diff --git a/blueprints/apigee/bigquery-analytics/README.md b/blueprints/apigee/bigquery-analytics/README.md
index 361610a7a1..027f28ead8 100644
--- a/blueprints/apigee/bigquery-analytics/README.md
+++ b/blueprints/apigee/bigquery-analytics/README.md
@@ -60,14 +60,14 @@ Do the following to verify that everything works as expected.
|---|---|:---:|:---:|:---:|
| [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | ✓ | |
| [environments](variables.tf#L30) | Environments. | map(object({…})) | ✓ | |
-| [instances](variables.tf#L45) | Instance. | map(object({…})) | ✓ | |
-| [project_id](variables.tf#L91) | Project ID. | string | ✓ | |
-| [psc_config](variables.tf#L97) | PSC configuration. | map(string) | ✓ | |
+| [instances](variables.tf#L45) | Instance. | map(object({…})) | ✓ | |
+| [project_id](variables.tf#L92) | Project ID. | string | ✓ | |
+| [psc_config](variables.tf#L98) | PSC configuration. | map(string) | ✓ | |
| [datastore_name](variables.tf#L17) | Datastore. | string | | "gcs" |
-| [organization](variables.tf#L59) | Apigee organization. | object({…}) | | {…} |
-| [path](variables.tf#L75) | Bucket path. | string | | "/analytics" |
-| [project_create](variables.tf#L82) | Parameters for the creation of the new project. | object({…}) | | null |
-| [vpc_create](variables.tf#L103) | Boolean flag indicating whether the VPC should be created or not. | bool | | true |
+| [organization](variables.tf#L60) | Apigee organization. | object({…}) | | {…} |
+| [path](variables.tf#L76) | Bucket path. | string | | "/analytics" |
+| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | object({…}) | | null |
+| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | bool | | true |
## Outputs
diff --git a/blueprints/apigee/bigquery-analytics/main.tf b/blueprints/apigee/bigquery-analytics/main.tf
index 8ecca62a85..68e672d254 100644
--- a/blueprints/apigee/bigquery-analytics/main.tf
+++ b/blueprints/apigee/bigquery-analytics/main.tf
@@ -68,9 +68,12 @@ module "vpc" {
region = k
}]
psa_config = {
- ranges = {
- for k, v in var.instances : "apigee-${k}" => v.psa_ip_cidr_range
- }
+ ranges = merge({ for k, v in var.instances :
+ "apigee-runtime-${k}" => v.runtime_ip_cidr_range
+ }, { for k, v in var.instances :
+ "apigee-troubleshooting-${k}" => v.troubleshooting_ip_cidr_range
+ }
+ )
}
}
diff --git a/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample
index db4213210f..5a25a9f378 100644
--- a/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample
+++ b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample
@@ -15,7 +15,8 @@ instances = {
instance-ew1 = {
region = "europe-west1"
environments = ["apis-test"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ runtime_ip_cidr_range = "10.0.4.0/22"
+ troubleshooting_ip_cidr_range = "10.1.1.0/28"
}
}
psc_config = {
diff --git a/blueprints/apigee/bigquery-analytics/variables.tf b/blueprints/apigee/bigquery-analytics/variables.tf
index ba7f5d78ae..1bd6cb0acd 100644
--- a/blueprints/apigee/bigquery-analytics/variables.tf
+++ b/blueprints/apigee/bigquery-analytics/variables.tf
@@ -45,13 +45,14 @@ variable "environments" {
variable "instances" {
description = "Instance."
type = map(object({
- display_name = optional(string)
- description = optional(string)
- region = string
- environments = list(string)
- psa_ip_cidr_range = string
- disk_encryption_key = optional(string)
- consumer_accept_list = optional(list(string))
+ display_name = optional(string)
+ description = optional(string)
+ region = string
+ environments = list(string)
+ runtime_ip_cidr_range = string
+ troubleshooting_ip_cidr_range = string
+ disk_encryption_key = optional(string)
+ consumer_accept_list = optional(list(string))
}))
nullable = false
}
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
index 21bd9940bc..690458f03c 100644
--- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
+++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
@@ -46,18 +46,19 @@ Do the following to verify that everything works as expected.
