diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 00000000..152ce09e
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,23 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+'on:blueprints':
+ - blueprints/**/*
+'on:FAST':
+ - fast/**/*
+'on:modules':
+ - modules/**/*
+'on:tools':
+ - tools/**/*
+ - .github/**/*
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
new file mode 100644
index 00000000..c68c4dd3
--- /dev/null
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,30 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "Label Pull Requests"
+
+on:
+ pull_request_target:
+
+jobs:
+ triage:
+ permissions:
+ contents: read
+ pull-requests: write
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/labeler@v4
+ with:
+ repo-token: "${{ secrets.GITHUB_TOKEN }}"
+ sync-labels: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9bd6e061..d69193e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file.
### BLUEPRINTS
+- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio))
+- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese))
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese))
- [[#984](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/984)] **incompatible change:** Apigee module and blueprint ([apichick](https://github.com/apichick))
- [[#980](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/980)] Have Squid log to /dev/stdout to stream logs to Cloud Logging ([kunzese](https://github.com/kunzese))
@@ -59,6 +61,10 @@ All notable changes to this project will be documented in this file.
### DOCUMENTATION
+- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio))
+- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht))
+- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka))
+- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese))
- [[#987](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/987)] Add tests to factory examples ([juliocc](https://github.com/juliocc))
- [[#972](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/972)] Add note about TF_PLUGIN_CACHE_DIR ([wiktorn](https://github.com/wiktorn))
- [[#961](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/961)] Remove extra file from root ([ludoo](https://github.com/ludoo))
@@ -72,6 +78,7 @@ All notable changes to this project will be documented in this file.
### FAST
+- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka))
- [[#976](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/976)] FAST: fixes to GitHub workflow and 02/net outputs ([ludoo](https://github.com/ludoo))
- [[#966](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/966)] FAST: improve GitHub workflow, stage 01 output fixes ([ludoo](https://github.com/ludoo))
- [[#963](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/963)] **incompatible change:** Refactor vps-sc module for Terraform 1.3 ([ludoo](https://github.com/ludoo))
@@ -104,6 +111,11 @@ All notable changes to this project will be documented in this file.
### MODULES
+- [[#1016](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1016)] Fix memory/cpu typo in gke cluster module ([joeheaton](https://github.com/joeheaton))
+- [[#1012](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1012)] Fix tag outputs in organization module ([ludoo](https://github.com/ludoo))
+- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht))
+- [[#999](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/999)] Default nodepool creation fix ([astianseb](https://github.com/astianseb))
+- [[#1005](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1005)] Only set partitioned table when sink type is bigquery ([juliocc](https://github.com/juliocc))
- [[#997](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/997)] Add BigQuery subcriptions to Pubsub module. ([iht](https://github.com/iht))
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese))
- [[#994](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/994)] Add schemas to Pubsub topic module. ([iht](https://github.com/iht))
@@ -174,6 +186,10 @@ All notable changes to this project will be documented in this file.
### TOOLS
+- [[#1013](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1013)] Update labeler.yml ([ludoo](https://github.com/ludoo))
+- [[#1010](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1010)] Enforce nonempty descriptions ending in a dot ([juliocc](https://github.com/juliocc))
+- [[#1004](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1004)] Use `actions/labeler` to automatically label pull requests ([kunzese](https://github.com/kunzese))
+- [[#998](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/998)] Add missing `write_package` permission ([kunzese](https://github.com/kunzese))
- [[#996](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/996)] Fix `repository name must be lowercase` on docker build ([kunzese](https://github.com/kunzese))
- [[#993](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/993)] Fix variable and output sort check ([juliocc](https://github.com/juliocc))
- [[#950](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/950)] Add a pytest fixture to convert tfvars to yaml ([ludoo](https://github.com/ludoo))
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6ea1bb85..d82b1ac7 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -209,7 +209,7 @@ module "project" {
]
}
iam = {
- "roles/editor" = [
+ "roles/editor" = [
"serviceAccount:${module.project.service_accounts.cloud_services}"
]
}
@@ -236,7 +236,7 @@ module "project" {
source = "./modules/project"
name = "project-example"
iam = {
- "roles/editor" = [
+ "roles/editor" = [
"serviceAccount:${module.project.service_accounts.cloud_services}"
]
}
@@ -543,7 +543,7 @@ locals {
#### The `prefix` variable
-If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all code:
+If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all modules:
```hcl
# variables.tf
variable "prefix" {
@@ -551,8 +551,8 @@ variable "prefix" {
type = string
default = null
validation {
- condition = var.prefix != ""
- error_message = "Prefix can not be empty, please use null instead."
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty, please use null instead."
}
}
@@ -562,6 +562,18 @@ locals {
}
```
+For blueprints the prefix is mandatory:
+```hcl
+variable "prefix" {
+ description = "Prefix used for resource names."
+ type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
+}
+```
+
### Interacting with checks, tests and tools
Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers.
diff --git a/blueprints/cloud-operations/adfs/README.md b/blueprints/cloud-operations/adfs/README.md
index 893dc155..36b772f8 100644
--- a/blueprints/cloud-operations/adfs/README.md
+++ b/blueprints/cloud-operations/adfs/README.md
@@ -54,18 +54,18 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|---|---|:---:|:---:|:---:|
| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | string
| ✓ | |
| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | string
| ✓ | |
-| [project_id](variables.tf#L79) | Host project ID. | string
| ✓ | |
+| [prefix](variables.tf#L64) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L82) | Host project ID. | string
| ✓ | |
| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | string
| | "10.0.0.0/24"
|
| [disk_size](variables.tf#L31) | Disk size. | number
| | 50
|
| [disk_type](variables.tf#L37) | Disk type. | string
| | "pd-ssd"
|
| [image](variables.tf#L43) | Image. | string
| | "projects/windows-cloud/global/images/family/windows-2022"
|
| [instance_type](variables.tf#L49) | Instance type. | string
| | "n1-standard-2"
|
-| [network_config](variables.tf#L55) | Network configuration | object({…})
| | null
|
-| [prefix](variables.tf#L64) | Prefix for the resources created. | string
| | null
|
-| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…})
| | null
|
-| [region](variables.tf#L84) | Region. | string
| | "europe-west1"
|
-| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | string
| | "10.0.1.0/28"
|
-| [zone](variables.tf#L96) | Zone. | string
| | "europe-west1-c"
|
+| [network_config](variables.tf#L55) | Network configuration. | object({…})
| | null
|
+| [project_create](variables.tf#L73) | Parameters for the creation of the new project. | object({…})
| | null
|
+| [region](variables.tf#L87) | Region. | string
| | "europe-west1"
|
+| [subnet_ip_cidr_block](variables.tf#L93) | Subnet IP CIDR block. | string
| | "10.0.1.0/28"
|
+| [zone](variables.tf#L99) | Zone. | string
| | "europe-west1-c"
|
## Outputs
diff --git a/blueprints/cloud-operations/adfs/main.tf b/blueprints/cloud-operations/adfs/main.tf
index beb06fbd..bcfc753d 100644
--- a/blueprints/cloud-operations/adfs/main.tf
+++ b/blueprints/cloud-operations/adfs/main.tf
@@ -12,10 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-locals {
- prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
-}
-
module "project" {
source = "../../../modules/project"
billing_account = (
@@ -41,7 +37,7 @@ module "vpc" {
count = var.network_config == null ? 1 : 0
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}vpc"
+ name = "${var.prefix}-vpc"
subnets = [
{
ip_cidr_range = var.subnet_ip_cidr_block
@@ -98,7 +94,7 @@ module "server" {
module "glb" {
source = "../../../modules/net-glb"
- name = "${local.prefix}glb"
+ name = "${var.prefix}-glb"
project_id = module.project.project_id
https = true
diff --git a/blueprints/cloud-operations/adfs/variables.tf b/blueprints/cloud-operations/adfs/variables.tf
index 4ac2fdc1..66c1276d 100644
--- a/blueprints/cloud-operations/adfs/variables.tf
+++ b/blueprints/cloud-operations/adfs/variables.tf
@@ -53,7 +53,7 @@ variable "instance_type" {
}
variable "network_config" {
- description = "Network configuration"
+ description = "Network configuration."
type = object({
network = string
subnet = string
@@ -62,9 +62,12 @@ variable "network_config" {
}
variable "prefix" {
- description = "Prefix for the resources created."
+ description = "Prefix used for resource names."
type = string
- default = null
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/cloud-operations/apigee/README.md b/blueprints/cloud-operations/apigee/README.md
index 65bcea51..922f038e 100644
--- a/blueprints/cloud-operations/apigee/README.md
+++ b/blueprints/cloud-operations/apigee/README.md
@@ -63,7 +63,7 @@ Do the following to verify that everything works as expected.
| [instances](variables.tf#L46) | Instance. | map(object({…}))
| ✓ | |
| [project_id](variables.tf#L92) | Project ID. | string
| ✓ | |
| [psc_config](variables.tf#L98) | PSC configuration. | map(string)
| ✓ | |
-| [datastore_name](variables.tf#L17) | Datastore | string
| | "gcs"
|
+| [datastore_name](variables.tf#L17) | Datastore. | string
| | "gcs"
|
| [organization](variables.tf#L60) | Apigee organization. | object({…})
| | {…}
|
| [path](variables.tf#L76) | Bucket path. | string
| | "/analytics"
|
| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | object({…})
| | null
|
diff --git a/blueprints/cloud-operations/apigee/variables.tf b/blueprints/cloud-operations/apigee/variables.tf
index 61c93391..1c86621b 100644
--- a/blueprints/cloud-operations/apigee/variables.tf
+++ b/blueprints/cloud-operations/apigee/variables.tf
@@ -15,7 +15,7 @@
*/
variable "datastore_name" {
- description = "Datastore"
+ description = "Datastore."
type = string
nullable = false
default = "gcs"
diff --git a/blueprints/cloud-operations/dns-shared-vpc/README.md b/blueprints/cloud-operations/dns-shared-vpc/README.md
index d2923e65..9dc4c2ea 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/README.md
+++ b/blueprints/cloud-operations/dns-shared-vpc/README.md
@@ -26,11 +26,11 @@ Note that Terraform 0.13 at least is required due to the use of `for_each` with
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | string
| ✓ | |
| [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | string
| ✓ | |
-| [shared_vpc_link](variables.tf#L48) | Shared VPC self link, used for DNS peering. | string
| ✓ | |
+| [prefix](variables.tf#L33) | Prefix used for resource names. | string
| ✓ | |
+| [shared_vpc_link](variables.tf#L51) | Shared VPC self link, used for DNS peering. | string
| ✓ | |
| [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | string
| | "example.org"
|
-| [prefix](variables.tf#L33) | Customer name to use as prefix for resources' naming. | string
| | "test-dns"
|
-| [project_services](variables.tf#L39) | Service APIs enabled by default. | list(string)
| | […]
|
-| [teams](variables.tf#L53) | List of application teams requiring their own Cloud DNS instance. | list(string)
| | […]
|
+| [project_services](variables.tf#L42) | Service APIs enabled by default. | list(string)
| | […]
|
+| [teams](variables.tf#L56) | List of application teams requiring their own Cloud DNS instance. | list(string)
| | […]
|
## Outputs
diff --git a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf
index 7c0f7ed9..90220e3d 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf
+++ b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf
@@ -50,8 +50,12 @@ variable "billing_account" {
}
variable "prefix" {
- description = "Customer name to use as prefix for resources' naming."
- default = "test-dns"
+ description = "Prefix used for resource names."
+ type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "dns_domain" {
diff --git a/blueprints/cloud-operations/dns-shared-vpc/variables.tf b/blueprints/cloud-operations/dns-shared-vpc/variables.tf
index f74acfde..63a0ab94 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/variables.tf
+++ b/blueprints/cloud-operations/dns-shared-vpc/variables.tf
@@ -31,9 +31,12 @@ variable "folder_id" {
}
variable "prefix" {
- description = "Customer name to use as prefix for resources' naming."
+ description = "Prefix used for resource names."
type = string
- default = "test-dns"
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_services" {
diff --git a/blueprints/cloud-operations/network-dashboard/README.md b/blueprints/cloud-operations/network-dashboard/README.md
index cc0557c1..768e0f12 100644
--- a/blueprints/cloud-operations/network-dashboard/README.md
+++ b/blueprints/cloud-operations/network-dashboard/README.md
@@ -89,15 +89,15 @@ If you are interested in this and/or would like to contribute, please contact le
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with |
| ✓ | |
-| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled) | list(string)
| ✓ | |
-| [organization_id](variables.tf#L46) | The organization id for the associated services |
| ✓ | |
-| [prefix](variables.tf#L50) | Customer name to use as prefix for monitoring project |
| ✓ | |
+| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with. |
| ✓ | |
+| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled). | list(string)
| ✓ | |
+| [organization_id](variables.tf#L46) | The organization id for the associated services. |
| ✓ | |
+| [prefix](variables.tf#L50) | Prefix used for resource names. | string
| ✓ | |
| [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. |
| | V1
|
-| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled) | list(string)
| | []
|
-| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string |
| | |
-| [project_monitoring_services](variables.tf#L54) | Service APIs enabled in the monitoring project if it will be created. |
| | […]
|
-| [region](variables.tf#L76) | Region used to deploy the cloud functions and scheduler |
| | europe-west1
|
-| [schedule_cron](variables.tf#L81) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. |
| | */10 * * * *
|
+| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled). | list(string)
| | []
|
+| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string. |
| | |
+| [project_monitoring_services](variables.tf#L59) | Service APIs enabled in the monitoring project if it will be created. |
| | […]
|
+| [region](variables.tf#L81) | Region used to deploy the cloud functions and scheduler. |
| | europe-west1
|
+| [schedule_cron](variables.tf#L86) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. |
| | */10 * * * *
|
diff --git a/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py b/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py
index 8987b4cb..edd4a50b 100644
--- a/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py
+++ b/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py
@@ -187,7 +187,7 @@ def count_effective_limit(config, project_id, network_dict, usage_metric_name,
for peered_network in network_dict['peerings']:
if 'usage' not in peered_network:
print(
- f"Can not add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions"
+ f"Cannot add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions"
)
continue
peering_group_usage += peered_network['usage']
diff --git a/blueprints/cloud-operations/network-dashboard/tests/variables.tf b/blueprints/cloud-operations/network-dashboard/tests/variables.tf
index a895d284..dd01b29f 100644
--- a/blueprints/cloud-operations/network-dashboard/tests/variables.tf
+++ b/blueprints/cloud-operations/network-dashboard/tests/variables.tf
@@ -23,7 +23,12 @@ variable "billing_account" {
}
variable "prefix" {
- description = "Customer name to use as prefix for resources' naming"
+ description = "Prefix used for resource names."
+ type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_vm_services" {
diff --git a/blueprints/cloud-operations/network-dashboard/variables.tf b/blueprints/cloud-operations/network-dashboard/variables.tf
index de32ab1e..2744eed6 100644
--- a/blueprints/cloud-operations/network-dashboard/variables.tf
+++ b/blueprints/cloud-operations/network-dashboard/variables.tf
@@ -15,7 +15,7 @@
*/
variable "billing_account" {
- description = "The ID of the billing account to associate this project with"
+ description = "The ID of the billing account to associate this project with."
}
variable "cf_version" {
@@ -29,26 +29,31 @@ variable "cf_version" {
variable "monitored_folders_list" {
type = list(string)
- description = "ID of the projects to be monitored (where limits and quotas data will be pulled)"
+ description = "ID of the projects to be monitored (where limits and quotas data will be pulled)."
default = []
}
variable "monitored_projects_list" {
type = list(string)
- description = "ID of the projects to be monitored (where limits and quotas data will be pulled)"
+ description = "ID of the projects to be monitored (where limits and quotas data will be pulled)."
}
variable "monitoring_project_id" {
- description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string"
+ description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string."
default = ""
}
variable "organization_id" {
- description = "The organization id for the associated services"
+ description = "The organization id for the associated services."
}
variable "prefix" {
- description = "Customer name to use as prefix for monitoring project"
+ description = "Prefix used for resource names."
+ type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_monitoring_services" {
@@ -74,7 +79,7 @@ variable "project_monitoring_services" {
]
}
variable "region" {
- description = "Region used to deploy the cloud functions and scheduler"
+ description = "Region used to deploy the cloud functions and scheduler."
default = "europe-west1"
}
diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md
index dcad294b..240d6d02 100644
--- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md
+++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md
@@ -35,6 +35,6 @@ provider "google-beta" {
| name | description | sensitive |
|---|---|:---:|
-| [credentials](outputs.tf#L17) | | |
+| [credentials](outputs.tf#L17) | Credentials in format to pass the to gcp provider. | |
diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf
index fbcea8c2..a4d54c54 100644
--- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf
+++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf
@@ -15,6 +15,7 @@
*/
output "credentials" {
+ description = "Credentials in format to pass the to gcp provider."
value = jsonencode({
"type" : "external_account",
"audience" : "${local.audience}",
diff --git a/blueprints/cloud-operations/vm-migration/esxi/README.md b/blueprints/cloud-operations/vm-migration/esxi/README.md
index 575b0adf..f3b4ebed 100644
--- a/blueprints/cloud-operations/vm-migration/esxi/README.md
+++ b/blueprints/cloud-operations/vm-migration/esxi/README.md
@@ -22,11 +22,11 @@ This sample creates several distinct groups of resources:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login | string
| ✓ | |
+| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login. | string
| ✓ | |
| [vcenter_password](variables.tf#L48) | VCenter user password. | string
| ✓ | |
-| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters | object({…})
| ✓ | |
-| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters | object({…})
| | {…}
|
-| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image | string
| | "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
|
+| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters. | object({…})
| ✓ | |
+| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters. | object({…})
| | {…}
|
+| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image. | string
| | "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
|
## Manual Steps
diff --git a/blueprints/cloud-operations/vm-migration/esxi/variables.tf b/blueprints/cloud-operations/vm-migration/esxi/variables.tf
index ba886d43..34d2157b 100644
--- a/blueprints/cloud-operations/vm-migration/esxi/variables.tf
+++ b/blueprints/cloud-operations/vm-migration/esxi/variables.tf
@@ -13,7 +13,7 @@
# limitations under the License.
variable "m4ce_appliance_properties" {
- description = "M4CE connector OVA image configuration parameters"
+ description = "M4CE connector OVA image configuration parameters."
type = object({
hostname = string
ip0 = string
@@ -35,13 +35,13 @@ variable "m4ce_appliance_properties" {
}
variable "m4ce_connector_ovf_url" {
- description = "http URL to the public M4CE connector OVA image"
+ description = "http URL to the public M4CE connector OVA image."
type = string
default = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
}
variable "m4ce_ssh_public_key" {
- description = "Filesystem path to the public key for the SSH login"
+ description = "Filesystem path to the public key for the SSH login."
type = string
}
@@ -51,7 +51,7 @@ variable "vcenter_password" {
}
variable "vsphere_environment" {
- description = "VMVware VSphere connection parameters"
+ description = "VMVware VSphere connection parameters."
type = object({
vcenter_ip = string
vcenter_user = string
diff --git a/blueprints/cloud-operations/vm-migration/host-target-projects/README.md b/blueprints/cloud-operations/vm-migration/host-target-projects/README.md
index 241cf03a..c1d24182 100644
--- a/blueprints/cloud-operations/vm-migration/host-target-projects/README.md
+++ b/blueprints/cloud-operations/vm-migration/host-target-projects/README.md
@@ -25,16 +25,16 @@ This sample creates\updates several distinct groups of resources:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | list(string)
| ✓ | |
-| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | list(string)
| ✓ | |
-| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | list(string)
| | []
|
-| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend | object({…})
| | null
|
-| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project | string
| | "m4ce-host-project-000"
|
+| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string)
| ✓ | |
+| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | list(string)
| ✓ | |
+| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string)
| | []
|
+| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend. | object({…})
| | null
|
+| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project. | string
| | "m4ce-host-project-000"
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
-| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects | |
+| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects. | |
diff --git a/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf b/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf
index ef78d4c7..2db8f1ae 100644
--- a/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf
+++ b/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf
@@ -13,6 +13,6 @@
# limitations under the License.
output "m4ce_gmanaged_service_account" {
- description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects"
+ description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects."
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
}
diff --git a/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf b/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf
index f6e3345f..c210fa31 100644
--- a/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf
+++ b/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf
@@ -13,23 +13,23 @@
# limitations under the License.
variable "migration_admin_users" {
- description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
+ description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
type = list(string)
}
variable "migration_target_projects" {
- description = "List of target projects for m4ce workload migrations"
+ description = "List of target projects for m4ce workload migrations."
type = list(string)
}
variable "migration_viewer_users" {
- description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
+ description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
type = list(string)
default = []
}
variable "project_create" {
- description = "Parameters for the creation of the new project to host the M4CE backend"
+ description = "Parameters for the creation of the new project to host the M4CE backend."
type = object({
billing_account_id = string
parent = string
@@ -38,7 +38,7 @@ variable "project_create" {
}
variable "project_name" {
- description = "Name of an existing project or of the new project assigned as M4CE host project"
+ description = "Name of an existing project or of the new project assigned as M4CE host project."
type = string
default = "m4ce-host-project-000"
}
diff --git a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md
index cc401357..bb34cf8f 100644
--- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md
+++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md
@@ -26,18 +26,18 @@ This sample creates\update several distinct groups of resources:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | list(string)
| ✓ | |
-| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | list(string)
| ✓ | |
-| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects | list(string)
| ✓ | |
-| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | list(string)
| | []
|
-| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend | object({…})
| | null
|
-| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project | string
| | "m4ce-host-project-000"
|
+| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string)
| ✓ | |
+| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | list(string)
| ✓ | |
+| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects. | list(string)
| ✓ | |
+| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string)
| | []
|
+| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend. | object({…})
| | null
|
+| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project. | string
| | "m4ce-host-project-000"
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
-| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | |
+| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
## Manual Steps
diff --git a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf
index 3e6d553d..c772de5f 100644
--- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf
+++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf
@@ -13,6 +13,6 @@
# limitations under the License.
output "m4ce_gmanaged_service_account" {
- description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects"
+ description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects."
