Merge branch 'maunope/static_routes' of https://github.com/maunope/cloud-foundation-fabric into maunope/static_routes
|
@ -5,7 +5,7 @@ This section **[networking blueprints](./networking/)** that implement core patt
|
|||
Currently available blueprints:
|
||||
|
||||
- **cloud operations** - [Resource tracking and remediation via Cloud Asset feeds](./cloud-operations/asset-inventory-feed-remediation), [Granular Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam), [Granular Cloud DNS IAM for Shared VPC](./cloud-operations/dns-shared-vpc), [Compute Engine quota monitoring](./cloud-operations/quota-monitoring), [Scheduled Cloud Asset Inventory Export to Bigquery](./cloud-operations/scheduled-asset-inventory-export-bq), [Packer image builder](./cloud-operations/packer-image-builder), [On-prem SA key management](./cloud-operations/onprem-sa-key-management), [TCP healthcheck for unmanaged GCE instances](./cloud-operations/unmanaged-instances-healthcheck), [HTTP Load Balancer with Cloud Armor](./cloud-operations/glb_and_armor)
|
||||
- **data solutions** - [GCE/GCS CMEK via centralized Cloud KMS](./data-solutions/gcs-to-bq-with-least-privileges/), [Cloud Storage to Bigquery with Cloud Dataflow with least privileges](./data-solutions/gcs-to-bq-with-least-privileges/), [Data Platform Foundations](./data-solutions/data-platform-foundations/), [SQL Server AlwaysOn availability groups blueprint](./data-solutions/sqlserver-alwayson), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion/), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2/)
|
||||
- **data solutions** - [GCE/GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms/), [Cloud Storage to Bigquery with Cloud Dataflow with least privileges](./data-solutions/gcs-to-bq-with-least-privileges/), [Data Platform Foundations](./data-solutions/data-platform-foundations/), [SQL Server AlwaysOn availability groups blueprint](./data-solutions/sqlserver-alwayson), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion/), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2/)
|
||||
- **factories** - [The why and the how of resource factories](./factories/README.md)
|
||||
- **GKE** - [GKE multitenant fleet](./gke/multitenant-fleet/), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [Binary Authorization Pipeline](./gke/binauthz/), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api/)
|
||||
- **networking** - [hub and spoke via peering](./networking/hub-and-spoke-peering/), [hub and spoke via VPN](./networking/hub-and-spoke-vpn/), [DNS and Google Private Access for on-premises](./networking/onprem-google-access-dns/), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [ILB as next hop](./networking/ilb-next-hop), [Connecting to on-premise services leveraging PSC and hybrid NEGs](./networking/psc-hybrid/), [decentralized firewall](./networking/decentralized-firewall)
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -60,7 +60,7 @@ Note that metrics are created in the cloud-function/metrics.yaml file. You can a
|
|||
|
||||
## Assumptions and limitations
|
||||
- The CF assumes that all VPCs in peering groups are within the same organization, except for PSA peerings
|
||||
- PSA peerings record only subnets data
|
||||
- The CF will only fetch subnet utilization data from the PSA peerings (not the VMs, ILB or routes usage)
|
||||
- The CF assumes global routing is ON, this impacts dynamic routes usage calculation
|
||||
- The CF assumes custom routes importing/exporting is ON, this impacts static and dynamic routes usage calculation
|
||||
- The CF assumes all networks in peering groups have the same global routing and custom routes sharing configuration
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ They are meant to be used as minimal but complete starting points to create actu
|
|||
|
||||
### Cloud Storage to Bigquery with Cloud Dataflow with least privileges
|
||||
|
||||
<a href="./gcs-to-bq-with-least-privileges/" title="Cloud Storage to Bigquery with Cloud Dataflow with least privileges"><img src="./gcs-to-bq-with-least-privileges/diagram.png" align="left" width="280px"></a> This [blueprint](./gcs-to-bq-with-least-privileges/) implements resources required to run GCS to BigQuery Dataflow pipelines. The solution rely on a set of Services account created with the least privileges principle.
|
||||
<a href="./gcs-to-bq-with-least-privileges/" title="Cloud Storage to Bigquery with Cloud Dataflow with least privileges"><img src="./gcs-to-bq-with-least-privileges/images/diagram.png" align="left" width="280px"></a> This [blueprint](./gcs-to-bq-with-least-privileges/) implements resources required to run GCS to BigQuery Dataflow pipelines. The solution rely on a set of Services account created with the least privileges principle.
|
||||
<br clear="left">
|
||||
|
||||
### Data Platform Foundations
|
||||
|
|
|
@ -50,7 +50,7 @@ resource "google_sql_user" "service-account" {
|
|||
for_each = toset(var.data_eng_principals)
|
||||
project = module.project.project_id
|
||||
# Omit the .gserviceaccount.com suffix in the email
|
||||
name = regex("(.+)(gserviceaccount)", module.service-account-sql.email)[0]
|
||||
name = regex("(.+)(.gserviceaccount)", module.service-account-sql.email)[0]
|
||||
instance = module.db.name
|
||||
type = "CLOUD_IAM_SERVICE_ACCOUNT"
|
||||
}
|
||||
|
|
|
@ -38,8 +38,8 @@ output "demo_commands" {
|
|||
description = "Demo commands."
|
||||
value = {
|
||||
"01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b"
|
||||
"02_cloud_sql_proxy" = "cloud_sql_proxy -instances=${module.db.connection_name}=tcp:5432 &"
|
||||
"03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres'"
|
||||
"02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &"
|
||||
"03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ Whether you’re transferring from another Cloud Service Provider or you’re ta
|
|||
|
||||
## Architecture
|
||||
|
||||
![GCS to BigQuery High-level diagram](diagram.png "GCS to BigQuery High-level diagram")
|
||||
![GCS to BigQuery High-level diagram](images/diagram.png "GCS to BigQuery High-level diagram")
|
||||
|
||||
The main components that we would be setting up are (to learn more about these products, click on the hyperlinks):
|
||||
|
||||
|
@ -61,11 +61,11 @@ __Note__: To grant a user a role, take a look at the [Granting and Revoking Acce
|
|||
Click on the button below, sign in if required and when the prompt appears, click on “confirm”.
|
||||
|
||||
|
||||
[![Open Cloudshell](shell_button.png)](https://goo.gle/GoDataPipe)
|
||||
[![Open Cloudshell](images/shell_button.png)](https://goo.gle/GoDataPipe)
|
||||
|
||||
This will clone the repository to your cloud shell and a screen like this one will appear:
|
||||
|
||||
![cloud_shell](cloud_shell.png)
|
||||
![cloud_shell](images/cloud_shell.png)
|
||||
|
||||
Before you deploy the architecture, make sure you run the following command to move your cloudshell session into your service project:
|
||||
|
||||
|
@ -87,7 +87,7 @@ Before we deploy the architecture, you will need the following information:
|
|||
|
||||
2. In the editor, edit the terraform.tfvars.sample file with the variables you gathered in the step above.
|
||||
|
||||
![editor](editor.png)
|
||||
![editor](images/editor.png)
|
||||
|
||||
* a. Fill in __data_eng_principals__ with the list of Users or Groups to impersonate service accounts.
|
||||
|
||||
|
@ -105,7 +105,7 @@ Before we deploy the architecture, you will need the following information:
|
|||
|
||||
The resource creation will take a few minutes, at the end this is the output you should expect for successful completion along with a list of the created resources:
|
||||
|
||||
![output](output.png)
|
||||
![output](images/output.png)
|
||||
|
||||
__Congratulations!__ You have successfully deployed the foundation for running your first ETL pipeline on Google Cloud.
|
||||
|
||||
|
@ -168,16 +168,16 @@ This command will start a dataflow job called test_batch_01 that uses a Dataflow
|
|||
|
||||
The expected output is the following:
|
||||
|
||||
![second_output](second_output.png)
|
||||
![second_output](images/second_output.png)
|
||||
|
||||
Then, if you navigate to Dataflow on the console, you will see the following:
|
||||
|
||||
![dataflow_console](dataflow_console.png)
|
||||
![dataflow_console](images/dataflow_console.png)
|
||||
|
||||
This shows the job you started from the cloudshell is currently running in Dataflow.
|
||||
If you click on the job name, you can see the job graph created and how every step of the Dataflow pipeline is moving along:
|
||||
|
||||
![dataflow_execution](dataflow_execution.png)
|
||||
![dataflow_execution](images/dataflow_execution.png)
|
||||
|
||||
Once the job completes, you can navigate to BigQuery in the console and under __SERVICE_PROJECT_ID__ → datalake → person, you can see the data that was successfully imported into BigQuery through the Dataflow job.
|
||||
|
||||
|
|
Before Width: | Height: | Size: 144 KiB After Width: | Height: | Size: 144 KiB |
Before Width: | Height: | Size: 32 KiB After Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 72 KiB |
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 68 KiB After Width: | Height: | Size: 68 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 67 KiB After Width: | Height: | Size: 67 KiB |
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
|
@ -47,7 +47,7 @@ output "command_01_gcs" {
|
|||
|
||||
output "command_02_dataflow" {
|
||||
description = "Command to run Dataflow template impersonating the service account."
|
||||
value = templatefile("${path.module}/dataflow.tftpl", {
|
||||
value = templatefile("${path.module}/templates/dataflow.tftpl", {
|
||||
sa_orch_email = module.service-account-orch.email
|
||||
project_id = module.project.project_id
|
||||
region = var.region
|
||||
|
@ -68,7 +68,7 @@ output "command_02_dataflow" {
|
|||
|
||||
output "command_03_bq" {
|
||||
description = "BigQuery command to query imported data."
|
||||
value = templatefile("${path.module}/bigquery.tftpl", {
|
||||
value = templatefile("${path.module}/templates/bigquery.tftpl", {
|
||||
project_id = module.project.project_id
|
||||
bigquery_dataset = module.bigquery-dataset.dataset_id
|
||||
bigquery_table = module.bigquery-dataset.tables["person"].table_id
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -84,7 +84,7 @@ module "dns-api-prod" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.vpc-prod.self_link]
|
||||
recordsets = {
|
||||
"CNAME *" = { ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -96,7 +96,7 @@ module "dns-api-dev" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.vpc-dev.self_link]
|
||||
recordsets = {
|
||||
"CNAME *" = { ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ module "dev-dns-zone" {
|
|||
domain = "dev.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A test-r2" = { ttl = 300, records = [module.dev-r2-vm.internal_ip] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
"A test-r2" = { records = [module.dev-r2-vm.internal_ip] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -53,7 +53,7 @@ module "landing-dns-zone" {
|
|||
domain = "example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A test-r1" = { ttl = 300, records = [module.landing-r1-vm.internal_ip] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
"A test-r1" = { records = [module.landing-r1-vm.internal_ip] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ module "prod-dns-zone" {
|
|||
domain = "prd.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A test-r1" = { ttl = 300, records = [module.prod-r1-vm.internal_ip] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
"A test-r1" = { records = [module.prod-r1-vm.internal_ip] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -169,9 +169,9 @@ module "dns-gcp" {
|
|||
domain = "gcp.example.org."
|
||||
client_networks = [module.vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A test-1" = { ttl = 300, records = [module.vm-test1.internal_ip] }
|
||||
"A test-2" = { ttl = 300, records = [module.vm-test2.internal_ip] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
"A test-1" = { records = [module.vm-test1.internal_ip] }
|
||||
"A test-2" = { records = [module.vm-test2.internal_ip] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -183,9 +183,9 @@ module "dns-api" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.vpc.self_link]
|
||||
recordsets = {
|
||||
"CNAME *" = { ttl = 300, records = ["private.googleapis.com."] }
|
||||
"A private" = { ttl = 300, records = local.vips.private }
|
||||
"A restricted" = { ttl = 300, records = local.vips.restricted }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
"A private" = { records = local.vips.private }
|
||||
"A restricted" = { records = local.vips.restricted }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -218,7 +218,7 @@ module "private-dns-onprem" {
|
|||
domain = "${var.region}-${module.project.project_id}.cloudfunctions.net."
|
||||
client_networks = [module.vpc-onprem.self_link]
|
||||
recordsets = {
|
||||
"A " = { ttl = 300, records = [module.addresses.psc_addresses[local.psc_name].address] }
|
||||
"A " = { records = [module.addresses.psc_addresses[local.psc_name].address] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -157,8 +157,8 @@ module "host-dns" {
|
|||
domain = "example.com."
|
||||
client_networks = [module.vpc-shared.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A bastion" = { ttl = 300, records = [module.vm-bastion.internal_ip] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
"A bastion" = { records = [module.vm-bastion.internal_ip] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0"
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0"
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ module "dev-dns-private-zone" {
|
|||
domain = "dev.gcp.example.com."
|
||||
client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ module "gcp-example-dns-private-zone" {
|
|||
module.landing-trusted-vpc.self_link
|
||||
]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -72,12 +72,12 @@ module "googleapis-private-zone" {
|
|||
module.landing-trusted-vpc.self_link
|
||||
]
|
||||
recordsets = {
|
||||
"A private" = { type = "A", ttl = 300, records = [
|
||||
"A private" = { records = [
|
||||
"199.36.153.8", "199.36.153.9", "199.36.153.10", "199.36.153.11"
|
||||
] }
|
||||
"A restricted" = { type = "A", ttl = 300, records = [
|
||||
"A restricted" = { records = [
|
||||
"199.36.153.4", "199.36.153.5", "199.36.153.6", "199.36.153.7"
|
||||
] }
|
||||
"CNAME *" = { type = "CNAME", ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ module "prod-dns-private-zone" {
|
|||
domain = "prod.gcp.example.com."
|
||||
client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ module "dev-dns-private-zone" {
|
|||
domain = "dev.gcp.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ module "gcp-example-dns-private-zone" {
|
|||
domain = "gcp.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -60,12 +60,12 @@ module "googleapis-private-zone" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A private" = { type = "A", ttl = 300, records = [
|
||||
"A private" = { records = [
|
||||
"199.36.153.8", "199.36.153.9", "199.36.153.10", "199.36.153.11"
|
||||
] }
|
||||
"A restricted" = { type = "A", ttl = 300, records = [
|
||||
"A restricted" = { records = [
|
||||
"199.36.153.4", "199.36.153.5", "199.36.153.6", "199.36.153.7"
|
||||
] }
|
||||
"CNAME *" = { type = "CNAME", ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ module "prod-dns-private-zone" {
|
|||
domain = "prod.gcp.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ module "dev-dns-private-zone" {
|
|||
domain = "dev.gcp.example.com."
|
||||
client_networks = [module.dev-spoke-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -58,12 +58,12 @@ module "dev-googleapis-private-zone" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.dev-spoke-vpc.self_link]
|
||||
recordsets = {
|
||||
"A private" = { type = "A", ttl = 300, records = [
|
||||
"A private" = { records = [
|
||||
"199.36.153.8", "199.36.153.9", "199.36.153.10", "199.36.153.11"
|
||||
] }
|
||||
"A restricted" = { type = "A", ttl = 300, records = [
|
||||
"A restricted" = { records = [
|
||||
"199.36.153.4", "199.36.153.5", "199.36.153.6", "199.36.153.7"
|
||||
] }
|
||||
"CNAME *" = { type = "CNAME", ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ module "prod-dns-private-zone" {
|
|||
domain = "prod.gcp.example.com."
|
||||
client_networks = [module.prod-spoke-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -59,12 +59,12 @@ module "prod-googleapis-private-zone" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.prod-spoke-vpc.self_link]
|
||||
recordsets = {
|
||||
"A private" = { type = "A", ttl = 300, records = [
|
||||
"A private" = { records = [
|
||||
"199.36.153.8", "199.36.153.9", "199.36.153.10", "199.36.153.11"
|
||||
] }
|
||||
"A restricted" = { type = "A", ttl = 300, records = [
|
||||
"A restricted" = { records = [
|
||||
"199.36.153.4", "199.36.153.5", "199.36.153.6", "199.36.153.7"
|
||||
] }
|
||||
"CNAME *" = { type = "CNAME", ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ module "dev-dns-private-zone" {
|
|||
domain = "dev.gcp.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ module "gcp-example-dns-private-zone" {
|
|||
domain = "gcp.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -60,12 +60,12 @@ module "googleapis-private-zone" {
|
|||
domain = "googleapis.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A private" = { type = "A", ttl = 300, records = [
|
||||
"A private" = { records = [
|
||||
"199.36.153.8", "199.36.153.9", "199.36.153.10", "199.36.153.11"
|
||||
] }
|
||||
"A restricted" = { type = "A", ttl = 300, records = [
|
||||
"A restricted" = { records = [
|
||||
"199.36.153.4", "199.36.153.5", "199.36.153.6", "199.36.153.7"
|
||||
] }
|
||||
"CNAME *" = { type = "CNAME", ttl = 300, records = ["private.googleapis.com."] }
|
||||
"CNAME *" = { records = ["private.googleapis.com."] }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ module "prod-dns-private-zone" {
|
|||
domain = "prod.gcp.example.com."
|
||||
client_networks = [module.landing-vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,10 +17,11 @@ module "private-dns" {
|
|||
domain = "test.example."
|
||||
client_networks = [var.vpc.self_link]
|
||||
recordsets = {
|
||||
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
|
||||
"A localhost" = { records = ["127.0.0.1"] }
|
||||
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=3
|
||||
```
|
||||
|
||||
### Forwarding Zone
|
||||
|
@ -59,19 +60,18 @@ module "private-dns" {
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [domain](variables.tf#L51) | Zone domain, must end with a period. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L62) | Zone name, must be unique within the project. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L73) | Project id for the zone. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L69) | Zone name, must be unique within the project. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L80) | Project id for the zone. | <code>string</code> | ✓ | |
|
||||
| [client_networks](variables.tf#L21) | List of VPC self links that can see this zone. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [default_key_specs_key](variables.tf#L27) | DNSSEC default key signing specifications: algorithm, key_length, key_type, kind. | <code>any</code> | | <code>{}</code> |
|
||||
| [default_key_specs_zone](variables.tf#L33) | DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind. | <code>any</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L39) | Domain description. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
| [dnssec_config](variables.tf#L45) | DNSSEC configuration: kind, non_existence, state. | <code>any</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L28) | Domain description. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
| [dnssec_config](variables.tf#L34) | DNSSEC configuration for this zone. | <code title="object({ non_existence = optional(string, "nsec3") state = string key_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 2048 } ) zone_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 1024 } ) })">object({…})</code> | | <code>null</code> |
|
||||
| [enable_logging](variables.tf#L62) | Enable query logging for this zone. Only valid for public zones. | <code>bool</code> | | <code>false</code> |
|
||||
| [forwarders](variables.tf#L56) | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [peer_network](variables.tf#L67) | Peering network self link, only valid for 'peering' zone types. | <code>string</code> | | <code>null</code> |
|
||||
| [recordsets](variables.tf#L78) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map(object({ ttl = number records = list(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [service_directory_namespace](variables.tf#L94) | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code>string</code> | | <code>null</code> |
|
||||
| [type](variables.tf#L100) | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code>string</code> | | <code>"private"</code> |
|
||||
| [zone_create](variables.tf#L110) | Create zone. When set to false, uses a data source to reference existing zone. | <code>bool</code> | | <code>true</code> |
|
||||
| [peer_network](variables.tf#L74) | Peering network self link, only valid for 'peering' zone types. | <code>string</code> | | <code>null</code> |
|
||||
| [recordsets](variables.tf#L85) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map(object({ ttl = optional(number, 300) records = list(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [service_directory_namespace](variables.tf#L102) | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code>string</code> | | <code>null</code> |
|
||||
| [type](variables.tf#L108) | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code>string</code> | | <code>"private"</code> |
|
||||
| [zone_create](variables.tf#L118) | Create zone. When set to false, uses a data source to reference existing zone. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -15,9 +15,8 @@
|
|||
*/
|
||||
|
||||
locals {
|
||||
_recordsets = var.recordsets == null ? {} : var.recordsets
|
||||
recordsets = {
|
||||
for key, attrs in local._recordsets :
|
||||
for key, attrs in var.recordsets :
|
||||
key => merge(attrs, zipmap(["type", "name"], split(" ", key)))
|
||||
}
|
||||
zone = (
|
||||
|
@ -117,24 +116,25 @@ resource "google_dns_managed_zone" "public" {
|
|||
visibility = "public"
|
||||
|
||||
dynamic "dnssec_config" {
|
||||
for_each = var.dnssec_config == {} ? [] : tolist([var.dnssec_config])
|
||||
for_each = var.dnssec_config == null ? [] : [1]
|
||||
iterator = config
|
||||
content {
|
||||
kind = lookup(config.value, "kind", "dns#managedZoneDnsSecConfig")
|
||||
non_existence = lookup(config.value, "non_existence", "nsec3")
|
||||
state = lookup(config.value, "state", "off")
|
||||
kind = "dns#managedZoneDnsSecConfig"
|
||||
non_existence = var.dnssec_config.non_existence
|
||||
state = var.dnssec_config.state
|
||||
|
||||
default_key_specs {
|
||||
algorithm = lookup(var.default_key_specs_key, "algorithm", "rsasha256")
|
||||
key_length = lookup(var.default_key_specs_key, "key_length", 2048)
|
||||
key_type = lookup(var.default_key_specs_key, "key_type", "keySigning")
|
||||
kind = lookup(var.default_key_specs_key, "kind", "dns#dnsKeySpec")
|
||||
algorithm = var.dnssec_config.key_signing_key.algorithm
|
||||
key_length = var.dnssec_config.key_signing_key.key_length
|
||||
key_type = "keySigning"
|
||||
kind = "dns#dnsKeySpec"
|
||||
}
|
||||
|
||||
default_key_specs {
|
||||
algorithm = lookup(var.default_key_specs_zone, "algorithm", "rsasha256")
|
||||
key_length = lookup(var.default_key_specs_zone, "key_length", 1024)
|
||||
key_type = lookup(var.default_key_specs_zone, "key_type", "zoneSigning")
|
||||
kind = lookup(var.default_key_specs_zone, "kind", "dns#dnsKeySpec")
|
||||
algorithm = var.dnssec_config.zone_signing_key.algorithm
|
||||
key_length = var.dnssec_config.zone_signing_key.key_length
|
||||
key_type = "zoneSigning"
|
||||
kind = "dns#dnsKeySpec"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,18 +22,7 @@ variable "client_networks" {
|
|||
description = "List of VPC self links that can see this zone."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "default_key_specs_key" {
|
||||
description = "DNSSEC default key signing specifications: algorithm, key_length, key_type, kind."
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "default_key_specs_zone" {
|
||||
description = "DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind."
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
|
@ -43,9 +32,20 @@ variable "description" {
|
|||
}
|
||||
|
||||
variable "dnssec_config" {
|
||||
description = "DNSSEC configuration: kind, non_existence, state."
|
||||
type = any
|
||||
default = {}
|
||||
description = "DNSSEC configuration for this zone."
|
||||
type = object({
|
||||
non_existence = optional(string, "nsec3")
|
||||
state = string
|
||||
key_signing_key = optional(object(
|
||||
{ algorithm = string, key_length = number }),
|
||||
{ algorithm = "rsasha256", key_length = 2048 }
|
||||
)
|
||||
zone_signing_key = optional(object(
|
||||
{ algorithm = string, key_length = number }),
|
||||
{ algorithm = "rsasha256", key_length = 1024 }
|
||||
)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "domain" {
|
||||
|
@ -59,6 +59,13 @@ variable "forwarders" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "enable_logging" {
|
||||
description = "Enable query logging for this zone. Only valid for public zones."
|
||||
type = bool
|
||||
default = false
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Zone name, must be unique within the project."
|
||||
type = string
|
||||
|
@ -78,10 +85,11 @@ variable "project_id" {
|
|||
variable "recordsets" {
|
||||
description = "Map of DNS recordsets in \"type name\" => {ttl, [records]} format."
|
||||
type = map(object({
|
||||
ttl = number
|
||||
ttl = optional(number, 300)
|
||||
records = list(string)
|
||||
}))
|
||||
default = {}
|
||||
default = {}
|
||||
nullable = false
|
||||
validation {
|
||||
condition = alltrue([
|
||||
for k, v in var.recordsets == null ? {} : var.recordsets :
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.36.0" # tftest
|
||||
version = ">= 4.40.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|