Merge branch 'GoogleCloudPlatform:master' into master
This commit is contained in:
commit
953cda6462
|
@ -1,51 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
name: Post-merge tasks
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
types:
|
||||
- closed
|
||||
|
||||
env:
|
||||
PYTHON_VERSION: "3.10"
|
||||
|
||||
jobs:
|
||||
if_merged:
|
||||
if: github.event.pull_request.merged == true
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: ${{ env.PYTHON_VERSION }}
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
pip install -r tools/requirements.txt
|
||||
- name: Update Changelog
|
||||
run: |
|
||||
python3 tools/changelog.py --token secrets.GITHUB_TOKEN CHANGELOG.md
|
||||
- name: Commit and push Changelog
|
||||
env:
|
||||
CI_COMMIT_MESSAGE: Update Changelog
|
||||
CI_COMMIT_AUTHOR: Fabric Repo Workflows
|
||||
run: |
|
||||
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
|
||||
git config --global user.email "username@users.noreply.github.com"
|
||||
git commit -a -m "${{ env.CI_COMMIT_MESSAGE }}"
|
||||
git push
|
|
@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### FAST
|
||||
|
||||
- [[#793](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/793)] FAST: fix typo in CI/CD stage outputs. ([fawzihmouda](https://github.com/fawzihmouda)) <!-- 2022-09-04 11:50:36+00:00 -->
|
||||
- [[#774](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/774)] FAST: fix data-platform-dev folder in stage 03-data-platform ([sttomm](https://github.com/sttomm)) <!-- 2022-08-16 07:36:24+00:00 -->
|
||||
- [[#770](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/770)] FAST: fix to move without `output_location` ([daisuky-jp](https://github.com/daisuky-jp)) <!-- 2022-08-07 07:00:27+00:00 -->
|
||||
- [[#767](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/767)] Allow interpolating SAs in project factory subnet IAM bindings ([ludoo](https://github.com/ludoo)) <!-- 2022-08-04 08:39:28+00:00 -->
|
||||
|
@ -98,6 +99,7 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### TOOLS
|
||||
|
||||
- [[#794](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/794)] Test documentation examples in the `examples/` folder ([juliocc](https://github.com/juliocc)) <!-- 2022-09-06 19:38:26+00:00 -->
|
||||
- [[#788](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/788)] fix yaml quotes for merge-pr workflow ([drebes](https://github.com/drebes)) <!-- 2022-08-31 13:47:33+00:00 -->
|
||||
- [[#763](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/763)] Changelog generator ([ludoo](https://github.com/ludoo)) <!-- 2022-08-02 09:45:06+00:00 -->
|
||||
- [[#762](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/762)] Update changelog on pull request merge ([ludoo](https://github.com/ludoo)) <!-- 2022-07-30 17:04:00+00:00 -->
|
||||
|
|
|
@ -33,6 +33,7 @@ You can easily configure the example for this use case:
|
|||
delegated_role_grants = ["roles/compute.networkUser"]
|
||||
direct_role_grants = []
|
||||
restricted_role_grant = "roles/compute.networkAdmin"
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
This diagram shows the resources and expected behaviour:
|
||||
|
|
|
@ -127,7 +127,7 @@ We suggest a centralized approach to key management, where Organization Security
|
|||
|
||||
To configure the use of Cloud KMS on resources, you have to specify the key id on the `service_encryption_keys` variable. Key locations should match resource locations. Example:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
service_encryption_keys = {
|
||||
bq = "KEY_URL_MULTIREGIONAL"
|
||||
composer = "KEY_URL_REGIONAL"
|
||||
|
@ -135,6 +135,7 @@ service_encryption_keys = {
|
|||
storage = "KEY_URL_MULTIREGIONAL"
|
||||
pubsub = "KEY_URL_MULTIREGIONAL"
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
This step is optional and depends on customer policies and security best practices.
|
||||
|
@ -191,12 +192,13 @@ The Data Platform is meant to be executed by a Service Account (or a regular use
|
|||
|
||||
There are three sets of variables you will need to fill in:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
billing_account_id = "111111-222222-333333"
|
||||
older_id = "folders/123456789012"
|
||||
organization_domain = "domain.com"
|
||||
prefix = "myco"
|
||||
```
|
||||
# tftest skip`
|
||||
``
|
||||
|
||||
For more fine details check variables on [`variables.tf`](./variables.tf) and update according to the desired configuration. Remember to create team groups described [below](#groups).
|
||||
|
||||
|
@ -207,6 +209,22 @@ terraform init
|
|||
terraform apply
|
||||
```
|
||||
|
||||
## How to use this example from Terraform
|
||||
|
||||
While this example can be used as a standalone deployment, it can also be called directly as a Terraform module by providing the variables values as show below:
|
||||
|
||||
```hcl
|
||||
module "data-platform" {
|
||||
source = "./fabric/examples/data-solutions/data-platform-foundations"
|
||||
billing_account_id = var.billing_account_id
|
||||
folder_id = var.folder_id
|
||||
organization_domain = "example.com"
|
||||
prefix = "myprefix"
|
||||
}
|
||||
|
||||
# tftest modules=1 resources=1
|
||||
```
|
||||
|
||||
## Customizations
|
||||
|
||||
### Create Cloud Key Management keys as part of the Data Platform
|
||||
|
|
|
@ -79,6 +79,8 @@ module "projects" {
|
|||
services_iam = try(each.value.services_iam, {})
|
||||
vpc = try(each.value.vpc, null)
|
||||
}
|
||||
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
### Projects configuration
|
||||
|
|
|
@ -47,7 +47,7 @@ The example configures the peering with the GKE master VPC to export routes for
|
|||
|
||||
Change the GKE cluster module and add a new variable after `private_cluster_config`:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
peering_config = {
|
||||
export_routes = true
|
||||
import_routes = false
|
||||
|
|
|
@ -50,6 +50,8 @@ module "project" {
|
|||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
## Testing
|
||||
|
|
|
@ -23,7 +23,7 @@ locals {
|
|||
tfvars = {
|
||||
cicd_repositories = merge(local.cicd_repositories_by_system["gitlab"], local.cicd_repositories_by_system["github"])
|
||||
cicd_ssh_urls = merge(local.gitlab_cicd_ssh, local.github_cicd_ssh)
|
||||
cicd_https_urls = merge(local.gitlab_cicd_https, local.gitlab_cicd_https)
|
||||
cicd_https_urls = merge(local.gitlab_cicd_https, local.github_cicd_https)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ Since it's currently impossible to fetch those addresses using a GCP data source
|
|||
|
||||
```hcl
|
||||
module "dns-policy-addresses" {
|
||||
source = "./modules/__experimental/net-dns-policy-addresses"
|
||||
source = "./fabric/modules/__experimental/net-dns-policy-addresses"
|
||||
project_id = "myproject"
|
||||
regions = ["europe-west1", "europe-west3"]
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ Note: this module will integrated into a general-purpose load balancing module i
|
|||
## Example
|
||||
```hcl
|
||||
module "neg" {
|
||||
source = "./modules/net-neg"
|
||||
source = "./fabric/modules/net-neg"
|
||||
project_id = "myproject"
|
||||
name = "myneg"
|
||||
network = module.vpc.self_link
|
||||
|
|
|
@ -6,7 +6,7 @@ This module allows creating an API with its associated API config and API gatewa
|
|||
## Basic example
|
||||
```hcl
|
||||
module "gateway" {
|
||||
source = "./modules/api-gateway"
|
||||
source = "./fabric/modules/api-gateway"
|
||||
project_id = "my-project"
|
||||
api_id = "api"
|
||||
region = "europe-west1"
|
||||
|
@ -21,7 +21,7 @@ module "gateway" {
|
|||
## Basic example + customer service account
|
||||
```hcl
|
||||
module "gateway" {
|
||||
source = "./modules/api-gateway"
|
||||
source = "./fabric/modules/api-gateway"
|
||||
project_id = "my-project"
|
||||
api_id = "api"
|
||||
region = "europe-west1"
|
||||
|
@ -40,7 +40,7 @@ module "gateway" {
|
|||
## Basic example + service account creation
|
||||
```hcl
|
||||
module "gateway" {
|
||||
source = "./modules/api-gateway"
|
||||
source = "./fabric/modules/api-gateway"
|
||||
project_id = "my-project"
|
||||
api_id = "api"
|
||||
region = "europe-west1"
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows managing a single Apigee organization and its environments an
|
|||
|
||||
```hcl
|
||||
module "apigee-organization" {
|
||||
source = "./modules/apigee-organization"
|
||||
source = "./fabric/modules/apigee-organization"
|
||||
project_id = "my-project"
|
||||
analytics_region = "us-central1"
|
||||
runtime_type = "CLOUD"
|
||||
|
@ -36,7 +36,7 @@ module "apigee-organization" {
|
|||
|
||||
```hcl
|
||||
module "apigee-organization" {
|
||||
source = "./modules/apigee-organization"
|
||||
source = "./fabric/modules/apigee-organization"
|
||||
project_id = "my-project"
|
||||
analytics_region = "us-central1"
|
||||
runtime_type = "CLOUD"
|
||||
|
@ -76,7 +76,7 @@ module "apigee-organization" {
|
|||
|
||||
```hcl
|
||||
module "apigee-organization" {
|
||||
source = "./modules/apigee-organization"
|
||||
source = "./fabric/modules/apigee-organization"
|
||||
project_id = "my-project"
|
||||
analytics_region = "us-central1"
|
||||
runtime_type = "HYBRID"
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows managing a single Apigee X instance and its environment attac
|
|||
|
||||
```hcl
|
||||
module "apigee-x-instance" {
|
||||
source = "./modules/apigee-x-instance"
|
||||
source = "./fabric/modules/apigee-x-instance"
|
||||
name = "my-us-instance"
|
||||
region = "us-central1"
|
||||
ip_range = "10.0.0.0/22"
|
||||
|
@ -26,7 +26,7 @@ module "apigee-x-instance" {
|
|||
|
||||
```hcl
|
||||
module "apigee-x-instance" {
|
||||
source = "./modules/apigee-x-instance"
|
||||
source = "./fabric/modules/apigee-x-instance"
|
||||
name = "my-us-instance"
|
||||
region = "us-central1"
|
||||
ip_range = "10.0.0.0/22"
|
||||
|
|
|
@ -8,7 +8,7 @@ Note: Artifact Registry is still in beta, hence this module currently uses the b
|
|||
|
||||
```hcl
|
||||
module "docker_artifact_registry" {
|
||||
source = "./modules/artifact-registry"
|
||||
source = "./fabric/modules/artifact-registry"
|
||||
project_id = "myproject"
|
||||
location = "europe-west1"
|
||||
format = "DOCKER"
|
||||
|
|
|
@ -19,7 +19,7 @@ The access variables are split into `access` and `access_identities` variables,
|
|||
|
||||
```hcl
|
||||
module "bigquery-dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my-dataset"
|
||||
access = {
|
||||
|
@ -44,7 +44,7 @@ Access configuration can also be specified via IAM instead of basic roles via th
|
|||
|
||||
```hcl
|
||||
module "bigquery-dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my-dataset"
|
||||
iam = {
|
||||
|
@ -60,7 +60,7 @@ Dataset options are set via the `options` variable. all options must be specifie
|
|||
|
||||
```hcl
|
||||
module "bigquery-dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my-dataset"
|
||||
options = {
|
||||
|
@ -85,7 +85,7 @@ locals {
|
|||
}
|
||||
|
||||
module "bigquery-dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my_dataset"
|
||||
tables = {
|
||||
|
@ -113,7 +113,7 @@ locals {
|
|||
}
|
||||
|
||||
module "bigquery-dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my-dataset"
|
||||
tables = {
|
||||
|
@ -145,7 +145,7 @@ locals {
|
|||
}
|
||||
|
||||
module "bigquery-dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my_dataset"
|
||||
tables = {
|
||||
|
|
|
@ -14,7 +14,7 @@ This module allows managing a single BigTable instance, including access configu
|
|||
```hcl
|
||||
|
||||
module "bigtable-instance" {
|
||||
source = "./modules/bigtable-instance"
|
||||
source = "./fabric/modules/bigtable-instance"
|
||||
project_id = "my-project"
|
||||
name = "instance"
|
||||
cluster_id = "instance"
|
||||
|
|
|
@ -15,7 +15,7 @@ Send a notification to an email when a set of projects reach $100 of spend.
|
|||
|
||||
```hcl
|
||||
module "budget" {
|
||||
source = "./modules/billing-budget"
|
||||
source = "./fabric/modules/billing-budget"
|
||||
billing_account = var.billing_account_id
|
||||
name = "$100 budget"
|
||||
amount = 100
|
||||
|
@ -42,7 +42,7 @@ Send a notification to a PubSub topic the total spend of a billing account reach
|
|||
|
||||
```hcl
|
||||
module "budget" {
|
||||
source = "./modules/billing-budget"
|
||||
source = "./fabric/modules/billing-budget"
|
||||
billing_account = var.billing_account_id
|
||||
name = "previous period budget"
|
||||
amount = 0
|
||||
|
@ -54,7 +54,7 @@ module "budget" {
|
|||
}
|
||||
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = var.project_id
|
||||
name = "budget-topic"
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ This module simplifies the creation of a Binary Authorization policy, attestors
|
|||
|
||||
```hcl
|
||||
module "binauthz" {
|
||||
source = "./modules/binauthz"
|
||||
source = "./fabric/modules/binauthz"
|
||||
project_id = "my_project"
|
||||
global_policy_evaluation_mode = "DISABLE"
|
||||
default_admission_rule = {
|
||||
|
|
|
@ -24,7 +24,7 @@ This example will create a `cloud-config` that uses the module's defaults, creat
|
|||
|
||||
```hcl
|
||||
module "cos-coredns" {
|
||||
source = "./modules/cloud-config-container/coredns"
|
||||
source = "./fabric/modules/cloud-config-container/coredns"
|
||||
}
|
||||
|
||||
# use it as metadata in a compute instance or template
|
||||
|
@ -40,8 +40,8 @@ This example will create a `cloud-config` using a custom CoreDNS configuration,
|
|||
|
||||
```hcl
|
||||
module "cos-coredns" {
|
||||
source = "./modules/cloud-config-container/coredns"
|
||||
coredns_config = "./modules/cloud-config-container/coredns/Corefile-hosts"
|
||||
source = "./fabric/modules/cloud-config-container/coredns"
|
||||
coredns_config = "./fabric/modules/cloud-config-container/coredns/Corefile-hosts"
|
||||
files = {
|
||||
"/etc/coredns/example.hosts" = {
|
||||
content = "127.0.0.2 foo.example.org foo"
|
||||
|
@ -57,7 +57,7 @@ This example shows how to create the single instance optionally managed by the m
|
|||
|
||||
```hcl
|
||||
module "cos-coredns" {
|
||||
source = "./modules/cloud-config-container/coredns"
|
||||
source = "./fabric/modules/cloud-config-container/coredns"
|
||||
test_instance = {
|
||||
project_id = "my-project"
|
||||
zone = "europe-west1-b"
|
||||
|
|
|
@ -14,7 +14,7 @@ This example will create a `cloud-config` that starts [Envoy Proxy](https://www.
|
|||
|
||||
```hcl
|
||||
module "cos-envoy" {
|
||||
source = "./modules/cos-generic-metadata"
|
||||
source = "./fabric/modules/cos-generic-metadata"
|
||||
|
||||
container_image = "envoyproxy/envoy:v1.14.1"
|
||||
container_name = "envoy"
|
||||
|
|
|
@ -13,12 +13,12 @@ This module depends on the [`cos-generic-metadata` module](../cos-generic-metada
|
|||
```hcl
|
||||
# Envoy TD config
|
||||
module "cos-envoy-td" {
|
||||
source = "./modules/cloud-config-container/envoy-traffic-director"
|
||||
source = "./fabric/modules/cloud-config-container/envoy-traffic-director"
|
||||
}
|
||||
|
||||
# COS VM
|
||||
module "vm-cos" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = local.project_id
|
||||
zone = local.zone
|
||||
name = "cos-envoy-td"
|
||||
|
|
|
@ -26,7 +26,7 @@ This example will create a `cloud-config` that uses the container's default conf
|
|||
|
||||
```hcl
|
||||
module "cos-mysql" {
|
||||
source = "./modules/cos-container/mysql"
|
||||
source = "./fabric/modules/cos-container/mysql"
|
||||
mysql_password = "foo"
|
||||
}
|
||||
|
||||
|
@ -43,7 +43,7 @@ This example will create a `cloud-config` that uses a custom MySQL configuration
|
|||
|
||||
```hcl
|
||||
module "cos-mysql" {
|
||||
source = "./modules/cos-container/mysql"
|
||||
source = "./fabric/modules/cos-container/mysql"
|
||||
mysql_config = "./my.cnf"
|
||||
mysql_password = "CiQAsd7WY=="
|
||||
kms_config = {
|
||||
|
@ -61,7 +61,7 @@ This example shows how to create the single instance optionally managed by the m
|
|||
|
||||
```hcl
|
||||
module "cos-mysql" {
|
||||
source = "./modules/cos-container/mysql"
|
||||
source = "./fabric/modules/cos-container/mysql"
|
||||
mysql_password = "foo"
|
||||
test_instance = {
|
||||
project_id = "my-project"
|
||||
|
|
|
@ -14,12 +14,12 @@ This module depends on the [`cos-generic-metadata` module](../cos-generic-metada
|
|||
```hcl
|
||||
# Nginx with self-signed TLS config
|
||||
module "cos-nginx-tls" {
|
||||
source = "./modules/cloud-config-container/nginx-tls"
|
||||
source = "./fabric/modules/cloud-config-container/nginx-tls"
|
||||
}
|
||||
|
||||
# COS VM
|
||||
module "vm-nginx-tls" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = local.project_id
|
||||
zone = local.zone
|
||||
name = "cos-nginx-tls"
|
||||
|
|
|
@ -24,7 +24,7 @@ This example will create a `cloud-config` that uses the module's defaults, creat
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
# use it as metadata in a compute instance or template
|
||||
|
@ -40,7 +40,7 @@ This example shows how to create the single instance optionally managed by the m
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
test_instance = {
|
||||
project_id = "my-project"
|
||||
zone = "europe-west1-b"
|
||||
|
|
|
@ -24,7 +24,7 @@ The test instance is optional, as described above.
|
|||
|
||||
```hcl
|
||||
module "cloud-vpn" {
|
||||
source = "./modules/net-vpn-static"
|
||||
source = "./fabric/modules/net-vpn-static"
|
||||
project_id = "my-project"
|
||||
region = "europe-west1"
|
||||
network = "my-vpc"
|
||||
|
@ -41,7 +41,7 @@ module "cloud-vpn" {
|
|||
}
|
||||
|
||||
module "on-prem" {
|
||||
source = "./modules/cos-container/on-prem"
|
||||
source = "./fabric/modules/cos-container/on-prem"
|
||||
name = "onprem"
|
||||
vpn_config = {
|
||||
type = "static"
|
||||
|
|
|
@ -24,7 +24,7 @@ This example will create a `cloud-config` that allows any client in the 10.0.0.0
|
|||
|
||||
```hcl
|
||||
module "cos-squid" {
|
||||
source = "./modules/cloud-config-container/squid"
|
||||
source = "./fabric/modules/cloud-config-container/squid"
|
||||
whitelist = [".github.com"]
|
||||
clients = ["10.0.0.0/8"]
|
||||
}
|
||||
|
@ -42,7 +42,7 @@ This example shows how to create the single instance optionally managed by the m
|
|||
|
||||
```hcl
|
||||
module "cos-squid" {
|
||||
source = "./modules/cloud-config-container/squid"
|
||||
source = "./fabric/modules/cloud-config-container/squid"
|
||||
whitelist = ["github.com"]
|
||||
clients = ["10.0.0.0/8"]
|
||||
test_instance = {
|
||||
|
|
|
@ -16,7 +16,7 @@ This deploys a Cloud Function with an HTTP endpoint, using a pre-existing GCS bu
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
@ -35,7 +35,7 @@ Other trigger types other than HTTP are configured via the `trigger_config` vari
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
@ -59,7 +59,7 @@ To allow anonymous access to the function, grant the `roles/cloudfunctions.invok
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
@ -81,7 +81,7 @@ You can have the module auto-create the GCS bucket used for deployment via the `
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
@ -104,7 +104,7 @@ To use a custom service account managed by the module, set `service_account_crea
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
@ -122,7 +122,7 @@ To use an externally managed service account, pass its email in `service_account
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
@ -142,7 +142,7 @@ In order to help prevent `archive_zip.output_md5` from changing cross platform (
|
|||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
source = "./modules/cloud-function"
|
||||
source = "./fabric/modules/cloud-function"
|
||||
project_id = "my-project"
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
|
|
|
@ -17,7 +17,7 @@ Until that bug is fixed, this module will only support the creation of MEMBER an
|
|||
### Simple Group
|
||||
```hcl
|
||||
module "group" {
|
||||
source = "./modules/cloud-identity-group"
|
||||
source = "./fabric/modules/cloud-identity-group"
|
||||
customer_id = "customers/C01234567"
|
||||
name = "mygroup@example.com"
|
||||
display_name = "My group name"
|
||||
|
@ -34,7 +34,7 @@ module "group" {
|
|||
### Group with managers
|
||||
```hcl
|
||||
module "group" {
|
||||
source = "./modules/cloud-identity-group"
|
||||
source = "./fabric/modules/cloud-identity-group"
|
||||
customer_id = "customers/C01234567"
|
||||
name = "mygroup2@example.com"
|
||||
display_name = "My group name 2"
|
||||
|
|
|
@ -10,7 +10,7 @@ This deploys a Cloud Run service and sets some environment variables.
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
containers = [{
|
||||
|
@ -36,7 +36,7 @@ module "cloud_run" {
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
containers = [{
|
||||
|
@ -64,7 +64,7 @@ module "cloud_run" {
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = var.project_id
|
||||
name = "hello"
|
||||
region = var.region
|
||||
|
@ -98,7 +98,7 @@ This deploys a Cloud Run service with traffic split between two revisions.
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
revision_name = "green"
|
||||
|
@ -123,7 +123,7 @@ This deploys a Cloud Run service that will be triggered when messages are publis
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
containers = [{
|
||||
|
@ -147,7 +147,7 @@ This deploys a Cloud Run service that will be triggered when specific log events
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
containers = [{
|
||||
|
@ -173,7 +173,7 @@ To use a custom service account managed by the module, set `service_account_crea
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
containers = [{
|
||||
|
@ -192,7 +192,7 @@ To use an externally managed service account, pass its email in `service_account
|
|||
|
||||
```hcl
|
||||
module "cloud_run" {
|
||||
source = "./modules/cloud-run"
|
||||
source = "./fabric/modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
name = "hello"
|
||||
containers = [{
|
||||
|
|
|
@ -12,7 +12,7 @@ This example shows how to setup a project, VPC and a standalone Cloud SQL instan
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
parent = var.organization_id
|
||||
name = "my-db-project"
|
||||
|
@ -22,7 +22,7 @@ module "project" {
|
|||
}
|
||||
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = module.project.project_id
|
||||
name = "my-network"
|
||||
psa_config = {
|
||||
|
@ -32,7 +32,7 @@ module "vpc" {
|
|||
}
|
||||
|
||||
module "db" {
|
||||
source = "./modules/cloudsql-instance"
|
||||
source = "./fabric/modules/cloudsql-instance"
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.self_link
|
||||
name = "db"
|
||||
|
@ -47,7 +47,7 @@ module "db" {
|
|||
|
||||
```hcl
|
||||
module "db" {
|
||||
source = "./modules/cloudsql-instance"
|
||||
source = "./fabric/modules/cloudsql-instance"
|
||||
project_id = var.project_id
|
||||
network = var.vpc.self_link
|
||||
name = "db"
|
||||
|
@ -67,7 +67,7 @@ module "db" {
|
|||
|
||||
```hcl
|
||||
module "db" {
|
||||
source = "./modules/cloudsql-instance"
|
||||
source = "./fabric/modules/cloudsql-instance"
|
||||
project_id = var.project_id
|
||||
network = var.vpc.self_link
|
||||
name = "db"
|
||||
|
@ -98,7 +98,7 @@ module "db" {
|
|||
```hcl
|
||||
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
parent = var.organization_id
|
||||
name = "my-db-project"
|
||||
|
@ -109,7 +109,7 @@ module "project" {
|
|||
}
|
||||
|
||||
module "kms" {
|
||||
source = "./modules/kms"
|
||||
source = "./fabric/modules/kms"
|
||||
project_id = module.project.project_id
|
||||
keyring = {
|
||||
name = "keyring"
|
||||
|
@ -128,7 +128,7 @@ module "kms" {
|
|||
}
|
||||
|
||||
module "db" {
|
||||
source = "./modules/cloudsql-instance"
|
||||
source = "./fabric/modules/cloudsql-instance"
|
||||
project_id = module.project.project_id
|
||||
encryption_key_name = module.kms.keys["key-sql"].id
|
||||
network = var.vpc.self_link
|
||||
|
|
|
@ -12,11 +12,11 @@ This example shows how to manage a simple MIG that leverages the `compute-vm` mo
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -39,7 +39,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
@ -58,11 +58,11 @@ If multiple versions are desired, use more `compute-vm` instances for the additi
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -85,7 +85,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
@ -111,11 +111,11 @@ Autohealing policies can use an externally defined health check, or have this mo
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -138,7 +138,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
@ -167,11 +167,11 @@ The module can create and manage an autoscaler associated with the MIG. When usi
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -194,7 +194,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
@ -219,11 +219,11 @@ module "nginx-mig" {
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -246,7 +246,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
@ -281,11 +281,11 @@ Note that when referencing the stateful disk, you use `device_name` and not `dis
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -319,7 +319,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
@ -358,11 +358,11 @@ Note that you will need to know the instance name in order to use this configura
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "nginx-template" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
name = "nginx-template"
|
||||
zone = "europe-west1-b"
|
||||
|
@ -396,7 +396,7 @@ module "nginx-template" {
|
|||
}
|
||||
|
||||
module "nginx-mig" {
|
||||
source = "./modules/compute-mig"
|
||||
source = "./fabric/modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1-b"
|
||||
name = "mig-test"
|
||||
|
|
|
@ -15,7 +15,7 @@ The simplest example leverages defaults for the boot disk image and size, and us
|
|||
|
||||
```hcl
|
||||
module "simple-vm-example" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
|
@ -37,7 +37,7 @@ module "simple-vm-example" {
|
|||
|
||||
```hcl
|
||||
module "spot-vm-example" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
|
@ -72,7 +72,7 @@ This is an example of attaching a pre-existing regional PD to a new instance:
|
|||
|
||||
```hcl
|
||||
module "simple-vm-example" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
zone = "${var.region}-b"
|
||||
name = "test"
|
||||
|
@ -102,7 +102,7 @@ And the same example for an instance template (where not using the full self lin
|
|||
|
||||
```hcl
|
||||
module "simple-vm-example" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
zone = "${var.region}-b"
|
||||
name = "test"
|
||||
|
@ -135,7 +135,7 @@ This example shows how to control disk encryption via the the `encryption` varia
|
|||
|
||||
```hcl
|
||||
module "kms-vm-example" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
zone = "europe-west1-b"
|
||||
name = "kms-test"
|
||||
|
@ -175,7 +175,7 @@ This example shows how to add additional [Alias IPs](https://cloud.google.com/vp
|
|||
|
||||
```hcl
|
||||
module "vm-with-alias-ips" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = "my-project"
|
||||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
|
@ -224,7 +224,7 @@ resource "google_compute_image" "cos-gvnic" {
|
|||
}
|
||||
|
||||
module "vm-with-gvnic" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = "my-project"
|
||||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
|
@ -256,7 +256,7 @@ This example shows how to use the module to manage an instance template that def
|
|||
|
||||
```hcl
|
||||
module "cos-test" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = "my-project"
|
||||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
|
@ -296,7 +296,7 @@ locals {
|
|||
}
|
||||
|
||||
module "instance-group" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = "my-project"
|
||||
zone = "europe-west1-b"
|
||||
name = "ilb-test"
|
||||
|
|
|
@ -6,7 +6,7 @@ This module simplifies the creation of GCS buckets used by Google Container Regi
|
|||
|
||||
```hcl
|
||||
module "container_registry" {
|
||||
source = "./modules/container-registry"
|
||||
source = "./fabric/modules/container-registry"
|
||||
project_id = "myproject"
|
||||
location = "EU"
|
||||
iam = {
|
||||
|
|
|
@ -9,7 +9,7 @@ Note: Data Catalog is still in beta, hence this module currently uses the beta p
|
|||
|
||||
```hcl
|
||||
module "cmn-dc" {
|
||||
source = "./modules/data-catalog-policy-tag"
|
||||
source = "./fabric/modules/data-catalog-policy-tag"
|
||||
name = "my-datacatalog-policy-tags"
|
||||
project_id = "my-project"
|
||||
tags = {
|
||||
|
@ -23,7 +23,7 @@ module "cmn-dc" {
|
|||
|
||||
```hcl
|
||||
module "cmn-dc" {
|
||||
source = "./modules/data-catalog-policy-tag"
|
||||
source = "./fabric/modules/data-catalog-policy-tag"
|
||||
name = "my-datacatalog-policy-tags"
|
||||
project_id = "my-project"
|
||||
tags = {
|
||||
|
@ -65,4 +65,4 @@ module "cmn-dc" {
|
|||
<!-- END TFDOC -->
|
||||
## TODO
|
||||
- Support IAM at tag level.
|
||||
- Support Child policy tags
|
||||
- Support Child policy tags
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows simple management of ['Google Data Fusion'](https://cloud.goo
|
|||
|
||||
```hcl
|
||||
module "datafusion" {
|
||||
source = "./modules/datafusion"
|
||||
source = "./fabric/modules/datafusion"
|
||||
name = "my-datafusion"
|
||||
region = "europe-west1"
|
||||
project_id = "my-project"
|
||||
|
@ -23,7 +23,7 @@ module "datafusion" {
|
|||
|
||||
```hcl
|
||||
module "datafusion" {
|
||||
source = "./modules/datafusion"
|
||||
source = "./fabric/modules/datafusion"
|
||||
name = "my-datafusion"
|
||||
region = "europe-west1"
|
||||
project_id = "my-project"
|
||||
|
|
|
@ -10,7 +10,7 @@ For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https:
|
|||
|
||||
```hcl
|
||||
module "private-dns" {
|
||||
source = "./modules/dns"
|
||||
source = "./fabric/modules/dns"
|
||||
project_id = "myproject"
|
||||
type = "private"
|
||||
name = "test-example"
|
||||
|
@ -27,7 +27,7 @@ module "private-dns" {
|
|||
|
||||
```hcl
|
||||
module "private-dns" {
|
||||
source = "./modules/dns"
|
||||
source = "./fabric/modules/dns"
|
||||
project_id = "myproject"
|
||||
type = "forwarding"
|
||||
name = "test-example"
|
||||
|
@ -42,7 +42,7 @@ module "private-dns" {
|
|||
|
||||
```hcl
|
||||
module "private-dns" {
|
||||
source = "./modules/dns"
|
||||
source = "./fabric/modules/dns"
|
||||
project_id = "myproject"
|
||||
type = "peering"
|
||||
name = "test-example"
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows simple management of ['Google Cloud Endpoints'](https://cloud
|
|||
|
||||
```hcl
|
||||
module "endpoint" {
|
||||
source = "./modules/endpoints"
|
||||
source = "./fabric/modules/endpoints"
|
||||
project_id = "my-project"
|
||||
service_name = "YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog"
|
||||
openapi_config = { "yaml_path" = "openapi.yaml" }
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows the creation and management of folders, including support for
|
|||
|
||||
```hcl
|
||||
module "folder" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = "organizations/1234567890"
|
||||
name = "Folder name"
|
||||
group_iam = {
|
||||
|
@ -28,7 +28,7 @@ module "folder" {
|
|||
|
||||
```hcl
|
||||
module "folder" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = "organizations/1234567890"
|
||||
name = "Folder name"
|
||||
policy_boolean = {
|
||||
|
@ -53,7 +53,7 @@ In the same way as for the [organization](../organization) module, the in-built
|
|||
|
||||
```hcl
|
||||
module "folder" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = "organizations/1234567890"
|
||||
name = "Folder name"
|
||||
firewall_policy_factory = {
|
||||
|
@ -109,33 +109,33 @@ allow-ssh-from-iap:
|
|||
|
||||
```hcl
|
||||
module "gcs" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "my-project"
|
||||
name = "gcs_sink"
|
||||
force_destroy = true
|
||||
}
|
||||
|
||||
module "dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "bq_sink"
|
||||
}
|
||||
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = "my-project"
|
||||
name = "pubsub_sink"
|
||||
}
|
||||
|
||||
module "bucket" {
|
||||
source = "./modules/logging-bucket"
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "project"
|
||||
parent = "my-project"
|
||||
id = "bucket"
|
||||
}
|
||||
|
||||
module "folder-sink" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = "folders/657104291943"
|
||||
name = "my-folder"
|
||||
logging_sinks = {
|
||||
|
@ -181,7 +181,7 @@ module "folder-sink" {
|
|||
|
||||
```hcl
|
||||
module "folder1" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = var.organization_id
|
||||
name = "policy-container"
|
||||
|
||||
|
@ -206,7 +206,7 @@ module "folder1" {
|
|||
}
|
||||
|
||||
module "folder2" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = var.organization_id
|
||||
name = "hf2"
|
||||
firewall_policy_association = {
|
||||
|
@ -222,7 +222,7 @@ Refer to the [Creating and managing tags](https://cloud.google.com/resource-mana
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
tags = {
|
||||
environment = {
|
||||
|
@ -237,7 +237,7 @@ module "org" {
|
|||
}
|
||||
|
||||
module "folder" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
name = "Test"
|
||||
parent = module.org.organization_id
|
||||
tag_bindings = {
|
||||
|
|
|
@ -6,7 +6,7 @@ This module allows creation and management of an organizational hierarchy "unit"
|
|||
|
||||
```hcl
|
||||
module "folders-unit" {
|
||||
source = "./modules/folders-unit"
|
||||
source = "./fabric/modules/folders-unit"
|
||||
name = "Business Intelligence"
|
||||
short_name = "bi"
|
||||
automation_project_id = "automation-project-394yr923811"
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
|
@ -18,7 +18,7 @@ module "bucket" {
|
|||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
|
@ -34,7 +34,7 @@ module "bucket" {
|
|||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
|
@ -59,7 +59,7 @@ module "bucket" {
|
|||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
|
@ -91,7 +91,7 @@ module "bucket" {
|
|||
### Minimal example with GCS notifications
|
||||
```hcl
|
||||
module "bucket-gcs-notification" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows simplified creation and management of GKE clusters and should
|
|||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
@ -37,7 +37,7 @@ module "cluster-1" {
|
|||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
|
|
@ -17,7 +17,7 @@ To use this module you must ensure the following APIs are enabled in the target
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
name = "gkehub-test"
|
||||
parent = "folders/12345"
|
||||
|
@ -33,7 +33,7 @@ module "project" {
|
|||
}
|
||||
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = module.project.project_id
|
||||
name = "network"
|
||||
subnets = [{
|
||||
|
@ -48,7 +48,7 @@ module "vpc" {
|
|||
}
|
||||
|
||||
module "cluster_1" {
|
||||
source = "./modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
@ -67,7 +67,7 @@ module "cluster_1" {
|
|||
}
|
||||
|
||||
module "hub" {
|
||||
source = "./modules/gke-hub"
|
||||
source = "./fabric/modules/gke-hub"
|
||||
project_id = module.project.project_id
|
||||
clusters = {
|
||||
cluster-1 = module.cluster_1.id
|
||||
|
@ -124,7 +124,7 @@ module "hub" {
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = "123-456-789"
|
||||
name = "gkehub-test"
|
||||
parent = "folders/12345"
|
||||
|
@ -140,7 +140,7 @@ module "project" {
|
|||
}
|
||||
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = module.project.project_id
|
||||
name = "vpc"
|
||||
mtu = 1500
|
||||
|
@ -173,7 +173,7 @@ module "vpc" {
|
|||
}
|
||||
|
||||
module "firewall" {
|
||||
source = "./modules/net-vpc-firewall"
|
||||
source = "./fabric/modules/net-vpc-firewall"
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.name
|
||||
custom_rules = {
|
||||
|
@ -225,7 +225,7 @@ module "firewall" {
|
|||
}
|
||||
|
||||
module "cluster_1" {
|
||||
source = "./modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-wes1"
|
||||
|
@ -252,7 +252,7 @@ module "cluster_1" {
|
|||
}
|
||||
|
||||
module "cluster_1_nodepool" {
|
||||
source = "./modules/gke-nodepool"
|
||||
source = "./fabric/modules/gke-nodepool"
|
||||
project_id = module.project.project_id
|
||||
cluster_name = module.cluster_1.name
|
||||
location = "europe-west1"
|
||||
|
@ -264,7 +264,7 @@ module "cluster_1_nodepool" {
|
|||
}
|
||||
|
||||
module "cluster_2" {
|
||||
source = "./modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-wes1"
|
||||
|
@ -291,7 +291,7 @@ module "cluster_2" {
|
|||
}
|
||||
|
||||
module "cluster_2_nodepool" {
|
||||
source = "./modules/gke-nodepool"
|
||||
source = "./fabric/modules/gke-nodepool"
|
||||
project_id = module.project.project_id
|
||||
cluster_name = module.cluster_2.name
|
||||
location = "europe-west4"
|
||||
|
@ -304,7 +304,7 @@ module "cluster_2_nodepool" {
|
|||
|
||||
|
||||
module "hub" {
|
||||
source = "./modules/gke-hub"
|
||||
source = "./fabric/modules/gke-hub"
|
||||
project_id = module.project.project_id
|
||||
clusters = {
|
||||
cluster-1 = module.cluster_1.id
|
||||
|
|
|
@ -10,7 +10,7 @@ If no specific node configuration is set via variables, the module uses the prov
|
|||
|
||||
```hcl
|
||||
module "cluster-1-nodepool-1" {
|
||||
source = "./modules/gke-nodepool"
|
||||
source = "./fabric/modules/gke-nodepool"
|
||||
project_id = "myproject"
|
||||
cluster_name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
@ -24,7 +24,7 @@ To have the module auto-create a service account for the nodes, set the `node_se
|
|||
|
||||
```hcl
|
||||
module "cluster-1-nodepool-1" {
|
||||
source = "./modules/gke-nodepool"
|
||||
source = "./fabric/modules/gke-nodepool"
|
||||
project_id = "myproject"
|
||||
cluster_name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
|
|
@ -8,7 +8,7 @@ Note that this module does not fully comply with our design principles, as outpu
|
|||
|
||||
```hcl
|
||||
module "myproject-default-service-accounts" {
|
||||
source = "./modules/iam-service-account"
|
||||
source = "./fabric/modules/iam-service-account"
|
||||
project_id = "myproject"
|
||||
name = "vm-default"
|
||||
generate_key = true
|
||||
|
|
|
@ -44,7 +44,7 @@ device_2:
|
|||
|
||||
```hcl
|
||||
module "iot-platform" {
|
||||
source = "./modules/iot-core"
|
||||
source = "./fabric/modules/iot-core"
|
||||
project_id = "my_project_id"
|
||||
region = "europe-west1"
|
||||
telemetry_pubsub_topic_id = "telemetry_topic_id"
|
||||
|
@ -67,7 +67,7 @@ If you need to match specific MQTT topics (eg, /temperature) into specific PubSu
|
|||
|
||||
```hcl
|
||||
module "iot-platform" {
|
||||
source = "./modules/iot-core"
|
||||
source = "./fabric/modules/iot-core"
|
||||
project_id = "my_project_id"
|
||||
region = "europe-west1"
|
||||
telemetry_pubsub_topic_id = "telemetry_topic_id"
|
||||
|
@ -99,7 +99,7 @@ In this example, we will show how to extend the **[Data Foundations Platform](..
|
|||
|
||||
```hcl
|
||||
module "iot-platform" {
|
||||
source = "./modules/iot-core"
|
||||
source = "./fabric/modules/iot-core"
|
||||
project_id = "landing-project-id"
|
||||
region = "europe-west1"
|
||||
telemetry_pubsub_topic_id = "landing_pubsub_topic_id"
|
||||
|
|
|
@ -14,7 +14,7 @@ In this module **no lifecycle blocks are set on resources to prevent destroy**,
|
|||
|
||||
```hcl
|
||||
module "kms" {
|
||||
source = "./modules/kms"
|
||||
source = "./fabric/modules/kms"
|
||||
project_id = "my-project"
|
||||
iam = {
|
||||
"roles/cloudkms.admin" = ["user:user1@example.com"]
|
||||
|
@ -30,7 +30,7 @@ module "kms" {
|
|||
|
||||
```hcl
|
||||
module "kms" {
|
||||
source = "./modules/kms"
|
||||
source = "./fabric/modules/kms"
|
||||
project_id = "my-project"
|
||||
iam_additive = {
|
||||
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
|
||||
|
@ -63,7 +63,7 @@ module "kms" {
|
|||
|
||||
```hcl
|
||||
module "kms" {
|
||||
source = "./modules/kms"
|
||||
source = "./fabric/modules/kms"
|
||||
project_id = "my-project"
|
||||
key_purpose = {
|
||||
key-c = {
|
||||
|
|
|
@ -12,7 +12,7 @@ See also the `logging_sinks` argument within the [project](../project/), [folder
|
|||
|
||||
```hcl
|
||||
module "bucket" {
|
||||
source = "./modules/logging-bucket"
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "project"
|
||||
parent = var.project_id
|
||||
id = "mybucket"
|
||||
|
@ -25,13 +25,13 @@ module "bucket" {
|
|||
|
||||
```hcl
|
||||
module "folder" {
|
||||
source = "./modules/folder"
|
||||
source = "./fabric/modules/folder"
|
||||
parent = "folders/657104291943"
|
||||
name = "my folder"
|
||||
}
|
||||
|
||||
module "bucket-default" {
|
||||
source = "./modules/logging-bucket"
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "folder"
|
||||
parent = module.folder.id
|
||||
id = "_Default"
|
||||
|
|
|
@ -14,7 +14,7 @@ In its default configuration, the module supports an option prefix and suffix, a
|
|||
|
||||
```hcl
|
||||
module "names-org" {
|
||||
source = "./modules/naming-convention"
|
||||
source = "./fabric/modules/naming-convention"
|
||||
prefix = "myco"
|
||||
environment = "dev"
|
||||
team = "cloud"
|
||||
|
@ -30,7 +30,7 @@ module "names-org" {
|
|||
}
|
||||
|
||||
module "project-tf" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
# myco-cloud-dev-tf
|
||||
name = module.names-org.names.project.tf
|
||||
# { environment = "dev", scope = "global", team = "cloud" }
|
||||
|
@ -42,7 +42,7 @@ You can also enable resource type naming, useful with some legacy CMDB setups. W
|
|||
|
||||
```hcl
|
||||
module "names-org" {
|
||||
source = "./modules/naming-convention"
|
||||
source = "./fabric/modules/naming-convention"
|
||||
prefix = "myco"
|
||||
environment = "dev"
|
||||
team = "cloud"
|
||||
|
@ -59,7 +59,7 @@ module "names-org" {
|
|||
}
|
||||
|
||||
module "project-tf" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
# prj-myco-cloud-dev-tf
|
||||
name = module.names-org.names.prj.tf
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows reserving Compute Engine external, global, and internal addre
|
|||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./modules/net-address"
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
external_addresses = {
|
||||
nat-1 = var.region
|
||||
|
@ -23,7 +23,7 @@ module "addresses" {
|
|||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./modules/net-address"
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
internal_addresses = {
|
||||
ilb-1 = {
|
||||
|
@ -51,7 +51,7 @@ module "addresses" {
|
|||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./modules/net-address"
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
psa_addresses = {
|
||||
cloudsql-mysql = {
|
||||
|
@ -68,7 +68,7 @@ module "addresses" {
|
|||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./modules/net-address"
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
psc_addresses = {
|
||||
one = {
|
||||
|
|
|
@ -6,7 +6,7 @@ Simple Cloud NAT management, with optional router creation.
|
|||
|
||||
```hcl
|
||||
module "nat" {
|
||||
source = "./modules/net-cloudnat"
|
||||
source = "./fabric/modules/net-cloudnat"
|
||||
project_id = "my-project"
|
||||
region = "europe-west1"
|
||||
name = "default"
|
||||
|
|
|
@ -10,7 +10,7 @@ This is a minimal example, which creates a global HTTP load balancer, pointing t
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -35,7 +35,7 @@ A very similar coniguration also applies to GCE instance groups:
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -72,7 +72,7 @@ For example, to contextually create a health check and attach it to the backend
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -117,7 +117,7 @@ Serverless backends can also be used, as shown in the example below.
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -163,7 +163,7 @@ Backends can be multiple, group and bucket backends can be mixed and group backe
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -227,7 +227,7 @@ In this example, we're using one backend service as the default backend
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -295,7 +295,7 @@ Optionally, a static IP address can be reserved:
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -332,7 +332,7 @@ If no `ssl_certificates_config` variable is specified, a managed certificate for
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -366,7 +366,7 @@ If the ids specified in the `target_proxy_https_config` variable are not found i
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -414,7 +414,7 @@ Using unamanged certificates is also possible. Here is an example:
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
|
||||
|
@ -487,7 +487,7 @@ You can also use regional load balancing by specifying a `region` parameter:
|
|||
|
||||
```hcl
|
||||
module "glb" {
|
||||
source = "./modules/net-glb"
|
||||
source = "./fabric/modules/net-glb"
|
||||
name = "glb-test"
|
||||
project_id = var.project_id
|
||||
region = var.region
|
||||
|
|
|
@ -11,7 +11,7 @@ An HTTP ILB with a backend service pointing to a GCE instance group:
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -39,7 +39,7 @@ Network and subnetwork can be entered using their name (if present in the same p
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -75,7 +75,7 @@ For example, to contextually create a health check and attach it to the backend
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -118,7 +118,7 @@ Zonal Network Endpoint Groups (NEGs) can also be used, as shown in the example b
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -175,7 +175,7 @@ In this example, we're using a backend service as the default backend
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -234,7 +234,7 @@ Optionally, a static IP address can be reserved:
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -271,7 +271,7 @@ When HTTPS is enabled, if the ids specified in the `target_proxy_https_config` v
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
@ -307,7 +307,7 @@ Otherwise, unmanaged certificates can also be contextually created:
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb-l7"
|
||||
source = "./fabric/modules/net-ilb-l7"
|
||||
name = "ilb-test"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
|
|
|
@ -18,7 +18,7 @@ This examples shows how to create an ILB by combining externally managed instanc
|
|||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb"
|
||||
source = "./fabric/modules/net-ilb"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
name = "ilb-test"
|
||||
|
@ -58,11 +58,11 @@ Note that the example uses the GCE default service account. You might want to cr
|
|||
|
||||
```hcl
|
||||
module "cos-nginx" {
|
||||
source = "./modules/cloud-config-container/nginx"
|
||||
source = "./fabric/modules/cloud-config-container/nginx"
|
||||
}
|
||||
|
||||
module "instance-group" {
|
||||
source = "./modules/compute-vm"
|
||||
source = "./fabric/modules/compute-vm"
|
||||
for_each = toset(["b", "c"])
|
||||
project_id = var.project_id
|
||||
zone = "europe-west1-${each.key}"
|
||||
|
@ -86,7 +86,7 @@ module "instance-group" {
|
|||
}
|
||||
|
||||
module "ilb" {
|
||||
source = "./modules/net-ilb"
|
||||
source = "./fabric/modules/net-ilb"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
name = "ilb-test"
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows creation of a VLAN attachment for Direct Interconnect and rou
|
|||
|
||||
```hcl
|
||||
module "vlan-attachment-1" {
|
||||
source = "./modules/net-interconnect-attachment-direct"
|
||||
source = "./fabric/modules/net-interconnect-attachment-direct"
|
||||
project_id = "dedicated-ic-5-8492"
|
||||
region = "us-west2"
|
||||
router_network = "myvpc"
|
||||
|
@ -25,7 +25,7 @@ module "vlan-attachment-1" {
|
|||
|
||||
```hcl
|
||||
module "vlan-attachment-1" {
|
||||
source = "./modules/net-interconnect-attachment-direct"
|
||||
source = "./fabric/modules/net-interconnect-attachment-direct"
|
||||
project_id = "dedicated-ic-3-8386"
|
||||
region = "us-west2"
|
||||
router_name = "router-1"
|
||||
|
@ -63,7 +63,7 @@ module "vlan-attachment-1" {
|
|||
}
|
||||
|
||||
module "vlan-attachment-2" {
|
||||
source = "./modules/net-interconnect-attachment-direct"
|
||||
source = "./fabric/modules/net-interconnect-attachment-direct"
|
||||
project_id = "dedicated-ic-3-8386"
|
||||
region = "us-west2"
|
||||
router_name = "router-2"
|
||||
|
|
|
@ -16,7 +16,7 @@ This is often useful for prototyping or testing infrastructure, allowing open in
|
|||
|
||||
```hcl
|
||||
module "firewall" {
|
||||
source = "./modules/net-vpc-firewall"
|
||||
source = "./fabric/modules/net-vpc-firewall"
|
||||
project_id = "my-project"
|
||||
network = "my-network"
|
||||
admin_ranges = ["10.0.0.0/8"]
|
||||
|
@ -30,7 +30,7 @@ This is an example of how to define custom rules, with a sample rule allowing op
|
|||
|
||||
```hcl
|
||||
module "firewall" {
|
||||
source = "./modules/net-vpc-firewall"
|
||||
source = "./fabric/modules/net-vpc-firewall"
|
||||
project_id = "my-project"
|
||||
network = "my-network"
|
||||
admin_ranges = ["10.0.0.0/8"]
|
||||
|
@ -57,7 +57,7 @@ If you don't want any predefined rules set `admin_ranges`, `http_source_ranges`,
|
|||
|
||||
```hcl
|
||||
module "firewall" {
|
||||
source = "./modules/net-vpc-firewall"
|
||||
source = "./fabric/modules/net-vpc-firewall"
|
||||
project_id = "my-project"
|
||||
network = "my-network"
|
||||
admin_ranges = []
|
||||
|
@ -87,7 +87,7 @@ The module includes a rules factory (see [Resource Factories](../../examples/fac
|
|||
|
||||
```hcl
|
||||
module "firewall" {
|
||||
source = "./modules/net-vpc-firewall"
|
||||
source = "./fabric/modules/net-vpc-firewall"
|
||||
project_id = "my-project"
|
||||
network = "my-network"
|
||||
data_folder = "config/firewall"
|
||||
|
|
|
@ -13,7 +13,7 @@ Basic usage of this module is as follows:
|
|||
|
||||
```hcl
|
||||
module "peering" {
|
||||
source = "./modules/net-vpc-peering"
|
||||
source = "./fabric/modules/net-vpc-peering"
|
||||
prefix = "name-prefix"
|
||||
local_network = "projects/project-1/global/networks/vpc-1"
|
||||
peer_network = "projects/project-1/global/networks/vpc-2"
|
||||
|
@ -25,14 +25,14 @@ If you need to create more than one peering for the same VPC Network `(A -> B, A
|
|||
|
||||
```hcl
|
||||
module "peering-a-b" {
|
||||
source = "./modules/net-vpc-peering"
|
||||
source = "./fabric/modules/net-vpc-peering"
|
||||
prefix = "name-prefix"
|
||||
local_network = "projects/project-a/global/networks/vpc-a"
|
||||
peer_network = "projects/project-b/global/networks/vpc-b"
|
||||
}
|
||||
|
||||
module "peering-a-c" {
|
||||
source = "./modules/net-vpc-peering"
|
||||
source = "./fabric/modules/net-vpc-peering"
|
||||
prefix = "name-prefix"
|
||||
local_network = "projects/project-a/global/networks/vpc-a"
|
||||
peer_network = "projects/project-c/global/networks/vpc-c"
|
||||
|
|
|
@ -10,7 +10,7 @@ The module allows for several different VPC configurations, some of the most com
|
|||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
|
@ -42,7 +42,7 @@ If you only want to create the "local" side of the peering, use `peering_create_
|
|||
|
||||
```hcl
|
||||
module "vpc-hub" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "hub"
|
||||
name = "vpc-hub"
|
||||
subnets = [{
|
||||
|
@ -54,7 +54,7 @@ module "vpc-hub" {
|
|||
}
|
||||
|
||||
module "vpc-spoke-1" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "spoke1"
|
||||
name = "vpc-spoke1"
|
||||
subnets = [{
|
||||
|
@ -89,7 +89,7 @@ locals {
|
|||
}
|
||||
|
||||
module "vpc-host" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-host-network"
|
||||
subnets = [
|
||||
|
@ -127,7 +127,7 @@ module "vpc-host" {
|
|||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
|
@ -152,7 +152,7 @@ Custom routes can be optionally exported/imported through the peering formed wit
|
|||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
|
@ -180,7 +180,7 @@ Along with common private subnets module supports creation more service specific
|
|||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
|
||||
|
@ -207,7 +207,7 @@ module "vpc" {
|
|||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
dns_policy = {
|
||||
|
@ -236,7 +236,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../e
|
|||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./modules/net-vpc"
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-network"
|
||||
data_folder = "config/subnets"
|
||||
|
|
|
@ -9,7 +9,7 @@ This example shows how to configure a single VPN tunnel using a couple of extra
|
|||
|
||||
```hcl
|
||||
module "vpn-dynamic" {
|
||||
source = "./modules/net-vpn-dynamic"
|
||||
source = "./fabric/modules/net-vpn-dynamic"
|
||||
project_id = "my-project"
|
||||
region = "europe-west1"
|
||||
network = "my-vpc"
|
||||
|
|
|
@ -6,7 +6,7 @@ This module makes it easy to deploy either GCP-to-GCP or GCP-to-On-prem [Cloud H
|
|||
### GCP to GCP
|
||||
```hcl
|
||||
module "vpn_ha-1" {
|
||||
source = "./modules/net-vpn-ha"
|
||||
source = "./fabric/modules/net-vpn-ha"
|
||||
project_id = "<PROJECT_ID>"
|
||||
region = "europe-west4"
|
||||
network = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/network-1"
|
||||
|
@ -51,7 +51,7 @@ module "vpn_ha-1" {
|
|||
}
|
||||
|
||||
module "vpn_ha-2" {
|
||||
source = "./modules/net-vpn-ha"
|
||||
source = "./fabric/modules/net-vpn-ha"
|
||||
project_id = "<PROJECT_ID>"
|
||||
region = "europe-west4"
|
||||
network = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/local-network"
|
||||
|
@ -96,7 +96,7 @@ Note: When using the `for_each` meta-argument you might experience a Cycle Error
|
|||
|
||||
```hcl
|
||||
module "vpn_ha" {
|
||||
source = "./modules/net-vpn-ha"
|
||||
source = "./fabric/modules/net-vpn-ha"
|
||||
project_id = var.project_id
|
||||
region = var.region
|
||||
network = var.vpc.self_link
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./modules/net-address"
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
external_addresses = {
|
||||
vpn = "europe-west1"
|
||||
|
@ -12,7 +12,7 @@ module "addresses" {
|
|||
}
|
||||
|
||||
module "vpn" {
|
||||
source = "./modules/net-vpn-static"
|
||||
source = "./fabric/modules/net-vpn-static"
|
||||
project_id = var.project_id
|
||||
region = var.region
|
||||
network = var.vpc.self_link
|
||||
|
|
|
@ -13,14 +13,14 @@ Yaml based factory can simplify centralized management of Org Policies for a Dev
|
|||
```hcl
|
||||
# using configuration provided in a set of yaml files
|
||||
module "org-policy-factory" {
|
||||
source = "./modules/organization-policy"
|
||||
source = "./fabric/modules/organization-policy"
|
||||
|
||||
config_directory = "./policies"
|
||||
}
|
||||
|
||||
# using configuration provided in the module variable
|
||||
module "org-policy" {
|
||||
source = "./modules/organization-policy"
|
||||
source = "./fabric/modules/organization-policy"
|
||||
|
||||
policies = {
|
||||
"folders/1234567890" = {
|
||||
|
|
|
@ -11,7 +11,7 @@ This module allows managing several organization properties:
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = "organizations/1234567890"
|
||||
group_iam = {
|
||||
"cloud-owners@example.org" = ["roles/owner", "roles/projectCreator"]
|
||||
|
@ -60,7 +60,7 @@ Once you have policies (either created via the module or externally), you can as
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
firewall_policies = {
|
||||
iap-policy = {
|
||||
|
@ -92,7 +92,7 @@ The in-built factory allows you to define a single policy, using one file for ru
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
firewall_policy_factory = {
|
||||
cidr_file = "data/cidrs.yaml"
|
||||
|
@ -147,33 +147,33 @@ allow-ssh-from-iap:
|
|||
|
||||
```hcl
|
||||
module "gcs" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = var.project_id
|
||||
name = "gcs_sink"
|
||||
force_destroy = true
|
||||
}
|
||||
|
||||
module "dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = var.project_id
|
||||
id = "bq_sink"
|
||||
}
|
||||
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = var.project_id
|
||||
name = "pubsub_sink"
|
||||
}
|
||||
|
||||
module "bucket" {
|
||||
source = "./modules/logging-bucket"
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "project"
|
||||
parent = "my-project"
|
||||
id = "bucket"
|
||||
}
|
||||
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
|
||||
logging_sinks = {
|
||||
|
@ -223,7 +223,7 @@ module "org" {
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
custom_roles = {
|
||||
"myRole" = [
|
||||
|
@ -243,7 +243,7 @@ Refer to the [Creating and managing tags](https://cloud.google.com/resource-mana
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
tags = {
|
||||
environment = {
|
||||
|
|
|
@ -21,7 +21,7 @@ locals {
|
|||
}
|
||||
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = "123456-123456-123456"
|
||||
name = "project-example"
|
||||
parent = "folders/1234567890"
|
||||
|
@ -43,7 +43,7 @@ The `group_iam` variable uses group email addresses as keys and is a convenient
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = "123456-123456-123456"
|
||||
name = "project-example"
|
||||
parent = "folders/1234567890"
|
||||
|
@ -70,7 +70,7 @@ Additive IAM is typically used where bindings for specific roles are controlled
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "project-example"
|
||||
iam_additive = {
|
||||
"roles/viewer" = [
|
||||
|
@ -94,7 +94,7 @@ As mentioned above, there are cases where authoritative management of specific I
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "project-example"
|
||||
group_iam = {
|
||||
"foo@example.com" = [
|
||||
|
@ -120,7 +120,7 @@ You can enable Shared VPC Host at the project level and manage project service a
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "project-example"
|
||||
shared_vpc_host_config = {
|
||||
enabled = true
|
||||
|
@ -134,7 +134,7 @@ module "project" {
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "project-example"
|
||||
shared_vpc_service_config = {
|
||||
attach = true
|
||||
|
@ -159,7 +159,7 @@ module "project" {
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = "123456-123456-123456"
|
||||
name = "project-example"
|
||||
parent = "folders/1234567890"
|
||||
|
@ -188,33 +188,33 @@ module "project" {
|
|||
|
||||
```hcl
|
||||
module "gcs" {
|
||||
source = "./modules/gcs"
|
||||
source = "./fabric/modules/gcs"
|
||||
project_id = var.project_id
|
||||
name = "gcs_sink"
|
||||
force_destroy = true
|
||||
}
|
||||
|
||||
module "dataset" {
|
||||
source = "./modules/bigquery-dataset"
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = var.project_id
|
||||
id = "bq_sink"
|
||||
}
|
||||
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = var.project_id
|
||||
name = "pubsub_sink"
|
||||
}
|
||||
|
||||
module "bucket" {
|
||||
source = "./modules/logging-bucket"
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "project"
|
||||
parent = "my-project"
|
||||
id = "bucket"
|
||||
}
|
||||
|
||||
module "project-host" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "my-project"
|
||||
billing_account = "123456-123456-123456"
|
||||
parent = "folders/1234567890"
|
||||
|
@ -267,7 +267,7 @@ The module offers a simple, centralized way to assign `roles/cloudkms.cryptoKeyE
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "my-project"
|
||||
billing_account = "123456-123456-123456"
|
||||
prefix = "foo"
|
||||
|
@ -294,7 +294,7 @@ Refer to the [Creating and managing tags](https://cloud.google.com/resource-mana
|
|||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
tags = {
|
||||
environment = {
|
||||
|
@ -309,7 +309,7 @@ module "org" {
|
|||
}
|
||||
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "test-project"
|
||||
tag_bindings = {
|
||||
env-prod = module.org.tag_values["environment/prod"].id
|
||||
|
@ -327,7 +327,7 @@ One non-obvious output is `service_accounts`, which offers a simple way to disco
|
|||
|
||||
```hcl
|
||||
module "project" {
|
||||
source = "./modules/project"
|
||||
source = "./fabric/modules/project"
|
||||
name = "project-example"
|
||||
services = [
|
||||
"compute.googleapis.com"
|
||||
|
|
|
@ -10,7 +10,7 @@ A good usage pattern would be when we want all the projects under a specific fol
|
|||
|
||||
```hcl
|
||||
module "my-org" {
|
||||
source = "./modules/projects-data-source"
|
||||
source = "./fabric/modules/projects-data-source"
|
||||
parent = "organizations/123456789"
|
||||
}
|
||||
|
||||
|
@ -29,7 +29,7 @@ output "folders" {
|
|||
|
||||
```hcl
|
||||
module "my-dev" {
|
||||
source = "./modules/projects-data-source"
|
||||
source = "./fabric/modules/projects-data-source"
|
||||
parent = "folders/123456789"
|
||||
filter = "labels.env:DEV lifecycleState:ACTIVE"
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ This module allows managing a single Pub/Sub topic, including multiple subscript
|
|||
|
||||
```hcl
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = "my-project"
|
||||
name = "my-topic"
|
||||
iam = {
|
||||
|
@ -26,7 +26,7 @@ Subscriptions are defined with the `subscriptions` variable, allowing optional c
|
|||
|
||||
```hcl
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = "my-project"
|
||||
name = "my-topic"
|
||||
subscriptions = {
|
||||
|
@ -52,7 +52,7 @@ Push subscriptions need extra configuration in the `push_configs` variable.
|
|||
|
||||
```hcl
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = "my-project"
|
||||
name = "my-topic"
|
||||
subscriptions = {
|
||||
|
@ -73,7 +73,7 @@ module "pubsub" {
|
|||
|
||||
```hcl
|
||||
module "pubsub" {
|
||||
source = "./modules/pubsub"
|
||||
source = "./fabric/modules/pubsub"
|
||||
project_id = "my-project"
|
||||
name = "my-topic"
|
||||
subscriptions = {
|
||||
|
|
|
@ -14,7 +14,7 @@ The secret replication policy is automatically managed if no location is set, or
|
|||
|
||||
```hcl
|
||||
module "secret-manager" {
|
||||
source = "./modules/secret-manager"
|
||||
source = "./fabric/modules/secret-manager"
|
||||
project_id = "my-project"
|
||||
secrets = {
|
||||
test-auto = null
|
||||
|
@ -30,7 +30,7 @@ IAM bindings can be set per secret in the same way as for most other modules sup
|
|||
|
||||
```hcl
|
||||
module "secret-manager" {
|
||||
source = "./modules/secret-manager"
|
||||
source = "./fabric/modules/secret-manager"
|
||||
project_id = "my-project"
|
||||
secrets = {
|
||||
test-auto = null
|
||||
|
@ -54,7 +54,7 @@ As mentioned above, please be aware that **version data will be stored in state
|
|||
|
||||
```hcl
|
||||
module "secret-manager" {
|
||||
source = "./modules/secret-manager"
|
||||
source = "./fabric/modules/secret-manager"
|
||||
project_id = "my-project"
|
||||
secrets = {
|
||||
test-auto = null
|
||||
|
|
|
@ -11,7 +11,7 @@ It can be used in conjunction with the [DNS](../dns) module to create [service-d
|
|||
|
||||
```hcl
|
||||
module "service-directory" {
|
||||
source = "./modules/service-directory"
|
||||
source = "./fabric/modules/service-directory"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1"
|
||||
name = "sd-1"
|
||||
|
@ -28,7 +28,7 @@ module "service-directory" {
|
|||
|
||||
```hcl
|
||||
module "service-directory" {
|
||||
source = "./modules/service-directory"
|
||||
source = "./fabric/modules/service-directory"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1"
|
||||
name = "sd-1"
|
||||
|
@ -59,7 +59,7 @@ Wiring a service directory namespace to a private DNS zone allows querying the n
|
|||
|
||||
```hcl
|
||||
module "service-directory" {
|
||||
source = "./modules/service-directory"
|
||||
source = "./fabric/modules/service-directory"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1"
|
||||
name = "apps"
|
||||
|
@ -77,7 +77,7 @@ module "service-directory" {
|
|||
}
|
||||
|
||||
module "dns-sd" {
|
||||
source = "./modules/dns"
|
||||
source = "./fabric/modules/dns"
|
||||
project_id = "my-project"
|
||||
type = "service-directory"
|
||||
name = "apps"
|
||||
|
|
|
@ -8,7 +8,7 @@ This module allows managing a single Cloud Source Repository, including IAM bind
|
|||
|
||||
```hcl
|
||||
module "repo" {
|
||||
source = "./modules/source-repository"
|
||||
source = "./fabric/modules/source-repository"
|
||||
project_id = "my-project"
|
||||
name = "my-repo"
|
||||
iam = {
|
||||
|
@ -22,7 +22,7 @@ module "repo" {
|
|||
|
||||
```hcl
|
||||
module "repo" {
|
||||
source = "./modules/source-repository"
|
||||
source = "./fabric/modules/source-repository"
|
||||
project_id = "my-project"
|
||||
name = "my-repo"
|
||||
triggers = {
|
||||
|
|
|
@ -14,7 +14,7 @@ By default, the module is configured to use an existing policy, passed in by nam
|
|||
|
||||
```hcl
|
||||
module "test" {
|
||||
source = "./modules/vpc-sc"
|
||||
source = "./fabric/modules/vpc-sc"
|
||||
access_policy = "12345678"
|
||||
}
|
||||
# tftest modules=0 resources=0
|
||||
|
@ -24,7 +24,7 @@ If you need the module to create the policy for you, use the `access_policy_crea
|
|||
|
||||
```hcl
|
||||
module "test" {
|
||||
source = "./modules/vpc-sc"
|
||||
source = "./fabric/modules/vpc-sc"
|
||||
access_policy = null
|
||||
access_policy_create = {
|
||||
parent = "organizations/123456"
|
||||
|
@ -40,7 +40,7 @@ As highlighted above, the `access_levels` type replicates the underlying resourc
|
|||
|
||||
```hcl
|
||||
module "test" {
|
||||
source = "./modules/vpc-sc"
|
||||
source = "./fabric/modules/vpc-sc"
|
||||
access_policy = "12345678"
|
||||
access_levels = {
|
||||
a1 = {
|
||||
|
@ -81,7 +81,7 @@ Resources for both perimeters have a `lifecycle` block that ignores changes to `
|
|||
|
||||
```hcl
|
||||
module "test" {
|
||||
source = "./modules/vpc-sc"
|
||||
source = "./fabric/modules/vpc-sc"
|
||||
access_policy = "12345678"
|
||||
service_perimeters_bridge = {
|
||||
b1 = {
|
||||
|
@ -103,7 +103,7 @@ module "test" {
|
|||
|
||||
```hcl
|
||||
module "test" {
|
||||
source = "./modules/vpc-sc"
|
||||
source = "./fabric/modules/vpc-sc"
|
||||
access_policy = "12345678"
|
||||
access_levels = {
|
||||
a1 = {
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
"Shared fixtures"
|
||||
|
||||
import inspect
|
||||
|
@ -46,12 +45,13 @@ def _plan_runner():
|
|||
tf = tftest.TerraformTest(tmp_path, BASEDIR,
|
||||
os.environ.get('TERRAFORM', 'terraform'))
|
||||
tf.setup(upgrade=True)
|
||||
return tf.plan(output=True, refresh=refresh, tf_vars=tf_vars, targets=targets)
|
||||
return tf.plan(output=True, refresh=refresh, tf_vars=tf_vars,
|
||||
targets=targets)
|
||||
|
||||
return run_plan
|
||||
|
||||
|
||||
@ pytest.fixture(scope='session')
|
||||
@pytest.fixture(scope='session')
|
||||
def plan_runner(_plan_runner):
|
||||
"Returns a function to run Terraform plan on a module fixture."
|
||||
|
||||
|
@ -65,15 +65,15 @@ def plan_runner(_plan_runner):
|
|||
return run_plan
|
||||
|
||||
|
||||
@ pytest.fixture(scope='session')
|
||||
@pytest.fixture(scope='session')
|
||||
def e2e_plan_runner(_plan_runner):
|
||||
"Returns a function to run Terraform plan on an end-to-end fixture."
|
||||
|
||||
def run_plan(fixture_path=None, targets=None, refresh=True,
|
||||
include_bare_resources=False, **tf_vars):
|
||||
"Runs Terraform plan on an end-to-end module using defaults, returns data."
|
||||
plan = _plan_runner(fixture_path, targets=targets,
|
||||
refresh=refresh, **tf_vars)
|
||||
plan = _plan_runner(fixture_path, targets=targets, refresh=refresh,
|
||||
**tf_vars)
|
||||
# skip the fixture
|
||||
root_module = plan.root_module['child_modules'][0]
|
||||
modules = dict((mod['address'], mod['resources'])
|
||||
|
@ -87,7 +87,7 @@ def e2e_plan_runner(_plan_runner):
|
|||
return run_plan
|
||||
|
||||
|
||||
@ pytest.fixture(scope='session')
|
||||
@pytest.fixture(scope='session')
|
||||
def doc_example_plan_runner(_plan_runner):
|
||||
"Returns a function to run Terraform plan on documentation examples."
|
||||
|
||||
|
@ -99,14 +99,12 @@ def doc_example_plan_runner(_plan_runner):
|
|||
plan = tf.plan(output=True, refresh=True)
|
||||
# the fixture is the example we are testing
|
||||
modules = plan.modules or {}
|
||||
return (
|
||||
len(modules),
|
||||
sum(len(m.resources) for m in modules.values()))
|
||||
return (len(modules), sum(len(m.resources) for m in modules.values()))
|
||||
|
||||
return run_plan
|
||||
|
||||
|
||||
@ pytest.fixture(scope='session')
|
||||
@pytest.fixture(scope='session')
|
||||
def apply_runner():
|
||||
"Returns a function to run Terraform apply on a fixture."
|
||||
|
||||
|
|
|
@ -16,18 +16,19 @@ from pathlib import Path
|
|||
|
||||
import marko
|
||||
|
||||
MODULES_PATH = Path(__file__).parents[2] / 'modules/'
|
||||
FABRIC_ROOT = Path(__file__).parents[2]
|
||||
MODULES_PATH = FABRIC_ROOT / 'modules/'
|
||||
EXAMPLES_PATH = FABRIC_ROOT / 'examples/'
|
||||
|
||||
|
||||
def pytest_generate_tests(metafunc):
|
||||
if 'example' in metafunc.fixturenames:
|
||||
modules = [
|
||||
x for x in MODULES_PATH.iterdir()
|
||||
if x.is_dir()
|
||||
]
|
||||
modules = [x for x in MODULES_PATH.iterdir() if x.is_dir()]
|
||||
modules.extend(x for x in EXAMPLES_PATH.glob("*/*") if x.is_dir())
|
||||
modules.sort()
|
||||
examples = []
|
||||
ids = []
|
||||
|
||||
for module in modules:
|
||||
readme = module / 'README.md'
|
||||
if not readme.exists():
|
||||
|
@ -42,7 +43,8 @@ def pytest_generate_tests(metafunc):
|
|||
if 'tftest skip' in code:
|
||||
continue
|
||||
examples.append(code)
|
||||
name = f'{module.stem}:{last_header}'
|
||||
path = module.relative_to(FABRIC_ROOT)
|
||||
name = f'{path}:{last_header}'
|
||||
if index > 1:
|
||||
name += f' {index}'
|
||||
ids.append(name)
|
||||
|
|
|
@ -15,14 +15,12 @@
|
|||
import re
|
||||
from pathlib import Path
|
||||
|
||||
|
||||
BASE_PATH = Path(__file__).parent
|
||||
EXPECTED_RESOURCES_RE = re.compile(r'# tftest modules=(\d+) resources=(\d+)')
|
||||
|
||||
|
||||
def test_example(doc_example_plan_runner, tmp_path, example):
|
||||
(tmp_path / 'modules').symlink_to(
|
||||
Path(BASE_PATH, '../../modules/').resolve())
|
||||
(tmp_path / 'fabric').symlink_to(Path(BASE_PATH, '../../').resolve())
|
||||
(tmp_path / 'variables.tf').symlink_to(
|
||||
Path(BASE_PATH, 'variables.tf').resolve())
|
||||
(tmp_path / 'main.tf').write_text(example)
|
||||
|
|
|
@ -32,6 +32,10 @@ variable "organization_id" {
|
|||
default = "organizations/1122334455"
|
||||
}
|
||||
|
||||
variable "folder_id" {
|
||||
default = "folders/1122334455"
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
default = "projects/project-id"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue