Merge branch 'master' into binauthz-fixes

This commit is contained in:
apichick 2022-11-28 12:33:34 +01:00 committed by GitHub
commit ba17e10ebd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
159 changed files with 962 additions and 604 deletions

23
.github/labeler.yml vendored Normal file
View File

@ -0,0 +1,23 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
'on:blueprints':
- blueprints/**/*
'on:FAST':
- fast/**/*
'on:modules':
- modules/**/*
'on:tools':
- tools/**/*
- .github/**/*

30
.github/workflows/labeler.yml vendored Normal file
View File

@ -0,0 +1,30 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Label Pull Requests"
on:
pull_request_target:
jobs:
triage:
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
sync-labels: true

View File

@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file.
### BLUEPRINTS ### BLUEPRINTS
- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2022-11-25 15:19:02+00:00 -->
- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese)) <!-- 2022-11-23 10:09:00+00:00 -->
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 --> - [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 -->
- [[#984](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/984)] **incompatible change:** Apigee module and blueprint ([apichick](https://github.com/apichick)) <!-- 2022-11-17 16:20:27+00:00 --> - [[#984](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/984)] **incompatible change:** Apigee module and blueprint ([apichick](https://github.com/apichick)) <!-- 2022-11-17 16:20:27+00:00 -->
- [[#980](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/980)] Have Squid log to /dev/stdout to stream logs to Cloud Logging ([kunzese](https://github.com/kunzese)) <!-- 2022-11-16 13:41:26+00:00 --> - [[#980](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/980)] Have Squid log to /dev/stdout to stream logs to Cloud Logging ([kunzese](https://github.com/kunzese)) <!-- 2022-11-16 13:41:26+00:00 -->
@ -59,6 +61,10 @@ All notable changes to this project will be documented in this file.
### DOCUMENTATION ### DOCUMENTATION
- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2022-11-25 15:19:02+00:00 -->
- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) <!-- 2022-11-24 15:59:32+00:00 -->
- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) <!-- 2022-11-23 15:31:01+00:00 -->
- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese)) <!-- 2022-11-23 10:09:00+00:00 -->
- [[#987](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/987)] Add tests to factory examples ([juliocc](https://github.com/juliocc)) <!-- 2022-11-18 17:01:41+00:00 --> - [[#987](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/987)] Add tests to factory examples ([juliocc](https://github.com/juliocc)) <!-- 2022-11-18 17:01:41+00:00 -->
- [[#972](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/972)] Add note about TF_PLUGIN_CACHE_DIR ([wiktorn](https://github.com/wiktorn)) <!-- 2022-11-14 10:21:37+00:00 --> - [[#972](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/972)] Add note about TF_PLUGIN_CACHE_DIR ([wiktorn](https://github.com/wiktorn)) <!-- 2022-11-14 10:21:37+00:00 -->
- [[#961](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/961)] Remove extra file from root ([ludoo](https://github.com/ludoo)) <!-- 2022-11-09 07:53:11+00:00 --> - [[#961](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/961)] Remove extra file from root ([ludoo](https://github.com/ludoo)) <!-- 2022-11-09 07:53:11+00:00 -->
@ -72,6 +78,7 @@ All notable changes to this project will be documented in this file.
### FAST ### FAST
- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) <!-- 2022-11-23 15:31:01+00:00 -->
- [[#976](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/976)] FAST: fixes to GitHub workflow and 02/net outputs ([ludoo](https://github.com/ludoo)) <!-- 2022-11-15 07:48:32+00:00 --> - [[#976](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/976)] FAST: fixes to GitHub workflow and 02/net outputs ([ludoo](https://github.com/ludoo)) <!-- 2022-11-15 07:48:32+00:00 -->
- [[#966](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/966)] FAST: improve GitHub workflow, stage 01 output fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-11-11 07:55:58+00:00 --> - [[#966](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/966)] FAST: improve GitHub workflow, stage 01 output fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-11-11 07:55:58+00:00 -->
- [[#963](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/963)] **incompatible change:** Refactor vps-sc module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-11-10 18:34:45+00:00 --> - [[#963](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/963)] **incompatible change:** Refactor vps-sc module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-11-10 18:34:45+00:00 -->
@ -104,6 +111,11 @@ All notable changes to this project will be documented in this file.
### MODULES ### MODULES
- [[#1016](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1016)] Fix memory/cpu typo in gke cluster module ([joeheaton](https://github.com/joeheaton)) <!-- 2022-11-27 17:29:26+00:00 -->
- [[#1012](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1012)] Fix tag outputs in organization module ([ludoo](https://github.com/ludoo)) <!-- 2022-11-25 13:06:32+00:00 -->
- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) <!-- 2022-11-24 15:59:32+00:00 -->
- [[#999](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/999)] Default nodepool creation fix ([astianseb](https://github.com/astianseb)) <!-- 2022-11-22 18:17:58+00:00 -->
- [[#1005](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1005)] Only set partitioned table when sink type is bigquery ([juliocc](https://github.com/juliocc)) <!-- 2022-11-22 16:13:53+00:00 -->
- [[#997](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/997)] Add BigQuery subcriptions to Pubsub module. ([iht](https://github.com/iht)) <!-- 2022-11-21 17:26:52+00:00 --> - [[#997](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/997)] Add BigQuery subcriptions to Pubsub module. ([iht](https://github.com/iht)) <!-- 2022-11-21 17:26:52+00:00 -->
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 --> - [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 -->
- [[#994](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/994)] Add schemas to Pubsub topic module. ([iht](https://github.com/iht)) <!-- 2022-11-20 16:56:03+00:00 --> - [[#994](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/994)] Add schemas to Pubsub topic module. ([iht](https://github.com/iht)) <!-- 2022-11-20 16:56:03+00:00 -->
@ -174,6 +186,10 @@ All notable changes to this project will be documented in this file.
### TOOLS ### TOOLS
- [[#1013](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1013)] Update labeler.yml ([ludoo](https://github.com/ludoo)) <!-- 2022-11-25 13:27:47+00:00 -->
- [[#1010](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1010)] Enforce nonempty descriptions ending in a dot ([juliocc](https://github.com/juliocc)) <!-- 2022-11-25 09:15:29+00:00 -->
- [[#1004](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1004)] Use `actions/labeler` to automatically label pull requests ([kunzese](https://github.com/kunzese)) <!-- 2022-11-22 14:42:47+00:00 -->
- [[#998](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/998)] Add missing `write_package` permission ([kunzese](https://github.com/kunzese)) <!-- 2022-11-22 08:32:42+00:00 -->
- [[#996](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/996)] Fix `repository name must be lowercase` on docker build ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 16:04:57+00:00 --> - [[#996](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/996)] Fix `repository name must be lowercase` on docker build ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 16:04:57+00:00 -->
- [[#993](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/993)] Fix variable and output sort check ([juliocc](https://github.com/juliocc)) <!-- 2022-11-21 13:32:56+00:00 --> - [[#993](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/993)] Fix variable and output sort check ([juliocc](https://github.com/juliocc)) <!-- 2022-11-21 13:32:56+00:00 -->
- [[#950](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/950)] Add a pytest fixture to convert tfvars to yaml ([ludoo](https://github.com/ludoo)) <!-- 2022-11-04 17:37:24+00:00 --> - [[#950](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/950)] Add a pytest fixture to convert tfvars to yaml ([ludoo](https://github.com/ludoo)) <!-- 2022-11-04 17:37:24+00:00 -->

View File

@ -209,7 +209,7 @@ module "project" {
] ]
} }
iam = { iam = {
"roles/editor" = [ "roles/editor" = [
"serviceAccount:${module.project.service_accounts.cloud_services}" "serviceAccount:${module.project.service_accounts.cloud_services}"
] ]
} }
@ -236,7 +236,7 @@ module "project" {
source = "./modules/project" source = "./modules/project"
name = "project-example" name = "project-example"
iam = { iam = {
"roles/editor" = [ "roles/editor" = [
"serviceAccount:${module.project.service_accounts.cloud_services}" "serviceAccount:${module.project.service_accounts.cloud_services}"
] ]
} }
@ -543,7 +543,7 @@ locals {
#### The `prefix` variable #### The `prefix` variable
If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all code: If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all modules:
```hcl ```hcl
# variables.tf # variables.tf
variable "prefix" { variable "prefix" {
@ -551,8 +551,8 @@ variable "prefix" {
type = string type = string
default = null default = null
validation { validation {
condition = var.prefix != "" condition = var.prefix != ""
error_message = "Prefix can not be empty, please use null instead." error_message = "Prefix cannot be empty, please use null instead."
} }
} }
@ -562,6 +562,18 @@ locals {
} }
``` ```
For blueprints the prefix is mandatory:
```hcl
variable "prefix" {
description = "Prefix used for resource names."
type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
}
```
### Interacting with checks, tests and tools ### Interacting with checks, tests and tools
Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers. Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers.

View File

@ -54,18 +54,18 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | <code>string</code> | ✓ | | | [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | <code>string</code> | ✓ | |
| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | <code>string</code> | ✓ | | | [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L79) | Host project ID. | <code>string</code> | ✓ | | | [prefix](variables.tf#L64) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L82) | Host project ID. | <code>string</code> | ✓ | |
| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;24&#34;</code> | | [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;24&#34;</code> |
| [disk_size](variables.tf#L31) | Disk size. | <code>number</code> | | <code>50</code> | | [disk_size](variables.tf#L31) | Disk size. | <code>number</code> | | <code>50</code> |
| [disk_type](variables.tf#L37) | Disk type. | <code>string</code> | | <code>&#34;pd-ssd&#34;</code> | | [disk_type](variables.tf#L37) | Disk type. | <code>string</code> | | <code>&#34;pd-ssd&#34;</code> |
| [image](variables.tf#L43) | Image. | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2022&#34;</code> | | [image](variables.tf#L43) | Image. | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2022&#34;</code> |
| [instance_type](variables.tf#L49) | Instance type. | <code>string</code> | | <code>&#34;n1-standard-2&#34;</code> | | [instance_type](variables.tf#L49) | Instance type. | <code>string</code> | | <code>&#34;n1-standard-2&#34;</code> |
| [network_config](variables.tf#L55) | Network configuration | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnet &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L55) | Network configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnet &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [prefix](variables.tf#L64) | Prefix for the resources created. | <code>string</code> | | <code>null</code> | | [project_create](variables.tf#L73) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [region](variables.tf#L87) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [region](variables.tf#L84) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [subnet_ip_cidr_block](variables.tf#L93) | Subnet IP CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;28&#34;</code> |
| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;28&#34;</code> | | [zone](variables.tf#L99) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
| [zone](variables.tf#L96) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
## Outputs ## Outputs

View File

@ -12,10 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
locals {
prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
}
module "project" { module "project" {
source = "../../../modules/project" source = "../../../modules/project"
billing_account = ( billing_account = (
@ -41,7 +37,7 @@ module "vpc" {
count = var.network_config == null ? 1 : 0 count = var.network_config == null ? 1 : 0
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}vpc" name = "${var.prefix}-vpc"
subnets = [ subnets = [
{ {
ip_cidr_range = var.subnet_ip_cidr_block ip_cidr_range = var.subnet_ip_cidr_block
@ -98,7 +94,7 @@ module "server" {
module "glb" { module "glb" {
source = "../../../modules/net-glb" source = "../../../modules/net-glb"
name = "${local.prefix}glb" name = "${var.prefix}-glb"
project_id = module.project.project_id project_id = module.project.project_id
https = true https = true

View File

@ -53,7 +53,7 @@ variable "instance_type" {
} }
variable "network_config" { variable "network_config" {
description = "Network configuration" description = "Network configuration."
type = object({ type = object({
network = string network = string
subnet = string subnet = string
@ -62,9 +62,12 @@ variable "network_config" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix for the resources created." description = "Prefix used for resource names."
type = string type = string
default = null validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -63,7 +63,7 @@ Do the following to verify that everything works as expected.
| [instances](variables.tf#L46) | Instance. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; psa_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | | | [instances](variables.tf#L46) | Instance. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; psa_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | |
| [psc_config](variables.tf#L98) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ | | | [psc_config](variables.tf#L98) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ | |
| [datastore_name](variables.tf#L17) | Datastore | <code>string</code> | | <code>&#34;gcs&#34;</code> | | [datastore_name](variables.tf#L17) | Datastore. | <code>string</code> | | <code>&#34;gcs&#34;</code> |
| [organization](variables.tf#L60) | Apigee organization. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; description &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; authorized_network &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> | | [organization](variables.tf#L60) | Apigee organization. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; description &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; authorized_network &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>&#34;&#47;analytics&#34;</code> | | [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>&#34;&#47;analytics&#34;</code> |
| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |

View File

@ -15,7 +15,7 @@
*/ */
variable "datastore_name" { variable "datastore_name" {
description = "Datastore" description = "Datastore."
type = string type = string
nullable = false nullable = false
default = "gcs" default = "gcs"

View File

@ -26,11 +26,11 @@ Note that Terraform 0.13 at least is required due to the use of `for_each` with
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | <code>string</code> | ✓ | |
| [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | <code>string</code> | ✓ | | | [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | <code>string</code> | ✓ | |
| [shared_vpc_link](variables.tf#L48) | Shared VPC self link, used for DNS peering. | <code>string</code> | ✓ | | | [prefix](variables.tf#L33) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [shared_vpc_link](variables.tf#L51) | Shared VPC self link, used for DNS peering. | <code>string</code> | ✓ | |
| [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | <code>string</code> | | <code>&#34;example.org&#34;</code> | | [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | <code>string</code> | | <code>&#34;example.org&#34;</code> |
| [prefix](variables.tf#L33) | Customer name to use as prefix for resources' naming. | <code>string</code> | | <code>&#34;test-dns&#34;</code> | | [project_services](variables.tf#L42) | Service APIs enabled by default. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;compute.googleapis.com&#34;,&#10; &#34;dns.googleapis.com&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> |
| [project_services](variables.tf#L39) | Service APIs enabled by default. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;compute.googleapis.com&#34;,&#10; &#34;dns.googleapis.com&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> | | [teams](variables.tf#L56) | List of application teams requiring their own Cloud DNS instance. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;team1&#34;,&#10; &#34;team2&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> |
| [teams](variables.tf#L53) | List of application teams requiring their own Cloud DNS instance. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;team1&#34;,&#10; &#34;team2&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> |
## Outputs ## Outputs

View File

@ -50,8 +50,12 @@ variable "billing_account" {
} }
variable "prefix" { variable "prefix" {
description = "Customer name to use as prefix for resources' naming." description = "Prefix used for resource names."
default = "test-dns" type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "dns_domain" { variable "dns_domain" {

View File

@ -31,9 +31,12 @@ variable "folder_id" {
} }
variable "prefix" { variable "prefix" {
description = "Customer name to use as prefix for resources' naming." description = "Prefix used for resource names."
type = string type = string
default = "test-dns" validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_services" { variable "project_services" {

View File

@ -89,15 +89,15 @@ If you are interested in this and/or would like to contribute, please contact le
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with | <code></code> | ✓ | | | [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with. | <code></code> | ✓ | |
| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled) | <code>list&#40;string&#41;</code> | ✓ | | | [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled). | <code>list&#40;string&#41;</code> | ✓ | |
| [organization_id](variables.tf#L46) | The organization id for the associated services | <code></code> | ✓ | | | [organization_id](variables.tf#L46) | The organization id for the associated services. | <code></code> | ✓ | |
| [prefix](variables.tf#L50) | Customer name to use as prefix for monitoring project | <code></code> | ✓ | | | [prefix](variables.tf#L50) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. | <code></code> | | <code>V1</code> | | [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. | <code></code> | | <code>V1</code> |
| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled) | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled). | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string | <code></code> | | | | [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string. | <code></code> | | |
| [project_monitoring_services](variables.tf#L54) | Service APIs enabled in the monitoring project if it will be created. | <code></code> | | <code title="&#91;&#10; &#34;artifactregistry.googleapis.com&#34;,&#10; &#34;cloudasset.googleapis.com&#34;,&#10; &#34;cloudbilling.googleapis.com&#34;,&#10; &#34;cloudbuild.googleapis.com&#34;,&#10; &#34;cloudfunctions.googleapis.com&#34;,&#10; &#34;cloudresourcemanager.googleapis.com&#34;,&#10; &#34;cloudscheduler.googleapis.com&#34;,&#10; &#34;compute.googleapis.com&#34;,&#10; &#34;iam.googleapis.com&#34;,&#10; &#34;iamcredentials.googleapis.com&#34;,&#10; &#34;logging.googleapis.com&#34;,&#10; &#34;monitoring.googleapis.com&#34;,&#10; &#34;pubsub.googleapis.com&#34;,&#10; &#34;run.googleapis.com&#34;,&#10; &#34;servicenetworking.googleapis.com&#34;,&#10; &#34;serviceusage.googleapis.com&#34;,&#10; &#34;storage-component.googleapis.com&#34;&#10;&#93;">&#91;&#8230;&#93;</code> | | [project_monitoring_services](variables.tf#L59) | Service APIs enabled in the monitoring project if it will be created. | <code></code> | | <code title="&#91;&#10; &#34;artifactregistry.googleapis.com&#34;,&#10; &#34;cloudasset.googleapis.com&#34;,&#10; &#34;cloudbilling.googleapis.com&#34;,&#10; &#34;cloudbuild.googleapis.com&#34;,&#10; &#34;cloudfunctions.googleapis.com&#34;,&#10; &#34;cloudresourcemanager.googleapis.com&#34;,&#10; &#34;cloudscheduler.googleapis.com&#34;,&#10; &#34;compute.googleapis.com&#34;,&#10; &#34;iam.googleapis.com&#34;,&#10; &#34;iamcredentials.googleapis.com&#34;,&#10; &#34;logging.googleapis.com&#34;,&#10; &#34;monitoring.googleapis.com&#34;,&#10; &#34;pubsub.googleapis.com&#34;,&#10; &#34;run.googleapis.com&#34;,&#10; &#34;servicenetworking.googleapis.com&#34;,&#10; &#34;serviceusage.googleapis.com&#34;,&#10; &#34;storage-component.googleapis.com&#34;&#10;&#93;">&#91;&#8230;&#93;</code> |
| [region](variables.tf#L76) | Region used to deploy the cloud functions and scheduler | <code></code> | | <code>europe-west1</code> | | [region](variables.tf#L81) | Region used to deploy the cloud functions and scheduler. | <code></code> | | <code>europe-west1</code> |
| [schedule_cron](variables.tf#L81) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | <code></code> | | <code>&#42;&#47;10 &#42; &#42; &#42; &#42;</code> | | [schedule_cron](variables.tf#L86) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | <code></code> | | <code>&#42;&#47;10 &#42; &#42; &#42; &#42;</code> |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -187,7 +187,7 @@ def count_effective_limit(config, project_id, network_dict, usage_metric_name,
for peered_network in network_dict['peerings']: for peered_network in network_dict['peerings']:
if 'usage' not in peered_network: if 'usage' not in peered_network:
print( print(
f"Can not add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions" f"Cannot add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions"
) )
continue continue
peering_group_usage += peered_network['usage'] peering_group_usage += peered_network['usage']

