More module descriptions (#1572)
* bigquery dataset * data catalog policy tag * net-address * fix data catalog callers * bigquery dataset views * fix data catalog callers * logging bucket * net vpn ha
This commit is contained in:
Ludovico Magnocavallo
GitHub
parent
cb66dd6991
commit
9c75aa469c
|
|
@ -254,24 +254,23 @@ The application layer is out of scope of this script. As a demo purpuse only, se
|
|||
|
||||
You can find examples in the `[demo](./demo)` folder.
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [organization_domain](variables.tf#L156) | Organization domain. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L161) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_config](variables.tf#L170) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = optional(string, null) parent = string project_ids = optional(object({ drop = string load = string orc = string trf = string dwh-lnd = string dwh-cur = string dwh-conf = string common = string exp = string }), { drop = "drp" load = "lod" orc = "orc" trf = "trf" dwh-lnd = "dwh-lnd" dwh-cur = "dwh-cur" dwh-conf = "dwh-conf" common = "cmn" exp = "exp" } ) })">object({…})</code> | ✓ | |
|
||||
| [organization_domain](variables.tf#L159) | Organization domain. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L164) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_config](variables.tf#L173) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = optional(string, null) parent = string project_ids = optional(object({ drop = string load = string orc = string trf = string dwh-lnd = string dwh-cur = string dwh-conf = string common = string exp = string }), { drop = "drp" load = "lod" orc = "orc" trf = "trf" dwh-lnd = "dwh-lnd" dwh-cur = "dwh-cur" dwh-conf = "dwh-conf" common = "cmn" exp = "exp" } ) })">object({…})</code> | ✓ | |
|
||||
| [composer_config](variables.tf#L17) | Cloud Composer config. | <code title="object({ disable_deployment = optional(bool) environment_size = optional(string, "ENVIRONMENT_SIZE_SMALL") software_config = optional(object({ airflow_config_overrides = optional(any) pypi_packages = optional(any) env_variables = optional(map(string)) image_version = string }), { image_version = "composer-2-airflow-2" }) workloads_config = optional(object({ scheduler = optional(object( { cpu = number memory_gb = number storage_gb = number count = number } ), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 count = 1 }) web_server = optional(object( { cpu = number memory_gb = number storage_gb = number } ), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 }) worker = optional(object( { cpu = number memory_gb = number storage_gb = number min_count = number max_count = number } ), { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 min_count = 1 max_count = 3 }) })) })">object({…})</code> | | <code title="{ environment_size = "ENVIRONMENT_SIZE_SMALL" software_config = { image_version = "composer-2-airflow-2" } workloads_config = { scheduler = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 count = 1 } web_server = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 } worker = { cpu = 0.5 memory_gb = 1.875 storage_gb = 1 min_count = 1 max_count = 3 } } }">{…}</code> |
|
||||
| [data_catalog_tags](variables.tf#L100) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code title="{ "3_Confidential" = null "2_Private" = null "1_Sensitive" = null }">{…}</code> |
|
||||
| [data_force_destroy](variables.tf#L111) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
|
||||
| [groups](variables.tf#L117) | User groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> |
|
||||
| [location](variables.tf#L127) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> |
|
||||
| [network_config](variables.tf#L133) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_links = object({ load = string transformation = string orchestration = string }) composer_ip_ranges = object({ cloudsql = string gke_master = string }) composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code>null</code> |
|
||||
| [project_services](variables.tf#L204) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> |
|
||||
| [project_suffix](variables.tf#L215) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L221) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [service_encryption_keys](variables.tf#L227) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> |
|
||||
| [data_catalog_tags](variables.tf#L100) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code title="map(object({ description = optional(string) iam = optional(map(list(string)), {}) }))">map(object({…}))</code> | | <code title="{ "3_Confidential" = {} "2_Private" = {} "1_Sensitive" = {} }">{…}</code> |
|
||||
| [data_force_destroy](variables.tf#L114) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
|
||||
| [groups](variables.tf#L120) | User groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> |
|
||||
| [location](variables.tf#L130) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> |
|
||||
| [network_config](variables.tf#L136) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_links = object({ load = string transformation = string orchestration = string }) composer_ip_ranges = object({ cloudsql = string gke_master = string }) composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code>null</code> |
|
||||
| [project_services](variables.tf#L207) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> |
|
||||
| [project_suffix](variables.tf#L218) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L224) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [service_encryption_keys](variables.tf#L230) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -285,7 +284,6 @@ You can find examples in the `[demo](./demo)` folder.
