hashicorp · modular-magician · Oct 11, 2021 · Oct 11, 2021
diff --git a/.changelog/5299.txt b/.changelog/5299.txt
@@ -0,0 +1,2 @@
+```release-note:none
+```
diff --git a/google-beta/resource_compute_global_forwarding_rule_generated_test.go b/google-beta/resource_compute_global_forwarding_rule_generated_test.go
@@ -23,6 +23,175 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
+func TestAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendCustomHeaderExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersOiCS,
+		CheckDestroy: testAccCheckComputeGlobalForwardingRuleDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendCustomHeaderExample(context),
+			},
+			{
+				ResourceName:            "google_compute_global_forwarding_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"network", "port_range", "target", "ip_address"},
+			},
+		},
+	})
+}
+
+func testAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendCustomHeaderExample(context map[string]interface{}) string {
+	return Nprintf(`
+# External TCP proxy load balancer with managed instance group backend
+
+# VPC
+resource "google_compute_network" "default" {
+  name                    = "tf-test-tcp-proxy-xlb-network%{random_suffix}"
+  provider                = google
+  auto_create_subnetworks = false
+}
+
+# backend subnet
+resource "google_compute_subnetwork" "default" {
+  name          = "tf-test-tcp-proxy-xlb-subnet%{random_suffix}"
+  provider      = google
+  ip_cidr_range = "10.0.1.0/24"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+}
+
+# reserved IP address
+resource "google_compute_global_address" "default" {
+  name = "tf-test-tcp-proxy-xlb-ip%{random_suffix}"
+}
+
+# forwarding rule
+resource "google_compute_global_forwarding_rule" "default" {
+  name                  = "tf-test-tcp-proxy-xlb-forwarding-rule%{random_suffix}"
+  provider              = google
+  ip_protocol           = "TCP"
+  load_balancing_scheme = "EXTERNAL"
+  port_range            = "110"
+  target                = google_compute_target_tcp_proxy.default.id
+  ip_address            = google_compute_global_address.default.id
+}
+
+resource "google_compute_target_tcp_proxy" "default" {
+  name            = "tf-test-test-proxy-health-check%{random_suffix}"
+  backend_service = google_compute_backend_service.default.id
+}
+
+# backend service
+resource "google_compute_backend_service" "default" {
+  name                  = "tf-test-tcp-proxy-xlb-backend-service%{random_suffix}"
+  protocol              = "TCP"
+  port_name             = "tcp"
+  load_balancing_scheme = "EXTERNAL"
+  timeout_sec           = 10
+  health_checks         = [google_compute_health_check.default.id]
+  backend {
+    group           = google_compute_instance_group_manager.default.instance_group
+    balancing_mode  = "UTILIZATION"
+    max_utilization = 1.0
+    capacity_scaler = 1.0
+  }
+}
+
+resource "google_compute_health_check" "default" {
+  name               = "tf-test-tcp-proxy-health-check%{random_suffix}"
+  timeout_sec        = 1
+  check_interval_sec = 1
+
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+# instance template
+resource "google_compute_instance_template" "default" {
+  name         = "tf-test-tcp-proxy-xlb-mig-template%{random_suffix}"
+  provider     = google
+  machine_type = "e2-small"
+  tags         = ["allow-health-check"]
+
+  network_interface {
+    network    = google_compute_network.default.id
+    subnetwork = google_compute_subnetwork.default.id
+    access_config {
+      # add external ip to fetch packages
+    }
+  }
+  disk {
+    source_image = "debian-cloud/debian-10"
+    auto_delete  = true
+    boot         = true
+  }
+
+  # install nginx and serve a simple web page
+  metadata = {
+    startup-script = <<-EOF1
+      #! /bin/bash
+      set -euo pipefail
+      export DEBIAN_FRONTEND=noninteractive
+      apt-get update
+      apt-get install -y nginx-light jq
+      NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
+      IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
+      METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
+      cat <<EOF > /var/www/html/index.html
+      <pre>
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+      </pre>
+      EOF
+    EOF1
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# MIG
+resource "google_compute_instance_group_manager" "default" {
+  name     = "tf-test-tcp-proxy-xlb-mig1%{random_suffix}"
+  provider = google
+  zone     = "us-central1-c"
+  named_port {
+    name = "tcp"
+    port = 110
+  }
+  version {
+    instance_template = google_compute_instance_template.default.id
+    name              = "primary"
+  }
+  base_instance_name = "vm"
+  target_size        = 2
+}
+
+# allow access from health check ranges
+resource "google_compute_firewall" "default" {
+  name          = "tf-test-tcp-proxy-xlb-fw-allow-hc%{random_suffix}"
+  provider      = google
+  direction     = "INGRESS"
+  network       = google_compute_network.default.id
+  source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
+  allow {
+    protocol = "tcp"
+  }
+  target_tags = ["allow-health-check"]
+}
+`, context)
+}
+
 func TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample(t *testing.T) {
 	t.Parallel()
 

