From b24e7cbaf6c11f02691e1d08794a2ea2a54a58f1 Mon Sep 17 00:00:00 2001 From: pweiber Date: Fri, 1 Mar 2024 17:55:11 -0300 Subject: [PATCH 01/11] adding mmv1 for lb-traffic-extension and initial basic test --- .../networkservices/LbTrafficExtension.yaml | 185 +++++++++++++++ ...services_lb_traffic_extension_basic.tf.erb | 217 ++++++++++++++++++ 2 files changed, 402 insertions(+) create mode 100644 mmv1/products/networkservices/LbTrafficExtension.yaml create mode 100644 mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml new file mode 100644 index 000000000000..4cb0922fe366 --- /dev/null +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -0,0 +1,185 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'LbTrafficExtension' +description: | + LbTrafficExtension is a resource that lets the extension service modify the headers and payloads of both requests and responses without impacting the choice of backend services or any other security policies associated with the backend service. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configure a traffic extension': 'https://cloud.google.com/service-extensions/docs/configure-callout#configure_a_traffic_extension' + api: 'https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions' +min_version: beta +base_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions' +self_link: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}' +timeouts: !ruby/object:Api::Timeouts + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +create_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions?lbTrafficExtensionId={{name}}' +update_verb: :PATCH +update_mask: true +autogen_async: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'network_services_lb_traffic_extension_basic' + primary_resource_id: 'google_network_services_lb_traffic_extension' + vars: + ilb_network_name: 'l7-ilb-network' + proxy_subnet_name: 'l7-ilb-proxy-subnet' + backend_subnet_name: 'l7-ilb-subnet' + forwarding_rule_name: 'l7-ilb-forwarding-rule' + target_http_proxy_name: 'l7-ilb-target-http-proxy' + regional_url_map_name: 'l7-ilb-regional-url-map' + backend_service_name: 'l7-ilb-backend-subnet' + mig_template_name: 'l7-ilb-mig-template' + hc_name: 'l7-ilb-hc' + mig_name: 'l7-ilb-mig1' + fw_allow_iap_hc_name: 'l7-ilb-fw-allow-iap-hc' + fw_allow_ilb_to_backends_name: 'l7-ilb-fw-allow-ilb-to-backends' + vm_test_name: 'l7-ilb-test-vm' + min_version: beta + ignore_read_extra: + - 'port_range' + - 'target' +parameters: + - !ruby/object:Api::Type::String + name: 'location' + required: true + immutable: true + url_param_only: true + description: | + The location of the traffic extension + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::KeyValueLabels + name: labels + description: 'Set of labels associated with the LbTrafficExtension resource.' + - !ruby/object:Api::Type::Array + name: forwardingRules + description: | + A list of references to the forwarding rules to which this service extension is attached to. + At least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule. + required: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: extensionChains + description: | + A set of ordered extension chains that contain the match conditions and extensions to execute. + Match conditions for each extension chain are evaluated in sequence for a given request. + The first extension chain that has a condition that matches the request is executed. + Any subsequent extension chains do not execute. Limited to 5 extension chains per resource. + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this extension chain. The name is logged as part of the HTTP request logs. + The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, + and can have a maximum length of 63 characters. Additionally, the first character must be a letter + and the last a letter or a number. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'matchCondition' + description: | + Conditions under which this chain is invoked for a request. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'celExpression' + description: | + A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. + required: true + - !ruby/object:Api::Type::Array + name: 'extensions' + description: | + A set of extensions to execute for the matching request. + At least one extension is required. Up to 3 extensions can be defined for each extension chain for + LbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain. + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this extension. The name is logged as part of the HTTP request logs. + The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, + and can have a maximum length of 63 characters. Additionally, the first character must be a letter + and the last a letter or a number. + required: true + - !ruby/object:Api::Type::String + name: 'authority' + description: | + The :authority header in the gRPC request sent from Envoy to the extension service. + required: true + - !ruby/object:Api::Type::String + name: 'service' + description: | + The reference to the service that runs the extension. Must be a reference to a backend service + required: true + - !ruby/object:Api::Type::String + name: 'timeout' + description: | + Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + required: true + - !ruby/object:Api::Type::Boolean + name: 'failOpen' + description: | + Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. + Any subsequent extensions in the extension chain are also executed. + When set to FALSE: * If response headers have not been delivered to the downstream client, + a generic 500 error is returned to the client. The error response can be tailored by + configuring a custom error response in the load balancer. + - !ruby/object:Api::Type::Array + name: 'forwardHeaders' + description: | + List of the HTTP headers to forward to the extension (from the client or backend). + If omitted, all headers are sent. Each element is a string indicating the header name. + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: 'supportedEvents' + description: | + A set of events during request or response processing for which this extension is called. + This field is required for the LbTrafficExtension resource. It's not relevant for the LbRouteExtension + resource. + values: + - :EVENT_TYPE_UNSPECIFIED + - :REQUEST_HEADERS + - :REQUEST_BODY + - :RESPONSE_HEADERS + - :RESPONSE_BODY + - !ruby/object:Api::Type::Enum + name: 'loadBalancingScheme' + description: | + All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to Choosing a load balancer. + values: + - :LOAD_BALANCING_SCHEME_UNSPECIFIED + - :INTERNAL_MANAGED + - :EXTERNAL_MANAGED diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb new file mode 100644 index 000000000000..aac873cb571e --- /dev/null +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -0,0 +1,217 @@ +# Internal HTTP load balancer with a managed instance group backend + +# [START cloudloadbalancing_int_http_gce] +# VPC network +resource "google_compute_network" "ilb_network" { + name = "<%= ctx[:vars]['ilb_network_name'] %>" + provider = google-beta + auto_create_subnetworks = false +} + +# proxy-only subnet +resource "google_compute_subnetwork" "proxy_subnet" { + name = "<%= ctx[:vars]['proxy_subnet_name'] %>" + provider = google-beta + ip_cidr_range = "10.0.0.0/24" + region = "us-west1" + purpose = "REGIONAL_MANAGED_PROXY" + role = "ACTIVE" + network = google_compute_network.ilb_network.id +} + +# backend subnet +resource "google_compute_subnetwork" "ilb_subnet" { + name = "<%= ctx[:vars]['backend_subnet_name'] %>" + provider = google-beta + ip_cidr_range = "10.0.1.0/24" + region = "us-west1" + network = google_compute_network.ilb_network.id +} + +# forwarding rule +resource "google_compute_forwarding_rule" "default" { + name = "<%= ctx[:vars]['forwarding_rule_name'] %>" + provider = google-beta + region = "us-west1" + depends_on = [google_compute_subnetwork.proxy_subnet] + ip_protocol = "TCP" + load_balancing_scheme = "INTERNAL_MANAGED" + port_range = "80" + target = google_compute_region_target_http_proxy.default.id + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + network_tier = "PREMIUM" +} + +# HTTP target proxy +resource "google_compute_region_target_http_proxy" "default" { + name = "<%= ctx[:vars]['target_http_proxy_name'] %>" + provider = google-beta + region = "us-west1" + url_map = google_compute_region_url_map.default.id +} + +# URL map +resource "google_compute_region_url_map" "default" { + name = "<%= ctx[:vars]['regional_url_map_name'] %>" + provider = google-beta + region = "us-west1" + default_service = google_compute_region_backend_service.default.id +} + +# backend service +resource "google_compute_region_backend_service" "default" { + name = "<%= ctx[:vars]['backend_service_name'] %>" + provider = google-beta + region = "us-west1" + protocol = "HTTP" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + health_checks = [google_compute_region_health_check.default.id] + backend { + group = google_compute_region_instance_group_manager.mig.instance_group + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} + +# instance template +resource "google_compute_instance_template" "instance_template" { + name = "<%= ctx[:vars]['mig_template_name'] %>" + provider = google-beta + machine_type = "e2-small" + tags = ["http-server"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { + # add external ip to fetch packages + } + } + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + + cat < /var/www/html/index.html + 
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+
+ EOF + EOF1 + } + lifecycle { + create_before_destroy = true + } +} + +# health check +resource "google_compute_region_health_check" "default" { + name = "<%= ctx[:vars]['hc_name'] %>" + provider = google-beta + region = "us-west1" + http_health_check { + port_specification = "USE_SERVING_PORT" + } +} + +# MIG +resource "google_compute_region_instance_group_manager" "mig" { + name = "<%= ctx[:vars]['mig_name'] %>" + provider = google-beta + region = "us-west1" + version { + instance_template = google_compute_instance_template.instance_template.id + name = "primary" + } + base_instance_name = "vm" + target_size = 2 +} + +# allow all access from IAP and health check ranges +resource "google_compute_firewall" "fw-iap" { + name = "<%= ctx[:vars]['fw_allow_iap_hc_name'] %>" + provider = google-beta + direction = "INGRESS" + network = google_compute_network.ilb_network.