|
|||
| [projects](outputs.tf#L76) | GCP Projects information. | |
|
||||
| [vpc_network](outputs.tf#L102) | VPC network. | |
|
||||
| [vpc_subnet](outputs.tf#L111) | VPC subnetworks. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
## TODOs
|
||||
|
||||
|
|
|
|||
|
|
@ -99,12 +99,15 @@ variable "composer_config" {
|
|||
|
||||
variable "data_catalog_tags" {
|
||||
description = "List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
nullable = false
|
||||
type = map(object({
|
||||
description = optional(string)
|
||||
iam = optional(map(list(string)), {})
|
||||
}))
|
||||
nullable = false
|
||||
default = {
|
||||
"3_Confidential" = null
|
||||
"2_Private" = null
|
||||
"1_Sensitive" = null
|
||||
"3_Confidential" = {}
|
||||
"2_Private" = {}
|
||||
"1_Sensitive" = {}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -272,24 +272,23 @@ The application layer is out of scope of this script. As a demo purpuse only, on
|
|||
| [outputs.tf](./outputs.tf) | Output variables. | | |
|
||||
| [variables.tf](./variables.tf) | Terraform Variables. | | |
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [organization_domain](variables.tf#L119) | Organization domain. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L124) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_config](variables.tf#L133) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = optional(string, null) parent = string project_ids = optional(object({ landing = string processing = string curated = string common = string }), { landing = "lnd" processing = "prc" curated = "cur" common = "cmn" } ) })">object({…})</code> | ✓ | |
|
||||
| [organization_domain](variables.tf#L122) | Organization domain. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L127) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_config](variables.tf#L136) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = optional(string, null) parent = string project_ids = optional(object({ landing = string processing = string curated = string common = string }), { landing = "lnd" processing = "prc" curated = "cur" common = "cmn" } ) })">object({…})</code> | ✓ | |
|
||||
| [composer_config](variables.tf#L17) | Cloud Composer config. | <code title="object({ environment_size = optional(string, "ENVIRONMENT_SIZE_SMALL") software_config = optional(object({ airflow_config_overrides = optional(map(string), {}) pypi_packages = optional(map(string), {}) env_variables = optional(map(string), {}) image_version = optional(string, "composer-2-airflow-2") }), {}) web_server_access_control = optional(map(string), {}) workloads_config = optional(object({ scheduler = optional(object({ cpu = optional(number, 0.5) memory_gb = optional(number, 1.875) storage_gb = optional(number, 1) count = optional(number, 1) } ), {}) web_server = optional(object({ cpu = optional(number, 0.5) memory_gb = optional(number, 1.875) storage_gb = optional(number, 1) }), {}) worker = optional(object({ cpu = optional(number, 0.5) memory_gb = optional(number, 1.875) storage_gb = optional(number, 1) min_count = optional(number, 1) max_count = optional(number, 3) } ), {}) }), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_catalog_tags](variables.tf#L55) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code title="{ "3_Confidential" = null "2_Private" = null "1_Sensitive" = null }">{…}</code> |
|
||||
| [data_force_destroy](variables.tf#L66) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
|
||||
| [enable_services](variables.tf#L72) | Flag to enable or disable services in the Data Platform. | <code title="object({ composer = optional(bool, true) dataproc_history_server = optional(bool, true) })">object({…})</code> | | <code>{}</code> |
|
||||
| [groups](variables.tf#L81) | User groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> |
|
||||
| [location](variables.tf#L91) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> |
|
||||
| [network_config](variables.tf#L97) | Shared VPC network configurations to use. If null networks will be created in projects. | <code title="object({ host_project = optional(string) network_self_link = optional(string) subnet_self_link = optional(string) composer_ip_ranges = optional(object({ connection_subnetwork = optional(string) cloud_sql = optional(string, "10.20.10.0/24") gke_master = optional(string, "10.20.11.0/28") pods_range_name = optional(string, "pods") services_range_name = optional(string, "services") }), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [project_suffix](variables.tf#L157) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L163) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [service_encryption_keys](variables.tf#L169) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = optional(string) composer = optional(string) compute = optional(string) storage = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_catalog_tags](variables.tf#L55) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code title="map(object({ description = optional(string) iam = optional(map(list(string)), {}) }))">map(object({…}))</code> | | <code title="{ "3_Confidential" = {} "2_Private" = {} "1_Sensitive" = {} }">{…}</code> |
|
||||
| [data_force_destroy](variables.tf#L69) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
