From 717300e974405d488c3082812097de0010b52b2c Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 30 Nov 2018 15:10:04 -0800 Subject: [PATCH] Add documentation for new resource_compute_router_nat to Terraform provider (#2545) /cc @cornmander --- google/resource_compute_router_nat.go | 3 + google/resource_compute_router_nat_test.go | 3 + .../docs/r/compute_router_nat.html.markdown | 166 ++++++++++++++++++ website/google.erb | 4 + 4 files changed, 176 insertions(+) create mode 100644 google/resource_compute_router_nat.go create mode 100644 google/resource_compute_router_nat_test.go create mode 100644 website/docs/r/compute_router_nat.html.markdown diff --git a/google/resource_compute_router_nat.go b/google/resource_compute_router_nat.go new file mode 100644 index 00000000..93cfad7a --- /dev/null +++ b/google/resource_compute_router_nat.go @@ -0,0 +1,3 @@ +package google + +// Magic Modules doesn't let us remove files - blank out beta-only common-compile files for now. diff --git a/google/resource_compute_router_nat_test.go b/google/resource_compute_router_nat_test.go new file mode 100644 index 00000000..93cfad7a --- /dev/null +++ b/google/resource_compute_router_nat_test.go @@ -0,0 +1,3 @@ +package google + +// Magic Modules doesn't let us remove files - blank out beta-only common-compile files for now. diff --git a/website/docs/r/compute_router_nat.html.markdown b/website/docs/r/compute_router_nat.html.markdown new file mode 100644 index 00000000..680c1482 --- /dev/null +++ b/website/docs/r/compute_router_nat.html.markdown @@ -0,0 +1,166 @@ +--- +layout: "google" +page_title: "Google: google_compute_router_nat" +sidebar_current: "docs-google-compute-router-nat" +description: |- + Manages a Cloud NAT. +--- + +# google\_compute\_router\_nat + +Manages a Cloud NAT. For more information see +[the official documentation](https://cloud.google.com/nat/docs/overview) +and +[API](https://cloud.google.com/compute/docs/reference/rest/beta/routers). + +## Example Usage + +A simple NAT configuration: enable NAT for all Subnetworks associated with +the Network associated with the given Router. + +```hcl +resource "google_compute_network" "network" { + name = "my-network" +} + +resource "google_compute_subnetwork" "subnetwork" { + name = "my-subnet" + network = "${google_compute_network.network.self_link}" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" +} + +resource "google_compute_router" "router" { + name = "router" + region = "${google_compute_subnetwork.foobar.region}" + network = "${google_compute_network.foobar.self_link}" + bgp { + asn = 64514 + } +} + +resource "google_compute_router_nat" "simple-nat" { + name = "nat-1" + router = "${google_compute_router.router.name}" + region = "us-central1" + nat_ip_allocate_option = "AUTO_ONLY" + source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" +} +``` + +A production-like configuration: enable NAT for one Subnetwork and use a list of +static external IP address. + +```hcl +resource "google_compute_network" "network" { + name = "my-network" +} + +resource "google_compute_subnetwork" "subnetwork" { + name = "my-subnet" + network = "${google_compute_network.network.self_link}" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" +} + +resource "google_compute_router" "router" { + name = "router" + region = "${google_compute_subnetwork.foobar.region}" + network = "${google_compute_network.foobar.self_link}" + bgp { + asn = 64514 + } +} + +resource "google_compute_address" "address" { + count = 2 + name = "nat-external-address-${var.count}" + region = "us-central1" +} + +resource "google_compute_router_nat" "advanced-nat" { + name = "nat-1" + router = "${google_compute_router.router.name}" + region = "us-central1" + nat_ip_allocate_option = "MANUAL_ONLY" + nat_ips = ["${google_compute_address.*.address.self_link}"] + source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" + subnetwork { + name = "${google_compute_subnetwork.subnetwork.self_link}" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) A unique name for Cloud NAT, required by GCE. Changing + this forces a new NAT to be created. + +* `router` - (Required) The name of the router in which this NAT will be configured. + Changing this forces a new NAT to be created. + +* `nat_ip_allocate_option` - (Required) How external IPs should be allocated for + this NAT. Valid values are `AUTO_ONLY` or `MANUAL_ONLY`. Changing this forces + a new NAT to be created. + +* `source_subnetwork_ip_ranges_to_nat` - (Required) How NAT should be configured + per Subnetwork. Valid values include: `ALL_SUBNETWORKS_ALL_IP_RANGES`, + `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`. Changing + this forces a new NAT to be created. + +- - - + +* `nat_ips` - (Optional) List of `self_link`s of external IPs. Only valid if + `nat_ip_allocate_option` is set to `MANUAL_ONLY`. Changing this forces a + new NAT to be created. + +* `subnetwork` - (Optional) One or more subnetwork NAT configurations. Only used + if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS`. See + the section below for details on configuration. + +* `min_ports_per_vm` - (Optional) Minimum number of ports allocated to a VM + from this NAT config. If not set, a default number of ports is allocated to a VM. + Changing this forces a new NAT to be created. + +* `udp_idle_timeout_sec` - (Optional) Timeout (in seconds) for UDP connections. + Defaults to 30s if not set. Changing this forces a new NAT to be created. + +* `icmp_idle_timeout_sec` - (Optional) Timeout (in seconds) for ICMP connections. + Defaults to 30s if not set. Changing this forces a new NAT to be created. + +* `tcp_established_idle_timeout_sec` - (Optional) Timeout (in seconds) for TCP + established connections. Defaults to 1200s if not set. Changing this forces + a new NAT to be created. + +* `tcp_transitory_idle_timeout_sec` - (Optional) Timeout (in seconds) for TCP + transitory connections. Defaults to 30s if not set. Changing this forces a + new NAT to be created. + +* `project` - (Optional) The ID of the project in which this NAT's router belongs. If it + is not provided, the provider project is used. Changing this forces a new NAT to be created. + +* `region` - (Optional) The region this NAT's router sits in. If not specified, + the project region will be used. Changing this forces a new NAT to be + created. + +The `subnetwork` block supports: + +* `name` - (Required) The `self_link` of the subnetwork to NAT. + +* `source_ip_ranges_to_nat` - (Optional) List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: `ALL_IP_RANGES`, + `LIST_OF_SECONDARY_IP_RANGES`, `PRIMARY_IP_RANGE` + +* `secondary_ip_range_names` - (Optional) List of the secondary ranges of the subnetwork + that are allowed to use NAT. This can be populated only if + `LIST_OF_SECONDARY_IP_RANGES` is one of the values in `source_ip_ranges_to_nat`. + +## Import + +Router NATs can be imported using the `region`, `router`, and `name`, e.g. + +``` +$ terraform import google_compute_router_nat.my-nat us-central1/router-1/nat-1 +``` diff --git a/website/google.erb b/website/google.erb index 9b62fda8..e7559bad 100644 --- a/website/google.erb +++ b/website/google.erb @@ -419,6 +419,10 @@ google_compute_router_interface + > + google_compute_router_nat + + > google_compute_router_peer