View File

@ -23,7 +23,12 @@ variable "billing_account" {
} }
variable "prefix" { variable "prefix" {
description = "Customer name to use as prefix for resources' naming" description = "Prefix used for resource names."
type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_vm_services" { variable "project_vm_services" {

View File

@ -15,7 +15,7 @@
*/ */
variable "billing_account" { variable "billing_account" {
description = "The ID of the billing account to associate this project with" description = "The ID of the billing account to associate this project with."
} }
variable "cf_version" { variable "cf_version" {
@ -29,26 +29,31 @@ variable "cf_version" {
variable "monitored_folders_list" { variable "monitored_folders_list" {
type = list(string) type = list(string)
description = "ID of the projects to be monitored (where limits and quotas data will be pulled)" description = "ID of the projects to be monitored (where limits and quotas data will be pulled)."
default = [] default = []
} }
variable "monitored_projects_list" { variable "monitored_projects_list" {
type = list(string) type = list(string)
description = "ID of the projects to be monitored (where limits and quotas data will be pulled)" description = "ID of the projects to be monitored (where limits and quotas data will be pulled)."
} }
variable "monitoring_project_id" { variable "monitoring_project_id" {
description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string" description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string."
default = "" default = ""
} }
variable "organization_id" { variable "organization_id" {
description = "The organization id for the associated services" description = "The organization id for the associated services."
} }
variable "prefix" { variable "prefix" {
description = "Customer name to use as prefix for monitoring project" description = "Prefix used for resource names."
type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_monitoring_services" { variable "project_monitoring_services" {
@ -74,7 +79,7 @@ variable "project_monitoring_services" {
] ]
} }
variable "region" { variable "region" {
description = "Region used to deploy the cloud functions and scheduler" description = "Region used to deploy the cloud functions and scheduler."
default = "europe-west1" default = "europe-west1"
} }

View File

@ -35,6 +35,6 @@ provider "google-beta" {
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [credentials](outputs.tf#L17) | | | | [credentials](outputs.tf#L17) | Credentials in format to pass the to gcp provider. | |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -15,6 +15,7 @@
*/ */
output "credentials" { output "credentials" {
description = "Credentials in format to pass the to gcp provider."
value = jsonencode({ value = jsonencode({
"type" : "external_account", "type" : "external_account",
"audience" : "${local.audience}", "audience" : "${local.audience}",

View File

@ -22,11 +22,11 @@ This sample creates several distinct groups of resources:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login | <code>string</code> | ✓ | | | [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login. | <code>string</code> | ✓ | |
| [vcenter_password](variables.tf#L48) | VCenter user password. | <code>string</code> | ✓ | | | [vcenter_password](variables.tf#L48) | VCenter user password. | <code>string</code> | ✓ | |
| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters | <code title="object&#40;&#123;&#10; vcenter_ip &#61; string&#10; vcenter_user &#61; string&#10; data_center &#61; string&#10; resource_pool &#61; string&#10; host_ip &#61; string&#10; datastore &#61; string&#10; virtual_net &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters. | <code title="object&#40;&#123;&#10; vcenter_ip &#61; string&#10; vcenter_user &#61; string&#10; data_center &#61; string&#10; resource_pool &#61; string&#10; host_ip &#61; string&#10; datastore &#61; string&#10; virtual_net &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters | <code title="object&#40;&#123;&#10; hostname &#61; string&#10; ip0 &#61; string&#10; netmask0 &#61; string&#10; gateway &#61; string&#10; DNS &#61; string&#10; proxy &#61; string&#10; route0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; &#34;hostname&#34; &#61; &#34;gcp-m4ce-connector&#34;&#10; &#34;ip0&#34; &#61; &#34;0.0.0.0&#34;&#10; &#34;netmask0&#34; &#61; &#34;0.0.0.0&#34;&#10; &#34;gateway&#34; &#61; &#34;0.0.0.0&#34;&#10; &#34;DNS&#34; &#61; &#34;&#34;&#10; &#34;proxy&#34; &#61; &#34;&#34;&#10; &#34;route0&#34; &#61; &#34;&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters. | <code title="object&#40;&#123;&#10; hostname &#61; string&#10; ip0 &#61; string&#10; netmask0 &#61; string&#10; gateway &#61; string&#10; DNS &#61; string&#10; proxy &#61; string&#10; route0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; &#34;hostname&#34; &#61; &#34;gcp-m4ce-connector&#34;&#10; &#34;ip0&#34; &#61; &#34;0.0.0.0&#34;&#10; &#34;netmask0&#34; &#61; &#34;0.0.0.0&#34;&#10; &#34;gateway&#34; &#61; &#34;0.0.0.0&#34;&#10; &#34;DNS&#34; &#61; &#34;&#34;&#10; &#34;proxy&#34; &#61; &#34;&#34;&#10; &#34;route0&#34; &#61; &#34;&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image | <code>string</code> | | <code>&#34;https:&#47;&#47;storage.googleapis.com&#47;vmmigration-public-artifacts&#47;migrate-connector-2-0-1663.ova&#34;</code> | | [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image. | <code>string</code> | | <code>&#34;https:&#47;&#47;storage.googleapis.com&#47;vmmigration-public-artifacts&#47;migrate-connector-2-0-1663.ova&#34;</code> |
<!-- END TFDOC --> <!-- END TFDOC -->
## Manual Steps ## Manual Steps

View File

@ -13,7 +13,7 @@
# limitations under the License. # limitations under the License.
variable "m4ce_appliance_properties" { variable "m4ce_appliance_properties" {
description = "M4CE connector OVA image configuration parameters" description = "M4CE connector OVA image configuration parameters."
type = object({ type = object({
hostname = string hostname = string
ip0 = string ip0 = string
@ -35,13 +35,13 @@ variable "m4ce_appliance_properties" {
} }
variable "m4ce_connector_ovf_url" { variable "m4ce_connector_ovf_url" {
description = "http URL to the public M4CE connector OVA image" description = "http URL to the public M4CE connector OVA image."
type = string type = string
default = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova" default = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
} }
variable "m4ce_ssh_public_key" { variable "m4ce_ssh_public_key" {
description = "Filesystem path to the public key for the SSH login" description = "Filesystem path to the public key for the SSH login."
type = string type = string
} }
@ -51,7 +51,7 @@ variable "vcenter_password" {
} }
variable "vsphere_environment" { variable "vsphere_environment" {
description = "VMVware VSphere connection parameters" description = "VMVware VSphere connection parameters."
type = object({ type = object({
vcenter_ip = string vcenter_ip = string
vcenter_user = string vcenter_user = string

View File

@ -25,16 +25,16 @@ This sample creates\updates several distinct groups of resources:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list&#40;string&#41;</code> | ✓ | | | [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | <code>list&#40;string&#41;</code> | ✓ | |
| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | <code>list&#40;string&#41;</code> | ✓ | | | [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | <code>list&#40;string&#41;</code> | ✓ | |
| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project | <code>string</code> | | <code>&#34;m4ce-host-project-000&#34;</code> | | [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project. | <code>string</code> | | <code>&#34;m4ce-host-project-000&#34;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects | | | [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects. | |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -13,6 +13,6 @@
# limitations under the License. # limitations under the License.
output "m4ce_gmanaged_service_account" { output "m4ce_gmanaged_service_account" {
description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects" description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects."
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com" value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
} }

View File

@ -13,23 +13,23 @@
# limitations under the License. # limitations under the License.
variable "migration_admin_users" { variable "migration_admin_users" {
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format" description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
type = list(string) type = list(string)
} }
variable "migration_target_projects" { variable "migration_target_projects" {
description = "List of target projects for m4ce workload migrations" description = "List of target projects for m4ce workload migrations."
type = list(string) type = list(string)
} }
variable "migration_viewer_users" { variable "migration_viewer_users" {
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format" description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
type = list(string) type = list(string)
default = [] default = []
} }
variable "project_create" { variable "project_create" {
description = "Parameters for the creation of the new project to host the M4CE backend" description = "Parameters for the creation of the new project to host the M4CE backend."
type = object({ type = object({
billing_account_id = string billing_account_id = string
parent = string parent = string
@ -38,7 +38,7 @@ variable "project_create" {
} }
variable "project_name" { variable "project_name" {
description = "Name of an existing project or of the new project assigned as M4CE host project" description = "Name of an existing project or of the new project assigned as M4CE host project."
type = string type = string
default = "m4ce-host-project-000" default = "m4ce-host-project-000"
} }

View File

@ -26,18 +26,18 @@ This sample creates\update several distinct groups of resources:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list&#40;string&#41;</code> | ✓ | | | [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | <code>list&#40;string&#41;</code> | ✓ | |
| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | <code>list&#40;string&#41;</code> | ✓ | | | [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | <code>list&#40;string&#41;</code> | ✓ | |
| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects | <code>list&#40;string&#41;</code> | ✓ | | | [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects. | <code>list&#40;string&#41;</code> | ✓ | |
| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project | <code>string</code> | | <code>&#34;m4ce-host-project-000&#34;</code> | | [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project. | <code>string</code> | | <code>&#34;m4ce-host-project-000&#34;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | | | [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
<!-- END TFDOC --> <!-- END TFDOC -->
## Manual Steps ## Manual Steps

View File

@ -13,6 +13,6 @@
# limitations under the License. # limitations under the License.
output "m4ce_gmanaged_service_account" { output "m4ce_gmanaged_service_account" {
description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects" description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects."
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com" value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
} }

View File

@ -13,22 +13,22 @@
# limitations under the License. # limitations under the License.
variable "migration_admin_users" { variable "migration_admin_users" {
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format" description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
type = list(string) type = list(string)
} }
variable "migration_target_projects" { variable "migration_target_projects" {
description = "List of target projects for m4ce workload migrations" description = "List of target projects for m4ce workload migrations."
type = list(string) type = list(string)
} }
variable "migration_viewer_users" { variable "migration_viewer_users" {
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format" description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
type = list(string) type = list(string)
default = [] default = []
} }
variable "project_create" { variable "project_create" {
description = "Parameters for the creation of the new project to host the M4CE backend" description = "Parameters for the creation of the new project to host the M4CE backend."
type = object({ type = object({
billing_account_id = string billing_account_id = string
parent = string parent = string
@ -37,12 +37,12 @@ variable "project_create" {
} }
variable "project_name" { variable "project_name" {
description = "Name of an existing project or of the new project assigned as M4CE host project" description = "Name of an existing project or of the new project assigned as M4CE host project."
type = string type = string
default = "m4ce-host-project-000" default = "m4ce-host-project-000"
} }
variable "sharedvpc_host_projects" { variable "sharedvpc_host_projects" {
description = "List of host projects that share a VPC with the selected target projects" description = "List of host projects that share a VPC with the selected target projects."
type = list(string) type = list(string)
} }

View File

@ -26,16 +26,16 @@ This sample creates several distinct groups of resources:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list&#40;string&#41;</code> | ✓ | | | [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | <code>list&#40;string&#41;</code> | ✓ | |
| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project | <code>string</code> | | <code>&#34;m4ce-host-project-000&#34;</code> | | [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project. | <code>string</code> | | <code>&#34;m4ce-host-project-000&#34;</code> |
| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project | <code title="object&#40;&#123;&#10; ip_cidr_range &#61; string,&#10; region &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; ip_cidr_range &#61; &#34;10.200.0.0&#47;20&#34;,&#10; region &#61; &#34;us-west2&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project. | <code title="object&#40;&#123;&#10; ip_cidr_range &#61; string,&#10; region &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; ip_cidr_range &#61; &#34;10.200.0.0&#47;20&#34;,&#10; region &#61; &#34;us-west2&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | | | [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -13,6 +13,6 @@
# limitations under the License. # limitations under the License.
output "m4ce_gmanaged_service_account" { output "m4ce_gmanaged_service_account" {
description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects" description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects."
value = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com" value = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
} }

View File

@ -13,18 +13,18 @@
# limitations under the License. # limitations under the License.
variable "migration_admin_users" { variable "migration_admin_users" {
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format" description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
type = list(string) type = list(string)
} }
variable "migration_viewer_users" { variable "migration_viewer_users" {
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format" description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
type = list(string) type = list(string)
default = [] default = []
} }
variable "project_create" { variable "project_create" {
description = "Parameters for the creation of the new project to host the M4CE backend" description = "Parameters for the creation of the new project to host the M4CE backend."
type = object({ type = object({
billing_account_id = string billing_account_id = string
parent = string parent = string
@ -33,13 +33,13 @@ variable "project_create" {
} }
variable "project_name" { variable "project_name" {
description = "Name of an existing project or of the new project assigned as M4CE host an target project" description = "Name of an existing project or of the new project assigned as M4CE host an target project."
type = string type = string
default = "m4ce-host-project-000" default = "m4ce-host-project-000"
} }
variable "vpc_config" { variable "vpc_config" {
description = "Parameters to create a simple VPC on the M4CE project" description = "Parameters to create a simple VPC on the M4CE project."
type = object({ type = object({
ip_cidr_range = string, ip_cidr_range = string,
region = string region = string

View File

@ -143,15 +143,15 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | | | [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | | | [prefix](variables.tf#L45) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | | | [project_id](variables.tf#L63) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_link &#61; string&#10; cloudsql_psa_range &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_link &#61; string&#10; cloudsql_psa_range &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [postgres_database](variables.tf#L34) | `postgres` database. | <code>string</code> | | <code>&#34;guestbook&#34;</code> | | [postgres_database](variables.tf#L34) | `postgres` database. | <code>string</code> | | <code>&#34;guestbook&#34;</code> |
| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L54) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; replica &#61; &#34;europe-west3&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [regions](variables.tf#L68) | Map of instance_name => location where instances will be deployed. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; replica &#61; &#34;europe-west3&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map&#40;string&#41;</code> | | <code>null</code> | | [service_encryption_keys](variables.tf#L81) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | <code title="object&#40;&#123;&#10; availability_type &#61; string&#10; database_version &#61; string&#10; psa_range &#61; string&#10; tier &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; availability_type &#61; &#34;REGIONAL&#34;&#10; database_version &#61; &#34;POSTGRES_13&#34;&#10; psa_range &#61; &#34;10.60.0.0&#47;16&#34;&#10; tier &#61; &#34;db-g1-small&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [sql_configuration](variables.tf#L87) | Cloud SQL configuration. | <code title="object&#40;&#123;&#10; availability_type &#61; string&#10; database_version &#61; string&#10; psa_range &#61; string&#10; tier &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; availability_type &#61; &#34;REGIONAL&#34;&#10; database_version &#61; &#34;POSTGRES_13&#34;&#10; psa_range &#61; &#34;10.60.0.0&#47;16&#34;&#10; tier &#61; &#34;db-g1-small&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
## Outputs ## Outputs

View File

@ -43,8 +43,12 @@ variable "postgres_user_password" {
} }
variable "prefix" { variable "prefix" {
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {
@ -81,7 +85,7 @@ variable "service_encryption_keys" {
} }
variable "sql_configuration" { variable "sql_configuration" {
description = "Cloud SQL configuration" description = "Cloud SQL configuration."
type = object({ type = object({
availability_type = string availability_type = string
database_version = string database_version = string

View File

@ -96,14 +96,14 @@ service_encryption_keys = {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [prefix](variables.tf#L78) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | | | [prefix](variables.tf#L78) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L92) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | | | [project_id](variables.tf#L96) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | <code title="object&#40;&#123;&#10; environment_size &#61; string&#10; software_config &#61; any&#10; workloads_config &#61; object&#40;&#123;&#10; scheduler &#61; object&#40;&#10; &#123;&#10; cpu &#61; number&#10; memory_gb &#61; number&#10; storage_gb &#61; number&#10; count &#61; number&#10; &#125;&#10; &#41;&#10; web_server &#61; object&#40;&#10; &#123;&#10; cpu &#61; number&#10; memory_gb &#61; number&#10; storage_gb &#61; number&#10; &#125;&#10; &#41;&#10; worker &#61; object&#40;&#10; &#123;&#10; cpu &#61; number&#10; memory_gb &#61; number&#10; storage_gb &#61; number&#10; min_count &#61; number&#10; max_count &#61; number&#10; &#125;&#10; &#41;&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; environment_size &#61; &#34;ENVIRONMENT_SIZE_SMALL&#34;&#10; software_config &#61; &#123;&#10; image_version &#61; &#34;composer-2-airflow-2&#34;&#10; &#125;&#10; workloads_config &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> | | [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | <code title="object&#40;&#123;&#10; environment_size &#61; string&#10; software_config &#61; any&#10; workloads_config &#61; object&#40;&#123;&#10; scheduler &#61; object&#40;&#10; &#123;&#10; cpu &#61; number&#10; memory_gb &#61; number&#10; storage_gb &#61; number&#10; count &#61; number&#10; &#125;&#10; &#41;&#10; web_server &#61; object&#40;&#10; &#123;&#10; cpu &#61; number&#10; memory_gb &#61; number&#10; storage_gb &#61; number&#10; &#125;&#10; &#41;&#10; worker &#61; object&#40;&#10; &#123;&#10; cpu &#61; number&#10; memory_gb &#61; number&#10; storage_gb &#61; number&#10; min_count &#61; number&#10; max_count &#61; number&#10; &#125;&#10; &#41;&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; environment_size &#61; &#34;ENVIRONMENT_SIZE_SMALL&#34;&#10; software_config &#61; &#123;&#10; image_version &#61; &#34;composer-2-airflow-2&#34;&#10; &#125;&#10; workloads_config &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> | | [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> |
| [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_link &#61; string&#10; composer_secondary_ranges &#61; object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_link &#61; string&#10; composer_secondary_ranges &#61; object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L83) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L87) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L97) | Reagion where instances will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L101) | Reagion where instances will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [service_encryption_keys](variables.tf#L103) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | <code>map&#40;string&#41;</code> | | <code>null</code> | | [service_encryption_keys](variables.tf#L107) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | <code>map&#40;string&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

View File

@ -22,7 +22,6 @@ locals {
}, },
var.iam_groups_map var.iam_groups_map
) )
# Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account # Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
_shared_vpc_bindings = { _shared_vpc_bindings = {
"roles/compute.networkUser" = [ "roles/compute.networkUser" = [

