From 65452e9740b975f47f898cfad1298341cd5ede71 Mon Sep 17 00:00:00 2001 From: Ty Larrabee Date: Wed, 14 Aug 2019 23:01:48 +0000 Subject: [PATCH] Add purpose and role to subnetwork for L7 load balancing Signed-off-by: Modular Magician --- google-beta/iam.go | 12 +---- google-beta/resource_compute_subnetwork.go | 54 ++++++++++++++++++- ...ource_compute_subnetwork_generated_test.go | 44 +++++++++++++++ .../docs/r/compute_subnetwork.html.markdown | 46 ++++++++++++++++ 4 files changed, 144 insertions(+), 12 deletions(-) diff --git a/google-beta/iam.go b/google-beta/iam.go index d310b7f88bf..5a87228a30a 100644 --- a/google-beta/iam.go +++ b/google-beta/iam.go @@ -199,18 +199,8 @@ func createIamBindingsMap(bindings []*cloudresourcemanager.Binding) map[string]m } // Get each member (user/principal) for the binding for _, m := range b.Members { - // members are in : format - // is case sensitive - // isn't - // so let's lowercase the value and leave the type alone - pieces := strings.SplitN(m, ":", 2) - if len(pieces) > 1 { - pieces[1] = strings.ToLower(pieces[1]) - } - m = strings.Join(pieces, ":") - // Add the member - bm[b.Role][m] = struct{}{} + bm[b.Role][strings.ToLower(m)] = struct{}{} } } return bm diff --git a/google-beta/resource_compute_subnetwork.go b/google-beta/resource_compute_subnetwork.go index 23a1386d22c..3f8873a2226 100644 --- a/google-beta/resource_compute_subnetwork.go +++ b/google-beta/resource_compute_subnetwork.go @@ -140,6 +140,12 @@ func resourceComputeSubnetwork() *schema.Resource { Type: schema.TypeBool, Optional: true, }, + "purpose": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{"INTERNAL_HTTPS_LOAD_BALANCER", "PRIVATE_RFC_1918", "PRIVATE", ""}, false), + }, "region": { Type: schema.TypeString, Computed: true, @@ -147,6 +153,11 @@ func resourceComputeSubnetwork() *schema.Resource { ForceNew: true, DiffSuppressFunc: compareSelfLinkOrResourceName, }, + "role": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{"ACTIVE", "BACKUP", ""}, false), + }, "secondary_ip_range": { Type: schema.TypeList, Computed: true, @@ -275,6 +286,18 @@ func resourceComputeSubnetworkCreate(d *schema.ResourceData, meta interface{}) e } else if v, ok := d.GetOkExists("fingerprint"); !isEmptyValue(reflect.ValueOf(fingerprintProp)) && (ok || !reflect.DeepEqual(v, fingerprintProp)) { obj["fingerprint"] = fingerprintProp } + purposeProp, err := expandComputeSubnetworkPurpose(d.Get("purpose"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("purpose"); !isEmptyValue(reflect.ValueOf(purposeProp)) && (ok || !reflect.DeepEqual(v, purposeProp)) { + obj["purpose"] = purposeProp + } + roleProp, err := expandComputeSubnetworkRole(d.Get("role"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("role"); !isEmptyValue(reflect.ValueOf(roleProp)) && (ok || !reflect.DeepEqual(v, roleProp)) { + obj["role"] = roleProp + } secondaryIpRangesProp, err := expandComputeSubnetworkSecondaryIpRange(d.Get("secondary_ip_range"), d, config) if err != nil { return err @@ -388,6 +411,12 @@ func resourceComputeSubnetworkRead(d *schema.ResourceData, meta interface{}) err if err := d.Set("fingerprint", flattenComputeSubnetworkFingerprint(res["fingerprint"], d)); err != nil { return fmt.Errorf("Error reading Subnetwork: %s", err) } + if err := d.Set("purpose", flattenComputeSubnetworkPurpose(res["purpose"], d)); err != nil { + return fmt.Errorf("Error reading Subnetwork: %s", err) + } + if err := d.Set("role", flattenComputeSubnetworkRole(res["role"], d)); err != nil { + return fmt.Errorf("Error reading Subnetwork: %s", err) + } if err := d.Set("secondary_ip_range", flattenComputeSubnetworkSecondaryIpRange(res["secondaryIpRanges"], d)); err != nil { return fmt.Errorf("Error reading Subnetwork: %s", err) } @@ -451,7 +480,7 @@ func resourceComputeSubnetworkUpdate(d *schema.ResourceData, meta interface{}) e d.SetPartial("ip_cidr_range") } - if d.HasChange("enable_flow_logs") || d.HasChange("fingerprint") || d.HasChange("secondary_ip_range") { + if d.HasChange("enable_flow_logs") || d.HasChange("fingerprint") || d.HasChange("role") || d.HasChange("secondary_ip_range") { obj := make(map[string]interface{}) enableFlowLogsProp, err := expandComputeSubnetworkEnableFlowLogs(d.Get("enable_flow_logs"), d, config) if err != nil { @@ -465,6 +494,12 @@ func resourceComputeSubnetworkUpdate(d *schema.ResourceData, meta interface{}) e } else if v, ok := d.GetOkExists("fingerprint"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, fingerprintProp)) { obj["fingerprint"] = fingerprintProp } + roleProp, err := expandComputeSubnetworkRole(d.Get("role"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("role"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, roleProp)) { + obj["role"] = roleProp + } secondaryIpRangesProp, err := expandComputeSubnetworkSecondaryIpRange(d.Get("secondary_ip_range"), d, config) if err != nil { return err @@ -497,6 +532,7 @@ func resourceComputeSubnetworkUpdate(d *schema.ResourceData, meta interface{}) e d.SetPartial("enable_flow_logs") d.SetPartial("fingerprint") + d.SetPartial("role") d.SetPartial("secondary_ip_range") } if d.HasChange("private_ip_google_access") { @@ -634,6 +670,14 @@ func flattenComputeSubnetworkFingerprint(v interface{}, d *schema.ResourceData) return v } +func flattenComputeSubnetworkPurpose(v interface{}, d *schema.ResourceData) interface{} { + return v +} + +func flattenComputeSubnetworkRole(v interface{}, d *schema.ResourceData) interface{} { + return v +} + func flattenComputeSubnetworkSecondaryIpRange(v interface{}, d *schema.ResourceData) interface{} { if v == nil { return v @@ -729,6 +773,14 @@ func expandComputeSubnetworkFingerprint(v interface{}, d TerraformResourceData, return v, nil } +func expandComputeSubnetworkPurpose(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandComputeSubnetworkRole(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandComputeSubnetworkSecondaryIpRange(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { l := v.([]interface{}) req := make([]interface{}, 0, len(l)) diff --git a/google-beta/resource_compute_subnetwork_generated_test.go b/google-beta/resource_compute_subnetwork_generated_test.go index 9879ed480f7..7e7f0984a43 100644 --- a/google-beta/resource_compute_subnetwork_generated_test.go +++ b/google-beta/resource_compute_subnetwork_generated_test.go @@ -117,6 +117,50 @@ provider "google-beta"{ `, context) } +func TestAccComputeSubnetwork_subnetworkInternalL7lbExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProvidersOiCS, + CheckDestroy: testAccCheckComputeSubnetworkDestroy, + Steps: []resource.TestStep{ + { + Config: testAccComputeSubnetwork_subnetworkInternalL7lbExample(context), + }, + }, + }) +} + +func testAccComputeSubnetwork_subnetworkInternalL7lbExample(context map[string]interface{}) string { + return Nprintf(` +provider "google-beta" { + region = "us-central1" + zone = "us-central1-a" +} + +resource "google_compute_subnetwork" "network-for-l7lb" { + provider = "google-beta" + name = "l7lb-test-subnetwork%{random_suffix}" + ip_cidr_range = "10.0.0.0/22" + region = "us-central1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + network = "${google_compute_network.custom-test.self_link}" +} + +resource "google_compute_network" "custom-test" { + provider = "google-beta" + name = "l7lb-test-network%{random_suffix}" + auto_create_subnetworks = false +} +`, context) +} + func testAccCheckComputeSubnetworkDestroy(s *terraform.State) error { for name, rs := range s.RootModule().Resources { if rs.Type != "google_compute_subnetwork" { diff --git a/website/docs/r/compute_subnetwork.html.markdown b/website/docs/r/compute_subnetwork.html.markdown index d7405f3ed03..376d5817626 100644 --- a/website/docs/r/compute_subnetwork.html.markdown +++ b/website/docs/r/compute_subnetwork.html.markdown @@ -113,6 +113,36 @@ provider "google-beta"{ zone = "us-central1-a" } ``` +
+ + Open in Cloud Shell + +
+## Example Usage - Subnetwork Internal L7lb + + +```hcl +provider "google-beta" { + region = "us-central1" + zone = "us-central1-a" +} + +resource "google_compute_subnetwork" "network-for-l7lb" { + provider = "google-beta" + name = "l7lb-test-subnetwork" + ip_cidr_range = "10.0.0.0/22" + region = "us-central1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + network = "${google_compute_network.custom-test.self_link}" +} + +resource "google_compute_network" "custom-test" { + provider = "google-beta" + name = "l7lb-test-network" + auto_create_subnetworks = false +} +``` ## Argument Reference @@ -155,6 +185,22 @@ The following arguments are supported: (Optional) Whether to enable flow logging for this subnetwork. +* `purpose` - + (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) + The purpose of the resource. This field can be either PRIVATE_RFC_1918 + or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to + INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is + reserved for Internal HTTP(S) Load Balancing. + If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role. + +* `role` - + (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) + The role of subnetwork. Currenly, this field is only used + when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set + to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently + being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork + is one that is ready to be promoted to ACTIVE or is currently draining. + * `secondary_ip_range` - (Optional) An array of configurations for secondary IP ranges for VM instances