From 31f625f1490816a6fd6954507a5f86b6a9115731 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Sat, 22 Jan 2022 13:34:35 +0100 Subject: [PATCH] Link vars and outputs from README --- .../README.md | 23 ++--- .../dns-fine-grained-iam/README.md | 17 ++-- .../cloud-operations/dns-shared-vpc/README.md | 19 ++-- .../iam-delegated-role-grants/README.md | 16 ++-- .../onprem-sa-key-management/README.md | 13 +-- .../packer-image-builder/README.md | 31 +++---- .../quota-monitoring/README.md | 18 ++-- .../README.md | 36 +++---- .../cmek-via-centralized-kms/README.md | 31 +++---- .../01-environment/README.md | 27 +++--- .../02-resources/README.md | 39 ++++---- .../gcs-to-bq-with-dataflow/README.md | 29 ++---- .../gcs-to-bq-with-least-privileges/README.md | 29 +++--- .../factories/net-vpc-firewall-yaml/README.md | 21 ++--- examples/factories/project-factory/README.md | 41 ++++---- examples/foundations/business-units/README.md | 43 ++++----- examples/foundations/environments/README.md | 51 +++++----- .../decentralized-firewall/README.md | 23 ++--- examples/networking/filtering-proxy/README.md | 21 ++--- .../hub-and-spoke-peering/README.md | 21 ++--- .../networking/hub-and-spoke-vpn/README.md | 17 ++-- examples/networking/ilb-next-hop/README.md | 31 +++---- .../onprem-google-access-dns/README.md | 25 +++-- .../README.md | 16 ++-- examples/networking/shared-vpc-gke/README.md | 35 ++++--- .../openshift/tf/README.md | 35 ++++--- fast/stages/00-bootstrap/README.md | 26 +++--- fast/stages/01-resman/README.md | 32 +++---- fast/stages/02-networking/README.md | 44 ++++----- fast/stages/02-security/README.md | 34 +++---- fast/stages/03-project-factory/prod/README.md | 14 +-- modules/__experimental/net-neg/README.md | 21 ++--- modules/apigee-organization/README.md | 31 +++---- modules/apigee-x-instance/README.md | 25 +++-- modules/artifact-registry/README.md | 21 ++--- modules/bigquery-dataset/README.md | 48 +++++----- modules/bigtable-instance/README.md | 36 ++++--- modules/billing-budget/README.md | 29 +++--- .../cloud-config-container/coredns/README.md | 15 ++- .../cos-generic-metadata/README.md | 33 +++---- .../envoy-traffic-director/README.md | 10 +- .../cloud-config-container/mysql/README.md | 19 ++-- .../cloud-config-container/nginx/README.md | 17 ++-- .../cloud-config-container/onprem/README.md | 17 ++-- .../cloud-config-container/squid/README.md | 23 ++--- modules/cloud-function/README.md | 55 ++++++----- modules/cloud-identity-group/README.md | 17 ++-- modules/cloud-run/README.md | 49 +++++----- modules/cloudsql-instance/README.md | 59 ++++++------ modules/compute-mig/README.md | 40 ++++---- modules/compute-vm/README.md | 82 ++++++++-------- modules/container-registry/README.md | 11 +-- modules/datafusion/README.md | 43 ++++----- modules/dns/README.md | 43 ++++----- modules/endpoints/README.md | 19 ++-- modules/folder/README.md | 45 ++++----- modules/folders-unit/README.md | 41 ++++---- modules/gcs/README.md | 47 +++++----- modules/gke-cluster/README.md | 93 +++++++++---------- modules/gke-nodepool/README.md | 77 ++++++++------- modules/iam-service-account/README.md | 38 ++++---- modules/kms/README.md | 38 ++++---- modules/logging-bucket/README.md | 18 ++-- modules/naming-convention/README.md | 23 ++--- modules/net-address/README.md | 27 +++--- modules/net-cloudnat/README.md | 39 ++++---- modules/net-ilb/README.md | 61 ++++++------ .../README.md | 31 +++---- modules/net-vpc-firewall/README.md | 35 ++++--- modules/net-vpc-peering/README.md | 19 ++-- modules/net-vpc/README.md | 74 +++++++-------- modules/net-vpn-dynamic/README.md | 47 +++++----- modules/net-vpn-ha/README.md | 53 +++++------ modules/net-vpn-static/README.md | 37 ++++---- modules/organization/README.md | 51 +++++----- modules/project/README.md | 74 +++++++-------- modules/pubsub/README.md | 33 +++---- modules/secret-manager/README.md | 22 ++--- modules/service-directory/README.md | 33 +++---- modules/source-repository/README.md | 13 +-- modules/vpc-sc/README.md | 28 +++--- tools/tfdoc.py | 20 ++-- 82 files changed, 1243 insertions(+), 1495 deletions(-) diff --git a/examples/cloud-operations/asset-inventory-feed-remediation/README.md b/examples/cloud-operations/asset-inventory-feed-remediation/README.md index 4277709a..f67aa67e 100644 --- a/examples/cloud-operations/asset-inventory-feed-remediation/README.md +++ b/examples/cloud-operations/asset-inventory-feed-remediation/README.md @@ -50,30 +50,25 @@ Run the `subscription_pull` command until it returns nothing, then run the follo - the `tag_add` command - the `cf_logs` command until the logs show that the change has been picked up, verified, and the compliant tags have been force-set on the instance - the `tag_show` command to verify that the function output matches the resource state - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id that references existing project. | string | ✓ | | -| bundle_path | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle.zip" | -| name | Arbitrary string used to name created resources. | string | | "asset-feed" | -| project_create | Create project instead of using an existing one. | bool | | false | -| region | Compute region used in the example. | string | | "europe-west1" | +| [project_id](variables.tf#L35) | Project id that references existing project. | string | ✓ | | +| [bundle_path](variables.tf#L17) | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle.zip" | +| [name](variables.tf#L23) | Arbitrary string used to name created resources. | string | | "asset-feed" | +| [project_create](variables.tf#L29) | Create project instead of using an existing one. | bool | | false | +| [region](variables.tf#L40) | Compute region used in the example. | string | | "europe-west1" | ## Outputs | name | description | sensitive | |---|---|:---:| -| cf_logs | Cloud Function logs read command. | | -| subscription_pull | Subscription pull command. | | -| tag_add | Instance add tag command. | | -| tag_show | Instance add tag command. | | +| [cf_logs](outputs.tf#L17) | Cloud Function logs read command. | | +| [subscription_pull](outputs.tf#L29) | Subscription pull command. | | +| [tag_add](outputs.tf#L39) | Instance add tag command. | | +| [tag_show](outputs.tf#L49) | Instance add tag command. | | - - diff --git a/examples/cloud-operations/dns-fine-grained-iam/README.md b/examples/cloud-operations/dns-fine-grained-iam/README.md index 7c1688c0..5b7c949b 100644 --- a/examples/cloud-operations/dns-fine-grained-iam/README.md +++ b/examples/cloud-operations/dns-fine-grained-iam/README.md @@ -98,26 +98,23 @@ dig app1.svc.example.org +short # 127.0.0.3 # 127.0.0.7 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Existing project id. | string | ✓ | | -| name | Arbitrary string used to name created resources. | string | | "dns-sd-test" | -| project_create | Create project instead ofusing an existing one. | bool | | false | -| region | Compute region used in the example. | string | | "europe-west1" | -| zone_domain | Domain name used for the DNS zone. | string | | "svc.example.org." | +| [project_id](variables.tf#L29) | Existing project id. | string | ✓ | | +| [name](variables.tf#L17) | Arbitrary string used to name created resources. | string | | "dns-sd-test" | +| [project_create](variables.tf#L23) | Create project instead ofusing an existing one. | bool | | false | +| [region](variables.tf#L34) | Compute region used in the example. | string | | "europe-west1" | +| [zone_domain](variables.tf#L40) | Domain name used for the DNS zone. | string | | "svc.example.org." | ## Outputs | name | description | sensitive | |---|---|:---:| -| gcloud_commands | Commands used to SSH to the VMs. | | -| vms | VM names. | | +| [gcloud_commands](outputs.tf#L17) | Commands used to SSH to the VMs. | | +| [vms](outputs.tf#L25) | VM names. | | - diff --git a/examples/cloud-operations/dns-shared-vpc/README.md b/examples/cloud-operations/dns-shared-vpc/README.md index 899ddfba..2a6c7901 100644 --- a/examples/cloud-operations/dns-shared-vpc/README.md +++ b/examples/cloud-operations/dns-shared-vpc/README.md @@ -18,27 +18,24 @@ The resources created in this example are shown in the high level diagram below: Note that Terraform 0.13 at least is required due to the use of `for_each` with modules. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account associated with the GCP Projects that will be created for each team. | string | ✓ | | -| folder_id | Folder ID in which DNS projects will be created. | string | ✓ | | -| shared_vpc_link | Shared VPC self link, used for DNS peering. | string | ✓ | | -| dns_domain | DNS domain under which each application team DNS domain will be created. | string | | "example.org" | -| prefix | Customer name to use as prefix for resources' naming. | string | | "test-dns" | -| project_services | Service APIs enabled by default. | list(string) | | […] | -| teams | List of application teams requiring their own Cloud DNS instance. | list(string) | | […] | +| [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | string | ✓ | | +| [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | string | ✓ | | +| [shared_vpc_link](variables.tf#L48) | Shared VPC self link, used for DNS peering. | string | ✓ | | +| [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | string | | "example.org" | +| [prefix](variables.tf#L33) | Customer name to use as prefix for resources' naming. | string | | "test-dns" | +| [project_services](variables.tf#L39) | Service APIs enabled by default. | list(string) | | […] | +| [teams](variables.tf#L53) | List of application teams requiring their own Cloud DNS instance. | list(string) | | […] | ## Outputs | name | description | sensitive | |---|---|:---:| -| teams | Team resources | | +| [teams](outputs.tf#L17) | Team resources | | - diff --git a/examples/cloud-operations/iam-delegated-role-grants/README.md b/examples/cloud-operations/iam-delegated-role-grants/README.md index 879a663e..b48eddbc 100644 --- a/examples/cloud-operations/iam-delegated-role-grants/README.md +++ b/examples/cloud-operations/iam-delegated-role-grants/README.md @@ -62,21 +62,17 @@ If you get any warnings, check the roles and remove any of them granting any of - `resourcemanager.projects.setIamPolicy` - `resourcemanager.folders.setIamPolicy` - `resourcemanager.organizations.setIamPolicy` - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_administrators | List identities granted administrator permissions. | list(string) | ✓ | | -| project_id | GCP project id where to grant direct and delegated roles to the users listed in project_administrators. | string | ✓ | | -| delegated_role_grants | List of roles that project administrators will be allowed to grant/revoke. | list(string) | | […] | -| direct_role_grants | List of roles granted directly to project administrators. | list(string) | | […] | -| project_create | Create project instead of using an existing one. | bool | | false | -| restricted_role_grant | Role grant to which the restrictions will apply. | string | | "roles/resourcemanager.projectIamAdmin" | +| [project_administrators](variables.tf#L62) | List identities granted administrator permissions. | list(string) | ✓ | | +| [project_id](variables.tf#L73) | GCP project id where to grant direct and delegated roles to the users listed in project_administrators. | string | ✓ | | +| [delegated_role_grants](variables.tf#L17) | List of roles that project administrators will be allowed to grant/revoke. | list(string) | | […] | +| [direct_role_grants](variables.tf#L53) | List of roles granted directly to project administrators. | list(string) | | […] | +| [project_create](variables.tf#L67) | Create project instead of using an existing one. | bool | | false | +| [restricted_role_grant](variables.tf#L78) | Role grant to which the restrictions will apply. | string | | "roles/resourcemanager.projectIamAdmin" | - diff --git a/examples/cloud-operations/onprem-sa-key-management/README.md b/examples/cloud-operations/onprem-sa-key-management/README.md index c0dec466..dfa5ce71 100644 --- a/examples/cloud-operations/onprem-sa-key-management/README.md +++ b/examples/cloud-operations/onprem-sa-key-management/README.md @@ -60,24 +60,21 @@ gcloud auth activate-service-account --key-file data-uploader.json ```bash terraform destroy -var project_id=$GOOGLE_CLOUD_PROJECT ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id. | string | ✓ | | -| project_create | Create project instead of using an existing one. | bool | | false | -| service_accounts | List of service accounts. | list(object({…})) | | […] | -| services | Service APIs to enable. | list(string) | | [] | +| [project_id](variables.tf#L23) | Project id. | string | ✓ | | +| [project_create](variables.tf#L17) | Create project instead of using an existing one. | bool | | false | +| [service_accounts](variables.tf#L28) | List of service accounts. | list(object({…})) | | […] | +| [services](variables.tf#L56) | Service APIs to enable. | list(string) | | [] | ## Outputs | name | description | sensitive | |---|---|:---:| -| sa-credentials | SA json key templates. | | +| [sa-credentials](outputs.tf#L17) | SA json key templates. | | - diff --git a/examples/cloud-operations/packer-image-builder/README.md b/examples/cloud-operations/packer-image-builder/README.md index a04e79af..4784b47b 100644 --- a/examples/cloud-operations/packer-image-builder/README.md +++ b/examples/cloud-operations/packer-image-builder/README.md @@ -66,33 +66,30 @@ configurations respectively. The following example assumes that provisioning of a Compute Engine VM requires access to the resources over the Internet (i.e. to install OS packages). Since Compute VM has no public IP address for security reasons, Internet connectivity is done with [Cloud NAT](https://cloud.google.com/nat/docs/overview). - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id that references existing project. | string | ✓ | | -| billing_account | Billing account id used as default for new projects. | string | | null | -| cidrs | CIDR ranges for subnets | map(string) | | {…} | -| create_packer_vars | Create packer variables file using template file and terraform output. | bool | | false | -| packer_account_users | List of members that will be allowed to impersonate Packer image builder service account in IAM format, i.e. 'user:{emailid}'. | list(string) | | [] | -| packer_source_cidrs | List of CIDR ranges allowed to connect to the temporary VM for provisioning. | list(string) | | ["0.0.0.0/0"] | -| project_create | Create project instead of using an existing one. | bool | | true | -| region | Default region for resources | string | | "europe-west1" | -| root_node | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | -| use_iap | Use IAP tunnel to connect to Compute Engine instance for provisioning. | bool | | true | +| [project_id](variables.tf#L55) | Project id that references existing project. | string | ✓ | | +| [billing_account](variables.tf#L17) | Billing account id used as default for new projects. | string | | null | +| [cidrs](variables.tf#L23) | CIDR ranges for subnets | map(string) | | {…} | +| [create_packer_vars](variables.tf#L31) | Create packer variables file using template file and terraform output. | bool | | false | +| [packer_account_users](variables.tf#L37) | List of members that will be allowed to impersonate Packer image builder service account in IAM format, i.e. 'user:{emailid}'. | list(string) | | [] | +| [packer_source_cidrs](variables.tf#L43) | List of CIDR ranges allowed to connect to the temporary VM for provisioning. | list(string) | | ["0.0.0.0/0"] | +| [project_create](variables.tf#L49) | Create project instead of using an existing one. | bool | | true | +| [region](variables.tf#L60) | Default region for resources | string | | "europe-west1" | +| [root_node](variables.tf#L66) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | +| [use_iap](variables.tf#L72) | Use IAP tunnel to connect to Compute Engine instance for provisioning. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| builder_sa | Packer's service account email. | | -| compute_sa | Packer's temporary VM service account email. | | -| compute_subnetwork | Name of a subnetwork for Packer's temporary VM. | | -| compute_zone | Name of a compute engine zone for Packer's temporary VM. | | +| [builder_sa](outputs.tf#L17) | Packer's service account email. | | +| [compute_sa](outputs.tf#L22) | Packer's temporary VM service account email. | | +| [compute_subnetwork](outputs.tf#L27) | Name of a subnetwork for Packer's temporary VM. | | +| [compute_zone](outputs.tf#L32) | Name of a compute engine zone for Packer's temporary VM. | | - diff --git a/examples/cloud-operations/quota-monitoring/README.md b/examples/cloud-operations/quota-monitoring/README.md index ceddc065..0570867a 100644 --- a/examples/cloud-operations/quota-monitoring/README.md +++ b/examples/cloud-operations/quota-monitoring/README.md @@ -22,22 +22,18 @@ Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/c - `terraform init` - `terraform apply -var project_id=my-project-id` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id that references existing project. | string | ✓ | | -| bundle_path | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle.zip" | -| name | Arbitrary string used to name created resources. | string | | "quota-monitor" | -| project_create | Create project instead ofusing an existing one. | bool | | false | -| quota_config | Cloud function configuration. | object({…}) | | {…} | -| region | Compute region used in the example. | string | | "europe-west1" | -| schedule_config | Schedule timer configuration in crontab format | string | | "0 * * * *" | +| [project_id](variables.tf#L35) | Project id that references existing project. | string | ✓ | | +| [bundle_path](variables.tf#L17) | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle.zip" | +| [name](variables.tf#L23) | Arbitrary string used to name created resources. | string | | "quota-monitor" | +| [project_create](variables.tf#L29) | Create project instead ofusing an existing one. | bool | | false | +| [quota_config](variables.tf#L40) | Cloud function configuration. | object({…}) | | {…} | +| [region](variables.tf#L54) | Compute region used in the example. | string | | "europe-west1" | +| [schedule_config](variables.tf#L60) | Schedule timer configuration in crontab format | string | | "0 * * * *" | - - diff --git a/examples/cloud-operations/scheduled-asset-inventory-export-bq/README.md b/examples/cloud-operations/scheduled-asset-inventory-export-bq/README.md index 56153ff8..0354ec64 100644 --- a/examples/cloud-operations/scheduled-asset-inventory-export-bq/README.md +++ b/examples/cloud-operations/scheduled-asset-inventory-export-bq/README.md @@ -49,37 +49,31 @@ It helps to create custom [scheduled query](https://cloud.google.com/bigquery/do This is an optional part, created if `cai_gcs_export` is set to `true`. The high level diagram extends to the following: - - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| cai_config | Cloud Asset Inventory export config. | object({…}) | ✓ | | -| project_id | Project id that references existing project. | string | ✓ | | -| billing_account | Billing account id used as default for new projects. | string | | null | -| bundle_path | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle.zip" | -| bundle_path_cffile | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle_cffile.zip" | -| cai_gcs_export | Enable optional part to export tables to GCS | bool | | false | -| file_config | Optional BQ table as a file export function config. | object({…}) | | {…} | -| location | Appe Engine location used in the example. | string | | "europe-west" | -| name | Arbitrary string used to name created resources. | string | | "asset-inventory" | -| name_cffile | Arbitrary string used to name created resources. | string | | "cffile-exporter" | -| project_create | Create project instead ofusing an existing one. | bool | | true | -| region | Compute region used in the example. | string | | "europe-west1" | -| root_node | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | +| [cai_config](variables.tf#L36) | Cloud Asset Inventory export config. | object({…}) | ✓ | | +| [project_id](variables.tf#L101) | Project id that references existing project. | string | ✓ | | +| [billing_account](variables.tf#L17) | Billing account id used as default for new projects. | string | | null | +| [bundle_path](variables.tf#L23) | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle.zip" | +| [bundle_path_cffile](variables.tf#L30) | Path used to write the intermediate Cloud Function code bundle. | string | | "./bundle_cffile.zip" | +| [cai_gcs_export](variables.tf#L47) | Enable optional part to export tables to GCS | bool | | false | +| [file_config](variables.tf#L54) | Optional BQ table as a file export function config. | object({…}) | | {…} | +| [location](variables.tf#L73) | Appe Engine location used in the example. | string | | "europe-west" | +| [name](variables.tf#L80) | Arbitrary string used to name created resources. | string | | "asset-inventory" | +| [name_cffile](variables.tf#L88) | Arbitrary string used to name created resources. | string | | "cffile-exporter" | +| [project_create](variables.tf#L95) | Create project instead ofusing an existing one. | bool | | true | +| [region](variables.tf#L106) | Compute region used in the example. | string | | "europe-west1" | +| [root_node](variables.tf#L112) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| bq-dataset | Bigquery instance details. | | -| cloud-function | Cloud Function instance details. | | +| [bq-dataset](outputs.tf#L17) | Bigquery instance details. | | +| [cloud-function](outputs.tf#L22) | Cloud Function instance details. | | - - diff --git a/examples/data-solutions/cmek-via-centralized-kms/README.md b/examples/data-solutions/cmek-via-centralized-kms/README.md index 7c5af4fb..68aef4d7 100644 --- a/examples/data-solutions/cmek-via-centralized-kms/README.md +++ b/examples/data-solutions/cmek-via-centralized-kms/README.md @@ -29,33 +29,30 @@ This sample creates several distinct groups of resources: - One instance encrypted with a CMEK Cryptokey hosted in Cloud KMS - GCS - One bucket encrypted with a CMEK Cryptokey hosted in Cloud KMS - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account | Billing account id used as default for new projects. | string | ✓ | | -| root_node | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. | string | ✓ | | -| location | The location where resources will be deployed. | string | | "europe" | -| project_kms_name | Name for the new KMS Project. | string | | "my-project-kms-001" | -| project_service_name | Name for the new Service Project. | string | | "my-project-service-001" | -| region | The region where resources will be deployed. | string | | "europe-west1" | -| vpc_ip_cidr_range | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | -| vpc_name | Name of the VPC created in the Service Project. | string | | "local" | -| vpc_subnet_name | Name of the subnet created in the Service Project. | string | | "subnet" | +| [billing_account](variables.tf#L16) | Billing account id used as default for new projects. | string | ✓ | | +| [root_node](variables.tf#L45) | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. | string | ✓ | | +| [location](variables.tf#L21) | The location where resources will be deployed. | string | | "europe" | +| [project_kms_name](variables.tf#L27) | Name for the new KMS Project. | string | | "my-project-kms-001" | +| [project_service_name](variables.tf#L33) | Name for the new Service Project. | string | | "my-project-service-001" | +| [region](variables.tf#L39) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_ip_cidr_range](variables.tf#L50) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | +| [vpc_name](variables.tf#L56) | Name of the VPC created in the Service Project. | string | | "local" | +| [vpc_subnet_name](variables.tf#L62) | Name of the subnet created in the Service Project. | string | | "subnet" | ## Outputs | name | description | sensitive | |---|---|:---:| -| bucket | GCS Bucket URL. | | -| bucket_keys | GCS Bucket Cloud KMS crypto keys. | | -| projects | Project ids. | | -| vm | GCE VM. | | -| vm_keys | GCE VM Cloud KMS crypto keys. | | +| [bucket](outputs.tf#L15) | GCS Bucket URL. | | +| [bucket_keys](outputs.tf#L20) | GCS Bucket Cloud KMS crypto keys. | | +| [projects](outputs.tf#L25) | Project ids. | | +| [vm](outputs.tf#L33) | GCE VM. | | +| [vm_keys](outputs.tf#L41) | GCE VM Cloud KMS crypto keys. | | - diff --git a/examples/data-solutions/data-platform-foundations/01-environment/README.md b/examples/data-solutions/data-platform-foundations/01-environment/README.md index 4add9b7c..7a619dc1 100644 --- a/examples/data-solutions/data-platform-foundations/01-environment/README.md +++ b/examples/data-solutions/data-platform-foundations/01-environment/README.md @@ -45,31 +45,28 @@ You can assign projects to an existing VPC-SC standard perimeter configuring the gcloud access-context-manager perimeters list --format="json" | grep name ''' -The script use 'google_access_context_manager_service_perimeter_resource' terraform resource. If this resource is used alongside the 'vpc-sc' module, remember to uncomment the lifecycle block in the 'vpc-sc' module so they don't fight over which resources should be in the perimeter. - - +The script use 'google_access_context_manager_service_perimeter_resource' terraform resource. If this resource is used alongside the 'vpc-sc' module, remember to uncomment the lifecycle block in the 'vpc-sc' module so they don't fight over which resources should be in the perimeter. ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account id. | string | ✓ | | -| root_node | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | ✓ | | -| admins | List of users allowed to impersonate the service account | list(string) | | null | -| prefix | Prefix used to generate project id and name. | string | | null | -| project_names | Override this variable if you need non-standard names. | object({…}) | | {…} | -| service_account_names | Override this variable if you need non-standard names. | object({…}) | | {…} | -| service_encryption_key_ids | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | object({…}) | | {…} | -| service_perimeter_standard | VPC Service control standard perimeter name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. All projects will be added to the perimeter in enforced mode. | string | | null | +| [billing_account_id](variables.tf#L21) | Billing account id. | string | ✓ | | +| [root_node](variables.tf#L50) | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | ✓ | | +| [admins](variables.tf#L15) | List of users allowed to impersonate the service account | list(string) | | null | +| [prefix](variables.tf#L26) | Prefix used to generate project id and name. | string | | null | +| [project_names](variables.tf#L32) | Override this variable if you need non-standard names. | object({…}) | | {…} | +| [service_account_names](variables.tf#L55) | Override this variable if you need non-standard names. | object({…}) | | {…} | +| [service_encryption_key_ids](variables.tf#L65) | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | object({…}) | | {…} | +| [service_perimeter_standard](variables.tf#L78) | VPC Service control standard perimeter name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. All projects will be added to the perimeter in enforced mode. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| project_ids | Project ids for created projects. | | -| service_account | Main service account. | | -| service_encryption_key_ids | Cloud KMS encryption keys in {LOCATION => [KEY_URL]} format. | | +| [project_ids](outputs.tf#L17) | Project ids for created projects. | | +| [service_account](outputs.tf#L28) | Main service account. | | +| [service_encryption_key_ids](outputs.tf#L33) | Cloud KMS encryption keys in {LOCATION => [KEY_URL]} format. | | - diff --git a/examples/data-solutions/data-platform-foundations/02-resources/README.md b/examples/data-solutions/data-platform-foundations/02-resources/README.md index 1dfcca05..1af1620f 100644 --- a/examples/data-solutions/data-platform-foundations/02-resources/README.md +++ b/examples/data-solutions/data-platform-foundations/02-resources/README.md @@ -50,37 +50,34 @@ Once done testing, you can clean up resources by running `terraform destroy`. ### CMEK configuration You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_ids | Project IDs. | object({…}) | ✓ | | -| admins | List of users allowed to impersonate the service account | list(string) | | null | -| datamart_bq_datasets | Datamart Bigquery datasets | map(object({…})) | | {…} | -| dwh_bq_datasets | DWH Bigquery datasets | map(object({…})) | | {…} | -| landing_buckets | List of landing buckets to create | map(object({…})) | | {…} | -| landing_pubsub | List of landing pubsub topics and subscriptions to create | map(map(object({…}))) | | {…} | -| landing_service_account | landing service accounts list. | string | | "sa-landing" | -| service_account_names | Project service accounts list. | object({…}) | | {…} | -| service_encryption_key_ids | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | object({…}) | | {…} | -| transformation_buckets | List of transformation buckets to create | map(object({…})) | | {…} | -| transformation_subnets | List of subnets to create in the transformation Project. | list(object({…})) | | […] | -| transformation_vpc_name | Name of the VPC created in the transformation Project. | string | | "transformation-vpc" | +| [project_ids](variables.tf#L108) | Project IDs. | object({…}) | ✓ | | +| [admins](variables.tf#L16) | List of users allowed to impersonate the service account | list(string) | | null | +| [datamart_bq_datasets](variables.tf#L22) | Datamart Bigquery datasets | map(object({…})) | | {…} | +| [dwh_bq_datasets](variables.tf#L40) | DWH Bigquery datasets | map(object({…})) | | {…} | +| [landing_buckets](variables.tf#L54) | List of landing buckets to create | map(object({…})) | | {…} | +| [landing_pubsub](variables.tf#L72) | List of landing pubsub topics and subscriptions to create | map(map(object({…}))) | | {…} | +| [landing_service_account](variables.tf#L102) | landing service accounts list. | string | | "sa-landing" | +| [service_account_names](variables.tf#L119) | Project service accounts list. | object({…}) | | {…} | +| [service_encryption_key_ids](variables.tf#L137) | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | object({…}) | | {…} | +| [transformation_buckets](variables.tf#L149) | List of transformation buckets to create | map(object({…})) | | {…} | +| [transformation_subnets](variables.tf#L167) | List of subnets to create in the transformation Project. | list(object({…})) | | […] | +| [transformation_vpc_name](variables.tf#L185) | Name of the VPC created in the transformation Project. | string | | "transformation-vpc" | ## Outputs | name | description | sensitive | |---|---|:---:| -| datamart-datasets | List of bigquery datasets created for the datamart project. | | -| dwh-datasets | List of bigquery datasets created for the dwh project. | | -| landing-buckets | List of buckets created for the landing project. | | -| landing-pubsub | List of pubsub topics and subscriptions created for the landing project. | | -| transformation-buckets | List of buckets created for the transformation project. | | -| transformation-vpc | Transformation VPC details | | +| [datamart-datasets](outputs.tf#L17) | List of bigquery datasets created for the datamart project. | | +| [dwh-datasets](outputs.tf#L24) | List of bigquery datasets created for the dwh project. | | +| [landing-buckets](outputs.tf#L29) | List of buckets created for the landing project. | | +| [landing-pubsub](outputs.tf#L34) | List of pubsub topics and subscriptions created for the landing project. | | +| [transformation-buckets](outputs.tf#L44) | List of buckets created for the transformation project. | | +| [transformation-vpc](outputs.tf#L49) | Transformation VPC details | | - diff --git a/examples/data-solutions/gcs-to-bq-with-dataflow/README.md b/examples/data-solutions/gcs-to-bq-with-dataflow/README.md index 055f93ef..9ccd2bf2 100644 --- a/examples/data-solutions/gcs-to-bq-with-dataflow/README.md +++ b/examples/data-solutions/gcs-to-bq-with-dataflow/README.md @@ -109,35 +109,26 @@ schema_bq_import.json ``` You can check data imported into Google BigQuery from the Google Cloud Console UI. - - - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id, references existing project if `project_create` is null. | string | ✓ | | -| prefix | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | | null | -| project_create | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format | object({…}) | | null | -| region | The region where resources will be deployed. | string | | "europe-west1" | -| vpc_subnet_range | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | +| [project_id](variables.tf#L31) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L16) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | | null | +| [project_create](variables.tf#L22) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format | object({…}) | | null | +| [region](variables.tf#L36) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_subnet_range](variables.tf#L42) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | ## Outputs | name | description | sensitive | |---|---|:---:| -| bq_tables | Bigquery Tables. | | -| buckets | GCS Bucket Cloud KMS crypto keys. | | -| data_ingestion_command | | | -| project_id | Project id. | | -| vm | GCE VM. | | +| [bq_tables](outputs.tf#L15) | Bigquery Tables. | | +| [buckets](outputs.tf#L20) | GCS Bucket Cloud KMS crypto keys. | | +| [data_ingestion_command](outputs.tf#L28) | | | +| [project_id](outputs.tf#L48) | Project id. | | +| [vm](outputs.tf#L53) | GCE VM. | | - - - - diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md b/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md index 1b51e218..24ac7d2e 100644 --- a/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md +++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md @@ -124,31 +124,30 @@ You can check data imported into Google BigQuery using the command returned in ``` bq query --use_legacy_sql=false 'SELECT * FROM `PROJECT.datalake.person` LIMIT 1000' ``` - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| prefix | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| project_id | Project id, references existing project if `project_create` is null. | string | ✓ | | -| cmek_encryption | Flag to enable CMEK on GCP resources created. | bool | | false | -| data_eng_principals | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | list(string) | | [] | -| project_create | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format | object({…}) | | null | -| region | The region where resources will be deployed. | string | | "europe-west1" | -| vpc_subnet_range | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | +| [prefix](variables.tf#L26) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | +| [project_id](variables.tf#L40) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | bool | | false | +| [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | list(string) | | [] | +| [project_create](variables.tf#L31) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format | object({…}) | | null | +| [region](variables.tf#L45) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_subnet_range](variables.tf#L51) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | ## Outputs | name | description | sensitive | |---|---|:---:| -| bq_tables | Bigquery Tables. | | -| buckets | GCS bucket Cloud KMS crypto keys. | | -| command-01-gcs | gcloud command to copy data into the created bucket impersonating the service account. | | -| command-02-dataflow | Command to run Dataflow template impersonating the service account. | | -| command-03-bq | BigQuery command to query imported data. | | -| project_id | Project id. | | -| serviceaccount | Service account. | | +| [bq_tables](outputs.tf#L15) | Bigquery Tables. | | +| [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. | | +| [command-01-gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. | | +| [command-02-dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. | | +| [command-03-bq](outputs.tf#L70) | BigQuery command to query imported data. | | +| [project_id](outputs.tf#L28) | Project id. | | +| [serviceaccount](outputs.tf#L33) | Service account. | | diff --git a/examples/factories/net-vpc-firewall-yaml/README.md b/examples/factories/net-vpc-firewall-yaml/README.md index 89af153e..73a72ba2 100644 --- a/examples/factories/net-vpc-firewall-yaml/README.md +++ b/examples/factories/net-vpc-firewall-yaml/README.md @@ -134,29 +134,24 @@ web-app-a-ingress: target_service_accounts: - web-app-a@myproject-id.iam.gserviceaccount.com ``` - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| config_directories | List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml` | list(string) | ✓ | | -| network | Name of the network this set of firewall rules applies to. | string | ✓ | | -| project_id | Project Id. | string | ✓ | | -| log_config | Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging. | object({…}) | | null | +| [config_directories](variables.tf#L17) | List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml` | list(string) | ✓ | | +| [network](variables.tf#L30) | Name of the network this set of firewall rules applies to. | string | ✓ | | +| [project_id](variables.tf#L35) | Project Id. | string | ✓ | | +| [log_config](variables.tf#L22) | Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| egress_allow_rules | Egress rules with allow blocks. | | -| egress_deny_rules | Egress rules with allow blocks. | | -| ingress_allow_rules | Ingress rules with allow blocks. | | -| ingress_deny_rules | Ingress rules with deny blocks. | | +| [egress_allow_rules](outputs.tf#L17) | Egress rules with allow blocks. | | +| [egress_deny_rules](outputs.tf#L25) | Egress rules with allow blocks. | | +| [ingress_allow_rules](outputs.tf#L33) | Ingress rules with allow blocks. | | +| [ingress_deny_rules](outputs.tf#L41) | Ingress rules with deny blocks. | | - - diff --git a/examples/factories/project-factory/README.md b/examples/factories/project-factory/README.md index 19f74d09..fa0da75b 100644 --- a/examples/factories/project-factory/README.md +++ b/examples/factories/project-factory/README.md @@ -211,40 +211,33 @@ vpc: - user:foobar@example.com - serviceAccount:service-account1 ``` - - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account id. | string | ✓ | | -| defaults | Project factory default values. | object({…}) | ✓ | | -| folder_id | Folder ID for the folder where the project will be created. | string | ✓ | | -| project_id | Project id. | string | ✓ | | -| billing_alert | Billing alert configuration. | object({…}) | | null | -| dns_zones | DNS private zones to create as child of var.defaults.environment_dns_zone. | list(string) | | [] | -| essential_contacts | Email contacts to be used for billing and GCP notifications | list(string) | | [] | -| group_iam | Custom IAM settings in group => [role] format. | map(list(string)) | | {} | -| iam | Custom IAM settings in role => [principal] format. | map(list(string)) | | {} | -| kms_service_agents | KMS IAM configuration in as service => [key]. | map(list(string)) | | {} | -| labels | Labels to be assigned at project level. | map(string) | | {} | -| org_policies | Org-policy overrides at project level. | object({…}) | | null | -| service_accounts | Service accounts to be created, and roles to assign them. | map(list(string)) | | {} | -| services | Services to be enabled for the project. | list(string) | | [] | -| services_iam | Custom IAM settings for robot ServiceAccounts in service => [role] format. | map(list(string)) | | {} | -| vpc | VPC configuration for the project. | object({…}) | | null | +| [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | +| [defaults](variables.tf#L35) | Project factory default values. | object({…}) | ✓ | | +| [folder_id](variables.tf#L68) | Folder ID for the folder where the project will be created. | string | ✓ | | +| [project_id](variables.tf#L111) | Project id. | string | ✓ | | +| [billing_alert](variables.tf#L22) | Billing alert configuration. | object({…}) | | null | +| [dns_zones](variables.tf#L56) | DNS private zones to create as child of var.defaults.environment_dns_zone. | list(string) | | [] | +| [essential_contacts](variables.tf#L62) | Email contacts to be used for billing and GCP notifications | list(string) | | [] | +| [group_iam](variables.tf#L73) | Custom IAM settings in group => [role] format. | map(list(string)) | | {} | +| [iam](variables.tf#L79) | Custom IAM settings in role => [principal] format. | map(list(string)) | | {} | +| [kms_service_agents](variables.tf#L85) | KMS IAM configuration in as service => [key]. | map(list(string)) | | {} | +| [labels](variables.tf#L91) | Labels to be assigned at project level. | map(string) | | {} | +| [org_policies](variables.tf#L97) | Org-policy overrides at project level. | object({…}) | | null | +| [service_accounts](variables.tf#L116) | Service accounts to be created, and roles to assign them. | map(list(string)) | | {} | +| [services](variables.tf#L122) | Services to be enabled for the project. | list(string) | | [] | +| [services_iam](variables.tf#L128) | Custom IAM settings for robot ServiceAccounts in service => [role] format. | map(list(string)) | | {} | +| [vpc](variables.tf#L134) | VPC configuration for the project. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| project_id | Project ID. | | +| [project_id](outputs.tf#L19) | Project ID. | | - - - diff --git a/examples/foundations/business-units/README.md b/examples/foundations/business-units/README.md index 2fab825e..0cb178aa 100644 --- a/examples/foundations/business-units/README.md +++ b/examples/foundations/business-units/README.md @@ -24,39 +24,36 @@ The number of resources in this sample is kept to a minimum so as to make it gen ## Shared services This sample uses a top-level folder to encapsulate projects that host resources that are not specific to a single environment. If no shared services are needed,the Terraform and audit modules can be easily attached to the root node, and the shared services folder and project removed from `main.tf`. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account id used as default for new projects. | string | ✓ | | -| organization_id | Organization id in organizations/nnnnnnn format. | string | ✓ | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | -| root_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| audit_filter | Audit log filter used for the log sink. | string | | | -| environments | Environment short names. | map(string) | | {…} | -| gcs_defaults | Defaults use for the state GCS buckets. | map(string) | | {…} | -| iam_audit_viewers | Audit project viewers, in IAM format. | list(string) | | [] | -| iam_shared_owners | Shared services project owners, in IAM format. | list(string) | | [] | -| iam_terraform_owners | Terraform project owners, in IAM format. | list(string) | | [] | -| project_services | Service APIs enabled by default in new projects. | list(string) | | […] | +| [billing_account_id](variables.tf#L27) | Billing account id used as default for new projects. | string | ✓ | | +| [organization_id](variables.tf#L69) | Organization id in organizations/nnnnnnn format. | string | ✓ | | +| [prefix](variables.tf#L74) | Prefix used for resources that need unique names. | string | ✓ | | +| [root_node](variables.tf#L88) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [audit_filter](variables.tf#L17) | Audit log filter used for the log sink. | string | | | +| [environments](variables.tf#L32) | Environment short names. | map(string) | | {…} | +| [gcs_defaults](variables.tf#L42) | Defaults use for the state GCS buckets. | map(string) | | {…} | +| [iam_audit_viewers](variables.tf#L51) | Audit project viewers, in IAM format. | list(string) | | [] | +| [iam_shared_owners](variables.tf#L57) | Shared services project owners, in IAM format. | list(string) | | [] | +| [iam_terraform_owners](variables.tf#L63) | Terraform project owners, in IAM format. | list(string) | | [] | +| [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | list(string) | | […] | ## Outputs | name | description | sensitive | |---|---|:---:| -| audit_logs_project | Project that holds the audit logs export resources. | | -| bootstrap_tf_gcs_bucket | GCS bucket used for the bootstrap Terraform state. | | -| bu_business_intelligence | Business Intelligence attributes. | | -| bu_business_intelligence_keys | Business Intelligence service account keys. | ✓ | -| bu_machine_learning | Machine Learning attributes. | | -| bu_machine_learning_keys | Machine Learning service account keys. | ✓ | -| shared_folder_id | Shared folder id. | | -| shared_resources_project | Project that holdes resources shared across business units. | | -| terraform_project | Project that holds the base Terraform resources. | | +| [audit_logs_project](outputs.tf#L17) | Project that holds the audit logs export resources. | | +| [bootstrap_tf_gcs_bucket](outputs.tf#L22) | GCS bucket used for the bootstrap Terraform state. | | +| [bu_business_intelligence](outputs.tf#L27) | Business Intelligence attributes. | | +| [bu_business_intelligence_keys](outputs.tf#L37) | Business Intelligence service account keys. | ✓ | +| [bu_machine_learning](outputs.tf#L43) | Machine Learning attributes. | | +| [bu_machine_learning_keys](outputs.tf#L53) | Machine Learning service account keys. | ✓ | +| [shared_folder_id](outputs.tf#L59) | Shared folder id. | | +| [shared_resources_project](outputs.tf#L64) | Project that holdes resources shared across business units. | | +| [terraform_project](outputs.tf#L69) | Project that holds the base Terraform resources. | | - diff --git a/examples/foundations/environments/README.md b/examples/foundations/environments/README.md index b7893bd7..e4d2f1ac 100644 --- a/examples/foundations/environments/README.md +++ b/examples/foundations/environments/README.md @@ -26,43 +26,40 @@ This sample contains a single, top-level project used to host services shared ac For more complex setups where multiple shared services projects are needed to encapsulate a larger number of resources, shared services should be treated as an extra environment so that they can be managed by a dedicated set of Terraform files, using a separate service account and GCS bucket, with a folder to contain shared projects. If no shared services are needed, the shared service project module can of course be removed from `main.tf`. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account id used as to create projects. | string | ✓ | | -| environments | Environment short names. | set(string) | ✓ | | -| organization_id | Organization id in organizations/nnnnnnnn format. | string | ✓ | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | -| root_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| audit_filter | Audit log filter used for the log sink. | string | | | -| gcs_location | GCS bucket location. | string | | "EU" | -| iam_audit_viewers | Audit project viewers, in IAM format. | list(string) | | [] | -| iam_billing_config | Control granting billing user role to service accounts. Target the billing account by default. | object({…}) | | {…} | -| iam_folder_roles | List of roles granted to each service account on its respective folder (excluding XPN roles). | list(string) | | […] | -| iam_shared_owners | Shared services project owners, in IAM format. | list(string) | | [] | -| iam_terraform_owners | Terraform project owners, in IAM format. | list(string) | | [] | -| iam_xpn_config | Control granting Shared VPC creation roles to service accounts. Target the root node by default. | object({…}) | | {…} | -| project_services | Service APIs enabled by default in new projects. | list(string) | | […] | -| service_account_keys | Generate and store service account keys in the state file. | bool | | true | +| [billing_account_id](variables.tf#L25) | Billing account id used as to create projects. | string | ✓ | | +| [environments](variables.tf#L30) | Environment short names. | set(string) | ✓ | | +| [organization_id](variables.tf#L94) | Organization id in organizations/nnnnnnnn format. | string | ✓ | | +| [prefix](variables.tf#L99) | Prefix used for resources that need unique names. | string | ✓ | | +| [root_node](variables.tf#L113) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [audit_filter](variables.tf#L15) | Audit log filter used for the log sink. | string | | | +| [gcs_location](variables.tf#L35) | GCS bucket location. | string | | "EU" | +| [iam_audit_viewers](variables.tf#L41) | Audit project viewers, in IAM format. | list(string) | | [] | +| [iam_billing_config](variables.tf#L47) | Control granting billing user role to service accounts. Target the billing account by default. | object({…}) | | {…} | +| [iam_folder_roles](variables.tf#L59) | List of roles granted to each service account on its respective folder (excluding XPN roles). | list(string) | | […] | +| [iam_shared_owners](variables.tf#L70) | Shared services project owners, in IAM format. | list(string) | | [] | +| [iam_terraform_owners](variables.tf#L76) | Terraform project owners, in IAM format. | list(string) | | [] | +| [iam_xpn_config](variables.tf#L82) | Control granting Shared VPC creation roles to service accounts. Target the root node by default. | object({…}) | | {…} | +| [project_services](variables.tf#L104) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [service_account_keys](variables.tf#L118) | Generate and store service account keys in the state file. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| audit_logs_bq_dataset | Bigquery dataset for the audit logs export. | | -| audit_logs_project | Project that holds the audit logs export resources. | | -| bootstrap_tf_gcs_bucket | GCS bucket used for the bootstrap Terraform state. | | -| environment_folders | Top-level environment folders. | | -| environment_service_account_keys | Service account keys used to run each environment Terraform modules. | ✓ | -| environment_service_accounts | Service accounts used to run each environment Terraform modules. | | -| environment_tf_gcs_buckets | GCS buckets used for each environment Terraform state. | | -| shared_services_project | Project that holdes resources shared across environments. | | -| terraform_project | Project that holds the base Terraform resources. | | +| [audit_logs_bq_dataset](outputs.tf#L15) | Bigquery dataset for the audit logs export. | | +| [audit_logs_project](outputs.tf#L20) | Project that holds the audit logs export resources. | | +| [bootstrap_tf_gcs_bucket](outputs.tf#L25) | GCS bucket used for the bootstrap Terraform state. | | +| [environment_folders](outputs.tf#L30) | Top-level environment folders. | | +| [environment_service_account_keys](outputs.tf#L35) | Service account keys used to run each environment Terraform modules. | ✓ | +| [environment_service_accounts](outputs.tf#L40) | Service accounts used to run each environment Terraform modules. | | +| [environment_tf_gcs_buckets](outputs.tf#L45) | GCS buckets used for each environment Terraform state. | | +| [shared_services_project](outputs.tf#L50) | Project that holdes resources shared across environments. | | +| [terraform_project](outputs.tf#L55) | Project that holds the base Terraform resources. | | - diff --git a/examples/networking/decentralized-firewall/README.md b/examples/networking/decentralized-firewall/README.md index 96c5ac2f..f1b43a56 100644 --- a/examples/networking/decentralized-firewall/README.md +++ b/examples/networking/decentralized-firewall/README.md @@ -19,30 +19,25 @@ This is the high level diagram: The rules can be validated either using an automated process or a manual process (or a combination of the two). There is an example of a YAML-based validator using [Yamale](https://github.com/23andMe/Yamale) in the [`validator/`](validator/) subdirectory, which can be integrated as part of a CI/CD pipeline. - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account id used as default for new projects. | string | ✓ | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | -| root_node | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| ip_ranges | Subnet IP CIDR ranges. | map(string) | | {…} | -| project_services | Service APIs enabled by default in new projects. | list(string) | | […] | -| region | Region used. | string | | "europe-west1" | +| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | +| [prefix](variables.tf#L29) | Prefix used for resources that need unique names. | string | ✓ | | +| [root_node](variables.tf#L50) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | map(string) | | {…} | +| [project_services](variables.tf#L34) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [region](variables.tf#L44) | Region used. | string | | "europe-west1" | ## Outputs | name | description | sensitive | |---|---|:---:| -| fw_rules | Firewall rules. | | -| projects | Project ids. | | -| vpc | Shared VPCs. | | +| [fw_rules](outputs.tf#L15) | Firewall rules. | | +| [projects](outputs.tf#L33) | Project ids. | | +| [vpc](outputs.tf#L41) | Shared VPCs. | | - - diff --git a/examples/networking/filtering-proxy/README.md b/examples/networking/filtering-proxy/README.md index 9edfe6a2..bc0fc608 100644 --- a/examples/networking/filtering-proxy/README.md +++ b/examples/networking/filtering-proxy/README.md @@ -14,28 +14,25 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created and the You can optionally deploy the Squid server as [Managed Instance Group](https://cloud.google.com/compute/docs/instance-groups) by setting the `mig` option to `true`. This option defaults to `false` which results in a standalone VM. ![High-level diagram](squid.png "High-level diagram") - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account | Billing account id used as default for new projects. | string | ✓ | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | -| root_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| allowed_domains | List of domains allowed by the squid proxy. | list(string) | | […] | -| cidrs | CIDR ranges for subnets | map(string) | | {…} | -| mig | Enables the creation of an autoscaling managed instance group of squid instances. | bool | | false | -| nat_logging | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | "ERRORS_ONLY" | -| region | Default region for resources | string | | "europe-west1" | +| [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | string | ✓ | | +| [prefix](variables.tf#L52) | Prefix used for resources that need unique names. | string | ✓ | | +| [root_node](variables.tf#L63) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string) | | […] | +| [cidrs](variables.tf#L31) | CIDR ranges for subnets | map(string) | | {…} | +| [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | bool | | false | +| [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | "ERRORS_ONLY" | +| [region](variables.tf#L57) | Default region for resources | string | | "europe-west1" | ## Outputs | name | description | sensitive | |---|---|:---:| -| squid-address | IP address of the Squid proxy. | | +| [squid-address](outputs.tf#L17) | IP address of the Squid proxy. | | - diff --git a/examples/networking/hub-and-spoke-peering/README.md b/examples/networking/hub-and-spoke-peering/README.md index 0573a51e..4cf68108 100644 --- a/examples/networking/hub-and-spoke-peering/README.md +++ b/examples/networking/hub-and-spoke-peering/README.md @@ -78,28 +78,25 @@ A single pre-existing project is used in this example to keep variables and comp A few APIs need to be enabled in the project, if `apply` fails due to a service not being enabled just click on the link in the error message to enable it for the project, then resume `apply`. The VPN used to connect the GKE masters VPC does not account for HA, upgrading to use HA VPN is reasonably simple by using the relevant [module](../../../modules/net-vpn-ha). - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id used for all resources. | string | ✓ | | -| ip_ranges | IP CIDR ranges. | map(string) | | {…} | -| ip_secondary_ranges | Secondary IP CIDR ranges. | map(string) | | {…} | -| prefix | Arbitrary string used to prefix resource names. | string | | null | -| private_service_ranges | Private service IP CIDR ranges. | map(string) | | {…} | -| project_create | Set to non null if project needs to be created. | object({…}) | | null | -| region | VPC region. | string | | "europe-west1" | +| [project_id](variables.tf#L66) | Project id used for all resources. | string | ✓ | | +| [ip_ranges](variables.tf#L15) | IP CIDR ranges. | map(string) | | {…} | +| [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | map(string) | | {…} | +| [prefix](variables.tf#L34) | Arbitrary string used to prefix resource names. | string | | null | +| [private_service_ranges](variables.tf#L40) | Private service IP CIDR ranges. | map(string) | | {…} | +| [project_create](variables.tf#L48) | Set to non null if project needs to be created. | object({…}) | | null | +| [region](variables.tf#L71) | VPC region. | string | | "europe-west1" | ## Outputs | name | description | sensitive | |---|---|:---:| -| project | Project id. | | -| vms | GCE VMs. | | +| [project](outputs.tf#L15) | Project id. | | +| [vms](outputs.tf#L20) | GCE VMs. | | - diff --git a/examples/networking/hub-and-spoke-vpn/README.md b/examples/networking/hub-and-spoke-vpn/README.md index 2dae7302..f745b2a4 100644 --- a/examples/networking/hub-and-spoke-vpn/README.md +++ b/examples/networking/hub-and-spoke-vpn/README.md @@ -33,26 +33,23 @@ gcloud services enable --project=$MY_PROJECT_ID {compute,dns}.googleapis.com The example does not account for HA, but the VPN gateways can be easily upgraded to use HA VPN via the [net-vpn-ha module](../../../modules/net-vpn-ha). If a single router and VPN gateway are used in the hub to manage all tunnels, particular care must be taken in announcing ranges from hub to spokes, as Cloud Router does not explicitly support transitivity and overlapping routes received from both sides create unintended side effects. The simple workaround is to announce a single aggregated route from hub to spokes so that it does not overlap with any of the ranges advertised by each spoke to the hub. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id for all resources. | string | ✓ | | -| bgp_asn | BGP ASNs. | map(number) | | {…} | -| bgp_custom_advertisements | BGP custom advertisement IP CIDR ranges. | map(string) | | {…} | -| bgp_interface_ranges | BGP interface IP CIDR ranges. | map(string) | | {…} | -| ip_ranges | IP CIDR ranges. | map(string) | | {…} | -| regions | VPC regions. | map(string) | | {…} | +| [project_id](variables.tf#L56) | Project id for all resources. | string | ✓ | | +| [bgp_asn](variables.tf#L15) | BGP ASNs. | map(number) | | {…} | +| [bgp_custom_advertisements](variables.tf#L25) | BGP custom advertisement IP CIDR ranges. | map(string) | | {…} | +| [bgp_interface_ranges](variables.tf#L34) | BGP interface IP CIDR ranges. | map(string) | | {…} | +| [ip_ranges](variables.tf#L43) | IP CIDR ranges. | map(string) | | {…} | +| [regions](variables.tf#L61) | VPC regions. | map(string) | | {…} | ## Outputs | name | description | sensitive | |---|---|:---:| -| vms | GCE VMs. | | +| [vms](outputs.tf#L15) | GCE VMs. | | - diff --git a/examples/networking/ilb-next-hop/README.md b/examples/networking/ilb-next-hop/README.md index 66e337f3..ad0f80d3 100644 --- a/examples/networking/ilb-next-hop/README.md +++ b/examples/networking/ilb-next-hop/README.md @@ -59,33 +59,30 @@ watch '\ A sample testing session using `tmux`: Test session screenshot - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Existing project id. | string | ✓ | | -| ilb_right_enable | Route right to left traffic through ILB. | bool | | false | -| ilb_session_affinity | Session affinity configuration for ILBs. | string | | "CLIENT_IP" | -| ip_ranges | IP CIDR ranges used for VPC subnets. | map(string) | | {…} | -| prefix | Prefix used for resource names. | string | | "ilb-test" | -| project_create | Create project instead of using an existing one. | bool | | false | -| region | Region used for resources. | string | | "europe-west1" | -| zones | Zone suffixes used for instances. | list(string) | | ["b", "c"] | +| [project_id](variables.tf#L50) | Existing project id. | string | ✓ | | +| [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | bool | | false | +| [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | string | | "CLIENT_IP" | +| [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | map(string) | | {…} | +| [prefix](variables.tf#L38) | Prefix used for resource names. | string | | "ilb-test" | +| [project_create](variables.tf#L44) | Create project instead of using an existing one. | bool | | false | +| [region](variables.tf#L55) | Region used for resources. | string | | "europe-west1" | +| [zones](variables.tf#L61) | Zone suffixes used for instances. | list(string) | | ["b", "c"] | ## Outputs | name | description | sensitive | |---|---|:---:| -| addresses | IP addresses. | | -| backend_health_left | Command-line health status for left ILB backends. | | -| backend_health_right | Command-line health status for right ILB backends. | | -| ssh_gw | Command-line login to gateway VMs. | | -| ssh_vm_left | Command-line login to left VMs. | | -| ssh_vm_right | Command-line login to right VMs. | | +| [addresses](outputs.tf#L17) | IP addresses. | | +| [backend_health_left](outputs.tf#L28) | Command-line health status for left ILB backends. | | +| [backend_health_right](outputs.tf#L38) | Command-line health status for right ILB backends. | | +| [ssh_gw](outputs.tf#L48) | Command-line login to gateway VMs. | | +| [ssh_vm_left](outputs.tf#L56) | Command-line login to left VMs. | | +| [ssh_vm_right](outputs.tf#L64) | Command-line login to right VMs. | | - diff --git a/examples/networking/onprem-google-access-dns/README.md b/examples/networking/onprem-google-access-dns/README.md index c1182b70..e87853ca 100644 --- a/examples/networking/onprem-google-access-dns/README.md +++ b/examples/networking/onprem-google-access-dns/README.md @@ -200,30 +200,27 @@ curl www.onprem.example.org -s |grep h1 A single pre-existing project is used in this example to keep variables and complexity to a minimum, in a real world scenarios each spoke would probably use a separate project. The VPN-s used to connect to the on-premises environment do not account for HA, upgrading to use HA VPN is reasonably simple by using the relevant [module](../../../modules/net-vpn-ha). - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id for all resources. | string | ✓ | | -| bgp_asn | BGP ASNs. | map(number) | | {…} | -| bgp_interface_ranges | BGP interface IP CIDR ranges. | map(string) | | {…} | -| dns_forwarder_address | Address of the DNS server used to forward queries from on-premises. | string | | "10.0.0.2" | -| forwarder_address | GCP DNS inbound policy forwarder address. | string | | "10.0.0.2" | -| ip_ranges | IP CIDR ranges. | map(string) | | {…} | -| region | VPC region. | map(string) | | {…} | -| ssh_source_ranges | IP CIDR ranges that will be allowed to connect via SSH to the onprem instance. | list(string) | | ["0.0.0.0/0"] | +| [project_id](variables.tf#L59) | Project id for all resources. | string | ✓ | | +| [bgp_asn](variables.tf#L17) | BGP ASNs. | map(number) | | {…} | +| [bgp_interface_ranges](variables.tf#L28) | BGP interface IP CIDR ranges. | map(string) | | {…} | +| [dns_forwarder_address](variables.tf#L37) | Address of the DNS server used to forward queries from on-premises. | string | | "10.0.0.2" | +| [forwarder_address](variables.tf#L43) | GCP DNS inbound policy forwarder address. | string | | "10.0.0.2" | +| [ip_ranges](variables.tf#L49) | IP CIDR ranges. | map(string) | | {…} | +| [region](variables.tf#L64) | VPC region. | map(string) | | {…} | +| [ssh_source_ranges](variables.tf#L73) | IP CIDR ranges that will be allowed to connect via SSH to the onprem instance. | list(string) | | ["0.0.0.0/0"] | ## Outputs | name | description | sensitive | |---|---|:---:| -| onprem-instance | Onprem instance details. | | -| test-instance1 | Test instance details. | | -| test-instance2 | Test instance details. | | +| [onprem-instance](outputs.tf#L17) | Onprem instance details. | | +| [test-instance1](outputs.tf#L26) | Test instance details. | | +| [test-instance2](outputs.tf#L33) | Test instance details. | | - diff --git a/examples/networking/private-cloud-function-from-onprem/README.md b/examples/networking/private-cloud-function-from-onprem/README.md index f787e6fa..d0d7ffdb 100644 --- a/examples/networking/private-cloud-function-from-onprem/README.md +++ b/examples/networking/private-cloud-function-from-onprem/README.md @@ -13,25 +13,23 @@ curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME ``` ![Cloud Function via Private Service Connect](diagram.png "High-level diagram") - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id. | string | ✓ | | -| ip_ranges | IP ranges used for the VPCs. | object({…}) | | {…} | -| name | Name used for new resources. | string | | "cf-via-psc" | -| project_create | If non null, creates project instead of using an existing one. | object({…}) | | null | -| psc_endpoint | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | string | | "172.16.32.1" | -| region | Region where the resources will be created. | string | | "europe-west1" | +| [project_id](variables.tf#L44) | Project id. | string | ✓ | | +| [ip_ranges](variables.tf#L17) | IP ranges used for the VPCs. | object({…}) | | {…} | +| [name](variables.tf#L29) | Name used for new resources. | string | | "cf-via-psc" | +| [project_create](variables.tf#L35) | If non null, creates project instead of using an existing one. | object({…}) | | null | +| [psc_endpoint](variables.tf#L49) | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | string | | "172.16.32.1" | +| [region](variables.tf#L55) | Region where the resources will be created. | string | | "europe-west1" | ## Outputs | name | description | sensitive | |---|---|:---:| -| function_url | URL of the Cloud Function. | | +| [function_url](outputs.tf#L17) | URL of the Cloud Function. | | diff --git a/examples/networking/shared-vpc-gke/README.md b/examples/networking/shared-vpc-gke/README.md index 67658a22..933a7384 100644 --- a/examples/networking/shared-vpc-gke/README.md +++ b/examples/networking/shared-vpc-gke/README.md @@ -41,35 +41,32 @@ alias k='HTTPS_PROXY=localhost:8888 kubectl $@' ## Destroying There's a minor glitch that can surface running `terraform destroy`, where the service project attachments to the Shared VPC will not get destroyed even with the relevant API call succeeding. We are investigating the issue, in the meantime just manually remove the attachment in the Cloud console or via the `gcloud beta compute shared-vpc associated-projects remove` command when `terraform destroy` fails, and then relaunch the command. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account_id | Billing account id used as default for new projects. | string | ✓ | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | -| root_node | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| cluster_create | Create GKE cluster and nodepool. | bool | | true | -| ip_ranges | Subnet IP CIDR ranges. | map(string) | | {…} | -| ip_secondary_ranges | Secondary IP CIDR ranges. | map(string) | | {…} | -| owners_gce | GCE project owners, in IAM format. | list(string) | | [] | -| owners_gke | GKE project owners, in IAM format. | list(string) | | [] | -| owners_host | Host project owners, in IAM format. | list(string) | | [] | -| private_service_ranges | Private service IP CIDR ranges. | map(string) | | {…} | -| project_services | Service APIs enabled by default in new projects. | list(string) | | […] | -| region | Region used. | string | | "europe-west1" | +| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | +| [prefix](variables.tf#L62) | Prefix used for resources that need unique names. | string | ✓ | | +| [root_node](variables.tf#L90) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | bool | | true | +| [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | map(string) | | {…} | +| [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | map(string) | | {…} | +| [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | list(string) | | [] | +| [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | list(string) | | [] | +| [owners_host](variables.tf#L56) | Host project owners, in IAM format. | list(string) | | [] | +| [private_service_ranges](variables.tf#L67) | Private service IP CIDR ranges. | map(string) | | {…} | +| [project_services](variables.tf#L75) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [region](variables.tf#L84) | Region used. | string | | "europe-west1" | ## Outputs | name | description | sensitive | |---|---|:---:| -| gke_clusters | GKE clusters information. | | -| projects | Project ids. | | -| vms | GCE VMs. | | -| vpc | Shared VPC. | | +| [gke_clusters](outputs.tf#L15) | GKE clusters information. | | +| [projects](outputs.tf#L24) | Project ids. | | +| [vms](outputs.tf#L33) | GCE VMs. | | +| [vpc](outputs.tf#L40) | Shared VPC. | | - diff --git a/examples/third-party-solutions/openshift/tf/README.md b/examples/third-party-solutions/openshift/tf/README.md index 8a76e93a..9ff776f5 100644 --- a/examples/third-party-solutions/openshift/tf/README.md +++ b/examples/third-party-solutions/openshift/tf/README.md @@ -1,35 +1,32 @@ # OpenShift Cluster Bootstrap This example is a companion setup to the Python script in the parent folder, and is used to bootstrap OpenShift clusters on GCP. Refer to the documentation in the parent folder for usage instructions. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| cluster_name | Name used for the cluster and DNS zone. | string | ✓ | | -| domain | Domain name used to derive the DNS zone. | string | ✓ | | -| fs_paths | Filesystem paths for commands and data, supports home path expansion. | object({…}) | ✓ | | -| host_project | Shared VPC project and network configuration. | object({…}) | ✓ | | -| service_project | Service project configuration. | object({…}) | ✓ | | -| allowed_ranges | Ranges that can SSH to the boostrap VM and API endpoint. | list(any) | | ["10.0.0.0/8"] | -| disk_encryption_key | Optional CMEK for disk encryption. | object({…}) | | null | -| install_config_params | OpenShift cluster configuration. | object({…}) | | {…} | -| post_bootstrap_config | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({…}) | | null | -| region | Region where resources will be created. | string | | "europe-west1" | -| rhcos_gcp_image | RHCOS image used. | string | | "projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64" | -| tags | Additional tags for instances. | list(string) | | ["ssh"] | -| zones | Zones used for instances. | list(string) | | ["b", "c", "d"] | +| [cluster_name](variables.tf#L23) | Name used for the cluster and DNS zone. | string | ✓ | | +| [domain](variables.tf#L28) | Domain name used to derive the DNS zone. | string | ✓ | | +| [fs_paths](variables.tf#L87) | Filesystem paths for commands and data, supports home path expansion. | object({…}) | ✓ | | +| [host_project](variables.tf#L44) | Shared VPC project and network configuration. | object({…}) | ✓ | | +| [service_project](variables.tf#L124) | Service project configuration. | object({…}) | ✓ | | +| [allowed_ranges](variables.tf#L17) | Ranges that can SSH to the boostrap VM and API endpoint. | list(any) | | ["10.0.0.0/8"] | +| [disk_encryption_key](variables.tf#L33) | Optional CMEK for disk encryption. | object({…}) | | null | +| [install_config_params](variables.tf#L57) | OpenShift cluster configuration. | object({…}) | | {…} | +| [post_bootstrap_config](variables.tf#L102) | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({…}) | | null | +| [region](variables.tf#L110) | Region where resources will be created. | string | | "europe-west1" | +| [rhcos_gcp_image](variables.tf#L116) | RHCOS image used. | string | | "projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64" | +| [tags](variables.tf#L131) | Additional tags for instances. | list(string) | | ["ssh"] | +| [zones](variables.tf#L137) | Zones used for instances. | list(string) | | ["b", "c", "d"] | ## Outputs | name | description | sensitive | |---|---|:---:| -| backend-health | Command to monitor API internal backend health. | | -| bootstrap-ssh | Command to SSH to the bootstrap instance. | | -| masters-ssh | Command to SSH to the master instances. | | +| [backend-health](outputs.tf#L17) | Command to monitor API internal backend health. | | +| [bootstrap-ssh](outputs.tf#L27) | Command to SSH to the bootstrap instance. | | +| [masters-ssh](outputs.tf#L37) | Command to SSH to the master instances. | | - diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md index ab15cde0..52e6ef27 100644 --- a/fast/stages/00-bootstrap/README.md +++ b/fast/stages/00-bootstrap/README.md @@ -283,23 +283,23 @@ Names used in internal references (e.g. `module.foo-prod.id`) are only used by T | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| -| billing_account | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | | -| organization | Organization details. | object({…}) | ✓ | | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | | -| bootstrap_user | Email of the nominal user running this stage for the first time. | string | | null | | -| groups | Group names to grant organization-level permissions. | map(string) | | {…} | | -| iam | Organization-level custom IAM settings in role => [principal] format. | map(list(string)) | | {} | | -| iam_additive | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | map(list(string)) | | {} | | -| log_sinks | Org-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | -| outputs_location | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [billing_account](variables.tf#L17) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | | +| [organization](variables.tf#L82) | Organization details. | object({…}) | ✓ | | | +| [prefix](variables.tf#L97) | Prefix used for resources that need unique names. | string | ✓ | | | +| [bootstrap_user](variables.tf#L25) | Email of the nominal user running this stage for the first time. | string | | null | | +| [groups](variables.tf#L31) | Group names to grant organization-level permissions. | map(string) | | {…} | | +| [iam](variables.tf#L45) | Organization-level custom IAM settings in role => [principal] format. | map(list(string)) | | {} | | +| [iam_additive](variables.tf#L51) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | map(list(string)) | | {} | | +| [log_sinks](variables.tf#L57) | Org-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | +| [outputs_location](variables.tf#L91) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | ## Outputs | name | description | sensitive | consumers | |---|---|:---:|---| -| billing_dataset | BigQuery dataset prepared for billing export. | | | -| project_ids | Projects created by this stage. | | | -| providers | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | -| tfvars | Terraform variable files for the following stages. | ✓ | | +| [billing_dataset](outputs.tf#L84) | BigQuery dataset prepared for billing export. | | | +| [project_ids](outputs.tf#L89) | Projects created by this stage. | | | +| [providers](outputs.tf#L100) | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | +| [tfvars](outputs.tf#L109) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md index f3b6f6a8..098c6506 100644 --- a/fast/stages/01-resman/README.md +++ b/fast/stages/01-resman/README.md @@ -159,26 +159,26 @@ Due to its simplicity, this stage lends itself easily to customizations: adding | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| -| automation_project_id | Project id for the automation project created by the bootstrap stage. | string | ✓ | | 00-bootstrap | -| billing_account | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | -| organization | Organization details. | object({…}) | ✓ | | 00-bootstrap | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | -| custom_roles | Custom roles defined at the org level, in key => id format. | map(string) | | {} | 00-bootstrap | -| groups | Group names to grant organization-level permissions. | map(string) | | {…} | 00-bootstrap | -| organization_policy_configs | Organization policies customization. | object({…}) | | null | | -| outputs_location | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| team_folders | Team folders to be created. Format is described in a code comment. | map(object({…})) | | null | | +| [automation_project_id](variables.tf#L29) | Project id for the automation project created by the bootstrap stage. | string | ✓ | | 00-bootstrap | +| [billing_account](variables.tf#L20) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | +| [organization](variables.tf#L57) | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L81) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | +| [custom_roles](variables.tf#L35) | Custom roles defined at the org level, in key => id format. | map(string) | | {} | 00-bootstrap | +| [groups](variables.tf#L42) | Group names to grant organization-level permissions. | map(string) | | {…} | 00-bootstrap | +| [organization_policy_configs](variables.tf#L67) | Organization policies customization. | object({…}) | | null | | +| [outputs_location](variables.tf#L75) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [team_folders](variables.tf#L87) | Team folders to be created. Format is described in a code comment. | map(object({…})) | | null | | ## Outputs | name | description | sensitive | consumers | |---|---|:---:|---| -| networking | Data for the networking stage. | | 02-networking | -| project_factories | Data for the project factories stage. | | xx-teams | -| providers | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams | -| sandbox | Data for the sandbox stage. | | xx-sandbox | -| security | Data for the networking stage. | | 02-security | -| teams | Data for the teams stage. | | | -| tfvars | Terraform variable files for the following stages. | ✓ | | +| [networking](outputs.tf#L79) | Data for the networking stage. | | 02-networking | +| [project_factories](outputs.tf#L89) | Data for the project factories stage. | | xx-teams | +| [providers](outputs.tf#L106) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams | +| [sandbox](outputs.tf#L113) | Data for the sandbox stage. | | xx-sandbox | +| [security](outputs.tf#L123) | Data for the networking stage. | | 02-security | +| [teams](outputs.tf#L133) | Data for the teams stage. | | | +| [tfvars](outputs.tf#L146) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/02-networking/README.md b/fast/stages/02-networking/README.md index 718fb2c0..75a20e77 100644 --- a/fast/stages/02-networking/README.md +++ b/fast/stages/02-networking/README.md @@ -308,32 +308,32 @@ DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS res | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| -| billing_account_id | Billing account id. | string | ✓ | | 00-bootstrap | -| organization | Organization details. | object({…}) | ✓ | | 00-bootstrap | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | -| custom_adv | Custom advertisement definitions in name => range format. | map(string) | | {…} | | -| data_dir | Relative path for the folder storing configuration data for network resources. | string | | "data" | | -| dns | Onprem DNS resolvers | map(list(string)) | | {…} | | -| folder_id | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman | -| gke | | map(object({…})) | | {} | 01-resman | -| l7ilb_subnets | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | -| outputs_location | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| project_factory_sa | IAM emails for project factory service accounts | map(string) | | {} | 01-resman | -| psa_ranges | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | -| router_configs | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | -| vpn_onprem_configs | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | -| vpn_spoke_configs | VPN gateway configuration for spokes. | map(object({…})) | | {…} | | +| [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | 00-bootstrap | +| [organization](variables.tf#L99) | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L115) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | +| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | map(string) | | {…} | | +| [data_dir](variables.tf#L42) | Relative path for the folder storing configuration data for network resources. | string | | "data" | | +| [dns](variables.tf#L48) | Onprem DNS resolvers | map(list(string)) | | {…} | | +| [folder_id](variables.tf#L56) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman | +| [gke](variables.tf#L70) | | map(object({…})) | | {} | 01-resman | +| [l7ilb_subnets](variables.tf#L81) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | +| [outputs_location](variables.tf#L109) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [project_factory_sa](variables.tf#L121) | IAM emails for project factory service accounts | map(string) | | {} | 01-resman | +| [psa_ranges](variables.tf#L128) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | +| [router_configs](variables.tf#L143) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | +| [vpn_onprem_configs](variables.tf#L167) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| [vpn_spoke_configs](variables.tf#L207) | VPN gateway configuration for spokes. | map(object({…})) | | {…} | | ## Outputs | name | description | sensitive | consumers | |---|---|:---:|---| -| cloud_dns_inbound_policy | IP Addresses for Cloud DNS inbound policy. | | | -| project_ids | Network project ids. | | | -| project_numbers | Network project numbers. | | | -| shared_vpc_host_projects | Shared VPC host projects. | | | -| shared_vpc_self_links | Shared VPC host projects. | | | -| tfvars | Network-related variables used in other stages. | ✓ | | -| vpn_gateway_endpoints | External IP Addresses for the GCP VPN gateways. | | | +| [cloud_dns_inbound_policy](outputs.tf#L41) | IP Addresses for Cloud DNS inbound policy. | | | +| [project_ids](outputs.tf#L46) | Network project ids. | | | +| [project_numbers](outputs.tf#L55) | Network project numbers. | | | +| [shared_vpc_host_projects](outputs.tf#L64) | Shared VPC host projects. | | | +| [shared_vpc_self_links](outputs.tf#L74) | Shared VPC host projects. | | | +| [tfvars](outputs.tf#L91) | Network-related variables used in other stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L84) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-security/README.md b/fast/stages/02-security/README.md index 7b01d9f0..36797f2f 100644 --- a/fast/stages/02-security/README.md +++ b/fast/stages/02-security/README.md @@ -283,27 +283,27 @@ Some references that might be useful in setting up this stage: | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| -| billing_account_id | Billing account id. | string | ✓ | | bootstrap | -| folder_id | Folder to be used for the networking resources in folders/nnnn format. | string | ✓ | | resman | -| organization | Organization details. | object({…}) | ✓ | | bootstrap | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | | -| groups | Group names to grant organization-level permissions. | map(string) | | {…} | bootstrap | -| kms_defaults | Defaults used for KMS keys. | object({…}) | | {…} | | -| kms_keys | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | map(object({…})) | | {} | | -| kms_restricted_admins | Map of environment => [identities] who can assign the encrypt/decrypt roles on keys. | map(list(string)) | | {} | | -| outputs_location | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | -| vpc_sc_access_levels | VPC SC access level definitions. | map(object({…})) | | {} | | -| vpc_sc_egress_policies | VPC SC egress policy defnitions. | map(object({…})) | | {} | | -| vpc_sc_ingress_policies | VPC SC ingress policy defnitions. | map(object({…})) | | {} | | -| vpc_sc_perimeter_access_levels | VPC SC perimeter access_levels. | object({…}) | | null | | -| vpc_sc_perimeter_egress_policies | VPC SC egress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable. | object({…}) | | null | | -| vpc_sc_perimeter_ingress_policies | VPC SC ingress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable. | object({…}) | | null | | -| vpc_sc_perimeter_projects | VPC SC perimeter resources. | object({…}) | | null | | +| [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | bootstrap | +| [folder_id](variables.tf#L23) | Folder to be used for the networking resources in folders/nnnn format. | string | ✓ | | resman | +| [organization](variables.tf#L73) | Organization details. | object({…}) | ✓ | | bootstrap | +| [prefix](variables.tf#L89) | Prefix used for resources that need unique names. | string | ✓ | | | +| [groups](variables.tf#L29) | Group names to grant organization-level permissions. | map(string) | | {…} | bootstrap | +| [kms_defaults](variables.tf#L44) | Defaults used for KMS keys. | object({…}) | | {…} | | +| [kms_keys](variables.tf#L56) | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | map(object({…})) | | {} | | +| [kms_restricted_admins](variables.tf#L67) | Map of environment => [identities] who can assign the encrypt/decrypt roles on keys. | map(list(string)) | | {} | | +| [outputs_location](variables.tf#L83) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | +| [vpc_sc_access_levels](variables.tf#L94) | VPC SC access level definitions. | map(object({…})) | | {} | | +| [vpc_sc_egress_policies](variables.tf#L109) | VPC SC egress policy defnitions. | map(object({…})) | | {} | | +| [vpc_sc_ingress_policies](variables.tf#L127) | VPC SC ingress policy defnitions. | map(object({…})) | | {} | | +| [vpc_sc_perimeter_access_levels](variables.tf#L147) | VPC SC perimeter access_levels. | object({…}) | | null | | +| [vpc_sc_perimeter_egress_policies](variables.tf#L157) | VPC SC egress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable. | object({…}) | | null | | +| [vpc_sc_perimeter_ingress_policies](variables.tf#L167) | VPC SC ingress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable. | object({…}) | | null | | +| [vpc_sc_perimeter_projects](variables.tf#L177) | VPC SC perimeter resources. | object({…}) | | null | | ## Outputs | name | description | sensitive | consumers | |---|---|:---:|---| -| stage_perimeter_projects | Security project numbers. They can be added to perimeter resources. | | | +| [stage_perimeter_projects](outputs.tf#L37) | Security project numbers. They can be added to perimeter resources. | | | diff --git a/fast/stages/03-project-factory/prod/README.md b/fast/stages/03-project-factory/prod/README.md index 42ddc698..34f9be88 100644 --- a/fast/stages/03-project-factory/prod/README.md +++ b/fast/stages/03-project-factory/prod/README.md @@ -109,17 +109,17 @@ terraform apply | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| -| billing_account_id | Billing account id. | string | ✓ | | 00-bootstrap | -| shared_vpc_self_link | Self link for the shared VPC. | string | ✓ | | 02-networking | -| vpc_host_project | Host project for the shared VPC. | string | ✓ | | 02-networking | -| data_dir | Relative path for the folder storing configuration data. | string | | "data/projects" | | -| defaults_file | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | -| environment_dns_zone | DNS zone suffix for environment. | string | | null | 02-networking | +| [billing_account_id](variables.tf#L19) | Billing account id. | string | ✓ | | 00-bootstrap | +| [shared_vpc_self_link](variables.tf#L44) | Self link for the shared VPC. | string | ✓ | | 02-networking | +| [vpc_host_project](variables.tf#L50) | Host project for the shared VPC. | string | ✓ | | 02-networking | +| [data_dir](variables.tf#L25) | Relative path for the folder storing configuration data. | string | | "data/projects" | | +| [defaults_file](variables.tf#L38) | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | +| [environment_dns_zone](variables.tf#L31) | DNS zone suffix for environment. | string | | null | 02-networking | ## Outputs | name | description | sensitive | consumers | |---|---|:---:|---| -| projects | Created projects and service accounts. | | | +| [projects](outputs.tf#L17) | Created projects and service accounts. | | | diff --git a/modules/__experimental/net-neg/README.md b/modules/__experimental/net-neg/README.md index 8357296c..e04896f5 100644 --- a/modules/__experimental/net-neg/README.md +++ b/modules/__experimental/net-neg/README.md @@ -23,28 +23,25 @@ module "neg" { ] } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| endpoints | List of (instance, port, address) of the NEG | list(object({…})) | ✓ | | -| name | NEG name | string | ✓ | | -| network | Name or self link of the VPC used for the NEG. Use the self link for Shared VPC. | string | ✓ | | -| project_id | NEG project id. | string | ✓ | | -| subnetwork | VPC subnetwork name or self link. | string | ✓ | | -| zone | NEG zone | string | ✓ | | +| [endpoints](variables.tf#L42) | List of (instance, port, address) of the NEG | list(object({…})) | ✓ | | +| [name](variables.tf#L22) | NEG name | string | ✓ | | +| [network](variables.tf#L27) | Name or self link of the VPC used for the NEG. Use the self link for Shared VPC. | string | ✓ | | +| [project_id](variables.tf#L17) | NEG project id. | string | ✓ | | +| [subnetwork](variables.tf#L32) | VPC subnetwork name or self link. | string | ✓ | | +| [zone](variables.tf#L37) | NEG zone | string | ✓ | | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | Network endpoint group ID | | -| self_lnk | Network endpoint group self link | | -| size | Size of the network endpoint group | | +| [id](outputs.tf#L17) | Network endpoint group ID | | +| [self_lnk](outputs.tf#L27) | Network endpoint group self link | | +| [size](outputs.tf#L22) | Size of the network endpoint group | | - diff --git a/modules/apigee-organization/README.md b/modules/apigee-organization/README.md index 33933efb..789d6292 100644 --- a/modules/apigee-organization/README.md +++ b/modules/apigee-organization/README.md @@ -98,33 +98,30 @@ module "apigee-organization" { } # tftest:modules=1:resources=6 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| analytics_region | Analytics Region for the Apigee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli. | string | ✓ | | -| project_id | Project ID to host this Apigee organization (will also become the Apigee Org name). | string | ✓ | | -| runtime_type | Apigee runtime type. Must be `CLOUD` or `HYBRID`. | string | ✓ | | -| apigee_envgroups | Apigee Environment Groups. | map(object({…})) | | {} | -| apigee_environments | Apigee Environment Names. | list(string) | | [] | -| authorized_network | VPC network self link (requires service network peering enabled (Used in Apigee X only). | string | | null | -| database_encryption_key | Cloud KMS key self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only). | string | | null | -| description | Description of the Apigee Organization. | string | | "Apigee Organization created by tf module" | -| display_name | Display Name of the Apigee Organization. | string | | null | +| [analytics_region](variables.tf#L17) | Analytics Region for the Apigee Organization (immutable). See https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli. | string | ✓ | | +| [project_id](variables.tf#L61) | Project ID to host this Apigee organization (will also become the Apigee Org name). | string | ✓ | | +| [runtime_type](variables.tf#L66) | Apigee runtime type. Must be `CLOUD` or `HYBRID`. | string | ✓ | | +| [apigee_envgroups](variables.tf#L22) | Apigee Environment Groups. | map(object({…})) | | {} | +| [apigee_environments](variables.tf#L31) | Apigee Environment Names. | list(string) | | [] | +| [authorized_network](variables.tf#L37) | VPC network self link (requires service network peering enabled (Used in Apigee X only). | string | | null | +| [database_encryption_key](variables.tf#L43) | Cloud KMS key self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only). | string | | null | +| [description](variables.tf#L49) | Description of the Apigee Organization. | string | | "Apigee Organization created by tf module" | +| [display_name](variables.tf#L55) | Display Name of the Apigee Organization. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| envs | Apigee Environments. | | -| org | Apigee Organization. | | -| org_ca_certificate | Apigee organization CA certificate. | | -| org_id | Apigee Organization ID. | | -| subscription_type | Apigee subscription type. | | +| [envs](outputs.tf#L17) | Apigee Environments. | | +| [org](outputs.tf#L22) | Apigee Organization. | | +| [org_ca_certificate](outputs.tf#L27) | Apigee organization CA certificate. | | +| [org_id](outputs.tf#L32) | Apigee Organization ID. | | +| [subscription_type](outputs.tf#L37) | Apigee subscription type. | | - diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md index eab58179..4f113436 100644 --- a/modules/apigee-x-instance/README.md +++ b/modules/apigee-x-instance/README.md @@ -42,30 +42,27 @@ module "apigee-x-instance" { } # tftest:modules=1:resources=5 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| apigee_org_id | Apigee Organization ID | string | ✓ | | -| cidr_mask | CIDR mask for the Apigee instance | number | ✓ | | -| name | Apigee instance name. | string | ✓ | | -| region | Compute region. | string | ✓ | | -| apigee_envgroups | Apigee Environment Groups. | map(object({…})) | | {} | -| apigee_environments | Apigee Environment Names. | list(string) | | [] | -| disk_encryption_key | Customer Managed Encryption Key (CMEK) self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for disk and volume encryption (required for PAID Apigee Orgs only). | string | | null | +| [apigee_org_id](variables.tf#L32) | Apigee Organization ID | string | ✓ | | +| [cidr_mask](variables.tf#L37) | CIDR mask for the Apigee instance | number | ✓ | | +| [name](variables.tf#L52) | Apigee instance name. | string | ✓ | | +| [region](variables.tf#L57) | Compute region. | string | ✓ | | +| [apigee_envgroups](variables.tf#L17) | Apigee Environment Groups. | map(object({…})) | | {} | +| [apigee_environments](variables.tf#L26) | Apigee Environment Names. | list(string) | | [] | +| [disk_encryption_key](variables.tf#L46) | Customer Managed Encryption Key (CMEK) self link (e.g. `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`) used for disk and volume encryption (required for PAID Apigee Orgs only). | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| endpoint | Internal endpoint of the Apigee instance. | | -| id | Apigee instance ID. | | -| instance | Apigee instance. | | -| port | Port number of the internal endpoint of the Apigee instance. | | +| [endpoint](outputs.tf#L17) | Internal endpoint of the Apigee instance. | | +| [id](outputs.tf#L22) | Apigee instance ID. | | +| [instance](outputs.tf#L27) | Apigee instance. | | +| [port](outputs.tf#L32) | Port number of the internal endpoint of the Apigee instance. | | - diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md index 051d858e..b0ac895f 100644 --- a/modules/artifact-registry/README.md +++ b/modules/artifact-registry/README.md @@ -19,28 +19,25 @@ module "docker_artifact_registry" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| id | Repository id | string | ✓ | | -| project_id | Registry project id. | string | ✓ | | -| description | An optional description for the repository | string | | "Terraform-managed registry" | -| format | Repository format. One of DOCKER or UNSPECIFIED | string | | "DOCKER" | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| labels | Labels to be attached to the registry. | map(string) | | {} | -| location | Registry location. Use `gcloud beta artifacts locations list' to get valid values | string | | null | +| [id](variables.tf#L35) | Repository id | string | ✓ | | +| [project_id](variables.tf#L52) | Registry project id. | string | ✓ | | +| [description](variables.tf#L17) | An optional description for the repository | string | | "Terraform-managed registry" | +| [format](variables.tf#L23) | Repository format. One of DOCKER or UNSPECIFIED | string | | "DOCKER" | +| [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [labels](variables.tf#L40) | Labels to be attached to the registry. | map(string) | | {} | +| [location](variables.tf#L46) | Registry location. Use `gcloud beta artifacts locations list' to get valid values | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | Repository id | | -| name | Repository name | | +| [id](outputs.tf#L17) | Repository id | | +| [name](outputs.tf#L22) | Repository name | | - diff --git a/modules/bigquery-dataset/README.md b/modules/bigquery-dataset/README.md index 1919dd55..0b6379cb 100644 --- a/modules/bigquery-dataset/README.md +++ b/modules/bigquery-dataset/README.md @@ -173,42 +173,38 @@ module "bigquery-dataset" { # tftest:modules=1:resources=3 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| id | Dataset id. | string | ✓ | | -| project_id | Id of the project where datasets will be created. | string | ✓ | | -| access | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | map(object({…})) | | {} | -| access_identities | Map of access identities used for basic access roles. View identities have the format 'project_id|dataset_id|table_id'. | map(string) | | {} | -| dataset_access | Set access in the dataset resource instead of using separate resources. | bool | | false | -| description | Optional description. | string | | "Terraform managed." | -| encryption_key | Self link of the KMS key that will be used to protect destination table. | string | | null | -| friendly_name | Dataset friendly name. | string | | null | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. | map(list(string)) | | {} | -| labels | Dataset labels. | map(string) | | {} | -| location | Dataset location. | string | | "EU" | -| options | Dataset options. | object({…}) | | {…} | -| tables | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | map(object({…})) | | {} | -| views | View definitions. | map(object({…})) | | {} | +| [id](variables.tf#L69) | Dataset id. | string | ✓ | | +| [project_id](variables.tf#L100) | Id of the project where datasets will be created. | string | ✓ | | +| [access](variables.tf#L17) | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | map(object({…})) | | {} | +| [access_identities](variables.tf#L33) | Map of access identities used for basic access roles. View identities have the format 'project_id|dataset_id|table_id'. | map(string) | | {} | +| [dataset_access](variables.tf#L39) | Set access in the dataset resource instead of using separate resources. | bool | | false | +| [description](variables.tf#L45) | Optional description. | string | | "Terraform managed." | +| [encryption_key](variables.tf#L51) | Self link of the KMS key that will be used to protect destination table. | string | | null | +| [friendly_name](variables.tf#L57) | Dataset friendly name. | string | | null | +| [iam](variables.tf#L63) | IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. | map(list(string)) | | {} | +| [labels](variables.tf#L74) | Dataset labels. | map(string) | | {} | +| [location](variables.tf#L80) | Dataset location. | string | | "EU" | +| [options](variables.tf#L86) | Dataset options. | object({…}) | | {…} | +| [tables](variables.tf#L105) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | map(object({…})) | | {} | +| [views](variables.tf#L133) | View definitions. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| dataset | Dataset resource. | | -| dataset_id | Dataset id. | | -| id | Fully qualified dataset id. | | -| self_link | Dataset self link. | | -| table_ids | Map of fully qualified table ids keyed by table ids. | | -| tables | Table resources. | | -| view_ids | Map of fully qualified view ids keyed by view ids. | | -| views | View resources. | | +| [dataset](outputs.tf#L17) | Dataset resource. | | +| [dataset_id](outputs.tf#L22) | Dataset id. | | +| [id](outputs.tf#L34) | Fully qualified dataset id. | | +| [self_link](outputs.tf#L46) | Dataset self link. | | +| [table_ids](outputs.tf#L58) | Map of fully qualified table ids keyed by table ids. | | +| [tables](outputs.tf#L63) | Table resources. | | +| [view_ids](outputs.tf#L68) | Map of fully qualified view ids keyed by view ids. | | +| [views](outputs.tf#L73) | View resources. | | - - diff --git a/modules/bigtable-instance/README.md b/modules/bigtable-instance/README.md index c560a5bf..29db1925 100644 --- a/modules/bigtable-instance/README.md +++ b/modules/bigtable-instance/README.md @@ -32,36 +32,32 @@ module "bigtable-instance" { } # tftest:modules=1:resources=4 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | The name of the Cloud Bigtable instance. | string | ✓ | | -| project_id | Id of the project where datasets will be created. | string | ✓ | | -| zone | The zone to create the Cloud Bigtable cluster in. | string | ✓ | | -| cluster_id | The ID of the Cloud Bigtable cluster. | string | | "europe-west1" | -| deletion_protection | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | | | true | -| display_name | The human-readable display name of the Bigtable instance. | | | null | -| iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| instance_type | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string | | null | -| num_nodes | The number of nodes in your Cloud Bigtable cluster. | number | | 1 | -| storage_type | The storage type to use. | string | | "SSD" | -| table_options_defaults | Default option of tables created in the BigTable instance. | object({…}) | | {…} | -| tables | Tables to be created in the BigTable instance, options can be null. | map(object({…})) | | {} | +| [name](variables.tf#L45) | The name of the Cloud Bigtable instance. | string | ✓ | | +| [project_id](variables.tf#L56) | Id of the project where datasets will be created. | string | ✓ | | +| [zone](variables.tf#L88) | The zone to create the Cloud Bigtable cluster in. | string | ✓ | | +| [cluster_id](variables.tf#L17) | The ID of the Cloud Bigtable cluster. | string | | "europe-west1" | +| [deletion_protection](variables.tf#L23) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | | | true | +| [display_name](variables.tf#L28) | The human-readable display name of the Bigtable instance. | | | null | +| [iam](variables.tf#L33) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [instance_type](variables.tf#L39) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string | | null | +| [num_nodes](variables.tf#L50) | The number of nodes in your Cloud Bigtable cluster. | number | | 1 | +| [storage_type](variables.tf#L61) | The storage type to use. | string | | "SSD" | +| [table_options_defaults](variables.tf#L67) | Default option of tables created in the BigTable instance. | object({…}) | | {…} | +| [tables](variables.tf#L79) | Tables to be created in the BigTable instance, options can be null. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | An identifier for the resource with format projects/{{project}}/instances/{{name}}. | | -| instance | BigTable intance. | | -| table_ids | Map of fully qualified table ids keyed by table name. | | -| tables | Table resources. | | +| [id](outputs.tf#L17) | An identifier for the resource with format projects/{{project}}/instances/{{name}}. | | +| [instance](outputs.tf#L26) | BigTable intance. | | +| [table_ids](outputs.tf#L35) | Map of fully qualified table ids keyed by table name. | | +| [tables](outputs.tf#L40) | Table resources. | | - - diff --git a/modules/billing-budget/README.md b/modules/billing-budget/README.md index 6a0f4607..81549f93 100644 --- a/modules/billing-budget/README.md +++ b/modules/billing-budget/README.md @@ -61,32 +61,29 @@ module "pubsub" { # tftest:modules=2:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| billing_account | Billing account id. | string | ✓ | | -| name | Budget name. | string | ✓ | | -| thresholds | Thresholds percentages at which alerts are sent. Must be a value between 0 and 1. | object({…}) | ✓ | | -| amount | Amount in the billing account's currency for the budget. Use 0 to set budget to 100% of last period's spend. | number | | 0 | -| credit_treatment | How credits should be treated when determining spend for threshold calculations. Only INCLUDE_ALL_CREDITS or EXCLUDE_ALL_CREDITS are supported | string | | "INCLUDE_ALL_CREDITS" | -| email_recipients | Emails where budget notifications will be sent. Setting this will create a notification channel for each email in the specified project. | object({…}) | | null | -| notification_channels | Monitoring notification channels where to send updates. | list(string) | | null | -| notify_default_recipients | Notify Billing Account Administrators and Billing Account Users IAM roles for the target account. | bool | | false | -| projects | List of projects of the form projects/{project_number}, specifying that usage from only this set of projects should be included in the budget. Set to null to include all projects linked to the billing account. | list(string) | | null | -| pubsub_topic | The ID of the Cloud Pub/Sub topic where budget related messages will be published. | string | | null | -| services | List of services of the form services/{service_id}, specifying that usage from only this set of services should be included in the budget. Set to null to include usage for all services. | list(string) | | null | +| [billing_account](variables.tf#L23) | Billing account id. | string | ✓ | | +| [name](variables.tf#L50) | Budget name. | string | ✓ | | +| [thresholds](variables.tf#L85) | Thresholds percentages at which alerts are sent. Must be a value between 0 and 1. | object({…}) | ✓ | | +| [amount](variables.tf#L17) | Amount in the billing account's currency for the budget. Use 0 to set budget to 100% of last period's spend. | number | | 0 | +| [credit_treatment](variables.tf#L28) | How credits should be treated when determining spend for threshold calculations. Only INCLUDE_ALL_CREDITS or EXCLUDE_ALL_CREDITS are supported | string | | "INCLUDE_ALL_CREDITS" | +| [email_recipients](variables.tf#L41) | Emails where budget notifications will be sent. Setting this will create a notification channel for each email in the specified project. | object({…}) | | null | +| [notification_channels](variables.tf#L55) | Monitoring notification channels where to send updates. | list(string) | | null | +| [notify_default_recipients](variables.tf#L61) | Notify Billing Account Administrators and Billing Account Users IAM roles for the target account. | bool | | false | +| [projects](variables.tf#L67) | List of projects of the form projects/{project_number}, specifying that usage from only this set of projects should be included in the budget. Set to null to include all projects linked to the billing account. | list(string) | | null | +| [pubsub_topic](variables.tf#L73) | The ID of the Cloud Pub/Sub topic where budget related messages will be published. | string | | null | +| [services](variables.tf#L79) | List of services of the form services/{service_id}, specifying that usage from only this set of services should be included in the budget. Set to null to include usage for all services. | list(string) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| budget | Budget resource. | | -| id | Budget ID. | | +| [budget](outputs.tf#L17) | Budget resource. | | +| [id](outputs.tf#L22) | Budget ID. | | - diff --git a/modules/cloud-config-container/coredns/README.md b/modules/cloud-config-container/coredns/README.md index e1af3eba..13bd2ee3 100644 --- a/modules/cloud-config-container/coredns/README.md +++ b/modules/cloud-config-container/coredns/README.md @@ -68,25 +68,22 @@ module "cos-coredns" { } } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| cloud_config | Cloud config template path. If null default will be used. | string | | null | -| config_variables | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) | | {} | -| coredns_config | CoreDNS configuration path, if null default will be used. | string | | null | -| file_defaults | Default owner and permissions for files. | object({…}) | | {…} | -| files | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | +| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) | | {} | +| [coredns_config](variables.tf#L29) | CoreDNS configuration path, if null default will be used. | string | | null | +| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-config-container/cos-generic-metadata/README.md b/modules/cloud-config-container/cos-generic-metadata/README.md index 51f9a601..1890abc3 100644 --- a/modules/cloud-config-container/cos-generic-metadata/README.md +++ b/modules/cloud-config-container/cos-generic-metadata/README.md @@ -57,34 +57,31 @@ module "cos-envoy" { ] } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| container_image | Container image. | string | ✓ | | -| authenticate_gcr | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | -| boot_commands | List of cloud-init `bootcmd`s | list(string) | | [] | -| cloud_config | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | -| config_variables | Additional variables used to render the template passed via `cloud_config` | map(any) | | {} | -| container_args | Arguments for container | string | | "" | -| container_name | Name of the container to be run | string | | "container" | -| container_volumes | List of volumes | list(object({…})) | | [] | -| docker_args | Extra arguments to be passed for docker | string | | null | -| file_defaults | Default owner and permissions for files. | object({…}) | | {…} | -| files | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| gcp_logging | Should container logs be sent to Google Cloud Logging | bool | | true | -| run_commands | List of cloud-init `runcmd`s | list(string) | | [] | -| users | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | +| [container_image](variables.tf#L42) | Container image. | string | ✓ | | +| [authenticate_gcr](variables.tf#L112) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | +| [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s | list(string) | | [] | +| [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | +| [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config` | map(any) | | {} | +| [container_args](variables.tf#L35) | Arguments for container | string | | "" | +| [container_name](variables.tf#L47) | Name of the container to be run | string | | "container" | +| [container_volumes](variables.tf#L53) | List of volumes | list(object({…})) | | [] | +| [docker_args](variables.tf#L62) | Extra arguments to be passed for docker | string | | null | +| [file_defaults](variables.tf#L68) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L80) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [gcp_logging](variables.tf#L90) | Should container logs be sent to Google Cloud Logging | bool | | true | +| [run_commands](variables.tf#L96) | List of cloud-init `runcmd`s | list(string) | | [] | +| [users](variables.tf#L102) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-config-container/envoy-traffic-director/README.md b/modules/cloud-config-container/envoy-traffic-director/README.md index a0856f1d..b97b1cef 100644 --- a/modules/cloud-config-container/envoy-traffic-director/README.md +++ b/modules/cloud-config-container/envoy-traffic-director/README.md @@ -44,23 +44,19 @@ module "vm-cos" { service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"] } ``` - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| envoy_image | Envoy Proxy container image to use. | string | | "envoyproxy/envoy:v1.14.1" | -| gcp_logging | Should container logs be sent to Google Cloud Logging | bool | | true | +| [envoy_image](variables.tf#L17) | Envoy Proxy container image to use. | string | | "envoyproxy/envoy:v1.14.1" | +| [gcp_logging](variables.tf#L23) | Should container logs be sent to Google Cloud Logging | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-config-container/mysql/README.md b/modules/cloud-config-container/mysql/README.md index 9abf5b63..5e462369 100644 --- a/modules/cloud-config-container/mysql/README.md +++ b/modules/cloud-config-container/mysql/README.md @@ -73,27 +73,24 @@ module "cos-mysql" { } } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| mysql_password | MySQL root password. If an encrypted password is set, use the kms_config variable to specify KMS configuration. | string | ✓ | | -| cloud_config | Cloud config template path. If null default will be used. | string | | null | -| config_variables | Additional variables used to render the cloud-config template. | map(any) | | {} | -| image | MySQL container image. | string | | "mysql:5.7" | -| kms_config | Optional KMS configuration to decrypt passed-in password. Leave null if a plaintext password is used. | object({…}) | | null | -| mysql_config | MySQL configuration file content, if null container default will be used. | string | | null | -| mysql_data_disk | MySQL data disk name in /dev/disk/by-id/ including the google- prefix. If null the boot disk will be used for data. | string | | null | +| [mysql_password](variables.tf#L58) | MySQL root password. If an encrypted password is set, use the kms_config variable to specify KMS configuration. | string | ✓ | | +| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | +| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config template. | map(any) | | {} | +| [image](variables.tf#L29) | MySQL container image. | string | | "mysql:5.7" | +| [kms_config](variables.tf#L35) | Optional KMS configuration to decrypt passed-in password. Leave null if a plaintext password is used. | object({…}) | | null | +| [mysql_config](variables.tf#L46) | MySQL configuration file content, if null container default will be used. | string | | null | +| [mysql_data_disk](variables.tf#L52) | MySQL data disk name in /dev/disk/by-id/ including the google- prefix. If null the boot disk will be used for data. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-config-container/nginx/README.md b/modules/cloud-config-container/nginx/README.md index c0d3a9e3..2b292392 100644 --- a/modules/cloud-config-container/nginx/README.md +++ b/modules/cloud-config-container/nginx/README.md @@ -51,26 +51,23 @@ module "cos-nginx" { } } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| cloud_config | Cloud config template path. If null default will be used. | string | | null | -| config_variables | Additional variables used to render the cloud-config and Nginx templates. | map(any) | | {} | -| file_defaults | Default owner and permissions for files. | object({…}) | | {…} | -| files | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| image | Nginx container image. | string | | "nginxdemos/hello:plain-text" | -| nginx_config | Nginx configuration path, if null container default will be used. | string | | null | +| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | +| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | map(any) | | {} | +| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [image](variables.tf#L29) | Nginx container image. | string | | "nginxdemos/hello:plain-text" | +| [nginx_config](variables.tf#L35) | Nginx configuration path, if null container default will be used. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-config-container/onprem/README.md b/modules/cloud-config-container/onprem/README.md index 4bc64fdb..29aee593 100644 --- a/modules/cloud-config-container/onprem/README.md +++ b/modules/cloud-config-container/onprem/README.md @@ -58,26 +58,23 @@ module "on-prem" { } } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| vpn_config | VPN configuration, type must be one of 'dynamic' or 'static'. | object({…}) | ✓ | | -| config_variables | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) | | {} | -| coredns_config | CoreDNS configuration path, if null default will be used. | string | | null | -| local_ip_cidr_range | IP CIDR range used for the Docker onprem network. | string | | "192.168.192.0/24" | -| vpn_dynamic_config | BGP configuration for dynamic VPN, ignored if VPN type is 'static'. | object({…}) | | {…} | -| vpn_static_ranges | Remote CIDR ranges for static VPN, ignored if VPN type is 'dynamic'. | list(string) | | ["10.0.0.0/8"] | +| [vpn_config](variables.tf#L35) | VPN configuration, type must be one of 'dynamic' or 'static'. | object({…}) | ✓ | | +| [config_variables](variables.tf#L17) | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) | | {} | +| [coredns_config](variables.tf#L23) | CoreDNS configuration path, if null default will be used. | string | | null | +| [local_ip_cidr_range](variables.tf#L29) | IP CIDR range used for the Docker onprem network. | string | | "192.168.192.0/24" | +| [vpn_dynamic_config](variables.tf#L46) | BGP configuration for dynamic VPN, ignored if VPN type is 'static'. | object({…}) | | {…} | +| [vpn_static_ranges](variables.tf#L70) | Remote CIDR ranges for static VPN, ignored if VPN type is 'dynamic'. | list(string) | | ["10.0.0.0/8"] | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-config-container/squid/README.md b/modules/cloud-config-container/squid/README.md index 42b43d6d..54e498c6 100644 --- a/modules/cloud-config-container/squid/README.md +++ b/modules/cloud-config-container/squid/README.md @@ -55,29 +55,26 @@ module "cos-squid" { } } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| allow | List of domains Squid will allow connections to. | list(string) | | [] | -| clients | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] | -| cloud_config | Cloud config template path. If null default will be used. | string | | null | -| config_variables | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} | -| default_action | Default action for domains not matching neither the allow or deny lists | string | | "deny" | -| deny | List of domains Squid will deny connections to. | list(string) | | [] | -| file_defaults | Default owner and permissions for files. | object({…}) | | {…} | -| files | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| squid_config | Squid configuration path, if null default will be used. | string | | null | +| [allow](variables.tf#L57) | List of domains Squid will allow connections to. | list(string) | | [] | +| [clients](variables.tf#L69) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] | +| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | +| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} | +| [default_action](variables.tf#L75) | Default action for domains not matching neither the allow or deny lists | string | | "deny" | +| [deny](variables.tf#L63) | List of domains Squid will deny connections to. | list(string) | | [] | +| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [squid_config](variables.tf#L29) | Squid configuration path, if null default will be used. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | | +| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | | - diff --git a/modules/cloud-function/README.md b/modules/cloud-function/README.md index b3c430b0..fdb28ec9 100644 --- a/modules/cloud-function/README.md +++ b/modules/cloud-function/README.md @@ -154,45 +154,42 @@ module "cf-http" { } # tftest:skip ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| bucket_name | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | string | ✓ | | -| bundle_config | Cloud function source folder and generated zip bundle paths. Output path defaults to '/tmp/bundle.zip' if null. | object({…}) | ✓ | | -| name | Name used for cloud function and associated resources. | string | ✓ | | -| project_id | Project id used for all resources. | string | ✓ | | -| bucket_config | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({…}) | | null | -| description | Optional description. | string | | "Terraform managed." | -| environment_variables | Cloud function environment variables. | map(string) | | {} | -| function_config | Cloud function configuration. | object({…}) | | {…} | -| iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| ingress_settings | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. | string | | null | -| labels | Resource labels | map(string) | | {} | -| prefix | Optional prefix used for resource names. | string | | null | -| region | Region used for all resources. | string | | "europe-west1" | -| service_account | Service account email. Unused if service account is auto-created. | string | | null | -| service_account_create | Auto-create service account. | bool | | false | -| trigger_config | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null | -| vpc_connector | VPC connector configuration. Set create to 'true' if a new connector needs to be created | object({…}) | | null | -| vpc_connector_config | VPC connector network configuration. Must be provided if new VPC connector is being created | object({…}) | | null | +| [bucket_name](variables.tf#L26) | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | string | ✓ | | +| [bundle_config](variables.tf#L31) | Cloud function source folder and generated zip bundle paths. Output path defaults to '/tmp/bundle.zip' if null. | object({…}) | ✓ | | +| [name](variables.tf#L90) | Name used for cloud function and associated resources. | string | ✓ | | +| [project_id](variables.tf#L101) | Project id used for all resources. | string | ✓ | | +| [bucket_config](variables.tf#L17) | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({…}) | | null | +| [description](variables.tf#L40) | Optional description. | string | | "Terraform managed." | +| [environment_variables](variables.tf#L46) | Cloud function environment variables. | map(string) | | {} | +| [function_config](variables.tf#L52) | Cloud function configuration. | object({…}) | | {…} | +| [iam](variables.tf#L72) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [ingress_settings](variables.tf#L78) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. | string | | null | +| [labels](variables.tf#L84) | Resource labels | map(string) | | {} | +| [prefix](variables.tf#L95) | Optional prefix used for resource names. | string | | null | +| [region](variables.tf#L106) | Region used for all resources. | string | | "europe-west1" | +| [service_account](variables.tf#L112) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L118) | Auto-create service account. | bool | | false | +| [trigger_config](variables.tf#L124) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null | +| [vpc_connector](variables.tf#L134) | VPC connector configuration. Set create to 'true' if a new connector needs to be created | object({…}) | | null | +| [vpc_connector_config](variables.tf#L144) | VPC connector network configuration. Must be provided if new VPC connector is being created | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| bucket | Bucket resource (only if auto-created). | | -| bucket_name | Bucket name. | | -| function | Cloud function resources. | | -| function_name | Cloud function name. | | -| service_account | Service account resource. | | -| service_account_email | Service account email. | | -| service_account_iam_email | Service account email. | | -| vpc_connector | VPC connector resource if created. | | +| [bucket](outputs.tf#L17) | Bucket resource (only if auto-created). | | +| [bucket_name](outputs.tf#L24) | Bucket name. | | +| [function](outputs.tf#L29) | Cloud function resources. | | +| [function_name](outputs.tf#L34) | Cloud function name. | | +| [service_account](outputs.tf#L39) | Service account resource. | | +| [service_account_email](outputs.tf#L44) | Service account email. | | +| [service_account_iam_email](outputs.tf#L49) | Service account email. | | +| [vpc_connector](outputs.tf#L57) | VPC connector resource if created. | | - diff --git a/modules/cloud-identity-group/README.md b/modules/cloud-identity-group/README.md index ea0ab02e..b43656c3 100644 --- a/modules/cloud-identity-group/README.md +++ b/modules/cloud-identity-group/README.md @@ -31,26 +31,23 @@ module "group" { } # tftest:modules=1:resources=4 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| customer_id | Directory customer ID in the form customers/C0xxxxxxx. | string | ✓ | | -| display_name | Group display name. | string | ✓ | | -| name | Group ID (usually an email). | string | ✓ | | -| description | Group description | string | | null | -| members | List of group members. | list(string) | | [] | +| [customer_id](variables.tf#L17) | Directory customer ID in the form customers/C0xxxxxxx. | string | ✓ | | +| [display_name](variables.tf#L32) | Group display name. | string | ✓ | | +| [name](variables.tf#L43) | Group ID (usually an email). | string | ✓ | | +| [description](variables.tf#L26) | Group description | string | | null | +| [members](variables.tf#L37) | List of group members. | list(string) | | [] | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | Group ID. | | -| name | Group name. | | +| [id](outputs.tf#L17) | Group ID. | | +| [name](outputs.tf#L22) | Group name. | | - diff --git a/modules/cloud-run/README.md b/modules/cloud-run/README.md index b7a2d184..746c12a6 100644 --- a/modules/cloud-run/README.md +++ b/modules/cloud-run/README.md @@ -206,42 +206,39 @@ module "cloud_run" { } # tftest:modules=1:resources=1 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| containers | Containers | list(object({…})) | ✓ | | -| name | Name used for cloud run service | string | ✓ | | -| project_id | Project id used for all resources. | string | ✓ | | -| audit_log_triggers | Event arc triggers (Audit log) | list(object({…})) | | null | -| iam | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| ingress_settings | Ingress settings | string | | null | -| labels | Resource labels | map(string) | | {} | -| prefix | Optional prefix used for resource names. | string | | null | -| pubsub_triggers | Eventarc triggers (Pub/Sub) | list(string) | | null | -| region | Region used for all resources. | string | | "europe-west1" | -| revision_name | Revision name | string | | null | -| service_account | Service account email. Unused if service account is auto-created. | string | | null | -| service_account_create | Auto-create service account. | bool | | false | -| traffic | Traffic | map(number) | | null | -| volumes | Volumes | list(object({…})) | | null | -| vpc_connector | VPC connector configuration. Set create to 'true' if a new connecto needs to be created | object({…}) | | null | -| vpc_connector_config | VPC connector network configuration. Must be provided if new VPC connector is being created | object({…}) | | null | +| [containers](variables.tf#L27) | Containers | list(object({…})) | ✓ | | +| [name](variables.tf#L77) | Name used for cloud run service | string | ✓ | | +| [project_id](variables.tf#L88) | Project id used for all resources. | string | ✓ | | +| [audit_log_triggers](variables.tf#L18) | Event arc triggers (Audit log) | list(object({…})) | | null | +| [iam](variables.tf#L59) | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [ingress_settings](variables.tf#L65) | Ingress settings | string | | null | +| [labels](variables.tf#L71) | Resource labels | map(string) | | {} | +| [prefix](variables.tf#L82) | Optional prefix used for resource names. | string | | null | +| [pubsub_triggers](variables.tf#L93) | Eventarc triggers (Pub/Sub) | list(string) | | null | +| [region](variables.tf#L99) | Region used for all resources. | string | | "europe-west1" | +| [revision_name](variables.tf#L105) | Revision name | string | | null | +| [service_account](variables.tf#L111) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L117) | Auto-create service account. | bool | | false | +| [traffic](variables.tf#L123) | Traffic | map(number) | | null | +| [volumes](variables.tf#L129) | Volumes | list(object({…})) | | null | +| [vpc_connector](variables.tf#L142) | VPC connector configuration. Set create to 'true' if a new connecto needs to be created | object({…}) | | null | +| [vpc_connector_config](variables.tf#L152) | VPC connector network configuration. Must be provided if new VPC connector is being created | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| service | Cloud Run service | | -| service_account | Service account resource. | | -| service_account_email | Service account email. | | -| service_account_iam_email | Service account email. | | -| service_name | Cloud Run service name | | -| vpc_connector | VPC connector resource if created. | | +| [service](outputs.tf#L18) | Cloud Run service | | +| [service_account](outputs.tf#L23) | Service account resource. | | +| [service_account_email](outputs.tf#L28) | Service account email. | | +| [service_account_iam_email](outputs.tf#L33) | Service account email. | | +| [service_name](outputs.tf#L41) | Cloud Run service name | | +| [vpc_connector](outputs.tf#L47) | VPC connector resource if created. | | - diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md index 334aa79e..9f4bc595 100644 --- a/modules/cloudsql-instance/README.md +++ b/modules/cloudsql-instance/README.md @@ -90,47 +90,44 @@ module "db" { } # tftest:modules=1:resources=6 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| database_version | Database type and version to create. | string | ✓ | | -| name | Name of primary replica. | string | ✓ | | -| network | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | | -| project_id | The ID of the project where this instances will be created. | string | ✓ | | -| region | Region of the primary replica. | string | ✓ | | -| tier | The machine type to use for the instances. | string | ✓ | | -| authorized_networks | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null | -| availability_type | Availability type for the primary replica. Either `ZONAL` or `REGIONAL` | string | | "ZONAL" | -| backup_configuration | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas | object({…}) | | {…} | -| databases | Databases to create once the primary instance is created. | list(string) | | null | -| deletion_protection | Allow terraform to delete instances. | bool | | false | -| disk_size | Disk size in GB. Set to null to enable autoresize. | number | | null | -| disk_type | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" | -| flags | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | -| labels | Labels to be attached to all instances. | map(string) | | null | -| prefix | Prefix used to generate instance names. | string | | null | -| replicas | Map of NAME=>REGION for additional read replicas. Set to null to disable replica creation. | map(any) | | null | -| users | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password | map(string) | | null | +| [database_version](variables.tf#L50) | Database type and version to create. | string | ✓ | | +| [name](variables.tf#L91) | Name of primary replica. | string | ✓ | | +| [network](variables.tf#L96) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | | +| [project_id](variables.tf#L107) | The ID of the project where this instances will be created. | string | ✓ | | +| [region](variables.tf#L112) | Region of the primary replica. | string | ✓ | | +| [tier](variables.tf#L123) | The machine type to use for the instances. | string | ✓ | | +| [authorized_networks](variables.tf#L17) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null | +| [availability_type](variables.tf#L23) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL` | string | | "ZONAL" | +| [backup_configuration](variables.tf#L29) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas | object({…}) | | {…} | +| [databases](variables.tf#L55) | Databases to create once the primary instance is created. | list(string) | | null | +| [deletion_protection](variables.tf#L61) | Allow terraform to delete instances. | bool | | false | +| [disk_size](variables.tf#L67) | Disk size in GB. Set to null to enable autoresize. | number | | null | +| [disk_type](variables.tf#L73) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" | +| [flags](variables.tf#L79) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | +| [labels](variables.tf#L85) | Labels to be attached to all instances. | map(string) | | null | +| [prefix](variables.tf#L101) | Prefix used to generate instance names. | string | | null | +| [replicas](variables.tf#L117) | Map of NAME=>REGION for additional read replicas. Set to null to disable replica creation. | map(any) | | null | +| [users](variables.tf#L128) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password | map(string) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| connection_name | Connection name of the primary instance | | -| connection_names | Connection names of all instances | | -| id | ID of the primary instance | | -| ids | IDs of all instances | | -| instances | Cloud SQL instance resources | ✓ | -| ip | IP address of the primary instance | | -| ips | IP addresses of all instances | | -| self_link | Self link of the primary instance | | -| self_links | Self links of all instances | | -| user_passwords | Map of containing the password of all users created through terraform. | ✓ | +| [connection_name](outputs.tf#L24) | Connection name of the primary instance | | +| [connection_names](outputs.tf#L29) | Connection names of all instances | | +| [id](outputs.tf#L37) | ID of the primary instance | | +| [ids](outputs.tf#L42) | IDs of all instances | | +| [instances](outputs.tf#L50) | Cloud SQL instance resources | ✓ | +| [ip](outputs.tf#L56) | IP address of the primary instance | | +| [ips](outputs.tf#L61) | IP addresses of all instances | | +| [self_link](outputs.tf#L69) | Self link of the primary instance | | +| [self_links](outputs.tf#L74) | Self links of all instances | | +| [user_passwords](outputs.tf#L82) | Map of containing the password of all users created through terraform. | ✓ | - diff --git a/modules/compute-mig/README.md b/modules/compute-mig/README.md index 51b49915..afce9473 100644 --- a/modules/compute-mig/README.md +++ b/modules/compute-mig/README.md @@ -443,41 +443,37 @@ module "nginx-mig" { # tftest:modules=2:resources=4 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| default_version | Default application version template. Additional versions can be specified via the `versions` variable. | object({…}) | ✓ | | -| location | Compute zone, or region if `regional` is set to true. | string | ✓ | | -| name | Managed group name. | string | ✓ | | -| project_id | Project id. | string | ✓ | | -| auto_healing_policies | Auto-healing policies for this group. | object({…}) | | null | -| autoscaler_config | Optional autoscaler configuration. Only one of 'cpu_utilization_target' 'load_balancing_utilization_target' or 'metric' can be not null. | object({…}) | | null | -| health_check_config | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | null | -| named_ports | Named ports. | map(number) | | null | -| regional | Use regional instance group. When set, `location` should be set to the region. | bool | | false | -| stateful_config | Stateful configuration can be done by individual instances or for all instances in the MIG. They key in per_instance_config is the name of the specific instance. The key of the stateful_disks is the 'device_name' field of the resource. Please note that device_name is defined at the OS mount level, unlike the disk name. | object({…}) | | null | -| target_pools | Optional list of URLs for target pools to which new instances in the group are added. | list(string) | | [] | -| target_size | Group target size, leave null when using an autoscaler. | number | | null | -| update_policy | Update policy. Type can be 'OPPORTUNISTIC' or 'PROACTIVE', action 'REPLACE' or 'restart', surge type 'fixed' or 'percent'. | object({…}) | | null | -| versions | Additional application versions, target_type is either 'fixed' or 'percent'. | map(object({…})) | | null | -| wait_for_instances | Wait for all instances to be created/updated before returning. | bool | | null | +| [default_version](variables.tf#L45) | Default application version template. Additional versions can be specified via the `versions` variable. | object({…}) | ✓ | | +| [location](variables.tf#L64) | Compute zone, or region if `regional` is set to true. | string | ✓ | | +| [name](variables.tf#L68) | Managed group name. | string | ✓ | | +| [project_id](variables.tf#L79) | Project id. | string | ✓ | | +| [auto_healing_policies](variables.tf#L17) | Auto-healing policies for this group. | object({…}) | | null | +| [autoscaler_config](variables.tf#L26) | Optional autoscaler configuration. Only one of 'cpu_utilization_target' 'load_balancing_utilization_target' or 'metric' can be not null. | object({…}) | | null | +| [health_check_config](variables.tf#L53) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | null | +| [named_ports](variables.tf#L73) | Named ports. | map(number) | | null | +| [regional](variables.tf#L84) | Use regional instance group. When set, `location` should be set to the region. | bool | | false | +| [stateful_config](variables.tf#L90) | Stateful configuration can be done by individual instances or for all instances in the MIG. They key in per_instance_config is the name of the specific instance. The key of the stateful_disks is the 'device_name' field of the resource. Please note that device_name is defined at the OS mount level, unlike the disk name. | object({…}) | | null | +| [target_pools](variables.tf#L121) | Optional list of URLs for target pools to which new instances in the group are added. | list(string) | | [] | +| [target_size](variables.tf#L127) | Group target size, leave null when using an autoscaler. | number | | null | +| [update_policy](variables.tf#L133) | Update policy. Type can be 'OPPORTUNISTIC' or 'PROACTIVE', action 'REPLACE' or 'restart', surge type 'fixed' or 'percent'. | object({…}) | | null | +| [versions](variables.tf#L147) | Additional application versions, target_type is either 'fixed' or 'percent'. | map(object({…})) | | null | +| [wait_for_instances](variables.tf#L157) | Wait for all instances to be created/updated before returning. | bool | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| autoscaler | Auto-created autoscaler resource. | | -| group_manager | Instance group resource. | | -| health_check | Auto-created health-check resource. | | +| [autoscaler](outputs.tf#L17) | Auto-created autoscaler resource. | | +| [group_manager](outputs.tf#L26) | Instance group resource. | | +| [health_check](outputs.tf#L35) | Auto-created health-check resource. | | - - ## TODO - [✓] add support for instance groups diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md index 1634888c..3953791e 100644 --- a/modules/compute-vm/README.md +++ b/modules/compute-vm/README.md @@ -292,62 +292,58 @@ module "instance-group" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Instance name. | string | ✓ | | -| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | -| project_id | Project id. | string | ✓ | | -| zone | Compute zone. | string | ✓ | | -| attached_disk_defaults | Defaults for attached disks options. | object({…}) | | {…} | -| attached_disks | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | -| boot_disk | Boot disk properties. | object({…}) | | {…} | -| boot_disk_delete | Auto delete boot disk. | bool | | true | -| can_ip_forward | Enable IP forwarding. | bool | | false | -| confidential_compute | Enable Confidential Compute for these instances. | bool | | false | -| create_template | Create instance template instead of instances. | bool | | false | -| description | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | -| enable_display | Enable virtual display on the instances | bool | | false | -| encryption | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | -| group | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | -| hostname | Instance FQDN name. | string | | null | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| instance_type | Instance type. | string | | "f1-micro" | -| labels | Instance labels. | map(string) | | {} | -| metadata | Instance metadata. | map(string) | | {} | -| min_cpu_platform | Minimum CPU platform. | string | | null | -| network_interface_options | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | -| options | Instance options. | object({…}) | | {…} | -| scratch_disks | Scratch disks configuration. | object({…}) | | {…} | -| service_account | Service account email. Unused if service account is auto-created. | string | | null | -| service_account_create | Auto-create service account. | bool | | false | -| service_account_scopes | Scopes applied to service account. | list(string) | | [] | -| shielded_config | Shielded VM configuration of the instances. | object({…}) | | null | -| tags | Instance tags. | list(string) | | [] | +| [name](variables.tf#L160) | Instance name. | string | ✓ | | +| [network_interfaces](variables.tf#L174) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | +| [project_id](variables.tf#L201) | Project id. | string | ✓ | | +| [zone](variables.tf#L254) | Compute zone. | string | ✓ | | +| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | +| [attached_disks](variables.tf#L32) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | +| [boot_disk](variables.tf#L58) | Boot disk properties. | object({…}) | | {…} | +| [boot_disk_delete](variables.tf#L72) | Auto delete boot disk. | bool | | true | +| [can_ip_forward](variables.tf#L78) | Enable IP forwarding. | bool | | false | +| [confidential_compute](variables.tf#L84) | Enable Confidential Compute for these instances. | bool | | false | +| [create_template](variables.tf#L90) | Create instance template instead of instances. | bool | | false | +| [description](variables.tf#L95) | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | +| [enable_display](variables.tf#L100) | Enable virtual display on the instances | bool | | false | +| [encryption](variables.tf#L106) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | +| [group](variables.tf#L116) | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | +| [hostname](variables.tf#L124) | Instance FQDN name. | string | | null | +| [iam](variables.tf#L130) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [instance_type](variables.tf#L136) | Instance type. | string | | "f1-micro" | +| [labels](variables.tf#L142) | Instance labels. | map(string) | | {} | +| [metadata](variables.tf#L148) | Instance metadata. | map(string) | | {} | +| [min_cpu_platform](variables.tf#L154) | Minimum CPU platform. | string | | null | +| [network_interface_options](variables.tf#L165) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | +| [options](variables.tf#L187) | Instance options. | object({…}) | | {…} | +| [scratch_disks](variables.tf#L206) | Scratch disks configuration. | object({…}) | | {…} | +| [service_account](variables.tf#L218) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L224) | Auto-create service account. | bool | | false | +| [service_account_scopes](variables.tf#L232) | Scopes applied to service account. | list(string) | | [] | +| [shielded_config](variables.tf#L238) | Shielded VM configuration of the instances. | object({…}) | | null | +| [tags](variables.tf#L248) | Instance tags. | list(string) | | [] | ## Outputs | name | description | sensitive | |---|---|:---:| -| external_ip | Instance main interface external IP addresses. | | -| group | Instance group resource. | | -| instance | Instance resource. | | -| internal_ip | Instance main interface internal IP address. | | -| self_link | Instance self links. | | -| service_account | Service account resource. | | -| service_account_email | Service account email. | | -| service_account_iam_email | Service account email. | | -| template | Template resource. | | -| template_name | Template name. | | +| [external_ip](outputs.tf#L17) | Instance main interface external IP addresses. | | +| [group](outputs.tf#L26) | Instance group resource. | | +| [instance](outputs.tf#L31) | Instance resource. | | +| [internal_ip](outputs.tf#L36) | Instance main interface internal IP address. | | +| [self_link](outputs.tf#L44) | Instance self links. | | +| [service_account](outputs.tf#L49) | Service account resource. | | +| [service_account_email](outputs.tf#L56) | Service account email. | | +| [service_account_iam_email](outputs.tf#L61) | Service account email. | | +| [template](outputs.tf#L69) | Template resource. | | +| [template_name](outputs.tf#L74) | Template name. | | - - ## TODO - [ ] add support for instance groups diff --git a/modules/container-registry/README.md b/modules/container-registry/README.md index 12a4d186..ef2867fc 100644 --- a/modules/container-registry/README.md +++ b/modules/container-registry/README.md @@ -15,23 +15,20 @@ module "container_registry" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Registry project id. | string | ✓ | | -| iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| location | Registry location. Can be US, EU, ASIA or empty | string | | "" | +| [project_id](variables.tf#L29) | Registry project id. | string | ✓ | | +| [iam](variables.tf#L17) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [location](variables.tf#L23) | Registry location. Can be US, EU, ASIA or empty | string | | "" | ## Outputs | name | description | sensitive | |---|---|:---:| -| bucket_id | ID of the GCS bucket created | | +| [bucket_id](outputs.tf#L17) | ID of the GCS bucket created | | - diff --git a/modules/datafusion/README.md b/modules/datafusion/README.md index 65c1aa68..93260fbc 100644 --- a/modules/datafusion/README.md +++ b/modules/datafusion/README.md @@ -33,39 +33,36 @@ module "datafusion" { } # tftest:modules=1:resources=3 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Name of the DataFusion instance. | string | ✓ | | -| network | Name of the network in the project with which the tenant project will be peered for executing pipelines in the form of projects/{project-id}/global/networks/{network} | string | ✓ | | -| project_id | Project ID. | string | ✓ | | -| region | DataFusion region. | string | ✓ | | -| description | DataFuzion instance description. | string | | "Terraform managed." | -| enable_stackdriver_logging | Option to enable Stackdriver Logging. | bool | | false | -| enable_stackdriver_monitoring | Option to enable Stackdriver Monitorig. | bool | | false | -| firewall_create | Create Network firewall rules to enable SSH. | bool | | true | -| ip_allocation | Ip allocated for datafusion instance when not using the auto created one and created outside of the module. | string | | null | -| ip_allocation_create | Create Ip range for datafusion instance. | bool | | true | -| labels | The resource labels for instance to use to annotate any related underlying resources, such as Compute Engine VMs. | map(string) | | {} | -| network_peering | Create Network peering between project and DataFusion tenant project. | bool | | true | -| private_instance | Create private instance. | bool | | true | -| type | Datafusion Instance type. It can be BASIC or ENTERPRISE (default value). | string | | "ENTERPRISE" | +| [name](variables.tf#L63) | Name of the DataFusion instance. | string | ✓ | | +| [network](variables.tf#L68) | Name of the network in the project with which the tenant project will be peered for executing pipelines in the form of projects/{project-id}/global/networks/{network} | string | ✓ | | +| [project_id](variables.tf#L85) | Project ID. | string | ✓ | | +| [region](variables.tf#L90) | DataFusion region. | string | ✓ | | +| [description](variables.tf#L21) | DataFuzion instance description. | string | | "Terraform managed." | +| [enable_stackdriver_logging](variables.tf#L27) | Option to enable Stackdriver Logging. | bool | | false | +| [enable_stackdriver_monitoring](variables.tf#L33) | Option to enable Stackdriver Monitorig. | bool | | false | +| [firewall_create](variables.tf#L39) | Create Network firewall rules to enable SSH. | bool | | true | +| [ip_allocation](variables.tf#L45) | Ip allocated for datafusion instance when not using the auto created one and created outside of the module. | string | | null | +| [ip_allocation_create](variables.tf#L51) | Create Ip range for datafusion instance. | bool | | true | +| [labels](variables.tf#L57) | The resource labels for instance to use to annotate any related underlying resources, such as Compute Engine VMs. | map(string) | | {} | +| [network_peering](variables.tf#L73) | Create Network peering between project and DataFusion tenant project. | bool | | true | +| [private_instance](variables.tf#L79) | Create private instance. | bool | | true | +| [type](variables.tf#L95) | Datafusion Instance type. It can be BASIC or ENTERPRISE (default value). | string | | "ENTERPRISE" | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | DataFusion instance ID. | | -| ip_allocation | IP range reserved for Data Fusion instance in case of a private instance. | | -| resource | DataFusion resource. | | -| service_account | DataFusion Service Account. | | -| service_endpoint | DataFusion Service Endpoint. | | -| version | DataFusion version. | | +| [id](outputs.tf#L17) | DataFusion instance ID. | | +| [ip_allocation](outputs.tf#L22) | IP range reserved for Data Fusion instance in case of a private instance. | | +| [resource](outputs.tf#L27) | DataFusion resource. | | +| [service_account](outputs.tf#L32) | DataFusion Service Account. | | +| [service_endpoint](outputs.tf#L37) | DataFusion Service Endpoint. | | +| [version](outputs.tf#L42) | DataFusion version. | | - diff --git a/modules/dns/README.md b/modules/dns/README.md index e4a252d6..efd86b95 100644 --- a/modules/dns/README.md +++ b/modules/dns/README.md @@ -52,39 +52,36 @@ module "private-dns" { } # tftest:modules=1:resources=1 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| domain | Zone domain, must end with a period. | string | ✓ | | -| name | Zone name, must be unique within the project. | string | ✓ | | -| project_id | Project id for the zone. | string | ✓ | | -| client_networks | List of VPC self links that can see this zone. | list(string) | | [] | -| default_key_specs_key | DNSSEC default key signing specifications: algorithm, key_length, key_type, kind. | any | | {} | -| default_key_specs_zone | DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind. | any | | {} | -| description | Domain description. | string | | "Terraform managed." | -| dnssec_config | DNSSEC configuration: kind, non_existence, state. | any | | {} | -| forwarders | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} | -| peer_network | Peering network self link, only valid for 'peering' zone types. | string | | null | -| recordsets | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} | -| service_directory_namespace | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string | | null | -| type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | string | | "private" | -| zone_create | Create zone. When set to false, uses a data source to reference existing zone. | bool | | true | +| [domain](variables.tf#L51) | Zone domain, must end with a period. | string | ✓ | | +| [name](variables.tf#L62) | Zone name, must be unique within the project. | string | ✓ | | +| [project_id](variables.tf#L73) | Project id for the zone. | string | ✓ | | +| [client_networks](variables.tf#L21) | List of VPC self links that can see this zone. | list(string) | | [] | +| [default_key_specs_key](variables.tf#L27) | DNSSEC default key signing specifications: algorithm, key_length, key_type, kind. | any | | {} | +| [default_key_specs_zone](variables.tf#L33) | DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind. | any | | {} | +| [description](variables.tf#L39) | Domain description. | string | | "Terraform managed." | +| [dnssec_config](variables.tf#L45) | DNSSEC configuration: kind, non_existence, state. | any | | {} | +| [forwarders](variables.tf#L56) | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} | +| [peer_network](variables.tf#L67) | Peering network self link, only valid for 'peering' zone types. | string | | null | +| [recordsets](variables.tf#L78) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} | +| [service_directory_namespace](variables.tf#L94) | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string | | null | +| [type](variables.tf#L100) | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | string | | "private" | +| [zone_create](variables.tf#L110) | Create zone. When set to false, uses a data source to reference existing zone. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| dns_keys | DNSKEY and DS records of DNSSEC-signed managed zones. | | -| domain | The DNS zone domain. | | -| name | The DNS zone name. | | -| name_servers | The DNS zone name servers. | | -| type | The DNS zone type. | | -| zone | DNS zone resource. | | +| [dns_keys](outputs.tf#L17) | DNSKEY and DS records of DNSSEC-signed managed zones. | | +| [domain](outputs.tf#L22) | The DNS zone domain. | | +| [name](outputs.tf#L27) | The DNS zone name. | | +| [name_servers](outputs.tf#L32) | The DNS zone name servers. | | +| [type](outputs.tf#L37) | The DNS zone type. | | +| [zone](outputs.tf#L42) | DNS zone resource. | | - diff --git a/modules/endpoints/README.md b/modules/endpoints/README.md index 09e294d7..e8abe894 100644 --- a/modules/endpoints/README.md +++ b/modules/endpoints/README.md @@ -22,27 +22,24 @@ module "endpoint" { ``` [Here](https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/openapi.yaml) you can find an example of an openapi.yaml file. Once created the endpoint, remember to activate the service at project level. - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| openapi_config | The configuration for an OpenAPI endopoint. Either this or grpc_config must be specified. | object({…}) | ✓ | | -| service_name | The name of the service. Usually of the form '$apiname.endpoints.$projectid.cloud.goog'. | string | ✓ | | -| grpc_config | The configuration for a gRPC enpoint. Either this or openapi_config must be specified. | object({…}) | | null | -| iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| project_id | The project ID that the service belongs to. | string | | null | +| [openapi_config](variables.tf#L32) | The configuration for an OpenAPI endopoint. Either this or grpc_config must be specified. | object({…}) | ✓ | | +| [service_name](variables.tf#L45) | The name of the service. Usually of the form '$apiname.endpoints.$projectid.cloud.goog'. | string | ✓ | | +| [grpc_config](variables.tf#L17) | The configuration for a gRPC enpoint. Either this or openapi_config must be specified. | object({…}) | | null | +| [iam](variables.tf#L26) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [project_id](variables.tf#L39) | The project ID that the service belongs to. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| endpoints | A list of Endpoint objects. | | -| endpoints_service | The Endpoint service resource. | | -| service_name | The name of the service.. | | +| [endpoints](outputs.tf#L17) | A list of Endpoint objects. | | +| [endpoints_service](outputs.tf#L22) | The Endpoint service resource. | | +| [service_name](outputs.tf#L27) | The name of the service.. | | - diff --git a/modules/folder/README.md b/modules/folder/README.md index bdea7b71..a3e7a89d 100644 --- a/modules/folder/README.md +++ b/modules/folder/README.md @@ -219,41 +219,36 @@ module "folder2" { } # tftest:modules=2:resources=6 ``` - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| contacts | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | map(list(string)) | | {} | -| firewall_policies | Hierarchical firewall policies created in this folder. | map(map(object({…}))) | | {} | -| firewall_policy_association | The hierarchical firewall policy to associate to this folder. Must be either a key in the `firewall_policies` map or the id of a policy defined somewhere else. | map(string) | | {} | -| firewall_policy_factory | Configuration for the firewall policy factory. | object({…}) | | null | -| folder_create | Create folder. When set to false, uses id to reference an existing folder. | bool | | true | -| group_iam | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable. | map(list(string)) | | {} | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| id | Folder ID in case you use folder_create=false | string | | null | -| logging_exclusions | Logging exclusions for this folder in the form {NAME -> FILTER}. | map(string) | | {} | -| logging_sinks | Logging sinks to create for this folder. | map(object({…})) | | {} | -| name | Folder name. | string | | null | -| parent | Parent in folders/folder_id or organizations/org_id format. | string | | null | -| policy_boolean | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | -| policy_list | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({…})) | | {} | +| [contacts](variables.tf#L17) | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | map(list(string)) | | {} | +| [firewall_policies](variables.tf#L23) | Hierarchical firewall policies created in this folder. | map(map(object({…}))) | | {} | +| [firewall_policy_association](variables.tf#L39) | The hierarchical firewall policy to associate to this folder. Must be either a key in the `firewall_policies` map or the id of a policy defined somewhere else. | map(string) | | {} | +| [firewall_policy_factory](variables.tf#L45) | Configuration for the firewall policy factory. | object({…}) | | null | +| [folder_create](variables.tf#L55) | Create folder. When set to false, uses id to reference an existing folder. | bool | | true | +| [group_iam](variables.tf#L61) | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable. | map(list(string)) | | {} | +| [iam](variables.tf#L67) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [id](variables.tf#L73) | Folder ID in case you use folder_create=false | string | | null | +| [logging_exclusions](variables.tf#L79) | Logging exclusions for this folder in the form {NAME -> FILTER}. | map(string) | | {} | +| [logging_sinks](variables.tf#L85) | Logging sinks to create for this folder. | map(object({…})) | | {} | +| [name](variables.tf#L99) | Folder name. | string | | null | +| [parent](variables.tf#L105) | Parent in folders/folder_id or organizations/org_id format. | string | | null | +| [policy_boolean](variables.tf#L115) | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | +| [policy_list](variables.tf#L121) | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| firewall_policies | Map of firewall policy resources created in this folder. | | -| firewall_policy_id | Map of firewall policy ids created in this folder. | | -| folder | Folder resource. | | -| id | Folder id. | | -| name | Folder name. | | -| sink_writer_identities | Writer identities created for each sink. | | +| [firewall_policies](outputs.tf#L16) | Map of firewall policy resources created in this folder. | | +| [firewall_policy_id](outputs.tf#L21) | Map of firewall policy ids created in this folder. | | +| [folder](outputs.tf#L26) | Folder resource. | | +| [id](outputs.tf#L31) | Folder id. | | +| [name](outputs.tf#L41) | Folder name. | | +| [sink_writer_identities](outputs.tf#L46) | Writer identities created for each sink. | | - - diff --git a/modules/folders-unit/README.md b/modules/folders-unit/README.md index d563ccfb..653f7c9b 100644 --- a/modules/folders-unit/README.md +++ b/modules/folders-unit/README.md @@ -23,38 +23,35 @@ module "folders-unit" { } # tftest:modules=1:resources=37 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| automation_project_id | Project id used for automation service accounts. | string | ✓ | | -| billing_account_id | Country billing account account. | string | ✓ | | -| name | Top folder name. | string | ✓ | | -| organization_id | Organization id in organizations/nnnnnn format. | string | ✓ | | -| root_node | Root node in folders/folder_id or organizations/org_id format. | string | ✓ | | -| short_name | Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces. | string | ✓ | | -| environments | Unit environments short names. | map(string) | | {…} | -| gcs_defaults | Defaults use for the state GCS buckets. | map(string) | | {…} | -| iam | IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_billing_config | Grant billing user role to service