GCVE module first release

modules/gcve-private-cloud/README.md

@@ -0,0 +1,97 @@
+# Google Cloud VMWare Engine Private Cloud Module
+
+This module implements the creation and management of a Google Cloud VMWare Engine Private Cloud with its management cluster. If configured, it also creates the vmware engine network or it can work with an existing one. The creation of the private connection with the user VPC requires the execution of the  [Google SDK command](https://cloud.google.com/sdk/gcloud/reference/vmware/private-connections/create#--routing-mode) the module provides as an output.
+
+Be aware that the deployment of this module might requires up to 2 hours depending on the selected private cloud target zone.
+
+## TOC
+
+<!-- BEGIN TOC -->
+- [TOC](#toc)
+- [Limitations](#limitations)
+- [Basic Private Cloud Creation](#basic-private-cloud-creation)
+- [Private Cloud Creation with custom nodes and cores count](#private-cloud-creation-with-custom-nodes-and-cores-count)
+- [Files](#files)
+- [Variables](#variables)
+<!-- END TOC -->
+
+## Limitations
+At the moment this module doesn't support the following use cases:
+- `Single node private cloud`
+- `Stretched private cloud`
+
+## Basic Private Cloud Creation
+
+```hcl
+module "gcve-pc" {
+  source          = "./fabric/modules/gcve-private-cloud"
+  name            = "gcve-pc"
+  project_id      = "gcve-test-project"
+  zone            = "asia-southeast1-a"
+  management_cidr = "192.168.0.0/24"
+
+  private_connections = {
+    transit-conn1 = {
+      name              = "transit-conn1",
+      network_self_link = "projects/test-prj-elia-01/global/networks/default",
+      peering           = "servicenetworking-googleapis-com"
+      type              = "PRIVATE_SERVICE_ACCESS",
+      routing_mode      = "REGIONAL"
+    }
+  }
+}
+# tftest modules=1 resources=2 inventory=basic.yaml
+```
+## Private Cloud Creation with custom nodes and cores count
+
+```hcl
+module "gcve-pc" {
+  source          = "./fabric/modules/gcve-private-cloud"
+  name            = "gcve-pc"
+  project_id      = "gcve-test-project"
+  zone            = "asia-southeast1-a"
+  management_cidr = "192.168.0.0/24"
+
+  management_cluster_config = {
+    node_type_id      = "standard-72"
+    node_count        = 6
+    custom_core_count = 28
+  }
+
+  private_connections = {
+    transit-conn1 = {
+      name              = "transit-conn1",
+      network_self_link = "projects/test-prj-elia-01/global/networks/default",
+      peering           = "servicenetworking-googleapis-com"
+      type              = "PRIVATE_SERVICE_ACCESS",
+      routing_mode      = "REGIONAL"
+    }
+  }
+}
+# tftest modules=1 resources=2 inventory=custom.yaml
+```
+
+<!-- TFDOC OPTS files:1 -->
+<!-- BEGIN TFDOC -->
+## Files
+
+| name | description | resources |
+|---|---|---|
+| [main.tf](./main.tf) | Module-level locals and resources. | <code>google_vmwareengine_network</code> · <code>google_vmwareengine_private_cloud</code> |
+| [output.tf](./output.tf) | None |  |
+| [variables.tf](./variables.tf) | Module variables. |  |
+| [versions.tf](./versions.tf) | Version pins. |  |
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [management_cidr](variables.tf#L23) | vSphere/vSAN subnets CIDR range. | <code>string</code> | ✓ |  |
+| [name](variables.tf#L42) | Private cloud name. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L74) | Project id. | <code>string</code> | ✓ |  |
+| [zone](variables.tf#L85) | Private cloud zone. | <code>string</code> | ✓ |  |
+| [description](variables.tf#L17) | Private cloud description. | <code>string</code> |  | <code>&#34;Terraform-managed.&#34;</code> |
+| [management_cluster_config](variables.tf#L28) | Management cluster configuration. | <code title="object&#40;&#123;&#10;  node_type_id      &#61; string&#10;  node_count        &#61; number,&#10;  custom_core_count &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  node_type_id      &#61; &#34;standard-72&#34;,&#10;  node_count        &#61; 3,&#10;  custom_core_count &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [private_connections](variables.tf#L47) | VMWare private connections configuration. It is used to create the gcloud command printed as output. | <code title="map&#40;object&#40;&#123;&#10;  name              &#61; string&#10;  description       &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;  network_self_link &#61; string&#10;  peering           &#61; string&#10;  type              &#61; optional&#40;string, &#34;REGIONAL&#34;&#41;&#10;  routing_mode      &#61; optional&#40;string, &#34;PRIVATE_SERVICE_ACCESS&#34;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [vmwareengine_network_create](variables.tf#L79) | Create the VMware Engine network. When set to false, it uses a data source to reference an existing VMware Engine network. | <code>bool</code> |  | <code>true</code> |
+<!-- END TFDOC -->

