zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added workstation-cluster module

This commit is contained in:
apichick 2023-11-19 13:17:12 +01:00
parent bb58469292
commit 66bd9d5160
87 changed files with 1226 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -90,7 +90,7 @@ All notable changes to this project will be documented in this file.
- [[#1846](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1846)] Add support for IAM to vpc sc module ([ludoo](https://github.com/ludoo)) <!-- 2023-11-08 10:27:44+00:00 -->
- [[#1844](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1844)] Allow disabling IAM for sink identity in resource manager modules ([apichick](https://github.com/apichick)) <!-- 2023-11-07 08:30:42+00:00 -->
- [[#1841](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1841)] Fix modules to support new Apigee X environment types ([Teodelas](https://github.com/Teodelas)) <!-- 2023-11-06 08:56:04+00:00 -->
- [[#1842](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1842)] Bump provider version to 5.4.0 ([wiktorn](https://github.com/wiktorn)) <!-- 2023-11-04 08:14:03+00:00 -->
- [[#1842](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1842)] Bump provider version to 5.6.0 ([wiktorn](https://github.com/wiktorn)) <!-- 2023-11-04 08:14:03+00:00 -->
- [[#1823](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1823)] Add end-to-end tests for project module ([wiktorn](https://github.com/wiktorn)) <!-- 2023-11-03 17:04:19+00:00 -->
- [[#1837](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1837)] Added envoy as SNI dynamic forward proxy to cloud-config-container ([apichick](https://github.com/apichick)) <!-- 2023-11-03 07:43:15+00:00 -->
- [[#1839](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1839)] Added create_before_destroy = true for self-managed certificates ([apichick](https://github.com/apichick)) <!-- 2023-11-02 14:14:45+00:00 -->

2
README.md
View File

@ -33,7 +33,7 @@ Currently available modules:
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud)
- **data** - <!-- [AlloyDB instance](./modules/alloydb-instance), --> [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Workstation cluster](./modules/workstation-cluster)
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)
- **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run)

45
blueprints/gke/binauthz/app/app.yaml Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: storage-api-sa
namespace: apis
annotations:
iam.gke.io/gcp-service-account: sa-storage-api@ba-g-prj-cd-sb-binauthz-001.iam.gserviceaccount.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: storage-api-deployment
namespace: apis
spec:
selector:
matchLabels:
app: storage-api
replicas: 2
template:
metadata:
labels:
app: storage-api
spec:
serviceAccountName: storage-api-sa
containers:
- name: storage-api
image: europe-west1-docker.pkg.dev/ba-g-prj-cd-sb-binauthz-001/ba-registry/storage-api:DIGEST
ports:
- containerPort: 3000
nodeSelector:
iam.gke.io/gke-metadata-server-enabled: "true"

54
blueprints/gke/binauthz/tenant-setup.yaml Normal file
View File

@ -0,0 +1,54 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: apis
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: app-deployment-manager
namespace: apis
rules:
- apiGroups:
- ''
- 'extensions'
- 'apps'
resources:
- 'namespaces'
- 'serviceaccounts'
- 'deployments'
verbs:
- 'get'
- 'list'
- 'watch'
- 'create'
- 'update'
- 'patch'
- 'delete'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: app-deployment-manager
namespace: apis
subjects:
- kind: User
name: sa-cb-app@ba-g-prj-cd-sb-binauthz-001.iam.gserviceaccount.com
roleRef:
kind: Role
name: app-deployment-manager
apiGroup: rbac.authorization.k8s.io

4
default-versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

1
modules/README.md
View File

@ -92,6 +92,7 @@ These modules are used in the examples included in this repository. If you are u
- [Artifact Registry](./artifact-registry)
- [Container Registry](./container-registry)
- [Cloud Source Repository](./source-repository)
- [Workstation cluster](./workstation-cluster)
## Security

