Add support for the google_compute_service_attachment resource (#4855) (

#9347) Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Jun 10, 2021 · 61ac9db · 61ac9db
1 parent 566a874
commit 61ac9db
Show file tree

Hide file tree

Showing 3 changed files with 381 additions and 0 deletions.
diff --git a/.changelog/4855.txt b/.changelog/4855.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_compute_service_attachment`
+```
diff --git a/website/docs/r/compute_service_attachment.html.markdown b/website/docs/r/compute_service_attachment.html.markdown
@@ -0,0 +1,374 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in
+#     .github/CONTRIBUTING.md.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Compute Engine"
+layout: "google"
+page_title: "Google: google_compute_service_attachment"
+sidebar_current: "docs-google-compute-service-attachment"
+description: |-
+  Represents a ServiceAttachment resource.
+---
+
+# google\_compute\_service\_attachment
+
+Represents a ServiceAttachment resource.
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about ServiceAttachment, see:
+
+* [API documentation](https://cloud.google.com/compute/docs/reference/beta/serviceAttachments)
+* How-to Guides
+    * [Configuring Private Service Connect to access services](https://cloud.google.com/vpc/docs/configure-private-service-connect-services)
+
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgit.luolix.top%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=service_attachment_basic&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Service Attachment Basic
+
+
+```hcl
+resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
+  provider = "google-beta"
+
+  name        = "my-psc-ilb"
+  region      = "us-west2"
+  description = "A service attachment configured with Terraform"
+
+  enable_proxy_protocol    = true
+  connection_preference    = "ACCEPT_AUTOMATIC"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+}
+
+resource "google_compute_address" "psc_ilb_consumer_address" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-consumer-address"
+  region = "us-west2"
+
+  subnetwork   = "default"
+  address_type = "INTERNAL"
+  address      = "10.168.0.17"
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-consumer-forwarding-rule"
+  region = "us-west2"
+
+  target                = google_compute_service_attachment.psc_ilb_service_attachment.id
+  load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment
+  network               = "default"
+  ip_address            = google_compute_address.psc_ilb_consumer_address.id
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  provider = "google-beta"
+
+  name   = "producer-forwarding-rule"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  provider = "google-beta"
+
+  name   = "producer-service"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  provider = "google-beta"
+
+  name = "producer-service-health-check"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  provider = "google-beta"
+
+  name = "psc-ilb-network"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-producer-subnetwork"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-nat"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+}
+```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgit.luolix.top%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=service_attachment_explicit_projects&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Service Attachment Explicit Projects
+
+
+```hcl
+resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
+  provider = "google-beta"
+
+  name        = "my-psc-ilb"
+  region      = "us-west2"
+  description = "A service attachment configured with Terraform"
+
+  enable_proxy_protocol    = true
+  connection_preference    = "ACCEPT_MANUAL"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+
+  consumer_reject_lists = ["673497134629", "482878270665"]
+
+  consumer_accept_lists {
+    project_id_or_num = "658859330310"
+    connection_limit  = 4
+  }
+}
+
+resource "google_compute_address" "psc_ilb_consumer_address" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-consumer-address"
+  region = "us-west2"
+
+  subnetwork   = "default"
+  address_type = "INTERNAL"
+  address      = "10.168.1.17"
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-consumer-forwarding-rule"
+  region = "us-west2"
+
+  target                = google_compute_service_attachment.psc_ilb_service_attachment.id
+  load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment
+  network               = "default"
+  ip_address            = google_compute_address.psc_ilb_consumer_address.id
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  provider = "google-beta"
+
+  name   = "producer-forwarding-rule"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  provider = "google-beta"
+
+  name   = "producer-service"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  provider = "google-beta"
+
+  name = "producer-service-health-check"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  provider = "google-beta"
+
+  name = "psc-ilb-network"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-producer-subnetwork"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  provider = "google-beta"
+
+  name   = "psc-ilb-nat"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `name` -
+  (Required)
+  Name of the resource. The name must be 1-63 characters long, and
+  comply with RFC1035. Specifically, the name must be 1-63 characters
+  long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+  which means the first character must be a lowercase letter, and all
+  following characters must be a dash, lowercase letter, or digit,
+  except the last character, which cannot be a dash.
+
+* `connection_preference` -
+  (Required)
+  The connection preference to use for this service attachment. Valid
+  values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL".
+
+* `target_service` -
+  (Required)
+  The URL of a forwarding rule that represents the service identified by
+  this service attachment.
+
+* `nat_subnets` -
+  (Required)
+  An array of subnets that is provided for NAT in this service attachment.
+
+* `enable_proxy_protocol` -
+  (Required)
+  If true, enable the proxy protocol which is for supplying client TCP/IP
+  address data in TCP connections that traverse proxies on their way to
+  destination servers.
+
+
+- - -
+
+
+* `description` -
+  (Optional)
+  An optional description of this resource.
+
+* `consumer_reject_lists` -
+  (Optional)
+  An array of projects that are not allowed to connect to this service
+  attachment.
+
+* `consumer_accept_lists` -
+  (Optional)
+  An array of projects that are allowed to connect to this service
+  attachment.
+  Structure is documented below.
+
+* `region` -
+  (Optional)
+  URL of the region where the resource resides.
+
+* `project` - (Optional) The ID of the project in which the resource belongs.
+    If it is not provided, the provider project is used.
+
+
+The `consumer_accept_lists` block supports:
+
+* `project_id_or_num` -
+  (Required)
+  A project that is allowed to connect to this service attachment.
+
+* `connection_limit` -
+  (Required)
+  The number of consumer forwarding rules the consumer project can
+  create.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}`
+
+* `connected_endpoints` -
+  An array of the consumer forwarding rules connected to this service
+  attachment.
+  Structure is documented below.
+* `self_link` - The URI of the created resource.
+
+
+The `connected_endpoints` block contains:
+
+* `endpoint` -
+  The URL of the consumer forwarding rule.
+
+* `status` -
+  The status of the connection from the consumer forwarding rule to
+  this service attachment.
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
+
+- `create` - Default is 4 minutes.
+- `delete` - Default is 4 minutes.
+
+## Import
+
+
+ServiceAttachment can be imported using any of these accepted formats:
+
+```
+$ terraform import google_compute_service_attachment.default projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}
+$ terraform import google_compute_service_attachment.default {{project}}/{{region}}/{{name}}
+$ terraform import google_compute_service_attachment.default {{region}}/{{name}}
+$ terraform import google_compute_service_attachment.default {{name}}
+```
+
+## User Project Overrides
+
+This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override).
diff --git a/website/google.erb b/website/google.erb
@@ -1938,6 +1938,10 @@
           <a href="/docs/providers/google/r/compute_security_policy.html">google_compute_security_policy</a>
           </li>
 
+          <li>
+          <a href="/docs/providers/google/r/compute_service_attachment.html">google_compute_service_attachment</a>
+          </li>
+
           <li>
           <a href="/docs/providers/google/r/compute_shared_vpc_host_project.html">google_compute_shared_vpc_host_project</a>
           </li>