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
}
diff --git a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf
index 85f333ce..c01740dc 100644
--- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf
+++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf
@@ -13,22 +13,22 @@
# limitations under the License.
variable "migration_admin_users" {
- description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
+ description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
type = list(string)
}
variable "migration_target_projects" {
- description = "List of target projects for m4ce workload migrations"
+ description = "List of target projects for m4ce workload migrations."
type = list(string)
}
variable "migration_viewer_users" {
- description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
+ description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
type = list(string)
default = []
}
variable "project_create" {
- description = "Parameters for the creation of the new project to host the M4CE backend"
+ description = "Parameters for the creation of the new project to host the M4CE backend."
type = object({
billing_account_id = string
parent = string
@@ -37,12 +37,12 @@ variable "project_create" {
}
variable "project_name" {
- description = "Name of an existing project or of the new project assigned as M4CE host project"
+ description = "Name of an existing project or of the new project assigned as M4CE host project."
type = string
default = "m4ce-host-project-000"
}
variable "sharedvpc_host_projects" {
- description = "List of host projects that share a VPC with the selected target projects"
+ description = "List of host projects that share a VPC with the selected target projects."
type = list(string)
}
diff --git a/blueprints/cloud-operations/vm-migration/single-project/README.md b/blueprints/cloud-operations/vm-migration/single-project/README.md
index 85f3164a..20afd4a9 100644
--- a/blueprints/cloud-operations/vm-migration/single-project/README.md
+++ b/blueprints/cloud-operations/vm-migration/single-project/README.md
@@ -26,16 +26,16 @@ This sample creates several distinct groups of resources:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | list(string)
| ✓ | |
-| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | list(string)
| | []
|
-| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend | object({…})
| | null
|
-| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project | string
| | "m4ce-host-project-000"
|
-| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project | object({…})
| | {…}
|
+| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string)
| ✓ | |
+| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string)
| | []
|
+| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend. | object({…})
| | null
|
+| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project. | string
| | "m4ce-host-project-000"
|
+| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project. | object({…})
| | {…}
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
-| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | |
+| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
diff --git a/blueprints/cloud-operations/vm-migration/single-project/outputs.tf b/blueprints/cloud-operations/vm-migration/single-project/outputs.tf
index 347eb54f..269bb2bd 100644
--- a/blueprints/cloud-operations/vm-migration/single-project/outputs.tf
+++ b/blueprints/cloud-operations/vm-migration/single-project/outputs.tf
@@ -13,6 +13,6 @@
# limitations under the License.
output "m4ce_gmanaged_service_account" {
- description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects"
+ description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects."
value = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
}
diff --git a/blueprints/cloud-operations/vm-migration/single-project/variables.tf b/blueprints/cloud-operations/vm-migration/single-project/variables.tf
index 2d7214f4..3335254f 100644
--- a/blueprints/cloud-operations/vm-migration/single-project/variables.tf
+++ b/blueprints/cloud-operations/vm-migration/single-project/variables.tf
@@ -13,18 +13,18 @@
# limitations under the License.
variable "migration_admin_users" {
- description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
+ description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
type = list(string)
}
variable "migration_viewer_users" {
- description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
+ description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
type = list(string)
default = []
}
variable "project_create" {
- description = "Parameters for the creation of the new project to host the M4CE backend"
+ description = "Parameters for the creation of the new project to host the M4CE backend."
type = object({
billing_account_id = string
parent = string
@@ -33,13 +33,13 @@ variable "project_create" {
}
variable "project_name" {
- description = "Name of an existing project or of the new project assigned as M4CE host an target project"
+ description = "Name of an existing project or of the new project assigned as M4CE host an target project."
type = string
default = "m4ce-host-project-000"
}
variable "vpc_config" {
- description = "Parameters to create a simple VPC on the M4CE project"
+ description = "Parameters to create a simple VPC on the M4CE project."
type = object({
ip_cidr_range = string,
region = string
diff --git a/blueprints/data-solutions/cloudsql-multiregion/README.md b/blueprints/data-solutions/cloudsql-multiregion/README.md
index 1fc06008..d6420d6c 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/README.md
+++ b/blueprints/data-solutions/cloudsql-multiregion/README.md
@@ -143,15 +143,15 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [postgres_user_password](variables.tf#L40) | `postgres` user password. | string
| ✓ | |
-| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string
| ✓ | |
-| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
+| [prefix](variables.tf#L45) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L63) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string)
| | []
|
| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…})
| | null
|
| [postgres_database](variables.tf#L34) | `postgres` database. | string
| | "guestbook"
|
-| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
-| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | map(string)
| | {…}
|
-| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string)
| | null
|
-| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | object({…})
| | {…}
|
+| [project_create](variables.tf#L54) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
+| [regions](variables.tf#L68) | Map of instance_name => location where instances will be deployed. | map(string)
| | {…}
|
+| [service_encryption_keys](variables.tf#L81) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string)
| | null
|
+| [sql_configuration](variables.tf#L87) | Cloud SQL configuration. | object({…})
| | {…}
|
## Outputs
diff --git a/blueprints/data-solutions/cloudsql-multiregion/variables.tf b/blueprints/data-solutions/cloudsql-multiregion/variables.tf
index aa91afbf..65427792 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/variables.tf
+++ b/blueprints/data-solutions/cloudsql-multiregion/variables.tf
@@ -43,8 +43,12 @@ variable "postgres_user_password" {
}
variable "prefix" {
- description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
@@ -81,7 +85,7 @@ variable "service_encryption_keys" {
}
variable "sql_configuration" {
- description = "Cloud SQL configuration"
+ description = "Cloud SQL configuration."
type = object({
availability_type = string
database_version = string
diff --git a/blueprints/data-solutions/composer-2/README.md b/blueprints/data-solutions/composer-2/README.md
index 08a8643d..bc51aaa4 100644
--- a/blueprints/data-solutions/composer-2/README.md
+++ b/blueprints/data-solutions/composer-2/README.md
@@ -96,14 +96,14 @@ service_encryption_keys = {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L78) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string
| ✓ | |
-| [project_id](variables.tf#L92) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
+| [prefix](variables.tf#L78) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L96) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
| [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | object({…})
| | {…}
|
| [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | map(list(string))
| | null
|
| [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…})
| | null
|
-| [project_create](variables.tf#L83) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
-| [region](variables.tf#L97) | Reagion where instances will be deployed. | string
| | "europe-west1"
|
-| [service_encryption_keys](variables.tf#L103) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | map(string)
| | null
|
+| [project_create](variables.tf#L87) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
+| [region](variables.tf#L101) | Reagion where instances will be deployed. | string
| | "europe-west1"
|
+| [service_encryption_keys](variables.tf#L107) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | map(string)
| | null
|
## Outputs
diff --git a/blueprints/data-solutions/composer-2/main.tf b/blueprints/data-solutions/composer-2/main.tf
index 407eb5f2..a9ee619c 100644
--- a/blueprints/data-solutions/composer-2/main.tf
+++ b/blueprints/data-solutions/composer-2/main.tf
@@ -22,7 +22,6 @@ locals {
},
var.iam_groups_map
)
-
# Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
_shared_vpc_bindings = {
"roles/compute.networkUser" = [
diff --git a/blueprints/data-solutions/composer-2/variables.tf b/blueprints/data-solutions/composer-2/variables.tf
index db7ac55a..6ff0ff46 100644
--- a/blueprints/data-solutions/composer-2/variables.tf
+++ b/blueprints/data-solutions/composer-2/variables.tf
@@ -76,8 +76,12 @@ variable "network_config" {
}
variable "prefix" {
- description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md
index 35b4c950..8da143b2 100644
--- a/blueprints/data-solutions/data-platform-foundations/README.md
+++ b/blueprints/data-solutions/data-platform-foundations/README.md
@@ -249,17 +249,17 @@ You can find examples in the `[demo](./demo)` folder.
| [billing_account_id](variables.tf#L17) | Billing account id. | string
| ✓ | |
| [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | string
| ✓ | |
| [organization_domain](variables.tf#L98) | Organization domain. | string
| ✓ | |
-| [prefix](variables.tf#L103) | Unique prefix used for resource names. | string
| ✓ | |
+| [prefix](variables.tf#L103) | Prefix used for resource names. | string
| ✓ | |
| [composer_config](variables.tf#L22) | Cloud Composer config. | object({…})
| | {…}
|
| [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string)))
| | {…}
|
| [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool
| | false
|
| [groups](variables.tf#L58) | User groups. | map(string)
| | {…}
|
| [location](variables.tf#L68) | Location used for multi-regional resources. | string
| | "eu"
|
| [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…})
| | null
|
-| [project_services](variables.tf#L108) | List of core services enabled on all projects. | list(string)
| | […]
|
-| [project_suffix](variables.tf#L119) | Suffix used only for project ids. | string
| | null
|
-| [region](variables.tf#L125) | Region used for regional resources. | string
| | "europe-west1"
|
-| [service_encryption_keys](variables.tf#L131) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…})
| | null
|
+| [project_services](variables.tf#L112) | List of core services enabled on all projects. | list(string)
| | […]
|
+| [project_suffix](variables.tf#L123) | Suffix used only for project ids. | string
| | null
|
+| [region](variables.tf#L129) | Region used for regional resources. | string
| | "europe-west1"
|
+| [service_encryption_keys](variables.tf#L135) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…})
| | null
|
## Outputs
diff --git a/blueprints/data-solutions/data-platform-foundations/variables.tf b/blueprints/data-solutions/data-platform-foundations/variables.tf
index adf3c7e4..80e7b65c 100644
--- a/blueprints/data-solutions/data-platform-foundations/variables.tf
+++ b/blueprints/data-solutions/data-platform-foundations/variables.tf
@@ -101,8 +101,12 @@ variable "organization_domain" {
}
variable "prefix" {
- description = "Unique prefix used for resource names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_services" {
diff --git a/blueprints/data-solutions/data-playground/README.md b/blueprints/data-solutions/data-playground/README.md
index 950484a9..ecc12973 100644
--- a/blueprints/data-solutions/data-playground/README.md
+++ b/blueprints/data-solutions/data-playground/README.md
@@ -47,12 +47,12 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string
| ✓ | |
-| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
+| [prefix](variables.tf#L22) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L40) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
| [location](variables.tf#L16) | The location where resources will be deployed. | string
| | "EU"
|
-| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | object({…})
| | null
|
-| [region](variables.tf#L41) | The region where resources will be deployed. | string
| | "europe-west1"
|
-| [vpc_config](variables.tf#L57) | Parameters to create a VPC. | object({…})
| | {…}
|
+| [project_create](variables.tf#L31) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id. | object({…})
| | null
|
+| [region](variables.tf#L45) | The region where resources will be deployed. | string
| | "europe-west1"
|
+| [vpc_config](variables.tf#L61) | Parameters to create a VPC. | object({…})
| | {…}
|
## Outputs
@@ -61,7 +61,7 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
| [bucket](outputs.tf#L15) | GCS Bucket URL. | |
| [dataset](outputs.tf#L20) | GCS Bucket URL. | |
| [notebook](outputs.tf#L25) | Vertex AI notebook details. | |
-| [project](outputs.tf#L33) | Project id | |
-| [vpc](outputs.tf#L38) | VPC Network | |
+| [project](outputs.tf#L33) | Project id. | |
+| [vpc](outputs.tf#L38) | VPC Network. | |
diff --git a/blueprints/data-solutions/data-playground/main.tf b/blueprints/data-solutions/data-playground/main.tf
index a561c1d6..ff079d5e 100644
--- a/blueprints/data-solutions/data-playground/main.tf
+++ b/blueprints/data-solutions/data-playground/main.tf
@@ -32,6 +32,7 @@ module "project" {
"bigqueryreservation.googleapis.com",
"composer.googleapis.com",
"compute.googleapis.com",
+ "dialogflow.googleapis.com",
"dataflow.googleapis.com",
"ml.googleapis.com",
"notebooks.googleapis.com",
@@ -113,7 +114,7 @@ module "bucket" {
module "dataset" {
source = "../../../modules/bigquery-dataset"
project_id = module.project.project_id
- id = "${var.prefix}_data"
+ id = "${replace(var.prefix, "-", "_")}_data"
encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key
}
@@ -133,6 +134,7 @@ module "service-account-notebook" {
"roles/bigquery.jobUser",
"roles/bigquery.dataEditor",
"roles/bigquery.user",
+ "roles/dialogflow.client",
"roles/storage.admin",
]
}
@@ -152,7 +154,7 @@ resource "google_notebooks_instance" "playground" {
install_gpu_driver = true
boot_disk_type = "PD_SSD"
boot_disk_size_gb = 110
- disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : "GMEK"
+ disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : null
kms_key = try(local.service_encryption_keys.compute, null)
no_public_ip = true
diff --git a/blueprints/data-solutions/data-playground/outputs.tf b/blueprints/data-solutions/data-playground/outputs.tf
index 03db2506..4b80c311 100644
--- a/blueprints/data-solutions/data-playground/outputs.tf
+++ b/blueprints/data-solutions/data-playground/outputs.tf
@@ -31,11 +31,11 @@ output "notebook" {
}
output "project" {
- description = "Project id"
+ description = "Project id."
value = module.project.project_id
}
output "vpc" {
- description = "VPC Network"
+ description = "VPC Network."
value = module.vpc.name
}
diff --git a/blueprints/data-solutions/data-playground/variables.tf b/blueprints/data-solutions/data-playground/variables.tf
index 1c410ae2..17354067 100644
--- a/blueprints/data-solutions/data-playground/variables.tf
+++ b/blueprints/data-solutions/data-playground/variables.tf
@@ -20,12 +20,16 @@ variable "location" {
}
variable "prefix" {
- description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
- description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id"
+ description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id."
type = object({
billing_account_id = string
parent = string
diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
index b062f4e3..54f47eca 100644
--- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
+++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
@@ -193,14 +193,14 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string
| ✓ | |
-| [project_id](variables.tf#L50) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
+| [prefix](variables.tf#L36) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L54) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
| [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | bool
| | false
|
| [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | list(string)
| | []
|
| [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…})
| | null
|
-| [project_create](variables.tf#L41) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
-| [region](variables.tf#L55) | The region where resources will be deployed. | string
| | "europe-west1"
|
-| [vpc_subnet_range](variables.tf#L61) | Ip range used for the VPC subnet created for the example. | string
| | "10.0.0.0/20"
|
+| [project_create](variables.tf#L45) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
+| [region](variables.tf#L59) | The region where resources will be deployed. | string
| | "europe-west1"
|
+| [vpc_subnet_range](variables.tf#L65) | Ip range used for the VPC subnet created for the example. | string
| | "10.0.0.0/20"
|
## Outputs
diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
index 026e07b6..97d3de77 100644
--- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
+++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
@@ -34,8 +34,12 @@ variable "network_config" {
}
variable "prefix" {
- description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md
index ba1916c7..1ce4dad7 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/README.md
+++ b/blueprints/data-solutions/sqlserver-alwayson/README.md
@@ -35,37 +35,37 @@ and to `C:\GcpSetupLog.txt` file.
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | string
| ✓ | |
-| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | string
| ✓ | |
-| [network](variables.tf#L90) | Network to use in the project | string
| ✓ | |
-| [project_id](variables.tf#L128) | Google Cloud project ID | string
| ✓ | |
-| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | string
| ✓ | |
-| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | string
| ✓ | |
-| [always_on_groups](variables.tf#L33) | List of Always On Groups | list(string)
| | ["bookshelf"]
|
-| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | number
| | 50
|
-| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | string
| | "cluster"
|
-| [data_disk_size](variables.tf#L51) | Database disk size in GB | number
| | 200
|
-| [health_check_config](variables.tf#L57) | Health check configuration | …
| | {…}
|
-| [health_check_port](variables.tf#L72) | Health check port | number
| | 59997
|
-| [health_check_ranges](variables.tf#L78) | Health check ranges | list(string)
| | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
|
-| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | string
| | ""
|
-| [node_image](variables.tf#L95) | SQL Server node machine image | string
| | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
|
-| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | string
| | "n2-standard-8"
|
-| [node_name](variables.tf#L107) | Node base name | string
| | "node"
|
-| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | string
| | "aog"
|
-| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
-| [region](variables.tf#L133) | Region for resources | string
| | "europe-west4"
|
-| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | string
| | null
|
-| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | list(string)
| | ["0.0.0.0/0"]
|
-| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | string
| | "10.0.0.0/20"
|
-| [witness_image](variables.tf#L171) | SQL Server witness machine image | string
| | "projects/windows-cloud/global/images/family/windows-2019"
|
-| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | string
| | "n2-standard-2"
|
-| [witness_name](variables.tf#L183) | Witness base name | string
| | "witness"
|
+| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN). | string
| ✓ | |
+| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS). | string
| ✓ | |
+| [network](variables.tf#L90) | Network to use in the project. | string
| ✓ | |
+| [prefix](variables.tf#L113) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L131) | Google Cloud project ID. | string
| ✓ | |
+| [sql_admin_password](variables.tf#L148) | Password for the SQL admin user to be created. | string
| ✓ | |
+| [subnetwork](variables.tf#L163) | Subnetwork to use in the project. | string
| ✓ | |
+| [always_on_groups](variables.tf#L33) | List of Always On Groups. | list(string)
| | ["bookshelf"]
|
+| [boot_disk_size](variables.tf#L39) | Boot disk size in GB. | number
| | 50
|
+| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix). | string
| | "cluster"
|
+| [data_disk_size](variables.tf#L51) | Database disk size in GB. | number
| | 200
|
+| [health_check_config](variables.tf#L57) | Health check configuration. | …
| | {…}
|
+| [health_check_port](variables.tf#L72) | Health check port. | number
| | 59997
|
+| [health_check_ranges](variables.tf#L78) | Health check ranges. | list(string)
| | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
|
+| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com). | string
| | ""
|
+| [node_image](variables.tf#L95) | SQL Server node machine image. | string
| | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
|
+| [node_instance_type](variables.tf#L101) | SQL Server database node instance type. | string
| | "n2-standard-8"
|
+| [node_name](variables.tf#L107) | Node base name. | string
| | "node"
|
+| [project_create](variables.tf#L122) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
+| [region](variables.tf#L136) | Region for resources. | string
| | "europe-west4"
|
+| [shared_vpc_project_id](variables.tf#L142) | Shared VPC project ID for firewall rules. | string
| | null
|
+| [sql_client_cidrs](variables.tf#L157) | CIDR ranges that are allowed to connect to SQL Server. | list(string)
| | ["0.0.0.0/0"]
|
+| [vpc_ip_cidr_range](variables.tf#L168) | Ip range used in the subnet deployef in the Service Project. | string
| | "10.0.0.0/20"
|
+| [witness_image](variables.tf#L174) | SQL Server witness machine image. | string
| | "projects/windows-cloud/global/images/family/windows-2019"
|
+| [witness_instance_type](variables.tf#L180) | SQL Server witness node instance type. | string
| | "n2-standard-2"
|
+| [witness_name](variables.tf#L186) | Witness base name. | string
| | "witness"
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
-| [instructions](outputs.tf#L19) | | |
+| [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
diff --git a/blueprints/data-solutions/sqlserver-alwayson/instances.tf b/blueprints/data-solutions/sqlserver-alwayson/instances.tf
index bde26662..40f26e95 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/instances.tf
+++ b/blueprints/data-solutions/sqlserver-alwayson/instances.tf
@@ -30,8 +30,8 @@ locals {
managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : ""
health_check_port = var.health_check_port
sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1]
- cluster_ip = module.ip-addresses.internal_addresses["${local.prefix}cluster"].address
- loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${local.prefix}lb-${aog}"].address })
+ cluster_ip = module.ip-addresses.internal_addresses["${var.prefix}-cluster"].address
+ loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${var.prefix}-lb-${aog}"].address })
sql_cluster_name = local.cluster_netbios_name
sql_cluster_full = local.cluster_full_name
node_netbios_1 = local.node_netbios_names[0]
@@ -43,7 +43,7 @@ locals {
_template_vars = merge(local._template_vars0, {
functions = local._functions
})
- _user_name = "${local.prefix}sqlserver"
+ _user_name = "${var.prefix}-sqlserver"
scripts = {
for script in local._scripts :
script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars)
diff --git a/blueprints/data-solutions/sqlserver-alwayson/main.tf b/blueprints/data-solutions/sqlserver-alwayson/main.tf
index 6485b46d..4a255015 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/main.tf
+++ b/blueprints/data-solutions/sqlserver-alwayson/main.tf
@@ -14,14 +14,14 @@
locals {
ad_user_password_secret = "${local.cluster_full_name}-password"
- cluster_full_name = "${local.prefix}${var.cluster_name}"
+ cluster_full_name = "${var.prefix}-${var.cluster_name}"
cluster_netbios_name = (
length(local.cluster_full_name) > 15
? substr(local.cluster_full_name, 0, 15)
: local.cluster_full_name
)
network = module.vpc.self_link
- node_base = "${local.prefix}${var.node_name}"
+ node_base = "${var.prefix}-${var.node_name}"
node_prefix = (
length(local.node_base) > 12
? substr(local.node_base, 0, 12)
@@ -39,7 +39,6 @@ locals {
(local.witness_netbios_name) = local.zones[length(local.zones) - 1]
}
)
- prefix = var.prefix != "" ? "${var.prefix}-" : ""
subnetwork = (
var.project_create != null
? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"]
@@ -50,7 +49,7 @@ locals {
? var.shared_vpc_project_id
: module.project.project_id
)
- witness_name = "${local.prefix}${var.witness_name}"
+ witness_name = "${var.prefix}-${var.witness_name}"
witness_netbios_name = (
length(local.witness_name) > 15
? substr(local.witness_name, 0, 15)
diff --git a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
index 2d094763..1856f823 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
+++ b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
@@ -17,7 +17,8 @@ locals {
}
output "instructions" {
- value = < 0
@@ -22,7 +22,7 @@ variable "ad_domain_fqdn" {
}
variable "ad_domain_netbios" {
- description = "Active Directory domain (NetBIOS)"
+ description = "Active Directory domain (NetBIOS)."
