Merge branch 'master' into fix/ai-models-support
This commit is contained in:
commit
5b17c11d01
33
CHANGELOG.md
33
CHANGELOG.md
|
@ -8,6 +8,10 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### BLUEPRINTS
|
### BLUEPRINTS
|
||||||
|
|
||||||
|
- [[#1812](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1812)] Stop wrapping yamldecode with try() ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-25 14:16:05+00:00 -->
|
||||||
|
- [[#1806](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1806)] Updating network dashboard: fixing Cloud SQL problem, fixing 1 metric… ([aurelienlegrand](https://github.com/aurelienlegrand)) <!-- 2023-10-25 10:37:25+00:00 -->
|
||||||
|
- [[#1796](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1796)] Make extended shared vpc attributes optional in project factory ([ludoo](https://github.com/ludoo)) <!-- 2023-10-23 13:45:48+00:00 -->
|
||||||
|
- [[#1782](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1782)] Add upper cap to versions, update copyright notices ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-20 16:17:48+00:00 -->
|
||||||
- [[#1765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1765)] Add support for dual stack and multiple forwarding rules to net-lb-int module ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-17 09:30:35+00:00 -->
|
- [[#1765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1765)] Add support for dual stack and multiple forwarding rules to net-lb-int module ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-17 09:30:35+00:00 -->
|
||||||
- [[#1748](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1748)] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 2023-10-12 05:41:41+00:00 -->
|
- [[#1748](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1748)] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 2023-10-12 05:41:41+00:00 -->
|
||||||
- [[#1747](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1747)] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 2023-10-12 05:21:10+00:00 -->
|
- [[#1747](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1747)] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 2023-10-12 05:21:10+00:00 -->
|
||||||
|
@ -15,10 +19,23 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### DOCUMENTATION
|
### DOCUMENTATION
|
||||||
|
|
||||||
|
- [[#1782](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1782)] Add upper cap to versions, update copyright notices ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-20 16:17:48+00:00 -->
|
||||||
|
- [[#1773](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1773)] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST ([ludoo](https://github.com/ludoo)) <!-- 2023-10-18 12:18:31+00:00 -->
|
||||||
- [[#1743](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1743)] Billing account module ([ludoo](https://github.com/ludoo)) <!-- 2023-10-15 15:02:50+00:00 -->
|
- [[#1743](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1743)] Billing account module ([ludoo](https://github.com/ludoo)) <!-- 2023-10-15 15:02:50+00:00 -->
|
||||||
|
|
||||||
### FAST
|
### FAST
|
||||||
|
|
||||||
|
- [[#1812](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1812)] Stop wrapping yamldecode with try() ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-25 14:16:05+00:00 -->
|
||||||
|
- [[#1810](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1810)] FAST: Add access transparency logs to the default sinks ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-24 20:09:01+00:00 -->
|
||||||
|
- [[#1809](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1809)] FAST: Add VPC serverless connector NAT ranges to hierarchical fw ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-24 19:46:04+00:00 -->
|
||||||
|
- [[#1811](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1811)] FAST: removed references to kms_defaults ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-24 19:18:08+00:00 -->
|
||||||
|
- [[#1802](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1802)] Less verbose project factory stage outputs ([ludoo](https://github.com/ludoo)) <!-- 2023-10-24 07:03:36+00:00 -->
|
||||||
|
- [[#1797](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1797)] Improve usage of optionals in FAST stage 2 VPN variables ([ludoo](https://github.com/ludoo)) <!-- 2023-10-23 13:23:30+00:00 -->
|
||||||
|
- [[#1788](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1788)] FAST: adds support for wif provider pubkey ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-21 16:52:19+00:00 -->
|
||||||
|
- [[#1782](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1782)] Add upper cap to versions, update copyright notices ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-20 16:17:48+00:00 -->
|
||||||
|
- [[#1780](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1780)] Add sink for workspace logs to bootstrap stage ([ludoo](https://github.com/ludoo)) <!-- 2023-10-19 14:51:02+00:00 -->
|
||||||
|
- [[#1775](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1775)] Add gcp org policy constraints file to bootstrap stage ([ludoo](https://github.com/ludoo)) <!-- 2023-10-18 18:21:17+00:00 -->
|
||||||
|
- [[#1773](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1773)] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST ([ludoo](https://github.com/ludoo)) <!-- 2023-10-18 12:18:31+00:00 -->
|
||||||
- [[#1765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1765)] Add support for dual stack and multiple forwarding rules to net-lb-int module ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-17 09:30:35+00:00 -->
|
- [[#1765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1765)] Add support for dual stack and multiple forwarding rules to net-lb-int module ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-17 09:30:35+00:00 -->
|
||||||
- [[#1760](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1760)] Add support for psa peered domains to fast stages ([ludoo](https://github.com/ludoo)) <!-- 2023-10-16 06:57:18+00:00 -->
|
- [[#1760](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1760)] Add support for psa peered domains to fast stages ([ludoo](https://github.com/ludoo)) <!-- 2023-10-16 06:57:18+00:00 -->
|
||||||
- [[#1759](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1759)] Minor edits to FAST network stage READMEs ([ludoo](https://github.com/ludoo)) <!-- 2023-10-15 16:14:48+00:00 -->
|
- [[#1759](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1759)] Minor edits to FAST network stage READMEs ([ludoo](https://github.com/ludoo)) <!-- 2023-10-15 16:14:48+00:00 -->
|
||||||
|
@ -29,6 +46,20 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### MODULES
|
### MODULES
|
||||||
|
|
||||||
|
- [[#1812](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1812)] Stop wrapping yamldecode with try() ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-25 14:16:05+00:00 -->
|
||||||
|
- [[#1750](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1750)] AI models support ([ewojtach](https://github.com/ewojtach)) <!-- 2023-10-25 09:42:37+00:00 -->
|
||||||
|
- [[#1798](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1798)] Fix Apigee add-ons configuration ([mwarm2](https://github.com/mwarm2)) <!-- 2023-10-25 07:37:45+00:00 -->
|
||||||
|
- [[#1808](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1808)] Allow setting `enable_private_nodes` in GKE nodepool pod range ([ludoo](https://github.com/ludoo)) <!-- 2023-10-24 17:34:04+00:00 -->
|
||||||
|
- [[#1805](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1805)] net-lb-ext: Add option to set IPv6 subnetwork for IPv6 external fw rules ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-24 13:37:33+00:00 -->
|
||||||
|
- [[#1804](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1804)] compute-vm: remove old todo ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-24 10:45:54+00:00 -->
|
||||||
|
- [[#1803](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1803)] use the repository format in the image_path output ([Tutuchan](https://github.com/Tutuchan)) <!-- 2023-10-24 10:24:53+00:00 -->
|
||||||
|
- [[#1801](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1801)] Fix Internal App LB serverless NEG backend example ([juliocc](https://github.com/juliocc)) <!-- 2023-10-24 07:25:44+00:00 -->
|
||||||
|
- [[#1795](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1795)] Allow users to optonally specify address names ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-23 15:17:07+00:00 -->
|
||||||
|
- [[#1792](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1792)] Removed unnecessary try statements from apigee module outputs ([apichick](https://github.com/apichick)) <!-- 2023-10-22 16:13:13+00:00 -->
|
||||||
|
- [[#1786](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1786)] net-lb-ext: add support for multiple forwarding rules (IPs) and dual-stack (IPv4/IPv6) ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-21 16:19:18+00:00 -->
|
||||||
|
- [[#1782](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1782)] Add upper cap to versions, update copyright notices ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-20 16:17:48+00:00 -->
|
||||||
|
- [[#1774](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1774)] Added ProtectedApplication feature to GKE Backup ([luigi-bitonti](https://github.com/luigi-bitonti)) <!-- 2023-10-19 17:54:22+00:00 -->
|
||||||
|
- [[#1775](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1775)] Add gcp org policy constraints file to bootstrap stage ([ludoo](https://github.com/ludoo)) <!-- 2023-10-18 18:21:17+00:00 -->
|
||||||
- [[#1771](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1771)] Fix resource manager tag bindings in compute-vm module ([ludoo](https://github.com/ludoo)) <!-- 2023-10-18 09:24:00+00:00 -->
|
- [[#1771](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1771)] Fix resource manager tag bindings in compute-vm module ([ludoo](https://github.com/ludoo)) <!-- 2023-10-18 09:24:00+00:00 -->
|
||||||
- [[#1769](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1769)] Remove incompatible balancing_mode ([wiktorn](https://github.com/wiktorn)) <!-- 2023-10-18 06:11:32+00:00 -->
|
- [[#1769](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1769)] Remove incompatible balancing_mode ([wiktorn](https://github.com/wiktorn)) <!-- 2023-10-18 06:11:32+00:00 -->
|
||||||
- [[#1765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1765)] Add support for dual stack and multiple forwarding rules to net-lb-int module ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-17 09:30:35+00:00 -->
|
- [[#1765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1765)] Add support for dual stack and multiple forwarding rules to net-lb-int module ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-10-17 09:30:35+00:00 -->
|
||||||
|
@ -49,6 +80,8 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### TOOLS
|
### TOOLS
|
||||||
|
|
||||||
|
- [[#1782](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1782)] Add upper cap to versions, update copyright notices ([sruffilli](https://github.com/sruffilli)) <!-- 2023-10-20 16:17:48+00:00 -->
|
||||||
|
- [[#1751](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1751)] End-to-end tests for terraform modules ([wiktorn](https://github.com/wiktorn)) <!-- 2023-10-20 07:59:52+00:00 -->
|
||||||
- [[#1737](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1737)] Enforce mandatory types in all variables ([juliocc](https://github.com/juliocc)) <!-- 2023-10-06 09:44:34+00:00 -->
|
- [[#1737](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1737)] Enforce mandatory types in all variables ([juliocc](https://github.com/juliocc)) <!-- 2023-10-06 09:44:34+00:00 -->
|
||||||
- [[#1734](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1734)] Update to lint.sh and wording to some tf ([bluPhy](https://github.com/bluPhy)) <!-- 2023-10-05 06:32:08+00:00 -->
|
- [[#1734](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1734)] Update to lint.sh and wording to some tf ([bluPhy](https://github.com/bluPhy)) <!-- 2023-10-05 06:32:08+00:00 -->
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ module "project-factory" {
|
||||||
data_path = "data"
|
data_path = "data"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=6 resources=15 files=prj-app-1,prj-app-2
|
# tftest modules=6 resources=17 files=prj-app-1,prj-app-2
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -74,8 +74,12 @@ service_encryption_key_ids:
|
||||||
services:
|
services:
|
||||||
- storage.googleapis.com
|
- storage.googleapis.com
|
||||||
service_accounts:
|
service_accounts:
|
||||||
app-1-be: {}
|
app-1-be:
|
||||||
app-1-fe: {}
|
iam_project_roles:
|
||||||
|
- roles/logging.logWriter
|
||||||
|
- roles/monitoring.metricWriter
|
||||||
|
app-1-fe:
|
||||||
|
display_name: "Test app 1 frontend."
|
||||||
|
|
||||||
# tftest-file id=prj-app-1 path=data/prj-app-1.yaml
|
# tftest-file id=prj-app-1 path=data/prj-app-1.yaml
|
||||||
```
|
```
|
||||||
|
@ -104,10 +108,10 @@ shared_vpc_service_config:
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [factory_data](variables.tf#L85) | Project data from either YAML files or externally parsed data. | <code title="object({ data = optional(map(any)) data_path = optional(string) })">object({…})</code> | ✓ | |
|
| [factory_data](variables.tf#L88) | Project data from either YAML files or externally parsed data. | <code title="object({ data = optional(map(any)) data_path = optional(string) })">object({…})</code> | ✓ | |
|
||||||
| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string)), {}) service_perimeter_bridges = optional(list(string), []) service_perimeter_standard = optional(string) services = optional(list(string), []) shared_vpc_service_config = optional(object({ host_project = string service_identity_iam = optional(map(list(string)), {}) service_iam_grants = optional(list(string), []) }), { host_project = null }) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ default_roles = optional(bool, true) })), {}) })">object({…})</code> | | <code>{}</code> |
|
| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string)), {}) service_perimeter_bridges = optional(list(string), []) service_perimeter_standard = optional(string) services = optional(list(string), []) shared_vpc_service_config = optional(object({ host_project = string service_identity_iam = optional(map(list(string)), {}) service_iam_grants = optional(list(string), []) }), { host_project = null }) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_project_roles = optional(list(string)) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [data_merges](variables.tf#L45) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | <code title="object({ contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) service_encryption_key_ids = optional(map(list(string)), {}) service_perimeter_bridges = optional(list(string), []) services = optional(list(string), []) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ default_roles = optional(bool, true) })), {}) })">object({…})</code> | | <code>{}</code> |
|
| [data_merges](variables.tf#L46) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | <code title="object({ contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) service_encryption_key_ids = optional(map(list(string)), {}) service_perimeter_bridges = optional(list(string), []) services = optional(list(string), []) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_project_roles = optional(list(string)) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [data_overrides](variables.tf#L64) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string))) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string))) service_perimeter_bridges = optional(list(string)) service_perimeter_standard = optional(string) tag_bindings = optional(map(string)) services = optional(list(string)) service_accounts = optional(map(object({ default_roles = optional(bool, true) }))) })">object({…})</code> | | <code>{}</code> |
|
| [data_overrides](variables.tf#L66) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string))) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string))) service_perimeter_bridges = optional(list(string)) service_perimeter_standard = optional(string) tag_bindings = optional(map(string)) services = optional(list(string)) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_project_roles = optional(list(string)) }))) })">object({…})</code> | | <code>{}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -103,7 +103,8 @@ locals {
|
||||||
for name, opts in v.service_accounts : {
|
for name, opts in v.service_accounts : {
|
||||||
project = k
|
project = k
|
||||||
name = name
|
name = name
|
||||||
options = opts
|
display_name = try(opts.display_name, "Terraform-managed.")
|
||||||
|
iam_project_roles = try(opts.iam_project_roles, null)
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
])
|
])
|
||||||
|
|
|
@ -69,16 +69,10 @@ module "service-accounts" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for k in local.service_accounts : "${k.project}-${k.name}" => k
|
for k in local.service_accounts : "${k.project}-${k.name}" => k
|
||||||
}
|
}
|
||||||
name = each.value.name
|
|
||||||
project_id = module.projects[each.value.project].project_id
|
project_id = module.projects[each.value.project].project_id
|
||||||
iam_project_roles = (
|
name = each.value.name
|
||||||
try(each.value.options.default_roles, null) == null
|
display_name = each.value.display_name
|
||||||
? {}
|
iam_project_roles = each.value.iam_project_roles == null ? {} : {
|
||||||
: {
|
(module.projects[each.value.project].project_id) = each.value.iam_project_roles
|
||||||
(module.projects[each.value.project].project_id) = [
|
|
||||||
"roles/logging.logWriter",
|
|
||||||
"roles/monitoring.metricWriter"
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,7 +35,8 @@ variable "data_defaults" {
|
||||||
tag_bindings = optional(map(string), {})
|
tag_bindings = optional(map(string), {})
|
||||||
# non-project resources
|
# non-project resources
|
||||||
service_accounts = optional(map(object({
|
service_accounts = optional(map(object({
|
||||||
default_roles = optional(bool, true)
|
display_name = optional(string, "Terraform-managed.")
|
||||||
|
iam_project_roles = optional(list(string))
|
||||||
})), {})
|
})), {})
|
||||||
})
|
})
|
||||||
nullable = false
|
nullable = false
|
||||||
|
@ -54,7 +55,8 @@ variable "data_merges" {
|
||||||
tag_bindings = optional(map(string), {})
|
tag_bindings = optional(map(string), {})
|
||||||
# non-project resources
|
# non-project resources
|
||||||
service_accounts = optional(map(object({
|
service_accounts = optional(map(object({
|
||||||
default_roles = optional(bool, true)
|
display_name = optional(string, "Terraform-managed.")
|
||||||
|
iam_project_roles = optional(list(string))
|
||||||
})), {})
|
})), {})
|
||||||
})
|
})
|
||||||
nullable = false
|
nullable = false
|
||||||
|
@ -75,7 +77,8 @@ variable "data_overrides" {
|
||||||
services = optional(list(string))
|
services = optional(list(string))
|
||||||
# non-project resources
|
# non-project resources
|
||||||
service_accounts = optional(map(object({
|
service_accounts = optional(map(object({
|
||||||
default_roles = optional(bool, true)
|
display_name = optional(string, "Terraform-managed.")
|
||||||
|
iam_project_roles = optional(list(string))
|
||||||
})))
|
})))
|
||||||
})
|
})
|
||||||
nullable = false
|
nullable = false
|
||||||
|
|
|
@ -7,6 +7,19 @@ This module allows creation and management of different types of firewall rules
|
||||||
|
|
||||||
The predefined rules are enabled by default and set to the ranges of the GCP health checkers for HTTP/HTTPS, and the IAP forwarders for SSH. See the relevant section below on how to configure or disable them.
|
The predefined rules are enabled by default and set to the ranges of the GCP health checkers for HTTP/HTTPS, and the IAP forwarders for SSH. See the relevant section below on how to configure or disable them.
|
||||||
|
|
||||||
|
<!-- BEGIN TOC -->
|
||||||
|
- [Examples](#examples)
|
||||||
|
- [Minimal open firewall](#minimal-open-firewall)
|
||||||
|
- [Custom rules](#custom-rules)
|
||||||
|
- [Controlling or turning off default rules](#controlling-or-turning-off-default-rules)
|
||||||
|
- [Overriding default tags and ranges](#overriding-default-tags-and-ranges)
|
||||||
|
- [Disabling predefined rules](#disabling-predefined-rules)
|
||||||
|
- [Including source & destination ranges](#including-source-destination-ranges)
|
||||||
|
- [Rules Factory](#rules-factory)
|
||||||
|
- [Variables](#variables)
|
||||||
|
- [Outputs](#outputs)
|
||||||
|
<!-- END TOC -->
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
### Minimal open firewall
|
### Minimal open firewall
|
||||||
|
|
|
@ -97,7 +97,7 @@ resource "google_compute_firewall" "custom-rules" {
|
||||||
source_ranges = (
|
source_ranges = (
|
||||||
each.value.direction == "INGRESS"
|
each.value.direction == "INGRESS"
|
||||||
? (
|
? (
|
||||||
each.value.source_ranges == null
|
each.value.source_ranges == null && each.value.sources == null
|
||||||
? ["0.0.0.0/0"]
|
? ["0.0.0.0/0"]
|
||||||
: each.value.source_ranges
|
: each.value.source_ranges
|
||||||
)
|
)
|
||||||
|
|
|
@ -53,8 +53,6 @@ values:
|
||||||
network: my-network
|
network: my-network
|
||||||
priority: 1000
|
priority: 1000
|
||||||
project: my-project
|
project: my-project
|
||||||
source_ranges:
|
|
||||||
- 0.0.0.0/0
|
|
||||||
source_service_accounts:
|
source_service_accounts:
|
||||||
- service-1@my-project.iam.gserviceaccount.com
|
- service-1@my-project.iam.gserviceaccount.com
|
||||||
source_tags: null
|
source_tags: null
|
||||||
|
|
Loading…
Reference in New Issue