cloud-foundation-fabric/blueprints/serverless/cloud-run-corporate/variables.tf

/**
 * Copyright 2023 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

variable "access_policy" {
  description = "VPC SC access policy, if it exists."
  type        = string
  default     = null
}

variable "access_policy_create" {
  description = "Parameters for the creation of a VPC SC access policy."
  type = object({
    parent = string
    title  = string
  })
  default = null
}

variable "image" {
  description = "Container image to deploy."
  type        = string
  default     = "us-docker.pkg.dev/google-samples/containers/gke/whereami:v1.2.19"
}

variable "ingress_settings" {
  description = "Ingress traffic sources allowed to call the service."
  type        = string
  default     = "internal"
}

variable "ip_ranges" {
  description = "IPs or IP ranges used by VPCs"
  type        = map(map(string))
  default = {
    main = {
      subnet   = "10.0.1.0/24"
      psc_addr = "10.0.0.100"
    }
    onprem = {
      subnet = "172.16.1.0/24"
    }
    prj1 = {
      subnet   = "10.0.2.0/24"
      psc_addr = "10.0.0.200"
    }
  }
}

variable "prj_main_create" {
  description = "Parameters for the creation of the main project."
  type = object({
    billing_account_id = string
    parent             = string
  })
  default = null
}

variable "prj_main_id" {
  description = "Main Project ID."
  type        = string
}

variable "prj_onprem_create" {
  description = "Parameters for the creation of an 'onprem' project."
  type = object({
    billing_account_id = string
    parent             = string
  })
  default = null
}

variable "prj_onprem_id" {
  description = "Onprem Project ID."
  type        = string
  default     = null
}

variable "prj_prj1_create" {
  description = "Parameters for the creation of project 1."
  type = object({
    billing_account_id = string
    parent             = string
  })
  default = null
}

variable "prj_prj1_id" {
  description = "Project 1 ID."
  type        = string
  default     = null
}

variable "region" {
  description = "Cloud region where resource will be deployed."
  type        = string
  default     = "europe-west1"
}

variable "run_svc_name" {
  description = "Cloud Run service name."
  type        = string
  default     = "hello"
}

variable "tf_identity" {
  description = "Terraform identity to include in VPC SC perimeter."
  type        = string
  default     = null
}
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`/**`
			`* Copyright 2023 Google LLC`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Access from another project, with VPC SC 2023-02-17 10:58:08 -08:00			`variable "access_policy" {`
			`description = "VPC SC access policy, if it exists."`
			`type = string`
			`default = null`
			`}`

			`variable "access_policy_create" {`
			`description = "Parameters for the creation of a VPC SC access policy."`
			`type = object({`
			`parent = string`
			`title = string`
			`})`
			`default = null`
			`}`

Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`variable "image" {`
			`description = "Container image to deploy."`
			`type = string`
Use a more curl friendly image 2023-02-14 03:57:43 -08:00			`default = "us-docker.pkg.dev/google-samples/containers/gke/whereami:v1.2.19"`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`}`

			`variable "ingress_settings" {`
			`description = "Ingress traffic sources allowed to call the service."`
			`type = string`
Access from another project, with VPC SC 2023-02-17 10:58:08 -08:00			`default = "internal"`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`}`

Access CR from "onprem" environment 2023-02-15 04:37:16 -08:00			`variable "ip_ranges" {`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`description = "IPs or IP ranges used by VPCs"`
Access CR from "onprem" environment 2023-02-15 04:37:16 -08:00			`type = map(map(string))`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`default = {`
Change naming from 'host' project to 'main' to avoid confusion 2023-02-17 04:15:58 -08:00			`main = {`
Access CR from "onprem" environment 2023-02-15 04:37:16 -08:00			`subnet = "10.0.1.0/24"`
			`psc_addr = "10.0.0.100"`
			`}`
			`onprem = {`
			`subnet = "172.16.1.0/24"`
			`}`
Add another GCP project to access CR from 2023-02-17 07:55:11 -08:00			`prj1 = {`
			`subnet = "10.0.2.0/24"`
			`psc_addr = "10.0.0.200"`
			`}`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`}`
			`}`

Change naming from 'host' project to 'main' to avoid confusion 2023-02-17 04:15:58 -08:00			`variable "prj_main_create" {`
			`description = "Parameters for the creation of the main project."`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`type = object({`
			`billing_account_id = string`
			`parent = string`
			`})`
			`default = null`
			`}`

Change naming from 'host' project to 'main' to avoid confusion 2023-02-17 04:15:58 -08:00			`variable "prj_main_id" {`
			`description = "Main Project ID."`
Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`type = string`
			`}`

Access CR from "onprem" environment 2023-02-15 04:37:16 -08:00			`variable "prj_onprem_create" {`
			`description = "Parameters for the creation of an 'onprem' project."`
			`type = object({`
			`billing_account_id = string`
			`parent = string`
			`})`
			`default = null`
			`}`

			`variable "prj_onprem_id" {`
Change naming from 'host' project to 'main' to avoid confusion 2023-02-17 04:15:58 -08:00			`description = "Onprem Project ID."`
Access CR from "onprem" environment 2023-02-15 04:37:16 -08:00			`type = string`
			`default = null`
			`}`

Add another GCP project to access CR from 2023-02-17 07:55:11 -08:00			`variable "prj_prj1_create" {`
			`description = "Parameters for the creation of project 1."`
			`type = object({`
			`billing_account_id = string`
			`parent = string`
			`})`
			`default = null`
			`}`

			`variable "prj_prj1_id" {`
			`description = "Project 1 ID."`
			`type = string`
			`default = null`
			`}`

Accessing Cloud Run privately, first use case 2023-02-13 12:54:03 -08:00			`variable "region" {`
			`description = "Cloud region where resource will be deployed."`
			`type = string`
			`default = "europe-west1"`
			`}`

			`variable "run_svc_name" {`
			`description = "Cloud Run service name."`
			`type = string`
			`default = "hello"`
			`}`
Add terraform identity to VPC SC If the identity that runs terraform is not included when creating a VPC SC perimeter, it loses control afterwards. 2023-02-20 07:54:34 -08:00
			`variable "tf_identity" {`
			`description = "Terraform identity to include in VPC SC perimeter."`
			`type = string`
			`default = null`
			`}`