FAST MT: Readme updates and more prefix validation (#2305)
This change documents the process of deploying FAST on a tenant-factory bootstrapped tenant. It also fixes changes the validation logic for prefix as follows: - 0-bootstrap: 9 chars or less - 1-resman/1-tenant-factory: 9 chars or less if ran at org-level, else 11 - else 11 It also uniforms across all stages the variables.tf and variables-fast.tf breakdown.
This commit is contained in:
parent
5068cd9170
commit
11050c46cf
|
@ -53,26 +53,10 @@ case $STAGE_NAME in
|
|||
PROVIDER="providers/0-bootstrap-providers.tf"
|
||||
TFVARS=""
|
||||
;;
|
||||
"0-bootstrap-tenant")
|
||||
MESSAGE="remember to set the prefix in the provider file"
|
||||
PROVIDER_CMD=$CP_CMD
|
||||
PROVIDER="providers/0-bootstrap-tenant-providers.tf"
|
||||
TFVARS="tfvars/0-bootstrap.auto.tfvars.json
|
||||
tfvars/1-resman.auto.tfvars.json"
|
||||
;;
|
||||
"1-resman" | "1-tenant-factory")
|
||||
PROVIDER="providers/${STAGE_NAME}-providers.tf"
|
||||
TFVARS="tfvars/0-bootstrap.auto.tfvars.json"
|
||||
;;
|
||||
"1-resman-tenant")
|
||||
if [[ -z "$TENANT" ]]; then
|
||||
echo "Please set a \$TENANT variable with the tenant shortname"
|
||||
exit 1
|
||||
fi
|
||||
unset GLOBALS
|
||||
PROVIDER="tenants/$TENANT/providers/1-resman-tenant-providers.tf"
|
||||
TFVARS="tenants/$TENANT/tfvars/0-bootstrap-tenant.auto.tfvars.json"
|
||||
;;
|
||||
"2-networking"*)
|
||||
if [[ -z "$TENANT" ]]; then
|
||||
echo "# if this is a tenant stage, set a \$TENANT variable with the tenant shortname and run the command again"
|
||||
|
|
|
@ -151,12 +151,15 @@ We are intentionally not supporting random prefix/suffixes for names, as that is
|
|||
What is implemented here is a fairly common convention, composed of tokens ordered by relative importance:
|
||||
|
||||
- an organization-level static prefix less or equal to 9 characters (e.g. `myco` or `myco-gcp`)
|
||||
- an optional tenant-level prefix, if using multitenant stages
|
||||
- an optional tenant-level prefix, if using tenant factory
|
||||
- an environment identifier (e.g. `prod`)
|
||||
- a team/owner identifier (e.g. `sec` for Security)
|
||||
- a context identifier (e.g. `core` or `kms`)
|
||||
- an arbitrary identifier used to distinguish similar resources (e.g. `0`, `1`)
|
||||
|
||||
> [!WARNING]
|
||||
> When using tenant factory, a tenant prefix will be automatically generated as `{prefix}-{tenant-shortname}`. The maximum length of such prefix must be 11 characters or less, which means that the longer org-level prefix you use, the less chars you'll have available for the `tenant-shortname`.
|
||||
|
||||
Tokens are joined by a `-` character, making it easy to separate the individual tokens visually, and to programmatically split them in billing exports to derive initial high-level groupings for cost attribution.
|
||||
|
||||
The convention is used in its full form only for specific resources with globally unique names (projects, GCS buckets). Other resources adopt a shorter version for legibility, as the full context can always be derived from their project.
|
||||
|
|
|
@ -267,7 +267,7 @@ A full reference of IAM roles managed by this stage [is available here](./IAM.md
|
|||
| [billing_account](variables-fast.tf#L42) | Billing account id. If billing account is not part of the same org set `is_org_level` to `false`. To disable handling of billing IAM roles set `no_iam` to `true`. | <code title="object({ id = string is_org_level = optional(bool, true) no_iam = optional(bool, false) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [logging](variables-fast.tf#L93) | Logging configuration for tenants. | <code title="object({ project_id = string log_sinks = optional(map(object({ filter = string type = string })), {}) })">object({…})</code> | ✓ | | <code>1-tenant-factory</code> |
|
||||
| [organization](variables-fast.tf#L106) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables.tf#L158) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L124) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [cicd_repositories](variables.tf#L20) | CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ data_platform_dev = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) data_platform_prod = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) gke_dev = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) gke_prod = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) gcve_dev = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) gcve_prod = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) networking = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) project_factory_dev = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) project_factory_prod = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) security = optional(object({ name = string type = string branch = optional(string) identity_provider = optional(string) })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_roles](variables-fast.tf#L53) | Custom roles defined at the org level, in key => id format. | <code title="object({ gcve_network_admin = string organization_admin_viewer = string service_project_network_admin = string storage_viewer = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [factories_config](variables.tf#L114) | Configuration for the resource factories or external data. | <code title="object({ checklist_data = optional(string) org_policies = optional(string, "data/org-policies") top_level_folders = optional(string) })">object({…})</code> | | <code>{}</code> | |
|
||||
|
@ -276,10 +276,10 @@ A full reference of IAM roles managed by this stage [is available here](./IAM.md
|
|||
| [groups](variables-fast.tf#L65) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | <code title="object({ gcp-billing-admins = optional(string, "gcp-billing-admins") gcp-devops = optional(string, "gcp-devops") gcp-network-admins = optional(string, "gcp-vpc-network-admins") gcp-organization-admins = optional(string, "gcp-organization-admins") gcp-security-admins = optional(string, "gcp-security-admins") })">object({…})</code> | | <code>{}</code> | <code>0-bootstrap</code> |
|
||||
| [locations](variables-fast.tf#L80) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ bq = optional(string, "EU") gcs = optional(string, "EU") logging = optional(string, "global") pubsub = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | <code>0-bootstrap</code> |
|
||||
| [outputs_location](variables.tf#L152) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [root_node](variables-fast.tf#L117) | Root node for the hierarchy, if running in tenant mode. | <code>string</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [tag_names](variables.tf#L169) | Customized names for resource management tags. | <code title="object({ context = optional(string, "context") environment = optional(string, "environment") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [tags](variables.tf#L183) | Custom secure tags by key name. The `iam` attribute behaves like the similarly named one at module level. | <code title="map(object({ description = optional(string, "Managed by the Terraform organization module.") iam = optional(map(list(string)), {}) values = optional(map(object({ description = optional(string, "Managed by the Terraform organization module.") iam = optional(map(list(string)), {}) id = optional(string) })), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [top_level_folders](variables.tf#L204) | Additional top-level folders. Keys are used for service account and bucket names, values implement the folders module interface with the addition of the 'automation' attribute. | <code title="map(object({ name = string automation = optional(object({ enable = optional(bool, true) sa_impersonation_principals = optional(list(string), []) }), {}) contacts = optional(map(any), {}) firewall_policy = optional(map(any)) logging_data_access = optional(map(any), {}) logging_exclusions = optional(map(any), {}) logging_sinks = optional(map(any), {}) iam = optional(map(any), {}) iam_bindings = optional(map(any), {}) iam_bindings_additive = optional(map(any), {}) iam_by_principals = optional(map(any), {}) org_policies = optional(map(any), {}) tag_bindings = optional(map(any), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [root_node](variables-fast.tf#L130) | Root node for the hierarchy, if running in tenant mode. | <code>string</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [tag_names](variables.tf#L158) | Customized names for resource management tags. | <code title="object({ context = optional(string, "context") environment = optional(string, "environment") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [tags](variables.tf#L172) | Custom secure tags by key name. The `iam` attribute behaves like the similarly named one at module level. | <code title="map(object({ description = optional(string, "Managed by the Terraform organization module.") iam = optional(map(list(string)), {}) values = optional(map(object({ description = optional(string, "Managed by the Terraform organization module.") iam = optional(map(list(string)), {}) id = optional(string) })), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [top_level_folders](variables.tf#L193) | Additional top-level folders. Keys are used for service account and bucket names, values implement the folders module interface with the addition of the 'automation' attribute. | <code title="map(object({ name = string automation = optional(object({ enable = optional(bool, true) sa_impersonation_principals = optional(list(string), []) }), {}) contacts = optional(map(any), {}) firewall_policy = optional(map(any)) logging_data_access = optional(map(any), {}) logging_exclusions = optional(map(any), {}) logging_sinks = optional(map(any), {}) iam = optional(map(any), {}) iam_bindings = optional(map(any), {}) iam_bindings_additive = optional(map(any), {}) iam_by_principals = optional(map(any), {}) org_policies = optional(map(any), {}) tag_bindings = optional(map(any), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -114,6 +114,19 @@ variable "organization" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
check "prefix_validator" {
|
||||
assert {
|
||||
condition = (try(length(var.prefix), 0) < 10) || (try(length(var.prefix), 0) < 12 && var.root_node != null)
|
||||
error_message = "var.prefix must be 9 characters or shorter for organizations, and 11 chars or shorter for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Root node for the hierarchy, if running in tenant mode."
|
||||
|
|
|
@ -155,17 +155,6 @@ variable "outputs_location" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
# real maximum length is 11 but we need to keep at least 2 for tenants
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "tag_names" {
|
||||
description = "Customized names for resource management tags."
|
||||
type = object({
|
||||
|
|
|
@ -16,6 +16,7 @@ Typical use cases include large organizations managing a single Cloud subscripti
|
|||
- [Tenant configuration](#tenant-configuration)
|
||||
- [Configurations for both simple and FAST tenants](#configurations-for-both-simple-and-fast-tenants)
|
||||
- [Configurations for FAST tenants](#configurations-for-fast-tenants)
|
||||
- [Deploying FAST stages](#deploying-fast-stages)
|
||||
- [Files](#files)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
|
@ -252,6 +253,34 @@ tenant_configs = {
|
|||
}
|
||||
```
|
||||
|
||||
#### Deploying FAST stages
|
||||
|
||||
Mirroring the regular FAST behavior, the provider and variable files for a bootstrapped tenant will be generated on a tenant-specific storage bucket named `{prefix}-{tenant-shortname}-prod-iac-core-outputs-0` in (also tenant-specific) project `{prefix}-{tenant-shortname}-prod-iac-core-0`.
|
||||
|
||||
Since the tenant is already bootstrapped, a FAST deployment for tenants start from stage `1-resman`, which can be configured as usual, leveraging `stage-links.sh`, which should point to either the tenant-specific `var.outputs_location`, or to the tenant-specific GCS bucket.
|
||||
|
||||
For example:
|
||||
|
||||
```bash
|
||||
/path/to/stage-links.sh ~/fast-config/tenants/tenant-a
|
||||
|
||||
# copy and paste the following commands for 'tenant-a/1-resman'
|
||||
|
||||
ln -s ~/fast-config/tenants/tenant-a/providers/1-tenant-factory-providers.tf ./
|
||||
ln -s ~/fast-config/tenants/tenant-a/tfvars/0-globals.auto.tfvars.json ./
|
||||
ln -s ~/fast-config/tenants/tenant-a/tfvars/0-bootstrap.auto.tfvars.json ./
|
||||
```
|
||||
|
||||
```bash
|
||||
../../stage-links.sh gs://{prefix}-{tenant-shortname}-prod-iac-core-0
|
||||
|
||||
# copy and paste the following commands for 'tenant-a/1-resman'
|
||||
|
||||
gcloud alpha storage cp gs://{prefix}-{tenant-shortname}-prod-iac-core-0/providers/1-tenant-factory-providers.tf ./
|
||||
gcloud alpha storage cp gs://{prefix}-{tenant-shortname}-prod-iac-core-0/tfvars/0-globals.auto.tfvars.json ./
|
||||
gcloud alpha storage cp gs://{prefix}-{tenant-shortname}-prod-iac-core-0/tfvars/0-bootstrap.auto.tfvars.json ./
|
||||
```
|
||||
|
||||
<!-- TFDOC OPTS files:1 show_extra:1 -->
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Files
|
||||
|
@ -283,7 +312,7 @@ tenant_configs = {
|
|||
| [logging](variables-fast.tf#L94) | Logging resources created by the bootstrap stage. | <code title="object({ project_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [org_policy_tags](variables-fast.tf#L113) | Organization policy tags. | <code title="object({ key_id = string key_name = string values = map(string) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [organization](variables-fast.tf#L103) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L123) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L130) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [custom_roles](variables-fast.tf#L53) | Custom roles defined at the org level, in key => id format. | <code title="object({ gcve_network_admin = string organization_admin_viewer = string service_project_network_admin = string storage_viewer = string tenant_network_admin = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [groups](variables-fast.tf#L66) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | <code title="object({ gcp-billing-admins = optional(string, "gcp-billing-admins") gcp-devops = optional(string, "gcp-devops") gcp-network-admins = optional(string, "gcp-vpc-network-admins") gcp-organization-admins = optional(string, "gcp-organization-admins") gcp-security-admins = optional(string, "gcp-security-admins") })">object({…})</code> | | <code>{}</code> | <code>0-bootstrap</code> |
|
||||
| [locations](variables-fast.tf#L81) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ bq = optional(string, "EU") gcs = optional(string, "EU") logging = optional(string, "global") pubsub = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | <code>0-bootstrap</code> |
|
||||
|
|
|
@ -120,13 +120,15 @@ variable "org_policy_tags" {
|
|||
})
|
||||
}
|
||||
|
||||
check "prefix_validator" {
|
||||
assert {
|
||||
condition = (try(length(var.prefix), 0) < 10) || (try(length(var.prefix), 0) < 12 && var.root_node != null)
|
||||
error_message = "var.prefix must be 9 characters or shorter for organizations, and 11 chars or shorter for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -443,7 +443,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [billing_account](variables-fast.tf#L27) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L59) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables-fast.tf#L69) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L79) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L79) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object({ vpn_tunnel_established = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) user_labels = optional(map(string), {}) })) vpn_tunnel_bandwidth = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) threshold_mbys = optional(string, "187.5") user_labels = optional(map(string), {}) })) })">object({…})</code> | | <code title="{ vpn_tunnel_established = {} vpn_tunnel_bandwidth = {} }">{…}</code> | |
