Move GCP proxy code to the old [] proxy's location

1. Moved code for the GCP proxy to where the [] proxy code used to live. 3. Corrected reference to the GCP proxy location. 4. Misc changes to make ErrorProne and various tools happy. +diekmann to LGTM terraform whitelist change. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=213630560
2025-05-15 00:47:11 +02:00 · 2018-09-19 08:20:21 -07:00 · 2018-09-19 08:20:21 -07:00 · 3fc7271145
commit 3fc7271145
parent 961e5cc7c7
102 changed files with 296 additions and 11 deletions
--- a/java/google/registry/proxy/terraform/modules/networking/dns.tf
+++ b/java/google/registry/proxy/terraform/modules/networking/dns.tf
@ -0,0 +1,31 @@
+resource "google_dns_record_set" "proxy_epp_a_record" {
+  name         = "epp${var.suffix}.${var.proxy_domain_name}"
+  type         = "A"
+  ttl          = 300
+  managed_zone = "${var.proxy_domain}"
+  rrdatas      = ["${google_compute_global_address.proxy_ipv4_address.address}"]
+}
+
+resource "google_dns_record_set" "proxy_epp_aaaa_record" {
+  name         = "epp${var.suffix}.${var.proxy_domain_name}"
+  type         = "AAAA"
+  ttl          = 300
+  managed_zone = "${var.proxy_domain}"
+  rrdatas      = ["${google_compute_global_address.proxy_ipv6_address.address}"]
+}
+
+resource "google_dns_record_set" "proxy_whois_a_record" {
+  name         = "whois${var.suffix}.${var.proxy_domain_name}"
+  type         = "A"
+  ttl          = 300
+  managed_zone = "${var.proxy_domain}"
+  rrdatas      = ["${google_compute_global_address.proxy_ipv4_address.address}"]
+}
+
+resource "google_dns_record_set" "proxy_whois_aaaa_record" {
+  name         = "whois${var.suffix}.${var.proxy_domain_name}"
+  type         = "AAAA"
+  ttl          = 300
+  managed_zone = "${var.proxy_domain}"
+  rrdatas      = ["${google_compute_global_address.proxy_ipv6_address.address}"]
+}
--- a/java/google/registry/proxy/terraform/modules/networking/input.tf
+++ b/java/google/registry/proxy/terraform/modules/networking/input.tf
@ -0,0 +1,20 @@
+# Instance groups that the load balancer forwards traffic to.
+variable "proxy_instance_groups" {
+  type = "map"
+}
+
+# Suffix (such as "-canary") added to the resource names.
+variable "suffix" {
+  default = ""
+}
+
+# Node ports exposed by the proxy.
+variable "proxy_ports" {
+  type = "map"
+}
+
+# DNS zone for the proxy domain.
+variable "proxy_domain" {}
+
+# domain name of the zone.
+variable "proxy_domain_name" {}
--- a/java/google/registry/proxy/terraform/modules/networking/loadbalancer.tf
+++ b/java/google/registry/proxy/terraform/modules/networking/loadbalancer.tf
@ -0,0 +1,230 @@
+resource "google_compute_global_address" "proxy_ipv4_address" {
+  name       = "proxy-ipv4-address${var.suffix}"
+  ip_version = "IPV4"
+}
+
+resource "google_compute_global_address" "proxy_ipv6_address" {
+  name       = "proxy-ipv6-address${var.suffix}"
+  ip_version = "IPV6"
+}
+
+resource "google_compute_firewall" "proxy_firewall" {
+  name    = "proxy-firewall${var.suffix}"
+  network = "default"
+
+  allow {
+    protocol = "tcp"
+
+    ports = [
+      "${var.proxy_ports["epp"]}",
+      "${var.proxy_ports["whois"]}",
+      "${var.proxy_ports["health_check"]}",
+      "${var.proxy_ports["http-whois"]}",
+      "${var.proxy_ports["https-whois"]}",
+    ]
+  }
+
+  source_ranges = [
+    "130.211.0.0/22",
+    "35.191.0.0/16",
+  ]
+
+  target_tags = [
+    "proxy-cluster",
+  ]
+}
+
+resource "google_compute_health_check" "proxy_health_check" {
+  name = "proxy-health-check${var.suffix}"
+
+  tcp_health_check {
+    port     = "${var.proxy_ports["health_check"]}"
+    request  = "HEALTH_CHECK_REQUEST"
+    response = "HEALTH_CHECK_RESPONSE"
+  }
+}
+
+resource "google_compute_health_check" "proxy_http_health_check" {
+  name = "proxy-http-health-check${var.suffix}"
+
+  http_health_check {
+    host         = "health-check.invalid"
+    port         = "${var.proxy_ports["http-whois"]}"
+    request_path = "/"
+  }
+}
+
+resource "google_compute_url_map" "proxy_url_map" {
+  name            = "proxy-url-map${var.suffix}"
+  default_service = "${google_compute_backend_service.http_whois_backend_service.self_link}"
+}
+
+resource "google_compute_backend_service" "epp_backend_service" {
+  name        = "epp-backend-service${var.suffix}"
+  protocol    = "TCP"
+  timeout_sec = 3600
+  port_name   = "epp${var.suffix}"
+
+  backend {
+    group = "${var.proxy_instance_groups["americas"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["emea"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["apac"]}"
+  }
+
+  health_checks = [
+    "${google_compute_health_check.proxy_health_check.self_link}",
+  ]
+}
+
+resource "google_compute_backend_service" "whois_backend_service" {
+  name        = "whois-backend-service${var.suffix}"
+  protocol    = "TCP"
+  timeout_sec = 60
