Merge branch 'master' into google_gkehub_feature_membership
This commit is contained in:
commit
551d45760f
|
@ -69,4 +69,7 @@ jobs:
|
|||
- name: Check python formatting
|
||||
id: yapf
|
||||
run: |
|
||||
yapf --style="{based_on_style: google, indent_width: 2, SPLIT_BEFORE_NAMED_ASSIGNS: false}" -p -d tools/*.py
|
||||
yapf --style="{based_on_style: google, indent_width: 2, SPLIT_BEFORE_NAMED_ASSIGNS: false}" -p -d \
|
||||
tools/*.py \
|
||||
blueprints/cloud-operations/network-dashboard/src/*py \
|
||||
blueprints/cloud-operations/network-dashboard/src/plugins/*py
|
||||
|
|
|
@ -754,7 +754,7 @@ def test_name(plan_summary, tfvars_to_yaml, tmp_path):
|
|||
assert s.values[address]['project'] == 'my-project'
|
||||
```
|
||||
|
||||
For more examples on how to write python tests, the tests for [`organization`](./tests/modules/organization/test_plan_org_policies.py) and [`net-vpc`](./tests/modules/net_vpc/test_routes.py) modules.
|
||||
For more examples on how to write python tests, check the tests for the [`organization`](./tests/modules/organization/test_plan_org_policies.py) module.
|
||||
|
||||
#### Testing documentation examples
|
||||
|
||||
|
|
|
@ -25,20 +25,24 @@ The diagram below depicts the architecture.
|
|||
terraform apply
|
||||
```
|
||||
|
||||
Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.
|
||||
|
||||
5. Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command
|
||||
|
||||
ansible-playbook playbook.yaml -vvvß
|
||||
|
||||
## Testing the blueprint
|
||||
|
||||
2. Deploy an api proxy
|
||||
|
||||
```
|
||||
./deploy-apiproxy.sh
|
||||
./deploy-apiproxy.sh apis-test
|
||||
```
|
||||
|
||||
3. In the console check the IP address that has been allocated to the Apigee ingress gateway and send some traffic to the deployed API proxy.
|
||||
3. Send a request
|
||||
|
||||
```
|
||||
curl -k -v -H "Host:HOSTNAME" \
|
||||
--resolve HOSTNAME:443:IP_ADDRESS \
|
||||
https://HOSTNAME/httpbin/headers
|
||||
curl -v https://HOSTNAME/httpbin/headers
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
@ -56,4 +60,10 @@ The diagram below depicts the architecture.
|
|||
| [region](variables.tf#L84) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [zone](variables.tf#L90) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [ip_address](outputs.tf#L17) | GLB IP address. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -18,12 +18,13 @@
|
|||
|
||||
resource "local_file" "vars_file" {
|
||||
content = yamlencode({
|
||||
cluster = module.cluster.name
|
||||
region = var.region
|
||||
project_id = module.project.project_id
|
||||
envgroup = local.envgroup
|
||||
env = local.environment
|
||||
hostname = var.hostname
|
||||
cluster = module.cluster.name
|
||||
region = var.region
|
||||
project_id = module.project.project_id
|
||||
envgroups = local.envgroups
|
||||
environments = local.environments
|
||||
service_accounts = local.google_sas
|
||||
ingress_ip_name = local.ingress_ip_name
|
||||
})
|
||||
filename = "${path.module}/ansible/vars/vars.yaml"
|
||||
file_permission = "0666"
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create and annotate k8s service account
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: "{{ k8s_service_account }}"
|
||||
namespace: apigee
|
||||
annotations:
|
||||
iam.gke.io/gcp-service-account: "{{ google_service_account }}@{{ project_id }}.iam.gserviceaccount.com"
|
||||
with_items: "{{ k8s_service_accounts }}"
|
||||
loop_control:
|
||||
loop_var: k8s_service_account
|
|
@ -1,11 +1,11 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
|
@ -19,18 +19,27 @@
|
|||
--project {{ project_id }} \
|
||||
--internal-ip
|
||||
|
||||
- name: Install cert-manager
|
||||
shell: >
|
||||
kubectl apply \
|
||||
--validate=false \
|
||||
-f https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
|
||||
- name: Download cert-manager
|
||||
uri:
|
||||
url: https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
|
||||
dest: ~/cert-manager.yaml
|
||||
|
||||
- name: Wait until pods are ready in cert-manager namespace
|
||||
shell: >
|
||||
kubectl wait --for=condition=ready pods \
|
||||
-l app.kubernetes.io/instance=cert-manager \
|
||||
-n cert-manager \
|
||||
--timeout=90s
|
||||
- name: Apply metrics-server manifest to the cluster.
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
src: ~/cert-manager.yaml
|
||||
|
||||
- name:
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Pod
|
||||
wait: yes
|
||||
label_selectors:
|
||||
- "app.kubernetes.io/instance=cert-manager"
|
||||
namespace: cert-manager
|
||||
wait_timeout: 90
|
||||
wait_condition:
|
||||
type: Ready
|
||||
status: True
|
||||
|
||||
- name: Fetch apigeectl version
|
||||
uri:
|
||||
|
@ -48,7 +57,7 @@
|
|||
unarchive:
|
||||
src: "~/apigeectl.tar.gz"
|
||||
dest: "~"
|
||||
remote_src: yes
|
||||
remote_src: yes
|
||||
|
||||
- name: Move apigeectl folder
|
||||
shell: >
|
||||
|
@ -66,25 +75,69 @@
|
|||
file:
|
||||
src: ~/apigeectl/{{ item }}
|
||||
dest: "~/hybrid-files/{{ item }}"
|
||||
state: link
|
||||
state: link
|
||||
with_items:
|
||||
- tools
|
||||
- config
|
||||
- templates
|
||||
- plugins
|
||||
- plugins
|
||||
|
||||
- name: Create service accounts
|
||||
shell: >
|
||||
~/hybrid-files/tools/create-service-account -i {{ project_id }} -e non-prod -d ~/hybrid-files/service-accounts
|
||||
- name: Create apigee namespace
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: apigee
|
||||
|
||||
- name: Create certificates
|
||||
- name: Create k8s service accounts
|
||||
include_tasks: k8s_service_accounts.yaml
|
||||
vars:
|
||||
google_service_account: "{{ item.key }}"
|
||||
k8s_service_accounts: "{{ item.value }}"
|
||||
with_dict: "{{ service_accounts }}"
|
||||
|
||||
- name: Set hostnames
|
||||
set_fact:
|
||||
hostnames: "{{ hostnames | default([]) + item.value }}"
|
||||
with_dict: "{{ envgroups }}"
|
||||
|
||||
- name: Create certificate and private key
|
||||
shell: >
|
||||
openssl req \
|
||||
-nodes \
|
||||
-new \
|
||||
-x509 \
|
||||
-keyout ~/hybrid-files/certs/{{ envgroup }}.key \
|
||||
-out ~/hybrid-files/certs/{{ envgroup }}.cert -subj '/CN='{{ hostname }}'' -days 3650
|
||||
-keyout ~/hybrid-files/certs/server.key \
|
||||
-out ~/hybrid-files/certs/server.crt \
|
||||
-subj "/CN=apigee.com' \
|
||||
-addext "subjectAltName={{ hostnames | map('regex_replace', '^', 'DNS:') | join(',') }}""
|
||||
-days 3650
|
||||
|
||||
- name: Read certificate
|
||||
slurp:
|
||||
src: ~/hybrid-files/certs/server.crt
|
||||
register: certificate_output
|
||||
|
||||
- name: Read private ket
|
||||
slurp:
|
||||
src: ~/hybrid-files/certs/server.key
|
||||
register: privatekey_output
|
||||
|
||||
- name: Create secret
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: tls-hybrid-ingress
|
||||
namespace: apigee
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: "{{ certificate_output.content }}"
|
||||
tls.key: "{{ privatekey_output.content }}"
|
||||
|
||||
- name: Create overrides.yaml
|
||||
template:
|
||||
|
@ -96,48 +149,185 @@
|
|||
curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" \
|
||||
-H "Content-Type:application/json" \
|
||||
"https://apigee.googleapis.com/v1/organizations/{{ project_id }}:setSyncAuthorization" \
|
||||
-d '{"identities":["'"serviceAccount:apigee-non-prod@{{ project_id }}.iam.gserviceaccount.com"'"]}'
|
||||
-d '{"identities":["'"serviceAccount:apigee-synchronizer@{{ project_id }}.iam.gserviceaccount.com"'"]}'
|
||||
|
||||
- name: Dry-run (init)
|
||||
shell: >
|
||||
~/apigeectl/apigeectl init -f overrides/overrides.yaml --dry-run=client
|
||||
~/apigeectl/apigeectl init -f overrides/overrides.yaml --dry-run=client
|
||||
args:
|
||||
chdir: ~/hybrid-files
|
||||
|
||||
- name: Install the Apigee deployment services Apigee Deployment Controller and Apigee Admission Webhook.
|
||||
shell: >
|
||||
~/apigeectl/apigeectl init -f overrides/overrides.yaml
|
||||
~/apigeectl/apigeectl init -f overrides/overrides.yaml
|
||||
args:
|
||||
chdir: ~/hybrid-files
|
||||
chdir: ~/hybrid-files
|
||||
|
||||
- name: Wait until pods are ready in apigee-system namespace
|
||||
shell: >
|
||||
kubectl wait --for=condition=ready pods \
|
||||
-l app=apigee-controller \
|
||||
-n apigee-system \
|
||||
--timeout=300s
|
||||
- name: Wait for apigee-controller pod to be ready
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Pod
|
||||
wait: yes
|
||||
label_selectors:
|
||||
- "app=apigee-controller"
|
||||
namespace: apigee-system
|
||||
wait_timeout: 600
|
||||
wait_condition:
|
||||
type: Ready
|
||||
status: True
|
||||
|
||||
- name: Wait until pods are ready in apigee namespace
|
||||
shell: >
|
||||
kubectl wait --for=condition=ready pods \
|
||||
-l app=apigee-ingressgateway-manager \
|
||||
-n apigee \
|
||||
--timeout=300s
|
||||
- name: Wait for apigee-selfsigned-issuer issuer to be ready
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Issuer
|
||||
wait: yes
|
||||
name: apigee-selfsigned-issuer
|
||||
namespace: apigee-system
|
||||
wait_timeout: 600
|
||||
wait_condition:
|
||||
type: Ready
|
||||
status: True
|
||||
|
||||
- name: Wait for apigee-serving-cert certificate to be ready
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Certificate
|
||||
wait: yes
|
||||
name: apigee-serving-cert
|
||||
namespace: apigee-system
|
||||
wait_timeout: 600
|
||||
wait_condition:
|
||||
type: Ready
|
||||
status: True
|
||||
|
||||
- name: Wait for apigee-resources-install job to be complete
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Job
|
||||
wait: yes
|
||||
name: apigee-resources-install
|
||||
namespace: apigee-system
|
||||
wait_timeout: 360
|
||||
wait_condition:
|
||||
type: Complete
|
||||
status: True
|
||||
|
||||
- name: Dry-run (apply)
|
||||
shell: >
|
||||
~/apigeectl/apigeectl apply -f overrides/overrides.yaml --dry-run=client
|
||||
~/apigeectl/apigeectl apply -f overrides/overrides.yaml --dry-run=client
|
||||
args:
|
||||
chdir: ~/hybrid-files
|
||||
|
||||
- name: Install the Apigee runtime components
|
||||
shell: >
|
||||
~/apigeectl/apigeectl apply -f overrides/overrides.yaml
|
||||
~/apigeectl/apigeectl apply -f overrides/overrides.yaml
|
||||
args:
|
||||
chdir: ~/hybrid-files
|
||||
chdir: ~/hybrid-files
|
||||
|
||||
- name: Check status of the deployment
|
||||
shell: >
|
||||
while [ -n "$(kubectl get pods -n apigee | tail -n +2 | grep -v Running | grep -v Completed)" ]; do sleep 1; done
|
||||
args:
|
||||
chdir: ~/hybrid-files
|
||||
- name: Wait for apigee-runtime pod to be ready
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Pod
|
||||
wait: yes
|
||||
label_selectors:
|
||||
- "app=apigee-runtime"
|
||||
namespace: apigee
|
||||
wait_timeout: 360
|
||||
wait_condition:
|
||||
type: Ready
|
||||
status: True
|
||||
|
||||
- name:
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: apigee.cloud.google.com/v1alpha1
|
||||
kind: ApigeeRoute
|
||||
metadata:
|
||||
name: apigee-wildcard
|
||||
namespace: apigee
|
||||
spec:
|
||||
hostnames:
|
||||
- '*'
|
||||
ports:
|
||||
- number: 443
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
credentialName: tls-hybrid-ingress
|
||||
mode: SIMPLE
|
||||
selector:
|
||||
app: apigee-ingressgateway
|
||||
enableNonSniClient: true
|
||||
|
||||
- name: Create google-managed certificate
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: networking.gke.io/v1
|
||||
kind: ManagedCertificate
|
||||
metadata:
|
||||
name: "apigee-cert-hybrid"
|
||||
namespace: apigee
|
||||
spec:
|
||||
domains: "{{ hostnames }}"
|
||||
|
||||
- name: Create backend config
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: cloud.google.com/v1
|
||||
kind: BackendConfig
|
||||
metadata:
|
||||
name: apigee-ingress-backendconfig
|
||||
namespace: apigee
|
||||
spec:
|
||||
healthCheck:
|
||||
requestPath: /healthz/ready
|
||||
port: 15021
|
||||
type: HTTP
|
||||
logging:
|
||||
enable: true
|
||||
sampleRate: 0.5
|
||||
|
||||
- name: Create service
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: apigee-ingressgateway-hybrid
|
||||
namespace: apigee
|
||||
annotations:
|
||||
cloud.google.com/backend-config: '{"default": "apigee-ingress-backendconfig"}'
|
||||
cloud.google.com/neg: '{"ingress": true}'
|
||||
cloud.google.com/app-protocols: '{"https":"HTTPS", "status-port": "HTTP"}'
|
||||
labels:
|
||||
app: apigee-ingressgateway-hybrid
|
||||
spec:
|
||||
ports:
|
||||
- name: status-port
|
||||
port: 15021
|
||||
targetPort: 15021
|
||||
- name: https
|
||||
port: 443
|
||||
targetPort: 8443
|
||||
selector:
|
||||
app: apigee-ingressgateway
|
||||
ingress_name: ingress
|
||||
type: ClusterIP
|
||||
|
||||
- name: Create ingress
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
networking.gke.io/managed-certificates: "apigee-cert-hybrid"
|
||||
kubernetes.io/ingress.global-static-ip-name: "{{ ingress_ip_name }}"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
name: xlb-apigee
|
||||
namespace: apigee
|
||||
spec:
|
||||
defaultBackend:
|
||||
service:
|
||||
name: apigee-ingressgateway-hybrid
|
||||
port:
|
||||
number: 443
|
|
@ -1,29 +1,26 @@
|
|||
gcp:
|
||||
region: {{ region }}
|
||||
projectID: {{ project_id }}
|
||||
workloadIdentityEnabled: true
|
||||
|
||||
k8sCluster:
|
||||
name: {{ cluster }}
|
||||
region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster.
