zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor compute-vm for Terraform 1.3 (#860) 

* refactor compute-vm for Terraform 1.3

* bump Terraform version in CI tests config

* fix optional null handling (ht jccb)

* tfdoc

* update blueprints

* align fast

* align README examples
This commit is contained in:
Ludovico Magnocavallo 2022-10-07 10:53:53 +02:00 committed by GitHub
parent 8c88517199
commit e66340c4db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 104 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/tests.yml vendored
View File

@ -30,7 +30,7 @@ env:
PYTEST_ADDOPTS: "--color=yes"
PYTHON_VERSION: "3.10"
TF_PLUGIN_CACHE_DIR: "/home/runner/.terraform.d/plugin-cache"
TF_VERSION: 1.3.0
TF_VERSION: 1.3.2
jobs:
doc-examples:

2
blueprints/cloud-operations/adfs/main.tf
View File

@ -69,8 +69,6 @@ module "server" {
network_interfaces = [{
network = var.network_config == null ? module.vpc[0].self_link : var.network_config.network
subnetwork = var.network_config == null ? module.vpc[0].subnet_self_links["${var.region}/subnet"] : var.network_config.subnet
nat = false
addresses = null
}]
metadata = {
# Enables OpenSSH in the Windows instance

2
blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf
View File

@ -104,8 +104,6 @@ module "simple-vm-example" {
network_interfaces = [{
network = module.vpc.self_link
subnetwork = try(module.vpc.subnet_self_links["${var.region}/${var.name}-default"], "")
nat = false
addresses = null
}]
tags = ["${var.project_id}-test-feed", "shared-test-feed"]
}

11
blueprints/cloud-operations/glb_and_armor/main.tf
View File

@ -94,13 +94,9 @@ module "instance_template_ew1" {
network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["europe-west1/subnet-ew1"]
nat = false
addresses = null
}]
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-11"
type = "pd-ssd"
size = 10
}
metadata = {
startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh"
@ -119,13 +115,9 @@ module "instance_template_ue1" {
network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"]
nat = false
addresses = null
}]
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-11"
type = "pd-ssd"
size = 10
}
metadata = {
startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh"
@ -146,12 +138,9 @@ module "vm_siege" {
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["us-west1/subnet-uw1"]
nat = true
addresses = null
}]
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-11"
type = "pd-ssd"
size = 10
}
metadata = {
startup-script = <<EOT

4
blueprints/networking/filtering-proxy/main.tf
View File

@ -155,13 +155,9 @@ module "squid-vm" {
network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
nat = false
addresses = null
}]
boot_disk = {
image = "cos-cloud/cos-stable"
type = "pd-standard"
size = 10
}
service_account = module.service-account-squid.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]

4
blueprints/networking/ilb-next-hop/vms.tf
View File

@ -33,8 +33,6 @@ module "vm-left" {
{
network = module.vpc-left.self_link
subnetwork = values(module.vpc-left.subnet_self_links)[0]
nat = false
addresses = null
}
]
tags = ["ssh"]
@ -58,8 +56,6 @@ module "vm-right" {
{
network = module.vpc-right.self_link
subnetwork = values(module.vpc-right.subnet_self_links)[0]
nat = false
addresses = null
}
]
tags = ["ssh"]

