Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Promote VPC Flow Logs Terraform API to GA #872

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# This file has some scaffolding to make sure that names are unique and that
# a region and zone are selected when you try to create your Terraform resources.

locals {
name_suffix = "${random_pet.suffix.id}"
}

resource "random_pet" "suffix" {
length = 2
}

provider "google" {
region = "us-central1"
zone = "us-central1-c"
}
29 changes: 29 additions & 0 deletions network_management_vpc_flow_logs_config_interconnect_basic/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
data "google_project" "project" {
}

resource "google_network_management_vpc_flow_logs_config" "interconnect-test" {
vpc_flow_logs_config_id = "basic-interconnect-test-id-${local.name_suffix}"
location = "global"
interconnect_attachment = "projects/${data.google_project.project.number}/regions/us-east4/interconnectAttachments/${google_compute_interconnect_attachment.attachment.name}"
}

resource "google_compute_network" "network" {
name = "basic-interconnect-test-network-${local.name_suffix}"
}

resource "google_compute_router" "router" {
name = "basic-interconnect-test-router-${local.name_suffix}"
network = google_compute_network.network.name
bgp {
asn = 16550
}
}

resource "google_compute_interconnect_attachment" "attachment" {
name = "basic-interconnect-test-id-${local.name_suffix}"
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
type = "PARTNER"
router = google_compute_router.router.id
mtu = 1500
}

Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
===

These examples use real resources that will be billed to the
Google Cloud Platform project you use - so make sure that you
run "terraform destroy" before quitting!

===
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Network Management Vpc Flow Logs Config Interconnect Basic - Terraform

## Setup

<walkthrough-author name="[email protected]" analyticsId="UA-125550242-1" tutorialName="network_management_vpc_flow_logs_config_interconnect_basic" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>

Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.

<walkthrough-project-billing-setup></walkthrough-project-billing-setup>

Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.

## Terraforming!

Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
the project name from the environment variable.

```bash
export GOOGLE_CLOUD_PROJECT={{project-id}}
```

After that, let's get Terraform started. Run the following to pull in the providers.

```bash
terraform init
```

With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!

```bash
terraform apply
```

Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.

```bash
yes
```


## Post-Apply

### Editing your config

Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.

```bash
terraform plan
```

So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
run a 'plan' again.

```bash
terraform plan
```

Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
at the 'yes' prompt.

```bash
terraform apply
```

```bash
yes
```

## Cleanup

Run the following to remove the resources Terraform provisioned:

```bash
terraform destroy
```
```bash
yes
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# This file has some scaffolding to make sure that names are unique and that
# a region and zone are selected when you try to create your Terraform resources.

locals {
name_suffix = "${random_pet.suffix.id}"
}

resource "random_pet" "suffix" {
length = 2
}

provider "google" {
region = "us-central1"
zone = "us-central1-c"
}
34 changes: 34 additions & 0 deletions network_management_vpc_flow_logs_config_interconnect_full/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
data "google_project" "project" {
}

resource "google_network_management_vpc_flow_logs_config" "interconnect-test" {
vpc_flow_logs_config_id = "full-interconnect-test-id-${local.name_suffix}"
location = "global"
interconnect_attachment = "projects/${data.google_project.project.number}/regions/us-east4/interconnectAttachments/${google_compute_interconnect_attachment.attachment.name}"
state = "ENABLED"
aggregation_interval = "INTERVAL_5_SEC"
description = "VPC Flow Logs over a VPN Gateway."
flow_sampling = 0.5
metadata = "INCLUDE_ALL_METADATA"
}

resource "google_compute_network" "network" {
name = "full-interconnect-test-network-${local.name_suffix}"
}

resource "google_compute_router" "router" {
name = "full-interconnect-test-router-${local.name_suffix}"
network = google_compute_network.network.name
bgp {
asn = 16550
}
}

resource "google_compute_interconnect_attachment" "attachment" {
name = "full-interconnect-test-id-${local.name_suffix}"
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
type = "PARTNER"
router = google_compute_router.router.id
mtu = 1500
}

Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
===

These examples use real resources that will be billed to the
Google Cloud Platform project you use - so make sure that you
run "terraform destroy" before quitting!

===
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Network Management Vpc Flow Logs Config Interconnect Full - Terraform

## Setup

<walkthrough-author name="[email protected]" analyticsId="UA-125550242-1" tutorialName="network_management_vpc_flow_logs_config_interconnect_full" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>

Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.

<walkthrough-project-billing-setup></walkthrough-project-billing-setup>

Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.

## Terraforming!

Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
the project name from the environment variable.

