Bswenka/psc glb and armor 2 producers (#2071)

* Enhanced this blueprint to add a second producer, and modularized the producer.

* Fixed terraform formatting

* Updating README.md with tfdoc

* Fixed test case conditions & module variable passing

blueprints/networking/psc-glb-and-armor/README.md

@@ -37,7 +37,7 @@ This solution assumes you already have two projects created and set up where you
 
 * Have an [organization](https://cloud.google.com/resource-manager/docs/creating-managing-organization) set up in Google cloud.
 * Have a [billing account](https://cloud.google.com/billing/docs/how-to/manage-billing-account) set up.
-* Have two existing [projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) with [billing enabled](https://cloud.google.com/billing/docs/how-to/modify-project).
+* Have three existing [projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) with [billing enabled](https://cloud.google.com/billing/docs/how-to/modify-project).
 
 ### Roles & Permissions
 
@@ -72,9 +72,9 @@ Before we deploy the architecture, you will need the following information:
 
        terraform init
 
-4. Copy the following command into a console and replace __[consumer-project-id]__ and __[produce-project-id]__ with your project’s IDs. Then run the following command to run the terraform script and create all relevant resources for this architecture:
+4. Copy the following command into a console and replace __[consumer-project-id]__ and __[producer-a-project-id]__ and __[producer-b-project-id]__ with your project’s IDs. Then run the following command to run the terraform script and create all relevant resources for this architecture:
 
-       terraform apply -var consumer_project_id=[consumer-project-id] -var producer_project_id=[producer-project-id]
+       terraform apply -var consumer_project_id=[consumer-project-id] -var producer_a_project_id=[producer-a-project-id] -var producer_b_project_id=[producer-b-project-id]
 
 The resource creation will take a few minutes… but when it’s complete, you should see an output stating the command completed successfully with a list of the created resources.
 
@@ -94,34 +94,34 @@ The easiest way to remove all the deployed resources is to run the following com
 
 The above command will delete the associated resources so there will be no billable charges made afterwards.
 <!-- BEGIN TFDOC -->
-
 ## Variables
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
 | [consumer_project_id](variables.tf#L17) | The consumer project, in which the GCLB and Cloud Armor should be created. | <code>string</code> | ✓ |  |
 | [prefix](variables.tf#L22) | Prefix used for resource names. | <code>string</code> | ✓ |  |
-| [producer_project_id](variables.tf#L31) | The producer project, in which the LB, PSC Service Attachment and Cloud Run service should be created. | <code>string</code> | ✓ |  |
-| [project_create](variables.tf#L36) | Create project instead of using an existing one. | <code>bool</code> |  | <code>false</code> |
-| [region](variables.tf#L42) | The GCP region in which the resources should be deployed. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
-| [zone](variables.tf#L48) | The GCP zone for the VM. | <code>string</code> |  | <code>&#34;europe-west1-b&#34;</code> |
+| [producer_a_project_id](variables.tf#L31) | The producer A project, in which the LB, PSC Service Attachment and Cloud Run service should be created. | <code>string</code> | ✓ |  |
+| [producer_b_project_id](variables.tf#L36) | The producer B project, in which the LB, PSC Service Attachment and Cloud Run service should be created. | <code>string</code> | ✓ |  |
+| [project_create](variables.tf#L41) | Create project instead of using an existing one. | <code>bool</code> |  | <code>false</code> |
+| [region](variables.tf#L47) | The GCP region in which the resources should be deployed. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [zone](variables.tf#L53) | The GCP zone for the VM. | <code>string</code> |  | <code>&#34;europe-west1-b&#34;</code> |
 
 ## Outputs
 
 | name | description | sensitive |
 |---|---|:---:|
 | [lb_ip](outputs.tf#L17) | Load balancer IP address. |  |
-
 <!-- END TFDOC -->
 ## Test
 
 ```hcl
 module "psc-glb-and-armor-test" {
-  source              = "./fabric/blueprints/networking/psc-glb-and-armor"
-  prefix              = "test"
-  project_create      = true
-  consumer_project_id = "project-1"
-  producer_project_id = "project-2"
+  source                = "./fabric/blueprints/networking/psc-glb-and-armor"
+  prefix                = "test"
+  project_create        = true
+  consumer_project_id   = "project-1"
+  producer_a_project_id = "project-2"
+  producer_b_project_id = "project-3"
 }
-# tftest modules=3 resources=32
+# tftest modules=6 resources=57
 ```

blueprints/networking/psc-glb-and-armor/consumer.tf

@@ -24,12 +24,35 @@ module "consumer_project" {
   ]
 }
 
-resource "google_compute_region_network_endpoint_group" "psc_neg" {
-  name                  = "psc-neg"
+module "producer_a_project" {
+  source              = "./modules/producer"
+  producer_project_id = var.producer_a_project_id
+  project_create      = var.project_create
+}
+
+module "producer_b_project" {
+  source              = "./modules/producer"
+  producer_project_id = var.producer_b_project_id
+  project_create      = var.project_create
+}
+
+resource "google_compute_region_network_endpoint_group" "psc_neg_a" {
+  name                  = "psc-neg-a"
   region                = var.region
   project               = module.consumer_project.project_id
   network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
-  psc_target_service    = google_compute_service_attachment.psc_ilb_service_attachment.self_link
+  psc_target_service    = module.producer_a_project.psc_ilb_service_attachment.self_link
+
+  network    = "default"
+  subnetwork = "default"
+}
+
+resource "google_compute_region_network_endpoint_group" "psc_neg_b" {
+  name                  = "psc-neg-b"
+  region                = var.region
+  project               = module.consumer_project.project_id
+  network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
+  psc_target_service    = module.producer_b_project.psc_ilb_service_attachment.self_link
 