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] + allow { + protocol = "tcp" + } +} + +# allow http from proxy subnet to backends +resource "google_compute_firewall" "fw-ilb-to-backends" { + name = "<%= ctx[:vars]['fw_allow_ilb_to_backends_name'] %>" + provider = google-beta + direction = "INGRESS" + network = google_compute_network.ilb_network.id + source_ranges = ["10.0.0.0/24"] + target_tags = ["http-server"] + allow { + protocol = "tcp" + ports = ["80", "443", "8080"] + } +} + +# test instance +resource "google_compute_instance" "vm-test" { + name = "<%= ctx[:vars]['vm_test_name'] %>" + provider = google-beta + zone = "us-west1-b" + machine_type = "e2-small" + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + } + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } +} +# [END cloudloadbalancing_int_http_gce] + +# [START lb_traffic_extension] + +resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resource_id] %>" { + location = "us-west1" + name = "lb-traffic-extension" + provider = google-beta + forwarding_rules = ["https://www.googleapis.com/compute/v1/projects/myproj/regions/us-west1/forwardingRules/l7-ilb-forwarding-rule"] + load_balancing_scheme = "INTERNAL_MANAGED" + extension_chains { + name = "chain1" + match_condition { + cel_expression = "request.host == 'example.com'" + } + extensions { + name = "ext11" + authority = "ext11.com" + service = "https://www.googleapis.com/compute/v1/projects/myproj/regions/us-west1/backendServices/l7-ilb-test-vm" + timeout = "0.1s" + supported_events = "REQUEST_HEADERS" + } + } + +} + +# [END lb_traffic_extension] \ No newline at end of file From d709a93005fdf7054d12d36398070c7b9bbf4b2a Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Thu, 7 Mar 2024 09:28:24 -0500 Subject: [PATCH 02/11] fixed lint errors --- .../networkservices/LbTrafficExtension.yaml | 90 +++++++++---------- ...services_lb_traffic_extension_basic.tf.erb | 2 +- 2 files changed, 46 insertions(+), 46 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index 4cb0922fe366..bdd19842e26e 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -14,23 +14,23 @@ --- !ruby/object:Api::Resource name: 'LbTrafficExtension' description: | - LbTrafficExtension is a resource that lets the extension service modify the headers and payloads of both requests and responses without impacting the choice of backend services or any other security policies associated with the backend service. + LbTrafficExtension is a resource that lets the extension service modify the headers and payloads of both requests and responses without impacting the choice of backend services or any other security policies associated with the backend service. references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configure a traffic extension': 'https://cloud.google.com/service-extensions/docs/configure-callout#configure_a_traffic_extension' + guides: + 'Configure a traffic extension': 'https://cloud.google.com/service-extensions/docs/configure-callout#configure_a_traffic_extension' api: 'https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions' min_version: beta base_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions' self_link: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}' timeouts: !ruby/object:Api::Timeouts - insert_minutes: 20 - update_minutes: 20 - delete_minutes: 20 + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 create_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions?lbTrafficExtensionId={{name}}' update_verb: :PATCH update_mask: true autogen_async: true -async: !ruby/object:Api::OpAsync +async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation base_url: '{{op_id}}' examples: @@ -62,14 +62,14 @@ parameters: immutable: true url_param_only: true description: | - The location of the traffic extension + The location of the traffic extension - !ruby/object:Api::Type::String name: 'name' required: true immutable: true url_param_only: true description: | - Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}. + Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}. properties: - !ruby/object:Api::Type::String name: 'description' @@ -81,16 +81,16 @@ properties: - !ruby/object:Api::Type::Array name: forwardingRules description: | - A list of references to the forwarding rules to which this service extension is attached to. + A list of references to the forwarding rules to which this service extension is attached to. At least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule. required: true item_type: Api::Type::String - !ruby/object:Api::Type::Array name: extensionChains description: | - A set of ordered extension chains that contain the match conditions and extensions to execute. - Match conditions for each extension chain are evaluated in sequence for a given request. - The first extension chain that has a condition that matches the request is executed. + A set of ordered extension chains that contain the match conditions and extensions to execute. + Match conditions for each extension chain are evaluated in sequence for a given request. + The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource. required: true item_type: !ruby/object:Api::Type::NestedObject @@ -98,78 +98,78 @@ properties: - !ruby/object:Api::Type::String name: 'name' description: | - The name for this extension chain. The name is logged as part of the HTTP request logs. - The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, - and can have a maximum length of 63 characters. Additionally, the first character must be a letter + The name for this extension chain. The name is logged as part of the HTTP request logs. + The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, + and can have a maximum length of 63 characters. Additionally, the first character must be a letter and the last a letter or a number. required: true - !ruby/object:Api::Type::NestedObject name: 'matchCondition' description: | - Conditions under which this chain is invoked for a request. + Conditions under which this chain is invoked for a request. required: true properties: - !ruby/object:Api::Type::String name: 'celExpression' description: | - A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. - required: true + A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. + required: true - !ruby/object:Api::Type::Array name: 'extensions' description: | - A set of extensions to execute for the matching request. - At least one extension is required. Up to 3 extensions can be defined for each extension chain for - LbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain. - required: true + A set of extensions to execute for the matching request. + At least one extension is required. Up to 3 extensions can be defined for each extension chain for + LbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain. + required: true item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: 'name' description: | - The name for this extension. The name is logged as part of the HTTP request logs. - The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, - and can have a maximum length of 63 characters. Additionally, the first character must be a letter - and the last a letter or a number. - required: true + The name for this extension. The name is logged as part of the HTTP request logs. + The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, + and can have a maximum length of 63 characters. Additionally, the first character must be a letter + and the last a letter or a number. + required: true - !ruby/object:Api::Type::String name: 'authority' description: | - The :authority header in the gRPC request sent from Envoy to the extension service. - required: true + The :authority header in the gRPC request sent from Envoy to the extension service. + required: true - !ruby/object:Api::Type::String name: 'service' description: | - The reference to the service that runs the extension. Must be a reference to a backend service + The reference to the service that runs the extension. Must be a reference to a backend service required: true - !ruby/object:Api::Type::String name: 'timeout' description: | Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds. - A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". required: true - !ruby/object:Api::Type::Boolean name: 'failOpen' description: | - Determines how the proxy behaves if the call to the extension fails or times out. - When set to TRUE, request or response processing continues without error. - Any subsequent extensions in the extension chain are also executed. - When set to FALSE: * If response headers have not been delivered to the downstream client, - a generic 500 error is returned to the client. The error response can be tailored by - configuring a custom error response in the load balancer. + Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. + Any subsequent extensions in the extension chain are also executed. + When set to FALSE: * If response headers have not been delivered to the downstream client, + a generic 500 error is returned to the client. The error response can be tailored by + configuring a custom error response in the load balancer. - !ruby/object:Api::Type::Array name: 'forwardHeaders' description: | - List of the HTTP headers to forward to the extension (from the client or backend). - If omitted, all headers are sent. Each element is a string indicating the header name. - item_type: Api::Type::String + List of the HTTP headers to forward to the extension (from the client or backend). + If omitted, all headers are sent. Each element is a string indicating the header name. + item_type: Api::Type::String - !ruby/object:Api::Type::Enum name: 'supportedEvents' description: | - A set of events during request or response processing for which this extension is called. + A set of events during request or response processing for which this extension is called. This field is required for the LbTrafficExtension resource. It's not relevant for the LbRouteExtension resource. values: - - :EVENT_TYPE_UNSPECIFIED + - :EVENT_TYPE_UNSPECIFIED - :REQUEST_HEADERS - :REQUEST_BODY - :RESPONSE_HEADERS @@ -180,6 +180,6 @@ properties: All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. For more information, refer to Choosing a load balancer. values: - - :LOAD_BALANCING_SCHEME_UNSPECIFIED + - :LOAD_BALANCING_SCHEME_UNSPECIFIED - :INTERNAL_MANAGED - - :EXTERNAL_MANAGED + - :EXTERNAL_MANAGED diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb index aac873cb571e..32f3bf0ad24b 100644 --- a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -214,4 +214,4 @@ resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resour } -# [END lb_traffic_extension] \ No newline at end of file +# [END lb_traffic_extension] From 5c9f2ff465cb6316ad14967e9038f9432761bc09 Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Wed, 3 Apr 2024 11:39:33 -0500 Subject: [PATCH 03/11] removing beta annotations --- mmv1/products/networkservices/LbTrafficExtension.