 | } 81 | 82 | variable "support_range" { 83 | description = "Support CIDR range of length /28 (required by Apigee for troubleshooting purposes)." 84 | type = string 85 | } 86 | 87 | variable "billing_account" { 88 | description = "Billing account id." 89 | type = string 90 | default = null 91 | } 92 | 93 | variable "project_parent" { 94 | description = "Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format." 95 | type = string 96 | default = null 97 | validation { 98 | condition = var.project_parent == null || can(regex("(organizations|folders)/[0-9]+", var.project_parent)) 99 | error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." 100 | } 101 | } 102 | 103 | variable "project_create" { 104 | description = "Create project. When set to false, uses a data source to reference existing project." 105 | type = bool 106 | default = false 107 | } 108 | -------------------------------------------------------------------------------- /samples/x-nb-psc-l7ilb/x-demo.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | ax_region = "europe-west1" 18 | 19 | project_id = "" 20 | 21 | project_parent = "folders/" # Or "organizations". 22 | 23 | project_create = false 24 | 25 | billing_account = "" 26 | 27 | apigee_instances_metadata = { 28 | euw1-instance = { 29 | apigee_instances = { 30 | region = "europe-west1" 31 | ip_range = "10.0.0.0/22,10.1.0.0/28" 32 | environments = ["test1", "test2"] 33 | } 34 | l7_ilb_proxy_subnet_name = "l7ilb-proxy-sbnt-euw1" 35 | l7_ilb_proxy_subnet_cidr_range = "10.150.0.0/24" 36 | l7_ilb_name_prefix = "l7ilb-psc-euw1" 37 | } 38 | use4-instance = { 39 | apigee_instances = { 40 | region = "us-east4" 41 | ip_range = "10.0.4.0/22,10.1.0.16/28" 42 | environments = ["test1", "test2"] 43 | } 44 | l7_ilb_proxy_subnet_name = "l7ilb-proxy-sbnt-use4" 45 | l7_ilb_proxy_subnet_cidr_range = "10.151.0.0/24" 46 | l7_ilb_name_prefix = "l7ilb-psc-use4" 47 | } 48 | usc1-instance = { 49 | apigee_instances = { 50 | region = "us-central1" 51 | ip_range = "10.0.8.0/22,10.1.0.32/28" 52 | environments = ["test1", "test2"] 53 | } 54 | l7_ilb_proxy_subnet_name = "l7ilb-proxy-sbnt-usc1" 55 | l7_ilb_proxy_subnet_cidr_range = "10.152.0.0/24" 56 | l7_ilb_name_prefix = "l7ilb-psc-usc1" 57 | } 58 | } 59 | 60 | apigee_environments = { 61 | test1 = { 62 | display_name = "Test 1" 63 | description = "Environment created by apigee/terraform-modules" 64 | node_config = null 65 | iam = null 66 | envgroups = ["test"] 67 | type = null 68 | } 69 | test2 = { 70 | display_name = "Test 2" 71 | description = "Environment created by apigee/terraform-modules" 72 | node_config = null 73 | iam = null 74 | envgroups = ["test"] 75 | type = null 76 | } 77 | } 78 | 79 | apigee_envgroups = { 80 | test = { 81 | hostnames = ["test.api.example.com"] 82 | } 83 | } 84 | 85 | network = "apigee-network" 86 | 87 | psc_ingress_network = "psc-ingress" 88 | 89 | psc_ingress_subnets = [ 90 | { 91 | name = "apigee-psc-euw1" 92 | ip_cidr_range = "10.100.0.0/24" 93 | region = "europe-west1" 94 | secondary_ip_range = null 95 | }, 96 | { 97 | name = "apigee-psc-use4" 98 | ip_cidr_range = "10.101.0.0/24" 99 | region = "us-east4" 100 | secondary_ip_range = null 101 | }, 102 | { 103 | name = "apigee-psc-usc1" 104 | ip_cidr_range = "10.102.0.0/24" 105 | region = "us-central1" 106 | secondary_ip_range = null 107 | } 108 | ] 109 | 110 | peering_range = "10.0.0.0/20" 111 | support_range = "10.1.0.0/26" 112 | --------------------------------------------------------------------------------