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [apigee_project_id](variables.tf#L17) | Project ID. | string | ✓ | |
-| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | string | ✓ | |
-| [hostname](variables.tf#L52) | Host name. | string | ✓ | |
-| [onprem_project_id](variables.tf#L57) | Project ID. | string | ✓ | |
-| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | string | ✓ | |
+| [billing_account_id](variables.tf#L53) | Parameters for the creation of the new project. | string | ✓ | |
+| [hostname](variables.tf#L58) | Host name. | string | ✓ | |
+| [onprem_project_id](variables.tf#L63) | Project ID. | string | ✓ | |
+| [parent](variables.tf#L81) | Parent (organizations/organizationID or folders/folderID). | string | ✓ | |
| [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | string | | "10.2.1.0/24" |
-| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | string | | "10.0.4.0/22" |
-| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | string | | "10.2.2.0/24" |
+| [apigee_psc_subnet_ip_cidr_range](variables.tf#L29) | Subnet IP CIDR range. | string | | "10.2.2.0/24" |
+| [apigee_runtime_ip_cidr_range](variables.tf#L35) | Apigee PSA IP CIDR range. | string | | "10.0.4.0/22" |
| [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | string | | "10.2.0.0/24" |
-| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | string | | "10.1.1.0/24" |
-| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | string | | "10.1.0.0/24" |
-| [region](variables.tf#L80) | Region. | string | | "europe-west1" |
-| [zone](variables.tf#L86) | Zone. | string | | "europe-west1-c" |
+| [apigee_troubleshooting_ip_cidr_range](variables.tf#L47) | Apigee PSA IP CIDR range. | string | | "10.1.0.0/28" |
+| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | string | | "10.1.1.0/24" |
+| [onprem_subnet_ip_cidr_range](variables.tf#L75) | Subnet IP CIDR range. | string | | "10.1.0.0/24" |
+| [region](variables.tf#L86) | Region. | string | | "europe-west1" |
+| [zone](variables.tf#L92) | Zone. | string | | "europe-west1-c" |
## Outputs
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf
index 0e4faabfb5..8860e404c6 100644
--- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf
+++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf
@@ -57,7 +57,8 @@ module "apigee_vpc" {
}]
psa_config = {
ranges = {
- "apigee" = var.apigee_psa_ip_cidr_range
+ "apigee-runtime" = var.apigee_runtime_ip_cidr_range
+ "apigee-troubleshooting" = var.apigee_troubleshooting_ip_cidr_range
}
}
}
@@ -79,9 +80,10 @@ module "apigee" {
}
instances = {
instance-1 = {
- region = var.region
- environments = [local.environment]
- psa_ip_cidr_range = var.apigee_psa_ip_cidr_range
+ region = var.region
+ environments = [local.environment]
+ runtime_ip_cidr_range = var.apigee_runtime_ip_cidr_range
+ troubleshooting_ip_cidr_range = var.apigee_troubleshooting_ip_cidr_range
}
}
endpoint_attachments = {
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf
index 5d28ab9f7a..86a720e70a 100644
--- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf
+++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf
@@ -26,24 +26,30 @@ variable "apigee_proxy_only_subnet_ip_cidr_range" {
default = "10.2.1.0/24"
}
-variable "apigee_psa_ip_cidr_range" {
- description = "Apigee PSA IP CIDR range."
- type = string
- default = "10.0.4.0/22"
-}
-
variable "apigee_psc_subnet_ip_cidr_range" {
description = "Subnet IP CIDR range."
type = string
default = "10.2.2.0/24"
}
+variable "apigee_runtime_ip_cidr_range" {
+ description = "Apigee PSA IP CIDR range."
+ type = string
+ default = "10.0.4.0/22"
+}
+
variable "apigee_subnet_ip_cidr_range" {
description = "Subnet IP CIDR range."
type = string
default = "10.2.0.0/24"
}
+variable "apigee_troubleshooting_ip_cidr_range" {
+ description = "Apigee PSA IP CIDR range."
+ type = string
+ default = "10.1.0.0/28"
+}
+
variable "billing_account_id" {
description = "Parameters for the creation of the new project."
type = string
diff --git a/modules/apigee/README.md b/modules/apigee/README.md
index 02b1d13f99..0f3daa5662 100644
--- a/modules/apigee/README.md
+++ b/modules/apigee/README.md
@@ -44,14 +44,16 @@ module "apigee" {
}
instances = {
instance-test-ew1 = {
- region = "europe-west1"
- environments = ["apis-test"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ region = "europe-west1"
+ environments = ["apis-test"]
+ runtime_ip_cidr_range = "10.0.4.0/22"
+ troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
}
instance-prod-ew3 = {
- region = "europe-west3"
- environments = ["apis-prod"]
- psa_ip_cidr_range = "10.0.5.0/22"
+ region = "europe-west3"
+ environments = ["apis-prod"]
+ runtime_ip_cidr_range = "10.0.8.0/22"
+ troubleshooting_ip_cidr_range = "10.1.16.0/28"
}
}
endpoint_attachments = {
@@ -141,9 +143,10 @@ module "apigee" {
project_id = "my-project"
instances = {
instance-test-ew1 = {
- region = "europe-west1"
- environments = ["apis-test"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ region = "europe-west1"
+ environments = ["apis-test"]
+ runtime_ip_cidr_range = "10.0.4.0/22"
+ troubleshooting_ip_cidr_range = "10.1.1.0/28"
}
}
}
@@ -173,12 +176,12 @@ module "apigee" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L77) | Project ID. | string | ✓ | |
+| [project_id](variables.tf#L78) | Project ID. | string | ✓ | |
| [endpoint_attachments](variables.tf#L17) | Endpoint attachments. | map(object({…})) | | null |
| [envgroups](variables.tf#L26) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | null |
| [environments](variables.tf#L32) | Environments. | map(object({…})) | | null |
-| [instances](variables.tf#L49) | Instances. | map(object({…})) | | null |
-| [organization](variables.tf#L63) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null |
+| [instances](variables.tf#L49) | Instances. | map(object({…})) | | null |
+| [organization](variables.tf#L64) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null |
## Outputs
diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf
index f1c71ec1f1..aa2d076a2f 100644
--- a/modules/apigee/main.tf
+++ b/modules/apigee/main.tf
@@ -93,7 +93,7 @@ resource "google_apigee_instance" "instances" {
description = each.value.description
location = each.value.region
org_id = local.org_id
- ip_range = each.value.psa_ip_cidr_range
+ ip_range = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}"
disk_encryption_key_name = each.value.disk_encryption_key
consumer_accept_list = each.value.consumer_accept_list
}
diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf
index 81cf77f6ea..00961aac2c 100644
--- a/modules/apigee/variables.tf
+++ b/modules/apigee/variables.tf
@@ -49,13 +49,14 @@ variable "environments" {
variable "instances" {
description = "Instances."
type = map(object({
- display_name = optional(string)
- description = optional(string, "Terraform-managed")
- region = string
- environments = list(string)
- psa_ip_cidr_range = string
- disk_encryption_key = optional(string)
- consumer_accept_list = optional(list(string))
+ display_name = optional(string)
+ description = optional(string, "Terraform-managed")
+ region = string
+ environments = list(string)
+ runtime_ip_cidr_range = string
+ troubleshooting_ip_cidr_range = string
+ disk_encryption_key = optional(string)
+ consumer_accept_list = optional(list(string))
}))
default = null
}
diff --git a/tests/blueprints/apigee/bigquery-analytics/basic.tfvars b/tests/blueprints/apigee/bigquery-analytics/basic.tfvars
index 8a650b56e2..2f9315a439 100644
--- a/tests/blueprints/apigee/bigquery-analytics/basic.tfvars
+++ b/tests/blueprints/apigee/bigquery-analytics/basic.tfvars
@@ -13,9 +13,10 @@ environments = {
}
instances = {
instance-ew1 = {
- region = "europe-west1"
- environments = ["apis-test"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ region = "europe-west1"
+ environments = ["apis-test"]
+ runtime_ip_cidr_range = "10.0.4.0/22"
+ troubleshooting_ip_cidr_range = "10.1.0.0/28"
}
}
psc_config = {
diff --git a/tests/blueprints/apigee/bigquery-analytics/basic.yaml b/tests/blueprints/apigee/bigquery-analytics/basic.yaml
index d89eaef583..691af456b1 100644
--- a/tests/blueprints/apigee/bigquery-analytics/basic.yaml
+++ b/tests/blueprints/apigee/bigquery-analytics/basic.yaml
@@ -14,4 +14,4 @@
counts:
modules: 9
- resources: 61
+ resources: 62
diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml
index ef1fa1e009..de461ff2ea 100644
--- a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml
+++ b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml
@@ -14,4 +14,4 @@
counts:
modules: 13
- resources: 72
+ resources: 73
diff --git a/tests/modules/apigee/fixture/test.all.tfvars b/tests/modules/apigee/fixture/test.all.tfvars
index d0c29921ca..9eb337b748 100644
--- a/tests/modules/apigee/fixture/test.all.tfvars
+++ b/tests/modules/apigee/fixture/test.all.tfvars
@@ -29,14 +29,16 @@ environments = {
}
instances = {
instance-test-ew1 = {
- region = "europe-west1"
- environments = ["apis-test"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ region = "europe-west1"
+ environments = ["apis-test"]
+ runtime_ip_cidr_range = "10.0.4.0/22"
+ troubleshooting_ip_cidr_range = "10.1.0.0/28"
}
instance-prod-ew3 = {
- region = "europe-west3"
- environments = ["apis-prod"]
- psa_ip_cidr_range = "10.0.5.0/22"
+ region = "europe-west3"
+ environments = ["apis-prod"]
+ runtime_ip_cidr_range = "10.0.6.0/22"
+ troubleshooting_ip_cidr_range = "10.1.0.16/28"
}
}
endpoint_attachments = {
diff --git a/tests/modules/apigee/fixture/test.instance_only.tfvars b/tests/modules/apigee/fixture/test.instance_only.tfvars
index 3d3eb1be1b..d9399bfa91 100644
--- a/tests/modules/apigee/fixture/test.instance_only.tfvars
+++ b/tests/modules/apigee/fixture/test.instance_only.tfvars
@@ -1,8 +1,9 @@
project_id = "my-project"
instances = {
instance-test-ew1 = {
- region = "europe-west1"
- environments = ["apis-test"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ region = "europe-west1"
+ environments = ["apis-test"]
+ runtime_ip_cidr_range = "10.0.4.0/22"
+ troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
}
-}
\ No newline at end of file
+}
diff --git a/tests/modules/apigee/fixture/variables.tf b/tests/modules/apigee/fixture/variables.tf
index 81cf77f6ea..00961aac2c 100644
--- a/tests/modules/apigee/fixture/variables.tf
+++ b/tests/modules/apigee/fixture/variables.tf
@@ -49,13 +49,14 @@ variable "environments" {
variable "instances" {
description = "Instances."
type = map(object({
- display_name = optional(string)
- description = optional(string, "Terraform-managed")
- region = string
- environments = list(string)
- psa_ip_cidr_range = string
- disk_encryption_key = optional(string)
- consumer_accept_list = optional(list(string))
+ display_name = optional(string)
+ description = optional(string, "Terraform-managed")
+ region = string
+ environments = list(string)
+ runtime_ip_cidr_range = string
+ troubleshooting_ip_cidr_range = string
+ disk_encryption_key = optional(string)
+ consumer_accept_list = optional(list(string))
}))
default = null
}