67
blueprints/networking/nginx-reverse-proxy-cluster/main.tf
View File

@ -20,7 +20,7 @@ locals {
Description=Start monitoring agent container
After=gcr-online.target docker.socket
Wants=gcr-online.target docker.socket docker-events-collector.service
[Service]
Environment="HOME=/home/opsagent"
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
@ -35,7 +35,7 @@ locals {
logging:
service:
pipelines:
default_pipeline:
default_pipeline:
receivers: []
metrics:
receivers:
@ -227,42 +227,34 @@ module "service-account-proxy" {
}
module "cos-nginx" {
count = !var.tls ? 1 : 0
source = "../../../modules/cloud-config-container/nginx"
image = var.nginx_image
files = local.nginx_files
users = local.users
count = !var.tls ? 1 : 0
source = "../../../modules/cloud-config-container/nginx"
image = var.nginx_image
files = local.nginx_files
users = local.users
runcmd_pre = ["sed -i \"s/HOSTNAME/$${HOSTNAME}/\" /etc/nginx/conf.d/default.conf"]
runcmd_post = ["systemctl start monitoring-agent"]
}
module "cos-nginx-tls" {
count = var.tls ? 1 : 0
source = "../../../modules/cloud-config-container/nginx-tls"
count = var.tls ? 1 : 0
source = "../../../modules/cloud-config-container/nginx-tls"
nginx_image = var.nginx_image
files = local.nginx_files
users = local.users
runcmd_post = ["systemctl start monitoring-agent"]
}
module "mig-proxy" {
source = "../../../modules/compute-mig"
project_id = module.project.project_id
location = var.region
regional = true
name = format("%sproxy-cluster", var.prefix)
location = var.region
regional = true
name = format("%sproxy-cluster", var.prefix)
named_ports = {
http = "80"
https = "443"
}
autoscaler_config = var.autoscaling == null ? null : {
min_replicas = var.autoscaling.min_replicas
max_replicas = var.autoscaling.max_replicas
@ -271,7 +263,6 @@ module "mig-proxy" {
load_balancing_utilization_target = null
metric = var.autoscaling_metric
}
update_policy = {
type = "PROACTIVE"
minimal_action = "REPLACE"
@ -281,12 +272,10 @@ module "mig-proxy" {
max_unavailable_type = null
max_unavailable = null
}
default_version = {
instance_template = module.proxy-vm.template.self_link
name = "proxy-vm"
}
health_check_config = {
type = "http"
check = {
@ -308,45 +297,32 @@ module "mig-proxy" {
}
module "proxy-vm" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = format("%s-c", var.region)
name = "nginx-test-vm"
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = format("%s-c", var.region)
name = "nginx-test-vm"
instance_type = "e2-standard-2"
tags = ["proxy-cluster"]
tags = ["proxy-cluster"]
network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links[format("%s/%s", var.region, var.subnetwork)]
nat = false
addresses = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
create_template = true
metadata = {
user-data = !var.tls ? module.cos-nginx.0.cloud_config : module.cos-nginx-tls.0.cloud_config
}
service_account = module.service-account-proxy.email
service_account_create = false
}
module "xlb" {
source = "../../../modules/net-glb"
name = format("%sreverse-proxy-xlb", var.prefix)
project_id = module.project.project_id
source = "../../../modules/net-glb"
name = format("%sreverse-proxy-xlb", var.prefix)
project_id = module.project.project_id
reserve_ip_address = true
health_checks_config = {
format("%sreverse-proxy-hc", var.prefix) = {
type = "http"
@ -364,13 +340,11 @@ module "xlb" {
}
}
}
backend_services_config = {
format("%sreverse-proxy-backend", var.prefix) = {
bucket_config = null
enable_cdn = false
cdn_config = null
group_config = {
backends = [
{
@ -378,7 +352,6 @@ module "xlb" {
options = null
}
]
health_checks = [format("%sreverse-proxy-hc", var.prefix)]
log_config = null
options = {

6
blueprints/networking/onprem-google-access-dns/main.tf
View File

@ -237,8 +237,6 @@ module "vm-test1" {
network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
nat = false
addresses = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@ -312,8 +310,6 @@ module "vm-onprem" {
name = "onprem"
boot_disk = {
image = "ubuntu-os-cloud/ubuntu-1804-lts"
type = "pd-ssd"
size = 10
}
metadata = {
user-data = module.config-onprem.cloud_config
@ -321,8 +317,6 @@ module "vm-onprem" {
network_interfaces = [{
network = module.vpc.name
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
nat = true
addresses = null
}]
service_account = module.service-account-onprem.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]

4
blueprints/networking/private-cloud-function-from-onprem/main.tf
View File

@ -178,12 +178,8 @@ module "test-vm" {
instance_type = "e2-micro"
boot_disk = {
image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104"
type = "pd-balanced"
size = 10
}
network_interfaces = [{
addresses = null
nat = false
network = module.vpc-onprem.self_link
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${var.name}-onprem"]
}]

12
fast/stages/02-networking-nva/nva.tf
View File

@ -38,28 +38,20 @@ module "nva-template-ew1" {
{
network = module.landing-untrusted-vpc.self_link
subnetwork = module.landing-untrusted-vpc.subnet_self_links["europe-west1/landing-untrusted-default-ew1"]
nat = false
addresses = null
},
{
network = module.landing-trusted-vpc.self_link
subnetwork = module.landing-trusted-vpc.subnet_self_links["europe-west1/landing-trusted-default-ew1"]
nat = false
addresses = null
}
]
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-10"
type = "pd-balanced"
size = 10
}
create_template = true
instance_type = "f1-micro"
options = {
allow_stopping_for_update = true
deletion_protection = false
spot = true
termination_action = "STOP"
spot = true
termination_action = "STOP"
}
metadata = {
startup-script = templatefile(

56
fast/stages/02-networking-nva/test-resources.tf
View File

@ -26,20 +26,13 @@
# network_interfaces = [{
# network = module.landing-untrusted-vpc.self_link
# subnetwork = module.landing-untrusted-vpc.subnet_self_links["europe-west1/landing-untrusted-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew1", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -59,20 +52,13 @@
# network_interfaces = [{
# network = module.landing-untrusted-vpc.self_link
# subnetwork = module.landing-untrusted-vpc.subnet_self_links["europe-west4/landing-untrusted-default-ew4"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew4", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -94,22 +80,15 @@
# network_interfaces = [{
# network = module.landing-trusted-vpc.self_link
# subnetwork = module.landing-trusted-vpc.subnet_self_links["europe-west1/landing-trusted-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew1", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# termination_action = "STOP"
# }
# metadata = {
# startup-script = <<EOF
@ -127,20 +106,13 @@
# network_interfaces = [{
# network = module.landing-trusted-vpc.self_link
# subnetwork = module.landing-trusted-vpc.subnet_self_links["europe-west4/landing-trusted-default-ew4"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew4", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -163,20 +135,13 @@
# network = module.dev-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.dev-spoke-vpc.subnet_self_links["europe-west1/dev-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew1", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -197,20 +162,13 @@
# network = module.dev-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.dev-spoke-vpc.subnet_self_links["europe-west4/dev-default-ew4"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew4", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -233,9 +191,6 @@
# network = module.prod-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.prod-spoke-vpc.subnet_self_links["europe-west1/prod-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew1", "ssh"]
# service_account_create = true
@ -245,8 +200,6 @@
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -267,20 +220,13 @@
# network = module.prod-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.prod-spoke-vpc.subnet_self_links["europe-west4/prod-default-ew4"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ew4", "ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }

21
fast/stages/02-networking-peering/test-resources.tf
View File

@ -24,20 +24,13 @@
# network_interfaces = [{
# network = module.landing-vpc.self_link
# subnetwork = module.landing-vpc.subnet_self_links["europe-west1/landing-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -58,20 +51,13 @@
# network = module.dev-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.dev-spoke-vpc.subnet_self_links["europe-west1/dev-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -92,20 +78,13 @@
# network = module.prod-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.prod-spoke-vpc.subnet_self_links["europe-west1/prod-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }

21
fast/stages/02-networking-vpn/test-resources.tf
View File

@ -24,20 +24,13 @@
# network_interfaces = [{
# network = module.landing-vpc.self_link
# subnetwork = module.landing-vpc.subnet_self_links["europe-west1/landing-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -58,20 +51,13 @@
# network = module.dev-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.dev-spoke-vpc.subnet_self_links["europe-west1/dev-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }
@ -92,20 +78,13 @@
# network = module.prod-spoke-vpc.self_link
# # change the subnet name to match the values you are actually using
# subnetwork = module.prod-spoke-vpc.subnet_self_links["europe-west1/prod-default-ew1"]
# alias_ips = {}
# nat = false
# addresses = null
# }]
# tags = ["ssh"]
# service_account_create = true
# boot_disk = {
# image = "projects/debian-cloud/global/images/family/debian-10"
# type = "pd-balanced"
# size = 10
# }
# options = {
# allow_stopping_for_update = true
# deletion_protection = false
# spot = true
# termination_action = "STOP"
# }

120
modules/compute-vm/README.md
View File

@ -22,8 +22,6 @@ module "simple-vm-example" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
service_account_create = true
}
@ -42,16 +40,12 @@ module "spot-vm-example" {
zone = "europe-west1-b"
name = "test"
options = {
allow_stopping_for_update = true
deletion_protection = false
spot = true
termination_action = "STOP"
}
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
service_account_create = true
}
@ -79,18 +73,14 @@ module "simple-vm-example" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
attached_disks = [{
name = "repd-1"
size = null
size = 10
source_type = "attach"
source = "regions/${var.region}/disks/repd-test-1"
options = {
mode = null
replica_zone = "${var.region}-c"
type = null
}
}]
service_account_create = true
@ -109,18 +99,14 @@ module "simple-vm-example" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
attached_disks = [{
name = "repd"
size = null
size = 10
source_type = "attach"
source = "https://www.googleapis.com/compute/v1/projects/${var.project_id}/regions/${var.region}/disks/repd-test-1"
options = {
mode = null
replica_zone = "${var.region}-c"
type = null
}
}]
service_account_create = true
@ -142,27 +128,19 @@ module "kms-vm-example" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
attached_disks = [
{
name = "attached-disk"
size = 10
source = null
source_type = null
options = null
size = 10
}
]
service_account_create = true
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-10"
type = "pd-ssd"
size = 10
}
encryption = {
encrypt_boot = true
disk_encryption_key_raw = null
kms_key_self_link = var.kms_key.self_link
}
}
@ -182,17 +160,10 @@ module "vm-with-alias-ips" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
network_interface_options = {
0 = {
alias_ips = {
alias1 = "10.16.0.10/32"
}
nic_type = null
alias_ips = {
alias1 = "10.16.0.10/32"
}
}
}]
service_account_create = true
}
# tftest modules=1 resources=2
@ -231,20 +202,12 @@ module "vm-with-gvnic" {
boot_disk = {
image = google_compute_image.cos-gvnic.self_link
type = "pd-ssd"
size = 10
}
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
nic_type = "GVNIC"
}]
network_interface_options = {
0 = {
alias_ips = null
nic_type = "GVNIC"
}
}
service_account_create = true
}
# tftest modules=1 resources=3
@ -263,21 +226,14 @@ module "cos-test" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
attached_disks = [
{
name = "disk-1"
size = 10
source = null
source_type = null
options = null
}
]
service_account = "vm-default@my-project.iam.gserviceaccount.com"
@ -303,13 +259,9 @@ module "instance-group" {
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
service_account = var.service_account.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
@ -326,36 +278,34 @@ module "instance-group" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L160) | Instance name. | <code>string</code> | ✓ | |
| [network_interfaces](variables.tf#L174) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list&#40;object&#40;&#123;&#10; nat &#61; bool&#10; network &#61; string&#10; subnetwork &#61; string&#10; addresses &#61; object&#40;&#123;&#10; internal &#61; string&#10; external &#61; string&#10; &#125;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L209) | Project id. | <code>string</code> | ✓ | |
| [zone](variables.tf#L268) | Compute zone. | <code>string</code> | ✓ | |
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object&#40;&#123;&#10; mode &#61; string&#10; replica_zone &#61; string&#10; type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; auto_delete &#61; true&#10; mode &#61; &#34;READ_WRITE&#34;&#10; replica_zone &#61; null&#10; type &#61; &#34;pd-balanced&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [attached_disks](variables.tf#L32) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; size &#61; string&#10; source &#61; string&#10; source_type &#61; string&#10; options &#61; object&#40;&#123;&#10; mode &#61; string&#10; replica_zone &#61; string&#10; type &#61; string&#10; &#125;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [boot_disk](variables.tf#L58) | Boot disk properties. | <code title="object&#40;&#123;&#10; image &#61; string&#10; size &#61; number&#10; type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; image &#61; &#34;projects&#47;debian-cloud&#47;global&#47;images&#47;family&#47;debian-11&#34;&#10; type &#61; &#34;pd-balanced&#34;&#10; size &#61; 10&#10;&#125;">&#123;&#8230;&#125;</code> |
| [boot_disk_delete](variables.tf#L72) | Auto delete boot disk. | <code>bool</code> | | <code>true</code> |
| [can_ip_forward](variables.tf#L78) | Enable IP forwarding. | <code>bool</code> | | <code>false</code> |
| [confidential_compute](variables.tf#L84) | Enable Confidential Compute for these instances. | <code>bool</code> | | <code>false</code> |
| [create_template](variables.tf#L90) | Create instance template instead of instances. | <code>bool</code> | | <code>false</code> |
| [description](variables.tf#L95) | Description of a Compute Instance. | <code>string</code> | | <code>&#34;Managed by the compute-vm Terraform module.&#34;</code> |
| [enable_display](variables.tf#L100) | Enable virtual display on the instances. | <code>bool</code> | | <code>false</code> |
| [encryption](variables.tf#L106) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | <code title="object&#40;&#123;&#10; encrypt_boot &#61; bool&#10; disk_encryption_key_raw &#61; string&#10; kms_key_self_link &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [group](variables.tf#L116) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object&#40;&#123;&#10; named_ports &#61; map&#40;number&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [hostname](variables.tf#L124) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
| [iam](variables.tf#L130) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [instance_type](variables.tf#L136) | Instance type. | <code>string</code> | | <code>&#34;f1-micro&#34;</code> |
| [labels](variables.tf#L142) | Instance labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [metadata](variables.tf#L148) | Instance metadata. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [min_cpu_platform](variables.tf#L154) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
| [network_interface_options](variables.tf#L165) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | <code title="map&#40;object&#40;&#123;&#10; alias_ips &#61; map&#40;string&#41;&#10; nic_type &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [options](variables.tf#L187) | Instance options. | <code title="object&#40;&#123;&#10; allow_stopping_for_update &#61; bool&#10; deletion_protection &#61; bool&#10; spot &#61; bool&#10; termination_action &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; allow_stopping_for_update &#61; true&#10; deletion_protection &#61; false&#10; spot &#61; false&#10; termination_action &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [scratch_disks](variables.tf#L214) | Scratch disks configuration. | <code title="object&#40;&#123;&#10; count &#61; number&#10; interface &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; count &#61; 0&#10; interface &#61; &#34;NVME&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [service_account](variables.tf#L226) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
| [service_account_create](variables.tf#L232) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
| [service_account_scopes](variables.tf#L240) | Scopes applied to service account. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [shielded_config](variables.tf#L246) | Shielded VM configuration of the instances. | <code title="object&#40;&#123;&#10; enable_secure_boot &#61; bool&#10; enable_vtpm &#61; bool&#10; enable_integrity_monitoring &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [tag_bindings](variables.tf#L256) | Tag bindings for this instance, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [tags](variables.tf#L262) | Instance network tags for firewall rule targets. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [name](variables.tf#L163) | Instance name. | <code>string</code> | ✓ | |
| [network_interfaces](variables.tf#L168) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list&#40;object&#40;&#123;&#10; nat &#61; optional&#40;bool, false&#41;&#10; network &#61; string&#10; subnetwork &#61; string&#10; addresses &#61; optional&#40;object&#40;&#123;&#10; internal &#61; string&#10; external &#61; string&#10; &#125;&#41;, null&#41;&#10; alias_ips &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; nic_type &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L205) | Project id. | <code>string</code> | ✓ | |
| [zone](variables.tf#L264) | Compute zone. | <code>string</code> | ✓ | |
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object&#40;&#123;&#10; mode &#61; string&#10; replica_zone &#61; string&#10; type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; mode &#61; &#34;READ_WRITE&#34;&#10; replica_zone &#61; null&#10; type &#61; &#34;pd-balanced&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [attached_disks](variables.tf#L31) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list&#40;object&#40;&#123;&#10; name &#61; string&#10; size &#61; string&#10; source &#61; optional&#40;string&#41;&#10; source_type &#61; optional&#40;string&#41;&#10; options &#61; optional&#40;&#10; object&#40;&#123;&#10; mode &#61; optional&#40;string, &#34;READ_WRITE&#34;&#41;&#10; replica_zone &#61; optional&#40;string&#41;&#10; type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10; &#125;&#41;,&#10; &#123;&#10; mode &#61; &#34;READ_WRITE&#34;&#10; replica_zone &#61; null&#10; type &#61; &#34;pd-balanced&#34;&#10; &#125;&#10; &#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [boot_disk](variables.tf#L64) | Boot disk properties. | <code title="object&#40;&#123;&#10; auto_delete &#61; optional&#40;bool, true&#41;&#10; image &#61; optional&#40;string, &#34;projects&#47;debian-cloud&#47;global&#47;images&#47;family&#47;debian-11&#34;&#41;&#10; size &#61; optional&#40;number, 10&#41;&#10; type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; auto_delete &#61; true&#10; image &#61; &#34;projects&#47;debian-cloud&#47;global&#47;images&#47;family&#47;debian-11&#34;&#10; type &#61; &#34;pd-balanced&#34;&#10; size &#61; 10&#10;&#125;">&#123;&#8230;&#125;</code> |
| [can_ip_forward](variables.tf#L80) | Enable IP forwarding. | <code>bool</code> | | <code>false</code> |
| [confidential_compute](variables.tf#L86) | Enable Confidential Compute for these instances. | <code>bool</code> | | <code>false</code> |
| [create_template](variables.tf#L92) | Create instance template instead of instances. | <code>bool</code> | | <code>false</code> |
| [description](variables.tf#L97) | Description of a Compute Instance. | <code>string</code> | | <code>&#34;Managed by the compute-vm Terraform module.&#34;</code> |
| [enable_display](variables.tf#L103) | Enable virtual display on the instances. | <code>bool</code> | | <code>false</code> |
| [encryption](variables.tf#L109) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | <code title="object&#40;&#123;&#10; encrypt_boot &#61; optional&#40;bool, false&#41;&#10; disk_encryption_key_raw &#61; optional&#40;string&#41;&#10; kms_key_self_link &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [group](variables.tf#L119) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object&#40;&#123;&#10; named_ports &#61; map&#40;number&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [hostname](variables.tf#L127) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
| [iam](variables.tf#L133) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [instance_type](variables.tf#L139) | Instance type. | <code>string</code> | | <code>&#34;f1-micro&#34;</code> |
| [labels](variables.tf#L145) | Instance labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [metadata](variables.tf#L151) | Instance metadata. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [min_cpu_platform](variables.tf#L157) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
| [options](variables.tf#L183) | Instance options. | <code title="object&#40;&#123;&#10; allow_stopping_for_update &#61; optional&#40;bool, true&#41;&#10; deletion_protection &#61; optional&#40;bool, false&#41;&#10; spot &#61; optional&#40;bool, false&#41;&#10; termination_action &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; allow_stopping_for_update &#61; true&#10; deletion_protection &#61; false&#10; spot &#61; false&#10; termination_action &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [scratch_disks](variables.tf#L210) | Scratch disks configuration. | <code title="object&#40;&#123;&#10; count &#61; number&#10; interface &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; count &#61; 0&#10; interface &#61; &#34;NVME&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [service_account](variables.tf#L222) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
| [service_account_create](variables.tf#L228) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
| [service_account_scopes](variables.tf#L236) | Scopes applied to service account. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [shielded_config](variables.tf#L242) | Shielded VM configuration of the instances. | <code title="object&#40;&#123;&#10; enable_secure_boot &#61; bool&#10; enable_vtpm &#61; bool&#10; enable_integrity_monitoring &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [tag_bindings](variables.tf#L252) | Tag bindings for this instance, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [tags](variables.tf#L258) | Instance network tags for firewall rule targets. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
## Outputs