```bash
export GOOGLE_CLOUD_PROJECT={{project-id}}
```

After that, let's get Terraform started. Run the following to pull in the providers.

```bash
terraform init
```

With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!

```bash
terraform apply
```

Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.

```bash
yes
```


## Post-Apply

### Editing your config

Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.

```bash
terraform plan
```

So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
run a 'plan' again.

```bash
terraform plan
```

Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
at the 'yes' prompt.

```bash
terraform apply
```

```bash
yes
```

## Cleanup

Run the following to remove the resources Terraform provisioned:

```bash
terraform destroy
```
```bash
yes
```
15 changes: 15 additions & 0 deletions network_management_vpc_flow_logs_config_vpn_basic/backing_file.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# This file has some scaffolding to make sure that names are unique and that
# a region and zone are selected when you try to create your Terraform resources.

locals {
name_suffix = "${random_pet.suffix.id}"
}

resource "random_pet" "suffix" {
length = 2
}

provider "google" {
region = "us-central1"
zone = "us-central1-c"
}
65 changes: 65 additions & 0 deletions network_management_vpc_flow_logs_config_vpn_basic/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
data "google_project" "project" {
}

resource "google_network_management_vpc_flow_logs_config" "vpn-test" {
vpc_flow_logs_config_id = "basic-test-id-${local.name_suffix}"
location = "global"
vpn_tunnel = "projects/${data.google_project.project.number}/regions/us-central1/vpnTunnels/${google_compute_vpn_tunnel.tunnel.name}"
}

resource "google_compute_vpn_tunnel" "tunnel" {
name = "basic-test-tunnel-${local.name_suffix}"
peer_ip = "15.0.0.120"
shared_secret = "a secret message"
target_vpn_gateway = google_compute_vpn_gateway.target_gateway.id

depends_on = [
google_compute_forwarding_rule.fr_esp,
google_compute_forwarding_rule.fr_udp500,
google_compute_forwarding_rule.fr_udp4500,
]
}

resource "google_compute_vpn_gateway" "target_gateway" {
name = "basic-test-gateway-${local.name_suffix}"
network = google_compute_network.network.id
}

resource "google_compute_network" "network" {
name = "basic-test-network-${local.name_suffix}"
}

resource "google_compute_address" "vpn_static_ip" {
name = "basic-test-address-${local.name_suffix}"
}

resource "google_compute_forwarding_rule" "fr_esp" {
name = "basic-test-fresp-${local.name_suffix}"
ip_protocol = "ESP"
ip_address = google_compute_address.vpn_static_ip.address
target = google_compute_vpn_gateway.target_gateway.id
}

resource "google_compute_forwarding_rule" "fr_udp500" {
name = "basic-test-fr500-${local.name_suffix}"
ip_protocol = "UDP"
port_range = "500"
ip_address = google_compute_address.vpn_static_ip.address
target = google_compute_vpn_gateway.target_gateway.id
}

resource "google_compute_forwarding_rule" "fr_udp4500" {
name = "basic-test-fr4500-${local.name_suffix}"
ip_protocol = "UDP"
port_range = "4500"
ip_address = google_compute_address.vpn_static_ip.address
target = google_compute_vpn_gateway.target_gateway.id
}

resource "google_compute_route" "route" {
name = "basic-test-route-${local.name_suffix}"
network = google_compute_network.network.name
dest_range = "15.0.0.0/24"
priority = 1000
next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel.id
}
7 changes: 7 additions & 0 deletions network_management_vpc_flow_logs_config_vpn_basic/motd
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
===

These examples use real resources that will be billed to the
Google Cloud Platform project you use - so make sure that you
run "terraform destroy" before quitting!

===
Loading