|
||||
| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | <code>bool</code> | | <code>false</code> | |
|
||||
| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
|
@ -455,7 +455,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [outputs_location](variables.tf#L92) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L98) | IP ranges used for Private Service Access (CloudSQL, etc.). | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L118) | Region definitions. | <code title="object({ primary = string secondary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" secondary = "europe-west4" }">{…}</code> | |
|
||||
| [service_accounts](variables-fast.tf#L90) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [service_accounts](variables-fast.tf#L89) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [spoke_configs](variables.tf#L130) | Spoke connectivity configurations. | <code title="object({ peering_configs = optional(object({ dev = optional(object({ export = optional(bool, true) import = optional(bool, true) public_export = optional(bool) public_import = optional(bool) }), {}) prod = optional(object({ export = optional(bool, true) import = optional(bool, true) public_export = optional(bool) public_import = optional(bool) }), {}) })) vpn_configs = optional(object({ dev = optional(object({ asn = optional(number, 65501) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }), {}) landing = optional(object({ asn = optional(number, 65500) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }), {}) prod = optional(object({ asn = optional(number, 65502) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }), {}) })) })">object({…})</code> | | <code title="{ peering_configs = {} }">{…}</code> | |
|
||||
| [vpn_onprem_primary_config](variables.tf#L180) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
|
||||
|
|
|
@ -78,12 +78,11 @@ variable "organization" {
|
|||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -449,6 +449,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [outputs.tf](./outputs.tf) | Module outputs. | | <code>google_storage_bucket_object</code> · <code>local_file</code> |
|
||||
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
|
||||
| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | |
|
||||
| [variables-fast.tf](./variables-fast.tf) | None | | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | | |
|
||||
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | <code>net-vpn-ha</code> | |
|
||||
|
||||
|
@ -456,26 +457,26 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L132) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables.tf#L157) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables.tf#L173) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L57) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables.tf#L107) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L67) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object({ vpn_tunnel_established = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) user_labels = optional(map(string), {}) })) vpn_tunnel_bandwidth = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) threshold_mbys = optional(string, "187.5") user_labels = optional(map(string), {}) })) })">object({…})</code> | | <code title="{ vpn_tunnel_established = {} vpn_tunnel_bandwidth = {} }">{…}</code> | |
|
||||
| [create_test_instances](variables.tf#L63) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | <code>bool</code> | | <code>false</code> | |
|
||||
| [custom_roles](variables.tf#L69) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [dns](variables.tf#L78) | DNS configuration. | <code title="object({ enable_logging = optional(bool, true) resolvers = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [enable_cloud_nat](variables.tf#L88) | Deploy Cloud NAT. | <code>bool</code> | | <code>false</code> | |
|
||||
| [essential_contacts](variables.tf#L95) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L101) | Configuration for network resource factories. | <code title="object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") })">object({…})</code> | | <code title="{ data_dir = "data" }">{…}</code> | |
|
||||
| [fast_features](variables.tf#L122) | Selective control for top-level FAST features. | <code title="object({ gcve = optional(bool, false) })">object({…})</code> | | <code>{}</code> | <code>0-0-bootstrap</code> |
|
||||
| [gcp_ranges](variables.tf#L142) | GCP address ranges in name => range format. | <code>map(string)</code> | | <code title="{ gcp_dev_primary = "10.68.0.0/16" gcp_dev_secondary = "10.84.0.0/16" gcp_landing_landing_primary = "10.64.0.0/17" gcp_landing_landing_secondary = "10.80.0.0/17" gcp_dmz_primary = "10.64.127.0/17" gcp_dmz_secondary = "10.80.127.0/17" gcp_prod_primary = "10.72.0.0/16" gcp_prod_secondary = "10.88.0.0/16" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L167) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L184) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L204) | Region definitions. | <code title="object({ primary = string secondary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" secondary = "europe-west4" }">{…}</code> | |
|
||||
| [service_accounts](variables.tf#L216) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [vpn_onprem_primary_config](variables.tf#L230) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [vpn_onprem_secondary_config](variables.tf#L273) | VPN gateway configuration for onprem interconnection in the secondary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [create_test_instances](variables.tf#L42) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | <code>bool</code> | | <code>false</code> | |
|
||||
| [custom_roles](variables-fast.tf#L38) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [dns](variables.tf#L48) | DNS configuration. | <code title="object({ enable_logging = optional(bool, true) resolvers = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [enable_cloud_nat](variables.tf#L58) | Deploy Cloud NAT. | <code>bool</code> | | <code>false</code> | |
|
||||
| [essential_contacts](variables.tf#L65) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L71) | Configuration for network resource factories. | <code title="object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") })">object({…})</code> | | <code title="{ data_dir = "data" }">{…}</code> | |
|
||||
| [fast_features](variables-fast.tf#L47) | Selective control for top-level FAST features. | <code title="object({ gcve = optional(bool, false) })">object({…})</code> | | <code>{}</code> | <code>0-0-bootstrap</code> |
|
||||
| [gcp_ranges](variables.tf#L92) | GCP address ranges in name => range format. | <code>map(string)</code> | | <code title="{ gcp_dev_primary = "10.68.0.0/16" gcp_dev_secondary = "10.84.0.0/16" gcp_landing_landing_primary = "10.64.0.0/17" gcp_landing_landing_secondary = "10.80.0.0/17" gcp_dmz_primary = "10.64.127.0/17" gcp_dmz_secondary = "10.80.127.0/17" gcp_prod_primary = "10.72.0.0/16" gcp_prod_secondary = "10.88.0.0/16" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L117) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L123) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L143) | Region definitions. | <code title="object({ primary = string secondary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" secondary = "europe-west4" }">{…}</code> | |
|
||||
| [service_accounts](variables-fast.tf#L77) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [vpn_onprem_primary_config](variables.tf#L155) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [vpn_onprem_secondary_config](variables.tf#L198) | VPN gateway configuration for onprem interconnection in the secondary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,89 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Custom roles defined at the org level, in key => id format."