type = string
validation {
condition = length(var.ad_domain_netbios) > 0
@@ -31,31 +31,31 @@ variable "ad_domain_netbios" {
}
variable "always_on_groups" {
- description = "List of Always On Groups"
+ description = "List of Always On Groups."
type = list(string)
default = ["bookshelf"]
}
variable "boot_disk_size" {
- description = "Boot disk size in GB"
+ description = "Boot disk size in GB."
type = number
default = 50
}
variable "cluster_name" {
- description = "Cluster name (prepended with prefix)"
+ description = "Cluster name (prepended with prefix)."
type = string
default = "cluster"
}
variable "data_disk_size" {
- description = "Database disk size in GB"
+ description = "Database disk size in GB."
type = number
default = 200
}
variable "health_check_config" {
- description = "Health check configuration"
+ description = "Health check configuration."
type = object({ check_interval_sec = number,
healthy_threshold = number,
unhealthy_threshold = number,
@@ -70,50 +70,53 @@ variable "health_check_config" {
}
variable "health_check_port" {
- description = "Health check port"
+ description = "Health check port."
type = number
default = 59997
}
variable "health_check_ranges" {
- description = "Health check ranges"
+ description = "Health check ranges."
type = list(string)
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
}
variable "managed_ad_dn" {
- description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)"
+ description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)."
type = string
default = ""
}
variable "network" {
- description = "Network to use in the project"
+ description = "Network to use in the project."
type = string
}
variable "node_image" {
- description = "SQL Server node machine image"
+ description = "SQL Server node machine image."
type = string
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
}
variable "node_instance_type" {
- description = "SQL Server database node instance type"
+ description = "SQL Server database node instance type."
type = string
default = "n2-standard-8"
}
variable "node_name" {
- description = "Node base name"
+ description = "Node base name."
type = string
default = "node"
}
variable "prefix" {
- description = "Prefix used for resources (for multiple clusters in a project)"
+ description = "Prefix used for resource names."
type = string
- default = "aog"
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
@@ -126,24 +129,24 @@ variable "project_create" {
}
variable "project_id" {
- description = "Google Cloud project ID"
+ description = "Google Cloud project ID."
type = string
}
variable "region" {
- description = "Region for resources"
+ description = "Region for resources."
type = string
default = "europe-west4"
}
variable "shared_vpc_project_id" {
- description = "Shared VPC project ID for firewall rules"
+ description = "Shared VPC project ID for firewall rules."
type = string
default = null
}
variable "sql_admin_password" {
- description = "Password for the SQL admin user to be created"
+ description = "Password for the SQL admin user to be created."
type = string
validation {
condition = length(var.sql_admin_password) > 0
@@ -152,13 +155,13 @@ variable "sql_admin_password" {
}
variable "sql_client_cidrs" {
- description = "CIDR ranges that are allowed to connect to SQL Server"
+ description = "CIDR ranges that are allowed to connect to SQL Server."
type = list(string)
default = ["0.0.0.0/0"]
}
variable "subnetwork" {
- description = "Subnetwork to use in the project"
+ description = "Subnetwork to use in the project."
type = string
}
@@ -169,19 +172,19 @@ variable "vpc_ip_cidr_range" {
}
variable "witness_image" {
- description = "SQL Server witness machine image"
+ description = "SQL Server witness machine image."
type = string
default = "projects/windows-cloud/global/images/family/windows-2019"
}
variable "witness_instance_type" {
- description = "SQL Server witness node instance type"
+ description = "SQL Server witness node instance type."
type = string
default = "n2-standard-2"
}
variable "witness_name" {
- description = "Witness base name"
+ description = "Witness base name."
type = string
default = "witness"
}
diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
index 6f0b9120..ccc10e1c 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
+++ b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
@@ -19,7 +19,7 @@ locals {
local.listeners,
local.node_ips,
{
- "${local.prefix}cluster" = {
+ "${var.prefix}-cluster" = {
region = var.region
subnetwork = local.subnetwork
}
@@ -34,7 +34,7 @@ locals {
k => v.address
}
listeners = {
- for aog in var.always_on_groups : "${local.prefix}lb-${aog}" => {
+ for aog in var.always_on_groups : "${var.prefix}-lb-${aog}" => {
region = var.region
subnetwork = local.subnetwork
}
@@ -83,7 +83,7 @@ module "firewall" {
disabled = true
}
ingress_rules = {
- "${local.prefix}allow-all-between-wsfc-nodes" = {
+ "${var.prefix}-allow-all-between-wsfc-nodes" = {
description = "Allow all between WSFC nodes"
sources = [module.compute-service-account.email]
targets = [module.compute-service-account.email]
@@ -94,7 +94,7 @@ module "firewall" {
{ protocol = "icmp" }
]
}
- "${local.prefix}allow-all-between-wsfc-witness" = {
+ "${var.prefix}-allow-all-between-wsfc-witness" = {
description = "Allow all between WSFC witness nodes"
sources = [module.compute-service-account.email]
targets = [module.witness-service-account.email]
@@ -105,7 +105,7 @@ module "firewall" {
{ protocol = "icmp" }
]
}
- "${local.prefix}allow-sql-to-wsfc-nodes" = {
+ "${var.prefix}-allow-sql-to-wsfc-nodes" = {
description = "Allow SQL connections to WSFC nodes"
targets = [module.compute-service-account.email]
ranges = var.sql_client_cidrs
@@ -114,7 +114,7 @@ module "firewall" {
{ protocol = "tcp", ports = [1433] },
]
}
- "${local.prefix}allow-health-check-to-wsfc-nodes" = {
+ "${var.prefix}-allow-health-check-to-wsfc-nodes" = {
description = "Allow health checks to WSFC nodes"
targets = [module.compute-service-account.email]
ranges = var.health_check_ranges
@@ -139,7 +139,7 @@ module "listener-ilb" {
region = var.region
name = "${var.prefix}-${each.value}-ilb"
service_label = "${var.prefix}-${each.value}-ilb"
- address = local.internal_address_ips["${local.prefix}lb-${each.value}"]
+ address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
vpc_config = {
network = local.network
subnetwork = local.subnetwork
diff --git a/blueprints/factories/bigquery-factory/README.md b/blueprints/factories/bigquery-factory/README.md
index 3f1acc4a..05cabffb 100644
--- a/blueprints/factories/bigquery-factory/README.md
+++ b/blueprints/factories/bigquery-factory/README.md
@@ -73,7 +73,7 @@ deletion_protection: bool # not required, defaults to false
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L17) | Project ID | string
| ✓ | |
+| [project_id](variables.tf#L17) | Project ID. | string
| ✓ | |
| [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | string
| ✓ | |
| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | string
| ✓ | |
diff --git a/blueprints/factories/bigquery-factory/variables.tf b/blueprints/factories/bigquery-factory/variables.tf
index cd34f02b..774ec86e 100644
--- a/blueprints/factories/bigquery-factory/variables.tf
+++ b/blueprints/factories/bigquery-factory/variables.tf
@@ -15,7 +15,7 @@
*/
variable "project_id" {
- description = "Project ID"
+ description = "Project ID."
type = string
}
diff --git a/blueprints/factories/net-vpc-firewall-yaml/README.md b/blueprints/factories/net-vpc-firewall-yaml/README.md
index efd5a3a0..26e85c5d 100644
--- a/blueprints/factories/net-vpc-firewall-yaml/README.md
+++ b/blueprints/factories/net-vpc-firewall-yaml/README.md
@@ -1,6 +1,6 @@
# Google Cloud VPC Firewall Factory
-This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files.
+This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files.
Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL.
@@ -79,10 +79,10 @@ rule-name: # descriptive name, naming convention is adjusted by the module
destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule
- 0.0.0.0/0
source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule
- source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, can not be specified together with `source_tags` or `target_tags`
+ source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags`
- myapp@myproject-id.iam.gserviceaccount.com
target_tags: ['some-tag'] # list of target tags
- target_service_accounts: # list of target service accounts, , can not be specified together with `source_tags` or `target_tags`
+ target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags`
- myapp@myproject-id.iam.gserviceaccount.com
```
diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md
index cc5ed962..a5680781 100644
--- a/blueprints/factories/project-factory/README.md
+++ b/blueprints/factories/project-factory/README.md
@@ -69,6 +69,7 @@ module "projects" {
kms_service_agents = try(each.value.kms, {})
labels = try(each.value.labels, {})
org_policies = try(each.value.org_policies, {})
+ prefix = each.value.prefix
service_accounts = try(each.value.service_accounts, {})
services = try(each.value.services, [])
service_identities_iam = try(each.value.service_identities_iam, {})
@@ -109,9 +110,9 @@ vpc_host_project: project-example-host-project
# [opt] Billing account id - overrides default if set
billing_account_id: 012345-67890A-BCDEF0
-
+
# [opt] Billing alerts config - overrides default if set
-billing_alert:
+billing_alert:
amount: 10
thresholds:
current:
@@ -119,42 +120,42 @@ billing_alert:
- 0.8
forecasted: []
-# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults
-dns_zones:
+# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults
+dns_zones:
- lorem
- ipsum
-# [opt] Contacts for billing alerts and important notifications
-essential_contacts:
+# [opt] Contacts for billing alerts and important notifications
+essential_contacts:
- team-a-contacts@example.com
# Folder the project will be created as children of
folder_id: folders/012345678901
# [opt] Authoritative IAM bindings in group => [roles] format
-group_iam:
+group_iam:
test-team-foobar@fast-lab-0.gcp-pso-italy.net:
- roles/compute.admin
# [opt] Authoritative IAM bindings in role => [principals] format
# Generally used to grant roles to service accounts external to the project
-iam:
+iam:
roles/compute.admin:
- serviceAccount:service-account
-# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter
+# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter
# in service => [keys] format
-kms_service_agents:
+kms_service_agents:
compute: [key1, key2]
storage: [key1, key2]
# [opt] Labels for the project - merged with the ones defined in defaults
-labels:
+labels:
environment: prod
# [opt] Org policy overrides defined at project level
org_policies:
- constraints/compute.disableGuestAttributesAccess:
+ constraints/compute.disableGuestAttributesAccess:
enforce: true
constraints/compute.trustedImageProjects:
allow:
@@ -166,7 +167,7 @@ org_policies:
# [opt] Service account to create for the project and their roles on the project
# in name => [roles] format
-service_accounts:
+service_accounts:
another-service-account:
- roles/compute.admin
my-service-account:
@@ -179,37 +180,37 @@ service_accounts_iam:
- roles/iam.serviceAccountTokenCreator:
- group: app-team-1@example.com
-# [opt] APIs to enable on the project.
-services:
+# [opt] APIs to enable on the project.
+services:
- storage.googleapis.com
- stackdriver.googleapis.com
- compute.googleapis.com
# [opt] Roles to assign to the robots service accounts in robot => [roles] format
-services_iam:
+services_iam:
compute:
- roles/storage.objectViewer
- # [opt] VPC setup.
- # If set enables the `compute.googleapis.com` service and configures
+ # [opt] VPC setup.
+ # If set enables the `compute.googleapis.com` service and configures
# service project attachment
-vpc:
+vpc:
# [opt] If set, enables the container API
- gke_setup:
+ gke_setup:
- # Grants "roles/container.hostServiceAgentUser" to the container robot if set
+ # Grants "roles/container.hostServiceAgentUser" to the container robot if set
enable_host_service_agent: false
- # Grants "roles/compute.securityAdmin" to the container robot if set
+ # Grants "roles/compute.securityAdmin" to the container robot if set
enable_security_admin: true
- # Host project the project will be service project of
+ # Host project the project will be service project of
host_project: fast-prod-net-spoke-0
# [opt] Subnets in the host project where principals will be granted networkUser
- # in region/subnet-name => [principals]
- subnets_iam:
+ # in region/subnet-name => [principals]
+ subnets_iam:
europe-west1/prod-default-ew1:
- user:foobar@example.com
- serviceAccount:service-account1@my-project.iam.gserviceaccount.com
@@ -221,7 +222,8 @@ vpc:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | string
| ✓ | |
-| [project_id](variables.tf#L157) | Project id. | string
| ✓ | |
+| [prefix](variables.tf#L151) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L160) | Project id. | string
| ✓ | |
| [billing_alert](variables.tf#L22) | Billing alert configuration. | object({…})
| | null
|
| [defaults](variables.tf#L35) | Project factory default values. | object({…})
| | null
|
| [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | list(string)
| | []
|
@@ -234,21 +236,20 @@ vpc:
| [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | map(list(string))
| | {}
|
| [labels](variables.tf#L105) | Labels to be assigned at project level. | map(string)
| | {}
|
| [org_policies](variables.tf#L111) | Org-policy overrides at project level. | map(object({…}))
| | {}
|
-| [prefix](variables.tf#L151) | Prefix used for the project id. | string
| | null
|
-| [service_accounts](variables.tf#L162) | Service accounts to be created, and roles assigned them on the project. | map(list(string))
| | {}
|
-| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string))
| | {}
|
-| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string)))
| | {}
|
-| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string)))
| | {}
|
-| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | map(list(string))
| | {}
|
-| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string))
| | {}
|
-| [services](variables.tf#L202) | Services to be enabled for the project. | list(string)
| | []
|
-| [vpc](variables.tf#L209) | VPC configuration for the project. | object({…})
| | null
|
+| [service_accounts](variables.tf#L165) | Service accounts to be created, and roles assigned them on the project. | map(list(string))
| | {}
|
+| [service_accounts_additive](variables.tf#L171) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string))
| | {}
|
+| [service_accounts_iam](variables.tf#L177) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | map(map(list(string)))
| | {}
|
+| [service_accounts_iam_additive](variables.tf#L184) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | map(map(list(string)))
| | {}
|
+| [service_identities_iam](variables.tf#L191) | Custom IAM settings for service identities in service => [role] format. | map(list(string))
| | {}
|
+| [service_identities_iam_additive](variables.tf#L198) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string))
| | {}
|
+| [services](variables.tf#L205) | Services to be enabled for the project. | list(string)
| | []
|
+| [vpc](variables.tf#L212) | VPC configuration for the project. | object({…})
| | null
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
-| [project](outputs.tf#L19) | The project resource as return by the `project` module | |
+| [project](outputs.tf#L19) | The project resource as return by the `project` module. | |
| [project_id](outputs.tf#L29) | Project ID. | |
diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf
index 1fe5e1e4..f6b2a797 100644
--- a/blueprints/factories/project-factory/main.tf
+++ b/blueprints/factories/project-factory/main.tf
@@ -29,11 +29,7 @@ locals {
}
_group_iam_bindings = distinct(flatten(values(var.group_iam)))
_group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive)))
- _project_id = (
- var.prefix == null || var.prefix == ""
- ? var.project_id
- : "${var.prefix}-${var.project_id}"
- )
+
_service_accounts_iam = {
for r in local._service_accounts_iam_bindings : r => [
for k, v in var.service_accounts :
diff --git a/blueprints/factories/project-factory/outputs.tf b/blueprints/factories/project-factory/outputs.tf
index a60ad457..a989eaba 100644
--- a/blueprints/factories/project-factory/outputs.tf
+++ b/blueprints/factories/project-factory/outputs.tf
@@ -17,7 +17,7 @@
# TODO(): proper outputs
output "project" {
- description = "The project resource as return by the `project` module"
+ description = "The project resource as return by the `project` module."
value = module.project
depends_on = [
diff --git a/blueprints/factories/project-factory/sample-data/defaults.yaml b/blueprints/factories/project-factory/sample-data/defaults.yaml
index af810c94..72ed3f0d 100644
--- a/blueprints/factories/project-factory/sample-data/defaults.yaml
+++ b/blueprints/factories/project-factory/sample-data/defaults.yaml
@@ -25,4 +25,5 @@ labels:
# [opt] Additional notification channels for billing
notification_channels: []
shared_vpc_self_link: projects/foo/networks/bar
+prefix: test
vpc_host_project:
diff --git a/blueprints/factories/project-factory/sample-data/projects/project.yaml b/blueprints/factories/project-factory/sample-data/projects/project.yaml
index 88ba0bf5..03449913 100644
--- a/blueprints/factories/project-factory/sample-data/projects/project.yaml
+++ b/blueprints/factories/project-factory/sample-data/projects/project.yaml
@@ -58,6 +58,9 @@ org_policies:
deny:
all: true
+# [opt] Prefix - overrides default if set
+prefix: test1
+
# [opt] Service account to create for the project and their roles on the project
# in name => [roles] format
service_accounts:
diff --git a/blueprints/factories/project-factory/variables.tf b/blueprints/factories/project-factory/variables.tf
index cbcae798..0ece0f04 100644
--- a/blueprints/factories/project-factory/variables.tf
+++ b/blueprints/factories/project-factory/variables.tf
@@ -149,9 +149,12 @@ variable "org_policies" {
}
variable "prefix" {
- description = "Prefix used for the project id."
+ description = "Prefix used for resource names."
type = string
- default = null
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_id" {
@@ -172,14 +175,14 @@ variable "service_accounts_additive" {
}
variable "service_accounts_iam" {
- description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}"
+ description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}."
type = map(map(list(string)))
default = {}
nullable = false
}
variable "service_accounts_iam_additive" {
- description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}"
+ description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}."
type = map(map(list(string)))
default = {}
nullable = false
diff --git a/blueprints/gke/binauthz/README.md b/blueprints/gke/binauthz/README.md
index 41eef22b..387ceb09 100644
--- a/blueprints/gke/binauthz/README.md
+++ b/blueprints/gke/binauthz/README.md
@@ -107,15 +107,15 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L44) | Project ID. | string
| ✓ | |
+| [prefix](variables.tf#L29) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L47) | Project ID. | string
| ✓ | |
| [master_cidr_block](variables.tf#L17) | Master CIDR block. | string
| | "10.0.0.0/28"
|
| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | string
| | "172.16.0.0/20"
|
-| [prefix](variables.tf#L29) | Prefix for resources created. | string
| | null
|
-| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | object({…})
| | null
|
-| [region](variables.tf#L49) | Region. | string
| | "europe-west1"
|
-| [services_cidr_block](variables.tf#L55) | Services CIDR block. | string
| | "192.168.0.0/24"
|
-| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | string
| | "10.0.1.0/24"
|
-| [zone](variables.tf#L67) | Zone. | string
| | "europe-west1-c"
|
+| [project_create](variables.tf#L38) | Parameters for the creation of the new project. | object({…})
| | null
|
+| [region](variables.tf#L52) | Region. | string
| | "europe-west1"
|
+| [services_cidr_block](variables.tf#L58) | Services CIDR block. | string
| | "192.168.0.0/24"
|
+| [subnet_cidr_block](variables.tf#L64) | Subnet CIDR block. | string
| | "10.0.1.0/24"
|
+| [zone](variables.tf#L70) | Zone. | string
| | "europe-west1-c"
|
## Outputs
diff --git a/blueprints/gke/binauthz/main.tf b/blueprints/gke/binauthz/main.tf
index ee716cdf..77f7f0e4 100644
--- a/blueprints/gke/binauthz/main.tf
+++ b/blueprints/gke/binauthz/main.tf
@@ -15,7 +15,6 @@
*/
locals {
- prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
k8s_ns = "apis"
k8s_sa = "storage-api-sa"
image = (
@@ -61,7 +60,7 @@ module "project" {
module "vpc" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}vpc"
+ name = "${var.prefix}-vpc"
subnets = [
{
ip_cidr_range = var.subnet_cidr_block
@@ -79,14 +78,14 @@ module "nat" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}nat"
+ name = "${var.prefix}-nat"
router_network = module.vpc.name
}
module "cluster" {
source = "../../../modules/gke-cluster"
project_id = module.project.project_id
- name = "${local.prefix}cluster"
+ name = "${var.prefix}-cluster"
location = var.zone
vpc_config = {
master_ipv4_cidr_block = var.master_cidr_block
@@ -174,7 +173,7 @@ module "docker_artifact_registry" {
project_id = module.project.project_id
location = var.region
format = "DOCKER"
- id = "${local.prefix}registry"
+ id = "${var.prefix}-registry"
iam = {
"roles/artifactregistry.writer" = [module.image_cb_sa.iam_email]
"roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email]
@@ -190,7 +189,7 @@ module "image_cb_sa" {
module "image_repo" {
source = "../../../modules/source-repository"
project_id = module.project.project_id
- name = "${local.prefix}image"
+ name = "${var.prefix}-image"
triggers = {
image-trigger = {
filename = "cloudbuild.yaml"
@@ -222,7 +221,7 @@ module "app_cb_sa" {
module "app_repo" {
source = "../../../modules/source-repository"
project_id = module.project.project_id
- name = "${local.prefix}app"
+ name = "${var.prefix}-app"
triggers = {
app-trigger = {
filename = "cloudbuild.yaml"
diff --git a/blueprints/gke/binauthz/variables.tf b/blueprints/gke/binauthz/variables.tf
index 2e19b1aa..7f180426 100644
--- a/blueprints/gke/binauthz/variables.tf
+++ b/blueprints/gke/binauthz/variables.tf
@@ -27,9 +27,12 @@ variable "pods_cidr_block" {
}
variable "prefix" {
- description = "Prefix for resources created."
+ description = "Prefix used for resource names."
type = string
- default = null
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
index 7deafdad..7d43bd40 100644
--- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
+++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
@@ -69,8 +69,8 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [mgmt_project_id](variables.tf#L63) | Management Project ID. | string
| ✓ | |
| [parent](variables.tf#L94) | Parent. | string
| ✓ | |
| [clusters_config](variables.tf#L22) | Clusters configuration. | map(object({…}))
| | {…}
|
-| [istio_version](variables.tf#L57) | ASM version | string
| | "1.14.1-asm.3"
|
-| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | object({…})
| | {…}
|
+| [istio_version](variables.tf#L57) | ASM version. | string
| | "1.14.1-asm.3"
|
+| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration. | object({…})
| | {…}
|
| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | string
| | "10.0.0.0/28"
|
| [region](variables.tf#L99) | Region. | string
| | "europe-west1"
|
diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
index 4cff10fb..428778f2 100644
--- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
+++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
@@ -55,7 +55,7 @@ variable "host_project_id" {
variable "istio_version" {
- description = "ASM version"
+ description = "ASM version."
type = string
default = "1.14.1-asm.3"
}
@@ -66,7 +66,7 @@ variable "mgmt_project_id" {
}
variable "mgmt_server_config" {
- description = "Mgmt server configuration"
+ description = "Mgmt server configuration."
type = object({
disk_size = number
disk_type = string
diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md
index 9e1cd9b5..80d09ac1 100644
--- a/blueprints/gke/multitenant-fleet/README.md
+++ b/blueprints/gke/multitenant-fleet/README.md
@@ -247,9 +247,9 @@ module "gke" {
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | string
| ✓ | |
| [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string
| ✓ | |
-| [prefix](variables.tf#L179) | Prefix used for resources that need unique names. | string
| ✓ | |
-| [project_id](variables.tf#L184) | ID of the project that will contain all the clusters. | string
| ✓ | |
-| [vpc_config](variables.tf#L196) | Shared VPC project and VPC details. | object({…})
| ✓ | |
+| [prefix](variables.tf#L179) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L188) | ID of the project that will contain all the clusters. | string
| ✓ | |
+| [vpc_config](variables.tf#L200) | Shared VPC project and VPC details. | object({…})
| ✓ | |
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…}))
| | {}
|
| [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string))
| | {}
|
| [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…}))
| | {}
|
@@ -259,7 +259,7 @@ module "gke" {
| [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
| [labels](variables.tf#L151) | Project-level labels. | map(string)
| | {}
|
| [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…})))
| | {}
|
-| [project_services](variables.tf#L189) | Additional project services to enable. | list(string)
| | []
|
+| [project_services](variables.tf#L193) | Additional project services to enable. | list(string)
| | []
|
## Outputs
diff --git a/blueprints/gke/multitenant-fleet/variables.tf b/blueprints/gke/multitenant-fleet/variables.tf
index 8d6c69ae..2cfd26a1 100644
--- a/blueprints/gke/multitenant-fleet/variables.tf
+++ b/blueprints/gke/multitenant-fleet/variables.tf
@@ -177,8 +177,12 @@ variable "nodepools" {
}
variable "prefix" {
- description = "Prefix used for resources that need unique names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_id" {
diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md
index cbf69606..64a3e41c 100644
--- a/blueprints/networking/decentralized-firewall/README.md
+++ b/blueprints/networking/decentralized-firewall/README.md
@@ -26,11 +26,11 @@ in the [`validator/`](validator/) subdirectory, which can be integrated as part
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string
| ✓ | |
-| [prefix](variables.tf#L29) | Prefix used for resources that need unique names. | string
| ✓ | |
-| [root_node](variables.tf#L50) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string
| ✓ | |
+| [prefix](variables.tf#L29) | Prefix used for resource names. | string
| ✓ | |
+| [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string
| ✓ | |
| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | map(string)
| | {…}
|
-| [project_services](variables.tf#L34) | Service APIs enabled by default in new projects. | list(string)
| | […]
|
-| [region](variables.tf#L44) | Region used. | string
| | "europe-west1"
|
+| [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | list(string)
| | […]
|
+| [region](variables.tf#L48) | Region used. | string
| | "europe-west1"
|
## Outputs
diff --git a/blueprints/networking/decentralized-firewall/variables.tf b/blueprints/networking/decentralized-firewall/variables.tf
index 76a3e1cd..cf48e23c 100644
--- a/blueprints/networking/decentralized-firewall/variables.tf
+++ b/blueprints/networking/decentralized-firewall/variables.tf
@@ -27,8 +27,12 @@ variable "ip_ranges" {
}
variable "prefix" {
- description = "Prefix used for resources that need unique names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_services" {
diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/filtering-proxy-psc/README.md
index 6459f3bf..61631af5 100644
--- a/blueprints/networking/filtering-proxy-psc/README.md
+++ b/blueprints/networking/filtering-proxy-psc/README.md
@@ -17,12 +17,12 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L44) | Prefix used for resources that need unique names. | string
| ✓ | |
-| [project_id](variables.tf#L66) | Project id used for all resources. | string
| ✓ | |
+| [prefix](variables.tf#L44) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L70) | Project id used for all resources. | string
| ✓ | |
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string)
| | […]
|
| [cidrs](variables.tf#L28) | CIDR ranges for subnets. | map(string)
| | {…}
|
| [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string
| | "ERRORS_ONLY"
|
-| [project_create](variables.tf#L49) | Set to non null if project needs to be created. | object({…})
| | null
|
-| [region](variables.tf#L71) | Default region for resources. | string
| | "europe-west1"
|
+| [project_create](variables.tf#L53) | Set to non null if project needs to be created. | object({…})
| | null
|
+| [region](variables.tf#L75) | Default region for resources. | string
| | "europe-west1"
|
diff --git a/blueprints/networking/filtering-proxy-psc/variables.tf b/blueprints/networking/filtering-proxy-psc/variables.tf
index 620107e4..6e821651 100644
--- a/blueprints/networking/filtering-proxy-psc/variables.tf
+++ b/blueprints/networking/filtering-proxy-psc/variables.tf
@@ -42,8 +42,12 @@ variable "nat_logging" {
}
variable "prefix" {
- description = "Prefix used for resources that need unique names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/filtering-proxy/README.md
index 46318843..9d7e2c02 100644
--- a/blueprints/networking/filtering-proxy/README.md
+++ b/blueprints/networking/filtering-proxy/README.md
@@ -21,13 +21,13 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | string
| ✓ | |
-| [prefix](variables.tf#L52) | Prefix used for resources that need unique names. | string
| ✓ | |
-| [root_node](variables.tf#L63) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string
| ✓ | |
+| [prefix](variables.tf#L52) | Prefix used for resource names. | string
| ✓ | |
+| [root_node](variables.tf#L67) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string
| ✓ | |
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string)
| | […]
|
| [cidrs](variables.tf#L31) | CIDR ranges for subnets. | map(string)
| | {…}
|
| [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | bool
| | false
|
| [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string
| | "ERRORS_ONLY"
|
-| [region](variables.tf#L57) | Default region for resources. | string
| | "europe-west1"
|
+| [region](variables.tf#L61) | Default region for resources. | string
| | "europe-west1"
|
## Outputs
diff --git a/blueprints/networking/filtering-proxy/variables.tf b/blueprints/networking/filtering-proxy/variables.tf
index 35245a40..a578eb12 100644
--- a/blueprints/networking/filtering-proxy/variables.tf
+++ b/blueprints/networking/filtering-proxy/variables.tf
@@ -50,8 +50,12 @@ variable "nat_logging" {
}
variable "prefix" {
- description = "Prefix used for resources that need unique names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "region" {
diff --git a/blueprints/networking/glb-and-armor/README.md b/blueprints/networking/glb-and-armor/README.md
index ff399bf4..8385beab 100644
--- a/blueprints/networking/glb-and-armor/README.md
+++ b/blueprints/networking/glb-and-armor/README.md
@@ -124,10 +124,10 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L38) | Identifier of the project. | string
| ✓ | |
+| [prefix](variables.tf#L23) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L41) | Identifier of the project. | string
| ✓ | |
| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | bool
| | true
|
-| [prefix](variables.tf#L23) | Prefix used for created resources. | string
| | null
|
-| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | object({…})
| | null
|
+| [project_create](variables.tf#L32) | Parameters for the creation of the new project. | object({…})
| | null
|
## Outputs
diff --git a/blueprints/networking/glb-and-armor/main.tf b/blueprints/networking/glb-and-armor/main.tf
index 83622609..26f90ac1 100644
--- a/blueprints/networking/glb-and-armor/main.tf
+++ b/blueprints/networking/glb-and-armor/main.tf
@@ -15,7 +15,7 @@
*/
locals {
- prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
+ prefix = var.prefix == null ? "" : "${var.prefix}-"
}
module "project" {
@@ -40,7 +40,7 @@ module "project" {
module "vpc" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}vpc"
+ name = "${var.prefix}-vpc"
subnets = [
{
ip_cidr_range = "10.0.1.0/24"
@@ -70,7 +70,7 @@ module "nat_ew1" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = "europe-west1"
- name = "${local.prefix}nat-eu1"
+ name = "${var.prefix}-nat-eu1"
router_network = module.vpc.name
}
@@ -78,7 +78,7 @@ module "nat_ue1" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = "us-east1"
- name = "${local.prefix}nat-ue1"
+ name = "${var.prefix}-nat-ue1"
router_network = module.vpc.name
}
@@ -86,7 +86,7 @@ module "instance_template_ew1" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = "europe-west1-b"
- name = "${local.prefix}europe-west1-template"
+ name = "${var.prefix}-europe-west1-template"
instance_type = "n1-standard-2"
network_interfaces = [{
network = module.vpc.self_link
@@ -108,7 +108,7 @@ module "instance_template_ue1" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = "us-east1-b"
- name = "${local.prefix}us-east1-template"
+ name = "${var.prefix}-us-east1-template"
network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"]
@@ -156,7 +156,7 @@ module "mig_ew1" {
source = "../../../modules/compute-mig"
project_id = module.project.project_id
location = "europe-west1"
- name = "${local.prefix}europe-west1-mig"
+ name = "${var.prefix}-europe-west1-mig"
instance_template = module.instance_template_ew1.template.self_link
autoscaler_config = {
max_replicas = 5
@@ -180,7 +180,7 @@ module "mig_ue1" {
source = "../../../modules/compute-mig"
project_id = module.project.project_id
location = "us-east1"
- name = "${local.prefix}us-east1-mig"
+ name = "${var.prefix}-us-east1-mig"
instance_template = module.instance_template_ue1.template.self_link
autoscaler_config = {
max_replicas = 5
@@ -202,7 +202,7 @@ module "mig_ue1" {
module "glb" {
source = "../../../modules/net-glb"
- name = "${local.prefix}http-lb"
+ name = "${var.prefix}-http-lb"
project_id = module.project.project_id
backend_services_config = {
http-backend = {
@@ -259,7 +259,7 @@ module "glb" {
resource "google_compute_security_policy" "policy" {
count = var.enforce_security_policy ? 1 : 0
- name = "${local.prefix}denylist-siege"
+ name = "${var.prefix}-denylist-siege"
project = module.project.project_id
rule {
action = "deny(403)"
diff --git a/blueprints/networking/glb-and-armor/variables.tf b/blueprints/networking/glb-and-armor/variables.tf
index a428a884..cf2aa583 100644
--- a/blueprints/networking/glb-and-armor/variables.tf
+++ b/blueprints/networking/glb-and-armor/variables.tf
@@ -21,9 +21,12 @@ variable "enforce_security_policy" {
}
variable "prefix" {
- description = "Prefix used for created resources."
+ description = "Prefix used for resource names."
type = string
- default = null
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/networking/hub-and-spoke-peering/README.md b/blueprints/networking/hub-and-spoke-peering/README.md
index 3fa1ef9a..d39cb3aa 100644
--- a/blueprints/networking/hub-and-spoke-peering/README.md
+++ b/blueprints/networking/hub-and-spoke-peering/README.md
@@ -84,13 +84,13 @@ The VPN used to connect the GKE masters VPC does not account for HA, upgrading t
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L66) | Project id used for all resources. | string
| ✓ | |
+| [prefix](variables.tf#L34) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L69) | Project id used for all resources. | string
| ✓ | |
| [ip_ranges](variables.tf#L15) | IP CIDR ranges. | map(string)
| | {…}
|
| [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | map(string)
| | {…}
|
-| [prefix](variables.tf#L34) | Arbitrary string used to prefix resource names. | string
| | null
|
-| [private_service_ranges](variables.tf#L40) | Private service IP CIDR ranges. | map(string)
| | {…}
|
-| [project_create](variables.tf#L48) | Set to non null if project needs to be created. | object({…})
| | null
|
-| [region](variables.tf#L71) | VPC region. | string
| | "europe-west1"
|
+| [private_service_ranges](variables.tf#L43) | Private service IP CIDR ranges. | map(string)
| | {…}
|
+| [project_create](variables.tf#L51) | Set to non null if project needs to be created. | object({…})
| | null
|
+| [region](variables.tf#L74) | VPC region. | string
| | "europe-west1"
|
## Outputs
diff --git a/blueprints/networking/hub-and-spoke-peering/main.tf b/blueprints/networking/hub-and-spoke-peering/main.tf
index 7fa8142e..de1c7661 100644
--- a/blueprints/networking/hub-and-spoke-peering/main.tf
+++ b/blueprints/networking/hub-and-spoke-peering/main.tf
@@ -13,7 +13,6 @@
# limitations under the License.
locals {
- prefix = var.prefix != null && var.prefix != "" ? "${var.prefix}-" : ""
vm-instances = [
module.vm-hub.instance,
module.vm-spoke-1.instance,
@@ -49,11 +48,11 @@ module "project" {
module "vpc-hub" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}hub"
+ name = "${var.prefix}-hub"
subnets = [
{
ip_cidr_range = var.ip_ranges.hub
- name = "${local.prefix}hub-1"
+ name = "${var.prefix}-hub-1"
region = var.region
}
]
@@ -63,8 +62,8 @@ module "nat-hub" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}hub"
- router_name = "${local.prefix}hub"
+ name = "${var.prefix}-hub"
+ router_name = "${var.prefix}-hub"
router_network = module.vpc-hub.self_link
}
@@ -84,11 +83,11 @@ module "vpc-hub-firewall" {
module "vpc-spoke-1" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}spoke-1"
+ name = "${var.prefix}-spoke-1"
subnets = [
{
ip_cidr_range = var.ip_ranges.spoke-1
- name = "${local.prefix}spoke-1-1"
+ name = "${var.prefix}-spoke-1-1"
region = var.region
}
]
@@ -107,8 +106,8 @@ module "nat-spoke-1" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}spoke-1"
- router_name = "${local.prefix}spoke-1"
+ name = "${var.prefix}-spoke-1"
+ router_name = "${var.prefix}-spoke-1"
router_network = module.vpc-spoke-1.self_link
}
@@ -127,11 +126,11 @@ module "hub-to-spoke-1-peering" {
module "vpc-spoke-2" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}spoke-2"
+ name = "${var.prefix}-spoke-2"
subnets = [
{
ip_cidr_range = var.ip_ranges.spoke-2
- name = "${local.prefix}spoke-2-1"
+ name = "${var.prefix}-spoke-2-1"
region = var.region
secondary_ip_ranges = {
pods = var.ip_secondary_ranges.spoke-2-pods
@@ -154,8 +153,8 @@ module "nat-spoke-2" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}spoke-2"
- router_name = "${local.prefix}spoke-2"
+ name = "${var.prefix}-spoke-2"
+ router_name = "${var.prefix}-spoke-2"
router_network = module.vpc-spoke-2.self_link
}
@@ -176,10 +175,10 @@ module "vm-hub" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = "${var.region}-b"
- name = "${local.prefix}hub"
+ name = "${var.prefix}-hub"
network_interfaces = [{
network = module.vpc-hub.self_link
- subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"]
+ subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${var.prefix}-hub-1"]
nat = false
addresses = null
}]
@@ -193,10 +192,10 @@ module "vm-spoke-1" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = "${var.region}-b"
- name = "${local.prefix}spoke-1"
+ name = "${var.prefix}-spoke-1"
network_interfaces = [{
network = module.vpc-spoke-1.self_link
- subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"]
+ subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${var.prefix}-spoke-1-1"]
nat = false
addresses = null
}]
@@ -210,10 +209,10 @@ module "vm-spoke-2" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = "${var.region}-b"
- name = "${local.prefix}spoke-2"
+ name = "${var.prefix}-spoke-2"
network_interfaces = [{
network = module.vpc-spoke-2.self_link
- subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"]
+ subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"]
nat = false
addresses = null
}]
@@ -226,7 +225,7 @@ module "vm-spoke-2" {
module "service-account-gce" {
source = "../../../modules/iam-service-account"
project_id = module.project.project_id
- name = "${local.prefix}gce-test"
+ name = "${var.prefix}-gce-test"
iam_project_roles = {
(var.project_id) = [
"roles/container.developer",
@@ -242,12 +241,12 @@ module "service-account-gce" {
module "cluster-1" {
source = "../../../modules/gke-cluster"
- name = "${local.prefix}cluster-1"
+ name = "${var.prefix}-cluster-1"
project_id = module.project.project_id
location = "${var.region}-b"
vpc_config = {
network = module.vpc-spoke-2.self_link
- subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"]
+ subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"]
master_authorized_ranges = {
for name, range in var.ip_ranges : name => range
}
@@ -269,7 +268,7 @@ module "cluster-1" {
module "cluster-1-nodepool-1" {
source = "../../../modules/gke-nodepool"
- name = "${local.prefix}nodepool-1"
+ name = "${var.prefix}-nodepool-1"
project_id = module.project.project_id
location = module.cluster-1.location
cluster_name = module.cluster-1.name
@@ -284,7 +283,7 @@ module "cluster-1-nodepool-1" {
module "service-account-gke-node" {
source = "../../../modules/iam-service-account"
project_id = module.project.project_id
- name = "${local.prefix}gke-node"
+ name = "${var.prefix}-gke-node"
iam_project_roles = {
(var.project_id) = [
"roles/logging.logWriter", "roles/monitoring.metricWriter",
@@ -301,7 +300,7 @@ module "vpn-hub" {
project_id = module.project.project_id
region = var.region
network = module.vpc-hub.name
- name = "${local.prefix}hub"
+ name = "${var.prefix}-hub"
remote_ranges = values(var.private_service_ranges)
tunnels = {
spoke-2 = {
@@ -318,7 +317,7 @@ module "vpn-spoke-2" {
project_id = module.project.project_id
region = var.region
network = module.vpc-spoke-2.name
- name = "${local.prefix}spoke-2"
+ name = "${var.prefix}-spoke-2"
# use an aggregate of the remote ranges, so as to be less specific than the
# routes exchanged via peering
remote_ranges = ["10.0.0.0/8"]
diff --git a/blueprints/networking/hub-and-spoke-peering/variables.tf b/blueprints/networking/hub-and-spoke-peering/variables.tf
index fdaf4e83..803b7396 100644
--- a/blueprints/networking/hub-and-spoke-peering/variables.tf
+++ b/blueprints/networking/hub-and-spoke-peering/variables.tf
@@ -32,9 +32,12 @@ variable "ip_secondary_ranges" {
}
variable "prefix" {
- description = "Arbitrary string used to prefix resource names."
+ description = "Prefix used for resource names."
type = string
- default = null
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "private_service_ranges" {
diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md
index 2ba3a86a..4f580ed8 100644
--- a/blueprints/networking/hub-and-spoke-vpn/README.md
+++ b/blueprints/networking/hub-and-spoke-vpn/README.md
@@ -85,13 +85,13 @@ ping test-r2.dev.example.com
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L49) | Project id for all resources. | string
| ✓ | |
+| [prefix](variables.tf#L34) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L52) | Project id for all resources. | string
| ✓ | |
| [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | map(string)
| | {…}
|
| [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | map(map(string))
| | {}
|
-| [prefix](variables.tf#L34) | Prefix used in resource names. | string
| | null
|
-| [project_create_config](variables.tf#L40) | Populate with billing account id to trigger project creation. | object({…})
| | null
|
-| [regions](variables.tf#L54) | VPC regions. | map(string)
| | {…}
|
-| [vpn_configs](variables.tf#L63) | VPN configurations. | map(object({…}))
| | {…}
|
+| [project_create_config](variables.tf#L43) | Populate with billing account id to trigger project creation. | object({…})
| | null
|
+| [regions](variables.tf#L57) | VPC regions. | map(string)
| | {…}
|
+| [vpn_configs](variables.tf#L66) | VPN configurations. | map(object({…}))
| | {…}
|
## Outputs
diff --git a/blueprints/networking/hub-and-spoke-vpn/main.tf b/blueprints/networking/hub-and-spoke-vpn/main.tf
index d3fbc899..8810a71d 100644
--- a/blueprints/networking/hub-and-spoke-vpn/main.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/main.tf
@@ -12,10 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-locals {
- prefix = var.prefix == null ? "" : "${var.prefix}-"
-}
-
# enable services in the project used
module "project" {
@@ -35,11 +31,11 @@ module "project" {
module "landing-r1-vm" {
source = "../../../modules/compute-vm"
project_id = var.project_id
- name = "${local.prefix}lnd-test-r1"
+ name = "${var.prefix}-lnd-test-r1"
zone = "${var.regions.r1}-b"
network_interfaces = [{
network = module.landing-vpc.self_link
- subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}lnd-0"]
+ subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-lnd-0"]
nat = false
addresses = null
}]
@@ -51,11 +47,11 @@ module "landing-r1-vm" {
module "prod-r1-vm" {
source = "../../../modules/compute-vm"
project_id = var.project_id
- name = "${local.prefix}prd-test-r1"
+ name = "${var.prefix}-prd-test-r1"
zone = "${var.regions.r1}-b"
network_interfaces = [{
network = module.prod-vpc.self_link
- subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}prd-0"]
+ subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-prd-0"]
nat = false
addresses = null
}]
@@ -67,11 +63,11 @@ module "prod-r1-vm" {
module "dev-r2-vm" {
source = "../../../modules/compute-vm"
project_id = var.project_id
- name = "${local.prefix}dev-test-r2"
+ name = "${var.prefix}-dev-test-r2"
zone = "${var.regions.r2}-b"
network_interfaces = [{
network = module.dev-vpc.self_link
- subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${local.prefix}dev-0"]
+ subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${var.prefix}-dev-0"]
nat = false
addresses = null
}]
diff --git a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf
index 736c742f..f7cf84db 100644
--- a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf
@@ -17,11 +17,11 @@
module "dev-vpc" {
source = "../../../modules/net-vpc"
project_id = var.project_id
- name = "${local.prefix}dev"
+ name = "${var.prefix}-dev"
subnets = [
{
ip_cidr_range = var.ip_ranges.dev-0-r1
- name = "${local.prefix}dev-0"
+ name = "${var.prefix}-dev-0"
region = var.regions.r1
secondary_ip_ranges = try(
var.ip_secondary_ranges.dev-0-r1, {}
@@ -29,7 +29,7 @@ module "dev-vpc" {
},
{
ip_cidr_range = var.ip_ranges.dev-0-r2
- name = "${local.prefix}dev-0"
+ name = "${var.prefix}-dev-0"
region = var.regions.r2
secondary_ip_ranges = try(
var.ip_secondary_ranges.dev-0-r2, {}
@@ -51,7 +51,7 @@ module "dev-dns-peering" {
source = "../../../modules/dns"
project_id = var.project_id
type = "peering"
- name = "${local.prefix}example-com-dev-peering"
+ name = "${var.prefix}-example-com-dev-peering"
domain = "example.com."
client_networks = [module.dev-vpc.self_link]
peer_network = module.landing-vpc.self_link
@@ -61,7 +61,7 @@ module "dev-dns-zone" {
source = "../../../modules/dns"
project_id = var.project_id
type = "private"
- name = "${local.prefix}dev-example-com"
+ name = "${var.prefix}-dev-example-com"
domain = "dev.example.com."
client_networks = [module.landing-vpc.self_link]
recordsets = {
diff --git a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf
index b385bfb1..31fdb856 100644
--- a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf
@@ -17,11 +17,11 @@
module "landing-vpc" {
source = "../../../modules/net-vpc"
project_id = var.project_id
- name = "${local.prefix}lnd"
+ name = "${var.prefix}-lnd"
subnets = [
{
ip_cidr_range = var.ip_ranges.land-0-r1
- name = "${local.prefix}lnd-0"
+ name = "${var.prefix}-lnd-0"
region = var.regions.r1
secondary_ip_ranges = try(
var.ip_secondary_ranges.land-0-r1, {}
@@ -29,7 +29,7 @@ module "landing-vpc" {
},
{
ip_cidr_range = var.ip_ranges.land-0-r2
- name = "${local.prefix}lnd-0"
+ name = "${var.prefix}-lnd-0"
region = var.regions.r2
secondary_ip_ranges = try(
var.ip_secondary_ranges.land-0-r2, {}
@@ -51,7 +51,7 @@ module "landing-dns-zone" {
source = "../../../modules/dns"
project_id = var.project_id
type = "private"
- name = "${local.prefix}example-com"
+ name = "${var.prefix}-example-com"
domain = "example.com."
client_networks = [module.landing-vpc.self_link]
recordsets = {
diff --git a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf
index ad58b585..ec326021 100644
--- a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf
@@ -17,11 +17,11 @@
module "prod-vpc" {
source = "../../../modules/net-vpc"
project_id = var.project_id
- name = "${local.prefix}prd"
+ name = "${var.prefix}-prd"
subnets = [
{
ip_cidr_range = var.ip_ranges.prod-0-r1
- name = "${local.prefix}prd-0"
+ name = "${var.prefix}-prd-0"
region = var.regions.r1
secondary_ip_ranges = try(
var.ip_secondary_ranges.prod-0-r1, {}
@@ -29,7 +29,7 @@ module "prod-vpc" {
},
{
ip_cidr_range = var.ip_ranges.prod-0-r2
- name = "${local.prefix}prd-0"
+ name = "${var.prefix}-prd-0"
region = var.regions.r2
secondary_ip_ranges = try(
var.ip_secondary_ranges.prod-0-r2, {}
@@ -51,7 +51,7 @@ module "prod-dns-peering" {
source = "../../../modules/dns"
project_id = var.project_id
type = "peering"
- name = "${local.prefix}example-com-prd-peering"
+ name = "${var.prefix}-example-com-prd-peering"
domain = "example.com."
client_networks = [module.prod-vpc.self_link]
peer_network = module.landing-vpc.self_link
@@ -61,7 +61,7 @@ module "prod-dns-zone" {
source = "../../../modules/dns"
project_id = var.project_id
type = "private"
- name = "${local.prefix}prd-example-com"
+ name = "${var.prefix}-prd-example-com"
domain = "prd.example.com."
client_networks = [module.landing-vpc.self_link]
recordsets = {
diff --git a/blueprints/networking/hub-and-spoke-vpn/variables.tf b/blueprints/networking/hub-and-spoke-vpn/variables.tf
index 98286e8e..90fbd359 100644
--- a/blueprints/networking/hub-and-spoke-vpn/variables.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/variables.tf
@@ -32,9 +32,12 @@ variable "ip_secondary_ranges" {
}
variable "prefix" {
- description = "Prefix used in resource names."
+ description = "Prefix used for resource names."
type = string
- default = null
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create_config" {
diff --git a/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf b/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf
index 238475aa..02b58e67 100644
--- a/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf
@@ -19,9 +19,9 @@ module "landing-to-dev-vpn-r1" {
project_id = var.project_id
network = module.landing-vpc.self_link
region = var.regions.r1
- name = "${local.prefix}lnd-to-dev-r1"
+ name = "${var.prefix}-lnd-to-dev-r1"
router_create = false
- router_name = "${local.prefix}lnd-vpn-r1"
+ router_name = "${var.prefix}-lnd-vpn-r1"
# router is created and managed by the production VPN module
# so we don't configure advertisements here
peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link
@@ -62,9 +62,9 @@ module "dev-to-landing-vpn-r1" {
project_id = var.project_id
network = module.dev-vpc.self_link
region = var.regions.r1
- name = "${local.prefix}dev-to-lnd-r1"
+ name = "${var.prefix}-dev-to-lnd-r1"
router_create = true
- router_name = "${local.prefix}dev-vpn-r1"
+ router_name = "${var.prefix}-dev-vpn-r1"
router_asn = var.vpn_configs.dev-r1.asn
router_advertise_config = (
var.vpn_configs.dev-r1.custom_ranges == null
diff --git a/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf b/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf
index 1c2e7028..dc964850 100644
--- a/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf
@@ -19,9 +19,9 @@ module "landing-to-prod-vpn-r1" {
project_id = var.project_id
network = module.landing-vpc.self_link
region = var.regions.r1
- name = "${local.prefix}lnd-to-prd-r1"
+ name = "${var.prefix}-lnd-to-prd-r1"
router_create = true
- router_name = "${local.prefix}lnd-vpn-r1"
+ router_name = "${var.prefix}-lnd-vpn-r1"
router_asn = var.vpn_configs.land-r1.asn
router_advertise_config = (
var.vpn_configs.land-r1.custom_ranges == null
@@ -68,9 +68,9 @@ module "prod-to-landing-vpn-r1" {
project_id = var.project_id
network = module.prod-vpc.self_link
region = var.regions.r1
- name = "${local.prefix}prd-to-lnd-r1"
+ name = "${var.prefix}-prd-to-lnd-r1"
router_create = true
- router_name = "${local.prefix}prd-vpn-r1"
+ router_name = "${var.prefix}-prd-vpn-r1"
router_asn = var.vpn_configs.prod-r1.asn
# the router is managed here but shared with the dev VPN
router_advertise_config = (
diff --git a/blueprints/networking/ilb-next-hop/README.md b/blueprints/networking/ilb-next-hop/README.md
index e55691eb..c3091558 100644
--- a/blueprints/networking/ilb-next-hop/README.md
+++ b/blueprints/networking/ilb-next-hop/README.md
@@ -65,14 +65,14 @@ A sample testing session using `tmux`:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L50) | Existing project id. | string
| ✓ | |
+| [prefix](variables.tf#L38) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L53) | Existing project id. | string
| ✓ | |
| [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | bool
| | false
|
| [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | string
| | "CLIENT_IP"
|
| [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | map(string)
| | {…}
|
-| [prefix](variables.tf#L38) | Prefix used for resource names. | string
| | "ilb-test"
|
-| [project_create](variables.tf#L44) | Create project instead of using an existing one. | bool
| | false
|
-| [region](variables.tf#L55) | Region used for resources. | string
| | "europe-west1"
|
-| [zones](variables.tf#L61) | Zone suffixes used for instances. | list(string)
| | ["b", "c"]
|
+| [project_create](variables.tf#L47) | Create project instead of using an existing one. | bool
| | false
|
+| [region](variables.tf#L58) | Region used for resources. | string
| | "europe-west1"
|
+| [zones](variables.tf#L64) | Zone suffixes used for instances. | list(string)
| | ["b", "c"]
|
## Outputs
diff --git a/blueprints/networking/ilb-next-hop/gateways.tf b/blueprints/networking/ilb-next-hop/gateways.tf
index df066484..3a1dcffb 100644
--- a/blueprints/networking/ilb-next-hop/gateways.tf
+++ b/blueprints/networking/ilb-next-hop/gateways.tf
@@ -19,7 +19,7 @@ module "gw" {
for_each = local.zones
project_id = module.project.project_id
zone = each.value
- name = "${local.prefix}gw-${each.key}"
+ name = "${var.prefix}-gw-${each.key}"
instance_type = "f1-micro"
boot_disk = {
@@ -51,7 +51,7 @@ module "gw" {
})
}
service_account = try(
- module.service-accounts.emails["${local.prefix}gce-vm"], null
+ module.service-accounts.emails["${var.prefix}-gce-vm"], null
)
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
group = { named_ports = null }
@@ -61,7 +61,7 @@ module "ilb-left" {
source = "../../../modules/net-ilb"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}ilb-left"
+ name = "${var.prefix}-ilb-left"
vpc_config = {
network = module.vpc-left.self_link
subnetwork = values(module.vpc-left.subnet_self_links)[0]
@@ -85,7 +85,7 @@ module "ilb-right" {
source = "../../../modules/net-ilb"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}ilb-right"
+ name = "${var.prefix}-ilb-right"
vpc_config = {
network = module.vpc-right.self_link
subnetwork = values(module.vpc-right.subnet_self_links)[0]
diff --git a/blueprints/networking/ilb-next-hop/main.tf b/blueprints/networking/ilb-next-hop/main.tf
index e6e0682e..0f7cfe0e 100644
--- a/blueprints/networking/ilb-next-hop/main.tf
+++ b/blueprints/networking/ilb-next-hop/main.tf
@@ -17,10 +17,9 @@
locals {
addresses = {
for k, v in module.addresses.internal_addresses :
- trimprefix(k, local.prefix) => v.address
+ trimprefix(k, "${var.prefix}-") => v.address
}
- prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-"
- zones = { for z in var.zones : z => "${var.region}-${z}" }
+ zones = { for z in var.zones : z => "${var.region}-${z}" }
}
module "project" {
@@ -36,7 +35,7 @@ module "project" {
module "service-accounts" {
source = "../../../modules/iam-service-account"
project_id = module.project.project_id
- name = "${local.prefix}gce-vm"
+ name = "${var.prefix}-gce-vm"
iam_project_roles = {
(var.project_id) = [
"roles/logging.logWriter",
@@ -49,11 +48,11 @@ module "addresses" {
source = "../../../modules/net-address"
project_id = module.project.project_id
internal_addresses = {
- "${local.prefix}ilb-left" = {
+ "${var.prefix}-ilb-left" = {
region = var.region,
subnetwork = values(module.vpc-left.subnet_self_links)[0]
},
- "${local.prefix}ilb-right" = {
+ "${var.prefix}-ilb-right" = {
region = var.region,
subnetwork = values(module.vpc-right.subnet_self_links)[0]
}
diff --git a/blueprints/networking/ilb-next-hop/outputs.tf b/blueprints/networking/ilb-next-hop/outputs.tf
index 17702e83..c00282ae 100644
--- a/blueprints/networking/ilb-next-hop/outputs.tf
+++ b/blueprints/networking/ilb-next-hop/outputs.tf
@@ -28,7 +28,7 @@ output "addresses" {
output "backend_health_left" {
description = "Command-line health status for left ILB backends."
value = <<-EOT
- gcloud compute backend-services get-health ${local.prefix}ilb-left \
+ gcloud compute backend-services get-health ${var.prefix}-ilb-left \
--region ${var.region} \
--flatten status.healthStatus \
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
@@ -38,7 +38,7 @@ output "backend_health_left" {
output "backend_health_right" {
description = "Command-line health status for right ILB backends."
value = <<-EOT
- gcloud compute backend-services get-health ${local.prefix}ilb-right \
+ gcloud compute backend-services get-health ${var.prefix}-ilb-right \
--region ${var.region} \
--flatten status.healthStatus \
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
diff --git a/blueprints/networking/ilb-next-hop/variables.tf b/blueprints/networking/ilb-next-hop/variables.tf
index 2450c4eb..51a7c03e 100644
--- a/blueprints/networking/ilb-next-hop/variables.tf
+++ b/blueprints/networking/ilb-next-hop/variables.tf
@@ -38,7 +38,10 @@ variable "ip_ranges" {
variable "prefix" {
description = "Prefix used for resource names."
type = string
- default = "ilb-test"
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
diff --git a/blueprints/networking/ilb-next-hop/vms.tf b/blueprints/networking/ilb-next-hop/vms.tf
index cdc36ed6..a71a60a0 100644
--- a/blueprints/networking/ilb-next-hop/vms.tf
+++ b/blueprints/networking/ilb-next-hop/vms.tf
@@ -27,7 +27,7 @@ module "vm-left" {
for_each = local.zones
project_id = module.project.project_id
zone = each.value
- name = "${local.prefix}vm-left-${each.key}"
+ name = "${var.prefix}-vm-left-${each.key}"
instance_type = "f1-micro"
network_interfaces = [
{
@@ -50,7 +50,7 @@ module "vm-right" {
for_each = local.zones
project_id = module.project.project_id
zone = each.value
- name = "${local.prefix}vm-right-${each.key}"
+ name = "${var.prefix}-vm-right-${each.key}"
instance_type = "f1-micro"
network_interfaces = [
{
diff --git a/blueprints/networking/ilb-next-hop/vpc-left.tf b/blueprints/networking/ilb-next-hop/vpc-left.tf
index f5df5234..4cc73159 100644
--- a/blueprints/networking/ilb-next-hop/vpc-left.tf
+++ b/blueprints/networking/ilb-next-hop/vpc-left.tf
@@ -17,11 +17,11 @@
module "vpc-left" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}left"
+ name = "${var.prefix}-left"
subnets = [
{
ip_cidr_range = var.ip_ranges.left
- name = "${local.prefix}left"
+ name = "${var.prefix}-left"
region = var.region
},
]
@@ -48,6 +48,6 @@ module "nat-left" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}left"
+ name = "${var.prefix}-left"
router_network = module.vpc-left.name
}
diff --git a/blueprints/networking/ilb-next-hop/vpc-right.tf b/blueprints/networking/ilb-next-hop/vpc-right.tf
index edd6941d..5483d34a 100644
--- a/blueprints/networking/ilb-next-hop/vpc-right.tf
+++ b/blueprints/networking/ilb-next-hop/vpc-right.tf
@@ -17,11 +17,11 @@
module "vpc-right" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}right"
+ name = "${var.prefix}-right"
subnets = [
{
ip_cidr_range = var.ip_ranges.right
- name = "${local.prefix}right"
+ name = "${var.prefix}-right"
region = var.region
},
]
@@ -59,6 +59,6 @@ module "nat-right" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = "${local.prefix}right"
+ name = "${var.prefix}-right"
router_network = module.vpc-right.name
}
diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/README.md b/blueprints/networking/nginx-reverse-proxy-cluster/README.md
index b8436283..6e469a8d 100644
--- a/blueprints/networking/nginx-reverse-proxy-cluster/README.md
+++ b/blueprints/networking/nginx-reverse-proxy-cluster/README.md
@@ -11,27 +11,26 @@ The example is for Nginx, but it could be easily adapted to any other reverse pr
## Ops Agent image
There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [autoscaling_metric](variables.tf#L31) | | object({…}
| ✓ | |
-| [project_name](variables.tf#L108) | Name of an existing project or of the new project | string
| ✓ | |
+| [autoscaling_metric](variables.tf#L31) | Definition of metric to use for scaling. | object({…}
| ✓ | |
+| [prefix](variables.tf#L94) | Prefix used for resource names. | string
| ✓ | |
+| [project_name](variables.tf#L112) | Name of an existing project or of the new project. | string
| ✓ | |
| [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | object({…})
| | {…}
|
-| [backends](variables.tf#L49) | Nginx locations configurations to proxy traffic to. | string
| | "<<-EOT…EOT"
|
-| [cidrs](variables.tf#L61) | Subnet IP CIDR ranges. | map(string)
| | {…}
|
-| [network](variables.tf#L69) | Network name. | string
| | "reverse-proxy-vpc"
|
-| [network_create](variables.tf#L75) | Create network or use existing one. | bool
| | true
|
-| [nginx_image](variables.tf#L81) | Nginx container image to use. | string
| | "gcr.io/cloud-marketplace/google/nginx1:latest"
|
-| [ops_agent_image](variables.tf#L87) | Google Cloud Ops Agent container image to use. | string
| | "gcr.io/sfans-hub-project-d647/ops-agent:latest"
|
-| [prefix](variables.tf#L93) | Prefix used for resources that need unique names. | string
| | ""
|
-| [project_create](variables.tf#L99) | Parameters for the creation of the new project | object({…})
| | null
|
-| [region](variables.tf#L113) | Default region for resources. | string
| | "europe-west4"
|
-| [subnetwork](variables.tf#L119) | Subnetwork name. | string
| | "gce"
|
-| [tls](variables.tf#L125) | Also offer reverse proxying with TLS (self-signed certificate). | bool
| | false
|
+| [backends](variables.tf#L50) | Nginx locations configurations to proxy traffic to. | string
| | "<<-EOT…EOT"
|
+| [cidrs](variables.tf#L62) | Subnet IP CIDR ranges. | map(string)
| | {…}
|
+| [network](variables.tf#L70) | Network name. | string
| | "reverse-proxy-vpc"
|
+| [network_create](variables.tf#L76) | Create network or use existing one. | bool
| | true
|
+| [nginx_image](variables.tf#L82) | Nginx container image to use. | string
| | "gcr.io/cloud-marketplace/google/nginx1:latest"
|
+| [ops_agent_image](variables.tf#L88) | Google Cloud Ops Agent container image to use. | string
| | "gcr.io/sfans-hub-project-d647/ops-agent:latest"
|
+| [project_create](variables.tf#L103) | Parameters for the creation of the new project. | object({…})
| | null
|
+| [region](variables.tf#L117) | Default region for resources. | string
| | "europe-west4"
|
+| [subnetwork](variables.tf#L123) | Subnetwork name. | string
| | "gce"
|
+| [tls](variables.tf#L129) | Also offer reverse proxying with TLS (self-signed certificate). | bool
| | false
|
## Outputs
diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf
index 6b06cf27..50f5374f 100644
--- a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf
+++ b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf
@@ -161,7 +161,7 @@ module "firewall" {
project_id = module.project.project_id
network = module.vpc.name
ingress_rules = {
- format("%sallow-http-to-proxy-cluster", var.prefix) = {
+ "${var.prefix}-allow-http-to-proxy-cluster" = {
description = "Allow Nginx HTTP(S) ingress traffic"
source_ranges = [
var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22"
@@ -170,7 +170,7 @@ module "firewall" {
use_service_accounts = true
rules = [{ protocol = "tcp", ports = [80, 443] }]
}
- format("%sallow-iap-ssh", var.prefix) = {
+ "${var.prefix}-allow-iap-ssh" = {
description = "Allow Nginx SSH traffic from IAP"
source_ranges = ["35.235.240.0/20"]
targets = [module.service-account-proxy.email]
@@ -184,7 +184,7 @@ module "nat" {
source = "../../../modules/net-cloudnat"
project_id = module.project.project_id
region = var.region
- name = format("%snat", var.prefix)
+ name = "${var.prefix}-nat"
router_network = module.vpc.name
config_source_subnets = "LIST_OF_SUBNETWORKS"
@@ -207,7 +207,7 @@ module "nat" {
module "service-account-proxy" {
source = "../../../modules/iam-service-account"
project_id = module.project.project_id
- name = format("%sreverse-proxy", var.prefix)
+ name = "${var.prefix}-reverse-proxy"
iam_project_roles = {
(module.project.project_id) = [
"roles/logging.logWriter",
@@ -241,7 +241,7 @@ module "mig-proxy" {
project_id = module.project.project_id
location = var.region
regional = true
- name = format("%sproxy-cluster", var.prefix)
+ name = "${var.prefix}-proxy-cluster"
named_ports = {
http = "80"
https = "443"
@@ -313,11 +313,11 @@ module "proxy-vm" {
module "xlb" {
source = "../../../modules/net-glb"
- name = format("%sreverse-proxy-xlb", var.prefix)
+ name = "${var.prefix}-reverse-proxy-xlb"
project_id = module.project.project_id
reserve_ip_address = true
health_checks_config = {
- format("%sreverse-proxy-hc", var.prefix) = {
+ "${var.prefix}-reverse-proxy-hc" = {
type = "http"
logging = false
options = {
@@ -334,7 +334,7 @@ module "xlb" {
}
}
backend_services_config = {
- format("%sreverse-proxy-backend", var.prefix) = {
+ "${var.prefix}-reverse-proxy-backend" = {
bucket_config = null
enable_cdn = false
cdn_config = null
@@ -345,7 +345,7 @@ module "xlb" {
options = null
}
]
- health_checks = [format("%sreverse-proxy-hc", var.prefix)]
+ health_checks = ["${var.prefix}-reverse-proxy-hc"]
log_config = null
options = {
affinity_cookie_ttl_sec = null
diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf
index e4409424..286bbcbe 100644
--- a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf
+++ b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf
@@ -29,6 +29,7 @@ variable "autoscaling" {
}
variable "autoscaling_metric" {
+ description = "Definition of metric to use for scaling."
type = object({
name = string
single_instance_assignment = number
@@ -91,13 +92,16 @@ variable "ops_agent_image" {
}
variable "prefix" {
- description = "Prefix used for resources that need unique names."
+ description = "Prefix used for resource names."
type = string
- default = ""
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "project_create" {
- description = "Parameters for the creation of the new project"
+ description = "Parameters for the creation of the new project."
type = object({
billing_account_id = string
parent = string
@@ -106,7 +110,7 @@ variable "project_create" {
}
variable "project_name" {
- description = "Name of an existing project or of the new project"
+ description = "Name of an existing project or of the new project."
type = string
}
@@ -127,4 +131,3 @@ variable "tls" {
type = bool
default = false
}
-
diff --git a/blueprints/networking/psc-hybrid/README.md b/blueprints/networking/psc-hybrid/README.md
index c697e68a..579c9ff4 100644
--- a/blueprints/networking/psc-hybrid/README.md
+++ b/blueprints/networking/psc-hybrid/README.md
@@ -41,15 +41,15 @@ Before applying this Terraform
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | string
| ✓ | |
-| [prefix](variables.tf#L28) | Prefix to use for resource names. | string
| ✓ | |
-| [producer](variables.tf#L33) | Producer configuration. | object({…})
| ✓ | |
-| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | string
| ✓ | |
-| [region](variables.tf#L54) | Region where resources will be created. | string
| ✓ | |
-| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | string # CIDR
| ✓ | |
-| [zone](variables.tf#L98) | Zone where resources will be created. | string
| ✓ | |
+| [prefix](variables.tf#L28) | Prefix used for resource names. | string
| ✓ | |
+| [producer](variables.tf#L37) | Producer configuration. | object({…})
| ✓ | |
+| [project_id](variables.tf#L53) | When referncing existing projects, the id of the project where resources will be created. | string
| ✓ | |
+| [region](variables.tf#L58) | Region where resources will be created. | string
| ✓ | |
+| [subnet_consumer](variables.tf#L63) | Consumer subnet CIDR. | string # CIDR
| ✓ | |
+| [zone](variables.tf#L102) | Zone where resources will be created. | string
| ✓ | |
| [dest_port](variables.tf#L22) | On-prem service destination port. | string
| | "80"
|
-| [project_create](variables.tf#L43) | Whether to automatically create a project. | bool
| | false
|
-| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | object({…})
| | {…}
|
-| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | bool
| | true
|
+| [project_create](variables.tf#L47) | Whether to automatically create a project. | bool
| | false
|
+| [vpc_config](variables.tf#L68) | VPC and subnet ids, in case existing VPCs are used. | object({…})
| | {…}
|
+| [vpc_create](variables.tf#L96) | Whether to automatically create VPCs. | bool
| | true
|
diff --git a/blueprints/networking/psc-hybrid/main.tf b/blueprints/networking/psc-hybrid/main.tf
index 21d297f0..39be8c92 100644
--- a/blueprints/networking/psc-hybrid/main.tf
+++ b/blueprints/networking/psc-hybrid/main.tf
@@ -15,7 +15,6 @@
*/
locals {
- prefix = coalesce(var.prefix, "") == "" ? "" : "${var.prefix}-"
project_id = (
var.project_create
? module.project.project_id
@@ -66,7 +65,7 @@ module "project" {
module "vpc_producer" {
source = "../../../modules/net-vpc"
project_id = local.project_id
- name = "${local.prefix}producer"
+ name = "${var.prefix}-producer"
subnets = [
{
ip_cidr_range = var.producer["subnet_main"]
@@ -78,7 +77,7 @@ module "vpc_producer" {
subnets_proxy_only = [
{
ip_cidr_range = var.producer["subnet_proxy"]
- name = "${local.prefix}proxy"
+ name = "${var.prefix}-proxy"
region = var.region
active = true
}
@@ -86,7 +85,7 @@ module "vpc_producer" {
subnets_psc = [
{
ip_cidr_range = var.producer["subnet_psc"]
- name = "${local.prefix}psc"
+ name = "${var.prefix}-psc"
region = var.region
}
]
@@ -95,7 +94,7 @@ module "vpc_producer" {
module "psc_producer" {
source = "./psc-producer"
project_id = local.project_id
- name = var.prefix
+ name = "${var.prefix}-producer"
dest_ip_address = var.dest_ip_address
dest_port = var.dest_port
network = local.vpc_producer_id
@@ -114,11 +113,11 @@ module "psc_producer" {
module "vpc_consumer" {
source = "../../../modules/net-vpc"
project_id = local.project_id
- name = "${local.prefix}consumer"
+ name = "${var.prefix}-consumer"
subnets = [
{
ip_cidr_range = var.subnet_consumer
- name = "${local.prefix}consumer"
+ name = "${var.prefix}-consumer"
region = var.region
secondary_ip_range = {}
}
@@ -128,7 +127,7 @@ module "vpc_consumer" {
module "psc_consumer" {
source = "./psc-consumer"
project_id = local.project_id
- name = "${local.prefix}consumer"
+ name = "${var.prefix}-consumer"
region = var.region
network = local.vpc_consumer_id
subnet = local.vpc_consumer_main
diff --git a/blueprints/networking/psc-hybrid/variables.tf b/blueprints/networking/psc-hybrid/variables.tf
index 1d38692d..d5d818a8 100644
--- a/blueprints/networking/psc-hybrid/variables.tf
+++ b/blueprints/networking/psc-hybrid/variables.tf
@@ -26,8 +26,12 @@ variable "dest_port" {
}
variable "prefix" {
- description = "Prefix to use for resource names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "producer" {
diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md
index 933a7384..858518bd 100644
--- a/blueprints/networking/shared-vpc-gke/README.md
+++ b/blueprints/networking/shared-vpc-gke/README.md
@@ -48,17 +48,17 @@ There's a minor glitch that can surface running `terraform destroy`, where the s
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string
| ✓ | |
-| [prefix](variables.tf#L62) | Prefix used for resources that need unique names. | string
| ✓ | |
-| [root_node](variables.tf#L90) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string
| ✓ | |
+| [prefix](variables.tf#L62) | Prefix used for resource names. | string
| ✓ | |
+| [root_node](variables.tf#L94) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string
| ✓ | |
| [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | bool
| | true
|
| [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | map(string)
| | {…}
|
| [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | map(string)
| | {…}
|
| [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | list(string)
| | []
|
| [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | list(string)
| | []
|
| [owners_host](variables.tf#L56) | Host project owners, in IAM format. | list(string)
| | []
|
-| [private_service_ranges](variables.tf#L67) | Private service IP CIDR ranges. | map(string)
| | {…}
|
-| [project_services](variables.tf#L75) | Service APIs enabled by default in new projects. | list(string)
| | […]
|
-| [region](variables.tf#L84) | Region used. | string
| | "europe-west1"
|
+| [private_service_ranges](variables.tf#L71) | Private service IP CIDR ranges. | map(string)
| | {…}
|
+| [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | list(string)
| | […]
|
+| [region](variables.tf#L88) | Region used. | string
| | "europe-west1"
|
## Outputs
diff --git a/blueprints/networking/shared-vpc-gke/variables.tf b/blueprints/networking/shared-vpc-gke/variables.tf
index daa1d72d..96ccfb0c 100644
--- a/blueprints/networking/shared-vpc-gke/variables.tf
+++ b/blueprints/networking/shared-vpc-gke/variables.tf
@@ -60,8 +60,12 @@ variable "owners_host" {
}
variable "prefix" {
- description = "Prefix used for resources that need unique names."
+ description = "Prefix used for resource names."
type = string
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "private_service_ranges" {
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/README.md b/blueprints/third-party-solutions/wordpress/cloudrun/README.md
index 4ca10796..0ffcc395 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/README.md
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/README.md
@@ -121,27 +121,27 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L78) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
-| [wordpress_image](variables.tf#L89) | Image to run with Cloud Run, starts with \"gcr.io\" | string
| ✓ | |
-| [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone) | string
| | "allUsers"
|
-| [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default) | string
| | null
|
-| [connector](variables.tf#L30) | Existing VPC serverless connector to use if not creating a new one | string
| | null
|
-| [create_connector](variables.tf#L36) | Should a VPC serverless connector be created or not | bool
| | true
|
-| [ip_ranges](variables.tf#L43) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC | object({…})
| | {…}
|
-| [prefix](variables.tf#L57) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string
| | ""
|
-| [principals](variables.tf#L63) | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string)
| | []
|
-| [project_create](variables.tf#L69) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
-| [region](variables.tf#L83) | Region for the created resources | string
| | "europe-west4"
|
-| [wordpress_password](variables.tf#L94) | Password for the Wordpress user (will be randomly generated by default) | string
| | null
|
-| [wordpress_port](variables.tf#L100) | Port for the Wordpress image | number
| | 8080
|
+| [prefix](variables.tf#L57) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L81) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
+| [wordpress_image](variables.tf#L92) | Image to run with Cloud Run, starts with \"gcr.io\". | string
| ✓ | |
+| [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone). | string
| | "allUsers"
|
+| [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default). | string
| | null
|
+| [connector](variables.tf#L30) | Existing VPC serverless connector to use if not creating a new one. | string
| | null
|
+| [create_connector](variables.tf#L36) | Should a VPC serverless connector be created or not. | bool
| | true
|
+| [ip_ranges](variables.tf#L43) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | object({…})
| | {…}
|
+| [principals](variables.tf#L66) | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string)
| | []
|
+| [project_create](variables.tf#L72) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
+| [region](variables.tf#L86) | Region for the created resources. | string
| | "europe-west4"
|
+| [wordpress_password](variables.tf#L97) | Password for the Wordpress user (will be randomly generated by default). | string
| | null
|
+| [wordpress_port](variables.tf#L103) | Port for the Wordpress image. | number
| | 8080
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
-| [cloud_run_service](outputs.tf#L17) | CloudRun service URL | ✓ |
-| [cloudsql_password](outputs.tf#L23) | CloudSQL password | ✓ |
-| [wp_password](outputs.tf#L29) | Wordpress user password | ✓ |
-| [wp_user](outputs.tf#L35) | Wordpress username | |
+| [cloud_run_service](outputs.tf#L17) | CloudRun service URL. | ✓ |
+| [cloudsql_password](outputs.tf#L23) | CloudSQL password. | ✓ |
+| [wp_password](outputs.tf#L29) | Wordpress user password. | ✓ |
+| [wp_user](outputs.tf#L35) | Wordpress username. | |
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
index 0841d69b..39f40286 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
@@ -23,7 +23,7 @@ resource "random_password" "cloudsql_password" {
module "vpc" {
source = "../../../../modules/net-vpc"
project_id = module.project.project_id
- name = "${local.prefix}sql-vpc"
+ name = "${var.prefix}-sql-vpc"
subnets = [
{
ip_cidr_range = var.ip_ranges.sql_vpc
@@ -43,7 +43,7 @@ module "vpc" {
resource "google_vpc_access_connector" "connector" {
count = var.create_connector ? 1 : 0
project = module.project.project_id
- name = "${local.prefix}wp-connector"
+ name = "${var.prefix}-wp-connector"
region = var.region
ip_cidr_range = var.ip_ranges.connector
network = module.vpc.self_link
@@ -55,7 +55,7 @@ module "cloudsql" {
source = "../../../../modules/cloudsql-instance"
project_id = module.project.project_id
network = module.vpc.self_link
- name = "${local.prefix}mysql"
+ name = "${var.prefix}-mysql"
region = var.region
database_version = local.cloudsql_conf.database_version
tier = local.cloudsql_conf.tier
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf
index 009dc4ae..04027790 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf
@@ -34,7 +34,6 @@ locals {
"roles/iam.serviceAccountTokenCreator" = local.all_principals_iam
}
connector = var.connector == null ? google_vpc_access_connector.connector.0.self_link : var.connector
- prefix = var.prefix == null ? "" : "${var.prefix}-"
wp_user = "user"
wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password
}
@@ -71,7 +70,7 @@ resource "random_password" "wp_password" {
module "cloud_run" {
source = "../../../../modules/cloud-run"
project_id = module.project.project_id
- name = "${local.prefix}cr-wordpress"
+ name = "${var.prefix}-cr-wordpress"
region = var.region
containers = [{
@@ -117,4 +116,4 @@ module "cloud_run" {
vpcaccess_connector = local.connector
}
ingress_settings = "all"
-}
\ No newline at end of file
+}
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf b/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf
index 3216f79e..b08642c7 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf
@@ -15,24 +15,24 @@
*/
output "cloud_run_service" {
- description = "CloudRun service URL"
+ description = "CloudRun service URL."
value = module.cloud_run.service.status[0].url
sensitive = true
}
output "cloudsql_password" {
- description = "CloudSQL password"
+ description = "CloudSQL password."
value = var.cloudsql_password == null ? module.cloudsql.user_passwords[local.cloudsql_conf.user] : var.cloudsql_password
sensitive = true
}
output "wp_password" {
- description = "Wordpress user password"
+ description = "Wordpress user password."
value = local.wp_pass
sensitive = true
}
output "wp_user" {
- description = "Wordpress username"
+ description = "Wordpress username."
value = local.wp_user
}
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
index 426ffe76..abb00d2d 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
@@ -17,31 +17,31 @@
# Documentation: https://cloud.google.com/run/docs/securing/managing-access#making_a_service_public
variable "cloud_run_invoker" {
type = string
- description = "IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone)"
+ description = "IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone)."
default = "allUsers"
}
variable "cloudsql_password" {
type = string
- description = "CloudSQL password (will be randomly generated by default)"
+ description = "CloudSQL password (will be randomly generated by default)."
default = null
}
variable "connector" {
type = string
- description = "Existing VPC serverless connector to use if not creating a new one"
+ description = "Existing VPC serverless connector to use if not creating a new one."
default = null
}
variable "create_connector" {
type = bool
- description = "Should a VPC serverless connector be created or not"
+ description = "Should a VPC serverless connector be created or not."
default = true
}
# PSA: documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
variable "ip_ranges" {
- description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC"
+ description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC."
type = object({
connector = string
psa = string
@@ -55,9 +55,12 @@ variable "ip_ranges" {
}
variable "prefix" {
- description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
+ description = "Prefix used for resource names."
type = string
- default = ""
+ validation {
+ condition = var.prefix != ""
+ error_message = "Prefix cannot be empty."
+ }
}
variable "principals" {
@@ -82,23 +85,23 @@ variable "project_id" {
variable "region" {
type = string
- description = "Region for the created resources"
+ description = "Region for the created resources."
default = "europe-west4"
}
variable "wordpress_image" {
type = string
- description = "Image to run with Cloud Run, starts with \"gcr.io\""
+ description = "Image to run with Cloud Run, starts with \"gcr.io\"."
}
variable "wordpress_password" {
type = string
- description = "Password for the Wordpress user (will be randomly generated by default)"
+ description = "Password for the Wordpress user (will be randomly generated by default)."
default = null
}
variable "wordpress_port" {
type = number
- description = "Port for the Wordpress image"
+ description = "Port for the Wordpress image."
default = 8080
}
diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md
index ec1b025a..cf4bfd51 100644
--- a/fast/stages/00-bootstrap/README.md
+++ b/fast/stages/00-bootstrap/README.md
@@ -415,7 +415,7 @@ The `type` attribute can be set to one of the supported repository types: `githu
Once the stage is applied the generated output files will contain pre-configured workflow files for each repository, that will use Workload Identity Federation via a dedicated service account for each repository to impersonate the automation service account for the stage.
-You can use Terraform to automate creation of the repositories using the `00-cicd` stage.
+You can use Terraform to automate creation of the repositories using the extra stage defined in [fast/extras/00-cicd-github](../../extras/00-cicd-github/) (only for Github for now).
The remaining configuration is manual, as it regards the repositories themselves:
@@ -477,7 +477,7 @@ The remaining configuration is manual, as it regards the repositories themselves
| [iam_additive](variables.tf#L152) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | map(list(string))
| | {}
| |
| [locations](variables.tf#L158) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…})
| | {…}
| |
| [log_sinks](variables.tf#L177) | Org-level log sinks, in name => {type, filter} format. | map(object({…}))
| | {…}
| |
-| [outputs_location](variables.tf#L211) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | string
| | null
| |
+| [outputs_location](variables.tf#L211) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string
| | null
| |
| [project_parent_ids](variables.tf#L227) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | object({…})
| | {…}
| |
## Outputs
diff --git a/fast/stages/00-bootstrap/variables.tf b/fast/stages/00-bootstrap/variables.tf
index 62d28abf..0b9f37c2 100644
--- a/fast/stages/00-bootstrap/variables.tf
+++ b/fast/stages/00-bootstrap/variables.tf
@@ -209,7 +209,7 @@ variable "organization" {
}
variable "outputs_location" {
- description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable"
+ description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable."
type = string
default = null
}
diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md
index 449fa614..56772816 100644
--- a/fast/stages/01-resman/README.md
+++ b/fast/stages/01-resman/README.md
@@ -191,7 +191,7 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
| [groups](variables.tf#L164) | Group names to grant organization-level permissions. | map(string)
| | {…}
| 00-bootstrap
|
| [locations](variables.tf#L179) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…})
| | {…}
| 00-bootstrap
|
| [organization_policy_configs](variables.tf#L207) | Organization policies customization. | object({…})
| | null
| |
-| [outputs_location](variables.tf#L215) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | string
| | null
| |
+| [outputs_location](variables.tf#L215) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string
| | null
| |
| [tag_names](variables.tf#L232) | Customized names for resource management tags. | object({…})
| | {…}
| |
| [team_folders](variables.tf#L249) | Team folders to be created. Format is described in a code comment. | map(object({…}))
| | null
| |
diff --git a/fast/stages/01-resman/variables.tf b/fast/stages/01-resman/variables.tf
index 6de9a7fa..8b6f866b 100644
--- a/fast/stages/01-resman/variables.tf
+++ b/fast/stages/01-resman/variables.tf
@@ -213,7 +213,7 @@ variable "organization_policy_configs" {
}
variable "outputs_location" {
- description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable"
+ description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable."
type = string
default = null
}
diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md
index a8c9d956..a72519b5 100644
--- a/fast/stages/02-networking-nva/README.md
+++ b/fast/stages/02-networking-nva/README.md
@@ -379,7 +379,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [custom_adv](variables.tf#L34) | Custom advertisement definitions in name => range format. | map(string)
| | {…}
| |
| [custom_roles](variables.tf#L56) | Custom roles defined at the org level, in key => id format. | object({…})
| | null
| 00-bootstrap
|
| [data_dir](variables.tf#L65) | Relative path for the folder storing configuration data for network resources. | string
| | "data"
| |
-| [dns](variables.tf#L71) | Onprem DNS resolvers | map(list(string))
| | {…}
| |
+| [dns](variables.tf#L71) | Onprem DNS resolvers. | map(list(string))
| | {…}
| |
| [l7ilb_subnets](variables.tf#L89) | Subnets used for L7 ILBs. | map(list(object({…})))
| | {…}
| |
| [onprem_cidr](variables.tf#L107) | Onprem addresses in name => range format. | map(string)
| | {…}
| |
| [outputs_location](variables.tf#L125) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string
| | null
| |
diff --git a/fast/stages/02-networking-nva/variables.tf b/fast/stages/02-networking-nva/variables.tf
index 1d94ec03..90f76676 100644
--- a/fast/stages/02-networking-nva/variables.tf
+++ b/fast/stages/02-networking-nva/variables.tf
@@ -69,7 +69,7 @@ variable "data_dir" {
}
variable "dns" {
- description = "Onprem DNS resolvers"
+ description = "Onprem DNS resolvers."
type = map(list(string))
default = {
onprem = ["10.0.200.3"]
diff --git a/fast/stages/03-data-platform/dev/README.md b/fast/stages/03-data-platform/dev/README.md
index d987a5e1..12db8d29 100644
--- a/fast/stages/03-data-platform/dev/README.md
+++ b/fast/stages/03-data-platform/dev/README.md
@@ -168,22 +168,22 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|---|---|:---:|:---:|:---:|:---:|
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | object({…})
| ✓ | | 00-bootstrap
|
| [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | object({…})
| ✓ | | 00-globals
|
-| [folder_ids](variables.tf#L64) | Folder to be used for the networking resources in folders/nnnn format. | object({…})
| ✓ | | 01-resman
|
-| [host_project_ids](variables.tf#L82) | Shared VPC project ids. | object({…})
| ✓ | | 02-networking
|
-| [organization](variables.tf#L114) | Organization details. | object({…})
| ✓ | | 00-globals
|
-| [prefix](variables.tf#L130) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string
| ✓ | | 00-globals
|
-| [composer_config](variables.tf#L34) | | object({…})
| | {…}
| |
-| [data_catalog_tags](variables.tf#L47) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string)))
| | {…}
| |
-| [data_force_destroy](variables.tf#L58) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool
| | false
| |
-| [groups](variables.tf#L72) | Groups. | map(string)
| | {…}
| |
-| [location](variables.tf#L90) | Location used for multi-regional resources. | string
| | "eu"
| |
-| [network_config_composer](variables.tf#L96) | Network configurations to use for Composer. | object({…})
| | {…}
| |
-| [outputs_location](variables.tf#L124) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string
| | null
| |
-| [project_services](variables.tf#L136) | List of core services enabled on all projects. | list(string)
| | […]
| |
-| [region](variables.tf#L147) | Region used for regional resources. | string
| | "europe-west1"
| |
-| [service_encryption_keys](variables.tf#L153) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…})
| | null
| |
-| [subnet_self_links](variables.tf#L165) | Shared VPC subnet self links. | object({…})
| | null
| 02-networking
|
-| [vpc_self_links](variables.tf#L174) | Shared VPC self links. | object({…})
| | null
| 02-networking
|
+| [folder_ids](variables.tf#L65) | Folder to be used for the networking resources in folders/nnnn format. | object({…})
| ✓ | | 01-resman
|
+| [host_project_ids](variables.tf#L83) | Shared VPC project ids. | object({…})
| ✓ | | 02-networking
|
+| [organization](variables.tf#L115) | Organization details. | object({…})
| ✓ | | 00-globals
|
+| [prefix](variables.tf#L131) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string
| ✓ | | 00-globals
|
+| [composer_config](variables.tf#L34) | Cloud Composer configuration options. | object({…})
| | {…}
| |
+| [data_catalog_tags](variables.tf#L48) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string)))
| | {…}
| |
+| [data_force_destroy](variables.tf#L59) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool
| | false
| |
+| [groups](variables.tf#L73) | Groups. | map(string)
| | {…}
| |
+| [location](variables.tf#L91) | Location used for multi-regional resources. | string
| | "eu"
| |
+| [network_config_composer](variables.tf#L97) | Network configurations to use for Composer. | object({…})
| | {…}
| |
+| [outputs_location](variables.tf#L125) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string
| | null
| |
+| [project_services](variables.tf#L137) | List of core services enabled on all projects. | list(string)
| | […]
| |
+| [region](variables.tf#L148) | Region used for regional resources. | string
| | "europe-west1"
| |
+| [service_encryption_keys](variables.tf#L154) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…})
| | null
| |
+| [subnet_self_links](variables.tf#L166) | Shared VPC subnet self links. | object({…})
| | null
| 02-networking
|
+| [vpc_self_links](variables.tf#L175) | Shared VPC self links. | object({…})
| | null
| 02-networking
|
## Outputs
diff --git a/fast/stages/03-data-platform/dev/variables.tf b/fast/stages/03-data-platform/dev/variables.tf
index 19c998fe..9495316a 100644
--- a/fast/stages/03-data-platform/dev/variables.tf
+++ b/fast/stages/03-data-platform/dev/variables.tf
@@ -32,6 +32,7 @@ variable "billing_account" {
}
variable "composer_config" {
+ description = "Cloud Composer configuration options."
type = object({
node_count = number
airflow_version = string
diff --git a/modules/api-gateway/README.md b/modules/api-gateway/README.md
index 62424657..7c15f581 100644
--- a/modules/api-gateway/README.md
+++ b/modules/api-gateway/README.md
@@ -64,12 +64,12 @@ module "gateway" {
|---|---|:---:|:---:|:---:|
| [api_id](variables.tf#L17) | API identifier. | string
| ✓ | |
| [project_id](variables.tf#L34) | Project identifier. | string
| ✓ | |
-| [region](variables.tf#L39) | Region | string
| ✓ | |
+| [region](variables.tf#L39) | Region. | string
| ✓ | |
| [spec](variables.tf#L56) | String with the contents of the OpenAPI spec. | string
| ✓ | |
| [iam](variables.tf#L22) | IAM bindings for the API in {ROLE => [MEMBERS]} format. | map(list(string))
| | null
|
| [labels](variables.tf#L28) | Map of labels. | map(string)
| | null
|
-| [service_account_create](variables.tf#L44) | Flag indicating whether a service account needs to be created | bool
| | false
|
-| [service_account_email](variables.tf#L50) | Service account for creating API configs | string
| | null
|
+| [service_account_create](variables.tf#L44) | Flag indicating whether a service account needs to be created. | bool
| | false
|
+| [service_account_email](variables.tf#L50) | Service account for creating API configs. | string
| | null
|
## Outputs
diff --git a/modules/api-gateway/variables.tf b/modules/api-gateway/variables.tf
index 96259198..ef5bd41d 100644
--- a/modules/api-gateway/variables.tf
+++ b/modules/api-gateway/variables.tf
@@ -37,18 +37,18 @@ variable "project_id" {
}
variable "region" {
- description = "Region"
+ description = "Region."
type = string
}
variable "service_account_create" {
- description = "Flag indicating whether a service account needs to be created"
+ description = "Flag indicating whether a service account needs to be created."
type = bool
default = false
}
variable "service_account_email" {
- description = "Service account for creating API configs"
+ description = "Service account for creating API configs."
type = string
default = null
}
diff --git a/modules/apigee/README.md b/modules/apigee/README.md
index d521e871..eb2f9a34 100644
--- a/modules/apigee/README.md
+++ b/modules/apigee/README.md
@@ -1,6 +1,6 @@
# Apigee
-This module simplifies the creation of a Apigee resources (organization, environment groups, environment group attachments, environments, instances and instance attachments).
+This module simplifies the creation of a Apigee resources (organization, environment groups, environment group attachments, environments, instances and instance attachments).
## Example
@@ -44,10 +44,10 @@ module "apigee" {
environments = ["apis-test"]
psa_ip_cidr_range = "10.0.4.0/22"
}
- instance-prod-ew1 = {
- region = "europe-west1"
+ instance-prod-ew3 = {
+ region = "europe-west3"
environments = ["apis-prod"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ psa_ip_cidr_range = "10.0.5.0/22"
}
}
}
@@ -153,7 +153,7 @@ module "apigee" {
|---|---|:---:|
| [envgroups](outputs.tf#L17) | Environment groups. | |
| [environments](outputs.tf#L22) | Environment. | |
-| [instances](outputs.tf#L27) | Instances | |
+| [instances](outputs.tf#L27) | Instances. | |
| [org_id](outputs.tf#L32) | Organization ID. | |
| [org_name](outputs.tf#L37) | Organization name. | |
| [organization](outputs.tf#L42) | Organization. | |
diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf
index 5d043f18..a5e70388 100644
--- a/modules/apigee/outputs.tf
+++ b/modules/apigee/outputs.tf
@@ -25,7 +25,7 @@ output "environments" {
}
output "instances" {
- description = "Instances"
+ description = "Instances."
value = try(google_apigee_instance.instances, null)
}
diff --git a/modules/bigtable-instance/README.md b/modules/bigtable-instance/README.md
index 2bd96d2f..1e9ade9c 100644
--- a/modules/bigtable-instance/README.md
+++ b/modules/bigtable-instance/README.md
@@ -6,10 +6,12 @@ This module allows managing a single BigTable instance, including access configu
- [ ] support bigtable_gc_policy
- [ ] support bigtable_app_profile
+- [ ] support cluster replicas
+- [ ] support IAM for tables
## Examples
-### Simple instance with access configuration
+### Instance with access configuration
```hcl
@@ -32,24 +34,84 @@ module "bigtable-instance" {
}
# tftest modules=1 resources=4
```
+
+### Instance with static number of nodes
+
+If you are not using autoscaling settings, you must set a specific number of nodes with the variable `num_nodes`.
+
+```hcl
+
+module "bigtable-instance" {
+ source = "./fabric/modules/bigtable-instance"
+ project_id = "my-project"
+ name = "instance"
+ cluster_id = "instance"
+ zone = "europe-west1-b"
+ num_nodes = 5
+}
+# tftest modules=1 resources=1
+```
+
+### Instance with autoscaling (based on CPU only)
+
+If you use autoscaling, you should not set the variable `num_nodes`.
+
+```hcl
+
+module "bigtable-instance" {
+ source = "./fabric/modules/bigtable-instance"
+ project_id = "my-project"
+ name = "instance"
+ cluster_id = "instance"
+ zone = "europe-southwest1-b"
+ autoscaling_config = {
+ min_nodes = 3
+ max_nodes = 7
+ cpu_target = 70
+ }
+}
+# tftest modules=1 resources=1
+```
+
+### Instance with autoscaling (based on CPU and/or storage)
+
+```hcl
+
+module "bigtable-instance" {
+ source = "./fabric/modules/bigtable-instance"
+ project_id = "my-project"
+ name = "instance"
+ cluster_id = "instance"
+ zone = "europe-southwest1-a"
+ storage_type = "SSD"
+ autoscaling_config = {
+ min_nodes = 3
+ max_nodes = 7
+ cpu_target = 70
+ storage_target = 4096
+ }
+}
+# tftest modules=1 resources=1
+```
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [name](variables.tf#L45) | The name of the Cloud Bigtable instance. | string
| ✓ | |
-| [project_id](variables.tf#L56) | Id of the project where datasets will be created. | string
| ✓ | |
-| [zone](variables.tf#L88) | The zone to create the Cloud Bigtable cluster in. | string
| ✓ | |
-| [cluster_id](variables.tf#L17) | The ID of the Cloud Bigtable cluster. | string
| | "europe-west1"
|
-| [deletion_protection](variables.tf#L23) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. |
| | true
|
-| [display_name](variables.tf#L28) | The human-readable display name of the Bigtable instance. |
| | null
|
-| [iam](variables.tf#L33) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
-| [instance_type](variables.tf#L39) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string
| | null
|
-| [num_nodes](variables.tf#L50) | The number of nodes in your Cloud Bigtable cluster. | number
| | 1
|
-| [storage_type](variables.tf#L61) | The storage type to use. | string
| | "SSD"
|
-| [table_options_defaults](variables.tf#L67) | Default option of tables created in the BigTable instance. | object({…})
| | {…}
|
-| [tables](variables.tf#L79) | Tables to be created in the BigTable instance, options can be null. | map(object({…}))
| | {}
|
+| [name](variables.tf#L56) | The name of the Cloud Bigtable instance. | string
| ✓ | |
+| [project_id](variables.tf#L67) | Id of the project where datasets will be created. | string
| ✓ | |
+| [zone](variables.tf#L99) | The zone to create the Cloud Bigtable cluster in. | string
| ✓ | |
+| [autoscaling_config](variables.tf#L17) | Settings for autoscaling of the instance. If you set this variable, the variable num_nodes is ignored. | object({…})
| | null
|
+| [cluster_id](variables.tf#L28) | The ID of the Cloud Bigtable cluster. | string
| | "europe-west1"
|
+| [deletion_protection](variables.tf#L34) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. |
| | true
|
+| [display_name](variables.tf#L39) | The human-readable display name of the Bigtable instance. |
| | null
|
+| [iam](variables.tf#L44) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
+| [instance_type](variables.tf#L50) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string
| | null
|
+| [num_nodes](variables.tf#L61) | The number of nodes in your Cloud Bigtable cluster. This value is ignored if you are using autoscaling. | number
| | 1
|
+| [storage_type](variables.tf#L72) | The storage type to use. | string
| | "SSD"
|
+| [table_options_defaults](variables.tf#L78) | Default option of tables created in the BigTable instance. | object({…})
| | {…}
|
+| [tables](variables.tf#L90) | Tables to be created in the BigTable instance, options can be null. | map(object({…}))
| | {}
|
## Outputs
diff --git a/modules/bigtable-instance/main.tf b/modules/bigtable-instance/main.tf
index 49423d94..b5764c34 100644
--- a/modules/bigtable-instance/main.tf
+++ b/modules/bigtable-instance/main.tf
@@ -18,6 +18,7 @@ locals {
tables = {
for k, v in var.tables : k => v != null ? v : var.table_options_defaults
}
+ num_nodes = var.autoscaling_config == null ? var.num_nodes : null
}
resource "google_bigtable_instance" "default" {
@@ -27,6 +28,16 @@ resource "google_bigtable_instance" "default" {
cluster_id = var.cluster_id
zone = var.zone
storage_type = var.storage_type
+ num_nodes = local.num_nodes
+ dynamic "autoscaling_config" {
+ for_each = var.autoscaling_config == null ? [] : [""]
+ content {
+ min_nodes = var.autoscaling_config.min_nodes
+ max_nodes = var.autoscaling_config.max_nodes
+ cpu_target = var.autoscaling_config.cpu_target
+ storage_target = var.autoscaling_config.storage_target
+ }
+ }
}
instance_type = var.instance_type
@@ -56,8 +67,4 @@ resource "google_bigtable_table" "default" {
family = each.value.column_family
}
}
-
- # lifecycle {
- # prevent_destroy = true
- # }
}
diff --git a/modules/bigtable-instance/variables.tf b/modules/bigtable-instance/variables.tf
index d98cfab5..84a6013b 100644
--- a/modules/bigtable-instance/variables.tf
+++ b/modules/bigtable-instance/variables.tf
@@ -14,6 +14,17 @@
* limitations under the License.
*/
+variable "autoscaling_config" {
+ description = "Settings for autoscaling of the instance. If you set this variable, the variable num_nodes is ignored."
+ type = object({
+ min_nodes = number
+ max_nodes = number
+ cpu_target = number,
+ storage_target = optional(number, null)
+ })
+ default = null
+}
+
variable "cluster_id" {
description = "The ID of the Cloud Bigtable cluster."
type = string
@@ -48,7 +59,7 @@ variable "name" {
}
variable "num_nodes" {
- description = "The number of nodes in your Cloud Bigtable cluster."
+ description = "The number of nodes in your Cloud Bigtable cluster. This value is ignored if you are using autoscaling."
type = number
default = 1
}
diff --git a/modules/binauthz/README.md b/modules/binauthz/README.md
index 7d8a0b30..fa0cd71b 100644
--- a/modules/binauthz/README.md
+++ b/modules/binauthz/README.md
@@ -62,10 +62,10 @@ module "binauthz" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L68) | Project ID. | string
| ✓ | |
-| [admission_whitelist_patterns](variables.tf#L17) | An image name pattern to allowlist | list(string)
| | null
|
-| [attestors_config](variables.tf#L23) | Attestors configuration | map(object({…}))
| | null
|
-| [cluster_admission_rules](variables.tf#L38) | Admission rules | map(object({…}))
| | null
|
-| [default_admission_rule](variables.tf#L48) | Default admission rule | object({…})
| | {…}
|
+| [admission_whitelist_patterns](variables.tf#L17) | An image name pattern to allowlist. | list(string)
| | null
|
+| [attestors_config](variables.tf#L23) | Attestors configuration. | map(object({…}))
| | null
|
+| [cluster_admission_rules](variables.tf#L38) | Admission rules. | map(object({…}))
| | null
|
+| [default_admission_rule](variables.tf#L48) | Default admission rule. | object({…})
| | {…}
|
| [global_policy_evaluation_mode](variables.tf#L62) | Global policy evaluation mode. | string
| | null
|
## Outputs
@@ -73,7 +73,7 @@ module "binauthz" {
| name | description | sensitive |
|---|---|:---:|
| [attestors](outputs.tf#L17) | Attestors. | |
-| [id](outputs.tf#L25) | Binary Authorization policy ID | |
+| [id](outputs.tf#L25) | Binary Authorization policy ID. | |
| [notes](outputs.tf#L30) | Notes. | |
diff --git a/modules/binauthz/outputs.tf b/modules/binauthz/outputs.tf
index 9273e52d..6a1d7c6d 100644
--- a/modules/binauthz/outputs.tf
+++ b/modules/binauthz/outputs.tf
@@ -23,7 +23,7 @@ output "attestors" {
}
output "id" {
- description = "Binary Authorization policy ID"
+ description = "Binary Authorization policy ID."
value = google_binary_authorization_policy.policy.id
}
diff --git a/modules/binauthz/variables.tf b/modules/binauthz/variables.tf
index 9ba38c4b..6d21083b 100644
--- a/modules/binauthz/variables.tf
+++ b/modules/binauthz/variables.tf
@@ -15,13 +15,13 @@
*/
variable "admission_whitelist_patterns" {
- description = "An image name pattern to allowlist"
+ description = "An image name pattern to allowlist."
type = list(string)
default = null
}
variable "attestors_config" {
- description = "Attestors configuration"
+ description = "Attestors configuration."
type = map(object({
note_reference = string
iam = map(list(string))
@@ -36,7 +36,7 @@ variable "attestors_config" {
}
variable "cluster_admission_rules" {
- description = "Admission rules"
+ description = "Admission rules."
type = map(object({
evaluation_mode = string
enforcement_mode = string
@@ -46,7 +46,7 @@ variable "cluster_admission_rules" {
}
variable "default_admission_rule" {
- description = "Default admission rule"
+ description = "Default admission rule."
type = object({
evaluation_mode = string
enforcement_mode = string
diff --git a/modules/cloud-function/README.md b/modules/cloud-function/README.md
index b813a364..75ef3719 100644
--- a/modules/cloud-function/README.md
+++ b/modules/cloud-function/README.md
@@ -230,10 +230,10 @@ module "cf-http" {
| [name](variables.tf#L94) | Name used for cloud function and associated resources. | string
| ✓ | |
| [project_id](variables.tf#L109) | Project id used for all resources. | string
| ✓ | |
| [bucket_config](variables.tf#L17) | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({…})
| | null
|
-| [build_worker_pool](variables.tf#L31) | Build worker pool, in projects//locations//workerPools/ format | string
| | null
|
+| [build_worker_pool](variables.tf#L31) | Build worker pool, in projects//locations//workerPools/ format. | string
| | null
|
| [description](variables.tf#L46) | Optional description. | string
| | "Terraform managed."
|
| [environment_variables](variables.tf#L52) | Cloud function environment variables. | map(string)
| | {}
|
-| [function_config](variables.tf#L58) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout | object({…})
| | {…}
|
+| [function_config](variables.tf#L58) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | object({…})
| | {…}
|
| [iam](variables.tf#L76) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
| [ingress_settings](variables.tf#L82) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | string
| | null
|
| [labels](variables.tf#L88) | Resource labels. | map(string)
| | {}
|
diff --git a/modules/cloud-function/variables.tf b/modules/cloud-function/variables.tf
index 528a594f..97a6217a 100644
--- a/modules/cloud-function/variables.tf
+++ b/modules/cloud-function/variables.tf
@@ -29,7 +29,7 @@ variable "bucket_name" {
}
variable "build_worker_pool" {
- description = "Build worker pool, in projects//locations//workerPools/ format"
+ description = "Build worker pool, in projects//locations//workerPools/ format."
type = string
default = null
}
@@ -56,7 +56,7 @@ variable "environment_variables" {
}
variable "function_config" {
- description = "Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout"
+ description = "Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout."
type = object({
entry_point = optional(string, "main")
instance_count = optional(number, 1)
diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md
index 2ef627ab..a902f545 100644
--- a/modules/cloudsql-instance/README.md
+++ b/modules/cloudsql-instance/README.md
@@ -165,7 +165,7 @@ module "db" {
| [labels](variables.tf#L96) | Labels to be attached to all instances. | map(string)
| | null
|
| [prefix](variables.tf#L112) | Optional prefix used to generate instance names. | string
| | null
|
| [replicas](variables.tf#L132) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…}))
| | {}
|
-| [root_password](variables.tf#L141) | Root password of the Cloud SQL instance. Required for MS SQL Server | string
| | null
|
+| [root_password](variables.tf#L141) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string
| | null
|
| [users](variables.tf#L152) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string)
| | null
|
## Outputs
diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf
index 8b0adbba..04bff546 100644
--- a/modules/cloudsql-instance/variables.tf
+++ b/modules/cloudsql-instance/variables.tf
@@ -139,7 +139,7 @@ variable "replicas" {
}
variable "root_password" {
- description = "Root password of the Cloud SQL instance. Required for MS SQL Server"
+ description = "Root password of the Cloud SQL instance. Required for MS SQL Server."
type = string
default = null
}
diff --git a/modules/folder/logging.tf b/modules/folder/logging.tf
index 6351194a..2b5a73ff 100644
--- a/modules/folder/logging.tf
+++ b/modules/folder/logging.tf
@@ -38,7 +38,7 @@ resource "google_logging_folder_sink" "sink" {
disabled = each.value.disabled
dynamic "bigquery_options" {
- for_each = each.value.bq_partitioned_table != null ? [""] : []
+ for_each = each.value.type == "biquery" && each.value.bq_partitioned_table != false ? [""] : []
content {
use_partitioned_tables = each.value.bq_partitioned_table
}
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index bc94dd37..f4b86bf6 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -48,7 +48,18 @@ resource "google_container_cluster" "cluster" {
enable_autopilot = var.enable_features.autopilot ? true : null
# the default nodepool is deleted here, use the gke-nodepool module instead
- # node_config {}
+ # default nodepool configuration based on a shielded_nodes variable
+ node_config {
+ dynamic "shielded_instance_config" {
+ for_each = var.enable_features.shielded_nodes ? [""] : []
+ content {
+ enable_secure_boot = true
+ enable_integrity_monitoring = true
+ }
+ }
+ }
+
+
addons_config {
dynamic "dns_cache_config" {
@@ -131,7 +142,7 @@ resource "google_container_cluster" "cluster" {
dynamic "resource_limits" {
for_each = var.cluster_autoscaling.mem_limits != null ? [""] : []
content {
- resource_type = "cpu"
+ resource_type = "memory"
minimum = var.cluster_autoscaling.mem_limits.min
maximum = var.cluster_autoscaling.mem_limits.max
}
diff --git a/modules/gke-hub/README.md b/modules/gke-hub/README.md
index 17069180..9fe47344 100644
--- a/modules/gke-hub/README.md
+++ b/modules/gke-hub/README.md
@@ -297,7 +297,6 @@ module "hub" {
# tftest modules=8 resources=28
```
-
## Variables
@@ -315,6 +314,6 @@ module "hub" {
| name | description | sensitive |
|---|---|:---:|
-| [cluster_ids](outputs.tf#L17) | | |
+| [cluster_ids](outputs.tf#L17) | Ids of all the clusters created. | |
diff --git a/modules/gke-hub/outputs.tf b/modules/gke-hub/outputs.tf
index 5d2abf15..b4fd3462 100644
--- a/modules/gke-hub/outputs.tf
+++ b/modules/gke-hub/outputs.tf
@@ -15,6 +15,7 @@
*/
output "cluster_ids" {
+ description = "Ids of all the clusters created."
value = {
for k, v in google_gke_hub_membership.default : k => v.id
}
diff --git a/modules/net-ilb-l7/README.md b/modules/net-ilb-l7/README.md
index d7847fdb..969a4da4 100644
--- a/modules/net-ilb-l7/README.md
+++ b/modules/net-ilb-l7/README.md
@@ -574,11 +574,7 @@ module "ilb-l7" {
| [backend-service.tf](./backend-service.tf) | Backend service resources. | google_compute_region_backend_service
|
| [health-check.tf](./health-check.tf) | Health check resource. | google_compute_health_check
|
| [main.tf](./main.tf) | Module-level locals and resources. | google_compute_forwarding_rule
· google_compute_instance_group
· google_compute_network_endpoint
· google_compute_network_endpoint_group
· google_compute_region_network_endpoint_group
· google_compute_region_ssl_certificate
· google_compute_region_target_http_proxy
· google_compute_region_target_https_proxy
|
-| [outputs.tf](./outputs.tf) | Module outputs. |
- value = google_compute_forwarding_rule.default
-}
-
-output
|
+| [outputs.tf](./outputs.tf) | Module outputs. | |
| [urlmap.tf](./urlmap.tf) | URL map resources. | google_compute_region_url_map
|
| [variables-backend-service.tf](./variables-backend-service.tf) | Backend services variables. | |
| [variables-health-check.tf](./variables-health-check.tf) | Health check variable. | |
@@ -615,7 +611,7 @@ output |
|---|---|:---:|
| [address](outputs.tf#L17) | Forwarding rule address. | |
| [backend_service_ids](outputs.tf#L22) | Backend service resources. | |
-| [forwarding_rule](outputs.tf#L29) | Forwarding rule resource | |
+| [forwarding_rule](outputs.tf#L29) | Forwarding rule resource. | |
| [group_ids](outputs.tf#L34) | Autogenerated instance group ids. | |
| [health_check_ids](outputs.tf#L41) | Autogenerated health check ids. | |
| [neg_ids](outputs.tf#L48) | Autogenerated network endpoint group ids. | |
diff --git a/modules/net-ilb-l7/outputs.tf b/modules/net-ilb-l7/outputs.tf
index d505ebd8..9082dfec 100644
--- a/modules/net-ilb-l7/outputs.tf
+++ b/modules/net-ilb-l7/outputs.tf
@@ -27,7 +27,7 @@ output "backend_service_ids" {
}
output "forwarding_rule" {
- description = "Forwarding rule resource"
+ description = "Forwarding rule resource."
value = google_compute_forwarding_rule.default
}
diff --git a/modules/organization/README.md b/modules/organization/README.md
index 31dc3de0..2e24c91b 100644
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@@ -471,10 +471,10 @@ module "org" {
| [firewall_policies](outputs.tf#L35) | Map of firewall policy resources created in the organization. | |
| [firewall_policy_id](outputs.tf#L40) | Map of firewall policy ids created in the organization. | |
| [network_tag_keys](outputs.tf#L45) | Tag key resources. | |
-| [network_tag_values](outputs.tf#L52) | Tag value resources. | |
-| [organization_id](outputs.tf#L60) | Organization id dependent on module resources. | |
-| [sink_writer_identities](outputs.tf#L77) | Writer identities created for each sink. | |
-| [tag_keys](outputs.tf#L85) | Tag key resources. | |
-| [tag_values](outputs.tf#L92) | Tag value resources. | |
+| [network_tag_values](outputs.tf#L54) | Tag value resources. | |
+| [organization_id](outputs.tf#L65) | Organization id dependent on module resources. | |
+| [sink_writer_identities](outputs.tf#L82) | Writer identities created for each sink. | |
+| [tag_keys](outputs.tf#L90) | Tag key resources. | |
+| [tag_values](outputs.tf#L99) | Tag value resources. | |
diff --git a/modules/organization/logging.tf b/modules/organization/logging.tf
index a4f90ef5..e78a2c4d 100644
--- a/modules/organization/logging.tf
+++ b/modules/organization/logging.tf
@@ -37,7 +37,7 @@ resource "google_logging_organization_sink" "sink" {
disabled = each.value.disabled
dynamic "bigquery_options" {
- for_each = each.value.bq_partitioned_table != null ? [""] : []
+ for_each = each.value.type == "biquery" && each.value.bq_partitioned_table != null ? [""] : []
content {
use_partitioned_tables = each.value.bq_partitioned_table
}
diff --git a/modules/organization/outputs.tf b/modules/organization/outputs.tf
index 3617bafb..40d84b47 100644
--- a/modules/organization/outputs.tf
+++ b/modules/organization/outputs.tf
@@ -45,7 +45,9 @@ output "firewall_policy_id" {
output "network_tag_keys" {
description = "Tag key resources."
value = {
- for k, v in google_tags_tag_key.default : k => v if v.purpose != null
+ for k, v in google_tags_tag_key.default : k => v if(
+ v.purpose != null && v.purpose != ""
+ )
}
}
@@ -53,7 +55,10 @@ output "network_tag_values" {
description = "Tag value resources."
value = {
for k, v in google_tags_tag_value.default
- : k => v if google_tags_tag_key.default[split("/", k)[0]].purpose != null
+ : k => v if(
+ google_tags_tag_key.default[split("/", k)[0]].purpose != null &&
+ google_tags_tag_key.default[split("/", k)[0]].purpose != ""
+ )
}
}
@@ -85,7 +90,9 @@ output "sink_writer_identities" {
output "tag_keys" {
description = "Tag key resources."
value = {
- for k, v in google_tags_tag_key.default : k => v if v.purpose == null
+ for k, v in google_tags_tag_key.default : k => v if(
+ v.purpose == null || v.purpose == ""
+ )
}
}
@@ -93,6 +100,9 @@ output "tag_values" {
description = "Tag value resources."
value = {
for k, v in google_tags_tag_value.default
- : k => v if google_tags_tag_key.default[split("/", k)[0]].purpose == null
+ : k => v if(
+ google_tags_tag_key.default[split("/", k)[0]].purpose == null ||
+ google_tags_tag_key.default[split("/", k)[0]].purpose == ""
+ )
}
}
diff --git a/modules/project/logging.tf b/modules/project/logging.tf
index bc1b1e8b..1db60dca 100644
--- a/modules/project/logging.tf
+++ b/modules/project/logging.tf
@@ -37,7 +37,7 @@ resource "google_logging_project_sink" "sink" {
disabled = each.value.disabled
dynamic "bigquery_options" {
- for_each = each.value.bq_partitioned_table != null ? [""] : []
+ for_each = each.value.type == "biquery" && each.value.bq_partitioned_table != null ? [""] : []
content {
use_partitioned_tables = each.value.bq_partitioned_table
}
diff --git a/tests/blueprints/cloud_operations/adfs/fixture/main.tf b/tests/blueprints/cloud_operations/adfs/fixture/main.tf
index 5571377f..ac5a4133 100644
--- a/tests/blueprints/cloud_operations/adfs/fixture/main.tf
+++ b/tests/blueprints/cloud_operations/adfs/fixture/main.tf
@@ -16,6 +16,7 @@
module "test" {
source = "../../../../../blueprints/cloud-operations/adfs"
+ prefix = var.prefix
project_create = var.project_create
project_id = var.project_id
ad_dns_domain_name = var.ad_dns_domain_name
diff --git a/tests/blueprints/cloud_operations/adfs/fixture/variables.tf b/tests/blueprints/cloud_operations/adfs/fixture/variables.tf
index a48a77e2..bce726b1 100644
--- a/tests/blueprints/cloud_operations/adfs/fixture/variables.tf
+++ b/tests/blueprints/cloud_operations/adfs/fixture/variables.tf
@@ -41,7 +41,7 @@ variable "project_id" {
variable "prefix" {
type = string
- default = null
+ default = "test"
}
variable "network_config" {
diff --git a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf
index 6cdb9754..78ae4281 100644
--- a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf
+++ b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf
@@ -18,6 +18,7 @@ module "test" {
source = "../../../../../blueprints/cloud-operations/dns-shared-vpc"
billing_account_id = "111111-222222-333333"
folder_id = "folders/1234567890"
+ prefix = var.prefix
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
teams = var.teams
}
diff --git a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf
index c6eeb83e..dd34e4d5 100644
--- a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf
+++ b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf
@@ -12,6 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "prefix" {
+ type = string
+ default = "test"
+}
+
variable "teams" {
type = list(string)
default = ["team1", "team2"]
diff --git a/tests/blueprints/data_solutions/data_playground/test_plan.py b/tests/blueprints/data_solutions/data_playground/test_plan.py
index 2653c7ea..a0c3b5e6 100644
--- a/tests/blueprints/data_solutions/data_playground/test_plan.py
+++ b/tests/blueprints/data_solutions/data_playground/test_plan.py
@@ -22,4 +22,4 @@ def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner(FIXTURES_DIR)
assert len(modules) == 7
- assert len(resources) == 35
+ assert len(resources) == 37
diff --git a/tests/blueprints/factories/project_factory/fixture/defaults.yaml b/tests/blueprints/factories/project_factory/fixture/defaults.yaml
index dc5b1616..61837818 100644
--- a/tests/blueprints/factories/project_factory/fixture/defaults.yaml
+++ b/tests/blueprints/factories/project_factory/fixture/defaults.yaml
@@ -22,3 +22,4 @@ labels:
# [opt] Additional notification channels for billing
notification_channels: []
+prefix: test
diff --git a/tests/blueprints/factories/project_factory/fixture/main.tf b/tests/blueprints/factories/project_factory/fixture/main.tf
index 3d1360f5..ae686b93 100644
--- a/tests/blueprints/factories/project_factory/fixture/main.tf
+++ b/tests/blueprints/factories/project_factory/fixture/main.tf
@@ -44,6 +44,7 @@ module "projects" {
kms_service_agents = try(each.value.kms, {})
labels = try(each.value.labels, {})
org_policies = try(each.value.org_policies, null)
+ prefix = each.value.prefix
service_accounts = try(each.value.service_accounts, {})
services = try(each.value.services, [])
service_identities_iam = try(each.value.service_identities_iam, {})
diff --git a/tests/blueprints/factories/project_factory/fixture/projects/project.yaml b/tests/blueprints/factories/project_factory/fixture/projects/project.yaml
index b9d0d85a..a1581984 100644
--- a/tests/blueprints/factories/project_factory/fixture/projects/project.yaml
+++ b/tests/blueprints/factories/project_factory/fixture/projects/project.yaml
@@ -58,6 +58,9 @@ org_policies:
values:
- projects/fast-prod-iac-core-0
+# [opt] Prefix - overrides default if set
+prefix: test1
+
# [opt] Service account to create for the project and their roles on the project
# in name => [roles] format
service_accounts:
diff --git a/tests/blueprints/gke/binauthz/fixture/main.tf b/tests/blueprints/gke/binauthz/fixture/main.tf
index eefdacc8..23e1504b 100644
--- a/tests/blueprints/gke/binauthz/fixture/main.tf
+++ b/tests/blueprints/gke/binauthz/fixture/main.tf
@@ -16,6 +16,7 @@
module "test" {
source = "../../../../../blueprints/gke/binauthz"
+ prefix = var.prefix
project_create = var.project_create
project_id = var.project_id
}
diff --git a/tests/blueprints/gke/binauthz/fixture/variables.tf b/tests/blueprints/gke/binauthz/fixture/variables.tf
index 3f5490d5..8a09c75e 100644
--- a/tests/blueprints/gke/binauthz/fixture/variables.tf
+++ b/tests/blueprints/gke/binauthz/fixture/variables.tf
@@ -27,3 +27,8 @@ variable "project_id" {
type = string
default = "my-project"
}
+
+variable "prefix" {
+ type = string
+ default = "test"
+}
diff --git a/tests/blueprints/networking/glb_and_armor/fixture/main.tf b/tests/blueprints/networking/glb_and_armor/fixture/main.tf
index 155677b2..2a5a7077 100644
--- a/tests/blueprints/networking/glb_and_armor/fixture/main.tf
+++ b/tests/blueprints/networking/glb_and_armor/fixture/main.tf
@@ -14,6 +14,7 @@
module "test" {
source = "../../../../../blueprints/networking/glb-and-armor"
+ prefix = var.prefix
project_create = var.project_create
project_id = var.project_id
enforce_security_policy = var.enforce_security_policy
diff --git a/tests/blueprints/networking/glb_and_armor/fixture/variables.tf b/tests/blueprints/networking/glb_and_armor/fixture/variables.tf
index d6e3c90d..41090c1c 100644
--- a/tests/blueprints/networking/glb_and_armor/fixture/variables.tf
+++ b/tests/blueprints/networking/glb_and_armor/fixture/variables.tf
@@ -12,6 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "prefix" {
+ type = string
+ default = "test"
+}
+
variable "project_create" {
type = object({
billing_account_id = string
diff --git a/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf b/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf
index 009a26f9..c5b105e6 100644
--- a/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf
+++ b/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf
@@ -16,6 +16,7 @@
module "test" {
source = "../../../../../blueprints/networking/hub-and-spoke-peering"
+ prefix = var.prefix
project_create = {
billing_account = "123456-123456-123456"
oslogin = true
diff --git a/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf b/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf
index 626af011..b67795f9 100644
--- a/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf
+++ b/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf
@@ -12,6 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "prefix" {
+ type = string
+ default = "test"
+}
+
variable "project_id" {
type = string
default = "project-1"
diff --git a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf
index 17da8aa0..37558c71 100644
--- a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf
+++ b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf
@@ -16,9 +16,10 @@
module "test" {
source = "../../../../../blueprints/networking/hub-and-spoke-vpn"
+ prefix = var.prefix
project_create_config = {
billing_account_id = "ABCDE-123456-ABCDE"
parent_id = null
}
- project_id = "test-1"
+ project_id = var.project_id
}
diff --git a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf
new file mode 100644
index 00000000..b67795f9
--- /dev/null
+++ b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf
@@ -0,0 +1,23 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "prefix" {
+ type = string
+ default = "test"
+}
+
+variable "project_id" {
+ type = string
+ default = "project-1"
+}
diff --git a/tests/blueprints/networking/ilb_next_hop/fixture/main.tf b/tests/blueprints/networking/ilb_next_hop/fixture/main.tf
index 68a148c2..acaad22a 100644
--- a/tests/blueprints/networking/ilb_next_hop/fixture/main.tf
+++ b/tests/blueprints/networking/ilb_next_hop/fixture/main.tf
@@ -16,6 +16,7 @@
module "test" {
source = "../../../../../blueprints/networking/ilb-next-hop"
+ prefix = var.prefix
project_create = var.project_create
project_id = var.project_id
}
diff --git a/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf b/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf
index 3d884c25..4eede179 100644
--- a/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf
+++ b/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf
@@ -12,6 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "prefix" {
+ type = string
+ default = "test"
+}
+
variable "project_create" {
type = bool
default = true
diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf
index 35f7b06c..1924ac40 100644
--- a/tests/examples/variables.tf
+++ b/tests/examples/variables.tf
@@ -36,6 +36,10 @@ variable "folder_id" {
default = "folders/1122334455"
}
+variable "prefix" {
+ default = "test"
+}
+
variable "project_id" {
default = "project-id"
}
diff --git a/tests/modules/apigee/fixture/test.all.tfvars b/tests/modules/apigee/fixture/test.all.tfvars
index 633604f8..b0e25b92 100644
--- a/tests/modules/apigee/fixture/test.all.tfvars
+++ b/tests/modules/apigee/fixture/test.all.tfvars
@@ -33,9 +33,9 @@ instances = {
environments = ["apis-test"]
psa_ip_cidr_range = "10.0.4.0/22"
}
- instance-prod-ew1 = {
- region = "europe-west1"
+ instance-prod-ew3 = {
+ region = "europe-west3"
environments = ["apis-prod"]
- psa_ip_cidr_range = "10.0.4.0/22"
+ psa_ip_cidr_range = "10.0.5.0/22"
}
}
diff --git a/tools/check_documentation.py b/tools/check_documentation.py
index 3733f128..30e76571 100755
--- a/tools/check_documentation.py
+++ b/tools/check_documentation.py
@@ -37,6 +37,10 @@ class State(enum.IntEnum):
FAIL_STALE_README = enum.auto()
FAIL_UNSORTED_VARS = enum.auto()
FAIL_UNSORTED_OUTPUTS = enum.auto()
+ FAIL_VARIABLE_PERIOD = enum.auto()
+ FAIL_OUTPUT_PERIOD = enum.auto()
+ FAIL_VARIABLE_DESCRIPTION = enum.auto()
+ FAIL_OUTPUT_DESCRIPTION = enum.auto()
@property
def failed(self):
@@ -48,8 +52,12 @@ class State(enum.IntEnum):
State.SKIP: ' ',
State.OK: '✓ ',
State.FAIL_STALE_README: '✗R',
- State.FAIL_UNSORTED_VARS: '✗V',
- State.FAIL_UNSORTED_OUTPUTS: '✗O',
+ State.FAIL_UNSORTED_VARS: 'SV',
+ State.FAIL_UNSORTED_OUTPUTS: 'SO',
+ State.FAIL_VARIABLE_PERIOD: '.V',
+ State.FAIL_OUTPUT_PERIOD: '.O',
+ State.FAIL_VARIABLE_DESCRIPTION: 'DV',
+ State.FAIL_OUTPUT_DESCRIPTION: 'DO',
}[self.value]
@@ -71,10 +79,10 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False):
new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra,
exclude_files, readme)
# TODO: support variables in multiple files
- variables = [
- v.name for v in new_doc.variables if v.file == "variables.tf"
- ]
- outputs = [o.name for o in new_doc.outputs if o.file == "outputs.tf"]
+ newvars = new_doc.variables
+ newouts = new_doc.outputs
+ variables = [v.name for v in newvars if v.file == "variables.tf"]
+ outputs = [o.name for o in newouts if o.file == "outputs.tf"]
except SystemExit:
state = state.SKIP
else:
@@ -87,6 +95,20 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False):
new_doc.content.split('\n'))
diff = '\n'.join([header] + list(ndiff))
+ elif empty := [v.name for v in newvars if not v.description]:
+ state = state.FAIL_VARIABLE_DESCRIPTION
+ diff = "\n".join([
+ f'----- {mod_name} variables missing description -----',
+ ', '.join(empty),
+ ])
+
+ elif empty := [o.name for o in newouts if not o.description]:
+ state = state.FAIL_VARIABLE_DESCRIPTION
+ diff = "\n".join([
+ f'----- {mod_name} outputs missing description -----',
+ ', '.join(empty),
+ ])
+
elif variables != sorted(variables):
state = state.FAIL_UNSORTED_VARS
diff = "\n".join([
@@ -103,6 +125,20 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False):
', '.join(sorted(outputs)),
])
+ elif nc := [v.name for v in newvars if not v.description.endswith('.')]:
+ state = state.FAIL_VARIABLE_PERIOD
+ diff = "\n".join([
+ f'----- {mod_name} variables missing colons -----',
+ ', '.join(nc),
+ ])
+
+ elif nc := [o.name for o in newouts if not o.description.endswith('.')]:
+ state = state.FAIL_VARIABLE_PERIOD
+ diff = "\n".join([
+ f'----- {mod_name} outputs missing colons -----',
+ ', '.join(nc),
+ ])
+
yield mod_name, state, diff
@@ -128,7 +164,6 @@ def main(dirs, exclude_file=None, files=False, show_diffs=False,
if errors:
if show_diffs:
print('Errored diffs:')
- print(errors)
print('\n'.join([e[1] for e in errors]))
else:
print('Errored modules:')