|
||||
| [enable_services](variables.tf#L75) | Flag to enable or disable services in the Data Platform. | <code title="object({ composer = optional(bool, true) dataproc_history_server = optional(bool, true) })">object({…})</code> | | <code>{}</code> |
|
||||
| [groups](variables.tf#L84) | User groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> |
|
||||
| [location](variables.tf#L94) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> |
|
||||
| [network_config](variables.tf#L100) | Shared VPC network configurations to use. If null networks will be created in projects. | <code title="object({ host_project = optional(string) network_self_link = optional(string) subnet_self_link = optional(string) composer_ip_ranges = optional(object({ connection_subnetwork = optional(string) cloud_sql = optional(string, "10.20.10.0/24") gke_master = optional(string, "10.20.11.0/28") pods_range_name = optional(string, "pods") services_range_name = optional(string, "services") }), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [project_suffix](variables.tf#L160) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L166) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [service_encryption_keys](variables.tf#L172) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = optional(string) composer = optional(string) compute = optional(string) storage = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -303,5 +302,4 @@ The application layer is out of scope of this script. As a demo purpuse only, on
|
|||
| [network](outputs.tf#L52) | VPC network. | |
|
||||
| [projects](outputs.tf#L60) | GCP Projects information. | |
|
||||
| [service_accounts](outputs.tf#L78) | Service account created. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -54,12 +54,15 @@ variable "composer_config" {
|
|||
|
||||
variable "data_catalog_tags" {
|
||||
description = "List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
nullable = false
|
||||
type = map(object({
|
||||
description = optional(string)
|
||||
iam = optional(map(list(string)), {})
|
||||
}))
|
||||
nullable = false
|
||||
default = {
|
||||
"3_Confidential" = null
|
||||
"2_Private" = null
|
||||
"1_Sensitive" = null
|
||||
"3_Confidential" = {}
|
||||
"2_Private" = {}
|
||||
"1_Sensitive" = {}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -171,7 +171,6 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|
|||
|
||||
<!-- TFDOC OPTS files:1 show_extra:1 -->
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Files
|
||||
|
||||
| name | description | modules | resources |
|
||||
|
|
@ -186,22 +185,22 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|
|||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L102) | Folder to be used for the networking resources in folders/nnnn format. | <code title="object({ data-platform-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L120) | Shared VPC project ids. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [organization](variables.tf#L150) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables.tf#L166) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | <code>string</code> | ✓ | | <code>00-globals</code> |
|
||||
| [folder_ids](variables.tf#L105) | Folder to be used for the networking resources in folders/nnnn format. | <code title="object({ data-platform-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L123) | Shared VPC project ids. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [organization](variables.tf#L153) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables.tf#L169) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | <code>string</code> | ✓ | | <code>00-globals</code> |
|
||||
| [composer_config](variables.tf#L38) | Cloud Composer configuration options. | <code title="object({ disable_deployment = optional(bool) environment_size = string software_config = object({ airflow_config_overrides = optional(any) pypi_packages = optional(any) env_variables = optional(map(string)) image_version = string }) workloads_config = object({ scheduler = object( { cpu = number memory_gb = number storage_gb = number count = number } ) web_server = object( { cpu = number memory_gb = number storage_gb = number } ) worker = object( { cpu = number memory_gb = number storage_gb = number min_count = number max_count = number } ) }) })">object({…})</code> | | <code title="{ environment_size = "ENVIRONMENT_SIZE_SMALL" software_config = { image_version = "composer-2-airflow-2" } workloads_config = null }">{…}</code> | |
|
||||
| [data_catalog_tags](variables.tf#L85) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code title="{ "3_Confidential" = null "2_Private" = null "1_Sensitive" = null }">{…}</code> | |
|
||||
| [data_force_destroy](variables.tf#L96) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | <code>bool</code> | | <code>false</code> | |
|
||||
| [groups](variables.tf#L110) | Groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> | |
|
||||
| [location](variables.tf#L128) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> | |
|
||||