|
||||
type = object({
|
||||
service_project_network_admin = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "fast_features" {
|
||||
# tfdoc:variable:source 0-0-bootstrap
|
||||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
gcve = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
networking = string
|
||||
networking-dev = string
|
||||
networking-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Automation service accounts in name => email format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-dev = string
|
||||
gke-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
default = null
|
||||
}
|
|
@ -39,42 +39,12 @@ variable "alert_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "create_test_instances" {
|
||||
description = "Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Custom roles defined at the org level, in key => id format."
|
||||
type = object({
|
||||
service_project_network_admin = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "dns" {
|
||||
description = "DNS configuration."
|
||||
type = object({
|
||||
|
@ -119,26 +89,6 @@ variable "factories_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "fast_features" {
|
||||
# tfdoc:variable:source 0-0-bootstrap
|
||||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
gcve = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
networking = string
|
||||
networking-dev = string
|
||||
networking-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "gcp_ranges" {
|
||||
description = "GCP address ranges in name => range format."
|
||||
type = map(string)
|
||||
|
@ -170,17 +120,6 @@ variable "outputs_location" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "psa_ranges" {
|
||||
description = "IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format."
|
||||
type = object({
|
||||
|
@ -213,20 +152,6 @@ variable "regions" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Automation service accounts in name => email format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-dev = string
|
||||
gke-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpn_onprem_primary_config" {
|
||||
description = "VPN gateway configuration for onprem interconnection in the primary region."
|
||||
type = object({
|
||||
|
|
|
@ -323,6 +323,7 @@ Regions are defined via the `regions` variable which sets up a mapping between t
|
|||
| [outputs.tf](./outputs.tf) | Module outputs. | | <code>google_storage_bucket_object</code> · <code>local_file</code> |
|
||||
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
|
||||
| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | <code>compute-vm</code> | |
|
||||
| [variables-fast.tf](./variables-fast.tf) | None | | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | | |
|
||||
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | <code>net-vpn-ha</code> | |
|
||||
|
||||
|
@ -330,23 +331,23 @@ Regions are defined via the `regions` variable which sets up a mapping between t
|
|||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L118) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables.tf#L128) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables.tf#L144) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L48) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables-fast.tf#L58) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L68) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object({ vpn_tunnel_established = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) user_labels = optional(map(string), {}) })) vpn_tunnel_bandwidth = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) threshold_mbys = optional(string, "187.5") user_labels = optional(map(string), {}) })) })">object({…})</code> | | <code title="{ vpn_tunnel_established = {} vpn_tunnel_bandwidth = {} }">{…}</code> | |
|
||||
| [dns](variables.tf#L63) | DNS configuration. | <code title="object({ dev_resolvers = optional(list(string), []) enable_logging = optional(bool, true) prod_resolvers = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [enable_cloud_nat](variables.tf#L74) | Deploy Cloud NAT. | <code>bool</code> | | <code>false</code> | |
|
||||
| [essential_contacts](variables.tf#L81) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L87) | Configuration for network resource factories. | <code title="object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") })">object({…})</code> | | <code title="{ data_dir = "data" }">{…}</code> | |
|
||||
| [fast_features](variables.tf#L108) | Selective control for top-level FAST features. | <code title="object({ gcve = optional(bool, false) })">object({…})</code> | | <code>{}</code> | <code>0-0-bootstrap</code> |
|
||||
| [outputs_location](variables.tf#L138) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L155) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L175) | Region definitions. | <code title="object({ primary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" }">{…}</code> | |
|
||||
| [service_accounts](variables.tf#L185) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [vpn_onprem_dev_primary_config](variables.tf#L199) | VPN gateway configuration for onprem interconnection from dev in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [vpn_onprem_prod_primary_config](variables.tf#L242) | VPN gateway configuration for onprem interconnection from prod in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [dns](variables.tf#L42) | DNS configuration. | <code title="object({ dev_resolvers = optional(list(string), []) enable_logging = optional(bool, true) prod_resolvers = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [enable_cloud_nat](variables.tf#L53) | Deploy Cloud NAT. | <code>bool</code> | | <code>false</code> | |
|
||||
| [essential_contacts](variables.tf#L60) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L66) | Configuration for network resource factories. | <code title="object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") })">object({…})</code> | | <code title="{ data_dir = "data" }">{…}</code> | |
|
||||
| [fast_features](variables-fast.tf#L38) | Selective control for top-level FAST features. | <code title="object({ gcve = optional(bool, false) })">object({…})</code> | | <code>{}</code> | <code>0-0-bootstrap</code> |
|
||||
| [outputs_location](variables.tf#L87) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L93) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L113) | Region definitions. | <code title="object({ primary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" }">{…}</code> | |
|
||||
| [service_accounts](variables-fast.tf#L78) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [vpn_onprem_dev_primary_config](variables.tf#L123) | VPN gateway configuration for onprem interconnection from dev in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [vpn_onprem_prod_primary_config](variables.tf#L166) | VPN gateway configuration for onprem interconnection from prod in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,90 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "fast_features" {
|
||||
# tfdoc:variable:source 0-0-bootstrap
|
||||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
gcve = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
networking = string
|
||||
networking-dev = string
|
||||
networking-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Automation service accounts in name => email format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-dev = string
|
||||
gke-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
default = null
|
||||
}
|
|
@ -39,27 +39,6 @@ variable "alert_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "dns" {
|
||||
description = "DNS configuration."
|
||||
type = object({
|
||||
|
@ -105,53 +84,12 @@ variable "factories_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "fast_features" {
|
||||
# tfdoc:variable:source 0-0-bootstrap
|
||||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
gcve = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
networking = string
|
||||
networking-dev = string
|
||||
networking-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "outputs_location" {
|
||||
description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "psa_ranges" {
|
||||
description = "IP ranges used for Private Service Access (e.g. CloudSQL)."
|
||||
type = object({
|
||||
|
@ -182,20 +120,6 @@ variable "regions" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Automation service accounts in name => email format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-dev = string
|
||||
gke-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpn_onprem_dev_primary_config" {
|
||||
description = "VPN gateway configuration for onprem interconnection from dev in the primary region."
