diff --git a/.changelog/5299.txt b/.changelog/5299.txt new file mode 100644 index 0000000000..e4e22fc1e4 --- /dev/null +++ b/.changelog/5299.txt @@ -0,0 +1,2 @@ +```release-note:none +``` diff --git a/google-beta/resource_compute_global_forwarding_rule_generated_test.go b/google-beta/resource_compute_global_forwarding_rule_generated_test.go index c28cf5d147..f4bd116549 100644 --- a/google-beta/resource_compute_global_forwarding_rule_generated_test.go +++ b/google-beta/resource_compute_global_forwarding_rule_generated_test.go @@ -23,6 +23,175 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) +func TestAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendCustomHeaderExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProvidersOiCS, + CheckDestroy: testAccCheckComputeGlobalForwardingRuleDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendCustomHeaderExample(context), + }, + { + ResourceName: "google_compute_global_forwarding_rule.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"network", "port_range", "target", "ip_address"}, + }, + }, + }) +} + +func testAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendCustomHeaderExample(context map[string]interface{}) string { + return Nprintf(` +# External TCP proxy load balancer with managed instance group backend + +# VPC +resource "google_compute_network" "default" { + name = "tf-test-tcp-proxy-xlb-network%{random_suffix}" + provider = google + auto_create_subnetworks = false +} + +# backend subnet +resource "google_compute_subnetwork" "default" { + name = "tf-test-tcp-proxy-xlb-subnet%{random_suffix}" + provider = google + ip_cidr_range = "10.0.1.0/24" + region = "us-central1" + network = google_compute_network.default.id +} + +# reserved IP address +resource "google_compute_global_address" "default" { + name = "tf-test-tcp-proxy-xlb-ip%{random_suffix}" +} + +# forwarding rule +resource "google_compute_global_forwarding_rule" "default" { + name = "tf-test-tcp-proxy-xlb-forwarding-rule%{random_suffix}" + provider = google + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + port_range = "110" + target = google_compute_target_tcp_proxy.default.id + ip_address = google_compute_global_address.default.id +} + +resource "google_compute_target_tcp_proxy" "default" { + name = "tf-test-test-proxy-health-check%{random_suffix}" + backend_service = google_compute_backend_service.default.id +} + +# backend service +resource "google_compute_backend_service" "default" { + name = "tf-test-tcp-proxy-xlb-backend-service%{random_suffix}" + protocol = "TCP" + port_name = "tcp" + load_balancing_scheme = "EXTERNAL" + timeout_sec = 10 + health_checks = [google_compute_health_check.default.id] + backend { + group = google_compute_instance_group_manager.default.instance_group + balancing_mode = "UTILIZATION" + max_utilization = 1.0 + capacity_scaler = 1.0 + } +} + +resource "google_compute_health_check" "default" { + name = "tf-test-tcp-proxy-health-check%{random_suffix}" + timeout_sec = 1 + check_interval_sec = 1 + + tcp_health_check { + port = "80" + } +} + +# instance template +resource "google_compute_instance_template" "default" { + name = "tf-test-tcp-proxy-xlb-mig-template%{random_suffix}" + provider = google + machine_type = "e2-small" + tags = ["allow-health-check"] + + network_interface { + network = google_compute_network.default.id + subnetwork = google_compute_subnetwork.default.id + access_config { + # add external ip to fetch packages + } + } + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + cat < /var/www/html/index.html +
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+      
+ EOF + EOF1 + } + lifecycle { + create_before_destroy = true + } +} + +# MIG +resource "google_compute_instance_group_manager" "default" { + name = "tf-test-tcp-proxy-xlb-mig1%{random_suffix}" + provider = google + zone = "us-central1-c" + named_port { + name = "tcp" + port = 110 + } + version { + instance_template = google_compute_instance_template.default.id + name = "primary" + } + base_instance_name = "vm" + target_size = 2 +} + +# allow access from health check ranges +resource "google_compute_firewall" "default" { + name = "tf-test-tcp-proxy-xlb-fw-allow-hc%{random_suffix}" + provider = google + direction = "INGRESS" + network = google_compute_network.default.