| [network_config_composer](variables.tf#L134) | Network configurations to use for Composer. | <code title="object({ cloudsql_range = string gke_master_range = string gke_pods_name = string gke_services_name = string })">object({…})</code> | | <code title="{ cloudsql_range = "192.168.254.0/24" gke_master_range = "192.168.255.0/28" gke_pods_name = "pods" gke_services_name = "services" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L160) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L176) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> | |
|
||||
| [region](variables.tf#L187) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> | |
|
||||
| [service_encryption_keys](variables.tf#L193) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> | |
|
||||
| [subnet_self_links](variables.tf#L205) | Shared VPC subnet self links. | <code title="object({ dev-spoke-0 = map(string) })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
| [vpc_self_links](variables.tf#L214) | Shared VPC self links. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
| [data_catalog_tags](variables.tf#L85) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code title="map(object({ description = optional(string) iam = optional(map(list(string)), {}) }))">map(object({…}))</code> | | <code title="{ "3_Confidential" = {} "2_Private" = {} "1_Sensitive" = {} }">{…}</code> | |
|
||||
| [data_force_destroy](variables.tf#L99) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | <code>bool</code> | | <code>false</code> | |
|
||||
| [groups](variables.tf#L113) | Groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> | |
|
||||
| [location](variables.tf#L131) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> | |
|
||||
| [network_config_composer](variables.tf#L137) | Network configurations to use for Composer. | <code title="object({ cloudsql_range = string gke_master_range = string gke_pods_name = string gke_services_name = string })">object({…})</code> | | <code title="{ cloudsql_range = "192.168.254.0/24" gke_master_range = "192.168.255.0/28" gke_pods_name = "pods" gke_services_name = "services" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L163) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L179) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> | |
|
||||
| [region](variables.tf#L190) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> | |
|
||||
| [service_encryption_keys](variables.tf#L196) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> | |
|
||||
| [subnet_self_links](variables.tf#L208) | Shared VPC subnet self links. | <code title="object({ dev-spoke-0 = map(string) })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
| [vpc_self_links](variables.tf#L217) | Shared VPC self links. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>2-networking</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -214,5 +213,4 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|
|||
| [projects](outputs.tf#L62) | GCP Projects information. | | |
|
||||
| [vpc_network](outputs.tf#L67) | VPC network. | | |
|
||||
| [vpc_subnet](outputs.tf#L72) | VPC subnetworks. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -84,12 +84,15 @@ variable "composer_config" {
|
|||
|
||||
variable "data_catalog_tags" {
|
||||
description = "List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
nullable = false
|
||||
type = map(object({
|
||||
description = optional(string)
|
||||
iam = optional(map(list(string)), {})
|
||||
}))
|
||||
nullable = false
|
||||
default = {
|
||||
"3_Confidential" = null
|
||||
"2_Private" = null
|
||||
"1_Sensitive" = null
|
||||
"3_Confidential" = {}
|
||||
"2_Private" = {}
|
||||
"1_Sensitive" = {}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -205,9 +205,6 @@ module "bigquery-dataset" {
|
|||
tables = {
|
||||
countries = {
|
||||
friendly_name = "Countries"
|
||||
labels = {}
|
||||
options = null
|
||||
partitioning = null
|
||||
schema = local.countries_schema
|
||||
deletion_protection = true
|
||||
}
|
||||
|
|
@ -232,16 +229,12 @@ module "bigquery-dataset" {
|
|||
id = "my-dataset"
|
||||
tables = {
|
||||
table_a = {
|
||||
friendly_name = "Table a"
|
||||
labels = {}
|
||||
options = null
|
||||
partitioning = {
|
||||
field = null
|
||||
range = null # use start/end/interval for range
|
||||
time = { type = "DAY", expiration_ms = null }
|
||||
}
|
||||
schema = local.countries_schema
|
||||
deletion_protection = true
|
||||
friendly_name = "Table a"
|
||||
schema = local.countries_schema
|
||||
partitioning = {
|
||||
time = { type = "DAY", expiration_ms = null }
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -265,9 +258,6 @@ module "bigquery-dataset" {
|
|||
tables = {
|
||||
countries = {
|
||||
friendly_name = "Countries"
|
||||
labels = {}
|
||||
options = null
|
||||
partitioning = null
|
||||
schema = local.countries_schema
|
||||
deletion_protection = true
|
||||
}
|
||||
|
|
@ -275,7 +265,6 @@ module "bigquery-dataset" {
|
|||
views = {
|
||||
population = {
|
||||
friendly_name = "Population"
|
||||
labels = {}
|
||||
query = "SELECT SUM(population) FROM my_dataset.countries"
|
||||
use_legacy_sql = false
|
||||
deletion_protection = true
|
||||
|
|
@ -286,7 +275,6 @@ module "bigquery-dataset" {
|
|||
# tftest modules=1 resources=3 inventory=views.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|
|
@ -306,8 +294,8 @@ module "bigquery-dataset" {
|
|||
