From 43c77ed02c8b1333fc93390e880f0b0f941ca7e5 Mon Sep 17 00:00:00 2001
From: Jud Porter <jud@google.com>
Date: Mon, 7 Aug 2023 17:58:34 -0400
Subject: [PATCH] Add support and a test for Global ILB. (#8566)

---
 mmv1/products/compute/BackendService.yaml     |   1 +
 .../compute/GlobalForwardingRule.yaml         |  39 ++++
 ...l_internal_http_lb_with_mig_backend.tf.erb | 185 ++++++++++++++++++
 3 files changed, 225 insertions(+)
 create mode 100644 mmv1/templates/terraform/examples/global_internal_http_lb_with_mig_backend.tf.erb

diff --git a/mmv1/products/compute/BackendService.yaml b/mmv1/products/compute/BackendService.yaml
index 867c1fe91798..de689673f7d8 100644
--- a/mmv1/products/compute/BackendService.yaml
+++ b/mmv1/products/compute/BackendService.yaml
@@ -775,6 +775,7 @@ properties:
     values:
       - :EXTERNAL
       - :INTERNAL_SELF_MANAGED
+      - :INTERNAL_MANAGED
       - :EXTERNAL_MANAGED
   - !ruby/object:Api::Type::Enum
     name: 'localityLbPolicy'
diff --git a/mmv1/products/compute/GlobalForwardingRule.yaml b/mmv1/products/compute/GlobalForwardingRule.yaml
index 13567a3083b7..ee6df3585dfd 100644
--- a/mmv1/products/compute/GlobalForwardingRule.yaml
+++ b/mmv1/products/compute/GlobalForwardingRule.yaml
@@ -156,6 +156,27 @@ examples:
     ignore_read_extra:
       - 'port_range'
       - 'target'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'global_internal_http_lb_with_mig_backend'
+    primary_resource_id: 'google_compute_forwarding_rule'
+    vars:
+      gilb_network_name: 'l7-gilb-network'
+      proxy_subnet_name: 'l7-gilb-proxy-subnet'
+      backend_subnet_name: 'l7-gilb-subnet'
+      forwarding_rule_name: 'l7-gilb-forwarding-rule'
+      target_http_proxy_name: 'l7-gilb-target-http-proxy'
+      url_map_name: 'l7-gilb-url-map'
+      backend_service_name: 'l7-gilb-backend-subnet'
+      mig_template_name: 'l7-gilb-mig-template'
+      hc_name: 'l7-gilb-hc'
+      mig_name: 'l7-gilb-mig1'
+      fw_allow_iap_hc_name: 'l7-gilb-fw-allow-iap-hc'
+      fw_allow_gilb_to_backends_name: 'l7-gilb-fw-allow-gilb-to-backends'
+      vm_test_name: 'l7-gilb-test-vm'
+    min_version: beta
+    ignore_read_extra:
+      - 'port_range'
+      - 'target'
   - !ruby/object:Provider::Terraform::Examples
     name: 'private_service_connect_google_apis'
     min_version: beta
@@ -299,6 +320,7 @@ properties:
     values:
       - :EXTERNAL
       - :EXTERNAL_MANAGED
+      - :INTERNAL_MANAGED
       - :INTERNAL_SELF_MANAGED
   - !ruby/object:Api::Type::Array
     name: 'metadataFilters'
@@ -423,6 +445,23 @@ properties:
     # This is a multi-resource resource reference (TargetHttp(s)Proxy,
     # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool,
     # TargetInstance)
+  - !ruby/object:Api::Type::ResourceRef
+    name: 'subnetwork'
+    resource: 'Subnetwork'
+    imports: 'selfLink'
+    description: |
+      This field identifies the subnetwork that the load balanced IP should
+      belong to for this Forwarding Rule, used in internal load balancing and
+      network load balancing with IPv6.
+
+      If the network specified is in auto subnet mode, this field is optional.
+      However, a subnetwork must be specified if the network is in custom subnet
+      mode or when creating external forwarding rule with IPv6.
+    # This is a multi-resource resource reference (TargetHttp(s)Proxy,
+    # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool,
+    # TargetInstance)
+    default_from_api: true
+    custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb'
   - !ruby/object:Api::Type::String
     name: 'target'
     required: true
diff --git a/mmv1/templates/terraform/examples/global_internal_http_lb_with_mig_backend.tf.erb b/mmv1/templates/terraform/examples/global_internal_http_lb_with_mig_backend.tf.erb
new file mode 100644
index 000000000000..25a069dd2ea3
--- /dev/null
+++ b/mmv1/templates/terraform/examples/global_internal_http_lb_with_mig_backend.tf.erb
@@ -0,0 +1,185 @@
+# Global Internal HTTP load balancer with a managed instance group backend
+
+# [START cloudloadbalancing_int_http_gce]
+# VPC network
+resource "google_compute_network" "gilb_network" {
+  name                    = "<%= ctx[:vars]['gilb_network_name'] %>"
+  provider                = google-beta
+  auto_create_subnetworks = false
+}
+
+# proxy-only subnet
+resource "google_compute_subnetwork" "proxy_subnet" {
+  name          = "<%= ctx[:vars]['proxy_subnet_name'] %>"
+  provider      = google-beta
+  ip_cidr_range = "10.0.0.0/24"
+  region        = "europe-west1"
+  purpose       = "GLOBAL_MANAGED_PROXY"
+  role          = "ACTIVE"
+  network       = google_compute_network.gilb_network.id
+}
+
+# backend subnet
+resource "google_compute_subnetwork" "gilb_subnet" {
+  name          = "<%= ctx[:vars]['backend_subnet_name'] %>"
+  provider      = google-beta
+  ip_cidr_range = "10.0.1.0/24"
+  region        = "europe-west1"
+  network       = google_compute_network.gilb_network.id
+}
+
+# forwarding rule
+resource "google_compute_global_forwarding_rule" "<%= ctx[:primary_resource_id] %>" {
+  name                  = "<%= ctx[:vars]['forwarding_rule_name'] %>"
+  provider              = google-beta
+  depends_on            = [google_compute_subnetwork.proxy_subnet]
+  ip_protocol           = "TCP"
+  load_balancing_scheme = "INTERNAL_MANAGED"
+  port_range            = "80"
+  target                = google_compute_target_http_proxy.default.id
+  network               = google_compute_network.gilb_network.id
+  subnetwork            = google_compute_subnetwork.gilb_subnet.id
+}
+
+# HTTP target proxy
+resource "google_compute_target_http_proxy" "default" {
+  name     = "<%= ctx[:vars]['target_http_proxy_name'] %>"
+  provider = google-beta
+  url_map  = google_compute_url_map.default.id
+}
+
+# URL map
+resource "google_compute_url_map" "default" {
+  name            = "<%= ctx[:vars]['url_map_name'] %>"
+  provider        = google-beta
+  default_service = google_compute_backend_service.default.id
+}
+
+# backend service
+resource "google_compute_backend_service" "default" {
+  name                  = "<%= ctx[:vars]['backend_service_name'] %>"
+  provider              = google-beta
+  protocol              = "HTTP"
+  load_balancing_scheme = "INTERNAL_MANAGED"
+  timeout_sec           = 10
+  health_checks         = [google_compute_health_check.default.id]
+  backend {
+    group           = google_compute_instance_group_manager.mig.instance_group
+    balancing_mode  = "UTILIZATION"
+    capacity_scaler = 1.0
+  }
+}
+
+# instance template
+resource "google_compute_instance_template" "instance_template" {
+  name         = "<%= ctx[:vars]['mig_template_name'] %>"
+  provider     = google-beta
+  machine_type = "e2-small"
+  tags         = ["http-server"]
+
+  network_interface {
+    network    = google_compute_network.gilb_network.id
+    subnetwork = google_compute_subnetwork.gilb_subnet.id
+    access_config {
+      # add external ip to fetch packages
+    }
+  }
+  disk {
+    source_image = "debian-cloud/debian-10"
+    auto_delete  = true
+    boot         = true
+  }
+
+  # install nginx and serve a simple web page
+  metadata = {
+    startup-script = <<-EOF1
+      #! /bin/bash
+      set -euo pipefail
+
+      export DEBIAN_FRONTEND=noninteractive
+      apt-get update
+      apt-get install -y nginx-light jq
+
+      NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
+      IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
+      METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
+
+      cat <<EOF > /var/www/html/index.html
+      <pre>
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+      </pre>
+      EOF
+    EOF1
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# health check
+resource "google_compute_health_check" "default" {
+  name     = "<%= ctx[:vars]['hc_name'] %>"
+  provider = google-beta
+  http_health_check {
+    port_specification = "USE_SERVING_PORT"
+  }
+}
+
+# MIG
+resource "google_compute_instance_group_manager" "mig" {
+  name     = "<%= ctx[:vars]['mig_name'] %>"
+  provider = google-beta
+  zone = "europe-west1-b"
+  version {
+    instance_template = google_compute_instance_template.instance_template.id
+    name              = "primary"
+  }
+  base_instance_name = "vm"
+  target_size        = 2
+}
+
+# allow all access from IAP and health check ranges
+resource "google_compute_firewall" "fw-iap" {
+  name          = "<%= ctx[:vars]['fw_allow_iap_hc_name'] %>"
+  provider      = google-beta
+  direction     = "INGRESS"
+  network       = google_compute_network.gilb_network.id
+  source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"]
+  allow {
+    protocol = "tcp"
+  }
+}
+
+# allow http from proxy subnet to backends
+resource "google_compute_firewall" "fw-gilb-to-backends" {
+  name          = "<%= ctx[:vars]['fw_allow_gilb_to_backends_name'] %>"
+  provider      = google-beta
+  direction     = "INGRESS"
+  network       = google_compute_network.gilb_network.id
+  source_ranges = ["10.0.0.0/24"]
+  target_tags   = ["http-server"]
+  allow {
+    protocol = "tcp"
+    ports    = ["80", "443", "8080"]
+  }
+}
+
+# test instance
+resource "google_compute_instance" "vm-test" {
+  name         = "<%= ctx[:vars]['vm_test_name'] %>"
+  provider     = google-beta
+  zone         = "europe-west1-b"
+  machine_type = "e2-small"
+  network_interface {
+    network    = google_compute_network.gilb_network.id
+    subnetwork = google_compute_subnetwork.gilb_subnet.id
+  }
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-10"
+    }
+  }
+}
+# [END cloudloadbalancing_int_http_gce]