feat: Alias IP Ranges (#207)

* Added support for setting alias-ip-range on an instance template

There is now a new variable 'alias_ip_range' which is passed verbatim to
the underlying google_compute_instance_template resource.
Added a simple test, verifying an alias_ip_range setting gets through.

Updated the Readme.md, removed the testing part, it is covered by the
CONTRIBUTING.md

* remove unused vars

Co-authored-by: bharathkkb <[email protected]>

Author: chatziparaskewas

.gitignore

@@ -8,11 +8,13 @@ terraform.tfvars
 .terraform
 .terraform.tfstate.d
 *.pyc
+credentials*.json
 
 # JetBrains - PyCharm, IntelliJ, etc.
 .idea/
 __pycache__/
 *.iml
+.project
 
 # Kitchen files
 **/inspec.lock

.kitchen.yml

@@ -40,6 +40,11 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/instance_template/additional_disks
+  - name: it_alias_ip_range
+    driver:
+      name: terraform
+      command_timeout: 1800
+      root_module_directory: test/fixtures/instance_template/alias_ip_range
   - name: preemptible_and_regular_instance_templates_simple
     driver:
       name: terraform

README.md

@@ -30,49 +30,9 @@ See also the [project_services](modules/project_services) module (optional).
 `distribution_policy_zones` cannot be changed during use.
 If you have changed them yourself or used to have a default value, then you'll have to force recreate a MIG group yourself.
 
-## Test Configuration
+## Tests
 
-1. Create a `terraform.tfvars` file, using `terraform.tfvars.example` as an example
-
-```shell
-cp test/fixtures/shared/terraform.tfvars.example test/fixtures/shared/terraform.tfvars
-```
-
-The `terraform.tfvars` in each fixture directory is already symlinked to this one shared file.
-
-2. Populate the variables with values appropriate for your test environment (i.e. `project_id`, `service_account.email`)
-3. Download a Service Account key with the necessary [permissions](#permissions) and put it in the module's root directory with the name credentials.json.
-
-## Running Tests
-
-From the root of the module, run
-
-```
-make test_integration_docker
-```
-
-to build the container and run through all the test suites. Note that this will take some time (> 20 minutes).
-
-You can also run each test case individually and interactively in the Docker container:
-
-```
-make docker_run
-```
-
-The root directory of the module will be mounted to `/cft/workdir` in the container. For example, to run the `mig-autoscaler` test suite:
-
-```
-bundle exec kitchen test mig-autosaler
-```
-
-or
-
-```
-bundle exec kitchen create mig-autoscaler
-bundle exec kitchen converge mig-autoscaler
-bundle exec kitchen verify mig-autoscaler
-bundle exec kitchen destroy mig-autoscaler
-```
+For running the integration test cases, please refer to the [CONTRIBUTING](CONTRIBUTING.md) documentation.
 
 ## Permissions
 

examples/compute_instance/disk_snapshot/main.tf

@@ -21,7 +21,7 @@ provider "google" {
 # Building the list of disk names in the required format.
 # Usually you would build this list from the outputs of the compute_instance module
 locals {
-  instance_disks = [for i in range(2) : "projects/${var.project_id}/disks/instance-simple-001-${i + 1}/zones/${data.google_compute_zones.available.names[0]}"]
+  instance_disks = [for i in range(2) : "projects/${var.project_id}/disks/instance-disk-snapshot-001-${i + 1}/zones/${data.google_compute_zones.available.names[0]}"]
 }
 
 data "google_compute_zones" "available" {
@@ -34,6 +34,7 @@ module "instance_template" {
   region          = var.region
   project_id      = var.project_id
   subnetwork      = var.subnetwork
+  name_prefix     = "instance-disk-snapshot"
   service_account = null
 
   additional_disks = [
@@ -63,7 +64,7 @@ module "compute_instance" {
   region            = var.region
   subnetwork        = var.subnetwork
   num_instances     = 1
-  hostname          = "instance-simple"
+  hostname          = "instance-disk-snapshot"
   instance_template = module.instance_template.self_link
 }
 

examples/instance_template/alias_ip_range/README.md

@@ -0,0 +1,22 @@
+# instance-template-alias-ip-range
+
+This example demonstrates how to use an alias IP range.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | The GCP project to use for integration tests | `string` | n/a | yes |
+| region | The GCP region to create and test resources in | `string` | `"us-central1"` | no |
+| service\_account | Service account to attach to the instance. See https://www.terraform.io/docs/providers/google/r/compute_instance_template.html#service_account. | <pre>object({<br>    email  = string<br>    scopes = set(string)<br>  })</pre> | `null` | no |
+| subnetwork | The name of the subnetwork create this instance in. | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| name | Name of the instance templates |
+| self\_link | Self-link to the instance template |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/instance_template/alias_ip_range/main.tf