| [labels](variables.tf#L103) | Dataset labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L109) | Dataset location. | <code>string</code> | | <code>"EU"</code> |
|
||||
| [options](variables.tf#L115) | Dataset options. | <code title="object({ default_collation = optional(string) default_table_expiration_ms = optional(number) default_partition_expiration_ms = optional(number) delete_contents_on_destroy = optional(bool, false) is_case_insensitive = optional(bool) max_time_travel_hours = optional(number, 168) })">object({…})</code> | | <code>{}</code> |
|
||||
| [tables](variables.tf#L133) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map(object({ friendly_name = string labels = map(string) options = object({ clustering = list(string) encryption_key = string expiration_time = number }) partitioning = object({ field = string range = object({ end = number interval = number start = number }) time = object({ expiration_ms = number type = string }) }) schema = string deletion_protection = bool }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [views](variables.tf#L161) | View definitions. | <code title="map(object({ friendly_name = string labels = map(string) query = string use_legacy_sql = bool deletion_protection = bool }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tables](variables.tf#L133) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map(object({ deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) schema = optional(string) options = optional(object({ clustering = optional(list(string)) encryption_key = optional(string) expiration_time = optional(number) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ expiration_ms = number type = string })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [views](variables.tf#L162) | View definitions. | <code title="map(object({ query = string deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) use_legacy_sql = optional(bool) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -321,5 +309,4 @@ module "bigquery-dataset" {
|
|||
| [tables](outputs.tf#L69) | Table resources. | |
|
||||
| [view_ids](outputs.tf#L74) | Map of fully qualified view ids keyed by view ids. | |
|
||||
| [views](outputs.tf#L79) | View resources. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -214,15 +214,15 @@ resource "google_bigquery_table" "default" {
|
|||
dataset_id = google_bigquery_dataset.default.dataset_id
|
||||
table_id = each.key
|
||||
friendly_name = each.value.friendly_name
|
||||
description = "Terraform managed."
|
||||
clustering = try(each.value.options.clustering, null)
|
||||
expiration_time = try(each.value.options.expiration_time, null)
|
||||
description = each.value.description
|
||||
clustering = each.value.options.clustering
|
||||
expiration_time = each.value.options.expiration_time
|
||||
labels = each.value.labels
|
||||
schema = each.value.schema
|
||||
deletion_protection = each.value.deletion_protection
|
||||
|
||||
dynamic "encryption_configuration" {
|
||||
for_each = try(each.value.options.encryption_key, null) != null ? [""] : []
|
||||
for_each = each.value.options.encryption_key != null ? [""] : []
|
||||
content {
|
||||
kms_key_name = each.value.options.encryption_key
|
||||
}
|
||||
|
|
@ -257,7 +257,7 @@ resource "google_bigquery_table" "views" {
|
|||
dataset_id = google_bigquery_dataset.default.dataset_id
|
||||
table_id = each.key
|
||||
friendly_name = each.value.friendly_name
|
||||
description = "Terraform managed."
|
||||
description = each.value.description
|
||||
labels = each.value.labels
|
||||
deletion_protection = each.value.deletion_protection
|
||||
|
||||
|
|
|
|||
|
|
@ -133,27 +133,28 @@ variable "project_id" {
|
|||
variable "tables" {
|
||||
description = "Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null."
|
||||
type = map(object({
|
||||
friendly_name = string
|
||||
labels = map(string)
|
||||
options = object({
|
||||
clustering = list(string)
|
||||
encryption_key = string
|
||||
expiration_time = number
|
||||
})
|
||||
partitioning = object({
|
||||
field = string
|
||||
range = object({
|
||||
deletion_protection = optional(bool)
|
||||
description = optional(string, "Terraform managed.")
|
||||
friendly_name = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
schema = optional(string)
|
||||
options = optional(object({
|
||||
clustering = optional(list(string))
|
||||
encryption_key = optional(string)
|
||||
expiration_time = optional(number)
|
||||
}), {})
|
||||
partitioning = optional(object({
|
||||
field = optional(string)
|
||||
range = optional(object({
|
||||
end = number
|
||||
interval = number
|
||||
start = number
|
||||
})
|
||||
time = object({
|
||||
}))
|
||||
time = optional(object({
|
||||
expiration_ms = number
|
||||
type = string
|
||||
})
|
||||
})
|
||||
schema = string
|
||||
deletion_protection = bool
|
||||
}))
|
||||
}))
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
|
@ -161,11 +162,12 @@ variable "tables" {
|
|||
variable "views" {
|
||||
description = "View definitions."
|
||||
type = map(object({
|
||||
friendly_name = string
|
||||
labels = map(string)
|
||||
query = string
|
||||
use_legacy_sql = bool
|
||||
deletion_protection = bool
|
||||
deletion_protection = optional(bool)
|
||||
description = optional(string, "Terraform managed.")
|
||||
friendly_name = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
use_legacy_sql = optional(bool)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
This module simplifies the creation of [Data Catalog](https://cloud.google.com/data-catalog) Policy Tags. Policy Tags can be used to configure [Bigquery column-level access](https://cloud.google.com/bigquery/docs/best-practices-policy-tags).
|
||||
|
||||
Note: Data Catalog is still in beta, hence this module currently uses the beta provider.
|
||||
|
||||
## Examples
|
||||
|
||||
### Simple Taxonomy with policy tags
|
||||
|
|
@ -13,7 +14,9 @@ module "cmn-dc" {
|
|||
name = "my-datacatalog-policy-tags"
|
||||
project_id = "my-project"
|
||||
tags = {
|
||||
low = null, medium = null, high = null
|
||||
low = {}
|
||||
medium = {}
|
||||
high = {}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
|
|
@ -27,9 +30,15 @@ module "cmn-dc" {
|
|||
name = "my-datacatalog-policy-tags"
|
||||
project_id = "my-project"
|
||||
tags = {
|
||||
low = null
|
||||
medium = null
|
||||
high = { "roles/datacatalog.categoryFineGrainedReader" = ["group:GROUP_NAME@example.com"] }
|
||||
low = {}
|
||||
medium = {}
|
||||
high = {
|
||||
iam = {
|
||||
"roles/datacatalog.categoryFineGrainedReader" = [
|
||||
"group:GROUP_NAME@example.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
iam = {
|
||||
"roles/datacatalog.categoryAdmin" = ["group:GROUP_NAME@example.com"]
|
||||
|
|
@ -38,7 +47,6 @@ module "cmn-dc" {
|
|||
# tftest modules=1 resources=6
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|
|
@ -53,7 +61,7 @@ module "cmn-dc" {
|
|||
| [iam_additive_members](variables.tf#L47) | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L53) | Data Catalog Taxonomy location. | <code>string</code> | | <code>"eu"</code> |
|
||||
| [prefix](variables.tf#L64) | Optional prefix used to generate project id and name. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L78) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [tags](variables.tf#L78) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code title="map(object({ description = optional(string) iam = optional(map(list(string)), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -61,8 +69,8 @@ module "cmn-dc" {
|
|||
|---|---|:---:|
|
||||
| [id](outputs.tf#L17) | Fully qualified taxonomy id. | |
|
||||
| [tags](outputs.tf#L22) | Policy Tags. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
## TODO
|
||||
|
||||
- Support IAM at tag level.
|
||||
- Support Child policy tags
|
||||
|
|
|
|||
|
|
@ -45,13 +45,13 @@ locals {
|
|||
"${pair.role}-${pair.member}" => pair
|
||||
}
|
||||
tags_iam = flatten([
|
||||
for tag, roles in var.tags : [
|
||||
for role, members in roles : {
|
||||
tag = tag
|
||||
for k, v in var.tags : [
|
||||
for role, members in v.iam : {
|
||||
tag = k
|
||||
role = role
|
||||
members = members
|
||||
}
|
||||
] if roles != null
|
||||
]
|
||||
])
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,9 +33,11 @@ resource "google_data_catalog_taxonomy" "default" {
|
|||
}
|
||||
|
||||
resource "google_data_catalog_policy_tag" "default" {
|
||||
for_each = toset(keys(var.tags))
|
||||
for_each = var.tags
|
||||
provider = google-beta
|
||||
taxonomy = google_data_catalog_taxonomy.default.id
|
||||
display_name = each.key
|
||||
description = "${each.key} - Terraform managed. "
|
||||
description = coalesce(
|
||||
each.value.description, "${each.key} - Terraform managed."