|
||||
region: {{ region }} # Must be the closest Google Cloud region to your cluster.
|
||||
org: {{ project_id }}
|
||||
|
||||
instanceID: "instance-1"
|
||||
instanceID: "{{ cluster }}-{{ region }}"
|
||||
|
||||
cassandra:
|
||||
hostNetwork: false
|
||||
# Set to false for single region installations and multi-region installations
|
||||
# with connectivity between pods in different clusters, for example GKE installations.
|
||||
# Set to true for multi-region installations with no communication between
|
||||
# pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal,
|
||||
# AKS, EKS, and OpenShift installations.
|
||||
# See Multi-region deployment: Prerequisites
|
||||
|
||||
virtualhosts:
|
||||
- name: {{ envgroup }}
|
||||
{% for k in envgroups %}
|
||||
- name: {{ k }}
|
||||
sslSecret: tls-hybrid-ingress
|
||||
additionalGateways: ["apigee-wildcard"]
|
||||
selector:
|
||||
app: apigee-ingressgateway
|
||||
sslCertPath: ./certs/{{ envgroup }}.cert
|
||||
sslKeyPath: ./certs/{{ envgroup }}.key
|
||||
{% endfor %}
|
||||
|
||||
ao:
|
||||
args:
|
||||
|
@ -37,27 +34,9 @@ ingressGateways:
|
|||
replicaCountMax: 10
|
||||
|
||||
envs:
|
||||
- name: {{ env }}
|
||||
serviceAccountPaths:
|
||||
synchronizer: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
udca: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
runtime: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
|
||||
mart:
|
||||
serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
|
||||
connectAgent:
|
||||
serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
|
||||
metrics:
|
||||
serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
|
||||
udca:
|
||||
serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
|
||||
watcher:
|
||||
serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
{% for k in environments %}
|
||||
- name: {{ k }}
|
||||
{% endfor %}
|
||||
|
||||
logger:
|
||||
enabled: true
|
||||
serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
|
||||
enabled: false
|
||||
|
|
|
@ -15,8 +15,51 @@
|
|||
*/
|
||||
|
||||
locals {
|
||||
envgroup = "test"
|
||||
environment = "apis-test"
|
||||
envgroups = {
|
||||
test = [var.hostname]
|
||||
}
|
||||
environments = {
|
||||
apis-test = {
|
||||
envgroups = ["test"]
|
||||
}
|
||||
}
|
||||
org_short_name = (length(module.project.project_id) < 16 ?
|
||||
module.project.project_id :
|
||||
substr(module.project.project_id, 0, 15))
|
||||
org_hash = format("%s-%s", local.org_short_name, substr(sha256(module.project.project_id), 0, 7))
|
||||
org_env_hashes = {
|
||||
for k, v in local.environments :
|
||||
k => format("%s-%s-%s", local.org_short_name, length(k) < 16 ? k : substr(k, 0, 15), substr(sha256("${module.project.project_id}:${k}"), 0, 7))
|
||||
}
|
||||
google_sas = {
|
||||
apigee-metrics = [
|
||||
"apigee-metrics-sa"
|
||||
]
|
||||
apigee-cassandra = [
|
||||
"apigee-cassandra-schema-setup-${local.org_hash}-sa",
|
||||
"apigee-cassandra-user-setup-${local.org_hash}-sa"
|
||||
]
|
||||
apigee-mart = [
|
||||
"apigee-mart-${local.org_hash}-sa",
|
||||
"apigee-connect-agent-${local.org_hash}-sa"
|
||||
]
|
||||
apigee-watcher = [
|
||||
"apigee-watcher-${local.org_hash}-sa"
|
||||
]
|
||||
apigee-udca = concat([
|
||||
"apigee-udca-${local.org_hash}-sa"
|
||||
],
|
||||
[for k, v in local.org_env_hashes :
|
||||
"apigee-udca-${local.org_env_hashes[k]}-sa"
|
||||
])
|
||||
apigee-synchronizer = [
|
||||
for k, v in local.org_env_hashes :
|
||||
"apigee-synchronizer-${local.org_env_hashes[k]}-sa"
|
||||
]
|
||||
apigee-runtime = [for k, v in local.org_env_hashes :
|
||||
"apigee-runtime-${local.org_env_hashes[k]}-sa"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
module "apigee" {
|
||||
|
@ -26,20 +69,24 @@ module "apigee" {
|
|||
analytics_region = var.region
|
||||
runtime_type = "HYBRID"
|
||||
}
|
||||
envgroups = {
|
||||
(local.envgroup) = [var.hostname]
|
||||
}
|
||||
environments = {
|
||||
(local.environment) = {
|
||||
envgroups = [local.envgroup]
|
||||
}
|
||||
envgroups = local.envgroups
|
||||
environments = local.environments
|
||||
}
|
||||
|
||||
module "sas" {
|
||||
for_each = local.google_sas
|
||||
source = "../../../modules/iam-service-account"
|
||||
project_id = module.project.project_id
|
||||
name = each.key
|
||||
# authoritative roles granted *on* the service accounts to other identities
|
||||
iam = {
|
||||
"roles/iam.workloadIdentityUser" = [for v in each.value : "serviceAccount:${module.project.project_id}.svc.id.goog[apigee/${v}]"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "local_file" "deploy_apiproxy_file" {
|
||||
content = templatefile("${path.module}/templates/deploy-apiproxy.sh.tpl", {
|
||||
org = module.project.project_id
|
||||
env = local.environment
|
||||
})
|
||||
filename = "${path.module}/deploy-apiproxy.sh"
|
||||
file_permission = "0777"
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 35 KiB After Width: | Height: | Size: 35 KiB |
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -14,14 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/dns"
|
||||
project_id = "my-project"
|
||||
name = "test"
|
||||
domain = "test.example."
|
||||
client_networks = var.client_networks
|
||||
type = var.type
|
||||
forwarders = var.forwarders
|
||||
peer_network = var.peer_network
|
||||
recordsets = var.recordsets
|
||||
locals {
|
||||
ingress_ip_name = "apigee"
|
||||
}
|
||||
|
||||
module "addresses" {
|
||||
source = "../../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
global_addresses = [local.ingress_ip_name]
|
||||
}
|
|
@ -40,5 +40,12 @@ module "project" {
|
|||
"roles/resourcemanager.projectIamAdmin" = [module.mgmt_server.service_account_iam_email]
|
||||
"roles/iam.serviceAccountAdmin" = [module.mgmt_server.service_account_iam_email]
|
||||
"roles/iam.serviceAccountKeyAdmin" = [module.mgmt_server.service_account_iam_email]
|
||||
"roles/monitoring.metricWriter" = [module.sas["apigee-metrics"].iam_email]
|
||||
"roles/storage.objectAdmin" = [module.sas["apigee-cassandra"].iam_email]
|
||||
"roles/apigeeconnect.Agent" = [module.sas["apigee-mart"].iam_email]
|
||||
"roles/apigee.runtimeAgent" = [module.sas["apigee-watcher"].iam_email]
|
||||
"roles/apigee.analyticsAgent" = [module.sas["apigee-udca"].iam_email]
|
||||
"roles/apigee.synchronizerManager" = [module.sas["apigee-synchronizer"].iam_email]
|
||||
"roles/cloudtrace.agent" = [module.sas["apigee-runtime"].iam_email]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,4 +34,12 @@ module "mgmt_server" {
|
|||
type = var.mgmt_server_config.disk_type
|
||||
size = var.mgmt_server_config.disk_size
|
||||
}
|
||||
}
|
||||
metadata = {
|
||||
startup-script = <<EOT
|
||||
#!/bin/bash
|
||||
apt update -y
|
||||
apt install python3-pip -y
|
||||
pip3 install kubernetes
|
||||
EOT
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -14,16 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/gke-cluster"
|
||||
project_id = "my-project"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = "mynetwork"
|
||||
subnetwork = "mysubnet"
|
||||
}
|
||||
enable_addons = var.enable_addons
|
||||
enable_features = var.enable_features
|
||||
tags = var.tags
|
||||
output "ip_address" {
|
||||
description = "GLB IP address."
|
||||
value = module.addresses.global_addresses["apigee"].address
|
||||
}
|
|
@ -14,8 +14,13 @@
|
|||
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: $0 ENVIRONMENT"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ORG_NAME=${org}
|
||||
ENV_NAME=${env}
|
||||
ENV_NAME=$1
|
||||
|
||||
wget https://github.com/apigee/api-platform-samples/raw/master/sample-proxies/apigee-quickstart/httpbin_rev1_2020_02_02.zip -O apiproxy.zip
|
||||
|
||||
|
|
|
@ -84,8 +84,8 @@ def do_discovery(resources):
|
|||
{k: len(v) for k, v in resources.items() if not isinstance(v, str)}))
|
||||
|
||||
|
||||
def do_init(resources, discovery_root, monitoring_project, folders=None, projects=None,
|
||||
custom_quota=None):
|
||||
def do_init(resources, discovery_root, monitoring_project, folders=None,
|
||||
projects=None, custom_quota=None):
|
||||
'''Calls init plugins to configure keys in the shared resource map.
|
||||
|
||||
Args:
|
||||
|
|
|
@ -62,8 +62,8 @@ def _handle_discovery(resources, response, data):
|
|||
'Processes the asset API response and returns parsed resources or next URL.'
|
||||
LOGGER.info('discovery handle request')
|
||||
for result in parse_cai_results(data, 'cai-compute', method='list'):
|
||||
resource = _handle_resource(
|
||||
resources, result['assetType'], result['resource'])
|
||||
resource = _handle_resource(resources, result['assetType'],
|
||||
result['resource'])
|
||||
if not resource:
|
||||
continue
|
||||
yield resource
|
||||
|
@ -214,6 +214,7 @@ def _handle_sql_instances(resource, data):
|
|||
'availabilityType': data['settings']['availabilityType'],
|
||||
}
|
||||
|
||||
|
||||
def _handle_subnetworks(resource, data):
|
||||
'Handles subnetwork type resource data.'
|
||||
secondary_ranges = [{
|
||||
|
@ -237,8 +238,7 @@ def _self_link(s):
|
|||
def _url(resources):
|
||||
'Returns discovery URL'
|
||||
discovery_root = resources['config:discovery_root']
|
||||
asset_types = '&'.join(
|
||||
f'assetTypes={t}' for t in TYPES.values())
|
||||
asset_types = '&'.join(f'assetTypes={t}' for t in TYPES.values())
|
||||
return CAI_URL.format(root=discovery_root, asset_types=asset_types)
|
||||
|
||||
|
||||
|
|
|
@ -47,7 +47,8 @@ def timeseries(resources):
|
|||
dtype.endswith('ratio'))
|
||||
psa_nets = {
|
||||
k: ipaddress.ip_network('{}/{}'.format(v['address'], v['prefixLength']))
|
||||
for k, v in resources['global_addresses'].items() if v['prefixLength']
|
||||
for k, v in resources['global_addresses'].items()
|
||||
if v['prefixLength']
|
||||
}
|
||||
psa_counts = {}
|
||||
for address, ip_count in _sql_addresses(resources.get('sql_instances', {})):
|
||||
|
|
|
@ -76,11 +76,11 @@ locals {
|
|||
data-platform-prod = try(module.branch-dp-prod-folder.0.id, null)
|
||||
gke-dev = try(module.branch-gke-dev-folder.0.id, null)
|
||||
gke-prod = try(module.branch-gke-prod-folder.0.id, null)
|
||||
networking = module.branch-network-folder.id
|
||||
networking-dev = module.branch-network-dev-folder.id
|
||||
networking-prod = module.branch-network-prod-folder.id
|
||||
networking = try(module.branch-network-folder.id, null)
|
||||
networking-dev = try(module.branch-network-dev-folder.id, null)
|
||||
networking-prod = try(module.branch-network-prod-folder.id, null)
|
||||
sandbox = try(module.branch-sandbox-folder.0.id, null)
|
||||
security = module.branch-security-folder.id
|
||||
security = try(module.branch-security-folder.id, null)
|
||||
teams = try(module.branch-teams-folder.0.id, null)
|
||||
},
|
||||
{
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Api Gateway
|
||||
# API Gateway
|
||||
This module allows creating an API with its associated API config and API gateway. It also allows you grant IAM roles on the created resources.
|
||||
|
||||
# Examples
|
||||
|
@ -15,46 +15,46 @@ module "gateway" {
|
|||
# ...
|
||||
EOT
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=basic.yaml
|
||||
```
|
||||
|
||||
## Basic example + customer service account
|
||||
## Use existing service account
|
||||
```hcl
|
||||
module "gateway" {
|
||||
source = "./fabric/modules/api-gateway"
|
||||
project_id = "my-project"
|
||||
api_id = "api"
|
||||
region = "europe-west1"
|
||||
spec = <<EOT
|
||||
# The OpenAPI spec contents
|
||||
# ...
|
||||
EOT
|
||||
service_account_email = "sa@my-project.iam.gserviceaccount.com"
|
||||
iam = {
|
||||
"roles/apigateway.admin" = ["user:user@example.com"]
|
||||
}
|
||||
spec = <<EOT
|
||||
# The OpenAPI spec contents
|
||||
# ...
|
||||
EOT
|
||||
}
|
||||
# tftest modules=1 resources=7
|
||||
# tftest modules=1 resources=7 inventory=existing-sa.yaml
|
||||
```
|
||||
|
||||
## Basic example + service account creation
|
||||
## Create service account
|
||||
```hcl
|
||||
module "gateway" {
|
||||
source = "./fabric/modules/api-gateway"
|
||||
project_id = "my-project"
|
||||
api_id = "api"
|
||||
region = "europe-west1"
|
||||
spec = <<EOT
|
||||
# The OpenAPI spec contents
|
||||
# ...
|
||||
EOT
|
||||
service_account_create = true
|
||||
iam = {
|
||||
"roles/apigateway.admin" = ["user:mirene@google.com"]
|
||||
"roles/apigateway.viewer" = ["user:mirene@google.com"]
|
||||
}
|
||||
spec = <<EOT
|
||||
# The OpenAPI spec contents
|
||||
# ...
|
||||
EOT
|
||||
}
|
||||
# tftest modules=1 resources=11
|
||||
# tftest modules=1 resources=11 inventory=create-sa.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ module "private-dns" {
|
|||
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=private-zone.yaml
|
||||
```
|
||||
|
||||
### Forwarding Zone
|
||||
|
@ -36,7 +36,7 @@ module "private-dns" {
|
|||
client_networks = [var.vpc.self_link]
|
||||
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml
|
||||
```
|
||||
|
||||
### Peering Zone
|
||||
|
@ -47,11 +47,12 @@ module "private-dns" {
|
|||
project_id = "myproject"
|
||||
type = "peering"
|
||||
name = "test-example"
|
||||
domain = "test.example."
|
||||
domain = "."
|
||||
description = "Forwarding zone for ."
|
||||
client_networks = [var.vpc.self_link]
|
||||
peer_network = var.vpc2.self_link
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=peering-zone.yaml
|
||||
```
|
||||
|
||||
### Routing Policies
|
||||
|
@ -84,7 +85,7 @@ module "private-dns" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=routing-policies.yaml
|
||||
```
|
||||
|
||||
### Reverse Lookup Zone
|
||||
|
@ -98,7 +99,23 @@ module "private-dns" {
|
|||
domain = "0.0.10.in-addr.arpa."
|
||||
client_networks = [var.vpc.self_link]
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=reverse-zone.yaml
|
||||
```
|
||||
|
||||
### Public Zone
|
||||
|
||||
```hcl
|
||||
module "public-dns" {
|
||||
source = "./fabric/modules/dns"
|
||||
project_id = "myproject"
|
||||
type = "public"
|
||||
name = "example"
|
||||
domain = "example.com."
|
||||
recordsets = {
|
||||
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=public-zone.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -8,50 +8,46 @@ module "bucket" {
|
|||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
labels = {
|
||||
cost-center = "devops"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Example with Cloud KMS
|
||||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
name = "my-bucket"
|
||||
encryption_key = "my-encryption-key"
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=1 inventory=cmek.yaml
|
||||
```
|
||||
|
||||
### Example with retention policy
|
||||
### Example with retention policy and logging
|
||||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
retention_policy = {
|
||||
retention_period = 100
|
||||
is_locked = true
|
||||
}
|
||||
logging_config = {
|
||||
log_bucket = var.bucket
|
||||
log_bucket = "log-bucket"
|
||||
log_object_prefix = null
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=1 inventory=retention-logging.yaml
|
||||
```
|
||||
|
||||
### Example with lifecycle rule
|
||||
|
@ -60,11 +56,7 @@ module "bucket" {
|
|||
module "bucket" {
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
lifecycle_rules = {
|
||||
lr-0 = {
|
||||
action = {
|
||||
|
@ -77,7 +69,7 @@ module "bucket" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=1 inventory=lifecycle.yaml
|
||||
```
|
||||
|
||||
### Minimal example with GCS notifications
|
||||
|
@ -86,7 +78,6 @@ module "bucket" {
|
|||
module "bucket-gcs-notification" {
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
notification_config = {
|
||||
enabled = true
|
||||
|
@ -97,7 +88,7 @@ module "bucket-gcs-notification" {
|
|||
custom_attributes = {}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=notification.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ module "cluster-1" {
|
|||
environment = "dev"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=basic.yaml
|
||||
```
|
||||
|
||||
### GKE Cluster with Dataplane V2 enabled
|
||||
|
@ -42,7 +42,7 @@ module "cluster-1" {
|
|||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
name = "cluster-dataplane-v2"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
|
@ -68,8 +68,36 @@ module "cluster-1" {
|
|||
environment = "dev"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
|
||||
```
|
||||
### Autopilot Cluster
|
||||
|
||||
```hcl
|
||||
module "cluster-autopilot" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = "myproject"
|
||||
name = "cluster-autopilot"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
master_authorized_ranges = {
|
||||
internal-vms = "10.0.0.0/8"
|
||||
}
|
||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||
}
|
||||
enable_features = {
|
||||
autopilot = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=autopilot.yaml
|
||||
```
|
||||
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
|
|
@ -16,7 +16,7 @@ module "cluster-1-nodepool-1" {
|
|||
location = "europe-west1-b"
|
||||
name = "nodepool-1"
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=basic.yaml
|
||||
```
|
||||
|
||||
### Internally managed service account
|
||||
|
@ -27,22 +27,11 @@ If you create a new service account, its resource and email (in both plain and I
|
|||
|
||||
#### GCE default service account
|
||||
|
||||
To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`.
|
||||
|
||||
```hcl
|
||||
module "cluster-1-nodepool-1" {
|
||||
source = "./fabric/modules/gke-nodepool"
|
||||
project_id = "myproject"
|
||||
cluster_name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
name = "nodepool-1"
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
```
|
||||
To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`. This is what the first example of this document does.
|
||||
|
||||
#### Externally defined service account
|
||||
|
||||
To use an existing service account, pass in just the `email` attribute.
|
||||
To use an existing service account, pass in just the `email` attribute. If you do this, will most likely want to use the `cloud-platform` scope.
|
||||
|
||||
```hcl
|
||||
module "cluster-1-nodepool-1" {
|
||||
|
@ -52,10 +41,11 @@ module "cluster-1-nodepool-1" {
|
|||
location = "europe-west1-b"
|
||||
name = "nodepool-1"
|
||||
service_account = {
|
||||
email = "foo-bar@myproject.iam.gserviceaccount.com"
|
||||
email = "foo-bar@myproject.iam.gserviceaccount.com"
|
||||
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=external-sa.yaml
|
||||
```
|
||||
|
||||
#### Auto-created service account
|
||||
|
@ -70,12 +60,48 @@ module "cluster-1-nodepool-1" {
|
|||
location = "europe-west1-b"
|
||||
name = "nodepool-1"
|
||||
service_account = {
|
||||
create = true
|
||||
# optional
|
||||
email = "spam-eggs"
|
||||
create = true
|
||||
email = "spam-eggs" # optional
|
||||
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=create-sa.yaml
|
||||
```
|
||||
### Node & node pool configuration
|
||||
|
||||
```hcl
|
||||
module "cluster-1-nodepool-1" {
|
||||
source = "./fabric/modules/gke-nodepool"
|
||||
project_id = "myproject"
|
||||
cluster_name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
name = "nodepool-1"
|
||||
labels = { environment = "dev" }
|
||||
service_account = {
|
||||
create = true
|
||||
email = "nodepool-1" # optional
|
||||
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
}
|
||||
node_config = {
|
||||
machine_type = "n2-standard-2"
|
||||
disk_size_gb = 50
|
||||
disk_type = "pd-ssd"
|
||||
ephemeral_ssd_count = 1
|
||||
gvnic = true
|
||||
spot = true
|
||||
}
|
||||
nodepool_config = {
|
||||
autoscaling = {
|
||||
max_node_count = 10
|
||||
min_node_count = 1
|
||||
}
|
||||
management = {
|
||||
auto_repair = true
|
||||
auto_upgrade = false
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2 inventory=config.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
@ -97,7 +123,7 @@ module "cluster-1-nodepool-1" {
|
|||
| [nodepool_config](variables.tf#L115) | Nodepool-level configuration. | <code title="object({ autoscaling = optional(object({ location_policy = optional(string) max_node_count = optional(number) min_node_count = optional(number) use_total_nodes = optional(bool, false) })) management = optional(object({ auto_repair = optional(bool) auto_upgrade = optional(bool) })) upgrade_settings = optional(object({ max_surge = number max_unavailable = number })) })">object({…})</code> | | <code>null</code> |
|
||||
| [pod_range](variables.tf#L137) | Pod secondary range configuration. | <code title="object({ secondary_pod_range = object({ cidr = optional(string) create = optional(bool) name = string }) })">object({…})</code> | | <code>null</code> |
|
||||
| [reservation_affinity](variables.tf#L154) | Configuration of the desired reservation which instances could take capacity from. | <code title="object({ consume_reservation_type = string key = optional(string) values = optional(list(string)) })">object({…})</code> | | <code>null</code> |
|
||||
| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object({ create = optional(bool, false) email = optional(string, null) oauth_scopes = optional(list(string), null) })">object({…})</code> | | <code>{}</code> |
|
||||
| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object({ create = optional(bool, false) email = optional(string) oauth_scopes = optional(list(string)) })">object({…})</code> | | <code>{}</code> |
|
||||
| [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L181) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | <code title="list(object({ key = string value = string effect = string }))">list(object({…}))</code> | | <code>null</code> |
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -165,8 +165,8 @@ variable "service_account" {
|
|||
description = "Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used."
|
||||
type = object({
|
||||
create = optional(bool, false)
|
||||
email = optional(string, null)
|
||||
oauth_scopes = optional(list(string), null)
|
||||
email = optional(string)
|
||||
oauth_scopes = optional(list(string))
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
|
|
|
@ -30,7 +30,88 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Subnet Options
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
# simple subnet
|
||||
{
|
||||
name = "simple"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
},
|
||||
# custom description and PGA disabled
|
||||
{
|
||||
name = "no-pga"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.1.0/24",
|
||||
description = "Subnet b"
|
||||
enable_private_access = false
|
||||
},
|
||||
# secondary ranges
|
||||
{
|
||||
name = "with-secondary-ranges"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.2.0/24"
|
||||
secondary_ip_ranges = {
|
||||
a = "192.168.0.0/24"
|
||||
b = "192.168.1.0/24"
|
||||
}
|
||||
},
|
||||
# enable flow logs
|
||||
{
|
||||
name = "with-flow-logs"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.3.0/24"
|
||||
flow_logs_config = {
|
||||
flow_sampling = 0.5
|
||||
aggregation_interval = "INTERVAL_10_MIN"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=subnet-options.yaml
|
||||
```
|
||||
|
||||
### Subnet IAM
|
||||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
{
|
||||
name = "subnet-1"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.1.0/24"
|
||||
},
|
||||
{
|
||||
name = "subnet-2"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.1.0/24"
|
||||
}
|
||||
]
|
||||
subnet_iam = {
|
||||
"europe-west1/subnet-1" = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:user1@example.com", "group:group1@example.com"
|
||||
]
|
||||
}
|
||||
"europe-west1/subnet-2" = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:user2@example.com", "group:group2@example.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=subnet-iam.yaml
|
||||
```
|
||||
|
||||
### Peering
|
||||
|
@ -65,7 +146,7 @@ module "vpc-spoke-1" {
|
|||
import_routes = true
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=6
|
||||
# tftest modules=2 resources=6 inventory=peering.yaml
|
||||
```
|
||||
|
||||
### Shared VPC
|
||||
|
@ -116,7 +197,7 @@ module "vpc-host" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=7
|
||||
# tftest modules=1 resources=7 inventory=shared-vpc.yaml
|
||||
```
|
||||
|
||||
### Private Service Networking
|
||||
|
@ -137,7 +218,7 @@ module "vpc" {
|
|||
ranges = { myrange = "10.0.1.0/24" }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5
|
||||
# tftest modules=1 resources=5 inventory=psc.yaml
|
||||
```
|
||||
|
||||
### Private Service Networking with peering routes
|
||||
|
@ -162,7 +243,7 @@ module "vpc" {
|
|||
import_routes = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5
|
||||
# tftest modules=1 resources=5 inventory=psc-routes.yaml
|
||||
```
|
||||
|
||||
### Subnets for Private Service Connect, Proxy-only subnets
|
||||
|
@ -194,7 +275,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=proxy-only-subnets.yaml
|
||||
```
|
||||
|
||||
### DNS Policies
|
||||
|
@ -219,7 +300,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=dns-policies.yaml
|
||||
```
|
||||
|
||||
### Subnet Factory
|
||||
|
@ -233,11 +314,17 @@ module "vpc" {
|
|||
name = "my-network"
|
||||
data_folder = "config/subnets"
|
||||
}
|
||||
# tftest modules=1 resources=2 files=subnets
|
||||
# tftest modules=1 resources=3 files=subnet-simple,subnet-detailed inventory=factory.yaml
|
||||
```
|
||||
|
||||
```yaml
|
||||
# tftest-file id=subnets path=config/subnets/subnet-name.yaml
|
||||
# tftest-file id=subnet-simple path=config/subnets/subnet-simple.yaml
|
||||
region: europe-west4
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
```
|
||||
|
||||
```yaml
|
||||
# tftest-file id=subnet-detailed path=config/subnets/subnet-detailed.yaml
|
||||
region: europe-west1
|
||||
description: Sample description
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
|
@ -254,7 +341,45 @@ flow_logs: # enable, set to empty map to use defaults
|
|||
metadata: "INCLUDE_ALL_METADATA"
|
||||
filter_expression: null
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
### Custom Routes
|
||||
|
||||
VPC routes can be configured through the `routes` variable.