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index bdd19842e26e..3b01cf517483 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -19,7 +19,6 @@ references: !ruby/object:Api::Resource::ReferenceLinks guides: 'Configure a traffic extension': 'https://cloud.google.com/service-extensions/docs/configure-callout#configure_a_traffic_extension' api: 'https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions' -min_version: beta base_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions' self_link: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}' timeouts: !ruby/object:Api::Timeouts @@ -51,7 +50,6 @@ examples: fw_allow_iap_hc_name: 'l7-ilb-fw-allow-iap-hc' fw_allow_ilb_to_backends_name: 'l7-ilb-fw-allow-ilb-to-backends' vm_test_name: 'l7-ilb-test-vm' - min_version: beta ignore_read_extra: - 'port_range' - 'target' From 9028fc5b328fbeb2c7f732a4d4df3cf17968bc7a Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Tue, 16 Apr 2024 10:15:47 -0500 Subject: [PATCH 04/11] updating test fields --- .../networkservices/LbTrafficExtension.yaml | 19 +++++++------------ ...services_lb_traffic_extension_basic.tf.erb | 2 +- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index 3b01cf517483..8cd54d39f67e 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -21,6 +21,7 @@ references: !ruby/object:Api::Resource::ReferenceLinks api: 'https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions' base_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions' self_link: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}' +min_version: beta timeouts: !ruby/object:Api::Timeouts insert_minutes: 20 update_minutes: 20 @@ -35,7 +36,7 @@ async: !ruby/object:Api::OpAsync examples: - !ruby/object:Provider::Terraform::Examples name: 'network_services_lb_traffic_extension_basic' - primary_resource_id: 'google_network_services_lb_traffic_extension' + primary_resource_id: 'default' vars: ilb_network_name: 'l7-ilb-network' proxy_subnet_name: 'l7-ilb-proxy-subnet' @@ -50,9 +51,6 @@ examples: fw_allow_iap_hc_name: 'l7-ilb-fw-allow-iap-hc' fw_allow_ilb_to_backends_name: 'l7-ilb-fw-allow-ilb-to-backends' vm_test_name: 'l7-ilb-test-vm' - ignore_read_extra: - - 'port_range' - - 'target' parameters: - !ruby/object:Api::Type::String name: 'location' @@ -160,18 +158,15 @@ properties: List of the HTTP headers to forward to the extension (from the client or backend). If omitted, all headers are sent. Each element is a string indicating the header name. item_type: Api::Type::String - - !ruby/object:Api::Type::Enum + - !ruby/object:Api::Type::Array name: 'supportedEvents' + min_size: 1 description: | A set of events during request or response processing for which this extension is called. This field is required for the LbTrafficExtension resource. It's not relevant for the LbRouteExtension - resource. - values: - - :EVENT_TYPE_UNSPECIFIED - - :REQUEST_HEADERS - - :REQUEST_BODY - - :RESPONSE_HEADERS - - :RESPONSE_BODY + resource. Possible values:`EVENT_TYPE_UNSPECIFIED`, `REQUEST_HEADERS`, `REQUEST_BODY`, `RESPONSE_HEADERS`, + `RESPONSE_BODY`, `RESPONSE_BODY` and `RESPONSE_BODY`. + item_type: Api::Type::String - !ruby/object:Api::Type::Enum name: 'loadBalancingScheme' description: | diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb index 32f3bf0ad24b..8565c8175bf3 100644 --- a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -194,7 +194,7 @@ resource "google_compute_instance" "vm-test" { resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resource_id] %>" { location = "us-west1" - name = "lb-traffic-extension" + name = "<%= ctx[:vars]['lb_traffic_extension_name'] %>" provider = google-beta forwarding_rules = ["https://www.googleapis.com/compute/v1/projects/myproj/regions/us-west1/forwardingRules/l7-ilb-forwarding-rule"] load_balancing_scheme = "INTERNAL_MANAGED" From cc68fea1a01a3aa0e53b05a71eec1b19ff155c08 Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Tue, 30 Apr 2024 07:04:05 -0500 Subject: [PATCH 05/11] fixed test by adding workaround --- .../networkservices/LbTrafficExtension.yaml | 5 + ...services_lb_traffic_extension_basic.tf.erb | 134 +++++++++++++++--- 2 files changed, 119 insertions(+), 20 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index 8cd54d39f67e..c90332681093 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -51,6 +51,11 @@ examples: fw_allow_iap_hc_name: 'l7-ilb-fw-allow-iap-hc' fw_allow_ilb_to_backends_name: 'l7-ilb-fw-allow-ilb-to-backends' vm_test_name: 'l7-ilb-test-vm' + lb_traffic_extension_name: 'l7-ilb-traffic-ext' + callouts_instance_name: 'l7-ilb-callouts-ins' + callouts_instance_group: 'l7-ilb-callouts-ins-group' + callouts_hc_name: 'l7-ilb-callouts-hc' + callouts_backend_name: 'l7-ilb-callouts-backend' parameters: - !ruby/object:Api::Type::String name: 'location' diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb index 8565c8175bf3..4e7a7e2fab47 100644 --- a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -1,6 +1,8 @@ -# Internal HTTP load balancer with a managed instance group backend +data "google_project" "project" { + provider = google-beta +} -# [START cloudloadbalancing_int_http_gce] +# Internal HTTP load balancer with a managed instance group backend # VPC network resource "google_compute_network" "ilb_network" { name = "<%= ctx[:vars]['ilb_network_name'] %>" @@ -191,27 +193,119 @@ resource "google_compute_instance" "vm-test" { # [END cloudloadbalancing_int_http_gce] # [START lb_traffic_extension] - resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resource_id] %>" { - location = "us-west1" - name = "<%= ctx[:vars]['lb_traffic_extension_name'] %>" - provider = google-beta - forwarding_rules = ["https://www.googleapis.com/compute/v1/projects/myproj/regions/us-west1/forwardingRules/l7-ilb-forwarding-rule"] - load_balancing_scheme = "INTERNAL_MANAGED" - extension_chains { - name = "chain1" - match_condition { - cel_expression = "request.host == 'example.com'" - } - extensions { - name = "ext11" - authority = "ext11.com" - service = "https://www.googleapis.com/compute/v1/projects/myproj/regions/us-west1/backendServices/l7-ilb-test-vm" - timeout = "0.1s" - supported_events = "REQUEST_HEADERS" - } + provider = google-beta + name = "<%= ctx[:vars]['lb_traffic_extension_name'] %>" + location = "us-west1" + load_balancing_scheme = "INTERNAL_MANAGED" + forwarding_rules = [ + "https://www.googleapis.com/compute/v1/projects/${data.google_project.project.number}/regions/${google_compute_forwarding_rule.default.region}/forwardingRules/${google_compute_forwarding_rule.default.name}" + ] + + extension_chains { + name = "chain1" + match_condition { + cel_expression = "request.host == 'example.com'" + } + extensions { + name = "ext11" + authority = "ext11.com" + service = "https://www.googleapis.com/compute/v1/projects/${data.google_project.project.number}/regions/${google_compute_region_backend_service.callouts_backend.region}/backendServices/${google_compute_region_backend_service.callouts_backend.name}" + timeout = "0.100s" + supported_events = ["REQUEST_HEADERS"] + fail_open = false + } + } +} + +# Traffic Extension Backend Instance +resource "google_compute_instance" "callouts_instance" { + provider = google-beta + + name = "<%= ctx[:vars]['callouts_instance_name'] %>" + zone = "us-west1-a" + + machine_type = "e2-small" + labels = { + "container-vm" = "cos-stable-109-17800-147-54" + } + tags = ["allow-ssh","load-balanced-backend"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { + # add external ip to fetch packages + } + } + boot_disk { + auto_delete = true + initialize_params { + type = "pd-standard" + size = 10 + image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" } + } + # Initialize an Envoy's Ext Proc gRPC API based on a docker container + metadata = { + gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" + google-logging-enabled = "true" + } + lifecycle { + create_before_destroy = true + } +} + +// callouts instance group +resource "google_compute_instance_group" "callouts_instance_group" { + provider = google-beta + name = "<%= ctx[:vars]['callouts_instance_group'] %>" + description = "Terraform test instance group" + + instances = [ + google_compute_instance.callouts_instance.id, + ] + + named_port { + name = "http" + port = "80" + } + + named_port { + name = "grpc" + port = "443" + } + + zone = "us-west1-a" +} + +# callout health check +resource "google_compute_region_health_check" "callouts_health_check" { + provider = google-beta + name = "<%= ctx[:vars]['callouts_hc_name'] %>" + region = "us-west1" + http_health_check { + port = 80 + } } +# callout backend service +resource "google_compute_region_backend_service" "callouts_backend" { + provider = google-beta + name = "<%= ctx[:vars]['callouts_backend_name'] %>" + region = "us-west1" + protocol = "HTTP2" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + + port_name = "grpc" + health_checks = [google_compute_region_health_check.callouts_health_check.id] + + backend { + group = google_compute_instance_group.callouts_instance_group.id + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} # [END lb_traffic_extension] From 9c5bcb6f3dd52ffc5dfde41eccbf111be96a8094 Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Tue, 7 May 2024 10:16:18 -0500 Subject: [PATCH 06/11] fixed basic test and added supress funcs --- .../networkservices/LbTrafficExtension.yaml | 3 ++ ...services_lb_traffic_extension_basic.tf.erb | 44 ++++++++++++------- 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index c90332681093..2629d26c1db8 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -86,6 +86,7 @@ properties: At least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule. required: true item_type: Api::Type::String + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' - !ruby/object:Api::Type::Array name: extensionChains description: | @@ -142,12 +143,14 @@ properties: description: | The reference to the service that runs the extension. Must be a reference to a backend service required: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' - !ruby/object:Api::Type::String name: 'timeout' description: | Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". required: true + diff_suppress_func: 'tpgresource.DurationDiffSuppress' - !ruby/object:Api::Type::Boolean name: 'failOpen' description: | diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb index 4e7a7e2fab47..e7743b2864a7 100644 --- a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -1,7 +1,3 @@ -data "google_project" "project" { - provider = google-beta -} - # Internal HTTP load balancer with a managed instance group backend # VPC network resource "google_compute_network" "ilb_network" { @@ -91,6 +87,7 @@ resource "google_compute_instance_template" "instance_template" { # add external ip to fetch packages } } + disk { source_image = "debian-cloud/debian-10" auto_delete = true @@ -120,6 +117,7 @@ resource "google_compute_instance_template" "instance_template" { EOF EOF1 } + lifecycle { create_before_destroy = true } @@ -130,6 +128,7 @@ resource "google_compute_region_health_check" "default" { name = "<%= ctx[:vars]['hc_name'] %>" provider = google-beta region = "us-west1" + http_health_check { port_specification = "USE_SERVING_PORT" } @@ -140,12 +139,14 @@ resource "google_compute_region_instance_group_manager" "mig" { name = "<%= ctx[:vars]['mig_name'] %>" provider = google-beta region = "us-west1" + + base_instance_name = "vm" + target_size = 2 + version { instance_template = google_compute_instance_template.instance_template.id name = "primary" } - base_instance_name = "vm" - target_size = 2 } # allow all access from IAP and health check ranges @@ -155,6 +156,7 @@ resource "google_compute_firewall" "fw-iap" { direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] + allow { protocol = "tcp" } @@ -168,6 +170,7 @@ resource "google_compute_firewall" "fw-ilb-to-backends" { network = google_compute_network.ilb_network.id source_ranges = ["10.0.0.0/24"] target_tags = ["http-server"] + allow { protocol = "tcp" ports = ["80", "443", "8080"] @@ -180,10 +183,12 @@ resource "google_compute_instance" "vm-test" { provider = google-beta zone = "us-west1-b" machine_type = "e2-small" + network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id } + boot_disk { initialize_params { image = "debian-cloud/debian-11" @@ -195,27 +200,35 @@ resource "google_compute_instance" "vm-test" { # [START lb_traffic_extension] resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resource_id] %>" { provider = google-beta - name = "<%= ctx[:vars]['lb_traffic_extension_name'] %>" - location = "us-west1" + name = "<%= ctx[:vars]['lb_traffic_extension_name'] %>" + description = "my traffic extension" + location = "us-west1" + load_balancing_scheme = "INTERNAL_MANAGED" - forwarding_rules = [ - "https://www.googleapis.com/compute/v1/projects/${data.google_project.project.number}/regions/${google_compute_forwarding_rule.default.region}/forwardingRules/${google_compute_forwarding_rule.default.name}" - ] + forwarding_rules = [google_compute_forwarding_rule.default.self_link] extension_chains { name = "chain1" + match_condition { cel_expression = "request.host == 'example.com'" } + extensions { - name = "ext11" + name = "ext11" authority = "ext11.com" - service = "https://www.googleapis.com/compute/v1/projects/${data.google_project.project.number}/regions/${google_compute_region_backend_service.callouts_backend.region}/backendServices/${google_compute_region_backend_service.callouts_backend.name}" - timeout = "0.100s" - supported_events = ["REQUEST_HEADERS"] + service = google_compute_region_backend_service.callouts_backend.self_link + timeout = "0.1s" fail_open = false + + supported_events = ["REQUEST_HEADERS"] + forward_headers = ["custom-header"] } } + + labels = { + foo = "bar" + } } # Traffic Extension Backend Instance @@ -298,7 +311,6 @@ resource "google_compute_region_backend_service" "callouts_backend" { protocol = "HTTP2" load_balancing_scheme = "INTERNAL_MANAGED" timeout_sec = 10 - port_name = "grpc" health_checks = [google_compute_region_health_check.callouts_health_check.id] From d43753a1254d70f6d617d994c1d58ca2cceb9740 Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Wed, 8 May 2024 10:22:23 -0500 Subject: [PATCH 07/11] added update test --- ...work_services_lb_traffic_extension_test.go | 693 ++++++++++++++++++ 1 file changed, 693 insertions(+) create mode 100644 mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go diff --git a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go new file mode 100644 index 000000000000..5161266de0a0 --- /dev/null +++ b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go @@ -0,0 +1,693 @@ +package networkservices_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" +) + +func TestAccNetworkServicesLbTrafficExtension_networkServicesLbTrafficExtensionBasicExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckNetworkServicesLbTrafficExtensionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccNetworkServicesLbTrafficExtension_basic(context), + }, + { + ResourceName: "google_network_services_lb_traffic_extension.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name", "labels", "terraform_labels"}, + }, + { + Config: testAccNetworkServicesLbTrafficExtension_update(context), + }, + { + ResourceName: "google_network_services_lb_traffic_extension.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name", "labels", "terraform_labels"}, + }, + }, + }) +} + +func testAccNetworkServicesLbTrafficExtension_basic(context map[string]interface{}) string { + return acctest.Nprintf(` +# Internal HTTP load balancer with a managed instance group backend +# VPC network +resource "google_compute_network" "ilb_network" { + name = "tf-test-l7-ilb-network%{random_suffix}" + provider = google-beta + auto_create_subnetworks = false +} + +# proxy-only subnet +resource "google_compute_subnetwork" "proxy_subnet" { + name = "tf-test-l7-ilb-proxy-subnet%{random_suffix}" + provider = google-beta + ip_cidr_range = "10.0.0.0/24" + region = "us-west1" + purpose = "REGIONAL_MANAGED_PROXY" + role = "ACTIVE" + network = google_compute_network.ilb_network.id +} + +# backend subnet +resource "google_compute_subnetwork" "ilb_subnet" { + name = "tf-test-l7-ilb-subnet%{random_suffix}" + provider = google-beta + ip_cidr_range = "10.0.1.0/24" + region = "us-west1" + network = google_compute_network.ilb_network.id +} + +# forwarding rule +resource "google_compute_forwarding_rule" "default" { + name = "tf-test-l7-ilb-forwarding-rule%{random_suffix}" + provider = google-beta + region = "us-west1" + depends_on = [google_compute_subnetwork.proxy_subnet] + ip_protocol = "TCP" + load_balancing_scheme = "INTERNAL_MANAGED" + port_range = "80" + target = google_compute_region_target_http_proxy.default.id + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + network_tier = "PREMIUM" +} + +# HTTP target proxy +resource "google_compute_region_target_http_proxy" "default" { + name = "tf-test-l7-ilb-target-http-proxy%{random_suffix}" + provider = google-beta + region = "us-west1" + url_map = google_compute_region_url_map.default.id +} + +# URL map +resource "google_compute_region_url_map" "default" { + name = "tf-test-l7-ilb-regional-url-map%{random_suffix}" + provider = google-beta + region = "us-west1" + default_service = google_compute_region_backend_service.default.id +} + +# backend service +resource "google_compute_region_backend_service" "default" { + name = "tf-test-l7-ilb-backend-subnet%{random_suffix}" + provider = google-beta + region = "us-west1" + protocol = "HTTP" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + health_checks = [google_compute_region_health_check.default.id] + backend { + group = google_compute_region_instance_group_manager.mig.instance_group + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} + +# instance template +resource "google_compute_instance_template" "instance_template" { + name = "tf-test-l7-ilb-mig-template%{random_suffix}" + provider = google-beta + machine_type = "e2-small" + tags = ["http-server"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { + # add external ip to fetch packages + } + } + + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + + cat < /var/www/html/index.html + 
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+
+ EOF + EOF1 + } + + lifecycle { + create_before_destroy = true + } +} + +# health check +resource "google_compute_region_health_check" "default" { + name = "tf-test-l7-ilb-hc%{random_suffix}" + provider = google-beta + region = "us-west1" + + http_health_check { + port_specification = "USE_SERVING_PORT" + } +} + +# MIG +resource "google_compute_region_instance_group_manager" "mig" { + name = "tf-test-l7-ilb-mig1%{random_suffix}" + provider = google-beta + region = "us-west1" + + base_instance_name = "vm" + target_size = 2 + + version { + instance_template = google_compute_instance_template.instance_template.id + name = "primary" + } +} + +# allow all access from IAP and health check ranges +resource "google_compute_firewall" "fw-iap" { + name = "tf-test-l7-ilb-fw-allow-iap-hc%{random_suffix}" + provider = google-beta + direction = "INGRESS" + network = google_compute_network.ilb_network.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] + + allow { + protocol = "tcp" + } +} + +# allow http from proxy subnet to backends +resource "google_compute_firewall" "fw-ilb-to-backends" { + name = "tf-test-l7-ilb-fw-allow-ilb-to-backends%{random_suffix}" + provider = google-beta + direction = "INGRESS" + network = google_compute_network.ilb_network.id + source_ranges = ["10.0.0.0/24"] + target_tags = ["http-server"] + + allow { + protocol = "tcp" + ports = ["80", "443", "8080"] + } +} + +# test instance +resource "google_compute_instance" "vm-test" { + name = "tf-test-l7-ilb-test-vm%{random_suffix}" + provider = google-beta + zone = "us-west1-b" + machine_type = "e2-small" + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + } + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } +} + +resource "google_network_services_lb_traffic_extension" "default" { + provider = google-beta + name = "tf-test-l7-ilb-traffic-ext%{random_suffix}" + description = "my traffic extension" + location = "us-west1" + + load_balancing_scheme = "INTERNAL_MANAGED" + forwarding_rules = [google_compute_forwarding_rule.default.self_link] + + extension_chains { + name = "chain1" + + match_condition { + cel_expression = "request.host == 'example.com'" + } + + extensions { + name = "ext11" + authority = "ext11.com" + service = google_compute_region_backend_service.callouts_backend.self_link + timeout = "0.1s" + fail_open = false + + supported_events = ["REQUEST_HEADERS"] + forward_headers = ["custom-header"] + } + } + + labels = { + foo = "bar" + } +} + +# Traffic Extension Backend Instance +resource "google_compute_instance" "callouts_instance" { + provider = google-beta + + name = "tf-test-l7-ilb-callouts-ins%{random_suffix}" + zone = "us-west1-a" + + machine_type = "e2-small" + labels = { + "container-vm" = "cos-stable-109-17800-147-54" + } + tags = ["allow-ssh","load-balanced-backend"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { + # add external ip to fetch packages + } + } + boot_disk { + auto_delete = true + initialize_params { + type = "pd-standard" + size = 10 + image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" + } + } + + # Initialize an Envoy's Ext Proc gRPC API based on a docker container + metadata = { + gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" + google-logging-enabled = "true" + } + lifecycle { + create_before_destroy = true + } +} + +// callouts instance group +resource "google_compute_instance_group" "callouts_instance_group" { + provider = google-beta + name = "tf-test-l7-ilb-callouts-ins-group%{random_suffix}" + description = "Terraform test instance group" + + instances = [ + google_compute_instance.callouts_instance.id, + ] + + named_port { + name = "http" + port = "80" + } + + named_port { + name = "grpc" + port = "443" + } + + zone = "us-west1-a" +} + +# callout health check +resource "google_compute_region_health_check" "callouts_health_check" { + provider = google-beta + name = "tf-test-l7-ilb-callouts-hc%{random_suffix}" + region = "us-west1" + http_health_check { + port = 80 + } +} + +# callout backend service +resource "google_compute_region_backend_service" "callouts_backend" { + provider = google-beta + name = "tf-test-l7-ilb-callouts-backend%{random_suffix}" + region = "us-west1" + protocol = "HTTP2" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + port_name = "grpc" + health_checks = [google_compute_region_health_check.callouts_health_check.id] + + backend { + group = google_compute_instance_group.callouts_instance_group.id + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} +`, context) +} + +func testAccNetworkServicesLbTrafficExtension_update(context map[string]interface{}) string { + return acctest.Nprintf(` +# Internal HTTP load balancer with a managed instance group backend +# VPC network +resource "google_compute_network" "ilb_network" { + name = "tf-test-l7-ilb-network%{random_suffix}" + provider = google-beta + auto_create_subnetworks = false +} + +# proxy-only subnet +resource "google_compute_subnetwork" "proxy_subnet" { + name = "tf-test-l7-ilb-proxy-subnet%{random_suffix}" + provider = google-beta + ip_cidr_range = "10.0.0.0/24" + region = "us-west1" + purpose = "REGIONAL_MANAGED_PROXY" + role = "ACTIVE" + network = google_compute_network.ilb_network.id +} + +# backend subnet +resource "google_compute_subnetwork" "ilb_subnet" { + name = "tf-test-l7-ilb-subnet%{random_suffix}" + provider = google-beta + ip_cidr_range = "10.0.1.0/24" + region = "us-west1" + network = google_compute_network.ilb_network.id +} + +# forwarding rule +resource "google_compute_forwarding_rule" "default" { + name = "tf-test-l7-ilb-forwarding-rule%{random_suffix}" + provider = google-beta + region = "us-west1" + depends_on = [google_compute_subnetwork.proxy_subnet] + ip_protocol = "TCP" + load_balancing_scheme = "INTERNAL_MANAGED" + port_range = "80" + target = google_compute_region_target_http_proxy.default.id + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + network_tier = "PREMIUM" +} + +# HTTP target proxy +resource "google_compute_region_target_http_proxy" "default" { + name = "tf-test-l7-ilb-target-http-proxy%{random_suffix}" + provider = google-beta + region = "us-west1" + url_map = google_compute_region_url_map.default.id +} + +# URL map +resource "google_compute_region_url_map" "default" { + name = "tf-test-l7-ilb-regional-url-map%{random_suffix}" + provider = google-beta + region = "us-west1" + default_service = google_compute_region_backend_service.default.id +} + +# backend service +resource "google_compute_region_backend_service" "default" { + name = "tf-test-l7-ilb-backend-subnet%{random_suffix}" + provider = google-beta + region = "us-west1" + protocol = "HTTP" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + health_checks = [google_compute_region_health_check.default.id] + backend { + group = google_compute_region_instance_group_manager.mig.instance_group + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} + +# instance template +resource "google_compute_instance_template" "instance_template" { + name = "tf-test-l7-ilb-mig-template%{random_suffix}" + provider = google-beta + machine_type = "e2-small" + tags = ["http-server"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { + # add external ip to fetch packages + } + } + + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + + cat < /var/www/html/index.html + 