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] + allow { + protocol = "tcp" + } + target_tags = ["allow-health-check"] +} +`, context) +} + func TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample(t *testing.T) { t.Parallel() diff --git a/google-beta/resource_gke_hub_feature_membership_test.go b/google-beta/resource_gke_hub_feature_membership_test.go index 9e1f2ea64d..32fa84c196 100644 --- a/google-beta/resource_gke_hub_feature_membership_test.go +++ b/google-beta/resource_gke_hub_feature_membership_test.go @@ -5,7 +5,7 @@ import ( "fmt" "testing" - "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" + dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" gkehub "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/gkehub/beta" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" diff --git a/website/docs/r/compute_global_forwarding_rule.html.markdown b/website/docs/r/compute_global_forwarding_rule.html.markdown index 0f07ce0481..967b7dd43d 100644 --- a/website/docs/r/compute_global_forwarding_rule.html.markdown +++ b/website/docs/r/compute_global_forwarding_rule.html.markdown @@ -32,6 +32,155 @@ https://cloud.google.com/compute/docs/load-balancing/http/ +
+ + Open in Cloud Shell + +
+## Example Usage - External Tcp Proxy Lb Mig Backend Custom Header + + +```hcl +# External TCP proxy load balancer with managed instance group backend + +# VPC +resource "google_compute_network" "default" { + name = "tcp-proxy-xlb-network" + provider = google + auto_create_subnetworks = false +} + +# backend subnet +resource "google_compute_subnetwork" "default" { + name = "tcp-proxy-xlb-subnet" + provider = google + ip_cidr_range = "10.0.1.0/24" + region = "us-central1" + network = google_compute_network.default.id +} + +# reserved IP address +resource "google_compute_global_address" "default" { + name = "tcp-proxy-xlb-ip" +} + +# forwarding rule +resource "google_compute_global_forwarding_rule" "default" { + name = "tcp-proxy-xlb-forwarding-rule" + provider = google + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + port_range = "110" + target = google_compute_target_tcp_proxy.default.id + ip_address = google_compute_global_address.default.id +} + +resource "google_compute_target_tcp_proxy" "default" { + name = "test-proxy-health-check" + backend_service = google_compute_backend_service.default.id +} + +# backend service +resource "google_compute_backend_service" "default" { + name = "tcp-proxy-xlb-backend-service" + protocol = "TCP" + port_name = "tcp" + load_balancing_scheme = "EXTERNAL" + timeout_sec = 10 + health_checks = [google_compute_health_check.default.id] + backend { + group = google_compute_instance_group_manager.default.instance_group + balancing_mode = "UTILIZATION" + max_utilization = 1.0 + capacity_scaler = 1.0 + } +} + +resource "google_compute_health_check" "default" { + name = "tcp-proxy-health-check" + timeout_sec = 1 + check_interval_sec = 1 + + tcp_health_check { + port = "80" + } +} + +# instance template +resource "google_compute_instance_template" "default" { + name = "tcp-proxy-xlb-mig-template" + provider = google + machine_type = "e2-small" + tags = ["allow-health-check"] + + network_interface { + network = google_compute_network.default.id + subnetwork = google_compute_subnetwork.default.id + access_config { + # add external ip to fetch packages + } + } + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + cat < /var/www/html/index.html +
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+      
+ EOF + EOF1 + } + lifecycle { + create_before_destroy = true + } +} + +# MIG +resource "google_compute_instance_group_manager" "default" { + name = "tcp-proxy-xlb-mig1" + provider = google + zone = "us-central1-c" + named_port { + name = "tcp" + port = 110 + } + version { + instance_template = google_compute_instance_template.default.id + name = "primary" + } + base_instance_name = "vm" + target_size = 2 +} + +# allow access from health check ranges +resource "google_compute_firewall" "default" { + name = "tcp-proxy-xlb-fw-allow-hc" + provider = google + direction = "INGRESS" + network = google_compute_network.default.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] + allow { + protocol = "tcp" + } + target_tags = ["allow-health-check"] +} +```