diff --git a/blueprints/apigee/bigquery-analytics/README.md b/blueprints/apigee/bigquery-analytics/README.md index 361610a7a1..027f28ead8 100644 --- a/blueprints/apigee/bigquery-analytics/README.md +++ b/blueprints/apigee/bigquery-analytics/README.md @@ -60,14 +60,14 @@ Do the following to verify that everything works as expected. |---|---|:---:|:---:|:---:| | [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | ✓ | | | [environments](variables.tf#L30) | Environments. | map(object({…})) | ✓ | | -| [instances](variables.tf#L45) | Instance. | map(object({…})) | ✓ | | -| [project_id](variables.tf#L91) | Project ID. | string | ✓ | | -| [psc_config](variables.tf#L97) | PSC configuration. | map(string) | ✓ | | +| [instances](variables.tf#L45) | Instance. | map(object({…})) | ✓ | | +| [project_id](variables.tf#L92) | Project ID. | string | ✓ | | +| [psc_config](variables.tf#L98) | PSC configuration. | map(string) | ✓ | | | [datastore_name](variables.tf#L17) | Datastore. | string | | "gcs" | -| [organization](variables.tf#L59) | Apigee organization. | object({…}) | | {…} | -| [path](variables.tf#L75) | Bucket path. | string | | "/analytics" | -| [project_create](variables.tf#L82) | Parameters for the creation of the new project. | object({…}) | | null | -| [vpc_create](variables.tf#L103) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | +| [organization](variables.tf#L60) | Apigee organization. | object({…}) | | {…} | +| [path](variables.tf#L76) | Bucket path. | string | | "/analytics" | +| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | object({…}) | | null | +| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | ## Outputs diff --git a/blueprints/apigee/bigquery-analytics/main.tf b/blueprints/apigee/bigquery-analytics/main.tf index 8ecca62a85..68e672d254 100644 --- a/blueprints/apigee/bigquery-analytics/main.tf +++ b/blueprints/apigee/bigquery-analytics/main.tf @@ -68,9 +68,12 @@ module "vpc" { region = k }] psa_config = { - ranges = { - for k, v in var.instances : "apigee-${k}" => v.psa_ip_cidr_range - } + ranges = merge({ for k, v in var.instances : + "apigee-runtime-${k}" => v.runtime_ip_cidr_range + }, { for k, v in var.instances : + "apigee-troubleshooting-${k}" => v.troubleshooting_ip_cidr_range + } + ) } } diff --git a/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample index db4213210f..5a25a9f378 100644 --- a/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample +++ b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample @@ -15,7 +15,8 @@ instances = { instance-ew1 = { region = "europe-west1" environments = ["apis-test"] - psa_ip_cidr_range = "10.0.4.0/22" + runtime_ip_cidr_range = "10.0.4.0/22" + troubleshooting_ip_cidr_range = "10.1.1.0/28" } } psc_config = { diff --git a/blueprints/apigee/bigquery-analytics/variables.tf b/blueprints/apigee/bigquery-analytics/variables.tf index ba7f5d78ae..1bd6cb0acd 100644 --- a/blueprints/apigee/bigquery-analytics/variables.tf +++ b/blueprints/apigee/bigquery-analytics/variables.tf @@ -45,13 +45,14 @@ variable "environments" { variable "instances" { description = "Instance." type = map(object({ - display_name = optional(string) - description = optional(string) - region = string - environments = list(string) - psa_ip_cidr_range = string - disk_encryption_key = optional(string) - consumer_accept_list = optional(list(string)) + display_name = optional(string) + description = optional(string) + region = string + environments = list(string) + runtime_ip_cidr_range = string + troubleshooting_ip_cidr_range = string + disk_encryption_key = optional(string) + consumer_accept_list = optional(list(string)) })) nullable = false } diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md index 21bd9940bc..690458f03c 100644 --- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md @@ -46,18 +46,19 @@ Do the following to verify that everything works as expected. | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [apigee_project_id](variables.tf#L17) | Project ID. | string | ✓ | | -| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | string | ✓ | | -| [hostname](variables.tf#L52) | Host name. | string | ✓ | | -| [onprem_project_id](variables.tf#L57) | Project ID. | string | ✓ | | -| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | string | ✓ | | +| [billing_account_id](variables.tf#L53) | Parameters for the creation of the new project. | string | ✓ | | +| [hostname](variables.tf#L58) | Host name. | string | ✓ | | +| [onprem_project_id](variables.tf#L63) | Project ID. | string | ✓ | | +| [parent](variables.tf#L81) | Parent (organizations/organizationID or folders/folderID). | string | ✓ | | | [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | string | | "10.2.1.0/24" | -| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | string | | "10.0.4.0/22" | -| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | string | | "10.2.2.0/24" | +| [apigee_psc_subnet_ip_cidr_range](variables.tf#L29) | Subnet IP CIDR range. | string | | "10.2.2.0/24" | +| [apigee_runtime_ip_cidr_range](variables.tf#L35) | Apigee PSA IP CIDR range. | string | | "10.0.4.0/22" | | [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | string | | "10.2.0.0/24" | -| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | string | | "10.1.1.0/24" | -| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | string | | "10.1.0.0/24" | -| [region](variables.tf#L80) | Region. | string | | "europe-west1" | -| [zone](variables.tf#L86) | Zone. | string | | "europe-west1-c" | +| [apigee_troubleshooting_ip_cidr_range](variables.tf#L47) | Apigee PSA IP CIDR range. | string | | "10.1.0.0/28" | +| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | string | | "10.1.1.0/24" | +| [onprem_subnet_ip_cidr_range](variables.tf#L75) | Subnet IP CIDR range. | string | | "10.1.0.0/24" | +| [region](variables.tf#L86) | Region. | string | | "europe-west1" | +| [zone](variables.tf#L92) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf index 0e4faabfb5..8860e404c6 100644 --- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf @@ -57,7 +57,8 @@ module "apigee_vpc" { }] psa_config = { ranges = { - "apigee" = var.apigee_psa_ip_cidr_range + "apigee-runtime" = var.apigee_runtime_ip_cidr_range + "apigee-troubleshooting" = var.apigee_troubleshooting_ip_cidr_range } } } @@ -79,9 +80,10 @@ module "apigee" { } instances = { instance-1 = { - region = var.region - environments = [local.environment] - psa_ip_cidr_range = var.apigee_psa_ip_cidr_range + region = var.region + environments = [local.environment] + runtime_ip_cidr_range = var.apigee_runtime_ip_cidr_range + troubleshooting_ip_cidr_range = var.apigee_troubleshooting_ip_cidr_range } } endpoint_attachments = { diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf index 5d28ab9f7a..86a720e70a 100644 --- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf @@ -26,24 +26,30 @@ variable "apigee_proxy_only_subnet_ip_cidr_range" { default = "10.2.1.0/24" } -variable "apigee_psa_ip_cidr_range" { - description = "Apigee PSA IP CIDR range." - type = string - default = "10.0.4.0/22" -} - variable "apigee_psc_subnet_ip_cidr_range" { description = "Subnet IP CIDR range." type = string default = "10.2.2.0/24" } +variable "apigee_runtime_ip_cidr_range" { + description = "Apigee PSA IP CIDR range." + type = string + default = "10.0.4.0/22" +} + variable "apigee_subnet_ip_cidr_range" { description = "Subnet IP CIDR range." type = string default = "10.2.0.0/24" } +variable "apigee_troubleshooting_ip_cidr_range" { + description = "Apigee PSA IP CIDR range." + type = string + default = "10.1.0.0/28" +} + variable "billing_account_id" { description = "Parameters for the creation of the new project." type = string diff --git a/modules/apigee/README.md b/modules/apigee/README.md index fb26c1e727..8ee98611e6 100644 --- a/modules/apigee/README.md +++ b/modules/apigee/README.md @@ -40,14 +40,16 @@ module "apigee" { } instances = { instance-test-ew1 = { - region = "europe-west1" - environments = ["apis-test"] - psa_ip_cidr_range = "10.0.4.0/22" + region = "europe-west1" + environments = ["apis-test"] + runtime_ip_cidr_range = "10.0.4.0/22" + troubleshooting_ip_cidr_range = "10.1.1.0.0/28" } instance-prod-ew3 = { - region = "europe-west3" - environments = ["apis-prod"] - psa_ip_cidr_range = "10.0.5.0/22" + region = "europe-west3" + environments = ["apis-prod"] + runtime_ip_cidr_range = "10.0.5.0/22" + troubleshooting_ip_cidr_range = "10.1.16.0/28" } } endpoint_attachments = { @@ -137,9 +139,10 @@ module "apigee" { project_id = "my-project" instances = { instance-test-ew1 = { - region = "europe-west1" - environments = ["apis-test"] - psa_ip_cidr_range = "10.0.4.0/22" + region = "europe-west1" + environments = ["apis-test"] + runtime_ip_cidr_range = "10.0.4.0/22" + troubleshooting_ip_cidr_range = "10.1.1.0/28" } } } @@ -169,12 +172,12 @@ module "apigee" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L75) | Project ID. | string | ✓ | | +| [project_id](variables.tf#L76) | Project ID. | string | ✓ | | | [endpoint_attachments](variables.tf#L17) | Endpoint attachments. | map(object({…})) | | null | | [envgroups](variables.tf#L26) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | null | | [environments](variables.tf#L32) | Environments. | map(object({…})) | | null | -| [instances](variables.tf#L47) | Instances. | map(object({…})) | | null | -| [organization](variables.tf#L61) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null | +| [instances](variables.tf#L47) | Instances. | map(object({…})) | | null | +| [organization](variables.tf#L62) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null | ## Outputs diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf index fe34a73829..49abe9174d 100644 --- a/modules/apigee/main.tf +++ b/modules/apigee/main.tf @@ -91,7 +91,7 @@ resource "google_apigee_instance" "instances" { description = each.value.description location = each.value.region org_id = local.org_id - ip_range = each.value.psa_ip_cidr_range + ip_range = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}" disk_encryption_key_name = each.value.disk_encryption_key consumer_accept_list = each.value.consumer_accept_list } diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf index 266f0d34ed..6bb9acf85f 100644 --- a/modules/apigee/variables.tf +++ b/modules/apigee/variables.tf @@ -47,13 +47,14 @@ variable "environments" { variable "instances" { description = "Instances." type = map(object({ - display_name = optional(string) - description = optional(string, "Terraform-managed") - region = string - environments = list(string) - psa_ip_cidr_range = string - disk_encryption_key = optional(string) - consumer_accept_list = optional(list(string)) + display_name = optional(string) + description = optional(string, "Terraform-managed") + region = string + environments = list(string) + runtime_ip_cidr_range = string + troubleshooting_ip_cidr_range = string + disk_encryption_key = optional(string) + consumer_accept_list = optional(list(string)) })) default = null } diff --git a/tests/blueprints/apigee/bigquery-analytics/basic.tfvars b/tests/blueprints/apigee/bigquery-analytics/basic.tfvars index 8a650b56e2..2f9315a439 100644 --- a/tests/blueprints/apigee/bigquery-analytics/basic.tfvars +++ b/tests/blueprints/apigee/bigquery-analytics/basic.tfvars @@ -13,9 +13,10 @@ environments = { } instances = { instance-ew1 = { - region = "europe-west1" - environments = ["apis-test"] - psa_ip_cidr_range = "10.0.4.0/22" + region = "europe-west1" + environments = ["apis-test"] + runtime_ip_cidr_range = "10.0.4.0/22" + troubleshooting_ip_cidr_range = "10.1.0.0/28" } } psc_config = { diff --git a/tests/blueprints/apigee/bigquery-analytics/basic.yaml b/tests/blueprints/apigee/bigquery-analytics/basic.yaml index 2b044dcb6a..d89eaef583 100644 --- a/tests/blueprints/apigee/bigquery-analytics/basic.yaml +++ b/tests/blueprints/apigee/bigquery-analytics/basic.yaml @@ -14,4 +14,4 @@ counts: modules: 9 - resources: 60 + resources: 61 diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml index ef1fa1e009..de461ff2ea 100644 --- a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml +++ b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml @@ -14,4 +14,4 @@ counts: modules: 13 - resources: 72 + resources: 73 diff --git a/tests/modules/apigee/fixture/test.all.tfvars b/tests/modules/apigee/fixture/test.all.tfvars index d0c29921ca..9eb337b748 100644 --- a/tests/modules/apigee/fixture/test.all.tfvars +++ b/tests/modules/apigee/fixture/test.all.tfvars @@ -29,14 +29,16 @@ environments = { } instances = { instance-test-ew1 = { - region = "europe-west1" - environments = ["apis-test"] - psa_ip_cidr_range = "10.0.4.0/22" + region = "europe-west1" + environments = ["apis-test"] + runtime_ip_cidr_range = "10.0.4.0/22" + troubleshooting_ip_cidr_range = "10.1.0.0/28" } instance-prod-ew3 = { - region = "europe-west3" - environments = ["apis-prod"] - psa_ip_cidr_range = "10.0.5.0/22" + region = "europe-west3" + environments = ["apis-prod"] + runtime_ip_cidr_range = "10.0.6.0/22" + troubleshooting_ip_cidr_range = "10.1.0.16/28" } } endpoint_attachments = { diff --git a/tests/modules/apigee/fixture/test.instance_only.tfvars b/tests/modules/apigee/fixture/test.instance_only.tfvars index 3d3eb1be1b..d9399bfa91 100644 --- a/tests/modules/apigee/fixture/test.instance_only.tfvars +++ b/tests/modules/apigee/fixture/test.instance_only.tfvars @@ -1,8 +1,9 @@ project_id = "my-project" instances = { instance-test-ew1 = { - region = "europe-west1" - environments = ["apis-test"] - psa_ip_cidr_range = "10.0.4.0/22" + region = "europe-west1" + environments = ["apis-test"] + runtime_ip_cidr_range = "10.0.4.0/22" + troubleshooting_ip_cidr_range = "10.1.1.0.0/28" } -} \ No newline at end of file +} diff --git a/tests/modules/apigee/fixture/variables.tf b/tests/modules/apigee/fixture/variables.tf index 266f0d34ed..6bb9acf85f 100644 --- a/tests/modules/apigee/fixture/variables.tf +++ b/tests/modules/apigee/fixture/variables.tf @@ -47,13 +47,14 @@ variable "environments" { variable "instances" { description = "Instances." type = map(object({ - display_name = optional(string) - description = optional(string, "Terraform-managed") - region = string - environments = list(string) - psa_ip_cidr_range = string - disk_encryption_key = optional(string) - consumer_accept_list = optional(list(string)) + display_name = optional(string) + description = optional(string, "Terraform-managed") + region = string + environments = list(string) + runtime_ip_cidr_range = string + troubleshooting_ip_cidr_range = string + disk_encryption_key = optional(string) + consumer_accept_list = optional(list(string)) })) default = null }