Merge branch 'master' into wiktorn-e2e-setup-fixes
This commit is contained in:
commit
e36b4fcec8
|
@ -294,10 +294,10 @@ module "bigquery-dataset" {
|
|||
| [iam](variables.tf#L92) | IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L103) | Dataset labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L109) | Dataset location. | <code>string</code> | | <code>"EU"</code> |
|
||||
| [materialized_views](variables.tf#L115) | Materialized views definitions. | <code title="map(object({ query = string allow_non_incremental_definition = optional(bool) deletion_protection = optional(bool) description = optional(string, "Terraform managed.") enable_refresh = optional(bool) friendly_name = optional(string) labels = optional(map(string), {}) refresh_interval_ms = optional(bool) options = optional(object({ clustering = optional(list(string)) expiration_time = optional(number) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ type = string expiration_ms = optional(number) field = optional(string) require_partition_filter = optional(bool) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [materialized_views](variables.tf#L115) | Materialized views definitions. | <code title="map(object({ query = string allow_non_incremental_definition = optional(bool) deletion_protection = optional(bool) description = optional(string, "Terraform managed.") enable_refresh = optional(bool) friendly_name = optional(string) labels = optional(map(string), {}) refresh_interval_ms = optional(bool) require_partition_filter = optional(bool) options = optional(object({ clustering = optional(list(string)) expiration_time = optional(number) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ type = string expiration_ms = optional(number) field = optional(string) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [options](variables.tf#L148) | Dataset options. | <code title="object({ default_collation = optional(string) default_table_expiration_ms = optional(number) default_partition_expiration_ms = optional(number) delete_contents_on_destroy = optional(bool, false) is_case_insensitive = optional(bool) max_time_travel_hours = optional(number, 168) storage_billing_model = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [tables](variables.tf#L167) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map(object({ deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) schema = optional(string) options = optional(object({ clustering = optional(list(string)) encryption_key = optional(string) expiration_time = optional(number) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ type = string expiration_ms = optional(number) field = optional(string) require_partition_filter = optional(bool) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [views](variables.tf#L198) | View definitions. | <code title="map(object({ query = string deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) use_legacy_sql = optional(bool) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tables](variables.tf#L167) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map(object({ deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) require_partition_filter = optional(bool) schema = optional(string) external_data_configuration = optional(object({ autodetect = bool source_uris = list(string) avro_logical_types = optional(bool) compression = optional(string) connection_id = optional(string) file_set_spec_type = optional(string) ignore_unknown_values = optional(bool) metadata_cache_mode = optional(string) object_metadata = optional(string) json_options_encoding = optional(string) reference_file_schema_uri = optional(string) schema = optional(string) source_format = optional(string) max_bad_records = optional(number) csv_options = optional(object({ quote = string allow_jagged_rows = optional(bool) allow_quoted_newlines = optional(bool) encoding = optional(string) field_delimiter = optional(string) skip_leading_rows = optional(number) })) google_sheets_options = optional(object({ range = optional(string) skip_leading_rows = optional(number) })) hive_partitioning_options = optional(object({ mode = optional(string) require_partition_filter = optional(bool) source_uri_prefix = optional(string) })) parquet_options = optional(object({ enum_as_string = optional(bool) enable_list_inference = optional(bool) })) })) options = optional(object({ clustering = optional(list(string)) encryption_key = optional(string) expiration_time = optional(number) max_staleness = optional(string) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ type = string expiration_ms = optional(number) field = optional(string) })) })) table_constraints = optional(object({ primary_key_columns = optional(list(string)) foreign_keys = optional(object({ referenced_table = object({ project_id = string dataset_id = string table_id = string }) column_references = object({ referencing_column = string referenced_column = string }) name = optional(string) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [views](variables.tf#L252) | View definitions. | <code title="map(object({ query = string deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) use_legacy_sql = optional(bool) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -209,18 +209,20 @@ resource "google_bigquery_dataset_iam_binding" "bindings" {
|
|||
}
|
||||
|
||||
resource "google_bigquery_table" "default" {
|
||||
provider = google-beta
|
||||
for_each = var.tables
|
||||
project = var.project_id
|
||||
dataset_id = google_bigquery_dataset.default.dataset_id
|
||||
table_id = each.key
|
||||
friendly_name = each.value.friendly_name
|
||||
description = each.value.description
|
||||
clustering = each.value.options.clustering
|
||||
expiration_time = each.value.options.expiration_time
|
||||
labels = each.value.labels
|
||||
schema = each.value.schema
|
||||
deletion_protection = each.value.deletion_protection
|
||||
provider = google-beta
|
||||
for_each = var.tables
|
||||
project = var.project_id
|
||||
dataset_id = google_bigquery_dataset.default.dataset_id
|
||||
table_id = each.key
|
||||
friendly_name = each.value.friendly_name
|
||||
description = each.value.description
|
||||
clustering = each.value.options.clustering
|
||||
expiration_time = each.value.options.expiration_time
|
||||
labels = each.value.labels
|
||||
max_staleness = each.value.options.max_staleness
|
||||
schema = each.value.schema
|
||||
deletion_protection = each.value.deletion_protection
|
||||
require_partition_filter = each.value.require_partition_filter
|
||||
|
||||
dynamic "encryption_configuration" {
|
||||
for_each = each.value.options.encryption_key != null ? [""] : []
|
||||
|
@ -229,6 +231,97 @@ resource "google_bigquery_table" "default" {
|
|||
}
|
||||
}
|
||||
|
||||
dynamic "external_data_configuration" {
|
||||
for_each = each.value.external_data_configuration != null ? [""] : []
|
||||
content {
|
||||
autodetect = each.value.external_data_configuration.autodetect
|
||||
compression = each.value.external_data_configuration.compression
|
||||
connection_id = each.value.external_data_configuration.connection_id
|
||||
file_set_spec_type = each.value.external_data_configuration.file_set_spec_type
|
||||
ignore_unknown_values = each.value.external_data_configuration.ignore_unknown_values
|
||||
max_bad_records = each.value.external_data_configuration.max_bad_records
|
||||
metadata_cache_mode = each.value.external_data_configuration.metadata_cache_mode
|
||||
object_metadata = each.value.external_data_configuration.object_metadata
|
||||
reference_file_schema_uri = each.value.external_data_configuration.reference_file_schema_uri
|
||||
schema = each.value.external_data_configuration.schema
|
||||
source_format = each.value.external_data_configuration.source_format
|
||||
source_uris = each.value.external_data_configuration.source_uris
|
||||
|
||||
dynamic "avro_options" {
|
||||
for_each = each.value.external_data_configuration.avro_logical_types != null ? [""] : []
|
||||
content {
|
||||
use_avro_logical_types = each.value.external_data_configuration.avro_logical_types
|
||||
}
|
||||
}
|
||||
dynamic "csv_options" {
|
||||
for_each = each.value.external_data_configuration.csv_options != null ? [""] : []
|
||||
content {
|
||||
quote = each.value.external_data_configuration.csv_options.quote
|
||||
allow_jagged_rows = each.value.external_data_configuration.csv_options.allow_jagged_rows
|
||||
allow_quoted_newlines = each.value.external_data_configuration.csv_options.allow_quoted_newlines
|
||||
encoding = each.value.external_data_configuration.csv_options.encoding
|
||||
field_delimiter = each.value.external_data_configuration.csv_options.field_delimiter
|
||||
skip_leading_rows = each.value.external_data_configuration.csv_options.skip_leading_rows
|
||||
}
|
||||
}
|
||||
dynamic "json_options" {
|
||||
for_each = each.value.external_data_configuration.json_options_encoding != null ? [""] : []
|
||||
content {
|
||||
encoding = each.value.external_data_configuration.json_options_encoding
|
||||
}
|
||||
}
|
||||
dynamic "google_sheets_options" {
|
||||
for_each = each.value.external_data_configuration.google_sheets_options != null ? [""] : []
|
||||
content {
|
||||
range = each.value.external_data_configuration.google_sheets_options.range
|
||||
skip_leading_rows = each.value.external_data_configuration.google_sheets_options.skip_leading_rows
|
||||
}
|
||||
}
|
||||
dynamic "hive_partitioning_options" {
|
||||
for_each = each.value.external_data_configuration.hive_partitioning_options != null ? [""] : []
|
||||
content {
|
||||
mode = each.value.external_data_configuration.hive_partitioning_options.mode
|
||||
require_partition_filter = each.value.external_data_configuration.hive_partitioning_options.require_partition_filter
|
||||
source_uri_prefix = each.value.external_data_configuration.hive_partitioning_options.source_uri_prefix
|
||||
}
|
||||
}
|
||||
dynamic "parquet_options" {
|
||||
for_each = each.value.external_data_configuration.parquet_options != null ? [""] : []
|
||||
content {
|
||||
enum_as_string = each.value.external_data_configuration.parquet_options.enum_as_string
|
||||
enable_list_inference = each.value.external_data_configuration.parquet_options.enable_list_inference
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "table_constraints" {
