Add gcp module private-service (#31)

* Add module private-service

* Add README and examples

examples/gcp/private-service/main.tf

@@ -0,0 +1,38 @@
+locals {
+  region     = "us-east1"
+  project_id = "<your-project-name>"
+}
+
+provider "google" {
+  region  = local.region
+  project = local.project_id
+}
+
+
+# Expose Private Pulsar Service to all regions in network default
+module "gcp-private-service-core" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/private-service?ref=v3.3.1"
+
+  region              = local.region
+  network_name        = "default"
+  subnet_name         = "default"
+  domain_name         = "gcp-use1-prod-snc.o-xxxx.g.snio.cloud"
+  service_attachment  = "projects/<pulsar-project-name>/regions/us-east1/serviceAttachments/pulsar-private-service"
+  cross_region_access = true
+  suffix              = "core"
+}
+
+
+# Expose Private Pulsar Service to region us-east1 in network svc2
+module "gcp-private-service-svc2" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/private-service?ref=v3.3.1"
+
+  region             = local.region
+  network_name       = "svc2"
+  subnet_name        = "svc2"
+  domain_name         = "gcp-use1-prod-snc.o-xxxx.g.snio.cloud"
+  service_attachment = "projects/<pulsar-project-name>/regions/us-east1/serviceAttachments/pulsar-private-service"
+  cross_region_access = false
+  suffix             = "svc2"
+}
+

modules/gcp/private-service/README.md

@@ -0,0 +1,41 @@
+# StreamNative Cloud - Managed GCP Private Service
+
+This Terraform modules configures your GCP network to access private StreamNative BYOC pulsar service.
+
+## QuickStart
+Run the following terraform file with GCP Configuration:
+
+```hcl
+locals {
+  region     = "us-east1"
+  project_id = "<your-project-name>"
+}
+
+provider "google" {
+  region  = local.region
+  project = local.project_id
+}
+
+
+# Expose Private Pulsar Service to all regions in network default
+module "gcp-private-service-core" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/private-service?ref=v3.3.1"
+
+  region              = local.region
+  network_name        = "default"
+  subnet_name         = "default"
+  domain_name         = "gcp-use1-prod-snc.o-xxxx.g.snio.cloud"
+  service_attachment  = "projects/<pulsar-project-name>/regions/us-east1/serviceAttachments/pulsar-private-service"
+  cross_region_access = true
+  suffix              = "core"
+}
+```
+1. terraform init
+1. terraform plan
+1. terraform apply
+
+
+
+## Examples
+
+More examples of the modules can be found in the `examples/gcp/private-service` directory.

modules/gcp/private-service/common.tf

@@ -0,0 +1,34 @@
+variable "region" {
+  type = string
+  description = "The GCP region where the private service connection will be configured."
+}
+
+variable "network_name" {
+  type = string
+  description = "The GCP network where the private service connection will be available."
+}
+
+variable "subnet_name" {
+  type = string
+  description = "The GCP subnet where the endpoint IP of private service connection will be allocated."
+}
+
+variable "domain_name" {
+  type = string
+  description = "The base domain of private pulsar service."
+}
+
+variable "service_attachment" {
+  type = string
+  description = "The id of pulsar private service attachment."
+}
+
+variable "cross_region_access" {
+  type = bool
+  default = false
+  description = "Allow access cross regions in the network."
+}
+
+variable "suffix" {
+  description = "The suffix that will be part of the name of resources."
+}

modules/gcp/private-service/main.tf

@@ -0,0 +1,51 @@
+locals {
+  dns_name = "${var.domain_name}."
+}
+
+
+data "google_compute_network" "network" {
+  name = var.network_name
+}
+
+data "google_compute_subnetwork" "subnet" {
+  name   = var.subnet_name
+  region = var.region
+}
+
+resource "google_compute_address" "psc_endpoint_address" {
+  name         = "pulsar-psc-${var.suffix}"
+  region       = var.region
+  subnetwork   = data.google_compute_subnetwork.subnet.id
+  address_type = "INTERNAL"
+}
+
+
+resource "google_dns_managed_zone" "psc_endpoint_zone" {
+  name       = "pulsar-psc-${var.suffix}"
+  dns_name   = local.dns_name
+  visibility = "private"
+  private_visibility_config {
+    networks {
+      network_url = data.google_compute_network.network.id
+    }
+  }
+}
+
+resource "google_dns_record_set" "wildcard_endpoint" {
+  managed_zone = google_dns_managed_zone.psc_endpoint_zone.name
+  name         = "*.${local.dns_name}"
+  type         = "A"
+  ttl          = 300
+  rrdatas      = [google_compute_address.psc_endpoint_address.address]
+}
+
+
+resource "google_compute_forwarding_rule" "psc_endpoint" {
+  name                    = "pulsar-psc-${var.suffix}"
+  region                  = var.region
+  load_balancing_scheme   = ""
+  allow_psc_global_access = var.cross_region_access
+  target                  = var.service_attachment
+  network                 = data.google_compute_network.network.id
+  ip_address              = google_compute_address.psc_endpoint_address.id
+}