|
||||
type = object({
|
||||
|
|
|
@ -475,6 +475,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [outputs.tf](./outputs.tf) | Module outputs. | | <code>google_storage_bucket_object</code> · <code>local_file</code> |
|
||||
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
|
||||
| [test-resources.tf](./test-resources.tf) | temporary instances for testing | <code>compute-vm</code> | |
|
||||
| [variables-fast.tf](./variables-fast.tf) | None | | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | | |
|
||||
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | <code>net-vpn-ha</code> | |
|
||||
|
||||
|
@ -482,27 +483,27 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L126) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables.tf#L162) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables.tf#L178) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L57) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ networking = string networking-dev = string networking-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables-fast.tf#L67) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L77) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object({ vpn_tunnel_established = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) user_labels = optional(map(string), {}) })) vpn_tunnel_bandwidth = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) threshold_mbys = optional(string, "187.5") user_labels = optional(map(string), {}) })) })">object({…})</code> | | <code title="{ vpn_tunnel_established = {} vpn_tunnel_bandwidth = {} }">{…}</code> | |
|
||||
| [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [dns](variables.tf#L72) | DNS configuration. | <code title="object({ enable_logging = optional(bool, true) resolvers = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | <code>bool</code> | | <code>false</code> | |
|
||||
| [essential_contacts](variables.tf#L89) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L95) | Configuration for network resource factories. | <code title="object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") })">object({…})</code> | | <code title="{ data_dir = "data" }">{…}</code> | |
|
||||
| [fast_features](variables.tf#L116) | Selective control for top-level FAST features. | <code title="object({ gcve = optional(bool, false) })">object({…})</code> | | <code>{}</code> | <code>0-0-bootstrap</code> |
|
||||
| [gcp_ranges](variables.tf#L136) | GCP address ranges in name => range format. | <code>map(string)</code> | | <code title="{ gcp_dev_primary = "10.68.0.0/16" gcp_dev_secondary = "10.84.0.0/16" gcp_landing_primary = "10.64.0.0/17" gcp_landing_secondary = "10.80.0.0/17" gcp_dmz_primary = "10.64.127.0/17" gcp_dmz_secondary = "10.80.127.0/17" gcp_prod_primary = "10.72.0.0/16" gcp_prod_secondary = "10.88.0.0/16" }">{…}</code> | |
|
||||
| [ncc_asn](variables.tf#L151) | The NCC Cloud Routers ASN configuration. | <code>map(number)</code> | | <code title="{ nva_primary = 64513 nva_secondary = 64514 landing = 64515 dmz = 64512 }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L172) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L189) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L209) | Region definitions. | <code title="object({ primary = string secondary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" secondary = "europe-west4" }">{…}</code> | |
|
||||
| [service_accounts](variables.tf#L221) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [vpn_onprem_primary_config](variables.tf#L235) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [vpn_onprem_secondary_config](variables.tf#L278) | VPN gateway configuration for onprem interconnection in the secondary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [zones](variables.tf#L321) | Zones in which NVAs are deployed. | <code>list(string)</code> | | <code>["b", "c"]</code> | |
|
||||
| [custom_roles](variables-fast.tf#L38) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [dns](variables.tf#L42) | DNS configuration. | <code title="object({ enable_logging = optional(bool, true) resolvers = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [enable_cloud_nat](variables.tf#L52) | Deploy Cloud NAT. | <code>bool</code> | | <code>false</code> | |
|
||||
| [essential_contacts](variables.tf#L59) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L65) | Configuration for network resource factories. | <code title="object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") })">object({…})</code> | | <code title="{ data_dir = "data" }">{…}</code> | |
|
||||
| [fast_features](variables-fast.tf#L47) | Selective control for top-level FAST features. | <code title="object({ gcve = optional(bool, false) })">object({…})</code> | | <code>{}</code> | <code>0-0-bootstrap</code> |
|
||||
| [gcp_ranges](variables.tf#L86) | GCP address ranges in name => range format. | <code>map(string)</code> | | <code title="{ gcp_dev_primary = "10.68.0.0/16" gcp_dev_secondary = "10.84.0.0/16" gcp_landing_primary = "10.64.0.0/17" gcp_landing_secondary = "10.80.0.0/17" gcp_dmz_primary = "10.64.127.0/17" gcp_dmz_secondary = "10.80.127.0/17" gcp_prod_primary = "10.72.0.0/16" gcp_prod_secondary = "10.88.0.0/16" }">{…}</code> | |
|
||||
| [ncc_asn](variables.tf#L101) | The NCC Cloud Routers ASN configuration. | <code>map(number)</code> | | <code title="{ nva_primary = 64513 nva_secondary = 64514 landing = 64515 dmz = 64512 }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L112) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [psa_ranges](variables.tf#L118) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | <code title="object({ dev = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) prod = optional(list(object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) })), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [regions](variables.tf#L138) | Region definitions. | <code title="object({ primary = string secondary = string })">object({…})</code> | | <code title="{ primary = "europe-west1" secondary = "europe-west4" }">{…}</code> | |
|
||||
| [service_accounts](variables-fast.tf#L87) | Automation service accounts in name => email format. | <code title="object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | | <code>null</code> | <code>1-resman</code> |
|
||||
| [vpn_onprem_primary_config](variables.tf#L150) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [vpn_onprem_secondary_config](variables.tf#L193) | VPN gateway configuration for onprem interconnection in the secondary region. | <code title="object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) })">object({…})</code> | | <code>null</code> | |
|
||||
| [zones](variables.tf#L236) | Zones in which NVAs are deployed. | <code>list(string)</code> | | <code>["b", "c"]</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,99 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Custom roles defined at the org level, in key => id format."
|
||||
type = object({
|
||||
service_project_network_admin = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "fast_features" {
|
||||
# tfdoc:variable:source 0-0-bootstrap
|
||||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
gcve = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
networking = string
|
||||
networking-dev = string
|
||||
networking-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Automation service accounts in name => email format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-dev = string
|
||||
gke-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
default = null
|
||||
}
|
|
@ -39,36 +39,6 @@ variable "alert_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Custom roles defined at the org level, in key => id format."
|
||||
type = object({
|
||||
service_project_network_admin = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "dns" {
|
||||
description = "DNS configuration."
|
||||
type = object({
|
||||
|
@ -113,26 +83,6 @@ variable "factories_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "fast_features" {
|
||||
# tfdoc:variable:source 0-0-bootstrap
|
||||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
gcve = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
networking = string
|
||||
networking-dev = string
|
||||
networking-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "gcp_ranges" {
|
||||
description = "GCP address ranges in name => range format."
|
||||
type = map(string)
|
||||
|
@ -159,33 +109,12 @@ variable "ncc_asn" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "outputs_location" {
|
||||
description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "psa_ranges" {
|
||||
description = "IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format."
|
||||
type = object({
|
||||
|
@ -218,20 +147,6 @@ variable "regions" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Automation service accounts in name => email format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-dev = string
|
||||
gke-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpn_onprem_primary_config" {
|
||||
description = "VPN gateway configuration for onprem interconnection in the primary region."
