diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml index b9dc02d22852..69fb8fe19b2d 100644 --- a/mmv1/products/compute/api.yaml +++ b/mmv1/products/compute/api.yaml @@ -123,13 +123,21 @@ objects: - !ruby/object:Api::Type::String name: purpose description: | - The purpose of this resource. Possible values include: + The purpose of this resource, which can be one of the following values: - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, internal load balancers, and similar resources. - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers. + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP range + that are reserved for a VLAN attachment in an IPsec-encrypted Cloud + Interconnect configuration. These addresses are regional resources. + + This should only be set when using an Internal address. - !ruby/object:Api::Type::Enum name: 'networkTier' description: | @@ -181,6 +189,20 @@ objects: - :RESERVING - :RESERVED - :IN_USE + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The URL of the network in which to reserve the address. This field + can only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + min_version: beta + - !ruby/object:Api::Type::Integer + name: prefixLength + description: | + The prefix length if the resource represents an IP range. + min_version: beta - !ruby/object:Api::Resource name: 'Autoscaler' kind: 'compute#autoscaler' @@ -7468,6 +7490,60 @@ objects: description: | The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When using PARTNER type this will be managed upstream. + - !ruby/object:Api::Type::Array + name: 'ipsecInternalAddresses' + description: | + URL of addresses that have been reserved for the interconnect + attachment, Used only for interconnect attachment that has the + encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will be + allocated from regional external IP address pool. + input: true + min_version: beta + item_type: !ruby/object:Api::Type::ResourceRef + name: 'ipsecInternalAddress' + resource: 'Address' + imports: 'selfLink' + description: | + URL of an address that has been reserved for the interconnect + attachment. + - !ruby/object:Api::Type::Enum + name: 'encryption' + description: | + Indicates the user-supplied encryption option of this interconnect + attachment: + + NONE is the default value, which means that the attachment carries + unencrypted traffic. VMs can send traffic to, or receive traffic + from, this type of attachment. + + IPSEC indicates that the attachment carries only traffic encrypted by + an IPsec device such as an HA VPN gateway. VMs cannot directly send + traffic to, or receive traffic from, such an attachment. To use + IPsec-encrypted Cloud Interconnect create the attachment using this + option. + + Not currently available publicly. + input: true + values: + - :NONE + - :IPSEC + default_value: :NONE + min_version: beta - !ruby/object:Api::Resource name: 'MachineImage' kind: 'compute#machineImage' @@ -12904,6 +12980,15 @@ objects: description: | User-specified description for the IP range. send_empty_value: true + - !ruby/object:Api::Type::Boolean + name: encryptedInterconnectRouter + input: true + description: | + Field to indicate if a router is dedicated to use with encrypted + Interconnect Attachment (IPsec-encrypted Cloud Interconnect feature). + + Not currently available publicly. + min_version: beta - !ruby/object:Api::Resource name: 'RouterNat' base_url: projects/{{project}}/regions/{{region}}/routers/{{router}} @@ -15332,7 +15417,6 @@ objects: name: 'vpnInterfaces' description: | A list of interfaces on this VPN gateway. - output: true item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::Integer @@ -15341,6 +15425,21 @@ objects: - !ruby/object:Api::Type::String name: 'ipAddress' description: 'The external IP address for this VPN gateway interface.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'interconnectAttachment' + resource: 'InterconnectAttachment' + imports: 'selfLink' + description: | + URL of the interconnect attachment resource. When the value + of this field is present, the VPN Gateway will be used for + IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the + specified interconnect attachment resource. + + Not currently available publicly. + input: true + min_version: beta - !ruby/object:Api::Resource name: 'ExternalVpnGateway' kind: 'compute#externalVpnGateway' diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index 031ec2ef84b6..0c8de1a836ce 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -45,6 +45,13 @@ overrides: !ruby/object:Overrides::ResourceOverrides vars: address_name: "ipv4-address" instance_name: "vm-instance" + - !ruby/object:Provider::Terraform::Examples + name: "compute_address_ipsec_interconnect" + primary_resource_id: "ipsec-interconnect-address" + min_version: beta + vars: + address_name: "test-address" + network_name: "test-network" properties: address: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true @@ -1088,6 +1095,15 @@ overrides: !ruby/object:Overrides::ResourceOverrides interconnect_attachment_name: "on-prem-attachment" router_name: "router" network_name: "network" + - !ruby/object:Provider::Terraform::Examples + name: "compute_interconnect_attachment_ipsec_encryption" + primary_resource_id: "ipsec-encrypted-interconnect-attachment" + min_version: beta + vars: + interconnect_attachment_name: "test-interconnect-attachment" + address_name: "test-address" + router_name: "test-router" + network_name: "test-network" properties: id: !ruby/object:Overrides::Terraform::PropertyOverride exclude: true @@ -2056,6 +2072,13 @@ overrides: !ruby/object:Overrides::ResourceOverrides vars: router_name: "my-router" network_name: "my-network" + - !ruby/object:Provider::Terraform::Examples + name: "compute_router_encrypted_interconnect" + primary_resource_id: "encrypted-interconnect-router" + min_version: beta + vars: + router_name: "test-router" + network_name: "test-network" custom_code: !ruby/object:Provider::Terraform::CustomCode constants: templates/terraform/constants/router.go.erb resource_definition: templates/terraform/resource_definition/router.go.erb @@ -2711,6 +2734,18 @@ overrides: !ruby/object:Overrides::ResourceOverrides ha_vpn_gateway2_name: "ha-vpn-2" network2_name: "network2" router2_name: "ha-vpn-router2" + - !ruby/object:Provider::Terraform::Examples + name: "compute_ha_vpn_gateway_encrypted_interconnect" + primary_resource_id: "vpn-gateway" + min_version: beta + vars: + ha_vpn_gateway_name: "test-ha-vpngw" + interconnect_attachment1_name: "test-interconnect-attachment1" + interconnect_attachment2_name: "test-interconnect-attachment2" + address1_name: "test-address1" + address2_name: "test-address2" + router_name: "test-router" + network_name: "test-network" properties: name: !ruby/object:Overrides::Terraform::PropertyOverride validation: !ruby/object:Provider::Terraform::Validation @@ -2723,6 +2758,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides required: false # the provider-default value will be used if not specified default_from_api: true custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + vpnInterfaces: !ruby/object:Overrides::Terraform::PropertyOverride + default_from_api: true ExternalVpnGateway: !ruby/object:Overrides::Terraform::ResourceOverride properties: interfaces: !ruby/object:Overrides::Terraform::PropertyOverride diff --git a/mmv1/templates/terraform/examples/compute_address_ipsec_interconnect.tf.erb b/mmv1/templates/terraform/examples/compute_address_ipsec_interconnect.tf.erb new file mode 100644 index 000000000000..c31d1c0c5559 --- /dev/null +++ b/mmv1/templates/terraform/examples/compute_address_ipsec_interconnect.tf.erb @@ -0,0 +1,15 @@ +resource "google_compute_address" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['address_name'] %>" + address_type = "INTERNAL" + purpose = "IPSEC_INTERCONNECT" + address = "192.168.1.0" + prefix_length = 29 + network = google_compute_network.network.self_link + provider = google-beta +} + +resource "google_compute_network" "network" { + name = "<%= ctx[:vars]['network_name'] %>" + auto_create_subnetworks = false + provider = google-beta +} diff --git a/mmv1/templates/terraform/examples/compute_ha_vpn_gateway_encrypted_interconnect.tf.erb b/mmv1/templates/terraform/examples/compute_ha_vpn_gateway_encrypted_interconnect.tf.erb new file mode 100644 index 000000000000..eb69df1c9337 --- /dev/null +++ b/mmv1/templates/terraform/examples/compute_ha_vpn_gateway_encrypted_interconnect.tf.erb @@ -0,0 +1,73 @@ +resource "google_compute_ha_vpn_gateway" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['ha_vpn_gateway_name'] %>" + network = google_compute_network.network.id + vpn_interfaces { + id = 0 + interconnect_attachment = google_compute_interconnect_attachment.attachment1.self_link + } + vpn_interfaces { + id = 1 + interconnect_attachment = google_compute_interconnect_attachment.attachment2.self_link + } + provider = google-beta +} + +resource "google_compute_interconnect_attachment" "attachment1" { + name = "<%= ctx[:vars]['interconnect_attachment1_name'] %>" + edge_availability_domain = "AVAILABILITY_DOMAIN_1" + type = "PARTNER" + router = google_compute_router.router.id + encryption = "IPSEC" + ipsec_internal_addresses = [ + google_compute_address.address1.self_link, + ] + provider = google-beta +} + +resource "google_compute_interconnect_attachment" "attachment2" { + name = "<%= ctx[:vars]['interconnect_attachment2_name'] %>" + edge_availability_domain = "AVAILABILITY_DOMAIN_2" + type = "PARTNER" + router = google_compute_router.router.id + encryption = "IPSEC" + ipsec_internal_addresses = [ + google_compute_address.address2.self_link, + ] + provider = google-beta +} + +resource "google_compute_address" "address1" { + name = "<%= ctx[:vars]['address1_name'] %>" + address_type = "INTERNAL" + purpose = "IPSEC_INTERCONNECT" + address = "192.168.1.0" + prefix_length = 29 + network = google_compute_network.network.self_link + provider = google-beta +} + +resource "google_compute_address" "address2" { + name = "<%= ctx[:vars]['address2_name'] %>" + address_type = "INTERNAL" + purpose = "IPSEC_INTERCONNECT" + address = "192.168.2.0" + prefix_length = 29 + network = google_compute_network.network.self_link + provider = google-beta +} + +resource "google_compute_router" "router" { + name = "<%= ctx[:vars]['router_name'] %>" + network = google_compute_network.network.name + encrypted_interconnect_router = true + bgp { + asn = 16550 + } + provider = google-beta +} + +resource "google_compute_network" "network" { + name = "<%= ctx[:vars]['network_name'] %>" + auto_create_subnetworks = false + provider = google-beta +} diff --git a/mmv1/templates/terraform/examples/compute_interconnect_attachment_ipsec_encryption.tf.erb b/mmv1/templates/terraform/examples/compute_interconnect_attachment_ipsec_encryption.tf.erb new file mode 100644 index 000000000000..9848680c8cc4 --- /dev/null +++ b/mmv1/templates/terraform/examples/compute_interconnect_attachment_ipsec_encryption.tf.erb @@ -0,0 +1,37 @@ +resource "google_compute_interconnect_attachment" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['interconnect_attachment_name'] %>" + edge_availability_domain = "AVAILABILITY_DOMAIN_1" + type = "PARTNER" + router = google_compute_router.router.id + encryption = "IPSEC" + ipsec_internal_addresses = [ + google_compute_address.address.self_link, + ] + provider = google-beta +} + +resource "google_compute_address" "address" { + name = "<%= ctx[:vars]['address_name'] %>" + address_type = "INTERNAL" + purpose = "IPSEC_INTERCONNECT" + address = "192.168.1.0" + prefix_length = 29 + network = google_compute_network.network.self_link + provider = google-beta +} + +resource "google_compute_router" "router" { + name = "<%= ctx[:vars]['router_name'] %>" + network = google_compute_network.network.name + encrypted_interconnect_router = true + bgp { + asn = 16550 + } + provider = google-beta +} + +resource "google_compute_network" "network" { + name = "<%= ctx[:vars]['network_name'] %>" + auto_create_subnetworks = false + provider = google-beta +} diff --git a/mmv1/templates/terraform/examples/compute_router_encrypted_interconnect.tf.erb b/mmv1/templates/terraform/examples/compute_router_encrypted_interconnect.tf.erb new file mode 100644 index 000000000000..e8b2abb3818c --- /dev/null +++ b/mmv1/templates/terraform/examples/compute_router_encrypted_interconnect.tf.erb @@ -0,0 +1,15 @@ +resource "google_compute_router" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['router_name'] %>" + network = google_compute_network.network.name + encrypted_interconnect_router = true + bgp { + asn = 64514 + } + provider = google-beta +} + +resource "google_compute_network" "network" { + name = "<%= ctx[:vars]['network_name'] %>" + auto_create_subnetworks = false + provider = google-beta +}