View File

@ -76,8 +76,12 @@ variable "network_config" {
} }
variable "prefix" { variable "prefix" {
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -249,17 +249,17 @@ You can find examples in the `[demo](./demo)` folder.
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
| [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | <code>string</code> | ✓ | | | [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | <code>string</code> | ✓ | |
| [organization_domain](variables.tf#L98) | Organization domain. | <code>string</code> | ✓ | | | [organization_domain](variables.tf#L98) | Organization domain. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L103) | Unique prefix used for resource names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L103) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [composer_config](variables.tf#L22) | Cloud Composer config. | <code title="object&#40;&#123;&#10; node_count &#61; number&#10; airflow_version &#61; string&#10; env_variables &#61; map&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; node_count &#61; 3&#10; airflow_version &#61; &#34;composer-1-airflow-2&#34;&#10; env_variables &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | [composer_config](variables.tf#L22) | Cloud Composer config. | <code title="object&#40;&#123;&#10; node_count &#61; number&#10; airflow_version &#61; string&#10; env_variables &#61; map&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; node_count &#61; 3&#10; airflow_version &#61; &#34;composer-1-airflow-2&#34;&#10; env_variables &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code title="&#123;&#10; &#34;3_Confidential&#34; &#61; null&#10; &#34;2_Private&#34; &#61; null&#10; &#34;1_Sensitive&#34; &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> | | [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code title="&#123;&#10; &#34;3_Confidential&#34; &#61; null&#10; &#34;2_Private&#34; &#61; null&#10; &#34;1_Sensitive&#34; &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> | | [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
| [groups](variables.tf#L58) | User groups. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; data-analysts &#61; &#34;gcp-data-analysts&#34;&#10; data-engineers &#61; &#34;gcp-data-engineers&#34;&#10; data-security &#61; &#34;gcp-data-security&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [groups](variables.tf#L58) | User groups. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; data-analysts &#61; &#34;gcp-data-analysts&#34;&#10; data-engineers &#61; &#34;gcp-data-engineers&#34;&#10; data-security &#61; &#34;gcp-data-security&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [location](variables.tf#L68) | Location used for multi-regional resources. | <code>string</code> | | <code>&#34;eu&#34;</code> | | [location](variables.tf#L68) | Location used for multi-regional resources. | <code>string</code> | | <code>&#34;eu&#34;</code> |
| [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_links &#61; object&#40;&#123;&#10; load &#61; string&#10; transformation &#61; string&#10; orchestration &#61; string&#10; &#125;&#41;&#10; composer_ip_ranges &#61; object&#40;&#123;&#10; cloudsql &#61; string&#10; gke_master &#61; string&#10; web_server &#61; string&#10; &#125;&#41;&#10; composer_secondary_ranges &#61; object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_links &#61; object&#40;&#123;&#10; load &#61; string&#10; transformation &#61; string&#10; orchestration &#61; string&#10; &#125;&#41;&#10; composer_ip_ranges &#61; object&#40;&#123;&#10; cloudsql &#61; string&#10; gke_master &#61; string&#10; web_server &#61; string&#10; &#125;&#41;&#10; composer_secondary_ranges &#61; object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_services](variables.tf#L108) | List of core services enabled on all projects. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;cloudresourcemanager.googleapis.com&#34;,&#10; &#34;iam.googleapis.com&#34;,&#10; &#34;serviceusage.googleapis.com&#34;,&#10; &#34;stackdriver.googleapis.com&#34;&#10;&#93;">&#91;&#8230;&#93;</code> | | [project_services](variables.tf#L112) | List of core services enabled on all projects. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;cloudresourcemanager.googleapis.com&#34;,&#10; &#34;iam.googleapis.com&#34;,&#10; &#34;serviceusage.googleapis.com&#34;,&#10; &#34;stackdriver.googleapis.com&#34;&#10;&#93;">&#91;&#8230;&#93;</code> |
| [project_suffix](variables.tf#L119) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> | | [project_suffix](variables.tf#L123) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
| [region](variables.tf#L125) | Region used for regional resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L129) | Region used for regional resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [service_encryption_keys](variables.tf#L131) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object&#40;&#123;&#10; bq &#61; string&#10; composer &#61; string&#10; dataflow &#61; string&#10; storage &#61; string&#10; pubsub &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [service_encryption_keys](variables.tf#L135) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object&#40;&#123;&#10; bq &#61; string&#10; composer &#61; string&#10; dataflow &#61; string&#10; storage &#61; string&#10; pubsub &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

View File

@ -101,8 +101,12 @@ variable "organization_domain" {
} }
variable "prefix" { variable "prefix" {
description = "Unique prefix used for resource names." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_services" { variable "project_services" {

View File

@ -47,12 +47,12 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | | | [prefix](variables.tf#L22) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | | | [project_id](variables.tf#L40) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>&#34;EU&#34;</code> | | [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>&#34;EU&#34;</code> |
| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L31) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L41) | The region where resources will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L45) | The region where resources will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [vpc_config](variables.tf#L57) | Parameters to create a VPC. | <code title="object&#40;&#123;&#10; ip_cidr_range &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; ip_cidr_range &#61; &#34;10.0.0.0&#47;20&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [vpc_config](variables.tf#L61) | Parameters to create a VPC. | <code title="object&#40;&#123;&#10; ip_cidr_range &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; ip_cidr_range &#61; &#34;10.0.0.0&#47;20&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
## Outputs ## Outputs
@ -61,7 +61,7 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
| [bucket](outputs.tf#L15) | GCS Bucket URL. | | | [bucket](outputs.tf#L15) | GCS Bucket URL. | |
| [dataset](outputs.tf#L20) | GCS Bucket URL. | | | [dataset](outputs.tf#L20) | GCS Bucket URL. | |
| [notebook](outputs.tf#L25) | Vertex AI notebook details. | | | [notebook](outputs.tf#L25) | Vertex AI notebook details. | |
| [project](outputs.tf#L33) | Project id | | | [project](outputs.tf#L33) | Project id. | |
| [vpc](outputs.tf#L38) | VPC Network | | | [vpc](outputs.tf#L38) | VPC Network. | |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -32,6 +32,7 @@ module "project" {
"bigqueryreservation.googleapis.com", "bigqueryreservation.googleapis.com",
"composer.googleapis.com", "composer.googleapis.com",
"compute.googleapis.com", "compute.googleapis.com",
"dialogflow.googleapis.com",
"dataflow.googleapis.com", "dataflow.googleapis.com",
"ml.googleapis.com", "ml.googleapis.com",
"notebooks.googleapis.com", "notebooks.googleapis.com",
@ -113,7 +114,7 @@ module "bucket" {
module "dataset" { module "dataset" {
source = "../../../modules/bigquery-dataset" source = "../../../modules/bigquery-dataset"
project_id = module.project.project_id project_id = module.project.project_id
id = "${var.prefix}_data" id = "${replace(var.prefix, "-", "_")}_data"
encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key
} }
@ -133,6 +134,7 @@ module "service-account-notebook" {
"roles/bigquery.jobUser", "roles/bigquery.jobUser",
"roles/bigquery.dataEditor", "roles/bigquery.dataEditor",
"roles/bigquery.user", "roles/bigquery.user",
"roles/dialogflow.client",
"roles/storage.admin", "roles/storage.admin",
] ]
} }
@ -152,7 +154,7 @@ resource "google_notebooks_instance" "playground" {
install_gpu_driver = true install_gpu_driver = true
boot_disk_type = "PD_SSD" boot_disk_type = "PD_SSD"
boot_disk_size_gb = 110 boot_disk_size_gb = 110
disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : "GMEK" disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : null
kms_key = try(local.service_encryption_keys.compute, null) kms_key = try(local.service_encryption_keys.compute, null)
no_public_ip = true no_public_ip = true

View File

@ -31,11 +31,11 @@ output "notebook" {
} }
output "project" { output "project" {
description = "Project id" description = "Project id."
value = module.project.project_id value = module.project.project_id
} }
output "vpc" { output "vpc" {
description = "VPC Network" description = "VPC Network."
value = module.vpc.name value = module.vpc.name
} }

View File

@ -20,12 +20,16 @@ variable "location" {
} }
variable "prefix" { variable "prefix" {
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {
description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id" description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id."
type = object({ type = object({
billing_account_id = string billing_account_id = string
parent = string parent = string

View File

@ -193,14 +193,14 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | | | [prefix](variables.tf#L36) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L50) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | | | [project_id](variables.tf#L54) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | <code>bool</code> | | <code>false</code> | | [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | <code>bool</code> | | <code>false</code> |
| [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; subnet_self_link &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; subnet_self_link &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L41) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L45) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L55) | The region where resources will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L59) | The region where resources will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [vpc_subnet_range](variables.tf#L61) | Ip range used for the VPC subnet created for the example. | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> | | [vpc_subnet_range](variables.tf#L65) | Ip range used for the VPC subnet created for the example. | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> |
## Outputs ## Outputs

View File

@ -34,8 +34,12 @@ variable "network_config" {
} }
variable "prefix" { variable "prefix" {
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -35,37 +35,37 @@ and to `C:\GcpSetupLog.txt` file.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | <code>string</code> | ✓ | | | [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN). | <code>string</code> | ✓ | |
| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | <code>string</code> | ✓ | | | [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS). | <code>string</code> | ✓ | |
| [network](variables.tf#L90) | Network to use in the project | <code>string</code> | ✓ | | | [network](variables.tf#L90) | Network to use in the project. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L128) | Google Cloud project ID | <code>string</code> | ✓ | | | [prefix](variables.tf#L113) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | <code>string</code> | ✓ | | | [project_id](variables.tf#L131) | Google Cloud project ID. | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | <code>string</code> | ✓ | | | [sql_admin_password](variables.tf#L148) | Password for the SQL admin user to be created. | <code>string</code> | ✓ | |
| [always_on_groups](variables.tf#L33) | List of Always On Groups | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;bookshelf&#34;&#93;</code> | | [subnetwork](variables.tf#L163) | Subnetwork to use in the project. | <code>string</code> | ✓ | |
| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | <code>number</code> | | <code>50</code> | | [always_on_groups](variables.tf#L33) | List of Always On Groups. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;bookshelf&#34;&#93;</code> |
| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | <code>string</code> | | <code>&#34;cluster&#34;</code> | | [boot_disk_size](variables.tf#L39) | Boot disk size in GB. | <code>number</code> | | <code>50</code> |
| [data_disk_size](variables.tf#L51) | Database disk size in GB | <code>number</code> | | <code>200</code> | | [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix). | <code>string</code> | | <code>&#34;cluster&#34;</code> |
| [health_check_config](variables.tf#L57) | Health check configuration | <code title="object&#40;&#123; check_interval_sec &#61; number,&#10; healthy_threshold &#61; number,&#10; unhealthy_threshold &#61; number,&#10; timeout_sec &#61; number,&#10;&#125;&#41;">&#8230;</code> | | <code title="&#123;&#10; check_interval_sec &#61; 2&#10; healthy_threshold &#61; 1&#10; unhealthy_threshold &#61; 2&#10; timeout_sec &#61; 1&#10;&#125;">&#123;&#8230;&#125;</code> | | [data_disk_size](variables.tf#L51) | Database disk size in GB. | <code>number</code> | | <code>200</code> |
| [health_check_port](variables.tf#L72) | Health check port | <code>number</code> | | <code>59997</code> | | [health_check_config](variables.tf#L57) | Health check configuration. | <code title="object&#40;&#123; check_interval_sec &#61; number,&#10; healthy_threshold &#61; number,&#10; unhealthy_threshold &#61; number,&#10; timeout_sec &#61; number,&#10;&#125;&#41;">&#8230;</code> | | <code title="&#123;&#10; check_interval_sec &#61; 2&#10; healthy_threshold &#61; 1&#10; unhealthy_threshold &#61; 2&#10; timeout_sec &#61; 1&#10;&#125;">&#123;&#8230;&#125;</code> |
| [health_check_ranges](variables.tf#L78) | Health check ranges | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;35.191.0.0&#47;16&#34;, &#34;209.85.152.0&#47;22&#34;, &#34;209.85.204.0&#47;22&#34;&#93;</code> | | [health_check_port](variables.tf#L72) | Health check port. | <code>number</code> | | <code>59997</code> |
| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | <code>string</code> | | <code>&#34;&#34;</code> | | [health_check_ranges](variables.tf#L78) | Health check ranges. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;35.191.0.0&#47;16&#34;, &#34;209.85.152.0&#47;22&#34;, &#34;209.85.204.0&#47;22&#34;&#93;</code> |
| [node_image](variables.tf#L95) | SQL Server node machine image | <code>string</code> | | <code>&#34;projects&#47;windows-sql-cloud&#47;global&#47;images&#47;family&#47;sql-ent-2019-win-2019&#34;</code> | | [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com). | <code>string</code> | | <code>&#34;&#34;</code> |
| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | <code>string</code> | | <code>&#34;n2-standard-8&#34;</code> | | [node_image](variables.tf#L95) | SQL Server node machine image. | <code>string</code> | | <code>&#34;projects&#47;windows-sql-cloud&#47;global&#47;images&#47;family&#47;sql-ent-2019-win-2019&#34;</code> |
| [node_name](variables.tf#L107) | Node base name | <code>string</code> | | <code>&#34;node&#34;</code> | | [node_instance_type](variables.tf#L101) | SQL Server database node instance type. | <code>string</code> | | <code>&#34;n2-standard-8&#34;</code> |
| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | <code>string</code> | | <code>&#34;aog&#34;</code> | | [node_name](variables.tf#L107) | Node base name. | <code>string</code> | | <code>&#34;node&#34;</code> |
| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L122) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L133) | Region for resources | <code>string</code> | | <code>&#34;europe-west4&#34;</code> | | [region](variables.tf#L136) | Region for resources. | <code>string</code> | | <code>&#34;europe-west4&#34;</code> |
| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | <code>string</code> | | <code>null</code> | | [shared_vpc_project_id](variables.tf#L142) | Shared VPC project ID for firewall rules. | <code>string</code> | | <code>null</code> |
| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;0.0.0.0&#47;0&#34;&#93;</code> | | [sql_client_cidrs](variables.tf#L157) | CIDR ranges that are allowed to connect to SQL Server. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;0.0.0.0&#47;0&#34;&#93;</code> |
| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> | | [vpc_ip_cidr_range](variables.tf#L168) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> |
| [witness_image](variables.tf#L171) | SQL Server witness machine image | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2019&#34;</code> | | [witness_image](variables.tf#L174) | SQL Server witness machine image. | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2019&#34;</code> |
| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | <code>string</code> | | <code>&#34;n2-standard-2&#34;</code> | | [witness_instance_type](variables.tf#L180) | SQL Server witness node instance type. | <code>string</code> | | <code>&#34;n2-standard-2&#34;</code> |
| [witness_name](variables.tf#L183) | Witness base name | <code>string</code> | | <code>&#34;witness&#34;</code> | | [witness_name](variables.tf#L186) | Witness base name. | <code>string</code> | | <code>&#34;witness&#34;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [instructions](outputs.tf#L19) | | | | [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -30,8 +30,8 @@ locals {
managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : "" managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : ""
health_check_port = var.health_check_port health_check_port = var.health_check_port
sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1] sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1]
cluster_ip = module.ip-addresses.internal_addresses["${local.prefix}cluster"].address cluster_ip = module.ip-addresses.internal_addresses["${var.prefix}-cluster"].address
loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${local.prefix}lb-${aog}"].address }) loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${var.prefix}-lb-${aog}"].address })
sql_cluster_name = local.cluster_netbios_name sql_cluster_name = local.cluster_netbios_name
sql_cluster_full = local.cluster_full_name sql_cluster_full = local.cluster_full_name
node_netbios_1 = local.node_netbios_names[0] node_netbios_1 = local.node_netbios_names[0]
@ -43,7 +43,7 @@ locals {
_template_vars = merge(local._template_vars0, { _template_vars = merge(local._template_vars0, {
functions = local._functions functions = local._functions
}) })
_user_name = "${local.prefix}sqlserver" _user_name = "${var.prefix}-sqlserver"
scripts = { scripts = {
for script in local._scripts : for script in local._scripts :
script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars) script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars)

View File

@ -14,14 +14,14 @@
locals { locals {
ad_user_password_secret = "${local.cluster_full_name}-password" ad_user_password_secret = "${local.cluster_full_name}-password"
cluster_full_name = "${local.prefix}${var.cluster_name}" cluster_full_name = "${var.prefix}-${var.cluster_name}"
cluster_netbios_name = ( cluster_netbios_name = (
length(local.cluster_full_name) > 15 length(local.cluster_full_name) > 15
? substr(local.cluster_full_name, 0, 15) ? substr(local.cluster_full_name, 0, 15)
: local.cluster_full_name : local.cluster_full_name
) )
network = module.vpc.self_link network = module.vpc.self_link
node_base = "${local.prefix}${var.node_name}" node_base = "${var.prefix}-${var.node_name}"
node_prefix = ( node_prefix = (
length(local.node_base) > 12 length(local.node_base) > 12
? substr(local.node_base, 0, 12) ? substr(local.node_base, 0, 12)
@ -39,7 +39,6 @@ locals {
(local.witness_netbios_name) = local.zones[length(local.zones) - 1] (local.witness_netbios_name) = local.zones[length(local.zones) - 1]
} }
) )
prefix = var.prefix != "" ? "${var.prefix}-" : ""
subnetwork = ( subnetwork = (
var.project_create != null var.project_create != null
? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"] ? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"]
@ -50,7 +49,7 @@ locals {
? var.shared_vpc_project_id ? var.shared_vpc_project_id
: module.project.project_id : module.project.project_id
) )
witness_name = "${local.prefix}${var.witness_name}" witness_name = "${var.prefix}-${var.witness_name}"
witness_netbios_name = ( witness_netbios_name = (
length(local.witness_name) > 15 length(local.witness_name) > 15
? substr(local.witness_name, 0, 15) ? substr(local.witness_name, 0, 15)

View File

@ -17,7 +17,8 @@ locals {
} }
output "instructions" { output "instructions" {
value = <<EOF description = "List of steps to follow after applying."
value = <<EOF
Log-in to all 3 instances with Administrator credentials and run the following PowerShell command: Log-in to all 3 instances with Administrator credentials and run the following PowerShell command:
Add-Computer -Domain ${var.ad_domain_fqdn} -Restart Add-Computer -Domain ${var.ad_domain_fqdn} -Restart
@ -28,4 +29,4 @@ output "instructions" {
Follow the instructions from here: https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group Follow the instructions from here: https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group
Use the following listener IP addresses for: ${join(", ", local.loadbalancer_outputs)} Use the following listener IP addresses for: ${join(", ", local.loadbalancer_outputs)}
EOF EOF
} }