@@ -0,0 +1,39 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+
+  project = var.project_id
+  region  = var.region
+  version = "~> 3.0"
+}
+
+resource "google_compute_address" "ip_address" {
+  name = "external-ip-alias-ip-range"
+}
+
+module "instance_template" {
+  source          = "../../../modules/instance_template"
+  project_id      = var.project_id
+  subnetwork      = var.subnetwork
+  service_account = var.service_account
+  name_prefix     = "alias-ip-range"
+
+  alias_ip_range = {
+    ip_cidr_range         = "/24"
+    subnetwork_range_name = var.subnetwork
+  }
+}

examples/instance_template/alias_ip_range/outputs.tf

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "self_link" {
+  description = "Self-link to the instance template"
+  value       = module.instance_template.self_link
+}
+
+output "name" {
+  description = "Name of the instance templates"
+  value       = module.instance_template.name
+}

examples/instance_template/alias_ip_range/variables.tf

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The GCP project to use for integration tests"
+  type        = string
+}
+
+variable "region" {
+  description = "The GCP region to create and test resources in"
+  type        = string
+  default     = "us-central1"
+}
+
+variable "subnetwork" {
+  description = "The name of the subnetwork create this instance in."
+  default     = ""
+}
+
+variable "service_account" {
+  default = null
+  type = object({
+    email  = string
+    scopes = set(string)
+  })
+  description = "Service account to attach to the instance. See https://www.terraform.io/docs/providers/google/r/compute_instance_template.html#service_account."
+}

examples/instance_template/alias_ip_range/versions.tf

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">=0.12.6"
+}

modules/instance_template/README.md

@@ -16,6 +16,7 @@ See the [simple](../../examples/instance_template/simple) for a usage example.
 | access\_config | Access configurations, i.e. IPs via which the VM instance can be accessed via the Internet. | <pre>list(object({<br>    nat_ip       = string<br>    network_tier = string<br>  }))</pre> | `[]` | no |
 | additional\_disks | List of maps of additional disks. See https://www.terraform.io/docs/providers/google/r/compute_instance_template.html#disk_name | <pre>list(object({<br>    disk_name    = string<br>    device_name  = string<br>    auto_delete  = bool<br>    boot         = bool<br>    disk_size_gb = number<br>    disk_type    = string<br>    disk_labels  = map(string)<br>  }))</pre> | `[]` | no |
 | additional\_networks | Additional network interface details for GCE, if any. | <pre>list(object({<br>    network            = string<br>    subnetwork         = string<br>    subnetwork_project = string<br>    network_ip         = string<br>    access_config = list(object({<br>      nat_ip       = string<br>      network_tier = string<br>    }))<br>  }))</pre> | `[]` | no |
+| alias\_ip\_range | An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.<br>ip\_cidr\_range: The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.<br>subnetwork\_range\_name: The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. | <pre>object({<br>    ip_cidr_range         = string<br>    subnetwork_range_name = string<br>  })</pre> | `null` | no |
 | auto\_delete | Whether or not the boot disk should be auto-deleted | `string` | `"true"` | no |
 | can\_ip\_forward | Enable IP forwarding, for NAT instances for example | `string` | `"false"` | no |
 | disk\_encryption\_key | The self link of the encryption key that is stored in Google Cloud KMS to use to encrypt all the disks on this instance | `string` | `null` | no |

modules/instance_template/main.tf

@@ -43,7 +43,8 @@ locals {
   shielded_vm_configs          = var.enable_shielded_vm ? [true] : []
   confidential_instance_config = var.enable_confidential_vm ? [true] : []
 
-  gpu_enabled = var.gpu != null
+  gpu_enabled            = var.gpu != null
+  alias_ip_range_enabled = var.alias_ip_range != null
   on_host_maintenance = (
     var.preemptible || var.enable_confidential_vm || local.gpu_enabled
     ? "TERMINATE"
@@ -110,6 +111,13 @@ resource "google_compute_instance_template" "tpl" {
         network_tier = access_config.value.network_tier
       }
     }
+    dynamic "alias_ip_range" {
+      for_each = local.alias_ip_range_enabled ? [var.alias_ip_range] : []
+      content {
+        ip_cidr_range         = alias_ip_range.value.ip_cidr_range
+        subnetwork_range_name = alias_ip_range.value.subnetwork_range_name
+      }
+    }
   }
 
   dynamic "network_interface" {

modules/instance_template/variables.tf

@@ -249,3 +249,19 @@ variable "gpu" {
   })
   default = null
 }
+
+##################
+# alias IP range
+##################
+variable "alias_ip_range" {
+  description = <<EOF
+An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.
+ip_cidr_range: The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.
+subnetwork_range_name: The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.
+EOF
+  type = object({
+    ip_cidr_range         = string
+    subnetwork_range_name = string
+  })
+  default = null
+}

test/fixtures/instance_template/additional_disks/terraform.tfvars

@@ -0,0 +1,22 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "instance_template_alias_ip_range" {
+  source          = "../../../../examples/instance_template/alias_ip_range"
+  project_id      = var.project_id
+  subnetwork      = google_compute_subnetwork.main.name
+  service_account = var.service_account
+}

test/fixtures/instance_template/alias_ip_range/main.tf

@@ -0,0 +1 @@
+../../shared/network.tf

test/fixtures/instance_template/alias_ip_range/network.tf

@@ -0,0 +1,35 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "self_link" {
+  description = "Self-link to instance template"
+  value       = module.instance_template_alias_ip_range.self_link
+}
+
+output "name" {
+  description = "Name of instance template"
+  value       = module.instance_template_alias_ip_range.name
+}
+
+output "project_id" {
+  description = "The GCP project to use for integration tests"
+  value       = var.project_id
+}
+
+output "subnetwork_name" {
+  description = "The GCP subnetwork name to use for integration tests"
+  value       = google_compute_subnetwork.main.name
+}

test/fixtures/instance_template/alias_ip_range/outputs.tf

@@ -0,0 +1,27 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The GCP project to use for integration tests"
+}
+
+variable "service_account" {
+  default = null
+  type = object({
+    email  = string
+    scopes = list(string)
+  })
+}