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+
+ EOF + EOF1 + } + + lifecycle { + create_before_destroy = true + } +} + +# health check +resource "google_compute_region_health_check" "default" { + name = "tf-test-l7-ilb-hc%{random_suffix}" + provider = google-beta + region = "us-west1" + + http_health_check { + port_specification = "USE_SERVING_PORT" + } +} + +# MIG +resource "google_compute_region_instance_group_manager" "mig" { + name = "tf-test-l7-ilb-mig1%{random_suffix}" + provider = google-beta + region = "us-west1" + + base_instance_name = "vm" + target_size = 2 + + version { + instance_template = google_compute_instance_template.instance_template.id + name = "primary" + } +} + +# allow all access from IAP and health check ranges +resource "google_compute_firewall" "fw-iap" { + name = "tf-test-l7-ilb-fw-allow-iap-hc%{random_suffix}" + provider = google-beta + direction = "INGRESS" + network = google_compute_network.ilb_network.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] + + allow { + protocol = "tcp" + } +} + +# allow http from proxy subnet to backends +resource "google_compute_firewall" "fw-ilb-to-backends" { + name = "tf-test-l7-ilb-fw-allow-ilb-to-backends%{random_suffix}" + provider = google-beta + direction = "INGRESS" + network = google_compute_network.ilb_network.id + source_ranges = ["10.0.0.0/24"] + target_tags = ["http-server"] + + allow { + protocol = "tcp" + ports = ["80", "443", "8080"] + } +} + +# test instance +resource "google_compute_instance" "vm-test" { + name = "tf-test-l7-ilb-test-vm%{random_suffix}" + provider = google-beta + zone = "us-west1-b" + machine_type = "e2-small" + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + } + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } +} + +resource "google_network_services_lb_traffic_extension" "default" { + provider = google-beta + name = "tf-test-l7-ilb-traffic-ext%{random_suffix}" + description = "my traffic extension" + location = "us-west1" + + load_balancing_scheme = "INTERNAL_MANAGED" + forwarding_rules = [google_compute_forwarding_rule.default.self_link] + + extension_chains { + name = "chain1" + + match_condition { + cel_expression = "request.host == 'example.com'" + } + + extensions { + name = "ext11" + authority = "ext11.com" + service = google_compute_region_backend_service.callouts_backend.self_link + timeout = "0.1s" + fail_open = false + + supported_events = ["REQUEST_HEADERS"] + forward_headers = ["custom-header"] + } + } + + labels = { + foo = "bar" + } +} + +# Traffic Extension Backend Instance +resource "google_compute_instance" "callouts_instance" { + provider = google-beta + + name = "tf-test-l7-ilb-callouts-ins%{random_suffix}" + zone = "us-west1-a" + + machine_type = "e2-small" + labels = { + "container-vm" = "cos-stable-109-17800-147-54" + } + tags = ["allow-ssh","load-balanced-backend"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { + # add external ip to fetch packages + } + } + boot_disk { + auto_delete = true + initialize_params { + type = "pd-standard" + size = 10 + image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" + } + } + + # Initialize an Envoy's Ext Proc gRPC API based on a docker container + metadata = { + gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" + google-logging-enabled = "true" + } + lifecycle { + create_before_destroy = true + } +} + +// callouts instance group +resource "google_compute_instance_group" "callouts_instance_group" { + provider = google-beta + name = "tf-test-l7-ilb-callouts-ins-group%{random_suffix}" + description = "Terraform test instance group" + + instances = [ + google_compute_instance.callouts_instance.id, + ] + + named_port { + name = "http" + port = "80" + } + + named_port { + name = "grpc" + port = "443" + } + + zone = "us-west1-a" +} + +# callout health check +resource "google_compute_region_health_check" "callouts_health_check" { + provider = google-beta + name = "tf-test-l7-ilb-callouts-hc%{random_suffix}" + region = "us-west1" + http_health_check { + port = 80 + } +} + +# callout backend service +resource "google_compute_region_backend_service" "callouts_backend" { + provider = google-beta + name = "tf-test-l7-ilb-callouts-backend%{random_suffix}" + region = "us-west1" + protocol = "HTTP2" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + port_name = "grpc" + health_checks = [google_compute_region_health_check.callouts_health_check.id] + + backend { + group = google_compute_instance_group.callouts_instance_group.id + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} +`, context) +} From 3b6e04017f263d3c3387edffdb50e1409633395b Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Thu, 9 May 2024 11:12:17 -0500 Subject: [PATCH 08/11] added update test --- .../networkservices/LbTrafficExtension.yaml | 2 +- ...work_services_lb_traffic_extension_test.go | 290 ++++++++++-------- 2 files changed, 171 insertions(+), 121 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index 2629d26c1db8..d0b031ac9a57 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -77,7 +77,7 @@ properties: description: | A human-readable description of the resource. - !ruby/object:Api::Type::KeyValueLabels - name: labels + name: 'labels' description: 'Set of labels associated with the LbTrafficExtension resource.' - !ruby/object:Api::Type::Array name: forwardingRules diff --git a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go index 5161266de0a0..fc3510d586ec 100644 --- a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go +++ b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go @@ -4,11 +4,10 @@ import ( "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-provider-google/google/acctest" ) -func TestAccNetworkServicesLbTrafficExtension_networkServicesLbTrafficExtensionBasicExample(t *testing.T) { +func TestAccNetworkServicesLbTrafficExtension_update(t *testing.T) { t.Parallel() context := map[string]interface{}{ @@ -17,7 +16,7 @@ func TestAccNetworkServicesLbTrafficExtension_networkServicesLbTrafficExtensionB acctest.VcrTest(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, - ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), CheckDestroy: testAccCheckNetworkServicesLbTrafficExtensionDestroyProducer(t), Steps: []resource.TestStep{ { @@ -48,14 +47,12 @@ func testAccNetworkServicesLbTrafficExtension_basic(context map[string]interface # VPC network resource "google_compute_network" "ilb_network" { name = "tf-test-l7-ilb-network%{random_suffix}" - provider = google-beta auto_create_subnetworks = false } # proxy-only subnet resource "google_compute_subnetwork" "proxy_subnet" { name = "tf-test-l7-ilb-proxy-subnet%{random_suffix}" - provider = google-beta ip_cidr_range = "10.0.0.0/24" region = "us-west1" purpose = "REGIONAL_MANAGED_PROXY" @@ -66,7 +63,6 @@ resource "google_compute_subnetwork" "proxy_subnet" { # backend subnet resource "google_compute_subnetwork" "ilb_subnet" { name = "tf-test-l7-ilb-subnet%{random_suffix}" - provider = google-beta ip_cidr_range = "10.0.1.0/24" region = "us-west1" network = google_compute_network.ilb_network.id @@ -75,7 +71,6 @@ resource "google_compute_subnetwork" "ilb_subnet" { # forwarding rule resource "google_compute_forwarding_rule" "default" { name = "tf-test-l7-ilb-forwarding-rule%{random_suffix}" - provider = google-beta region = "us-west1" depends_on = [google_compute_subnetwork.proxy_subnet] ip_protocol = "TCP" @@ -90,7 +85,6 @@ resource "google_compute_forwarding_rule" "default" { # HTTP target proxy resource "google_compute_region_target_http_proxy" "default" { name = "tf-test-l7-ilb-target-http-proxy%{random_suffix}" - provider = google-beta region = "us-west1" url_map = google_compute_region_url_map.default.id } @@ -98,7 +92,6 @@ resource "google_compute_region_target_http_proxy" "default" { # URL map resource "google_compute_region_url_map" "default" { name = "tf-test-l7-ilb-regional-url-map%{random_suffix}" - provider = google-beta region = "us-west1" default_service = google_compute_region_backend_service.default.id } @@ -106,7 +99,6 @@ resource "google_compute_region_url_map" "default" { # backend service resource "google_compute_region_backend_service" "default" { name = "tf-test-l7-ilb-backend-subnet%{random_suffix}" - provider = google-beta region = "us-west1" protocol = "HTTP" load_balancing_scheme = "INTERNAL_MANAGED" @@ -122,7 +114,6 @@ resource "google_compute_region_backend_service" "default" { # instance template resource "google_compute_instance_template" "instance_template" { name = "tf-test-l7-ilb-mig-template%{random_suffix}" - provider = google-beta machine_type = "e2-small" tags = ["http-server"] @@ -172,7 +163,6 @@ resource "google_compute_instance_template" "instance_template" { # health check resource "google_compute_region_health_check" "default" { name = "tf-test-l7-ilb-hc%{random_suffix}" - provider = google-beta region = "us-west1" http_health_check { @@ -183,7 +173,6 @@ resource "google_compute_region_health_check" "default" { # MIG resource "google_compute_region_instance_group_manager" "mig" { name = "tf-test-l7-ilb-mig1%{random_suffix}" - provider = google-beta region = "us-west1" base_instance_name = "vm" @@ -198,7 +187,6 @@ resource "google_compute_region_instance_group_manager" "mig" { # allow all access from IAP and health check ranges resource "google_compute_firewall" "fw-iap" { name = "tf-test-l7-ilb-fw-allow-iap-hc%{random_suffix}" - provider = google-beta direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] @@ -211,7 +199,6 @@ resource "google_compute_firewall" "fw-iap" { # allow http from proxy subnet to backends resource "google_compute_firewall" "fw-ilb-to-backends" { name = "tf-test-l7-ilb-fw-allow-ilb-to-backends%{random_suffix}" - provider = google-beta direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["10.0.0.0/24"] @@ -223,51 +210,31 @@ resource "google_compute_firewall" "fw-ilb-to-backends" { } } -# test instance -resource "google_compute_instance" "vm-test" { - name = "tf-test-l7-ilb-test-vm%{random_suffix}" - provider = google-beta - zone = "us-west1-b" - machine_type = "e2-small" - - network_interface { - network = google_compute_network.ilb_network.id - subnetwork = google_compute_subnetwork.ilb_subnet.id - } - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } - } -} - resource "google_network_services_lb_traffic_extension" "default" { - provider = google-beta - name = "tf-test-l7-ilb-traffic-ext%{random_suffix}" + name = "tf-test-l7-ilb-traffic-ext%{random_suffix}" description = "my traffic extension" - location = "us-west1" + location = "us-west1" load_balancing_scheme = "INTERNAL_MANAGED" forwarding_rules = [google_compute_forwarding_rule.default.self_link] extension_chains { - name = "chain1" + name = "chain1" - match_condition { - cel_expression = "request.host == 'example.com'" - } + match_condition { + cel_expression = "request.host == 'example.com'" + } - extensions { - name = "ext11" - authority = "ext11.com" - service = google_compute_region_backend_service.callouts_backend.self_link - timeout = "0.1s" - fail_open = false + extensions { + name = "ext11" + authority = "ext11.com" + service = google_compute_region_backend_service.callouts_backend.self_link + timeout = "0.1s" + fail_open = false - supported_events = ["REQUEST_HEADERS"] - forward_headers = ["custom-header"] - } + supported_events = ["REQUEST_HEADERS"] + forward_headers = ["custom-header"] + } } labels = { @@ -277,29 +244,31 @@ resource "google_network_services_lb_traffic_extension" "default" { # Traffic Extension Backend Instance resource "google_compute_instance" "callouts_instance" { - provider = google-beta - - name = "tf-test-l7-ilb-callouts-ins%{random_suffix}" - zone = "us-west1-a" - + name = "tf-test-l7-ilb-callouts-ins%{random_suffix}" + zone = "us-west1-a" machine_type = "e2-small" + labels = { "container-vm" = "cos-stable-109-17800-147-54" } - tags = ["allow-ssh","load-balanced-backend"] + + tags = ["allow-ssh","load-balanced-backend"] network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { # add external ip to fetch packages } } + boot_disk { auto_delete = true + initialize_params { - type = "pd-standard" - size = 10 + type = "pd-standard" + size = 10 image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" } } @@ -309,14 +278,16 @@ resource "google_compute_instance" "callouts_instance" { gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" google-logging-enabled = "true" } + lifecycle { create_before_destroy = true } + + deletion_protection = false } // callouts instance group resource "google_compute_instance_group" "callouts_instance_group" { - provider = google-beta name = "tf-test-l7-ilb-callouts-ins-group%{random_suffix}" description = "Terraform test instance group" @@ -339,7 +310,6 @@ resource "google_compute_instance_group" "callouts_instance_group" { # callout health check resource "google_compute_region_health_check" "callouts_health_check" { - provider = google-beta name = "tf-test-l7-ilb-callouts-hc%{random_suffix}" region = "us-west1" http_health_check { @@ -349,7 +319,6 @@ resource "google_compute_region_health_check" "callouts_health_check" { # callout backend service resource "google_compute_region_backend_service" "callouts_backend" { - provider = google-beta name = "tf-test-l7-ilb-callouts-backend%{random_suffix}" region = "us-west1" protocol = "HTTP2" @@ -373,14 +342,12 @@ func testAccNetworkServicesLbTrafficExtension_update(context map[string]interfac # VPC network resource "google_compute_network" "ilb_network" { name = "tf-test-l7-ilb-network%{random_suffix}" - provider = google-beta auto_create_subnetworks = false } # proxy-only subnet resource "google_compute_subnetwork" "proxy_subnet" { name = "tf-test-l7-ilb-proxy-subnet%{random_suffix}" - provider = google-beta ip_cidr_range = "10.0.0.0/24" region = "us-west1" purpose = "REGIONAL_MANAGED_PROXY" @@ -391,7 +358,6 @@ resource "google_compute_subnetwork" "proxy_subnet" { # backend subnet resource "google_compute_subnetwork" "ilb_subnet" { name = "tf-test-l7-ilb-subnet%{random_suffix}" - provider = google-beta ip_cidr_range = "10.0.1.0/24" region = "us-west1" network = google_compute_network.ilb_network.id @@ -400,7 +366,6 @@ resource "google_compute_subnetwork" "ilb_subnet" { # forwarding rule resource "google_compute_forwarding_rule" "default" { name = "tf-test-l7-ilb-forwarding-rule%{random_suffix}" - provider = google-beta region = "us-west1" depends_on = [google_compute_subnetwork.proxy_subnet] ip_protocol = "TCP" @@ -415,7 +380,6 @@ resource "google_compute_forwarding_rule" "default" { # HTTP target proxy resource "google_compute_region_target_http_proxy" "default" { name = "tf-test-l7-ilb-target-http-proxy%{random_suffix}" - provider = google-beta region = "us-west1" url_map = google_compute_region_url_map.default.id } @@ -423,7 +387,6 @@ resource "google_compute_region_target_http_proxy" "default" { # URL map resource "google_compute_region_url_map" "default" { name = "tf-test-l7-ilb-regional-url-map%{random_suffix}" - provider = google-beta region = "us-west1" default_service = google_compute_region_backend_service.default.id } @@ -431,7 +394,6 @@ resource "google_compute_region_url_map" "default" { # backend service resource "google_compute_region_backend_service" "default" { name = "tf-test-l7-ilb-backend-subnet%{random_suffix}" - provider = google-beta region = "us-west1" protocol = "HTTP" load_balancing_scheme = "INTERNAL_MANAGED" @@ -447,7 +409,6 @@ resource "google_compute_region_backend_service" "default" { # instance template resource "google_compute_instance_template" "instance_template" { name = "tf-test-l7-ilb-mig-template%{random_suffix}" - provider = google-beta machine_type = "e2-small" tags = ["http-server"] @@ -497,7 +458,6 @@ resource "google_compute_instance_template" "instance_template" { # health check resource "google_compute_region_health_check" "default" { name = "tf-test-l7-ilb-hc%{random_suffix}" - provider = google-beta region = "us-west1" http_health_check { @@ -508,7 +468,6 @@ resource "google_compute_region_health_check" "default" { # MIG resource "google_compute_region_instance_group_manager" "mig" { name = "tf-test-l7-ilb-mig1%{random_suffix}" - provider = google-beta region = "us-west1" base_instance_name = "vm" @@ -523,7 +482,6 @@ resource "google_compute_region_instance_group_manager" "mig" { # allow all access from IAP and health check ranges resource "google_compute_firewall" "fw-iap" { name = "tf-test-l7-ilb-fw-allow-iap-hc%{random_suffix}" - provider = google-beta direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] @@ -536,7 +494,6 @@ resource "google_compute_firewall" "fw-iap" { # allow http from proxy subnet to backends resource "google_compute_firewall" "fw-ilb-to-backends" { name = "tf-test-l7-ilb-fw-allow-ilb-to-backends%{random_suffix}" - provider = google-beta direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["10.0.0.0/24"] @@ -548,51 +505,50 @@ resource "google_compute_firewall" "fw-ilb-to-backends" { } } -# test instance -resource "google_compute_instance" "vm-test" { - name = "tf-test-l7-ilb-test-vm%{random_suffix}" - provider = google-beta - zone = "us-west1-b" - machine_type = "e2-small" - - network_interface { - network = google_compute_network.ilb_network.id - subnetwork = google_compute_subnetwork.ilb_subnet.id - } - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } - } -} - resource "google_network_services_lb_traffic_extension" "default" { - provider = google-beta - name = "tf-test-l7-ilb-traffic-ext%{random_suffix}" + name = "tf-test-l7-ilb-traffic-ext%{random_suffix}" description = "my traffic extension" - location = "us-west1" + location = "us-west1" load_balancing_scheme = "INTERNAL_MANAGED" forwarding_rules = [google_compute_forwarding_rule.default.self_link] extension_chains { - name = "chain1" + name = "chain1" - match_condition { - cel_expression = "request.host == 'example.com'" - } + match_condition { + cel_expression = "request.host == 'example.com'" + } - extensions { - name = "ext11" - authority = "ext11.com" - service = google_compute_region_backend_service.callouts_backend.self_link - timeout = "0.1s" - fail_open = false + extensions { + name = "ext12" + authority = "ext12.com" + service = google_compute_region_backend_service.callouts_backend_2.self_link + timeout = "0.1s" + fail_open = false - supported_events = ["REQUEST_HEADERS"] - forward_headers = ["custom-header"] - } + supported_events = ["REQUEST_HEADERS"] + forward_headers = ["custom-header"] + } + } + + extension_chains { + name = "chain2" + + match_condition { + cel_expression = "request.host == 'example.com'" + } + + extensions { + name = "ext11" + authority = "ext11.com" + service = google_compute_region_backend_service.callouts_backend.self_link + timeout = "0.1s" + fail_open = false + + supported_events = ["REQUEST_HEADERS"] + forward_headers = ["custom-header"] + } } labels = { @@ -600,31 +556,33 @@ resource "google_network_services_lb_traffic_extension" "default" { } } -# Traffic Extension Backend Instance +# traffic extension backend instance resource "google_compute_instance" "callouts_instance" { - provider = google-beta - - name = "tf-test-l7-ilb-callouts-ins%{random_suffix}" - zone = "us-west1-a" - + name = "tf-test-l7-ilb-callouts-ins%{random_suffix}" + zone = "us-west1-a" machine_type = "e2-small" + labels = { "container-vm" = "cos-stable-109-17800-147-54" } - tags = ["allow-ssh","load-balanced-backend"] + + tags = ["allow-ssh","load-balanced-backend"] network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { # add external ip to fetch packages } } + boot_disk { auto_delete = true + initialize_params { - type = "pd-standard" - size = 10 + type = "pd-standard" + size = 10 image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" } } @@ -634,14 +592,16 @@ resource "google_compute_instance" "callouts_instance" { gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" google-logging-enabled = "true" } + lifecycle { create_before_destroy = true } + + deletion_protection = false } // callouts instance group resource "google_compute_instance_group" "callouts_instance_group" { - provider = google-beta name = "tf-test-l7-ilb-callouts-ins-group%{random_suffix}" description = "Terraform test instance group" @@ -664,7 +624,6 @@ resource "google_compute_instance_group" "callouts_instance_group" { # callout health check resource "google_compute_region_health_check" "callouts_health_check" { - provider = google-beta name = "tf-test-l7-ilb-callouts-hc%{random_suffix}" region = "us-west1" http_health_check { @@ -674,7 +633,6 @@ resource "google_compute_region_health_check" "callouts_health_check" { # callout backend service resource "google_compute_region_backend_service" "callouts_backend" { - provider = google-beta name = "tf-test-l7-ilb-callouts-backend%{random_suffix}" region = "us-west1" protocol = "HTTP2" @@ -689,5 +647,97 @@ resource "google_compute_region_backend_service" "callouts_backend" { capacity_scaler = 1.0 } } + +# traffic extension backend instance 2 +resource "google_compute_instance" "callouts_instance_2" { + name = "tf-test-l7-ilb-callouts-ins-2%{random_suffix}" + zone = "us-west1-a" + machine_type = "e2-small" + + labels = { + "container-vm" = "cos-stable-109-17800-147-54" + } + + tags = ["allow-ssh","load-balanced-backend"] + + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + + access_config { + # add external ip to fetch packages + } + } + + boot_disk { + auto_delete = true + + initialize_params { + type = "pd-standard" + size = 10 + image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" + } + } + + # Initialize an Envoy's Ext Proc gRPC API based on a docker container + metadata = { + gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" + google-logging-enabled = "true" + } + + lifecycle { + create_before_destroy = true + } + + deletion_protection = false +} + +// callouts instance group 2 +resource "google_compute_instance_group" "callouts_instance_group_2" { + name = "tf-test-l7-ilb-callouts-ins-group-2%{random_suffix}" + description = "Terraform test instance group" + + instances = [ + google_compute_instance.callouts_instance_2.id, + ] + + named_port { + name = "http" + port = "80" + } + + named_port { + name = "grpc" + port = "443" + } + + zone = "us-west1-a" +} + +# callout health check 2 +resource "google_compute_region_health_check" "callouts_health_check_2" { + name = "tf-test-l7-ilb-callouts-hc-2%{random_suffix}" + region = "us-west1" + http_health_check { + port = 80 + } +} + +# callout backend service +resource "google_compute_region_backend_service" "callouts_backend_2" { + name = "tf-test-l7-ilb-callouts-backend-2%{random_suffix}" + region = "us-west1" + protocol = "HTTP2" + load_balancing_scheme = "INTERNAL_MANAGED" + timeout_sec = 10 + port_name = "grpc" + health_checks = [google_compute_region_health_check.callouts_health_check_2.id] + + backend { + group = google_compute_instance_group.callouts_instance_group_2.id + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} `, context) } From 0b5518c85b41e14591bf01191e9128b69cce82a0 Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Thu, 9 May 2024 16:13:33 -0500 Subject: [PATCH 09/11] removed min_version beta --- mmv1/products/networkservices/LbTrafficExtension.