From 61ac9dbce6b51ea7421f72dbe057edaa178279de Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 10 Jun 2021 09:57:44 -0700 Subject: [PATCH] Add support for the google_compute_service_attachment resource (#4855) (#9347) Signed-off-by: Modular Magician --- .changelog/4855.txt | 3 + .../compute_service_attachment.html.markdown | 374 ++++++++++++++++++ website/google.erb | 4 + 3 files changed, 381 insertions(+) create mode 100644 .changelog/4855.txt create mode 100644 website/docs/r/compute_service_attachment.html.markdown diff --git a/.changelog/4855.txt b/.changelog/4855.txt new file mode 100644 index 00000000000..cd42ceb2446 --- /dev/null +++ b/.changelog/4855.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +`google_compute_service_attachment` +``` diff --git a/website/docs/r/compute_service_attachment.html.markdown b/website/docs/r/compute_service_attachment.html.markdown new file mode 100644 index 00000000000..18eba3b6fd4 --- /dev/null +++ b/website/docs/r/compute_service_attachment.html.markdown @@ -0,0 +1,374 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Compute Engine" +layout: "google" +page_title: "Google: google_compute_service_attachment" +sidebar_current: "docs-google-compute-service-attachment" +description: |- + Represents a ServiceAttachment resource. +--- + +# google\_compute\_service\_attachment + +Represents a ServiceAttachment resource. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about ServiceAttachment, see: + +* [API documentation](https://cloud.google.com/compute/docs/reference/beta/serviceAttachments) +* How-to Guides + * [Configuring Private Service Connect to access services](https://cloud.google.com/vpc/docs/configure-private-service-connect-services) + +
+ + Open in Cloud Shell + +
+## Example Usage - Service Attachment Basic + + +```hcl +resource "google_compute_service_attachment" "psc_ilb_service_attachment" { + provider = "google-beta" + + name = "my-psc-ilb" + region = "us-west2" + description = "A service attachment configured with Terraform" + + enable_proxy_protocol = true + connection_preference = "ACCEPT_AUTOMATIC" + nat_subnets = [google_compute_subnetwork.psc_ilb_nat.id] + target_service = google_compute_forwarding_rule.psc_ilb_target_service.id +} + +resource "google_compute_address" "psc_ilb_consumer_address" { + provider = "google-beta" + + name = "psc-ilb-consumer-address" + region = "us-west2" + + subnetwork = "default" + address_type = "INTERNAL" + address = "10.168.0.17" +} + +resource "google_compute_forwarding_rule" "psc_ilb_consumer" { + provider = "google-beta" + + name = "psc-ilb-consumer-forwarding-rule" + region = "us-west2" + + target = google_compute_service_attachment.psc_ilb_service_attachment.id + load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment + network = "default" + ip_address = google_compute_address.psc_ilb_consumer_address.id +} + +resource "google_compute_forwarding_rule" "psc_ilb_target_service" { + provider = "google-beta" + + name = "producer-forwarding-rule" + region = "us-west2" + + load_balancing_scheme = "INTERNAL" + backend_service = google_compute_region_backend_service.producer_service_backend.id + all_ports = true + network = google_compute_network.psc_ilb_network.name + subnetwork = google_compute_subnetwork.psc_ilb_producer_subnetwork.name +} + +resource "google_compute_region_backend_service" "producer_service_backend" { + provider = "google-beta" + + name = "producer-service" + region = "us-west2" + + health_checks = [google_compute_health_check.producer_service_health_check.id] +} + +resource "google_compute_health_check" "producer_service_health_check" { + provider = "google-beta" + + name = "producer-service-health-check" + + check_interval_sec = 1 + timeout_sec = 1 + tcp_health_check { + port = "80" + } +} + +resource "google_compute_network" "psc_ilb_network" { + provider = "google-beta" + + name = "psc-ilb-network" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" { + provider = "google-beta" + + name = "psc-ilb-producer-subnetwork" + region = "us-west2" + + network = google_compute_network.psc_ilb_network.id + ip_cidr_range = "10.0.0.0/16" +} + +resource "google_compute_subnetwork" "psc_ilb_nat" { + provider = "google-beta" + + name = "psc-ilb-nat" + region = "us-west2" + + network = google_compute_network.psc_ilb_network.id + purpose = "PRIVATE_SERVICE_CONNECT" + ip_cidr_range = "10.1.0.0/16" +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Service Attachment Explicit Projects + + +```hcl +resource "google_compute_service_attachment" "psc_ilb_service_attachment" { + provider = "google-beta" + + name = "my-psc-ilb" + region = "us-west2" + description = "A service attachment configured with Terraform" + + enable_proxy_protocol = true + connection_preference = "ACCEPT_MANUAL" + nat_subnets = [google_compute_subnetwork.psc_ilb_nat.id] + target_service = google_compute_forwarding_rule.psc_ilb_target_service.id + + consumer_reject_lists = ["673497134629", "482878270665"] + + consumer_accept_lists { + project_id_or_num = "658859330310" + connection_limit = 4 + } +} + +resource "google_compute_address" "psc_ilb_consumer_address" { + provider = "google-beta" + + name = "psc-ilb-consumer-address" + region = "us-west2" + + subnetwork = "default" + address_type = "INTERNAL" + address = "10.168.1.17" +} + +resource "google_compute_forwarding_rule" "psc_ilb_consumer" { + provider = "google-beta" + + name = "psc-ilb-consumer-forwarding-rule" + region = "us-west2" + + target = google_compute_service_attachment.psc_ilb_service_attachment.id + load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment + network = "default" + ip_address = google_compute_address.psc_ilb_consumer_address.id +} + +resource "google_compute_forwarding_rule" "psc_ilb_target_service" { + provider = "google-beta" + + name = "producer-forwarding-rule" + region = "us-west2" + + load_balancing_scheme = "INTERNAL" + backend_service = google_compute_region_backend_service.producer_service_backend.id + all_ports = true + network = google_compute_network.psc_ilb_network.name + subnetwork = google_compute_subnetwork.psc_ilb_producer_subnetwork.name +} + +resource "google_compute_region_backend_service" "producer_service_backend" { + provider = "google-beta" + + name = "producer-service" + region = "us-west2" + + health_checks = [google_compute_health_check.producer_service_health_check.id] +} + +resource "google_compute_health_check" "producer_service_health_check" { + provider = "google-beta" + + name = "producer-service-health-check" + + check_interval_sec = 1 + timeout_sec = 1 + tcp_health_check { + port = "80" + } +} + +resource "google_compute_network" "psc_ilb_network" { + provider = "google-beta" + + name = "psc-ilb-network" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" { + provider = "google-beta" + + name = "psc-ilb-producer-subnetwork" + region = "us-west2" + + network = google_compute_network.psc_ilb_network.id + ip_cidr_range = "10.0.0.0/16" +} + +resource "google_compute_subnetwork" "psc_ilb_nat" { + provider = "google-beta" + + name = "psc-ilb-nat" + region = "us-west2" + + network = google_compute_network.psc_ilb_network.id + purpose = "PRIVATE_SERVICE_CONNECT" + ip_cidr_range = "10.1.0.0/16" +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `name` - + (Required) + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + +* `connection_preference` - + (Required) + The connection preference to use for this service attachment. Valid + values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL". + +* `target_service` - + (Required) + The URL of a forwarding rule that represents the service identified by + this service attachment. + +* `nat_subnets` - + (Required) + An array of subnets that is provided for NAT in this service attachment. + +* `enable_proxy_protocol` - + (Required) + If true, enable the proxy protocol which is for supplying client TCP/IP + address data in TCP connections that traverse proxies on their way to + destination servers. + + +- - - + + +* `description` - + (Optional) + An optional description of this resource. + +* `consumer_reject_lists` - + (Optional) + An array of projects that are not allowed to connect to this service + attachment. + +* `consumer_accept_lists` - + (Optional) + An array of projects that are allowed to connect to this service + attachment. + Structure is documented below. + +* `region` - + (Optional) + URL of the region where the resource resides. + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +The `consumer_accept_lists` block supports: + +* `project_id_or_num` - + (Required) + A project that is allowed to connect to this service attachment. + +* `connection_limit` - + (Required) + The number of consumer forwarding rules the consumer project can + create. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}` + +* `connected_endpoints` - + An array of the consumer forwarding rules connected to this service + attachment. + Structure is documented below. +* `self_link` - The URI of the created resource. + + +The `connected_endpoints` block contains: + +* `endpoint` - + The URL of the consumer forwarding rule. + +* `status` - + The status of the connection from the consumer forwarding rule to + this service attachment. + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 4 minutes. +- `delete` - Default is 4 minutes. + +## Import + + +ServiceAttachment can be imported using any of these accepted formats: + +``` +$ terraform import google_compute_service_attachment.default projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}} +$ terraform import google_compute_service_attachment.default {{project}}/{{region}}/{{name}} +$ terraform import google_compute_service_attachment.default {{region}}/{{name}} +$ terraform import google_compute_service_attachment.default {{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/google.erb b/website/google.erb index 92be8f9a557..26065f05c67 100644 --- a/website/google.erb +++ b/website/google.erb @@ -1938,6 +1938,10 @@ google_compute_security_policy +
  • + google_compute_service_attachment +
    • +
  • google_compute_shared_vpc_host_project