diff --git a/google-beta/resource_gke_hub_feature_membership_test.go b/google-beta/resource_gke_hub_feature_membership_test.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
+	dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
 	gkehub "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/gkehub/beta"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"

diff --git a/website/docs/r/compute_global_forwarding_rule.html.markdown b/website/docs/r/compute_global_forwarding_rule.html.markdown
@@ -32,6 +32,155 @@ https://cloud.google.com/compute/docs/load-balancing/http/
 
 
 
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=external_tcp_proxy_lb_mig_backend_custom_header&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - External Tcp Proxy Lb Mig Backend Custom Header
+
+
+```hcl
+# External TCP proxy load balancer with managed instance group backend
+
+# VPC
+resource "google_compute_network" "default" {
+  name                    = "tcp-proxy-xlb-network"
+  provider                = google
+  auto_create_subnetworks = false
+}
+
+# backend subnet
+resource "google_compute_subnetwork" "default" {
+  name          = "tcp-proxy-xlb-subnet"
+  provider      = google
+  ip_cidr_range = "10.0.1.0/24"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+}
+
+# reserved IP address
+resource "google_compute_global_address" "default" {
+  name = "tcp-proxy-xlb-ip"
+}
+
+# forwarding rule
+resource "google_compute_global_forwarding_rule" "default" {
+  name                  = "tcp-proxy-xlb-forwarding-rule"
+  provider              = google
+  ip_protocol           = "TCP"
+  load_balancing_scheme = "EXTERNAL"
+  port_range            = "110"
+  target                = google_compute_target_tcp_proxy.default.id
+  ip_address            = google_compute_global_address.default.id
+}
+
+resource "google_compute_target_tcp_proxy" "default" {
+  name            = "test-proxy-health-check"
+  backend_service = google_compute_backend_service.default.id
+}
+
+# backend service
+resource "google_compute_backend_service" "default" {
+  name                  = "tcp-proxy-xlb-backend-service"
+  protocol              = "TCP"
+  port_name             = "tcp"
+  load_balancing_scheme = "EXTERNAL"
+  timeout_sec           = 10
+  health_checks         = [google_compute_health_check.default.id]
+  backend {
+    group           = google_compute_instance_group_manager.default.instance_group
+    balancing_mode  = "UTILIZATION"
+    max_utilization = 1.0
+    capacity_scaler = 1.0
+  }
+}
+
+resource "google_compute_health_check" "default" {
+  name               = "tcp-proxy-health-check"
+  timeout_sec        = 1
+  check_interval_sec = 1
+
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+# instance template
+resource "google_compute_instance_template" "default" {
+  name         = "tcp-proxy-xlb-mig-template"
+  provider     = google
+  machine_type = "e2-small"
+  tags         = ["allow-health-check"]
+
+  network_interface {
+    network    = google_compute_network.default.id
+    subnetwork = google_compute_subnetwork.default.id
+    access_config {
+      # add external ip to fetch packages
+    }
+  }
+  disk {
+    source_image = "debian-cloud/debian-10"
+    auto_delete  = true
+    boot         = true
+  }
+
+  # install nginx and serve a simple web page
+  metadata = {
+    startup-script = <<-EOF1
+      #! /bin/bash
+      set -euo pipefail
+      export DEBIAN_FRONTEND=noninteractive
+      apt-get update
+      apt-get install -y nginx-light jq
+      NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
+      IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
+      METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
+      cat <<EOF > /var/www/html/index.html
+      <pre>
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+      </pre>
+      EOF
+    EOF1
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# MIG
+resource "google_compute_instance_group_manager" "default" {
+  name     = "tcp-proxy-xlb-mig1"
+  provider = google
+  zone     = "us-central1-c"
+  named_port {
+    name = "tcp"
+    port = 110
+  }
+  version {
+    instance_template = google_compute_instance_template.default.id
+    name              = "primary"
+  }
+  base_instance_name = "vm"
+  target_size        = 2
+}
+
+# allow access from health check ranges
+resource "google_compute_firewall" "default" {
+  name          = "tcp-proxy-xlb-fw-allow-hc"
+  provider      = google
+  direction     = "INGRESS"
+  network       = google_compute_network.default.id
+  source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
+  allow {
+    protocol = "tcp"
+  }
+  target_tags = ["allow-health-check"]
+}
+```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=external_http_lb_mig_backend_custom_header&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">