In the apigee module now both the /22 and /28 peering IP ranges are p…

…assed at instance creation

blueprints/apigee/bigquery-analytics/README.md

@@ -60,14 +60,14 @@ Do the following to verify that everything works as expected.
 |---|---|:---:|:---:|:---:|
 | [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | ✓ |  |
 | [environments](variables.tf#L30) | Environments. | <code title="map&#40;object&#40;&#123;&#10;  display_name &#61; optional&#40;string&#41;&#10;  description  &#61; optional&#40;string&#41;&#10;  node_config &#61; optional&#40;object&#40;&#123;&#10;    min_node_count &#61; optional&#40;number&#41;&#10;    max_node_count &#61; optional&#40;number&#41;&#10;  &#125;&#41;&#41;&#10;  iam       &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ |  |
-| [instances](variables.tf#L45) | Instance. | <code title="map&#40;object&#40;&#123;&#10;  display_name         &#61; optional&#40;string&#41;&#10;  description          &#61; optional&#40;string&#41;&#10;  region               &#61; string&#10;  environments         &#61; list&#40;string&#41;&#10;  psa_ip_cidr_range    &#61; string&#10;  disk_encryption_key  &#61; optional&#40;string&#41;&#10;  consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ |  |
-| [project_id](variables.tf#L91) | Project ID. | <code>string</code> | ✓ |  |
-| [psc_config](variables.tf#L97) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ |  |
+| [instances](variables.tf#L45) | Instance. | <code title="map&#40;object&#40;&#123;&#10;  display_name                  &#61; optional&#40;string&#41;&#10;  description                   &#61; optional&#40;string&#41;&#10;  region                        &#61; string&#10;  environments                  &#61; list&#40;string&#41;&#10;  runtime_ip_cidr_range         &#61; string&#10;  troubleshooting_ip_cidr_range &#61; string&#10;  disk_encryption_key           &#61; optional&#40;string&#41;&#10;  consumer_accept_list          &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ |  |
+| [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ |  |
+| [psc_config](variables.tf#L98) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ |  |
 | [datastore_name](variables.tf#L17) | Datastore. | <code>string</code> |  | <code>&#34;gcs&#34;</code> |
-| [organization](variables.tf#L59) | Apigee organization. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  description             &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [path](variables.tf#L75) | Bucket path. | <code>string</code> |  | <code>&#34;&#47;analytics&#34;</code> |
-| [project_create](variables.tf#L82) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [vpc_create](variables.tf#L103) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> |  | <code>true</code> |
+| [organization](variables.tf#L60) | Apigee organization. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  description             &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [path](variables.tf#L76) | Bucket path. | <code>string</code> |  | <code>&#34;&#47;analytics&#34;</code> |
+| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> |  | <code>true</code> |
 
 ## Outputs
 

blueprints/apigee/bigquery-analytics/main.tf

@@ -68,9 +68,12 @@ module "vpc" {
     region        = k
   }]
   psa_config = {
-    ranges = {
-      for k, v in var.instances : "apigee-${k}" => v.psa_ip_cidr_range
-    }
+    ranges = merge({ for k, v in var.instances :
+      "apigee-runtime-${k}" => v.runtime_ip_cidr_range
+      }, { for k, v in var.instances :
+      "apigee-troubleshooting-${k}" => v.troubleshooting_ip_cidr_range
+      }
+    )
   }
 }
 

blueprints/apigee/bigquery-analytics/terraform.tfvars.sample

@@ -15,7 +15,8 @@ instances = {
   instance-ew1 = {
     region            = "europe-west1"
     environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+      runtime_ip_cidr_range = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.1.0/28"
   }
 }
 psc_config = {

blueprints/apigee/bigquery-analytics/variables.tf

@@ -45,13 +45,14 @@ variable "environments" {
 variable "instances" {
   description = "Instance."
   type = map(object({
-    display_name         = optional(string)
-    description          = optional(string)
-    region               = string
-    environments         = list(string)
-    psa_ip_cidr_range    = string
-    disk_encryption_key  = optional(string)
-    consumer_accept_list = optional(list(string))
+    display_name                  = optional(string)
+    description                   = optional(string)
+    region                        = string
+    environments                  = list(string)
+    runtime_ip_cidr_range         = string
+    troubleshooting_ip_cidr_range = string
+    disk_encryption_key           = optional(string)
+    consumer_accept_list          = optional(list(string))
   }))
   nullable = false
 }

