Merge pull request #321 from terraform-google-modules/jccb/linter
Improve linter
This commit is contained in:
commit
6740f454c3
|
@ -46,6 +46,7 @@ steps:
|
|||
"modules",
|
||||
"cloud-operations",
|
||||
"data-solutions",
|
||||
"data-solutions/data-platform-foundations",
|
||||
"foundations",
|
||||
"networking",
|
||||
]
|
||||
|
|
|
@ -14,14 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "vms" {
|
||||
description = "VM names."
|
||||
value = {
|
||||
ns-editor = module.vm-ns-editor.instance.name
|
||||
svc-editor = module.vm-svc-editor.instance.name
|
||||
}
|
||||
}
|
||||
|
||||
output "gcloud_commands" {
|
||||
description = "Commands used to SSH to the VMs."
|
||||
value = {
|
||||
|
@ -29,3 +21,11 @@ output "gcloud_commands" {
|
|||
svc-editor = "gcloud compute ssh ${module.vm-svc-editor.instance.name} --zone ${var.region}-b --tunnel-through-iap"
|
||||
}
|
||||
}
|
||||
|
||||
output "vms" {
|
||||
description = "VM names."
|
||||
value = {
|
||||
ns-editor = module.vm-ns-editor.instance.name
|
||||
svc-editor = module.vm-svc-editor.instance.name
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,18 +24,18 @@ variable "location" {
|
|||
default = "europe"
|
||||
}
|
||||
|
||||
variable "project_service_name" {
|
||||
description = "Name for the new Service Project."
|
||||
type = string
|
||||
default = "my-project-service-001"
|
||||
}
|
||||
|
||||
variable "project_kms_name" {
|
||||
description = "Name for the new KMS Project."
|
||||
type = string
|
||||
default = "my-project-kms-001"
|
||||
}
|
||||
|
||||
variable "project_service_name" {
|
||||
description = "Name for the new Service Project."
|
||||
type = string
|
||||
default = "my-project-service-001"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "The region where resources will be deployed."
|
||||
type = string
|
||||
|
@ -47,6 +47,12 @@ variable "root_node" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "vpc_ip_cidr_range" {
|
||||
description = "Ip range used in the subnet deployef in the Service Project."
|
||||
type = string
|
||||
default = "10.0.0.0/20"
|
||||
}
|
||||
|
||||
variable "vpc_name" {
|
||||
description = "Name of the VPC created in the Service Project."
|
||||
type = string
|
||||
|
@ -58,9 +64,3 @@ variable "vpc_subnet_name" {
|
|||
type = string
|
||||
default = "subnet"
|
||||
}
|
||||
|
||||
variable "vpc_ip_cidr_range" {
|
||||
description = "Ip range used in the subnet deployef in the Service Project."
|
||||
type = string
|
||||
default = "10.0.0.0/20"
|
||||
}
|
||||
|
|
|
@ -54,14 +54,12 @@ The script use 'google_access_context_manager_service_perimeter_resource' terraf
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| billing_account_id | Billing account id. | <code title="">string</code> | ✓ | |
|
||||
| root_node | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | <code title="">string</code> | ✓ | |
|
||||
| *admins* | List of users allowed to impersonate the service account | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *prefix* | Prefix used to generate project id and name. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *project_names* | Override this variable if you need non-standard names. | <code title="object({ datamart = string dwh = string landing = string services = string transformation = string })">object({...})</code> | | <code title="{ datamart = "datamart" dwh = "datawh" landing = "landing" services = "services" transformation = "transformation" }">...</code> |
|
||||
| *service_account_names* | Override this variable if you need non-standard names. | <code title="object({ main = string })">object({...})</code> | | <code title="{ main = "data-platform-main" }">...</code> |
|
||||
| *service_encryption_key_ids* | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | <code title="object({ multiregional = string global = string })">object({...})</code> | | <code title="{ multiregional = null global = null }">...</code> |
|
||||
| *service_perimeter_standard* | VPC Service control standard perimeter name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. All projects will be added to the perimeter in enforced mode. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *admins* | List of users allowed to impersonate the service account | <code title="">list</code> | | <code title="">null</code> |
|
||||
|
||||
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -25,12 +25,12 @@ output "project_ids" {
|
|||
}
|
||||
}
|
||||
|
||||
output "service_encryption_key_ids" {
|
||||
description = "Cloud KMS encryption keys in {LOCATION => [KEY_URL]} format."
|
||||
value = var.service_encryption_key_ids
|
||||
}
|
||||
|
||||
output "service_account" {
|
||||
description = "Main service account."
|
||||
value = module.sa-services-main.email
|
||||
}
|
||||
|
||||
output "service_encryption_key_ids" {
|
||||
description = "Cloud KMS encryption keys in {LOCATION => [KEY_URL]} format."
|
||||
value = var.service_encryption_key_ids
|
||||
}
|
||||
|
|
|
@ -57,6 +57,7 @@ You can configure GCP resources to use existing CMEK keys configuring the 'servi
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---: |:---:|:---:|
|
||||
| project_ids | Project IDs. | <code title="object({ datamart = string dwh = string landing = string services = string transformation = string })">object({...})</code> | ✓ | |
|
||||
| *admins* | List of users allowed to impersonate the service account | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *datamart_bq_datasets* | Datamart Bigquery datasets | <code title="map(object({ iam = map(list(string)) location = string }))">map(object({...}))</code> | | <code title="{ bq_datamart_dataset = { location = "EU" iam = { } } }">...</code> |
|
||||
| *dwh_bq_datasets* | DWH Bigquery datasets | <code title="map(object({ location = string iam = map(list(string)) }))">map(object({...}))</code> | | <code title="{ bq_raw_dataset = { iam = {} location = "EU" } }">...</code> |
|
||||
| *landing_buckets* | List of landing buckets to create | <code title="map(object({ location = string name = string }))">map(object({...}))</code> | | <code title="{ raw-data = { location = "EU" name = "raw-data" } data-schema = { location = "EU" name = "data-schema" } }">...</code> |
|
||||
|
@ -67,8 +68,6 @@ You can configure GCP resources to use existing CMEK keys configuring the 'servi
|
|||
| *transformation_buckets* | List of transformation buckets to create | <code title="map(object({ location = string name = string }))">map(object({...}))</code> | | <code title="{ temp = { location = "EU" name = "temp" }, templates = { location = "EU" name = "templates" }, }">...</code> |
|
||||
| *transformation_subnets* | List of subnets to create in the transformation Project. | <code title="list(object({ ip_cidr_range = string name = string region = string secondary_ip_range = map(string) }))">list(object({...}))</code> | | <code title="[ { ip_cidr_range = "10.1.0.0/20" name = "transformation-subnet" region = "europe-west3" secondary_ip_range = {} }, ]">...</code> |
|
||||
| *transformation_vpc_name* | Name of the VPC created in the transformation Project. | <code title="">string</code> | | <code title="">transformation-vpc</code> |
|
||||
| *admins* | List of users allowed to impersonate the service account | <code title="">list</code> | | <code title="">null</code> |
|
||||
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -116,7 +116,6 @@ variable "project_ids" {
|
|||
})
|
||||
}
|
||||
|
||||
|
||||
variable "service_account_names" {
|
||||
description = "Project service accounts list."
|
||||
type = object({
|
||||
|
@ -135,6 +134,18 @@ variable "service_account_names" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "service_encryption_key_ids" {
|
||||
description = "Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project."
|
||||
type = object({
|
||||
multiregional = string
|
||||
global = string
|
||||
})
|
||||
default = {
|
||||
multiregional = null
|
||||
global = null
|
||||
}
|
||||
}
|
||||
|
||||
variable "transformation_buckets" {
|
||||
description = "List of transformation buckets to create"
|
||||
type = map(object({
|
||||
|
@ -176,15 +187,3 @@ variable "transformation_vpc_name" {
|
|||
type = string
|
||||
default = "transformation-vpc"
|
||||
}
|
||||
|
||||
variable "service_encryption_key_ids" {
|
||||
description = "Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project."
|
||||
type = object({
|
||||
multiregional = string
|
||||
global = string
|
||||
})
|
||||
default = {
|
||||
multiregional = null
|
||||
global = null
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,13 +24,13 @@ variable "location" {
|
|||
default = "europe"
|
||||
}
|
||||
|
||||
variable "project_service_name" {
|
||||
description = "Name for the new Service Project."
|
||||
variable "project_kms_name" {
|
||||
description = "Name for the new KMS Project."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_kms_name" {
|
||||
description = "Name for the new KMS Project."
|
||||
variable "project_service_name" {
|
||||
description = "Name for the new Service Project."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
@ -45,6 +45,18 @@ variable "root_node" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "ssh_source_ranges" {
|
||||
description = "IP CIDR ranges that will be allowed to connect via SSH to the onprem instance."
|
||||
type = list(string)
|
||||
default = ["0.0.0.0/0"]
|
||||
}
|
||||
|
||||
variable "vpc_ip_cidr_range" {
|
||||
description = "Ip range used in the subnet deployef in the Service Project."
|
||||
type = string
|
||||
default = "10.0.0.0/20"
|
||||
}
|
||||
|
||||
variable "vpc_name" {
|
||||
description = "Name of the VPC created in the Service Project."
|
||||
type = string
|
||||
|
@ -56,15 +68,3 @@ variable "vpc_subnet_name" {
|
|||
type = string
|
||||
default = "subnet"
|
||||
}
|
||||
|
||||
variable "vpc_ip_cidr_range" {
|
||||
description = "Ip range used in the subnet deployef in the Service Project."
|
||||
type = string
|
||||
default = "10.0.0.0/20"
|
||||
}
|
||||
|
||||
variable "ssh_source_ranges" {
|
||||
description = "IP CIDR ranges that will be allowed to connect via SSH to the onprem instance."
|
||||
type = list(string)
|
||||
default = ["0.0.0.0/0"]
|
||||
}
|
||||
|
|
|
@ -14,9 +14,9 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "terraform_project" {
|
||||
description = "Project that holds the base Terraform resources."
|
||||
value = module.tf-project.project_id
|
||||
output "audit_logs_project" {
|
||||
description = "Project that holds the audit logs export resources."
|
||||
value = module.audit-project.project_id
|
||||
}
|
||||
|
||||
output "bootstrap_tf_gcs_bucket" {
|
||||
|
@ -24,27 +24,6 @@ output "bootstrap_tf_gcs_bucket" {
|
|||
value = module.tf-gcs-bootstrap.name
|
||||
}
|
||||
|
||||
output "shared_folder_id" {
|
||||
description = "Shared folder id."
|
||||
value = module.shared-folder.id
|
||||
}
|
||||
|
||||
output "bu_machine_learning" {
|
||||
description = "Machine Learning attributes."
|
||||
value = {
|
||||
unit_folder = module.bu-machine-learning.unit_folder,
|
||||
env_gcs_buckets = module.bu-machine-learning.env_gcs_buckets
|
||||
env_folders = module.bu-machine-learning.env_folders
|
||||
env_service_accounts = module.bu-machine-learning.env_service_accounts
|
||||
}
|
||||
}
|
||||
|
||||
output "bu_machine_learning_keys" {
|
||||
description = "Machine Learning service account keys."
|
||||
sensitive = true
|
||||
value = module.bu-machine-learning.env_sa_keys
|
||||
}
|
||||
|
||||
output "bu_business_intelligence" {
|
||||
description = "Business Intelligence attributes."
|
||||
value = {
|
||||
|
@ -61,9 +40,25 @@ output "bu_business_intelligence_keys" {
|
|||
value = module.bu-business-intelligence.env_sa_keys
|
||||
}
|
||||
|
||||
output "audit_logs_project" {
|
||||
description = "Project that holds the audit logs export resources."
|
||||
value = module.audit-project.project_id
|
||||
output "bu_machine_learning" {
|
||||
description = "Machine Learning attributes."
|
||||
value = {
|
||||
unit_folder = module.bu-machine-learning.unit_folder,
|
||||
env_gcs_buckets = module.bu-machine-learning.env_gcs_buckets
|
||||
env_folders = module.bu-machine-learning.env_folders
|
||||
env_service_accounts = module.bu-machine-learning.env_service_accounts
|
||||
}
|
||||
}
|
||||
|
||||
output "bu_machine_learning_keys" {
|
||||
description = "Machine Learning service account keys."
|
||||
sensitive = true
|
||||
value = module.bu-machine-learning.env_sa_keys
|
||||
}
|
||||
|
||||
output "shared_folder_id" {
|
||||
description = "Shared folder id."
|
||||
value = module.shared-folder.id
|
||||
}
|
||||
|
||||
output "shared_resources_project" {
|
||||
|
@ -71,5 +66,10 @@ output "shared_resources_project" {
|
|||
value = module.shared-project.project_id
|
||||
}
|
||||
|
||||
output "terraform_project" {
|
||||
description = "Project that holds the base Terraform resources."
|
||||
value = module.tf-project.project_id
|
||||
}
|
||||
|
||||
# Add further outputs here for the additional modules that manage shared
|
||||
# resources, like GCR, GCS buckets, KMS, etc.
|
||||
|
|
|
@ -84,6 +84,7 @@ variable "project_services" {
|
|||
"stackdriver.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
|
||||
type = string
|
||||
|
|
|
@ -12,9 +12,14 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
output "terraform_project" {
|
||||
description = "Project that holds the base Terraform resources."
|
||||
value = module.tf-project.project_id
|
||||
output "audit_logs_bq_dataset" {
|
||||
description = "Bigquery dataset for the audit logs export."
|
||||
value = module.audit-dataset.id
|
||||
}
|
||||
|
||||
output "audit_logs_project" {
|
||||
description = "Project that holds the audit logs export resources."
|
||||
value = module.audit-project.project_id
|
||||
}
|
||||
|
||||
output "bootstrap_tf_gcs_bucket" {
|
||||
|
@ -27,30 +32,19 @@ output "environment_folders" {
|
|||
value = { for folder in module.environment-folders : folder.name => folder.id }
|
||||
}
|
||||
|
||||
output "environment_tf_gcs_buckets" {
|
||||
description = "GCS buckets used for each environment Terraform state."
|
||||
value = { for env, bucket in module.tf-gcs-environments : env => bucket.name }
|
||||
}
|
||||
|
||||
output "environment_service_account_keys" {
|
||||
description = "Service account keys used to run each environment Terraform modules."
|
||||
sensitive = true
|
||||
value = { for env, sa in module.tf-service-accounts : env => sa.key }
|
||||
}
|
||||
|
||||
output "environment_service_accounts" {
|
||||
description = "Service accounts used to run each environment Terraform modules."
|
||||
value = { for env, sa in module.tf-service-accounts : env => sa.email }
|
||||
}
|
||||
|
||||
output "audit_logs_bq_dataset" {
|
||||
description = "Bigquery dataset for the audit logs export."
|
||||
value = module.audit-dataset.id
|
||||
}
|
||||
|
||||
output "audit_logs_project" {
|
||||
description = "Project that holds the audit logs export resources."
|
||||
value = module.audit-project.project_id
|
||||
output "environment_tf_gcs_buckets" {
|
||||
description = "GCS buckets used for each environment Terraform state."
|
||||
value = { for env, bucket in module.tf-gcs-environments : env => bucket.name }
|
||||
}
|
||||
|
||||
output "shared_services_project" {
|
||||
|
@ -58,5 +52,10 @@ output "shared_services_project" {
|
|||
value = module.sharedsvc-project.project_id
|
||||
}
|
||||
|
||||
output "terraform_project" {
|
||||
description = "Project that holds the base Terraform resources."
|
||||
value = module.tf-project.project_id
|
||||
}
|
||||
|
||||
# Add further outputs here for the additional modules that manage shared
|
||||
# resources, like GCR, GCS buckets, KMS, etc.
|
||||
|
|
|
@ -101,11 +101,6 @@ variable "prefix" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_services" {
|
||||
description = "Service APIs enabled by default in new projects."
|
||||
type = list(string)
|
||||
|
@ -115,6 +110,11 @@ variable "project_services" {
|
|||
]
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "service_account_keys" {
|
||||
description = "Generate and store service account keys in the state file."
|
||||
type = bool
|
||||
|
|
|
@ -106,7 +106,7 @@ module "apigee-organization" {
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| analytics_region | Analytics Region for the Apigee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli. | <code title="">string</code> | ✓ | |
|
||||
| project_id | Project ID to host this Apigee organization (will also become the Apigee Org name). | <code title="">string</code> | ✓ | |
|
||||
| runtime_type | None | <code title="string validation { condition = contains(["CLOUD", "HYBRID"], var.runtime_type) error_message = "Allowed values for runtime_type \"CLOUD\" or \"HYBRID\"." }">string</code> | ✓ | |
|
||||
| runtime_type | Apigee runtime type. Must be `CLOUD` or `HYBRID`. | <code title="string validation { condition = contains(["CLOUD", "HYBRID"], var.runtime_type) error_message = "Allowed values for runtime_type \"CLOUD\" or \"HYBRID\"." }">string</code> | ✓ | |
|
||||
| *apigee_envgroups* | Apigee Environment Groups. | <code title="map(object({ environments = list(string) hostnames = list(string) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *apigee_environments* | Apigee Environment Names. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *authorized_network* | VPC network self link (requires service network peering enabled (Used in Apigee X only). | <code title="">string</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -14,12 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "authorized_network" {
|
||||
description = "VPC network self link (requires service network peering enabled (Used in Apigee X only)."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "analytics_region" {
|
||||
description = "Analytics Region for the Apigee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli."
|
||||
type = string
|
||||
|
@ -40,6 +34,12 @@ variable "apigee_environments" {
|
|||
default = []
|
||||
}
|
||||
|
||||
variable "authorized_network" {
|
||||
description = "VPC network self link (requires service network peering enabled (Used in Apigee X only)."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "database_encryption_key" {
|
||||
description = "Cloud KMS key self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only)."
|
||||
type = string
|
||||
|
@ -64,8 +64,8 @@ variable "project_id" {
|
|||
}
|
||||
|
||||
variable "runtime_type" {
|
||||
description = "Apigee runtime type. Must be `CLOUD` or `HYBRID`."
|
||||
type = string
|
||||
|
||||
validation {
|
||||
condition = contains(["CLOUD", "HYBRID"], var.runtime_type)
|
||||
error_message = "Allowed values for runtime_type \"CLOUD\" or \"HYBRID\"."
|
||||
|
|
|
@ -14,12 +14,35 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "description" {
|
||||
description = "An optional description for the repository"
|
||||
type = string
|
||||
default = "Terraform-managed registry"
|
||||
}
|
||||
|
||||
variable "format" {
|
||||
description = "Repository format. One of DOCKER or UNSPECIFIED"
|
||||
type = string
|
||||
default = "DOCKER"
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "IAM bindings in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "id" {
|
||||
description = "Repository id"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Labels to be attached to the registry."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "Registry location. Use `gcloud beta artifacts locations list' to get valid values"
|
||||
type = string
|
||||
|
@ -30,26 +53,3 @@ variable "project_id" {
|
|||
description = "Registry project id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Labels to be attached to the registry."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "format" {
|
||||
description = "Repository format. One of DOCKER or UNSPECIFIED"
|
||||
type = string
|
||||
default = "DOCKER"
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "An optional description for the repository"
|
||||
type = string
|
||||
default = "Terraform-managed registry"
|
||||
}
|
||||
|
||||
variable "id" {
|
||||
description = "Repository id"
|
||||
type = string
|
||||
}
|
||||
|
|
|
@ -55,22 +55,22 @@ output "self_link" {
|
|||
]
|
||||
}
|
||||
|
||||
output "tables" {
|
||||
description = "Table resources."
|
||||
value = google_bigquery_table.default
|
||||
}
|
||||
|
||||
output "table_ids" {
|
||||
description = "Map of fully qualified table ids keyed by table ids."
|
||||
value = { for k, v in google_bigquery_table.default : v.table_id => v.id }
|
||||
}
|
||||
|
||||
output "views" {
|
||||
description = "View resources."
|
||||
value = google_bigquery_table.views
|
||||
output "tables" {
|
||||
description = "Table resources."
|
||||
value = google_bigquery_table.default
|
||||
}
|
||||
|
||||
output "view_ids" {
|
||||
description = "Map of fully qualified view ids keyed by view ids."
|
||||
value = { for k, v in google_bigquery_table.views : v.table_id => v.id }
|
||||
}
|
||||
|
||||
output "views" {
|
||||
description = "View resources."
|
||||
value = google_bigquery_table.views
|
||||
}
|
||||
|
|
|
@ -55,12 +55,23 @@ variable "encryption_key" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "friendly_name" {
|
||||
description = "Dataset friendly name."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "id" {
|
||||
description = "Dataset id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Dataset labels."
|
||||
type = map(string)
|
||||
|
@ -73,17 +84,6 @@ variable "location" {
|
|||
default = "EU"
|
||||
}
|
||||
|
||||
variable "friendly_name" {
|
||||
description = "Dataset friendly name."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "id" {
|
||||
description = "Dataset id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "options" {
|
||||
description = "Dataset options."
|
||||
type = object({
|
||||
|
|
|
@ -32,15 +32,15 @@ output "instance" {
|
|||
]
|
||||
}
|
||||
|
||||
output "tables" {
|
||||
description = "Table resources."
|
||||
value = google_bigtable_table.default
|
||||
}
|
||||
|
||||
output "table_ids" {
|
||||
description = "Map of fully qualified table ids keyed by table name."
|
||||
value = { for k, v in google_bigtable_table.default : v.name => v.id }
|
||||
}
|
||||
|
||||
output "tables" {
|
||||
description = "Table resources."
|
||||
value = google_bigtable_table.default
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -64,15 +64,6 @@ variable "storage_type" {
|
|||
default = "SSD"
|
||||
}
|
||||
|
||||
variable "tables" {
|
||||
description = "Tables to be created in the BigTable instance, options can be null."
|
||||
type = map(object({
|
||||
split_keys = list(string)
|
||||
column_family = string
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "table_options_defaults" {
|
||||
description = "Default option of tables created in the BigTable instance."
|
||||
type = object({
|
||||
|
@ -85,6 +76,15 @@ variable "table_options_defaults" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "tables" {
|
||||
description = "Tables to be created in the BigTable instance, options can be null."
|
||||
type = map(object({
|
||||
split_keys = list(string)
|
||||
column_family = string
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "The zone to create the Cloud Bigtable cluster in."
|
||||
type = string
|
||||
|
|
|
@ -69,7 +69,7 @@ module "pubsub" {
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| billing_account | Billing account id. | <code title="">string</code> | ✓ | |
|
||||
| name | Budget name. | <code title="">string</code> | ✓ | |
|
||||
| thresholds | None | <code title="object({ current = list(number) forecasted = list(number) }) validation { condition = length(var.thresholds.current) > 0 || length(var.thresholds.forecasted) > 0 error_message = "Must specify at least one budget threshold." }">object({...})</code> | ✓ | |
|
||||
| thresholds | Thresholds percentages at which alerts are sent. Must be a value between 0 and 1. | <code title="object({ current = list(number) forecasted = list(number) }) validation { condition = length(var.thresholds.current) > 0 || length(var.thresholds.forecasted) > 0 error_message = "Must specify at least one budget threshold." }">object({...})</code> | ✓ | |
|
||||
| *amount* | Amount in the billing account's currency for the budget. Use 0 to set budget to 100% of last period's spend. | <code title="">number</code> | | <code title="">0</code> |
|
||||
| *credit_treatment* | How credits should be treated when determining spend for threshold calculations. Only INCLUDE_ALL_CREDITS or EXCLUDE_ALL_CREDITS are supported | <code title="">string</code> | | <code title="INCLUDE_ALL_CREDITS validation { condition = ( var.credit_treatment == "INCLUDE_ALL_CREDITS" || var.credit_treatment == "EXCLUDE_ALL_CREDITS" ) error_message = "Argument credit_treatment must be INCLUDE_ALL_CREDITS or EXCLUDE_ALL_CREDITS." }">...</code> |
|
||||
| *email_recipients* | Emails where budget notifications will be sent. Setting this will create a notification channel for each email in the specified project. | <code title="object({ project_id = string emails = list(string) })">object({...})</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -83,6 +83,7 @@ variable "services" {
|
|||
}
|
||||
|
||||
variable "thresholds" {
|
||||
description = "Thresholds percentages at which alerts are sent. Must be a value between 0 and 1."
|
||||
type = object({
|
||||
current = list(number)
|
||||
forecasted = list(number)
|
||||
|
|
|
@ -14,14 +14,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "display_name" {
|
||||
description = "Group display name."
|
||||
variable "customer_id" {
|
||||
description = "Directory customer ID in the form customers/C0xxxxxxx."
|
||||
type = string
|
||||
validation {
|
||||
condition = can(regex("^customers/C0[a-z0-9]{7}$", var.customer_id))
|
||||
error_message = "Customer ID must be in the form customers/C0xxxxxxx."
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Group ID (usually an email)."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
|
@ -30,13 +29,20 @@ variable "description" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "customer_id" {
|
||||
description = "Directory customer ID in the form customers/C0xxxxxxx."
|
||||
variable "display_name" {
|
||||
description = "Group display name."
|
||||
type = string
|
||||
validation {
|
||||
condition = can(regex("^customers/C0[a-z0-9]{7}$", var.customer_id))
|
||||
error_message = "Customer ID must be in the form customers/C0xxxxxxx."
|
||||
}
|
||||
|
||||
variable "members" {
|
||||
description = "List of group members."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Group ID (usually an email)."
|
||||
type = string
|
||||
}
|
||||
|
||||
# variable "owners" {
|
||||
|
@ -50,9 +56,3 @@ variable "customer_id" {
|
|||
# type = list(string)
|
||||
# default = []
|
||||
# }
|
||||
|
||||
variable "members" {
|
||||
description = "List of group members."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
|
|
@ -106,7 +106,7 @@ module "db" {
|
|||
| *availability_type* | Availability type for the primary replica. Either `ZONAL` or `REGIONAL` | <code title="">string</code> | | <code title="">ZONAL</code> |
|
||||
| *backup_configuration* | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas | <code title="object({ enabled = bool binary_log_enabled = bool })">object({...})</code> | | <code title="{ enabled = false binary_log_enabled = false }">...</code> |
|
||||
| *databases* | Databases to create once the primary instance is created. | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *deletion_protection* | None | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *deletion_protection* | Allow terraform to delete instances. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *disk_size* | Disk size in GB. Set to null to enable autoresize. | <code title="">number</code> | | <code title="">null</code> |
|
||||
| *disk_type* | The type of data disk: `PD_SSD` or `PD_HDD`. | <code title="">string</code> | | <code title="">PD_SSD</code> |
|
||||
| *flags* | Map FLAG_NAME=>VALUE for database-specific tuning. | <code title="map(string)">map(string)</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -50,6 +50,7 @@ variable "databases" {
|
|||
}
|
||||
|
||||
variable "deletion_protection" {
|
||||
description = "Allow terraform to delete instances."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
@ -110,13 +111,13 @@ variable "replicas" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "tier" {
|
||||
description = "The machine type to use for the instances."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "users" {
|
||||
description = "Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password"
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "tier" {
|
||||
description = "The machine type to use for the instances."
|
||||
type = string
|
||||
}
|
||||
|
|
|
@ -14,6 +14,15 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "auto_healing_policies" {
|
||||
description = "Auto-healing policies for this group."
|
||||
type = object({
|
||||
health_check = string
|
||||
initial_delay_sec = number
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "autoscaler_config" {
|
||||
description = "Optional autoscaler configuration. Only one of 'cpu_utilization_target' 'load_balancing_utilization_target' or 'metric' can be not null."
|
||||
type = object({
|
||||
|
@ -33,15 +42,6 @@ variable "autoscaler_config" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "auto_healing_policies" {
|
||||
description = "Auto-healing policies for this group."
|
||||
type = object({
|
||||
health_check = string
|
||||
initial_delay_sec = number
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "default_version" {
|
||||
description = "Default application version template. Additional versions can be specified via the `versions` variable."
|
||||
type = object({
|
||||
|
|
|
@ -14,6 +14,21 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "attached_disk_defaults" {
|
||||
description = "Defaults for attached disks options."
|
||||
type = object({
|
||||
mode = string
|
||||
replica_zone = string
|
||||
type = string
|
||||
})
|
||||
default = {
|
||||
auto_delete = true
|
||||
mode = "READ_WRITE"
|
||||
replica_zone = null
|
||||
type = "pd-balanced"
|
||||
}
|
||||
}
|
||||
|
||||
variable "attached_disks" {
|
||||
description = "Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null."
|
||||
type = list(object({
|
||||
|
@ -40,21 +55,6 @@ variable "attached_disks" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "attached_disk_defaults" {
|
||||
description = "Defaults for attached disks options."
|
||||
type = object({
|
||||
mode = string
|
||||
replica_zone = string
|
||||
type = string
|
||||
})
|
||||
default = {
|
||||
auto_delete = true
|
||||
mode = "READ_WRITE"
|
||||
replica_zone = null
|
||||
type = "pd-balanced"
|
||||
}
|
||||
}
|
||||
|
||||
variable "boot_disk" {
|
||||
description = "Boot disk properties."
|
||||
type = object({
|
||||
|
|
|
@ -36,6 +36,24 @@ variable "enable_stackdriver_monitoring" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "firewall_create" {
|
||||
description = "Create Network firewall rules to enable SSH."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "ip_allocation" {
|
||||
description = "Ip allocated for datafusion instance when not using the auto created one and created outside of the module."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "ip_allocation_create" {
|
||||
description = "Create Ip range for datafusion instance."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "The resource labels for instance to use to annotate any related underlying resources, such as Compute Engine VMs."
|
||||
type = map(string)
|
||||
|
@ -52,12 +70,6 @@ variable "network" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "firewall_create" {
|
||||
description = "Create Network firewall rules to enable SSH."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "network_peering" {
|
||||
description = "Create Network peering between project and DataFusion tenant project."
|
||||
type = bool
|
||||
|
@ -80,18 +92,6 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "ip_allocation_create" {
|
||||
description = "Create Ip range for datafusion instance."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "ip_allocation" {
|
||||
description = "Ip allocated for datafusion instance when not using the auto created one and created outside of the module."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "type" {
|
||||
description = "Datafusion Instance type. It can be BASIC or ENTERPRISE (default value)."
|
||||
type = string
|
||||
|
|
|
@ -68,7 +68,7 @@ module "private-dns" {
|
|||
| *dnssec_config* | DNSSEC configuration: kind, non_existence, state. | <code title="">any</code> | | <code title="">{}</code> |
|
||||
| *forwarders* | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *peer_network* | Peering network self link, only valid for 'peering' zone types. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *recordsets* | None | <code title="map(object({ ttl = number records = list(string) }))">map(object({...}))</code> | | <code title="{} validation { condition = alltrue([ for k, v in var.recordsets == null ? {} : var.recordsets : length(split(" ", k)) == 2 ]) error_message = "Recordsets must have keys in the format \"type name\"." }">...</code> |
|
||||
| *recordsets* | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map(object({ ttl = number records = list(string) }))">map(object({...}))</code> | | <code title="{} validation { condition = alltrue([ for k, v in var.recordsets == null ? {} : var.recordsets : length(split(" ", k)) == 2 ]) error_message = "Recordsets must have keys in the format \"type name\"." }">...</code> |
|
||||
| *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code title="">string</code> | | <code title="private validation { condition = contains(["public", "private", "forwarding", "peering", "service-directory"], var.type) error_message = "Zone must be one of 'public', 'private', 'forwarding', 'peering', 'service-directory'." }">...</code> |
|
||||
| *zone_create* | Create zone. When set to false, uses a data source to reference existing zone. | <code title="">bool</code> | | <code title="">true</code> |
|
||||
|
|
|
@ -14,6 +14,26 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "dns_keys" {
|
||||
description = "DNSKEY and DS records of DNSSEC-signed managed zones."
|
||||
value = local.dns_keys
|
||||
}
|
||||
|
||||
output "domain" {
|
||||
description = "The DNS zone domain."
|
||||
value = try(local.zone.dns_name, null)
|
||||
}
|
||||
|
||||
output "name" {
|
||||
description = "The DNS zone name."
|
||||
value = try(local.zone.name, null)
|
||||
}
|
||||
|
||||
output "name_servers" {
|
||||
description = "The DNS zone name servers."
|
||||
value = try(local.zone.name_servers, null)
|
||||
}
|
||||
|
||||
output "type" {
|
||||
description = "The DNS zone type."
|
||||
value = var.type
|
||||
|
@ -23,23 +43,3 @@ output "zone" {
|
|||
description = "DNS zone resource."
|
||||
value = local.zone
|
||||
}
|
||||
|
||||
output "name" {
|
||||
description = "The DNS zone name."
|
||||
value = try(local.zone.name, null)
|
||||
}
|
||||
|
||||
output "domain" {
|
||||
description = "The DNS zone domain."
|
||||
value = try(local.zone.dns_name, null)
|
||||
}
|
||||
|
||||
output "name_servers" {
|
||||
description = "The DNS zone name servers."
|
||||
value = try(local.zone.name_servers, null)
|
||||
}
|
||||
|
||||
output "dns_keys" {
|
||||
description = "DNSKEY and DS records of DNSSEC-signed managed zones."
|
||||
value = local.dns_keys
|
||||
}
|
||||
|
|
|
@ -24,12 +24,6 @@ variable "client_networks" {
|
|||
default = []
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "Domain description."
|
||||
type = string
|
||||
default = "Terraform managed."
|
||||
}
|
||||
|
||||
variable "default_key_specs_key" {
|
||||
description = "DNSSEC default key signing specifications: algorithm, key_length, key_type, kind."
|
||||
type = any
|
||||
|
@ -42,6 +36,12 @@ variable "default_key_specs_zone" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "Domain description."
|
||||
type = string
|
||||
default = "Terraform managed."
|
||||
}
|
||||
|
||||
variable "dnssec_config" {
|
||||
description = "DNSSEC configuration: kind, non_existence, state."
|
||||
type = any
|
||||
|
|
|
@ -14,9 +14,9 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "service_name" {
|
||||
description = "The name of the service.."
|
||||
value = google_endpoints_service.default.service_name
|
||||
output "endpoints" {
|
||||
description = "A list of Endpoint objects."
|
||||
value = google_endpoints_service.default.endpoints
|
||||
}
|
||||
|
||||
output "endpoints_service" {
|
||||
|
@ -24,7 +24,7 @@ output "endpoints_service" {
|
|||
value = google_endpoints_service.default
|
||||
}
|
||||
|
||||
output "endpoints" {
|
||||
description = "A list of Endpoint objects."
|
||||
value = google_endpoints_service.default.endpoints
|
||||
output "service_name" {
|
||||
description = "The name of the service.."
|
||||
value = google_endpoints_service.default.service_name
|
||||
}
|
||||
|
|
|
@ -13,6 +13,21 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
output "firewall_policies" {
|
||||
description = "Map of firewall policy resources created in this folder."
|
||||
value = {
|
||||
for name, _ in var.firewall_policies :
|
||||
name => google_compute_organization_security_policy.policy[name]
|
||||
}
|
||||
}
|
||||
|
||||
output "firewall_policy_id" {
|
||||
description = "Map of firewall policy ids created in this folder."
|
||||
value = {
|
||||
for name, _ in var.firewall_policies :
|
||||
name => google_compute_organization_security_policy.policy[name].id
|
||||
}
|
||||
}
|
||||
|
||||
output "folder" {
|
||||
description = "Folder resource."
|
||||
|
@ -34,22 +49,6 @@ output "name" {
|
|||
value = local.folder.display_name
|
||||
}
|
||||
|
||||
output "firewall_policies" {
|
||||
description = "Map of firewall policy resources created in this folder."
|
||||
value = {
|
||||
for name, _ in var.firewall_policies :
|
||||
name => google_compute_organization_security_policy.policy[name]
|
||||
}
|
||||
}
|
||||
|
||||
output "firewall_policy_id" {
|
||||
description = "Map of firewall policy ids created in this folder."
|
||||
value = {
|
||||
for name, _ in var.firewall_policies :
|
||||
name => google_compute_organization_security_policy.policy[name].id
|
||||
}
|
||||
}
|
||||
|
||||
output "sink_writer_identities" {
|
||||
description = "Writer identities created for each sink."
|
||||
value = {
|
||||
|
|
|
@ -66,6 +66,12 @@ variable "id" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "logging_exclusions" {
|
||||
description = "Logging exclusions for this folder in the form {NAME -> FILTER}."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_sinks" {
|
||||
description = "Logging sinks to create for this folder."
|
||||
type = map(object({
|
||||
|
@ -80,12 +86,6 @@ variable "logging_sinks" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_exclusions" {
|
||||
description = "Logging exclusions for this folder in the form {NAME -> FILTER}."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Folder name."
|
||||
type = string
|
||||
|
|
|
@ -14,22 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "unit_folder" {
|
||||
description = "Unit top level folder."
|
||||
value = {
|
||||
id = google_folder.unit.name,
|
||||
name = google_folder.unit.display_name
|
||||
}
|
||||
}
|
||||
|
||||
output "env_gcs_buckets" {
|
||||
description = "Unit environments tfstate gcs buckets."
|
||||
value = {
|
||||
for key, bucket in google_storage_bucket.tfstate
|
||||
: key => bucket.name
|
||||
}
|
||||
}
|
||||
|
||||
output "env_folders" {
|
||||
description = "Unit environments folders."
|
||||
value = {
|
||||
|
@ -41,11 +25,11 @@ output "env_folders" {
|
|||
}
|
||||
}
|
||||
|
||||
output "env_service_accounts" {
|
||||
description = "Unit environments service accounts."
|
||||
output "env_gcs_buckets" {
|
||||
description = "Unit environments tfstate gcs buckets."
|
||||
value = {
|
||||
for key, sa in google_service_account.environment
|
||||
: key => sa.email
|
||||
for key, bucket in google_storage_bucket.tfstate
|
||||
: key => bucket.name
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -57,3 +41,19 @@ output "env_sa_keys" {
|
|||
key => sa_key.private_key
|
||||
}
|
||||
}
|
||||
|
||||
output "env_service_accounts" {
|
||||
description = "Unit environments service accounts."
|
||||
value = {
|
||||
for key, sa in google_service_account.environment
|
||||
: key => sa.email
|
||||
}
|
||||
}
|
||||
|
||||
output "unit_folder" {
|
||||
description = "Unit top level folder."
|
||||
value = {
|
||||
id = google_folder.unit.name,
|
||||
name = google_folder.unit.display_name
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,10 +14,21 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "uniform_bucket_level_access" {
|
||||
description = "Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API)."
|
||||
type = bool
|
||||
default = true
|
||||
variable "cors" {
|
||||
description = "CORS configuration for the bucket. Defaults to null."
|
||||
type = object({
|
||||
origin = list(string)
|
||||
method = list(string)
|
||||
response_header = list(string)
|
||||
max_age_seconds = number
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "encryption_key" {
|
||||
description = "KMS key that will be used for encryption."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "force_destroy" {
|
||||
|
@ -32,18 +43,34 @@ variable "iam" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "encryption_key" {
|
||||
description = "KMS key that will be used for encryption."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Labels to be attached to all buckets."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "lifecycle_rule" {
|
||||
description = "Bucket lifecycle rule"
|
||||
type = object({
|
||||
action = object({
|
||||
type = string
|
||||
storage_class = string
|
||||
})
|
||||
condition = object({
|
||||
age = number
|
||||
created_before = string
|
||||
with_state = string
|
||||
matches_storage_class = list(string)
|
||||
num_newer_versions = string
|
||||
custom_time_before = string
|
||||
days_since_custom_time = string
|
||||
days_since_noncurrent_time = string
|
||||
noncurrent_time_before = string
|
||||
})
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "Bucket location."
|
||||
type = string
|
||||
|
@ -94,41 +121,14 @@ variable "storage_class" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "uniform_bucket_level_access" {
|
||||
description = "Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API)."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "versioning" {
|
||||
description = "Enable versioning, defaults to false."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "cors" {
|
||||
description = "CORS configuration for the bucket. Defaults to null."
|
||||
type = object({
|
||||
origin = list(string)
|
||||
method = list(string)
|
||||
response_header = list(string)
|
||||
max_age_seconds = number
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "lifecycle_rule" {
|
||||
description = "Bucket lifecycle rule"
|
||||
type = object({
|
||||
action = object({
|
||||
type = string
|
||||
storage_class = string
|
||||
})
|
||||
condition = object({
|
||||
age = number
|
||||
created_before = string
|
||||
with_state = string
|
||||
matches_storage_class = list(string)
|
||||
num_newer_versions = string
|
||||
custom_time_before = string
|
||||
days_since_custom_time = string
|
||||
days_since_noncurrent_time = string
|
||||
noncurrent_time_before = string
|
||||
})
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
|
|
@ -14,6 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "ca_certificate" {
|
||||
description = "Public certificate of the cluster (base64-encoded)."
|
||||
value = google_container_cluster.cluster.master_auth.0.cluster_ca_certificate
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "cluster" {
|
||||
description = "Cluster resource."
|
||||
sensitive = true
|
||||
|
@ -39,9 +45,3 @@ output "name" {
|
|||
description = "Cluster name."
|
||||
value = google_container_cluster.cluster.name
|
||||
}
|
||||
|
||||
output "ca_certificate" {
|
||||
description = "Public certificate of the cluster (base64-encoded)."
|
||||
value = google_container_cluster.cluster.master_auth.0.cluster_ca_certificate
|
||||
sensitive = true
|
||||
}
|
||||
|
|
|
@ -42,12 +42,6 @@ variable "addons" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "enable_dataplane_v2" {
|
||||
description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "authenticator_security_group" {
|
||||
description = "RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com."
|
||||
type = string
|
||||
|
@ -98,12 +92,24 @@ variable "description" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "enable_autopilot" {
|
||||
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "enable_binary_authorization" {
|
||||
description = "Enable Google Binary Authorization."
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "enable_dataplane_v2" {
|
||||
description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "enable_intranode_visibility" {
|
||||
description = "Enable intra-node visibility to make same node pod to pod traffic visible."
|
||||
type = bool
|
||||
|
@ -256,9 +262,3 @@ variable "workload_identity" {
|
|||
default = true
|
||||
}
|
||||
|
||||
variable "enable_autopilot" {
|
||||
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
|
|
|
@ -72,6 +72,12 @@ variable "node_boot_disk_kms_key" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "node_count" {
|
||||
description = "Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set."
|
||||
type = number
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "node_disk_size" {
|
||||
description = "Node disk size, defaults to 100GB."
|
||||
type = number
|
||||
|
@ -102,17 +108,16 @@ variable "node_labels" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "node_taints" {
|
||||
description = "Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule"
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "node_local_ssd_count" {
|
||||
description = "Number of local SSDs attached to nodes."
|
||||
type = number
|
||||
default = 0
|
||||
}
|
||||
variable "node_locations" {
|
||||
description = "Optional list of zones in which nodes should be located. Uses cluster locations if unset."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "node_machine_type" {
|
||||
description = "Nodes machine type."
|
||||
|
@ -179,17 +184,12 @@ variable "node_tags" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "node_count" {
|
||||
description = "Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set."
|
||||
type = number
|
||||
default = null
|
||||
variable "node_taints" {
|
||||
description = "Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule"
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "node_locations" {
|
||||
description = "Optional list of zones in which nodes should be located. Uses cluster locations if unset."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Cluster project id."
|
||||
|
|
|
@ -14,11 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "service_account" {
|
||||
description = "Service account resource."
|
||||
value = local.service_account
|
||||
}
|
||||
|
||||
output "email" {
|
||||
description = "Service account email."
|
||||
value = local.resource_email_static
|
||||
|
@ -40,3 +35,8 @@ output "key" {
|
|||
sensitive = true
|
||||
value = local.key
|
||||
}
|
||||
|
||||
output "service_account" {
|
||||
description = "Service account resource."
|
||||
value = local.service_account
|
||||
}
|
||||
|
|
|
@ -14,6 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "display_name" {
|
||||
description = "Display name of the service account to create."
|
||||
type = string
|
||||
default = "Terraform-managed."
|
||||
}
|
||||
|
||||
variable "generate_key" {
|
||||
description = "Generate a key for service account."
|
||||
type = bool
|
||||
|
@ -61,12 +67,6 @@ variable "name" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "display_name" {
|
||||
description = "Display name of the service account to create."
|
||||
type = string
|
||||
default = "Terraform-managed."
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix applied to service account names."
|
||||
type = string
|
||||
|
|
|
@ -14,6 +14,18 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
output "key_self_links" {
|
||||
description = "Key self links."
|
||||
value = {
|
||||
for name, resource in google_kms_crypto_key.default :
|
||||
name => resource.self_link
|
||||
}
|
||||
depends_on = [
|
||||
google_kms_crypto_key_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "keyring" {
|
||||
description = "Keyring resource."
|
||||
value = local.keyring
|
||||
|
@ -22,6 +34,14 @@ output "keyring" {
|
|||
]
|
||||
}
|
||||
|
||||
output "keys" {
|
||||
description = "Key resources."
|
||||
value = google_kms_crypto_key.default
|
||||
depends_on = [
|
||||
google_kms_crypto_key_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "location" {
|
||||
description = "Keyring location."
|
||||
value = local.keyring.location
|
||||
|
@ -45,22 +65,3 @@ output "self_link" {
|
|||
google_kms_key_ring_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "keys" {
|
||||
description = "Key resources."
|
||||
value = google_kms_crypto_key.default
|
||||
depends_on = [
|
||||
google_kms_crypto_key_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "key_self_links" {
|
||||
description = "Key self links."
|
||||
value = {
|
||||
for name, resource in google_kms_crypto_key.default :
|
||||
name => resource.self_link
|
||||
}
|
||||
depends_on = [
|
||||
google_kms_crypto_key_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
|
|
@ -57,5 +57,5 @@ module "bucket-default" {
|
|||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| id | None | |
|
||||
| id | ID of the created bucket. | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
*/
|
||||
|
||||
output "id" {
|
||||
description = "ID of the created bucket."
|
||||
value = try(
|
||||
google_logging_project_bucket_config.bucket.0.id,
|
||||
google_logging_folder_bucket_config.bucket.0.id,
|
||||
|
|
|
@ -14,13 +14,14 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "parent_type" {
|
||||
description = "Parent object type for the bucket (project, folder, organization, billing_account)."
|
||||
variable "description" {
|
||||
description = "Human-readable description for the logging bucket."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "parent" {
|
||||
description = "ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'."
|
||||
variable "id" {
|
||||
description = "Name of the logging bucket."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
@ -30,15 +31,14 @@ variable "location" {
|
|||
default = "global"
|
||||
}
|
||||
|
||||
variable "id" {
|
||||
description = "Name of the logging bucket."
|
||||
variable "parent" {
|
||||
description = "ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "Human-readable description for the logging bucket."
|
||||
variable "parent_type" {
|
||||
description = "Parent object type for the bucket (project, folder, organization, billing_account)."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "retention" {
|
||||
|
|
|
@ -72,11 +72,11 @@ module "project-tf" {
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| environment | Environment abbreviation used in names and labels. | <code title="">string</code> | ✓ | |
|
||||
| resources | Short resource names by type. | <code title="map(list(string))">map(list(string))</code> | ✓ | |
|
||||
| team | Optional name suffix. | <code title="">string</code> | ✓ | |
|
||||
| team | Team name. | <code title="">string</code> | ✓ | |
|
||||
| *labels* | Per-resource labels. | <code title="map(map(map(string)))">map(map(map(string)))</code> | | <code title="">{}</code> |
|
||||
| *prefix* | Optional name prefix. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *separator_override* | Optional separator override for specific resource types. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *suffix* | None | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *suffix* | Optional name suffix. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *use_resource_prefixes* | Prefix names with the resource type. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
|
||||
## Outputs
|
||||
|
|
|
@ -19,18 +19,18 @@ variable "environment" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Optional name prefix."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Per-resource labels."
|
||||
type = map(map(map(string)))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Optional name prefix."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "resources" {
|
||||
description = "Short resource names by type."
|
||||
type = map(list(string))
|
||||
|
@ -43,12 +43,13 @@ variable "separator_override" {
|
|||
}
|
||||
|
||||
variable "suffix" {
|
||||
description = "Optional name suffix."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "team" {
|
||||
description = "Optional name suffix."
|
||||
description = "Team name."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
|
@ -83,8 +83,8 @@ module "addresses" {
|
|||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| external_addresses | None | |
|
||||
| global_addresses | None | |
|
||||
| internal_addresses | None | |
|
||||
| psc_addresses | None | |
|
||||
| external_addresses | Allocated external addresses. | |
|
||||
| global_addresses | Allocated global external addresses. | |
|
||||
| internal_addresses | Allocated internal addresses. | |
|
||||
| psc_addresses | Allocated internal addresses for PSC endpoints. | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
*/
|
||||
|
||||
output "external_addresses" {
|
||||
description = "Allocated external addresses."
|
||||
value = {
|
||||
for address in google_compute_address.external :
|
||||
address.name => {
|
||||
|
@ -25,6 +26,7 @@ output "external_addresses" {
|
|||
}
|
||||
|
||||
output "global_addresses" {
|
||||
description = "Allocated global external addresses."
|
||||
value = {
|
||||
for address in google_compute_global_address.global :
|
||||
address.name => {
|
||||
|
@ -35,6 +37,7 @@ output "global_addresses" {
|
|||
}
|
||||
|
||||
output "internal_addresses" {
|
||||
description = "Allocated internal addresses."
|
||||
value = {
|
||||
for address in google_compute_address.internal :
|
||||
address.name => {
|
||||
|
@ -45,6 +48,7 @@ output "internal_addresses" {
|
|||
}
|
||||
|
||||
output "psc_addresses" {
|
||||
description = "Allocated internal addresses for PSC endpoints."
|
||||
value = {
|
||||
for address in google_compute_global_address.psc :
|
||||
address.name => {
|
||||
|
|
|
@ -49,11 +49,6 @@ output "forwarding_rule_self_link" {
|
|||
value = google_compute_forwarding_rule.default.self_link
|
||||
}
|
||||
|
||||
output "groups" {
|
||||
description = "Optional unmanaged instance group resources."
|
||||
value = google_compute_instance_group.unmanaged
|
||||
}
|
||||
|
||||
output "group_self_links" {
|
||||
description = "Optional unmanaged instance group self links."
|
||||
value = {
|
||||
|
@ -61,6 +56,11 @@ output "group_self_links" {
|
|||
}
|
||||
}
|
||||
|
||||
output "groups" {
|
||||
description = "Optional unmanaged instance group resources."
|
||||
value = google_compute_instance_group.unmanaged
|
||||
}
|
||||
|
||||
output "health_check" {
|
||||
description = "Auto-created health-check resource."
|
||||
value = local.health_check_resource
|
||||
|
|
|
@ -20,15 +20,6 @@ variable "address" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "backends" {
|
||||
description = "Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'."
|
||||
type = list(object({
|
||||
failover = bool
|
||||
group = string
|
||||
balancing_mode = string
|
||||
}))
|
||||
}
|
||||
|
||||
variable "backend_config" {
|
||||
description = "Optional backend configuration."
|
||||
type = object({
|
||||
|
@ -39,6 +30,15 @@ variable "backend_config" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "backends" {
|
||||
description = "Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'."
|
||||
type = list(object({
|
||||
failover = bool
|
||||
group = string
|
||||
balancing_mode = string
|
||||
}))
|
||||
}
|
||||
|
||||
variable "failover_config" {
|
||||
description = "Optional failover configuration."
|
||||
type = object({
|
||||
|
@ -105,17 +105,17 @@ variable "network" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ports" {
|
||||
description = "Comma-separated ports, leave null to use all ports."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "protocol" {
|
||||
description = "IP protocol used, defaults to TCP."
|
||||
type = string
|
||||
|
|
|
@ -14,22 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "ingress_allow_rules" {
|
||||
description = "Ingress rules with allow blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.rules :
|
||||
rule if rule.direction == "INGRESS" && length(rule.allow) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "ingress_deny_rules" {
|
||||
description = "Ingress rules with deny blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.rules :
|
||||
rule if rule.direction == "INGRESS" && length(rule.deny) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "egress_allow_rules" {
|
||||
description = "Egress rules with allow blocks."
|
||||
value = [
|
||||
|
@ -45,3 +29,19 @@ output "egress_deny_rules" {
|
|||
rule if rule.direction == "EGRESS" && length(rule.deny) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "ingress_allow_rules" {
|
||||
description = "Ingress rules with allow blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.rules :
|
||||
rule if rule.direction == "INGRESS" && length(rule.allow) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "ingress_deny_rules" {
|
||||
description = "Ingress rules with deny blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.rules :
|
||||
rule if rule.direction == "INGRESS" && length(rule.deny) > 0
|
||||
]
|
||||
}
|
||||
|
|
|
@ -14,16 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "network" {
|
||||
description = "Name of the network this set of firewall rules applies to."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project Id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "config_directories" {
|
||||
description = "List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml`"
|
||||
type = list(string)
|
||||
|
@ -36,3 +26,13 @@ variable "log_config" {
|
|||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "Name of the network this set of firewall rules applies to."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project Id."
|
||||
type = string
|
||||
}
|
||||
|
|
|
@ -23,22 +23,6 @@ output "admin_ranges" {
|
|||
}
|
||||
}
|
||||
|
||||
output "custom_ingress_allow_rules" {
|
||||
description = "Custom ingress rules with allow blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.custom-rules :
|
||||
rule.name if rule.direction == "INGRESS" && try(length(rule.allow), 0) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "custom_ingress_deny_rules" {
|
||||
description = "Custom ingress rules with deny blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.custom-rules :
|
||||
rule.name if rule.direction == "INGRESS" && try(length(rule.deny), 0) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "custom_egress_allow_rules" {
|
||||
description = "Custom egress rules with allow blocks."
|
||||
value = [
|
||||
|
@ -55,6 +39,22 @@ output "custom_egress_deny_rules" {
|
|||
]
|
||||
}
|
||||
|
||||
output "custom_ingress_allow_rules" {
|
||||
description = "Custom ingress rules with allow blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.custom-rules :
|
||||
rule.name if rule.direction == "INGRESS" && try(length(rule.allow), 0) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "custom_ingress_deny_rules" {
|
||||
description = "Custom ingress rules with deny blocks."
|
||||
value = [
|
||||
for rule in google_compute_firewall.custom-rules :
|
||||
rule.name if rule.direction == "INGRESS" && try(length(rule.deny), 0) > 0
|
||||
]
|
||||
}
|
||||
|
||||
output "rules" {
|
||||
description = "All google_compute_firewall resources created."
|
||||
value = merge(
|
||||
|
|
|
@ -14,20 +14,11 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "prefix" {
|
||||
description = "Name prefix for the network peerings."
|
||||
type = string
|
||||
default = "network-peering"
|
||||
}
|
||||
|
||||
variable "local_network" {
|
||||
description = "Resource link of the network to add a peering to."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "peer_network" {
|
||||
description = "Resource link of the peer network."
|
||||
type = string
|
||||
variable "export_local_custom_routes" {
|
||||
description = "Export custom routes to peer network from local network."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "export_peer_custom_routes" {
|
||||
|
@ -36,10 +27,9 @@ variable "export_peer_custom_routes" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "export_local_custom_routes" {
|
||||
description = "Export custom routes to peer network from local network."
|
||||
type = bool
|
||||
default = false
|
||||
variable "local_network" {
|
||||
description = "Resource link of the network to add a peering to."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "peer_create_peering" {
|
||||
|
@ -47,3 +37,14 @@ variable "peer_create_peering" {
|
|||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "peer_network" {
|
||||
description = "Resource link of the peer network."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Name prefix for the network peerings."
|
||||
type = string
|
||||
default = "network-peering"
|
||||
}
|
||||
|
|
|
@ -180,7 +180,7 @@ module "vpc" {
|
|||
| *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *delete_default_routes_on_create* | Set to true to delete the default routes at creation time. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *description* | An optional description of this resource (triggers recreation on change). | <code title="">string</code> | | <code title="">Terraform-managed.</code> |
|
||||
| *dns_policy* | None | <code title="object({ inbound = bool logging = bool outbound = object({ private_ns = list(string) public_ns = list(string) }) })">object({...})</code> | | <code title="">null</code> |
|
||||
| *dns_policy* | DNS policy setup for the VPC. | <code title="object({ inbound = bool logging = bool outbound = object({ private_ns = list(string) public_ns = list(string) }) })">object({...})</code> | | <code title="">null</code> |
|
||||
| *iam* | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">{}</code> |
|
||||
| *log_config_defaults* | Default configuration for flow logs when enabled. | <code title="object({ aggregation_interval = string flow_sampling = number metadata = string })">object({...})</code> | | <code title="{ aggregation_interval = "INTERVAL_5_SEC" flow_sampling = 0.5 metadata = "INCLUDE_ALL_METADATA" }">...</code> |
|
||||
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | <code title="map(map(string))">map(map(string))</code> | | <code title="">{}</code> |
|
||||
|
|
|
@ -14,26 +14,31 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "network" {
|
||||
description = "Network resource."
|
||||
value = local.network
|
||||
depends_on = [
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
output "bindings" {
|
||||
description = "Subnet IAM bindings."
|
||||
value = { for k, v in google_compute_subnetwork_iam_binding.binding : k => v }
|
||||
}
|
||||
|
||||
output "name" {
|
||||
description = "The name of the VPC being created."
|
||||
value = local.network.name
|
||||
depends_on = [
|
||||
google_compute_network_peering.local,
|
||||
google_compute_network_peering.remote,
|
||||
google_compute_shared_vpc_host_project.shared_vpc_host,
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
||||
output "self_link" {
|
||||
description = "The URI of the VPC being created."
|
||||
value = local.network.self_link
|
||||
output "network" {
|
||||
description = "Network resource."
|
||||
value = local.network
|
||||
depends_on = [
|
||||
google_compute_network_peering.local,
|
||||
google_compute_network_peering.remote,
|
||||
google_compute_shared_vpc_host_project.shared_vpc_host,
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
@ -51,10 +56,16 @@ output "project_id" {
|
|||
]
|
||||
}
|
||||
|
||||
# TODO(ludoo): use input names as keys
|
||||
output "subnets" {
|
||||
description = "Subnet resources."
|
||||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v }
|
||||
output "self_link" {
|
||||
description = "The URI of the VPC being created."
|
||||
value = local.network.self_link
|
||||
depends_on = [
|
||||
google_compute_network_peering.local,
|
||||
google_compute_network_peering.remote,
|
||||
google_compute_shared_vpc_host_project.shared_vpc_host,
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_service_networking_connection.psn_connection
|
||||
]
|
||||
}
|
||||
|
||||
output "subnet_ips" {
|
||||
|
@ -62,11 +73,6 @@ output "subnet_ips" {
|
|||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v.ip_cidr_range }
|
||||
}
|
||||
|
||||
output "subnet_self_links" {
|
||||
description = "Map of subnet self links keyed by name."
|
||||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v.self_link }
|
||||
}
|
||||
|
||||
output "subnet_regions" {
|
||||
description = "Map of subnet regions keyed by name."
|
||||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v.region }
|
||||
|
@ -83,7 +89,13 @@ output "subnet_secondary_ranges" {
|
|||
}
|
||||
}
|
||||
|
||||
output "bindings" {
|
||||
description = "Subnet IAM bindings."
|
||||
value = { for k, v in google_compute_subnetwork_iam_binding.binding : k => v }
|
||||
output "subnet_self_links" {
|
||||
description = "Map of subnet self links keyed by name."
|
||||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v.self_link }
|
||||
}
|
||||
|
||||
# TODO(ludoo): use input names as keys
|
||||
output "subnets" {
|
||||
description = "Subnet resources."
|
||||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v }
|
||||
}
|
||||
|
|
|
@ -33,6 +33,7 @@ variable "description" {
|
|||
}
|
||||
|
||||
variable "dns_policy" {
|
||||
description = "DNS policy setup for the VPC."
|
||||
type = object({
|
||||
inbound = bool
|
||||
logging = bool
|
||||
|
@ -50,12 +51,6 @@ variable "iam" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "log_configs" {
|
||||
description = "Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled."
|
||||
type = map(map(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "log_config_defaults" {
|
||||
description = "Default configuration for flow logs when enabled."
|
||||
type = object({
|
||||
|
@ -70,6 +65,12 @@ variable "log_config_defaults" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "log_configs" {
|
||||
description = "Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled."
|
||||
type = map(map(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "mtu" {
|
||||
description = "Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes."
|
||||
default = null
|
||||
|
@ -134,7 +135,6 @@ variable "routing_mode" {
|
|||
condition = var.routing_mode == "GLOBAL" || var.routing_mode == "REGIONAL"
|
||||
error_message = "Routing type must be GLOBAL or REGIONAL."
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
variable "shared_vpc_host" {
|
||||
|
@ -149,18 +149,6 @@ variable "shared_vpc_service_projects" {
|
|||
default = []
|
||||
}
|
||||
|
||||
variable "subnets" {
|
||||
description = "The list of subnets being created"
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
name = string
|
||||
region = string
|
||||
secondary_ip_range = map(string)
|
||||
}))
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subnet_descriptions" {
|
||||
description = "Optional map of subnet descriptions, keyed by subnet 'region/name'."
|
||||
type = map(string)
|
||||
|
@ -179,6 +167,18 @@ variable "subnet_private_access" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "subnets" {
|
||||
description = "The list of subnets being created"
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
name = string
|
||||
region = string
|
||||
secondary_ip_range = map(string)
|
||||
}))
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "vpc_create" {
|
||||
description = "Create VPC. When set to false, uses a data source to reference existing VPC."
|
||||
type = bool
|
||||
|
|
|
@ -29,6 +29,12 @@ output "name" {
|
|||
value = google_compute_vpn_gateway.gateway.name
|
||||
}
|
||||
|
||||
output "random_secret" {
|
||||
description = "Generated secret."
|
||||
value = local.secret
|
||||
}
|
||||
|
||||
|
||||
output "router" {
|
||||
description = "Router resource (only if auto-created)."
|
||||
value = var.router_create ? google_compute_router.router[0] : null
|
||||
|
@ -44,14 +50,6 @@ output "self_link" {
|
|||
value = google_compute_vpn_gateway.gateway.self_link
|
||||
}
|
||||
|
||||
output "tunnels" {
|
||||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name]
|
||||
}
|
||||
}
|
||||
|
||||
output "tunnel_names" {
|
||||
description = "VPN tunnel names."
|
||||
value = {
|
||||
|
@ -68,7 +66,10 @@ output "tunnel_self_links" {
|
|||
}
|
||||
}
|
||||
|
||||
output "random_secret" {
|
||||
description = "Generated secret."
|
||||
value = local.secret
|
||||
output "tunnels" {
|
||||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,18 +14,18 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "gateway_address_create" {
|
||||
description = "Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "gateway_address" {
|
||||
description = "Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "gateway_address_create" {
|
||||
description = "Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "VPN gateway name, and prefix used for dependent resources."
|
||||
type = string
|
||||
|
|
|
@ -73,14 +73,6 @@ output "self_link" {
|
|||
value = local.vpn_gateway
|
||||
}
|
||||
|
||||
output "tunnels" {
|
||||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => try(google_compute_vpn_tunnel.tunnels[name], null)
|
||||
}
|
||||
}
|
||||
|
||||
output "tunnel_names" {
|
||||
description = "VPN tunnel names."
|
||||
value = {
|
||||
|
@ -96,3 +88,11 @@ output "tunnel_self_links" {
|
|||
name => try(google_compute_vpn_tunnel.tunnels[name].self_link, null)
|
||||
}
|
||||
}
|
||||
|
||||
output "tunnels" {
|
||||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => try(google_compute_vpn_tunnel.tunnels[name], null)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,18 +19,6 @@ variable "name" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "vpn_gateway_create" {
|
||||
description = "Create HA VPN Gateway."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "vpn_gateway" {
|
||||
description = "HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "VPC used for the gateway and routes."
|
||||
type = string
|
||||
|
@ -122,3 +110,15 @@ variable "tunnels" {
|
|||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "vpn_gateway" {
|
||||
description = "HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpn_gateway_create" {
|
||||
description = "Create HA VPN Gateway."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
|
|
@ -29,19 +29,16 @@ output "name" {
|
|||
value = google_compute_vpn_gateway.gateway.name
|
||||
}
|
||||
|
||||
output "random_secret" {
|
||||
description = "Generated secret."
|
||||
value = local.secret
|
||||
}
|
||||
|
||||
output "self_link" {
|
||||
description = "VPN gateway self link."
|
||||
value = google_compute_vpn_gateway.gateway.self_link
|
||||
}
|
||||
|
||||
output "tunnels" {
|
||||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name]
|
||||
}
|
||||
}
|
||||
|
||||
output "tunnel_names" {
|
||||
description = "VPN tunnel names."
|
||||
value = {
|
||||
|
@ -58,7 +55,10 @@ output "tunnel_self_links" {
|
|||
}
|
||||
}
|
||||
|
||||
output "random_secret" {
|
||||
description = "Generated secret."
|
||||
value = local.secret
|
||||
output "tunnels" {
|
||||
description = "VPN tunnel resources."
|
||||
value = {
|
||||
for name in keys(var.tunnels) :
|
||||
name => google_compute_vpn_tunnel.tunnels[name]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,18 +14,18 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "gateway_address_create" {
|
||||
description = "Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "gateway_address" {
|
||||
description = "Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "gateway_address_create" {
|
||||
description = "Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "VPN gateway name, and prefix used for dependent resources."
|
||||
type = string
|
||||
|
|
|
@ -14,20 +14,25 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "organization_id" {
|
||||
description = "Organization id dependent on module resources."
|
||||
value = var.organization_id
|
||||
|
||||
output "custom_role_id" {
|
||||
description = "Map of custom role IDs created in the organization."
|
||||
value = {
|
||||
for role_id, role in google_organization_iam_custom_role.roles :
|
||||
# build the string manually so that role IDs can be used as map
|
||||
# keys (useful for folder/organization/project-level iam bindings)
|
||||
(role_id) => "${var.organization_id}/roles/${role_id}"
|
||||
}
|
||||
depends_on = [
|
||||
google_organization_iam_audit_config.config,
|
||||
google_organization_iam_binding.authoritative,
|
||||
google_organization_iam_custom_role.roles,
|
||||
google_organization_iam_member.additive,
|
||||
google_organization_iam_policy.authoritative,
|
||||
google_organization_policy.boolean,
|
||||
google_organization_policy.list
|
||||
google_organization_iam_custom_role.roles
|
||||
]
|
||||
}
|
||||
|
||||
output "custom_roles" {
|
||||
description = "Map of custom roles resources created in the organization."
|
||||
value = google_organization_iam_custom_role.roles
|
||||
}
|
||||
|
||||
output "firewall_policies" {
|
||||
description = "Map of firewall policy resources created in the organization."
|
||||
value = {
|
||||
|
@ -44,27 +49,23 @@ output "firewall_policy_id" {
|
|||
}
|
||||
}
|
||||
|
||||
output "organization_id" {
|
||||
description = "Organization id dependent on module resources."
|
||||
value = var.organization_id
|
||||
depends_on = [
|
||||
google_organization_iam_audit_config.config,
|
||||
google_organization_iam_binding.authoritative,
|
||||
google_organization_iam_custom_role.roles,
|
||||
google_organization_iam_member.additive,
|
||||
google_organization_iam_policy.authoritative,
|
||||
google_organization_policy.boolean,
|
||||
google_organization_policy.list
|
||||
]
|
||||
}
|
||||
|
||||
output "sink_writer_identities" {
|
||||
description = "Writer identities created for each sink."
|
||||
value = {
|
||||
for name, sink in google_logging_organization_sink.sink : name => sink.writer_identity
|
||||
}
|
||||
}
|
||||
|
||||
output "custom_roles" {
|
||||
description = "Map of custom roles resources created in the organization."
|
||||
value = google_organization_iam_custom_role.roles
|
||||
}
|
||||
|
||||
output "custom_role_id" {
|
||||
description = "Map of custom role IDs created in the organization."
|
||||
value = {
|
||||
for role_id, role in google_organization_iam_custom_role.roles :
|
||||
# build the string manually so that role IDs can be used as map
|
||||
# keys (useful for folder/organization/project-level iam bindings)
|
||||
(role_id) => "${var.organization_id}/roles/${role_id}"
|
||||
}
|
||||
depends_on = [
|
||||
google_organization_iam_custom_role.roles
|
||||
]
|
||||
}
|
||||
|
|
|
@ -14,12 +14,42 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "contacts" {
|
||||
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
description = "Map of role name => list of permissions to create in this project."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "firewall_policies" {
|
||||
description = "Hierarchical firewall policies to *create* in the organization."
|
||||
type = map(map(object({
|
||||
description = string
|
||||
direction = string
|
||||
action = string
|
||||
priority = number
|
||||
ranges = list(string)
|
||||
ports = map(list(string))
|
||||
target_service_accounts = list(string)
|
||||
target_resources = list(string)
|
||||
logging = bool
|
||||
#preview = bool
|
||||
})))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "firewall_policy_attachments" {
|
||||
description = "List of hierarchical firewall policy IDs to *attach* to the organization"
|
||||
# set to avoid manual casting with toset()
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "group_iam" {
|
||||
description = "Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable."
|
||||
type = map(list(string))
|
||||
|
@ -72,6 +102,26 @@ variable "iam_bindings_authoritative" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "logging_exclusions" {
|
||||
description = "Logging exclusions for this organization in the form {NAME -> FILTER}."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_sinks" {
|
||||
description = "Logging sinks to create for this organization."
|
||||
type = map(object({
|
||||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
iam = bool
|
||||
include_children = bool
|
||||
# TODO exclusions also support description and disabled
|
||||
exclusions = map(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "organization_id" {
|
||||
description = "Organization id in organizations/nnnnnn format."
|
||||
type = string
|
||||
|
@ -97,53 +147,3 @@ variable "policy_list" {
|
|||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "firewall_policies" {
|
||||
description = "Hierarchical firewall policies to *create* in the organization."
|
||||
type = map(map(object({
|
||||
description = string
|
||||
direction = string
|
||||
action = string
|
||||
priority = number
|
||||
ranges = list(string)
|
||||
ports = map(list(string))
|
||||
target_service_accounts = list(string)
|
||||
target_resources = list(string)
|
||||
logging = bool
|
||||
#preview = bool
|
||||
})))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "firewall_policy_attachments" {
|
||||
description = "List of hierarchical firewall policy IDs to *attach* to the organization"
|
||||
# set to avoid manual casting with toset()
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_sinks" {
|
||||
description = "Logging sinks to create for this organization."
|
||||
type = map(object({
|
||||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
iam = bool
|
||||
include_children = bool
|
||||
# TODO exclusions also support description and disabled
|
||||
exclusions = map(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_exclusions" {
|
||||
description = "Logging exclusions for this organization in the form {NAME -> FILTER}."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "contacts" {
|
||||
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -14,18 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "project_id" {
|
||||
description = "Project id."
|
||||
value = "${local.prefix}${var.name}"
|
||||
depends_on = [
|
||||
google_project.project,
|
||||
data.google_project.project,
|
||||
google_project_organization_policy.boolean,
|
||||
google_project_organization_policy.list,
|
||||
google_project_service.project_services,
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_kms_crypto_key_iam_member.crypto_key
|
||||
]
|
||||
output "custom_roles" {
|
||||
description = "Ids of the created custom roles."
|
||||
value = {
|
||||
for name, role in google_project_iam_custom_role.roles :
|
||||
name => role.id
|
||||
}
|
||||
}
|
||||
|
||||
output "name" {
|
||||
|
@ -52,6 +46,20 @@ output "number" {
|
|||
]
|
||||
}
|
||||
|
||||
output "project_id" {
|
||||
description = "Project id."
|
||||
value = "${local.prefix}${var.name}"
|
||||
depends_on = [
|
||||
google_project.project,
|
||||
data.google_project.project,
|
||||
google_project_organization_policy.boolean,
|
||||
google_project_organization_policy.list,
|
||||
google_project_service.project_services,
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_kms_crypto_key_iam_member.crypto_key
|
||||
]
|
||||
}
|
||||
|
||||
output "service_accounts" {
|
||||
description = "Product robot service accounts in project."
|
||||
value = {
|
||||
|
@ -66,14 +74,6 @@ output "service_accounts" {
|
|||
]
|
||||
}
|
||||
|
||||
output "custom_roles" {
|
||||
description = "Ids of the created custom roles."
|
||||
value = {
|
||||
for name, role in google_project_iam_custom_role.roles :
|
||||
name => role.id
|
||||
}
|
||||
}
|
||||
|
||||
output "sink_writer_identities" {
|
||||
description = "Writer identities created for each sink."
|
||||
value = {
|
||||
|
|
|
@ -26,12 +26,24 @@ variable "billing_account" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "contacts" {
|
||||
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
description = "Map of role name => list of permissions to create in this project."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "descriptive_name" {
|
||||
description = "Name of the project name. Used for project name instead of `name` variable"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "group_iam" {
|
||||
description = "Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable."
|
||||
type = map(list(string))
|
||||
|
@ -68,6 +80,26 @@ variable "lien_reason" {
|
|||
default = ""
|
||||
}
|
||||
|
||||
variable "logging_exclusions" {
|
||||
description = "Logging exclusions for this project in the form {NAME -> FILTER}."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_sinks" {
|
||||
description = "Logging sinks to create for this project."
|
||||
type = map(object({
|
||||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
iam = bool
|
||||
unique_writer = bool
|
||||
# TODO exclusions also support description and disabled
|
||||
exclusions = map(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Project name and id suffix."
|
||||
type = string
|
||||
|
@ -130,12 +162,6 @@ variable "project_create" {
|
|||
default = true
|
||||
}
|
||||
|
||||
variable "services" {
|
||||
description = "Service APIs to enable."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "service_config" {
|
||||
description = "Configure service API activation."
|
||||
type = object({
|
||||
|
@ -154,6 +180,24 @@ variable "service_encryption_key_ids" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "service_perimeter_bridges" {
|
||||
description = "Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "service_perimeter_standard" {
|
||||
description = "Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "services" {
|
||||
description = "Service APIs to enable."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "shared_vpc_host_config" {
|
||||
description = "Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project)."
|
||||
type = object({
|
||||
|
@ -177,47 +221,3 @@ variable "shared_vpc_service_config" {
|
|||
host_project = ""
|
||||
}
|
||||
}
|
||||
|
||||
variable "logging_sinks" {
|
||||
description = "Logging sinks to create for this project."
|
||||
type = map(object({
|
||||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
iam = bool
|
||||
unique_writer = bool
|
||||
# TODO exclusions also support description and disabled
|
||||
exclusions = map(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "logging_exclusions" {
|
||||
description = "Logging exclusions for this project in the form {NAME -> FILTER}."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "contacts" {
|
||||
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "service_perimeter_standard" {
|
||||
description = "Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "service_perimeter_bridges" {
|
||||
description = "Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "descriptive_name" {
|
||||
description = "Name of the project name. Used for project name instead of `name` variable"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
|
|
@ -22,14 +22,6 @@ output "id" {
|
|||
]
|
||||
}
|
||||
|
||||
output "subscriptions" {
|
||||
description = "Subscription resources."
|
||||
value = google_pubsub_subscription.default
|
||||
depends_on = [
|
||||
google_pubsub_subscription_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "subscription_id" {
|
||||
description = "Subscription ids."
|
||||
value = {
|
||||
|
@ -40,6 +32,14 @@ output "subscription_id" {
|
|||
]
|
||||
}
|
||||
|
||||
output "subscriptions" {
|
||||
description = "Subscription resources."
|
||||
value = google_pubsub_subscription.default
|
||||
depends_on = [
|
||||
google_pubsub_subscription_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "topic" {
|
||||
description = "Topic resource."
|
||||
value = google_pubsub_topic.default
|
||||
|
|
|
@ -62,18 +62,11 @@ variable "name" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "regions" {
|
||||
description = "List of regions used to set persistence policy."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project used for resources."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
variable "push_configs" {
|
||||
description = "Push subscription configurations."
|
||||
type = map(object({
|
||||
|
@ -87,6 +80,18 @@ variable "push_configs" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "regions" {
|
||||
description = "List of regions used to set persistence policy."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "subscription_iam" {
|
||||
description = "IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "subscriptions" {
|
||||
description = "Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null."
|
||||
type = map(object({
|
||||
|
@ -100,9 +105,3 @@ variable "subscriptions" {
|
|||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "subscription_iam" {
|
||||
description = "IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -26,14 +26,14 @@ output "secrets" {
|
|||
value = google_secret_manager_secret.default
|
||||
}
|
||||
|
||||
output "versions" {
|
||||
description = "Secret versions."
|
||||
value = google_secret_manager_secret_version.default
|
||||
}
|
||||
|
||||
output "version_ids" {
|
||||
description = "Version ids keyed by secret name : version name."
|
||||
value = {
|
||||
for k, v in google_secret_manager_secret_version.default : k => v.id
|
||||
}
|
||||
}
|
||||
|
||||
output "versions" {
|
||||
description = "Secret versions."
|
||||
value = google_secret_manager_secret_version.default
|
||||
}
|
||||
|
|
|
@ -26,17 +26,17 @@ variable "labels" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id where the keyring will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "secrets" {
|
||||
description = "Map of secrets to manage and their locations. If locations is null, automatic management will be set."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id where the keyring will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "versions" {
|
||||
description = "Optional versions to manage for each secret. Version names are only used internally to track individual versions."
|
||||
type = map(map(object({
|
||||
|
|
|
@ -37,14 +37,6 @@ output "namespace" {
|
|||
]
|
||||
}
|
||||
|
||||
output "services" {
|
||||
description = "Service resources."
|
||||
value = google_service_directory_service.default
|
||||
depends_on = [
|
||||
google_service_directory_service_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "service_id" {
|
||||
description = "Service ids (short names)."
|
||||
value = {
|
||||
|
@ -64,3 +56,11 @@ output "service_names" {
|
|||
google_service_directory_service_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
||||
output "services" {
|
||||
description = "Service resources."
|
||||
value = google_service_directory_service.default
|
||||
depends_on = [
|
||||
google_service_directory_service_iam_binding.default
|
||||
]
|
||||
}
|
||||
|
|
|
@ -14,11 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project used for resources."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "IAM bindings in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
|
@ -29,3 +24,8 @@ variable "name" {
|
|||
description = "Repository name."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project used for resources."
|
||||
type = string
|
||||
}
|
||||
|
|
|
@ -14,11 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "access_policy_name" {
|
||||
description = "Access Policy resource"
|
||||
value = local.access_policy_name
|
||||
}
|
||||
|
||||
output "access_levels" {
|
||||
description = "Access Levels."
|
||||
value = {
|
||||
|
@ -27,6 +22,11 @@ output "access_levels" {
|
|||
}
|
||||
}
|
||||
|
||||
output "access_policy_name" {
|
||||
description = "Access Policy resource"
|
||||
value = local.access_policy_name
|
||||
}
|
||||
|
||||
output "organization_id" {
|
||||
description = "Organization id dependent on module resources."
|
||||
value = var.organization_id
|
||||
|
@ -35,14 +35,6 @@ output "organization_id" {
|
|||
]
|
||||
}
|
||||
|
||||
output "perimeters_standard" {
|
||||
description = "VPC-SC standard perimeter resources."
|
||||
value = {
|
||||
for key, value in google_access_context_manager_service_perimeter.standard :
|
||||
key => value
|
||||
}
|
||||
}
|
||||
|
||||
output "perimeters_bridge" {
|
||||
description = "VPC-SC bridge perimeter resources."
|
||||
value = {
|
||||
|
@ -50,3 +42,11 @@ output "perimeters_bridge" {
|
|||
key => value
|
||||
}
|
||||
}
|
||||
|
||||
output "perimeters_standard" {
|
||||
description = "VPC-SC standard perimeter resources."
|
||||
value = {
|
||||
for key, value in google_access_context_manager_service_perimeter.standard :
|
||||
key => value
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,6 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "access_level_perimeters" {
|
||||
description = "Enforced mode -> Access Level -> Perimeters mapping. Enforced mode can be 'enforced' or 'dry_run'"
|
||||
type = map(map(list(string)))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "access_levels" {
|
||||
description = "Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate or regions'."
|
||||
type = map(object({
|
||||
|
@ -41,12 +47,6 @@ variable "access_policy_name" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "access_level_perimeters" {
|
||||
description = "Enforced mode -> Access Level -> Perimeters mapping. Enforced mode can be 'enforced' or 'dry_run'"
|
||||
type = map(map(list(string)))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "access_policy_title" {
|
||||
description = "Access Policy title to be created."
|
||||
type = string
|
||||
|
@ -80,6 +80,12 @@ variable "organization_id" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "perimeter_projects" {
|
||||
description = "Perimeter -> Enforced Mode -> Projects Number mapping. Enforced mode can be 'enforced' or 'dry_run'."
|
||||
type = map(map(list(number)))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "perimeters" {
|
||||
description = "Set of Perimeters."
|
||||
type = map(object({
|
||||
|
@ -95,9 +101,3 @@ variable "perimeters" {
|
|||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "perimeter_projects" {
|
||||
description = "Perimeter -> Enforced Mode -> Projects Number mapping. Enforced mode can be 'enforced' or 'dry_run'."
|
||||
type = map(map(list(number)))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -12,6 +12,24 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
output "fw_rules" {
|
||||
description = "Firewall rules."
|
||||
value = {
|
||||
prod = {
|
||||
ingress_allow_rules = module.vpc-firewall-prod.ingress_allow_rules
|
||||
ingress_deny_rules = module.vpc-firewall-prod.ingress_deny_rules
|
||||
egress_allow_rules = module.vpc-firewall-prod.egress_allow_rules
|
||||
egress_deny_rules = module.vpc-firewall-prod.egress_deny_rules
|
||||
}
|
||||
dev = {
|
||||
ingress_allow_rules = module.vpc-firewall-dev.ingress_allow_rules
|
||||
ingress_deny_rules = module.vpc-firewall-dev.ingress_deny_rules
|
||||
egress_allow_rules = module.vpc-firewall-dev.egress_allow_rules
|
||||
egress_deny_rules = module.vpc-firewall-dev.egress_deny_rules
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "projects" {
|
||||
description = "Project ids."
|
||||
value = {
|
||||
|
@ -33,21 +51,3 @@ output "vpc" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "fw_rules" {
|
||||
description = "Firewall rules."
|
||||
value = {
|
||||
prod = {
|
||||
ingress_allow_rules = module.vpc-firewall-prod.ingress_allow_rules
|
||||
ingress_deny_rules = module.vpc-firewall-prod.ingress_deny_rules
|
||||
egress_allow_rules = module.vpc-firewall-prod.egress_allow_rules
|
||||
egress_deny_rules = module.vpc-firewall-prod.egress_deny_rules
|
||||
}
|
||||
dev = {
|
||||
ingress_allow_rules = module.vpc-firewall-dev.ingress_allow_rules
|
||||
ingress_deny_rules = module.vpc-firewall-dev.ingress_deny_rules
|
||||
egress_allow_rules = module.vpc-firewall-dev.egress_allow_rules
|
||||
egress_deny_rules = module.vpc-firewall-dev.egress_deny_rules
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,30 @@ variable "billing_account_id" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "ip_ranges" {
|
||||
description = "Subnet IP CIDR ranges."
|
||||
type = map(string)
|
||||
default = {
|
||||
prod = "10.0.16.0/24"
|
||||
dev = "10.0.32.0/24"
|
||||
}
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources that need unique names."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_services" {
|
||||
description = "Service APIs enabled by default in new projects."
|
||||
type = list(string)
|
||||
default = [
|
||||
"container.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
"stackdriver.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region used."
|
||||
type = string
|
||||
|
@ -32,22 +51,3 @@ variable "root_node" {
|
|||
description = "Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ip_ranges" {
|
||||
description = "Subnet IP CIDR ranges."
|
||||
type = map(string)
|
||||
default = {
|
||||
prod = "10.0.16.0/24"
|
||||
dev = "10.0.32.0/24"
|
||||
}
|
||||
}
|
||||
|
||||
variable "project_services" {
|
||||
description = "Service APIs enabled by default in new projects."
|
||||
type = list(string)
|
||||
default = [
|
||||
"container.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
"stackdriver.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
|
|
@ -33,5 +33,5 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c
|
|||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| squid-address | None | |
|
||||
| squid-address | IP address of the Squid proxy. | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -15,5 +15,6 @@
|
|||
*/
|
||||
|
||||
output "squid-address" {
|
||||
description = "IP address of the Squid proxy."
|
||||
value = local.squid_address
|
||||
}
|
||||
|
|
|
@ -14,27 +14,20 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "allowed_domains" {
|
||||
description = "List of domains allowed by the squid proxy."
|
||||
type = list(string)
|
||||
default = [
|
||||
".google.com",
|
||||
".github.com"
|
||||
]
|
||||
}
|
||||
|
||||
variable "billing_account" {
|
||||
description = "Billing account id used as default for new projects."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources that need unique names."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Default region for resources"
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "cidrs" {
|
||||
description = "CIDR ranges for subnets"
|
||||
type = map(string)
|
||||
|
@ -44,23 +37,30 @@ variable "cidrs" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "nat_logging" {
|
||||
description = "Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'."
|
||||
type = string
|
||||
default = "ERRORS_ONLY"
|
||||
}
|
||||
|
||||
variable "mig" {
|
||||
description = "Enables the creation of an autoscaling managed instance group of squid instances."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "allowed_domains" {
|
||||
description = "List of domains allowed by the squid proxy."
|
||||
type = list(string)
|
||||
default = [
|
||||
".google.com",
|
||||
".github.com"
|
||||
]
|
||||
variable "nat_logging" {
|
||||
description = "Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'."
|
||||
type = string
|
||||
default = "ERRORS_ONLY"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources that need unique names."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Default region for resources"
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
|
||||
type = string
|
||||
}
|
||||
|
|
|
@ -12,15 +12,6 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
variable "bgp_custom_advertisements" {
|
||||
description = "BGP custom advertisement IP CIDR ranges."
|
||||
type = map(string)
|
||||
default = {
|
||||
hub-to-spoke-1 = "10.0.32.0/20"
|
||||
hub-to-spoke-2 = "10.0.16.0/20"
|
||||
}
|
||||
}
|
||||
|
||||
variable "bgp_asn" {
|
||||
description = "BGP ASNs."
|
||||
type = map(number)
|
||||
|
@ -31,6 +22,15 @@ variable "bgp_asn" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "bgp_custom_advertisements" {
|
||||
description = "BGP custom advertisement IP CIDR ranges."
|
||||
type = map(string)
|
||||
default = {
|
||||
hub-to-spoke-1 = "10.0.32.0/20"
|
||||
hub-to-spoke-2 = "10.0.16.0/20"
|
||||
}
|
||||
}
|
||||
|
||||
variable "bgp_interface_ranges" {
|
||||
description = "BGP interface IP CIDR ranges."
|
||||
type = map(string)
|
||||
|
|
|
@ -40,6 +40,12 @@ variable "dns_forwarder_address" {
|
|||
default = "10.0.0.2"
|
||||
}
|
||||
|
||||
variable "forwarder_address" {
|
||||
description = "GCP DNS inbound policy forwarder address."
|
||||
type = string
|
||||
default = "10.0.0.2"
|
||||
}
|
||||
|
||||
variable "ip_ranges" {
|
||||
description = "IP CIDR ranges."
|
||||
type = map(string)
|
||||
|
@ -64,12 +70,6 @@ variable "region" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "forwarder_address" {
|
||||
description = "GCP DNS inbound policy forwarder address."
|
||||
type = string
|
||||
default = "10.0.0.2"
|
||||
}
|
||||
|
||||
variable "ssh_source_ranges" {
|
||||
description = "IP CIDR ranges that will be allowed to connect via SSH to the onprem instance."
|
||||
type = list(string)
|
||||
|
|
|
@ -30,6 +30,13 @@ output "projects" {
|
|||
}
|
||||
}
|
||||
|
||||
output "vms" {
|
||||
description = "GCE VMs."
|
||||
value = {
|
||||
(module.vm-bastion.instance.name) = module.vm-bastion.internal_ip
|
||||
}
|
||||
}
|
||||
|
||||
output "vpc" {
|
||||
description = "Shared VPC."
|
||||
value = {
|
||||
|
@ -38,10 +45,3 @@ output "vpc" {
|
|||
}
|
||||
}
|
||||
|
||||
output "vms" {
|
||||
description = "GCE VMs."
|
||||
value = {
|
||||
(module.vm-bastion.instance.name) = module.vm-bastion.internal_ip
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -25,34 +25,60 @@ BASEDIR = pathlib.Path(__file__).resolve().parents[1]
|
|||
|
||||
|
||||
class DocState(enum.Enum):
|
||||
MISSING = 1
|
||||
OK = 2
|
||||
STALE = 3
|
||||
UNKNOWN = 4
|
||||
OK = 1
|
||||
FAIL = 2
|
||||
UNKNOWN = 3
|
||||
|
||||
def __str__(self):
|
||||
return {1: '✗', 2: '✓', 3: '!', 4: '?'}[self.value]
|
||||
return {
|
||||
self.FAIL.value: '✗',
|
||||
self.OK.value: '✓',
|
||||
self.UNKNOWN.value: '?'
|
||||
}[self.value]
|
||||
|
||||
|
||||
def check_path(pathname):
|
||||
path = BASEDIR / pathname
|
||||
subpaths = sorted(list(path.iterdir()))
|
||||
for subpath in subpaths:
|
||||
errors = []
|
||||
if not subpath.is_dir():
|
||||
continue
|
||||
if subpath.stem.startswith('_'):
|
||||
continue
|
||||
|
||||
doc = subpath / 'README.md'
|
||||
if not doc.exists():
|
||||
yield DocState.MISSING, subpath.stem
|
||||
continue
|
||||
errors.append(f'{doc} does not exist')
|
||||
|
||||
variables = tfdoc.get_variables(subpath)
|
||||
variable_names = [v.name for v in variables]
|
||||
for variable in variables:
|
||||
if not variable.description:
|
||||
errors.append(f'variable {variable.name} has no description')
|
||||
if sorted(variable_names) != variable_names:
|
||||
message = f'variable order should be: {sorted(variable_names)}'
|
||||
errors.append(message)
|
||||
|
||||
outputs = tfdoc.get_outputs(subpath)
|
||||
output_names = [v.name for v in outputs]
|
||||
for output in outputs:
|
||||
if not output.description:
|
||||
errors.append(f'output {output.name} has no description')
|
||||
if sorted(output_names) != output_names:
|
||||
message = f'output order should be: {sorted(output_names)}'
|
||||
errors.append(message)
|
||||
|
||||
state = tfdoc.check_state(subpath)
|
||||
if state is False:
|
||||
yield DocState.STALE, subpath.stem
|
||||
errors.append("documentation is out of date")
|
||||
elif state:
|
||||
yield DocState.OK, subpath.stem
|
||||
pass
|
||||
else:
|
||||
yield DocState.UNKNOWN, subpath.stem
|
||||
yield DocState.UNKNOWN, subpath.stem, errors
|
||||
continue
|
||||
|
||||
yield DocState.FAIL if errors else DocState.OK, subpath.stem, errors
|
||||
|
||||
|
||||
@click.command()
|
||||
|
@ -62,10 +88,12 @@ def main(paths):
|
|||
error = False
|
||||
for path in paths:
|
||||
print(f'checking {path}')
|
||||
for state, name in check_path(path):
|
||||
if state in (DocState.MISSING, DocState.STALE):
|
||||
for state, name, errors in check_path(path):
|
||||
if state == DocState.FAIL:
|
||||
error = True
|
||||
print(f' [{state}] {name}')
|
||||
for error in errors:
|
||||
print(f' {error}')
|
||||
if error:
|
||||
print('errors were present')
|
||||
sys.exit(1)
|
||||
|
|
|
@ -28,7 +28,7 @@ MARK_BEGIN = '<!-- BEGIN TFDOC -->'
|
|||
MARK_END = '<!-- END TFDOC -->'
|
||||
RE_OUTPUTS = re.compile(r'''(?smx)
|
||||
(?:^\s*output\s*"([^"]+)"\s*\{$) |
|
||||
(?:^\s*description\s*=\s*"([^"]+)"\s*$) |
|
||||
(?:^\s*description\s*=\s*"((?:[^"\\]|\\")+)"\s*$) |
|
||||
(?:^\s*sensitive\s*=\s*(\S+)\s*$)
|
||||
''')
|
||||
RE_TYPE = re.compile(r'([\(\{\}\)])')
|
||||
|
@ -42,7 +42,7 @@ RE_VARIABLES = re.compile(r'''(?smx)
|
|||
# variable declaration start
|
||||
(?:^\s*variable\s*"([^"]+)"\s*\{$) |
|
||||
# variable description start
|
||||
(?:^\s*description\s*=\s*"([^"]+)"\s*$) |
|
||||
(?:^\s*description\s*=\s*"((?:[^"\\]|\\")+)"\s*$) |
|
||||
# variable type start
|
||||
(?:^\s*type\s*=\s*(.*?)$) |
|
||||
# variable default start
|
||||
|
|
Loading…
Reference in New Issue