18
modules/compute-vm/main.tf
View File

@ -29,12 +29,6 @@ locals {
for k, v in local.attached_disks :
k => v if try(v.options.replica_zone, null) == null
}
network_interface_options = {
for i, v in var.network_interfaces : i => lookup(var.network_interface_options, i, {
alias_ips = null,
nic_type = null
})
}
on_host_maintenance = (
var.options.spot || var.confidential_compute
? "TERMINATE"
@ -169,7 +163,7 @@ resource "google_compute_instance" "default" {
}
boot_disk {
auto_delete = var.boot_disk_delete
auto_delete = var.boot_disk.auto_delete
initialize_params {
type = var.boot_disk.type
image = var.boot_disk.image
@ -200,14 +194,14 @@ resource "google_compute_instance" "default" {
}
}
dynamic "alias_ip_range" {
for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {}
for_each = config.value.alias_ips
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
nic_type = local.network_interface_options[config.key].nic_type
nic_type = config.value.nic_type
}
}
@ -272,7 +266,7 @@ resource "google_compute_instance_template" "default" {
labels = var.labels
disk {
auto_delete = var.boot_disk_delete
auto_delete = var.boot_disk.auto_delete
boot = true
disk_size_gb = var.boot_disk.size
disk_type = var.boot_disk.type
@ -334,14 +328,14 @@ resource "google_compute_instance_template" "default" {
}
}
dynamic "alias_ip_range" {
for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {}
for_each = config.value.alias_ips
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
nic_type = local.network_interface_options[config.key].nic_type
nic_type = config.value.nic_type
}
}

74
modules/compute-vm/variables.tf
View File

@ -22,7 +22,6 @@ variable "attached_disk_defaults" {
type = string
})
default = {
auto_delete = true
mode = "READ_WRITE"
replica_zone = null
type = "pd-balanced"
@ -34,13 +33,20 @@ variable "attached_disks" {
type = list(object({
name = string
size = string
source = string
source_type = string
options = object({
mode = string
replica_zone = string
type = string
})
source = optional(string)
source_type = optional(string)
options = optional(
object({
mode = optional(string, "READ_WRITE")
replica_zone = optional(string)
type = optional(string, "pd-balanced")
}),
{
mode = "READ_WRITE"
replica_zone = null
type = "pd-balanced"
}
)
}))
default = []
validation {
@ -58,23 +64,19 @@ variable "attached_disks" {
variable "boot_disk" {
description = "Boot disk properties."
type = object({
image = string
size = number
type = string
auto_delete = optional(bool, true)
image = optional(string, "projects/debian-cloud/global/images/family/debian-11")
size = optional(number, 10)
type = optional(string, "pd-balanced")
})
default = {
image = "projects/debian-cloud/global/images/family/debian-11"
type = "pd-balanced"
size = 10
auto_delete = true
image = "projects/debian-cloud/global/images/family/debian-11"
type = "pd-balanced"
size = 10
}
}
variable "boot_disk_delete" {
description = "Auto delete boot disk."
type = bool
default = true
}
variable "can_ip_forward" {
description = "Enable IP forwarding."
type = bool
@ -97,6 +99,7 @@ variable "description" {
type = string
default = "Managed by the compute-vm Terraform module."
}
variable "enable_display" {
description = "Enable virtual display on the instances."
type = bool
@ -106,9 +109,9 @@ variable "enable_display" {
variable "encryption" {
description = "Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk."
type = object({
encrypt_boot = bool
disk_encryption_key_raw = string
kms_key_self_link = string
encrypt_boot = optional(bool, false)
disk_encryption_key_raw = optional(string)
kms_key_self_link = optional(string)
})
default = null
}
@ -162,35 +165,28 @@ variable "name" {
type = string
}
variable "network_interface_options" {
description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them."
type = map(object({
alias_ips = map(string)
nic_type = string
}))
default = {}
}
variable "network_interfaces" {
description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed."
type = list(object({
nat = bool
nat = optional(bool, false)
network = string
subnetwork = string
addresses = object({
addresses = optional(object({
internal = string
external = string
})
}), null)
alias_ips = optional(map(string), {})
nic_type = optional(string)
}))
}
variable "options" {
description = "Instance options."
type = object({
allow_stopping_for_update = bool
deletion_protection = bool
spot = bool
termination_action = string
allow_stopping_for_update = optional(bool, true)
deletion_protection = optional(bool, false)
spot = optional(bool, false)
termination_action = optional(string)
})
default = {
allow_stopping_for_update = true

40
tests/modules/compute_vm/fixture/variables.tf
View File

@ -16,27 +16,13 @@
variable "attached_disks" {
description = "Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null."
type = list(object({
name = string
size = string
source = string
source_type = string
options = object({
mode = string
replica_zone = string
type = string
})
}))
default = []
type = any
default = []
}
variable "attached_disk_defaults" {
description = "Defaults for attached disks options."
type = object({
mode = string
replica_zone = string
type = string
})
type = any
default = {
mode = "READ_WRITE"
replica_zone = null
@ -70,31 +56,13 @@ variable "metadata" {
}
variable "network_interfaces" {
type = list(object({
nat = bool
network = string
subnetwork = string
addresses = object({
internal = string
external = string
})
}))
type = any
default = [{
network = "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default",
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = false,
addresses = null
}]
}
variable "network_interface_options" {
type = map(object({
alias_ips = map(string)
nic_type = string
}))
default = {}
}
variable "service_account_create" {
type = bool
default = false