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md

@@ -46,18 +46,19 @@ Do the following to verify that everything works as expected.
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
 | [apigee_project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ |  |
-| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | <code>string</code> | ✓ |  |
-| [hostname](variables.tf#L52) | Host name. | <code>string</code> | ✓ |  |
-| [onprem_project_id](variables.tf#L57) | Project ID. | <code>string</code> | ✓ |  |
-| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ |  |
+| [billing_account_id](variables.tf#L53) | Parameters for the creation of the new project. | <code>string</code> | ✓ |  |
+| [hostname](variables.tf#L58) | Host name. | <code>string</code> | ✓ |  |
+| [onprem_project_id](variables.tf#L63) | Project ID. | <code>string</code> | ✓ |  |
+| [parent](variables.tf#L81) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ |  |
 | [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.1.0&#47;24&#34;</code> |
-| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.4.0&#47;22&#34;</code> |
-| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.2.0&#47;24&#34;</code> |
+| [apigee_psc_subnet_ip_cidr_range](variables.tf#L29) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.2.0&#47;24&#34;</code> |
+| [apigee_runtime_ip_cidr_range](variables.tf#L35) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.4.0&#47;22&#34;</code> |
 | [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.0.0&#47;24&#34;</code> |
-| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.1.0&#47;24&#34;</code> |
-| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;24&#34;</code> |
-| [region](variables.tf#L80) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
-| [zone](variables.tf#L86) | Zone. | <code>string</code> |  | <code>&#34;europe-west1-c&#34;</code> |
+| [apigee_troubleshooting_ip_cidr_range](variables.tf#L47) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;28&#34;</code> |
+| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.1.0&#47;24&#34;</code> |
+| [onprem_subnet_ip_cidr_range](variables.tf#L75) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;24&#34;</code> |
+| [region](variables.tf#L86) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [zone](variables.tf#L92) | Zone. | <code>string</code> |  | <code>&#34;europe-west1-c&#34;</code> |
 
 ## Outputs
 

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf

@@ -57,7 +57,8 @@ module "apigee_vpc" {
   }]
   psa_config = {
     ranges = {
-      "apigee" = var.apigee_psa_ip_cidr_range
+      "apigee-runtime"         = var.apigee_runtime_ip_cidr_range
+      "apigee-troubleshooting" = var.apigee_troubleshooting_ip_cidr_range
     }
   }
 }
@@ -79,9 +80,10 @@ module "apigee" {
   }
   instances = {
     instance-1 = {
-      region            = var.region
-      environments      = [local.environment]
-      psa_ip_cidr_range = var.apigee_psa_ip_cidr_range
+      region                        = var.region
+      environments                  = [local.environment]
+      runtime_ip_cidr_range         = var.apigee_runtime_ip_cidr_range
+      troubleshooting_ip_cidr_range = var.apigee_troubleshooting_ip_cidr_range
     }
   }
   endpoint_attachments = {

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf

@@ -26,24 +26,30 @@ variable "apigee_proxy_only_subnet_ip_cidr_range" {
   default     = "10.2.1.0/24"
 }
 
-variable "apigee_psa_ip_cidr_range" {
-  description = "Apigee PSA IP CIDR range."
-  type        = string
-  default     = "10.0.4.0/22"
-}
-
 variable "apigee_psc_subnet_ip_cidr_range" {
   description = "Subnet IP CIDR range."
   type        = string
   default     = "10.2.2.0/24"
 }
 
+variable "apigee_runtime_ip_cidr_range" {
+  description = "Apigee PSA IP CIDR range."
+  type        = string
+  default     = "10.0.4.0/22"
+}
+
 variable "apigee_subnet_ip_cidr_range" {
   description = "Subnet IP CIDR range."
   type        = string
   default     = "10.2.0.0/24"
 }
 
+variable "apigee_troubleshooting_ip_cidr_range" {
+  description = "Apigee PSA IP CIDR range."
+  type        = string
+  default     = "10.1.0.0/28"
+}
+
 variable "billing_account_id" {
   description = "Parameters for the creation of the new project."
   type        = string

modules/apigee/README.md

@@ -40,14 +40,16 @@ module "apigee" {
   }
   instances = {
     instance-test-ew1 = {
-      region            = "europe-west1"
-      environments      = ["apis-test"]
-      psa_ip_cidr_range = "10.0.4.0/22"
+      region                        = "europe-west1"
+      environments                  = ["apis-test"]
+      runtime_ip_cidr_range         = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
     }
     instance-prod-ew3 = {
-      region            = "europe-west3"
-      environments      = ["apis-prod"]
-      psa_ip_cidr_range = "10.0.5.0/22"
+      region                        = "europe-west3"
+      environments                  = ["apis-prod"]
+      runtime_ip_cidr_range         = "10.0.5.0/22"
+      troubleshooting_ip_cidr_range = "10.1.16.0/28"
     }
   }
   endpoint_attachments = {
@@ -137,9 +139,10 @@ module "apigee" {
   project_id = "my-project"
   instances = {
     instance-test-ew1 = {
-      region            = "europe-west1"
-      environments      = ["apis-test"]
-      psa_ip_cidr_range = "10.0.4.0/22"
+      region                        = "europe-west1"
+      environments                  = ["apis-test"]
+      runtime_ip_cidr_range         = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.1.0/28"
     }
   }
 }
@@ -169,12 +172,12 @@ module "apigee" {
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L75) | Project ID. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L76) | Project ID. | <code>string</code> | ✓ |  |
 | [endpoint_attachments](variables.tf#L17) | Endpoint attachments. | <code title="map&#40;object&#40;&#123;&#10;  region             &#61; string&#10;  service_attachment &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
 | [envgroups](variables.tf#L26) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>null</code> |
 | [environments](variables.tf#L32) | Environments. | <code title="map&#40;object&#40;&#123;&#10;  display_name &#61; optional&#40;string&#41;&#10;  description  &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  node_config &#61; optional&#40;object&#40;&#123;&#10;    min_node_count &#61; optional&#40;number&#41;&#10;    max_node_count &#61; optional&#40;number&#41;&#10;  &#125;&#41;&#41;&#10;  iam       &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
-| [instances](variables.tf#L47) | Instances. | <code title="map&#40;object&#40;&#123;&#10;  display_name         &#61; optional&#40;string&#41;&#10;  description          &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  region               &#61; string&#10;  environments         &#61; list&#40;string&#41;&#10;  psa_ip_cidr_range    &#61; string&#10;  disk_encryption_key  &#61; optional&#40;string&#41;&#10;  consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
-| [organization](variables.tf#L61) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string&#41;&#10;  description             &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [instances](variables.tf#L47) | Instances. | <code title="map&#40;object&#40;&#123;&#10;  display_name                  &#61; optional&#40;string&#41;&#10;  description                   &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  region                        &#61; string&#10;  environments                  &#61; list&#40;string&#41;&#10;  runtime_ip_cidr_range         &#61; string&#10;  troubleshooting_ip_cidr_range &#61; string&#10;  disk_encryption_key           &#61; optional&#40;string&#41;&#10;  consumer_accept_list          &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
+| [organization](variables.tf#L62) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string&#41;&#10;  description             &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 
 ## Outputs
 

modules/apigee/main.tf

@@ -91,7 +91,7 @@ resource "google_apigee_instance" "instances" {
   description              = each.value.description
   location                 = each.value.region
   org_id                   = local.org_id
-  ip_range                 = each.value.psa_ip_cidr_range
+  ip_range                 = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}"
   disk_encryption_key_name = each.value.disk_encryption_key
   consumer_accept_list     = each.value.consumer_accept_list
 }

modules/apigee/variables.tf

@@ -47,13 +47,14 @@ variable "environments" {
 variable "instances" {
   description = "Instances."
   type = map(object({
-    display_name         = optional(string)
-    description          = optional(string, "Terraform-managed")
-    region               = string
-    environments         = list(string)
-    psa_ip_cidr_range    = string
-    disk_encryption_key  = optional(string)
-    consumer_accept_list = optional(list(string))
+    display_name                  = optional(string)
+    description                   = optional(string, "Terraform-managed")
+    region                        = string
+    environments                  = list(string)
+    runtime_ip_cidr_range         = string
+    troubleshooting_ip_cidr_range = string
+    disk_encryption_key           = optional(string)
+    consumer_accept_list          = optional(list(string))
   }))
   default = null
 }

tests/blueprints/apigee/bigquery-analytics/basic.tfvars

@@ -13,9 +13,10 @@ environments = {
 }
 instances = {
   instance-ew1 = {
-    region            = "europe-west1"
-    environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+    region                        = "europe-west1"
+    environments                  = ["apis-test"]
+    runtime_ip_cidr_range         = "10.0.4.0/22"
+    troubleshooting_ip_cidr_range = "10.1.0.0/28"
   }
 }
 psc_config = {

tests/blueprints/apigee/bigquery-analytics/basic.yaml

@@ -14,4 +14,4 @@
 
 counts:
   modules: 9
-  resources: 60
+  resources: 61

tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml

@@ -14,4 +14,4 @@
 
 counts:
   modules: 13
-  resources: 72
+  resources: 73

tests/modules/apigee/fixture/test.all.tfvars

@@ -29,14 +29,16 @@ environments = {
 }
 instances = {
   instance-test-ew1 = {
-    region            = "europe-west1"
-    environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+    region                        = "europe-west1"
+    environments                  = ["apis-test"]
+    runtime_ip_cidr_range         = "10.0.4.0/22"
+    troubleshooting_ip_cidr_range = "10.1.0.0/28"
   }
   instance-prod-ew3 = {
-    region            = "europe-west3"
-    environments      = ["apis-prod"]
-    psa_ip_cidr_range = "10.0.5.0/22"
+    region                        = "europe-west3"
+    environments                  = ["apis-prod"]
+    runtime_ip_cidr_range         = "10.0.6.0/22"
+    troubleshooting_ip_cidr_range = "10.1.0.16/28"
   }
 }
 endpoint_attachments = {

tests/modules/apigee/fixture/test.instance_only.tfvars

@@ -1,8 +1,9 @@
 project_id = "my-project"
 instances = {
   instance-test-ew1 = {
-    region            = "europe-west1"
-    environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+    region                        = "europe-west1"
+    environments                  = ["apis-test"]
+    runtime_ip_cidr_range         = "10.0.4.0/22"
+    troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
   }
-}
+}