|
||||
)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -77,7 +77,10 @@ variable "project_id" {
|
|||
|
||||
variable "tags" {
|
||||
description = "List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
nullable = false
|
||||
default = {}
|
||||
type = map(object({
|
||||
description = optional(string)
|
||||
iam = optional(map(list(string)), {})
|
||||
}))
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -74,24 +74,22 @@ module "bucket-billing-account" {
|
|||
# tftest modules=2 resources=2 inventory=org-ba.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [id](variables.tf#L23) | Name of the logging bucket. | <code>string</code> | ✓ | |
|
||||
| [parent](variables.tf#L50) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
|
||||
| [parent_type](variables.tf#L55) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | ✓ | |
|
||||
| [parent](variables.tf#L51) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
|
||||
| [parent_type](variables.tf#L56) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | ✓ | |
|
||||
| [description](variables.tf#L17) | Human-readable description for the logging bucket. | <code>string</code> | | <code>null</code> |
|
||||
| [kms_key_name](variables.tf#L28) | To enable CMEK for a project logging bucket, set this field to a valid name. The associated service account requires cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. | <code>string</code> | | <code>null</code> |
|
||||
| [location](variables.tf#L34) | Location of the bucket. | <code>string</code> | | <code>"global"</code> |
|
||||
| [log_analytics](variables.tf#L40) | Enable and configure Analytics Log. | <code title="object({ enable = optional(bool, false) dataset_link_id = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [retention](variables.tf#L60) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
|
||||
| [log_analytics](variables.tf#L40) | Enable and configure Analytics Log. | <code title="object({ enable = optional(bool, false) dataset_link_id = optional(string) description = optional(string, "Log Analytics Dataset") })">object({…})</code> | | <code>{}</code> |
|
||||
| [retention](variables.tf#L61) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [id](outputs.tf#L17) | Fully qualified logging bucket id. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ resource "google_logging_linked_dataset" "dataset" {
|
|||
parent = "projects/${google_logging_project_bucket_config.bucket[0].project}"
|
||||
bucket = google_logging_project_bucket_config.bucket[0].id
|
||||
location = var.location
|
||||
description = "Log Analytics Dataset"
|
||||
description = var.log_analytics.description
|
||||
}
|
||||
|
||||
resource "google_logging_organization_bucket_config" "bucket" {
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ variable "log_analytics" {
|
|||
type = object({
|
||||
enable = optional(bool, false)
|
||||
dataset_link_id = optional(string)
|
||||
description = optional(string, "Log Analytics Dataset")
|
||||
})
|
||||
nullable = false
|
||||
default = {}
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ module "addresses" {
|
|||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
external_addresses = {
|
||||
one = "europe-west1"
|
||||
two = "europe-west2"
|
||||
one = { region = "europe-west1" }
|
||||
two = { region = "europe-west2" }
|
||||
}
|
||||
global_addresses = ["app-1", "app-2"]
|
||||
}
|
||||
|
|
@ -106,13 +106,13 @@ module "addresses" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L67) | Project where the addresses will be created. | <code>string</code> | ✓ | |
|
||||
| [external_addresses](variables.tf#L17) | Map of external address regions, keyed by name. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [global_addresses](variables.tf#L29) | List of global addresses to create. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [internal_addresses](variables.tf#L35) | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string address = optional(string) description = optional(string, "Terraform managed.") labels = optional(map(string)) purpose = optional(string) tier = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [ipsec_interconnect_addresses](variables.tf#L49) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psa_addresses](variables.tf#L72) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psc_addresses](variables.tf#L83) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [project_id](variables.tf#L65) | Project where the addresses will be created. | <code>string</code> | ✓ | |
|
||||
| [external_addresses](variables.tf#L17) | Map of external addresses, keyed by name. | <code title="map(object({ region = string description = optional(string, "Terraform managed.") labels = optional(map(string), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [global_addresses](variables.tf#L27) | List of global addresses to create. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [internal_addresses](variables.tf#L33) | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string address = optional(string) description = optional(string, "Terraform managed.") labels = optional(map(string)) purpose = optional(string) tier = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [ipsec_interconnect_addresses](variables.tf#L47) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psa_addresses](variables.tf#L70) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psc_addresses](variables.tf#L81) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -21,13 +21,14 @@ resource "google_compute_global_address" "global" {
|
|||
}
|
||||
|
||||
resource "google_compute_address" "external" {
|
||||
provider = google-beta
|
||||
for_each = var.external_addresses
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
description = "Terraform managed."
|
||||
description = each.value.description
|
||||
address_type = "EXTERNAL"
|
||||
region = each.value
|
||||
# labels = lookup(var.external_address_labels, each.key, {})
|
||||
region = each.value.region
|
||||
labels = each.value.labels
|
||||
}
|
||||
|
||||
resource "google_compute_address" "internal" {
|
||||
|
|
|
|||
|
|
@ -15,17 +15,15 @@
|
|||
*/
|
||||
|
||||
variable "external_addresses" {
|
||||
description = "Map of external address regions, keyed by name."
|
||||
type = map(string)
|
||||
default = {}
|
||||
description = "Map of external addresses, keyed by name."
|
||||
type = map(object({
|
||||
region = string
|
||||
description = optional(string, "Terraform managed.")
|
||||
labels = optional(map(string), {})
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
# variable "external_address_labels" {
|
||||
# description = "Optional labels for external addresses, keyed by address name."
|
||||
# type = map(map(string))
|
||||
# default = {}
|
||||
# }
|
||||
|
||||
variable "global_addresses" {
|
||||
description = "List of global addresses to create."
|
||||
type = list(string)
|
||||
|
|
@ -88,4 +86,4 @@ variable "psc_addresses" {
|
|||
description = optional(string, "Terraform managed.")
