diff --git a/blueprints/cloud-operations/adfs/README.md b/blueprints/cloud-operations/adfs/README.md index 0b954884..893dc155 100644 --- a/blueprints/cloud-operations/adfs/README.md +++ b/blueprints/cloud-operations/adfs/README.md @@ -52,20 +52,20 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [ad_dns_domain_name](variables.tf#L44) | AD DNS domain name. | string | ✓ | | -| [adfs_dns_domain_name](variables.tf#L49) | ADFS DNS domain name. | string | ✓ | | -| [project_id](variables.tf#L24) | Host project ID. | string | ✓ | | -| [ad_ip_cidr_block](variables.tf#L90) | Managed AD IP CIDR block. | string | | "10.0.0.0/24" | -| [disk_size](variables.tf#L54) | Disk size. | number | | 50 | -| [disk_type](variables.tf#L60) | Disk type. | string | | "pd-ssd" | -| [image](variables.tf#L66) | Image. | string | | "projects/windows-cloud/global/images/family/windows-2022" | -| [instance_type](variables.tf#L72) | Instance type. | string | | "n1-standard-2" | -| [network_config](variables.tf#L35) | Network configuration | object({…}) | | null | -| [prefix](variables.tf#L29) | Prefix for the resources created. | string | | null | -| [project_create](variables.tf#L15) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L78) | Region. | string | | "europe-west1" | -| [subnet_ip_cidr_block](variables.tf#L96) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | -| [zone](variables.tf#L84) | Zone. | string | | "europe-west1-c" | +| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | string | ✓ | | +| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | string | ✓ | | +| [project_id](variables.tf#L79) | Host project ID. | string | ✓ | | +| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | string | | "10.0.0.0/24" | +| [disk_size](variables.tf#L31) | Disk size. | number | | 50 | +| [disk_type](variables.tf#L37) | Disk type. | string | | "pd-ssd" | +| [image](variables.tf#L43) | Image. | string | | "projects/windows-cloud/global/images/family/windows-2022" | +| [instance_type](variables.tf#L49) | Instance type. | string | | "n1-standard-2" | +| [network_config](variables.tf#L55) | Network configuration | object({…}) | | null | +| [prefix](variables.tf#L64) | Prefix for the resources created. | string | | null | +| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L84) | Region. | string | | "europe-west1" | +| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | +| [zone](variables.tf#L96) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/cloud-operations/adfs/variables.tf b/blueprints/cloud-operations/adfs/variables.tf index 4a8b70f2..4ac2fdc1 100644 --- a/blueprints/cloud-operations/adfs/variables.tf +++ b/blueprints/cloud-operations/adfs/variables.tf @@ -12,40 +12,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -variable "project_create" { - description = "Parameters for the creation of the new project." - type = object({ - billing_account_id = string - parent = string - }) - default = null -} - -variable "project_id" { - description = "Host project ID." - type = string -} - -variable "prefix" { - description = "Prefix for the resources created." - type = string - default = null -} - -variable "network_config" { - description = "Network configuration" - type = object({ - network = string - subnet = string - }) - default = null -} - variable "ad_dns_domain_name" { description = "AD DNS domain name." type = string } +variable "ad_ip_cidr_block" { + description = "Managed AD IP CIDR block." + type = string + default = "10.0.0.0/24" +} + variable "adfs_dns_domain_name" { description = "ADFS DNS domain name." type = string @@ -75,26 +52,49 @@ variable "instance_type" { default = "n1-standard-2" } +variable "network_config" { + description = "Network configuration" + type = object({ + network = string + subnet = string + }) + default = null +} + +variable "prefix" { + description = "Prefix for the resources created." + type = string + default = null +} + +variable "project_create" { + description = "Parameters for the creation of the new project." + type = object({ + billing_account_id = string + parent = string + }) + default = null +} + +variable "project_id" { + description = "Host project ID." + type = string +} + variable "region" { description = "Region." type = string default = "europe-west1" } +variable "subnet_ip_cidr_block" { + description = "Subnet IP CIDR block." + type = string + default = "10.0.1.0/28" +} + variable "zone" { description = "Zone." type = string default = "europe-west1-c" } - -variable "ad_ip_cidr_block" { - description = "Managed AD IP CIDR block." - type = string - default = "10.0.0.0/24" -} - -variable "subnet_ip_cidr_block" { - description = "Subnet IP CIDR block." - type = string - default = "10.0.1.0/28" -} \ No newline at end of file diff --git a/blueprints/cloud-operations/apigee/README.md b/blueprints/cloud-operations/apigee/README.md index 27b831b7..65bcea51 100644 --- a/blueprints/cloud-operations/apigee/README.md +++ b/blueprints/cloud-operations/apigee/README.md @@ -58,16 +58,16 @@ Do the following to verify that everything works as expected. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [envgroups](variables.tf#L54) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | ✓ | | -| [environments](variables.tf#L60) | Environments. | map(object({…})) | ✓ | | -| [instances](variables.tf#L76) | Instance. | map(object({…})) | ✓ | | -| [project_id](variables.tf#L32) | Project ID. | string | ✓ | | -| [psc_config](variables.tf#L104) | PSC configuration. | map(string) | ✓ | | -| [datastore_name](variables.tf#L97) | Datastore | string | | "gcs" | -| [organization](variables.tf#L38) | Apigee organization. | object({…}) | | {…} | -| [path](variables.tf#L90) | Bucket path. | string | | "/analytics" | -| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | object({…}) | | null | -| [vpc_create](variables.tf#L26) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | +| [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | ✓ | | +| [environments](variables.tf#L30) | Environments. | map(object({…})) | ✓ | | +| [instances](variables.tf#L46) | Instance. | map(object({…})) | ✓ | | +| [project_id](variables.tf#L92) | Project ID. | string | ✓ | | +| [psc_config](variables.tf#L98) | PSC configuration. | map(string) | ✓ | | +| [datastore_name](variables.tf#L17) | Datastore | string | | "gcs" | +| [organization](variables.tf#L60) | Apigee organization. | object({…}) | | {…} | +| [path](variables.tf#L76) | Bucket path. | string | | "/analytics" | +| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | object({…}) | | null | +| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | ## Outputs diff --git a/blueprints/cloud-operations/apigee/variables.tf b/blueprints/cloud-operations/apigee/variables.tf index 5cddf8b0..61c93391 100644 --- a/blueprints/cloud-operations/apigee/variables.tf +++ b/blueprints/cloud-operations/apigee/variables.tf @@ -14,41 +14,11 @@ * limitations under the License. */ -variable "project_create" { - description = "Parameters for the creation of the new project." - type = object({ - billing_account_id = string - parent = string - }) - default = null -} - -variable "vpc_create" { - description = "Boolean flag indicating whether the VPC should be created or not." - type = bool - default = true -} - -variable "project_id" { - description = "Project ID." +variable "datastore_name" { + description = "Datastore" type = string nullable = false -} - -variable "organization" { - description = "Apigee organization." - type = object({ - display_name = optional(string, "Apigee organization created by tf module") - description = optional(string, "Apigee organization created by tf module") - authorized_network = optional(string, "vpc") - runtime_type = optional(string, "CLOUD") - billing_type = optional(string) - database_encryption_key = optional(string) - analytics_region = optional(string, "europe-west1") - }) - nullable = false - default = { - } + default = "gcs" } variable "envgroups" { @@ -87,6 +57,22 @@ variable "instances" { nullable = false } +variable "organization" { + description = "Apigee organization." + type = object({ + display_name = optional(string, "Apigee organization created by tf module") + description = optional(string, "Apigee organization created by tf module") + authorized_network = optional(string, "vpc") + runtime_type = optional(string, "CLOUD") + billing_type = optional(string) + database_encryption_key = optional(string) + analytics_region = optional(string, "europe-west1") + }) + nullable = false + default = { + } +} + variable "path" { description = "Bucket path." type = string @@ -94,11 +80,19 @@ variable "path" { nullable = false } -variable "datastore_name" { - description = "Datastore" +variable "project_create" { + description = "Parameters for the creation of the new project." + type = object({ + billing_account_id = string + parent = string + }) + default = null +} + +variable "project_id" { + description = "Project ID." type = string nullable = false - default = "gcs" } variable "psc_config" { @@ -106,3 +100,9 @@ variable "psc_config" { type = map(string) nullable = false } + +variable "vpc_create" { + description = "Boolean flag indicating whether the VPC should be created or not." + type = bool + default = true +} diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md index 9be8a09b..3af34289 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md @@ -11,8 +11,8 @@ The codebase provisions the following list of resources: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [impersonate_service_account_email](variables.tf#L21) | Service account to be impersonated by workload identity. | string | ✓ | | -| [project_id](variables.tf#L16) | GCP project ID. | string | ✓ | | +| [impersonate_service_account_email](variables.tf#L16) | Service account to be impersonated by workload identity. | string | ✓ | | +| [project_id](variables.tf#L21) | GCP project ID. | string | ✓ | | | [workload_identity_pool_provider_id](variables.tf#L26) | GCP workload identity pool provider ID. | string | ✓ | | diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md index bb8d7983..dcad294b 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md @@ -27,9 +27,9 @@ provider "google-beta" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [impersonate_service_account_email](variables.tf#L22) | Service account to be impersonated by workload identity federation. | string | ✓ | | -| [workload_identity_pool_provider_id](variables.tf#L17) | GCP workload identity pool provider ID. | string | ✓ | | -| [tmp_oidc_token_path](variables.tf#L27) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | string | | ".oidc_token" | +| [impersonate_service_account_email](variables.tf#L17) | Service account to be impersonated by workload identity federation. | string | ✓ | | +| [workload_identity_pool_provider_id](variables.tf#L28) | GCP workload identity pool provider ID. | string | ✓ | | +| [tmp_oidc_token_path](variables.tf#L22) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | string | | ".oidc_token" | ## Outputs diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf index 06f310da..1100e622 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf @@ -14,11 +14,6 @@ * limitations under the License. */ -variable "workload_identity_pool_provider_id" { - description = "GCP workload identity pool provider ID." - type = string -} - variable "impersonate_service_account_email" { description = "Service account to be impersonated by workload identity federation." type = string @@ -29,3 +24,8 @@ variable "tmp_oidc_token_path" { type = string default = ".oidc_token" } + +variable "workload_identity_pool_provider_id" { + description = "GCP workload identity pool provider ID." + type = string +} diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf index 3a1d81dc..76cf7014 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf @@ -13,13 +13,13 @@ # limitations under the License. -variable "project_id" { - description = "GCP project ID." +variable "impersonate_service_account_email" { + description = "Service account to be impersonated by workload identity." type = string } -variable "impersonate_service_account_email" { - description = "Service account to be impersonated by workload identity." +variable "project_id" { + description = "GCP project ID." type = string } diff --git a/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md b/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md index 7af5a04e..a3a21dbd 100644 --- a/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md +++ b/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md @@ -99,13 +99,13 @@ gcloud compute ssh --zone europe-west1-b nginx-test -- 'uptime' | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account](variables.tf#L16) | Billing account id used as default for new projects. | string | ✓ | | -| [project_id](variables.tf#L33) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | string | ✓ | | -| [grace_period](variables.tf#L56) | Grace period for an instance startup. | string | | "180s" | -| [location](variables.tf#L21) | App Engine location used in the example (required for CloudFunctions). | string | | "europe-west" | -| [project_create](variables.tf#L27) | Create project instead of using an existing one. | bool | | false | -| [region](variables.tf#L38) | Compute region used in the example. | string | | "europe-west1" | -| [root_node](variables.tf#L44) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | -| [schedule](variables.tf#L50) | Cron schedule for executing compute instances