|
||||
|
||||
```hcl
|
||||
locals {
|
||||
route_types = {
|
||||
gateway = "global/gateways/default-internet-gateway"
|
||||
instance = "zones/europe-west1-b/test"
|
||||
ip = "192.168.0.128"
|
||||
ilb = "regions/europe-west1/forwardingRules/test"
|
||||
vpn_tunnel = "regions/europe-west1/vpnTunnels/foo"
|
||||
}
|
||||
}
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
for_each = local.route_types
|
||||
project_id = "my-project"
|
||||
name = "my-network-with-route-${replace(each.key, "_", "-")}"
|
||||
routes = {
|
||||
next-hop = {
|
||||
dest_range = "192.168.128.0/24"
|
||||
tags = null
|
||||
next_hop_type = each.key
|
||||
next_hop = each.value
|
||||
}
|
||||
gateway = {
|
||||
dest_range = "0.0.0.0/0",
|
||||
priority = 100
|
||||
tags = ["tag-a"]
|
||||
next_hop_type = "gateway",
|
||||
next_hop = "global/gateways/default-internet-gateway"
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=5 resources=15 inventory=routes.yaml
|
||||
```
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -109,7 +109,7 @@ resource "google_dns_policy" "default" {
|
|||
)
|
||||
iterator = ns
|
||||
content {
|
||||
ipv4_address = ns.key
|
||||
ipv4_address = ns.value
|
||||
forwarding_path = "private"
|
||||
}
|
||||
}
|
||||
|
@ -121,7 +121,7 @@ resource "google_dns_policy" "default" {
|
|||
)
|
||||
iterator = ns
|
||||
content {
|
||||
ipv4_address = ns.key
|
||||
ipv4_address = ns.value
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
counts:
|
||||
modules: 9
|
||||
resources: 37
|
||||
modules: 17
|
||||
resources: 59
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -21,7 +21,7 @@ import marko
|
|||
|
||||
FABRIC_ROOT = Path(__file__).parents[2]
|
||||
|
||||
FILE_TEST_RE = re.compile(r'# tftest-file +id=(\w+) +path=([\S]+)')
|
||||
FILE_TEST_RE = re.compile(r'# tftest-file +id=([\w_.-]+) +path=([\S]+)')
|
||||
|
||||
Example = collections.namedtuple('Example', 'name code module files')
|
||||
File = collections.namedtuple('File', 'path content')
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -18,7 +18,7 @@ from pathlib import Path
|
|||
|
||||
BASE_PATH = Path(__file__).parent
|
||||
COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' +
|
||||
r'(?: +files=([\w,-.]+))?' +
|
||||
r'(?: +files=([\w,_-]+))?' +
|
||||
r'(?: +inventory=([\w\-.]+))?')
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.gateway.google_api_gateway_api.api:
|
||||
api_id: api
|
||||
display_name: api
|
||||
project: my-project
|
||||
module.gateway.google_api_gateway_api_config.api_config:
|
||||
api: api
|
||||
gateway_config: []
|
||||
grpc_services: []
|
||||
labels: null
|
||||
managed_service_configs: []
|
||||
project: my-project
|
||||
module.gateway.google_api_gateway_gateway.gateway:
|
||||
display_name: gw-api
|
||||
gateway_id: gw-api
|
||||
labels: null
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
module.gateway.google_project_service.service:
|
||||
disable_dependent_services: true
|
||||
disable_on_destroy: true
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_api_gateway_api: 1
|
||||
google_api_gateway_api_config: 1
|
||||
google_api_gateway_gateway: 1
|
||||
google_project_service: 1
|
|
@ -0,0 +1,90 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.gateway.google_api_gateway_api.api:
|
||||
api_id: api
|
||||
display_name: api
|
||||
labels: null
|
||||
project: my-project
|
||||
module.gateway.google_api_gateway_api_config.api_config:
|
||||
api: api
|
||||
grpc_services: []
|
||||
labels: null
|
||||
managed_service_configs: []
|
||||
project: my-project
|
||||
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
|
||||
api: api
|
||||
condition: []
|
||||
members:
|
||||
- user:mirene@google.com
|
||||
project: my-project
|
||||
role: roles/apigateway.admin
|
||||
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.viewer"]:
|
||||
api: api
|
||||
condition: []
|
||||
members:
|
||||
- user:mirene@google.com
|
||||
project: my-project
|
||||
role: roles/apigateway.viewer
|
||||
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
|
||||
api: api
|
||||
condition: []
|
||||
members:
|
||||
- user:mirene@google.com
|
||||
project: my-project
|
||||
role: roles/apigateway.admin
|
||||
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.viewer"]:
|
||||
api: api
|
||||
condition: []
|
||||
members:
|
||||
- user:mirene@google.com
|
||||
project: my-project
|
||||
role: roles/apigateway.viewer
|
||||
module.gateway.google_api_gateway_gateway.gateway:
|
||||
display_name: gw-api
|
||||
gateway_id: gw-api
|
||||
labels: null
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
|
||||
condition: []
|
||||
gateway: gw-api
|
||||
members:
|
||||
- user:mirene@google.com
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/apigateway.admin
|
||||
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.viewer"]:
|
||||
condition: []
|
||||
gateway: gw-api
|
||||
members:
|
||||
- user:mirene@google.com
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/apigateway.viewer
|
||||
module.gateway.google_project_service.service: {}
|
||||
module.gateway.google_service_account.service_account[0]:
|
||||
account_id: sa-api-cfg-api
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_api_gateway_api: 1
|
||||
google_api_gateway_api_config: 1
|
||||
google_api_gateway_api_config_iam_binding: 2
|
||||
google_api_gateway_api_iam_binding: 2
|
||||
google_api_gateway_gateway: 1
|
||||
google_api_gateway_gateway_iam_binding: 2
|
||||
google_project_service: 1
|
||||
google_service_account: 1
|
|
@ -0,0 +1,71 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.gateway.google_api_gateway_api.api:
|
||||
api_id: api
|
||||
display_name: api
|
||||
labels: null
|
||||
project: my-project
|
||||
module.gateway.google_api_gateway_api_config.api_config:
|
||||
api: api
|
||||
gateway_config:
|
||||
- backend_config:
|
||||
- google_service_account: sa@my-project.iam.gserviceaccount.com
|
||||
grpc_services: []
|
||||
labels: null
|
||||
managed_service_configs: []
|
||||
project: my-project
|
||||
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
|
||||
api: api
|
||||
api_config: api-cfg-api-8656c6040d6d9ba18a8b9b5f3955c223
|
||||
condition: []
|
||||
members:
|
||||
- user:user@example.com
|
||||
project: my-project
|
||||
role: roles/apigateway.admin
|
||||
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
|
||||
api: api
|
||||
condition: []
|
||||
members:
|
||||
- user:user@example.com
|
||||
project: my-project
|
||||
role: roles/apigateway.admin
|
||||
module.gateway.google_api_gateway_gateway.gateway:
|
||||
display_name: gw-api
|
||||
gateway_id: gw-api
|
||||
labels: null
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
|
||||
condition: []
|
||||
gateway: gw-api
|
||||
members:
|
||||
- user:user@example.com
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/apigateway.admin
|
||||
module.gateway.google_project_service.service:
|
||||
disable_dependent_services: true
|
||||
disable_on_destroy: true
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_api_gateway_api: 1
|
||||
google_api_gateway_api_config: 1
|
||||
google_api_gateway_api_config_iam_binding: 1
|
||||
google_api_gateway_api_iam_binding: 1
|
||||
google_api_gateway_gateway: 1
|
||||
google_api_gateway_gateway_iam_binding: 1
|
||||
google_project_service: 1
|
|
@ -1,26 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "gateway" {
|
||||
source = "../../../../modules/api-gateway"
|
||||
api_id = var.api_id
|
||||
project_id = var.project_id
|
||||
labels = var.labels
|
||||
iam = var.iam
|
||||
region = var.region
|
||||
spec = var.spec
|
||||
service_account_create = true
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "api_id" {
|
||||
type = string
|
||||
default = "my-api"
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
type = map(list(string))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
type = string
|
||||
default = "my-project"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "service_account_create" {
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "service_account_email" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "spec" {
|
||||
type = string
|
||||
default = "Spec contents"
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.private-dns.google_dns_managed_zone.non-public[0]:
|
||||
dns_name: test.example.
|
||||
forwarding_config:
|
||||
- target_name_servers:
|
||||
- forwarding_path: ''
|
||||
ipv4_address: 10.0.1.1
|
||||
- forwarding_path: private
|
||||
ipv4_address: 1.2.3.4
|
||||
name: test-example
|
||||
private_visibility_config:
|
||||
- gke_clusters: []
|
||||
networks:
|
||||
- network_url: projects/xxx/global/networks/aaa
|
||||
project: myproject
|
||||
visibility: private
|
||||
|
||||
counts:
|
||||
google_dns_managed_zone: 1
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,24 +13,22 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_network.network[0]:
|
||||
auto_create_subnetworks: false
|
||||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
name: test
|
||||
project: test-project
|
||||
routing_mode: GLOBAL
|
||||
module.private-dns.google_dns_managed_zone.non-public[0]:
|
||||
description: Forwarding zone for .
|
||||
dns_name: .
|
||||
forwarding_config: []
|
||||
name: test-example
|
||||
peering_config:
|
||||
- target_network:
|
||||
- network_url: projects/xxx/global/networks/ccc
|
||||
private_visibility_config:
|
||||
- gke_clusters: []
|
||||
networks:
|
||||
- network_url: projects/xxx/global/networks/aaa
|
||||
project: myproject
|
||||
visibility: private
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_dns_managed_zone: 1
|
||||
|
||||
outputs:
|
||||
bindings: {}
|
||||
project_id: test-project
|
||||
subnet_ips: {}
|
||||
subnet_regions: {}
|
||||
subnet_secondary_ranges: {}
|
||||
subnet_self_links: {}
|
||||
subnets: {}
|
||||
subnets_proxy_only: {}
|
||||
subnets_psc: {}
|
||||
outputs: {}
|
|
@ -0,0 +1,50 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.private-dns.google_dns_managed_zone.non-public[0]:
|
||||
description: Terraform managed.
|
||||
dns_name: test.example.
|
||||
force_destroy: false
|
||||
forwarding_config: []
|
||||
name: test-example
|
||||
peering_config: []
|
||||
private_visibility_config:
|
||||
- gke_clusters: []
|
||||
networks:
|
||||
- network_url: projects/xxx/global/networks/aaa
|
||||
project: myproject
|
||||
visibility: private
|
||||
module.private-dns.google_dns_record_set.cloud-static-records["A localhost"]:
|
||||
managed_zone: test-example
|
||||
name: localhost.test.example.
|
||||
project: myproject
|
||||
routing_policy: []
|
||||
rrdatas:
|
||||
- 127.0.0.1
|
||||
ttl: 300
|
||||
type: A
|
||||
module.private-dns.google_dns_record_set.cloud-static-records["A myhost"]:
|
||||
managed_zone: test-example
|
||||
name: myhost.test.example.
|
||||
project: myproject
|
||||
routing_policy: []
|
||||
rrdatas:
|
||||
- 10.0.0.120
|
||||
ttl: 600
|
||||
type: A
|
||||
|
||||
counts:
|
||||
google_dns_managed_zone: 1
|
||||
google_dns_record_set: 2
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.public-dns.google_dns_managed_zone.public[0]:
|
||||
dns_name: example.com.
|
||||
name: example
|
||||
project: myproject
|
||||
visibility: public
|
||||
module.public-dns.google_dns_record_set.cloud-static-records["A myhost"]:
|
||||
managed_zone: example
|
||||
name: myhost.example.com.
|
||||
project: myproject
|
||||
routing_policy: []
|
||||
rrdatas:
|
||||
- 127.0.0.1
|
||||
ttl: 300
|
||||
type: A
|
||||
|
||||
counts:
|
||||
google_dns_keys: 1
|
||||
google_dns_managed_zone: 1
|
||||
google_dns_record_set: 1
|
||||
modules: 1
|
||||
resources: 3
|
||||
|
||||
outputs: {}
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,12 +12,16 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
region: europe-west1
|
||||
description: Sample description
|
||||
ip_cidr_range: 10.128.0.0/24
|
||||
enable_private_access: false
|
||||
iam_users: ["foobar@example.com"]
|
||||
iam_groups: ["lorem@example.com"]
|
||||
iam_service_accounts: ["foobar@project-id.iam.gserviceaccount.com"]
|
||||
secondary_ip_ranges:
|
||||
secondary-range-a: 192.168.128.0/24
|
||||
values:
|
||||
module.private-dns.google_dns_managed_zone.non-public[0]:
|
||||
description: Terraform managed.
|
||||
dns_name: 0.0.10.in-addr.arpa.
|
||||
name: test-example
|
||||
project: myproject
|
||||
reverse_lookup: true
|
||||
visibility: private
|
||||
|
||||
counts:
|
||||
google_dns_managed_zone: 1
|
||||
|
||||
outputs: {}
|
|
@ -0,0 +1,80 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.private-dns.google_dns_managed_zone.non-public[0]:
|
||||
dns_name: test.example.
|
||||
name: test-example
|
||||
project: myproject
|
||||
module.private-dns.google_dns_record_set.cloud-geo-records["A geo"]:
|
||||
managed_zone: test-example
|
||||
name: geo.test.example.
|
||||
project: myproject
|
||||
routing_policy:
|
||||
- enable_geo_fencing: null
|
||||
geo:
|
||||
- health_checked_targets: []
|
||||
location: europe-west1
|
||||
rrdatas:
|
||||
- 10.0.0.1
|
||||
- health_checked_targets: []
|
||||
location: europe-west2
|
||||
rrdatas:
|
||||
- 10.0.0.2
|
||||
- health_checked_targets: []
|
||||
location: europe-west3
|
||||
rrdatas:
|
||||
- 10.0.0.3
|
||||
primary_backup: []
|
||||
wrr: []
|
||||
rrdatas: null
|
||||
ttl: 300
|
||||
type: A
|
||||
module.private-dns.google_dns_record_set.cloud-static-records["A regular"]:
|
||||
managed_zone: test-example
|
||||
name: regular.test.example.
|
||||
project: myproject
|
||||
routing_policy: []
|
||||
rrdatas:
|
||||
- 10.20.0.1
|
||||
ttl: 300
|
||||
type: A
|
||||
module.private-dns.google_dns_record_set.cloud-wrr-records["A wrr"]:
|
||||
managed_zone: test-example
|
||||
name: wrr.test.example.
|
||||
project: myproject
|
||||
routing_policy:
|
||||
- enable_geo_fencing: null
|
||||
geo: []
|
||||
primary_backup: []
|
||||
wrr:
|
||||
- health_checked_targets: []
|
||||
rrdatas:
|
||||
- 10.10.0.1
|
||||
weight: 0.6
|
||||
- health_checked_targets: []
|
||||
rrdatas:
|
||||
- 10.10.0.2
|
||||
weight: 0.2
|
||||
- health_checked_targets: []
|
||||
rrdatas:
|
||||
- 10.10.0.3
|
||||
weight: 0.2
|
||||
rrdatas: null
|
||||
ttl: 600
|
||||
type: A
|
||||
|
||||
counts:
|
||||
google_dns_managed_zone: 1
|
||||
google_dns_record_set: 3
|
|
@ -1,62 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "client_networks" {
|
||||
type = list(string)
|
||||
default = [
|
||||
"https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default"
|
||||
]
|
||||
}
|
||||
|
||||
variable "forwarders" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "peer_network" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "recordsets" {
|
||||
type = any
|
||||
default = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A local-host.test.example." = { ttl = 300, records = ["127.0.0.2"] }
|
||||
"CNAME *" = { ttl = 300, records = ["localhost.example.org."] }
|
||||
"A " = { ttl = 300, records = ["127.0.0.3"] }
|
||||
"A geo" = {
|
||||
geo_routing = [
|
||||
{ location = "europe-west1", records = ["127.0.0.4"] },
|
||||
{ location = "europe-west2", records = ["127.0.0.5"] },
|
||||
{ location = "europe-west3", records = ["127.0.0.6"] }
|
||||
]
|
||||
}
|
||||
"A wrr" = {
|
||||
ttl = 600
|
||||
wrr_routing = [
|
||||
{ weight = 0.6, records = ["127.0.0.7"] },
|
||||
{ weight = 0.2, records = ["127.0.0.8"] },
|
||||
{ weight = 0.2, records = ["127.0.0.9"] }
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
variable "type" {
|
||||
type = string
|
||||
default = "private"
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
type = "private"
|
||||
domain = "test.example."
|
||||
name = "test"
|
||||
project_id = "my-project"
|
||||
client_networks = []
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,18 +13,13 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_storage_bucket.bucket:
|
||||
google_dns_managed_zone.non-public[0]:
|
||||
dns_name: test.example.
|
||||
name: test
|
||||
|
||||
google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
|
||||
bucket: test
|
||||
condition: []
|
||||
members:
|
||||
- user:a@example.org
|
||||
role: roles/storage.admin
|
||||
private_visibility_config: []
|
||||
visibility: private
|
||||
|
||||
counts:
|
||||
google_storage_bucket: 1
|
||||
google_storage_bucket_iam_binding: 1
|
||||
google_dns_managed_zone: 1
|
||||
modules: 0
|
||||
resources: 2
|
||||
resources: 1
|
|
@ -0,0 +1,4 @@
|
|||
type = "forwarding"
|
||||
domain = "test.example."
|
||||
name = "test"
|
||||
project_id = "my-project"
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,6 +12,9 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
region: europe-west4
|
||||
description: Sample description
|
||||
ip_cidr_range: 10.129.0.0/24
|
||||
values:
|
||||
google_dns_managed_zone.non-public[0]:
|
||||
forwarding_config: []
|
||||
|
||||
counts:
|
||||
google_dns_managed_zone: 1
|
|
@ -1,138 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
def test_private(plan_runner):
|
||||
"Test private zone with three recordsets."
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 7
|
||||
assert set(r['type'] for r in resources) == {
|
||||
'google_dns_record_set', 'google_dns_managed_zone'
|
||||
}
|
||||
for r in resources:
|
||||
if r['type'] != 'google_dns_managed_zone':
|
||||
continue
|
||||
assert r['values']['visibility'] == 'private'
|
||||
assert len(r['values']['private_visibility_config']) == 1
|
||||
|
||||
|
||||
def test_private_recordsets(plan_runner):
|
||||
"Test recordsets in private zone."
|
||||
_, resources = plan_runner()
|
||||
recordsets = [
|
||||
r['values'] for r in resources if r['type'] == 'google_dns_record_set'
|
||||
]
|
||||
|
||||
assert set(r['name'] for r in recordsets) == {
|
||||
'localhost.test.example.', 'local-host.test.example.', '*.test.example.',
|
||||
"test.example.", "geo.test.example.", "wrr.test.example."
|
||||
}
|
||||
|
||||
for r in recordsets:
|
||||
if r['name'] not in ['wrr.test.example.', 'geo.test.example.']:
|
||||
assert r['routing_policy'] == []
|
||||
assert r['rrdatas'] != []
|
||||
|
||||
|
||||
def test_routing_policies(plan_runner):
|
||||
"Test recordsets with routing policies."
|
||||
_, resources = plan_runner()
|
||||
recordsets = [
|
||||
r['values'] for r in resources if r['type'] == 'google_dns_record_set'
|
||||
]
|
||||
geo_zone = [
|
||||
r['values'] for r in resources if r['address'] ==
|
||||
'module.test.google_dns_record_set.cloud-geo-records["A geo"]'
|
||||
][0]
|
||||
assert geo_zone['name'] == 'geo.test.example.'
|
||||
assert geo_zone['routing_policy'][0]['wrr'] == []
|
||||
geo_policy = geo_zone['routing_policy'][0]['geo']
|
||||
assert geo_policy[0]['location'] == 'europe-west1'
|
||||
assert geo_policy[0]['rrdatas'] == ['127.0.0.4']
|
||||
assert geo_policy[1]['location'] == 'europe-west2'
|
||||
assert geo_policy[1]['rrdatas'] == ['127.0.0.5']
|
||||
assert geo_policy[2]['location'] == 'europe-west3'
|
||||
assert geo_policy[2]['rrdatas'] == ['127.0.0.6']
|
||||
|
||||
wrr_zone = [
|
||||
r['values'] for r in resources if r['address'] ==
|
||||
'module.test.google_dns_record_set.cloud-wrr-records["A wrr"]'
|
||||
][0]
|
||||
assert wrr_zone['name'] == 'wrr.test.example.'
|
||||
wrr_policy = wrr_zone['routing_policy'][0]['wrr']
|
||||
assert wrr_policy[0]['weight'] == 0.6
|
||||
assert wrr_policy[0]['rrdatas'] == ['127.0.0.7']
|
||||
assert wrr_policy[1]['weight'] == 0.2
|
||||
assert wrr_policy[1]['rrdatas'] == ['127.0.0.8']
|
||||
assert wrr_policy[2]['weight'] == 0.2
|
||||
assert wrr_policy[2]['rrdatas'] == ['127.0.0.9']
|
||||
assert wrr_zone['routing_policy'][0]['geo'] == []
|
||||
|
||||
|
||||
def test_private_no_networks(plan_runner):
|
||||
"Test private zone not exposed to any network."
|
||||
_, resources = plan_runner(client_networks='[]')
|
||||
for r in resources:
|
||||
if r['type'] != 'google_dns_managed_zone':
|
||||
continue
|
||||
assert r['values']['visibility'] == 'private'
|
||||
assert len(r['values']['private_visibility_config']) == 0
|
||||
|
||||
|
||||
def test_forwarding_recordsets_null_forwarders(plan_runner):
|
||||
"Test forwarding zone with wrong set of attributes does not break."
|
||||
_, resources = plan_runner(type='forwarding')
|
||||
assert len(resources) == 1
|
||||
resource = resources[0]
|
||||
assert resource['type'] == 'google_dns_managed_zone'
|
||||
assert resource['values']['forwarding_config'] == []
|
||||
|
||||
|
||||
def test_forwarding(plan_runner):
|
||||
"Test forwarding zone with single forwarder."
|
||||
_, resources = plan_runner(type='forwarding', recordsets='null',
|
||||
forwarders='{ "1.2.3.4" = null }')
|
||||
assert len(resources) == 1
|
||||
resource = resources[0]
|
||||
assert resource['type'] == 'google_dns_managed_zone'
|
||||
assert resource['values']['forwarding_config'] == [{
|
||||
'target_name_servers': [{
|
||||
'forwarding_path': '',
|
||||
'ipv4_address': '1.2.3.4'
|
||||
}]
|
||||
}]
|
||||
|
||||
|
||||
def test_peering(plan_runner):
|
||||
"Test peering zone."
|
||||
_, resources = plan_runner(type='peering', recordsets='null',
|
||||
peer_network='dummy-vpc-self-link')
|
||||
assert len(resources) == 1
|
||||
resource = resources[0]
|
||||
assert resource['type'] == 'google_dns_managed_zone'
|
||||
assert resource['values']['peering_config'] == [{
|
||||
'target_network': [{
|
||||
'network_url': 'dummy-vpc-self-link'
|
||||
}]
|
||||
}]
|
||||
|
||||
|
||||
def test_public(plan_runner):
|
||||
"Test public zone with two recordsets."
|
||||
_, resources = plan_runner(type='public')
|
||||
for r in resources:
|
||||
if r['type'] != 'google_dns_managed_zone':
|
||||
continue
|
||||
assert r['values']['visibility'] == 'public'
|
||||
assert r['values']['private_visibility_config'] == []
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,9 +12,8 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
module: modules/gcs
|
||||
common_tfvars:
|
||||
- common.tfvars
|
||||
module: modules/dns
|
||||
|
||||
tests:
|
||||
prefix:
|
||||
iam:
|
||||
no_clients:
|
||||
null_forwarders:
|
|
@ -1,13 +0,0 @@
|
|||
force_destroy = true
|
||||
labels = { environment = "test" }
|
||||
logging_config = {
|
||||
log_bucket = "foo"
|
||||
}
|
||||
name = "test"
|
||||
project_id = "test-project"
|
||||
retention_policy = {
|
||||
retention_period = 5
|
||||
is_locked = false
|
||||
}
|
||||
storage_class = "MULTI_REGIONAL"
|
||||
versioning = true
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,8 +12,12 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bucket.google_storage_bucket.bucket:
|
||||
encryption:
|
||||
- default_kms_key_name: my-encryption-key
|
||||
name: my-bucket
|
||||
project: myproject
|
||||
|
||||
def test_resource_count(plan_runner):
|
||||
"Test number of resources created."
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 5
|
||||
counts:
|
||||
google_storage_bucket: 1
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,32 +13,26 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_storage_bucket.bucket:
|
||||
force_destroy: true
|
||||
labels:
|
||||
environment: test
|
||||
location: EU
|
||||
logging:
|
||||
- log_bucket: foo
|
||||
name: foo-test
|
||||
project: test-project
|
||||
retention_policy:
|
||||
- is_locked: false
|
||||
retention_period: 5
|
||||
storage_class: MULTI_REGIONAL
|
||||
uniform_bucket_level_access: true
|
||||
versioning:
|
||||
- enabled: true
|
||||
module.bucket.google_storage_bucket.bucket:
|
||||
lifecycle_rule:
|
||||
- action:
|
||||
- storage_class: STANDARD
|
||||
type: SetStorageClass
|
||||
condition:
|
||||
- age: 30
|
||||
created_before: ''
|
||||
custom_time_before: ''
|
||||
days_since_custom_time: null
|
||||
days_since_noncurrent_time: null
|
||||
matches_prefix: []
|
||||
matches_storage_class: []
|
||||
matches_suffix: []
|
||||
noncurrent_time_before: ''
|
||||
num_newer_versions: null
|
||||
name: my-bucket
|
||||
project: myproject
|
||||
|
||||
counts:
|
||||
google_storage_bucket: 1
|
||||
modules: 0
|
||||
resources: 1
|
||||
|
||||
outputs:
|
||||
bucket: __missing__
|
||||
id: foo-test
|
||||
name: foo-test
|
||||
notification: null
|
||||
topic: null
|
||||
url: __missing__
|
||||
outputs: {}
|
|
@ -0,0 +1,31 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bucket-gcs-notification.google_pubsub_topic.topic[0]: {}
|
||||
module.bucket-gcs-notification.google_pubsub_topic_iam_binding.binding[0]: {}
|
||||
module.bucket-gcs-notification.google_storage_bucket.bucket:
|
||||
name: my-bucket
|
||||
project: myproject
|
||||
module.bucket-gcs-notification.google_storage_notification.notification[0]:
|
||||
bucket: my-bucket
|
||||
event_types:
|
||||
- OBJECT_FINALIZE
|
||||
payload_format: JSON_API_V1
|
||||
|
||||
counts:
|
||||
google_pubsub_topic: 1
|
||||
google_pubsub_topic_iam_binding: 1
|
||||
google_storage_bucket: 1
|
||||
google_storage_notification: 1
|
|
@ -0,0 +1,26 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bucket.google_storage_bucket.bucket:
|
||||
logging:
|
||||
- log_bucket: log-bucket
|
||||
name: my-bucket
|
||||
project: myproject
|
||||
retention_policy:
|
||||
- is_locked: true
|
||||
retention_period: 100
|
||||
|
||||
counts:
|
||||
google_storage_bucket: 1
|
|
@ -0,0 +1,46 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bucket.google_storage_bucket.bucket:
|
||||
autoclass: []
|
||||
cors: []
|
||||
custom_placement_config: []
|
||||
default_event_based_hold: null
|
||||
encryption: []
|
||||
force_destroy: false
|
||||
labels:
|
||||
cost-center: devops
|
||||
lifecycle_rule: []
|
||||
location: EU
|
||||
logging: []
|
||||
name: test-my-bucket
|
||||
project: myproject
|
||||
requester_pays: null
|
||||
retention_policy: []
|
||||
storage_class: MULTI_REGIONAL
|
||||
timeouts: null
|
||||
uniform_bucket_level_access: true
|
||||
versioning:
|
||||
- enabled: true
|
||||
module.bucket.google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
|
||||
bucket: test-my-bucket
|
||||
condition: []
|
||||
members:
|
||||
- group:storage@example.com
|
||||
role: roles/storage.admin
|
||||
|
||||
counts:
|
||||
google_storage_bucket: 1
|
||||
google_storage_bucket_iam_binding: 1
|
|
@ -1,3 +0,0 @@
|
|||
iam = {
|
||||
"roles/storage.admin" = ["user:a@example.org"]
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
prefix = "foo"
|
|
@ -0,0 +1,32 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-autopilot.google_container_cluster.cluster:
|
||||
enable_autopilot: true
|
||||
ip_allocation_policy:
|
||||
- cluster_secondary_range_name: pods
|
||||
services_secondary_range_name: services
|
||||
location: europe-west1-b
|
||||
master_authorized_networks_config:
|
||||
- cidr_blocks:
|
||||
- cidr_block: 10.0.0.0/8
|
||||
display_name: internal-vms
|
||||
name: cluster-autopilot
|
||||
network: projects/xxx/global/networks/aaa
|
||||
project: myproject
|
||||
subnetwork: subnet_self_link
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
|
@ -0,0 +1,42 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1.google_container_cluster.cluster:
|
||||
default_max_pods_per_node: 32
|
||||
ip_allocation_policy:
|
||||
- cluster_secondary_range_name: pods
|
||||
services_secondary_range_name: services
|
||||
location: europe-west1-b
|
||||
master_authorized_networks_config:
|
||||
- cidr_blocks:
|
||||
- cidr_block: 10.0.0.0/8
|
||||
display_name: internal-vms
|
||||
name: cluster-1
|
||||
network: projects/xxx/global/networks/aaa
|
||||
private_cluster_config:
|
||||
- enable_private_endpoint: true
|
||||
enable_private_nodes: true
|
||||
master_global_access_config:
|
||||
- enabled: false
|
||||
master_ipv4_cidr_block: 192.168.0.0/28
|
||||
private_endpoint_subnetwork: null
|
||||
project: myproject
|
||||
remove_default_node_pool: true
|
||||
resource_labels:
|
||||
environment: dev
|
||||
subnetwork: subnet_self_link
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
|
@ -0,0 +1,45 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1.google_container_cluster.cluster:
|
||||
datapath_provider: ADVANCED_DATAPATH
|
||||
ip_allocation_policy:
|
||||
- cluster_secondary_range_name: pods
|
||||
services_secondary_range_name: services
|
||||
location: europe-west1-b
|
||||
master_authorized_networks_config:
|
||||
- cidr_blocks:
|
||||
- cidr_block: 10.0.0.0/8
|
||||
display_name: internal-vms
|
||||
min_master_version: null
|
||||
name: cluster-dataplane-v2
|
||||
network: projects/xxx/global/networks/aaa
|
||||
private_cluster_config:
|
||||
- enable_private_endpoint: true
|
||||
enable_private_nodes: true
|
||||
master_global_access_config:
|
||||
- enabled: false
|
||||
master_ipv4_cidr_block: 192.168.0.0/28
|
||||
private_endpoint_subnetwork: null
|
||||
project: myproject
|
||||
remove_default_node_pool: true
|
||||
resource_labels:
|
||||
environment: dev
|
||||
subnetwork: subnet_self_link
|
||||
workload_identity_config:
|
||||
- workload_pool: myproject.svc.id.goog
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
|
@ -1,43 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "enable_addons" {
|
||||
type = any
|
||||
default = {
|
||||
horizontal_pod_autoscaling = true
|
||||
http_load_balancing = true
|
||||
}
|
||||
}
|
||||
|
||||
variable "enable_features" {
|
||||
type = any
|
||||
default = {
|
||||
workload_identity = true
|
||||
}
|
||||
}
|
||||
|
||||
variable "monitoring_config" {
|
||||
type = any
|
||||
default = {
|
||||
managed_prometheus = true
|
||||
}
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
description = "Network tags applied to nodes."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
def test_standard(plan_runner):
|
||||
"Test resources created with variable defaults."
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
|
||||
cluster_config = resources[0]['values']
|
||||
assert cluster_config['name'] == "cluster-1"
|
||||
assert cluster_config['network'] == "mynetwork"
|
||||
assert cluster_config['subnetwork'] == "mysubnet"
|
||||
assert cluster_config['enable_autopilot'] is None
|
||||
# assert 'service_account' not in node_config
|
||||
|
||||
|
||||
def test_autopilot(plan_runner):
|
||||
"Test resources created with variable defaults."
|
||||
_, resources = plan_runner(enable_features='{ autopilot=true }')
|
||||
assert len(resources) == 1
|
||||
cluster_config = resources[0]['values']
|
||||
assert cluster_config['name'] == "cluster-1"
|
||||
assert cluster_config['network'] == "mynetwork"
|
||||
assert cluster_config['subnetwork'] == "mysubnet"
|
||||
assert cluster_config['enable_autopilot'] == True
|
||||
# assert 'service_account' not in node_config
|
|
@ -0,0 +1,23 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
|
||||
cluster: cluster-1
|
||||
location: europe-west1-b
|
||||
name: nodepool-1
|
||||
project: myproject
|
||||
|
||||
counts:
|
||||
google_container_node_pool: 1
|
|
@ -0,0 +1,60 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
|
||||
autoscaling:
|
||||
- location_policy: null
|
||||
max_node_count: 10
|
||||
min_node_count: 1
|
||||
total_max_node_count: null
|
||||
total_min_node_count: null
|
||||
cluster: cluster-1
|
||||
initial_node_count: 1
|
||||
location: europe-west1-b
|
||||
management:
|
||||
- auto_repair: true
|
||||
auto_upgrade: false
|
||||
name: nodepool-1
|
||||
node_config:
|
||||
- boot_disk_kms_key: null
|
||||
disk_size_gb: 50
|
||||
disk_type: pd-ssd
|
||||
ephemeral_storage_config:
|
||||
- local_ssd_count: 1
|
||||
gcfs_config: []
|
||||
gvnic: []
|
||||
kubelet_config: []
|
||||
labels:
|
||||
environment: dev
|
||||
linux_node_config: []
|
||||
logging_variant: DEFAULT
|
||||
machine_type: n2-standard-2
|
||||
node_group: null
|
||||
oauth_scopes:
|
||||
- https://www.googleapis.com/auth/cloud-platform
|
||||
preemptible: false
|
||||
reservation_affinity: []
|
||||
resource_labels: null
|
||||
sandbox_config: []
|
||||
spot: true
|
||||
tags: null
|
||||
taint: []
|
||||
placement_policy: []
|
||||
project: myproject
|
||||
module.cluster-1-nodepool-1.google_service_account.service_account[0]: {}
|
||||
|
||||
counts:
|
||||
google_container_node_pool: 1
|
||||
google_service_account: 1
|
|
@ -0,0 +1,52 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
|
||||
cluster: cluster-1
|
||||
location: europe-west1-b
|
||||
name: nodepool-1
|
||||
node_config:
|
||||
- boot_disk_kms_key: null
|
||||
disk_type: pd-balanced
|
||||
ephemeral_storage_config: []
|
||||
gcfs_config: []
|
||||
gvnic: []
|
||||
kubelet_config: []
|
||||
linux_node_config: []
|
||||
logging_variant: DEFAULT
|
||||
node_group: null
|
||||
oauth_scopes:
|
||||
- https://www.googleapis.com/auth/cloud-platform
|
||||
preemptible: false
|
||||
reservation_affinity: []
|
||||
resource_labels: null
|
||||
sandbox_config: []
|
||||
spot: false
|
||||
tags: null
|
||||
taint: []
|
||||
placement_policy: []
|
||||
project: myproject
|
||||
timeouts: null
|
||||
module.cluster-1-nodepool-1.google_service_account.service_account[0]:
|
||||
account_id: spam-eggs
|
||||
description: null
|
||||
disabled: false
|
||||
display_name: Terraform GKE cluster-1 nodepool-1.
|
||||
project: myproject
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_container_node_pool: 1
|
||||
google_service_account: 1
|
|
@ -0,0 +1,43 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
|
||||
cluster: cluster-1
|
||||
location: europe-west1-b
|
||||
name: nodepool-1
|
||||
node_config:
|
||||
- boot_disk_kms_key: null
|
||||
disk_type: pd-balanced
|
||||
ephemeral_storage_config: []
|
||||
gcfs_config: []
|
||||
gvnic: []
|
||||
kubelet_config: []
|
||||
linux_node_config: []
|
||||
logging_variant: DEFAULT
|
||||
node_group: null
|
||||
oauth_scopes:
|
||||
- https://www.googleapis.com/auth/cloud-platform
|
||||
preemptible: false
|
||||
reservation_affinity: []
|
||||
resource_labels: null
|
||||
sandbox_config: []
|
||||
service_account: foo-bar@myproject.iam.gserviceaccount.com
|
||||
spot: false
|
||||
tags: null
|
||||
taint: []
|
||||
project: myproject
|
||||
|
||||
counts:
|
||||
google_container_node_pool: 1
|
|
@ -1,45 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_service_account" "test" {
|
||||
project = "my-project"
|
||||
account_id = "gke-nodepool-test"
|
||||
display_name = "Test Service Account"
|
||||
}
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/gke-nodepool"
|
||||
project_id = "my-project"
|
||||
cluster_name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
name = "nodepool-1"
|
||||
gke_version = var.gke_version
|
||||
labels = var.labels
|
||||
max_pods_per_node = var.max_pods_per_node
|
||||
node_config = var.node_config
|
||||
node_count = var.node_count
|
||||
node_locations = var.node_locations
|
||||
nodepool_config = var.nodepool_config
|
||||
pod_range = var.pod_range
|
||||
reservation_affinity = var.reservation_affinity
|
||||
service_account = {
|
||||
create = var.service_account_create
|
||||
email = google_service_account.test.email
|
||||
}
|
||||
sole_tenant_nodegroup = var.sole_tenant_nodegroup
|
||||
tags = var.tags
|
||||
taints = var.taints
|
||||
}
|
|
@ -1,86 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "gke_version" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "max_pods_per_node" {
|
||||
type = number
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "node_config" {
|
||||
type = any
|
||||
default = {
|
||||
disk_type = "pd-balanced"
|
||||
}
|
||||
}
|
||||
|
||||
variable "node_count" {
|
||||
type = any
|
||||
default = {
|
||||
initial = 1
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "node_locations" {
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "nodepool_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "pod_range" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "reservation_affinity" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "service_account_create" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "sole_tenant_nodegroup" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "taints" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
|
@ -1,67 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
def test_defaults(plan_runner):
|
||||
"Test resources created with variable defaults."
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
assert resources[0]['values']['autoscaling'] == []
|
||||
|
||||
|
||||
def test_service_account(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
_, resources = plan_runner(service_account_create='true')
|
||||
assert len(resources) == 2
|
||||
assert 'google_service_account' in [r['type'] for r in resources]
|
||||
|
||||
|
||||
def test_nodepool_config(plan_runner):
|
||||
nodepool_config = '''{
|
||||
autoscaling = { use_total_nodes = true, max_node_count = 3}
|
||||
management = {}
|
||||
upgrade_settings = { max_surge = 3, max_unavailable = 3 }
|
||||
}'''
|
||||
_, resources = plan_runner(nodepool_config=nodepool_config)
|
||||
assert resources[0]['values']['autoscaling'] == [{
|
||||
'location_policy': None,
|
||||
'max_node_count': None,
|
||||
'min_node_count': None,
|
||||
'total_max_node_count': 3,
|
||||
'total_min_node_count': None
|
||||
}]
|
||||
nodepool_config = '{ autoscaling = { max_node_count = 3} }'
|
||||
_, resources = plan_runner(nodepool_config=nodepool_config)
|
||||
assert resources[0]['values']['autoscaling'] == [{
|
||||
'location_policy': None,
|
||||
'max_node_count': 3,
|
||||
'min_node_count': None,
|
||||
'total_max_node_count': None,
|
||||
'total_min_node_count': None
|
||||
}]
|
||||
|
||||
|
||||
def test_node_config(plan_runner):
|
||||
node_config = '''{
|
||||
gcfs = true
|
||||
metadata = { foo = "bar" }
|
||||
}'''
|
||||
_, resources = plan_runner(node_config=node_config)
|
||||
values = resources[0]['values']['node_config'][0]
|
||||
assert values['gcfs_config'] == [{'enabled': True}]
|
||||
assert values['metadata'] == {
|
||||
'disable-legacy-endpoints': 'true',
|
||||
'foo': 'bar'
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
|
||||
module.vpc.google_dns_policy.default[0]:
|
||||
alternative_name_server_config:
|
||||
- target_name_servers:
|
||||
- forwarding_path: ''
|
||||
ipv4_address: '8.8.8.8'
|
||||
- forwarding_path: private
|
||||
ipv4_address: '10.0.0.1'
|
||||
description: Managed by Terraform
|
||||
enable_inbound_forwarding: true
|
||||
enable_logging: null
|
||||
name: my-network
|
||||
networks:
|
||||
- {}
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_dns_policy: 1
|
||||
modules: 1
|
||||
resources: 3
|
||||
|
||||
outputs: {}
|
|
@ -0,0 +1,50 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-detailed"]:
|
||||
description: Sample description
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
log_config:
|
||||
- aggregation_interval: INTERVAL_5_SEC
|
||||
filter_expr: 'true'
|
||||
flow_sampling: 0.5
|
||||
metadata: INCLUDE_ALL_METADATA
|
||||
metadata_fields: null
|
||||
name: subnet-detailed
|
||||
private_ip_google_access: false
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
- ip_cidr_range: 192.168.0.0/24
|
||||
range_name: secondary-range-a
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west4/subnet-simple"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: subnet-simple
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west4
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,35 +13,22 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_network.network[0]:
|
||||
auto_create_subnetworks: false
|
||||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
name: test
|
||||
project: test-project
|
||||
routing_mode: GLOBAL
|
||||
google_compute_network_peering.local[0]:
|
||||
export_custom_routes: true
|
||||
import_custom_routes: false
|
||||
name: test-peer
|
||||
peer_network: projects/my-project/global/networks/peer
|
||||
google_compute_network_peering.remote[0]:
|
||||
module.vpc-hub.google_compute_network.network[0]: {}
|
||||
module.vpc-spoke-1.google_compute_network.network[0]: {}
|
||||
module.vpc-hub.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
|
||||
module.vpc-spoke-1.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]: {}
|
||||
module.vpc-spoke-1.google_compute_network_peering.local[0]:
|
||||
export_custom_routes: false
|
||||
export_subnet_routes_with_public_ip: true
|
||||
import_custom_routes: true
|
||||
name: peer-test
|
||||
network: projects/my-project/global/networks/peer
|
||||
import_subnet_routes_with_public_ip: null
|
||||
module.vpc-spoke-1.google_compute_network_peering.remote[0]:
|
||||
export_custom_routes: true
|
||||
export_subnet_routes_with_public_ip: true
|
||||
import_custom_routes: false
|
||||
import_subnet_routes_with_public_ip: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_network: 2
|
||||
google_compute_network_peering: 2
|
||||
|
||||
outputs:
|
||||
bindings: {}
|
||||
project_id: test-project
|
||||
subnet_ips: {}
|
||||
subnet_regions: {}
|
||||
subnet_secondary_ranges: {}
|
||||
subnet_self_links: {}
|
||||
subnets: {}
|
||||
subnets_proxy_only: {}
|
||||
subnets_psc: {}
|
||||
google_compute_subnetwork: 2
|
|
@ -0,0 +1,40 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: regional-proxy
|
||||
project: my-project
|
||||
purpose: REGIONAL_MANAGED_PROXY
|
||||
region: europe-west1
|
||||
role: ACTIVE
|
||||
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
|
||||
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
|
||||
ip_cidr_range: 10.0.3.0/24
|
||||
log_config: []
|
||||
name: psc
|
||||
project: my-project
|
||||
purpose: PRIVATE_SERVICE_CONNECT
|
||||
region: europe-west1
|
||||
role: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
|
@ -0,0 +1,47 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
|
||||
address: 10.0.1.0
|
||||
address_type: INTERNAL
|
||||
description: null
|
||||
ip_version: null
|
||||
name: myrange
|
||||
prefix_length: 24
|
||||
project: my-project
|
||||
purpose: VPC_PEERING
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
|
||||
export_custom_routes: true
|
||||
import_custom_routes: true
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
name: production
|
||||
project: my-project
|
||||
module.vpc.google_service_networking_connection.psa_connection["1"]:
|
||||
reserved_peering_ranges:
|
||||
- myrange
|
||||
service: servicenetworking.googleapis.com
|
||||
|
||||
counts:
|
||||
google_compute_global_address: 1
|
||||
google_compute_network: 1
|
||||
google_compute_network_peering_routes_config: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_service_networking_connection: 1
|
|
@ -0,0 +1,46 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
|
||||
address: 10.0.1.0
|
||||
address_type: INTERNAL
|
||||
name: myrange
|
||||
prefix_length: 24
|
||||
project: my-project
|
||||
purpose: VPC_PEERING
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
|
||||
export_custom_routes: false
|
||||
import_custom_routes: false
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
name: production
|
||||
project: my-project
|
||||
module.vpc.google_service_networking_connection.psa_connection["1"]:
|
||||
reserved_peering_ranges:
|
||||
- myrange
|
||||
service: servicenetworking.googleapis.com
|
||||
|
||||
counts:
|
||||
google_compute_global_address: 1
|
||||
google_compute_network: 1
|
||||
google_compute_network_peering_routes_config: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_service_networking_connection: 1
|
||||
|
||||
outputs: {}
|
|
@ -0,0 +1,146 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc["gateway"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-gateway
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
|
||||
dest_range: 0.0.0.0/0
|
||||
name: my-network-with-route-gateway-gateway
|
||||
next_hop_gateway: global/gateways/default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
|
||||
dest_range: 192.168.128.0/24
|
||||
name: my-network-with-route-gateway-next-hop
|
||||
next_hop_gateway: global/gateways/default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
module.vpc["ilb"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-ilb
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
|
||||
dest_range: 0.0.0.0/0
|
||||
name: my-network-with-route-ilb-gateway
|
||||
next_hop_gateway: global/gateways/default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
|
||||
dest_range: 192.168.128.0/24
|
||||
name: my-network-with-route-ilb-next-hop
|
||||
next_hop_gateway: null
|
||||
next_hop_ilb: regions/europe-west1/forwardingRules/test
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
module.vpc["instance"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-instance
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["instance"].google_compute_route.gateway["gateway"]:
|
||||
dest_range: 0.0.0.0/0
|
||||
name: my-network-with-route-instance-gateway
|
||||
next_hop_gateway: global/gateways/default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["instance"].google_compute_route.instance["next-hop"]:
|
||||
dest_range: 192.168.128.0/24
|
||||
name: my-network-with-route-instance-next-hop
|
||||
next_hop_gateway: null
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: zones/europe-west1-b/test
|
||||
next_hop_instance_zone: europe-west1-b
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
module.vpc["ip"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-ip
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["ip"].google_compute_route.gateway["gateway"]:
|
||||
dest_range: 0.0.0.0/0
|
||||
name: my-network-with-route-ip-gateway
|
||||
next_hop_gateway: global/gateways/default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["ip"].google_compute_route.ip["next-hop"]:
|
||||
dest_range: 192.168.128.0/24
|
||||
name: my-network-with-route-ip-next-hop
|
||||
next_hop_gateway: null
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_ip: 192.168.0.128
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
module.vpc["vpn_tunnel"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-vpn-tunnel
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
|
||||
dest_range: 0.0.0.0/0
|
||||
name: my-network-with-route-vpn-tunnel-gateway
|
||||
next_hop_gateway: global/gateways/default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
|
||||
dest_range: 192.168.128.0/24
|
||||
name: my-network-with-route-vpn-tunnel-next-hop
|
||||
next_hop_gateway: null
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 5
|
||||
google_compute_route: 10
|
|
@ -0,0 +1,51 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc-host.google_compute_network.network[0]:
|
||||
name: my-host-network
|
||||
project: my-project
|
||||
module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
|
||||
project: my-project
|
||||
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
|
||||
host_project: my-project
|
||||
service_project: project1
|
||||
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
|
||||
host_project: my-project
|
||||
service_project: project2
|
||||
module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
|
||||
module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:cloudsvc
|
||||
- serviceAccount:gke
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-1
|
||||
module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.securityAdmin"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:gke
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/compute.securityAdmin
|
||||
subnetwork: subnet-1
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_shared_vpc_host_project: 1
|
||||
google_compute_shared_vpc_service_project: 2
|
||||
google_compute_subnetwork: 1
|
||||
google_compute_subnetwork_iam_binding: 2
|
|
@ -0,0 +1,50 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
auto_create_subnetworks: false
|
||||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
name: my-network
|
||||
project: my-project
|
||||
routing_mode: GLOBAL
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
log_config: []
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
- ip_cidr_range: 172.16.0.0/20
|
||||
range_name: pods
|
||||
- ip_cidr_range: 192.168.0.0/24
|
||||
range_name: services
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west2/production"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.16.0/24
|
||||
log_config: []
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west2
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
|
@ -0,0 +1,54 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
|
||||
name: subnet-1
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
|
||||
name: subnet-2
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:group1@example.com
|
||||
- user:user1@example.com
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-1
|
||||
module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-2.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:group2@example.com
|
||||
- user:user2@example.com
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-2
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
||||
google_compute_subnetwork_iam_binding: 2
|
||||
modules: 1
|
||||
resources: 5
|
||||
|
||||
outputs: {}
|
|
@ -0,0 +1,70 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
|
||||
description: Subnet b
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: no-pga
|
||||
private_ip_google_access: false
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
log_config: []
|
||||
name: simple
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.3.0/24
|
||||
ipv6_access_type: null
|
||||
log_config:
|
||||
- aggregation_interval: INTERVAL_10_MIN
|
||||
filter_expr: 'true'
|
||||
flow_sampling: 0.5
|
||||
metadata: INCLUDE_ALL_METADATA
|
||||
metadata_fields: null
|
||||
name: with-flow-logs
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-secondary-ranges"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.2.0/24
|
||||
log_config: []
|
||||
name: with-secondary-ranges
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
- ip_cidr_range: 192.168.0.0/24
|
||||
range_name: a
|
||||
- ip_cidr_range: 192.168.1.0/24
|
||||
range_name: b
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 4
|
|
@ -1 +0,0 @@
|
|||
data_folder = "../../tests/modules/net_vpc/data"
|
|
@ -1,44 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_subnetwork.subnetwork["europe-west1/factory-subnet"]:
|
||||
description: 'Sample description'
|
||||
ip_cidr_range: '10.128.0.0/24'
|
||||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: 'factory-subnet'
|
||||
private_ip_google_access: false
|
||||
project: 'test-project'
|
||||
region: 'europe-west1'
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
- ip_cidr_range: '192.168.128.0/24'
|
||||
range_name: 'secondary-range-a'
|
||||
google_compute_subnetwork.subnetwork["europe-west4/factory-subnet2"]:
|
||||
description: 'Sample description'
|
||||
ip_cidr_range: '10.129.0.0/24'
|
||||
log_config: []
|
||||
name: 'factory-subnet2'
|
||||
private_ip_google_access: true
|
||||
project: 'test-project'
|
||||
region: 'europe-west4'
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
||||
# FIXME: should we have some bindings here?
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
|
@ -1,30 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/net-vpc"
|
||||
project_id = "test-project"
|
||||
name = "test"
|
||||
peering_config = var.peering_config
|
||||
routes = var.routes
|
||||
shared_vpc_host = var.shared_vpc_host
|
||||
shared_vpc_service_projects = var.shared_vpc_service_projects
|
||||
subnet_iam = var.subnet_iam
|
||||
subnets = var.subnets
|
||||
auto_create_subnetworks = var.auto_create_subnetworks
|
||||
psa_config = var.psa_config
|
||||
data_folder = var.data_folder
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
subnet_iam = {
|
||||
"europe-west1/a" = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:a@example.com", "group:g-a@example.com"
|
||||
]
|
||||
}
|
||||
"europe-west1/c" = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:c@example.com", "group:g-c@example.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
subnets = [
|
||||
{
|
||||
name = "a"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
},
|
||||
{
|
||||
name = "b"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.1.0/24",
|
||||
description = "Subnet b"
|
||||
enable_private_access = false
|
||||
},
|
||||
{
|
||||
name = "c"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.2.0/24"
|
||||
secondary_ip_ranges = {
|
||||
a = "192.168.0.0/24"
|
||||
b = "192.168.1.0/24"
|
||||
}
|
||||
},
|
||||
{
|
||||
name = "d"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.3.0/24"
|
||||
flow_logs_config = {
|
||||
flow_sampling = 0.5
|
||||
aggregation_interval = "INTERVAL_10_MIN"
|
||||
}
|
||||
}
|
||||
]
|
|
@ -1,101 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "auto_create_subnetworks" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "data_folder" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "delete_default_routes_on_create" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
type = string
|
||||
default = "Terraform-managed."
|
||||
}
|
||||
|
||||
variable "dns_policy" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "mtu" {
|
||||
type = number
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "peering_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "psa_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "routes" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "routing_mode" {
|
||||
type = string
|
||||
default = "GLOBAL"
|
||||
}
|
||||
|
||||
variable "shared_vpc_host" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "shared_vpc_service_projects" {
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subnets" {
|
||||
type = any
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subnet_iam" {
|
||||
type = map(map(list(string)))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "subnets_proxy_only" {
|
||||
type = any
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subnets_psc" {
|
||||
type = any
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "vpc_create" {
|
||||
type = bool
|
||||
default = true
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
peering_config = {
|
||||
peer_vpc_self_link = "projects/my-project/global/networks/peer"
|
||||
export_routes = true
|
||||
import_routes = null
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
psa_config = {
|
||||
ranges = {
|
||||
bar = "172.16.100.0/24"
|
||||
foo = "172.16.101.0/24"
|
||||
}
|
||||
routes = null
|
||||
}
|
|
@ -1,70 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_global_address.psa_ranges["bar"]:
|
||||
address: 172.16.100.0
|
||||
address_type: INTERNAL
|
||||
description: null
|
||||
ip_version: null
|
||||
name: bar
|
||||
prefix_length: 24
|
||||
project: test-project
|
||||
purpose: VPC_PEERING
|
||||
google_compute_global_address.psa_ranges["foo"]:
|
||||
address: 172.16.101.0
|
||||
address_type: INTERNAL
|
||||
description: null
|
||||
ip_version: null
|
||||
name: foo
|
||||
prefix_length: 24
|
||||
project: test-project
|
||||
purpose: VPC_PEERING
|
||||
google_compute_network.network[0]:
|
||||
auto_create_subnetworks: false
|
||||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
enable_ula_internal_ipv6: null
|
||||
name: test
|
||||
project: test-project
|
||||
routing_mode: GLOBAL
|
||||
google_compute_network_peering_routes_config.psa_routes["1"]:
|
||||
export_custom_routes: false
|
||||
import_custom_routes: false
|
||||
project: test-project
|
||||
google_service_networking_connection.psa_connection["1"]:
|
||||
reserved_peering_ranges:
|
||||
- bar
|
||||
- foo
|
||||
service: servicenetworking.googleapis.com
|
||||
|
||||
counts:
|
||||
google_compute_global_address: 2
|
||||
google_compute_network: 1
|
||||
google_compute_network_peering_routes_config: 1
|
||||
google_service_networking_connection: 1
|
||||
|
||||
outputs:
|
||||
bindings: {}
|
||||
name: __missing__
|
||||
network: __missing__
|
||||
project_id: test-project
|
||||
self_link: __missing__
|
||||
subnet_ips: {}
|
||||
subnet_regions: {}
|
||||
subnet_secondary_ranges: {}
|
||||
subnet_self_links: {}
|
||||
subnets: {}
|
||||
subnets_proxy_only: {}
|
||||
subnets_psc: {}
|
|
@ -1 +0,0 @@
|
|||
# skip boilerplate check
|
|
@ -1,44 +0,0 @@
|
|||
subnet_iam = {
|
||||
"europe-west1/a" = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:a@example.com", "group:g-a@example.com"
|
||||
]
|
||||
}
|
||||
"europe-west1/c" = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:c@example.com", "group:g-c@example.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
subnets = [
|
||||
{
|
||||
name = "a"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
},
|
||||
{
|
||||
name = "b"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.1.0/24",
|
||||
description = "Subnet b"
|
||||
enable_private_access = false
|
||||
},
|
||||
{
|
||||
name = "c"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.2.0/24"
|
||||
secondary_ip_ranges = {
|
||||
a = "192.168.0.0/24"
|
||||
b = "192.168.1.0/24"
|
||||
}
|
||||
},
|
||||
{
|
||||
name = "d"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.3.0/24"
|
||||
flow_logs_config = {
|
||||
flow_sampling = 0.5
|
||||
aggregation_interval = "INTERVAL_10_MIN"
|
||||
}
|
||||
}
|
||||
]
|
|
@ -1,120 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_network.network[0]:
|
||||
auto_create_subnetworks: false
|
||||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
name: test
|
||||
project: test-project
|
||||
routing_mode: GLOBAL
|
||||
google_compute_subnetwork.subnetwork["europe-west1/a"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
log_config: []
|
||||
name: a
|
||||
private_ip_google_access: true
|
||||
project: test-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
google_compute_subnetwork.subnetwork["europe-west1/b"]:
|
||||
description: Subnet b
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: b
|
||||
private_ip_google_access: false
|
||||
project: test-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
google_compute_subnetwork.subnetwork["europe-west1/c"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.2.0/24
|
||||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: c
|
||||
private_ip_google_access: true
|
||||
project: test-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
- ip_cidr_range: 192.168.0.0/24
|
||||
range_name: a
|
||||
- ip_cidr_range: 192.168.1.0/24
|
||||
range_name: b
|
||||
google_compute_subnetwork.subnetwork["europe-west1/d"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.3.0/24
|
||||
log_config:
|
||||
- aggregation_interval: INTERVAL_10_MIN
|
||||
filter_expr: 'true'
|
||||
flow_sampling: 0.5
|
||||
metadata: INCLUDE_ALL_METADATA
|
||||
metadata_fields: null
|
||||
name: d
|
||||
private_ip_google_access: true
|
||||
project: test-project
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
google_compute_subnetwork_iam_binding.binding["europe-west1/a.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:g-a@example.com
|
||||
- user:a@example.com
|
||||
project: test-project
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: a
|
||||
google_compute_subnetwork_iam_binding.binding["europe-west1/c.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:g-c@example.com
|
||||
- user:c@example.com
|
||||
project: test-project
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: c
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 4
|
||||
google_compute_subnetwork_iam_binding: 2
|
||||
|
||||
outputs:
|
||||
bindings: __missing__
|
||||
project_id: test-project
|
||||
subnet_ips:
|
||||
europe-west1/a: 10.0.0.0/24
|
||||
europe-west1/b: 10.0.1.0/24
|
||||
europe-west1/c: 10.0.2.0/24
|
||||
europe-west1/d: 10.0.3.0/24
|
||||
subnet_regions:
|
||||
europe-west1/a: europe-west1
|
||||
europe-west1/b: europe-west1
|
||||
europe-west1/c: europe-west1
|
||||
europe-west1/d: europe-west1
|
||||
subnet_secondary_ranges:
|
||||
europe-west1/a: {}
|
||||
europe-west1/b: {}
|
||||
europe-west1/c:
|
||||
a: 192.168.0.0/24
|
||||
b: 192.168.1.0/24
|
||||
europe-west1/d: {}
|
||||
subnet_self_links: __missing__
|
||||
subnets: __missing__
|
||||
subnets_proxy_only: {}
|
||||
subnets_psc: {}
|
|
@ -1,47 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
|
||||
_route_parameters = [('gateway', 'global/gateways/default-internet-gateway'),
|
||||
('instance', 'zones/europe-west1-b/test'),
|
||||
('ip', '192.168.0.128'),
|
||||
('ilb', 'regions/europe-west1/forwardingRules/test'),
|
||||
('vpn_tunnel', 'regions/europe-west1/vpnTunnels/foo')]
|
||||
|
||||
|
||||
@pytest.mark.parametrize('next_hop_type,next_hop', _route_parameters)
|
||||
def test_vpc_routes(plan_summary, next_hop_type, next_hop):
|
||||
'Test vpc routes.'
|
||||
|
||||
var_routes = '''{
|
||||
next-hop = {
|
||||
dest_range = "192.168.128.0/24"
|
||||
tags = null
|
||||
next_hop_type = "%s"
|
||||
next_hop = "%s"
|
||||
}
|
||||
gateway = {
|
||||
dest_range = "0.0.0.0/0",
|
||||
priority = 100
|
||||
tags = ["tag-a"]
|
||||
next_hop_type = "gateway",
|
||||
next_hop = "global/gateways/default-internet-gateway"
|
||||
}
|
||||
}''' % (next_hop_type, next_hop)
|
||||
summary = plan_summary('modules/net-vpc', tf_var_files=['common.tfvars'],
|
||||
routes=var_routes)
|
||||
assert len(summary.values) == 3
|
||||
route = summary.values[f'google_compute_route.{next_hop_type}["next-hop"]']
|
||||
assert route[f'next_hop_{next_hop_type}'] == next_hop
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -17,12 +17,7 @@ common_tfvars:
|
|||
- common.tfvars
|
||||
|
||||
tests:
|
||||
simple:
|
||||
subnets:
|
||||
peering:
|
||||
shared_vpc:
|
||||
factory:
|
||||
psa_simple:
|
||||
psa_routes_export:
|
||||
psa_routes_import:
|
||||
psa_routes_import_export:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
pytest>=6.2.5
|
||||
pytest>=7.2.1
|
||||
PyYAML>=6.0
|
||||
tftest>=1.8.1
|
||||
marko>=1.2.0
|
||||
deepdiff>=5.7.0
|
||||
python-hcl2>=3.0.5
|
||||
marko>=1.2.2
|
||||
deepdiff>=6.2.3
|
||||
python-hcl2>=4.3.0
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -16,6 +16,7 @@
|
|||
|
||||
import click
|
||||
import sys
|
||||
import tempfile
|
||||
import yaml
|
||||
|
||||
from pathlib import Path
|
||||
|
@ -27,17 +28,32 @@ import fixtures
|
|||
|
||||
|
||||
@click.command()
|
||||
@click.option('--example', default=False, is_flag=True)
|
||||
@click.argument('module', type=click.Path(), nargs=1)
|
||||
@click.argument('tfvars', type=click.Path(exists=True), nargs=-1)
|
||||
def main(module, tfvars):
|
||||
module = BASEDIR / module
|
||||
summary = fixtures.plan_summary(module, Path(), tfvars)
|
||||
print(yaml.dump({'values': summary.values}))
|
||||
print(yaml.dump({'counts': summary.counts}))
|
||||
outputs = {
|
||||
k: v.get('value', '__missing__') for k, v in summary.outputs.items()
|
||||
}
|
||||
print(yaml.dump({'outputs': outputs}))
|
||||
def main(example, module, tfvars):
|
||||
try:
|
||||
if example:
|
||||
tmp_dir = tempfile.TemporaryDirectory()
|
||||
tmp_path = Path(tmp_dir.name)
|
||||
common_vars = BASEDIR / 'tests' / 'examples' / 'variables.tf'
|
||||
(tmp_path / 'main.tf').symlink_to(module)
|
||||
(tmp_path / 'variables.tf').symlink_to(common_vars)
|
||||
(tmp_path / 'fabric').symlink_to(BASEDIR)
|
||||
module = tmp_path
|
||||
else:
|
||||
module = BASEDIR / module
|
||||
|
||||
summary = fixtures.plan_summary(module, Path(), tfvars)
|
||||
print(yaml.dump({'values': summary.values}))
|
||||
print(yaml.dump({'counts': summary.counts}))
|
||||
outputs = {
|
||||
k: v.get('value', '__missing__') for k, v in summary.outputs.items()
|
||||
}
|
||||
print(yaml.dump({'outputs': outputs}))
|
||||
finally:
|
||||
if example:
|
||||
tmp_dir.cleanup()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
Loading…
Reference in New Issue