modules/gcve-private-cloud/main.tf

@@ -0,0 +1,74 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  region = join("-", slice(split("-", "${var.zone}"), 0, 2))
+  vmwareengine_network = (
+    var.vmwareengine_network_create
+    ? try(google_vmwareengine_network.private-cloud-network.0, null)
+    : try(data.google_vmwareengine_network.private-cloud-network.0, null)
+  )
+  psa_peering = {
+    for k, v in data.google_compute_network_peering.psa_peering : k => slice(split("/", "${v.peer_network}"), 6, 7)[0]
+  }
+}
+
+data "google_vmwareengine_network" "private-cloud-network" {
+  count    = var.vmwareengine_network_create ? 0 : 1
+  provider = google-beta
+  project  = var.project_id
+  name     = "${local.region}-default"
+  location = local.region
+}
+
+
+data "google_compute_network_peering" "psa_peering" {
+  for_each = var.private_connections
+  name     = each.value.peering
+  network  = each.value.network_self_link
+}
+
+resource "google_vmwareengine_private_cloud" "private-cloud" {
+  provider    = google-beta
+  project     = var.project_id
+  location    = var.zone
+  name        = var.name
+  description = var.description
+
+  network_config {
+    management_cidr       = var.management_cidr
+    vmware_engine_network = local.vmwareengine_network.id
+  }
+
+  management_cluster {
+    cluster_id = "${var.name}-mgmt-cluster"
+    node_type_configs {
+      node_type_id      = var.management_cluster_config.node_type_id
+      node_count        = var.management_cluster_config.node_count
+      custom_core_count = var.management_cluster_config.custom_core_count
+    }
+  }
+}
+
+resource "google_vmwareengine_network" "private-cloud-network" {
+  count       = var.vmwareengine_network_create ? 1 : 0
+  provider    = google-beta
+  project     = var.project_id
+  name        = "${local.region}-default"
+  location    = local.region
+  type        = "LEGACY"
+  description = "Private cloud ${var.name} network."
+}

modules/gcve-private-cloud/output.tf

@@ -0,0 +1,71 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "hcx" {
+  description = "Details about a HCX Cloud Manager appliance."
+  value       = google_vmwareengine_private_cloud.private-cloud.hcx
+}
+
+output "id" {
+  description = "ID of the private cloud"
+  value       = google_vmwareengine_private_cloud.private-cloud.id
+}
+
+output "management_cluster" {
+  description = "Details of the management cluster of the private cloud"
+  value       = google_vmwareengine_private_cloud.private-cloud.management_cluster
+}
+
+output "network_config" {
+  description = "Details about the network configuration of the private cloud"
+  value       = google_vmwareengine_private_cloud.private-cloud.network_config
+}
+
+output "nsx" {
+  description = "Details about a NSX Manager appliance."
+  value       = google_vmwareengine_private_cloud.private-cloud.nsx
+}
+
+output "private-cloud" {
+  description = "The private cloud resource"
+  value       = google_vmwareengine_private_cloud.private-cloud
+}
+
+output "vcenter" {
+  description = "Details about a vCenter Server management appliance."
+  value       = google_vmwareengine_private_cloud.private-cloud.vcenter
+}
+
+output "state" {
+  description = "Details about the state of the private cloud"
+  value       = google_vmwareengine_private_cloud.private-cloud.state
+}
+
+output "private_connections_setup" {
+  description = "Cloud SDK commands for the private connections manual setup."
+  value = {
+    for k, v in var.private_connections : k => <<EOT
+    gcloud vmware private-connections create ${v.name} \
+  --location=${local.region} \
+  --project=${var.project_id} \
+  --vmware-engine-network=${local.region}-default \ 
+  --description="${v.description}" \
+  --routing-mode=${v.routing_mode} \
+  --service-project=${local.psa_peering[k]} \ 
+  --type=${v.type}
+  EOT
+  }
+}

modules/gcve-private-cloud/variables.tf

@@ -0,0 +1,92 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "description" {
+  description = "Private cloud description."
+  type        = string
+  default     = "Terraform-managed."
+}
+
+variable "management_cidr" {
+  description = "vSphere/vSAN subnets CIDR range."
+  type        = string
+}
+
+variable "management_cluster_config" {
+  description = "Management cluster configuration."
+  type = object({
+    node_type_id      = string
+    node_count        = number,
+    custom_core_count = number
+  })
+  default = {
+    node_type_id      = "standard-72",
+    node_count        = 3,
+    custom_core_count = null
+  }
+}
+
+variable "name" {
+  description = "Private cloud name."
+  type        = string
+}
+
+variable "private_connections" {
+  description = "VMWare private connections configuration. It is used to create the gcloud command printed as output."
+  type = map(object({
+    name              = string
+    description       = optional(string, "Terraform-managed.")
+    network_self_link = string
+    peering           = string
+    type              = optional(string, "REGIONAL")
+    routing_mode      = optional(string, "PRIVATE_SERVICE_ACCESS")
+  }))
+  default = {}
+  validation {
+    condition = alltrue([
+      for r in var.private_connections :
+      contains(["GLOBAL", "REGIONAL"], r.routing_mode)
+    ])
+    error_message = "Routing mode must be one of GLOBAL, REGIONAL."
+  }
+  validation {
+    condition = alltrue([
+      for r in var.private_connections :
+      contains(["DELL_POWERSCALE", "NETAPP_CLOUD_VOLUMES", "PRIVATE_SERVICE_ACCESS", "THIRD_PARTY_SERVICE"], r.type)
+    ])
+    error_message = "Type must be one of DELL_POWERSCALE, NETAPP_CLOUD_VOLUMES, PRIVATE_SERVICE_ACCESS, THIRD_PARTY_SERVICE."
+  }
+}
+
+variable "project_id" {
+  description = "Project id."
+  type        = string
+}
+
+variable "vmwareengine_network_create" {
+  description = "Create the VMware Engine network. When set to false, it uses a data source to reference an existing VMware Engine network."
+  type        = bool
+  default     = true
+}
+
+variable "zone" {
+  description = "Private cloud zone."
+  type        = string
+}
+
+
+
+

modules/gcve-private-cloud/versions.tf

@@ -0,0 +1,29 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_version = ">= 1.4.4"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 4.76.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 4.76.0" # tftest
+    }
+  }
+}
+
+