|
||||
type = object({
|
||||
|
|
|
@ -241,16 +241,16 @@ Some references that might be useful in setting up this stage:
|
|||
| [billing_account](variables-fast.tf#L32) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L45) | Folder name => id mappings, the 'security' folder name must exist. | <code title="object({ security = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [organization](variables-fast.tf#L63) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables.tf#L82) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [service_accounts](variables-fast.tf#L87) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | <code title="object({ data-platform-dev = string data-platform-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [prefix](variables-fast.tf#L73) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [service_accounts](variables-fast.tf#L97) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | <code title="object({ data-platform-dev = string data-platform-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [access_policy](variables-fast.tf#L17) | Access policy id for tenant-level VPC-SC configurations. | <code>number</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [essential_contacts](variables.tf#L17) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L23) | Paths to folders that enable factory functionality. | <code title="object({ vpc_sc = optional(object({ access_levels = optional(string, "data/vpc-sc/access-levels") egress_policies = optional(string, "data/vpc-sc/egress-policies") ingress_policies = optional(string, "data/vpc-sc/ingress-policies") restricted_services = optional(string, "data/vpc-sc/restricted-services.yaml") }), {}) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [kms_keys](variables.tf#L37) | KMS keys to create, keyed by name. | <code title="map(object({ rotation_period = optional(string, "7776000s") labels = optional(map(string)) locations = optional(list(string), [ "europe", "europe-west1", "europe-west3", "global" ]) purpose = optional(string, "ENCRYPT_DECRYPT") skip_initial_version_creation = optional(bool, false) version_template = optional(object({ algorithm = string protection_level = optional(string, "SOFTWARE") })) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [logging](variables-fast.tf#L53) | Log writer identities for organization / folders. | <code title="object({ project_number = string writer_identities = map(string) })">object({…})</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [outputs_location](variables.tf#L76) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [root_node](variables-fast.tf#L73) | Root node for the hierarchy, if running in tenant mode. | <code>string</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [vpc_sc](variables.tf#L92) | VPC SC configuration. | <code title="object({ access_levels = optional(map(any), {}) egress_policies = optional(map(any), {}) ingress_policies = optional(map(any), {}) perimeter_default = optional(object({ access_levels = optional(list(string), []) dry_run = optional(bool, false) egress_policies = optional(list(string), []) ingress_policies = optional(list(string), []) resources = optional(list(string), []) })) resource_discovery = optional(object({ enabled = optional(bool, true) ignore_folders = optional(list(string), []) ignore_projects = optional(list(string), []) include_projects = optional(list(string), []) }), {}) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [root_node](variables-fast.tf#L83) | Root node for the hierarchy, if running in tenant mode. | <code>string</code> | | <code>null</code> | <code>0-bootstrap</code> |
|
||||
| [vpc_sc](variables.tf#L82) | VPC SC configuration. | <code title="object({ access_levels = optional(map(any), {}) egress_policies = optional(map(any), {}) ingress_policies = optional(map(any), {}) perimeter_default = optional(object({ access_levels = optional(list(string), []) dry_run = optional(bool, false) egress_policies = optional(list(string), []) ingress_policies = optional(list(string), []) resources = optional(list(string), []) })) resource_discovery = optional(object({ enabled = optional(bool, true) ignore_folders = optional(list(string), []) ignore_projects = optional(list(string), []) include_projects = optional(list(string), []) }), {}) })">object({…})</code> | | <code>{}</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -70,6 +70,16 @@ variable "organization" {
|
|||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Root node for the hierarchy, if running in tenant mode."
|
||||
|
|
|
@ -79,16 +79,6 @@ variable "outputs_location" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "vpc_sc" {
|
||||
description = "VPC SC configuration."
|
||||
type = object({
|
||||
|
|
|
@ -177,32 +177,33 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|
|||
|---|---|---|---|
|
||||
| [main.tf](./main.tf) | Data Platform. | <code>data-platform-foundations</code> | |
|
||||
| [outputs.tf](./outputs.tf) | Output variables. | | <code>google_storage_bucket_object</code> · <code>local_file</code> |
|
||||
| [variables-fast.tf](./variables-fast.tf) | Terraform Variables. | | |
|
||||
| [variables.tf](./variables.tf) | Terraform Variables. | | |
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L148) | Folder to be used for the networking resources in folders/nnnn format. | <code title="object({ data-platform-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L166) | Shared VPC project ids. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [organization](variables.tf#L196) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables.tf#L212) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | <code>string</code> | ✓ | | <code>00-globals</code> |
|
||||
| [composer_config](variables.tf#L38) | Cloud Composer config. | <code title="object({ disable_deployment = optional(bool) environment_size = optional(string, "ENVIRONMENT_SIZE_SMALL") software_config = optional( object({ airflow_config_overrides = optional(any) pypi_packages = optional(any) env_variables = optional(map(string)) image_version = string cloud_data_lineage_integration = optional(bool, true) }), { image_version = "composer-2-airflow-2" } ) workloads_config = optional( object({ scheduler = optional( object({ cpu = number memory_gb = number storage_gb = number count = number }), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 count = 1 } ) web_server = optional( object({ cpu = number memory_gb = number storage_gb = number }), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 } ) worker = optional( object({ cpu = number memory_gb = number storage_gb = number min_count = number max_count = number }), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 min_count = 1 max_count = 3 } ) })) })">object({…})</code> | | <code title="{ environment_size = "ENVIRONMENT_SIZE_SMALL" software_config = { image_version = "composer-2-airflow-2" } workloads_config = { scheduler = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 count = 1 } web_server = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 } worker = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 min_count = 1 max_count = 3 } } }">{…}</code> | |
|
||||
| [data_catalog_tags](variables.tf#L127) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code title="map(object({ description = optional(string) iam = optional(map(list(string)), {}) }))">map(object({…}))</code> | | <code title="{ "3_Confidential" = {} "2_Private" = {} "1_Sensitive" = {} }">{…}</code> | |
|
||||
| [deletion_protection](variables.tf#L141) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | <code>bool</code> | | <code>true</code> | |
|
||||
| [groups_dp](variables.tf#L156) | Data Platform groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> | |
|
||||
| [location](variables.tf#L174) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> | |
|
||||
| [network_config_composer](variables.tf#L180) | Network configurations to use for Composer. | <code title="object({ cloudsql_range = string gke_master_range = string gke_pods_name = string gke_services_name = string })">object({…})</code> | | <code title="{ cloudsql_range = "192.168.254.0/24" gke_master_range = "192.168.255.0/28" gke_pods_name = "pods" gke_services_name = "services" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L206) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_config](variables.tf#L222) | Provide projects configuration. | <code title="object({ project_create = optional(bool, true) project_ids = optional(object({ drop = string load = string orc = string trf = string dwh-lnd = string dwh-cur = string dwh-conf = string common = string exp = string }) ) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [project_services](variables.tf#L242) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> | |
|
||||
| [project_suffix](variables.tf#L253) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> | |
|
||||
| [region](variables.tf#L259) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> | |
|
||||
| [service_encryption_keys](variables.tf#L265) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> | |
|
||||
| [subnet_self_links](variables.tf#L277) | Shared VPC subnet self links. | <code title="object({ dev-spoke-0 = map(string) })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
| [vpc_self_links](variables.tf#L286) | Shared VPC self links. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