+  port_name   = "whois${var.suffix}"
+
+  backend {
+    group = "${var.proxy_instance_groups["americas"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["emea"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["apac"]}"
+  }
+
+  health_checks = [
+    "${google_compute_health_check.proxy_health_check.self_link}",
+  ]
+}
+
+resource "google_compute_backend_service" "https_whois_backend_service" {
+  name        = "https-whois-backend-service${var.suffix}"
+  protocol    = "TCP"
+  timeout_sec = 60
+  port_name   = "https-whois${var.suffix}"
+
+  backend {
+    group = "${var.proxy_instance_groups["americas"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["emea"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["apac"]}"
+  }
+
+  health_checks = [
+    "${google_compute_health_check.proxy_health_check.self_link}",
+  ]
+}
+
+resource "google_compute_backend_service" "http_whois_backend_service" {
+  name        = "http-whois-backend-service${var.suffix}"
+  protocol    = "HTTP"
+  timeout_sec = 60
+  port_name   = "http-whois${var.suffix}"
+
+  backend {
+    group = "${var.proxy_instance_groups["americas"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["emea"]}"
+  }
+
+  backend {
+    group = "${var.proxy_instance_groups["apac"]}"
+  }
+
+  health_checks = [
+    "${google_compute_health_check.proxy_http_health_check.self_link}",
+  ]
+}
+
+resource "google_compute_target_tcp_proxy" "epp_tcp_proxy" {
+  name            = "epp-tcp-proxy${var.suffix}"
+  proxy_header    = "PROXY_V1"
+  backend_service = "${google_compute_backend_service.epp_backend_service.self_link}"
+}
+
+resource "google_compute_target_tcp_proxy" "whois_tcp_proxy" {
+  name            = "whois-tcp-proxy${var.suffix}"
+  proxy_header    = "PROXY_V1"
+  backend_service = "${google_compute_backend_service.whois_backend_service.self_link}"
+}
+
+resource "google_compute_target_tcp_proxy" "https_whois_tcp_proxy" {
+  name            = "https-whois-tcp-proxy${var.suffix}"
+  backend_service = "${google_compute_backend_service.https_whois_backend_service.self_link}"
+}
+
+resource "google_compute_target_http_proxy" "http_whois_http_proxy" {
+  name    = "http-whois-tcp-proxy${var.suffix}"
+  url_map = "${google_compute_url_map.proxy_url_map.self_link}"
+}
+
+resource "google_compute_global_forwarding_rule" "epp_ipv4_forwarding_rule" {
+  name       = "epp-ipv4-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
+  target     = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}"
+  port_range = "700"
+}
+
+resource "google_compute_global_forwarding_rule" "epp_ipv6_forwarding_rule" {
+  name       = "epp-ipv6-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
+  target     = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}"
+  port_range = "700"
+}
+
+resource "google_compute_global_forwarding_rule" "whois_ipv4_forwarding_rule" {
+  name       = "whois-ipv4-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
+  target     = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}"
+  port_range = "43"
+}
+
+resource "google_compute_global_forwarding_rule" "whois_ipv6_forwarding_rule" {
+  name       = "whois-ipv6-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
+  target     = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}"
+  port_range = "43"
+}
+
+resource "google_compute_global_forwarding_rule" "https_whois_ipv4_forwarding_rule" {
+  name       = "https-whois-ipv4-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
+  target     = "${google_compute_target_tcp_proxy.https_whois_tcp_proxy.self_link}"
+  port_range = "443"
+}
+
+resource "google_compute_global_forwarding_rule" "https_whois_ipv6_forwarding_rule" {
+  name       = "https-whois-ipv6-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
+  target     = "${google_compute_target_tcp_proxy.https_whois_tcp_proxy.self_link}"
+  port_range = "443"
+}
+
+resource "google_compute_global_forwarding_rule" "http_whois_ipv4_forwarding_rule" {
+  name       = "http-whois-ipv4-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
+  target     = "${google_compute_target_http_proxy.http_whois_http_proxy.self_link}"
+  port_range = "80"
+}
+
+resource "google_compute_global_forwarding_rule" "http_whois_ipv6_forwarding_rule" {
+  name       = "http-whois-ipv6-forwarding-rule${var.suffix}"
+  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
+  target     = "${google_compute_target_http_proxy.http_whois_http_proxy.self_link}"
+  port_range = "80"
+}
--- a/java/google/registry/proxy/terraform/modules/networking/output.tf
+++ b/java/google/registry/proxy/terraform/modules/networking/output.tf
@ -0,0 +1,7 @@
+output "proxy_ipv4_address" {
+  value = "${google_compute_global_address.proxy_ipv4_address.address}"
+}
+
+output "proxy_ipv6_address" {
+  value = "${google_compute_global_address.proxy_ipv6_address.address}"
+}