+
+
+
string | ✓ | |
| project_id | Id of the project where datasets will be created. | string | ✓ | |
-| *access* | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | map(object({...})) | | ... |
+| *access* | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | map(object({...})) | | ... |
| *access_identities* | Map of access identities used for basic access roles. View identities have the format 'project_id|dataset_id|table_id'. | map(string) | | {} |
| *dataset_access* | Set access in the dataset resource instead of using separate resources. | bool | | false |
| *description* | Optional description. | string | | Terraform managed. |
diff --git a/modules/bigquery-dataset/main.tf b/modules/bigquery-dataset/main.tf
index 9b6b5aa3..24f72a23 100644
--- a/modules/bigquery-dataset/main.tf
+++ b/modules/bigquery-dataset/main.tf
@@ -209,5 +209,4 @@ resource "google_bigquery_table" "views" {
query = each.value.query
use_legacy_sql = each.value.use_legacy_sql
}
-
}
diff --git a/modules/bigquery-dataset/variables.tf b/modules/bigquery-dataset/variables.tf
index fdba664e..cadf5aeb 100644
--- a/modules/bigquery-dataset/variables.tf
+++ b/modules/bigquery-dataset/variables.tf
@@ -21,13 +21,6 @@ variable "access" {
type = string
}))
default = {}
- validation {
- condition = can([
- for k, v in var.access :
- index(["OWNER", "READER", "WRITER"], v.role)
- ])
- error_message = "Access role must be one of 'OWNER', 'READER', 'WRITER'."
- }
validation {
condition = can([
for k, v in var.access :
diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf
index 5d3fe0b6..1cc6bf89 100644
--- a/modules/bigquery-dataset/versions.tf
+++ b/modules/bigquery-dataset/versions.tf
@@ -1,23 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.58"
- google-beta = ">= 3.58"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/bigtable-instance/versions.tf
+++ b/modules/bigtable-instance/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/billing-budget/versions.tf b/modules/billing-budget/versions.tf
index 968f411e..1cc6bf89 100644
--- a/modules/billing-budget/versions.tf
+++ b/modules/billing-budget/versions.tf
@@ -1,23 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.79.0"
- google-beta = ">= 3.79.0"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/coredns/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/mysql/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/nginx/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-config-container/onprem/versions.tf b/modules/cloud-config-container/onprem/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/onprem/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-config-container/squid/versions.tf b/modules/cloud-config-container/squid/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloud-config-container/squid/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/cloud-function/README.md b/modules/cloud-function/README.md
index 935c58ae..5c6733e5 100644
--- a/modules/cloud-function/README.md
+++ b/modules/cloud-function/README.md
@@ -21,8 +21,9 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
- source_dir = "my-cf-source-folder"
+ source_dir = "my-cf-source-folder"
output_path = "bundle.zip"
+ excludes = null
}
}
# tftest:skip
@@ -39,8 +40,9 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
- source_dir = "my-cf-source-folder"
+ source_dir = "my-cf-source-folder"
output_path = "bundle.zip"
+ excludes = null
}
trigger_config = {
event = "google.pubsub.topic.publish"
@@ -62,8 +64,9 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
- source_dir = "my-cf-source-folder"
+ source_dir = "my-cf-source-folder"
output_path = "bundle.zip"
+ excludes = null
}
iam = {
"roles/cloudfunctions.invoker" = ["allUsers"]
@@ -87,8 +90,9 @@ module "cf-http" {
lifecycle_delete_age = 1
}
bundle_config = {
- source_dir = "my-cf-source-folder"
+ source_dir = "my-cf-source-folder"
output_path = "bundle.zip"
+ excludes = null
}
}
# tftest:skip
@@ -105,8 +109,9 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
- source_dir = "my-cf-source-folder"
+ source_dir = "my-cf-source-folder"
output_path = "bundle.zip"
+ excludes = null
}
service_account_create = true
}
@@ -122,21 +127,41 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
- source_dir = "my-cf-source-folder"
+ source_dir = "my-cf-source-folder"
output_path = "bundle.zip"
+ excludes = null
}
service_account = local.service_account_email
}
# tftest:skip
```
+### Custom bundle config
+
+In order to help prevent `archive_zip.output_md5` from changing cross platform (e.g. Cloud Build vs your local development environment), you'll have to make sure that the files included in the zip are always the same.
+
+```hcl
+module "cf-http" {
+ source = "./modules/cloud-function"
+ project_id = "my-project"
+ name = "test-cf-http"
+ bucket_name = "test-cf-bundles"
+ bundle_config = {
+ source_dir = "my-cf-source-folder"
+ output_path = "bundle.zip"
+ excludes = ["__pycache__"]
+ }
+}
+# tftest:skip
+```
+
## Variables
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| bucket_name | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | string | ✓ | |
-| bundle_config | Cloud function source folder and generated zip bundle paths. Output path defaults to '/tmp/bundle.zip' if null. | object({...}) | ✓ | |
+| bundle_config | Cloud function source folder and generated zip bundle paths. Output path defaults to '/tmp/bundle.zip' if null. | object({...}) | ✓ | |
| name | Name used for cloud function and associated resources. | string | ✓ | |
| project_id | Project id used for all resources. | string | ✓ | |
| *bucket_config* | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({...}) | | null |
diff --git a/modules/cloud-function/main.tf b/modules/cloud-function/main.tf
index de04f228..65201531 100644
--- a/modules/cloud-function/main.tf
+++ b/modules/cloud-function/main.tf
@@ -137,6 +137,8 @@ data "archive_file" "bundle" {
? "/tmp/bundle.zip"
: var.bundle_config.output_path
)
+ output_file_mode = "0666"
+ excludes = var.bundle_config.excludes
}
resource "google_service_account" "service_account" {
diff --git a/modules/cloud-function/variables.tf b/modules/cloud-function/variables.tf
index 05c57e36..351859b3 100644
--- a/modules/cloud-function/variables.tf
+++ b/modules/cloud-function/variables.tf
@@ -33,6 +33,7 @@ variable "bundle_config" {
type = object({
source_dir = string
output_path = string
+ excludes = list(string)
})
}
diff --git a/modules/cloud-function/versions.tf b/modules/cloud-function/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/cloud-function/versions.tf
+++ b/modules/cloud-function/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf
index dd3b9171..1cc6bf89 100644
--- a/modules/cloud-identity-group/versions.tf
+++ b/modules/cloud-identity-group/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.49"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/cloud-run/README.md b/modules/cloud-run/README.md
new file mode 100644
index 00000000..cab35e19
--- /dev/null
+++ b/modules/cloud-run/README.md
@@ -0,0 +1,243 @@
+# Cloud Run Module
+
+Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
+
+## Examples
+
+### Environment variables
+
+This deploys a Cloud Run service and sets some environment variables.
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = {
+ command = null
+ args = null
+ env = {
+ "VAR1": "VALUE1",
+ "VAR2": "VALUE2",
+ }
+ env_from = null
+ }
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+}
+# tftest:modules=1:resources=1
+```
+
+### Environment variables (value read from secret)
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = {
+ command = null
+ args = null
+ env = null
+ env_from = {
+ "CREDENTIALS": {
+ name = "credentials"
+ key = "1"
+ }
+ }
+ }
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+}
+# tftest:modules=1:resources=1
+```
+
+### Secret mounted as volume
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = var.project_id
+ name = "hello"
+ region = var.region
+ revision_name = "green"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = {
+ "credentials": "/credentials"
+ }
+ }]
+ volumes = [
+ {
+ name = "credentials"
+ secret_name = "credentials"
+ items = [{
+ key = "1"
+ path = "v1.txt"
+ }]
+ }
+ ]
+}
+# tftest:modules=1:resources=1
+```
+
+### Traffic split
+
+This deploys a Cloud Run service with traffic split between two revisions.
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ revision_name = "green"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+ traffic = {
+ "blue" = 25
+ "green" = 75
+ }
+}
+# tftest:modules=1:resources=1
+```
+
+### Eventarc trigger (Pub/Sub)
+
+This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+ pubsub_triggers = [
+ "topic1",
+ "topic2"
+ ]
+}
+# tftest:modules=1:resources=3
+```
+
+### Eventarc trigger (Audit logs)
+
+This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+ audit_log_triggers = [
+ {
+ service_name = "cloudresourcemanager.googleapis.com"
+ method_name = "SetIamPolicy"
+ }
+ ]
+}
+# tftest:modules=1:resources=2
+```
+
+### Service account management
+
+To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` value (default).
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+ service_account_create = true
+}
+# tftest:modules=1:resources=2
+```
+
+To use an externally managed service account, pass its email in `service_account` and leave `service_account_create` to `false` (the default).
+
+```hcl
+module "cloud_run" {
+ source = "./modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+ service_account = "cloud-run@my-project.iam.gserviceaccount.com"
+}
+# tftest:modules=1:resources=1
+```
+
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| containers | Containers | list(object({...})) | ✓ | |
+| name | Name used for cloud run service | string | ✓ | |
+| project_id | Project id used for all resources. | string | ✓ | |
+| *audit_log_triggers* | Event arc triggers (Audit log) | list(object({...})) | | null |
+| *iam* | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| *ingress_settings* | Ingress settings | string | | null |
+| *labels* | Resource labels | map(string) | | {} |
+| *prefix* | Optional prefix used for resource names. | string | | null |
+| *pubsub_triggers* | Eventarc triggers (Pub/Sub) | list(string) | | null |
+| *region* | Region used for all resources. | string | | europe-west1 |
+| *revision_name* | Revision name | string | | null |
+| *service_account* | Service account email. Unused if service account is auto-created. | string | | null |
+| *service_account_create* | Auto-create service account. | bool | | false |
+| *traffic* | Traffic | map(number) | | null |
+| *volumes* | Volumes | list(object({...})) | | null |
+| *vpc_connector* | VPC connector configuration. Set create to 'true' if a new connecto needs to be created | object({...}) | | null |
+| *vpc_connector_config* | VPC connector network configuration. Must be provided if new VPC connector is being created | object({...}) | | null |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| service | Cloud Run service | |
+| service_account | Service account resource. | |
+| service_account_email | Service account email. | |
+| service_account_iam_email | Service account email. | |
+| service_name | Cloud Run service name | |
+| vpc_connector | VPC connector resource if created. | |
+
diff --git a/modules/cloud-run/main.tf b/modules/cloud-run/main.tf
new file mode 100644
index 00000000..083e411f
--- /dev/null
+++ b/modules/cloud-run/main.tf
@@ -0,0 +1,212 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ prefix = var.prefix == null ? "" : "${var.prefix}-"
+ service_account_email = (
+ var.service_account_create
+ ? (
+ length(google_service_account.service_account) > 0
+ ? google_service_account.service_account[0].email
+ : null
+ )
+ : var.service_account
+ )
+
+ annotations = merge(var.ingress_settings == null ? {} : { "run.googleapis.com/ingress" = var.ingress_settings },
+ var.vpc_connector == null
+ ? {}
+ : try(var.vpc_connector.create, false)
+ ? { "run.googleapis.com/vpc-access-connector" = var.vpc_connector.name }
+ : { "run.googleapis.com/vpc-access-connector" = google_vpc_access_connector.connector.0.id }
+ ,
+ try(var.vpc_connector.egress_settings, null) == null
+ ? {}
+ : { "run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings })
+}
+
+resource "google_vpc_access_connector" "connector" {
+ count = try(var.vpc_connector.create, false) == false ? 0 : 1
+ project = var.project_id
+ name = var.vpc_connector.name
+ region = var.region
+ ip_cidr_range = var.vpc_connector_config.ip_cidr_range
+ network = var.vpc_connector_config.network
+}
+
+resource "google_cloud_run_service" "service" {
+ provider = google-beta
+ project = var.project_id
+ location = var.region
+ name = "${local.prefix}${var.name}"
+
+ template {
+ spec {
+ dynamic "containers" {
+ for_each = var.containers == null ? {} : { for i, container in var.containers : i => container }
+ content {
+ image = containers.value["image"]
+ command = try(containers.value["options"]["command"], null)
+ args = try(containers.value["options"]["args"], null)
+ dynamic "env" {
+ for_each = try(containers.value["options"]["env"], null) == null ? {} : containers.value["options"]["env"]
+ content {
+ name = env.key
+ value = env.value
+ }
+ }
+ dynamic "env" {
+ for_each = try(containers.value["options"]["env_from"], null) == null ? {} : containers.value["options"]["env_from"]
+ content {
+ name = env.key
+ value_from {
+ secret_key_ref {
+ name = env.value["name"]
+ key = env.value["key"]
+ }
+ }
+ }
+ }
+ dynamic "ports" {
+ for_each = containers.value["ports"] == null ? {} : { for port in containers.value["ports"] : "${port.name}-${port.container_port}" => port }
+ content {
+ name = ports.value["name"]
+ protocol = ports.value["protocol"]
+ container_port = ports.value["container_port"]
+ }
+ }
+ dynamic "resources" {
+ for_each = containers.value["resources"] == null ? [] : [""]
+ content {
+ limits = containers.value["resources"]["limits"]
+ requests = containers.value["resources"]["requests"]
+ }
+ }
+ dynamic "volume_mounts" {
+ for_each = containers.value["volume_mounts"] == null ? {} : containers.value["volume_mounts"]
+ content {
+ name = volume_mounts.key
+ mount_path = volume_mounts.value
+ }
+ }
+ }
+ }
+ service_account_name = local.service_account_email
+ dynamic "volumes" {
+ for_each = var.volumes == null ? [] : var.volumes
+ content {
+ name = volumes.value["name"]
+ secret {
+ secret_name = volumes.value["secret_name"]
+ dynamic "items" {
+ for_each = volumes.value["items"] == null ? [] : volumes.value["items"]
+ content {
+ key = items.value["key"]
+ path = items.value["path"]
+ }
+ }
+ }
+ }
+ }
+ }
+ dynamic "metadata" {
+ for_each = var.revision_name == null ? [] : [""]
+ content {
+ name = "${var.name}-${var.revision_name}"
+ }
+ }
+ }
+
+
+ metadata {
+ annotations = local.annotations
+ }
+
+ dynamic "traffic" {
+ for_each = var.traffic == null ? {} : var.traffic
+ content {
+ percent = traffic.value
+ revision_name = "${var.name}-${traffic.key}"
+ }
+ }
+
+}
+
+resource "google_cloud_run_service_iam_binding" "binding" {
+ for_each = var.iam
+ project = google_cloud_run_service.service.project
+ location = google_cloud_run_service.service.location
+ service = google_cloud_run_service.service.name
+ role = each.key
+ members = each.value
+}
+
+resource "google_service_account" "service_account" {
+ count = var.service_account_create ? 1 : 0
+ project = var.project_id
+ account_id = "tf-cr-${var.name}"
+ display_name = "Terraform Cloud Run ${var.name}."
