new example for metal service token a-side to gcp redundant connection end-to-end solution

Oscar Cobles · Oscar Cobles · commit 1277dcc7257d · 2022-07-22T13:53:11.000+02:00
diff --git a/README.md b/README.md
@@ -64,7 +64,7 @@ module "equinix-fabric-connection-gcp" {
 Run `terraform init -upgrade` and `terraform apply`.
 
 -> **NOTE:**
-Completing BGP configuration in GCP side is not directly supported with current google terraform provider (v3.72.0). As a workaround this module take advantage of [terraform-google-gcloud](https://registry.terraform.io/modules/terraform-google-modules/gcloud/google/latest) module which allows use gcloud. However, it is only available for `linux` and `darwin` based operating systems. To run this module in a non-supported platfom, 'network_edge_configure_bgp' and 'gcp_configure_bgp' must remain false. Check this [issue](https://github.com/hashicorp/terraform-provider-google/issues/9582) to obtain further information.
+Setting up BGP configuration in GCP side is not directly supported with current google terraform provider (v3.72.0). As a workaround this module take advantage of [terraform-google-gcloud](https://registry.terraform.io/modules/terraform-google-modules/gcloud/google/latest) module which allows use gcloud. However, it is only available for `linux` and `darwin` based operating systems. To run this module in a non-supported platfom, 'network_edge_configure_bgp' and 'gcp_configure_bgp' must remain false. Check this [issue](https://github.com/hashicorp/terraform-provider-google/issues/9582) to obtain further information.
 
 ### Variables
 
@@ -92,3 +92,4 @@ See <https://registry.terraform.io/modules/equinix-labs/fabric-connection-gcp/eq
 
