feat(TPG>=5.4)!: add vpc_network_sources in access level (#133)

Author: imrannayer

.kitchen.yml

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

Makefile

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

docs/upgrading_to_v6.0.md

@@ -2,4 +2,4 @@
 
 The v6.x release contains backwards-incompatible changes.
 
-This update requires upgrading the minimum provider version to `4.68`.
+This update requires upgrading the minimum provider version to `5.4`.

examples/access_level_vpc_ip/README.md

@@ -0,0 +1,24 @@
+# Simple Example Access Level
+
+This example illustrates how to use the `vpc-service-controls` module to configure an org policy and an access level
+
+# Requirements
+1. Make sure you've gone through the root [Requirement Section](../../#requirements)
+
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| parent\_id | The parent of this AccessPolicy in the Cloud Resource Hierarchy. As of now, only organization are accepted as parent. | `string` | n/a | yes |
+| project\_id | The ID of the project in which to provision network. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| access\_level | n/a |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/access_level_vpc_ip/main.tf

@@ -0,0 +1,96 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "random_id" "random_suffix" {
+  byte_length = 2
+}
+
+module "access_context_manager_policy" {
+  source  = "terraform-google-modules/vpc-service-controls/google"
+  version = "~> 5.0"
+
+  parent_id   = var.parent_id
+  policy_name = "int_test_vpc_sc_policy_${random_id.random_suffix.hex}"
+}
+
+#Create Network with a subnetwork and private service access for both netapp.servicenetworking.goog and servicenetworking.googleapis.com
+
+resource "google_compute_network" "network1" {
+  name                    = "vpc-a"
+  project                 = var.project_id
+  auto_create_subnetworks = false
+  description             = "test network"
+}
+
+resource "google_compute_subnetwork" "network1_us_central1" {
+  name                     = "vpc-a-us-central1"
+  ip_cidr_range            = "10.0.0.0/24"
+  region                   = "us-central1"
+  project                  = var.project_id
+  network                  = google_compute_network.network1.self_link
+  private_ip_google_access = true
+}
+
+resource "google_compute_subnetwork" "network1_us_east1" {
+  name                     = "vpc-a-us-east1"
+  ip_cidr_range            = "10.0.1.0/24"
+  region                   = "us-east1"
+  project                  = var.project_id
+  network                  = google_compute_network.network1.self_link
+  private_ip_google_access = true
+}
+
+resource "google_compute_network" "network2" {
+  name                    = "vpc-b"
+  project                 = var.project_id
+  auto_create_subnetworks = false
+  description             = "test network b"
+}
+
+resource "google_compute_subnetwork" "network2_us_central1" {
+  name                     = "vpc-b-us-central1"
+  ip_cidr_range            = "10.0.10.0/24"
+  region                   = "us-central1"
+  project                  = var.project_id
+  network                  = google_compute_network.network2.self_link
+  private_ip_google_access = true
+}
+
+module "access_level_vpc_ranges" {
+  source  = "terraform-google-modules/vpc-service-controls/google//modules/access_level"
+  version = "~> 5.0"
+
+  policy      = module.access_context_manager_policy.policy_id
+  name        = "vpc_ip_address_policy"
+  description = "access level for vpc ip addresses"
+  vpc_network_sources = {
+    "vpc_a" = {
+      network_id = google_compute_network.network1.id
+      ip_address_ranges = [
+        "10.0.0.0/24",
+        "192.169.0.0/16",
+      ]
+    }
+    "vpc_b" = {
+      network_id = google_compute_network.network2.id
+    }
+  }
+  depends_on = [
+    google_compute_subnetwork.network1_us_central1,
+    google_compute_subnetwork.network1_us_east1,
+    google_compute_subnetwork.network2_us_central1,
+  ]
+}

examples/access_level_vpc_ip/outputs.tf

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "access_level" {
+  value = module.access_level_vpc_ranges.access_level
+}

examples/access_level_vpc_ip/variables.tf

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "parent_id" {
+  description = "The parent of this AccessPolicy in the Cloud Resource Hierarchy. As of now, only organization are accepted as parent."
+  type        = string
+}
+
+variable "project_id" {
+  description = "The ID of the project in which to provision network."
+  type        = string
+}

examples/automatic_folder/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/automatic_folder/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/automatic_folder/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.