View File

@ -19,7 +19,7 @@
module "compute-service-account" { module "compute-service-account" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = var.project_id project_id = var.project_id
name = format("%swsfc", local.prefix) name = "${var.prefix}-wsfc"
iam_project_roles = { iam_project_roles = {
(var.project_id) = [ (var.project_id) = [
@ -35,7 +35,7 @@ module "compute-service-account" {
module "witness-service-account" { module "witness-service-account" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = var.project_id project_id = var.project_id
name = format("%swsfc-witness", local.prefix) name = "${var.prefix}-wsfc-witness"
iam_project_roles = { iam_project_roles = {
(var.project_id) = [ (var.project_id) = [

View File

@ -13,7 +13,7 @@
# limitations under the License. # limitations under the License.
variable "ad_domain_fqdn" { variable "ad_domain_fqdn" {
description = "Active Directory domain (FQDN)" description = "Active Directory domain (FQDN)."
type = string type = string
validation { validation {
condition = length(var.ad_domain_fqdn) > 0 condition = length(var.ad_domain_fqdn) > 0
@ -22,7 +22,7 @@ variable "ad_domain_fqdn" {
} }
variable "ad_domain_netbios" { variable "ad_domain_netbios" {
description = "Active Directory domain (NetBIOS)" description = "Active Directory domain (NetBIOS)."
type = string type = string
validation { validation {
condition = length(var.ad_domain_netbios) > 0 condition = length(var.ad_domain_netbios) > 0
@ -31,31 +31,31 @@ variable "ad_domain_netbios" {
} }
variable "always_on_groups" { variable "always_on_groups" {
description = "List of Always On Groups" description = "List of Always On Groups."
type = list(string) type = list(string)
default = ["bookshelf"] default = ["bookshelf"]
} }
variable "boot_disk_size" { variable "boot_disk_size" {
description = "Boot disk size in GB" description = "Boot disk size in GB."
type = number type = number
default = 50 default = 50
} }
variable "cluster_name" { variable "cluster_name" {
description = "Cluster name (prepended with prefix)" description = "Cluster name (prepended with prefix)."
type = string type = string
default = "cluster" default = "cluster"
} }
variable "data_disk_size" { variable "data_disk_size" {
description = "Database disk size in GB" description = "Database disk size in GB."
type = number type = number
default = 200 default = 200
} }
variable "health_check_config" { variable "health_check_config" {
description = "Health check configuration" description = "Health check configuration."
type = object({ check_interval_sec = number, type = object({ check_interval_sec = number,
healthy_threshold = number, healthy_threshold = number,
unhealthy_threshold = number, unhealthy_threshold = number,
@ -70,50 +70,53 @@ variable "health_check_config" {
} }
variable "health_check_port" { variable "health_check_port" {
description = "Health check port" description = "Health check port."
type = number type = number
default = 59997 default = 59997
} }
variable "health_check_ranges" { variable "health_check_ranges" {
description = "Health check ranges" description = "Health check ranges."
type = list(string) type = list(string)
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
} }
variable "managed_ad_dn" { variable "managed_ad_dn" {
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)" description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)."
type = string type = string
default = "" default = ""
} }
variable "network" { variable "network" {
description = "Network to use in the project" description = "Network to use in the project."
type = string type = string
} }
variable "node_image" { variable "node_image" {
description = "SQL Server node machine image" description = "SQL Server node machine image."
type = string type = string
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
} }
variable "node_instance_type" { variable "node_instance_type" {
description = "SQL Server database node instance type" description = "SQL Server database node instance type."
type = string type = string
default = "n2-standard-8" default = "n2-standard-8"
} }
variable "node_name" { variable "node_name" {
description = "Node base name" description = "Node base name."
type = string type = string
default = "node" default = "node"
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for resources (for multiple clusters in a project)" description = "Prefix used for resource names."
type = string type = string
default = "aog" validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {
@ -126,24 +129,24 @@ variable "project_create" {
} }
variable "project_id" { variable "project_id" {
description = "Google Cloud project ID" description = "Google Cloud project ID."
type = string type = string
} }
variable "region" { variable "region" {
description = "Region for resources" description = "Region for resources."
type = string type = string
default = "europe-west4" default = "europe-west4"
} }
variable "shared_vpc_project_id" { variable "shared_vpc_project_id" {
description = "Shared VPC project ID for firewall rules" description = "Shared VPC project ID for firewall rules."
type = string type = string
default = null default = null
} }
variable "sql_admin_password" { variable "sql_admin_password" {
description = "Password for the SQL admin user to be created" description = "Password for the SQL admin user to be created."
type = string type = string
validation { validation {
condition = length(var.sql_admin_password) > 0 condition = length(var.sql_admin_password) > 0
@ -152,13 +155,13 @@ variable "sql_admin_password" {
} }
variable "sql_client_cidrs" { variable "sql_client_cidrs" {
description = "CIDR ranges that are allowed to connect to SQL Server" description = "CIDR ranges that are allowed to connect to SQL Server."
type = list(string) type = list(string)
default = ["0.0.0.0/0"] default = ["0.0.0.0/0"]
} }
variable "subnetwork" { variable "subnetwork" {
description = "Subnetwork to use in the project" description = "Subnetwork to use in the project."
type = string type = string
} }
@ -169,19 +172,19 @@ variable "vpc_ip_cidr_range" {
} }
variable "witness_image" { variable "witness_image" {
description = "SQL Server witness machine image" description = "SQL Server witness machine image."
type = string type = string
default = "projects/windows-cloud/global/images/family/windows-2019" default = "projects/windows-cloud/global/images/family/windows-2019"
} }
variable "witness_instance_type" { variable "witness_instance_type" {
description = "SQL Server witness node instance type" description = "SQL Server witness node instance type."
type = string type = string
default = "n2-standard-2" default = "n2-standard-2"
} }
variable "witness_name" { variable "witness_name" {
description = "Witness base name" description = "Witness base name."
type = string type = string
default = "witness" default = "witness"
} }

View File

@ -19,7 +19,7 @@ locals {
local.listeners, local.listeners,
local.node_ips, local.node_ips,
{ {
"${local.prefix}cluster" = { "${var.prefix}-cluster" = {
region = var.region region = var.region
subnetwork = local.subnetwork subnetwork = local.subnetwork
} }
@ -34,7 +34,7 @@ locals {
k => v.address k => v.address
} }
listeners = { listeners = {
for aog in var.always_on_groups : "${local.prefix}lb-${aog}" => { for aog in var.always_on_groups : "${var.prefix}-lb-${aog}" => {
region = var.region region = var.region
subnetwork = local.subnetwork subnetwork = local.subnetwork
} }
@ -83,7 +83,7 @@ module "firewall" {
disabled = true disabled = true
} }
ingress_rules = { ingress_rules = {
"${local.prefix}allow-all-between-wsfc-nodes" = { "${var.prefix}-allow-all-between-wsfc-nodes" = {
description = "Allow all between WSFC nodes" description = "Allow all between WSFC nodes"
sources = [module.compute-service-account.email] sources = [module.compute-service-account.email]
targets = [module.compute-service-account.email] targets = [module.compute-service-account.email]
@ -94,7 +94,7 @@ module "firewall" {
{ protocol = "icmp" } { protocol = "icmp" }
] ]
} }
"${local.prefix}allow-all-between-wsfc-witness" = { "${var.prefix}-allow-all-between-wsfc-witness" = {
description = "Allow all between WSFC witness nodes" description = "Allow all between WSFC witness nodes"
sources = [module.compute-service-account.email] sources = [module.compute-service-account.email]
targets = [module.witness-service-account.email] targets = [module.witness-service-account.email]
@ -105,7 +105,7 @@ module "firewall" {
{ protocol = "icmp" } { protocol = "icmp" }
] ]
} }
"${local.prefix}allow-sql-to-wsfc-nodes" = { "${var.prefix}-allow-sql-to-wsfc-nodes" = {
description = "Allow SQL connections to WSFC nodes" description = "Allow SQL connections to WSFC nodes"
targets = [module.compute-service-account.email] targets = [module.compute-service-account.email]
ranges = var.sql_client_cidrs ranges = var.sql_client_cidrs
@ -114,7 +114,7 @@ module "firewall" {
{ protocol = "tcp", ports = [1433] }, { protocol = "tcp", ports = [1433] },
] ]
} }
"${local.prefix}allow-health-check-to-wsfc-nodes" = { "${var.prefix}-allow-health-check-to-wsfc-nodes" = {
description = "Allow health checks to WSFC nodes" description = "Allow health checks to WSFC nodes"
targets = [module.compute-service-account.email] targets = [module.compute-service-account.email]
ranges = var.health_check_ranges ranges = var.health_check_ranges
@ -139,7 +139,7 @@ module "listener-ilb" {
region = var.region region = var.region
name = "${var.prefix}-${each.value}-ilb" name = "${var.prefix}-${each.value}-ilb"
service_label = "${var.prefix}-${each.value}-ilb" service_label = "${var.prefix}-${each.value}-ilb"
address = local.internal_address_ips["${local.prefix}lb-${each.value}"] address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
vpc_config = { vpc_config = {
network = local.network network = local.network
subnetwork = local.subnetwork subnetwork = local.subnetwork

View File

@ -73,7 +73,7 @@ deletion_protection: bool # not required, defaults to false
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L17) | Project ID | <code>string</code> | ✓ | | | [project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ | |
| [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | | | [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | |
| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | | | [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |

View File

@ -15,7 +15,7 @@
*/ */
variable "project_id" { variable "project_id" {
description = "Project ID" description = "Project ID."
type = string type = string
} }

View File

@ -1,6 +1,6 @@
# Google Cloud VPC Firewall Factory # Google Cloud VPC Firewall Factory
This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files.
Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL. Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL.
@ -79,10 +79,10 @@ rule-name: # descriptive name, naming convention is adjusted by the module
destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule
- 0.0.0.0/0 - 0.0.0.0/0
source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule
source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, can not be specified together with `source_tags` or `target_tags` source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags`
- myapp@myproject-id.iam.gserviceaccount.com - myapp@myproject-id.iam.gserviceaccount.com
target_tags: ['some-tag'] # list of target tags target_tags: ['some-tag'] # list of target tags
target_service_accounts: # list of target service accounts, , can not be specified together with `source_tags` or `target_tags` target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags`
- myapp@myproject-id.iam.gserviceaccount.com - myapp@myproject-id.iam.gserviceaccount.com
``` ```

View File

@ -69,6 +69,7 @@ module "projects" {
kms_service_agents = try(each.value.kms, {}) kms_service_agents = try(each.value.kms, {})
labels = try(each.value.labels, {}) labels = try(each.value.labels, {})
org_policies = try(each.value.org_policies, {}) org_policies = try(each.value.org_policies, {})
prefix = each.value.prefix
service_accounts = try(each.value.service_accounts, {}) service_accounts = try(each.value.service_accounts, {})
services = try(each.value.services, []) services = try(each.value.services, [])
service_identities_iam = try(each.value.service_identities_iam, {}) service_identities_iam = try(each.value.service_identities_iam, {})
@ -109,9 +110,9 @@ vpc_host_project: project-example-host-project
# [opt] Billing account id - overrides default if set # [opt] Billing account id - overrides default if set
billing_account_id: 012345-67890A-BCDEF0 billing_account_id: 012345-67890A-BCDEF0
# [opt] Billing alerts config - overrides default if set # [opt] Billing alerts config - overrides default if set
billing_alert: billing_alert:
amount: 10 amount: 10
thresholds: thresholds:
current: current:
@ -119,42 +120,42 @@ billing_alert:
- 0.8 - 0.8
forecasted: [] forecasted: []
# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults # [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults
dns_zones: dns_zones:
- lorem - lorem
- ipsum - ipsum
# [opt] Contacts for billing alerts and important notifications # [opt] Contacts for billing alerts and important notifications
essential_contacts: essential_contacts:
- team-a-contacts@example.com - team-a-contacts@example.com
# Folder the project will be created as children of # Folder the project will be created as children of
folder_id: folders/012345678901 folder_id: folders/012345678901
# [opt] Authoritative IAM bindings in group => [roles] format # [opt] Authoritative IAM bindings in group => [roles] format
group_iam: group_iam:
test-team-foobar@fast-lab-0.gcp-pso-italy.net: test-team-foobar@fast-lab-0.gcp-pso-italy.net:
- roles/compute.admin - roles/compute.admin
# [opt] Authoritative IAM bindings in role => [principals] format # [opt] Authoritative IAM bindings in role => [principals] format
# Generally used to grant roles to service accounts external to the project # Generally used to grant roles to service accounts external to the project
iam: iam:
roles/compute.admin: roles/compute.admin:
- serviceAccount:service-account - serviceAccount:service-account
# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter # [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter
# in service => [keys] format # in service => [keys] format
kms_service_agents: kms_service_agents:
compute: [key1, key2] compute: [key1, key2]
storage: [key1, key2] storage: [key1, key2]
# [opt] Labels for the project - merged with the ones defined in defaults # [opt] Labels for the project - merged with the ones defined in defaults
labels: labels:
environment: prod environment: prod
# [opt] Org policy overrides defined at project level # [opt] Org policy overrides defined at project level
org_policies: org_policies:
constraints/compute.disableGuestAttributesAccess: constraints/compute.disableGuestAttributesAccess:
enforce: true enforce: true
constraints/compute.trustedImageProjects: constraints/compute.trustedImageProjects:
allow: allow:
@ -166,7 +167,7 @@ org_policies:
# [opt] Service account to create for the project and their roles on the project # [opt] Service account to create for the project and their roles on the project
# in name => [roles] format # in name => [roles] format
service_accounts: service_accounts:
another-service-account: another-service-account:
- roles/compute.admin - roles/compute.admin
my-service-account: my-service-account:
@ -179,37 +180,37 @@ service_accounts_iam:
- roles/iam.serviceAccountTokenCreator: - roles/iam.serviceAccountTokenCreator:
- group: app-team-1@example.com - group: app-team-1@example.com
# [opt] APIs to enable on the project. # [opt] APIs to enable on the project.
services: services:
- storage.googleapis.com - storage.googleapis.com
- stackdriver.googleapis.com - stackdriver.googleapis.com
- compute.googleapis.com - compute.googleapis.com
# [opt] Roles to assign to the robots service accounts in robot => [roles] format # [opt] Roles to assign to the robots service accounts in robot => [roles] format
services_iam: services_iam:
compute: compute:
- roles/storage.objectViewer - roles/storage.objectViewer
# [opt] VPC setup. # [opt] VPC setup.
# If set enables the `compute.googleapis.com` service and configures # If set enables the `compute.googleapis.com` service and configures
# service project attachment # service project attachment
vpc: vpc:
# [opt] If set, enables the container API # [opt] If set, enables the container API
gke_setup: gke_setup:
# Grants "roles/container.hostServiceAgentUser" to the container robot if set # Grants "roles/container.hostServiceAgentUser" to the container robot if set
enable_host_service_agent: false enable_host_service_agent: false
# Grants "roles/compute.securityAdmin" to the container robot if set # Grants "roles/compute.securityAdmin" to the container robot if set
enable_security_admin: true enable_security_admin: true
# Host project the project will be service project of # Host project the project will be service project of
host_project: fast-prod-net-spoke-0 host_project: fast-prod-net-spoke-0
# [opt] Subnets in the host project where principals will be granted networkUser # [opt] Subnets in the host project where principals will be granted networkUser
# in region/subnet-name => [principals] # in region/subnet-name => [principals]
subnets_iam: subnets_iam:
europe-west1/prod-default-ew1: europe-west1/prod-default-ew1:
- user:foobar@example.com - user:foobar@example.com
- serviceAccount:service-account1@my-project.iam.gserviceaccount.com - serviceAccount:service-account1@my-project.iam.gserviceaccount.com
@ -221,7 +222,8 @@ vpc:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L157) | Project id. | <code>string</code> | ✓ | | | [prefix](variables.tf#L151) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L160) | Project id. | <code>string</code> | ✓ | |
| [billing_alert](variables.tf#L22) | Billing alert configuration. | <code title="object&#40;&#123;&#10; amount &#61; number&#10; thresholds &#61; object&#40;&#123;&#10; current &#61; list&#40;number&#41;&#10; forecasted &#61; list&#40;number&#41;&#10; &#125;&#41;&#10; credit_treatment &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [billing_alert](variables.tf#L22) | Billing alert configuration. | <code title="object&#40;&#123;&#10; amount &#61; number&#10; thresholds &#61; object&#40;&#123;&#10; current &#61; list&#40;number&#41;&#10; forecasted &#61; list&#40;number&#41;&#10; &#125;&#41;&#10; credit_treatment &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [defaults](variables.tf#L35) | Project factory default values. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; billing_alert &#61; object&#40;&#123;&#10; amount &#61; number&#10; thresholds &#61; object&#40;&#123;&#10; current &#61; list&#40;number&#41;&#10; forecasted &#61; list&#40;number&#41;&#10; &#125;&#41;&#10; credit_treatment &#61; string&#10; &#125;&#41;&#10; environment_dns_zone &#61; string&#10; essential_contacts &#61; list&#40;string&#41;&#10; labels &#61; map&#40;string&#41;&#10; notification_channels &#61; list&#40;string&#41;&#10; shared_vpc_self_link &#61; string&#10; vpc_host_project &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [defaults](variables.tf#L35) | Project factory default values. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; billing_alert &#61; object&#40;&#123;&#10; amount &#61; number&#10; thresholds &#61; object&#40;&#123;&#10; current &#61; list&#40;number&#41;&#10; forecasted &#61; list&#40;number&#41;&#10; &#125;&#41;&#10; credit_treatment &#61; string&#10; &#125;&#41;&#10; environment_dns_zone &#61; string&#10; essential_contacts &#61; list&#40;string&#41;&#10; labels &#61; map&#40;string&#41;&#10; notification_channels &#61; list&#40;string&#41;&#10; shared_vpc_self_link &#61; string&#10; vpc_host_project &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
@ -234,21 +236,20 @@ vpc:
| [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L105) | Labels to be assigned at project level. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | | [labels](variables.tf#L105) | Labels to be assigned at project level. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [org_policies](variables.tf#L111) | Org-policy overrides at project level. | <code title="map&#40;object&#40;&#123;&#10; inherit_from_parent &#61; optional&#40;bool&#41; &#35; for list policies only.&#10; reset &#61; optional&#40;bool&#41;&#10; allow &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; deny &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; enforce &#61; optional&#40;bool, true&#41; &#35; for boolean policies only.&#10; rules &#61; optional&#40;list&#40;object&#40;&#123;&#10; allow &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; deny &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; enforce &#61; optional&#40;bool, true&#41; &#35; for boolean policies only.&#10; condition &#61; object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; expression &#61; optional&#40;string&#41;&#10; location &#61; optional&#40;string&#41;&#10; title &#61; optional&#40;string&#41;&#10; &#125;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [org_policies](variables.tf#L111) | Org-policy overrides at project level. | <code title="map&#40;object&#40;&#123;&#10; inherit_from_parent &#61; optional&#40;bool&#41; &#35; for list policies only.&#10; reset &#61; optional&#40;bool&#41;&#10; allow &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; deny &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; enforce &#61; optional&#40;bool, true&#41; &#35; for boolean policies only.&#10; rules &#61; optional&#40;list&#40;object&#40;&#123;&#10; allow &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; deny &#61; optional&#40;object&#40;&#123;&#10; all &#61; optional&#40;bool&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; enforce &#61; optional&#40;bool, true&#41; &#35; for boolean policies only.&#10; condition &#61; object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; expression &#61; optional&#40;string&#41;&#10; location &#61; optional&#40;string&#41;&#10; title &#61; optional&#40;string&#41;&#10; &#125;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [prefix](variables.tf#L151) | Prefix used for the project id. | <code>string</code> | | <code>null</code> | | [service_accounts](variables.tf#L165) | Service accounts to be created, and roles assigned them on the project. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_accounts](variables.tf#L162) | Service accounts to be created, and roles assigned them on the project. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_accounts_additive](variables.tf#L171) | Service accounts to be created, and roles assigned them on the project additively. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_accounts_iam](variables.tf#L177) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_accounts_iam_additive](variables.tf#L184) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_identities_iam](variables.tf#L191) | Custom IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_identities_iam_additive](variables.tf#L198) | Custom additive IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [services](variables.tf#L205) | Services to be enabled for the project. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [services](variables.tf#L202) | Services to be enabled for the project. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [vpc](variables.tf#L212) | VPC configuration for the project. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; gke_setup &#61; object&#40;&#123;&#10; enable_security_admin &#61; bool&#10; enable_host_service_agent &#61; bool&#10; &#125;&#41;&#10; subnets_iam &#61; map&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [vpc](variables.tf#L209) | VPC configuration for the project. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; gke_setup &#61; object&#40;&#123;&#10; enable_security_admin &#61; bool&#10; enable_host_service_agent &#61; bool&#10; &#125;&#41;&#10; subnets_iam &#61; map&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [project](outputs.tf#L19) | The project resource as return by the `project` module | | | [project](outputs.tf#L19) | The project resource as return by the `project` module. | |
| [project_id](outputs.tf#L29) | Project ID. | | | [project_id](outputs.tf#L29) | Project ID. | |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -29,11 +29,7 @@ locals {
} }
_group_iam_bindings = distinct(flatten(values(var.group_iam))) _group_iam_bindings = distinct(flatten(values(var.group_iam)))
_group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive))) _group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive)))
_project_id = (
var.prefix == null || var.prefix == ""
? var.project_id
: "${var.prefix}-${var.project_id}"
)
_service_accounts_iam = { _service_accounts_iam = {
for r in local._service_accounts_iam_bindings : r => [ for r in local._service_accounts_iam_bindings : r => [
for k, v in var.service_accounts : for k, v in var.service_accounts :

View File

@ -17,7 +17,7 @@
# TODO(): proper outputs # TODO(): proper outputs
output "project" { output "project" {
description = "The project resource as return by the `project` module" description = "The project resource as return by the `project` module."
value = module.project value = module.project
depends_on = [ depends_on = [

View File

@ -25,4 +25,5 @@ labels:
# [opt] Additional notification channels for billing # [opt] Additional notification channels for billing
notification_channels: [] notification_channels: []
shared_vpc_self_link: projects/foo/networks/bar shared_vpc_self_link: projects/foo/networks/bar
prefix: test
vpc_host_project: vpc_host_project:

View File

@ -58,6 +58,9 @@ org_policies:
deny: deny:
all: true all: true
# [opt] Prefix - overrides default if set
prefix: test1
# [opt] Service account to create for the project and their roles on the project # [opt] Service account to create for the project and their roles on the project
# in name => [roles] format # in name => [roles] format
service_accounts: service_accounts:

View File

@ -149,9 +149,12 @@ variable "org_policies" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for the project id." description = "Prefix used for resource names."
type = string type = string
default = null validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_id" { variable "project_id" {
@ -172,14 +175,14 @@ variable "service_accounts_additive" {
} }
variable "service_accounts_iam" { variable "service_accounts_iam" {
description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}" description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}."
type = map(map(list(string))) type = map(map(list(string)))
default = {} default = {}
nullable = false nullable = false
} }
variable "service_accounts_iam_additive" { variable "service_accounts_iam_additive" {
description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}" description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}."
type = map(map(list(string))) type = map(map(list(string)))
default = {} default = {}
nullable = false nullable = false

View File

@ -107,15 +107,15 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L44) | Project ID. | <code>string</code> | ✓ | | | [prefix](variables.tf#L29) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L47) | Project ID. | <code>string</code> | ✓ | |
| [master_cidr_block](variables.tf#L17) | Master CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> | | [master_cidr_block](variables.tf#L17) | Master CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> |
| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | <code>string</code> | | <code>&#34;172.16.0.0&#47;20&#34;</code> | | [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | <code>string</code> | | <code>&#34;172.16.0.0&#47;20&#34;</code> |
| [prefix](variables.tf#L29) | Prefix for resources created. | <code>string</code> | | <code>null</code> | | [project_create](variables.tf#L38) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [region](variables.tf#L52) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [region](variables.tf#L49) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [services_cidr_block](variables.tf#L58) | Services CIDR block. | <code>string</code> | | <code>&#34;192.168.0.0&#47;24&#34;</code> |
| [services_cidr_block](variables.tf#L55) | Services CIDR block. | <code>string</code> | | <code>&#34;192.168.0.0&#47;24&#34;</code> | | [subnet_cidr_block](variables.tf#L64) | Subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;24&#34;</code> |
| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;24&#34;</code> | | [zone](variables.tf#L70) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
| [zone](variables.tf#L67) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
## Outputs ## Outputs

View File

@ -15,7 +15,6 @@
*/ */
locals { locals {
prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
k8s_ns = "apis" k8s_ns = "apis"
k8s_sa = "storage-api-sa" k8s_sa = "storage-api-sa"
image = ( image = (
@ -61,7 +60,7 @@ module "project" {
module "vpc" { module "vpc" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}vpc" name = "${var.prefix}-vpc"
subnets = [ subnets = [
{ {
ip_cidr_range = var.subnet_cidr_block ip_cidr_range = var.subnet_cidr_block
@ -79,14 +78,14 @@ module "nat" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}nat" name = "${var.prefix}-nat"
router_network = module.vpc.name router_network = module.vpc.name
} }
module "cluster" { module "cluster" {
source = "../../../modules/gke-cluster" source = "../../../modules/gke-cluster"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}cluster" name = "${var.prefix}-cluster"
location = var.zone location = var.zone
vpc_config = { vpc_config = {
master_ipv4_cidr_block = var.master_cidr_block master_ipv4_cidr_block = var.master_cidr_block
@ -174,7 +173,7 @@ module "docker_artifact_registry" {
project_id = module.project.project_id project_id = module.project.project_id
location = var.region location = var.region
format = "DOCKER" format = "DOCKER"
id = "${local.prefix}registry" id = "${var.prefix}-registry"
iam = { iam = {
"roles/artifactregistry.writer" = [module.image_cb_sa.iam_email] "roles/artifactregistry.writer" = [module.image_cb_sa.iam_email]
"roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email] "roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email]
@ -190,7 +189,7 @@ module "image_cb_sa" {
module "image_repo" { module "image_repo" {
source = "../../../modules/source-repository" source = "../../../modules/source-repository"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}image" name = "${var.prefix}-image"
triggers = { triggers = {
image-trigger = { image-trigger = {
filename = "cloudbuild.yaml" filename = "cloudbuild.yaml"
@ -222,7 +221,7 @@ module "app_cb_sa" {
module "app_repo" { module "app_repo" {
source = "../../../modules/source-repository" source = "../../../modules/source-repository"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}app" name = "${var.prefix}-app"
triggers = { triggers = {
app-trigger = { app-trigger = {
filename = "cloudbuild.yaml" filename = "cloudbuild.yaml"

View File

@ -27,9 +27,12 @@ variable "pods_cidr_block" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix for resources created." description = "Prefix used for resource names."
type = string type = string
default = null validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -69,8 +69,8 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [mgmt_project_id](variables.tf#L63) | Management Project ID. | <code>string</code> | ✓ | | | [mgmt_project_id](variables.tf#L63) | Management Project ID. | <code>string</code> | ✓ | |
| [parent](variables.tf#L94) | Parent. | <code>string</code> | ✓ | | | [parent](variables.tf#L94) | Parent. | <code>string</code> | ✓ | |
| [clusters_config](variables.tf#L22) | Clusters configuration. | <code title="map&#40;object&#40;&#123;&#10; subnet_cidr_block &#61; string&#10; master_cidr_block &#61; string&#10; services_cidr_block &#61; string&#10; pods_cidr_block &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; cluster-a &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.1.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.0&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.1.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.0.0&#47;20&#34;&#10; &#125;&#10; cluster-b &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.2.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.16&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.2.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.16.0&#47;20&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | [clusters_config](variables.tf#L22) | Clusters configuration. | <code title="map&#40;object&#40;&#123;&#10; subnet_cidr_block &#61; string&#10; master_cidr_block &#61; string&#10; services_cidr_block &#61; string&#10; pods_cidr_block &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; cluster-a &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.1.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.0&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.1.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.0.0&#47;20&#34;&#10; &#125;&#10; cluster-b &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.2.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.16&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.2.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.16.0&#47;20&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [istio_version](variables.tf#L57) | ASM version | <code>string</code> | | <code>&#34;1.14.1-asm.3&#34;</code> | | [istio_version](variables.tf#L57) | ASM version. | <code>string</code> | | <code>&#34;1.14.1-asm.3&#34;</code> |
| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | <code title="object&#40;&#123;&#10; disk_size &#61; number&#10; disk_type &#61; string&#10; image &#61; string&#10; instance_type &#61; string&#10; region &#61; string&#10; zone &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disk_size &#61; 50&#10; disk_type &#61; &#34;pd-ssd&#34;&#10; image &#61; &#34;projects&#47;ubuntu-os-cloud&#47;global&#47;images&#47;family&#47;ubuntu-2204-lts&#34;&#10; instance_type &#61; &#34;n1-standard-2&#34;&#10; region &#61; &#34;europe-west1&#34;&#10; zone &#61; &#34;europe-west1-c&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [mgmt_server_config](variables.tf#L68) | Mgmt server configuration. | <code title="object&#40;&#123;&#10; disk_size &#61; number&#10; disk_type &#61; string&#10; image &#61; string&#10; instance_type &#61; string&#10; region &#61; string&#10; zone &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disk_size &#61; 50&#10; disk_type &#61; &#34;pd-ssd&#34;&#10; image &#61; &#34;projects&#47;ubuntu-os-cloud&#47;global&#47;images&#47;family&#47;ubuntu-2204-lts&#34;&#10; instance_type &#61; &#34;n1-standard-2&#34;&#10; region &#61; &#34;europe-west1&#34;&#10; zone &#61; &#34;europe-west1-c&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> | | [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> |
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L99) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |

View File

@ -55,7 +55,7 @@ variable "host_project_id" {
variable "istio_version" { variable "istio_version" {
description = "ASM version" description = "ASM version."
type = string type = string
default = "1.14.1-asm.3" default = "1.14.1-asm.3"
} }
@ -66,7 +66,7 @@ variable "mgmt_project_id" {
} }
variable "mgmt_server_config" { variable "mgmt_server_config" {
description = "Mgmt server configuration" description = "Mgmt server configuration."
type = object({ type = object({
disk_size = number disk_size = number
disk_type = string disk_type = string

View File

@ -247,9 +247,9 @@ module "gke" {
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
| [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | <code>string</code> | ✓ | | | [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L179) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L179) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L184) | ID of the project that will contain all the clusters. | <code>string</code> | ✓ | | | [project_id](variables.tf#L188) | ID of the project that will contain all the clusters. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L196) | Shared VPC project and VPC details. | <code title="object&#40;&#123;&#10; host_project_id &#61; string&#10; vpc_self_link &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [vpc_config](variables.tf#L200) | Shared VPC project and VPC details. | <code title="object&#40;&#123;&#10; host_project_id &#61; string&#10; vpc_self_link &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map&#40;object&#40;&#123;&#10; cluster_autoscaling &#61; optional&#40;any&#41;&#10; description &#61; optional&#40;string&#41;&#10; enable_addons &#61; optional&#40;any, &#123;&#10; horizontal_pod_autoscaling &#61; true, http_load_balancing &#61; true&#10; &#125;&#41;&#10; enable_features &#61; optional&#40;any, &#123;&#10; workload_identity &#61; true&#10; &#125;&#41;&#10; issue_client_certificate &#61; optional&#40;bool, false&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; location &#61; string&#10; logging_config &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; maintenance_config &#61; optional&#40;any, &#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10; &#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number, 110&#41;&#10; min_master_version &#61; optional&#40;string&#41;&#10; monitoring_config &#61; optional&#40;object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; private_cluster_config &#61; optional&#40;any&#41;&#10; release_channel &#61; optional&#40;string&#41;&#10; vpc_config &#61; object&#40;&#123;&#10; subnetwork &#61; string&#10; network &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map&#40;object&#40;&#123;&#10; cluster_autoscaling &#61; optional&#40;any&#41;&#10; description &#61; optional&#40;string&#41;&#10; enable_addons &#61; optional&#40;any, &#123;&#10; horizontal_pod_autoscaling &#61; true, http_load_balancing &#61; true&#10; &#125;&#41;&#10; enable_features &#61; optional&#40;any, &#123;&#10; workload_identity &#61; true&#10; &#125;&#41;&#10; issue_client_certificate &#61; optional&#40;bool, false&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; location &#61; string&#10; logging_config &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; maintenance_config &#61; optional&#40;any, &#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10; &#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number, 110&#41;&#10; min_master_version &#61; optional&#40;string&#41;&#10; monitoring_config &#61; optional&#40;object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; private_cluster_config &#61; optional&#40;any&#41;&#10; release_channel &#61; optional&#40;string&#41;&#10; vpc_config &#61; object&#40;&#123;&#10; subnetwork &#61; string&#10; network &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map&#40;object&#40;&#123;&#10; binauthz &#61; bool&#10; config_sync &#61; object&#40;&#123;&#10; git &#61; object&#40;&#123;&#10; gcp_service_account_email &#61; string&#10; https_proxy &#61; string&#10; policy_dir &#61; string&#10; secret_type &#61; string&#10; sync_branch &#61; string&#10; sync_repo &#61; string&#10; sync_rev &#61; string&#10; sync_wait_secs &#61; number&#10; &#125;&#41;&#10; prevent_drift &#61; string&#10; source_format &#61; string&#10; &#125;&#41;&#10; hierarchy_controller &#61; object&#40;&#123;&#10; enable_hierarchical_resource_quota &#61; bool&#10; enable_pod_tree_labels &#61; bool&#10; &#125;&#41;&#10; policy_controller &#61; object&#40;&#123;&#10; audit_interval_seconds &#61; number&#10; exemptable_namespaces &#61; list&#40;string&#41;&#10; log_denies_enabled &#61; bool&#10; referential_rules_enabled &#61; bool&#10; template_library_installed &#61; bool&#10; &#125;&#41;&#10; version &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map&#40;object&#40;&#123;&#10; binauthz &#61; bool&#10; config_sync &#61; object&#40;&#123;&#10; git &#61; object&#40;&#123;&#10; gcp_service_account_email &#61; string&#10; https_proxy &#61; string&#10; policy_dir &#61; string&#10; secret_type &#61; string&#10; sync_branch &#61; string&#10; sync_repo &#61; string&#10; sync_rev &#61; string&#10; sync_wait_secs &#61; number&#10; &#125;&#41;&#10; prevent_drift &#61; string&#10; source_format &#61; string&#10; &#125;&#41;&#10; hierarchy_controller &#61; object&#40;&#123;&#10; enable_hierarchical_resource_quota &#61; bool&#10; enable_pod_tree_labels &#61; bool&#10; &#125;&#41;&#10; policy_controller &#61; object&#40;&#123;&#10; audit_interval_seconds &#61; number&#10; exemptable_namespaces &#61; list&#40;string&#41;&#10; log_denies_enabled &#61; bool&#10; referential_rules_enabled &#61; bool&#10; template_library_installed &#61; bool&#10; &#125;&#41;&#10; version &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
@ -259,7 +259,7 @@ module "gke" {
| [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L151) | Project-level labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | | [labels](variables.tf#L151) | Project-level labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map&#40;map&#40;object&#40;&#123;&#10; gke_version &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number&#41;&#10; name &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;any, &#123; disk_type &#61; &#34;pd-balanced&#34; &#125;&#41;&#10; node_count &#61; optional&#40;map&#40;number&#41;, &#123; initial &#61; 1 &#125;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; nodepool_config &#61; optional&#40;any&#41;&#10; pod_range &#61; optional&#40;any&#41;&#10; reservation_affinity &#61; optional&#40;any&#41;&#10; service_account &#61; optional&#40;any&#41;&#10; sole_tenant_nodegroup &#61; optional&#40;string&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; taints &#61; optional&#40;list&#40;any&#41;&#41;&#10;&#125;&#41;&#41;&#41;">map&#40;map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map&#40;map&#40;object&#40;&#123;&#10; gke_version &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number&#41;&#10; name &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;any, &#123; disk_type &#61; &#34;pd-balanced&#34; &#125;&#41;&#10; node_count &#61; optional&#40;map&#40;number&#41;, &#123; initial &#61; 1 &#125;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; nodepool_config &#61; optional&#40;any&#41;&#10; pod_range &#61; optional&#40;any&#41;&#10; reservation_affinity &#61; optional&#40;any&#41;&#10; service_account &#61; optional&#40;any&#41;&#10; sole_tenant_nodegroup &#61; optional&#40;string&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; taints &#61; optional&#40;list&#40;any&#41;&#41;&#10;&#125;&#41;&#41;&#41;">map&#40;map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [project_services](variables.tf#L189) | Additional project services to enable. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [project_services](variables.tf#L193) | Additional project services to enable. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
## Outputs ## Outputs

View File

@ -177,8 +177,12 @@ variable "nodepools" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for resources that need unique names." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_id" { variable "project_id" {

View File

@ -26,11 +26,11 @@ in the [`validator/`](validator/) subdirectory, which can be integrated as part
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L29) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L29) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [root_node](variables.tf#L50) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | | | [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; prod &#61; &#34;10.0.16.0&#47;24&#34;&#10; dev &#61; &#34;10.0.32.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; prod &#61; &#34;10.0.16.0&#47;24&#34;&#10; dev &#61; &#34;10.0.32.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [project_services](variables.tf#L34) | Service APIs enabled by default in new projects. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;container.googleapis.com&#34;,&#10; &#34;dns.googleapis.com&#34;,&#10; &#34;stackdriver.googleapis.com&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> | | [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;container.googleapis.com&#34;,&#10; &#34;dns.googleapis.com&#34;,&#10; &#34;stackdriver.googleapis.com&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> |
| [region](variables.tf#L44) | Region used. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L48) | Region used. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
## Outputs ## Outputs

View File

@ -27,8 +27,12 @@ variable "ip_ranges" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for resources that need unique names." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_services" { variable "project_services" {

View File

@ -17,12 +17,12 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [prefix](variables.tf#L44) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L44) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L66) | Project id used for all resources. | <code>string</code> | ✓ | | | [project_id](variables.tf#L70) | Project id used for all resources. | <code>string</code> | ✓ | |
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;.google.com&#34;,&#10; &#34;.github.com&#34;,&#10; &#34;.fastlydns.net&#34;,&#10; &#34;.debian.org&#34;&#10;&#93;">&#91;&#8230;&#93;</code> | | [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;.google.com&#34;,&#10; &#34;.github.com&#34;,&#10; &#34;.fastlydns.net&#34;,&#10; &#34;.debian.org&#34;&#10;&#93;">&#91;&#8230;&#93;</code> |
| [cidrs](variables.tf#L28) | CIDR ranges for subnets. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; app &#61; &#34;10.0.0.0&#47;24&#34;&#10; proxy &#61; &#34;10.0.2.0&#47;28&#34;&#10; psc &#61; &#34;10.0.3.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [cidrs](variables.tf#L28) | CIDR ranges for subnets. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; app &#61; &#34;10.0.0.0&#47;24&#34;&#10; proxy &#61; &#34;10.0.2.0&#47;28&#34;&#10; psc &#61; &#34;10.0.3.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>&#34;ERRORS_ONLY&#34;</code> | | [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>&#34;ERRORS_ONLY&#34;</code> |
| [project_create](variables.tf#L49) | Set to non null if project needs to be created. | <code title="object&#40;&#123;&#10; billing_account &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L53) | Set to non null if project needs to be created. | <code title="object&#40;&#123;&#10; billing_account &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L71) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L75) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -42,8 +42,12 @@ variable "nat_logging" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for resources that need unique names." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -21,13 +21,13 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | <code>string</code> | ✓ | | | [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L52) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L52) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [root_node](variables.tf#L63) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | | | [root_node](variables.tf#L67) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;.google.com&#34;,&#10; &#34;.github.com&#34;&#10;&#93;">&#91;&#8230;&#93;</code> | | [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;.google.com&#34;,&#10; &#34;.github.com&#34;&#10;&#93;">&#91;&#8230;&#93;</code> |
| [cidrs](variables.tf#L31) | CIDR ranges for subnets. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; apps &#61; &#34;10.0.0.0&#47;24&#34;&#10; proxy &#61; &#34;10.0.1.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [cidrs](variables.tf#L31) | CIDR ranges for subnets. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; apps &#61; &#34;10.0.0.0&#47;24&#34;&#10; proxy &#61; &#34;10.0.1.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | <code>bool</code> | | <code>false</code> | | [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | <code>bool</code> | | <code>false</code> |
| [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>&#34;ERRORS_ONLY&#34;</code> | | [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>&#34;ERRORS_ONLY&#34;</code> |
| [region](variables.tf#L57) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L61) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
## Outputs ## Outputs

View File

@ -50,8 +50,12 @@ variable "nat_logging" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for resources that need unique names." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "region" { variable "region" {

View File

@ -124,10 +124,10 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L38) | Identifier of the project. | <code>string</code> | ✓ | | | [prefix](variables.tf#L23) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L41) | Identifier of the project. | <code>string</code> | ✓ | |
| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | <code>bool</code> | | <code>true</code> | | [enforce_security_policy](variables.tf#L17) | Enforce security policy. | <code>bool</code> | | <code>true</code> |
| [prefix](variables.tf#L23) | Prefix used for created resources. | <code>string</code> | | <code>null</code> | | [project_create](variables.tf#L32) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

View File

@ -15,7 +15,7 @@
*/ */
locals { locals {
prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" prefix = var.prefix == null ? "" : "${var.prefix}-"
} }
module "project" { module "project" {
@ -40,7 +40,7 @@ module "project" {
module "vpc" { module "vpc" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}vpc" name = "${var.prefix}-vpc"
subnets = [ subnets = [
{ {
ip_cidr_range = "10.0.1.0/24" ip_cidr_range = "10.0.1.0/24"
@ -70,7 +70,7 @@ module "nat_ew1" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = "europe-west1" region = "europe-west1"
name = "${local.prefix}nat-eu1" name = "${var.prefix}-nat-eu1"
router_network = module.vpc.name router_network = module.vpc.name
} }
@ -78,7 +78,7 @@ module "nat_ue1" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = "us-east1" region = "us-east1"
name = "${local.prefix}nat-ue1" name = "${var.prefix}-nat-ue1"
router_network = module.vpc.name router_network = module.vpc.name
} }
@ -86,7 +86,7 @@ module "instance_template_ew1" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = module.project.project_id project_id = module.project.project_id
zone = "europe-west1-b" zone = "europe-west1-b"
name = "${local.prefix}europe-west1-template" name = "${var.prefix}-europe-west1-template"
instance_type = "n1-standard-2" instance_type = "n1-standard-2"
network_interfaces = [{ network_interfaces = [{
network = module.vpc.self_link network = module.vpc.self_link
@ -108,7 +108,7 @@ module "instance_template_ue1" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = module.project.project_id project_id = module.project.project_id
zone = "us-east1-b" zone = "us-east1-b"
name = "${local.prefix}us-east1-template" name = "${var.prefix}-us-east1-template"
network_interfaces = [{ network_interfaces = [{
network = module.vpc.self_link network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"] subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"]
@ -156,7 +156,7 @@ module "mig_ew1" {
source = "../../../modules/compute-mig" source = "../../../modules/compute-mig"
project_id = module.project.project_id project_id = module.project.project_id
location = "europe-west1" location = "europe-west1"
name = "${local.prefix}europe-west1-mig" name = "${var.prefix}-europe-west1-mig"
instance_template = module.instance_template_ew1.template.self_link instance_template = module.instance_template_ew1.template.self_link
autoscaler_config = { autoscaler_config = {
max_replicas = 5 max_replicas = 5
@ -180,7 +180,7 @@ module "mig_ue1" {
source = "../../../modules/compute-mig" source = "../../../modules/compute-mig"
project_id = module.project.project_id project_id = module.project.project_id
location = "us-east1" location = "us-east1"
name = "${local.prefix}us-east1-mig" name = "${var.prefix}-us-east1-mig"
instance_template = module.instance_template_ue1.template.self_link instance_template = module.instance_template_ue1.template.self_link
autoscaler_config = { autoscaler_config = {
max_replicas = 5 max_replicas = 5
@ -202,7 +202,7 @@ module "mig_ue1" {
module "glb" { module "glb" {
source = "../../../modules/net-glb" source = "../../../modules/net-glb"
name = "${local.prefix}http-lb" name = "${var.prefix}-http-lb"
project_id = module.project.project_id project_id = module.project.project_id
backend_services_config = { backend_services_config = {
http-backend = { http-backend = {
@ -259,7 +259,7 @@ module "glb" {
resource "google_compute_security_policy" "policy" { resource "google_compute_security_policy" "policy" {
count = var.enforce_security_policy ? 1 : 0 count = var.enforce_security_policy ? 1 : 0
name = "${local.prefix}denylist-siege" name = "${var.prefix}-denylist-siege"
project = module.project.project_id project = module.project.project_id
rule { rule {
action = "deny(403)" action = "deny(403)"

View File

@ -21,9 +21,12 @@ variable "enforce_security_policy" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for created resources." description = "Prefix used for resource names."
type = string type = string
default = null validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -84,13 +84,13 @@ The VPN used to connect the GKE masters VPC does not account for HA, upgrading t
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L66) | Project id used for all resources. | <code>string</code> | ✓ | | | [prefix](variables.tf#L34) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L69) | Project id used for all resources. | <code>string</code> | ✓ | |
| [ip_ranges](variables.tf#L15) | IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; hub &#61; &#34;10.0.0.0&#47;24&#34;&#10; spoke-1 &#61; &#34;10.0.16.0&#47;24&#34;&#10; spoke-2 &#61; &#34;10.0.32.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_ranges](variables.tf#L15) | IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; hub &#61; &#34;10.0.0.0&#47;24&#34;&#10; spoke-1 &#61; &#34;10.0.16.0&#47;24&#34;&#10; spoke-2 &#61; &#34;10.0.32.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; spoke-2-pods &#61; &#34;10.128.0.0&#47;18&#34;&#10; spoke-2-services &#61; &#34;172.16.0.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; spoke-2-pods &#61; &#34;10.128.0.0&#47;18&#34;&#10; spoke-2-services &#61; &#34;172.16.0.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [prefix](variables.tf#L34) | Arbitrary string used to prefix resource names. | <code>string</code> | | <code>null</code> | | [private_service_ranges](variables.tf#L43) | Private service IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; spoke-2-cluster-1 &#61; &#34;192.168.0.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [private_service_ranges](variables.tf#L40) | Private service IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; spoke-2-cluster-1 &#61; &#34;192.168.0.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [project_create](variables.tf#L51) | Set to non null if project needs to be created. | <code title="object&#40;&#123;&#10; billing_account &#61; string&#10; oslogin &#61; bool&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L48) | Set to non null if project needs to be created. | <code title="object&#40;&#123;&#10; billing_account &#61; string&#10; oslogin &#61; bool&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [region](variables.tf#L74) | VPC region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [region](variables.tf#L71) | VPC region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
## Outputs ## Outputs

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
locals { locals {
prefix = var.prefix != null && var.prefix != "" ? "${var.prefix}-" : ""
vm-instances = [ vm-instances = [
module.vm-hub.instance, module.vm-hub.instance,
module.vm-spoke-1.instance, module.vm-spoke-1.instance,
@ -49,11 +48,11 @@ module "project" {
module "vpc-hub" { module "vpc-hub" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}hub" name = "${var.prefix}-hub"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.hub ip_cidr_range = var.ip_ranges.hub
name = "${local.prefix}hub-1" name = "${var.prefix}-hub-1"
region = var.region region = var.region
} }
] ]
@ -63,8 +62,8 @@ module "nat-hub" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}hub" name = "${var.prefix}-hub"
router_name = "${local.prefix}hub" router_name = "${var.prefix}-hub"
router_network = module.vpc-hub.self_link router_network = module.vpc-hub.self_link
} }
@ -84,11 +83,11 @@ module "vpc-hub-firewall" {
module "vpc-spoke-1" { module "vpc-spoke-1" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}spoke-1" name = "${var.prefix}-spoke-1"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.spoke-1 ip_cidr_range = var.ip_ranges.spoke-1
name = "${local.prefix}spoke-1-1" name = "${var.prefix}-spoke-1-1"
region = var.region region = var.region
} }
] ]
@ -107,8 +106,8 @@ module "nat-spoke-1" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}spoke-1" name = "${var.prefix}-spoke-1"
router_name = "${local.prefix}spoke-1" router_name = "${var.prefix}-spoke-1"
router_network = module.vpc-spoke-1.self_link router_network = module.vpc-spoke-1.self_link
} }
@ -127,11 +126,11 @@ module "hub-to-spoke-1-peering" {
module "vpc-spoke-2" { module "vpc-spoke-2" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}spoke-2" name = "${var.prefix}-spoke-2"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.spoke-2 ip_cidr_range = var.ip_ranges.spoke-2
name = "${local.prefix}spoke-2-1" name = "${var.prefix}-spoke-2-1"
region = var.region region = var.region
secondary_ip_ranges = { secondary_ip_ranges = {
pods = var.ip_secondary_ranges.spoke-2-pods pods = var.ip_secondary_ranges.spoke-2-pods
@ -154,8 +153,8 @@ module "nat-spoke-2" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}spoke-2" name = "${var.prefix}-spoke-2"
router_name = "${local.prefix}spoke-2" router_name = "${var.prefix}-spoke-2"
router_network = module.vpc-spoke-2.self_link router_network = module.vpc-spoke-2.self_link
} }
@ -176,10 +175,10 @@ module "vm-hub" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = module.project.project_id project_id = module.project.project_id
zone = "${var.region}-b" zone = "${var.region}-b"
name = "${local.prefix}hub" name = "${var.prefix}-hub"
network_interfaces = [{ network_interfaces = [{
network = module.vpc-hub.self_link network = module.vpc-hub.self_link
subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"] subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${var.prefix}-hub-1"]
nat = false nat = false
addresses = null addresses = null
}] }]
@ -193,10 +192,10 @@ module "vm-spoke-1" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = module.project.project_id project_id = module.project.project_id
zone = "${var.region}-b" zone = "${var.region}-b"
name = "${local.prefix}spoke-1" name = "${var.prefix}-spoke-1"
network_interfaces = [{ network_interfaces = [{
network = module.vpc-spoke-1.self_link network = module.vpc-spoke-1.self_link
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"] subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${var.prefix}-spoke-1-1"]
nat = false nat = false
addresses = null addresses = null
}] }]
@ -210,10 +209,10 @@ module "vm-spoke-2" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = module.project.project_id project_id = module.project.project_id
zone = "${var.region}-b" zone = "${var.region}-b"
name = "${local.prefix}spoke-2" name = "${var.prefix}-spoke-2"
network_interfaces = [{ network_interfaces = [{
network = module.vpc-spoke-2.self_link network = module.vpc-spoke-2.self_link
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"] subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"]
nat = false nat = false
addresses = null addresses = null
}] }]
@ -226,7 +225,7 @@ module "vm-spoke-2" {
module "service-account-gce" { module "service-account-gce" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}gce-test" name = "${var.prefix}-gce-test"
iam_project_roles = { iam_project_roles = {
(var.project_id) = [ (var.project_id) = [
"roles/container.developer", "roles/container.developer",
@ -242,12 +241,12 @@ module "service-account-gce" {
module "cluster-1" { module "cluster-1" {
source = "../../../modules/gke-cluster" source = "../../../modules/gke-cluster"
name = "${local.prefix}cluster-1" name = "${var.prefix}-cluster-1"
project_id = module.project.project_id project_id = module.project.project_id
location = "${var.region}-b" location = "${var.region}-b"
vpc_config = { vpc_config = {
network = module.vpc-spoke-2.self_link network = module.vpc-spoke-2.self_link
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"] subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"]
master_authorized_ranges = { master_authorized_ranges = {
for name, range in var.ip_ranges : name => range for name, range in var.ip_ranges : name => range
} }
@ -269,7 +268,7 @@ module "cluster-1" {
module "cluster-1-nodepool-1" { module "cluster-1-nodepool-1" {
source = "../../../modules/gke-nodepool" source = "../../../modules/gke-nodepool"
name = "${local.prefix}nodepool-1" name = "${var.prefix}-nodepool-1"
project_id = module.project.project_id project_id = module.project.project_id
location = module.cluster-1.location location = module.cluster-1.location
cluster_name = module.cluster-1.name cluster_name = module.cluster-1.name
@ -284,7 +283,7 @@ module "cluster-1-nodepool-1" {
module "service-account-gke-node" { module "service-account-gke-node" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}gke-node" name = "${var.prefix}-gke-node"
iam_project_roles = { iam_project_roles = {
(var.project_id) = [ (var.project_id) = [
"roles/logging.logWriter", "roles/monitoring.metricWriter", "roles/logging.logWriter", "roles/monitoring.metricWriter",
@ -301,7 +300,7 @@ module "vpn-hub" {
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
network = module.vpc-hub.name network = module.vpc-hub.name
name = "${local.prefix}hub" name = "${var.prefix}-hub"
remote_ranges = values(var.private_service_ranges) remote_ranges = values(var.private_service_ranges)
tunnels = { tunnels = {
spoke-2 = { spoke-2 = {
@ -318,7 +317,7 @@ module "vpn-spoke-2" {
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
network = module.vpc-spoke-2.name network = module.vpc-spoke-2.name
name = "${local.prefix}spoke-2" name = "${var.prefix}-spoke-2"
# use an aggregate of the remote ranges, so as to be less specific than the # use an aggregate of the remote ranges, so as to be less specific than the
# routes exchanged via peering # routes exchanged via peering
remote_ranges = ["10.0.0.0/8"] remote_ranges = ["10.0.0.0/8"]

View File

@ -32,9 +32,12 @@ variable "ip_secondary_ranges" {
} }
variable "prefix" { variable "prefix" {
description = "Arbitrary string used to prefix resource names." description = "Prefix used for resource names."
type = string type = string
default = null validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "private_service_ranges" { variable "private_service_ranges" {

View File

@ -85,13 +85,13 @@ ping test-r2.dev.example.com
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L49) | Project id for all resources. | <code>string</code> | ✓ | | | [prefix](variables.tf#L34) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L52) | Project id for all resources. | <code>string</code> | ✓ | |
| [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; land-0-r1 &#61; &#34;10.0.0.0&#47;24&#34;&#10; land-0-r2 &#61; &#34;10.0.8.0&#47;24&#34;&#10; dev-0-r1 &#61; &#34;10.0.16.0&#47;24&#34;&#10; dev-0-r2 &#61; &#34;10.0.24.0&#47;24&#34;&#10; prod-0-r1 &#61; &#34;10.0.32.0&#47;24&#34;&#10; prod-0-r2 &#61; &#34;10.0.40.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; land-0-r1 &#61; &#34;10.0.0.0&#47;24&#34;&#10; land-0-r2 &#61; &#34;10.0.8.0&#47;24&#34;&#10; dev-0-r1 &#61; &#34;10.0.16.0&#47;24&#34;&#10; dev-0-r2 &#61; &#34;10.0.24.0&#47;24&#34;&#10; prod-0-r1 &#61; &#34;10.0.32.0&#47;24&#34;&#10; prod-0-r2 &#61; &#34;10.0.40.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | <code>map&#40;map&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | <code>map&#40;map&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [prefix](variables.tf#L34) | Prefix used in resource names. | <code>string</code> | | <code>null</code> | | [project_create_config](variables.tf#L43) | Populate with billing account id to trigger project creation. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create_config](variables.tf#L40) | Populate with billing account id to trigger project creation. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [regions](variables.tf#L57) | VPC regions. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; r1 &#61; &#34;europe-west1&#34;&#10; r2 &#61; &#34;europe-west4&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [regions](variables.tf#L54) | VPC regions. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; r1 &#61; &#34;europe-west1&#34;&#10; r2 &#61; &#34;europe-west4&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [vpn_configs](variables.tf#L66) | VPN configurations. | <code title="map&#40;object&#40;&#123;&#10; asn &#61; number&#10; custom_ranges &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; land-r1 &#61; &#123;&#10; asn &#61; 64513&#10; custom_ranges &#61; &#123;&#10; &#34;10.0.0.0&#47;8&#34; &#61; &#34;internal default&#34;&#10; &#125;&#10; &#125;&#10; dev-r1 &#61; &#123;&#10; asn &#61; 64514&#10; custom_ranges &#61; null&#10; &#125;&#10; prod-r1 &#61; &#123;&#10; asn &#61; 64515&#10; custom_ranges &#61; null&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [vpn_configs](variables.tf#L63) | VPN configurations. | <code title="map&#40;object&#40;&#123;&#10; asn &#61; number&#10; custom_ranges &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; land-r1 &#61; &#123;&#10; asn &#61; 64513&#10; custom_ranges &#61; &#123;&#10; &#34;10.0.0.0&#47;8&#34; &#61; &#34;internal default&#34;&#10; &#125;&#10; &#125;&#10; dev-r1 &#61; &#123;&#10; asn &#61; 64514&#10; custom_ranges &#61; null&#10; &#125;&#10; prod-r1 &#61; &#123;&#10; asn &#61; 64515&#10; custom_ranges &#61; null&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
## Outputs ## Outputs

View File

@ -12,10 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
locals {
prefix = var.prefix == null ? "" : "${var.prefix}-"
}
# enable services in the project used # enable services in the project used
module "project" { module "project" {
@ -35,11 +31,11 @@ module "project" {
module "landing-r1-vm" { module "landing-r1-vm" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = var.project_id project_id = var.project_id
name = "${local.prefix}lnd-test-r1" name = "${var.prefix}-lnd-test-r1"
zone = "${var.regions.r1}-b" zone = "${var.regions.r1}-b"
network_interfaces = [{ network_interfaces = [{
network = module.landing-vpc.self_link network = module.landing-vpc.self_link
subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}lnd-0"] subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-lnd-0"]
nat = false nat = false
addresses = null addresses = null
}] }]
@ -51,11 +47,11 @@ module "landing-r1-vm" {
module "prod-r1-vm" { module "prod-r1-vm" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = var.project_id project_id = var.project_id
name = "${local.prefix}prd-test-r1" name = "${var.prefix}-prd-test-r1"
zone = "${var.regions.r1}-b" zone = "${var.regions.r1}-b"
network_interfaces = [{ network_interfaces = [{
network = module.prod-vpc.self_link network = module.prod-vpc.self_link
subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}prd-0"] subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-prd-0"]
nat = false nat = false
addresses = null addresses = null
}] }]
@ -67,11 +63,11 @@ module "prod-r1-vm" {
module "dev-r2-vm" { module "dev-r2-vm" {
source = "../../../modules/compute-vm" source = "../../../modules/compute-vm"
project_id = var.project_id project_id = var.project_id
name = "${local.prefix}dev-test-r2" name = "${var.prefix}-dev-test-r2"
zone = "${var.regions.r2}-b" zone = "${var.regions.r2}-b"
network_interfaces = [{ network_interfaces = [{
network = module.dev-vpc.self_link network = module.dev-vpc.self_link
subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${local.prefix}dev-0"] subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${var.prefix}-dev-0"]
nat = false nat = false
addresses = null addresses = null
}] }]

View File

@ -17,11 +17,11 @@
module "dev-vpc" { module "dev-vpc" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = var.project_id project_id = var.project_id
name = "${local.prefix}dev" name = "${var.prefix}-dev"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.dev-0-r1 ip_cidr_range = var.ip_ranges.dev-0-r1
name = "${local.prefix}dev-0" name = "${var.prefix}-dev-0"
region = var.regions.r1 region = var.regions.r1
secondary_ip_ranges = try( secondary_ip_ranges = try(
var.ip_secondary_ranges.dev-0-r1, {} var.ip_secondary_ranges.dev-0-r1, {}
@ -29,7 +29,7 @@ module "dev-vpc" {
}, },
{ {
ip_cidr_range = var.ip_ranges.dev-0-r2 ip_cidr_range = var.ip_ranges.dev-0-r2
name = "${local.prefix}dev-0" name = "${var.prefix}-dev-0"
region = var.regions.r2 region = var.regions.r2
secondary_ip_ranges = try( secondary_ip_ranges = try(
var.ip_secondary_ranges.dev-0-r2, {} var.ip_secondary_ranges.dev-0-r2, {}
@ -51,7 +51,7 @@ module "dev-dns-peering" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = var.project_id project_id = var.project_id
type = "peering" type = "peering"
name = "${local.prefix}example-com-dev-peering" name = "${var.prefix}-example-com-dev-peering"
domain = "example.com." domain = "example.com."
client_networks = [module.dev-vpc.self_link] client_networks = [module.dev-vpc.self_link]
peer_network = module.landing-vpc.self_link peer_network = module.landing-vpc.self_link
@ -61,7 +61,7 @@ module "dev-dns-zone" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = var.project_id project_id = var.project_id
type = "private" type = "private"
name = "${local.prefix}dev-example-com" name = "${var.prefix}-dev-example-com"
domain = "dev.example.com." domain = "dev.example.com."
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
recordsets = { recordsets = {

View File

@ -17,11 +17,11 @@
module "landing-vpc" { module "landing-vpc" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = var.project_id project_id = var.project_id
name = "${local.prefix}lnd" name = "${var.prefix}-lnd"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.land-0-r1 ip_cidr_range = var.ip_ranges.land-0-r1
name = "${local.prefix}lnd-0" name = "${var.prefix}-lnd-0"
region = var.regions.r1 region = var.regions.r1
secondary_ip_ranges = try( secondary_ip_ranges = try(
var.ip_secondary_ranges.land-0-r1, {} var.ip_secondary_ranges.land-0-r1, {}
@ -29,7 +29,7 @@ module "landing-vpc" {
}, },
{ {
ip_cidr_range = var.ip_ranges.land-0-r2 ip_cidr_range = var.ip_ranges.land-0-r2
name = "${local.prefix}lnd-0" name = "${var.prefix}-lnd-0"
region = var.regions.r2 region = var.regions.r2
secondary_ip_ranges = try( secondary_ip_ranges = try(
var.ip_secondary_ranges.land-0-r2, {} var.ip_secondary_ranges.land-0-r2, {}
@ -51,7 +51,7 @@ module "landing-dns-zone" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = var.project_id project_id = var.project_id
type = "private" type = "private"
name = "${local.prefix}example-com" name = "${var.prefix}-example-com"
domain = "example.com." domain = "example.com."
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
recordsets = { recordsets = {

View File

@ -17,11 +17,11 @@
module "prod-vpc" { module "prod-vpc" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = var.project_id project_id = var.project_id
name = "${local.prefix}prd" name = "${var.prefix}-prd"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.prod-0-r1 ip_cidr_range = var.ip_ranges.prod-0-r1
name = "${local.prefix}prd-0" name = "${var.prefix}-prd-0"
region = var.regions.r1 region = var.regions.r1
secondary_ip_ranges = try( secondary_ip_ranges = try(
var.ip_secondary_ranges.prod-0-r1, {} var.ip_secondary_ranges.prod-0-r1, {}
@ -29,7 +29,7 @@ module "prod-vpc" {
}, },
{ {
ip_cidr_range = var.ip_ranges.prod-0-r2 ip_cidr_range = var.ip_ranges.prod-0-r2
name = "${local.prefix}prd-0" name = "${var.prefix}-prd-0"
region = var.regions.r2 region = var.regions.r2
secondary_ip_ranges = try( secondary_ip_ranges = try(
var.ip_secondary_ranges.prod-0-r2, {} var.ip_secondary_ranges.prod-0-r2, {}
@ -51,7 +51,7 @@ module "prod-dns-peering" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = var.project_id project_id = var.project_id
type = "peering" type = "peering"
name = "${local.prefix}example-com-prd-peering" name = "${var.prefix}-example-com-prd-peering"
domain = "example.com." domain = "example.com."
client_networks = [module.prod-vpc.self_link] client_networks = [module.prod-vpc.self_link]
peer_network = module.landing-vpc.self_link peer_network = module.landing-vpc.self_link
@ -61,7 +61,7 @@ module "prod-dns-zone" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = var.project_id project_id = var.project_id
type = "private" type = "private"
name = "${local.prefix}prd-example-com" name = "${var.prefix}-prd-example-com"
domain = "prd.example.com." domain = "prd.example.com."
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
recordsets = { recordsets = {

View File

@ -32,9 +32,12 @@ variable "ip_secondary_ranges" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used in resource names." description = "Prefix used for resource names."
type = string type = string
default = null validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create_config" { variable "project_create_config" {

View File

@ -19,9 +19,9 @@ module "landing-to-dev-vpn-r1" {
project_id = var.project_id project_id = var.project_id
network = module.landing-vpc.self_link network = module.landing-vpc.self_link
region = var.regions.r1 region = var.regions.r1
name = "${local.prefix}lnd-to-dev-r1" name = "${var.prefix}-lnd-to-dev-r1"
router_create = false router_create = false
router_name = "${local.prefix}lnd-vpn-r1" router_name = "${var.prefix}-lnd-vpn-r1"
# router is created and managed by the production VPN module # router is created and managed by the production VPN module
# so we don't configure advertisements here # so we don't configure advertisements here
peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link
@ -62,9 +62,9 @@ module "dev-to-landing-vpn-r1" {
project_id = var.project_id project_id = var.project_id
network = module.dev-vpc.self_link network = module.dev-vpc.self_link
region = var.regions.r1 region = var.regions.r1
name = "${local.prefix}dev-to-lnd-r1" name = "${var.prefix}-dev-to-lnd-r1"
router_create = true router_create = true
router_name = "${local.prefix}dev-vpn-r1" router_name = "${var.prefix}-dev-vpn-r1"
router_asn = var.vpn_configs.dev-r1.asn router_asn = var.vpn_configs.dev-r1.asn
router_advertise_config = ( router_advertise_config = (
var.vpn_configs.dev-r1.custom_ranges == null var.vpn_configs.dev-r1.custom_ranges == null

View File

@ -19,9 +19,9 @@ module "landing-to-prod-vpn-r1" {
project_id = var.project_id project_id = var.project_id
network = module.landing-vpc.self_link network = module.landing-vpc.self_link
region = var.regions.r1 region = var.regions.r1
name = "${local.prefix}lnd-to-prd-r1" name = "${var.prefix}-lnd-to-prd-r1"
router_create = true router_create = true
router_name = "${local.prefix}lnd-vpn-r1" router_name = "${var.prefix}-lnd-vpn-r1"
router_asn = var.vpn_configs.land-r1.asn router_asn = var.vpn_configs.land-r1.asn
router_advertise_config = ( router_advertise_config = (
var.vpn_configs.land-r1.custom_ranges == null var.vpn_configs.land-r1.custom_ranges == null
@ -68,9 +68,9 @@ module "prod-to-landing-vpn-r1" {
project_id = var.project_id project_id = var.project_id
network = module.prod-vpc.self_link network = module.prod-vpc.self_link
region = var.regions.r1 region = var.regions.r1
name = "${local.prefix}prd-to-lnd-r1" name = "${var.prefix}-prd-to-lnd-r1"
router_create = true router_create = true
router_name = "${local.prefix}prd-vpn-r1" router_name = "${var.prefix}-prd-vpn-r1"
router_asn = var.vpn_configs.prod-r1.asn router_asn = var.vpn_configs.prod-r1.asn
# the router is managed here but shared with the dev VPN # the router is managed here but shared with the dev VPN
router_advertise_config = ( router_advertise_config = (

View File

@ -65,14 +65,14 @@ A sample testing session using `tmux`:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L50) | Existing project id. | <code>string</code> | ✓ | | | [prefix](variables.tf#L38) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L53) | Existing project id. | <code>string</code> | ✓ | |
| [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | <code>bool</code> | | <code>false</code> | | [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | <code>bool</code> | | <code>false</code> |
| [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | <code>string</code> | | <code>&#34;CLIENT_IP&#34;</code> | | [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | <code>string</code> | | <code>&#34;CLIENT_IP&#34;</code> |
| [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; left &#61; &#34;10.0.0.0&#47;24&#34;&#10; right &#61; &#34;10.0.1.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; left &#61; &#34;10.0.0.0&#47;24&#34;&#10; right &#61; &#34;10.0.1.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [prefix](variables.tf#L38) | Prefix used for resource names. | <code>string</code> | | <code>&#34;ilb-test&#34;</code> | | [project_create](variables.tf#L47) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
| [project_create](variables.tf#L44) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> | | [region](variables.tf#L58) | Region used for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [region](variables.tf#L55) | Region used for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [zones](variables.tf#L64) | Zone suffixes used for instances. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;b&#34;, &#34;c&#34;&#93;</code> |
| [zones](variables.tf#L61) | Zone suffixes used for instances. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;b&#34;, &#34;c&#34;&#93;</code> |
## Outputs ## Outputs

View File

@ -19,7 +19,7 @@ module "gw" {
for_each = local.zones for_each = local.zones
project_id = module.project.project_id project_id = module.project.project_id
zone = each.value zone = each.value
name = "${local.prefix}gw-${each.key}" name = "${var.prefix}-gw-${each.key}"
instance_type = "f1-micro" instance_type = "f1-micro"
boot_disk = { boot_disk = {
@ -51,7 +51,7 @@ module "gw" {
}) })
} }
service_account = try( service_account = try(
module.service-accounts.emails["${local.prefix}gce-vm"], null module.service-accounts.emails["${var.prefix}-gce-vm"], null
) )
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"] service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
group = { named_ports = null } group = { named_ports = null }
@ -61,7 +61,7 @@ module "ilb-left" {
source = "../../../modules/net-ilb" source = "../../../modules/net-ilb"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}ilb-left" name = "${var.prefix}-ilb-left"
vpc_config = { vpc_config = {
network = module.vpc-left.self_link network = module.vpc-left.self_link
subnetwork = values(module.vpc-left.subnet_self_links)[0] subnetwork = values(module.vpc-left.subnet_self_links)[0]
@ -85,7 +85,7 @@ module "ilb-right" {
source = "../../../modules/net-ilb" source = "../../../modules/net-ilb"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}ilb-right" name = "${var.prefix}-ilb-right"
vpc_config = { vpc_config = {
network = module.vpc-right.self_link network = module.vpc-right.self_link
subnetwork = values(module.vpc-right.subnet_self_links)[0] subnetwork = values(module.vpc-right.subnet_self_links)[0]

View File

@ -17,10 +17,9 @@
locals { locals {
addresses = { addresses = {
for k, v in module.addresses.internal_addresses : for k, v in module.addresses.internal_addresses :
trimprefix(k, local.prefix) => v.address trimprefix(k, "${var.prefix}-") => v.address
} }
prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" zones = { for z in var.zones : z => "${var.region}-${z}" }
zones = { for z in var.zones : z => "${var.region}-${z}" }
} }
module "project" { module "project" {
@ -36,7 +35,7 @@ module "project" {
module "service-accounts" { module "service-accounts" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}gce-vm" name = "${var.prefix}-gce-vm"
iam_project_roles = { iam_project_roles = {
(var.project_id) = [ (var.project_id) = [
"roles/logging.logWriter", "roles/logging.logWriter",
@ -49,11 +48,11 @@ module "addresses" {
source = "../../../modules/net-address" source = "../../../modules/net-address"
project_id = module.project.project_id project_id = module.project.project_id
internal_addresses = { internal_addresses = {
"${local.prefix}ilb-left" = { "${var.prefix}-ilb-left" = {
region = var.region, region = var.region,
subnetwork = values(module.vpc-left.subnet_self_links)[0] subnetwork = values(module.vpc-left.subnet_self_links)[0]
}, },
"${local.prefix}ilb-right" = { "${var.prefix}-ilb-right" = {
region = var.region, region = var.region,
subnetwork = values(module.vpc-right.subnet_self_links)[0] subnetwork = values(module.vpc-right.subnet_self_links)[0]
} }

View File

@ -28,7 +28,7 @@ output "addresses" {
output "backend_health_left" { output "backend_health_left" {
description = "Command-line health status for left ILB backends." description = "Command-line health status for left ILB backends."
value = <<-EOT value = <<-EOT
gcloud compute backend-services get-health ${local.prefix}ilb-left \ gcloud compute backend-services get-health ${var.prefix}-ilb-left \
--region ${var.region} \ --region ${var.region} \
--flatten status.healthStatus \ --flatten status.healthStatus \
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" --format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
@ -38,7 +38,7 @@ output "backend_health_left" {
output "backend_health_right" { output "backend_health_right" {
description = "Command-line health status for right ILB backends." description = "Command-line health status for right ILB backends."
value = <<-EOT value = <<-EOT
gcloud compute backend-services get-health ${local.prefix}ilb-right \ gcloud compute backend-services get-health ${var.prefix}-ilb-right \
--region ${var.region} \ --region ${var.region} \
--flatten status.healthStatus \ --flatten status.healthStatus \
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" --format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"

View File

@ -38,7 +38,10 @@ variable "ip_ranges" {
variable "prefix" { variable "prefix" {
description = "Prefix used for resource names." description = "Prefix used for resource names."
type = string type = string
default = "ilb-test" validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {

View File

@ -27,7 +27,7 @@ module "vm-left" {
for_each = local.zones for_each = local.zones
project_id = module.project.project_id project_id = module.project.project_id
zone = each.value zone = each.value
name = "${local.prefix}vm-left-${each.key}" name = "${var.prefix}-vm-left-${each.key}"
instance_type = "f1-micro" instance_type = "f1-micro"
network_interfaces = [ network_interfaces = [
{ {
@ -50,7 +50,7 @@ module "vm-right" {
for_each = local.zones for_each = local.zones
project_id = module.project.project_id project_id = module.project.project_id
zone = each.value zone = each.value
name = "${local.prefix}vm-right-${each.key}" name = "${var.prefix}-vm-right-${each.key}"
instance_type = "f1-micro" instance_type = "f1-micro"
network_interfaces = [ network_interfaces = [
{ {

View File

@ -17,11 +17,11 @@
module "vpc-left" { module "vpc-left" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}left" name = "${var.prefix}-left"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.left ip_cidr_range = var.ip_ranges.left
name = "${local.prefix}left" name = "${var.prefix}-left"
region = var.region region = var.region
}, },
] ]
@ -48,6 +48,6 @@ module "nat-left" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}left" name = "${var.prefix}-left"
router_network = module.vpc-left.name router_network = module.vpc-left.name
} }

View File

@ -17,11 +17,11 @@
module "vpc-right" { module "vpc-right" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = module.project.project_id project_id = module.project.project_id
name = "${local.prefix}right" name = "${var.prefix}-right"
subnets = [ subnets = [
{ {
ip_cidr_range = var.ip_ranges.right ip_cidr_range = var.ip_ranges.right
name = "${local.prefix}right" name = "${var.prefix}-right"
region = var.region region = var.region
}, },
] ]
@ -59,6 +59,6 @@ module "nat-right" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = "${local.prefix}right" name = "${var.prefix}-right"
router_network = module.vpc-right.name router_network = module.vpc-right.name
} }

View File

@ -11,27 +11,26 @@ The example is for Nginx, but it could be easily adapted to any other reverse pr
## Ops Agent image ## Ops Agent image
There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built. There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built.
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [autoscaling_metric](variables.tf#L31) | | <code title="object&#40;&#123;&#10; name &#61; string&#10; single_instance_assignment &#61; number&#10; target &#61; number&#10; type &#61; string &#35; GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE&#10; filter &#61; string&#10;&#125;&#41;&#10;&#10;&#10;default &#61; &#123;&#10; name &#61; &#34;workload.googleapis.com&#47;nginx.connections_current&#34;&#10; single_instance_assignment &#61; null&#10; target &#61; 10 &#35; Target 10 connections per instance, just for demonstration purposes&#10; type &#61; &#34;GAUGE&#34;&#10; filter &#61; null&#10;&#125;">object&#40;&#123;&#8230;&#125;</code> | ✓ | | | [autoscaling_metric](variables.tf#L31) | Definition of metric to use for scaling. | <code title="object&#40;&#123;&#10; name &#61; string&#10; single_instance_assignment &#61; number&#10; target &#61; number&#10; type &#61; string &#35; GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE&#10; filter &#61; string&#10;&#125;&#41;&#10;&#10;&#10;default &#61; &#123;&#10; name &#61; &#34;workload.googleapis.com&#47;nginx.connections_current&#34;&#10; single_instance_assignment &#61; null&#10; target &#61; 10 &#35; Target 10 connections per instance, just for demonstration purposes&#10; type &#61; &#34;GAUGE&#34;&#10; filter &#61; null&#10;&#125;">object&#40;&#123;&#8230;&#125;</code> | ✓ | |
| [project_name](variables.tf#L108) | Name of an existing project or of the new project | <code>string</code> | ✓ | | | [prefix](variables.tf#L94) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [project_name](variables.tf#L112) | Name of an existing project or of the new project. | <code>string</code> | ✓ | |
| [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | <code title="object&#40;&#123;&#10; min_replicas &#61; number&#10; max_replicas &#61; number&#10; cooldown_period &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; min_replicas &#61; 1&#10; max_replicas &#61; 10&#10; cooldown_period &#61; 30&#10;&#125;">&#123;&#8230;&#125;</code> | | [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | <code title="object&#40;&#123;&#10; min_replicas &#61; number&#10; max_replicas &#61; number&#10; cooldown_period &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; min_replicas &#61; 1&#10; max_replicas &#61; 10&#10; cooldown_period &#61; 30&#10;&#125;">&#123;&#8230;&#125;</code> |
| [backends](variables.tf#L49) | Nginx locations configurations to proxy traffic to. | <code>string</code> | | <code title="&#34;&#60;&#60;-EOT&#10; location &#47; &#123;&#10; proxy_pass http:&#47;&#47;10.0.16.58:80;&#10; proxy_http_version 1.1;&#10; proxy_set_header Connection &#34;&#34;;&#10; &#125;&#10;EOT&#34;">&#34;&#60;&#60;-EOT&#8230;EOT&#34;</code> | | [backends](variables.tf#L50) | Nginx locations configurations to proxy traffic to. | <code>string</code> | | <code title="&#34;&#60;&#60;-EOT&#10; location &#47; &#123;&#10; proxy_pass http:&#47;&#47;10.0.16.58:80;&#10; proxy_http_version 1.1;&#10; proxy_set_header Connection &#34;&#34;;&#10; &#125;&#10;EOT&#34;">&#34;&#60;&#60;-EOT&#8230;EOT&#34;</code> |
| [cidrs](variables.tf#L61) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gce &#61; &#34;10.0.16.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [cidrs](variables.tf#L62) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gce &#61; &#34;10.0.16.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [network](variables.tf#L69) | Network name. | <code>string</code> | | <code>&#34;reverse-proxy-vpc&#34;</code> | | [network](variables.tf#L70) | Network name. | <code>string</code> | | <code>&#34;reverse-proxy-vpc&#34;</code> |
| [network_create](variables.tf#L75) | Create network or use existing one. | <code>bool</code> | | <code>true</code> | | [network_create](variables.tf#L76) | Create network or use existing one. | <code>bool</code> | | <code>true</code> |
| [nginx_image](variables.tf#L81) | Nginx container image to use. | <code>string</code> | | <code>&#34;gcr.io&#47;cloud-marketplace&#47;google&#47;nginx1:latest&#34;</code> | | [nginx_image](variables.tf#L82) | Nginx container image to use. | <code>string</code> | | <code>&#34;gcr.io&#47;cloud-marketplace&#47;google&#47;nginx1:latest&#34;</code> |
| [ops_agent_image](variables.tf#L87) | Google Cloud Ops Agent container image to use. | <code>string</code> | | <code>&#34;gcr.io&#47;sfans-hub-project-d647&#47;ops-agent:latest&#34;</code> | | [ops_agent_image](variables.tf#L88) | Google Cloud Ops Agent container image to use. | <code>string</code> | | <code>&#34;gcr.io&#47;sfans-hub-project-d647&#47;ops-agent:latest&#34;</code> |
| [prefix](variables.tf#L93) | Prefix used for resources that need unique names. | <code>string</code> | | <code>&#34;&#34;</code> | | [project_create](variables.tf#L103) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [project_create](variables.tf#L99) | Parameters for the creation of the new project | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [region](variables.tf#L117) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west4&#34;</code> |
| [region](variables.tf#L113) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west4&#34;</code> | | [subnetwork](variables.tf#L123) | Subnetwork name. | <code>string</code> | | <code>&#34;gce&#34;</code> |
| [subnetwork](variables.tf#L119) | Subnetwork name. | <code>string</code> | | <code>&#34;gce&#34;</code> | | [tls](variables.tf#L129) | Also offer reverse proxying with TLS (self-signed certificate). | <code>bool</code> | | <code>false</code> |
| [tls](variables.tf#L125) | Also offer reverse proxying with TLS (self-signed certificate). | <code>bool</code> | | <code>false</code> |
## Outputs ## Outputs

View File

@ -161,7 +161,7 @@ module "firewall" {
project_id = module.project.project_id project_id = module.project.project_id
network = module.vpc.name network = module.vpc.name
ingress_rules = { ingress_rules = {
format("%sallow-http-to-proxy-cluster", var.prefix) = { "${var.prefix}-allow-http-to-proxy-cluster" = {
description = "Allow Nginx HTTP(S) ingress traffic" description = "Allow Nginx HTTP(S) ingress traffic"
source_ranges = [ source_ranges = [
var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22" var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22"
@ -170,7 +170,7 @@ module "firewall" {
use_service_accounts = true use_service_accounts = true
rules = [{ protocol = "tcp", ports = [80, 443] }] rules = [{ protocol = "tcp", ports = [80, 443] }]
} }
format("%sallow-iap-ssh", var.prefix) = { "${var.prefix}-allow-iap-ssh" = {
description = "Allow Nginx SSH traffic from IAP" description = "Allow Nginx SSH traffic from IAP"
source_ranges = ["35.235.240.0/20"] source_ranges = ["35.235.240.0/20"]
targets = [module.service-account-proxy.email] targets = [module.service-account-proxy.email]
@ -184,7 +184,7 @@ module "nat" {
source = "../../../modules/net-cloudnat" source = "../../../modules/net-cloudnat"
project_id = module.project.project_id project_id = module.project.project_id
region = var.region region = var.region
name = format("%snat", var.prefix) name = "${var.prefix}-nat"
router_network = module.vpc.name router_network = module.vpc.name
config_source_subnets = "LIST_OF_SUBNETWORKS" config_source_subnets = "LIST_OF_SUBNETWORKS"
@ -207,7 +207,7 @@ module "nat" {
module "service-account-proxy" { module "service-account-proxy" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = module.project.project_id project_id = module.project.project_id
name = format("%sreverse-proxy", var.prefix) name = "${var.prefix}-reverse-proxy"
iam_project_roles = { iam_project_roles = {
(module.project.project_id) = [ (module.project.project_id) = [
"roles/logging.logWriter", "roles/logging.logWriter",
@ -241,7 +241,7 @@ module "mig-proxy" {
project_id = module.project.project_id project_id = module.project.project_id
location = var.region location = var.region
regional = true regional = true
name = format("%sproxy-cluster", var.prefix) name = "${var.prefix}-proxy-cluster"
named_ports = { named_ports = {
http = "80" http = "80"
https = "443" https = "443"
@ -313,11 +313,11 @@ module "proxy-vm" {
module "xlb" { module "xlb" {
source = "../../../modules/net-glb" source = "../../../modules/net-glb"
name = format("%sreverse-proxy-xlb", var.prefix) name = "${var.prefix}-reverse-proxy-xlb"
project_id = module.project.project_id project_id = module.project.project_id
reserve_ip_address = true reserve_ip_address = true
health_checks_config = { health_checks_config = {
format("%sreverse-proxy-hc", var.prefix) = { "${var.prefix}-reverse-proxy-hc" = {
type = "http" type = "http"
logging = false logging = false
options = { options = {
@ -334,7 +334,7 @@ module "xlb" {
} }
} }
backend_services_config = { backend_services_config = {
format("%sreverse-proxy-backend", var.prefix) = { "${var.prefix}-reverse-proxy-backend" = {
bucket_config = null bucket_config = null
enable_cdn = false enable_cdn = false
cdn_config = null cdn_config = null
@ -345,7 +345,7 @@ module "xlb" {
options = null options = null
} }
] ]
health_checks = [format("%sreverse-proxy-hc", var.prefix)] health_checks = ["${var.prefix}-reverse-proxy-hc"]
log_config = null log_config = null
options = { options = {
affinity_cookie_ttl_sec = null affinity_cookie_ttl_sec = null

View File

@ -29,6 +29,7 @@ variable "autoscaling" {
} }
variable "autoscaling_metric" { variable "autoscaling_metric" {
description = "Definition of metric to use for scaling."
type = object({ type = object({
name = string name = string
single_instance_assignment = number single_instance_assignment = number
@ -91,13 +92,16 @@ variable "ops_agent_image" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix used for resources that need unique names." description = "Prefix used for resource names."
type = string type = string
default = "" validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "project_create" { variable "project_create" {
description = "Parameters for the creation of the new project" description = "Parameters for the creation of the new project."
type = object({ type = object({
billing_account_id = string billing_account_id = string
parent = string parent = string
@ -106,7 +110,7 @@ variable "project_create" {
} }
variable "project_name" { variable "project_name" {
description = "Name of an existing project or of the new project" description = "Name of an existing project or of the new project."
type = string type = string
} }
@ -127,4 +131,3 @@ variable "tls" {
type = bool type = bool
default = false default = false
} }

View File

@ -41,15 +41,15 @@ Before applying this Terraform
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | <code>string</code> | ✓ | | | [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L28) | Prefix to use for resource names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L28) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [producer](variables.tf#L33) | Producer configuration. | <code title="object&#40;&#123;&#10; subnet_main &#61; string &#35; CIDR&#10; subnet_proxy &#61; string &#35; CIDR&#10; subnet_psc &#61; string &#35; CIDR&#10; accepted_limits &#61; map&#40;number&#41; &#35; Accepted project ids &#61;&#62; PSC endpoint limit&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [producer](variables.tf#L37) | Producer configuration. | <code title="object&#40;&#123;&#10; subnet_main &#61; string &#35; CIDR&#10; subnet_proxy &#61; string &#35; CIDR&#10; subnet_psc &#61; string &#35; CIDR&#10; accepted_limits &#61; map&#40;number&#41; &#35; Accepted project ids &#61;&#62; PSC endpoint limit&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | | | [project_id](variables.tf#L53) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L54) | Region where resources will be created. | <code>string</code> | ✓ | | | [region](variables.tf#L58) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | <code>string &#35; CIDR</code> | ✓ | | | [subnet_consumer](variables.tf#L63) | Consumer subnet CIDR. | <code>string &#35; CIDR</code> | ✓ | |
| [zone](variables.tf#L98) | Zone where resources will be created. | <code>string</code> | ✓ | | | [zone](variables.tf#L102) | Zone where resources will be created. | <code>string</code> | ✓ | |
| [dest_port](variables.tf#L22) | On-prem service destination port. | <code>string</code> | | <code>&#34;80&#34;</code> | | [dest_port](variables.tf#L22) | On-prem service destination port. | <code>string</code> | | <code>&#34;80&#34;</code> |
| [project_create](variables.tf#L43) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> | | [project_create](variables.tf#L47) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> |
| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | <code title="object&#40;&#123;&#10; producer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; subnet_proxy_id &#61; string&#10; subnet_psc_id &#61; string&#10; &#125;&#41;&#10; consumer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; producer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; subnet_proxy_id &#61; &#34;xxx&#34;&#10; subnet_psc_id &#61; &#34;xxx&#34;&#10; &#125;&#10; consumer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | [vpc_config](variables.tf#L68) | VPC and subnet ids, in case existing VPCs are used. | <code title="object&#40;&#123;&#10; producer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; subnet_proxy_id &#61; string&#10; subnet_psc_id &#61; string&#10; &#125;&#41;&#10; consumer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; producer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; subnet_proxy_id &#61; &#34;xxx&#34;&#10; subnet_psc_id &#61; &#34;xxx&#34;&#10; &#125;&#10; consumer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> | | [vpc_create](variables.tf#L96) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> |
<!-- END TFDOC --> <!-- END TFDOC -->

View File

@ -15,7 +15,6 @@
*/ */
locals { locals {
prefix = coalesce(var.prefix, "") == "" ? "" : "${var.prefix}-"
project_id = ( project_id = (
var.project_create var.project_create
? module.project.project_id ? module.project.project_id
@ -66,7 +65,7 @@ module "project" {
module "vpc_producer" { module "vpc_producer" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = local.project_id project_id = local.project_id
name = "${local.prefix}producer" name = "${var.prefix}-producer"
subnets = [ subnets = [
{ {
ip_cidr_range = var.producer["subnet_main"] ip_cidr_range = var.producer["subnet_main"]
@ -78,7 +77,7 @@ module "vpc_producer" {
subnets_proxy_only = [ subnets_proxy_only = [
{ {
ip_cidr_range = var.producer["subnet_proxy"] ip_cidr_range = var.producer["subnet_proxy"]
name = "${local.prefix}proxy" name = "${var.prefix}-proxy"
region = var.region region = var.region
active = true active = true
} }
@ -86,7 +85,7 @@ module "vpc_producer" {
subnets_psc = [ subnets_psc = [
{ {
ip_cidr_range = var.producer["subnet_psc"] ip_cidr_range = var.producer["subnet_psc"]
name = "${local.prefix}psc" name = "${var.prefix}-psc"
region = var.region region = var.region
} }
] ]
@ -95,7 +94,7 @@ module "vpc_producer" {
module "psc_producer" { module "psc_producer" {
source = "./psc-producer" source = "./psc-producer"
project_id = local.project_id project_id = local.project_id
name = var.prefix name = "${var.prefix}-producer"
dest_ip_address = var.dest_ip_address dest_ip_address = var.dest_ip_address
dest_port = var.dest_port dest_port = var.dest_port
network = local.vpc_producer_id network = local.vpc_producer_id
@ -114,11 +113,11 @@ module "psc_producer" {
module "vpc_consumer" { module "vpc_consumer" {
source = "../../../modules/net-vpc" source = "../../../modules/net-vpc"
project_id = local.project_id project_id = local.project_id
name = "${local.prefix}consumer" name = "${var.prefix}-consumer"
subnets = [ subnets = [
{ {
ip_cidr_range = var.subnet_consumer ip_cidr_range = var.subnet_consumer
name = "${local.prefix}consumer" name = "${var.prefix}-consumer"
region = var.region region = var.region
secondary_ip_range = {} secondary_ip_range = {}
} }
@ -128,7 +127,7 @@ module "vpc_consumer" {
module "psc_consumer" { module "psc_consumer" {
source = "./psc-consumer" source = "./psc-consumer"
project_id = local.project_id project_id = local.project_id
name = "${local.prefix}consumer" name = "${var.prefix}-consumer"
region = var.region region = var.region
network = local.vpc_consumer_id network = local.vpc_consumer_id
subnet = local.vpc_consumer_main subnet = local.vpc_consumer_main

View File

@ -26,8 +26,12 @@ variable "dest_port" {
} }
variable "prefix" { variable "prefix" {
description = "Prefix to use for resource names." description = "Prefix used for resource names."
type = string type = string
validation {
condition = var.prefix != ""
error_message = "Prefix cannot be empty."
}
} }
variable "producer" { variable "producer" {

View File

@ -48,17 +48,17 @@ There's a minor glitch that can surface running `terraform destroy`, where the s
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L62) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L62) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [root_node](variables.tf#L90) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | | | [root_node](variables.tf#L94) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
| [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | <code>bool</code> | | <code>true</code> | | [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | <code>bool</code> | | <code>true</code> |
| [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gce &#61; &#34;10.0.16.0&#47;24&#34;&#10; gke &#61; &#34;10.0.32.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gce &#61; &#34;10.0.16.0&#47;24&#34;&#10; gke &#61; &#34;10.0.32.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gke-pods &#61; &#34;10.128.0.0&#47;18&#34;&#10; gke-services &#61; &#34;172.16.0.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gke-pods &#61; &#34;10.128.0.0&#47;18&#34;&#10; gke-services &#61; &#34;172.16.0.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [owners_host](variables.tf#L56) | Host project owners, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [owners_host](variables.tf#L56) | Host project owners, in IAM format. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [private_service_ranges](variables.tf#L67) | Private service IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; cluster-1 &#61; &#34;192.168.0.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [private_service_ranges](variables.tf#L71) | Private service IP CIDR ranges. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; cluster-1 &#61; &#34;192.168.0.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [project_services](variables.tf#L75) | Service APIs enabled by default in new projects. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;container.googleapis.com&#34;,&#10; &#34;stackdriver.googleapis.com&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> | | [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | <code>list&#40;string&#41;</code> | | <code title="&#91;&#10; &#34;container.googleapis.com&#34;,&#10; &#34;stackdriver.googleapis.com&#34;,&#10;&#93;">&#91;&#8230;&#93;</code> |
| [region](variables.tf#L84) | Region used. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L88) | Region used. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
## Outputs ## Outputs

Some files were not shown because too many files have changed in this diff Show More