healthcheck. | string | | "*/5 * * * *" # every five minutes" | +| [project_id](variables.tf#L39) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | string | ✓ | | +| [grace_period](variables.tf#L21) | Grace period for an instance startup. | string | | "180s" | +| [location](variables.tf#L27) | App Engine location used in the example (required for CloudFunctions). | string | | "europe-west" | +| [project_create](variables.tf#L33) | Create project instead of using an existing one. | bool | | false | +| [region](variables.tf#L44) | Compute region used in the example. | string | | "europe-west1" | +| [root_node](variables.tf#L50) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | +| [schedule](variables.tf#L56) | Cron schedule for executing compute instances healthcheck. | string | | "*/5 * * * *" # every five minutes" | | [tcp_port](variables.tf#L62) | TCP port to run healthcheck against. | string | | "80" #http" | | [timeout](variables.tf#L68) | TCP probe timeout. | string | | "1000ms" | diff --git a/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf b/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf index d015757c..14409a66 100644 --- a/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf +++ b/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf @@ -18,6 +18,12 @@ variable "billing_account" { type = string } +variable "grace_period" { + description = "Grace period for an instance startup." + type = string + default = "180s" +} + variable "location" { description = "App Engine location used in the example (required for CloudFunctions)." type = string @@ -53,12 +59,6 @@ variable "schedule" { default = "*/5 * * * *" # every five minutes } -variable "grace_period" { - description = "Grace period for an instance startup." - type = string - default = "180s" -} - variable "tcp_port" { description = "TCP port to run healthcheck against." type = string diff --git a/blueprints/data-solutions/cloudsql-multiregion/README.md b/blueprints/data-solutions/cloudsql-multiregion/README.md index 5bdc6329..1fc06008 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/README.md +++ b/blueprints/data-solutions/cloudsql-multiregion/README.md @@ -143,25 +143,25 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [postgres_user_password](variables.tf#L40) | `postgres` user password. | string | ✓ | | -| [prefix](variables.tf#L51) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L65) | Project id, references existing project if `project_create` is null. | string | ✓ | | -| [data_eng_principals](variables.tf#L23) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string) | | [] | -| [network_config](variables.tf#L29) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [postgres_database](variables.tf#L45) | `postgres` database. | string | | "guestbook" | -| [project_create](variables.tf#L56) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [regions](variables.tf#L70) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | -| [service_encryption_keys](variables.tf#L17) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | -| [sql_configuration](variables.tf#L84) | Cloud SQL configuration | object({…}) | | {…} | +| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | +| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string) | | [] | +| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | +| [postgres_database](variables.tf#L34) | `postgres` database. | string | | "guestbook" | +| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | +| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | +| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | object({…}) | | {…} | ## Outputs | name | description | sensitive | |---|---|:---:| -| [bucket](outputs.tf#L22) | Cloud storage bucket to import/export data from Cloud SQL. | | -| [connection_names](outputs.tf#L17) | Connection name of each instance. | | -| [demo_commands](outputs.tf#L37) | Demo commands. | | -| [ips](outputs.tf#L27) | IP address of each instance. | | -| [project_id](outputs.tf#L32) | ID of the project containing all the instances. | | +| [bucket](outputs.tf#L17) | Cloud storage bucket to import/export data from Cloud SQL. | | +| [connection_names](outputs.tf#L22) | Connection name of each instance. | | +| [demo_commands](outputs.tf#L27) | Demo commands. | | +| [ips](outputs.tf#L36) | IP address of each instance. | | +| [project_id](outputs.tf#L41) | ID of the project containing all the instances. | | | [service_accounts](outputs.tf#L46) | Service Accounts. | | diff --git a/blueprints/data-solutions/cloudsql-multiregion/outputs.tf b/blueprints/data-solutions/cloudsql-multiregion/outputs.tf index 69840195..09960e13 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/outputs.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/outputs.tf @@ -14,14 +14,23 @@ * limitations under the License. */ +output "bucket" { + description = "Cloud storage bucket to import/export data from Cloud SQL." + value = module.gcs.name +} + output "connection_names" { description = "Connection name of each instance." value = module.db.connection_names } -output "bucket" { - description = "Cloud storage bucket to import/export data from Cloud SQL." - value = module.gcs.name +output "demo_commands" { + description = "Demo commands." + value = { + "01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b" + "02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &" + "03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'" + } } output "ips" { @@ -34,15 +43,6 @@ output "project_id" { value = module.project.project_id } -output "demo_commands" { - description = "Demo commands." - value = { - "01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b" - "02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &" - "03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'" - } -} - output "service_accounts" { description = "Service Accounts." value = { diff --git a/blueprints/data-solutions/cloudsql-multiregion/variables.tf b/blueprints/data-solutions/cloudsql-multiregion/variables.tf index 66083b5f..aa91afbf 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/variables.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/variables.tf @@ -14,12 +14,6 @@ * limitations under the License. */ -variable "service_encryption_keys" { - description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured." - type = map(string) - default = null -} - variable "data_eng_principals" { description = "Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'." type = list(string) @@ -37,17 +31,17 @@ variable "network_config" { default = null } -variable "postgres_user_password" { - description = "`postgres` user password." - type = string -} - variable "postgres_database" { description = "`postgres` database." type = string default = "guestbook" } +variable "postgres_user_password" { + description = "`postgres` user password." + type = string +} + variable "prefix" { description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." type = string @@ -80,6 +74,11 @@ variable "regions" { } } +variable "service_encryption_keys" { + description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured." + type = map(string) + default = null +} variable "sql_configuration" { description = "Cloud SQL configuration" diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md index b7fcc806..35b4c950 100644 --- a/blueprints/data-solutions/data-platform-foundations/README.md +++ b/blueprints/data-solutions/data-platform-foundations/README.md @@ -266,12 +266,12 @@ You can find examples in the `[demo](./demo)` folder. | name | description | sensitive | |---|---|:---:| | [bigquery-datasets](outputs.tf#L17) | BigQuery datasets. | | -| [demo_commands](outputs.tf#L93) | Demo commands. | | -| [gcs-buckets](outputs.tf#L28) | GCS buckets. | | -| [kms_keys](outputs.tf#L42) | Cloud MKS keys. | | -| [projects](outputs.tf#L47) | GCP Projects informations. | | -| [vpc_network](outputs.tf#L75) | VPC network. | | -| [vpc_subnet](outputs.tf#L84) | VPC subnetworks. | | +| [demo_commands](outputs.tf#L28) | Demo commands. | | +| [gcs-buckets](outputs.tf#L41) | GCS buckets. | | +| [kms_keys](outputs.tf#L55) | Cloud MKS keys. | | +| [projects](outputs.tf#L60) | GCP Projects informations. | | +| [vpc_network](outputs.tf#L88) | VPC network. | | +| [vpc_subnet](outputs.tf#L97) | VPC subnetworks. | | ## TODOs diff --git a/blueprints/data-solutions/data-platform-foundations/outputs.tf b/blueprints/data-solutions/data-platform-foundations/outputs.tf index 3fd81a0e..b941776c 100644 --- a/blueprints/data-solutions/data-platform-foundations/outputs.tf +++ b/blueprints/data-solutions/data-platform-foundations/outputs.tf @@ -25,6 +25,19 @@ output "bigquery-datasets" { } } +output "demo_commands" { + description = "Demo commands." + value = { + 01 = "gsutil -i ${module.drop-sa-cs-0.email} cp demo/data/*.csv gs://${module.drop-cs-0.name}" + 02 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/data/*.j* gs://${module.orch-cs-0.name}" + 03 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/*.py ${google_composer_environment.orch-cmp-0.config[0].dag_gcs_prefix}/" + 04 = "Open ${google_composer_environment.orch-cmp-0.config.0.airflow_uri} and run uploaded DAG." + 05 = <string | ✓ | | -| [project_id](variables.tf#L22) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | +| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [location](variables.tf#L16) | The location where resources will be deployed. | string | | "EU" | | [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | object({…}) | | null | | [region](variables.tf#L41) | The region where resources will be deployed. | string | | "europe-west1" | diff --git a/blueprints/data-solutions/data-playground/variables.tf b/blueprints/data-solutions/data-playground/variables.tf index 76ba0db1..1c410ae2 100644 --- a/blueprints/data-solutions/data-playground/variables.tf +++ b/blueprints/data-solutions/data-playground/variables.tf @@ -19,8 +19,8 @@ variable "location" { default = "EU" } -variable "project_id" { - description = "Project id, references existing project if `project_create` is null." +variable "prefix" { + description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." type = string } @@ -33,8 +33,8 @@ variable "project_create" { default = null } -variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." +variable "project_id" { + description = "Project id, references existing project if `project_create` is null." type = string } diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md index 915ada21..b062f4e3 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md @@ -208,10 +208,10 @@ The above command will delete the associated resources so there will be no billa |---|---|:---:| | [bq_tables](outputs.tf#L15) | Bigquery Tables. | | | [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. | | -| [command_01_gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. | | -| [command_02_dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. | | -| [command_03_bq](outputs.tf#L69) | BigQuery command to query imported data. | | -| [project_id](outputs.tf#L28) | Project id. | | -| [service_accounts](outputs.tf#L33) | Service account. | | +| [command_01_gcs](outputs.tf#L28) | gcloud command to copy data into the created bucket impersonating the service account. | | +| [command_02_dataflow](outputs.tf#L33) | Command to run Dataflow template impersonating the service account. | | +| [command_03_bq](outputs.tf#L54) | BigQuery command to query imported data. | | +| [project_id](outputs.tf#L64) | Project id. | | +| [service_accounts](outputs.tf#L69) | Service account. | | diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf index eed3052b..82b059cc 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf @@ -25,21 +25,6 @@ output "buckets" { } } -output "project_id" { - description = "Project id." - value = module.project.project_id -} - -output "service_accounts" { - description = "Service account." - value = { - bq = module.service-account-bq.email - df = module.service-account-df.email - orch = module.service-account-orch.email - landing = module.service-account-landing.email - } -} - output "command_01_gcs" { description = "gcloud command to copy data into the created bucket impersonating the service account." value = "gsutil -i ${module.service-account-landing.email} cp data-demo/* ${module.gcs-data.url}" @@ -75,3 +60,18 @@ output "command_03_bq" { sql_limit = 1000 }) } + +output "project_id" { + description = "Project id." + value = module.project.project_id +} + +output "service_accounts" { + description = "Service account." + value = { + bq = module.service-account-bq.email + df = module.service-account-df.email + orch = module.service-account-orch.email + landing = module.service-account-landing.email + } +} diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md index a60acec7..ba1916c7 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/README.md +++ b/blueprints/data-solutions/sqlserver-alwayson/README.md @@ -35,32 +35,32 @@ and to `C:\GcpSetupLog.txt` file. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [ad_domain_fqdn](variables.tf#L111) | Active Directory domain (FQDN) | string | ✓ | | -| [ad_domain_netbios](variables.tf#L120) | Active Directory domain (NetBIOS) | string | ✓ | | -| [network](variables.tf#L38) | Network to use in the project | string | ✓ | | -| [project_id](variables.tf#L27) | Google Cloud project ID | string | ✓ | | -| [sql_admin_password](variables.tf#L102) | Password for the SQL admin user to be created | string | ✓ | | -| [subnetwork](variables.tf#L43) | Subnetwork to use in the project | string | ✓ | | -| [always_on_groups](variables.tf#L135) | List of Always On Groups | list(string) | | ["bookshelf"] | -| [boot_disk_size](variables.tf#L90) | Boot disk size in GB | number | | 50 | -| [cluster_name](variables.tf#L48) | Cluster name (prepended with prefix) | string | | "cluster" | -| [data_disk_size](variables.tf#L96) | Database disk size in GB | number | | 200 | -| [health_check_config](variables.tf#L147) | Health check configuration | | | {…} | -| [health_check_port](variables.tf#L141) | Health check port | number | | 59997 | -| [health_check_ranges](variables.tf#L60) | Health check ranges | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] | -| [managed_ad_dn](variables.tf#L129) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | string | | "" | -| [node_image](variables.tf#L78) | SQL Server node machine image | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | -| [node_instance_type](variables.tf#L66) | SQL Server database node instance type | string | | "n2-standard-8" | -| [node_name](variables.tf#L162) | Node base name | string | | "node" | -| [prefix](variables.tf#L15) | Prefix used for resources (for multiple clusters in a project) | string | | "aog" | -| [project_create](variables.tf#L174) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L21) | Region for resources | string | | "europe-west4" | -| [shared_vpc_project_id](variables.tf#L32) | Shared VPC project ID for firewall rules | string | | null | -| [sql_client_cidrs](variables.tf#L54) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | -| [vpc_ip_cidr_range](variables.tf#L183) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | -| [witness_image](variables.tf#L84) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | -| [witness_instance_type](variables.tf#L72) | SQL Server witness node instance type | string | | "n2-standard-2" | -| [witness_name](variables.tf#L168) | Witness base name | string | | "witness" | +| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | string | ✓ | | +| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | string | ✓ | | +| [network](variables.tf#L90) | Network to use in the project | string | ✓ | | +| [project_id](variables.tf#L128) | Google Cloud project ID | string | ✓ | | +| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | string | ✓ | | +| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | string | ✓ | | +| [always_on_groups](variables.tf#L33) | List of Always On Groups | list(string) | | ["bookshelf"] | +| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | number | | 50 | +| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | string | | "cluster" | +| [data_disk_size](variables.tf#L51) | Database disk size in GB | number | | 200 | +| [health_check_config](variables.tf#L57) | Health check configuration | | | {…} | +| [health_check_port](variables.tf#L72) | Health check port | number | | 59997 | +| [health_check_ranges](variables.tf#L78) | Health check ranges | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] | +| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | string | | "" | +| [node_image](variables.tf#L95) | SQL Server node machine image | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | +| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | string | | "n2-standard-8" | +| [node_name](variables.tf#L107) | Node base name | string | | "node" | +| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | string | | "aog" | +| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L133) | Region for resources | string | | "europe-west4" | +| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | string | | null | +| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | +| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | +| [witness_image](variables.tf#L171) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | +| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | string | | "n2-standard-2" | +| [witness_name](variables.tf#L183) | Witness base name | string | | "witness" | ## Outputs diff --git a/blueprints/data-solutions/sqlserver-alwayson/variables.tf b/blueprints/data-solutions/sqlserver-alwayson/variables.tf index 2e6a95c9..1e558faf 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/variables.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/variables.tf @@ -12,102 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -variable "prefix" { - description = "Prefix used for resources (for multiple clusters in a project)" - type = string - default = "aog" -} - -variable "region" { - description = "Region for resources" - type = string - default = "europe-west4" -} - -variable "project_id" { - description = "Google Cloud project ID" - type = string -} - -variable "shared_vpc_project_id" { - description = "Shared VPC project ID for firewall rules" - type = string - default = null -} - -variable "network" { - description = "Network to use in the project" - type = string -} - -variable "subnetwork" { - description = "Subnetwork to use in the project" - type = string -} - -variable "cluster_name" { - description = "Cluster name (prepended with prefix)" - type = string - default = "cluster" -} - -variable "sql_client_cidrs" { - description = "CIDR ranges that are allowed to connect to SQL Server" - type = list(string) - default = ["0.0.0.0/0"] -} - -variable "health_check_ranges" { - description = "Health check ranges" - type = list(string) - default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] -} - -variable "node_instance_type" { - description = "SQL Server database node instance type" - type = string - default = "n2-standard-8" -} - -variable "witness_instance_type" { - description = "SQL Server witness node instance type" - type = string - default = "n2-standard-2" -} - -variable "node_image" { - description = "SQL Server node machine image" - type = string - default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" -} - -variable "witness_image" { - description = "SQL Server witness machine image" - type = string - default = "projects/windows-cloud/global/images/family/windows-2019" -} - -variable "boot_disk_size" { - description = "Boot disk size in GB" - type = number - default = 50 -} - -variable "data_disk_size" { - description = "Database disk size in GB" - type = number - default = 200 -} - -variable "sql_admin_password" { - description = "Password for the SQL admin user to be created" - type = string - validation { - condition = length(var.sql_admin_password) > 0 - error_message = "SQL administrator password needs to be specified." - } -} - variable "ad_domain_fqdn" { description = "Active Directory domain (FQDN)" type = string @@ -126,22 +30,28 @@ variable "ad_domain_netbios" { } } -variable "managed_ad_dn" { - description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)" - type = string - default = "" -} - variable "always_on_groups" { description = "List of Always On Groups" type = list(string) default = ["bookshelf"] } -variable "health_check_port" { - description = "Health check port" +variable "boot_disk_size" { + description = "Boot disk size in GB" type = number - default = 59997 + default = 50 +} + +variable "cluster_name" { + description = "Cluster name (prepended with prefix)" + type = string + default = "cluster" +} + +variable "data_disk_size" { + description = "Database disk size in GB" + type = number + default = 200 } variable "health_check_config" { @@ -159,16 +69,51 @@ variable "health_check_config" { } } +variable "health_check_port" { + description = "Health check port" + type = number + default = 59997 +} + +variable "health_check_ranges" { + description = "Health check ranges" + type = list(string) + default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] +} + +variable "managed_ad_dn" { + description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)" + type = string + default = "" +} + +variable "network" { + description = "Network to use in the project" + type = string +} + +variable "node_image" { + description = "SQL Server node machine image" + type = string + default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" +} + +variable "node_instance_type" { + description = "SQL Server database node instance type" + type = string + default = "n2-standard-8" +} + variable "node_name" { description = "Node base name" type = string default = "node" } -variable "witness_name" { - description = "Witness base name" +variable "prefix" { + description = "Prefix used for resources (for multiple clusters in a project)" type = string - default = "witness" + default = "aog" } variable "project_create" { @@ -180,8 +125,63 @@ variable "project_create" { default = null } +variable "project_id" { + description = "Google Cloud project ID" + type = string +} + +variable "region" { + description = "Region for resources" + type = string + default = "europe-west4" +} + +variable "shared_vpc_project_id" { + description = "Shared VPC project ID for firewall rules" + type = string + default = null +} + +variable "sql_admin_password" { + description = "Password for the SQL admin user to be created" + type = string + validation { + condition = length(var.sql_admin_password) > 0 + error_message = "SQL administrator password needs to be specified." + } +} + +variable "sql_client_cidrs" { + description = "CIDR ranges that are allowed to connect to SQL Server" + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "subnetwork" { + description = "Subnetwork to use in the project" + type = string +} + variable "vpc_ip_cidr_range" { description = "Ip range used in the subnet deployef in the Service Project." type = string default = "10.0.0.0/20" } + +variable "witness_image" { + description = "SQL Server witness machine image" + type = string + default = "projects/windows-cloud/global/images/family/windows-2019" +} + +variable "witness_instance_type" { + description = "SQL Server witness node instance type" + type = string + default = "n2-standard-2" +} + +variable "witness_name" { + description = "Witness base name" + type = string + default = "witness" +} diff --git a/blueprints/factories/bigquery-factory/README.md b/blueprints/factories/bigquery-factory/README.md index 01c098be..3f1acc4a 100644 --- a/blueprints/factories/bigquery-factory/README.md +++ b/blueprints/factories/bigquery-factory/README.md @@ -67,20 +67,17 @@ labels: # not required, defaults to {}, Example: {"a":"thisislabela","b":"thisis use_legacy_sql: bool # not required, defaults to false deletion_protection: bool # not required, defaults to false ``` - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L27) | Project ID | string | ✓ | | +| [project_id](variables.tf#L17) | Project ID | string | ✓ | | | [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | string | ✓ | | -| [views_dir](variables.tf#L17) | Relative path for the folder storing view data. | string | ✓ | | +| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | string | ✓ | | - - ## TODO - [ ] add external table support diff --git a/blueprints/factories/bigquery-factory/variables.tf b/blueprints/factories/bigquery-factory/variables.tf index e4910d21..cd34f02b 100644 --- a/blueprints/factories/bigquery-factory/variables.tf +++ b/blueprints/factories/bigquery-factory/variables.tf @@ -14,8 +14,8 @@ * limitations under the License. */ -variable "views_dir" { - description = "Relative path for the folder storing view data." +variable "project_id" { + description = "Project ID" type = string } @@ -24,8 +24,7 @@ variable "tables_dir" { type = string } -variable "project_id" { - description = "Project ID" +variable "views_dir" { + description = "Relative path for the folder storing view data." type = string - } diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md index cee829ff..cc5ed962 100644 --- a/blueprints/factories/project-factory/README.md +++ b/blueprints/factories/project-factory/README.md @@ -239,9 +239,9 @@ vpc: | [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string)) | | {} | | [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | | [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | -| [service_identities_iam](variables.tf#L195) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [service_identities_iam_additive](variables.tf#L202) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [services](variables.tf#L188) | Services to be enabled for the project. | list(string) | | [] | +| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [services](variables.tf#L202) | Services to be enabled for the project. | list(string) | | [] | | [vpc](variables.tf#L209) | VPC configuration for the project. | object({…}) | | null | ## Outputs diff --git a/blueprints/factories/project-factory/variables.tf b/blueprints/factories/project-factory/variables.tf index 8efc0bc1..cbcae798 100644 --- a/blueprints/factories/project-factory/variables.tf +++ b/blueprints/factories/project-factory/variables.tf @@ -185,13 +185,6 @@ variable "service_accounts_iam_additive" { nullable = false } -variable "services" { - description = "Services to be enabled for the project." - type = list(string) - default = [] - nullable = false -} - variable "service_identities_iam" { description = "Custom IAM settings for service identities in service => [role] format." type = map(list(string)) @@ -206,6 +199,13 @@ variable "service_identities_iam_additive" { nullable = false } +variable "services" { + description = "Services to be enabled for the project." + type = list(string) + default = [] + nullable = false +} + variable "vpc" { description = "VPC configuration for the project." type = object({ diff --git a/blueprints/gke/binauthz/README.md b/blueprints/gke/binauthz/README.md index dad6dd8a..41eef22b 100644 --- a/blueprints/gke/binauthz/README.md +++ b/blueprints/gke/binauthz/README.md @@ -107,21 +107,21 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L26) | Project ID. | string | ✓ | | -| [master_cidr_block](variables.tf#L49) | Master CIDR block. | string | | "10.0.0.0/28" | -| [pods_cidr_block](variables.tf#L37) | Pods CIDR block. | string | | "172.16.0.0/20" | -| [prefix](variables.tf#L31) | Prefix for resources created. | string | | null | -| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L61) | Region. | string | | "europe-west1" | -| [services_cidr_block](variables.tf#L43) | Services CIDR block. | string | | "192.168.0.0/24" | -| [subnet_cidr_block](variables.tf#L55) | Subnet CIDR block. | string | | "10.0.1.0/24" | +| [project_id](variables.tf#L44) | Project ID. | string | ✓ | | +| [master_cidr_block](variables.tf#L17) | Master CIDR block. | string | | "10.0.0.0/28" | +| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | string | | "172.16.0.0/20" | +| [prefix](variables.tf#L29) | Prefix for resources created. | string | | null | +| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L49) | Region. | string | | "europe-west1" | +| [services_cidr_block](variables.tf#L55) | Services CIDR block. | string | | "192.168.0.0/24" | +| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | string | | "10.0.1.0/24" | | [zone](variables.tf#L67) | Zone. | string | | "europe-west1-c" | ## Outputs | name | description | sensitive | |---|---|:---:| -| [app_repo_url](outputs.tf#L22) | App source repository url. | | -| [image_repo_url](outputs.tf#L17) | Image source repository url. | | +| [app_repo_url](outputs.tf#L17) | App source repository url. | | +| [image_repo_url](outputs.tf#L22) | Image source repository url. | | diff --git a/blueprints/gke/binauthz/outputs.tf b/blueprints/gke/binauthz/outputs.tf index dc0829d5..4efaf9b3 100644 --- a/blueprints/gke/binauthz/outputs.tf +++ b/blueprints/gke/binauthz/outputs.tf @@ -14,12 +14,12 @@ * limitations under the License. */ -output "image_repo_url" { - description = "Image source repository url." - value = "ssh://@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}" -} - output "app_repo_url" { description = "App source repository url." value = "ssh://@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.app_repo.name}" } + +output "image_repo_url" { + description = "Image source repository url." + value = "ssh://@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}" +} diff --git a/blueprints/gke/binauthz/variables.tf b/blueprints/gke/binauthz/variables.tf index c010a12a..2e19b1aa 100644 --- a/blueprints/gke/binauthz/variables.tf +++ b/blueprints/gke/binauthz/variables.tf @@ -14,6 +14,24 @@ * limitations under the License. */ +variable "master_cidr_block" { + description = "Master CIDR block." + type = string + default = "10.0.0.0/28" +} + +variable "pods_cidr_block" { + description = "Pods CIDR block." + type = string + default = "172.16.0.0/20" +} + +variable "prefix" { + description = "Prefix for resources created." + type = string + default = null +} + variable "project_create" { description = "Parameters for the creation of the new project." type = object({ @@ -28,16 +46,10 @@ variable "project_id" { type = string } -variable "prefix" { - description = "Prefix for resources created." +variable "region" { + description = "Region." type = string - default = null -} - -variable "pods_cidr_block" { - description = "Pods CIDR block." - type = string - default = "172.16.0.0/20" + default = "europe-west1" } variable "services_cidr_block" { @@ -46,24 +58,12 @@ variable "services_cidr_block" { default = "192.168.0.0/24" } -variable "master_cidr_block" { - description = "Master CIDR block." - type = string - default = "10.0.0.0/28" -} - variable "subnet_cidr_block" { description = "Subnet CIDR block." type = string default = "10.0.1.0/24" } -variable "region" { - description = "Region." - type = string - default = "europe-west1" -} - variable "zone" { description = "Zone." type = string diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md index f57d5f54..7deafdad 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md @@ -64,14 +64,14 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | -| [fleet_project_id](variables.tf#L32) | Management Project ID. | string | ✓ | | -| [host_project_id](variables.tf#L27) | Project ID. | string | ✓ | | -| [mgmt_project_id](variables.tf#L37) | Management Project ID. | string | ✓ | | -| [parent](variables.tf#L22) | Parent. | string | ✓ | | -| [clusters_config](variables.tf#L54) | Clusters configuration. | map(object({…})) | | {…} | -| [istio_version](variables.tf#L98) | ASM version | string | | "1.14.1-asm.3" | -| [mgmt_server_config](variables.tf#L78) | Mgmt server configuration | object({…}) | | {…} | -| [mgmt_subnet_cidr_block](variables.tf#L42) | Management subnet CIDR block. | string | | "10.0.0.0/28" | -| [region](variables.tf#L48) | Region. | string | | "europe-west1" | +| [fleet_project_id](variables.tf#L46) | Management Project ID. | string | ✓ | | +| [host_project_id](variables.tf#L51) | Project ID. | string | ✓ | | +| [mgmt_project_id](variables.tf#L63) | Management Project ID. | string | ✓ | | +| [parent](variables.tf#L94) | Parent. | string | ✓ | | +| [clusters_config](variables.tf#L22) | Clusters configuration. | map(object({…})) | | {…} | +| [istio_version](variables.tf#L57) | ASM version | string | | "1.14.1-asm.3" | +| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | object({…}) | | {…} | +| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | string | | "10.0.0.0/28" | +| [region](variables.tf#L99) | Region. | string | | "europe-west1" | diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf index a973a3ac..4cff10fb 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf @@ -19,38 +19,6 @@ variable "billing_account_id" { type = string } -variable "parent" { - description = "Parent." - type = string -} - -variable "host_project_id" { - description = "Project ID." - type = string -} - -variable "fleet_project_id" { - description = "Management Project ID." - type = string -} - -variable "mgmt_project_id" { - description = "Management Project ID." - type = string -} - -variable "mgmt_subnet_cidr_block" { - description = "Management subnet CIDR block." - type = string - default = "10.0.0.0/28" -} - -variable "region" { - description = "Region." - type = string - default = "europe-west1" -} - variable "clusters_config" { description = "Clusters configuration." type = map(object({ @@ -75,6 +43,28 @@ variable "clusters_config" { } } +variable "fleet_project_id" { + description = "Management Project ID." + type = string +} + +variable "host_project_id" { + description = "Project ID." + type = string +} + + +variable "istio_version" { + description = "ASM version" + type = string + default = "1.14.1-asm.3" +} + +variable "mgmt_project_id" { + description = "Management Project ID." + type = string +} + variable "mgmt_server_config" { description = "Mgmt server configuration" type = object({ @@ -95,8 +85,19 @@ variable "mgmt_server_config" { } } -variable "istio_version" { - description = "ASM version" +variable "mgmt_subnet_cidr_block" { + description = "Management subnet CIDR block." type = string - default = "1.14.1-asm.3" + default = "10.0.0.0/28" +} + +variable "parent" { + description = "Parent." + type = string +} + +variable "region" { + description = "Region." + type = string + default = "europe-west1" } diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md index bd6df945..9e1cd9b5 100644 --- a/blueprints/gke/multitenant-fleet/README.md +++ b/blueprints/gke/multitenant-fleet/README.md @@ -265,8 +265,8 @@ module "gke" { | name | description | sensitive | |---|---|:---:| -| [cluster_ids](outputs.tf#L22) | Cluster ids. | | -| [clusters](outputs.tf#L17) | Cluster resources. | | +| [cluster_ids](outputs.tf#L17) | Cluster ids. | | +| [clusters](outputs.tf#L24) | Cluster resources. | | | [project_id](outputs.tf#L29) | GKE project id. | | diff --git a/blueprints/gke/multitenant-fleet/outputs.tf b/blueprints/gke/multitenant-fleet/outputs.tf index e2676246..e9eb6985 100644 --- a/blueprints/gke/multitenant-fleet/outputs.tf +++ b/blueprints/gke/multitenant-fleet/outputs.tf @@ -14,11 +14,6 @@ # tfdoc:file:description Output variables. -output "clusters" { - description = "Cluster resources." - value = module.gke-cluster -} - output "cluster_ids" { description = "Cluster ids." value = { @@ -26,6 +21,11 @@ output "cluster_ids" { } } +output "clusters" { + description = "Cluster resources." + value = module.gke-cluster +} + output "project_id" { description = "GKE project id." value = module.gke-project-0.project_id diff --git a/blueprints/networking/glb-and-armor/README.md b/blueprints/networking/glb-and-armor/README.md index 0c9a802e..ff399bf4 100644 --- a/blueprints/networking/glb-and-armor/README.md +++ b/blueprints/networking/glb-and-armor/README.md @@ -118,17 +118,16 @@ The easiest way to remove all the deployed resources is to run the following com terraform destroy The above command will delete the associated resources so there will be no billable charges made afterwards. - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L26) | Identifier of the project. | string | ✓ | | -| [enforce_security_policy](variables.tf#L31) | Enforce security policy. | bool | | true | -| [prefix](variables.tf#L37) | Prefix used for created resources. | string | | null | -| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | object({…}) | | null | +| [project_id](variables.tf#L38) | Identifier of the project. | string | ✓ | | +| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | bool | | true | +| [prefix](variables.tf#L23) | Prefix used for created resources. | string | | null | +| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | object({…}) | | null | ## Outputs diff --git a/blueprints/networking/glb-and-armor/variables.tf b/blueprints/networking/glb-and-armor/variables.tf index 38513fd9..a428a884 100644 --- a/blueprints/networking/glb-and-armor/variables.tf +++ b/blueprints/networking/glb-and-armor/variables.tf @@ -14,6 +14,18 @@ * limitations under the License. */ +variable "enforce_security_policy" { + description = "Enforce security policy." + type = bool + default = true +} + +variable "prefix" { + description = "Prefix used for created resources." + type = string + default = null +} + variable "project_create" { description = "Parameters for the creation of the new project." type = object({ @@ -27,15 +39,3 @@ variable "project_id" { description = "Identifier of the project." type = string } - -variable "enforce_security_policy" { - description = "Enforce security policy." - type = bool - default = true -} - -variable "prefix" { - description = "Prefix used for created resources." - type = string - default = null -} diff --git a/blueprints/networking/psc-hybrid/README.md b/blueprints/networking/psc-hybrid/README.md index 1b67596b..c697e68a 100644 --- a/blueprints/networking/psc-hybrid/README.md +++ b/blueprints/networking/psc-hybrid/README.md @@ -40,16 +40,16 @@ Before applying this Terraform | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [dest_ip_address](variables.tf#L37) | On-prem service destination IP address. | string | ✓ | | -| [prefix](variables.tf#L17) | Prefix to use for resource names. | string | ✓ | | -| [producer](variables.tf#L88) | Producer configuration. | object({…}) | ✓ | | -| [project_id](variables.tf#L22) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | -| [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | -| [subnet_consumer](variables.tf#L98) | Consumer subnet CIDR. | string # CIDR | ✓ | | -| [zone](variables.tf#L32) | Zone where resources will be created. | string | ✓ | | -| [dest_port](variables.tf#L42) | On-prem service destination port. | string | | "80" | -| [project_create](variables.tf#L48) | Whether to automatically create a project. | bool | | false | -| [vpc_config](variables.tf#L60) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | -| [vpc_create](variables.tf#L54) | Whether to automatically create VPCs. | bool | | true | +| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | string | ✓ | | +| [prefix](variables.tf#L28) | Prefix to use for resource names. | string | ✓ | | +| [producer](variables.tf#L33) | Producer configuration. | object({…}) | ✓ | | +| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | +| [region](variables.tf#L54) | Region where resources will be created. | string | ✓ | | +| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | string # CIDR | ✓ | | +| [zone](variables.tf#L98) | Zone where resources will be created. | string | ✓ | | +| [dest_port](variables.tf#L22) | On-prem service destination port. | string | | "80" | +| [project_create](variables.tf#L43) | Whether to automatically create a project. | bool | | false | +| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | +| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | bool | | true | diff --git a/blueprints/networking/psc-hybrid/psc-consumer/README.md b/blueprints/networking/psc-hybrid/psc-consumer/README.md index 23fd8f73..b681fb1e 100644 --- a/blueprints/networking/psc-hybrid/psc-consumer/README.md +++ b/blueprints/networking/psc-hybrid/psc-consumer/README.md @@ -1,18 +1,17 @@ # PSC Consumer The module creates a consumer VPC and a Private Service Connect (PSC) endpoint, pointing to the PSC Service Attachment (SA) specified. - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L22) | Name of the resources created. | string | ✓ | | -| [network](variables.tf#L32) | Consumer network id. | string | ✓ | | -| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | string | ✓ | | -| [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | -| [sa_id](variables.tf#L42) | PSC producer service attachment id. | string | ✓ | | -| [subnet](variables.tf#L37) | Subnetwork id where resources will be associated. | string | ✓ | | +| [name](variables.tf#L17) | Name of the resources created. | string | ✓ | | +| [network](variables.tf#L22) | Consumer network id. | string | ✓ | | +| [project_id](variables.tf#L27) | The ID of the project where this VPC will be created. | string | ✓ | | +| [region](variables.tf#L32) | Region where resources will be created. | string | ✓ | | +| [sa_id](variables.tf#L37) | PSC producer service attachment id. | string | ✓ | | +| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | string | ✓ | | diff --git a/blueprints/networking/psc-hybrid/psc-consumer/variables.tf b/blueprints/networking/psc-hybrid/psc-consumer/variables.tf index 47a0f9a6..03f8c2fe 100644 --- a/blueprints/networking/psc-hybrid/psc-consumer/variables.tf +++ b/blueprints/networking/psc-hybrid/psc-consumer/variables.tf @@ -14,28 +14,23 @@ * limitations under the License. */ -variable "project_id" { - description = "The ID of the project where this VPC will be created." - type = string -} - variable "name" { description = "Name of the resources created." type = string } -variable "region" { - description = "Region where resources will be created." - type = string -} - variable "network" { description = "Consumer network id." type = string } -variable "subnet" { - description = "Subnetwork id where resources will be associated." +variable "project_id" { + description = "The ID of the project where this VPC will be created." + type = string +} + +variable "region" { + description = "Region where resources will be created." type = string } @@ -43,3 +38,8 @@ variable "sa_id" { description = "PSC producer service attachment id." type = string } + +variable "subnet" { + description = "Subnetwork id where resources will be associated." + type = string +} diff --git a/blueprints/networking/psc-hybrid/psc-producer/README.md b/blueprints/networking/psc-hybrid/psc-producer/README.md index 5efd420f..23f1a670 100644 --- a/blueprints/networking/psc-hybrid/psc-producer/README.md +++ b/blueprints/networking/psc-hybrid/psc-producer/README.md @@ -5,24 +5,23 @@ The module creates: - a producer VPC - an internal regional TCP proxy load balancer with a hybrid Network Endpoint Group (NEG) backend, pointing to an on-prem service (IP + port) - a Private Service Connect Service Attachment (PSC SA) exposing the service to [PSC consumers](../psc-consumer/README.md) - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [accepted_limits](variables.tf#L68) | Incoming accepted projects with endpoints limit. | map(number) | ✓ | | -| [dest_ip_address](variables.tf#L57) | On-prem service destination IP address. | string | ✓ | | -| [name](variables.tf#L22) | Name of the resources created. | string | ✓ | | -| [network](variables.tf#L37) | Producer network id. | string | ✓ | | -| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | string | ✓ | | -| [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | -| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | string | ✓ | | -| [subnet_proxy](variables.tf#L47) | L7 Regional load balancing subnet id. | string | ✓ | | -| [subnets_psc](variables.tf#L52) | PSC NAT subnets. | list(string) | ✓ | | -| [zone](variables.tf#L32) | Zone where resources will be created. | string | ✓ | | -| [dest_port](variables.tf#L62) | On-prem service destination port. | string | | "80" | +| [accepted_limits](variables.tf#L17) | Incoming accepted projects with endpoints limit. | map(number) | ✓ | | +| [dest_ip_address](variables.tf#L22) | On-prem service destination IP address. | string | ✓ | | +| [name](variables.tf#L33) | Name of the resources created. | string | ✓ | | +| [network](variables.tf#L38) | Producer network id. | string | ✓ | | +| [project_id](variables.tf#L43) | The ID of the project where this VPC will be created. | string | ✓ | | +| [region](variables.tf#L48) | Region where resources will be created. | string | ✓ | | +| [subnet](variables.tf#L53) | Subnetwork id where resources will be associated. | string | ✓ | | +| [subnet_proxy](variables.tf#L58) | L7 Regional load balancing subnet id. | string | ✓ | | +| [subnets_psc](variables.tf#L63) | PSC NAT subnets. | list(string) | ✓ | | +| [zone](variables.tf#L68) | Zone where resources will be created. | string | ✓ | | +| [dest_port](variables.tf#L27) | On-prem service destination port. | string | | "80" | ## Outputs diff --git a/blueprints/networking/psc-hybrid/psc-producer/variables.tf b/blueprints/networking/psc-hybrid/psc-producer/variables.tf index c085ecdc..c4105e4a 100644 --- a/blueprints/networking/psc-hybrid/psc-producer/variables.tf +++ b/blueprints/networking/psc-hybrid/psc-producer/variables.tf @@ -14,31 +14,42 @@ * limitations under the License. */ -variable "project_id" { - description = "The ID of the project where this VPC will be created." +variable "accepted_limits" { + description = "Incoming accepted projects with endpoints limit." + type = map(number) +} + +variable "dest_ip_address" { + description = "On-prem service destination IP address." type = string } +variable "dest_port" { + description = "On-prem service destination port." + type = string + default = "80" +} + variable "name" { description = "Name of the resources created." type = string } -variable "region" { - description = "Region where resources will be created." - type = string -} - -variable "zone" { - description = "Zone where resources will be created." - type = string -} - variable "network" { description = "Producer network id." type = string } +variable "project_id" { + description = "The ID of the project where this VPC will be created." + type = string +} + +variable "region" { + description = "Region where resources will be created." + type = string +} + variable "subnet" { description = "Subnetwork id where resources will be associated." type = string @@ -54,18 +65,7 @@ variable "subnets_psc" { type = list(string) } -variable "dest_ip_address" { - description = "On-prem service destination IP address." +variable "zone" { + description = "Zone where resources will be created." type = string } - -variable "dest_port" { - description = "On-prem service destination port." - type = string - default = "80" -} - -variable "accepted_limits" { - description = "Incoming accepted projects with endpoints limit." - type = map(number) -} diff --git a/blueprints/networking/psc-hybrid/variables.tf b/blueprints/networking/psc-hybrid/variables.tf index 012e26d0..1d38692d 100644 --- a/blueprints/networking/psc-hybrid/variables.tf +++ b/blueprints/networking/psc-hybrid/variables.tf @@ -14,11 +14,38 @@ * limitations under the License. */ +variable "dest_ip_address" { + description = "On-prem service destination IP address." + type = string +} + +variable "dest_port" { + description = "On-prem service destination port." + type = string + default = "80" +} + variable "prefix" { description = "Prefix to use for resource names." type = string } +variable "producer" { + description = "Producer configuration." + type = object({ + subnet_main = string # CIDR + subnet_proxy = string # CIDR + subnet_psc = string # CIDR + accepted_limits = map(number) # Accepted project ids => PSC endpoint limit + }) +} + +variable "project_create" { + description = "Whether to automatically create a project." + type = bool + default = false +} + variable "project_id" { description = "When referncing existing projects, the id of the project where resources will be created." type = string @@ -29,32 +56,9 @@ variable "region" { type = string } -variable "zone" { - description = "Zone where resources will be created." - type = string -} - -variable "dest_ip_address" { - description = "On-prem service destination IP address." - type = string -} - -variable "dest_port" { - description = "On-prem service destination port." - type = string - default = "80" -} - -variable "project_create" { - description = "Whether to automatically create a project." - type = bool - default = false -} - -variable "vpc_create" { - description = "Whether to automatically create VPCs." - type = bool - default = true +variable "subnet_consumer" { + description = "Consumer subnet CIDR." + type = string # CIDR } variable "vpc_config" { @@ -85,17 +89,13 @@ variable "vpc_config" { } } -variable "producer" { - description = "Producer configuration." - type = object({ - subnet_main = string # CIDR - subnet_proxy = string # CIDR - subnet_psc = string # CIDR - accepted_limits = map(number) # Accepted project ids => PSC endpoint limit - }) +variable "vpc_create" { + description = "Whether to automatically create VPCs." + type = bool + default = true } -variable "subnet_consumer" { - description = "Consumer subnet CIDR." - type = string # CIDR +variable "zone" { + description = "Zone where resources will be created." + type = string } diff --git a/blueprints/third-party-solutions/openshift/tf/README.md b/blueprints/third-party-solutions/openshift/tf/README.md index 9ff776f5..190f0b42 100644 --- a/blueprints/third-party-solutions/openshift/tf/README.md +++ b/blueprints/third-party-solutions/openshift/tf/README.md @@ -8,18 +8,18 @@ This example is a companion setup to the Python script in the parent folder, and | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [cluster_name](variables.tf#L23) | Name used for the cluster and DNS zone. | string | ✓ | | -| [domain](variables.tf#L28) | Domain name used to derive the DNS zone. | string | ✓ | | -| [fs_paths](variables.tf#L87) | Filesystem paths for commands and data, supports home path expansion. | object({…}) | ✓ | | -| [host_project](variables.tf#L44) | Shared VPC project and network configuration. | object({…}) | ✓ | | -| [service_project](variables.tf#L124) | Service project configuration. | object({…}) | ✓ | | +| [domain](variables.tf#L39) | Domain name used to derive the DNS zone. | string | ✓ | | +| [fs_paths](variables.tf#L44) | Filesystem paths for commands and data, supports home path expansion. | object({…}) | ✓ | | +| [host_project](variables.tf#L55) | Shared VPC project and network configuration. | object({…}) | ✓ | | +| [service_project](variables.tf#L125) | Service project configuration. | object({…}) | ✓ | | | [allowed_ranges](variables.tf#L17) | Ranges that can SSH to the boostrap VM and API endpoint. | list(any) | | ["10.0.0.0/8"] | -| [disk_encryption_key](variables.tf#L33) | Optional CMEK for disk encryption. | object({…}) | | null | -| [install_config_params](variables.tf#L57) | OpenShift cluster configuration. | object({…}) | | {…} | -| [post_bootstrap_config](variables.tf#L102) | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({…}) | | null | -| [region](variables.tf#L110) | Region where resources will be created. | string | | "europe-west1" | -| [rhcos_gcp_image](variables.tf#L116) | RHCOS image used. | string | | "projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64" | -| [tags](variables.tf#L131) | Additional tags for instances. | list(string) | | ["ssh"] | -| [zones](variables.tf#L137) | Zones used for instances. | list(string) | | ["b", "c", "d"] | +| [disk_encryption_key](variables.tf#L28) | Optional CMEK for disk encryption. | object({…}) | | null | +| [install_config_params](variables.tf#L68) | OpenShift cluster configuration. | object({…}) | | {…} | +| [post_bootstrap_config](variables.tf#L103) | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({…}) | | null | +| [region](variables.tf#L111) | Region where resources will be created. | string | | "europe-west1" | +| [rhcos_gcp_image](variables.tf#L117) | RHCOS image used. | string | | "projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64" | +| [tags](variables.tf#L132) | Additional tags for instances. | list(string) | | ["ssh"] | +| [zones](variables.tf#L138) | Zones used for instances. | list(string) | | ["b", "c", "d"] | ## Outputs diff --git a/blueprints/third-party-solutions/openshift/tf/variables.tf b/blueprints/third-party-solutions/openshift/tf/variables.tf index 3017403e..ee90bfef 100644 --- a/blueprints/third-party-solutions/openshift/tf/variables.tf +++ b/blueprints/third-party-solutions/openshift/tf/variables.tf @@ -23,13 +23,8 @@ variable "allowed_ranges" { variable "cluster_name" { description = "Name used for the cluster and DNS zone." type = string -} -variable "domain" { - description = "Domain name used to derive the DNS zone." - type = string } - variable "disk_encryption_key" { description = "Optional CMEK for disk encryption." type = object({ @@ -41,6 +36,22 @@ variable "disk_encryption_key" { default = null } +variable "domain" { + description = "Domain name used to derive the DNS zone." + type = string +} + +variable "fs_paths" { + description = "Filesystem paths for commands and data, supports home path expansion." + type = object({ + credentials = string + config_dir = string + openshift_install = string + pull_secret = string + ssh_key = string + }) +} + variable "host_project" { description = "Shared VPC project and network configuration." type = object({ @@ -84,16 +95,6 @@ variable "install_config_params" { } } -variable "fs_paths" { - description = "Filesystem paths for commands and data, supports home path expansion." - type = object({ - credentials = string - config_dir = string - openshift_install = string - pull_secret = string - ssh_key = string - }) -} # oc -n openshift-cloud-credential-operator get CredentialsRequest \ # openshift-machine-api-gcp \ diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md index 683025a7..ec1b025a 100644 --- a/fast/stages/00-bootstrap/README.md +++ b/fast/stages/00-bootstrap/README.md @@ -491,8 +491,8 @@ The remaining configuration is manual, as it regards the repositories themselves | [federated_identity](outputs.tf#L116) | Workload Identity Federation pool and providers. | | | | [outputs_bucket](outputs.tf#L126) | GCS bucket where generated output files are stored. | | | | [project_ids](outputs.tf#L131) | Projects created by this stage. | | | -| [providers](outputs.tf#L151) | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | -| [service_accounts](outputs.tf#L140) | Automation service accounts created by this stage. | | | -| [tfvars](outputs.tf#L160) | Terraform variable files for the following stages. | ✓ | | +| [providers](outputs.tf#L141) | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | +| [service_accounts](outputs.tf#L148) | Automation service accounts created by this stage. | | | +| [tfvars](outputs.tf#L158) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/00-bootstrap/outputs.tf b/fast/stages/00-bootstrap/outputs.tf index 2511c939..73dd64f4 100644 --- a/fast/stages/00-bootstrap/outputs.tf +++ b/fast/stages/00-bootstrap/outputs.tf @@ -137,6 +137,14 @@ output "project_ids" { } } +# ready to use provider configurations for subsequent stages when not using files +output "providers" { + # tfdoc:output:consumers stage-01 + description = "Terraform provider files for this stage and dependent stages." + sensitive = true + value = local.providers +} + output "service_accounts" { description = "Automation service accounts created by this stage." value = { @@ -146,17 +154,7 @@ output "service_accounts" { } } -# ready to use provider configurations for subsequent stages when not using files - -output "providers" { - # tfdoc:output:consumers stage-01 - description = "Terraform provider files for this stage and dependent stages." - sensitive = true - value = local.providers -} - # ready to use variable values for subsequent stages - output "tfvars" { description = "Terraform variable files for the following stages." sensitive = true diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md index 52e73c55..449fa614 100644 --- a/fast/stages/01-resman/README.md +++ b/fast/stages/01-resman/README.md @@ -201,13 +201,13 @@ Due to its simplicity, this stage lends itself easily to customizations: adding |---|---|:---:|---| | [cicd_repositories](outputs.tf#L197) | WIF configuration for CI/CD repositories. | | | | [dataplatform](outputs.tf#L211) | Data for the Data Platform stage. | | | -| [gke_multitenant](outputs.tf#L283) | Data for the GKE multitenant stage. | | 03-gke-multitenant | -| [networking](outputs.tf#L227) | Data for the networking stage. | | | -| [project_factories](outputs.tf#L236) | Data for the project factories stage. | | | -| [providers](outputs.tf#L252) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · 03-dataplatform · xx-sandbox · xx-teams | -| [sandbox](outputs.tf#L259) | Data for the sandbox stage. | | xx-sandbox | -| [security](outputs.tf#L273) | Data for the networking stage. | | 02-security | -| [teams](outputs.tf#L304) | Data for the teams stage. | | | -| [tfvars](outputs.tf#L317) | Terraform variable files for the following stages. | ✓ | | +| [gke_multitenant](outputs.tf#L227) | Data for the GKE multitenant stage. | | 03-gke-multitenant | +| [networking](outputs.tf#L248) | Data for the networking stage. | | | +| [project_factories](outputs.tf#L257) | Data for the project factories stage. | | | +| [providers](outputs.tf#L272) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · 03-dataplatform · xx-sandbox · xx-teams | +| [sandbox](outputs.tf#L279) | Data for the sandbox stage. | | xx-sandbox | +| [security](outputs.tf#L293) | Data for the networking stage. | | 02-security | +| [teams](outputs.tf#L303) | Data for the teams stage. | | | +| [tfvars](outputs.tf#L315) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/01-resman/outputs.tf b/fast/stages/01-resman/outputs.tf index 54c661af..9b1a6760 100644 --- a/fast/stages/01-resman/outputs.tf +++ b/fast/stages/01-resman/outputs.tf @@ -224,6 +224,27 @@ output "dataplatform" { } } +output "gke_multitenant" { + # tfdoc:output:consumers 03-gke-multitenant + description = "Data for the GKE multitenant stage." + value = ( + var.fast_features.gke + ? { + "dev" = { + folder = module.branch-gke-dev-folder.0.id + gcs_bucket = module.branch-gke-dev-gcs.0.name + service_account = module.branch-gke-dev-sa.0.email + } + "prod" = { + folder = module.branch-gke-prod-folder.0.id + gcs_bucket = module.branch-gke-prod-gcs.0.name + service_account = module.branch-gke-prod-sa.0.email + } + } + : {} + ) +} + output "networking" { description = "Data for the networking stage." value = { @@ -248,7 +269,6 @@ output "project_factories" { } # ready to use provider configurations for subsequent stages - output "providers" { # tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams description = "Terraform provider files for this stage and dependent stages." @@ -280,27 +300,6 @@ output "security" { } } -output "gke_multitenant" { - # tfdoc:output:consumers 03-gke-multitenant - description = "Data for the GKE multitenant stage." - value = ( - var.fast_features.gke - ? { - "dev" = { - folder = module.branch-gke-dev-folder.0.id - gcs_bucket = module.branch-gke-dev-gcs.0.name - service_account = module.branch-gke-dev-sa.0.email - } - "prod" = { - folder = module.branch-gke-prod-folder.0.id - gcs_bucket = module.branch-gke-prod-gcs.0.name - service_account = module.branch-gke-prod-sa.0.email - } - } - : {} - ) -} - output "teams" { description = "Data for the teams stage." value = { @@ -313,7 +312,6 @@ output "teams" { } # ready to use variable values for subsequent stages - output "tfvars" { description = "Terraform variable files for the following stages." sensitive = true diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md index cddfddaa..a8c9d956 100644 --- a/fast/stages/02-networking-nva/README.md +++ b/fast/stages/02-networking-nva/README.md @@ -396,7 +396,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [host_project_ids](outputs.tf#L58) | Network project ids. | | | | [host_project_numbers](outputs.tf#L63) | Network project numbers. | | | | [shared_vpc_self_links](outputs.tf#L68) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L87) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L73) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L73) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L79) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-nva/outputs.tf b/fast/stages/02-networking-nva/outputs.tf index d4a4a1ce..df324570 100644 --- a/fast/stages/02-networking-nva/outputs.tf +++ b/fast/stages/02-networking-nva/outputs.tf @@ -70,6 +70,12 @@ output "shared_vpc_self_links" { value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -83,9 +89,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-networking-peering/README.md b/fast/stages/02-networking-peering/README.md index 1dfdb9a5..f6a82809 100644 --- a/fast/stages/02-networking-peering/README.md +++ b/fast/stages/02-networking-peering/README.md @@ -321,7 +321,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [host_project_ids](outputs.tf#L68) | Network project ids. | | | | [host_project_numbers](outputs.tf#L73) | Network project numbers. | | | | [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-peering/outputs.tf b/fast/stages/02-networking-peering/outputs.tf index 405b2dbe..3b97b7f2 100644 --- a/fast/stages/02-networking-peering/outputs.tf +++ b/fast/stages/02-networking-peering/outputs.tf @@ -80,6 +80,12 @@ output "shared_vpc_self_links" { value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-networking-separate-envs/README.md b/fast/stages/02-networking-separate-envs/README.md index 6fdb00cf..a874311a 100644 --- a/fast/stages/02-networking-separate-envs/README.md +++ b/fast/stages/02-networking-separate-envs/README.md @@ -259,11 +259,11 @@ You're now ready to run `terraform init` and `apply`. | name | description | sensitive | consumers | |---|---|:---:|---| | [dev_cloud_dns_inbound_policy](outputs.tf#L59) | IP Addresses for Cloud DNS inbound policy for the dev environment. | | | -| [host_project_ids](outputs.tf#L69) | Network project ids. | | | -| [host_project_numbers](outputs.tf#L74) | Network project numbers. | | | -| [prod_cloud_dns_inbound_policy](outputs.tf#L64) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | | +| [host_project_ids](outputs.tf#L64) | Network project ids. | | | +| [host_project_numbers](outputs.tf#L69) | Network project numbers. | | | +| [prod_cloud_dns_inbound_policy](outputs.tf#L74) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | | | [shared_vpc_self_links](outputs.tf#L79) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L98) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L84) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L84) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L90) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-separate-envs/outputs.tf b/fast/stages/02-networking-separate-envs/outputs.tf index 22016037..d06d499d 100644 --- a/fast/stages/02-networking-separate-envs/outputs.tf +++ b/fast/stages/02-networking-separate-envs/outputs.tf @@ -61,11 +61,6 @@ output "dev_cloud_dns_inbound_policy" { value = [for s in module.dev-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] } -output "prod_cloud_dns_inbound_policy" { - description = "IP Addresses for Cloud DNS inbound policy for the prod environment." - value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] -} - output "host_project_ids" { description = "Network project ids." value = local.host_project_ids @@ -76,11 +71,22 @@ output "host_project_numbers" { value = local.host_project_numbers } +output "prod_cloud_dns_inbound_policy" { + description = "IP Addresses for Cloud DNS inbound policy for the prod environment." + value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] +} + output "shared_vpc_self_links" { description = "Shared VPC host projects." value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -94,9 +100,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md index 783b11fb..8a884c09 100644 --- a/fast/stages/02-networking-vpn/README.md +++ b/fast/stages/02-networking-vpn/README.md @@ -347,7 +347,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [host_project_ids](outputs.tf#L68) | Network project ids. | | | | [host_project_numbers](outputs.tf#L73) | Network project numbers. | | | | [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-vpn/outputs.tf b/fast/stages/02-networking-vpn/outputs.tf index 405b2dbe..3b97b7f2 100644 --- a/fast/stages/02-networking-vpn/outputs.tf +++ b/fast/stages/02-networking-vpn/outputs.tf @@ -80,6 +80,12 @@ output "shared_vpc_self_links" { value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-security/README.md b/fast/stages/02-security/README.md index 7d1a83a3..72e93606 100644 --- a/fast/stages/02-security/README.md +++ b/fast/stages/02-security/README.md @@ -265,13 +265,13 @@ Some references that might be useful in setting up this stage: | [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 00-bootstrap | | [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | | [folder_ids](variables.tf#L34) | Folder name => id mappings, the 'security' folder name must exist. | object({…}) | ✓ | | 01-resman | -| [organization](variables.tf#L91) | Organization details. | object({…}) | ✓ | | 00-bootstrap | -| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | -| [service_accounts](variables.tf#L80) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | object({…}) | ✓ | | 01-resman | +| [organization](variables.tf#L80) | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L96) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | +| [service_accounts](variables.tf#L107) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | object({…}) | ✓ | | 01-resman | | [groups](variables.tf#L42) | Group names to grant organization-level permissions. | map(string) | | {…} | 00-bootstrap | | [kms_defaults](variables.tf#L57) | Defaults used for KMS keys. | object({…}) | | {…} | | | [kms_keys](variables.tf#L69) | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | map(object({…})) | | {} | | -| [outputs_location](variables.tf#L101) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | +| [outputs_location](variables.tf#L90) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | | [vpc_sc_access_levels](variables.tf#L118) | VPC SC access level definitions. | map(object({…})) | | {} | | | [vpc_sc_egress_policies](variables.tf#L147) | VPC SC egress policy defnitions. | map(object({…})) | | {} | | | [vpc_sc_ingress_policies](variables.tf#L167) | VPC SC ingress policy defnitions. | map(object({…})) | | {} | | diff --git a/fast/stages/02-security/variables.tf b/fast/stages/02-security/variables.tf index a28ed56a..349589c9 100644 --- a/fast/stages/02-security/variables.tf +++ b/fast/stages/02-security/variables.tf @@ -77,17 +77,6 @@ variable "kms_keys" { default = {} } -variable "service_accounts" { - # tfdoc:variable:source 01-resman - description = "Automation service accounts that can assign the encrypt/decrypt roles on keys." - type = object({ - data-platform-dev = string - data-platform-prod = string - project-factory-dev = string - project-factory-prod = string - }) -} - variable "organization" { # tfdoc:variable:source 00-bootstrap description = "Organization details." @@ -115,6 +104,17 @@ variable "prefix" { } } +variable "service_accounts" { + # tfdoc:variable:source 01-resman + description = "Automation service accounts that can assign the encrypt/decrypt roles on keys." + type = object({ + data-platform-dev = string + data-platform-prod = string + project-factory-dev = string + project-factory-prod = string + }) +} + variable "vpc_sc_access_levels" { description = "VPC SC access level definitions." type = map(object({ diff --git a/fast/stages/03-data-platform/dev/README.md b/fast/stages/03-data-platform/dev/README.md index 342e11fc..d987a5e1 100644 --- a/fast/stages/03-data-platform/dev/README.md +++ b/fast/stages/03-data-platform/dev/README.md @@ -190,11 +190,11 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data- | name | description | sensitive | consumers | |---|---|:---:|---| | [bigquery_datasets](outputs.tf#L42) | BigQuery datasets. | | | -| [demo_commands](outputs.tf#L72) | Demo commands. | | | -| [gcs_buckets](outputs.tf#L47) | GCS buckets. | | | -| [kms_keys](outputs.tf#L52) | Cloud MKS keys. | | | -| [projects](outputs.tf#L57) | GCP Projects informations. | | | -| [vpc_network](outputs.tf#L62) | VPC network. | | | -| [vpc_subnet](outputs.tf#L67) | VPC subnetworks. | | | +| [demo_commands](outputs.tf#L47) | Demo commands. | | | +| [gcs_buckets](outputs.tf#L52) | GCS buckets. | | | +| [kms_keys](outputs.tf#L57) | Cloud MKS keys. | | | +| [projects](outputs.tf#L62) | GCP Projects informations. | | | +| [vpc_network](outputs.tf#L67) | VPC network. | | | +| [vpc_subnet](outputs.tf#L72) | VPC subnetworks. | | | diff --git a/fast/stages/03-data-platform/dev/outputs.tf b/fast/stages/03-data-platform/dev/outputs.tf index 346bf16b..d0f79358 100644 --- a/fast/stages/03-data-platform/dev/outputs.tf +++ b/fast/stages/03-data-platform/dev/outputs.tf @@ -44,6 +44,11 @@ output "bigquery_datasets" { value = module.data-platform.bigquery-datasets } +output "demo_commands" { + description = "Demo commands." + value = module.data-platform.demo_commands +} + output "gcs_buckets" { description = "GCS buckets." value = module.data-platform.gcs-buckets @@ -68,8 +73,3 @@ output "vpc_subnet" { description = "VPC subnetworks." value = module.data-platform.vpc_subnet } - -output "demo_commands" { - description = "Demo commands." - value = module.data-platform.demo_commands -} diff --git a/fast/stages/03-gke-multitenant/dev/README.md b/fast/stages/03-gke-multitenant/dev/README.md index f3abf494..c446fbcb 100644 --- a/fast/stages/03-gke-multitenant/dev/README.md +++ b/fast/stages/03-gke-multitenant/dev/README.md @@ -143,7 +143,7 @@ terraform apply | [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 00-bootstrap | | [billing_account](variables.tf#L29) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | | [folder_ids](variables.tf#L149) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 01-resman | -| [host_project_ids](variables.tf#L171) | Host project for the shared VPC. | object({…}) | ✓ | | 02-networking | +| [host_project_ids](variables.tf#L164) | Host project for the shared VPC. | object({…}) | ✓ | | 02-networking | | [prefix](variables.tf#L213) | Prefix used for resources that need unique names. | string | ✓ | | | | [vpc_self_links](variables.tf#L225) | Self link for the shared VPC. | object({…}) | ✓ | | 02-networking | | [clusters](variables.tf#L38) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | | @@ -152,7 +152,7 @@ terraform apply | [fleet_features](variables.tf#L129) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | object({…}) | | null | | | [fleet_workload_identity](variables.tf#L142) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | bool | | false | | | [group_iam](variables.tf#L157) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | map(list(string)) | | {} | | -| [iam](variables.tf#L164) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | +| [iam](variables.tf#L172) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | | [labels](variables.tf#L179) | Project-level labels. | map(string) | | {} | | | [nodepools](variables.tf#L185) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | | | [outputs_location](variables.tf#L207) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | @@ -162,8 +162,8 @@ terraform apply | name | description | sensitive | consumers | |---|---|:---:|---| -| [cluster_ids](outputs.tf#L63) | Cluster ids. | | | -| [clusters](outputs.tf#L57) | Cluster resources. | ✓ | | +| [cluster_ids](outputs.tf#L57) | Cluster ids. | | | +| [clusters](outputs.tf#L62) | Cluster resources. | ✓ | | | [project_id](outputs.tf#L68) | GKE project id. | | | diff --git a/fast/stages/03-gke-multitenant/dev/outputs.tf b/fast/stages/03-gke-multitenant/dev/outputs.tf index 216db95d..87b0ca73 100644 --- a/fast/stages/03-gke-multitenant/dev/outputs.tf +++ b/fast/stages/03-gke-multitenant/dev/outputs.tf @@ -54,17 +54,17 @@ resource "google_storage_bucket_object" "tfvars" { # outputs +output "cluster_ids" { + description = "Cluster ids." + value = module.gke-multitenant.cluster_ids +} + output "clusters" { description = "Cluster resources." value = module.gke-multitenant.clusters sensitive = true } -output "cluster_ids" { - description = "Cluster ids." - value = module.gke-multitenant.cluster_ids -} - output "project_id" { description = "GKE project id." value = module.gke-multitenant.project_id diff --git a/fast/stages/03-gke-multitenant/dev/variables.tf b/fast/stages/03-gke-multitenant/dev/variables.tf index 9c5a1d38..6be89126 100644 --- a/fast/stages/03-gke-multitenant/dev/variables.tf +++ b/fast/stages/03-gke-multitenant/dev/variables.tf @@ -161,13 +161,6 @@ variable "group_iam" { nullable = false } -variable "iam" { - description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format." - type = map(list(string)) - default = {} - nullable = false -} - variable "host_project_ids" { # tfdoc:variable:source 02-networking description = "Host project for the shared VPC." @@ -176,6 +169,13 @@ variable "host_project_ids" { }) } +variable "iam" { + description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format." + type = map(list(string)) + default = {} + nullable = false +} + variable "labels" { description = "Project-level labels." type = map(string) diff --git a/fast/stages/03-project-factory/dev/README.md b/fast/stages/03-project-factory/dev/README.md index 3c29c5dc..8fe213ce 100644 --- a/fast/stages/03-project-factory/dev/README.md +++ b/fast/stages/03-project-factory/dev/README.md @@ -109,12 +109,12 @@ terraform apply | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [billing_account](variables.tf#L19) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | -| [prefix](variables.tf#L47) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L56) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | | [data_dir](variables.tf#L28) | Relative path for the folder storing configuration data. | string | | "data/projects" | | -| [defaults_file](variables.tf#L41) | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | -| [environment_dns_zone](variables.tf#L34) | DNS zone suffix for environment. | string | | null | 02-networking | -| [host_project_ids](variables.tf#L67) | Host project for the shared VPC. | object({…}) | | null | 02-networking | -| [vpc_self_links](variables.tf#L58) | Self link for the shared VPC. | object({…}) | | null | 02-networking | +| [defaults_file](variables.tf#L34) | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | +| [environment_dns_zone](variables.tf#L40) | DNS zone suffix for environment. | string | | null | 02-networking | +| [host_project_ids](variables.tf#L47) | Host project for the shared VPC. | object({…}) | | null | 02-networking | +| [vpc_self_links](variables.tf#L67) | Self link for the shared VPC. | object({…}) | | null | 02-networking | ## Outputs diff --git a/fast/stages/03-project-factory/dev/variables.tf b/fast/stages/03-project-factory/dev/variables.tf index 0fe8c7dc..2993bfba 100644 --- a/fast/stages/03-project-factory/dev/variables.tf +++ b/fast/stages/03-project-factory/dev/variables.tf @@ -31,6 +31,12 @@ variable "data_dir" { default = "data/projects" } +variable "defaults_file" { + description = "Relative path for the file storing the project factory configuration." + type = string + default = "data/defaults.yaml" +} + variable "environment_dns_zone" { # tfdoc:variable:source 02-networking description = "DNS zone suffix for environment." @@ -38,10 +44,13 @@ variable "environment_dns_zone" { default = null } -variable "defaults_file" { - description = "Relative path for the file storing the project factory configuration." - type = string - default = "data/defaults.yaml" +variable "host_project_ids" { + # tfdoc:variable:source 02-networking + description = "Host project for the shared VPC." + type = object({ + dev-spoke-0 = string + }) + default = null } variable "prefix" { @@ -63,12 +72,3 @@ variable "vpc_self_links" { }) default = null } - -variable "host_project_ids" { - # tfdoc:variable:source 02-networking - description = "Host project for the shared VPC." - type = object({ - dev-spoke-0 = string - }) - default = null -} diff --git a/modules/cloud-config-container/cos-generic-metadata/README.md b/modules/cloud-config-container/cos-generic-metadata/README.md index a5abc9d4..16d1935e 100644 --- a/modules/cloud-config-container/cos-generic-metadata/README.md +++ b/modules/cloud-config-container/cos-generic-metadata/README.md @@ -61,20 +61,20 @@ module "cos-envoy" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [container_image](variables.tf#L42) | Container image. | string | ✓ | | -| [authenticate_gcr](variables.tf#L112) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | -| [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s. | list(string) | | [] | -| [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | -| [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config`. | map(any) | | {} | -| [container_args](variables.tf#L35) | Arguments for container. | string | | "" | -| [container_name](variables.tf#L47) | Name of the container to be run. | string | | "container" | -| [container_volumes](variables.tf#L53) | List of volumes. | list(object({…})) | | [] | -| [docker_args](variables.tf#L62) | Extra arguments to be passed for docker. | string | | null | -| [file_defaults](variables.tf#L68) | Default owner and permissions for files. | object({…}) | | {…} | -| [files](variables.tf#L80) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| [run_as_first_user](variables.tf#L106) | Run as the first user if users are specified. | bool | | true | -| [run_commands](variables.tf#L90) | List of cloud-init `runcmd`s. | list(string) | | [] | -| [users](variables.tf#L96) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | +| [container_image](variables.tf#L47) | Container image. | string | ✓ | | +| [authenticate_gcr](variables.tf#L17) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | +| [boot_commands](variables.tf#L23) | List of cloud-init `bootcmd`s. | list(string) | | [] | +| [cloud_config](variables.tf#L29) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | +| [config_variables](variables.tf#L35) | Additional variables used to render the template passed via `cloud_config`. | map(any) | | {} | +| [container_args](variables.tf#L41) | Arguments for container. | string | | "" | +| [container_name](variables.tf#L52) | Name of the container to be run. | string | | "container" | +| [container_volumes](variables.tf#L58) | List of volumes. | list(object({…})) | | [] | +| [docker_args](variables.tf#L67) | Extra arguments to be passed for docker. | string | | null | +| [file_defaults](variables.tf#L73) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L85) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [run_as_first_user](variables.tf#L95) | Run as the first user if users are specified. | bool | | true | +| [run_commands](variables.tf#L101) | List of cloud-init `runcmd`s. | list(string) | | [] | +| [users](variables.tf#L107) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | ## Outputs diff --git a/modules/cloud-config-container/cos-generic-metadata/variables.tf b/modules/cloud-config-container/cos-generic-metadata/variables.tf index 1720afa1..02259164 100644 --- a/modules/cloud-config-container/cos-generic-metadata/variables.tf +++ b/modules/cloud-config-container/cos-generic-metadata/variables.tf @@ -14,6 +14,12 @@ * limitations under the License. */ +variable "authenticate_gcr" { + description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined." + type = bool + default = false +} + variable "boot_commands" { description = "List of cloud-init `bootcmd`s." type = list(string) @@ -38,7 +44,6 @@ variable "container_args" { default = "" } - variable "container_image" { description = "Container image." type = string @@ -87,6 +92,12 @@ variable "files" { default = {} } +variable "run_as_first_user" { + description = "Run as the first user if users are specified." + type = bool + default = true +} + variable "run_commands" { description = "List of cloud-init `runcmd`s." type = list(string) @@ -102,15 +113,3 @@ variable "users" { default = [ ] } - -variable "run_as_first_user" { - description = "Run as the first user if users are specified." - type = bool - default = true -} - -variable "authenticate_gcr" { - description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined." - type = bool - default = false -} diff --git a/modules/cloud-config-container/nginx-tls/README.md b/modules/cloud-config-container/nginx-tls/README.md index fbd048fd..d5790cf2 100644 --- a/modules/cloud-config-container/nginx-tls/README.md +++ b/modules/cloud-config-container/nginx-tls/README.md @@ -50,10 +50,10 @@ module "vm-nginx-tls" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [files](variables.tf#L35) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null | -| [nginx_image](variables.tf#L17) | Nginx container image to use. | string | | "nginx:1.23.1" | -| [runcmd_post](variables.tf#L29) | Extra commands to run after starting nginx. | list(string) | | [] | -| [runcmd_pre](variables.tf#L23) | Extra commands to run before starting nginx. | list(string) | | [] | +| [files](variables.tf#L17) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null | +| [nginx_image](variables.tf#L27) | Nginx container image to use. | string | | "nginx:1.23.1" | +| [runcmd_post](variables.tf#L33) | Extra commands to run after starting nginx. | list(string) | | [] | +| [runcmd_pre](variables.tf#L39) | Extra commands to run before starting nginx. | list(string) | | [] | | [users](variables.tf#L45) | Additional list of usernames to be created. | list(object({…})) | | […] | ## Outputs diff --git a/modules/cloud-config-container/nginx-tls/variables.tf b/modules/cloud-config-container/nginx-tls/variables.tf index fd7f6625..9ca82626 100644 --- a/modules/cloud-config-container/nginx-tls/variables.tf +++ b/modules/cloud-config-container/nginx-tls/variables.tf @@ -14,24 +14,6 @@ * limitations under the License. */ -variable "nginx_image" { - description = "Nginx container image to use." - type = string - default = "nginx:1.23.1" -} - -variable "runcmd_pre" { - description = "Extra commands to run before starting nginx." - type = list(string) - default = [] -} - -variable "runcmd_post" { - description = "Extra commands to run after starting nginx." - type = list(string) - default = [] -} - variable "files" { description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." type = map(object({ @@ -42,6 +24,24 @@ variable "files" { default = null } +variable "nginx_image" { + description = "Nginx container image to use." + type = string + default = "nginx:1.23.1" +} + +variable "runcmd_post" { + description = "Extra commands to run after starting nginx." + type = list(string) + default = [] +} + +variable "runcmd_pre" { + description = "Extra commands to run before starting nginx." + type = list(string) + default = [] +} + variable "users" { description = "Additional list of usernames to be created." type = list(object({ diff --git a/modules/cloud-config-container/nginx/README.md b/modules/cloud-config-container/nginx/README.md index 25cbc98c..12ca3d5d 100644 --- a/modules/cloud-config-container/nginx/README.md +++ b/modules/cloud-config-container/nginx/README.md @@ -62,12 +62,12 @@ module "cos-nginx" { |---|---|:---:|:---:|:---:| | [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | | [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | map(any) | | {} | -| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | object({…}) | | {…} | -| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| [image](variables.tf#L29) | Nginx container image. | string | | "nginxdemos/hello:plain-text" | -| [nginx_config](variables.tf#L35) | Nginx configuration path, if null container default will be used. | string | | null | -| [runcmd_post](variables.tf#L69) | Extra commands to run after starting nginx. | list(string) | | [] | -| [runcmd_pre](variables.tf#L63) | Extra commands to run before starting nginx. | list(string) | | [] | +| [file_defaults](variables.tf#L29) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L41) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [image](variables.tf#L51) | Nginx container image. | string | | "nginxdemos/hello:plain-text" | +| [nginx_config](variables.tf#L57) | Nginx configuration path, if null container default will be used. | string | | null | +| [runcmd_post](variables.tf#L63) | Extra commands to run after starting nginx. | list(string) | | [] | +| [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | list(string) | | [] | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | | [users](variables.tf#L75) | List of additional usernames to be created. | list(object({…})) | | […] | diff --git a/modules/cloud-config-container/nginx/variables.tf b/modules/cloud-config-container/nginx/variables.tf index 62f58944..973baff2 100644 --- a/modules/cloud-config-container/nginx/variables.tf +++ b/modules/cloud-config-container/nginx/variables.tf @@ -26,18 +26,6 @@ variable "config_variables" { default = {} } -variable "image" { - description = "Nginx container image." - type = string - default = "nginxdemos/hello:plain-text" -} - -variable "nginx_config" { - description = "Nginx configuration path, if null container default will be used." - type = string - default = null -} - variable "file_defaults" { description = "Default owner and permissions for files." type = object({ @@ -60,10 +48,16 @@ variable "files" { default = {} } -variable "runcmd_pre" { - description = "Extra commands to run before starting nginx." - type = list(string) - default = [] +variable "image" { + description = "Nginx container image." + type = string + default = "nginxdemos/hello:plain-text" +} + +variable "nginx_config" { + description = "Nginx configuration path, if null container default will be used." + type = string + default = null } variable "runcmd_post" { @@ -72,6 +66,12 @@ variable "runcmd_post" { default = [] } +variable "runcmd_pre" { + description = "Extra commands to run before starting nginx." + type = list(string) + default = [] +} + variable "users" { description = "List of additional usernames to be created." type = list(object({ diff --git a/modules/cloud-config-container/simple-nva/README.md b/modules/cloud-config-container/simple-nva/README.md index 3f5b0553..0e495df5 100644 --- a/modules/cloud-config-container/simple-nva/README.md +++ b/modules/cloud-config-container/simple-nva/README.md @@ -72,8 +72,8 @@ module "nva" { |---|---|:---:|:---:|:---:| | [network_interfaces](variables.tf#L39) | Network interfaces configuration. | list(object({…})) | ✓ | | | [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | -| [enable_health_checks](variables.tf#L33) | Configures routing to enable responses to health check probes. | bool | | false | -| [files](variables.tf#L23) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [enable_health_checks](variables.tf#L23) | Configures routing to enable responses to health check probes. | bool | | false | +| [files](variables.tf#L29) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | diff --git a/modules/cloud-config-container/simple-nva/variables.tf b/modules/cloud-config-container/simple-nva/variables.tf index 3c2ebfcb..39d96d91 100644 --- a/modules/cloud-config-container/simple-nva/variables.tf +++ b/modules/cloud-config-container/simple-nva/variables.tf @@ -20,6 +20,12 @@ variable "cloud_config" { default = null } +variable "enable_health_checks" { + description = "Configures routing to enable responses to health check probes." + type = bool + default = false +} + variable "files" { description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." type = map(object({ @@ -30,12 +36,6 @@ variable "files" { default = {} } -variable "enable_health_checks" { - description = "Configures routing to enable responses to health check probes." - type = bool - default = false -} - variable "network_interfaces" { description = "Network interfaces configuration." type = list(object({ diff --git a/modules/cloud-config-container/squid/README.md b/modules/cloud-config-container/squid/README.md index b28fe72a..1c866b25 100644 --- a/modules/cloud-config-container/squid/README.md +++ b/modules/cloud-config-container/squid/README.md @@ -64,15 +64,15 @@ module "cos-squid" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [allow](variables.tf#L57) | List of domains Squid will allow connections to. | list(string) | | [] | -| [clients](variables.tf#L69) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] | -| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | -| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} | -| [default_action](variables.tf#L75) | Default action for domains not matching neither the allow or deny lists. | string | | "deny" | -| [deny](variables.tf#L63) | List of domains Squid will deny connections to. | list(string) | | [] | -| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} | -| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| [squid_config](variables.tf#L29) | Squid configuration path, if null default will be used. | string | | null | +| [allow](variables.tf#L18) | List of domains Squid will allow connections to. | list(string) | | [] | +| [clients](variables.tf#L24) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] | +| [cloud_config](variables.tf#L30) | Cloud config template path. If null default will be used. | string | | null | +| [config_variables](variables.tf#L36) | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} | +| [default_action](variables.tf#L42) | Default action for domains not matching neither the allow or deny lists. | string | | "deny" | +| [deny](variables.tf#L52) | List of domains Squid will deny connections to. | list(string) | | [] | +| [file_defaults](variables.tf#L58) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L70) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [squid_config](variables.tf#L80) | Squid configuration path, if null default will be used. | string | | null | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | diff --git a/modules/cloud-config-container/squid/variables.tf b/modules/cloud-config-container/squid/variables.tf index 8bf1ee2f..b7708821 100644 --- a/modules/cloud-config-container/squid/variables.tf +++ b/modules/cloud-config-container/squid/variables.tf @@ -55,16 +55,6 @@ variable "deny" { default = [] } -variable "files" { - description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." - type = map(object({ - content = string - owner = string - permissions = string - })) - default = {} -} - variable "file_defaults" { description = "Default owner and permissions for files." type = object({ @@ -77,6 +67,16 @@ variable "file_defaults" { } } +variable "files" { + description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." + type = map(object({ + content = string + owner = string + permissions = string + })) + default = {} +} + variable "squid_config" { description = "Squid configuration path, if null default will be used." type = string diff --git a/modules/net-ilb-l7/README.md b/modules/net-ilb-l7/README.md index bdce663c..d7847fdb 100644 --- a/modules/net-ilb-l7/README.md +++ b/modules/net-ilb-l7/README.md @@ -591,7 +591,7 @@ output | | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [name](variables.tf#L54) | Load balancer name. | string | ✓ | | -| [project_id](variables.tf#L126) | Project id. | string | ✓ | | +| [project_id](variables.tf#L132) | Project id. | string | ✓ | | | [region](variables.tf#L150) | The region where to allocate the ILB resources. | string | ✓ | | | [vpc_config](variables.tf#L177) | VPC-level configuration. | object({…}) | ✓ | | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | @@ -603,7 +603,7 @@ output | | [labels](variables.tf#L48) | Labels set on resources. | map(string) | | {} | | [neg_configs](variables.tf#L59) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | | [network_tier_premium](variables.tf#L119) | Use premium network tier. Defaults to true. | bool | | true | -| [ports](variables.tf#L131) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string) | | null | +| [ports](variables.tf#L126) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string) | | null | | [protocol](variables.tf#L137) | Protocol supported by this load balancer. | string | | "HTTP" | | [service_directory_registration](variables.tf#L155) | Service directory namespace and service used to register this load balancer. | object({…}) | | null | | [ssl_certificates](variables.tf#L164) | SSL target proxy certificates (only if protocol is HTTPS). | object({…}) | | {} | diff --git a/modules/net-ilb-l7/variables.tf b/modules/net-ilb-l7/variables.tf index 58048c9e..0577ddf6 100644 --- a/modules/net-ilb-l7/variables.tf +++ b/modules/net-ilb-l7/variables.tf @@ -123,17 +123,17 @@ variable "network_tier_premium" { nullable = false } -variable "project_id" { - description = "Project id." - type = string -} - variable "ports" { description = "Optional ports for HTTP load balancer, valid ports are 80 and 8080." type = list(string) default = null } +variable "project_id" { + description = "Project id." + type = string +} + variable "protocol" { description = "Protocol supported by this load balancer." type = string diff --git a/tools/check_documentation.py b/tools/check_documentation.py index 7a43ea15..1543dd61 100755 --- a/tools/check_documentation.py +++ b/tools/check_documentation.py @@ -52,7 +52,10 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): try: new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra, exclude_files, readme) - variables = [v.name for v in new_doc.variables] + # TODO: support variables in multiple files + variables = [ + v.name for v in new_doc.variables if v.file == "variables.tf" + ] outputs = [v.name for v in new_doc.outputs] except SystemExit: state = state.SKIP