   network    = "default"
   subnetwork = "default"
@@ -54,7 +77,7 @@ resource "google_compute_url_map" "default" {
   project         = module.consumer_project.project_id
   name            = "url-map-target-proxy"
   description     = "A simple URL Map, routing all traffic to the PSC NEG"
-  default_service = google_compute_backend_service.default.id
+  default_service = google_compute_backend_service.backend-a.id
 
   host_rule {
     hosts        = ["*"]
@@ -63,11 +86,16 @@ resource "google_compute_url_map" "default" {
 
   path_matcher {
     name            = "allpaths"
-    default_service = google_compute_backend_service.default.id
+    default_service = google_compute_backend_service.backend-a.id
+
+    path_rule {
+      paths   = ["/b/*"]
+      service = google_compute_backend_service.backend-b.id
+    }
 
     path_rule {
       paths   = ["/*"]
-      service = google_compute_backend_service.default.id
+      service = google_compute_backend_service.backend-a.id
     }
   }
 }
@@ -83,15 +111,27 @@ resource "google_compute_security_policy" "policy" {
   }
 }
 
-resource "google_compute_backend_service" "default" {
+resource "google_compute_backend_service" "backend-a" {
+  provider              = google-beta
+  project               = module.consumer_project.project_id
+  name                  = "backend-a"
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  protocol              = "HTTPS"
+  backend {
+    group           = google_compute_region_network_endpoint_group.psc_neg_a.id
+    balancing_mode  = "UTILIZATION"
+    capacity_scaler = 1.0
+  }
+}
+
+resource "google_compute_backend_service" "backend-b" {
   provider              = google-beta
   project               = module.consumer_project.project_id
-  name                  = "backend"
+  name                  = "backend-b"
   load_balancing_scheme = "EXTERNAL_MANAGED"
   protocol              = "HTTPS"
-  security_policy       = google_compute_security_policy.policy.id
   backend {
-    group           = google_compute_region_network_endpoint_group.psc_neg.id
+    group           = google_compute_region_network_endpoint_group.psc_neg_b.id
     balancing_mode  = "UTILIZATION"
     capacity_scaler = 1.0
   }

blueprints/networking/psc-glb-and-armor/producer.tf → blueprints/networking/psc-glb-and-armor/modules/producer/main.tf

@@ -15,7 +15,7 @@
  */
 
 module "producer_project" {
-  source         = "../../../modules/project"
+  source         = "../../../../../modules/project"
   name           = var.producer_project_id
   project_create = var.project_create
   services = [
@@ -157,9 +157,11 @@ resource "google_compute_subnetwork" "ilb_subnetwork" {
 
   network       = google_compute_network.psc_ilb_network.id
   ip_cidr_range = "10.0.0.0/24"
-  role          = "ACTIVE"
+
+  role = "ACTIVE"
 }
 
+# proxy-only subnet
 resource "google_compute_subnetwork" "proxy_subnet" {
   name          = "l7-ilb-proxy-subnet"
   provider      = google-beta

blueprints/networking/psc-glb-and-armor/modules/producer/outputs.tf

@@ -0,0 +1,18 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+output "psc_ilb_service_attachment" {
+  value = google_compute_service_attachment.psc_ilb_service_attachment
+}

blueprints/networking/psc-glb-and-armor/modules/producer/variables.tf

@@ -0,0 +1,38 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "producer_project_id" {
+  description = "The producer project, in which the LB, PSC Service Attachment and Cloud Run service should be created."
+  type        = string
+}
+
+variable "project_create" {
+  description = "Create project instead of using an existing one."
+  type        = bool
+  default     = false
+}
+
+variable "region" {
+  description = "The GCP region in which the resources should be deployed."
+  type        = string
+  default     = "europe-west1"
+}
+
+variable "zone" {
+  description = "The GCP zone for the VM."
+  type        = string
+  default     = "europe-west1-b"
+}

blueprints/networking/psc-glb-and-armor/variables.tf

@@ -28,8 +28,13 @@ variable "prefix" {
   }
 }
 
-variable "producer_project_id" {
-  description = "The producer project, in which the LB, PSC Service Attachment and Cloud Run service should be created."
+variable "producer_a_project_id" {
+  description = "The producer A project, in which the LB, PSC Service Attachment and Cloud Run service should be created."
+  type        = string
+}
+
+variable "producer_b_project_id" {
+  description = "The producer B project, in which the LB, PSC Service Attachment and Cloud Run service should be created."
   type        = string
 }