accounts, defaults to granting on the billing account. | object({…}) | | {…} | -| iam_enviroment_roles | IAM roles granted to the environment service account on the environment sub-folder. | list(string) | | […] | -| iam_xpn_config | Grant Shared VPC creation roles to service accounts, defaults to granting at folder level. | object({…}) | | {…} | -| prefix | Optional prefix used for GCS bucket names to ensure uniqueness. | string | | null | -| service_account_keys | Generate and store service account keys in the state file. | bool | | false | +| [automation_project_id](variables.tf#L17) | Project id used for automation service accounts. | string | ✓ | | +| [billing_account_id](variables.tf#L22) | Country billing account account. | string | ✓ | | +| [name](variables.tf#L86) | Top folder name. | string | ✓ | | +| [organization_id](variables.tf#L91) | Organization id in organizations/nnnnnn format. | string | ✓ | | +| [root_node](variables.tf#L102) | Root node in folders/folder_id or organizations/org_id format. | string | ✓ | | +| [short_name](variables.tf#L113) | Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces. | string | ✓ | | +| [environments](variables.tf#L27) | Unit environments short names. | map(string) | | {…} | +| [gcs_defaults](variables.tf#L36) | Defaults use for the state GCS buckets. | map(string) | | {…} | +| [iam](variables.tf#L45) | IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_billing_config](variables.tf#L51) | Grant billing user role to service accounts, defaults to granting on the billing account. | object({…}) | | {…} | +| [iam_enviroment_roles](variables.tf#L63) | IAM roles granted to the environment service account on the environment sub-folder. | list(string) | | […] | +| [iam_xpn_config](variables.tf#L74) | Grant Shared VPC creation roles to service accounts, defaults to granting at folder level. | object({…}) | | {…} | +| [prefix](variables.tf#L96) | Optional prefix used for GCS bucket names to ensure uniqueness. | string | | null | +| [service_account_keys](variables.tf#L107) | Generate and store service account keys in the state file. | bool | | false | ## Outputs | name | description | sensitive | |---|---|:---:| -| env_folders | Unit environments folders. | | -| env_gcs_buckets | Unit environments tfstate gcs buckets. | | -| env_sa_keys | Unit environments service account keys. | ✓ | -| env_service_accounts | Unit environments service accounts. | | -| unit_folder | Unit top level folder. | | +| [env_folders](outputs.tf#L17) | Unit environments folders. | | +| [env_gcs_buckets](outputs.tf#L28) | Unit environments tfstate gcs buckets. | | +| [env_sa_keys](outputs.tf#L36) | Unit environments service account keys. | ✓ | +| [env_service_accounts](outputs.tf#L45) | Unit environments service accounts. | | +| [unit_folder](outputs.tf#L53) | Unit top level folder. | | - diff --git a/modules/gcs/README.md b/modules/gcs/README.md index c65eaa27..af4e1857 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -106,41 +106,38 @@ module "bucket-gcs-notification" { } # tftest:modules=1:resources=4 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Bucket name suffix. | string | ✓ | | -| project_id | Bucket project id. | string | ✓ | | -| cors | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | -| encryption_key | KMS key that will be used for encryption. | string | | null | -| force_destroy | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| labels | Labels to be attached to all buckets. | map(string) | | {} | -| lifecycle_rule | Bucket lifecycle rule | object({…}) | | null | -| location | Bucket location. | string | | "EU" | -| logging_config | Bucket logging configuration. | object({…}) | | null | -| notification_config | GCS Notification configuration. | object({…}) | | null | -| prefix | Prefix used to generate the bucket name. | string | | null | -| retention_policy | Bucket retention policy. | object({…}) | | null | -| storage_class | Bucket storage class. | string | | "MULTI_REGIONAL" | -| uniform_bucket_level_access | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | -| versioning | Enable versioning, defaults to false. | bool | | false | -| website | Bucket website. | object({…}) | | null | +| [name](variables.tf#L89) | Bucket name suffix. | string | ✓ | | +| [project_id](variables.tf#L112) | Bucket project id. | string | ✓ | | +| [cors](variables.tf#L17) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | +| [encryption_key](variables.tf#L28) | KMS key that will be used for encryption. | string | | null | +| [force_destroy](variables.tf#L34) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | +| [iam](variables.tf#L40) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [labels](variables.tf#L46) | Labels to be attached to all buckets. | map(string) | | {} | +| [lifecycle_rule](variables.tf#L52) | Bucket lifecycle rule | object({…}) | | null | +| [location](variables.tf#L74) | Bucket location. | string | | "EU" | +| [logging_config](variables.tf#L80) | Bucket logging configuration. | object({…}) | | null | +| [notification_config](variables.tf#L94) | GCS Notification configuration. | object({…}) | | null | +| [prefix](variables.tf#L106) | Prefix used to generate the bucket name. | string | | null | +| [retention_policy](variables.tf#L117) | Bucket retention policy. | object({…}) | | null | +| [storage_class](variables.tf#L126) | Bucket storage class. | string | | "MULTI_REGIONAL" | +| [uniform_bucket_level_access](variables.tf#L136) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | +| [versioning](variables.tf#L142) | Enable versioning, defaults to false. | bool | | false | +| [website](variables.tf#L148) | Bucket website. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| bucket | Bucket resource. | | -| name | Bucket name. | | -| notification | GCS Notification self link. | | -| topic | Topic ID used by GCS. | | -| url | Bucket URL. | | +| [bucket](outputs.tf#L17) | Bucket resource. | | +| [name](outputs.tf#L22) | Bucket name. | | +| [notification](outputs.tf#L26) | GCS Notification self link. | | +| [topic](outputs.tf#L30) | Topic ID used by GCS. | | +| [url](outputs.tf#L34) | Bucket URL. | | - diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md index 9c591757..e6ab583e 100644 --- a/modules/gke-cluster/README.md +++ b/modules/gke-cluster/README.md @@ -62,64 +62,61 @@ module "cluster-1" { } # tftest:modules=1:resources=1 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| location | Cluster zone or region. | string | ✓ | | -| name | Cluster name. | string | ✓ | | -| network | Name or self link of the VPC used for the cluster. Use the self link for Shared VPC. | string | ✓ | | -| project_id | Cluster project id. | string | ✓ | | -| secondary_range_pods | Subnet secondary range name used for pods. | string | ✓ | | -| secondary_range_services | Subnet secondary range name used for services. | string | ✓ | | -| subnetwork | VPC subnetwork name or self link. | string | ✓ | | -| addons | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} | -| authenticator_security_group | RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com. | string | | null | -| cluster_autoscaling | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | {…} | -| database_encryption | Enable and configure GKE application-layer secrets encryption. | object({…}) | | {…} | -| default_max_pods_per_node | Maximum number of pods per node in this cluster. | number | | 110 | -| description | Cluster description. | string | | null | -| dns_config | Configuration for Using Cloud DNS for GKE. | object({…}) | | {…} | -| enable_autopilot | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | bool | | false | -| enable_binary_authorization | Enable Google Binary Authorization. | bool | | null | -| enable_dataplane_v2 | Enable Dataplane V2 on the cluster, will disable network_policy addons config | bool | | false | -| enable_intranode_visibility | Enable intra-node visibility to make same node pod to pod traffic visible. | bool | | null | -| enable_l4_ilb_subsetting | Enable L4ILB Subsetting. | bool | | null | -| enable_shielded_nodes | Enable Shielded Nodes features on all nodes in this cluster. | bool | | null | -| enable_tpu | Enable Cloud TPU resources in this cluster. | bool | | null | -| labels | Cluster resource labels. | map(string) | | null | -| logging_config | Logging configuration (enabled components). | list(string) | | null | -| logging_service | Logging service (disable with an empty string). | string | | "logging.googleapis.com/kubernetes" | -| maintenance_config | Maintenance window configuration | object({…}) | | {…} | -| master_authorized_ranges | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | map(string) | | {} | -| min_master_version | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | -| monitoring_config | Monitoring configuration (enabled components). | list(string) | | null | -| monitoring_service | Monitoring service (disable with an empty string). | string | | "monitoring.googleapis.com/kubernetes" | -| node_locations | Zones in which the cluster's nodes are located. | list(string) | | [] | -| notification_config | GKE Cluster upgrade notifications via PubSub. | bool | | false | -| peering_config | Configure peering with the master VPC for private clusters. | object({…}) | | null | -| pod_security_policy | Enable the PodSecurityPolicy feature. | bool | | null | -| private_cluster_config | Enable and configure private cluster, private nodes must be true if used. | object({…}) | | null | -| release_channel | Release channel for GKE upgrades. | string | | null | -| resource_usage_export_config | Configure the ResourceUsageExportConfig feature. | object({…}) | | {…} | -| vertical_pod_autoscaling | Enable the Vertical Pod Autoscaling feature. | bool | | null | -| workload_identity | Enable the Workload Identity feature. | bool | | true | +| [location](variables.tf#L157) | Cluster zone or region. | string | ✓ | | +| [name](variables.tf#L224) | Cluster name. | string | ✓ | | +| [network](variables.tf#L229) | Name or self link of the VPC used for the cluster. Use the self link for Shared VPC. | string | ✓ | | +| [project_id](variables.tf#L273) | Cluster project id. | string | ✓ | | +| [secondary_range_pods](variables.tf#L296) | Subnet secondary range name used for pods. | string | ✓ | | +| [secondary_range_services](variables.tf#L301) | Subnet secondary range name used for services. | string | ✓ | | +| [subnetwork](variables.tf#L306) | VPC subnetwork name or self link. | string | ✓ | | +| [addons](variables.tf#L17) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} | +| [authenticator_security_group](variables.tf#L45) | RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com. | string | | null | +| [cluster_autoscaling](variables.tf#L51) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | {…} | +| [database_encryption](variables.tf#L69) | Enable and configure GKE application-layer secrets encryption. | object({…}) | | {…} | +| [default_max_pods_per_node](variables.tf#L83) | Maximum number of pods per node in this cluster. | number | | 110 | +| [description](variables.tf#L89) | Cluster description. | string | | null | +| [dns_config](variables.tf#L95) | Configuration for Using Cloud DNS for GKE. | object({…}) | | {…} | +| [enable_autopilot](variables.tf#L109) | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | bool | | false | +| [enable_binary_authorization](variables.tf#L115) | Enable Google Binary Authorization. | bool | | null | +| [enable_dataplane_v2](variables.tf#L121) | Enable Dataplane V2 on the cluster, will disable network_policy addons config | bool | | false | +| [enable_intranode_visibility](variables.tf#L127) | Enable intra-node visibility to make same node pod to pod traffic visible. | bool | | null | +| [enable_l4_ilb_subsetting](variables.tf#L133) | Enable L4ILB Subsetting. | bool | | null | +| [enable_shielded_nodes](variables.tf#L139) | Enable Shielded Nodes features on all nodes in this cluster. | bool | | null | +| [enable_tpu](variables.tf#L145) | Enable Cloud TPU resources in this cluster. | bool | | null | +| [labels](variables.tf#L151) | Cluster resource labels. | map(string) | | null | +| [logging_config](variables.tf#L162) | Logging configuration (enabled components). | list(string) | | null | +| [logging_service](variables.tf#L168) | Logging service (disable with an empty string). | string | | "logging.googleapis.com/kubernetes" | +| [maintenance_config](variables.tf#L174) | Maintenance window configuration | object({…}) | | {…} | +| [master_authorized_ranges](variables.tf#L200) | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | map(string) | | {} | +| [min_master_version](variables.tf#L206) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | +| [monitoring_config](variables.tf#L212) | Monitoring configuration (enabled components). | list(string) | | null | +| [monitoring_service](variables.tf#L218) | Monitoring service (disable with an empty string). | string | | "monitoring.googleapis.com/kubernetes" | +| [node_locations](variables.tf#L234) | Zones in which the cluster's nodes are located. | list(string) | | [] | +| [notification_config](variables.tf#L240) | GKE Cluster upgrade notifications via PubSub. | bool | | false | +| [peering_config](variables.tf#L246) | Configure peering with the master VPC for private clusters. | object({…}) | | null | +| [pod_security_policy](variables.tf#L256) | Enable the PodSecurityPolicy feature. | bool | | null | +| [private_cluster_config](variables.tf#L262) | Enable and configure private cluster, private nodes must be true if used. | object({…}) | | null | +| [release_channel](variables.tf#L278) | Release channel for GKE upgrades. | string | | null | +| [resource_usage_export_config](variables.tf#L284) | Configure the ResourceUsageExportConfig feature. | object({…}) | | {…} | +| [vertical_pod_autoscaling](variables.tf#L311) | Enable the Vertical Pod Autoscaling feature. | bool | | null | +| [workload_identity](variables.tf#L317) | Enable the Workload Identity feature. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| ca_certificate | Public certificate of the cluster (base64-encoded). | ✓ | -| cluster | Cluster resource. | ✓ | -| endpoint | Cluster endpoint. | | -| location | Cluster location. | | -| master_version | Master version. | | -| name | Cluster name. | | -| notifications | GKE PubSub notifications topic. | | +| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ | +| [cluster](outputs.tf#L23) | Cluster resource. | ✓ | +| [endpoint](outputs.tf#L29) | Cluster endpoint. | | +| [location](outputs.tf#L34) | Cluster location. | | +| [master_version](outputs.tf#L39) | Master version. | | +| [name](outputs.tf#L44) | Cluster name. | | +| [notifications](outputs.tf#L49) | GKE PubSub notifications topic. | | - diff --git a/modules/gke-nodepool/README.md b/modules/gke-nodepool/README.md index 8229b7bf..1cdeb25d 100644 --- a/modules/gke-nodepool/README.md +++ b/modules/gke-nodepool/README.md @@ -33,56 +33,53 @@ module "cluster-1-nodepool-1" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| cluster_name | Cluster name. | string | ✓ | | -| location | Cluster location. | string | ✓ | | -| project_id | Cluster project id. | string | ✓ | | -| autoscaling_config | Optional autoscaling configuration. | object({…}) | | null | -| gke_version | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string | | null | -| initial_node_count | Initial number of nodes for the pool. | number | | 1 | -| kubelet_config | Kubelet configuration. | object({…}) | | null | -| linux_node_config_sysctls | Linux node configuration. | map(string) | | null | -| management_config | Optional node management configuration. | object({…}) | | null | -| max_pods_per_node | Maximum number of pods per node. | number | | null | -| name | Optional nodepool name. | string | | null | -| node_boot_disk_kms_key | Customer Managed Encryption Key used to encrypt the boot disk attached to each node | string | | null | -| node_count | Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set. | number | | null | -| node_disk_size | Node disk size, defaults to 100GB. | number | | 100 | -| node_disk_type | Node disk type, defaults to pd-standard. | string | | "pd-standard" | -| node_guest_accelerator | Map of type and count of attached accelerator cards. | map(number) | | {} | -| node_image_type | Nodes image type. | string | | null | -| node_labels | Kubernetes labels attached to nodes. | map(string) | | {} | -| node_local_ssd_count | Number of local SSDs attached to nodes. | number | | 0 | -| node_locations | Optional list of zones in which nodes should be located. Uses cluster locations if unset. | list(string) | | null | -| node_machine_type | Nodes machine type. | string | | "n1-standard-1" | -| node_metadata | Metadata key/value pairs assigned to nodes. Set disable-legacy-endpoints to true when using this variable. | map(string) | | null | -| node_min_cpu_platform | Minimum CPU platform for nodes. | string | | null | -| node_preemptible | Use preemptible VMs for nodes. | bool | | null | -| node_sandbox_config | GKE Sandbox configuration. Needs image_type set to COS_CONTAINERD and node_version set to 1.12.7-gke.17 when using this variable. | string | | null | -| node_service_account | Service account email. Unused if service account is auto-created. | string | | null | -| node_service_account_create | Auto-create service account. | bool | | false | -| node_service_account_scopes | Scopes applied to service account. Default to: 'cloud-platform' when creating a service account; 'devstorage.read_only', 'logging.write', 'monitoring.write' otherwise. | list(string) | | [] | -| node_shielded_instance_config | Shielded instance options. | object({…}) | | null | -| node_tags | Network tags applied to nodes. | list(string) | | null | -| node_taints | Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule | list(string) | | [] | -| upgrade_config | Optional node upgrade configuration. | object({…}) | | null | -| workload_metadata_config | Metadata configuration to expose to workloads on the node pool. | string | | "GKE_METADATA" | +| [cluster_name](variables.tf#L26) | Cluster name. | string | ✓ | | +| [location](variables.tf#L59) | Cluster location. | string | ✓ | | +| [project_id](variables.tf#L210) | Cluster project id. | string | ✓ | | +| [autoscaling_config](variables.tf#L17) | Optional autoscaling configuration. | object({…}) | | null | +| [gke_version](variables.tf#L31) | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string | | null | +| [initial_node_count](variables.tf#L37) | Initial number of nodes for the pool. | number | | 1 | +| [kubelet_config](variables.tf#L43) | Kubelet configuration. | object({…}) | | null | +| [linux_node_config_sysctls](variables.tf#L53) | Linux node configuration. | map(string) | | null | +| [management_config](variables.tf#L64) | Optional node management configuration. | object({…}) | | null | +| [max_pods_per_node](variables.tf#L73) | Maximum number of pods per node. | number | | null | +| [name](variables.tf#L79) | Optional nodepool name. | string | | null | +| [node_boot_disk_kms_key](variables.tf#L85) | Customer Managed Encryption Key used to encrypt the boot disk attached to each node | string | | null | +| [node_count](variables.tf#L91) | Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set. | number | | null | +| [node_disk_size](variables.tf#L97) | Node disk size, defaults to 100GB. | number | | 100 | +| [node_disk_type](variables.tf#L103) | Node disk type, defaults to pd-standard. | string | | "pd-standard" | +| [node_guest_accelerator](variables.tf#L109) | Map of type and count of attached accelerator cards. | map(number) | | {} | +| [node_image_type](variables.tf#L115) | Nodes image type. | string | | null | +| [node_labels](variables.tf#L121) | Kubernetes labels attached to nodes. | map(string) | | {} | +| [node_local_ssd_count](variables.tf#L127) | Number of local SSDs attached to nodes. | number | | 0 | +| [node_locations](variables.tf#L132) | Optional list of zones in which nodes should be located. Uses cluster locations if unset. | list(string) | | null | +| [node_machine_type](variables.tf#L138) | Nodes machine type. | string | | "n1-standard-1" | +| [node_metadata](variables.tf#L144) | Metadata key/value pairs assigned to nodes. Set disable-legacy-endpoints to true when using this variable. | map(string) | | null | +| [node_min_cpu_platform](variables.tf#L150) | Minimum CPU platform for nodes. | string | | null | +| [node_preemptible](variables.tf#L156) | Use preemptible VMs for nodes. | bool | | null | +| [node_sandbox_config](variables.tf#L162) | GKE Sandbox configuration. Needs image_type set to COS_CONTAINERD and node_version set to 1.12.7-gke.17 when using this variable. | string | | null | +| [node_service_account](variables.tf#L168) | Service account email. Unused if service account is auto-created. | string | | null | +| [node_service_account_create](variables.tf#L174) | Auto-create service account. | bool | | false | +| [node_service_account_scopes](variables.tf#L182) | Scopes applied to service account. Default to: 'cloud-platform' when creating a service account; 'devstorage.read_only', 'logging.write', 'monitoring.write' otherwise. | list(string) | | [] | +| [node_shielded_instance_config](variables.tf#L188) | Shielded instance options. | object({…}) | | null | +| [node_tags](variables.tf#L197) | Network tags applied to nodes. | list(string) | | null | +| [node_taints](variables.tf#L203) | Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule | list(string) | | [] | +| [upgrade_config](variables.tf#L215) | Optional node upgrade configuration. | object({…}) | | null | +| [workload_metadata_config](variables.tf#L224) | Metadata configuration to expose to workloads on the node pool. | string | | "GKE_METADATA" | ## Outputs | name | description | sensitive | |---|---|:---:| -| name | Nodepool name. | | -| service_account | Service account resource. | | -| service_account_email | Service account email. | | -| service_account_iam_email | Service account email. | | +| [name](outputs.tf#L17) | Nodepool name. | | +| [service_account](outputs.tf#L22) | Service account resource. | | +| [service_account_email](outputs.tf#L31) | Service account email. | | +| [service_account_iam_email](outputs.tf#L36) | Service account email. | | - diff --git a/modules/iam-service-account/README.md b/modules/iam-service-account/README.md index cbe15b11..535f30f3 100644 --- a/modules/iam-service-account/README.md +++ b/modules/iam-service-account/README.md @@ -30,29 +30,29 @@ module "myproject-default-service-accounts" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Name of the service account to create. | string | ✓ | | -| project_id | Project id where service account will be created. | string | ✓ | | -| description | Optional description. | string | | null | -| display_name | Display name of the service account to create. | string | | "Terraform-managed." | -| generate_key | Generate a key for service account. | bool | | false | -| iam | IAM bindings on the service account in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_billing_roles | Billing account roles granted to the service account, by billing account id. Non-authoritative. | map(list(string)) | | {} | -| iam_folder_roles | Folder roles granted to the service account, by folder id. Non-authoritative. | map(list(string)) | | {} | -| iam_organization_roles | Organization roles granted to the service account, by organization id. Non-authoritative. | map(list(string)) | | {} | -| iam_project_roles | Project roles granted to the service account, by project id. | map(list(string)) | | {} | -| iam_storage_roles | Storage roles granted to the service account, by bucket name. | map(list(string)) | | {} | -| prefix | Prefix applied to service account names. | string | | null | -| public_keys_directory | Path to public keys data files to upload to the service account (should have `.pem` extension). | string | | "" | -| service_account_create | Create service account. When set to false, uses a data source to reference an existing service account. | bool | | true | +| [name](variables.tf#L71) | Name of the service account to create. | string | ✓ | | +| [project_id](variables.tf#L82) | Project id where service account will be created. | string | ✓ | | +| [description](variables.tf#L17) | Optional description. | string | | null | +| [display_name](variables.tf#L23) | Display name of the service account to create. | string | | "Terraform-managed." | +| [generate_key](variables.tf#L29) | Generate a key for service account. | bool | | false | +| [iam](variables.tf#L35) | IAM bindings on the service account in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_billing_roles](variables.tf#L41) | Billing account roles granted to the service account, by billing account id. Non-authoritative. | map(list(string)) | | {} | +| [iam_folder_roles](variables.tf#L47) | Folder roles granted to the service account, by folder id. Non-authoritative. | map(list(string)) | | {} | +| [iam_organization_roles](variables.tf#L53) | Organization roles granted to the service account, by organization id. Non-authoritative. | map(list(string)) | | {} | +| [iam_project_roles](variables.tf#L59) | Project roles granted to the service account, by project id. | map(list(string)) | | {} | +| [iam_storage_roles](variables.tf#L65) | Storage roles granted to the service account, by bucket name. | map(list(string)) | | {} | +| [prefix](variables.tf#L76) | Prefix applied to service account names. | string | | null | +| [public_keys_directory](variables.tf#L87) | Path to public keys data files to upload to the service account (should have `.pem` extension). | string | | "" | +| [service_account_create](variables.tf#L93) | Create service account. When set to false, uses a data source to reference an existing service account. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| email | Service account email. | | -| iam_email | IAM-format service account email. | | -| key | Service account key. | ✓ | -| service_account | Service account resource. | | -| service_account_credentials | Service account json credential templates for uploaded public keys data. | | +| [email](outputs.tf#L17) | Service account email. | | +| [iam_email](outputs.tf#L25) | IAM-format service account email. | | +| [key](outputs.tf#L33) | Service account key. | ✓ | +| [service_account](outputs.tf#L39) | Service account resource. | | +| [service_account_credentials](outputs.tf#L44) | Service account json credential templates for uploaded public keys data. | | diff --git a/modules/kms/README.md b/modules/kms/README.md index c58e8c56..173904ca 100644 --- a/modules/kms/README.md +++ b/modules/kms/README.md @@ -79,38 +79,32 @@ module "kms" { } # tftest:modules=1:resources=4 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| keyring | Keyring attributes. | object({…}) | ✓ | | -| project_id | Project id where the keyring will be created. | string | ✓ | | -| iam | Keyring IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_additive | Keyring IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| key_iam | Key IAM bindings in {KEY => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | -| key_iam_additive | Key IAM additive bindings in {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} | -| key_purpose | Per-key purpose, if not set defaults will be used. If purpose is not `ENCRYPT_DECRYPT` (the default), `version_template.algorithm` is required. | map(object({…})) | | {} | -| key_purpose_defaults | Defaults used for key purpose when not defined at the key level. If purpose is not `ENCRYPT_DECRYPT` (the default), `version_template.algorithm` is required. | object({…}) | | {…} | -| keyring_create | Set to false to manage keys and IAM bindings in an existing keyring. | bool | | true | -| keys | Key names and base attributes. Set attributes to null if not needed. | map(object({…})) | | {} | +| [keyring](variables.tf#L70) | Keyring attributes. | object({…}) | ✓ | | +| [project_id](variables.tf#L93) | Project id where the keyring will be created. | string | ✓ | | +| [iam](variables.tf#L17) | Keyring IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_additive](variables.tf#L23) | Keyring IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [key_iam](variables.tf#L29) | Key IAM bindings in {KEY => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | +| [key_iam_additive](variables.tf#L35) | Key IAM additive bindings in {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} | +| [key_purpose](variables.tf#L41) | Per-key purpose, if not set defaults will be used. If purpose is not `ENCRYPT_DECRYPT` (the default), `version_template.algorithm` is required. | map(object({…})) | | {} | +| [key_purpose_defaults](variables.tf#L53) | Defaults used for key purpose when not defined at the key level. If purpose is not `ENCRYPT_DECRYPT` (the default), `version_template.algorithm` is required. | object({…}) | | {…} | +| [keyring_create](variables.tf#L78) | Set to false to manage keys and IAM bindings in an existing keyring. | bool | | true | +| [keys](variables.tf#L84) | Key names and base attributes. Set attributes to null if not needed. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | Keyring self link. | | -| key_ids | Key self links. | | -| keyring | Keyring resource. | | -| keys | Key resources. | | -| location | Keyring location. | | -| name | Keyring name. | | +| [id](outputs.tf#L17) | Keyring self link. | | +| [key_ids](outputs.tf#L25) | Key self links. | | +| [keyring](outputs.tf#L36) | Keyring resource. | | +| [keys](outputs.tf#L44) | Key resources. | | +| [location](outputs.tf#L52) | Keyring location. | | +| [name](outputs.tf#L60) | Keyring name. | | - - - - diff --git a/modules/logging-bucket/README.md b/modules/logging-bucket/README.md index 79b4815e..b94b24a7 100644 --- a/modules/logging-bucket/README.md +++ b/modules/logging-bucket/README.md @@ -39,27 +39,23 @@ module "bucket-default" { } # tftest:modules=2:resources=2 ``` - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| id | Name of the logging bucket. | string | ✓ | | -| parent | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | string | ✓ | | -| parent_type | Parent object type for the bucket (project, folder, organization, billing_account). | string | ✓ | | -| description | Human-readable description for the logging bucket. | string | | null | -| location | Location of the bucket. | string | | "global" | -| retention | Retention time in days for the logging bucket. | number | | 30 | +| [id](variables.tf#L23) | Name of the logging bucket. | string | ✓ | | +| [parent](variables.tf#L34) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | string | ✓ | | +| [parent_type](variables.tf#L39) | Parent object type for the bucket (project, folder, organization, billing_account). | string | ✓ | | +| [description](variables.tf#L17) | Human-readable description for the logging bucket. | string | | null | +| [location](variables.tf#L28) | Location of the bucket. | string | | "global" | +| [retention](variables.tf#L44) | Retention time in days for the logging bucket. | number | | 30 | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | ID of the created bucket. | | +| [id](outputs.tf#L17) | ID of the created bucket. | | - diff --git a/modules/naming-convention/README.md b/modules/naming-convention/README.md index 4ef9d461..356a9223 100644 --- a/modules/naming-convention/README.md +++ b/modules/naming-convention/README.md @@ -64,29 +64,26 @@ module "project-tf" { name = module.names-org.names.prj.tf } ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| environment | Environment abbreviation used in names and labels. | string | ✓ | | -| resources | Short resource names by type. | map(list(string)) | ✓ | | -| team | Team name. | string | ✓ | | -| labels | Per-resource labels. | map(map(map(string))) | | {} | -| prefix | Optional name prefix. | string | | null | -| separator_override | Optional separator override for specific resource types. | map(string) | | {} | -| suffix | Optional name suffix. | string | | null | -| use_resource_prefixes | Prefix names with the resource type. | bool | | false | +| [environment](variables.tf#L17) | Environment abbreviation used in names and labels. | string | ✓ | | +| [resources](variables.tf#L34) | Short resource names by type. | map(list(string)) | ✓ | | +| [team](variables.tf#L51) | Team name. | string | ✓ | | +| [labels](variables.tf#L22) | Per-resource labels. | map(map(map(string))) | | {} | +| [prefix](variables.tf#L28) | Optional name prefix. | string | | null | +| [separator_override](variables.tf#L39) | Optional separator override for specific resource types. | map(string) | | {} | +| [suffix](variables.tf#L45) | Optional name suffix. | string | | null | +| [use_resource_prefixes](variables.tf#L56) | Prefix names with the resource type. | bool | | false | ## Outputs | name | description | sensitive | |---|---|:---:| -| labels | Per resource labels. | | -| names | Per resource names. | | +| [labels](outputs.tf#L17) | Per resource labels. | | +| [names](outputs.tf#L22) | Per resource names. | | - diff --git a/modules/net-address/README.md b/modules/net-address/README.md index e51f820e..fca3536d 100644 --- a/modules/net-address/README.md +++ b/modules/net-address/README.md @@ -83,31 +83,28 @@ module "addresses" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project where the addresses will be created. | string | ✓ | | -| external_addresses | Map of external address regions, keyed by name. | map(string) | | {} | -| global_addresses | List of global addresses to create. | list(string) | | [] | -| internal_addresses | Map of internal addresses to create, keyed by name. | map(object({…})) | | {} | -| internal_addresses_config | Optional configuration for internal addresses, keyed by name. Unused options can be set to null. | map(object({…})) | | {} | -| psa_addresses | Map of internal addresses used for Private Service Access. | map(object({…})) | | {} | -| psc_addresses | Map of internal addresses used for Private Service Connect. | map(object({…})) | | {} | +| [project_id](variables.tf#L60) | Project where the addresses will be created. | string | ✓ | | +| [external_addresses](variables.tf#L17) | Map of external address regions, keyed by name. | map(string) | | {} | +| [global_addresses](variables.tf#L29) | List of global addresses to create. | list(string) | | [] | +| [internal_addresses](variables.tf#L35) | Map of internal addresses to create, keyed by name. | map(object({…})) | | {} | +| [internal_addresses_config](variables.tf#L44) | Optional configuration for internal addresses, keyed by name. Unused options can be set to null. | map(object({…})) | | {} | +| [psa_addresses](variables.tf#L65) | Map of internal addresses used for Private Service Access. | map(object({…})) | | {} | +| [psc_addresses](variables.tf#L75) | Map of internal addresses used for Private Service Connect. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| external_addresses | Allocated external addresses. | | -| global_addresses | Allocated global external addresses. | | -| internal_addresses | Allocated internal addresses. | | -| psa_addresses | Allocated internal addresses for PSA endpoints. | | -| psc_addresses | Allocated internal addresses for PSC endpoints. | | +| [external_addresses](outputs.tf#L17) | Allocated external addresses. | | +| [global_addresses](outputs.tf#L28) | Allocated global external addresses. | | +| [internal_addresses](outputs.tf#L39) | Allocated internal addresses. | | +| [psa_addresses](outputs.tf#L50) | Allocated internal addresses for PSA endpoints. | | +| [psc_addresses](outputs.tf#L62) | Allocated internal addresses for PSC endpoints. | | - diff --git a/modules/net-cloudnat/README.md b/modules/net-cloudnat/README.md index 3dfe4e4d..9e34c165 100644 --- a/modules/net-cloudnat/README.md +++ b/modules/net-cloudnat/README.md @@ -14,37 +14,34 @@ module "nat" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Name of the Cloud NAT resource. | string | ✓ | | -| project_id | Project where resources will be created. | string | ✓ | | -| region | Region where resources will be created. | string | ✓ | | -| addresses | Optional list of external address self links. | list(string) | | [] | -| config_min_ports_per_vm | Minimum number of ports allocated to a VM from this NAT config. | number | | 64 | -| config_source_subnets | Subnetwork configuration (ALL_SUBNETWORKS_ALL_IP_RANGES, ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, LIST_OF_SUBNETWORKS). | string | | "ALL_SUBNETWORKS_ALL_IP_RANGES" | -| config_timeouts | Timeout configurations. | object({…}) | | {…} | -| logging_filter | Enables logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | null | -| router_asn | Router ASN used for auto-created router. | number | | 64514 | -| router_create | Create router. | bool | | true | -| router_name | Router name, leave blank if router will be created to use auto generated name. | string | | null | -| router_network | Name of the VPC used for auto-created router. | string | | null | -| subnetworks | Subnetworks to NAT, only used when config_source_subnets equals LIST_OF_SUBNETWORKS. | list(object({…})) | | [] | +| [name](variables.tf#L57) | Name of the Cloud NAT resource. | string | ✓ | | +| [project_id](variables.tf#L62) | Project where resources will be created. | string | ✓ | | +| [region](variables.tf#L67) | Region where resources will be created. | string | ✓ | | +| [addresses](variables.tf#L17) | Optional list of external address self links. | list(string) | | [] | +| [config_min_ports_per_vm](variables.tf#L23) | Minimum number of ports allocated to a VM from this NAT config. | number | | 64 | +| [config_source_subnets](variables.tf#L29) | Subnetwork configuration (ALL_SUBNETWORKS_ALL_IP_RANGES, ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, LIST_OF_SUBNETWORKS). | string | | "ALL_SUBNETWORKS_ALL_IP_RANGES" | +| [config_timeouts](variables.tf#L35) | Timeout configurations. | object({…}) | | {…} | +| [logging_filter](variables.tf#L51) | Enables logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | null | +| [router_asn](variables.tf#L72) | Router ASN used for auto-created router. | number | | 64514 | +| [router_create](variables.tf#L78) | Create router. | bool | | true | +| [router_name](variables.tf#L84) | Router name, leave blank if router will be created to use auto generated name. | string | | null | +| [router_network](variables.tf#L90) | Name of the VPC used for auto-created router. | string | | null | +| [subnetworks](variables.tf#L96) | Subnetworks to NAT, only used when config_source_subnets equals LIST_OF_SUBNETWORKS. | list(object({…})) | | [] | ## Outputs | name | description | sensitive | |---|---|:---:| -| name | Name of the Cloud NAT. | | -| nat_ip_allocate_option | NAT IP allocation mode. | | -| region | Cloud NAT region. | | -| router | Cloud NAT router resources (if auto created). | | -| router_name | Cloud NAT router name. | | +| [name](outputs.tf#L17) | Name of the Cloud NAT. | | +| [nat_ip_allocate_option](outputs.tf#L22) | NAT IP allocation mode. | | +| [region](outputs.tf#L27) | Cloud NAT region. | | +| [router](outputs.tf#L32) | Cloud NAT router resources (if auto created). | | +| [router_name](outputs.tf#L41) | Cloud NAT router name. | | - diff --git a/modules/net-ilb/README.md b/modules/net-ilb/README.md index 9e2b0f79..3404a6d2 100644 --- a/modules/net-ilb/README.md +++ b/modules/net-ilb/README.md @@ -107,48 +107,45 @@ module "ilb" { } # tftest:modules=3:resources=7 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| backends | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | ✓ | | -| name | Name used for all resources. | string | ✓ | | -| network | Network used for resources. | string | ✓ | | -| project_id | Project id where resources will be created. | string | ✓ | | -| region | GCP region. | string | ✓ | | -| subnetwork | Subnetwork used for the forwarding rule. | string | ✓ | | -| address | Optional IP address used for the forwarding rule. | string | | null | -| backend_config | Optional backend configuration. | object({…}) | | null | -| failover_config | Optional failover configuration. | object({…}) | | null | -| global_access | Global access, defaults to false if not set. | bool | | null | -| group_configs | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | -| health_check | Name of existing health check to use, disables auto-created health check. | string | | null | -| health_check_config | Configuration of the auto-created helth check. | object({…}) | | {…} | -| labels | Labels set on resources. | map(string) | | {} | -| ports | Comma-separated ports, leave null to use all ports. | list(string) | | null | -| protocol | IP protocol used, defaults to TCP. | string | | "TCP" | -| service_label | Optional prefix of the fully qualified forwarding rule name. | string | | null | +| [backends](variables.tf#L33) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | ✓ | | +| [name](variables.tf#L98) | Name used for all resources. | string | ✓ | | +| [network](variables.tf#L103) | Network used for resources. | string | ✓ | | +| [project_id](variables.tf#L114) | Project id where resources will be created. | string | ✓ | | +| [region](variables.tf#L125) | GCP region. | string | ✓ | | +| [subnetwork](variables.tf#L136) | Subnetwork used for the forwarding rule. | string | ✓ | | +| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | +| [backend_config](variables.tf#L23) | Optional backend configuration. | object({…}) | | null | +| [failover_config](variables.tf#L42) | Optional failover configuration. | object({…}) | | null | +| [global_access](variables.tf#L52) | Global access, defaults to false if not set. | bool | | null | +| [group_configs](variables.tf#L58) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L68) | Name of existing health check to use, disables auto-created health check. | string | | null | +| [health_check_config](variables.tf#L74) | Configuration of the auto-created helth check. | object({…}) | | {…} | +| [labels](variables.tf#L92) | Labels set on resources. | map(string) | | {} | +| [ports](variables.tf#L108) | Comma-separated ports, leave null to use all ports. | list(string) | | null | +| [protocol](variables.tf#L119) | IP protocol used, defaults to TCP. | string | | "TCP" | +| [service_label](variables.tf#L130) | Optional prefix of the fully qualified forwarding rule name. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| backend | Backend resource. | | -| backend_id | Backend id. | | -| backend_self_link | Backend self link. | | -| forwarding_rule | Forwarding rule resource. | | -| forwarding_rule_address | Forwarding rule address. | | -| forwarding_rule_id | Forwarding rule id. | | -| forwarding_rule_self_link | Forwarding rule self link. | | -| group_self_links | Optional unmanaged instance group self links. | | -| groups | Optional unmanaged instance group resources. | | -| health_check | Auto-created health-check resource. | | -| health_check_self_id | Auto-created health-check self id. | | -| health_check_self_link | Auto-created health-check self link. | | +| [backend](outputs.tf#L17) | Backend resource. | | +| [backend_id](outputs.tf#L22) | Backend id. | | +| [backend_self_link](outputs.tf#L27) | Backend self link. | | +| [forwarding_rule](outputs.tf#L32) | Forwarding rule resource. | | +| [forwarding_rule_address](outputs.tf#L37) | Forwarding rule address. | | +| [forwarding_rule_id](outputs.tf#L42) | Forwarding rule id. | | +| [forwarding_rule_self_link](outputs.tf#L47) | Forwarding rule self link. | | +| [group_self_links](outputs.tf#L52) | Optional unmanaged instance group self links. | | +| [groups](outputs.tf#L59) | Optional unmanaged instance group resources. | | +| [health_check](outputs.tf#L64) | Auto-created health-check resource. | | +| [health_check_self_id](outputs.tf#L69) | Auto-created health-check self id. | | +| [health_check_self_link](outputs.tf#L74) | Auto-created health-check self link. | | - diff --git a/modules/net-interconnect-attachment-direct/README.md b/modules/net-interconnect-attachment-direct/README.md index 85fd6b60..fdc174a2 100644 --- a/modules/net-interconnect-attachment-direct/README.md +++ b/modules/net-interconnect-attachment-direct/README.md @@ -103,33 +103,30 @@ module "vlan-attachment-2" { } # tftest:modules=2:resources=8 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| interconnect | URL of the underlying Interconnect object that this attachment's traffic will traverse through. | string | ✓ | | -| peer | Peer Ip address and asn. Only IPv4 supported | object({…}) | ✓ | | -| project_id | The project containing the resources | string | ✓ | | -| router_config | Router asn and custom advertisement configuration, ip_ranges is a map of address ranges and descriptions.. | object({…} | ✓ | | -| bgp | Bgp session parameters | object({…}) | | null | -| config | VLAN attachment parameters: description, vlan_id, bandwidth, admin_enabled, interconnect | object({…}) | | {…} | -| name | The name of the vlan attachment | string | | "vlan-attachment" | -| region | Region where the router resides | string | | "europe-west1-b" | -| router_create | Create router. | bool | | true | -| router_name | Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use vlan attachment name for auto created router. | string | | "router-vlan-attachment" | -| router_network | A reference to the network to which this router belongs | string | | null | +| [interconnect](variables.tf#L46) | URL of the underlying Interconnect object that this attachment's traffic will traverse through. | string | ✓ | | +| [peer](variables.tf#L57) | Peer Ip address and asn. Only IPv4 supported | object({…}) | ✓ | | +| [project_id](variables.tf#L65) | The project containing the resources | string | ✓ | | +| [router_config](variables.tf#L76) | Router asn and custom advertisement configuration, ip_ranges is a map of address ranges and descriptions.. | object({…} | ✓ | | +| [bgp](variables.tf#L17) | Bgp session parameters | object({…}) | | null | +| [config](variables.tf#L28) | VLAN attachment parameters: description, vlan_id, bandwidth, admin_enabled, interconnect | object({…}) | | {…} | +| [name](variables.tf#L51) | The name of the vlan attachment | string | | "vlan-attachment" | +| [region](variables.tf#L70) | Region where the router resides | string | | "europe-west1-b" | +| [router_create](variables.tf#L95) | Create router. | bool | | true | +| [router_name](variables.tf#L101) | Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use vlan attachment name for auto created router. | string | | "router-vlan-attachment" | +| [router_network](variables.tf#L107) | A reference to the network to which this router belongs | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| bgpsession | bgp session | | -| interconnect_attachment | interconnect attachment | | -| router | Router resource (only if auto-created). | | +| [bgpsession](outputs.tf#L16) | bgp session | | +| [interconnect_attachment](outputs.tf#L21) | interconnect attachment | | +| [router](outputs.tf#L26) | Router resource (only if auto-created). | | - diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index 852d2df2..686d18af 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -123,36 +123,33 @@ healthchecks: - 209.85.204.0/22 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| network | Name of the network this set of firewall rules applies to. | string | ✓ | | -| project_id | Project id of the project that holds the network. | string | ✓ | | -| admin_ranges | IP CIDR ranges that have complete access to all subnets. | list(string) | | [] | -| cidr_template_file | Path for optional file containing name->cidr_list map to be used by the rules factory. | string | | null | -| custom_rules | List of custom rule definitions (refer to variables file for syntax). | map(object({…})) | | {} | -| data_folder | Path for optional folder containing firewall rules defined as YaML objects used by the rules factory. | string | | null | -| http_source_ranges | List of IP CIDR ranges for tag-based HTTP rule, defaults to the health checkers ranges. | list(string) | | ["35.191.0.0/16", "130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22"] | -| https_source_ranges | List of IP CIDR ranges for tag-based HTTPS rule, defaults to the health checkers ranges. | list(string) | | ["35.191.0.0/16", "130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22"] | -| named_ranges | Names that can be used of valid values for the `ranges` field of `custom_rules` | map(list(string)) | | {…} | -| ssh_source_ranges | List of IP CIDR ranges for tag-based SSH rule, defaults to the IAP forwarders range. | list(string) | | ["35.235.240.0/20"] | +| [network](variables.tf#L80) | Name of the network this set of firewall rules applies to. | string | ✓ | | +| [project_id](variables.tf#L85) | Project id of the project that holds the network. | string | ✓ | | +| [admin_ranges](variables.tf#L17) | IP CIDR ranges that have complete access to all subnets. | list(string) | | [] | +| [cidr_template_file](variables.tf#L23) | Path for optional file containing name->cidr_list map to be used by the rules factory. | string | | null | +| [custom_rules](variables.tf#L29) | List of custom rule definitions (refer to variables file for syntax). | map(object({…})) | | {} | +| [data_folder](variables.tf#L48) | Path for optional folder containing firewall rules defined as YaML objects used by the rules factory. | string | | null | +| [http_source_ranges](variables.tf#L54) | List of IP CIDR ranges for tag-based HTTP rule, defaults to the health checkers ranges. | list(string) | | ["35.191.0.0/16", "130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22"] | +| [https_source_ranges](variables.tf#L60) | List of IP CIDR ranges for tag-based HTTPS rule, defaults to the health checkers ranges. | list(string) | | ["35.191.0.0/16", "130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22"] | +| [named_ranges](variables.tf#L66) | Names that can be used of valid values for the `ranges` field of `custom_rules` | map(list(string)) | | {…} | +| [ssh_source_ranges](variables.tf#L90) | List of IP CIDR ranges for tag-based SSH rule, defaults to the IAP forwarders range. | list(string) | | ["35.235.240.0/20"] | ## Outputs | name | description | sensitive | |---|---|:---:| -| admin_ranges | Admin ranges data. +| [admin_ranges](outputs.tf#L17) | Admin ranges data. value = { enabled = length(var.admin_ranges) > 0 ranges = join(",", var.admin_ranges) } | | -| custom_egress_allow_rules | Custom egress rules with allow blocks. | | -| custom_egress_deny_rules | Custom egress rules with allow blocks. | | -| custom_ingress_allow_rules | Custom ingress rules with allow blocks. | | -| custom_ingress_deny_rules | Custom ingress rules with deny blocks. | | -| rules | All google_compute_firewall resources created. | | +| [custom_egress_allow_rules](outputs.tf#L26) | Custom egress rules with allow blocks. | | +| [custom_egress_deny_rules](outputs.tf#L34) | Custom egress rules with allow blocks. | | +| [custom_ingress_allow_rules](outputs.tf#L42) | Custom ingress rules with allow blocks. | | +| [custom_ingress_deny_rules](outputs.tf#L50) | Custom ingress rules with deny blocks. | | +| [rules](outputs.tf#L58) | All google_compute_firewall resources created. | | - diff --git a/modules/net-vpc-peering/README.md b/modules/net-vpc-peering/README.md index 61cf4f4d..394f5ae9 100644 --- a/modules/net-vpc-peering/README.md +++ b/modules/net-vpc-peering/README.md @@ -40,27 +40,24 @@ module "peering-a-c" { } # tftest:modules=2:resources=4 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| local_network | Resource link of the network to add a peering to. | string | ✓ | | -| peer_network | Resource link of the peer network. | string | ✓ | | -| export_local_custom_routes | Export custom routes to peer network from local network. | bool | | false | -| export_peer_custom_routes | Export custom routes to local network from peer network. | bool | | false | -| peer_create_peering | Create the peering on the remote side. If false, only the peering from this network to the remote network is created. | bool | | true | -| prefix | Name prefix for the network peerings. | string | | "network-peering" | +| [local_network](variables.tf#L30) | Resource link of the network to add a peering to. | string | ✓ | | +| [peer_network](variables.tf#L41) | Resource link of the peer network. | string | ✓ | | +| [export_local_custom_routes](variables.tf#L18) | Export custom routes to peer network from local network. | bool | | false | +| [export_peer_custom_routes](variables.tf#L24) | Export custom routes to local network from peer network. | bool | | false | +| [peer_create_peering](variables.tf#L35) | Create the peering on the remote side. If false, only the peering from this network to the remote network is created. | bool | | true | +| [prefix](variables.tf#L46) | Name prefix for the network peerings. | string | | "network-peering" | ## Outputs | name | description | sensitive | |---|---|:---:| -| local_network_peering | Network peering resource. | | -| peer_network_peering | Peer network peering resource. | | +| [local_network_peering](outputs.tf#L17) | Network peering resource. | | +| [peer_network_peering](outputs.tf#L22) | Peer network peering resource. | | - diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 3f2051f2..7754ae9b 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -201,56 +201,52 @@ flow_logs: # enable, set to empty map to use defaults - flow_sampling: 0.5 - metadata: "INCLUDE_ALL_METADATA" ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | The name of the network being created | string | ✓ | | -| project_id | The ID of the project where this VPC will be created | string | ✓ | | -| auto_create_subnetworks | Set to true to create an auto mode subnet, defaults to custom mode. | bool | | false | -| data_folder | An optional folder containing the subnet configurations in YaML format. | string | | null | -| delete_default_routes_on_create | Set to true to delete the default routes at creation time. | bool | | false | -| description | An optional description of this resource (triggers recreation on change). | string | | "Terraform-managed." | -| dns_policy | DNS policy setup for the VPC. | object({…}) | | null | -| iam | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} | -| log_config_defaults | Default configuration for flow logs when enabled. | object({…}) | | {…} | -| log_configs | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | map(map(string)) | | {} | -| mtu | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes. | | | null | -| peering_config | VPC peering configuration. | object({…}) | | null | -| peering_create_remote_end | Skip creation of peering on the remote end when using peering_config | bool | | true | -| psn_ranges | CIDR ranges used for Google services that support Private Service Networking. | list(string) | | null | -| routes | Network routes, keyed by name. | map(object({…})) | | {} | -| routing_mode | The network routing mode (default 'GLOBAL') | string | | "GLOBAL" | -| shared_vpc_host | Enable shared VPC for this project. | bool | | false | -| shared_vpc_service_projects | Shared VPC service projects to register with this host | list(string) | | [] | -| subnet_descriptions | Optional map of subnet descriptions, keyed by subnet 'region/name'. | map(string) | | {} | -| subnet_flow_logs | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | map(bool) | | {} | -| subnet_private_access | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | map(bool) | | {} | -| subnets | List of subnets being created. | list(object({…})) | | [] | -| subnets_l7ilb | List of subnets for private HTTPS load balancer. | list(object({…})) | | [] | -| vpc_create | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true | +| [name](variables.tf#L85) | The name of the network being created | string | ✓ | | +| [project_id](variables.tf#L106) | The ID of the project where this VPC will be created | string | ✓ | | +| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | bool | | false | +| [data_folder](variables.tf#L23) | An optional folder containing the subnet configurations in YaML format. | string | | null | +| [delete_default_routes_on_create](variables.tf#L29) | Set to true to delete the default routes at creation time. | bool | | false | +| [description](variables.tf#L35) | An optional description of this resource (triggers recreation on change). | string | | "Terraform-managed." | +| [dns_policy](variables.tf#L41) | DNS policy setup for the VPC. | object({…}) | | null | +| [iam](variables.tf#L54) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} | +| [log_config_defaults](variables.tf#L60) | Default configuration for flow logs when enabled. | object({…}) | | {…} | +| [log_configs](variables.tf#L74) | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | map(map(string)) | | {} | +| [mtu](variables.tf#L80) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes. | | | null | +| [peering_config](variables.tf#L90) | VPC peering configuration. | object({…}) | | null | +| [peering_create_remote_end](variables.tf#L100) | Skip creation of peering on the remote end when using peering_config | bool | | true | +| [psn_ranges](variables.tf#L111) | CIDR ranges used for Google services that support Private Service Networking. | list(string) | | null | +| [routes](variables.tf#L124) | Network routes, keyed by name. | map(object({…})) | | {} | +| [routing_mode](variables.tf#L136) | The network routing mode (default 'GLOBAL') | string | | "GLOBAL" | +| [shared_vpc_host](variables.tf#L146) | Enable shared VPC for this project. | bool | | false | +| [shared_vpc_service_projects](variables.tf#L152) | Shared VPC service projects to register with this host | list(string) | | [] | +| [subnet_descriptions](variables.tf#L158) | Optional map of subnet descriptions, keyed by subnet 'region/name'. | map(string) | | {} | +| [subnet_flow_logs](variables.tf#L164) | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | map(bool) | | {} | +| [subnet_private_access](variables.tf#L170) | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | map(bool) | | {} | +| [subnets](variables.tf#L176) | List of subnets being created. | list(object({…})) | | [] | +| [subnets_l7ilb](variables.tf#L187) | List of subnets for private HTTPS load balancer. | list(object({…})) | | [] | +| [vpc_create](variables.tf#L198) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| bindings | Subnet IAM bindings. | | -| name | The name of the VPC being created. | | -| network | Network resource. | | -| project_id | Project ID containing the network. Use this when you need to create resources *after* the VPC is fully set up (e.g. subnets created, shared VPC service projects attached, Private Service Networking configured). | | -| self_link | The URI of the VPC being created. | | -| subnet_ips | Map of subnet address ranges keyed by name. | | -| subnet_regions | Map of subnet regions keyed by name. | | -| subnet_secondary_ranges | Map of subnet secondary ranges keyed by name. | | -| subnet_self_links | Map of subnet self links keyed by name. | | -| subnets | Subnet resources. | | -| subnets_l7ilb | L7 ILB subnet resources. | | +| [bindings](outputs.tf#L17) | Subnet IAM bindings. | | +| [name](outputs.tf#L22) | The name of the VPC being created. | | +| [network](outputs.tf#L34) | Network resource. | | +| [project_id](outputs.tf#L46) | Project ID containing the network. Use this when you need to create resources *after* the VPC is fully set up (e.g. subnets created, shared VPC service projects attached, Private Service Networking configured). | | +| [self_link](outputs.tf#L59) | The URI of the VPC being created. | | +| [subnet_ips](outputs.tf#L71) | Map of subnet address ranges keyed by name. | | +| [subnet_regions](outputs.tf#L78) | Map of subnet regions keyed by name. | | +| [subnet_secondary_ranges](outputs.tf#L85) | Map of subnet secondary ranges keyed by name. | | +| [subnet_self_links](outputs.tf#L96) | Map of subnet self links keyed by name. | | +| [subnets](outputs.tf#L102) | Subnet resources. | | +| [subnets_l7ilb](outputs.tf#L107) | L7 ILB subnet resources. | | - - The key format is `subnet_region/subnet_name`. For example `europe-west1/my_subnet`. diff --git a/modules/net-vpn-dynamic/README.md b/modules/net-vpn-dynamic/README.md index 7b1b0ca1..0cabf0bf 100644 --- a/modules/net-vpn-dynamic/README.md +++ b/modules/net-vpn-dynamic/README.md @@ -38,41 +38,38 @@ module "vpn-dynamic" { } # tftest:modules=1:resources=10 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | VPN gateway name, and prefix used for dependent resources. | string | ✓ | | -| network | VPC used for the gateway and routes. | string | ✓ | | -| project_id | Project where resources will be created. | string | ✓ | | -| region | Region used for resources. | string | ✓ | | -| gateway_address | Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. | string | | "" | -| gateway_address_create | Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. | bool | | true | -| route_priority | Route priority, defaults to 1000. | number | | 1000 | -| router_advertise_config | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | object({…}) | | null | -| router_asn | Router ASN used for auto-created router. | number | | 64514 | -| router_create | Create router. | bool | | true | -| router_name | Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. | string | | "" | -| tunnels | VPN tunnel configurations, bgp_peer_options is usually null. | map(object({…})) | | {} | +| [name](variables.tf#L29) | VPN gateway name, and prefix used for dependent resources. | string | ✓ | | +| [network](variables.tf#L34) | VPC used for the gateway and routes. | string | ✓ | | +| [project_id](variables.tf#L39) | Project where resources will be created. | string | ✓ | | +| [region](variables.tf#L44) | Region used for resources. | string | ✓ | | +| [gateway_address](variables.tf#L17) | Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. | string | | "" | +| [gateway_address_create](variables.tf#L23) | Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. | bool | | true | +| [route_priority](variables.tf#L49) | Route priority, defaults to 1000. | number | | 1000 | +| [router_advertise_config](variables.tf#L55) | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | object({…}) | | null | +| [router_asn](variables.tf#L65) | Router ASN used for auto-created router. | number | | 64514 | +| [router_create](variables.tf#L71) | Create router. | bool | | true | +| [router_name](variables.tf#L77) | Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. | string | | "" | +| [tunnels](variables.tf#L83) | VPN tunnel configurations, bgp_peer_options is usually null. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| address | VPN gateway address. | | -| gateway | VPN gateway resource. | | -| name | VPN gateway name. | | -| random_secret | Generated secret. | | -| router | Router resource (only if auto-created). | | -| router_name | Router name. | | -| self_link | VPN gateway self link. | | -| tunnel_names | VPN tunnel names. | | -| tunnel_self_links | VPN tunnel self links. | | -| tunnels | VPN tunnel resources. | | +| [address](outputs.tf#L17) | VPN gateway address. | | +| [gateway](outputs.tf#L22) | VPN gateway resource. | | +| [name](outputs.tf#L27) | VPN gateway name. | | +| [random_secret](outputs.tf#L32) | Generated secret. | | +| [router](outputs.tf#L38) | Router resource (only if auto-created). | | +| [router_name](outputs.tf#L43) | Router name. | | +| [self_link](outputs.tf#L48) | VPN gateway self link. | | +| [tunnel_names](outputs.tf#L53) | VPN tunnel names. | | +| [tunnel_self_links](outputs.tf#L61) | VPN tunnel self links. | | +| [tunnels](outputs.tf#L69) | VPN tunnel resources. | | - diff --git a/modules/net-vpn-ha/README.md b/modules/net-vpn-ha/README.md index 7f4317ab..67d4cd8c 100644 --- a/modules/net-vpn-ha/README.md +++ b/modules/net-vpn-ha/README.md @@ -138,44 +138,41 @@ module "vpn_ha" { } # tftest:modules=1:resources=10 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | string | ✓ | | -| network | VPC used for the gateway and routes. | string | ✓ | | -| project_id | Project where resources will be created. | string | ✓ | | -| region | Region used for resources. | string | ✓ | | -| peer_external_gateway | Configuration of an external VPN gateway to which this VPN is connected. | object({…}) | | null | -| peer_gcp_gateway | Self Link URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. | string | | null | -| route_priority | Route priority, defaults to 1000. | number | | 1000 | -| router_advertise_config | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | object({…}) | | null | -| router_asn | Router ASN used for auto-created router. | number | | 64514 | -| router_create | Create router. | bool | | true | -| router_name | Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router. | string | | "" | -| tunnels | VPN tunnel configurations, bgp_peer_options is usually null. | map(object({…})) | | {} | -| vpn_gateway | HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`. | string | | null | -| vpn_gateway_create | Create HA VPN Gateway. | bool | | true | +| [name](variables.tf#L17) | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | string | ✓ | | +| [network](variables.tf#L22) | VPC used for the gateway and routes. | string | ✓ | | +| [project_id](variables.tf#L45) | Project where resources will be created. | string | ✓ | | +| [region](variables.tf#L50) | Region used for resources. | string | ✓ | | +| [peer_external_gateway](variables.tf#L27) | Configuration of an external VPN gateway to which this VPN is connected. | object({…}) | | null | +| [peer_gcp_gateway](variables.tf#L39) | Self Link URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. | string | | null | +| [route_priority](variables.tf#L55) | Route priority, defaults to 1000. | number | | 1000 | +| [router_advertise_config](variables.tf#L61) | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | object({…}) | | null | +| [router_asn](variables.tf#L71) | Router ASN used for auto-created router. | number | | 64514 | +| [router_create](variables.tf#L77) | Create router. | bool | | true | +| [router_name](variables.tf#L83) | Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router. | string | | "" | +| [tunnels](variables.tf#L89) | VPN tunnel configurations, bgp_peer_options is usually null. | map(object({…})) | | {} | +| [vpn_gateway](variables.tf#L114) | HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`. | string | | null | +| [vpn_gateway_create](variables.tf#L120) | Create HA VPN Gateway. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| -| bgp_peers | BGP peer resources. | | -| external_gateway | External VPN gateway resource. | | -| gateway | VPN gateway resource (only if auto-created). | | -| name | VPN gateway name (only if auto-created). | | -| random_secret | Generated secret. | | -| router | Router resource (only if auto-created). | | -| router_name | Router name. | | -| self_link | HA VPN gateway self link. | | -| tunnel_names | VPN tunnel names. | | -| tunnel_self_links | VPN tunnel self links. | | -| tunnels | VPN tunnel resources. | | +| [bgp_peers](outputs.tf#L18) | BGP peer resources. | | +| [external_gateway](outputs.tf#L25) | External VPN gateway resource. | | +| [gateway](outputs.tf#L34) | VPN gateway resource (only if auto-created). | | +| [name](outputs.tf#L43) | VPN gateway name (only if auto-created). | | +| [random_secret](outputs.tf#L52) | Generated secret. | | +| [router](outputs.tf#L57) | Router resource (only if auto-created). | | +| [router_name](outputs.tf#L66) | Router name. | | +| [self_link](outputs.tf#L71) | HA VPN gateway self link. | | +| [tunnel_names](outputs.tf#L76) | VPN tunnel names. | | +| [tunnel_self_links](outputs.tf#L84) | VPN tunnel self links. | | +| [tunnels](outputs.tf#L92) | VPN tunnel resources. | | - diff --git a/modules/net-vpn-static/README.md b/modules/net-vpn-static/README.md index 6eba9b20..6ac11b7b 100644 --- a/modules/net-vpn-static/README.md +++ b/modules/net-vpn-static/README.md @@ -31,36 +31,33 @@ module "vpn" { } # tftest:modules=2:resources=8 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | VPN gateway name, and prefix used for dependent resources. | string | ✓ | | -| network | VPC used for the gateway and routes. | string | ✓ | | -| project_id | Project where resources will be created. | string | ✓ | | -| region | Region used for resources. | string | ✓ | | -| gateway_address | Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. | string | | "" | -| gateway_address_create | Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. | bool | | true | -| remote_ranges | Remote IP CIDR ranges. | list(string) | | [] | -| route_priority | Route priority, defaults to 1000. | number | | 1000 | -| tunnels | VPN tunnel configurations. | map(object({…})) | | {} | +| [name](variables.tf#L29) | VPN gateway name, and prefix used for dependent resources. | string | ✓ | | +| [network](variables.tf#L34) | VPC used for the gateway and routes. | string | ✓ | | +| [project_id](variables.tf#L39) | Project where resources will be created. | string | ✓ | | +| [region](variables.tf#L44) | Region used for resources. | string | ✓ | | +| [gateway_address](variables.tf#L17) | Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. | string | | "" | +| [gateway_address_create](variables.tf#L23) | Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. | bool | | true | +| [remote_ranges](variables.tf#L49) | Remote IP CIDR ranges. | list(string) | | [] | +| [route_priority](variables.tf#L55) | Route priority, defaults to 1000. | number | | 1000 | +| [tunnels](variables.tf#L61) | VPN tunnel configurations. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| address | VPN gateway address. | | -| gateway | VPN gateway resource. | | -| name | VPN gateway name. | | -| random_secret | Generated secret. | | -| self_link | VPN gateway self link. | | -| tunnel_names | VPN tunnel names. | | -| tunnel_self_links | VPN tunnel self links. | | -| tunnels | VPN tunnel resources. | | +| [address](outputs.tf#L17) | VPN gateway address. | | +| [gateway](outputs.tf#L22) | VPN gateway resource. | | +| [name](outputs.tf#L27) | VPN gateway name. | | +| [random_secret](outputs.tf#L32) | Generated secret. | | +| [self_link](outputs.tf#L37) | VPN gateway self link. | | +| [tunnel_names](outputs.tf#L42) | VPN tunnel names. | | +| [tunnel_self_links](outputs.tf#L50) | VPN tunnel self links. | | +| [tunnels](outputs.tf#L58) | VPN tunnel resources. | | - diff --git a/modules/organization/README.md b/modules/organization/README.md index 91e77621..a5395801 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -237,44 +237,39 @@ module "org" { } # tftest:modules=1:resources=2 ``` - - - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| organization_id | Organization id in organizations/nnnnnn format. | string | ✓ | | -| contacts | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | map(list(string)) | | {} | -| custom_roles | Map of role name => list of permissions to create in this project. | map(list(string)) | | {} | -| firewall_policies | Hierarchical firewall policy rules created in the organization. | map(map(object({…}))) | | {} | -| firewall_policy_association | The hierarchical firewall policy to associate to this folder. Must be either a key in the `firewall_policies` map or the id of a policy defined somewhere else. | map(string) | | {} | -| firewall_policy_factory | Configuration for the firewall policy factory. | object({…}) | | null | -| group_iam | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable. | map(list(string)) | | {} | -| iam | IAM bindings, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_additive | Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_additive_members | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) | | {} | -| iam_audit_config | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | map(map(list(string))) | | {} | -| iam_audit_config_authoritative | IAM Authoritative service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. Audit config should also be authoritative when using authoritative bindings. Use with caution. | map(map(list(string))) | | null | -| iam_bindings_authoritative | IAM authoritative bindings, in {ROLE => [MEMBERS]} format. Roles and members not explicitly listed will be cleared. Bindings should also be authoritative when using authoritative audit config. Use with caution. | map(list(string)) | | null | -| logging_exclusions | Logging exclusions for this organization in the form {NAME -> FILTER}. | map(string) | | {} | -| logging_sinks | Logging sinks to create for this organization. | map(object({…})) | | {} | -| policy_boolean | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | -| policy_list | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({…})) | | {} | +| [organization_id](variables.tf#L142) | Organization id in organizations/nnnnnn format. | string | ✓ | | +| [contacts](variables.tf#L17) | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | map(list(string)) | | {} | +| [custom_roles](variables.tf#L23) | Map of role name => list of permissions to create in this project. | map(list(string)) | | {} | +| [firewall_policies](variables.tf#L29) | Hierarchical firewall policy rules created in the organization. | map(map(object({…}))) | | {} | +| [firewall_policy_association](variables.tf#L46) | The hierarchical firewall policy to associate to this folder. Must be either a key in the `firewall_policies` map or the id of a policy defined somewhere else. | map(string) | | {} | +| [firewall_policy_factory](variables.tf#L52) | Configuration for the firewall policy factory. | object({…}) | | null | +| [group_iam](variables.tf#L62) | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable. | map(list(string)) | | {} | +| [iam](variables.tf#L68) | IAM bindings, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_additive](variables.tf#L74) | Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_additive_members](variables.tf#L80) | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) | | {} | +| [iam_audit_config](variables.tf#L86) | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | map(map(list(string))) | | {} | +| [iam_audit_config_authoritative](variables.tf#L97) | IAM Authoritative service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. Audit config should also be authoritative when using authoritative bindings. Use with caution. | map(map(list(string))) | | null | +| [iam_bindings_authoritative](variables.tf#L108) | IAM authoritative bindings, in {ROLE => [MEMBERS]} format. Roles and members not explicitly listed will be cleared. Bindings should also be authoritative when using authoritative audit config. Use with caution. | map(list(string)) | | null | +| [logging_exclusions](variables.tf#L114) | Logging exclusions for this organization in the form {NAME -> FILTER}. | map(string) | | {} | +| [logging_sinks](variables.tf#L120) | Logging sinks to create for this organization. | map(object({…})) | | {} | +| [policy_boolean](variables.tf#L151) | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | +| [policy_list](variables.tf#L157) | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| custom_role_id | Map of custom role IDs created in the organization. | | -| custom_roles | Map of custom roles resources created in the organization. | | -| firewall_policies | Map of firewall policy resources created in the organization. | | -| firewall_policy_id | Map of firewall policy ids created in the organization. | | -| organization_id | Organization id dependent on module resources. | | -| sink_writer_identities | Writer identities created for each sink. | | +| [custom_role_id](outputs.tf#L18) | Map of custom role IDs created in the organization. | | +| [custom_roles](outputs.tf#L31) | Map of custom roles resources created in the organization. | | +| [firewall_policies](outputs.tf#L36) | Map of firewall policy resources created in the organization. | | +| [firewall_policy_id](outputs.tf#L41) | Map of firewall policy ids created in the organization. | | +| [organization_id](outputs.tf#L46) | Organization id dependent on module resources. | | +| [sink_writer_identities](outputs.tf#L60) | Writer identities created for each sink. | | - diff --git a/modules/project/README.md b/modules/project/README.md index 8202d50a..0598679c 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -196,47 +196,47 @@ module "project" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Project name and id suffix. | string | ✓ | | -| auto_create_network | Whether to create the default network for the project | bool | | false | -| billing_account | Billing account id. | string | | null | -| contacts | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | map(list(string)) | | {} | -| custom_roles | Map of role name => list of permissions to create in this project. | map(list(string)) | | {} | -| descriptive_name | Name of the project name. Used for project name instead of `name` variable | string | | null | -| group_iam | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable. | map(list(string)) | | {} | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_additive | IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| iam_additive_members | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) | | {} | -| labels | Resource labels. | map(string) | | {} | -| lien_reason | If non-empty, creates a project lien with this description. | string | | "" | -| logging_exclusions | Logging exclusions for this project in the form {NAME -> FILTER}. | map(string) | | {} | -| logging_sinks | Logging sinks to create for this project. | map(object({…})) | | {} | -| metric_scopes | List of projects that will act as metric scopes for this project. | list(string) | | null | -| oslogin | Enable OS Login. | bool | | false | -| oslogin_admins | List of IAM-style identities that will be granted roles necessary for OS Login administrators. | list(string) | | [] | -| oslogin_users | List of IAM-style identities that will be granted roles necessary for OS Login users. | list(string) | | [] | -| parent | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | -| policy_boolean | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | -| policy_list | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({…})) | | {} | -| prefix | Prefix used to generate project id and name. | string | | null | -| project_create | Create project. When set to false, uses a data source to reference existing project. | bool | | true | -| service_config | Configure service API activation. | object({…}) | | {…} | -| service_encryption_key_ids | Cloud KMS encryption key in {SERVICE => [KEY_URL]} format. | map(list(string)) | | {} | -| service_perimeter_bridges | Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | list(string) | | null | -| service_perimeter_standard | Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | string | | null | -| services | Service APIs to enable. | list(string) | | [] | -| shared_vpc_host_config | Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project). | object({…}) | | {…} | -| shared_vpc_service_config | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | object({…}) | | {…} | -| skip_delete | Allows the underlying resources to be destroyed without destroying the project itself. | bool | | false | +| [name](variables.tf#L109) | Project name and id suffix. | string | ✓ | | +| [auto_create_network](variables.tf#L17) | Whether to create the default network for the project | bool | | false | +| [billing_account](variables.tf#L23) | Billing account id. | string | | null | +| [contacts](variables.tf#L29) | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | map(list(string)) | | {} | +| [custom_roles](variables.tf#L35) | Map of role name => list of permissions to create in this project. | map(list(string)) | | {} | +| [descriptive_name](variables.tf#L41) | Name of the project name. Used for project name instead of `name` variable | string | | null | +| [group_iam](variables.tf#L47) | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the `iam` variable. | map(list(string)) | | {} | +| [iam](variables.tf#L53) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_additive](variables.tf#L59) | IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_additive_members](variables.tf#L65) | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) | | {} | +| [labels](variables.tf#L71) | Resource labels. | map(string) | | {} | +| [lien_reason](variables.tf#L77) | If non-empty, creates a project lien with this description. | string | | "" | +| [logging_exclusions](variables.tf#L83) | Logging exclusions for this project in the form {NAME -> FILTER}. | map(string) | | {} | +| [logging_sinks](variables.tf#L89) | Logging sinks to create for this project. | map(object({…})) | | {} | +| [metric_scopes](variables.tf#L103) | List of projects that will act as metric scopes for this project. | list(string) | | null | +| [oslogin](variables.tf#L114) | Enable OS Login. | bool | | false | +| [oslogin_admins](variables.tf#L120) | List of IAM-style identities that will be granted roles necessary for OS Login administrators. | list(string) | | [] | +| [oslogin_users](variables.tf#L126) | List of IAM-style identities that will be granted roles necessary for OS Login users. | list(string) | | [] | +| [parent](variables.tf#L132) | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | +| [policy_boolean](variables.tf#L142) | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | +| [policy_list](variables.tf#L148) | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({…})) | | {} | +| [prefix](variables.tf#L159) | Prefix used to generate project id and name. | string | | null | +| [project_create](variables.tf#L165) | Create project. When set to false, uses a data source to reference existing project. | bool | | true | +| [service_config](variables.tf#L171) | Configure service API activation. | object({…}) | | {…} | +| [service_encryption_key_ids](variables.tf#L183) | Cloud KMS encryption key in {SERVICE => [KEY_URL]} format. | map(list(string)) | | {} | +| [service_perimeter_bridges](variables.tf#L189) | Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | list(string) | | null | +| [service_perimeter_standard](variables.tf#L195) | Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | string | | null | +| [services](variables.tf#L201) | Service APIs to enable. | list(string) | | [] | +| [shared_vpc_host_config](variables.tf#L207) | Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project). | object({…}) | | {…} | +| [shared_vpc_service_config](variables.tf#L219) | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | object({…}) | | {…} | +| [skip_delete](variables.tf#L231) | Allows the underlying resources to be destroyed without destroying the project itself. | bool | | false | ## Outputs | name | description | sensitive | |---|---|:---:| -| custom_roles | Ids of the created custom roles. | | -| name | Project name. | | -| number | Project number. | | -| project_id | Project id. | | -| service_accounts | Product robot service accounts in project. | | -| sink_writer_identities | Writer identities created for each sink. | | +| [custom_roles](outputs.tf#L17) | Ids of the created custom roles. | | +| [name](outputs.tf#L25) | Project name. | | +| [number](outputs.tf#L37) | Project number. | | +| [project_id](outputs.tf#L49) | Project id. | | +| [service_accounts](outputs.tf#L63) | Product robot service accounts in project. | | +| [sink_writer_identities](outputs.tf#L79) | Writer identities created for each sink. | | diff --git a/modules/pubsub/README.md b/modules/pubsub/README.md index d47a5c95..f4fed76d 100644 --- a/modules/pubsub/README.md +++ b/modules/pubsub/README.md @@ -87,34 +87,31 @@ module "pubsub" { } # tftest:modules=1:resources=3 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | PubSub topic name. | string | ✓ | | -| project_id | Project used for resources. | string | ✓ | | -| dead_letter_configs | Per-subscription dead letter policy configuration. | map(object({…})) | | {} | -| defaults | Subscription defaults for options. | object({…}) | | {…} | -| iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| kms_key | KMS customer managed encryption key. | string | | null | -| labels | Labels. | map(string) | | {} | -| push_configs | Push subscription configurations. | map(object({…})) | | {} | -| regions | List of regions used to set persistence policy. | list(string) | | [] | -| subscription_iam | IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | -| subscriptions | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | map(object({…})) | | {} | +| [name](variables.tf#L60) | PubSub topic name. | string | ✓ | | +| [project_id](variables.tf#L65) | Project used for resources. | string | ✓ | | +| [dead_letter_configs](variables.tf#L17) | Per-subscription dead letter policy configuration. | map(object({…})) | | {} | +| [defaults](variables.tf#L26) | Subscription defaults for options. | object({…}) | | {…} | +| [iam](variables.tf#L42) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [kms_key](variables.tf#L48) | KMS customer managed encryption key. | string | | null | +| [labels](variables.tf#L54) | Labels. | map(string) | | {} | +| [push_configs](variables.tf#L70) | Push subscription configurations. | map(object({…})) | | {} | +| [regions](variables.tf#L83) | List of regions used to set persistence policy. | list(string) | | [] | +| [subscription_iam](variables.tf#L89) | IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | +| [subscriptions](variables.tf#L95) | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | Topic id. | | -| subscription_id | Subscription ids. | | -| subscriptions | Subscription resources. | | -| topic | Topic resource. | | +| [id](outputs.tf#L17) | Topic id. | | +| [subscription_id](outputs.tf#L25) | Subscription ids. | | +| [subscriptions](outputs.tf#L35) | Subscription resources. | | +| [topic](outputs.tf#L43) | Topic resource. | | - diff --git a/modules/secret-manager/README.md b/modules/secret-manager/README.md index 059eeb89..4f5c7d14 100644 --- a/modules/secret-manager/README.md +++ b/modules/secret-manager/README.md @@ -72,32 +72,28 @@ module "secret-manager" { } # tftest:modules=1:resources=5 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| project_id | Project id where the keyring will be created. | string | ✓ | | -| iam | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | -| labels | Optional labels for each secret. | map(map(string)) | | {} | -| secrets | Map of secrets to manage and their locations. If locations is null, automatic management will be set. | map(list(string)) | | {} | -| versions | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | map(map(object({…}))) | | {} | +| [project_id](variables.tf#L29) | Project id where the keyring will be created. | string | ✓ | | +| [iam](variables.tf#L17) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | +| [labels](variables.tf#L23) | Optional labels for each secret. | map(map(string)) | | {} | +| [secrets](variables.tf#L34) | Map of secrets to manage and their locations. If locations is null, automatic management will be set. | map(list(string)) | | {} | +| [versions](variables.tf#L40) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | map(map(object({…}))) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| ids | Secret ids keyed by secret_ids (names). | | -| secrets | Secret resources. | | -| version_ids | Version ids keyed by secret name : version name. | | -| versions | Secret versions. | | +| [ids](outputs.tf#L17) | Secret ids keyed by secret_ids (names). | | +| [secrets](outputs.tf#L24) | Secret resources. | | +| [version_ids](outputs.tf#L29) | Version ids keyed by secret name : version name. | | +| [versions](outputs.tf#L36) | Secret versions. | | - - ## Requirements These sections describe requirements for using this module. diff --git a/modules/service-directory/README.md b/modules/service-directory/README.md index 3d6bc6b4..9e91bfa5 100644 --- a/modules/service-directory/README.md +++ b/modules/service-directory/README.md @@ -87,34 +87,31 @@ module "dns-sd" { } # tftest:modules=2:resources=5 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| location | Namespace location. | string | ✓ | | -| name | Namespace name. | string | ✓ | | -| project_id | Project used for resources. | string | ✓ | | -| endpoint_config | Map of endpoint attributes, keys are in service/endpoint format. | map(object({…})) | | {} | -| iam | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| labels | Labels. | map(string) | | {} | -| service_iam | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | -| services | Service configuration, using service names as keys. | map(object({…})) | | {} | +| [location](variables.tf#L40) | Namespace location. | string | ✓ | | +| [name](variables.tf#L45) | Namespace name. | string | ✓ | | +| [project_id](variables.tf#L50) | Project used for resources. | string | ✓ | | +| [endpoint_config](variables.tf#L18) | Map of endpoint attributes, keys are in service/endpoint format. | map(object({…})) | | {} | +| [iam](variables.tf#L28) | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [labels](variables.tf#L34) | Labels. | map(string) | | {} | +| [service_iam](variables.tf#L55) | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | +| [services](variables.tf#L61) | Service configuration, using service names as keys. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| endpoints | Endpoint resources. | | -| id | Namespace id (short name). | | -| name | Namespace name (long name). | | -| namespace | Namespace resource. | | -| service_id | Service ids (short names). | | -| service_names | Service ids (long names). | | -| services | Service resources. | | +| [endpoints](outputs.tf#L17) | Endpoint resources. | | +| [id](outputs.tf#L22) | Namespace id (short name). | | +| [name](outputs.tf#L27) | Namespace name (long name). | | +| [namespace](outputs.tf#L32) | Namespace resource. | | +| [service_id](outputs.tf#L40) | Service ids (short names). | | +| [service_names](outputs.tf#L50) | Service ids (long names). | | +| [services](outputs.tf#L60) | Service resources. | | - diff --git a/modules/source-repository/README.md b/modules/source-repository/README.md index cf0a7e04..a44ebd07 100644 --- a/modules/source-repository/README.md +++ b/modules/source-repository/README.md @@ -18,24 +18,21 @@ module "repo" { } # tftest:modules=1:resources=2 ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| name | Repository name. | string | ✓ | | -| project_id | Project used for resources. | string | ✓ | | -| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [name](variables.tf#L23) | Repository name. | string | ✓ | | +| [project_id](variables.tf#L28) | Project used for resources. | string | ✓ | | +| [iam](variables.tf#L17) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| id | Repository id. | | -| url | Repository URL. | | +| [id](outputs.tf#L17) | Repository id. | | +| [url](outputs.tf#L22) | Repository URL. | | - diff --git a/modules/vpc-sc/README.md b/modules/vpc-sc/README.md index 5ac88aef..cc2e517b 100644 --- a/modules/vpc-sc/README.md +++ b/modules/vpc-sc/README.md @@ -145,33 +145,27 @@ module "test" { ## TODO - [ ] implement support for the `google_access_context_manager_gcp_user_access_binding` resource - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| access_policy | Access Policy name, leave null to use auto-created one. | string | ✓ | | -| access_levels | Map of access levels in name => [conditions] format. | map(object({…})) | | {} | -| access_policy_create | Access Policy configuration, fill in to create. Parent is in 'organizations/123456' format. | object({…}) | | null | -| service_perimeters_bridge | Bridge service perimeters. | map(object({…})) | | {} | -| service_perimeters_regular | Regular service perimeters. | map(object({…})) | | {} | +| [access_policy](variables.tf#L55) | Access Policy name, leave null to use auto-created one. | string | ✓ | | +| [access_levels](variables.tf#L17) | Map of access levels in name => [conditions] format. | map(object({…})) | | {} | +| [access_policy_create](variables.tf#L60) | Access Policy configuration, fill in to create. Parent is in 'organizations/123456' format. | object({…}) | | null | +| [service_perimeters_bridge](variables.tf#L69) | Bridge service perimeters. | map(object({…})) | | {} | +| [service_perimeters_regular](variables.tf#L79) | Regular service perimeters. | map(object({…})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| -| access_level_names | Access level resources. | | -| access_levels | Access level resources. | | -| access_policy | Access policy resource, if autocreated. | | -| access_policy_name | Access policy name. | | -| service_perimeters_bridge | Bridge service perimeter resources. | | -| service_perimeters_regular | Regular service perimeter resources. | | +| [access_level_names](outputs.tf#L17) | Access level resources. | | +| [access_levels](outputs.tf#L25) | Access level resources. | | +| [access_policy](outputs.tf#L30) | Access policy resource, if autocreated. | | +| [access_policy_name](outputs.tf#L35) | Access policy name. | | +| [service_perimeters_bridge](outputs.tf#L40) | Bridge service perimeter resources. | | +| [service_perimeters_regular](outputs.tf#L45) | Regular service perimeter resources. | | - - - - diff --git a/tools/tfdoc.py b/tools/tfdoc.py index 7cb6cf80..2f60438d 100755 --- a/tools/tfdoc.py +++ b/tools/tfdoc.py @@ -110,9 +110,9 @@ VAR_TEMPLATE = ('default', 'description', 'type') File = collections.namedtuple('File', 'name description modules resources') Output = collections.namedtuple('Output', - 'name description sensitive consumers') + 'name description sensitive consumers line') Variable = collections.namedtuple( - 'Variable', 'name description type default required source') + 'Variable', 'name description type default required source line') # parsing functions @@ -131,7 +131,11 @@ def _parse(body, enum=VAR_ENUM, re=VAR_RE, template=VAR_TEMPLATE): data = m.group(m.lastindex) # print(token, m.groups()) if token == enum.OPEN: - item = {'name': data, 'tags': {}} + match = m.group(0) + leading_lines = len(match) - len(match.lstrip("\n")) + start = m.span()[0] + line = body[:start].count('\n') + leading_lines + 1 + item = {'name': data, 'tags': {}, 'line': line} item.update({k: [] for k in template}) context = None elif token == enum.CLOSE: @@ -187,7 +191,8 @@ def parse_outputs(basepath): for item in _parse(body, enum=OUT_ENUM, re=OUT_RE, template=OUT_TEMPLATE): yield Output(name=item['name'], description=''.join(item['description']), sensitive=item['sensitive'] != [], - consumers=item['tags'].get('output:consumers', '')) + consumers=item['tags'].get('output:consumers', ''), + line=item['line']) def parse_variables(basepath): @@ -207,7 +212,8 @@ def parse_variables(basepath): yield Variable(name=item['name'], description=''.join(item['description']), type=vtype, default=default, required=required, - source=item['tags'].get('variable:source', '')) + source=item['tags'].get('variable:source', ''), + line=item['line']) # formatting functions @@ -280,7 +286,7 @@ def format_outputs(items, show_extra=True): consumers = '%s' % ' · '.join( consumers.split()) sensitive = '✓' if i.sensitive else '' - format = f'| {i.name} | {i.description or ""} | {sensitive} |' + format = f'| [{i.name}](outputs.tf#L{i.line}) | {i.description or ""} | {sensitive} |' format += f' {consumers} |' if show_extra else '' yield format @@ -316,7 +322,7 @@ def format_variables(items, show_extra=True): value = f'{value[0]}…{value[-1].strip()}' vars[k] = f'{_escape(value)}' format = ( - f'| {i.name} | {i.description or ""} | {vars["type"]} ' + f'| [{i.name}](variables.tf#L{i.line}) | {i.description or ""} | {vars["type"]} ' f'| {vars["required"]} | {vars["default"]} |' ) format += f' {vars["source"]} |' if show_extra else ''