In the apigee module now both the /22 and /28 peering IP ranges are passed at instance creation

apichick · apichick · commit 92e2fa2c52b2 · 2023-01-30T10:51:34.000+01:00
diff --git a/blueprints/apigee/bigquery-analytics/README.md b/blueprints/apigee/bigquery-analytics/README.md
@@ -60,14 +60,14 @@ Do the following to verify that everything works as expected.
 |---|---|:---:|:---:|:---:|
 | [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | ✓ |  |
 | [environments](variables.tf#L30) | Environments. | <code title="map&#40;object&#40;&#123;&#10;  display_name &#61; optional&#40;string&#41;&#10;  description  &#61; optional&#40;string&#41;&#10;  node_config &#61; optional&#40;object&#40;&#123;&#10;    min_node_count &#61; optional&#40;number&#41;&#10;    max_node_count &#61; optional&#40;number&#41;&#10;  &#125;&#41;&#41;&#10;  iam       &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ |  |
-| [instances](variables.tf#L45) | Instance. | <code title="map&#40;object&#40;&#123;&#10;  display_name         &#61; optional&#40;string&#41;&#10;  description          &#61; optional&#40;string&#41;&#10;  region               &#61; string&#10;  environments         &#61; list&#40;string&#41;&#10;  psa_ip_cidr_range    &#61; string&#10;  disk_encryption_key  &#61; optional&#40;string&#41;&#10;  consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ |  |
-| [project_id](variables.tf#L91) | Project ID. | <code>string</code> | ✓ |  |
-| [psc_config](variables.tf#L97) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ |  |
+| [instances](variables.tf#L45) | Instance. | <code title="map&#40;object&#40;&#123;&#10;  display_name                  &#61; optional&#40;string&#41;&#10;  description                   &#61; optional&#40;string&#41;&#10;  region                        &#61; string&#10;  environments                  &#61; list&#40;string&#41;&#10;  runtime_ip_cidr_range         &#61; string&#10;  troubleshooting_ip_cidr_range &#61; string&#10;  disk_encryption_key           &#61; optional&#40;string&#41;&#10;  consumer_accept_list          &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ |  |
+| [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ |  |
+| [psc_config](variables.tf#L98) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ |  |
 | [datastore_name](variables.tf#L17) | Datastore. | <code>string</code> |  | <code>&#34;gcs&#34;</code> |
-| [organization](variables.tf#L59) | Apigee organization. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  description             &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [path](variables.tf#L75) | Bucket path. | <code>string</code> |  | <code>&#34;&#47;analytics&#34;</code> |
-| [project_create](variables.tf#L82) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [vpc_create](variables.tf#L103) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> |  | <code>true</code> |
+| [organization](variables.tf#L60) | Apigee organization. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  description             &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [path](variables.tf#L76) | Bucket path. | <code>string</code> |  | <code>&#34;&#47;analytics&#34;</code> |
+| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> |  | <code>true</code> |
 
 ## Outputs
 
diff --git a/blueprints/apigee/bigquery-analytics/main.tf b/blueprints/apigee/bigquery-analytics/main.tf
@@ -68,9 +68,12 @@ module "vpc" {
     region        = k
   }]
   psa_config = {
-    ranges = {
-      for k, v in var.instances : "apigee-${k}" => v.psa_ip_cidr_range
-    }
+    ranges = merge({ for k, v in var.instances :
+      "apigee-runtime-${k}" => v.runtime_ip_cidr_range
+      }, { for k, v in var.instances :
+      "apigee-troubleshooting-${k}" => v.troubleshooting_ip_cidr_range
+      }
+    )
   }
 }
 
diff --git a/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample
@@ -15,7 +15,8 @@ instances = {
   instance-ew1 = {
     region            = "europe-west1"
     environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+      runtime_ip_cidr_range = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.1.0/28"
   }
 }
 psc_config = {
diff --git a/blueprints/apigee/bigquery-analytics/variables.tf b/blueprints/apigee/bigquery-analytics/variables.tf
@@ -45,13 +45,14 @@ variable "environments" {
 variable "instances" {
   description = "Instance."
   type = map(object({
-    display_name         = optional(string)
-    description          = optional(string)
-    region               = string
-    environments         = list(string)
-    psa_ip_cidr_range    = string
-    disk_encryption_key  = optional(string)
-    consumer_accept_list = optional(list(string))
+    display_name                  = optional(string)
+    description                   = optional(string)
+    region                        = string
+    environments                  = list(string)
+    runtime_ip_cidr_range         = string
+    troubleshooting_ip_cidr_range = string
+    disk_encryption_key           = optional(string)
+    consumer_accept_list          = optional(list(string))
   }))
   nullable = false
 }
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
@@ -46,18 +46,19 @@ Do the following to verify that everything works as expected.
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
 | [apigee_project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ |  |
-| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | <code>string</code> | ✓ |  |
-| [hostname](variables.tf#L52) | Host name. | <code>string</code> | ✓ |  |
-| [onprem_project_id](variables.tf#L57) | Project ID. | <code>string</code> | ✓ |  |
-| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ |  |
+| [billing_account_id](variables.tf#L53) | Parameters for the creation of the new project. | <code>string</code> | ✓ |  |
+| [hostname](variables.tf#L58) | Host name. | <code>string</code> | ✓ |  |
+| [onprem_project_id](variables.tf#L63) | Project ID. | <code>string</code> | ✓ |  |
+| [parent](variables.tf#L81) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ |  |
 | [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.1.0&#47;24&#34;</code> |
-| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.4.0&#47;22&#34;</code> |
-| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.2.0&#47;24&#34;</code> |
+| [apigee_psc_subnet_ip_cidr_range](variables.tf#L29) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.2.0&#47;24&#34;</code> |
+| [apigee_runtime_ip_cidr_range](variables.tf#L35) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.4.0&#47;22&#34;</code> |
 | [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.2.0.0&#47;24&#34;</code> |
-| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.1.0&#47;24&#34;</code> |
-| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;24&#34;</code> |
-| [region](variables.tf#L80) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
-| [zone](variables.tf#L86) | Zone. | <code>string</code> |  | <code>&#34;europe-west1-c&#34;</code> |
+| [apigee_troubleshooting_ip_cidr_range](variables.tf#L47) | Apigee PSA IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;28&#34;</code> |
+| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.1.0&#47;24&#34;</code> |
+| [onprem_subnet_ip_cidr_range](variables.tf#L75) | Subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.1.0.0&#47;24&#34;</code> |
+| [region](variables.tf#L86) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [zone](variables.tf#L92) | Zone. | <code>string</code> |  | <code>&#34;europe-west1-c&#34;</code> |
 
 ## Outputs
 
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf
@@ -57,7 +57,8 @@ module "apigee_vpc" {
   }]
   psa_config = {
     ranges = {
-      "apigee" = var.apigee_psa_ip_cidr_range
+      "apigee-runtime"         = var.apigee_runtime_ip_cidr_range
+      "apigee-troubleshooting" = var.apigee_troubleshooting_ip_cidr_range
     }
   }
 }
@@ -79,9 +80,10 @@ module "apigee" {
   }
   instances = {
     instance-1 = {
-      region            = var.region
-      environments      = [local.environment]
-      psa_ip_cidr_range = var.apigee_psa_ip_cidr_range
+      region                        = var.region
+      environments                  = [local.environment]
+      runtime_ip_cidr_range         = var.apigee_runtime_ip_cidr_range
+      troubleshooting_ip_cidr_range = var.apigee_troubleshooting_ip_cidr_range
     }
   }
   endpoint_attachments = {
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf
@@ -26,24 +26,30 @@ variable "apigee_proxy_only_subnet_ip_cidr_range" {
   default     = "10.2.1.0/24"
 }
 
-variable "apigee_psa_ip_cidr_range" {
-  description = "Apigee PSA IP CIDR range."
-  type        = string
-  default     = "10.0.4.0/22"
-}
-
 variable "apigee_psc_subnet_ip_cidr_range" {
   description = "Subnet IP CIDR range."
   type        = string
   default     = "10.2.2.0/24"
 }
 
+variable "apigee_runtime_ip_cidr_range" {
+  description = "Apigee PSA IP CIDR range."
+  type        = string
+  default     = "10.0.4.0/22"
+}
+
 variable "apigee_subnet_ip_cidr_range" {
   description = "Subnet IP CIDR range."
   type        = string
   default     = "10.2.0.0/24"
 }
 
+variable "apigee_troubleshooting_ip_cidr_range" {
+  description = "Apigee PSA IP CIDR range."
+  type        = string
+  default     = "10.1.0.0/28"
+}
+
 variable "billing_account_id" {
   description = "Parameters for the creation of the new project."
   type        = string
diff --git a/modules/apigee/README.md b/modules/apigee/README.md
@@ -44,14 +44,16 @@ module "apigee" {
   }
   instances = {
     instance-test-ew1 = {
-      region            = "europe-west1"
-      environments      = ["apis-test"]
-      psa_ip_cidr_range = "10.0.4.0/22"
+      region                        = "europe-west1"
+      environments                  = ["apis-test"]
+      runtime_ip_cidr_range         = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
     }
     instance-prod-ew3 = {
-      region            = "europe-west3"
-      environments      = ["apis-prod"]
-      psa_ip_cidr_range = "10.0.5.0/22"
+      region                        = "europe-west3"
+      environments                  = ["apis-prod"]
+      runtime_ip_cidr_range         = "10.0.5.0/22"
+      troubleshooting_ip_cidr_range = "10.1.16.0/28"
     }
   }
   endpoint_attachments = {
@@ -141,9 +143,10 @@ module "apigee" {
   project_id = "my-project"
   instances = {
     instance-test-ew1 = {
-      region            = "europe-west1"
-      environments      = ["apis-test"]
-      psa_ip_cidr_range = "10.0.4.0/22"
+      region                        = "europe-west1"
+      environments                  = ["apis-test"]
+      runtime_ip_cidr_range         = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.1.0/28"
     }
   }
 }
@@ -173,12 +176,12 @@ module "apigee" {
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L77) | Project ID. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L78) | Project ID. | <code>string</code> | ✓ |  |
 | [endpoint_attachments](variables.tf#L17) | Endpoint attachments. | <code title="map&#40;object&#40;&#123;&#10;  region             &#61; string&#10;  service_attachment &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
 | [envgroups](variables.tf#L26) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>null</code> |
 | [environments](variables.tf#L32) | Environments. | <code title="map&#40;object&#40;&#123;&#10;  display_name    &#61; optional&#40;string&#41;&#10;  description     &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  deployment_type &#61; optional&#40;string&#41;&#10;  api_proxy_type  &#61; optional&#40;string&#41;&#10;  node_config &#61; optional&#40;object&#40;&#123;&#10;    min_node_count &#61; optional&#40;number&#41;&#10;    max_node_count &#61; optional&#40;number&#41;&#10;  &#125;&#41;&#41;&#10;  iam       &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
-| [instances](variables.tf#L49) | Instances. | <code title="map&#40;object&#40;&#123;&#10;  display_name         &#61; optional&#40;string&#41;&#10;  description          &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  region               &#61; string&#10;  environments         &#61; list&#40;string&#41;&#10;  psa_ip_cidr_range    &#61; string&#10;  disk_encryption_key  &#61; optional&#40;string&#41;&#10;  consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
-| [organization](variables.tf#L63) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string&#41;&#10;  description             &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [instances](variables.tf#L49) | Instances. | <code title="map&#40;object&#40;&#123;&#10;  display_name                  &#61; optional&#40;string&#41;&#10;  description                   &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  region                        &#61; string&#10;  environments                  &#61; list&#40;string&#41;&#10;  runtime_ip_cidr_range         &#61; string&#10;  troubleshooting_ip_cidr_range &#61; string&#10;  disk_encryption_key           &#61; optional&#40;string&#41;&#10;  consumer_accept_list          &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
+| [organization](variables.tf#L64) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10;  display_name            &#61; optional&#40;string&#41;&#10;  description             &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10;  authorized_network      &#61; optional&#40;string&#41;&#10;  runtime_type            &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10;  billing_type            &#61; optional&#40;string&#41;&#10;  database_encryption_key &#61; optional&#40;string&#41;&#10;  analytics_region        &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 
 ## Outputs
 
diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf
@@ -93,7 +93,7 @@ resource "google_apigee_instance" "instances" {
   description              = each.value.description
   location                 = each.value.region
   org_id                   = local.org_id
-  ip_range                 = each.value.psa_ip_cidr_range
+  ip_range                 = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}"
   disk_encryption_key_name = each.value.disk_encryption_key
   consumer_accept_list     = each.value.consumer_accept_list
 }
diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf
@@ -49,13 +49,14 @@ variable "environments" {
 variable "instances" {
   description = "Instances."
   type = map(object({
-    display_name         = optional(string)
-    description          = optional(string, "Terraform-managed")
-    region               = string
-    environments         = list(string)
-    psa_ip_cidr_range    = string
-    disk_encryption_key  = optional(string)
-    consumer_accept_list = optional(list(string))
+    display_name                  = optional(string)
+    description                   = optional(string, "Terraform-managed")
+    region                        = string
+    environments                  = list(string)
+    runtime_ip_cidr_range         = string
+    troubleshooting_ip_cidr_range = string
+    disk_encryption_key           = optional(string)
+    consumer_accept_list          = optional(list(string))
   }))
   default = null
 }
diff --git a/tests/blueprints/apigee/bigquery-analytics/basic.tfvars b/tests/blueprints/apigee/bigquery-analytics/basic.tfvars
@@ -13,9 +13,10 @@ environments = {
 }
 instances = {
   instance-ew1 = {
-    region            = "europe-west1"
-    environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+    region                        = "europe-west1"
+    environments                  = ["apis-test"]
+    runtime_ip_cidr_range         = "10.0.4.0/22"
+    troubleshooting_ip_cidr_range = "10.1.0.0/28"
   }
 }
 psc_config = {
diff --git a/tests/blueprints/apigee/bigquery-analytics/basic.yaml b/tests/blueprints/apigee/bigquery-analytics/basic.yaml
@@ -14,4 +14,4 @@
 
 counts:
   modules: 9
-  resources: 61
+  resources: 62
diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml
@@ -14,4 +14,4 @@
 
 counts:
   modules: 13
-  resources: 72
+  resources: 73
diff --git a/tests/modules/apigee/fixture/test.all.tfvars b/tests/modules/apigee/fixture/test.all.tfvars
@@ -29,14 +29,16 @@ environments = {
 }
 instances = {
   instance-test-ew1 = {
-    region            = "europe-west1"
-    environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+    region                        = "europe-west1"
+    environments                  = ["apis-test"]
+    runtime_ip_cidr_range         = "10.0.4.0/22"
+    troubleshooting_ip_cidr_range = "10.1.0.0/28"
   }
   instance-prod-ew3 = {
-    region            = "europe-west3"
-    environments      = ["apis-prod"]
-    psa_ip_cidr_range = "10.0.5.0/22"
+    region                        = "europe-west3"
+    environments                  = ["apis-prod"]
+    runtime_ip_cidr_range         = "10.0.6.0/22"
+    troubleshooting_ip_cidr_range = "10.1.0.16/28"
   }
 }
 endpoint_attachments = {
diff --git a/tests/modules/apigee/fixture/test.instance_only.tfvars b/tests/modules/apigee/fixture/test.instance_only.tfvars
@@ -1,8 +1,9 @@
 project_id = "my-project"
 instances = {
   instance-test-ew1 = {
-    region            = "europe-west1"
-    environments      = ["apis-test"]
-    psa_ip_cidr_range = "10.0.4.0/22"
+    region                        = "europe-west1"
+    environments                  = ["apis-test"]
+    runtime_ip_cidr_range         = "10.0.4.0/22"
+    troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
   }
-}
+}
diff --git a/tests/modules/apigee/fixture/variables.tf b/tests/modules/apigee/fixture/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,8 @@ instances = {`
`15`	`15`	`instance-ew1 = {`
`16`	`16`	`region = "europe-west1"`
`17`	`17`	`environments = ["apis-test"]`
`18`		`- psa_ip_cidr_range = "10.0.4.0/22"`
	`18`	`+ runtime_ip_cidr_range = "10.0.4.0/22"`
	`19`	`+ troubleshooting_ip_cidr_range = "10.1.1.0/28"`
`19`	`20`	`}`
`20`	`21`	`}`
`21`	`22`	`psc_config = {`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,8 @@ module "apigee_vpc" {`
`57`	`57`	`}]`
`58`	`58`	`psa_config = {`
`59`	`59`	`ranges = {`
`60`		`- "apigee" = var.apigee_psa_ip_cidr_range`
	`60`	`+ "apigee-runtime" = var.apigee_runtime_ip_cidr_range`
	`61`	`+ "apigee-troubleshooting" = var.apigee_troubleshooting_ip_cidr_range`
`61`	`62`	`}`
`62`	`63`	`}`
`63`	`64`	`}`
`@@ -79,9 +80,10 @@ module "apigee" {`
`79`	`80`	`}`
`80`	`81`	`instances = {`
`81`	`82`	`instance-1 = {`
`82`		`- region = var.region`
`83`		`- environments = [local.environment]`
`84`		`- psa_ip_cidr_range = var.apigee_psa_ip_cidr_range`
	`83`	`+ region = var.region`
	`84`	`+ environments = [local.environment]`
	`85`	`+ runtime_ip_cidr_range = var.apigee_runtime_ip_cidr_range`
	`86`	`+ troubleshooting_ip_cidr_range = var.apigee_troubleshooting_ip_cidr_range`
`85`	`87`	`}`
`86`	`88`	`}`
`87`	`89`	`endpoint_attachments = {`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ resource "google_apigee_instance" "instances" {`
`93`	`93`	`description = each.value.description`
`94`	`94`	`location = each.value.region`
`95`	`95`	`org_id = local.org_id`
`96`		`- ip_range = each.value.psa_ip_cidr_range`
	`96`	`+ ip_range = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}"`
`97`	`97`	`disk_encryption_key_name = each.value.disk_encryption_key`
`98`	`98`	`consumer_accept_list = each.value.consumer_accept_list`
`99`	`99`	`}`