Merge pull request #16 from mineiros-io/lukas/update-subnetwork-props

feat: add support for the latest subnetwork arguments (uses 5.10 google provider)
mineiros-io · Mar 1, 2024 · 0ef5803 · 0ef5803
2 parents b90a7ad + d2038cc
commit 0ef5803
Show file tree

Hide file tree

Showing 10 changed files with 177 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@
 A [Terraform](https://www.terraform.io) module to create a [Google Network Subnet](https://cloud.google.com/vpc/docs/vpc#vpc_networks_and_subnets) on [Google Cloud Services (GCP)](https://cloud.google.com/).
 
 **_This module supports Terraform version 1
-and is compatible with the Terraform Google Provider version 4._** and 5._**
+and is compatible with the Terraform Google Provider version and 5.10+
 
 This module is part of our Infrastructure as Code (IaC) framework
 that enables our users and customers to easily deploy and manage reusable,
@@ -101,6 +101,52 @@ See [variables.tf] and [examples/] for details and use-cases.
 
   Default is `true`.
 
+- [**`purpose`**](#var-purpose): *(Optional `string`)*<a name="var-purpose"></a>
+
+  (Optional) This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, 
+  GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta).
+  If unspecified, the purpose defaults to PRIVATE_RFC_1918.
+
+  Default is `null`.
+
+- [**`role`**](#var-role): *(Optional `string`)*<a name="var-role"></a>
+
+  The role of subnetwork. Currently, this field is only used when 
+  purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. 
+  An ACTIVE subnetwork is one that is currently being used for Envoy-based 
+  load balancers in a region. A BACKUP subnetwork is one that is ready to 
+  be promoted to ACTIVE or is currently draining.
+
+  Default is `null`.
+
+- [**`private_ipv6_google_access`**](#var-private_ipv6_google_access): *(Optional `bool`)*<a name="var-private_ipv6_google_access"></a>
+
+  The private IPv6 google access type for the VMs in this subnet.
+
+  Default is `true`.
+
+- [**`stack_type`**](#var-stack_type): *(Optional `string`)*<a name="var-stack_type"></a>
+
+  The stack type for this subnet to identify whether the IPv6 feature is enabled or not. 
+  If not specified IPV4_ONLY will be used. Possible values are: IPV4_ONLY, IPV4_IPV6.
+
+  Default is `null`.
+
+- [**`ipv6_access_type`**](#var-ipv6_access_type): *(Optional `string`)*<a name="var-ipv6_access_type"></a>
+
+  The access type of IPv6 address this subnet holds. 
+  It's immutable and can only be specified during creation or the first time the subnet is updated 
+  into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet cannot enable direct path. 
+  Possible values are: EXTERNAL, INTERNAL.
+
+  Default is `null`.
+
+- [**`external_ipv6_prefix`**](#var-external_ipv6_prefix): *(Optional `string`)*<a name="var-external_ipv6_prefix"></a>
+
+  The range of external IPv6 addresses that are owned by this subnetwork.
+
+  Default is `null`.
+
 - [**`ip_cidr_range`**](#var-ip_cidr_range): *(**Required** `string`)*<a name="var-ip_cidr_range"></a>
 
   The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported.

diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
@@ -40,7 +40,7 @@ section {
     A [Terraform](https://www.terraform.io) module to create a [Google Network Subnet](https://cloud.google.com/vpc/docs/vpc#vpc_networks_and_subnets) on [Google Cloud Services (GCP)](https://cloud.google.com/).
 
     **_This module supports Terraform version 1
-    and is compatible with the Terraform Google Provider version 4._** and 5._**
+    and is compatible with the Terraform Google Provider version and 5.10+
 
     This module is part of our Infrastructure as Code (IaC) framework
     that enables our users and customers to easily deploy and manage reusable,
@@ -141,6 +141,60 @@ section {
         END
       }
 
+      variable "purpose" {
+        type        = string
+        default     = null
+        description = <<-END
+            (Optional) This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, 
+            GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta).
+            If unspecified, the purpose defaults to PRIVATE_RFC_1918.
+        END
+      }
+
+      variable "role" {
+        type        = string
+        default     = null
+        description = <<-END
+            The role of subnetwork. Currently, this field is only used when 
+            purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. 
+            An ACTIVE subnetwork is one that is currently being used for Envoy-based 
+            load balancers in a region. A BACKUP subnetwork is one that is ready to 
+            be promoted to ACTIVE or is currently draining.
+        END
+      }
+      variable "private_ipv6_google_access" {
+        type        = bool
+        default     = true
+        description = <<-END
+            The private IPv6 google access type for the VMs in this subnet.
+        END
+      }
+      variable "stack_type" {
+        type        = string
+        default     = null
+        description = <<-END
+            The stack type for this subnet to identify whether the IPv6 feature is enabled or not. 
+            If not specified IPV4_ONLY will be used. Possible values are: IPV4_ONLY, IPV4_IPV6.
+        END
+      }
+      variable "ipv6_access_type" {
+        type        = string
+        default     = null
+        description = <<-END
+            The access type of IPv6 address this subnet holds. 
+            It's immutable and can only be specified during creation or the first time the subnet is updated 
+            into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet cannot enable direct path. 
+            Possible values are: EXTERNAL, INTERNAL.
+        END
+      }
+      variable "external_ipv6_prefix" {
+        type        = string
+        default     = null
+        description = <<-END
+            The range of external IPv6 addresses that are owned by this subnetwork.
+        END
+      }
+
       variable "ip_cidr_range" {
         required    = true
         type        = string

diff --git a/main.tf b/main.tf
@@ -13,8 +13,14 @@ resource "google_compute_subnetwork" "subnetwork" {
   name        = var.name
   description = var.description
 
-  private_ip_google_access = var.private_ip_google_access
-  ip_cidr_range            = cidrsubnet(var.ip_cidr_range, 0, 0)
+  ip_cidr_range              = cidrsubnet(var.ip_cidr_range, 0, 0)
+  purpose                    = try(var.purpose, null)
+  role                       = try(var.role, null)
+  private_ip_google_access   = var.private_ip_google_access
+  private_ipv6_google_access = try(var.private_ipv6_google_access, null)
+  stack_type                 = try(var.stack_type, null)
+  ipv6_access_type           = try(var.ipv6_access_type, null)
+  external_ipv6_prefix       = try(var.external_ipv6_prefix, null)
 
   dynamic "secondary_ip_range" {
     for_each = var.secondary_ip_ranges

diff --git a/test/unit-complete/_generated_google.tf b/test/unit-complete/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.0, <6"
+      version = ">= 5.10, <6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.0, <6"
+      version = ">= 5.10, <6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
@@ -1,5 +1,5 @@
 module "test-sa" {
-  source = "github.com/mineiros-io/terraform-google-service-account?ref=v0.0.12"
+  source = "github.com/mineiros-io/terraform-google-service-account?ref=v0.2.1"
 
   account_id = "service-account-id-${local.random_suffix}"
 }
@@ -121,3 +121,25 @@ module "test2" {
 
   module_depends_on = ["nothing"]
 }
+
+module "ipv6_regional_proxy" {
+  source = "../.."
+
+  module_enabled = true
+  name           = "test-subnetwork"
+
+  project       = local.project_id
+  network       = "projects/test-project/global/networks/test-network"
+  ip_cidr_range = "10.0.0.0/22"
+  region        = "us-west2"
+
+  stack_type       = "IPV4_IPV6"
+  ipv6_access_type = "EXTERNAL"
+
+  purpose                    = "REGIONAL_MANAGED_PROXY"
+  role                       = "BACKUP"
+  private_ipv6_google_access = true
+  external_ipv6_prefix       = "2001:db8:1234::/48"
+
+  module_depends_on = ["nothing"]
+}
diff --git a/test/unit-disabled/_generated_google.tf b/test/unit-disabled/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.0, <6"
+      version = ">= 5.10, <6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.0, <6"
+      version = ">= 5.10, <6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/test/unit-minimal/_generated_google.tf b/test/unit-minimal/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "4.0"
+      version = "5.10"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "4.0"
+      version = "5.10"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/variables.tf b/variables.tf
@@ -46,6 +46,42 @@ variable "secondary_ip_ranges" {
   default     = []
 }
 
+variable "purpose" {
+  type        = string
+  description = "The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta)."
+  default     = null
+}
+
+variable "role" {
+  type        = string
+  description = "The role of subnetwork. Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP"
+  default     = null
+}
+
+variable "private_ipv6_google_access" {
+  type        = bool
+  description = "The private IPv6 google access type for the VMs in this subnet."
+  default     = null
+}
+
+variable "stack_type" {
+  type        = string
+  description = "The stack type for this subnet to identify whether the IPv6 feature is enabled or not. If not specified IPV4_ONLY will be used. Possible values are: IPV4_ONLY, IPV4_IPV6."
+  default     = null
+}
+
+variable "ipv6_access_type" {
+  type        = string
+  description = "The access type of IPv6 address this subnet holds. Possible values are: EXTERNAL, INTERNAL."
+  default     = null
+}
+
+variable "external_ipv6_prefix" {
+  type        = string
+  description = "The range of external IPv6 addresses that are owned by this subnetwork."
+  default     = null
+}
+
 variable "project" {
   type        = string
   description = "(Optional) The ID of the project in which the resources belong. If it is not set, the provider project is used."

diff --git a/versions.tf b/versions.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.0, <6"
+      version = ">= 5.10, <6"
     }
   }
 }
diff --git a/versions.tm.hcl b/versions.tm.hcl
@@ -2,7 +2,7 @@ globals {
   minimum_terraform_version   = "1.0"
 
   provider                    = "google"
-  minimum_provider_version    = "4.0"
+  minimum_provider_version    = "5.10"
 
   provider_version_constraint  = ">= ${global.minimum_provider_version}, <6"
   terraform_version_constraint = "~> ${global.minimum_terraform_version}, != 1.1.0, != 1.1.1"