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index d0b031ac9a57..0c307c54f7f6 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -21,7 +21,6 @@ references: !ruby/object:Api::Resource::ReferenceLinks api: 'https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions' base_url: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions' self_link: 'projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}' -min_version: beta timeouts: !ruby/object:Api::Timeouts insert_minutes: 20 update_minutes: 20 From 2d324327ba94da40e292ae34e8a9a22a3728b7b1 Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Fri, 10 May 2024 08:59:54 -0500 Subject: [PATCH 10/11] added explicit resource dependency for replaying mode --- .../networkservices/LbTrafficExtension.yaml | 1 + ...services_lb_traffic_extension_basic.tf.erb | 92 ++++++++++++------- ...work_services_lb_traffic_extension_test.go | 78 +++++++++++++--- 3 files changed, 128 insertions(+), 43 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index 0c307c54f7f6..ecf56a8d05fb 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -36,6 +36,7 @@ examples: - !ruby/object:Provider::Terraform::Examples name: 'network_services_lb_traffic_extension_basic' primary_resource_id: 'default' + min_version: beta vars: ilb_network_name: 'l7-ilb-network' proxy_subnet_name: 'l7-ilb-proxy-subnet' diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb index e7743b2864a7..06c3bbd3fe2b 100644 --- a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -24,6 +24,10 @@ resource "google_compute_subnetwork" "ilb_subnet" { ip_cidr_range = "10.0.1.0/24" region = "us-west1" network = google_compute_network.ilb_network.id + + depends_on = [ + google_compute_subnetwork.proxy_subnet + ] } # forwarding rule @@ -31,7 +35,6 @@ resource "google_compute_forwarding_rule" "default" { name = "<%= ctx[:vars]['forwarding_rule_name'] %>" provider = google-beta region = "us-west1" - depends_on = [google_compute_subnetwork.proxy_subnet] ip_protocol = "TCP" load_balancing_scheme = "INTERNAL_MANAGED" port_range = "80" @@ -39,6 +42,10 @@ resource "google_compute_forwarding_rule" "default" { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id network_tier = "PREMIUM" + + depends_on = [ + google_compute_subnetwork.proxy_subnet + ] } # HTTP target proxy @@ -150,7 +157,7 @@ resource "google_compute_region_instance_group_manager" "mig" { } # allow all access from IAP and health check ranges -resource "google_compute_firewall" "fw-iap" { +resource "google_compute_firewall" "fw_iap" { name = "<%= ctx[:vars]['fw_allow_iap_hc_name'] %>" provider = google-beta direction = "INGRESS" @@ -163,7 +170,7 @@ resource "google_compute_firewall" "fw-iap" { } # allow http from proxy subnet to backends -resource "google_compute_firewall" "fw-ilb-to-backends" { +resource "google_compute_firewall" "fw_ilb_to_backends" { name = "<%= ctx[:vars]['fw_allow_ilb_to_backends_name'] %>" provider = google-beta direction = "INGRESS" @@ -175,25 +182,10 @@ resource "google_compute_firewall" "fw-ilb-to-backends" { protocol = "tcp" ports = ["80", "443", "8080"] } -} - -# test instance -resource "google_compute_instance" "vm-test" { - name = "<%= ctx[:vars]['vm_test_name'] %>" - provider = google-beta - zone = "us-west1-b" - machine_type = "e2-small" - - network_interface { - network = google_compute_network.ilb_network.id - subnetwork = google_compute_subnetwork.ilb_subnet.id - } - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } - } + depends_on = [ + google_compute_firewall.fw_iap + ] } # [END cloudloadbalancing_int_http_gce] @@ -231,31 +223,54 @@ resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resour } } -# Traffic Extension Backend Instance -resource "google_compute_instance" "callouts_instance" { - provider = google-beta +# test instance +resource "google_compute_instance" "vm_test" { + name = "<%= ctx[:vars]['vm_test_name'] %>" + provider = google-beta + zone = "us-west1-b" + machine_type = "e2-small" - name = "<%= ctx[:vars]['callouts_instance_name'] %>" - zone = "us-west1-a" + network_interface { + network = google_compute_network.ilb_network.id + subnetwork = google_compute_subnetwork.ilb_subnet.id + } + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } +} + +# Traffic Extension Backend Instance +resource "google_compute_instance" "callouts_instance" { + provider = google-beta + name = "<%= ctx[:vars]['callouts_instance_name'] %>" + zone = "us-west1-a" machine_type = "e2-small" + labels = { "container-vm" = "cos-stable-109-17800-147-54" } + tags = ["allow-ssh","load-balanced-backend"] network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { - # add external ip to fetch packages + # add external ip to fetch packages } + } + boot_disk { auto_delete = true + initialize_params { - type = "pd-standard" - size = 10 + type = "pd-standard" + size = 10 image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54" } } @@ -265,9 +280,16 @@ resource "google_compute_instance" "callouts_instance" { gce-container-declaration = "# DISCLAIMER:\n# This container declaration format is not a public API and may change without\n# notice. Please use gcloud command-line tool or Google Cloud Console to run\n# Containers on Google Compute Engine.\n\nspec:\n containers:\n - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest\n name: callouts-vm\n securityContext:\n privileged: false\n stdin: false\n tty: false\n volumeMounts: []\n restartPolicy: Always\n volumes: []\n" google-logging-enabled = "true" } + lifecycle { create_before_destroy = true } + + deletion_protection = false + + depends_on = [ + google_compute_instance.vm_test + ] } // callouts instance group @@ -275,6 +297,7 @@ resource "google_compute_instance_group" "callouts_instance_group" { provider = google-beta name = "<%= ctx[:vars]['callouts_instance_group'] %>" description = "Terraform test instance group" + zone = "us-west1-a" instances = [ google_compute_instance.callouts_instance.id, @@ -289,8 +312,6 @@ resource "google_compute_instance_group" "callouts_instance_group" { name = "grpc" port = "443" } - - zone = "us-west1-a" } # callout health check @@ -298,9 +319,14 @@ resource "google_compute_region_health_check" "callouts_health_check" { provider = google-beta name = "<%= ctx[:vars]['callouts_hc_name'] %>" region = "us-west1" + http_health_check { port = 80 } + + depends_on = [ + google_compute_region_health_check.default + ] } # callout backend service @@ -319,5 +345,9 @@ resource "google_compute_region_backend_service" "callouts_backend" { balancing_mode = "UTILIZATION" capacity_scaler = 1.0 } + + depends_on = [ + google_compute_region_backend_service.default + ] } # [END lb_traffic_extension] diff --git a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go index fc3510d586ec..60131f9dccf2 100644 --- a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go +++ b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go @@ -66,13 +66,16 @@ resource "google_compute_subnetwork" "ilb_subnet" { ip_cidr_range = "10.0.1.0/24" region = "us-west1" network = google_compute_network.ilb_network.id + + depends_on = [ + google_compute_subnetwork.proxy_subnet + ] } # forwarding rule resource "google_compute_forwarding_rule" "default" { name = "tf-test-l7-ilb-forwarding-rule%{random_suffix}" region = "us-west1" - depends_on = [google_compute_subnetwork.proxy_subnet] ip_protocol = "TCP" load_balancing_scheme = "INTERNAL_MANAGED" port_range = "80" @@ -80,6 +83,10 @@ resource "google_compute_forwarding_rule" "default" { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id network_tier = "PREMIUM" + + depends_on = [ + google_compute_subnetwork.proxy_subnet + ] } # HTTP target proxy @@ -185,7 +192,7 @@ resource "google_compute_region_instance_group_manager" "mig" { } # allow all access from IAP and health check ranges -resource "google_compute_firewall" "fw-iap" { +resource "google_compute_firewall" "fw_iap" { name = "tf-test-l7-ilb-fw-allow-iap-hc%{random_suffix}" direction = "INGRESS" network = google_compute_network.ilb_network.id @@ -197,7 +204,7 @@ resource "google_compute_firewall" "fw-iap" { } # allow http from proxy subnet to backends -resource "google_compute_firewall" "fw-ilb-to-backends" { +resource "google_compute_firewall" "fw_ilb_to_backends" { name = "tf-test-l7-ilb-fw-allow-ilb-to-backends%{random_suffix}" direction = "INGRESS" network = google_compute_network.ilb_network.id @@ -208,6 +215,10 @@ resource "google_compute_firewall" "fw-ilb-to-backends" { protocol = "tcp" ports = ["80", "443", "8080"] } + + depends_on = [ + google_compute_firewall.fw_iap + ] } resource "google_network_services_lb_traffic_extension" "default" { @@ -259,7 +270,7 @@ resource "google_compute_instance" "callouts_instance" { subnetwork = google_compute_subnetwork.ilb_subnet.id access_config { - # add external ip to fetch packages + # add external ip to fetch packages } } @@ -290,6 +301,7 @@ resource "google_compute_instance" "callouts_instance" { resource "google_compute_instance_group" "callouts_instance_group" { name = "tf-test-l7-ilb-callouts-ins-group%{random_suffix}" description = "Terraform test instance group" + zone = "us-west1-a" instances = [ google_compute_instance.callouts_instance.id, @@ -304,17 +316,20 @@ resource "google_compute_instance_group" "callouts_instance_group" { name = "grpc" port = "443" } - - zone = "us-west1-a" } # callout health check resource "google_compute_region_health_check" "callouts_health_check" { name = "tf-test-l7-ilb-callouts-hc%{random_suffix}" region = "us-west1" + http_health_check { port = 80 } + + depends_on = [ + google_compute_region_health_check.default + ] } # callout backend service @@ -332,6 +347,10 @@ resource "google_compute_region_backend_service" "callouts_backend" { balancing_mode = "UTILIZATION" capacity_scaler = 1.0 } + + depends_on = [ + google_compute_region_backend_service.default + ] } `, context) } @@ -361,13 +380,16 @@ resource "google_compute_subnetwork" "ilb_subnet" { ip_cidr_range = "10.0.1.0/24" region = "us-west1" network = google_compute_network.ilb_network.id + + depends_on = [ + google_compute_subnetwork.proxy_subnet + ] } # forwarding rule resource "google_compute_forwarding_rule" "default" { name = "tf-test-l7-ilb-forwarding-rule%{random_suffix}" region = "us-west1" - depends_on = [google_compute_subnetwork.proxy_subnet] ip_protocol = "TCP" load_balancing_scheme = "INTERNAL_MANAGED" port_range = "80" @@ -375,6 +397,10 @@ resource "google_compute_forwarding_rule" "default" { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id network_tier = "PREMIUM" + + depends_on = [ + google_compute_subnetwork.proxy_subnet + ] } # HTTP target proxy @@ -480,7 +506,7 @@ resource "google_compute_region_instance_group_manager" "mig" { } # allow all access from IAP and health check ranges -resource "google_compute_firewall" "fw-iap" { +resource "google_compute_firewall" "fw_iap" { name = "tf-test-l7-ilb-fw-allow-iap-hc%{random_suffix}" direction = "INGRESS" network = google_compute_network.ilb_network.id @@ -492,7 +518,7 @@ resource "google_compute_firewall" "fw-iap" { } # allow http from proxy subnet to backends -resource "google_compute_firewall" "fw-ilb-to-backends" { +resource "google_compute_firewall" "fw_ilb_to_backends" { name = "tf-test-l7-ilb-fw-allow-ilb-to-backends%{random_suffix}" direction = "INGRESS" network = google_compute_network.ilb_network.id @@ -503,6 +529,10 @@ resource "google_compute_firewall" "fw-ilb-to-backends" { protocol = "tcp" ports = ["80", "443", "8080"] } + + depends_on = [ + google_compute_firewall.fw_iap + ] } resource "google_network_services_lb_traffic_extension" "default" { @@ -604,6 +634,7 @@ resource "google_compute_instance" "callouts_instance" { resource "google_compute_instance_group" "callouts_instance_group" { name = "tf-test-l7-ilb-callouts-ins-group%{random_suffix}" description = "Terraform test instance group" + zone = "us-west1-a" instances = [ google_compute_instance.callouts_instance.id, @@ -618,17 +649,20 @@ resource "google_compute_instance_group" "callouts_instance_group" { name = "grpc" port = "443" } - - zone = "us-west1-a" } # callout health check resource "google_compute_region_health_check" "callouts_health_check" { name = "tf-test-l7-ilb-callouts-hc%{random_suffix}" region = "us-west1" + http_health_check { port = 80 } + + depends_on = [ + google_compute_region_health_check.default + ] } # callout backend service @@ -646,6 +680,10 @@ resource "google_compute_region_backend_service" "callouts_backend" { balancing_mode = "UTILIZATION" capacity_scaler = 1.0 } + + depends_on = [ + google_compute_region_backend_service.default + ] } # traffic extension backend instance 2 @@ -690,12 +728,17 @@ resource "google_compute_instance" "callouts_instance_2" { } deletion_protection = false + + depends_on = [ + google_compute_instance.callouts_instance + ] } // callouts instance group 2 resource "google_compute_instance_group" "callouts_instance_group_2" { name = "tf-test-l7-ilb-callouts-ins-group-2%{random_suffix}" description = "Terraform test instance group" + zone = "us-west1-a" instances = [ google_compute_instance.callouts_instance_2.id, @@ -711,16 +754,23 @@ resource "google_compute_instance_group" "callouts_instance_group_2" { port = "443" } - zone = "us-west1-a" + depends_on = [ + google_compute_instance_group.callouts_instance_group + ] } # callout health check 2 resource "google_compute_region_health_check" "callouts_health_check_2" { name = "tf-test-l7-ilb-callouts-hc-2%{random_suffix}" region = "us-west1" + http_health_check { port = 80 } + + depends_on = [ + google_compute_region_health_check.callouts_health_check + ] } # callout backend service @@ -738,6 +788,10 @@ resource "google_compute_region_backend_service" "callouts_backend_2" { balancing_mode = "UTILIZATION" capacity_scaler = 1.0 } + + depends_on = [ + google_compute_region_backend_service.callouts_backend + ] } `, context) } From 5b3b2d372191174dd78c7ffdab05d148976bb72f Mon Sep 17 00:00:00 2001 From: "Max W. Portocarrero" Date: Mon, 13 May 2024 21:45:15 -0500 Subject: [PATCH 11/11] fixed test --- .../networkservices/LbTrafficExtension.yaml | 1 - ...services_lb_traffic_extension_basic.tf.erb | 20 ++----------------- ...work_services_lb_traffic_extension_test.go | 4 ++++ 3 files changed, 6 insertions(+), 19 deletions(-) diff --git a/mmv1/products/networkservices/LbTrafficExtension.yaml b/mmv1/products/networkservices/LbTrafficExtension.yaml index ecf56a8d05fb..0c307c54f7f6 100644 --- a/mmv1/products/networkservices/LbTrafficExtension.yaml +++ b/mmv1/products/networkservices/LbTrafficExtension.yaml @@ -36,7 +36,6 @@ examples: - !ruby/object:Provider::Terraform::Examples name: 'network_services_lb_traffic_extension_basic' primary_resource_id: 'default' - min_version: beta vars: ilb_network_name: 'l7-ilb-network' proxy_subnet_name: 'l7-ilb-proxy-subnet' diff --git a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb index 06c3bbd3fe2b..a2ff13074a89 100644 --- a/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_services_lb_traffic_extension_basic.tf.erb @@ -2,14 +2,12 @@ # VPC network resource "google_compute_network" "ilb_network" { name = "<%= ctx[:vars]['ilb_network_name'] %>" - provider = google-beta auto_create_subnetworks = false } # proxy-only subnet resource "google_compute_subnetwork" "proxy_subnet" { name = "<%= ctx[:vars]['proxy_subnet_name'] %>" - provider = google-beta ip_cidr_range = "10.0.0.0/24" region = "us-west1" purpose = "REGIONAL_MANAGED_PROXY" @@ -20,7 +18,6 @@ resource "google_compute_subnetwork" "proxy_subnet" { # backend subnet resource "google_compute_subnetwork" "ilb_subnet" { name = "<%= ctx[:vars]['backend_subnet_name'] %>" - provider = google-beta ip_cidr_range = "10.0.1.0/24" region = "us-west1" network = google_compute_network.ilb_network.id @@ -33,7 +30,6 @@ resource "google_compute_subnetwork" "ilb_subnet" { # forwarding rule resource "google_compute_forwarding_rule" "default" { name = "<%= ctx[:vars]['forwarding_rule_name'] %>" - provider = google-beta region = "us-west1" ip_protocol = "TCP" load_balancing_scheme = "INTERNAL_MANAGED" @@ -51,7 +47,6 @@ resource "google_compute_forwarding_rule" "default" { # HTTP target proxy resource "google_compute_region_target_http_proxy" "default" { name = "<%= ctx[:vars]['target_http_proxy_name'] %>" - provider = google-beta region = "us-west1" url_map = google_compute_region_url_map.default.id } @@ -59,7 +54,6 @@ resource "google_compute_region_target_http_proxy" "default" { # URL map resource "google_compute_region_url_map" "default" { name = "<%= ctx[:vars]['regional_url_map_name'] %>" - provider = google-beta region = "us-west1" default_service = google_compute_region_backend_service.default.id } @@ -67,12 +61,12 @@ resource "google_compute_region_url_map" "default" { # backend service resource "google_compute_region_backend_service" "default" { name = "<%= ctx[:vars]['backend_service_name'] %>" - provider = google-beta region = "us-west1" protocol = "HTTP" load_balancing_scheme = "INTERNAL_MANAGED" timeout_sec = 10 health_checks = [google_compute_region_health_check.default.id] + backend { group = google_compute_region_instance_group_manager.mig.instance_group balancing_mode = "UTILIZATION" @@ -83,13 +77,13 @@ resource "google_compute_region_backend_service" "default" { # instance template resource "google_compute_instance_template" "instance_template" { name = "<%= ctx[:vars]['mig_template_name'] %>" - provider = google-beta machine_type = "e2-small" tags = ["http-server"] network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { # add external ip to fetch packages } @@ -133,7 +127,6 @@ resource "google_compute_instance_template" "instance_template" { # health check resource "google_compute_region_health_check" "default" { name = "<%= ctx[:vars]['hc_name'] %>" - provider = google-beta region = "us-west1" http_health_check { @@ -144,7 +137,6 @@ resource "google_compute_region_health_check" "default" { # MIG resource "google_compute_region_instance_group_manager" "mig" { name = "<%= ctx[:vars]['mig_name'] %>" - provider = google-beta region = "us-west1" base_instance_name = "vm" @@ -159,7 +151,6 @@ resource "google_compute_region_instance_group_manager" "mig" { # allow all access from IAP and health check ranges resource "google_compute_firewall" "fw_iap" { name = "<%= ctx[:vars]['fw_allow_iap_hc_name'] %>" - provider = google-beta direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"] @@ -172,7 +163,6 @@ resource "google_compute_firewall" "fw_iap" { # allow http from proxy subnet to backends resource "google_compute_firewall" "fw_ilb_to_backends" { name = "<%= ctx[:vars]['fw_allow_ilb_to_backends_name'] %>" - provider = google-beta direction = "INGRESS" network = google_compute_network.ilb_network.id source_ranges = ["10.0.0.0/24"] @@ -191,7 +181,6 @@ resource "google_compute_firewall" "fw_ilb_to_backends" { # [START lb_traffic_extension] resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resource_id] %>" { - provider = google-beta name = "<%= ctx[:vars]['lb_traffic_extension_name'] %>" description = "my traffic extension" location = "us-west1" @@ -226,7 +215,6 @@ resource "google_network_services_lb_traffic_extension" "<%= ctx[:primary_resour # test instance resource "google_compute_instance" "vm_test" { name = "<%= ctx[:vars]['vm_test_name'] %>" - provider = google-beta zone = "us-west1-b" machine_type = "e2-small" @@ -244,7 +232,6 @@ resource "google_compute_instance" "vm_test" { # Traffic Extension Backend Instance resource "google_compute_instance" "callouts_instance" { - provider = google-beta name = "<%= ctx[:vars]['callouts_instance_name'] %>" zone = "us-west1-a" machine_type = "e2-small" @@ -294,7 +281,6 @@ resource "google_compute_instance" "callouts_instance" { // callouts instance group resource "google_compute_instance_group" "callouts_instance_group" { - provider = google-beta name = "<%= ctx[:vars]['callouts_instance_group'] %>" description = "Terraform test instance group" zone = "us-west1-a" @@ -316,7 +302,6 @@ resource "google_compute_instance_group" "callouts_instance_group" { # callout health check resource "google_compute_region_health_check" "callouts_health_check" { - provider = google-beta name = "<%= ctx[:vars]['callouts_hc_name'] %>" region = "us-west1" @@ -331,7 +316,6 @@ resource "google_compute_region_health_check" "callouts_health_check" { # callout backend service resource "google_compute_region_backend_service" "callouts_backend" { - provider = google-beta name = "<%= ctx[:vars]['callouts_backend_name'] %>" region = "us-west1" protocol = "HTTP2" diff --git a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go index 60131f9dccf2..23be8baec0e1 100644 --- a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go +++ b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_traffic_extension_test.go @@ -111,6 +111,7 @@ resource "google_compute_region_backend_service" "default" { load_balancing_scheme = "INTERNAL_MANAGED" timeout_sec = 10 health_checks = [google_compute_region_health_check.default.id] + backend { group = google_compute_region_instance_group_manager.mig.instance_group balancing_mode = "UTILIZATION" @@ -127,6 +128,7 @@ resource "google_compute_instance_template" "instance_template" { network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { # add external ip to fetch packages } @@ -425,6 +427,7 @@ resource "google_compute_region_backend_service" "default" { load_balancing_scheme = "INTERNAL_MANAGED" timeout_sec = 10 health_checks = [google_compute_region_health_check.default.id] + backend { group = google_compute_region_instance_group_manager.mig.instance_group balancing_mode = "UTILIZATION" @@ -441,6 +444,7 @@ resource "google_compute_instance_template" "instance_template" { network_interface { network = google_compute_network.ilb_network.id subnetwork = google_compute_subnetwork.ilb_subnet.id + access_config { # add external ip to fetch packages }