 - [Fabric Port connection](https://registry.terraform.io/modules/equinix-labs/fabric-connection-gcp/equinix/latest/examples/fabric-port-connection/)
 - [Network Edge device connection](https://registry.terraform.io/modules/equinix-labs/fabric-connection-gcp/equinix/latest/examples/network-edge-device-connection/)
+- [Service Token (a-side) Equinix Metal to GCP redundant connection End-to-End Solution](https://registry.terraform.io/modules/equinix-labs/fabric-connection-gcp/equinix/latest/examples/service-token-metal-to-gcp-connection/)
diff --git a/examples/service-token-metal-to-gcp-connection/README.md b/examples/service-token-metal-to-gcp-connection/README.md
@@ -0,0 +1,38 @@
+# Complete Equinix Metal connection (a-side) to GCP (Google Cloud)
+
+~> Equinix Metal connection with automated `a_side` service token is not generally available and may not be enabled yet for your organization.
+
+~> This example is based on the Google Cloud topology to [establish 99.9% availability for Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/tutorials/dedicated-creating-999-availability) where we configure two VLAN attachments in a single Google Cloud region, in separate edge availability domains (metro availability zones) and using a single cloud router.
+
+This example demonstrates usage of the Equinix Connection GCP module to establish two Equinix Fabric L2 Connection from Equinix Metal (a-side) to GCP Interconnect using a redundant [A-Side Token](https://docs.equinix.com/en-us/Content/Interconnection/Fabric/service%20tokens/Fabric-Service-Tokens.htm).
+It will:
+
+- Use an existing Equinix Metal project an existing Google Cloud project.
+- Create an Equinix Metal VLAN in selected metro Silicon Valley (SV).
+- Request an Equinix Metal shared redundant connection in SV.
+- Attach the Equinix Metal VLAN to the Virtual Circuit created for the Equinix Metal connection.
+- Create a Google Cloud Router.
+- Create a Google Cloud Interconnect/VLAN Attachment.
+- Provision two Equinix Fabric l2 connection for Google Cloud service profile with specified bandwidth and private peering.
+- Finish setting up BGP configuration on GCP side.
+
+## Usage
+
+To provision this example, you should clone the github repository and run terraform from within this directory:
+
+```bash
+git clone https://github.com/equinix-labs/terraform-equinix-fabric-connection-gcp.git
+cd terraform-equinix-fabric-connection-gcp/examples/service-token-metal-to-gcp-connection
+terraform init
+terraform apply
+```
+
+Note that this example may create resources which cost money. Run 'terraform destroy' when you don't need these resources.
+
+## Variables
+
+See <https://registry.terraform.io/modules/equinix-labs/fabric-connection-gcp/equinix/latest/examples/service-token-metal-to-gcp-connection?tab=inputs> for a description of all variables.
+
+## Outputs
+
+See <https://registry.terraform.io/modules/equinix-labs/fabric-connection-gcp/equinix/latest/examples/service-token-metal-to-gcp-connection?tab=outputs> for a description of all outputs.
diff --git a/examples/service-token-metal-to-gcp-connection/main.tf b/examples/service-token-metal-to-gcp-connection/main.tf
@@ -0,0 +1,90 @@
+# Configure the Equinix Provider
+# Please refer to provider documentation for details on supported authentication methods and parameters.
+# https://registry.terraform.io/providers/equinix/equinix/latest/docs
+provider "equinix" {
+  client_id     = var.equinix_provider_client_id
+  client_secret = var.equinix_provider_client_secret
+}
+
+# Configure the Google Cloud Platform Provider
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials
+provider "google" {
+  project = var.gcp_project
+  region  = var.gcp_region
+}
+
+## Retrieve an existing equinix metal project
+## If you prefer you can use resource equinix_metal_project instead to create a fresh project
+data "equinix_metal_project" "this" {
+  project_id = var.metal_project_id
+}
+
+locals {
+  connection_name = format("conn-metal-gcp-%s", lower(var.fabric_destination_metro_code))
+}
+
+# Create a new VLAN in Frankfurt
+resource "equinix_metal_vlan" "this" {
+  description = format("VLAN in %s", var.fabric_destination_metro_code)
+  metro       = var.fabric_destination_metro_code
+  project_id  = data.equinix_metal_project.this.project_id
+}
+
+## Request a connection service token in Equinix Metal
+resource "equinix_metal_connection" "this" {
+    name               = local.connection_name
+    project_id         = data.equinix_metal_project.this.project_id
+    metro              = var.fabric_destination_metro_code
+    redundancy         = var.redundancy_type == "SINGLE" ? "primary" : "redundant"
+    type               = "shared"
+    service_token_type = "a_side"
+    description        = format("connection to GCP in %s", var.fabric_destination_metro_code)
+    speed              = format("%dMbps", var.fabric_speed)
+    vlans              = [equinix_metal_vlan.this.vxlan]
+}
+
+## Configure the Equinix Fabric connection from Equinix Metal to GCP using the metal connection service token
+module "equinix-fabric-connection-gcp-primary" {
+  source = "equinix-labs/fabric-connection-gcp/equinix"
+
+  fabric_notification_users     = var.fabric_notification_users
+  fabric_connection_name        = local.connection_name
+  fabric_destination_metro_code = var.fabric_destination_metro_code
+  fabric_speed                  = var.fabric_speed
+  fabric_service_token_id       = equinix_metal_connection.this.service_tokens.0.id
+
+  # gcp_project = var.gcp_project_name // if unspecified, the project configured in the provided block will be used
+  gcp_availability_domain = 1
+
+  gcp_gcloud_skip_download = false
+  platform                 = var.platform
+
+  ## BGP config
+  gcp_configure_bgp             = true
+  # gcp_interconnect_customer_asn = // If unspecified, default value "65000" will be used
+}
+
+## If redundancy_type is REDUNDANT, configure a secondary Equinix Fabric connection from Equinix Metal to GCP
+## using the metal connection service token
+module "equinix-fabric-connection-gcp-secondary" {
+  source = "equinix-labs/fabric-connection-gcp/equinix"
+
+  count = var.redundancy_type == "REDUNDANT" ? 1 : 0
+
+  fabric_notification_users     = var.fabric_notification_users
+  fabric_connection_name        = local.connection_name
+  fabric_destination_metro_code = var.fabric_destination_metro_code
+  fabric_speed                  = var.fabric_speed
+  fabric_service_token_id       = equinix_metal_connection.this.service_tokens.1.id
+  
+  gcp_availability_domain   = 2
+  gcp_compute_create_router = false // we use the same cloud router of the primary connection
+  gcp_compute_router_name   = module.equinix-fabric-connection-gcp-primary.gcp_cloud_router_name
+
+  gcp_gcloud_skip_download = true
+  platform                 = var.platform
+
+  ## BGP config
+  gcp_configure_bgp             = true
+  # gcp_interconnect_customer_asn = // If unspecified, default value "65000" will be used
+}
diff --git a/examples/service-token-metal-to-gcp-connection/outputs.tf b/examples/service-token-metal-to-gcp-connection/outputs.tf
@@ -0,0 +1,7 @@
+output "connection_primary_details" {
+  value = module.equinix-fabric-connection-gcp-primary
+}
+
+output "connection_secondary_details" {
+  value = var.redundancy_type == "REDUNDANT" ? module.equinix-fabric-connection-gcp-secondary : null
+}
diff --git a/examples/service-token-metal-to-gcp-connection/variables.tf b/examples/service-token-metal-to-gcp-connection/variables.tf
@@ -0,0 +1,77 @@
+variable "equinix_provider_client_id" {
+  type        = string
+  description = <<EOF
+  API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the
+  EQUINIX_API_CLIENTID shell environment variable.
+  EOF
+  default     = null
+}
+
+variable "equinix_provider_client_secret" {
+  type        = string
+  description = <<EOF
+  API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the
+  EQUINIX_API_CLIENTSECRET shell environment variable.
+  EOF
+  default     = null
+}
+
+variable "gcp_project" {
+  type        = string
+  description = "(Required) Name of the GCP project to manage resources in."
+}
+
+variable "gcp_region" {
+  type        = string
+  description = <<EOF
+  The region in which the GCP resources and the Equinix port for GCP resides, i.e. 'us-west2'. If unspecified, this
+  defaults to the region configured in the google provider.
+  
+  NOTE: 'var.gcp_region' and 'var.fabric_destination_metro_code' must correspond to same location."
+  EOF
+  default     = "us-west2" // Corresponds to Silicon Valley (SV) and Los Angeles (LA).
+}
+
+variable "metal_project_id" {
+  type        = string
+  description = "ID of the project where the connection is scoped to, used to look up the project."
+}
+
+variable "fabric_notification_users" {
+  type        = list(string)
+  description = "A list of email addresses used for sending connection update notifications."
+  default = ["example@equinix.com"]
+}
+
+variable "fabric_destination_metro_code" {
+  type        = string
+  description = "Destination Metro code where the connection will be created."
+  default     = "SV" // Corresponds to Silicon Valley
+}
+
+variable "fabric_speed" {
+  type        = number
+  description = <<EOF
+  Speed/Bandwidth in Mbps to be allocated to the connection. If unspecified, it will be used the minimum
+  bandwidth available for the `Equinix Metal` service profile. Valid values are
+  (50, 100, 200, 500, 1000, 2000, 5000, 10000).
+  EOF
+  default     = 50
+}
+
+variable "redundancy_type" {
+  type        = string
+  description = "Whether to create a 'SINGLE' connection or 'REDUNDANT'."
+  default     = "REDUNDANT"
+}
+
+variable "platform" {
+  type        = string
+  description = <<EOF
+  (Required) Platform this terraform module will run on. One of: linux, darwin.
+  
+  NOTE: Configuration of the bgp customer ASN in google side is not directly supported with current google terraform
+  provider (v3.72.0). As a workaround this module take advantage of 'terraform-google-gcloud' module which allows use
+  gcloud. However, it is only available for `linux` and `darwin` based operating systems.
+  EOF
+}
diff --git a/examples/service-token-metal-to-gcp-connection/versions.tf b/examples/service-token-metal-to-gcp-connection/versions.tf
@@ -0,0 +1,14 @@
+terraform {  
+  required_version = ">= 0.13"
+
+  required_providers {
+    equinix = {
+      source  = "equinix/equinix"
+      version = ">= 1.7.0"
+    }
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 3.72.0"
+    }
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -62,6 +62,11 @@ output "gcp_cloud_router_id" {
   value       = local.gcp_compute_router_id
 }
 
+output "gcp_cloud_router_name" {
+  description = "Google Cloud Router Name."
+  value       = var.gcp_compute_create_router ? google_compute_router.this[0].name : data.google_compute_router.this[0].name
+}
+
 output "gcp_cloud_router_ip_address" {
   description = <<EOF
   Google Cloud Router IPv4 address + prefix length to be configured on CLOUD Router Interface for the interconnect