|
||||
for_each = each.value.table_constraints != null ? [""] : []
|
||||
content {
|
||||
dynamic "primary_key" {
|
||||
for_each = each.value.table_constraints.primary_key_columns != null ? [""] : []
|
||||
content {
|
||||
columns = each.value.table_constraints.primary_key_columns
|
||||
}
|
||||
}
|
||||
dynamic "foreign_keys" {
|
||||
for_each = each.value.table_constraints.foreign_keys != null ? [""] : []
|
||||
content {
|
||||
name = each.value.table_constraints.foreign_keys.name
|
||||
referenced_table {
|
||||
project_id = each.value.table_constraints.foreign_keys.referenced_table.project_id
|
||||
dataset_id = each.value.table_constraints.foreign_keys.referenced_table.dataset_id
|
||||
table_id = each.value.table_constraints.foreign_keys.referenced_table.table_id
|
||||
}
|
||||
column_references {
|
||||
referencing_column = each.value.table_constraints.foreign_keys.column_references.referencing_column
|
||||
referenced_column = each.value.table_constraints.foreign_keys.column_references.referenced_column
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "range_partitioning" {
|
||||
for_each = try(each.value.partitioning.range, null) != null ? [""] : []
|
||||
content {
|
||||
|
@ -244,10 +337,9 @@ resource "google_bigquery_table" "default" {
|
|||
dynamic "time_partitioning" {
|
||||
for_each = try(each.value.partitioning.time, null) != null ? [""] : []
|
||||
content {
|
||||
expiration_ms = each.value.partitioning.time.expiration_ms
|
||||
field = each.value.partitioning.time.field
|
||||
type = each.value.partitioning.time.type
|
||||
require_partition_filter = each.value.partitioning.time.require_partition_filter
|
||||
expiration_ms = each.value.partitioning.time.expiration_ms
|
||||
field = each.value.partitioning.time.field
|
||||
type = each.value.partitioning.time.type
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -270,17 +362,18 @@ resource "google_bigquery_table" "views" {
|
|||
}
|
||||
|
||||
resource "google_bigquery_table" "materialized_view" {
|
||||
depends_on = [google_bigquery_table.default]
|
||||
for_each = var.materialized_views
|
||||
project = var.project_id
|
||||
dataset_id = google_bigquery_dataset.default.dataset_id
|
||||
table_id = each.key
|
||||
friendly_name = each.value.friendly_name
|
||||
description = each.value.description
|
||||
labels = each.value.labels
|
||||
clustering = each.value.options.clustering
|
||||
expiration_time = each.value.options.expiration_time
|
||||
deletion_protection = each.value.deletion_protection
|
||||
depends_on = [google_bigquery_table.default]
|
||||
for_each = var.materialized_views
|
||||
project = var.project_id
|
||||
dataset_id = google_bigquery_dataset.default.dataset_id
|
||||
table_id = each.key
|
||||
friendly_name = each.value.friendly_name
|
||||
description = each.value.description
|
||||
labels = each.value.labels
|
||||
clustering = each.value.options.clustering
|
||||
expiration_time = each.value.options.expiration_time
|
||||
deletion_protection = each.value.deletion_protection
|
||||
require_partition_filter = each.value.require_partition_filter
|
||||
|
||||
dynamic "range_partitioning" {
|
||||
for_each = try(each.value.partitioning.range, null) != null ? [""] : []
|
||||
|
@ -297,10 +390,9 @@ resource "google_bigquery_table" "materialized_view" {
|
|||
dynamic "time_partitioning" {
|
||||
for_each = try(each.value.partitioning.time, null) != null ? [""] : []
|
||||
content {
|
||||
expiration_ms = each.value.partitioning.time.expiration_ms
|
||||
field = each.value.partitioning.time.field
|
||||
type = each.value.partitioning.time.type
|
||||
require_partition_filter = each.value.partitioning.time.require_partition_filter
|
||||
expiration_ms = each.value.partitioning.time.expiration_ms
|
||||
field = each.value.partitioning.time.field
|
||||
type = each.value.partitioning.time.type
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -123,6 +123,7 @@ variable "materialized_views" {
|
|||
friendly_name = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
refresh_interval_ms = optional(bool)
|
||||
require_partition_filter = optional(bool)
|
||||
options = optional(object({
|
||||
clustering = optional(list(string))
|
||||
expiration_time = optional(number)
|
||||
|
@ -135,10 +136,9 @@ variable "materialized_views" {
|
|||
start = number
|
||||
}))
|
||||
time = optional(object({
|
||||
type = string
|
||||
expiration_ms = optional(number)
|
||||
field = optional(string)
|
||||
require_partition_filter = optional(bool)
|
||||
type = string
|
||||
expiration_ms = optional(number)
|
||||
field = optional(string)
|
||||
}))
|
||||
}))
|
||||
}))
|
||||
|
@ -167,15 +167,55 @@ variable "project_id" {
|
|||
variable "tables" {
|
||||
description = "Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null."
|
||||
type = map(object({
|
||||
deletion_protection = optional(bool)
|
||||
description = optional(string, "Terraform managed.")
|
||||
friendly_name = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
schema = optional(string)
|
||||
deletion_protection = optional(bool)
|
||||
description = optional(string, "Terraform managed.")
|
||||
friendly_name = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
require_partition_filter = optional(bool)
|
||||
schema = optional(string)
|
||||
external_data_configuration = optional(object({
|
||||
autodetect = bool
|
||||
source_uris = list(string)
|
||||
avro_logical_types = optional(bool)
|
||||
compression = optional(string)
|
||||
connection_id = optional(string)
|
||||
file_set_spec_type = optional(string)
|
||||
ignore_unknown_values = optional(bool)
|
||||
metadata_cache_mode = optional(string)
|
||||
object_metadata = optional(string)
|
||||
json_options_encoding = optional(string)
|
||||
reference_file_schema_uri = optional(string)
|
||||
schema = optional(string)
|
||||
source_format = optional(string)
|
||||
max_bad_records = optional(number)
|
||||
csv_options = optional(object({
|
||||
quote = string
|
||||
allow_jagged_rows = optional(bool)
|
||||
allow_quoted_newlines = optional(bool)
|
||||
encoding = optional(string)
|
||||
field_delimiter = optional(string)
|
||||
skip_leading_rows = optional(number)
|
||||
}))
|
||||
google_sheets_options = optional(object({
|
||||
range = optional(string)
|
||||
skip_leading_rows = optional(number)
|
||||
}))
|
||||
hive_partitioning_options = optional(object({
|
||||
mode = optional(string)
|
||||
require_partition_filter = optional(bool)
|
||||
source_uri_prefix = optional(string)
|
||||
}))
|
||||
parquet_options = optional(object({
|
||||
enum_as_string = optional(bool)
|
||||
enable_list_inference = optional(bool)
|
||||
}))
|
||||
|
||||
}))
|
||||
options = optional(object({
|
||||
clustering = optional(list(string))
|
||||
encryption_key = optional(string)
|
||||
expiration_time = optional(number)
|
||||
max_staleness = optional(string)
|
||||
}), {})
|
||||
partitioning = optional(object({
|
||||
field = optional(string)
|
||||
|
@ -185,10 +225,24 @@ variable "tables" {
|
|||
start = number
|
||||
}))
|
||||
time = optional(object({
|
||||
type = string
|
||||
expiration_ms = optional(number)
|
||||
field = optional(string)
|
||||
require_partition_filter = optional(bool)
|
||||
type = string
|
||||
expiration_ms = optional(number)
|
||||
field = optional(string)
|
||||
}))
|
||||
}))
|
||||
table_constraints = optional(object({
|
||||
primary_key_columns = optional(list(string))
|
||||
foreign_keys = optional(object({
|
||||
referenced_table = object({
|
||||
project_id = string
|
||||
dataset_id = string
|
||||
table_id = string
|
||||
})
|
||||
column_references = object({
|
||||
referencing_column = string
|
||||
referenced_column = string
|
||||
})
|
||||
name = optional(string)
|
||||
}))
|
||||
}))
|
||||
}))
|
||||
|
|
|
@ -29,7 +29,7 @@ This module allows creation and management of VPC networks including subnetworks
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
{
|
||||
|
@ -48,7 +48,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=simple.yaml
|
||||
# tftest modules=1 resources=5 inventory=simple.yaml e2e
|
||||
```
|
||||
|
||||
### Subnet Options
|
||||
|
@ -56,7 +56,7 @@ module "vpc" {
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
# simple subnet
|
||||
|
@ -95,7 +95,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=7 inventory=subnet-options.yaml
|
||||
# tftest modules=1 resources=7 inventory=subnet-options.yaml e2e
|
||||
```
|
||||
|
||||
### Subnet IAM
|
||||
|
@ -105,7 +105,7 @@ Subnet IAM variables follow our general interface, with extra keys/members for t
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
{
|
||||
|
@ -114,12 +114,12 @@ module "vpc" {
|
|||
ip_cidr_range = "10.0.1.0/24"
|
||||
iam = {
|
||||
"roles/compute.networkUser" = [
|
||||
"user:user1@example.com", "group:group1@example.com"
|
||||
"group:${var.group_email}"
|
||||
]
|
||||
}
|
||||
iam_bindings = {
|
||||
subnet-1-iam = {
|
||||
members = ["group:group2@example.com"]
|
||||
members = ["group:${var.group_email}"]
|
||||
role = "roles/compute.networkUser"
|
||||
condition = {
|
||||
expression = "resource.matchTag('123456789012/env', 'prod')"
|
||||
|
@ -131,10 +131,10 @@ module "vpc" {
|
|||
{
|
||||
name = "subnet-2"
|
||||
region = "europe-west1"
|
||||
ip_cidr_range = "10.0.1.0/24"
|
||||
ip_cidr_range = "10.0.2.0/24"
|
||||
iam_bindings_additive = {
|
||||
subnet-2-iam = {
|
||||
member = "user:am1@example.com"
|
||||
member = "group:${var.group_email}"
|
||||
role = "roles/compute.networkUser"
|
||||
subnet = "europe-west1/subnet-2"
|
||||
}
|
||||
|
@ -142,7 +142,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=8 inventory=subnet-iam.yaml
|
||||
# tftest modules=1 resources=8 inventory=subnet-iam.yaml e2e
|
||||
```
|
||||
|
||||
### Peering
|
||||
|
@ -154,7 +154,7 @@ If you only want to create the "local" side of the peering, use `peering_create_
|
|||
```hcl
|
||||
module "vpc-hub" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "hub"
|
||||
project_id = var.project_id
|
||||
name = "vpc-hub"
|
||||
subnets = [{
|
||||
ip_cidr_range = "10.0.0.0/24"
|
||||
|
@ -165,7 +165,7 @@ module "vpc-hub" {
|
|||
|
||||
module "vpc-spoke-1" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "spoke1"
|
||||
project_id = var.project_id
|
||||
name = "vpc-spoke1"
|
||||
subnets = [{
|
||||
ip_cidr_range = "10.0.1.0/24"
|
||||
|
@ -185,20 +185,24 @@ module "vpc-spoke-1" {
|
|||
[Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) is a project-level functionality which enables a project to share its VPCs with other projects. The `shared_vpc_host` variable is here to help with rapid prototyping, we recommend leveraging the project module for production usage.
|
||||
|
||||
```hcl
|
||||
locals {
|
||||
service_project_1 = {
|
||||
project_id = "project1"
|
||||
gke_service_account = "serviceAccount:gke"
|
||||
cloud_services_service_account = "serviceAccount:cloudsvc"
|
||||
}
|
||||
service_project_2 = {
|
||||
project_id = "project2"
|
||||
}
|
||||
|
||||
module "service-project" {
|
||||
source = "./fabric/modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
name = "prj1"
|
||||
prefix = var.prefix
|
||||
parent = var.folder_id
|
||||
services = [
|
||||
"cloudresourcemanager.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"iam.googleapis.com",
|
||||
"serviceusage.googleapis.com"
|
||||
]
|
||||
}
|
||||
|
||||
module "vpc-host" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-host-network"
|
||||
subnets = [
|
||||
{
|
||||
|
@ -211,22 +215,20 @@ module "vpc-host" {
|
|||
}
|
||||
iam = {
|
||||
"roles/compute.networkUser" = [
|
||||
local.service_project_1.cloud_services_service_account,
|
||||
local.service_project_1.gke_service_account
|
||||
"serviceAccount:${var.service_account.email}"
|
||||
]
|
||||
"roles/compute.securityAdmin" = [
|
||||
local.service_project_1.gke_service_account
|
||||
"serviceAccount:${var.service_account.email}"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
shared_vpc_host = true
|
||||
shared_vpc_service_projects = [
|
||||
local.service_project_1.project_id,
|
||||
local.service_project_2.project_id
|
||||
module.service-project.project_id
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=9 inventory=shared-vpc.yaml
|
||||
# tftest modules=2 resources=13 inventory=shared-vpc.yaml e2e
|
||||
```
|
||||
|
||||
### Private Service Networking
|
||||
|
@ -234,7 +236,7 @@ module "vpc-host" {
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
{
|
||||
|
@ -247,7 +249,7 @@ module "vpc" {
|
|||
ranges = { myrange = "10.0.1.0/24" }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=7 inventory=psa.yaml
|
||||
# tftest modules=1 resources=7 inventory=psa.yaml e2e
|
||||
```
|
||||
|
||||
### Private Service Networking with peering routes and peered Cloud DNS domains
|
||||
|
@ -257,7 +259,7 @@ Custom routes can be optionally exported/imported through the peering formed wit
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
subnets = [
|
||||
{
|
||||
|
@ -273,7 +275,7 @@ module "vpc" {
|
|||
peered_domains = ["gcp.example.com."]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=8 inventory=psa-routes.yaml
|
||||
# tftest modules=1 resources=8 inventory=psa-routes.yaml e2e
|
||||
```
|
||||
|
||||
### Subnets for Private Service Connect, Proxy-only subnets
|
||||
|
@ -286,7 +288,7 @@ Along with common private subnets module supports creation more service specific
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
|
||||
subnets_proxy_only = [
|
||||
|
@ -312,7 +314,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
|
||||
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml e2e
|
||||
```
|
||||
|
||||
### DNS Policies
|
||||
|
@ -320,7 +322,7 @@ module "vpc" {
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
dns_policy = {
|
||||
inbound = true
|
||||
|
@ -337,7 +339,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=dns-policies.yaml
|
||||
# tftest modules=1 resources=5 inventory=dns-policies.yaml e2e
|
||||
```
|
||||
|
||||
### Subnet Factory
|
||||
|
@ -347,7 +349,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../b
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
factories_config = {
|
||||
subnets_folder = "config/subnets"
|
||||
|
@ -430,7 +432,7 @@ locals {
|
|||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
for_each = local.route_types
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network-with-route-${replace(each.key, "_", "-")}"
|
||||
routes = {
|
||||
next-hop = {
|
||||
|
@ -460,7 +462,7 @@ By default the VPC module creates IPv4 routes for the [Private Google Access ran
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-vpc"
|
||||
create_googleapis_routes = {
|
||||
restricted = false
|
||||
|
@ -469,7 +471,7 @@ module "vpc" {
|
|||
private-6 = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=googleapis.yaml
|
||||
# tftest modules=1 resources=3 inventory=googleapis.yaml e2e
|
||||
```
|
||||
|
||||
### Allow Firewall Policy to be evaluated before Firewall Rules
|
||||
|
@ -477,7 +479,7 @@ module "vpc" {
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL"
|
||||
subnets = [
|
||||
|
@ -497,7 +499,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
|
||||
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml e2e
|
||||
```
|
||||
|
||||
### IPv6
|
||||
|
@ -507,12 +509,12 @@ A non-overlapping private IPv6 address space can be configured for the VPC via t
|
|||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
ipv6_config = {
|
||||
# internal_range is optional
|
||||
enable_ula_internal = true
|
||||
internal_range = "fd20:6b2:27e5:0:0:0:0:0/48"
|
||||
# internal_range = "fd20:6b2:27e5::/48"
|
||||
}
|
||||
subnets = [
|
||||
{
|
||||
|
@ -531,7 +533,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=ipv6.yaml
|
||||
# tftest modules=1 resources=5 inventory=ipv6.yaml e2e
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
|
|
@ -19,9 +19,9 @@
|
|||
locals {
|
||||
_googleapis_ranges = {
|
||||
private = "199.36.153.8/30"
|
||||
private-6 = "2600:2d00:0002:2000::/64"
|
||||
private-6 = "2600:2d00:2:2000::/64"
|
||||
restricted = "199.36.153.4/30"
|
||||
restricted-6 = "2600:2d00:0002:1000::/64"
|
||||
restricted-6 = "2600:2d00:2:1000::/64"
|
||||
}
|
||||
_googleapis_routes = {
|
||||
for k, v in local._googleapis_ranges : "${k}-googleapis" => {
|
||||
|
|
|
@ -26,10 +26,12 @@ locals {
|
|||
"cloudkms.googleapis.com",
|
||||
"cloudresourcemanager.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
"eventarc.googleapis.com",
|
||||
"iam.googleapis.com",
|
||||
"run.googleapis.com",
|
||||
"secretmanager.googleapis.com",
|
||||
"servicenetworking.googleapis.com",
|
||||
"serviceusage.googleapis.com",
|
||||
"stackdriver.googleapis.com",
|
||||
"storage-component.googleapis.com",
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
|
||||
module.vpc.google_dns_policy.default[0]:
|
||||
alternative_name_server_config:
|
||||
|
@ -30,9 +30,9 @@ values:
|
|||
name: my-network
|
||||
networks:
|
||||
- {}
|
||||
project: my-project
|
||||
project: project-id
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_dns_policy: 1
|
||||
google_dns_policy: 1
|
|
@ -20,7 +20,7 @@ values:
|
|||
enable_ula_internal_ipv6: null
|
||||
name: my-network
|
||||
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["private-googleapis"]:
|
||||
|
@ -32,7 +32,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
|
||||
|
@ -44,7 +44,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
|
||||
|
@ -53,7 +53,7 @@ values:
|
|||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: subnet-proxy
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: REGIONAL_MANAGED_PROXY
|
||||
region: europe-west4
|
||||
role: ACTIVE
|
||||
|
@ -64,7 +64,7 @@ values:
|
|||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: subnet-proxy-global
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
region: australia-southeast2
|
||||
role: ACTIVE
|
||||
|
@ -75,7 +75,7 @@ values:
|
|||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: subnet-psc
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: PRIVATE_SERVICE_CONNECT
|
||||
region: europe-west4
|
||||
role: null
|
||||
|
@ -92,7 +92,7 @@ values:
|
|||
metadata_fields: null
|
||||
name: subnet-detailed
|
||||
private_ip_google_access: false
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
|
@ -106,7 +106,7 @@ values:
|
|||
log_config: []
|
||||
name: simple
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -118,7 +118,7 @@ values:
|
|||
log_config: []
|
||||
name: simple
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west8
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -129,7 +129,7 @@ values:
|
|||
- group:lorem@example.com
|
||||
- serviceAccount:fbz@prj.iam.gserviceaccount.com
|
||||
- user:foobar@example.com
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-detailed
|
||||
|
@ -142,4 +142,4 @@ counts:
|
|||
modules: 1
|
||||
resources: 10
|
||||
|
||||
outputs: {}
|
||||
outputs: {}
|
|
@ -18,7 +18,7 @@ values:
|
|||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
network_firewall_policy_enforcement_order: BEFORE_CLASSIC_FIREWALL
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
|
@ -27,7 +27,7 @@ values:
|
|||
log_config: []
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
|
@ -41,11 +41,11 @@ values:
|
|||
log_config: []
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west2
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
||||
google_compute_subnetwork: 2
|
|
@ -13,27 +13,30 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-vpc
|
||||
project: project-id
|
||||
module.vpc.google_compute_route.gateway["private-6-googleapis"]:
|
||||
dest_range: 2600:2d00:0002:2000::/64
|
||||
dest_range: 2600:2d00:2:2000::/64
|
||||
name: my-vpc-private-6-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
module.vpc.google_compute_route.gateway["restricted-6-googleapis"]:
|
||||
dest_range: 2600:2d00:0002:1000::/64
|
||||
dest_range: 2600:2d00:2:1000::/64
|
||||
name: my-vpc-restricted-6-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_route: 2
|
||||
google_compute_route: 2
|
|
@ -18,10 +18,10 @@ values:
|
|||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
enable_ula_internal_ipv6: true
|
||||
internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
|
||||
# internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
|
||||
name: my-network
|
||||
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["private-googleapis"]:
|
||||
|
@ -33,7 +33,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
|
||||
|
@ -45,7 +45,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test"]:
|
||||
|
@ -55,7 +55,7 @@ values:
|
|||
log_config: []
|
||||
name: test
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -68,7 +68,7 @@ values:
|
|||
log_config: []
|
||||
name: test
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west3
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -82,4 +82,4 @@ counts:
|
|||
modules: 1
|
||||
resources: 5
|
||||
|
||||
outputs: {}
|
||||
outputs: {}
|
|
@ -15,13 +15,13 @@
|
|||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: regional-proxy
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: REGIONAL_MANAGED_PROXY
|
||||
region: europe-west1
|
||||
role: ACTIVE
|
||||
|
@ -30,7 +30,7 @@ values:
|
|||
ip_cidr_range: 10.0.4.0/24
|
||||
log_config: []
|
||||
name: global-proxy
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
region: australia-southeast2
|
||||
role: ACTIVE
|
||||
|
@ -39,11 +39,11 @@ values:
|
|||
ip_cidr_range: 10.0.3.0/24
|
||||
log_config: []
|
||||
name: psc
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: PRIVATE_SERVICE_CONNECT
|
||||
region: europe-west1
|
||||
role: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 3
|
||||
google_compute_subnetwork: 3
|
|
@ -18,21 +18,21 @@ values:
|
|||
address_type: INTERNAL
|
||||
name: myrange
|
||||
prefix_length: 24
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: VPC_PEERING
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
|
||||
export_custom_routes: true
|
||||
import_custom_routes: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_service_networking_connection.psa_connection[0]:
|
||||
|
@ -42,7 +42,7 @@ values:
|
|||
module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]:
|
||||
dns_suffix: gcp.example.com.
|
||||
name: gcp-example-com
|
||||
project: my-project
|
||||
project: project-id
|
||||
service: servicenetworking.googleapis.com
|
||||
|
||||
counts:
|
||||
|
@ -51,4 +51,4 @@ counts:
|
|||
google_compute_network_peering_routes_config: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_service_networking_connection: 1
|
||||
google_service_networking_peered_dns_domain: 1
|
||||
google_service_networking_peered_dns_domain: 1
|
|
@ -18,19 +18,19 @@ values:
|
|||
address_type: INTERNAL
|
||||
name: myrange
|
||||
prefix_length: 24
|
||||
project: my-project
|
||||
project: project-id
|
||||
purpose: VPC_PEERING
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
|
||||
export_custom_routes: false
|
||||
import_custom_routes: false
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
ip_cidr_range: 10.0.0.0/24
|
||||
name: production
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_service_networking_connection.psa_connection[0]:
|
||||
reserved_peering_ranges:
|
||||
- myrange
|
||||
|
@ -43,4 +43,4 @@ counts:
|
|||
google_compute_subnetwork: 1
|
||||
google_service_networking_connection: 1
|
||||
|
||||
outputs: {}
|
||||
outputs: {}
|
|
@ -15,7 +15,7 @@
|
|||
values:
|
||||
module.vpc["gateway"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-gateway
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
|
||||
description: Terraform-managed.
|
||||
|
@ -26,7 +26,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
|
||||
|
@ -38,11 +38,11 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
module.vpc["ilb"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-ilb
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
|
||||
description: Terraform-managed.
|
||||
|
@ -53,7 +53,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
|
||||
|
@ -65,11 +65,11 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
module.vpc["instance"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-instance
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["instance"].google_compute_route.gateway["gateway"]:
|
||||
description: Terraform-managed.
|
||||
|
@ -80,7 +80,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["instance"].google_compute_route.instance["next-hop"]:
|
||||
|
@ -93,11 +93,11 @@ values:
|
|||
next_hop_instance_zone: europe-west1-b
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
module.vpc["ip"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-ip
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["ip"].google_compute_route.gateway["gateway"]:
|
||||
description: Terraform-managed.
|
||||
|
@ -108,7 +108,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["ip"].google_compute_route.ip["next-hop"]:
|
||||
|
@ -121,11 +121,11 @@ values:
|
|||
next_hop_ip: 192.168.0.128
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
module.vpc["vpn_tunnel"].google_compute_network.network[0]:
|
||||
name: my-network-with-route-vpn-tunnel
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
|
||||
description: Terraform-managed.
|
||||
|
@ -136,7 +136,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 100
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags:
|
||||
- tag-a
|
||||
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
|
||||
|
@ -148,9 +148,9 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 5
|
||||
google_compute_route: 10
|
||||
google_compute_route: 10
|
|
@ -15,15 +15,14 @@
|
|||
values:
|
||||
module.vpc-host.google_compute_network.network[0]:
|
||||
name: my-host-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
|
||||
project: my-project
|
||||
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
|
||||
host_project: my-project
|
||||
service_project: project1
|
||||
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
|
||||
host_project: my-project
|
||||
service_project: project2
|
||||
project: project-id
|
||||
module.service-project.google_project.project[0]:
|
||||
project_id: test-prj1
|
||||
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["test-prj1"]:
|
||||
host_project: project-id
|
||||
service_project: test-prj1
|
||||
module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
|
||||
secondary_ip_range:
|
||||
- ip_cidr_range: 172.16.0.0/20
|
||||
|
@ -33,24 +32,26 @@ values:
|
|||
module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:cloudsvc
|
||||
- serviceAccount:gke
|
||||
project: my-project
|
||||
- serviceAccount:service_account_email
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-1
|
||||
module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:gke
|
||||
project: my-project
|
||||
- serviceAccount:service_account_email
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: roles/compute.securityAdmin
|
||||
subnetwork: subnet-1
|
||||
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_route: 2
|
||||
google_compute_shared_vpc_host_project: 1
|
||||
google_compute_shared_vpc_service_project: 2
|
||||
google_compute_shared_vpc_service_project: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_compute_subnetwork_iam_binding: 2
|
||||
modules: 2
|
|
@ -18,7 +18,7 @@ values:
|
|||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
|
||||
description: Terraform-managed.
|
||||
|
@ -26,7 +26,7 @@ values:
|
|||
log_config: []
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
|
@ -40,7 +40,7 @@ values:
|
|||
log_config: []
|
||||
name: production
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west2
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -52,7 +52,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
|
||||
|
@ -64,11 +64,11 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
||||
google_compute_route: 2
|
||||
google_compute_route: 2
|
|
@ -20,7 +20,7 @@ values:
|
|||
enable_ula_internal_ipv6: null
|
||||
name: my-network
|
||||
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
||||
project: my-project
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["private-googleapis"]:
|
||||
|
@ -32,7 +32,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
|
||||
|
@ -44,7 +44,7 @@ values:
|
|||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
|
||||
|
@ -54,19 +54,19 @@ values:
|
|||
log_config: []
|
||||
name: subnet-1
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
|
||||
description: Terraform-managed.
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
ip_cidr_range: 10.0.2.0/24
|
||||
ipv6_access_type: null
|
||||
log_config: []
|
||||
name: subnet-2
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -74,9 +74,8 @@ values:
|
|||
module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:group1@example.com
|
||||
- user:user1@example.com
|
||||
project: my-project
|
||||
- group:organization-admins@example.org
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-1
|
||||
|
@ -86,15 +85,15 @@ values:
|
|||
expression: resource.matchTag('123456789012/env', 'prod')
|
||||
title: test_condition
|
||||
members:
|
||||
- group:group2@example.com
|
||||
project: my-project
|
||||
- group:organization-admins@example.org
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-1
|
||||
module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]:
|
||||
condition: []
|
||||
member: user:am1@example.com
|
||||
project: my-project
|
||||
member: group:organization-admins@example.org
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: roles/compute.networkUser
|
||||
subnetwork: subnet-2
|
||||
|
@ -108,4 +107,4 @@ counts:
|
|||
modules: 1
|
||||
resources: 8
|
||||
|
||||
outputs: {}
|
||||
outputs: {}
|
|
@ -15,14 +15,14 @@
|
|||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
project: project-id
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
|
||||
description: Subnet b
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
log_config: []
|
||||
name: no-pga
|
||||
private_ip_google_access: false
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
|
||||
|
@ -31,7 +31,7 @@ values:
|
|||
log_config: []
|
||||
name: simple
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
|
||||
|
@ -46,7 +46,7 @@ values:
|
|||
metadata_fields: null
|
||||
name: with-flow-logs
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
|
@ -56,7 +56,7 @@ values:
|
|||
log_config: []
|
||||
name: with-secondary-ranges
|
||||
private_ip_google_access: true
|
||||
project: my-project
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
secondary_ip_range:
|
||||
|
@ -67,4 +67,4 @@ values:
|
|||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 4
|
||||
google_compute_subnetwork: 4
|
Loading…
Reference in New Issue