| [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L38) | Folder to be used for the networking resources in folders/nnnn format. | <code title="object({ data-platform-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables-fast.tf#L46) | Shared VPC project ids. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [organization](variables-fast.tf#L54) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables-fast.tf#L64) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [composer_config](variables.tf#L17) | Cloud Composer config. | <code title="object({ disable_deployment = optional(bool) environment_size = optional(string, "ENVIRONMENT_SIZE_SMALL") software_config = optional( object({ airflow_config_overrides = optional(any) pypi_packages = optional(any) env_variables = optional(map(string)) image_version = string cloud_data_lineage_integration = optional(bool, true) }), { image_version = "composer-2-airflow-2" } ) workloads_config = optional( object({ scheduler = optional( object({ cpu = number memory_gb = number storage_gb = number count = number }), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 count = 1 } ) web_server = optional( object({ cpu = number memory_gb = number storage_gb = number }), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 } ) worker = optional( object({ cpu = number memory_gb = number storage_gb = number min_count = number max_count = number }), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 min_count = 1 max_count = 3 } ) })) })">object({…})</code> | | <code title="{ environment_size = "ENVIRONMENT_SIZE_SMALL" software_config = { image_version = "composer-2-airflow-2" } workloads_config = { scheduler = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 count = 1 } web_server = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 } worker = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 min_count = 1 max_count = 3 } } }">{…}</code> | |
|
||||
| [data_catalog_tags](variables.tf#L106) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code title="map(object({ description = optional(string) iam = optional(map(list(string)), {}) }))">map(object({…}))</code> | | <code title="{ "3_Confidential" = {} "2_Private" = {} "1_Sensitive" = {} }">{…}</code> | |
|
||||
| [deletion_protection](variables.tf#L120) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | <code>bool</code> | | <code>true</code> | |
|
||||
| [groups_dp](variables.tf#L127) | Data Platform groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> | |
|
||||
| [location](variables.tf#L137) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> | |
|
||||
| [network_config_composer](variables.tf#L143) | Network configurations to use for Composer. | <code title="object({ cloudsql_range = string gke_master_range = string gke_pods_name = string gke_services_name = string })">object({…})</code> | | <code title="{ cloudsql_range = "192.168.254.0/24" gke_master_range = "192.168.255.0/28" gke_pods_name = "pods" gke_services_name = "services" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L159) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_config](variables.tf#L165) | Provide projects configuration. | <code title="object({ project_create = optional(bool, true) project_ids = optional(object({ drop = string load = string orc = string trf = string dwh-lnd = string dwh-cur = string dwh-conf = string common = string exp = string }) ) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [project_services](variables.tf#L185) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> | |
|
||||
| [project_suffix](variables.tf#L196) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> | |
|
||||
| [region](variables.tf#L202) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> | |
|
||||
| [service_encryption_keys](variables.tf#L208) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> | |
|
||||
| [subnet_self_links](variables-fast.tf#L74) | Shared VPC subnet self links. | <code title="object({ dev-spoke-0 = map(string) })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
| [vpc_self_links](variables-fast.tf#L83) | Shared VPC self links. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,90 @@
|
|||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# tfdoc:file:description Terraform Variables.
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folder to be used for the networking resources in folders/nnnn format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Shared VPC project ids."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "subnet_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Shared VPC subnet self links."
|
||||
type = object({
|
||||
dev-spoke-0 = map(string)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Shared VPC self links."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
default = null
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -14,27 +14,6 @@
|
|||
|
||||
# tfdoc:file:description Terraform Variables.
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "composer_config" {
|
||||
description = "Cloud Composer config."
|
||||
type = object({
|
||||
|
@ -145,14 +124,6 @@ variable "deletion_protection" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folder to be used for the networking resources in folders/nnnn format."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "groups_dp" {
|
||||
description = "Data Platform groups."
|
||||
type = map(string)
|
||||
|
@ -163,14 +134,6 @@ variable "groups_dp" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Shared VPC project ids."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "Location used for multi-regional resources."
|
||||
type = string
|
||||
|
@ -193,32 +156,12 @@ variable "network_config_composer" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "outputs_location" {
|
||||
description = "Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Unique prefix used for resource names. Not used for projects if 'project_create' is null."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 13
|
||||
error_message = "Use a maximum of 12 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "project_config" {
|
||||
description = "Provide projects configuration."
|
||||
type = object({
|
||||
|
@ -273,21 +216,3 @@ variable "service_encryption_keys" {
|
|||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "subnet_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Shared VPC subnet self links."
|
||||
type = object({
|
||||
dev-spoke-0 = map(string)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Shared VPC self links."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
|
|
@ -101,25 +101,26 @@ The VPC host project, VPC and subnets should already exist.
|
|||
|---|---|---|---|
|
||||
| [main.tf](./main.tf) | GCVE private cloud for development environment. | <code>pc-minimal</code> | |
|
||||
| [outputs.tf](./outputs.tf) | Output variables. | | <code>google_storage_bucket_object</code> · <code>local_file</code> |
|
||||
| [variables-fast.tf](./variables-fast.tf) | None | | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | | |
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L38) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gcve-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L59) | Host project for the shared VPC. | <code title="object({ prod-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [organization](variables.tf#L80) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables.tf#L96) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [private_cloud_configs](variables.tf#L102) | The VMware private cloud configurations. The key is the unique private cloud name suffix. | <code title="map(object({ cidr = string zone = string additional_cluster_configs = optional(map(object({ custom_core_count = optional(number) node_count = optional(number, 3) node_type_id = optional(string, "standard-72") })), {}) management_cluster_config = optional(object({ custom_core_count = optional(number) name = optional(string, "mgmt-cluster") node_count = optional(number, 3) node_type_id = optional(string, "standard-72") }), {}) description = optional(string, "Managed by Terraform.") }))">map(object({…}))</code> | ✓ | | |
|
||||
| [vpc_self_links](variables.tf#L131) | Self link for the shared VPC. | <code title="object({ prod-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [groups_gcve](variables.tf#L46) | GCVE groups. | <code title="object({ gcp-gcve-admins = string gcp-gcve-viewers = string })">object({…})</code> | | <code title="{ gcp-gcve-admins = "gcp-gcve-admins" gcp-gcve-viewers = "gcp-gcve-viewers" }">{…}</code> | |
|
||||
| [iam](variables.tf#L67) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L74) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L90) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L124) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> | |
|
||||
| [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L38) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gcve-prod = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables-fast.tf#L46) | Host project for the shared VPC. | <code title="object({ prod-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [organization](variables-fast.tf#L54) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables-fast.tf#L64) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [private_cloud_configs](variables.tf#L49) | The VMware private cloud configurations. The key is the unique private cloud name suffix. | <code title="map(object({ cidr = string zone = string additional_cluster_configs = optional(map(object({ custom_core_count = optional(number) node_count = optional(number, 3) node_type_id = optional(string, "standard-72") })), {}) management_cluster_config = optional(object({ custom_core_count = optional(number) name = optional(string, "mgmt-cluster") node_count = optional(number, 3) node_type_id = optional(string, "standard-72") }), {}) description = optional(string, "Managed by Terraform.") }))">map(object({…}))</code> | ✓ | | |
|
||||
| [vpc_self_links](variables-fast.tf#L74) | Self link for the shared VPC. | <code title="object({ prod-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [groups_gcve](variables.tf#L17) | GCVE groups. | <code title="object({ gcp-gcve-admins = string gcp-gcve-viewers = string })">object({…})</code> | | <code title="{ gcp-gcve-admins = "gcp-gcve-admins" gcp-gcve-viewers = "gcp-gcve-viewers" }">{…}</code> | |
|
||||
| [iam](variables.tf#L30) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L37) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L43) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L71) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
gcve-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Host project for the shared VPC."
|
||||
type = object({
|
||||
prod-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Self link for the shared VPC."
|
||||
type = object({
|
||||
prod-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
|
|
@ -14,35 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
gcve-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "groups_gcve" {
|
||||
description = "GCVE groups."
|
||||
type = object({
|
||||
|
@ -56,14 +27,6 @@ variable "groups_gcve" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Host project for the shared VPC."
|
||||
type = object({
|
||||
prod-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
|
@ -77,28 +40,12 @@ variable "labels" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "outputs_location" {
|
||||
description = "Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "private_cloud_configs" {
|
||||
description = "The VMware private cloud configurations. The key is the unique private cloud name suffix."
|
||||
type = map(object({
|
||||
|
@ -127,13 +74,3 @@ variable "project_services" {
|
|||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Self link for the shared VPC."
|
||||
type = object({
|
||||
prod-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -208,29 +208,30 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
|
|||
|---|---|---|---|
|
||||
| [main.tf](./main.tf) | GKE multitenant for development environment. | <code>multitenant-fleet</code> | |
|
||||
| [outputs.tf](./outputs.tf) | Output variables. | | <code>google_storage_bucket_object</code> · <code>local_file</code> |
|
||||
| [variables-fast.tf](./variables-fast.tf) | None | | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | | |
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L29) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L175) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gke-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L183) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [prefix](variables.tf#L250) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | |
|
||||
| [vpc_self_links](variables.tf#L266) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster-standard module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { shielded_nodes = true workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_daemonset_metrics = optional(bool, false) enable_deployment_metrics = optional(bool, false) enable_hpa_metrics = optional(bool, false) enable_pod_metrics = optional(bool, false) enable_statefulset_metrics = optional(bool, false) enable_storage_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) }), {}) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L112) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_templates](variables.tf#L120) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_features](variables.tf#L155) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> | |
|
||||
| [fleet_workload_identity](variables.tf#L168) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | |
|
||||
| [iam](variables.tf#L191) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_by_principals](variables.tf#L198) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L205) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L211) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" shielded_instance_config = { enable_integrity_monitoring = true enable_secure_boot = true } }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(map(object({ value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L244) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L259) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> | |
|
||||
| [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables-fast.tf#L38) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gke-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables-fast.tf#L46) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [prefix](variables-fast.tf#L54) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [vpc_self_links](variables-fast.tf#L64) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [clusters](variables.tf#L17) | Clusters configuration. Refer to the gke-cluster-standard module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { shielded_nodes = true workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_daemonset_metrics = optional(bool, false) enable_deployment_metrics = optional(bool, false) enable_hpa_metrics = optional(bool, false) enable_pod_metrics = optional(bool, false) enable_statefulset_metrics = optional(bool, false) enable_storage_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) }), {}) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L87) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_templates](variables.tf#L94) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_features](variables.tf#L129) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> | |
|
||||
| [fleet_workload_identity](variables.tf#L142) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | |
|
||||
| [iam](variables.tf#L149) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_by_principals](variables.tf#L156) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L163) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L169) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" shielded_instance_config = { enable_integrity_monitoring = true enable_secure_boot = true } }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(map(object({ value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L202) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L208) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
gke-dev = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Host project for the shared VPC."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Self link for the shared VPC."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -14,31 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# we deal with one env here
|
||||
# 1 project, m clusters
|
||||
# cloud dns for gke?
|
||||
|
||||
variable "automation" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Automation resources created by the bootstrap stage."
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "clusters" {
|
||||
description = "Clusters configuration. Refer to the gke-cluster-standard module for type details."
|
||||
type = map(object({
|
||||
|
@ -116,7 +91,6 @@ variable "fleet_configmanagement_clusters" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
|
||||
variable "fleet_configmanagement_templates" {
|
||||
description = "Sets of config management configurations that can be applied to member clusters, in config name => {options} format."
|
||||
type = map(object({
|
||||
|
@ -172,22 +146,6 @@ variable "fleet_workload_identity" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 1-resman
|
||||
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||
type = object({
|
||||
gke-dev = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Host project for the shared VPC."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
|
@ -247,26 +205,9 @@ variable "outputs_location" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources that need unique names."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 13
|
||||
error_message = "Use a maximum of 12 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "project_services" {
|
||||
description = "Additional project services to enable."
|
||||
type = list(string)
|
||||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 2-networking
|
||||
description = "Self link for the shared VPC."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
|
|
@ -72,15 +72,16 @@ terraform apply
|
|||
|---|---|---|
|
||||
| [main.tf](./main.tf) | Project factory. | <code>project-factory</code> |
|
||||
| [outputs.tf](./outputs.tf) | Module outputs. | |
|
||||
| [variables-fast.tf](./variables-fast.tf) | None | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | |
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account](variables.tf#L19) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [factories_config](variables.tf#L32) | Path to folder with YAML resource description data files. | <code title="object({ projects_data_path = string budgets = optional(object({ billing_account = string budgets_data_path = string notification_channels = optional(map(any), {}) })) })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L45) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables-fast.tf#L17) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [factories_config](variables.tf#L17) | Path to folder with YAML resource description data files. | <code title="object({ projects_data_path = string budgets = optional(object({ billing_account = string budgets_data_path = string notification_channels = optional(map(any), {}) })) })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables-fast.tf#L30) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 12
|
||||
error_message = "Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
}
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -14,21 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#TODO: tfdoc annotations
|
||||
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false."
|
||||
type = object({
|
||||
id = string
|
||||
is_org_level = optional(bool, true)
|
||||
})
|
||||
validation {
|
||||
condition = var.billing_account.is_org_level != null
|
||||
error_message = "Invalid `null` value for `billing_account.is_org_level`."
|
||||
}
|
||||
}
|
||||
|
||||
variable "factories_config" {
|
||||
description = "Path to folder with YAML resource description data files."
|
||||
type = object({
|
||||
|
@ -41,13 +26,3 @@ variable "factories_config" {
|
|||
})
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use 9 characters or less."
|
||||
type = string
|
||||
validation {
|
||||
condition = try(length(var.prefix), 0) < 10
|
||||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue