diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 00000000..152ce09e --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,23 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +'on:blueprints': + - blueprints/**/* +'on:FAST': + - fast/**/* +'on:modules': + - modules/**/* +'on:tools': + - tools/**/* + - .github/**/* diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 00000000..c68c4dd3 --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,30 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: "Label Pull Requests" + +on: + pull_request_target: + +jobs: + triage: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v4 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + sync-labels: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 9bd6e061..d69193e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file. ### BLUEPRINTS +- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) +- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese)) - [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) - [[#984](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/984)] **incompatible change:** Apigee module and blueprint ([apichick](https://github.com/apichick)) - [[#980](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/980)] Have Squid log to /dev/stdout to stream logs to Cloud Logging ([kunzese](https://github.com/kunzese)) @@ -59,6 +61,10 @@ All notable changes to this project will be documented in this file. ### DOCUMENTATION +- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) +- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) +- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) +- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese)) - [[#987](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/987)] Add tests to factory examples ([juliocc](https://github.com/juliocc)) - [[#972](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/972)] Add note about TF_PLUGIN_CACHE_DIR ([wiktorn](https://github.com/wiktorn)) - [[#961](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/961)] Remove extra file from root ([ludoo](https://github.com/ludoo)) @@ -72,6 +78,7 @@ All notable changes to this project will be documented in this file. ### FAST +- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) - [[#976](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/976)] FAST: fixes to GitHub workflow and 02/net outputs ([ludoo](https://github.com/ludoo)) - [[#966](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/966)] FAST: improve GitHub workflow, stage 01 output fixes ([ludoo](https://github.com/ludoo)) - [[#963](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/963)] **incompatible change:** Refactor vps-sc module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) @@ -104,6 +111,11 @@ All notable changes to this project will be documented in this file. ### MODULES +- [[#1016](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1016)] Fix memory/cpu typo in gke cluster module ([joeheaton](https://github.com/joeheaton)) +- [[#1012](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1012)] Fix tag outputs in organization module ([ludoo](https://github.com/ludoo)) +- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) +- [[#999](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/999)] Default nodepool creation fix ([astianseb](https://github.com/astianseb)) +- [[#1005](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1005)] Only set partitioned table when sink type is bigquery ([juliocc](https://github.com/juliocc)) - [[#997](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/997)] Add BigQuery subcriptions to Pubsub module. ([iht](https://github.com/iht)) - [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) - [[#994](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/994)] Add schemas to Pubsub topic module. ([iht](https://github.com/iht)) @@ -174,6 +186,10 @@ All notable changes to this project will be documented in this file. ### TOOLS +- [[#1013](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1013)] Update labeler.yml ([ludoo](https://github.com/ludoo)) +- [[#1010](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1010)] Enforce nonempty descriptions ending in a dot ([juliocc](https://github.com/juliocc)) +- [[#1004](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1004)] Use `actions/labeler` to automatically label pull requests ([kunzese](https://github.com/kunzese)) +- [[#998](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/998)] Add missing `write_package` permission ([kunzese](https://github.com/kunzese)) - [[#996](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/996)] Fix `repository name must be lowercase` on docker build ([kunzese](https://github.com/kunzese)) - [[#993](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/993)] Fix variable and output sort check ([juliocc](https://github.com/juliocc)) - [[#950](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/950)] Add a pytest fixture to convert tfvars to yaml ([ludoo](https://github.com/ludoo)) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6ea1bb85..d82b1ac7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -209,7 +209,7 @@ module "project" { ] } iam = { - "roles/editor" = [ + "roles/editor" = [ "serviceAccount:${module.project.service_accounts.cloud_services}" ] } @@ -236,7 +236,7 @@ module "project" { source = "./modules/project" name = "project-example" iam = { - "roles/editor" = [ + "roles/editor" = [ "serviceAccount:${module.project.service_accounts.cloud_services}" ] } @@ -543,7 +543,7 @@ locals { #### The `prefix` variable -If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all code: +If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all modules: ```hcl # variables.tf variable "prefix" { @@ -551,8 +551,8 @@ variable "prefix" { type = string default = null validation { - condition = var.prefix != "" - error_message = "Prefix can not be empty, please use null instead." + condition = var.prefix != "" + error_message = "Prefix cannot be empty, please use null instead." } } @@ -562,6 +562,18 @@ locals { } ``` +For blueprints the prefix is mandatory: +```hcl +variable "prefix" { + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } +} +``` + ### Interacting with checks, tests and tools Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers. diff --git a/blueprints/cloud-operations/adfs/README.md b/blueprints/cloud-operations/adfs/README.md index 893dc155..36b772f8 100644 --- a/blueprints/cloud-operations/adfs/README.md +++ b/blueprints/cloud-operations/adfs/README.md @@ -54,18 +54,18 @@ Once done testing, you can clean up resources by running `terraform destroy`. |---|---|:---:|:---:|:---:| | [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | string | ✓ | | | [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | string | ✓ | | -| [project_id](variables.tf#L79) | Host project ID. | string | ✓ | | +| [prefix](variables.tf#L64) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L82) | Host project ID. | string | ✓ | | | [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | string | | "10.0.0.0/24" | | [disk_size](variables.tf#L31) | Disk size. | number | | 50 | | [disk_type](variables.tf#L37) | Disk type. | string | | "pd-ssd" | | [image](variables.tf#L43) | Image. | string | | "projects/windows-cloud/global/images/family/windows-2022" | | [instance_type](variables.tf#L49) | Instance type. | string | | "n1-standard-2" | -| [network_config](variables.tf#L55) | Network configuration | object({…}) | | null | -| [prefix](variables.tf#L64) | Prefix for the resources created. | string | | null | -| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L84) | Region. | string | | "europe-west1" | -| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | -| [zone](variables.tf#L96) | Zone. | string | | "europe-west1-c" | +| [network_config](variables.tf#L55) | Network configuration. | object({…}) | | null | +| [project_create](variables.tf#L73) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L87) | Region. | string | | "europe-west1" | +| [subnet_ip_cidr_block](variables.tf#L93) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | +| [zone](variables.tf#L99) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/cloud-operations/adfs/main.tf b/blueprints/cloud-operations/adfs/main.tf index beb06fbd..bcfc753d 100644 --- a/blueprints/cloud-operations/adfs/main.tf +++ b/blueprints/cloud-operations/adfs/main.tf @@ -12,10 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -locals { - prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" -} - module "project" { source = "../../../modules/project" billing_account = ( @@ -41,7 +37,7 @@ module "vpc" { count = var.network_config == null ? 1 : 0 source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}vpc" + name = "${var.prefix}-vpc" subnets = [ { ip_cidr_range = var.subnet_ip_cidr_block @@ -98,7 +94,7 @@ module "server" { module "glb" { source = "../../../modules/net-glb" - name = "${local.prefix}glb" + name = "${var.prefix}-glb" project_id = module.project.project_id https = true diff --git a/blueprints/cloud-operations/adfs/variables.tf b/blueprints/cloud-operations/adfs/variables.tf index 4ac2fdc1..66c1276d 100644 --- a/blueprints/cloud-operations/adfs/variables.tf +++ b/blueprints/cloud-operations/adfs/variables.tf @@ -53,7 +53,7 @@ variable "instance_type" { } variable "network_config" { - description = "Network configuration" + description = "Network configuration." type = object({ network = string subnet = string @@ -62,9 +62,12 @@ variable "network_config" { } variable "prefix" { - description = "Prefix for the resources created." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/cloud-operations/apigee/README.md b/blueprints/cloud-operations/apigee/README.md index 65bcea51..922f038e 100644 --- a/blueprints/cloud-operations/apigee/README.md +++ b/blueprints/cloud-operations/apigee/README.md @@ -63,7 +63,7 @@ Do the following to verify that everything works as expected. | [instances](variables.tf#L46) | Instance. | map(object({…})) | ✓ | | | [project_id](variables.tf#L92) | Project ID. | string | ✓ | | | [psc_config](variables.tf#L98) | PSC configuration. | map(string) | ✓ | | -| [datastore_name](variables.tf#L17) | Datastore | string | | "gcs" | +| [datastore_name](variables.tf#L17) | Datastore. | string | | "gcs" | | [organization](variables.tf#L60) | Apigee organization. | object({…}) | | {…} | | [path](variables.tf#L76) | Bucket path. | string | | "/analytics" | | [project_create](variables.tf#L83) | Parameters for the creation of the new project. | object({…}) | | null | diff --git a/blueprints/cloud-operations/apigee/variables.tf b/blueprints/cloud-operations/apigee/variables.tf index 61c93391..1c86621b 100644 --- a/blueprints/cloud-operations/apigee/variables.tf +++ b/blueprints/cloud-operations/apigee/variables.tf @@ -15,7 +15,7 @@ */ variable "datastore_name" { - description = "Datastore" + description = "Datastore." type = string nullable = false default = "gcs" diff --git a/blueprints/cloud-operations/dns-shared-vpc/README.md b/blueprints/cloud-operations/dns-shared-vpc/README.md index d2923e65..9dc4c2ea 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/README.md +++ b/blueprints/cloud-operations/dns-shared-vpc/README.md @@ -26,11 +26,11 @@ Note that Terraform 0.13 at least is required due to the use of `for_each` with |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | string | ✓ | | | [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | string | ✓ | | -| [shared_vpc_link](variables.tf#L48) | Shared VPC self link, used for DNS peering. | string | ✓ | | +| [prefix](variables.tf#L33) | Prefix used for resource names. | string | ✓ | | +| [shared_vpc_link](variables.tf#L51) | Shared VPC self link, used for DNS peering. | string | ✓ | | | [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | string | | "example.org" | -| [prefix](variables.tf#L33) | Customer name to use as prefix for resources' naming. | string | | "test-dns" | -| [project_services](variables.tf#L39) | Service APIs enabled by default. | list(string) | | […] | -| [teams](variables.tf#L53) | List of application teams requiring their own Cloud DNS instance. | list(string) | | […] | +| [project_services](variables.tf#L42) | Service APIs enabled by default. | list(string) | | […] | +| [teams](variables.tf#L56) | List of application teams requiring their own Cloud DNS instance. | list(string) | | […] | ## Outputs diff --git a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf index 7c0f7ed9..90220e3d 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf +++ b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf @@ -50,8 +50,12 @@ variable "billing_account" { } variable "prefix" { - description = "Customer name to use as prefix for resources' naming." - default = "test-dns" + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "dns_domain" { diff --git a/blueprints/cloud-operations/dns-shared-vpc/variables.tf b/blueprints/cloud-operations/dns-shared-vpc/variables.tf index f74acfde..63a0ab94 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/variables.tf +++ b/blueprints/cloud-operations/dns-shared-vpc/variables.tf @@ -31,9 +31,12 @@ variable "folder_id" { } variable "prefix" { - description = "Customer name to use as prefix for resources' naming." + description = "Prefix used for resource names." type = string - default = "test-dns" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_services" { diff --git a/blueprints/cloud-operations/network-dashboard/README.md b/blueprints/cloud-operations/network-dashboard/README.md index cc0557c1..768e0f12 100644 --- a/blueprints/cloud-operations/network-dashboard/README.md +++ b/blueprints/cloud-operations/network-dashboard/README.md @@ -89,15 +89,15 @@ If you are interested in this and/or would like to contribute, please contact le | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with | | ✓ | | -| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled) | list(string) | ✓ | | -| [organization_id](variables.tf#L46) | The organization id for the associated services | | ✓ | | -| [prefix](variables.tf#L50) | Customer name to use as prefix for monitoring project | | ✓ | | +| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with. | | ✓ | | +| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled). | list(string) | ✓ | | +| [organization_id](variables.tf#L46) | The organization id for the associated services. | | ✓ | | +| [prefix](variables.tf#L50) | Prefix used for resource names. | string | ✓ | | | [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. | | | V1 | -| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled) | list(string) | | [] | -| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string | | | | -| [project_monitoring_services](variables.tf#L54) | Service APIs enabled in the monitoring project if it will be created. | | | […] | -| [region](variables.tf#L76) | Region used to deploy the cloud functions and scheduler | | | europe-west1 | -| [schedule_cron](variables.tf#L81) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | | | */10 * * * * | +| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled). | list(string) | | [] | +| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string. | | | | +| [project_monitoring_services](variables.tf#L59) | Service APIs enabled in the monitoring project if it will be created. | | | […] | +| [region](variables.tf#L81) | Region used to deploy the cloud functions and scheduler. | | | europe-west1 | +| [schedule_cron](variables.tf#L86) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | | | */10 * * * * | diff --git a/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py b/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py index 8987b4cb..edd4a50b 100644 --- a/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py +++ b/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py @@ -187,7 +187,7 @@ def count_effective_limit(config, project_id, network_dict, usage_metric_name, for peered_network in network_dict['peerings']: if 'usage' not in peered_network: print( - f"Can not add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions" + f"Cannot add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions" ) continue peering_group_usage += peered_network['usage'] diff --git a/blueprints/cloud-operations/network-dashboard/tests/variables.tf b/blueprints/cloud-operations/network-dashboard/tests/variables.tf index a895d284..dd01b29f 100644 --- a/blueprints/cloud-operations/network-dashboard/tests/variables.tf +++ b/blueprints/cloud-operations/network-dashboard/tests/variables.tf @@ -23,7 +23,12 @@ variable "billing_account" { } variable "prefix" { - description = "Customer name to use as prefix for resources' naming" + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_vm_services" { diff --git a/blueprints/cloud-operations/network-dashboard/variables.tf b/blueprints/cloud-operations/network-dashboard/variables.tf index de32ab1e..2744eed6 100644 --- a/blueprints/cloud-operations/network-dashboard/variables.tf +++ b/blueprints/cloud-operations/network-dashboard/variables.tf @@ -15,7 +15,7 @@ */ variable "billing_account" { - description = "The ID of the billing account to associate this project with" + description = "The ID of the billing account to associate this project with." } variable "cf_version" { @@ -29,26 +29,31 @@ variable "cf_version" { variable "monitored_folders_list" { type = list(string) - description = "ID of the projects to be monitored (where limits and quotas data will be pulled)" + description = "ID of the projects to be monitored (where limits and quotas data will be pulled)." default = [] } variable "monitored_projects_list" { type = list(string) - description = "ID of the projects to be monitored (where limits and quotas data will be pulled)" + description = "ID of the projects to be monitored (where limits and quotas data will be pulled)." } variable "monitoring_project_id" { - description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string" + description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string." default = "" } variable "organization_id" { - description = "The organization id for the associated services" + description = "The organization id for the associated services." } variable "prefix" { - description = "Customer name to use as prefix for monitoring project" + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_monitoring_services" { @@ -74,7 +79,7 @@ variable "project_monitoring_services" { ] } variable "region" { - description = "Region used to deploy the cloud functions and scheduler" + description = "Region used to deploy the cloud functions and scheduler." default = "europe-west1" } diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md index dcad294b..240d6d02 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md @@ -35,6 +35,6 @@ provider "google-beta" { | name | description | sensitive | |---|---|:---:| -| [credentials](outputs.tf#L17) | | | +| [credentials](outputs.tf#L17) | Credentials in format to pass the to gcp provider. | | diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf index fbcea8c2..a4d54c54 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/outputs.tf @@ -15,6 +15,7 @@ */ output "credentials" { + description = "Credentials in format to pass the to gcp provider." value = jsonencode({ "type" : "external_account", "audience" : "${local.audience}", diff --git a/blueprints/cloud-operations/vm-migration/esxi/README.md b/blueprints/cloud-operations/vm-migration/esxi/README.md index 575b0adf..f3b4ebed 100644 --- a/blueprints/cloud-operations/vm-migration/esxi/README.md +++ b/blueprints/cloud-operations/vm-migration/esxi/README.md @@ -22,11 +22,11 @@ This sample creates several distinct groups of resources: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login | string | ✓ | | +| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login. | string | ✓ | | | [vcenter_password](variables.tf#L48) | VCenter user password. | string | ✓ | | -| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters | object({…}) | ✓ | | -| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters | object({…}) | | {…} | -| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image | string | | "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova" | +| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters. | object({…}) | ✓ | | +| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters. | object({…}) | | {…} | +| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image. | string | | "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova" | ## Manual Steps diff --git a/blueprints/cloud-operations/vm-migration/esxi/variables.tf b/blueprints/cloud-operations/vm-migration/esxi/variables.tf index ba886d43..34d2157b 100644 --- a/blueprints/cloud-operations/vm-migration/esxi/variables.tf +++ b/blueprints/cloud-operations/vm-migration/esxi/variables.tf @@ -13,7 +13,7 @@ # limitations under the License. variable "m4ce_appliance_properties" { - description = "M4CE connector OVA image configuration parameters" + description = "M4CE connector OVA image configuration parameters." type = object({ hostname = string ip0 = string @@ -35,13 +35,13 @@ variable "m4ce_appliance_properties" { } variable "m4ce_connector_ovf_url" { - description = "http URL to the public M4CE connector OVA image" + description = "http URL to the public M4CE connector OVA image." type = string default = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova" } variable "m4ce_ssh_public_key" { - description = "Filesystem path to the public key for the SSH login" + description = "Filesystem path to the public key for the SSH login." type = string } @@ -51,7 +51,7 @@ variable "vcenter_password" { } variable "vsphere_environment" { - description = "VMVware VSphere connection parameters" + description = "VMVware VSphere connection parameters." type = object({ vcenter_ip = string vcenter_user = string diff --git a/blueprints/cloud-operations/vm-migration/host-target-projects/README.md b/blueprints/cloud-operations/vm-migration/host-target-projects/README.md index 241cf03a..c1d24182 100644 --- a/blueprints/cloud-operations/vm-migration/host-target-projects/README.md +++ b/blueprints/cloud-operations/vm-migration/host-target-projects/README.md @@ -25,16 +25,16 @@ This sample creates\updates several distinct groups of resources: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | list(string) | ✓ | | -| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | list(string) | ✓ | | -| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | list(string) | | [] | -| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend | object({…}) | | null | -| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project | string | | "m4ce-host-project-000" | +| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string) | ✓ | | +| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | list(string) | ✓ | | +| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string) | | [] | +| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend. | object({…}) | | null | +| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project. | string | | "m4ce-host-project-000" | ## Outputs | name | description | sensitive | |---|---|:---:| -| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects | | +| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects. | | diff --git a/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf b/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf index ef78d4c7..2db8f1ae 100644 --- a/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf +++ b/blueprints/cloud-operations/vm-migration/host-target-projects/outputs.tf @@ -13,6 +13,6 @@ # limitations under the License. output "m4ce_gmanaged_service_account" { - description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects" + description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects." value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com" } diff --git a/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf b/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf index f6e3345f..c210fa31 100644 --- a/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf +++ b/blueprints/cloud-operations/vm-migration/host-target-projects/variables.tf @@ -13,23 +13,23 @@ # limitations under the License. variable "migration_admin_users" { - description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format" + description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format." type = list(string) } variable "migration_target_projects" { - description = "List of target projects for m4ce workload migrations" + description = "List of target projects for m4ce workload migrations." type = list(string) } variable "migration_viewer_users" { - description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format" + description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format." type = list(string) default = [] } variable "project_create" { - description = "Parameters for the creation of the new project to host the M4CE backend" + description = "Parameters for the creation of the new project to host the M4CE backend." type = object({ billing_account_id = string parent = string @@ -38,7 +38,7 @@ variable "project_create" { } variable "project_name" { - description = "Name of an existing project or of the new project assigned as M4CE host project" + description = "Name of an existing project or of the new project assigned as M4CE host project." type = string default = "m4ce-host-project-000" } diff --git a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md index cc401357..bb34cf8f 100644 --- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md +++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md @@ -26,18 +26,18 @@ This sample creates\update several distinct groups of resources: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | list(string) | ✓ | | -| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | list(string) | ✓ | | -| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects | list(string) | ✓ | | -| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | list(string) | | [] | -| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend | object({…}) | | null | -| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project | string | | "m4ce-host-project-000" | +| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string) | ✓ | | +| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | list(string) | ✓ | | +| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects. | list(string) | ✓ | | +| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string) | | [] | +| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend. | object({…}) | | null | +| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project. | string | | "m4ce-host-project-000" | ## Outputs | name | description | sensitive | |---|---|:---:| -| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | | +| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | | ## Manual Steps diff --git a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf index 3e6d553d..c772de5f 100644 --- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf +++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf @@ -13,6 +13,6 @@ # limitations under the License. output "m4ce_gmanaged_service_account" { - description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects" + description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects." value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com" } diff --git a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf index 85f333ce..c01740dc 100644 --- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf +++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf @@ -13,22 +13,22 @@ # limitations under the License. variable "migration_admin_users" { - description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format" + description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format." type = list(string) } variable "migration_target_projects" { - description = "List of target projects for m4ce workload migrations" + description = "List of target projects for m4ce workload migrations." type = list(string) } variable "migration_viewer_users" { - description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format" + description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format." type = list(string) default = [] } variable "project_create" { - description = "Parameters for the creation of the new project to host the M4CE backend" + description = "Parameters for the creation of the new project to host the M4CE backend." type = object({ billing_account_id = string parent = string @@ -37,12 +37,12 @@ variable "project_create" { } variable "project_name" { - description = "Name of an existing project or of the new project assigned as M4CE host project" + description = "Name of an existing project or of the new project assigned as M4CE host project." type = string default = "m4ce-host-project-000" } variable "sharedvpc_host_projects" { - description = "List of host projects that share a VPC with the selected target projects" + description = "List of host projects that share a VPC with the selected target projects." type = list(string) } diff --git a/blueprints/cloud-operations/vm-migration/single-project/README.md b/blueprints/cloud-operations/vm-migration/single-project/README.md index 85f3164a..20afd4a9 100644 --- a/blueprints/cloud-operations/vm-migration/single-project/README.md +++ b/blueprints/cloud-operations/vm-migration/single-project/README.md @@ -26,16 +26,16 @@ This sample creates several distinct groups of resources: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | list(string) | ✓ | | -| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | list(string) | | [] | -| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend | object({…}) | | null | -| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project | string | | "m4ce-host-project-000" | -| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project | object({…}) | | {…} | +| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string) | ✓ | | +| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string) | | [] | +| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend. | object({…}) | | null | +| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project. | string | | "m4ce-host-project-000" | +| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project. | object({…}) | | {…} | ## Outputs | name | description | sensitive | |---|---|:---:| -| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | | +| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | | diff --git a/blueprints/cloud-operations/vm-migration/single-project/outputs.tf b/blueprints/cloud-operations/vm-migration/single-project/outputs.tf index 347eb54f..269bb2bd 100644 --- a/blueprints/cloud-operations/vm-migration/single-project/outputs.tf +++ b/blueprints/cloud-operations/vm-migration/single-project/outputs.tf @@ -13,6 +13,6 @@ # limitations under the License. output "m4ce_gmanaged_service_account" { - description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects" + description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects." value = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com" } diff --git a/blueprints/cloud-operations/vm-migration/single-project/variables.tf b/blueprints/cloud-operations/vm-migration/single-project/variables.tf index 2d7214f4..3335254f 100644 --- a/blueprints/cloud-operations/vm-migration/single-project/variables.tf +++ b/blueprints/cloud-operations/vm-migration/single-project/variables.tf @@ -13,18 +13,18 @@ # limitations under the License. variable "migration_admin_users" { - description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format" + description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format." type = list(string) } variable "migration_viewer_users" { - description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format" + description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format." type = list(string) default = [] } variable "project_create" { - description = "Parameters for the creation of the new project to host the M4CE backend" + description = "Parameters for the creation of the new project to host the M4CE backend." type = object({ billing_account_id = string parent = string @@ -33,13 +33,13 @@ variable "project_create" { } variable "project_name" { - description = "Name of an existing project or of the new project assigned as M4CE host an target project" + description = "Name of an existing project or of the new project assigned as M4CE host an target project." type = string default = "m4ce-host-project-000" } variable "vpc_config" { - description = "Parameters to create a simple VPC on the M4CE project" + description = "Parameters to create a simple VPC on the M4CE project." type = object({ ip_cidr_range = string, region = string diff --git a/blueprints/data-solutions/cloudsql-multiregion/README.md b/blueprints/data-solutions/cloudsql-multiregion/README.md index 1fc06008..d6420d6c 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/README.md +++ b/blueprints/data-solutions/cloudsql-multiregion/README.md @@ -143,15 +143,15 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [postgres_user_password](variables.tf#L40) | `postgres` user password. | string | ✓ | | -| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L45) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L63) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string) | | [] | | [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | | [postgres_database](variables.tf#L34) | `postgres` database. | string | | "guestbook" | -| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | -| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | -| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | object({…}) | | {…} | +| [project_create](variables.tf#L54) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [regions](variables.tf#L68) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | +| [service_encryption_keys](variables.tf#L81) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | +| [sql_configuration](variables.tf#L87) | Cloud SQL configuration. | object({…}) | | {…} | ## Outputs diff --git a/blueprints/data-solutions/cloudsql-multiregion/variables.tf b/blueprints/data-solutions/cloudsql-multiregion/variables.tf index aa91afbf..65427792 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/variables.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/variables.tf @@ -43,8 +43,12 @@ variable "postgres_user_password" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { @@ -81,7 +85,7 @@ variable "service_encryption_keys" { } variable "sql_configuration" { - description = "Cloud SQL configuration" + description = "Cloud SQL configuration." type = object({ availability_type = string database_version = string diff --git a/blueprints/data-solutions/composer-2/README.md b/blueprints/data-solutions/composer-2/README.md index 08a8643d..bc51aaa4 100644 --- a/blueprints/data-solutions/composer-2/README.md +++ b/blueprints/data-solutions/composer-2/README.md @@ -96,14 +96,14 @@ service_encryption_keys = { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L78) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L92) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L78) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L96) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | object({…}) | | {…} | | [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | map(list(string)) | | null | | [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [project_create](variables.tf#L83) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L97) | Reagion where instances will be deployed. | string | | "europe-west1" | -| [service_encryption_keys](variables.tf#L103) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | map(string) | | null | +| [project_create](variables.tf#L87) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L101) | Reagion where instances will be deployed. | string | | "europe-west1" | +| [service_encryption_keys](variables.tf#L107) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | map(string) | | null | ## Outputs diff --git a/blueprints/data-solutions/composer-2/main.tf b/blueprints/data-solutions/composer-2/main.tf index 407eb5f2..a9ee619c 100644 --- a/blueprints/data-solutions/composer-2/main.tf +++ b/blueprints/data-solutions/composer-2/main.tf @@ -22,7 +22,6 @@ locals { }, var.iam_groups_map ) - # Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account _shared_vpc_bindings = { "roles/compute.networkUser" = [ diff --git a/blueprints/data-solutions/composer-2/variables.tf b/blueprints/data-solutions/composer-2/variables.tf index db7ac55a..6ff0ff46 100644 --- a/blueprints/data-solutions/composer-2/variables.tf +++ b/blueprints/data-solutions/composer-2/variables.tf @@ -76,8 +76,12 @@ variable "network_config" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md index 35b4c950..8da143b2 100644 --- a/blueprints/data-solutions/data-platform-foundations/README.md +++ b/blueprints/data-solutions/data-platform-foundations/README.md @@ -249,17 +249,17 @@ You can find examples in the `[demo](./demo)` folder. | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | | [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | string | ✓ | | | [organization_domain](variables.tf#L98) | Organization domain. | string | ✓ | | -| [prefix](variables.tf#L103) | Unique prefix used for resource names. | string | ✓ | | +| [prefix](variables.tf#L103) | Prefix used for resource names. | string | ✓ | | | [composer_config](variables.tf#L22) | Cloud Composer config. | object({…}) | | {…} | | [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {…} | | [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false | | [groups](variables.tf#L58) | User groups. | map(string) | | {…} | | [location](variables.tf#L68) | Location used for multi-regional resources. | string | | "eu" | | [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [project_services](variables.tf#L108) | List of core services enabled on all projects. | list(string) | | […] | -| [project_suffix](variables.tf#L119) | Suffix used only for project ids. | string | | null | -| [region](variables.tf#L125) | Region used for regional resources. | string | | "europe-west1" | -| [service_encryption_keys](variables.tf#L131) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | +| [project_services](variables.tf#L112) | List of core services enabled on all projects. | list(string) | | […] | +| [project_suffix](variables.tf#L123) | Suffix used only for project ids. | string | | null | +| [region](variables.tf#L129) | Region used for regional resources. | string | | "europe-west1" | +| [service_encryption_keys](variables.tf#L135) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | ## Outputs diff --git a/blueprints/data-solutions/data-platform-foundations/variables.tf b/blueprints/data-solutions/data-platform-foundations/variables.tf index adf3c7e4..80e7b65c 100644 --- a/blueprints/data-solutions/data-platform-foundations/variables.tf +++ b/blueprints/data-solutions/data-platform-foundations/variables.tf @@ -101,8 +101,12 @@ variable "organization_domain" { } variable "prefix" { - description = "Unique prefix used for resource names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_services" { diff --git a/blueprints/data-solutions/data-playground/README.md b/blueprints/data-solutions/data-playground/README.md index 950484a9..ecc12973 100644 --- a/blueprints/data-solutions/data-playground/README.md +++ b/blueprints/data-solutions/data-playground/README.md @@ -47,12 +47,12 @@ You can now connect to the Vertex AI notbook to perform your data analysy. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L22) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L40) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [location](variables.tf#L16) | The location where resources will be deployed. | string | | "EU" | -| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | object({…}) | | null | -| [region](variables.tf#L41) | The region where resources will be deployed. | string | | "europe-west1" | -| [vpc_config](variables.tf#L57) | Parameters to create a VPC. | object({…}) | | {…} | +| [project_create](variables.tf#L31) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id. | object({…}) | | null | +| [region](variables.tf#L45) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_config](variables.tf#L61) | Parameters to create a VPC. | object({…}) | | {…} | ## Outputs @@ -61,7 +61,7 @@ You can now connect to the Vertex AI notbook to perform your data analysy. | [bucket](outputs.tf#L15) | GCS Bucket URL. | | | [dataset](outputs.tf#L20) | GCS Bucket URL. | | | [notebook](outputs.tf#L25) | Vertex AI notebook details. | | -| [project](outputs.tf#L33) | Project id | | -| [vpc](outputs.tf#L38) | VPC Network | | +| [project](outputs.tf#L33) | Project id. | | +| [vpc](outputs.tf#L38) | VPC Network. | | diff --git a/blueprints/data-solutions/data-playground/main.tf b/blueprints/data-solutions/data-playground/main.tf index a561c1d6..ff079d5e 100644 --- a/blueprints/data-solutions/data-playground/main.tf +++ b/blueprints/data-solutions/data-playground/main.tf @@ -32,6 +32,7 @@ module "project" { "bigqueryreservation.googleapis.com", "composer.googleapis.com", "compute.googleapis.com", + "dialogflow.googleapis.com", "dataflow.googleapis.com", "ml.googleapis.com", "notebooks.googleapis.com", @@ -113,7 +114,7 @@ module "bucket" { module "dataset" { source = "../../../modules/bigquery-dataset" project_id = module.project.project_id - id = "${var.prefix}_data" + id = "${replace(var.prefix, "-", "_")}_data" encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key } @@ -133,6 +134,7 @@ module "service-account-notebook" { "roles/bigquery.jobUser", "roles/bigquery.dataEditor", "roles/bigquery.user", + "roles/dialogflow.client", "roles/storage.admin", ] } @@ -152,7 +154,7 @@ resource "google_notebooks_instance" "playground" { install_gpu_driver = true boot_disk_type = "PD_SSD" boot_disk_size_gb = 110 - disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : "GMEK" + disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : null kms_key = try(local.service_encryption_keys.compute, null) no_public_ip = true diff --git a/blueprints/data-solutions/data-playground/outputs.tf b/blueprints/data-solutions/data-playground/outputs.tf index 03db2506..4b80c311 100644 --- a/blueprints/data-solutions/data-playground/outputs.tf +++ b/blueprints/data-solutions/data-playground/outputs.tf @@ -31,11 +31,11 @@ output "notebook" { } output "project" { - description = "Project id" + description = "Project id." value = module.project.project_id } output "vpc" { - description = "VPC Network" + description = "VPC Network." value = module.vpc.name } diff --git a/blueprints/data-solutions/data-playground/variables.tf b/blueprints/data-solutions/data-playground/variables.tf index 1c410ae2..17354067 100644 --- a/blueprints/data-solutions/data-playground/variables.tf +++ b/blueprints/data-solutions/data-playground/variables.tf @@ -20,12 +20,16 @@ variable "location" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { - description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id" + description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id." type = object({ billing_account_id = string parent = string diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md index b062f4e3..54f47eca 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md @@ -193,14 +193,14 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L50) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L36) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L54) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | bool | | false | | [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | list(string) | | [] | | [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [project_create](variables.tf#L41) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L55) | The region where resources will be deployed. | string | | "europe-west1" | -| [vpc_subnet_range](variables.tf#L61) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | +| [project_create](variables.tf#L45) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L59) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_subnet_range](variables.tf#L65) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | ## Outputs diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf index 026e07b6..97d3de77 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf @@ -34,8 +34,12 @@ variable "network_config" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md index ba1916c7..1ce4dad7 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/README.md +++ b/blueprints/data-solutions/sqlserver-alwayson/README.md @@ -35,37 +35,37 @@ and to `C:\GcpSetupLog.txt` file. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | string | ✓ | | -| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | string | ✓ | | -| [network](variables.tf#L90) | Network to use in the project | string | ✓ | | -| [project_id](variables.tf#L128) | Google Cloud project ID | string | ✓ | | -| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | string | ✓ | | -| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | string | ✓ | | -| [always_on_groups](variables.tf#L33) | List of Always On Groups | list(string) | | ["bookshelf"] | -| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | number | | 50 | -| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | string | | "cluster" | -| [data_disk_size](variables.tf#L51) | Database disk size in GB | number | | 200 | -| [health_check_config](variables.tf#L57) | Health check configuration | | | {…} | -| [health_check_port](variables.tf#L72) | Health check port | number | | 59997 | -| [health_check_ranges](variables.tf#L78) | Health check ranges | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] | -| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | string | | "" | -| [node_image](variables.tf#L95) | SQL Server node machine image | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | -| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | string | | "n2-standard-8" | -| [node_name](variables.tf#L107) | Node base name | string | | "node" | -| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | string | | "aog" | -| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L133) | Region for resources | string | | "europe-west4" | -| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | string | | null | -| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | -| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | -| [witness_image](variables.tf#L171) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | -| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | string | | "n2-standard-2" | -| [witness_name](variables.tf#L183) | Witness base name | string | | "witness" | +| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN). | string | ✓ | | +| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS). | string | ✓ | | +| [network](variables.tf#L90) | Network to use in the project. | string | ✓ | | +| [prefix](variables.tf#L113) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L131) | Google Cloud project ID. | string | ✓ | | +| [sql_admin_password](variables.tf#L148) | Password for the SQL admin user to be created. | string | ✓ | | +| [subnetwork](variables.tf#L163) | Subnetwork to use in the project. | string | ✓ | | +| [always_on_groups](variables.tf#L33) | List of Always On Groups. | list(string) | | ["bookshelf"] | +| [boot_disk_size](variables.tf#L39) | Boot disk size in GB. | number | | 50 | +| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix). | string | | "cluster" | +| [data_disk_size](variables.tf#L51) | Database disk size in GB. | number | | 200 | +| [health_check_config](variables.tf#L57) | Health check configuration. | | | {…} | +| [health_check_port](variables.tf#L72) | Health check port. | number | | 59997 | +| [health_check_ranges](variables.tf#L78) | Health check ranges. | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] | +| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com). | string | | "" | +| [node_image](variables.tf#L95) | SQL Server node machine image. | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | +| [node_instance_type](variables.tf#L101) | SQL Server database node instance type. | string | | "n2-standard-8" | +| [node_name](variables.tf#L107) | Node base name. | string | | "node" | +| [project_create](variables.tf#L122) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L136) | Region for resources. | string | | "europe-west4" | +| [shared_vpc_project_id](variables.tf#L142) | Shared VPC project ID for firewall rules. | string | | null | +| [sql_client_cidrs](variables.tf#L157) | CIDR ranges that are allowed to connect to SQL Server. | list(string) | | ["0.0.0.0/0"] | +| [vpc_ip_cidr_range](variables.tf#L168) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | +| [witness_image](variables.tf#L174) | SQL Server witness machine image. | string | | "projects/windows-cloud/global/images/family/windows-2019" | +| [witness_instance_type](variables.tf#L180) | SQL Server witness node instance type. | string | | "n2-standard-2" | +| [witness_name](variables.tf#L186) | Witness base name. | string | | "witness" | ## Outputs | name | description | sensitive | |---|---|:---:| -| [instructions](outputs.tf#L19) | | | +| [instructions](outputs.tf#L19) | List of steps to follow after applying. | | diff --git a/blueprints/data-solutions/sqlserver-alwayson/instances.tf b/blueprints/data-solutions/sqlserver-alwayson/instances.tf index bde26662..40f26e95 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/instances.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/instances.tf @@ -30,8 +30,8 @@ locals { managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : "" health_check_port = var.health_check_port sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1] - cluster_ip = module.ip-addresses.internal_addresses["${local.prefix}cluster"].address - loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${local.prefix}lb-${aog}"].address }) + cluster_ip = module.ip-addresses.internal_addresses["${var.prefix}-cluster"].address + loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${var.prefix}-lb-${aog}"].address }) sql_cluster_name = local.cluster_netbios_name sql_cluster_full = local.cluster_full_name node_netbios_1 = local.node_netbios_names[0] @@ -43,7 +43,7 @@ locals { _template_vars = merge(local._template_vars0, { functions = local._functions }) - _user_name = "${local.prefix}sqlserver" + _user_name = "${var.prefix}-sqlserver" scripts = { for script in local._scripts : script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars) diff --git a/blueprints/data-solutions/sqlserver-alwayson/main.tf b/blueprints/data-solutions/sqlserver-alwayson/main.tf index 6485b46d..4a255015 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/main.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/main.tf @@ -14,14 +14,14 @@ locals { ad_user_password_secret = "${local.cluster_full_name}-password" - cluster_full_name = "${local.prefix}${var.cluster_name}" + cluster_full_name = "${var.prefix}-${var.cluster_name}" cluster_netbios_name = ( length(local.cluster_full_name) > 15 ? substr(local.cluster_full_name, 0, 15) : local.cluster_full_name ) network = module.vpc.self_link - node_base = "${local.prefix}${var.node_name}" + node_base = "${var.prefix}-${var.node_name}" node_prefix = ( length(local.node_base) > 12 ? substr(local.node_base, 0, 12) @@ -39,7 +39,6 @@ locals { (local.witness_netbios_name) = local.zones[length(local.zones) - 1] } ) - prefix = var.prefix != "" ? "${var.prefix}-" : "" subnetwork = ( var.project_create != null ? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"] @@ -50,7 +49,7 @@ locals { ? var.shared_vpc_project_id : module.project.project_id ) - witness_name = "${local.prefix}${var.witness_name}" + witness_name = "${var.prefix}-${var.witness_name}" witness_netbios_name = ( length(local.witness_name) > 15 ? substr(local.witness_name, 0, 15) diff --git a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf index 2d094763..1856f823 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf @@ -17,7 +17,8 @@ locals { } output "instructions" { - value = < 0 @@ -22,7 +22,7 @@ variable "ad_domain_fqdn" { } variable "ad_domain_netbios" { - description = "Active Directory domain (NetBIOS)" + description = "Active Directory domain (NetBIOS)." type = string validation { condition = length(var.ad_domain_netbios) > 0 @@ -31,31 +31,31 @@ variable "ad_domain_netbios" { } variable "always_on_groups" { - description = "List of Always On Groups" + description = "List of Always On Groups." type = list(string) default = ["bookshelf"] } variable "boot_disk_size" { - description = "Boot disk size in GB" + description = "Boot disk size in GB." type = number default = 50 } variable "cluster_name" { - description = "Cluster name (prepended with prefix)" + description = "Cluster name (prepended with prefix)." type = string default = "cluster" } variable "data_disk_size" { - description = "Database disk size in GB" + description = "Database disk size in GB." type = number default = 200 } variable "health_check_config" { - description = "Health check configuration" + description = "Health check configuration." type = object({ check_interval_sec = number, healthy_threshold = number, unhealthy_threshold = number, @@ -70,50 +70,53 @@ variable "health_check_config" { } variable "health_check_port" { - description = "Health check port" + description = "Health check port." type = number default = 59997 } variable "health_check_ranges" { - description = "Health check ranges" + description = "Health check ranges." type = list(string) default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] } variable "managed_ad_dn" { - description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)" + description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)." type = string default = "" } variable "network" { - description = "Network to use in the project" + description = "Network to use in the project." type = string } variable "node_image" { - description = "SQL Server node machine image" + description = "SQL Server node machine image." type = string default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" } variable "node_instance_type" { - description = "SQL Server database node instance type" + description = "SQL Server database node instance type." type = string default = "n2-standard-8" } variable "node_name" { - description = "Node base name" + description = "Node base name." type = string default = "node" } variable "prefix" { - description = "Prefix used for resources (for multiple clusters in a project)" + description = "Prefix used for resource names." type = string - default = "aog" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { @@ -126,24 +129,24 @@ variable "project_create" { } variable "project_id" { - description = "Google Cloud project ID" + description = "Google Cloud project ID." type = string } variable "region" { - description = "Region for resources" + description = "Region for resources." type = string default = "europe-west4" } variable "shared_vpc_project_id" { - description = "Shared VPC project ID for firewall rules" + description = "Shared VPC project ID for firewall rules." type = string default = null } variable "sql_admin_password" { - description = "Password for the SQL admin user to be created" + description = "Password for the SQL admin user to be created." type = string validation { condition = length(var.sql_admin_password) > 0 @@ -152,13 +155,13 @@ variable "sql_admin_password" { } variable "sql_client_cidrs" { - description = "CIDR ranges that are allowed to connect to SQL Server" + description = "CIDR ranges that are allowed to connect to SQL Server." type = list(string) default = ["0.0.0.0/0"] } variable "subnetwork" { - description = "Subnetwork to use in the project" + description = "Subnetwork to use in the project." type = string } @@ -169,19 +172,19 @@ variable "vpc_ip_cidr_range" { } variable "witness_image" { - description = "SQL Server witness machine image" + description = "SQL Server witness machine image." type = string default = "projects/windows-cloud/global/images/family/windows-2019" } variable "witness_instance_type" { - description = "SQL Server witness node instance type" + description = "SQL Server witness node instance type." type = string default = "n2-standard-2" } variable "witness_name" { - description = "Witness base name" + description = "Witness base name." type = string default = "witness" } diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf index 6f0b9120..ccc10e1c 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf @@ -19,7 +19,7 @@ locals { local.listeners, local.node_ips, { - "${local.prefix}cluster" = { + "${var.prefix}-cluster" = { region = var.region subnetwork = local.subnetwork } @@ -34,7 +34,7 @@ locals { k => v.address } listeners = { - for aog in var.always_on_groups : "${local.prefix}lb-${aog}" => { + for aog in var.always_on_groups : "${var.prefix}-lb-${aog}" => { region = var.region subnetwork = local.subnetwork } @@ -83,7 +83,7 @@ module "firewall" { disabled = true } ingress_rules = { - "${local.prefix}allow-all-between-wsfc-nodes" = { + "${var.prefix}-allow-all-between-wsfc-nodes" = { description = "Allow all between WSFC nodes" sources = [module.compute-service-account.email] targets = [module.compute-service-account.email] @@ -94,7 +94,7 @@ module "firewall" { { protocol = "icmp" } ] } - "${local.prefix}allow-all-between-wsfc-witness" = { + "${var.prefix}-allow-all-between-wsfc-witness" = { description = "Allow all between WSFC witness nodes" sources = [module.compute-service-account.email] targets = [module.witness-service-account.email] @@ -105,7 +105,7 @@ module "firewall" { { protocol = "icmp" } ] } - "${local.prefix}allow-sql-to-wsfc-nodes" = { + "${var.prefix}-allow-sql-to-wsfc-nodes" = { description = "Allow SQL connections to WSFC nodes" targets = [module.compute-service-account.email] ranges = var.sql_client_cidrs @@ -114,7 +114,7 @@ module "firewall" { { protocol = "tcp", ports = [1433] }, ] } - "${local.prefix}allow-health-check-to-wsfc-nodes" = { + "${var.prefix}-allow-health-check-to-wsfc-nodes" = { description = "Allow health checks to WSFC nodes" targets = [module.compute-service-account.email] ranges = var.health_check_ranges @@ -139,7 +139,7 @@ module "listener-ilb" { region = var.region name = "${var.prefix}-${each.value}-ilb" service_label = "${var.prefix}-${each.value}-ilb" - address = local.internal_address_ips["${local.prefix}lb-${each.value}"] + address = local.internal_address_ips["${var.prefix}-lb-${each.value}"] vpc_config = { network = local.network subnetwork = local.subnetwork diff --git a/blueprints/factories/bigquery-factory/README.md b/blueprints/factories/bigquery-factory/README.md index 3f1acc4a..05cabffb 100644 --- a/blueprints/factories/bigquery-factory/README.md +++ b/blueprints/factories/bigquery-factory/README.md @@ -73,7 +73,7 @@ deletion_protection: bool # not required, defaults to false | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L17) | Project ID | string | ✓ | | +| [project_id](variables.tf#L17) | Project ID. | string | ✓ | | | [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | string | ✓ | | | [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | string | ✓ | | diff --git a/blueprints/factories/bigquery-factory/variables.tf b/blueprints/factories/bigquery-factory/variables.tf index cd34f02b..774ec86e 100644 --- a/blueprints/factories/bigquery-factory/variables.tf +++ b/blueprints/factories/bigquery-factory/variables.tf @@ -15,7 +15,7 @@ */ variable "project_id" { - description = "Project ID" + description = "Project ID." type = string } diff --git a/blueprints/factories/net-vpc-firewall-yaml/README.md b/blueprints/factories/net-vpc-firewall-yaml/README.md index efd5a3a0..26e85c5d 100644 --- a/blueprints/factories/net-vpc-firewall-yaml/README.md +++ b/blueprints/factories/net-vpc-firewall-yaml/README.md @@ -1,6 +1,6 @@ # Google Cloud VPC Firewall Factory -This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. +This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL. @@ -79,10 +79,10 @@ rule-name: # descriptive name, naming convention is adjusted by the module destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule - 0.0.0.0/0 source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule - source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, can not be specified together with `source_tags` or `target_tags` + source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags` - myapp@myproject-id.iam.gserviceaccount.com target_tags: ['some-tag'] # list of target tags - target_service_accounts: # list of target service accounts, , can not be specified together with `source_tags` or `target_tags` + target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags` - myapp@myproject-id.iam.gserviceaccount.com ``` diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md index cc5ed962..a5680781 100644 --- a/blueprints/factories/project-factory/README.md +++ b/blueprints/factories/project-factory/README.md @@ -69,6 +69,7 @@ module "projects" { kms_service_agents = try(each.value.kms, {}) labels = try(each.value.labels, {}) org_policies = try(each.value.org_policies, {}) + prefix = each.value.prefix service_accounts = try(each.value.service_accounts, {}) services = try(each.value.services, []) service_identities_iam = try(each.value.service_identities_iam, {}) @@ -109,9 +110,9 @@ vpc_host_project: project-example-host-project # [opt] Billing account id - overrides default if set billing_account_id: 012345-67890A-BCDEF0 - + # [opt] Billing alerts config - overrides default if set -billing_alert: +billing_alert: amount: 10 thresholds: current: @@ -119,42 +120,42 @@ billing_alert: - 0.8 forecasted: [] -# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults -dns_zones: +# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults +dns_zones: - lorem - ipsum -# [opt] Contacts for billing alerts and important notifications -essential_contacts: +# [opt] Contacts for billing alerts and important notifications +essential_contacts: - team-a-contacts@example.com # Folder the project will be created as children of folder_id: folders/012345678901 # [opt] Authoritative IAM bindings in group => [roles] format -group_iam: +group_iam: test-team-foobar@fast-lab-0.gcp-pso-italy.net: - roles/compute.admin # [opt] Authoritative IAM bindings in role => [principals] format # Generally used to grant roles to service accounts external to the project -iam: +iam: roles/compute.admin: - serviceAccount:service-account -# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter +# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter # in service => [keys] format -kms_service_agents: +kms_service_agents: compute: [key1, key2] storage: [key1, key2] # [opt] Labels for the project - merged with the ones defined in defaults -labels: +labels: environment: prod # [opt] Org policy overrides defined at project level org_policies: - constraints/compute.disableGuestAttributesAccess: + constraints/compute.disableGuestAttributesAccess: enforce: true constraints/compute.trustedImageProjects: allow: @@ -166,7 +167,7 @@ org_policies: # [opt] Service account to create for the project and their roles on the project # in name => [roles] format -service_accounts: +service_accounts: another-service-account: - roles/compute.admin my-service-account: @@ -179,37 +180,37 @@ service_accounts_iam: - roles/iam.serviceAccountTokenCreator: - group: app-team-1@example.com -# [opt] APIs to enable on the project. -services: +# [opt] APIs to enable on the project. +services: - storage.googleapis.com - stackdriver.googleapis.com - compute.googleapis.com # [opt] Roles to assign to the robots service accounts in robot => [roles] format -services_iam: +services_iam: compute: - roles/storage.objectViewer - # [opt] VPC setup. - # If set enables the `compute.googleapis.com` service and configures + # [opt] VPC setup. + # If set enables the `compute.googleapis.com` service and configures # service project attachment -vpc: +vpc: # [opt] If set, enables the container API - gke_setup: + gke_setup: - # Grants "roles/container.hostServiceAgentUser" to the container robot if set + # Grants "roles/container.hostServiceAgentUser" to the container robot if set enable_host_service_agent: false - # Grants "roles/compute.securityAdmin" to the container robot if set + # Grants "roles/compute.securityAdmin" to the container robot if set enable_security_admin: true - # Host project the project will be service project of + # Host project the project will be service project of host_project: fast-prod-net-spoke-0 # [opt] Subnets in the host project where principals will be granted networkUser - # in region/subnet-name => [principals] - subnets_iam: + # in region/subnet-name => [principals] + subnets_iam: europe-west1/prod-default-ew1: - user:foobar@example.com - serviceAccount:service-account1@my-project.iam.gserviceaccount.com @@ -221,7 +222,8 @@ vpc: | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | -| [project_id](variables.tf#L157) | Project id. | string | ✓ | | +| [prefix](variables.tf#L151) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L160) | Project id. | string | ✓ | | | [billing_alert](variables.tf#L22) | Billing alert configuration. | object({…}) | | null | | [defaults](variables.tf#L35) | Project factory default values. | object({…}) | | null | | [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | list(string) | | [] | @@ -234,21 +236,20 @@ vpc: | [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | map(list(string)) | | {} | | [labels](variables.tf#L105) | Labels to be assigned at project level. | map(string) | | {} | | [org_policies](variables.tf#L111) | Org-policy overrides at project level. | map(object({…})) | | {} | -| [prefix](variables.tf#L151) | Prefix used for the project id. | string | | null | -| [service_accounts](variables.tf#L162) | Service accounts to be created, and roles assigned them on the project. | map(list(string)) | | {} | -| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string)) | | {} | -| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | -| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | -| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [services](variables.tf#L202) | Services to be enabled for the project. | list(string) | | [] | -| [vpc](variables.tf#L209) | VPC configuration for the project. | object({…}) | | null | +| [service_accounts](variables.tf#L165) | Service accounts to be created, and roles assigned them on the project. | map(list(string)) | | {} | +| [service_accounts_additive](variables.tf#L171) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string)) | | {} | +| [service_accounts_iam](variables.tf#L177) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | map(map(list(string))) | | {} | +| [service_accounts_iam_additive](variables.tf#L184) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | map(map(list(string))) | | {} | +| [service_identities_iam](variables.tf#L191) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [service_identities_iam_additive](variables.tf#L198) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [services](variables.tf#L205) | Services to be enabled for the project. | list(string) | | [] | +| [vpc](variables.tf#L212) | VPC configuration for the project. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| [project](outputs.tf#L19) | The project resource as return by the `project` module | | +| [project](outputs.tf#L19) | The project resource as return by the `project` module. | | | [project_id](outputs.tf#L29) | Project ID. | | diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf index 1fe5e1e4..f6b2a797 100644 --- a/blueprints/factories/project-factory/main.tf +++ b/blueprints/factories/project-factory/main.tf @@ -29,11 +29,7 @@ locals { } _group_iam_bindings = distinct(flatten(values(var.group_iam))) _group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive))) - _project_id = ( - var.prefix == null || var.prefix == "" - ? var.project_id - : "${var.prefix}-${var.project_id}" - ) + _service_accounts_iam = { for r in local._service_accounts_iam_bindings : r => [ for k, v in var.service_accounts : diff --git a/blueprints/factories/project-factory/outputs.tf b/blueprints/factories/project-factory/outputs.tf index a60ad457..a989eaba 100644 --- a/blueprints/factories/project-factory/outputs.tf +++ b/blueprints/factories/project-factory/outputs.tf @@ -17,7 +17,7 @@ # TODO(): proper outputs output "project" { - description = "The project resource as return by the `project` module" + description = "The project resource as return by the `project` module." value = module.project depends_on = [ diff --git a/blueprints/factories/project-factory/sample-data/defaults.yaml b/blueprints/factories/project-factory/sample-data/defaults.yaml index af810c94..72ed3f0d 100644 --- a/blueprints/factories/project-factory/sample-data/defaults.yaml +++ b/blueprints/factories/project-factory/sample-data/defaults.yaml @@ -25,4 +25,5 @@ labels: # [opt] Additional notification channels for billing notification_channels: [] shared_vpc_self_link: projects/foo/networks/bar +prefix: test vpc_host_project: diff --git a/blueprints/factories/project-factory/sample-data/projects/project.yaml b/blueprints/factories/project-factory/sample-data/projects/project.yaml index 88ba0bf5..03449913 100644 --- a/blueprints/factories/project-factory/sample-data/projects/project.yaml +++ b/blueprints/factories/project-factory/sample-data/projects/project.yaml @@ -58,6 +58,9 @@ org_policies: deny: all: true +# [opt] Prefix - overrides default if set +prefix: test1 + # [opt] Service account to create for the project and their roles on the project # in name => [roles] format service_accounts: diff --git a/blueprints/factories/project-factory/variables.tf b/blueprints/factories/project-factory/variables.tf index cbcae798..0ece0f04 100644 --- a/blueprints/factories/project-factory/variables.tf +++ b/blueprints/factories/project-factory/variables.tf @@ -149,9 +149,12 @@ variable "org_policies" { } variable "prefix" { - description = "Prefix used for the project id." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_id" { @@ -172,14 +175,14 @@ variable "service_accounts_additive" { } variable "service_accounts_iam" { - description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}" + description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}." type = map(map(list(string))) default = {} nullable = false } variable "service_accounts_iam_additive" { - description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}" + description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}." type = map(map(list(string))) default = {} nullable = false diff --git a/blueprints/gke/binauthz/README.md b/blueprints/gke/binauthz/README.md index 41eef22b..387ceb09 100644 --- a/blueprints/gke/binauthz/README.md +++ b/blueprints/gke/binauthz/README.md @@ -107,15 +107,15 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L44) | Project ID. | string | ✓ | | +| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L47) | Project ID. | string | ✓ | | | [master_cidr_block](variables.tf#L17) | Master CIDR block. | string | | "10.0.0.0/28" | | [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | string | | "172.16.0.0/20" | -| [prefix](variables.tf#L29) | Prefix for resources created. | string | | null | -| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L49) | Region. | string | | "europe-west1" | -| [services_cidr_block](variables.tf#L55) | Services CIDR block. | string | | "192.168.0.0/24" | -| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | string | | "10.0.1.0/24" | -| [zone](variables.tf#L67) | Zone. | string | | "europe-west1-c" | +| [project_create](variables.tf#L38) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L52) | Region. | string | | "europe-west1" | +| [services_cidr_block](variables.tf#L58) | Services CIDR block. | string | | "192.168.0.0/24" | +| [subnet_cidr_block](variables.tf#L64) | Subnet CIDR block. | string | | "10.0.1.0/24" | +| [zone](variables.tf#L70) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/gke/binauthz/main.tf b/blueprints/gke/binauthz/main.tf index ee716cdf..77f7f0e4 100644 --- a/blueprints/gke/binauthz/main.tf +++ b/blueprints/gke/binauthz/main.tf @@ -15,7 +15,6 @@ */ locals { - prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" k8s_ns = "apis" k8s_sa = "storage-api-sa" image = ( @@ -61,7 +60,7 @@ module "project" { module "vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}vpc" + name = "${var.prefix}-vpc" subnets = [ { ip_cidr_range = var.subnet_cidr_block @@ -79,14 +78,14 @@ module "nat" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}nat" + name = "${var.prefix}-nat" router_network = module.vpc.name } module "cluster" { source = "../../../modules/gke-cluster" project_id = module.project.project_id - name = "${local.prefix}cluster" + name = "${var.prefix}-cluster" location = var.zone vpc_config = { master_ipv4_cidr_block = var.master_cidr_block @@ -174,7 +173,7 @@ module "docker_artifact_registry" { project_id = module.project.project_id location = var.region format = "DOCKER" - id = "${local.prefix}registry" + id = "${var.prefix}-registry" iam = { "roles/artifactregistry.writer" = [module.image_cb_sa.iam_email] "roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email] @@ -190,7 +189,7 @@ module "image_cb_sa" { module "image_repo" { source = "../../../modules/source-repository" project_id = module.project.project_id - name = "${local.prefix}image" + name = "${var.prefix}-image" triggers = { image-trigger = { filename = "cloudbuild.yaml" @@ -222,7 +221,7 @@ module "app_cb_sa" { module "app_repo" { source = "../../../modules/source-repository" project_id = module.project.project_id - name = "${local.prefix}app" + name = "${var.prefix}-app" triggers = { app-trigger = { filename = "cloudbuild.yaml" diff --git a/blueprints/gke/binauthz/variables.tf b/blueprints/gke/binauthz/variables.tf index 2e19b1aa..7f180426 100644 --- a/blueprints/gke/binauthz/variables.tf +++ b/blueprints/gke/binauthz/variables.tf @@ -27,9 +27,12 @@ variable "pods_cidr_block" { } variable "prefix" { - description = "Prefix for resources created." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md index 7deafdad..7d43bd40 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md @@ -69,8 +69,8 @@ Once done testing, you can clean up resources by running `terraform destroy`. | [mgmt_project_id](variables.tf#L63) | Management Project ID. | string | ✓ | | | [parent](variables.tf#L94) | Parent. | string | ✓ | | | [clusters_config](variables.tf#L22) | Clusters configuration. | map(object({…})) | | {…} | -| [istio_version](variables.tf#L57) | ASM version | string | | "1.14.1-asm.3" | -| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | object({…}) | | {…} | +| [istio_version](variables.tf#L57) | ASM version. | string | | "1.14.1-asm.3" | +| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration. | object({…}) | | {…} | | [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | string | | "10.0.0.0/28" | | [region](variables.tf#L99) | Region. | string | | "europe-west1" | diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf index 4cff10fb..428778f2 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf @@ -55,7 +55,7 @@ variable "host_project_id" { variable "istio_version" { - description = "ASM version" + description = "ASM version." type = string default = "1.14.1-asm.3" } @@ -66,7 +66,7 @@ variable "mgmt_project_id" { } variable "mgmt_server_config" { - description = "Mgmt server configuration" + description = "Mgmt server configuration." type = object({ disk_size = number disk_type = string diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md index 9e1cd9b5..80d09ac1 100644 --- a/blueprints/gke/multitenant-fleet/README.md +++ b/blueprints/gke/multitenant-fleet/README.md @@ -247,9 +247,9 @@ module "gke" { |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | | [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | | -| [prefix](variables.tf#L179) | Prefix used for resources that need unique names. | string | ✓ | | -| [project_id](variables.tf#L184) | ID of the project that will contain all the clusters. | string | ✓ | | -| [vpc_config](variables.tf#L196) | Shared VPC project and VPC details. | object({…}) | ✓ | | +| [prefix](variables.tf#L179) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L188) | ID of the project that will contain all the clusters. | string | ✓ | | +| [vpc_config](variables.tf#L200) | Shared VPC project and VPC details. | object({…}) | ✓ | | | [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | | [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} | | [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} | @@ -259,7 +259,7 @@ module "gke" { | [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [labels](variables.tf#L151) | Project-level labels. | map(string) | | {} | | [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | -| [project_services](variables.tf#L189) | Additional project services to enable. | list(string) | | [] | +| [project_services](variables.tf#L193) | Additional project services to enable. | list(string) | | [] | ## Outputs diff --git a/blueprints/gke/multitenant-fleet/variables.tf b/blueprints/gke/multitenant-fleet/variables.tf index 8d6c69ae..2cfd26a1 100644 --- a/blueprints/gke/multitenant-fleet/variables.tf +++ b/blueprints/gke/multitenant-fleet/variables.tf @@ -177,8 +177,12 @@ variable "nodepools" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_id" { diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md index cbf69606..64a3e41c 100644 --- a/blueprints/networking/decentralized-firewall/README.md +++ b/blueprints/networking/decentralized-firewall/README.md @@ -26,11 +26,11 @@ in the [`validator/`](validator/) subdirectory, which can be integrated as part | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L29) | Prefix used for resources that need unique names. | string | ✓ | | -| [root_node](variables.tf#L50) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | | +| [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | | [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | map(string) | | {…} | -| [project_services](variables.tf#L34) | Service APIs enabled by default in new projects. | list(string) | | […] | -| [region](variables.tf#L44) | Region used. | string | | "europe-west1" | +| [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [region](variables.tf#L48) | Region used. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/decentralized-firewall/variables.tf b/blueprints/networking/decentralized-firewall/variables.tf index 76a3e1cd..cf48e23c 100644 --- a/blueprints/networking/decentralized-firewall/variables.tf +++ b/blueprints/networking/decentralized-firewall/variables.tf @@ -27,8 +27,12 @@ variable "ip_ranges" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_services" { diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/filtering-proxy-psc/README.md index 6459f3bf..61631af5 100644 --- a/blueprints/networking/filtering-proxy-psc/README.md +++ b/blueprints/networking/filtering-proxy-psc/README.md @@ -17,12 +17,12 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L44) | Prefix used for resources that need unique names. | string | ✓ | | -| [project_id](variables.tf#L66) | Project id used for all resources. | string | ✓ | | +| [prefix](variables.tf#L44) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L70) | Project id used for all resources. | string | ✓ | | | [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string) | | […] | | [cidrs](variables.tf#L28) | CIDR ranges for subnets. | map(string) | | {…} | | [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | "ERRORS_ONLY" | -| [project_create](variables.tf#L49) | Set to non null if project needs to be created. | object({…}) | | null | -| [region](variables.tf#L71) | Default region for resources. | string | | "europe-west1" | +| [project_create](variables.tf#L53) | Set to non null if project needs to be created. | object({…}) | | null | +| [region](variables.tf#L75) | Default region for resources. | string | | "europe-west1" | diff --git a/blueprints/networking/filtering-proxy-psc/variables.tf b/blueprints/networking/filtering-proxy-psc/variables.tf index 620107e4..6e821651 100644 --- a/blueprints/networking/filtering-proxy-psc/variables.tf +++ b/blueprints/networking/filtering-proxy-psc/variables.tf @@ -42,8 +42,12 @@ variable "nat_logging" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/filtering-proxy/README.md index 46318843..9d7e2c02 100644 --- a/blueprints/networking/filtering-proxy/README.md +++ b/blueprints/networking/filtering-proxy/README.md @@ -21,13 +21,13 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L52) | Prefix used for resources that need unique names. | string | ✓ | | -| [root_node](variables.tf#L63) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [prefix](variables.tf#L52) | Prefix used for resource names. | string | ✓ | | +| [root_node](variables.tf#L67) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | | [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string) | | […] | | [cidrs](variables.tf#L31) | CIDR ranges for subnets. | map(string) | | {…} | | [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | bool | | false | | [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | "ERRORS_ONLY" | -| [region](variables.tf#L57) | Default region for resources. | string | | "europe-west1" | +| [region](variables.tf#L61) | Default region for resources. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/filtering-proxy/variables.tf b/blueprints/networking/filtering-proxy/variables.tf index 35245a40..a578eb12 100644 --- a/blueprints/networking/filtering-proxy/variables.tf +++ b/blueprints/networking/filtering-proxy/variables.tf @@ -50,8 +50,12 @@ variable "nat_logging" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "region" { diff --git a/blueprints/networking/glb-and-armor/README.md b/blueprints/networking/glb-and-armor/README.md index ff399bf4..8385beab 100644 --- a/blueprints/networking/glb-and-armor/README.md +++ b/blueprints/networking/glb-and-armor/README.md @@ -124,10 +124,10 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L38) | Identifier of the project. | string | ✓ | | +| [prefix](variables.tf#L23) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L41) | Identifier of the project. | string | ✓ | | | [enforce_security_policy](variables.tf#L17) | Enforce security policy. | bool | | true | -| [prefix](variables.tf#L23) | Prefix used for created resources. | string | | null | -| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | object({…}) | | null | +| [project_create](variables.tf#L32) | Parameters for the creation of the new project. | object({…}) | | null | ## Outputs diff --git a/blueprints/networking/glb-and-armor/main.tf b/blueprints/networking/glb-and-armor/main.tf index 83622609..26f90ac1 100644 --- a/blueprints/networking/glb-and-armor/main.tf +++ b/blueprints/networking/glb-and-armor/main.tf @@ -15,7 +15,7 @@ */ locals { - prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" + prefix = var.prefix == null ? "" : "${var.prefix}-" } module "project" { @@ -40,7 +40,7 @@ module "project" { module "vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}vpc" + name = "${var.prefix}-vpc" subnets = [ { ip_cidr_range = "10.0.1.0/24" @@ -70,7 +70,7 @@ module "nat_ew1" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = "europe-west1" - name = "${local.prefix}nat-eu1" + name = "${var.prefix}-nat-eu1" router_network = module.vpc.name } @@ -78,7 +78,7 @@ module "nat_ue1" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = "us-east1" - name = "${local.prefix}nat-ue1" + name = "${var.prefix}-nat-ue1" router_network = module.vpc.name } @@ -86,7 +86,7 @@ module "instance_template_ew1" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "europe-west1-b" - name = "${local.prefix}europe-west1-template" + name = "${var.prefix}-europe-west1-template" instance_type = "n1-standard-2" network_interfaces = [{ network = module.vpc.self_link @@ -108,7 +108,7 @@ module "instance_template_ue1" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "us-east1-b" - name = "${local.prefix}us-east1-template" + name = "${var.prefix}-us-east1-template" network_interfaces = [{ network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"] @@ -156,7 +156,7 @@ module "mig_ew1" { source = "../../../modules/compute-mig" project_id = module.project.project_id location = "europe-west1" - name = "${local.prefix}europe-west1-mig" + name = "${var.prefix}-europe-west1-mig" instance_template = module.instance_template_ew1.template.self_link autoscaler_config = { max_replicas = 5 @@ -180,7 +180,7 @@ module "mig_ue1" { source = "../../../modules/compute-mig" project_id = module.project.project_id location = "us-east1" - name = "${local.prefix}us-east1-mig" + name = "${var.prefix}-us-east1-mig" instance_template = module.instance_template_ue1.template.self_link autoscaler_config = { max_replicas = 5 @@ -202,7 +202,7 @@ module "mig_ue1" { module "glb" { source = "../../../modules/net-glb" - name = "${local.prefix}http-lb" + name = "${var.prefix}-http-lb" project_id = module.project.project_id backend_services_config = { http-backend = { @@ -259,7 +259,7 @@ module "glb" { resource "google_compute_security_policy" "policy" { count = var.enforce_security_policy ? 1 : 0 - name = "${local.prefix}denylist-siege" + name = "${var.prefix}-denylist-siege" project = module.project.project_id rule { action = "deny(403)" diff --git a/blueprints/networking/glb-and-armor/variables.tf b/blueprints/networking/glb-and-armor/variables.tf index a428a884..cf2aa583 100644 --- a/blueprints/networking/glb-and-armor/variables.tf +++ b/blueprints/networking/glb-and-armor/variables.tf @@ -21,9 +21,12 @@ variable "enforce_security_policy" { } variable "prefix" { - description = "Prefix used for created resources." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/networking/hub-and-spoke-peering/README.md b/blueprints/networking/hub-and-spoke-peering/README.md index 3fa1ef9a..d39cb3aa 100644 --- a/blueprints/networking/hub-and-spoke-peering/README.md +++ b/blueprints/networking/hub-and-spoke-peering/README.md @@ -84,13 +84,13 @@ The VPN used to connect the GKE masters VPC does not account for HA, upgrading t | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L66) | Project id used for all resources. | string | ✓ | | +| [prefix](variables.tf#L34) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L69) | Project id used for all resources. | string | ✓ | | | [ip_ranges](variables.tf#L15) | IP CIDR ranges. | map(string) | | {…} | | [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | map(string) | | {…} | -| [prefix](variables.tf#L34) | Arbitrary string used to prefix resource names. | string | | null | -| [private_service_ranges](variables.tf#L40) | Private service IP CIDR ranges. | map(string) | | {…} | -| [project_create](variables.tf#L48) | Set to non null if project needs to be created. | object({…}) | | null | -| [region](variables.tf#L71) | VPC region. | string | | "europe-west1" | +| [private_service_ranges](variables.tf#L43) | Private service IP CIDR ranges. | map(string) | | {…} | +| [project_create](variables.tf#L51) | Set to non null if project needs to be created. | object({…}) | | null | +| [region](variables.tf#L74) | VPC region. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/hub-and-spoke-peering/main.tf b/blueprints/networking/hub-and-spoke-peering/main.tf index 7fa8142e..de1c7661 100644 --- a/blueprints/networking/hub-and-spoke-peering/main.tf +++ b/blueprints/networking/hub-and-spoke-peering/main.tf @@ -13,7 +13,6 @@ # limitations under the License. locals { - prefix = var.prefix != null && var.prefix != "" ? "${var.prefix}-" : "" vm-instances = [ module.vm-hub.instance, module.vm-spoke-1.instance, @@ -49,11 +48,11 @@ module "project" { module "vpc-hub" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}hub" + name = "${var.prefix}-hub" subnets = [ { ip_cidr_range = var.ip_ranges.hub - name = "${local.prefix}hub-1" + name = "${var.prefix}-hub-1" region = var.region } ] @@ -63,8 +62,8 @@ module "nat-hub" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}hub" - router_name = "${local.prefix}hub" + name = "${var.prefix}-hub" + router_name = "${var.prefix}-hub" router_network = module.vpc-hub.self_link } @@ -84,11 +83,11 @@ module "vpc-hub-firewall" { module "vpc-spoke-1" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}spoke-1" + name = "${var.prefix}-spoke-1" subnets = [ { ip_cidr_range = var.ip_ranges.spoke-1 - name = "${local.prefix}spoke-1-1" + name = "${var.prefix}-spoke-1-1" region = var.region } ] @@ -107,8 +106,8 @@ module "nat-spoke-1" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}spoke-1" - router_name = "${local.prefix}spoke-1" + name = "${var.prefix}-spoke-1" + router_name = "${var.prefix}-spoke-1" router_network = module.vpc-spoke-1.self_link } @@ -127,11 +126,11 @@ module "hub-to-spoke-1-peering" { module "vpc-spoke-2" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" subnets = [ { ip_cidr_range = var.ip_ranges.spoke-2 - name = "${local.prefix}spoke-2-1" + name = "${var.prefix}-spoke-2-1" region = var.region secondary_ip_ranges = { pods = var.ip_secondary_ranges.spoke-2-pods @@ -154,8 +153,8 @@ module "nat-spoke-2" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}spoke-2" - router_name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" + router_name = "${var.prefix}-spoke-2" router_network = module.vpc-spoke-2.self_link } @@ -176,10 +175,10 @@ module "vm-hub" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "${var.region}-b" - name = "${local.prefix}hub" + name = "${var.prefix}-hub" network_interfaces = [{ network = module.vpc-hub.self_link - subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"] + subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${var.prefix}-hub-1"] nat = false addresses = null }] @@ -193,10 +192,10 @@ module "vm-spoke-1" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "${var.region}-b" - name = "${local.prefix}spoke-1" + name = "${var.prefix}-spoke-1" network_interfaces = [{ network = module.vpc-spoke-1.self_link - subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"] + subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${var.prefix}-spoke-1-1"] nat = false addresses = null }] @@ -210,10 +209,10 @@ module "vm-spoke-2" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "${var.region}-b" - name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" network_interfaces = [{ network = module.vpc-spoke-2.self_link - subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"] + subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"] nat = false addresses = null }] @@ -226,7 +225,7 @@ module "vm-spoke-2" { module "service-account-gce" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = "${local.prefix}gce-test" + name = "${var.prefix}-gce-test" iam_project_roles = { (var.project_id) = [ "roles/container.developer", @@ -242,12 +241,12 @@ module "service-account-gce" { module "cluster-1" { source = "../../../modules/gke-cluster" - name = "${local.prefix}cluster-1" + name = "${var.prefix}-cluster-1" project_id = module.project.project_id location = "${var.region}-b" vpc_config = { network = module.vpc-spoke-2.self_link - subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"] + subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"] master_authorized_ranges = { for name, range in var.ip_ranges : name => range } @@ -269,7 +268,7 @@ module "cluster-1" { module "cluster-1-nodepool-1" { source = "../../../modules/gke-nodepool" - name = "${local.prefix}nodepool-1" + name = "${var.prefix}-nodepool-1" project_id = module.project.project_id location = module.cluster-1.location cluster_name = module.cluster-1.name @@ -284,7 +283,7 @@ module "cluster-1-nodepool-1" { module "service-account-gke-node" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = "${local.prefix}gke-node" + name = "${var.prefix}-gke-node" iam_project_roles = { (var.project_id) = [ "roles/logging.logWriter", "roles/monitoring.metricWriter", @@ -301,7 +300,7 @@ module "vpn-hub" { project_id = module.project.project_id region = var.region network = module.vpc-hub.name - name = "${local.prefix}hub" + name = "${var.prefix}-hub" remote_ranges = values(var.private_service_ranges) tunnels = { spoke-2 = { @@ -318,7 +317,7 @@ module "vpn-spoke-2" { project_id = module.project.project_id region = var.region network = module.vpc-spoke-2.name - name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" # use an aggregate of the remote ranges, so as to be less specific than the # routes exchanged via peering remote_ranges = ["10.0.0.0/8"] diff --git a/blueprints/networking/hub-and-spoke-peering/variables.tf b/blueprints/networking/hub-and-spoke-peering/variables.tf index fdaf4e83..803b7396 100644 --- a/blueprints/networking/hub-and-spoke-peering/variables.tf +++ b/blueprints/networking/hub-and-spoke-peering/variables.tf @@ -32,9 +32,12 @@ variable "ip_secondary_ranges" { } variable "prefix" { - description = "Arbitrary string used to prefix resource names." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "private_service_ranges" { diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md index 2ba3a86a..4f580ed8 100644 --- a/blueprints/networking/hub-and-spoke-vpn/README.md +++ b/blueprints/networking/hub-and-spoke-vpn/README.md @@ -85,13 +85,13 @@ ping test-r2.dev.example.com | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L49) | Project id for all resources. | string | ✓ | | +| [prefix](variables.tf#L34) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L52) | Project id for all resources. | string | ✓ | | | [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | map(string) | | {…} | | [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | map(map(string)) | | {} | -| [prefix](variables.tf#L34) | Prefix used in resource names. | string | | null | -| [project_create_config](variables.tf#L40) | Populate with billing account id to trigger project creation. | object({…}) | | null | -| [regions](variables.tf#L54) | VPC regions. | map(string) | | {…} | -| [vpn_configs](variables.tf#L63) | VPN configurations. | map(object({…})) | | {…} | +| [project_create_config](variables.tf#L43) | Populate with billing account id to trigger project creation. | object({…}) | | null | +| [regions](variables.tf#L57) | VPC regions. | map(string) | | {…} | +| [vpn_configs](variables.tf#L66) | VPN configurations. | map(object({…})) | | {…} | ## Outputs diff --git a/blueprints/networking/hub-and-spoke-vpn/main.tf b/blueprints/networking/hub-and-spoke-vpn/main.tf index d3fbc899..8810a71d 100644 --- a/blueprints/networking/hub-and-spoke-vpn/main.tf +++ b/blueprints/networking/hub-and-spoke-vpn/main.tf @@ -12,10 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -locals { - prefix = var.prefix == null ? "" : "${var.prefix}-" -} - # enable services in the project used module "project" { @@ -35,11 +31,11 @@ module "project" { module "landing-r1-vm" { source = "../../../modules/compute-vm" project_id = var.project_id - name = "${local.prefix}lnd-test-r1" + name = "${var.prefix}-lnd-test-r1" zone = "${var.regions.r1}-b" network_interfaces = [{ network = module.landing-vpc.self_link - subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}lnd-0"] + subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-lnd-0"] nat = false addresses = null }] @@ -51,11 +47,11 @@ module "landing-r1-vm" { module "prod-r1-vm" { source = "../../../modules/compute-vm" project_id = var.project_id - name = "${local.prefix}prd-test-r1" + name = "${var.prefix}-prd-test-r1" zone = "${var.regions.r1}-b" network_interfaces = [{ network = module.prod-vpc.self_link - subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}prd-0"] + subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-prd-0"] nat = false addresses = null }] @@ -67,11 +63,11 @@ module "prod-r1-vm" { module "dev-r2-vm" { source = "../../../modules/compute-vm" project_id = var.project_id - name = "${local.prefix}dev-test-r2" + name = "${var.prefix}-dev-test-r2" zone = "${var.regions.r2}-b" network_interfaces = [{ network = module.dev-vpc.self_link - subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${local.prefix}dev-0"] + subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${var.prefix}-dev-0"] nat = false addresses = null }] diff --git a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf index 736c742f..f7cf84db 100644 --- a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf +++ b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf @@ -17,11 +17,11 @@ module "dev-vpc" { source = "../../../modules/net-vpc" project_id = var.project_id - name = "${local.prefix}dev" + name = "${var.prefix}-dev" subnets = [ { ip_cidr_range = var.ip_ranges.dev-0-r1 - name = "${local.prefix}dev-0" + name = "${var.prefix}-dev-0" region = var.regions.r1 secondary_ip_ranges = try( var.ip_secondary_ranges.dev-0-r1, {} @@ -29,7 +29,7 @@ module "dev-vpc" { }, { ip_cidr_range = var.ip_ranges.dev-0-r2 - name = "${local.prefix}dev-0" + name = "${var.prefix}-dev-0" region = var.regions.r2 secondary_ip_ranges = try( var.ip_secondary_ranges.dev-0-r2, {} @@ -51,7 +51,7 @@ module "dev-dns-peering" { source = "../../../modules/dns" project_id = var.project_id type = "peering" - name = "${local.prefix}example-com-dev-peering" + name = "${var.prefix}-example-com-dev-peering" domain = "example.com." client_networks = [module.dev-vpc.self_link] peer_network = module.landing-vpc.self_link @@ -61,7 +61,7 @@ module "dev-dns-zone" { source = "../../../modules/dns" project_id = var.project_id type = "private" - name = "${local.prefix}dev-example-com" + name = "${var.prefix}-dev-example-com" domain = "dev.example.com." client_networks = [module.landing-vpc.self_link] recordsets = { diff --git a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf index b385bfb1..31fdb856 100644 --- a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf +++ b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf @@ -17,11 +17,11 @@ module "landing-vpc" { source = "../../../modules/net-vpc" project_id = var.project_id - name = "${local.prefix}lnd" + name = "${var.prefix}-lnd" subnets = [ { ip_cidr_range = var.ip_ranges.land-0-r1 - name = "${local.prefix}lnd-0" + name = "${var.prefix}-lnd-0" region = var.regions.r1 secondary_ip_ranges = try( var.ip_secondary_ranges.land-0-r1, {} @@ -29,7 +29,7 @@ module "landing-vpc" { }, { ip_cidr_range = var.ip_ranges.land-0-r2 - name = "${local.prefix}lnd-0" + name = "${var.prefix}-lnd-0" region = var.regions.r2 secondary_ip_ranges = try( var.ip_secondary_ranges.land-0-r2, {} @@ -51,7 +51,7 @@ module "landing-dns-zone" { source = "../../../modules/dns" project_id = var.project_id type = "private" - name = "${local.prefix}example-com" + name = "${var.prefix}-example-com" domain = "example.com." client_networks = [module.landing-vpc.self_link] recordsets = { diff --git a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf index ad58b585..ec326021 100644 --- a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf +++ b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf @@ -17,11 +17,11 @@ module "prod-vpc" { source = "../../../modules/net-vpc" project_id = var.project_id - name = "${local.prefix}prd" + name = "${var.prefix}-prd" subnets = [ { ip_cidr_range = var.ip_ranges.prod-0-r1 - name = "${local.prefix}prd-0" + name = "${var.prefix}-prd-0" region = var.regions.r1 secondary_ip_ranges = try( var.ip_secondary_ranges.prod-0-r1, {} @@ -29,7 +29,7 @@ module "prod-vpc" { }, { ip_cidr_range = var.ip_ranges.prod-0-r2 - name = "${local.prefix}prd-0" + name = "${var.prefix}-prd-0" region = var.regions.r2 secondary_ip_ranges = try( var.ip_secondary_ranges.prod-0-r2, {} @@ -51,7 +51,7 @@ module "prod-dns-peering" { source = "../../../modules/dns" project_id = var.project_id type = "peering" - name = "${local.prefix}example-com-prd-peering" + name = "${var.prefix}-example-com-prd-peering" domain = "example.com." client_networks = [module.prod-vpc.self_link] peer_network = module.landing-vpc.self_link @@ -61,7 +61,7 @@ module "prod-dns-zone" { source = "../../../modules/dns" project_id = var.project_id type = "private" - name = "${local.prefix}prd-example-com" + name = "${var.prefix}-prd-example-com" domain = "prd.example.com." client_networks = [module.landing-vpc.self_link] recordsets = { diff --git a/blueprints/networking/hub-and-spoke-vpn/variables.tf b/blueprints/networking/hub-and-spoke-vpn/variables.tf index 98286e8e..90fbd359 100644 --- a/blueprints/networking/hub-and-spoke-vpn/variables.tf +++ b/blueprints/networking/hub-and-spoke-vpn/variables.tf @@ -32,9 +32,12 @@ variable "ip_secondary_ranges" { } variable "prefix" { - description = "Prefix used in resource names." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create_config" { diff --git a/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf b/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf index 238475aa..02b58e67 100644 --- a/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf +++ b/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf @@ -19,9 +19,9 @@ module "landing-to-dev-vpn-r1" { project_id = var.project_id network = module.landing-vpc.self_link region = var.regions.r1 - name = "${local.prefix}lnd-to-dev-r1" + name = "${var.prefix}-lnd-to-dev-r1" router_create = false - router_name = "${local.prefix}lnd-vpn-r1" + router_name = "${var.prefix}-lnd-vpn-r1" # router is created and managed by the production VPN module # so we don't configure advertisements here peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link @@ -62,9 +62,9 @@ module "dev-to-landing-vpn-r1" { project_id = var.project_id network = module.dev-vpc.self_link region = var.regions.r1 - name = "${local.prefix}dev-to-lnd-r1" + name = "${var.prefix}-dev-to-lnd-r1" router_create = true - router_name = "${local.prefix}dev-vpn-r1" + router_name = "${var.prefix}-dev-vpn-r1" router_asn = var.vpn_configs.dev-r1.asn router_advertise_config = ( var.vpn_configs.dev-r1.custom_ranges == null diff --git a/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf b/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf index 1c2e7028..dc964850 100644 --- a/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf +++ b/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf @@ -19,9 +19,9 @@ module "landing-to-prod-vpn-r1" { project_id = var.project_id network = module.landing-vpc.self_link region = var.regions.r1 - name = "${local.prefix}lnd-to-prd-r1" + name = "${var.prefix}-lnd-to-prd-r1" router_create = true - router_name = "${local.prefix}lnd-vpn-r1" + router_name = "${var.prefix}-lnd-vpn-r1" router_asn = var.vpn_configs.land-r1.asn router_advertise_config = ( var.vpn_configs.land-r1.custom_ranges == null @@ -68,9 +68,9 @@ module "prod-to-landing-vpn-r1" { project_id = var.project_id network = module.prod-vpc.self_link region = var.regions.r1 - name = "${local.prefix}prd-to-lnd-r1" + name = "${var.prefix}-prd-to-lnd-r1" router_create = true - router_name = "${local.prefix}prd-vpn-r1" + router_name = "${var.prefix}-prd-vpn-r1" router_asn = var.vpn_configs.prod-r1.asn # the router is managed here but shared with the dev VPN router_advertise_config = ( diff --git a/blueprints/networking/ilb-next-hop/README.md b/blueprints/networking/ilb-next-hop/README.md index e55691eb..c3091558 100644 --- a/blueprints/networking/ilb-next-hop/README.md +++ b/blueprints/networking/ilb-next-hop/README.md @@ -65,14 +65,14 @@ A sample testing session using `tmux`: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L50) | Existing project id. | string | ✓ | | +| [prefix](variables.tf#L38) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L53) | Existing project id. | string | ✓ | | | [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | bool | | false | | [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | string | | "CLIENT_IP" | | [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | map(string) | | {…} | -| [prefix](variables.tf#L38) | Prefix used for resource names. | string | | "ilb-test" | -| [project_create](variables.tf#L44) | Create project instead of using an existing one. | bool | | false | -| [region](variables.tf#L55) | Region used for resources. | string | | "europe-west1" | -| [zones](variables.tf#L61) | Zone suffixes used for instances. | list(string) | | ["b", "c"] | +| [project_create](variables.tf#L47) | Create project instead of using an existing one. | bool | | false | +| [region](variables.tf#L58) | Region used for resources. | string | | "europe-west1" | +| [zones](variables.tf#L64) | Zone suffixes used for instances. | list(string) | | ["b", "c"] | ## Outputs diff --git a/blueprints/networking/ilb-next-hop/gateways.tf b/blueprints/networking/ilb-next-hop/gateways.tf index df066484..3a1dcffb 100644 --- a/blueprints/networking/ilb-next-hop/gateways.tf +++ b/blueprints/networking/ilb-next-hop/gateways.tf @@ -19,7 +19,7 @@ module "gw" { for_each = local.zones project_id = module.project.project_id zone = each.value - name = "${local.prefix}gw-${each.key}" + name = "${var.prefix}-gw-${each.key}" instance_type = "f1-micro" boot_disk = { @@ -51,7 +51,7 @@ module "gw" { }) } service_account = try( - module.service-accounts.emails["${local.prefix}gce-vm"], null + module.service-accounts.emails["${var.prefix}-gce-vm"], null ) service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"] group = { named_ports = null } @@ -61,7 +61,7 @@ module "ilb-left" { source = "../../../modules/net-ilb" project_id = module.project.project_id region = var.region - name = "${local.prefix}ilb-left" + name = "${var.prefix}-ilb-left" vpc_config = { network = module.vpc-left.self_link subnetwork = values(module.vpc-left.subnet_self_links)[0] @@ -85,7 +85,7 @@ module "ilb-right" { source = "../../../modules/net-ilb" project_id = module.project.project_id region = var.region - name = "${local.prefix}ilb-right" + name = "${var.prefix}-ilb-right" vpc_config = { network = module.vpc-right.self_link subnetwork = values(module.vpc-right.subnet_self_links)[0] diff --git a/blueprints/networking/ilb-next-hop/main.tf b/blueprints/networking/ilb-next-hop/main.tf index e6e0682e..0f7cfe0e 100644 --- a/blueprints/networking/ilb-next-hop/main.tf +++ b/blueprints/networking/ilb-next-hop/main.tf @@ -17,10 +17,9 @@ locals { addresses = { for k, v in module.addresses.internal_addresses : - trimprefix(k, local.prefix) => v.address + trimprefix(k, "${var.prefix}-") => v.address } - prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" - zones = { for z in var.zones : z => "${var.region}-${z}" } + zones = { for z in var.zones : z => "${var.region}-${z}" } } module "project" { @@ -36,7 +35,7 @@ module "project" { module "service-accounts" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = "${local.prefix}gce-vm" + name = "${var.prefix}-gce-vm" iam_project_roles = { (var.project_id) = [ "roles/logging.logWriter", @@ -49,11 +48,11 @@ module "addresses" { source = "../../../modules/net-address" project_id = module.project.project_id internal_addresses = { - "${local.prefix}ilb-left" = { + "${var.prefix}-ilb-left" = { region = var.region, subnetwork = values(module.vpc-left.subnet_self_links)[0] }, - "${local.prefix}ilb-right" = { + "${var.prefix}-ilb-right" = { region = var.region, subnetwork = values(module.vpc-right.subnet_self_links)[0] } diff --git a/blueprints/networking/ilb-next-hop/outputs.tf b/blueprints/networking/ilb-next-hop/outputs.tf index 17702e83..c00282ae 100644 --- a/blueprints/networking/ilb-next-hop/outputs.tf +++ b/blueprints/networking/ilb-next-hop/outputs.tf @@ -28,7 +28,7 @@ output "addresses" { output "backend_health_left" { description = "Command-line health status for left ILB backends." value = <<-EOT - gcloud compute backend-services get-health ${local.prefix}ilb-left \ + gcloud compute backend-services get-health ${var.prefix}-ilb-left \ --region ${var.region} \ --flatten status.healthStatus \ --format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" @@ -38,7 +38,7 @@ output "backend_health_left" { output "backend_health_right" { description = "Command-line health status for right ILB backends." value = <<-EOT - gcloud compute backend-services get-health ${local.prefix}ilb-right \ + gcloud compute backend-services get-health ${var.prefix}-ilb-right \ --region ${var.region} \ --flatten status.healthStatus \ --format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" diff --git a/blueprints/networking/ilb-next-hop/variables.tf b/blueprints/networking/ilb-next-hop/variables.tf index 2450c4eb..51a7c03e 100644 --- a/blueprints/networking/ilb-next-hop/variables.tf +++ b/blueprints/networking/ilb-next-hop/variables.tf @@ -38,7 +38,10 @@ variable "ip_ranges" { variable "prefix" { description = "Prefix used for resource names." type = string - default = "ilb-test" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/networking/ilb-next-hop/vms.tf b/blueprints/networking/ilb-next-hop/vms.tf index cdc36ed6..a71a60a0 100644 --- a/blueprints/networking/ilb-next-hop/vms.tf +++ b/blueprints/networking/ilb-next-hop/vms.tf @@ -27,7 +27,7 @@ module "vm-left" { for_each = local.zones project_id = module.project.project_id zone = each.value - name = "${local.prefix}vm-left-${each.key}" + name = "${var.prefix}-vm-left-${each.key}" instance_type = "f1-micro" network_interfaces = [ { @@ -50,7 +50,7 @@ module "vm-right" { for_each = local.zones project_id = module.project.project_id zone = each.value - name = "${local.prefix}vm-right-${each.key}" + name = "${var.prefix}-vm-right-${each.key}" instance_type = "f1-micro" network_interfaces = [ { diff --git a/blueprints/networking/ilb-next-hop/vpc-left.tf b/blueprints/networking/ilb-next-hop/vpc-left.tf index f5df5234..4cc73159 100644 --- a/blueprints/networking/ilb-next-hop/vpc-left.tf +++ b/blueprints/networking/ilb-next-hop/vpc-left.tf @@ -17,11 +17,11 @@ module "vpc-left" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}left" + name = "${var.prefix}-left" subnets = [ { ip_cidr_range = var.ip_ranges.left - name = "${local.prefix}left" + name = "${var.prefix}-left" region = var.region }, ] @@ -48,6 +48,6 @@ module "nat-left" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}left" + name = "${var.prefix}-left" router_network = module.vpc-left.name } diff --git a/blueprints/networking/ilb-next-hop/vpc-right.tf b/blueprints/networking/ilb-next-hop/vpc-right.tf index edd6941d..5483d34a 100644 --- a/blueprints/networking/ilb-next-hop/vpc-right.tf +++ b/blueprints/networking/ilb-next-hop/vpc-right.tf @@ -17,11 +17,11 @@ module "vpc-right" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}right" + name = "${var.prefix}-right" subnets = [ { ip_cidr_range = var.ip_ranges.right - name = "${local.prefix}right" + name = "${var.prefix}-right" region = var.region }, ] @@ -59,6 +59,6 @@ module "nat-right" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}right" + name = "${var.prefix}-right" router_network = module.vpc-right.name } diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/README.md b/blueprints/networking/nginx-reverse-proxy-cluster/README.md index b8436283..6e469a8d 100644 --- a/blueprints/networking/nginx-reverse-proxy-cluster/README.md +++ b/blueprints/networking/nginx-reverse-proxy-cluster/README.md @@ -11,27 +11,26 @@ The example is for Nginx, but it could be easily adapted to any other reverse pr ## Ops Agent image There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built. - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [autoscaling_metric](variables.tf#L31) | | object({…} | ✓ | | -| [project_name](variables.tf#L108) | Name of an existing project or of the new project | string | ✓ | | +| [autoscaling_metric](variables.tf#L31) | Definition of metric to use for scaling. | object({…} | ✓ | | +| [prefix](variables.tf#L94) | Prefix used for resource names. | string | ✓ | | +| [project_name](variables.tf#L112) | Name of an existing project or of the new project. | string | ✓ | | | [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | object({…}) | | {…} | -| [backends](variables.tf#L49) | Nginx locations configurations to proxy traffic to. | string | | "<<-EOT…EOT" | -| [cidrs](variables.tf#L61) | Subnet IP CIDR ranges. | map(string) | | {…} | -| [network](variables.tf#L69) | Network name. | string | | "reverse-proxy-vpc" | -| [network_create](variables.tf#L75) | Create network or use existing one. | bool | | true | -| [nginx_image](variables.tf#L81) | Nginx container image to use. | string | | "gcr.io/cloud-marketplace/google/nginx1:latest" | -| [ops_agent_image](variables.tf#L87) | Google Cloud Ops Agent container image to use. | string | | "gcr.io/sfans-hub-project-d647/ops-agent:latest" | -| [prefix](variables.tf#L93) | Prefix used for resources that need unique names. | string | | "" | -| [project_create](variables.tf#L99) | Parameters for the creation of the new project | object({…}) | | null | -| [region](variables.tf#L113) | Default region for resources. | string | | "europe-west4" | -| [subnetwork](variables.tf#L119) | Subnetwork name. | string | | "gce" | -| [tls](variables.tf#L125) | Also offer reverse proxying with TLS (self-signed certificate). | bool | | false | +| [backends](variables.tf#L50) | Nginx locations configurations to proxy traffic to. | string | | "<<-EOT…EOT" | +| [cidrs](variables.tf#L62) | Subnet IP CIDR ranges. | map(string) | | {…} | +| [network](variables.tf#L70) | Network name. | string | | "reverse-proxy-vpc" | +| [network_create](variables.tf#L76) | Create network or use existing one. | bool | | true | +| [nginx_image](variables.tf#L82) | Nginx container image to use. | string | | "gcr.io/cloud-marketplace/google/nginx1:latest" | +| [ops_agent_image](variables.tf#L88) | Google Cloud Ops Agent container image to use. | string | | "gcr.io/sfans-hub-project-d647/ops-agent:latest" | +| [project_create](variables.tf#L103) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L117) | Default region for resources. | string | | "europe-west4" | +| [subnetwork](variables.tf#L123) | Subnetwork name. | string | | "gce" | +| [tls](variables.tf#L129) | Also offer reverse proxying with TLS (self-signed certificate). | bool | | false | ## Outputs diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf index 6b06cf27..50f5374f 100644 --- a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf +++ b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf @@ -161,7 +161,7 @@ module "firewall" { project_id = module.project.project_id network = module.vpc.name ingress_rules = { - format("%sallow-http-to-proxy-cluster", var.prefix) = { + "${var.prefix}-allow-http-to-proxy-cluster" = { description = "Allow Nginx HTTP(S) ingress traffic" source_ranges = [ var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22" @@ -170,7 +170,7 @@ module "firewall" { use_service_accounts = true rules = [{ protocol = "tcp", ports = [80, 443] }] } - format("%sallow-iap-ssh", var.prefix) = { + "${var.prefix}-allow-iap-ssh" = { description = "Allow Nginx SSH traffic from IAP" source_ranges = ["35.235.240.0/20"] targets = [module.service-account-proxy.email] @@ -184,7 +184,7 @@ module "nat" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = format("%snat", var.prefix) + name = "${var.prefix}-nat" router_network = module.vpc.name config_source_subnets = "LIST_OF_SUBNETWORKS" @@ -207,7 +207,7 @@ module "nat" { module "service-account-proxy" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = format("%sreverse-proxy", var.prefix) + name = "${var.prefix}-reverse-proxy" iam_project_roles = { (module.project.project_id) = [ "roles/logging.logWriter", @@ -241,7 +241,7 @@ module "mig-proxy" { project_id = module.project.project_id location = var.region regional = true - name = format("%sproxy-cluster", var.prefix) + name = "${var.prefix}-proxy-cluster" named_ports = { http = "80" https = "443" @@ -313,11 +313,11 @@ module "proxy-vm" { module "xlb" { source = "../../../modules/net-glb" - name = format("%sreverse-proxy-xlb", var.prefix) + name = "${var.prefix}-reverse-proxy-xlb" project_id = module.project.project_id reserve_ip_address = true health_checks_config = { - format("%sreverse-proxy-hc", var.prefix) = { + "${var.prefix}-reverse-proxy-hc" = { type = "http" logging = false options = { @@ -334,7 +334,7 @@ module "xlb" { } } backend_services_config = { - format("%sreverse-proxy-backend", var.prefix) = { + "${var.prefix}-reverse-proxy-backend" = { bucket_config = null enable_cdn = false cdn_config = null @@ -345,7 +345,7 @@ module "xlb" { options = null } ] - health_checks = [format("%sreverse-proxy-hc", var.prefix)] + health_checks = ["${var.prefix}-reverse-proxy-hc"] log_config = null options = { affinity_cookie_ttl_sec = null diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf index e4409424..286bbcbe 100644 --- a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf +++ b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf @@ -29,6 +29,7 @@ variable "autoscaling" { } variable "autoscaling_metric" { + description = "Definition of metric to use for scaling." type = object({ name = string single_instance_assignment = number @@ -91,13 +92,16 @@ variable "ops_agent_image" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string - default = "" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { - description = "Parameters for the creation of the new project" + description = "Parameters for the creation of the new project." type = object({ billing_account_id = string parent = string @@ -106,7 +110,7 @@ variable "project_create" { } variable "project_name" { - description = "Name of an existing project or of the new project" + description = "Name of an existing project or of the new project." type = string } @@ -127,4 +131,3 @@ variable "tls" { type = bool default = false } - diff --git a/blueprints/networking/psc-hybrid/README.md b/blueprints/networking/psc-hybrid/README.md index c697e68a..579c9ff4 100644 --- a/blueprints/networking/psc-hybrid/README.md +++ b/blueprints/networking/psc-hybrid/README.md @@ -41,15 +41,15 @@ Before applying this Terraform | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | string | ✓ | | -| [prefix](variables.tf#L28) | Prefix to use for resource names. | string | ✓ | | -| [producer](variables.tf#L33) | Producer configuration. | object({…}) | ✓ | | -| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | -| [region](variables.tf#L54) | Region where resources will be created. | string | ✓ | | -| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | string # CIDR | ✓ | | -| [zone](variables.tf#L98) | Zone where resources will be created. | string | ✓ | | +| [prefix](variables.tf#L28) | Prefix used for resource names. | string | ✓ | | +| [producer](variables.tf#L37) | Producer configuration. | object({…}) | ✓ | | +| [project_id](variables.tf#L53) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | +| [region](variables.tf#L58) | Region where resources will be created. | string | ✓ | | +| [subnet_consumer](variables.tf#L63) | Consumer subnet CIDR. | string # CIDR | ✓ | | +| [zone](variables.tf#L102) | Zone where resources will be created. | string | ✓ | | | [dest_port](variables.tf#L22) | On-prem service destination port. | string | | "80" | -| [project_create](variables.tf#L43) | Whether to automatically create a project. | bool | | false | -| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | -| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | bool | | true | +| [project_create](variables.tf#L47) | Whether to automatically create a project. | bool | | false | +| [vpc_config](variables.tf#L68) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | +| [vpc_create](variables.tf#L96) | Whether to automatically create VPCs. | bool | | true | diff --git a/blueprints/networking/psc-hybrid/main.tf b/blueprints/networking/psc-hybrid/main.tf index 21d297f0..39be8c92 100644 --- a/blueprints/networking/psc-hybrid/main.tf +++ b/blueprints/networking/psc-hybrid/main.tf @@ -15,7 +15,6 @@ */ locals { - prefix = coalesce(var.prefix, "") == "" ? "" : "${var.prefix}-" project_id = ( var.project_create ? module.project.project_id @@ -66,7 +65,7 @@ module "project" { module "vpc_producer" { source = "../../../modules/net-vpc" project_id = local.project_id - name = "${local.prefix}producer" + name = "${var.prefix}-producer" subnets = [ { ip_cidr_range = var.producer["subnet_main"] @@ -78,7 +77,7 @@ module "vpc_producer" { subnets_proxy_only = [ { ip_cidr_range = var.producer["subnet_proxy"] - name = "${local.prefix}proxy" + name = "${var.prefix}-proxy" region = var.region active = true } @@ -86,7 +85,7 @@ module "vpc_producer" { subnets_psc = [ { ip_cidr_range = var.producer["subnet_psc"] - name = "${local.prefix}psc" + name = "${var.prefix}-psc" region = var.region } ] @@ -95,7 +94,7 @@ module "vpc_producer" { module "psc_producer" { source = "./psc-producer" project_id = local.project_id - name = var.prefix + name = "${var.prefix}-producer" dest_ip_address = var.dest_ip_address dest_port = var.dest_port network = local.vpc_producer_id @@ -114,11 +113,11 @@ module "psc_producer" { module "vpc_consumer" { source = "../../../modules/net-vpc" project_id = local.project_id - name = "${local.prefix}consumer" + name = "${var.prefix}-consumer" subnets = [ { ip_cidr_range = var.subnet_consumer - name = "${local.prefix}consumer" + name = "${var.prefix}-consumer" region = var.region secondary_ip_range = {} } @@ -128,7 +127,7 @@ module "vpc_consumer" { module "psc_consumer" { source = "./psc-consumer" project_id = local.project_id - name = "${local.prefix}consumer" + name = "${var.prefix}-consumer" region = var.region network = local.vpc_consumer_id subnet = local.vpc_consumer_main diff --git a/blueprints/networking/psc-hybrid/variables.tf b/blueprints/networking/psc-hybrid/variables.tf index 1d38692d..d5d818a8 100644 --- a/blueprints/networking/psc-hybrid/variables.tf +++ b/blueprints/networking/psc-hybrid/variables.tf @@ -26,8 +26,12 @@ variable "dest_port" { } variable "prefix" { - description = "Prefix to use for resource names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "producer" { diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md index 933a7384..858518bd 100644 --- a/blueprints/networking/shared-vpc-gke/README.md +++ b/blueprints/networking/shared-vpc-gke/README.md @@ -48,17 +48,17 @@ There's a minor glitch that can surface running `terraform destroy`, where the s | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L62) | Prefix used for resources that need unique names. | string | ✓ | | -| [root_node](variables.tf#L90) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [prefix](variables.tf#L62) | Prefix used for resource names. | string | ✓ | | +| [root_node](variables.tf#L94) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | | [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | bool | | true | | [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | map(string) | | {…} | | [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | map(string) | | {…} | | [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | list(string) | | [] | | [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | list(string) | | [] | | [owners_host](variables.tf#L56) | Host project owners, in IAM format. | list(string) | | [] | -| [private_service_ranges](variables.tf#L67) | Private service IP CIDR ranges. | map(string) | | {…} | -| [project_services](variables.tf#L75) | Service APIs enabled by default in new projects. | list(string) | | […] | -| [region](variables.tf#L84) | Region used. | string | | "europe-west1" | +| [private_service_ranges](variables.tf#L71) | Private service IP CIDR ranges. | map(string) | | {…} | +| [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [region](variables.tf#L88) | Region used. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/shared-vpc-gke/variables.tf b/blueprints/networking/shared-vpc-gke/variables.tf index daa1d72d..96ccfb0c 100644 --- a/blueprints/networking/shared-vpc-gke/variables.tf +++ b/blueprints/networking/shared-vpc-gke/variables.tf @@ -60,8 +60,12 @@ variable "owners_host" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "private_service_ranges" { diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/README.md b/blueprints/third-party-solutions/wordpress/cloudrun/README.md index 4ca10796..0ffcc395 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/README.md +++ b/blueprints/third-party-solutions/wordpress/cloudrun/README.md @@ -121,27 +121,27 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L78) | Project id, references existing project if `project_create` is null. | string | ✓ | | -| [wordpress_image](variables.tf#L89) | Image to run with Cloud Run, starts with \"gcr.io\" | string | ✓ | | -| [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone) | string | | "allUsers" | -| [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default) | string | | null | -| [connector](variables.tf#L30) | Existing VPC serverless connector to use if not creating a new one | string | | null | -| [create_connector](variables.tf#L36) | Should a VPC serverless connector be created or not | bool | | true | -| [ip_ranges](variables.tf#L43) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC | object({…}) | | {…} | -| [prefix](variables.tf#L57) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | | "" | -| [principals](variables.tf#L63) | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string) | | [] | -| [project_create](variables.tf#L69) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L83) | Region for the created resources | string | | "europe-west4" | -| [wordpress_password](variables.tf#L94) | Password for the Wordpress user (will be randomly generated by default) | string | | null | -| [wordpress_port](variables.tf#L100) | Port for the Wordpress image | number | | 8080 | +| [prefix](variables.tf#L57) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L81) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [wordpress_image](variables.tf#L92) | Image to run with Cloud Run, starts with \"gcr.io\". | string | ✓ | | +| [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone). | string | | "allUsers" | +| [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default). | string | | null | +| [connector](variables.tf#L30) | Existing VPC serverless connector to use if not creating a new one. | string | | null | +| [create_connector](variables.tf#L36) | Should a VPC serverless connector be created or not. | bool | | true | +| [ip_ranges](variables.tf#L43) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | object({…}) | | {…} | +| [principals](variables.tf#L66) | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string) | | [] | +| [project_create](variables.tf#L72) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L86) | Region for the created resources. | string | | "europe-west4" | +| [wordpress_password](variables.tf#L97) | Password for the Wordpress user (will be randomly generated by default). | string | | null | +| [wordpress_port](variables.tf#L103) | Port for the Wordpress image. | number | | 8080 | ## Outputs | name | description | sensitive | |---|---|:---:| -| [cloud_run_service](outputs.tf#L17) | CloudRun service URL | ✓ | -| [cloudsql_password](outputs.tf#L23) | CloudSQL password | ✓ | -| [wp_password](outputs.tf#L29) | Wordpress user password | ✓ | -| [wp_user](outputs.tf#L35) | Wordpress username | | +| [cloud_run_service](outputs.tf#L17) | CloudRun service URL. | ✓ | +| [cloudsql_password](outputs.tf#L23) | CloudSQL password. | ✓ | +| [wp_password](outputs.tf#L29) | Wordpress user password. | ✓ | +| [wp_user](outputs.tf#L35) | Wordpress username. | | diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf index 0841d69b..39f40286 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf @@ -23,7 +23,7 @@ resource "random_password" "cloudsql_password" { module "vpc" { source = "../../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}sql-vpc" + name = "${var.prefix}-sql-vpc" subnets = [ { ip_cidr_range = var.ip_ranges.sql_vpc @@ -43,7 +43,7 @@ module "vpc" { resource "google_vpc_access_connector" "connector" { count = var.create_connector ? 1 : 0 project = module.project.project_id - name = "${local.prefix}wp-connector" + name = "${var.prefix}-wp-connector" region = var.region ip_cidr_range = var.ip_ranges.connector network = module.vpc.self_link @@ -55,7 +55,7 @@ module "cloudsql" { source = "../../../../modules/cloudsql-instance" project_id = module.project.project_id network = module.vpc.self_link - name = "${local.prefix}mysql" + name = "${var.prefix}-mysql" region = var.region database_version = local.cloudsql_conf.database_version tier = local.cloudsql_conf.tier diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf index 009dc4ae..04027790 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf @@ -34,7 +34,6 @@ locals { "roles/iam.serviceAccountTokenCreator" = local.all_principals_iam } connector = var.connector == null ? google_vpc_access_connector.connector.0.self_link : var.connector - prefix = var.prefix == null ? "" : "${var.prefix}-" wp_user = "user" wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password } @@ -71,7 +70,7 @@ resource "random_password" "wp_password" { module "cloud_run" { source = "../../../../modules/cloud-run" project_id = module.project.project_id - name = "${local.prefix}cr-wordpress" + name = "${var.prefix}-cr-wordpress" region = var.region containers = [{ @@ -117,4 +116,4 @@ module "cloud_run" { vpcaccess_connector = local.connector } ingress_settings = "all" -} \ No newline at end of file +} diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf b/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf index 3216f79e..b08642c7 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf @@ -15,24 +15,24 @@ */ output "cloud_run_service" { - description = "CloudRun service URL" + description = "CloudRun service URL." value = module.cloud_run.service.status[0].url sensitive = true } output "cloudsql_password" { - description = "CloudSQL password" + description = "CloudSQL password." value = var.cloudsql_password == null ? module.cloudsql.user_passwords[local.cloudsql_conf.user] : var.cloudsql_password sensitive = true } output "wp_password" { - description = "Wordpress user password" + description = "Wordpress user password." value = local.wp_pass sensitive = true } output "wp_user" { - description = "Wordpress username" + description = "Wordpress username." value = local.wp_user } diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf index 426ffe76..abb00d2d 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf @@ -17,31 +17,31 @@ # Documentation: https://cloud.google.com/run/docs/securing/managing-access#making_a_service_public variable "cloud_run_invoker" { type = string - description = "IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone)" + description = "IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone)." default = "allUsers" } variable "cloudsql_password" { type = string - description = "CloudSQL password (will be randomly generated by default)" + description = "CloudSQL password (will be randomly generated by default)." default = null } variable "connector" { type = string - description = "Existing VPC serverless connector to use if not creating a new one" + description = "Existing VPC serverless connector to use if not creating a new one." default = null } variable "create_connector" { type = bool - description = "Should a VPC serverless connector be created or not" + description = "Should a VPC serverless connector be created or not." default = true } # PSA: documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range variable "ip_ranges" { - description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC" + description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC." type = object({ connector = string psa = string @@ -55,9 +55,12 @@ variable "ip_ranges" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string - default = "" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "principals" { @@ -82,23 +85,23 @@ variable "project_id" { variable "region" { type = string - description = "Region for the created resources" + description = "Region for the created resources." default = "europe-west4" } variable "wordpress_image" { type = string - description = "Image to run with Cloud Run, starts with \"gcr.io\"" + description = "Image to run with Cloud Run, starts with \"gcr.io\"." } variable "wordpress_password" { type = string - description = "Password for the Wordpress user (will be randomly generated by default)" + description = "Password for the Wordpress user (will be randomly generated by default)." default = null } variable "wordpress_port" { type = number - description = "Port for the Wordpress image" + description = "Port for the Wordpress image." default = 8080 } diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md index ec1b025a..cf4bfd51 100644 --- a/fast/stages/00-bootstrap/README.md +++ b/fast/stages/00-bootstrap/README.md @@ -415,7 +415,7 @@ The `type` attribute can be set to one of the supported repository types: `githu Once the stage is applied the generated output files will contain pre-configured workflow files for each repository, that will use Workload Identity Federation via a dedicated service account for each repository to impersonate the automation service account for the stage. -You can use Terraform to automate creation of the repositories using the `00-cicd` stage. +You can use Terraform to automate creation of the repositories using the extra stage defined in [fast/extras/00-cicd-github](../../extras/00-cicd-github/) (only for Github for now). The remaining configuration is manual, as it regards the repositories themselves: @@ -477,7 +477,7 @@ The remaining configuration is manual, as it regards the repositories themselves | [iam_additive](variables.tf#L152) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | map(list(string)) | | {} | | | [locations](variables.tf#L158) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…}) | | {…} | | | [log_sinks](variables.tf#L177) | Org-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | -| [outputs_location](variables.tf#L211) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | string | | null | | +| [outputs_location](variables.tf#L211) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | | [project_parent_ids](variables.tf#L227) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | object({…}) | | {…} | | ## Outputs diff --git a/fast/stages/00-bootstrap/variables.tf b/fast/stages/00-bootstrap/variables.tf index 62d28abf..0b9f37c2 100644 --- a/fast/stages/00-bootstrap/variables.tf +++ b/fast/stages/00-bootstrap/variables.tf @@ -209,7 +209,7 @@ variable "organization" { } variable "outputs_location" { - description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable" + description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable." type = string default = null } diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md index 449fa614..56772816 100644 --- a/fast/stages/01-resman/README.md +++ b/fast/stages/01-resman/README.md @@ -191,7 +191,7 @@ Due to its simplicity, this stage lends itself easily to customizations: adding | [groups](variables.tf#L164) | Group names to grant organization-level permissions. | map(string) | | {…} | 00-bootstrap | | [locations](variables.tf#L179) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…}) | | {…} | 00-bootstrap | | [organization_policy_configs](variables.tf#L207) | Organization policies customization. | object({…}) | | null | | -| [outputs_location](variables.tf#L215) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | string | | null | | +| [outputs_location](variables.tf#L215) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | | [tag_names](variables.tf#L232) | Customized names for resource management tags. | object({…}) | | {…} | | | [team_folders](variables.tf#L249) | Team folders to be created. Format is described in a code comment. | map(object({…})) | | null | | diff --git a/fast/stages/01-resman/variables.tf b/fast/stages/01-resman/variables.tf index 6de9a7fa..8b6f866b 100644 --- a/fast/stages/01-resman/variables.tf +++ b/fast/stages/01-resman/variables.tf @@ -213,7 +213,7 @@ variable "organization_policy_configs" { } variable "outputs_location" { - description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable" + description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable." type = string default = null } diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md index a8c9d956..a72519b5 100644 --- a/fast/stages/02-networking-nva/README.md +++ b/fast/stages/02-networking-nva/README.md @@ -379,7 +379,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [custom_adv](variables.tf#L34) | Custom advertisement definitions in name => range format. | map(string) | | {…} | | | [custom_roles](variables.tf#L56) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 00-bootstrap | | [data_dir](variables.tf#L65) | Relative path for the folder storing configuration data for network resources. | string | | "data" | | -| [dns](variables.tf#L71) | Onprem DNS resolvers | map(list(string)) | | {…} | | +| [dns](variables.tf#L71) | Onprem DNS resolvers. | map(list(string)) | | {…} | | | [l7ilb_subnets](variables.tf#L89) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | | [onprem_cidr](variables.tf#L107) | Onprem addresses in name => range format. | map(string) | | {…} | | | [outputs_location](variables.tf#L125) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | diff --git a/fast/stages/02-networking-nva/variables.tf b/fast/stages/02-networking-nva/variables.tf index 1d94ec03..90f76676 100644 --- a/fast/stages/02-networking-nva/variables.tf +++ b/fast/stages/02-networking-nva/variables.tf @@ -69,7 +69,7 @@ variable "data_dir" { } variable "dns" { - description = "Onprem DNS resolvers" + description = "Onprem DNS resolvers." type = map(list(string)) default = { onprem = ["10.0.200.3"] diff --git a/fast/stages/03-data-platform/dev/README.md b/fast/stages/03-data-platform/dev/README.md index d987a5e1..12db8d29 100644 --- a/fast/stages/03-data-platform/dev/README.md +++ b/fast/stages/03-data-platform/dev/README.md @@ -168,22 +168,22 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data- |---|---|:---:|:---:|:---:|:---:| | [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 00-bootstrap | | [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-globals | -| [folder_ids](variables.tf#L64) | Folder to be used for the networking resources in folders/nnnn format. | object({…}) | ✓ | | 01-resman | -| [host_project_ids](variables.tf#L82) | Shared VPC project ids. | object({…}) | ✓ | | 02-networking | -| [organization](variables.tf#L114) | Organization details. | object({…}) | ✓ | | 00-globals | -| [prefix](variables.tf#L130) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string | ✓ | | 00-globals | -| [composer_config](variables.tf#L34) | | object({…}) | | {…} | | -| [data_catalog_tags](variables.tf#L47) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {…} | | -| [data_force_destroy](variables.tf#L58) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool | | false | | -| [groups](variables.tf#L72) | Groups. | map(string) | | {…} | | -| [location](variables.tf#L90) | Location used for multi-regional resources. | string | | "eu" | | -| [network_config_composer](variables.tf#L96) | Network configurations to use for Composer. | object({…}) | | {…} | | -| [outputs_location](variables.tf#L124) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | -| [project_services](variables.tf#L136) | List of core services enabled on all projects. | list(string) | | […] | | -| [region](variables.tf#L147) | Region used for regional resources. | string | | "europe-west1" | | -| [service_encryption_keys](variables.tf#L153) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | | -| [subnet_self_links](variables.tf#L165) | Shared VPC subnet self links. | object({…}) | | null | 02-networking | -| [vpc_self_links](variables.tf#L174) | Shared VPC self links. | object({…}) | | null | 02-networking | +| [folder_ids](variables.tf#L65) | Folder to be used for the networking resources in folders/nnnn format. | object({…}) | ✓ | | 01-resman | +| [host_project_ids](variables.tf#L83) | Shared VPC project ids. | object({…}) | ✓ | | 02-networking | +| [organization](variables.tf#L115) | Organization details. | object({…}) | ✓ | | 00-globals | +| [prefix](variables.tf#L131) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string | ✓ | | 00-globals | +| [composer_config](variables.tf#L34) | Cloud Composer configuration options. | object({…}) | | {…} | | +| [data_catalog_tags](variables.tf#L48) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {…} | | +| [data_force_destroy](variables.tf#L59) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool | | false | | +| [groups](variables.tf#L73) | Groups. | map(string) | | {…} | | +| [location](variables.tf#L91) | Location used for multi-regional resources. | string | | "eu" | | +| [network_config_composer](variables.tf#L97) | Network configurations to use for Composer. | object({…}) | | {…} | | +| [outputs_location](variables.tf#L125) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | +| [project_services](variables.tf#L137) | List of core services enabled on all projects. | list(string) | | […] | | +| [region](variables.tf#L148) | Region used for regional resources. | string | | "europe-west1" | | +| [service_encryption_keys](variables.tf#L154) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | | +| [subnet_self_links](variables.tf#L166) | Shared VPC subnet self links. | object({…}) | | null | 02-networking | +| [vpc_self_links](variables.tf#L175) | Shared VPC self links. | object({…}) | | null | 02-networking | ## Outputs diff --git a/fast/stages/03-data-platform/dev/variables.tf b/fast/stages/03-data-platform/dev/variables.tf index 19c998fe..9495316a 100644 --- a/fast/stages/03-data-platform/dev/variables.tf +++ b/fast/stages/03-data-platform/dev/variables.tf @@ -32,6 +32,7 @@ variable "billing_account" { } variable "composer_config" { + description = "Cloud Composer configuration options." type = object({ node_count = number airflow_version = string diff --git a/modules/api-gateway/README.md b/modules/api-gateway/README.md index 62424657..7c15f581 100644 --- a/modules/api-gateway/README.md +++ b/modules/api-gateway/README.md @@ -64,12 +64,12 @@ module "gateway" { |---|---|:---:|:---:|:---:| | [api_id](variables.tf#L17) | API identifier. | string | ✓ | | | [project_id](variables.tf#L34) | Project identifier. | string | ✓ | | -| [region](variables.tf#L39) | Region | string | ✓ | | +| [region](variables.tf#L39) | Region. | string | ✓ | | | [spec](variables.tf#L56) | String with the contents of the OpenAPI spec. | string | ✓ | | | [iam](variables.tf#L22) | IAM bindings for the API in {ROLE => [MEMBERS]} format. | map(list(string)) | | null | | [labels](variables.tf#L28) | Map of labels. | map(string) | | null | -| [service_account_create](variables.tf#L44) | Flag indicating whether a service account needs to be created | bool | | false | -| [service_account_email](variables.tf#L50) | Service account for creating API configs | string | | null | +| [service_account_create](variables.tf#L44) | Flag indicating whether a service account needs to be created. | bool | | false | +| [service_account_email](variables.tf#L50) | Service account for creating API configs. | string | | null | ## Outputs diff --git a/modules/api-gateway/variables.tf b/modules/api-gateway/variables.tf index 96259198..ef5bd41d 100644 --- a/modules/api-gateway/variables.tf +++ b/modules/api-gateway/variables.tf @@ -37,18 +37,18 @@ variable "project_id" { } variable "region" { - description = "Region" + description = "Region." type = string } variable "service_account_create" { - description = "Flag indicating whether a service account needs to be created" + description = "Flag indicating whether a service account needs to be created." type = bool default = false } variable "service_account_email" { - description = "Service account for creating API configs" + description = "Service account for creating API configs." type = string default = null } diff --git a/modules/apigee/README.md b/modules/apigee/README.md index d521e871..eb2f9a34 100644 --- a/modules/apigee/README.md +++ b/modules/apigee/README.md @@ -1,6 +1,6 @@ # Apigee -This module simplifies the creation of a Apigee resources (organization, environment groups, environment group attachments, environments, instances and instance attachments). +This module simplifies the creation of a Apigee resources (organization, environment groups, environment group attachments, environments, instances and instance attachments). ## Example @@ -44,10 +44,10 @@ module "apigee" { environments = ["apis-test"] psa_ip_cidr_range = "10.0.4.0/22" } - instance-prod-ew1 = { - region = "europe-west1" + instance-prod-ew3 = { + region = "europe-west3" environments = ["apis-prod"] - psa_ip_cidr_range = "10.0.4.0/22" + psa_ip_cidr_range = "10.0.5.0/22" } } } @@ -153,7 +153,7 @@ module "apigee" { |---|---|:---:| | [envgroups](outputs.tf#L17) | Environment groups. | | | [environments](outputs.tf#L22) | Environment. | | -| [instances](outputs.tf#L27) | Instances | | +| [instances](outputs.tf#L27) | Instances. | | | [org_id](outputs.tf#L32) | Organization ID. | | | [org_name](outputs.tf#L37) | Organization name. | | | [organization](outputs.tf#L42) | Organization. | | diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf index 5d043f18..a5e70388 100644 --- a/modules/apigee/outputs.tf +++ b/modules/apigee/outputs.tf @@ -25,7 +25,7 @@ output "environments" { } output "instances" { - description = "Instances" + description = "Instances." value = try(google_apigee_instance.instances, null) } diff --git a/modules/bigtable-instance/README.md b/modules/bigtable-instance/README.md index 2bd96d2f..1e9ade9c 100644 --- a/modules/bigtable-instance/README.md +++ b/modules/bigtable-instance/README.md @@ -6,10 +6,12 @@ This module allows managing a single BigTable instance, including access configu - [ ] support bigtable_gc_policy - [ ] support bigtable_app_profile +- [ ] support cluster replicas +- [ ] support IAM for tables ## Examples -### Simple instance with access configuration +### Instance with access configuration ```hcl @@ -32,24 +34,84 @@ module "bigtable-instance" { } # tftest modules=1 resources=4 ``` + +### Instance with static number of nodes + +If you are not using autoscaling settings, you must set a specific number of nodes with the variable `num_nodes`. + +```hcl + +module "bigtable-instance" { + source = "./fabric/modules/bigtable-instance" + project_id = "my-project" + name = "instance" + cluster_id = "instance" + zone = "europe-west1-b" + num_nodes = 5 +} +# tftest modules=1 resources=1 +``` + +### Instance with autoscaling (based on CPU only) + +If you use autoscaling, you should not set the variable `num_nodes`. + +```hcl + +module "bigtable-instance" { + source = "./fabric/modules/bigtable-instance" + project_id = "my-project" + name = "instance" + cluster_id = "instance" + zone = "europe-southwest1-b" + autoscaling_config = { + min_nodes = 3 + max_nodes = 7 + cpu_target = 70 + } +} +# tftest modules=1 resources=1 +``` + +### Instance with autoscaling (based on CPU and/or storage) + +```hcl + +module "bigtable-instance" { + source = "./fabric/modules/bigtable-instance" + project_id = "my-project" + name = "instance" + cluster_id = "instance" + zone = "europe-southwest1-a" + storage_type = "SSD" + autoscaling_config = { + min_nodes = 3 + max_nodes = 7 + cpu_target = 70 + storage_target = 4096 + } +} +# tftest modules=1 resources=1 +``` ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L45) | The name of the Cloud Bigtable instance. | string | ✓ | | -| [project_id](variables.tf#L56) | Id of the project where datasets will be created. | string | ✓ | | -| [zone](variables.tf#L88) | The zone to create the Cloud Bigtable cluster in. | string | ✓ | | -| [cluster_id](variables.tf#L17) | The ID of the Cloud Bigtable cluster. | string | | "europe-west1" | -| [deletion_protection](variables.tf#L23) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | | | true | -| [display_name](variables.tf#L28) | The human-readable display name of the Bigtable instance. | | | null | -| [iam](variables.tf#L33) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [instance_type](variables.tf#L39) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string | | null | -| [num_nodes](variables.tf#L50) | The number of nodes in your Cloud Bigtable cluster. | number | | 1 | -| [storage_type](variables.tf#L61) | The storage type to use. | string | | "SSD" | -| [table_options_defaults](variables.tf#L67) | Default option of tables created in the BigTable instance. | object({…}) | | {…} | -| [tables](variables.tf#L79) | Tables to be created in the BigTable instance, options can be null. | map(object({…})) | | {} | +| [name](variables.tf#L56) | The name of the Cloud Bigtable instance. | string | ✓ | | +| [project_id](variables.tf#L67) | Id of the project where datasets will be created. | string | ✓ | | +| [zone](variables.tf#L99) | The zone to create the Cloud Bigtable cluster in. | string | ✓ | | +| [autoscaling_config](variables.tf#L17) | Settings for autoscaling of the instance. If you set this variable, the variable num_nodes is ignored. | object({…}) | | null | +| [cluster_id](variables.tf#L28) | The ID of the Cloud Bigtable cluster. | string | | "europe-west1" | +| [deletion_protection](variables.tf#L34) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | | | true | +| [display_name](variables.tf#L39) | The human-readable display name of the Bigtable instance. | | | null | +| [iam](variables.tf#L44) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [instance_type](variables.tf#L50) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string | | null | +| [num_nodes](variables.tf#L61) | The number of nodes in your Cloud Bigtable cluster. This value is ignored if you are using autoscaling. | number | | 1 | +| [storage_type](variables.tf#L72) | The storage type to use. | string | | "SSD" | +| [table_options_defaults](variables.tf#L78) | Default option of tables created in the BigTable instance. | object({…}) | | {…} | +| [tables](variables.tf#L90) | Tables to be created in the BigTable instance, options can be null. | map(object({…})) | | {} | ## Outputs diff --git a/modules/bigtable-instance/main.tf b/modules/bigtable-instance/main.tf index 49423d94..b5764c34 100644 --- a/modules/bigtable-instance/main.tf +++ b/modules/bigtable-instance/main.tf @@ -18,6 +18,7 @@ locals { tables = { for k, v in var.tables : k => v != null ? v : var.table_options_defaults } + num_nodes = var.autoscaling_config == null ? var.num_nodes : null } resource "google_bigtable_instance" "default" { @@ -27,6 +28,16 @@ resource "google_bigtable_instance" "default" { cluster_id = var.cluster_id zone = var.zone storage_type = var.storage_type + num_nodes = local.num_nodes + dynamic "autoscaling_config" { + for_each = var.autoscaling_config == null ? [] : [""] + content { + min_nodes = var.autoscaling_config.min_nodes + max_nodes = var.autoscaling_config.max_nodes + cpu_target = var.autoscaling_config.cpu_target + storage_target = var.autoscaling_config.storage_target + } + } } instance_type = var.instance_type @@ -56,8 +67,4 @@ resource "google_bigtable_table" "default" { family = each.value.column_family } } - - # lifecycle { - # prevent_destroy = true - # } } diff --git a/modules/bigtable-instance/variables.tf b/modules/bigtable-instance/variables.tf index d98cfab5..84a6013b 100644 --- a/modules/bigtable-instance/variables.tf +++ b/modules/bigtable-instance/variables.tf @@ -14,6 +14,17 @@ * limitations under the License. */ +variable "autoscaling_config" { + description = "Settings for autoscaling of the instance. If you set this variable, the variable num_nodes is ignored." + type = object({ + min_nodes = number + max_nodes = number + cpu_target = number, + storage_target = optional(number, null) + }) + default = null +} + variable "cluster_id" { description = "The ID of the Cloud Bigtable cluster." type = string @@ -48,7 +59,7 @@ variable "name" { } variable "num_nodes" { - description = "The number of nodes in your Cloud Bigtable cluster." + description = "The number of nodes in your Cloud Bigtable cluster. This value is ignored if you are using autoscaling." type = number default = 1 } diff --git a/modules/binauthz/README.md b/modules/binauthz/README.md index 7d8a0b30..fa0cd71b 100644 --- a/modules/binauthz/README.md +++ b/modules/binauthz/README.md @@ -62,10 +62,10 @@ module "binauthz" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [project_id](variables.tf#L68) | Project ID. | string | ✓ | | -| [admission_whitelist_patterns](variables.tf#L17) | An image name pattern to allowlist | list(string) | | null | -| [attestors_config](variables.tf#L23) | Attestors configuration | map(object({…})) | | null | -| [cluster_admission_rules](variables.tf#L38) | Admission rules | map(object({…})) | | null | -| [default_admission_rule](variables.tf#L48) | Default admission rule | object({…}) | | {…} | +| [admission_whitelist_patterns](variables.tf#L17) | An image name pattern to allowlist. | list(string) | | null | +| [attestors_config](variables.tf#L23) | Attestors configuration. | map(object({…})) | | null | +| [cluster_admission_rules](variables.tf#L38) | Admission rules. | map(object({…})) | | null | +| [default_admission_rule](variables.tf#L48) | Default admission rule. | object({…}) | | {…} | | [global_policy_evaluation_mode](variables.tf#L62) | Global policy evaluation mode. | string | | null | ## Outputs @@ -73,7 +73,7 @@ module "binauthz" { | name | description | sensitive | |---|---|:---:| | [attestors](outputs.tf#L17) | Attestors. | | -| [id](outputs.tf#L25) | Binary Authorization policy ID | | +| [id](outputs.tf#L25) | Binary Authorization policy ID. | | | [notes](outputs.tf#L30) | Notes. | | diff --git a/modules/binauthz/outputs.tf b/modules/binauthz/outputs.tf index 9273e52d..6a1d7c6d 100644 --- a/modules/binauthz/outputs.tf +++ b/modules/binauthz/outputs.tf @@ -23,7 +23,7 @@ output "attestors" { } output "id" { - description = "Binary Authorization policy ID" + description = "Binary Authorization policy ID." value = google_binary_authorization_policy.policy.id } diff --git a/modules/binauthz/variables.tf b/modules/binauthz/variables.tf index 9ba38c4b..6d21083b 100644 --- a/modules/binauthz/variables.tf +++ b/modules/binauthz/variables.tf @@ -15,13 +15,13 @@ */ variable "admission_whitelist_patterns" { - description = "An image name pattern to allowlist" + description = "An image name pattern to allowlist." type = list(string) default = null } variable "attestors_config" { - description = "Attestors configuration" + description = "Attestors configuration." type = map(object({ note_reference = string iam = map(list(string)) @@ -36,7 +36,7 @@ variable "attestors_config" { } variable "cluster_admission_rules" { - description = "Admission rules" + description = "Admission rules." type = map(object({ evaluation_mode = string enforcement_mode = string @@ -46,7 +46,7 @@ variable "cluster_admission_rules" { } variable "default_admission_rule" { - description = "Default admission rule" + description = "Default admission rule." type = object({ evaluation_mode = string enforcement_mode = string diff --git a/modules/cloud-function/README.md b/modules/cloud-function/README.md index b813a364..75ef3719 100644 --- a/modules/cloud-function/README.md +++ b/modules/cloud-function/README.md @@ -230,10 +230,10 @@ module "cf-http" { | [name](variables.tf#L94) | Name used for cloud function and associated resources. | string | ✓ | | | [project_id](variables.tf#L109) | Project id used for all resources. | string | ✓ | | | [bucket_config](variables.tf#L17) | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({…}) | | null | -| [build_worker_pool](variables.tf#L31) | Build worker pool, in projects//locations//workerPools/ format | string | | null | +| [build_worker_pool](variables.tf#L31) | Build worker pool, in projects//locations//workerPools/ format. | string | | null | | [description](variables.tf#L46) | Optional description. | string | | "Terraform managed." | | [environment_variables](variables.tf#L52) | Cloud function environment variables. | map(string) | | {} | -| [function_config](variables.tf#L58) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout | object({…}) | | {…} | +| [function_config](variables.tf#L58) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | object({…}) | | {…} | | [iam](variables.tf#L76) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [ingress_settings](variables.tf#L82) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | string | | null | | [labels](variables.tf#L88) | Resource labels. | map(string) | | {} | diff --git a/modules/cloud-function/variables.tf b/modules/cloud-function/variables.tf index 528a594f..97a6217a 100644 --- a/modules/cloud-function/variables.tf +++ b/modules/cloud-function/variables.tf @@ -29,7 +29,7 @@ variable "bucket_name" { } variable "build_worker_pool" { - description = "Build worker pool, in projects//locations//workerPools/ format" + description = "Build worker pool, in projects//locations//workerPools/ format." type = string default = null } @@ -56,7 +56,7 @@ variable "environment_variables" { } variable "function_config" { - description = "Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout" + description = "Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout." type = object({ entry_point = optional(string, "main") instance_count = optional(number, 1) diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md index 2ef627ab..a902f545 100644 --- a/modules/cloudsql-instance/README.md +++ b/modules/cloudsql-instance/README.md @@ -165,7 +165,7 @@ module "db" { | [labels](variables.tf#L96) | Labels to be attached to all instances. | map(string) | | null | | [prefix](variables.tf#L112) | Optional prefix used to generate instance names. | string | | null | | [replicas](variables.tf#L132) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | -| [root_password](variables.tf#L141) | Root password of the Cloud SQL instance. Required for MS SQL Server | string | | null | +| [root_password](variables.tf#L141) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null | | [users](variables.tf#L152) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null | ## Outputs diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf index 8b0adbba..04bff546 100644 --- a/modules/cloudsql-instance/variables.tf +++ b/modules/cloudsql-instance/variables.tf @@ -139,7 +139,7 @@ variable "replicas" { } variable "root_password" { - description = "Root password of the Cloud SQL instance. Required for MS SQL Server" + description = "Root password of the Cloud SQL instance. Required for MS SQL Server." type = string default = null } diff --git a/modules/folder/logging.tf b/modules/folder/logging.tf index 6351194a..2b5a73ff 100644 --- a/modules/folder/logging.tf +++ b/modules/folder/logging.tf @@ -38,7 +38,7 @@ resource "google_logging_folder_sink" "sink" { disabled = each.value.disabled dynamic "bigquery_options" { - for_each = each.value.bq_partitioned_table != null ? [""] : [] + for_each = each.value.type == "biquery" && each.value.bq_partitioned_table != false ? [""] : [] content { use_partitioned_tables = each.value.bq_partitioned_table } diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf index bc94dd37..f4b86bf6 100644 --- a/modules/gke-cluster/main.tf +++ b/modules/gke-cluster/main.tf @@ -48,7 +48,18 @@ resource "google_container_cluster" "cluster" { enable_autopilot = var.enable_features.autopilot ? true : null # the default nodepool is deleted here, use the gke-nodepool module instead - # node_config {} + # default nodepool configuration based on a shielded_nodes variable + node_config { + dynamic "shielded_instance_config" { + for_each = var.enable_features.shielded_nodes ? [""] : [] + content { + enable_secure_boot = true + enable_integrity_monitoring = true + } + } + } + + addons_config { dynamic "dns_cache_config" { @@ -131,7 +142,7 @@ resource "google_container_cluster" "cluster" { dynamic "resource_limits" { for_each = var.cluster_autoscaling.mem_limits != null ? [""] : [] content { - resource_type = "cpu" + resource_type = "memory" minimum = var.cluster_autoscaling.mem_limits.min maximum = var.cluster_autoscaling.mem_limits.max } diff --git a/modules/gke-hub/README.md b/modules/gke-hub/README.md index 17069180..9fe47344 100644 --- a/modules/gke-hub/README.md +++ b/modules/gke-hub/README.md @@ -297,7 +297,6 @@ module "hub" { # tftest modules=8 resources=28 ``` - ## Variables @@ -315,6 +314,6 @@ module "hub" { | name | description | sensitive | |---|---|:---:| -| [cluster_ids](outputs.tf#L17) | | | +| [cluster_ids](outputs.tf#L17) | Ids of all the clusters created. | | diff --git a/modules/gke-hub/outputs.tf b/modules/gke-hub/outputs.tf index 5d2abf15..b4fd3462 100644 --- a/modules/gke-hub/outputs.tf +++ b/modules/gke-hub/outputs.tf @@ -15,6 +15,7 @@ */ output "cluster_ids" { + description = "Ids of all the clusters created." value = { for k, v in google_gke_hub_membership.default : k => v.id } diff --git a/modules/net-ilb-l7/README.md b/modules/net-ilb-l7/README.md index d7847fdb..969a4da4 100644 --- a/modules/net-ilb-l7/README.md +++ b/modules/net-ilb-l7/README.md @@ -574,11 +574,7 @@ module "ilb-l7" { | [backend-service.tf](./backend-service.tf) | Backend service resources. | google_compute_region_backend_service | | [health-check.tf](./health-check.tf) | Health check resource. | google_compute_health_check | | [main.tf](./main.tf) | Module-level locals and resources. | google_compute_forwarding_rule · google_compute_instance_group · google_compute_network_endpoint · google_compute_network_endpoint_group · google_compute_region_network_endpoint_group · google_compute_region_ssl_certificate · google_compute_region_target_http_proxy · google_compute_region_target_https_proxy | -| [outputs.tf](./outputs.tf) | Module outputs. | - value = google_compute_forwarding_rule.default -} - -output | +| [outputs.tf](./outputs.tf) | Module outputs. | | | [urlmap.tf](./urlmap.tf) | URL map resources. | google_compute_region_url_map | | [variables-backend-service.tf](./variables-backend-service.tf) | Backend services variables. | | | [variables-health-check.tf](./variables-health-check.tf) | Health check variable. | | @@ -615,7 +611,7 @@ output | |---|---|:---:| | [address](outputs.tf#L17) | Forwarding rule address. | | | [backend_service_ids](outputs.tf#L22) | Backend service resources. | | -| [forwarding_rule](outputs.tf#L29) | Forwarding rule resource | | +| [forwarding_rule](outputs.tf#L29) | Forwarding rule resource. | | | [group_ids](outputs.tf#L34) | Autogenerated instance group ids. | | | [health_check_ids](outputs.tf#L41) | Autogenerated health check ids. | | | [neg_ids](outputs.tf#L48) | Autogenerated network endpoint group ids. | | diff --git a/modules/net-ilb-l7/outputs.tf b/modules/net-ilb-l7/outputs.tf index d505ebd8..9082dfec 100644 --- a/modules/net-ilb-l7/outputs.tf +++ b/modules/net-ilb-l7/outputs.tf @@ -27,7 +27,7 @@ output "backend_service_ids" { } output "forwarding_rule" { - description = "Forwarding rule resource" + description = "Forwarding rule resource." value = google_compute_forwarding_rule.default } diff --git a/modules/organization/README.md b/modules/organization/README.md index 31dc3de0..2e24c91b 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -471,10 +471,10 @@ module "org" { | [firewall_policies](outputs.tf#L35) | Map of firewall policy resources created in the organization. | | | [firewall_policy_id](outputs.tf#L40) | Map of firewall policy ids created in the organization. | | | [network_tag_keys](outputs.tf#L45) | Tag key resources. | | -| [network_tag_values](outputs.tf#L52) | Tag value resources. | | -| [organization_id](outputs.tf#L60) | Organization id dependent on module resources. | | -| [sink_writer_identities](outputs.tf#L77) | Writer identities created for each sink. | | -| [tag_keys](outputs.tf#L85) | Tag key resources. | | -| [tag_values](outputs.tf#L92) | Tag value resources. | | +| [network_tag_values](outputs.tf#L54) | Tag value resources. | | +| [organization_id](outputs.tf#L65) | Organization id dependent on module resources. | | +| [sink_writer_identities](outputs.tf#L82) | Writer identities created for each sink. | | +| [tag_keys](outputs.tf#L90) | Tag key resources. | | +| [tag_values](outputs.tf#L99) | Tag value resources. | | diff --git a/modules/organization/logging.tf b/modules/organization/logging.tf index a4f90ef5..e78a2c4d 100644 --- a/modules/organization/logging.tf +++ b/modules/organization/logging.tf @@ -37,7 +37,7 @@ resource "google_logging_organization_sink" "sink" { disabled = each.value.disabled dynamic "bigquery_options" { - for_each = each.value.bq_partitioned_table != null ? [""] : [] + for_each = each.value.type == "biquery" && each.value.bq_partitioned_table != null ? [""] : [] content { use_partitioned_tables = each.value.bq_partitioned_table } diff --git a/modules/organization/outputs.tf b/modules/organization/outputs.tf index 3617bafb..40d84b47 100644 --- a/modules/organization/outputs.tf +++ b/modules/organization/outputs.tf @@ -45,7 +45,9 @@ output "firewall_policy_id" { output "network_tag_keys" { description = "Tag key resources." value = { - for k, v in google_tags_tag_key.default : k => v if v.purpose != null + for k, v in google_tags_tag_key.default : k => v if( + v.purpose != null && v.purpose != "" + ) } } @@ -53,7 +55,10 @@ output "network_tag_values" { description = "Tag value resources." value = { for k, v in google_tags_tag_value.default - : k => v if google_tags_tag_key.default[split("/", k)[0]].purpose != null + : k => v if( + google_tags_tag_key.default[split("/", k)[0]].purpose != null && + google_tags_tag_key.default[split("/", k)[0]].purpose != "" + ) } } @@ -85,7 +90,9 @@ output "sink_writer_identities" { output "tag_keys" { description = "Tag key resources." value = { - for k, v in google_tags_tag_key.default : k => v if v.purpose == null + for k, v in google_tags_tag_key.default : k => v if( + v.purpose == null || v.purpose == "" + ) } } @@ -93,6 +100,9 @@ output "tag_values" { description = "Tag value resources." value = { for k, v in google_tags_tag_value.default - : k => v if google_tags_tag_key.default[split("/", k)[0]].purpose == null + : k => v if( + google_tags_tag_key.default[split("/", k)[0]].purpose == null || + google_tags_tag_key.default[split("/", k)[0]].purpose == "" + ) } } diff --git a/modules/project/logging.tf b/modules/project/logging.tf index bc1b1e8b..1db60dca 100644 --- a/modules/project/logging.tf +++ b/modules/project/logging.tf @@ -37,7 +37,7 @@ resource "google_logging_project_sink" "sink" { disabled = each.value.disabled dynamic "bigquery_options" { - for_each = each.value.bq_partitioned_table != null ? [""] : [] + for_each = each.value.type == "biquery" && each.value.bq_partitioned_table != null ? [""] : [] content { use_partitioned_tables = each.value.bq_partitioned_table } diff --git a/tests/blueprints/cloud_operations/adfs/fixture/main.tf b/tests/blueprints/cloud_operations/adfs/fixture/main.tf index 5571377f..ac5a4133 100644 --- a/tests/blueprints/cloud_operations/adfs/fixture/main.tf +++ b/tests/blueprints/cloud_operations/adfs/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/cloud-operations/adfs" + prefix = var.prefix project_create = var.project_create project_id = var.project_id ad_dns_domain_name = var.ad_dns_domain_name diff --git a/tests/blueprints/cloud_operations/adfs/fixture/variables.tf b/tests/blueprints/cloud_operations/adfs/fixture/variables.tf index a48a77e2..bce726b1 100644 --- a/tests/blueprints/cloud_operations/adfs/fixture/variables.tf +++ b/tests/blueprints/cloud_operations/adfs/fixture/variables.tf @@ -41,7 +41,7 @@ variable "project_id" { variable "prefix" { type = string - default = null + default = "test" } variable "network_config" { diff --git a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf index 6cdb9754..78ae4281 100644 --- a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf +++ b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf @@ -18,6 +18,7 @@ module "test" { source = "../../../../../blueprints/cloud-operations/dns-shared-vpc" billing_account_id = "111111-222222-333333" folder_id = "folders/1234567890" + prefix = var.prefix shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default" teams = var.teams } diff --git a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf index c6eeb83e..dd34e4d5 100644 --- a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf +++ b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "teams" { type = list(string) default = ["team1", "team2"] diff --git a/tests/blueprints/data_solutions/data_playground/test_plan.py b/tests/blueprints/data_solutions/data_playground/test_plan.py index 2653c7ea..a0c3b5e6 100644 --- a/tests/blueprints/data_solutions/data_playground/test_plan.py +++ b/tests/blueprints/data_solutions/data_playground/test_plan.py @@ -22,4 +22,4 @@ def test_resources(e2e_plan_runner): "Test that plan works and the numbers of resources is as expected." modules, resources = e2e_plan_runner(FIXTURES_DIR) assert len(modules) == 7 - assert len(resources) == 35 + assert len(resources) == 37 diff --git a/tests/blueprints/factories/project_factory/fixture/defaults.yaml b/tests/blueprints/factories/project_factory/fixture/defaults.yaml index dc5b1616..61837818 100644 --- a/tests/blueprints/factories/project_factory/fixture/defaults.yaml +++ b/tests/blueprints/factories/project_factory/fixture/defaults.yaml @@ -22,3 +22,4 @@ labels: # [opt] Additional notification channels for billing notification_channels: [] +prefix: test diff --git a/tests/blueprints/factories/project_factory/fixture/main.tf b/tests/blueprints/factories/project_factory/fixture/main.tf index 3d1360f5..ae686b93 100644 --- a/tests/blueprints/factories/project_factory/fixture/main.tf +++ b/tests/blueprints/factories/project_factory/fixture/main.tf @@ -44,6 +44,7 @@ module "projects" { kms_service_agents = try(each.value.kms, {}) labels = try(each.value.labels, {}) org_policies = try(each.value.org_policies, null) + prefix = each.value.prefix service_accounts = try(each.value.service_accounts, {}) services = try(each.value.services, []) service_identities_iam = try(each.value.service_identities_iam, {}) diff --git a/tests/blueprints/factories/project_factory/fixture/projects/project.yaml b/tests/blueprints/factories/project_factory/fixture/projects/project.yaml index b9d0d85a..a1581984 100644 --- a/tests/blueprints/factories/project_factory/fixture/projects/project.yaml +++ b/tests/blueprints/factories/project_factory/fixture/projects/project.yaml @@ -58,6 +58,9 @@ org_policies: values: - projects/fast-prod-iac-core-0 +# [opt] Prefix - overrides default if set +prefix: test1 + # [opt] Service account to create for the project and their roles on the project # in name => [roles] format service_accounts: diff --git a/tests/blueprints/gke/binauthz/fixture/main.tf b/tests/blueprints/gke/binauthz/fixture/main.tf index eefdacc8..23e1504b 100644 --- a/tests/blueprints/gke/binauthz/fixture/main.tf +++ b/tests/blueprints/gke/binauthz/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/gke/binauthz" + prefix = var.prefix project_create = var.project_create project_id = var.project_id } diff --git a/tests/blueprints/gke/binauthz/fixture/variables.tf b/tests/blueprints/gke/binauthz/fixture/variables.tf index 3f5490d5..8a09c75e 100644 --- a/tests/blueprints/gke/binauthz/fixture/variables.tf +++ b/tests/blueprints/gke/binauthz/fixture/variables.tf @@ -27,3 +27,8 @@ variable "project_id" { type = string default = "my-project" } + +variable "prefix" { + type = string + default = "test" +} diff --git a/tests/blueprints/networking/glb_and_armor/fixture/main.tf b/tests/blueprints/networking/glb_and_armor/fixture/main.tf index 155677b2..2a5a7077 100644 --- a/tests/blueprints/networking/glb_and_armor/fixture/main.tf +++ b/tests/blueprints/networking/glb_and_armor/fixture/main.tf @@ -14,6 +14,7 @@ module "test" { source = "../../../../../blueprints/networking/glb-and-armor" + prefix = var.prefix project_create = var.project_create project_id = var.project_id enforce_security_policy = var.enforce_security_policy diff --git a/tests/blueprints/networking/glb_and_armor/fixture/variables.tf b/tests/blueprints/networking/glb_and_armor/fixture/variables.tf index d6e3c90d..41090c1c 100644 --- a/tests/blueprints/networking/glb_and_armor/fixture/variables.tf +++ b/tests/blueprints/networking/glb_and_armor/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "project_create" { type = object({ billing_account_id = string diff --git a/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf b/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf index 009a26f9..c5b105e6 100644 --- a/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf +++ b/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/networking/hub-and-spoke-peering" + prefix = var.prefix project_create = { billing_account = "123456-123456-123456" oslogin = true diff --git a/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf b/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf index 626af011..b67795f9 100644 --- a/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf +++ b/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "project_id" { type = string default = "project-1" diff --git a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf index 17da8aa0..37558c71 100644 --- a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf +++ b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf @@ -16,9 +16,10 @@ module "test" { source = "../../../../../blueprints/networking/hub-and-spoke-vpn" + prefix = var.prefix project_create_config = { billing_account_id = "ABCDE-123456-ABCDE" parent_id = null } - project_id = "test-1" + project_id = var.project_id } diff --git a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf new file mode 100644 index 00000000..b67795f9 --- /dev/null +++ b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf @@ -0,0 +1,23 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +variable "prefix" { + type = string + default = "test" +} + +variable "project_id" { + type = string + default = "project-1" +} diff --git a/tests/blueprints/networking/ilb_next_hop/fixture/main.tf b/tests/blueprints/networking/ilb_next_hop/fixture/main.tf index 68a148c2..acaad22a 100644 --- a/tests/blueprints/networking/ilb_next_hop/fixture/main.tf +++ b/tests/blueprints/networking/ilb_next_hop/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/networking/ilb-next-hop" + prefix = var.prefix project_create = var.project_create project_id = var.project_id } diff --git a/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf b/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf index 3d884c25..4eede179 100644 --- a/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf +++ b/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "project_create" { type = bool default = true diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf index 35f7b06c..1924ac40 100644 --- a/tests/examples/variables.tf +++ b/tests/examples/variables.tf @@ -36,6 +36,10 @@ variable "folder_id" { default = "folders/1122334455" } +variable "prefix" { + default = "test" +} + variable "project_id" { default = "project-id" } diff --git a/tests/modules/apigee/fixture/test.all.tfvars b/tests/modules/apigee/fixture/test.all.tfvars index 633604f8..b0e25b92 100644 --- a/tests/modules/apigee/fixture/test.all.tfvars +++ b/tests/modules/apigee/fixture/test.all.tfvars @@ -33,9 +33,9 @@ instances = { environments = ["apis-test"] psa_ip_cidr_range = "10.0.4.0/22" } - instance-prod-ew1 = { - region = "europe-west1" + instance-prod-ew3 = { + region = "europe-west3" environments = ["apis-prod"] - psa_ip_cidr_range = "10.0.4.0/22" + psa_ip_cidr_range = "10.0.5.0/22" } } diff --git a/tools/check_documentation.py b/tools/check_documentation.py index 3733f128..30e76571 100755 --- a/tools/check_documentation.py +++ b/tools/check_documentation.py @@ -37,6 +37,10 @@ class State(enum.IntEnum): FAIL_STALE_README = enum.auto() FAIL_UNSORTED_VARS = enum.auto() FAIL_UNSORTED_OUTPUTS = enum.auto() + FAIL_VARIABLE_PERIOD = enum.auto() + FAIL_OUTPUT_PERIOD = enum.auto() + FAIL_VARIABLE_DESCRIPTION = enum.auto() + FAIL_OUTPUT_DESCRIPTION = enum.auto() @property def failed(self): @@ -48,8 +52,12 @@ class State(enum.IntEnum): State.SKIP: ' ', State.OK: '✓ ', State.FAIL_STALE_README: '✗R', - State.FAIL_UNSORTED_VARS: '✗V', - State.FAIL_UNSORTED_OUTPUTS: '✗O', + State.FAIL_UNSORTED_VARS: 'SV', + State.FAIL_UNSORTED_OUTPUTS: 'SO', + State.FAIL_VARIABLE_PERIOD: '.V', + State.FAIL_OUTPUT_PERIOD: '.O', + State.FAIL_VARIABLE_DESCRIPTION: 'DV', + State.FAIL_OUTPUT_DESCRIPTION: 'DO', }[self.value] @@ -71,10 +79,10 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra, exclude_files, readme) # TODO: support variables in multiple files - variables = [ - v.name for v in new_doc.variables if v.file == "variables.tf" - ] - outputs = [o.name for o in new_doc.outputs if o.file == "outputs.tf"] + newvars = new_doc.variables + newouts = new_doc.outputs + variables = [v.name for v in newvars if v.file == "variables.tf"] + outputs = [o.name for o in newouts if o.file == "outputs.tf"] except SystemExit: state = state.SKIP else: @@ -87,6 +95,20 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): new_doc.content.split('\n')) diff = '\n'.join([header] + list(ndiff)) + elif empty := [v.name for v in newvars if not v.description]: + state = state.FAIL_VARIABLE_DESCRIPTION + diff = "\n".join([ + f'----- {mod_name} variables missing description -----', + ', '.join(empty), + ]) + + elif empty := [o.name for o in newouts if not o.description]: + state = state.FAIL_VARIABLE_DESCRIPTION + diff = "\n".join([ + f'----- {mod_name} outputs missing description -----', + ', '.join(empty), + ]) + elif variables != sorted(variables): state = state.FAIL_UNSORTED_VARS diff = "\n".join([ @@ -103,6 +125,20 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): ', '.join(sorted(outputs)), ]) + elif nc := [v.name for v in newvars if not v.description.endswith('.')]: + state = state.FAIL_VARIABLE_PERIOD + diff = "\n".join([ + f'----- {mod_name} variables missing colons -----', + ', '.join(nc), + ]) + + elif nc := [o.name for o in newouts if not o.description.endswith('.')]: + state = state.FAIL_VARIABLE_PERIOD + diff = "\n".join([ + f'----- {mod_name} outputs missing colons -----', + ', '.join(nc), + ]) + yield mod_name, state, diff @@ -128,7 +164,6 @@ def main(dirs, exclude_file=None, files=False, show_diffs=False, if errors: if show_diffs: print('Errored diffs:') - print(errors) print('\n'.join([e[1] for e in errors])) else: print('Errored modules:')