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,13 @@
|
|||
|
||||
Simple Cloud NAT management, with optional router creation.
|
||||
|
||||
<!-- BEGIN TOC -->
|
||||
- [Basic Example](#basic-example)
|
||||
- [Reserved IPs and custom rules](#reserved-ips-and-custom-rules)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
|
||||
## Basic Example
|
||||
|
||||
```hcl
|
||||
|
|
@ -15,16 +22,16 @@ module "nat" {
|
|||
# tftest modules=1 resources=2
|
||||
```
|
||||
|
||||
# Reserved IPs and custom rules
|
||||
## Reserved IPs and custom rules
|
||||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = "my-project"
|
||||
external_addresses = {
|
||||
a1 = "europe-west1"
|
||||
a2 = "europe-west1"
|
||||
a3 = "europe-west1"
|
||||
a1 = { region = "europe-west1" }
|
||||
a2 = { region = "europe-west1" }
|
||||
a3 = { region = "europe-west1" }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -125,20 +125,19 @@ module "vpn_ha" {
|
|||
# tftest modules=1 resources=10
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L17) | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L22) | VPC used for the gateway and routes. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L46) | Project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L51) | Region used for resources. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L56) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) })">object({…})</code> | ✓ | |
|
||||
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tunnels](variables.tf#L71) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [vpn_gateway](variables.tf#L99) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||
| [vpn_gateway_create](variables.tf#L105) | Create HA VPN Gateway. | <code>bool</code> | | <code>true</code> |
|
||||
| [project_id](variables.tf#L47) | Project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L52) | Region used for resources. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) })">object({…})</code> | ✓ | |
|
||||
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) description = optional(string, "Terraform managed external VPN gateway") })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tunnels](variables.tf#L72) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [vpn_gateway](variables.tf#L100) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||
| [vpn_gateway_create](variables.tf#L106) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") })">object({…})</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -156,5 +155,4 @@ module "vpn_ha" {
|
|||
| [tunnel_names](outputs.tf#L67) | VPN tunnel names. | |
|
||||
| [tunnel_self_links](outputs.tf#L75) | VPN tunnel self links. | |
|
||||
| [tunnels](outputs.tf#L83) | VPN tunnel resources. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ locals {
|
|||
: var.router_config.name
|
||||
)
|
||||
vpn_gateway = (
|
||||
var.vpn_gateway_create
|
||||
var.vpn_gateway_create != null
|
||||
? try(google_compute_ha_vpn_gateway.ha_gateway[0].self_link, null)
|
||||
: var.vpn_gateway
|
||||
)
|
||||
|
|
@ -36,7 +36,7 @@ locals {
|
|||
}
|
||||
|
||||
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
||||
count = var.vpn_gateway_create ? 1 : 0
|
||||
count = var.vpn_gateway_create != null ? 1 : 0
|
||||
name = var.name
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
|
|
@ -48,7 +48,7 @@ resource "google_compute_external_vpn_gateway" "external_gateway" {
|
|||
name = "${var.name}-${each.key}"
|
||||
project = var.project_id
|
||||
redundancy_type = each.value.redundancy_type
|
||||
description = "Terraform managed external VPN gateway"
|
||||
description = each.value.description
|
||||
dynamic "interface" {
|
||||
for_each = each.value.interfaces
|
||||
content {
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ variable "peer_gateways" {
|
|||
external = optional(object({
|
||||
redundancy_type = string
|
||||
interfaces = list(string)
|
||||
description = optional(string, "Terraform managed external VPN gateway")
|
||||
}))
|
||||
gcp = optional(string)
|
||||
}))
|
||||
|
|
@ -103,7 +104,9 @@ variable "vpn_gateway" {
|
|||
}
|
||||
|
||||
variable "vpn_gateway_create" {
|
||||
description = "Create HA VPN Gateway."
|
||||
type = bool
|
||||
default = true
|
||||
description = "Create HA VPN Gateway. Set to null to avoid creation."
|
||||
type = object({
|
||||
description = optional(string, "Terraform managed external VPN gateway")
|
||||
})
|
||||
default = {}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ module "addresses" {
|
|||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
external_addresses = {
|
||||
vpn = "europe-west1"
|
||||
vpn = { region = "europe-west1" }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue