Add cmek support on google_vertex_ai_metadata_store.
This commit is contained in:
parent
1671c5b4f3
commit
3f9bbc2e5c
|
@ -28,5 +28,5 @@ module "dataset" {
|
|||
project_id = module.project.project_id
|
||||
id = "${replace(var.prefix, "-", "_")}_data"
|
||||
encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key
|
||||
location = "US"
|
||||
location = var.location
|
||||
}
|
||||
|
|
|
@ -55,9 +55,10 @@ module "project" {
|
|||
host_project = local.shared_vpc_project
|
||||
}
|
||||
service_encryption_key_ids = {
|
||||
compute = [try(local.service_encryption_keys.compute, null)]
|
||||
bq = [try(local.service_encryption_keys.bq, null)]
|
||||
storage = [try(local.service_encryption_keys.storage, null)]
|
||||
aiplatform = [try(local.service_encryption_keys.compute, null)]
|
||||
compute = [try(local.service_encryption_keys.compute, null)]
|
||||
bq = [try(local.service_encryption_keys.bq, null)]
|
||||
storage = [try(local.service_encryption_keys.storage, null)]
|
||||
}
|
||||
service_config = {
|
||||
disable_on_destroy = false, disable_dependent_services = false
|
||||
|
|
|
@ -52,9 +52,10 @@ variable "region" {
|
|||
variable "service_encryption_keys" {
|
||||
description = "Cloud KMS to use to encrypt different services. The key location should match the service region."
|
||||
type = object({
|
||||
bq = string
|
||||
compute = string
|
||||
storage = string
|
||||
aiplatform = optional(string, null)
|
||||
bq = optional(string, null)
|
||||
compute = optional(string, null)
|
||||
storage = optional(string, null)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
|
|
@ -17,13 +17,20 @@
|
|||
resource "google_vertex_ai_metadata_store" "store" {
|
||||
provider = google-beta
|
||||
project = module.project.project_id
|
||||
name = "default" #"${var.prefix}-metadata-store"
|
||||
name = "default"
|
||||
description = "Vertex Ai Metadata Store"
|
||||
region = var.region
|
||||
#TODO Check/Implement P4SA logic for IAM role
|
||||
# encryption_spec {
|
||||
# kms_key_name = var.service_encryption_keys.ai_metadata_store
|
||||
# }
|
||||
dynamic "encryption_spec" {
|
||||
for_each = try(var.service_encryption_keys.aiplatform, null) == null ? [] : [""]
|
||||
|
||||
content {
|
||||
kms_key_name = try(var.service_encryption_keys.aiplatform, null)
|
||||
}
|
||||
}
|
||||
# `state` value will be decided automatically based on the result of the configuration
|
||||
lifecycle {
|
||||
ignore_changes = [state]
|
||||
}
|
||||
}
|
||||
|
||||
module "service-account-notebook" {
|
||||
|
|
Loading…
Reference in New Issue