+}
+
+resource "google_eventarc_trigger" "audit_log_triggers" {
+ for_each = var.audit_log_triggers == null ? {} : { for trigger in var.audit_log_triggers : "${trigger.service_name}-${trigger.method_name}" => trigger }
+ name = "${local.prefix}${each.key}-audit-log-trigger"
+ location = google_cloud_run_service.service.location
+ project = google_cloud_run_service.service.project
+ matching_criteria {
+ attribute = "type"
+ value = "google.cloud.audit.log.v1.written"
+ }
+ matching_criteria {
+ attribute = "serviceName"
+ value = each.value["service_name"]
+ }
+ matching_criteria {
+ attribute = "methodName"
+ value = each.value["method_name"]
+ }
+ destination {
+ cloud_run_service {
+ service = google_cloud_run_service.service.name
+ region = google_cloud_run_service.service.location
+ }
+ }
+}
+
+resource "google_eventarc_trigger" "pubsub_triggers" {
+ for_each = var.pubsub_triggers == null ? [] : toset(var.pubsub_triggers)
+ name = each.value == "" ? "${local.prefix}default-pubsub-trigger" : "${local.prefix}${each.value}-pubsub-trigger"
+ location = google_cloud_run_service.service.location
+ project = google_cloud_run_service.service.project
+ matching_criteria {
+ attribute = "type"
+ value = "google.cloud.pubsub.topic.v1.messagePublished"
+ }
+ dynamic "transport" {
+ for_each = each.value == null ? [] : [""]
+ content {
+ pubsub {
+ topic = each.value
+ }
+ }
+ }
+ destination {
+ cloud_run_service {
+ service = google_cloud_run_service.service.name
+ region = google_cloud_run_service.service.location
+ }
+ }
+}
diff --git a/modules/cloud-run/outputs.tf b/modules/cloud-run/outputs.tf
new file mode 100644
index 00000000..4caaef0e
--- /dev/null
+++ b/modules/cloud-run/outputs.tf
@@ -0,0 +1,50 @@
+
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "service" {
+ description = "Cloud Run service"
+ value = google_cloud_run_service.service
+}
+
+output "service_account" {
+ description = "Service account resource."
+ value = try(google_service_account.service_account[0], null)
+}
+
+output "service_account_email" {
+ description = "Service account email."
+ value = local.service_account_email
+}
+
+output "service_account_iam_email" {
+ description = "Service account email."
+ value = join("", [
+ "serviceAccount:",
+ local.service_account_email == null ? "" : local.service_account_email
+ ])
+}
+
+output "service_name" {
+ description = "Cloud Run service name"
+ value = google_cloud_run_service.service.name
+}
+
+
+output "vpc_connector" {
+ description = "VPC connector resource if created."
+ value = try(google_vpc_access_connector.connector.0.id, null)
+}
\ No newline at end of file
diff --git a/modules/cloud-run/variables.tf b/modules/cloud-run/variables.tf
new file mode 100644
index 00000000..c2f73eb6
--- /dev/null
+++ b/modules/cloud-run/variables.tf
@@ -0,0 +1,159 @@
+
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "audit_log_triggers" {
+ description = "Event arc triggers (Audit log)"
+ type = list(object({
+ service_name = string
+ method_name = string
+ }))
+ default = null
+}
+
+variable "containers" {
+ description = "Containers"
+ type = list(object({
+ image = string
+ options = object({
+ command = list(string)
+ args = list(string)
+ env = map(string)
+ env_from = map(object({
+ key = string
+ name = string
+ }))
+ })
+ resources = object({
+ limits = object({
+ cpu = string
+ memory = string
+ })
+ requests = object({
+ cpu = string
+ memory = string
+ })
+ })
+ ports = list(object({
+ name = string
+ protocol = string
+ container_port = string
+ }))
+ volume_mounts = map(string)
+ }))
+}
+
+variable "iam" {
+ description = "IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format."
+ type = map(list(string))
+ default = {}
+}
+
+variable "ingress_settings" {
+ description = "Ingress settings"
+ type = string
+ default = null
+}
+
+variable "labels" {
+ description = "Resource labels"
+ type = map(string)
+ default = {}
+}
+
+variable "name" {
+ description = "Name used for cloud run service"
+ type = string
+}
+
+variable "prefix" {
+ description = "Optional prefix used for resource names."
+ type = string
+ default = null
+}
+
+variable "project_id" {
+ description = "Project id used for all resources."
+ type = string
+}
+
+variable "pubsub_triggers" {
+ description = "Eventarc triggers (Pub/Sub)"
+ type = list(string)
+ default = null
+}
+
+variable "region" {
+ description = "Region used for all resources."
+ type = string
+ default = "europe-west1"
+}
+
+variable "revision_name" {
+ description = "Revision name"
+ type = string
+ default = null
+}
+
+variable "service_account" {
+ description = "Service account email. Unused if service account is auto-created."
+ type = string
+ default = null
+}
+
+variable "service_account_create" {
+ description = "Auto-create service account."
+ type = bool
+ default = false
+}
+
+variable "traffic" {
+ description = "Traffic"
+ type = map(number)
+ default = null
+}
+
+variable "volumes" {
+ description = "Volumes"
+ type = list(object({
+ name = string
+ secret_name = string
+ items = list(object({
+ key = string
+ path = string
+ }))
+ }))
+ default = null
+}
+
+variable "vpc_connector" {
+ description = "VPC connector configuration. Set create to 'true' if a new connecto needs to be created"
+ type = object({
+ create = bool
+ name = string
+ egress_settings = string
+ })
+ default = null
+}
+
+variable "vpc_connector_config" {
+ description = "VPC connector network configuration. Must be provided if new VPC connector is being created"
+ type = object({
+ ip_cidr_range = string
+ network = string
+ })
+ default = null
+}
diff --git a/foundations/business-units/providers.tf b/modules/cloud-run/versions.tf
similarity index 92%
rename from foundations/business-units/providers.tf
rename to modules/cloud-run/versions.tf
index 7ef77e12..72cab149 100644
--- a/foundations/business-units/providers.tf
+++ b/modules/cloud-run/versions.tf
@@ -1,3 +1,4 @@
+
/**
* Copyright 2021 Google LLC
*
@@ -14,4 +15,6 @@
* limitations under the License.
*/
-provider "google" {}
+terraform {
+ required_version = ">= 0.12.6"
+}
\ No newline at end of file
diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/cloudsql-instance/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/compute-mig/README.md b/modules/compute-mig/README.md
index 46f11e87..4293604e 100644
--- a/modules/compute-mig/README.md
+++ b/modules/compute-mig/README.md
@@ -24,7 +24,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -71,7 +70,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -125,7 +123,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link,
nat = false,
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -182,7 +179,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -235,7 +231,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf
index 82a5a565..1cc6bf89 100644
--- a/modules/compute-mig/versions.tf
+++ b/modules/compute-mig/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
required_providers {
- google-beta = ">= 3.54.0"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md
index e0212328..c85ca71f 100644
--- a/modules/compute-vm/README.md
+++ b/modules/compute-vm/README.md
@@ -24,7 +24,6 @@ module "simple-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
service_account_create = true
}
@@ -54,7 +53,6 @@ module "simple-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
attached_disks = [{
name = "repd-1"
@@ -85,7 +83,6 @@ module "simple-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
attached_disks = [{
name = "repd"
@@ -119,7 +116,6 @@ module "kms-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
attached_disks = [
{
@@ -147,23 +143,80 @@ module "kms-vm-example" {
### Using Alias IPs
-This example shows how add additional [Alias IPs](https://cloud.google.com/vpc/docs/alias-ip) to your VM.
+This example shows how to add additional [Alias IPs](https://cloud.google.com/vpc/docs/alias-ip) to your VM.
```hcl
module "vm-with-alias-ips" {
source = "./modules/compute-vm"
project_id = "my-project"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = {
- alias1 = "10.16.0.10/32"
- }
}]
+ network_interface_options = {
+ 0 = {
+ alias_ips = {
+ alias1 = "10.16.0.10/32"
+ }
+ nic_type = null
+ }
+ }
+ service_account_create = true
+}
+# tftest:modules=1:resources=2
+```
+
+### Using gVNIC
+
+This example shows how to enable [gVNIC](https://cloud.google.com/compute/docs/networking/using-gvnic) on your VM by customizing a `cos` image. Given that gVNIC needs to be enabled as an instance configuration and as a guest os configuration, you'll need to supply a bootable disk with `guest_os_features=GVNIC`. `SEV_CAPABLE`, `UEFI_COMPATIBLE` and `VIRTIO_SCSI_MULTIQUEUE` are enabled implicitly in the `cos`, `rhel`, `centos` and other images.
+
+```hcl
+
+resource "google_compute_image" "cos-gvnic" {
+ project = "my-project"
+ name = "my-image"
+ source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-89-16108-534-18"
+
+ guest_os_features {
+ type = "GVNIC"
+ }
+ guest_os_features {
+ type = "SEV_CAPABLE"
+ }
+ guest_os_features {
+ type = "UEFI_COMPATIBLE"
+ }
+ guest_os_features {
+ type = "VIRTIO_SCSI_MULTIQUEUE"
+ }
+}
+
+module "vm-with-gvnic" {
+ source = "./modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west1-b"
+ name = "test"
+ boot_disk = {
+ image = google_compute_image.cos-gvnic.self_link
+ type = "pd-ssd"
+ size = 10
+ }
+ network_interfaces = [{
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ nat = false
+ addresses = null
+ }]
+ network_interface_options = {
+ 0 = {
+ alias_ips = null
+ nic_type = "GVNIC"
+ }
+ }
service_account_create = true
}
# tftest:modules=1:resources=2
@@ -184,7 +237,6 @@ module "cos-test" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -225,7 +277,6 @@ module "instance-group" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -248,7 +299,7 @@ module "instance-group" {
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| name | Instance name. | string | ✓ | |
-| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed. | list(object({...})) | ✓ | |
+| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({...})) | ✓ | |
| project_id | Project id. | string | ✓ | |
| zone | Compute zone. | string | ✓ | |
| *attached_disk_defaults* | Defaults for attached disks options. | object({...}) | | ... |
@@ -268,6 +319,7 @@ module "instance-group" {
| *labels* | Instance labels. | map(string) | | {} |
| *metadata* | Instance metadata. | map(string) | | {} |
| *min_cpu_platform* | Minimum CPU platform. | string | | null |
+| *network_interface_options* | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({...})) | | {} |
| *options* | Instance options. | object({...}) | | ... |
| *scratch_disks* | Scratch disks configuration. | object({...}) | | ... |
| *service_account* | Service account email. Unused if service account is auto-created. | string | | null |
diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf
index 1f5866ec..94f8d0a1 100644
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -60,6 +60,13 @@ locals {
]
)
)
+
+ network_interface_options = {
+ for i, v in var.network_interfaces : i => lookup(var.network_interface_options, i, {
+ alias_ips = null,
+ nic_type = null
+ })
+ }
}
resource "google_compute_disk" "disks" {
@@ -193,13 +200,14 @@ resource "google_compute_instance" "default" {
}
}
dynamic "alias_ip_range" {
- for_each = config.value.alias_ips != null ? config.value.alias_ips : {}
+ for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {}
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
+ nic_type = local.network_interface_options[config.key].nic_type
}
}
@@ -318,13 +326,14 @@ resource "google_compute_instance_template" "default" {
}
}
dynamic "alias_ip_range" {
- for_each = config.value.alias_ips != null ? config.value.alias_ips : {}
+ for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {}
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
+ nic_type = local.network_interface_options[config.key].nic_type
}
}
diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf
index 00b59c06..9a27cd98 100644
--- a/modules/compute-vm/variables.tf
+++ b/modules/compute-vm/variables.tf
@@ -162,8 +162,17 @@ variable "name" {
type = string
}
+variable "network_interface_options" {
+ description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them."
+ type = map(object({
+ alias_ips = map(string)
+ nic_type = string
+ }))
+ default = {}
+}
+
variable "network_interfaces" {
- description = "Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed."
+ description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed."
type = list(object({
nat = bool
network = string
@@ -172,7 +181,6 @@ variable "network_interfaces" {
internal = string
external = string
})
- alias_ips = map(string)
}))
}
diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/compute-vm/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/container-registry/versions.tf
+++ b/modules/container-registry/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/datafusion/README.md b/modules/datafusion/README.md
index f27a38d1..417d4de4 100644
--- a/modules/datafusion/README.md
+++ b/modules/datafusion/README.md
@@ -1,6 +1,6 @@
# Google Cloud Data Fusion Module
-This module allows simple management of ['Google Data Fusion'](https://cloud.google.com/data-fusion) instances. It supports creating Basic or Enterprise, public or private instances.
+This module allows simple management of ['Google Data Fusion'](https://cloud.google.com/data-fusion) instances. It supports creating Basic or Enterprise, public or private instances.
## Examples
@@ -8,13 +8,15 @@ This module allows simple management of ['Google Data Fusion'](https://cloud.goo
```hcl
module "datafusion" {
- source = "./modules/datafusion"
- name = "my-datafusion"
- region = "europe-west1"
- project_id = "my-project"
- network = "my-network-name"
+ source = "./modules/datafusion"
+ name = "my-datafusion"
+ region = "europe-west1"
+ project_id = "my-project"
+ network = "my-network-name"
+ # TODO: remove the following line
+ firewall_create = false
}
-# tftest:modules=1:resources=4
+# tftest:modules=1:resources=3
```
### Externally managed IP allocation
diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/datafusion/versions.tf
+++ b/modules/datafusion/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf
index 4d55aa48..1cc6bf89 100644
--- a/modules/dns/versions.tf
+++ b/modules/dns/versions.tf
@@ -1,23 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.10"
- google-beta = ">= 3.20"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/endpoints/versions.tf
+++ b/modules/endpoints/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf
index afdb46a0..1cc6bf89 100644
--- a/modules/folder/versions.tf
+++ b/modules/folder/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.57"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/folders-unit/versions.tf b/modules/folders-unit/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/folders-unit/versions.tf
+++ b/modules/folders-unit/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index 04491e43..19e2441d 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -114,6 +114,9 @@ resource "google_storage_notification" "notification" {
topic = google_pubsub_topic.topic[0].id
event_types = var.notification_config.event_types
custom_attributes = var.notification_config.custom_attributes
+
+ depends_on = [google_pubsub_topic_iam_binding.binding]
+
}
resource "google_pubsub_topic_iam_binding" "binding" {
count = local.notification ? 1 : 0
diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf
index aac1e5f9..1cc6bf89 100644
--- a/modules/gcs/versions.tf
+++ b/modules/gcs/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index 54ddb9c6..26641338 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -59,8 +59,11 @@ resource "google_container_cluster" "cluster" {
# TODO(ludomagno): compute addons map in locals and use a single dynamic block
addons_config {
- dns_cache_config {
- enabled = var.addons.dns_cache_config
+ dynamic "dns_cache_config" {
+ for_each = var.enable_autopilot ? [] : [""]
+ content {
+ enabled = var.addons.dns_cache_config
+ }
}
http_load_balancing {
disabled = !var.addons.http_load_balancing
@@ -247,7 +250,7 @@ resource "google_container_cluster" "cluster" {
dynamic "workload_identity_config" {
for_each = var.workload_identity && !var.enable_autopilot ? [""] : []
content {
- identity_namespace = "${var.project_id}.svc.id.goog"
+ workload_pool = "${var.project_id}.svc.id.goog"
}
}
diff --git a/modules/gke-cluster/versions.tf b/modules/gke-cluster/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/gke-cluster/versions.tf
+++ b/modules/gke-cluster/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/gke-nodepool/versions.tf
+++ b/modules/gke-nodepool/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/iam-service-account/main.tf b/modules/iam-service-account/main.tf
index c934214f..244f182e 100644
--- a/modules/iam-service-account/main.tf
+++ b/modules/iam-service-account/main.tf
@@ -59,7 +59,7 @@ locals {
prefix = var.prefix != null ? "${var.prefix}-" : ""
resource_email_static = "${local.prefix}${var.name}@${var.project_id}.iam.gserviceaccount.com"
resource_iam_email_static = "serviceAccount:${local.resource_email_static}"
- resource_iam_email = "serviceAccount:${local.service_account.email}"
+ resource_iam_email = local.service_account != null ? "serviceAccount:${local.service_account.email}" : local.resource_iam_email_static
service_account = (
var.service_account_create
? try(google_service_account.service_account.0, null)
diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/iam-service-account/versions.tf
+++ b/modules/iam-service-account/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/kms/README.md b/modules/kms/README.md
index ba18449e..43618e32 100644
--- a/modules/kms/README.md
+++ b/modules/kms/README.md
@@ -86,10 +86,10 @@ module "kms" {
| name | description | sensitive |
|---|---|:---:|
-| key_self_links | Key self links. | |
+| id | Keyring self link. | |
+| key_ids | Key self links. | |
| keyring | Keyring resource. | |
| keys | Key resources. | |
| location | Keyring location. | |
| name | Keyring name. | |
-| self_link | Keyring self link. | |
diff --git a/modules/kms/main.tf b/modules/kms/main.tf
index 62ed33c5..7708a5cb 100644
--- a/modules/kms/main.tf
+++ b/modules/kms/main.tf
@@ -52,14 +52,14 @@ resource "google_kms_key_ring" "default" {
resource "google_kms_key_ring_iam_binding" "default" {
for_each = var.iam
- key_ring_id = local.keyring.self_link
+ key_ring_id = local.keyring.id
role = each.key
members = each.value
}
resource "google_kms_crypto_key" "default" {
for_each = var.keys
- key_ring = local.keyring.self_link
+ key_ring = local.keyring.id
name = each.key
rotation_period = try(each.value.rotation_period, null)
labels = try(each.value.labels, null)
@@ -79,6 +79,6 @@ resource "google_kms_crypto_key_iam_binding" "default" {
"${binding.key}.${binding.role}" => binding
}
role = each.value.role
- crypto_key_id = google_kms_crypto_key.default[each.value.key].self_link
+ crypto_key_id = google_kms_crypto_key.default[each.value.key].id
members = each.value.members
}
diff --git a/modules/kms/outputs.tf b/modules/kms/outputs.tf
index 7bfbcc48..917d7b32 100644
--- a/modules/kms/outputs.tf
+++ b/modules/kms/outputs.tf
@@ -14,12 +14,19 @@
* limitations under the License.
*/
+output "id" {
+ description = "Keyring self link."
+ value = local.keyring.id
+ depends_on = [
+ google_kms_key_ring_iam_binding.default
+ ]
+}
-output "key_self_links" {
+output "key_ids" {
description = "Key self links."
value = {
for name, resource in google_kms_crypto_key.default :
- name => resource.self_link
+ name => resource.id
}
depends_on = [
google_kms_crypto_key_iam_binding.default
@@ -57,11 +64,3 @@ output "name" {
google_kms_key_ring_iam_binding.default
]
}
-
-output "self_link" {
- description = "Keyring self link."
- value = local.keyring.self_link
- depends_on = [
- google_kms_key_ring_iam_binding.default
- ]
-}
diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/kms/versions.tf
+++ b/modules/kms/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/logging-bucket/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/naming-convention/versions.tf b/modules/naming-convention/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/naming-convention/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf
index 336fe15f..1cc6bf89 100644
--- a/modules/net-address/versions.tf
+++ b/modules/net-address/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
required_providers {
- google-beta = ">= 3.40.0"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/net-cloudnat/versions.tf
+++ b/modules/net-cloudnat/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/net-ilb/README.md b/modules/net-ilb/README.md
index 8504d013..95ef9254 100644
--- a/modules/net-ilb/README.md
+++ b/modules/net-ilb/README.md
@@ -72,7 +72,6 @@ module "instance-group" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
diff --git a/modules/net-ilb/versions.tf b/modules/net-ilb/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/modules/net-ilb/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/net-interconnect-attachment-direct/versions.tf b/modules/net-interconnect-attachment-direct/versions.tf
index 897f817c..1cc6bf89 100644
--- a/modules/net-interconnect-attachment-direct/versions.tf
+++ b/modules/net-interconnect-attachment-direct/versions.tf
@@ -1,18 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
terraform {
- required_version = ">= 0.12.6"
-}
\ No newline at end of file
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/net-vpc-firewall/versions.tf
+++ b/modules/net-vpc-firewall/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/net-vpc-peering/versions.tf
+++ b/modules/net-vpc-peering/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf
index 04caecd4..1cc6bf89 100644
--- a/modules/net-vpc/versions.tf
+++ b/modules/net-vpc/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.45"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/net-vpn-dynamic/versions.tf
+++ b/modules/net-vpn-dynamic/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/net-vpn-ha/versions.tf
+++ b/modules/net-vpn-ha/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/net-vpn-static/versions.tf
+++ b/modules/net-vpn-static/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf
index f36ccf21..1cc6bf89 100644
--- a/modules/organization/versions.tf
+++ b/modules/organization/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.57"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/project/README.md b/modules/project/README.md
index 03ec1ef9..44509064 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -207,6 +207,7 @@ module "project" {
| *services* | Service APIs to enable. | list(string) | | [] |
| *shared_vpc_host_config* | Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project). | object({...}) | | ... |
| *shared_vpc_service_config* | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | object({...}) | | ... |
+| *skip_delete* | Allows the underlying resources to be destroyed without destroying the project itself. | bool | | false |
## Outputs
diff --git a/modules/project/main.tf b/modules/project/main.tf
index d52c8e87..30deaf7a 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -91,6 +91,7 @@ resource "google_project" "project" {
billing_account = var.billing_account
auto_create_network = var.auto_create_network
labels = var.labels
+ skip_delete = var.skip_delete
}
resource "google_project_iam_custom_role" "roles" {
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 157fcd69..0db91975 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -221,3 +221,9 @@ variable "shared_vpc_service_config" {
host_project = ""
}
}
+
+variable "skip_delete" {
+ description = "Allows the underlying resources to be destroyed without destroying the project itself."
+ type = bool
+ default = false
+}
diff --git a/modules/project/versions.tf b/modules/project/versions.tf
index eecb6ee4..1cc6bf89 100644
--- a/modules/project/versions.tf
+++ b/modules/project/versions.tf
@@ -1,23 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.57"
- google-beta = ">= 3.57"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/pubsub/versions.tf
+++ b/modules/pubsub/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/secret-manager/versions.tf
+++ b/modules/secret-manager/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/service-directory/versions.tf
+++ b/modules/service-directory/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf
index 7c3f279a..1cc6bf89 100644
--- a/modules/source-repository/versions.tf
+++ b/modules/source-repository/versions.tf
@@ -1,19 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf
index 2146648b..1cc6bf89 100644
--- a/modules/vpc-sc/versions.tf
+++ b/modules/vpc-sc/versions.tf
@@ -1,22 +1,29 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
required_providers {
- google = ">= 3.62"
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
}
}
+
+
diff --git a/networking/decentralized-firewall/README.md b/networking/decentralized-firewall/README.md
index 8a4c0066..d5f56e40 100644
--- a/networking/decentralized-firewall/README.md
+++ b/networking/decentralized-firewall/README.md
@@ -2,15 +2,24 @@
This sample shows how a decentralized firewall management can be organized using the [firewall-yaml](../../modules/net-vpc-firewall-yaml) module.
-This approach is a good fit when Shared VPCs are used across multiple application/infrastructure teams. A central repository keeps environment/team specific folders with firewall definitions in `yaml` format.
+This approach is a good fit when Shared VPCs are used across multiple application/infrastructure teams. A central repository keeps environment/team
+specific folders with firewall definitions in `yaml` format.
-In the current example multiple teams can define their [VPC Firewall Rules](https://cloud.google.com/vpc/docs/firewalls) for [dev](./firewall/dev) and [prod](./firewall/prod) environments using team specific subfolders. Rules defined in the [common](./firewall/common) folder are applied to both dev and prod environments.
-> **_NOTE:_** Common rules are meant to be used for situations where [hierarchical rules](https://cloud.google.com/vpc/docs/firewall-policies) do not map precisely to requirements (e.g. SA, etc.)
+In the current example multiple teams can define their [VPC Firewall Rules](https://cloud.google.com/vpc/docs/firewalls)
+for [dev](./firewall/dev) and [prod](./firewall/prod) environments using team specific subfolders. Rules defined in the
+[common](./firewall/common) folder are applied to both dev and prod environments.
+
+> **_NOTE:_** Common rules are meant to be used for situations where [hierarchical rules](https://cloud.google.com/vpc/docs/firewall-policies)
+do not map precisely to requirements (e.g. SA, etc.)
This is the high level diagram:
+The rules can be validated either using an automated process or a manual process (or a combination of
+the two). There is an example of a YAML-based validator using [Yamale](https://github.com/23andMe/Yamale)
+in the [`validator/`](validator/) subdirectory, which can be integrated as part of a CI/CD pipeline.
+
## Variables
diff --git a/networking/decentralized-firewall/diagram.png b/networking/decentralized-firewall/diagram.png
index bf655309..e96aa1c3 100644
Binary files a/networking/decentralized-firewall/diagram.png and b/networking/decentralized-firewall/diagram.png differ
diff --git a/networking/decentralized-firewall/versions.tf b/networking/decentralized-firewall/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/decentralized-firewall/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/networking/filtering-proxy/main.tf b/networking/filtering-proxy/main.tf
index c01aa4d4..1abcd369 100644
--- a/networking/filtering-proxy/main.tf
+++ b/networking/filtering-proxy/main.tf
@@ -158,7 +158,6 @@ module "squid-vm" {
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "cos-cloud/cos-stable"
@@ -270,7 +269,6 @@ module "test-vm" {
subnetwork = module.vpc.subnet_self_links["${var.region}/apps"]
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "debian-cloud/debian-10"
diff --git a/networking/filtering-proxy/versions.tf b/networking/filtering-proxy/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/filtering-proxy/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/networking/hub-and-spoke-peering/main.tf b/networking/hub-and-spoke-peering/main.tf
index 6a6b3bfa..e6f436ca 100644
--- a/networking/hub-and-spoke-peering/main.tf
+++ b/networking/hub-and-spoke-peering/main.tf
@@ -182,7 +182,6 @@ module "vm-hub" {
subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -200,7 +199,6 @@ module "vm-spoke-1" {
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -218,7 +216,6 @@ module "vm-spoke-2" {
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
diff --git a/networking/hub-and-spoke-peering/versions.tf b/networking/hub-and-spoke-peering/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/hub-and-spoke-peering/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/networking/hub-and-spoke-vpn/main.tf b/networking/hub-and-spoke-vpn/main.tf
index e1886e5e..c0a09300 100644
--- a/networking/hub-and-spoke-vpn/main.tf
+++ b/networking/hub-and-spoke-vpn/main.tf
@@ -250,7 +250,6 @@ module "vm-spoke-1" {
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.regions.b}/spoke-1-b"]
nat = false
addresses = null
- alias_ips = null
}]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
@@ -266,7 +265,6 @@ module "vm-spoke-2" {
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.regions.b}/spoke-2-b"]
nat = false
addresses = null
- alias_ips = null
}]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
diff --git a/networking/hub-and-spoke-vpn/versions.tf b/networking/hub-and-spoke-vpn/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/hub-and-spoke-vpn/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/networking/ilb-next-hop/gateways.tf b/networking/ilb-next-hop/gateways.tf
index 162c22ca..55b4c1cd 100644
--- a/networking/ilb-next-hop/gateways.tf
+++ b/networking/ilb-next-hop/gateways.tf
@@ -33,15 +33,13 @@ module "gw" {
network = module.vpc-left.self_link
subnetwork = values(module.vpc-left.subnet_self_links)[0],
nat = false,
- addresses = null,
- alias_ips = null
+ addresses = null
},
{
network = module.vpc-right.self_link
subnetwork = values(module.vpc-right.subnet_self_links)[0],
nat = false,
- addresses = null,
- alias_ips = null
+ addresses = null
}
]
tags = ["ssh"]
diff --git a/networking/ilb-next-hop/versions.tf b/networking/ilb-next-hop/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/ilb-next-hop/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/networking/ilb-next-hop/vms.tf b/networking/ilb-next-hop/vms.tf
index c1df0f89..3a00b346 100644
--- a/networking/ilb-next-hop/vms.tf
+++ b/networking/ilb-next-hop/vms.tf
@@ -35,7 +35,6 @@ module "vm-left" {
subnetwork = values(module.vpc-left.subnet_self_links)[0]
nat = false
addresses = null
- alias_ips = null
}
]
tags = ["ssh"]
@@ -61,7 +60,6 @@ module "vm-right" {
subnetwork = values(module.vpc-right.subnet_self_links)[0]
nat = false
addresses = null
- alias_ips = null
}
]
tags = ["ssh"]
diff --git a/networking/onprem-google-access-dns/main.tf b/networking/onprem-google-access-dns/main.tf
index 5782bda5..6c651a57 100644
--- a/networking/onprem-google-access-dns/main.tf
+++ b/networking/onprem-google-access-dns/main.tf
@@ -239,7 +239,6 @@ module "vm-test1" {
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -257,7 +256,6 @@ module "vm-test2" {
subnetwork = module.vpc.subnet_self_links["${var.region.gcp2}/subnet2"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -325,7 +323,6 @@ module "vm-onprem" {
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
nat = true
addresses = null
- alias_ips = null
}]
service_account = module.service-account-onprem.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
diff --git a/networking/onprem-google-access-dns/versions.tf b/networking/onprem-google-access-dns/versions.tf
index 69647848..1cc6bf89 100644
--- a/networking/onprem-google-access-dns/versions.tf
+++ b/networking/onprem-google-access-dns/versions.tf
@@ -13,5 +13,17 @@
# limitations under the License.
terraform {
- required_version = ">= 0.12.6"
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
}
+
+
diff --git a/networking/private-cloud-function-from-onprem/main.tf b/networking/private-cloud-function-from-onprem/main.tf
index a51fa363..2cb858d6 100644
--- a/networking/private-cloud-function-from-onprem/main.tf
+++ b/networking/private-cloud-function-from-onprem/main.tf
@@ -187,7 +187,6 @@ module "test-vm" {
}
network_interfaces = [{
addresses = null
- alias_ips = null
nat = false
network = module.vpc-onprem.self_link
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${var.name}-onprem"]
@@ -208,6 +207,7 @@ module "function-hello" {
bundle_config = {
source_dir = "${path.module}/assets"
output_path = "bundle.zip"
+ excludes = null
}
bucket_config = {
location = var.region
diff --git a/networking/private-cloud-function-from-onprem/versions.tf b/networking/private-cloud-function-from-onprem/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/private-cloud-function-from-onprem/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf
index 69879a2e..e60478f6 100644
--- a/networking/shared-vpc-gke/main.tf
+++ b/networking/shared-vpc-gke/main.tf
@@ -176,7 +176,6 @@ module "vm-bastion" {
subnetwork = lookup(module.vpc-shared.subnet_self_links, "${var.region}/gce", null)
nat = false
addresses = null
- alias_ips = null
}]
tags = ["ssh"]
metadata = {
diff --git a/networking/shared-vpc-gke/versions.tf b/networking/shared-vpc-gke/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/networking/shared-vpc-gke/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+
diff --git a/tests/modules/cloud_function/fixture/main.tf b/tests/modules/cloud_function/fixture/main.tf
index d624c2f1..e94a9f63 100644
--- a/tests/modules/cloud_function/fixture/main.tf
+++ b/tests/modules/cloud_function/fixture/main.tf
@@ -22,6 +22,7 @@ module "test" {
bundle_config = {
source_dir = "bundle"
output_path = "bundle.zip"
+ excludes = null
}
iam = {
"roles/cloudfunctions.invoker" = ["allUsers"]
diff --git a/foundations/environments/providers.tf b/tests/modules/cloud_run/__init__.py
similarity index 88%
rename from foundations/environments/providers.tf
rename to tests/modules/cloud_run/__init__.py
index 4969cdff..bb2436ab 100644
--- a/foundations/environments/providers.tf
+++ b/tests/modules/cloud_run/__init__.py
@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# https://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-provider "google" {}
+
diff --git a/tests/modules/cloud_run/fixture/bundle/main.py b/tests/modules/cloud_run/fixture/bundle/main.py
new file mode 100644
index 00000000..0446db3c
--- /dev/null
+++ b/tests/modules/cloud_run/fixture/bundle/main.py
@@ -0,0 +1,13 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
\ No newline at end of file
diff --git a/tests/modules/cloud_run/fixture/main.tf b/tests/modules/cloud_run/fixture/main.tf
new file mode 100644
index 00000000..d0872c22
--- /dev/null
+++ b/tests/modules/cloud_run/fixture/main.tf
@@ -0,0 +1,40 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "cloud_run" {
+ source = "../../../../modules/cloud-run"
+ project_id = "my-project"
+ name = "hello"
+ revision_name = "blue"
+ containers = [{
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ options = null
+ ports = null
+ resources = null
+ volume_mounts = null
+ }]
+ audit_log_triggers = [
+ {
+ "service_name" : "cloudresourcemanager.googleapis.com",
+ "method_name" : "SetIamPolicy"
+ }
+ ]
+ pubsub_triggers = [
+ "topic1",
+ "topic2"
+ ]
+ iam = {
+ "roles/run.invoker" = ["allUsers"]
+ }
+}
diff --git a/tests/modules/cloud_run/fixture/variables.tf b/tests/modules/cloud_run/fixture/variables.tf
new file mode 100644
index 00000000..0446db3c
--- /dev/null
+++ b/tests/modules/cloud_run/fixture/variables.tf
@@ -0,0 +1,13 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
\ No newline at end of file
diff --git a/tests/modules/cloud_run/test_plan.py b/tests/modules/cloud_run/test_plan.py
new file mode 100644
index 00000000..13cd3ecb
--- /dev/null
+++ b/tests/modules/cloud_run/test_plan.py
@@ -0,0 +1,50 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+@pytest.fixture
+def resources(plan_runner):
+ _, resources = plan_runner(FIXTURES_DIR)
+ return resources
+
+
+def test_resource_count(resources):
+ "Test number of resources created."
+ assert len(resources) == 5
+
+def test_iam(resources):
+ "Test IAM binding resources."
+ bindings = [r['values'] for r in resources if r['type']
+ == 'google_cloud_run_service_iam_binding']
+ assert len(bindings) == 1
+ assert bindings[0]['role'] == 'roles/run.invoker'
+
+def test_audit_log_triggers(resources):
+ "Test audit logs Eventarc trigger resources."
+ audit_log_triggers = [r['values'] for r in resources if r['type']
+ == 'google_eventarc_trigger' and r['name'] == 'audit_log_triggers']
+ assert len(audit_log_triggers) == 1
+
+def test_pubsub_triggers(resources):
+ "Test Pub/Sub Eventarc trigger resources."
+ pubsub_triggers = [r['values'] for r in resources if r['type']
+ == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers']
+ assert len(pubsub_triggers) == 2
diff --git a/tests/modules/compute_mig/fixture/versions.tf b/tests/modules/compute_mig/fixture/versions.tf
deleted file mode 100644
index a7f2f89b..00000000
--- a/tests/modules/compute_mig/fixture/versions.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-terraform {
- required_version = ">= 0.13.0"
- required_providers {
- google-beta = ">= 3.36.0"
- }
-}
diff --git a/tests/modules/compute_vm/fixture/variables.tf b/tests/modules/compute_vm/fixture/variables.tf
index 0e6c090b..cd9cdb47 100644
--- a/tests/modules/compute_vm/fixture/variables.tf
+++ b/tests/modules/compute_vm/fixture/variables.tf
@@ -78,17 +78,23 @@ variable "network_interfaces" {
internal = string
external = string
})
- alias_ips = map(string)
}))
default = [{
network = "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default",
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = false,
addresses = null
- alias_ips = null
}]
}
+variable "network_interface_options" {
+ type = map(object({
+ alias_ips = map(string)
+ nic_type = string
+ }))
+ default = {}
+}
+
variable "service_account_create" {
type = bool
default = false
diff --git a/tests/modules/compute_vm/test_plan_interfaces.py b/tests/modules/compute_vm/test_plan_interfaces.py
index 0f1d4934..9efdeafe 100644
--- a/tests/modules/compute_vm/test_plan_interfaces.py
+++ b/tests/modules/compute_vm/test_plan_interfaces.py
@@ -26,7 +26,6 @@ def test_address(plan_runner):
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = false,
addresses = {external=null, internal="10.0.0.2"}
- alias_ips = null
}]
'''
_, resources = plan_runner(FIXTURES_DIR, network_interfaces=nics)
@@ -42,7 +41,6 @@ def test_nat_address(plan_runner):
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = true,
addresses = {external="8.8.8.8", internal=null}
- alias_ips = null
}]
'''
_, resources = plan_runner(FIXTURES_DIR, network_interfaces=nics)
diff --git a/third-party-solutions/openshift/prepare.py b/third-party-solutions/openshift/prepare.py
index 10325994..73fcf70e 100755
--- a/third-party-solutions/openshift/prepare.py
+++ b/third-party-solutions/openshift/prepare.py
@@ -145,7 +145,7 @@ def ignition_configs(ctx=None):
'create', 'ignition-configs',
'--dir', str(ctx.obj['paths']['config_dir'])
]
- env = {'GOOGLE_CREDENTIALS': ctx.obj['paths']['credentials']}
+ env = {'GOOGLE_APPLICATION_CREDENTIALS': ctx.obj['paths']['credentials']}
_run_installer(cmdline, env)
@@ -221,7 +221,7 @@ def manifests(ctx=None):
'create', 'manifests',
'--dir', str(ctx.obj['paths']['config_dir'])
]
- env = {'GOOGLE_CREDENTIALS': ctx.obj['paths']['credentials']}
+ env = {'GOOGLE_APPLICATION_CREDENTIALS': ctx.obj['paths']['credentials']}
_run_installer(cmdline, env)
diff --git a/third-party-solutions/openshift/tf/providers.tf b/third-party-solutions/openshift/tf/providers.tf
deleted file mode 100644
index 52f42881..00000000
--- a/third-party-solutions/openshift/tf/providers.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-# pinning to avoid some weird issues we had with the following version
-
-terraform {
- required_providers {
- google = {
- source = "hashicorp/google"
- version = "3.65.0"
- }
- }
-}
diff --git a/third-party-solutions/openshift/tf/versions.tf b/third-party-solutions/openshift/tf/versions.tf
new file mode 100644
index 00000000..1cc6bf89
--- /dev/null
+++ b/third-party-solutions/openshift/tf/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.0.0"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.0.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 4.0.0"
+ }
+ }
+}
+
+