4
modules/__experimental/alloydb-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/__experimental/net-neg/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/api-gateway/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/apigee/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/artifact-registry/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/bigquery-dataset/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/bigtable-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/billing-account/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/binauthz/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/__need_fixing/onprem/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/coredns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/cos-generic-metadata/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/envoy-traffic-director/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/mysql/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/nginx-tls/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/nginx/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/simple-nva/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-config-container/squid/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-function-v1/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-function-v2/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-identity-group/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloud-run/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/cloudsql-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/compute-mig/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/compute-vm/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/container-registry/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/data-catalog-policy-tag/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/datafusion/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/dataplex-datascan/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/dataplex/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/dataproc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/dns-response-policy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/dns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/endpoints/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/folder/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/gcs/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/gcve-private-cloud/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/gke-cluster-autopilot/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/gke-cluster-standard/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/gke-hub/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/gke-nodepool/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/iam-service-account/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/kms/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/logging-bucket/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/ncc-spoke-ra/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-address/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-cloudnat/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-firewall-policy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-ipsec-over-interconnect/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-lb-app-ext/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-lb-app-int/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-lb-ext/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-lb-int/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-lb-proxy-int/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-swp/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vlan-attachment/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vpc-firewall/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vpc-peering/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vpc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vpn-dynamic/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vpn-ha/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/net-vpn-static/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/organization/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/project/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/projects-data-source/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/pubsub/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/secret-manager/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/service-directory/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/source-repository/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

4
modules/vpc-sc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.4.0, < 6.0.0" # tftest
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

192
modules/workstation-cluster/README.md Normal file
View File

@ -0,0 +1,192 @@
# Workstation cluster
This module allows to create a workstation cluster with associated workstation configs and workstations. In addition to this it allows to set up IAM bindings for the workstation configs and the workstations.
<!-- BEGIN TOC -->
- [Simple example](#simple-example)
- [Private cluster](#private-cluster)
- [Custom image](#custom-image)
- [IAM](#iam)
- [Variables](#variables)
- [Outputs](#outputs)
<!-- END TOC -->
## Simple example
Simple example showing how to create a cluster with publicly accessible workstations using the default base image.
```hcl
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
workstation_configs = {
my-workstation-config = {
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
}
}
}
}
}
# tftest modules=1 resources=3 inventory=simple.yaml
```
## Private cluster
Example showing how to create a cluster with a privately accessible workstation using the default base image.
```hcl
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
private_cluster_config = {
enable_private_endpoint = true
}
workstation_configs = {
my-workstation-config = {
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
}
}
}
}
}
# tftest modules=1 resources=3 inventory=private-cluster.yaml
```
## Custom image
Example showing how to create a cluster with publicly accesible workstation that run a custom image.
```hcl
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
workstation_configs = {
my-workstation-config = {
container = {
image = "repo/my-image:v10.0.0"
args = ["--arg1", "value1", "--arg2", "value2"]
env = {
VAR1 = "VALUE1"
VAR2 = "VALUE2"
}
working_dir = "/my-dir"
}
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
}
}
}
}
}
# tftest modules=1 resources=3 inventory=custom-image.yaml
```
## IAM
Example showing how to grant IAM roles on the workstation configuration or workstation.
```hcl
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
workstation_configs = {
my-workstation-config = {
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
iam = {
"roles/workstations.user" = ["user:user1@my-org.com"]
}
}
}
iam = {
"roles/viewer" = ["group:group1@my-org.com"]
}
iam_bindings = {
workstations-config-viewer = {
role = "roles/viewer"
members = ["group:group2@my-org.com"]
condition = {
title = "limited-access"
expression = "resource.name.startsWith('my-')"
}
}
}
iam_bindings_additive = {
workstations-config-editor = {
role = "roles/editor"
member = "group:group3@my-org.com"
condition = {
title = "limited-access"
expression = "resource.name.startsWith('my-')"
}
}
}
}
}
}
# tftest modules=1 resources=7 inventory=iam.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [id](variables.tf#L35) | Workstation cluster ID. | <code>string</code> | ✓ | |
| [network_config](variables.tf#L52) | Network configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [project_id](variables.tf#L70) | Cluster ID. | <code>string</code> | ✓ | |
| [workstation_configs](variables.tf#L75) | Workstation configurations. | <code title="map&#40;object&#40;&#123;&#10; annotations &#61; optional&#40;map&#40;string&#41;&#41;&#10; container &#61; optional&#40;object&#40;&#123;&#10; image &#61; optional&#40;string&#41;&#10; command &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; args &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; working_dir &#61; optional&#40;string&#41;&#10; env &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; run_as_user &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; enable_audit_agent &#61; optional&#40;bool&#41;&#10; encryption_key &#61; optional&#40;object&#40;&#123;&#10; kms_key &#61; string&#10; kms_key_service_account &#61; string&#10; &#125;&#41;&#41;&#10; gce_instance &#61; optional&#40;object&#40;&#123;&#10; machine_type &#61; optional&#40;string&#41;&#10; service_account &#61; optional&#40;string&#41;&#10; service_account_scopes &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; pool_size &#61; optional&#40;number&#41;&#10; boot_disk_size_gb &#61; optional&#40;number&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; disable_public_ip_addresses &#61; optional&#40;bool, false&#41;&#10; enable_nested_virtualization &#61; optional&#40;bool, false&#41;&#10; shielded_instance_config &#61; optional&#40;object&#40;&#123;&#10; enable_secure_boot &#61; optional&#40;bool, false&#41;&#10; enable_vtpm &#61; optional&#40;bool, false&#41;&#10; enable_integrity_monitoring &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; enable_confidential_compute &#61; optional&#40;bool, false&#41;&#10; accelerators &#61; optional&#40;list&#40;object&#40;&#123;&#10; type &#61; optional&#40;string&#41;&#10; count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; members &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; member &#61; string&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; idle_timeout &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; persistent_directories &#61; optional&#40;list&#40;object&#40;&#123;&#10; mount_path &#61; optional&#40;string&#41;&#10; gce_pd &#61; optional&#40;object&#40;&#123;&#10; size_gb &#61; optional&#40;number&#41;&#10; fs_type &#61; optional&#40;string&#41;&#10; disk_type &#61; optional&#40;string&#41;&#10; source_snapshot &#61; optional&#40;string&#41;&#10; reclaim_policy &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; running_timeout &#61; optional&#40;string&#41;&#10; replica_zones &#61; optional&#40;list&#40;string&#41;&#41;&#10; workstations &#61; optional&#40;map&#40;object&#40;&#123;&#10; annotations &#61; optional&#40;map&#40;string&#41;&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; env &#61; optional&#40;map&#40;string&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; members &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; member &#61; string&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [annotations](variables.tf#L17) | Workstation cluster annotations. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [display_name](variables.tf#L23) | Display name. | <code>string</code> | | <code>null</code> |
| [domain](variables.tf#L29) | Domain. | <code>string</code> | | <code>null</code> |
| [labels](variables.tf#L40) | Workstation cluster labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [location](variables.tf#L46) | Location. | <code>string</code> | | <code>null</code> |
| [private_cluster_config](variables.tf#L60) | Private cluster config. | <code title="object&#40;&#123;&#10; enable_private_endpoint &#61; optional&#40;bool, false&#41;&#10; allowed_projects &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cluster_hostname](outputs.tf#L17) | Cluster hostname. | |
| [id](outputs.tf#L22) | Workstation cluster id. | |
| [service_attachment_uri](outputs.tf#L27) | Workstation service attachment URI. | |
| [workstation_configs](outputs.tf#L32) | Workstation configurations. | |
| [workstations](outputs.tf#L37) | Workstations. | |
<!-- END TFDOC -->

128
modules/workstation-cluster/iam.tf Normal file
View File

@ -0,0 +1,128 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# tfdoc:file:description IAM bindings
resource "google_workstations_workstation_config_iam_binding" "authoritative" {
provider = google-beta
for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam :
"${k1}-${k2}" => {
workstation_config_id = k1
role = k2
members = v2
} }])...)
project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
role = each.value.role
members = each.value.members
}
resource "google_workstations_workstation_config_iam_binding" "bindings" {
provider = google-beta
for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings :
"${k1}-${k2}" => merge(v2, {
workstation_config_id = k1
}) }])...)
project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
role = each.value.role
members = each.value.members
}
resource "google_workstations_workstation_config_iam_member" "bindings" {
provider = google-beta
for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive :
"${k1}-${k2}" => merge(v2, {
workstation_config_id = k1
}) }])...)
project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
role = each.value.role
member = each.value.member
}
resource "google_workstations_workstation_iam_binding" "authoritative" {
provider = google-beta
for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
{ for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => {
workstation_config_id = k1
workstation_id = k2
role = k3
members = v3
} }]])...)
project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id
workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id
role = each.value.role
members = each.value.members
}
resource "google_workstations_workstation_iam_binding" "bindings" {
provider = google-beta
for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
{ for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, {
workstation_config_id = k1
workstation_id = k2
}) }]])...)
project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id
workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id
role = each.value.role
members = each.value.members
}
resource "google_workstations_workstation_iam_member" "bindings" {
provider = google-beta
for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
{ for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, {
workstation_config_id = k1
workstation_id = k2
}) }]])...)
project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id
workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id
role = each.value.role
member = each.value.member
}

131
modules/workstation-cluster/main.tf Normal file
View File

@ -0,0 +1,131 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
workstations = merge(flatten([for k1, v1 in var.workstation_configs :
{ for k2, v2 in v1.workstations :
"${k1}-${k2}" => merge({
workstation_config_id = k1
workstation_id = k2
}, v2) }])...)
}
resource "google_workstations_workstation_cluster" "cluster" {
provider = google-beta
workstation_cluster_id = var.id
project = var.project_id
display_name = var.display_name
network = var.network_config.network
subnetwork = var.network_config.subnetwork
location = var.location
annotations = var.annotations
labels = var.labels
dynamic "private_cluster_config" {
for_each = var.private_cluster_config == null ? [] : [""]
content {
enable_private_endpoint = var.private_cluster_config.enable_private_endpoint
allowed_projects = var.private_cluster_config.allowed_projects
}
}
dynamic "domain_config" {
for_each = var.domain == null ? [] : [""]
content {
domain = var.domain
}
}
}
resource "google_workstations_workstation_config" "configs" {
for_each = var.workstation_configs
provider = google-beta
project = google_workstations_workstation_cluster.cluster.project
workstation_config_id = each.key
workstation_cluster_id = google_workstations_workstation_cluster.cluster.workstation_cluster_id
location = google_workstations_workstation_cluster.cluster.location
idle_timeout = each.value.idle_timeout
running_timeout = each.value.running_timeout
replica_zones = each.value.replica_zones
annotations = each.value.annotations
labels = each.value.labels
dynamic "host" {
for_each = each.value.gce_instance == null ? [] : [""]
content {
gce_instance {
machine_type = each.value.gce_instance.machine_type
service_account = each.value.gce_instance.service_account
service_account_scopes = each.value.gce_instance.service_account_scopes
pool_size = each.value.gce_instance.pool_size
boot_disk_size_gb = each.value.gce_instance.boot_disk_size_gb
tags = each.value.gce_instance.tags
disable_public_ip_addresses = each.value.disable_public_ip_addresses
enable_nested_virtualization = each.value.enable_nested_virtualization
dynamic "shielded_instance_config" {
for_each = each.value.gce_instance.shielded_instance_config == null ? [] : [""]
content {
enable_secure_boot = each.value.gce_instance.shielded_instance_config.enable_secure_boot
enable_vtpm = each.value.gce_instance.shielded_instance_config.enable_vtpm
enable_integrity_monitoring = each.value.gce_instance.shielded_instance_config.enable_integrity_monitoring
}
}
dynamic "confidential_instance_config" {
for_each = each.value.gce_instance.enable_confidential_compute ? [] : [""]
content {
enable_confidential_compute = true
}
}
dynamic "accelerators" {
for_each = each.value.gce_instance.accelerators
content {
type = accelerators.value.type
count = accelerators.value.count
}
}
}
}
}
dynamic "container" {
for_each = each.value.container == null ? [] : [""]
content {
image = each.value.container.image
command = each.value.container.command
args = each.value.container.args
working_dir = each.value.container.working_dir
env = each.value.container.env
run_as_user = each.value.container.run_as_user
}
}
dynamic "encryption_key" {
for_each = each.value.encryption_key == null ? [] : [""]
content {
kms_key = each.value.encryption_key.kms_key
kms_key_service_account = each.value.encryption_key.kms_key_service_account
}
}
}
resource "google_workstations_workstation" "workstations" {
provider = google-beta
for_each = local.workstations
project = google_workstations_workstation_cluster.cluster.project
workstation_id = each.value.workstation_id
workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
workstation_cluster_id = google_workstations_workstation_cluster.cluster.workstation_cluster_id
location = google_workstations_workstation_cluster.cluster.location
labels = each.value.labels
env = each.value.env
annotations = each.value.annotations
}

40
modules/workstation-cluster/outputs.tf Normal file
View File

@ -0,0 +1,40 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "cluster_hostname" {
description = "Cluster hostname."
value = var.private_cluster_config != null ? google_workstations_workstation_cluster.cluster.private_cluster_config[0].cluster_hostname : null
}
output "id" {
description = "Workstation cluster id."
value = google_workstations_workstation_cluster.cluster.workstation_cluster_id
}
output "service_attachment_uri" {
description = "Workstation service attachment URI."
value = var.private_cluster_config != null ? google_workstations_workstation_cluster.cluster.private_cluster_config[0].service_attachment_uri : null
}
output "workstation_configs" {
description = "Workstation configurations."
value = google_workstations_workstation_config.configs
}
output "workstations" {
description = "Workstations."
value = google_workstations_workstation.workstations
}

152
modules/workstation-cluster/variables.tf Normal file
View File

@ -0,0 +1,152 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "annotations" {
description = "Workstation cluster annotations."
type = map(string)
default = {}
}
variable "display_name" {
description = "Display name."
type = string
default = null
}
variable "domain" {
description = "Domain."
type = string
default = null
}
variable "id" {
description = "Workstation cluster ID."
type = string
}
variable "labels" {
description = "Workstation cluster labels."
type = map(string)
default = {}
}
variable "location" {
description = "Location."
type = string
default = null
}
variable "network_config" {
description = "Network configuration."
type = object({
network = string
subnetwork = string
})
}
variable "private_cluster_config" {
description = "Private cluster config."
type = object({
enable_private_endpoint = optional(bool, false)
allowed_projects = optional(list(string))
})
nullable = false
default = {}
}
variable "project_id" {
description = "Cluster ID."
type = string
}
variable "workstation_configs" {
description = "Workstation configurations."
type = map(object({
annotations = optional(map(string))
container = optional(object({
image = optional(string)
command = optional(list(string), [])
args = optional(list(string), [])
working_dir = optional(string)
env = optional(map(string), {})
run_as_user = optional(string)
}))
display_name = optional(string)
enable_audit_agent = optional(bool)
encryption_key = optional(object({
kms_key = string
kms_key_service_account = string
}))
gce_instance = optional(object({
machine_type = optional(string)
service_account = optional(string)
service_account_scopes = optional(list(string), [])
pool_size = optional(number)
boot_disk_size_gb = optional(number)
tags = optional(list(string))
disable_public_ip_addresses = optional(bool, false)
enable_nested_virtualization = optional(bool, false)
shielded_instance_config = optional(object({
enable_secure_boot = optional(bool, false)
enable_vtpm = optional(bool, false)
enable_integrity_monitoring = optional(bool, false)
}))
enable_confidential_compute = optional(bool, false)
accelerators = optional(list(object({
type = optional(string)
count = optional(number)
})), [])
}))
iam = optional(map(list(string)), {})
iam_bindings = optional(map(object({
role = string
members = list(string)
})), {})
iam_bindings_additive = optional(map(object({
role = string
member = string
})), {})
idle_timeout = optional(string)
labels = optional(map(string))
persistent_directories = optional(list(object({
mount_path = optional(string)
gce_pd = optional(object({
size_gb = optional(number)
fs_type = optional(string)
disk_type = optional(string)
source_snapshot = optional(string)
reclaim_policy = optional(string)
}))
})), [])
running_timeout = optional(string)
replica_zones = optional(list(string))
workstations = optional(map(object({
annotations = optional(map(string))
display_name = optional(string)
env = optional(map(string))
iam = optional(map(list(string)), {})
iam_bindings = optional(map(object({
role = string
members = list(string)
})), {})
iam_bindings_additive = optional(map(object({
role = string
member = string
})), {})
labels = optional(map(string))
})), {})
}))
}

29
modules/workstation-cluster/versions.tf Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.4.4"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}

77
tests/modules/workstation_cluster/examples/custom-image.yaml Normal file
View File

@ -0,0 +1,77 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
annotations: null
display_name: null
effective_labels:
team: my-team
env: null
labels:
team: my-team
location: region
project: project-id
terraform_labels:
team: my-team
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
workstation_id: my-workstation
module.workstation-cluster.google_workstations_workstation_cluster.cluster:
annotations: null
display_name: null
domain_config: []
labels: null
location: region
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: false
project: project-id
subnetwork: subnet_self_link
timeouts: null
workstation_cluster_id: my-workstation-cluster
module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
annotations: null
container:
- args:
- --arg1
- value1
- --arg2
- value2
command: []
env:
VAR1: VALUE1
VAR2: VALUE2
image: repo/my-image:v10.0.0
run_as_user: null
working_dir: /my-dir
display_name: null
enable_audit_agent: null
encryption_key: []
idle_timeout: 1200s
labels: null
location: region
project: project-id
running_timeout: 43200s
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
counts:
google_workstations_workstation: 1
google_workstations_workstation_cluster: 1
google_workstations_workstation_config: 1
modules: 1
resources: 3

103
tests/modules/workstation_cluster/examples/iam.yaml Normal file
View File

@ -0,0 +1,103 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
annotations: null
display_name: null
effective_labels:
team: my-team
env: null
labels:
team: my-team
location: region
project: project-id
terraform_labels:
team: my-team
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
workstation_id: my-workstation
module.workstation-cluster.google_workstations_workstation_cluster.cluster:
annotations: null
display_name: null
domain_config: []
labels: null
location: region
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: false
project: project-id
subnetwork: subnet_self_link
timeouts: null
workstation_cluster_id: my-workstation-cluster
module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
annotations: null
display_name: null
enable_audit_agent: null
encryption_key: []
idle_timeout: 1200s
labels: null
location: region
project: project-id
running_timeout: 43200s
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
? module.workstation-cluster.google_workstations_workstation_config_iam_binding.authoritative["my-workstation-config-roles/viewer"]
: condition: []
location: region
members:
- group:group1@my-org.com
project: project-id
role: roles/viewer
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
? module.workstation-cluster.google_workstations_workstation_config_iam_binding.bindings["my-workstation-config-workstations-config-viewer"]
: condition: []
location: region
members:
- group:group2@my-org.com
project: project-id
role: roles/viewer
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
? module.workstation-cluster.google_workstations_workstation_config_iam_member.bindings["my-workstation-config-workstations-config-editor"]
: condition: []
location: region
member: group:group3@my-org.com
project: project-id
role: roles/editor
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
? module.workstation-cluster.google_workstations_workstation_iam_binding.authoritative["my-workstation-config-my-workstation-roles/workstations.user"]
: condition: []
location: region
members:
- user:user1@my-org.com
project: project-id
role: roles/workstations.user
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
workstation_id: my-workstation
counts:
google_workstations_workstation: 1
google_workstations_workstation_cluster: 1
google_workstations_workstation_config: 1
google_workstations_workstation_config_iam_binding: 2
google_workstations_workstation_config_iam_member: 1
google_workstations_workstation_iam_binding: 1
modules: 1
resources: 7

64
tests/modules/workstation_cluster/examples/private-cluster.yaml Normal file
View File

@ -0,0 +1,64 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
annotations: null
display_name: null
effective_labels:
team: my-team
env: null
labels:
team: my-team
location: region
project: project-id
terraform_labels:
team: my-team
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
workstation_id: my-workstation
module.workstation-cluster.google_workstations_workstation_cluster.cluster:
annotations: null
display_name: null
domain_config: []
labels: null
location: region
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: true
project: project-id
subnetwork: subnet_self_link
timeouts: null
workstation_cluster_id: my-workstation-cluster
module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
annotations: null
display_name: null
enable_audit_agent: null
encryption_key: []
idle_timeout: 1200s
labels: null
location: region
project: project-id
running_timeout: 43200s
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
counts:
google_workstations_workstation: 1
google_workstations_workstation_cluster: 1
google_workstations_workstation_config: 1
modules: 1
resources: 3

64
tests/modules/workstation_cluster/examples/simple.yaml Normal file
View File

@ -0,0 +1,64 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
annotations: null
display_name: null
effective_labels:
team: my-team
env: null
labels:
team: my-team
location: region
project: project-id
terraform_labels:
team: my-team
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
workstation_id: my-workstation
module.workstation-cluster.google_workstations_workstation_cluster.cluster:
annotations: null
display_name: null
domain_config: []
labels: null
location: region
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: false
project: project-id
subnetwork: subnet_self_link
timeouts: null
workstation_cluster_id: my-workstation-cluster
module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
annotations: null
display_name: null
enable_audit_agent: null
encryption_key: []
idle_timeout: 1200s
labels: null
location: region
project: project-id
running_timeout: 43200s
timeouts: null
workstation_cluster_id: my-workstation-cluster
workstation_config_id: my-workstation-config
counts:
google_workstations_workstation: 1
google_workstations_workstation_cluster: 1
google_workstations_workstation_config: 1
modules: 1
resources: 3