Enforce terraform fmt in examples
This commit is contained in:
parent
0faf8ae1f1
commit
e700a27079
|
@ -49,8 +49,8 @@ locals {
|
||||||
trimsuffix(f, ".yaml") => yamldecode(file("${local._data_dir}/${f}"))
|
trimsuffix(f, ".yaml") => yamldecode(file("${local._data_dir}/${f}"))
|
||||||
}
|
}
|
||||||
# these are usually set via variables
|
# these are usually set via variables
|
||||||
_base_dir = "./fabric/blueprints/factories/project-factory"
|
_base_dir = "./fabric/blueprints/factories/project-factory"
|
||||||
_data_dir = "${local._base_dir}/sample-data/projects/"
|
_data_dir = "${local._base_dir}/sample-data/projects/"
|
||||||
_defaults_file = "${local._base_dir}/sample-data/defaults.yaml"
|
_defaults_file = "${local._base_dir}/sample-data/defaults.yaml"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -78,7 +78,7 @@ module "gke-fleet" {
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
private_cluster_config = local.cluster_defaults.private_cluster_config
|
private_cluster_config = local.cluster_defaults.private_cluster_config
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
subnetwork = local.subnet_self_links.ew1
|
subnetwork = local.subnet_self_links.ew1
|
||||||
master_ipv4_cidr_block = "172.16.10.0/28"
|
master_ipv4_cidr_block = "172.16.10.0/28"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -86,7 +86,7 @@ module "gke-fleet" {
|
||||||
location = "europe-west3"
|
location = "europe-west3"
|
||||||
private_cluster_config = local.cluster_defaults.private_cluster_config
|
private_cluster_config = local.cluster_defaults.private_cluster_config
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
subnetwork = local.subnet_self_links.ew3
|
subnetwork = local.subnet_self_links.ew3
|
||||||
master_ipv4_cidr_block = "172.16.20.0/28"
|
master_ipv4_cidr_block = "172.16.20.0/28"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -95,16 +95,16 @@ module "gke-fleet" {
|
||||||
cluster-0 = {
|
cluster-0 = {
|
||||||
nodepool-0 = {
|
nodepool-0 = {
|
||||||
node_config = {
|
node_config = {
|
||||||
disk_type = "pd-balanced"
|
disk_type = "pd-balanced"
|
||||||
machine_type = "n2-standard-4"
|
machine_type = "n2-standard-4"
|
||||||
spot = true
|
spot = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
cluster-1 = {
|
cluster-1 = {
|
||||||
nodepool-0 = {
|
nodepool-0 = {
|
||||||
node_config = {
|
node_config = {
|
||||||
disk_type = "pd-balanced"
|
disk_type = "pd-balanced"
|
||||||
machine_type = "n2-standard-4"
|
machine_type = "n2-standard-4"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -143,13 +143,13 @@ module "gke" {
|
||||||
prefix = "myprefix"
|
prefix = "myprefix"
|
||||||
clusters = {
|
clusters = {
|
||||||
cluster-0 = {
|
cluster-0 = {
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
subnetwork = local.subnet_self_links.ew1
|
subnetwork = local.subnet_self_links.ew1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
cluster-1 = {
|
cluster-1 = {
|
||||||
location = "europe-west3"
|
location = "europe-west3"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
subnetwork = local.subnet_self_links.ew3
|
subnetwork = local.subnet_self_links.ew3
|
||||||
}
|
}
|
||||||
|
@ -159,16 +159,16 @@ module "gke" {
|
||||||
cluster-0 = {
|
cluster-0 = {
|
||||||
nodepool-0 = {
|
nodepool-0 = {
|
||||||
node_config = {
|
node_config = {
|
||||||
disk_type = "pd-balanced"
|
disk_type = "pd-balanced"
|
||||||
machine_type = "n2-standard-4"
|
machine_type = "n2-standard-4"
|
||||||
spot = true
|
spot = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
cluster-1 = {
|
cluster-1 = {
|
||||||
nodepool-0 = {
|
nodepool-0 = {
|
||||||
node_config = {
|
node_config = {
|
||||||
disk_type = "pd-balanced"
|
disk_type = "pd-balanced"
|
||||||
machine_type = "n2-standard-4"
|
machine_type = "n2-standard-4"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -205,14 +205,14 @@ module "gke" {
|
||||||
enable_hierarchical_resource_quota = true
|
enable_hierarchical_resource_quota = true
|
||||||
enable_pod_tree_labels = true
|
enable_pod_tree_labels = true
|
||||||
}
|
}
|
||||||
policy_controller = {
|
policy_controller = {
|
||||||
audit_interval_seconds = 30
|
audit_interval_seconds = 30
|
||||||
exemptable_namespaces = ["kube-system"]
|
exemptable_namespaces = ["kube-system"]
|
||||||
log_denies_enabled = true
|
log_denies_enabled = true
|
||||||
referential_rules_enabled = true
|
referential_rules_enabled = true
|
||||||
template_library_installed = true
|
template_library_installed = true
|
||||||
}
|
}
|
||||||
version = "1.10.2"
|
version = "1.10.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
fleet_configmanagement_clusters = {
|
fleet_configmanagement_clusters = {
|
||||||
|
|
|
@ -6,11 +6,11 @@ This module allows creating an API with its associated API config and API gatewa
|
||||||
## Basic example
|
## Basic example
|
||||||
```hcl
|
```hcl
|
||||||
module "gateway" {
|
module "gateway" {
|
||||||
source = "./fabric/modules/api-gateway"
|
source = "./fabric/modules/api-gateway"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
api_id = "api"
|
api_id = "api"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
spec = <<EOT
|
spec = <<EOT
|
||||||
# The OpenAPI spec contents
|
# The OpenAPI spec contents
|
||||||
# ...
|
# ...
|
||||||
EOT
|
EOT
|
||||||
|
@ -31,7 +31,7 @@ module "gateway" {
|
||||||
EOT
|
EOT
|
||||||
service_account_email = "sa@my-project.iam.gserviceaccount.com"
|
service_account_email = "sa@my-project.iam.gserviceaccount.com"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/apigateway.admin" = [ "user:user@example.com" ]
|
"roles/apigateway.admin" = ["user:user@example.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=7
|
# tftest modules=1 resources=7
|
||||||
|
@ -40,18 +40,18 @@ module "gateway" {
|
||||||
## Basic example + service account creation
|
## Basic example + service account creation
|
||||||
```hcl
|
```hcl
|
||||||
module "gateway" {
|
module "gateway" {
|
||||||
source = "./fabric/modules/api-gateway"
|
source = "./fabric/modules/api-gateway"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
api_id = "api"
|
api_id = "api"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
spec = <<EOT
|
spec = <<EOT
|
||||||
# The OpenAPI spec contents
|
# The OpenAPI spec contents
|
||||||
# ...
|
# ...
|
||||||
EOT
|
EOT
|
||||||
service_account_create = true
|
service_account_create = true
|
||||||
iam = {
|
iam = {
|
||||||
"roles/apigateway.admin" = [ "user:mirene@google.com" ]
|
"roles/apigateway.admin" = ["user:mirene@google.com"]
|
||||||
"roles/apigateway.viewer" = [ "user:mirene@google.com" ]
|
"roles/apigateway.viewer" = ["user:mirene@google.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=11
|
# tftest modules=1 resources=11
|
||||||
|
|
|
@ -25,14 +25,14 @@ module "apigee" {
|
||||||
}
|
}
|
||||||
environments = {
|
environments = {
|
||||||
apis-test = {
|
apis-test = {
|
||||||
display_name = "APIs test"
|
display_name = "APIs test"
|
||||||
description = "APIs Test"
|
description = "APIs Test"
|
||||||
envgroups = ["test"]
|
envgroups = ["test"]
|
||||||
}
|
}
|
||||||
apis-prod = {
|
apis-prod = {
|
||||||
display_name = "APIs prod"
|
display_name = "APIs prod"
|
||||||
description = "APIs prod"
|
description = "APIs prod"
|
||||||
envgroups = ["prod"]
|
envgroups = ["prod"]
|
||||||
iam = {
|
iam = {
|
||||||
"roles/viewer" = ["group:devops@myorg.com"]
|
"roles/viewer" = ["group:devops@myorg.com"]
|
||||||
}
|
}
|
||||||
|
@ -71,10 +71,10 @@ module "apigee" {
|
||||||
source = "./fabric/modules/apigee"
|
source = "./fabric/modules/apigee"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
organization = {
|
organization = {
|
||||||
display_name = "My Organization"
|
display_name = "My Organization"
|
||||||
description = "My Organization"
|
description = "My Organization"
|
||||||
runtime_type = "HYBRID"
|
runtime_type = "HYBRID"
|
||||||
analytics_region = "europe-west1"
|
analytics_region = "europe-west1"
|
||||||
}
|
}
|
||||||
envgroups = {
|
envgroups = {
|
||||||
test = ["test.example.com"]
|
test = ["test.example.com"]
|
||||||
|
@ -82,14 +82,14 @@ module "apigee" {
|
||||||
}
|
}
|
||||||
environments = {
|
environments = {
|
||||||
apis-test = {
|
apis-test = {
|
||||||
display_name = "APIs test"
|
display_name = "APIs test"
|
||||||
description = "APIs Test"
|
description = "APIs Test"
|
||||||
envgroups = ["test"]
|
envgroups = ["test"]
|
||||||
}
|
}
|
||||||
apis-prod = {
|
apis-prod = {
|
||||||
display_name = "APIs prod"
|
display_name = "APIs prod"
|
||||||
description = "APIs prod"
|
description = "APIs prod"
|
||||||
envgroups = ["prod"]
|
envgroups = ["prod"]
|
||||||
iam = {
|
iam = {
|
||||||
"roles/viewer" = ["group:devops@myorg.com"]
|
"roles/viewer" = ["group:devops@myorg.com"]
|
||||||
}
|
}
|
||||||
|
@ -120,9 +120,9 @@ module "apigee" {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
environments = {
|
environments = {
|
||||||
apis-test = {
|
apis-test = {
|
||||||
display_name = "APIs test"
|
display_name = "APIs test"
|
||||||
description = "APIs Test"
|
description = "APIs Test"
|
||||||
envgroups = ["test"]
|
envgroups = ["test"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@ The access variables are split into `access` and `access_identities` variables,
|
||||||
module "bigquery-dataset" {
|
module "bigquery-dataset" {
|
||||||
source = "./fabric/modules/bigquery-dataset"
|
source = "./fabric/modules/bigquery-dataset"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
id = "my-dataset"
|
id = "my-dataset"
|
||||||
access = {
|
access = {
|
||||||
reader-group = { role = "READER", type = "group" }
|
reader-group = { role = "READER", type = "group" }
|
||||||
owner = { role = "OWNER", type = "user" }
|
owner = { role = "OWNER", type = "user" }
|
||||||
|
@ -46,7 +46,7 @@ Access configuration can also be specified via IAM instead of basic roles via th
|
||||||
module "bigquery-dataset" {
|
module "bigquery-dataset" {
|
||||||
source = "./fabric/modules/bigquery-dataset"
|
source = "./fabric/modules/bigquery-dataset"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
id = "my-dataset"
|
id = "my-dataset"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/bigquery.dataOwner" = ["user:user1@example.org"]
|
"roles/bigquery.dataOwner" = ["user:user1@example.org"]
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,19 +16,19 @@ This module allows managing a single BigTable instance, including access configu
|
||||||
```hcl
|
```hcl
|
||||||
|
|
||||||
module "bigtable-instance" {
|
module "bigtable-instance" {
|
||||||
source = "./fabric/modules/bigtable-instance"
|
source = "./fabric/modules/bigtable-instance"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "instance"
|
name = "instance"
|
||||||
cluster_id = "instance"
|
cluster_id = "instance"
|
||||||
zone = "europe-west1-b"
|
zone = "europe-west1-b"
|
||||||
tables = {
|
tables = {
|
||||||
test1 = null,
|
test1 = null,
|
||||||
test2 = {
|
test2 = {
|
||||||
split_keys = ["a", "b", "c"]
|
split_keys = ["a", "b", "c"]
|
||||||
column_family = null
|
column_family = null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
"roles/bigtable.user" = ["user:viewer@testdomain.com"]
|
"roles/bigtable.user" = ["user:viewer@testdomain.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -59,11 +59,11 @@ If you use autoscaling, you should not set the variable `num_nodes`.
|
||||||
```hcl
|
```hcl
|
||||||
|
|
||||||
module "bigtable-instance" {
|
module "bigtable-instance" {
|
||||||
source = "./fabric/modules/bigtable-instance"
|
source = "./fabric/modules/bigtable-instance"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "instance"
|
name = "instance"
|
||||||
cluster_id = "instance"
|
cluster_id = "instance"
|
||||||
zone = "europe-southwest1-b"
|
zone = "europe-southwest1-b"
|
||||||
autoscaling_config = {
|
autoscaling_config = {
|
||||||
min_nodes = 3
|
min_nodes = 3
|
||||||
max_nodes = 7
|
max_nodes = 7
|
||||||
|
@ -78,12 +78,12 @@ module "bigtable-instance" {
|
||||||
```hcl
|
```hcl
|
||||||
|
|
||||||
module "bigtable-instance" {
|
module "bigtable-instance" {
|
||||||
source = "./fabric/modules/bigtable-instance"
|
source = "./fabric/modules/bigtable-instance"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "instance"
|
name = "instance"
|
||||||
cluster_id = "instance"
|
cluster_id = "instance"
|
||||||
zone = "europe-southwest1-a"
|
zone = "europe-southwest1-a"
|
||||||
storage_type = "SSD"
|
storage_type = "SSD"
|
||||||
autoscaling_config = {
|
autoscaling_config = {
|
||||||
min_nodes = 3
|
min_nodes = 3
|
||||||
max_nodes = 7
|
max_nodes = 7
|
||||||
|
|
|
@ -29,7 +29,7 @@ module "budget" {
|
||||||
]
|
]
|
||||||
email_recipients = {
|
email_recipients = {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
emails = ["user@example.com"]
|
emails = ["user@example.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=2
|
# tftest modules=1 resources=2
|
||||||
|
|
|
@ -8,8 +8,8 @@ This module simplifies the creation of a Binary Authorization policy, attestors
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "binauthz" {
|
module "binauthz" {
|
||||||
source = "./fabric/modules/binauthz"
|
source = "./fabric/modules/binauthz"
|
||||||
project_id = "my_project"
|
project_id = "my_project"
|
||||||
global_policy_evaluation_mode = "DISABLE"
|
global_policy_evaluation_mode = "DISABLE"
|
||||||
default_admission_rule = {
|
default_admission_rule = {
|
||||||
evaluation_mode = "ALWAYS_DENY"
|
evaluation_mode = "ALWAYS_DENY"
|
||||||
|
@ -18,16 +18,16 @@ module "binauthz" {
|
||||||
}
|
}
|
||||||
cluster_admission_rules = {
|
cluster_admission_rules = {
|
||||||
"europe-west1-c.cluster" = {
|
"europe-west1-c.cluster" = {
|
||||||
evaluation_mode = "REQUIRE_ATTESTATION"
|
evaluation_mode = "REQUIRE_ATTESTATION"
|
||||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
||||||
attestors = [ "test" ]
|
attestors = ["test"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
attestors_config = {
|
attestors_config = {
|
||||||
"test": {
|
"test" : {
|
||||||
note_reference = null
|
note_reference = null
|
||||||
pgp_public_keys = [
|
pgp_public_keys = [
|
||||||
<<EOT
|
<<EOT
|
||||||
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
|
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
|
||||||
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
|
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
|
||||||
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
|
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
|
||||||
|
@ -44,11 +44,11 @@ module "binauthz" {
|
||||||
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
|
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
|
||||||
=6Bvm
|
=6Bvm
|
||||||
EOT
|
EOT
|
||||||
]
|
]
|
||||||
pkix_public_keys = null
|
pkix_public_keys = null
|
||||||
iam = {
|
iam = {
|
||||||
"roles/viewer" = ["user:user1@my_org.com"]
|
"roles/viewer" = ["user:user1@my_org.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ This example will create a `cloud-config` that uses the module's defaults, creat
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cos-coredns" {
|
module "cos-coredns" {
|
||||||
source = "./fabric/modules/cloud-config-container/coredns"
|
source = "./fabric/modules/cloud-config-container/coredns"
|
||||||
}
|
}
|
||||||
|
|
||||||
module "vm" {
|
module "vm" {
|
||||||
|
@ -56,7 +56,7 @@ This example will create a `cloud-config` using a custom CoreDNS configuration,
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cos-coredns" {
|
module "cos-coredns" {
|
||||||
source = "./fabric/modules/cloud-config-container/coredns"
|
source = "./fabric/modules/cloud-config-container/coredns"
|
||||||
coredns_config = "./fabric/modules/cloud-config-container/coredns/Corefile-hosts"
|
coredns_config = "./fabric/modules/cloud-config-container/coredns/Corefile-hosts"
|
||||||
files = {
|
files = {
|
||||||
"/etc/coredns/example.hosts" = {
|
"/etc/coredns/example.hosts" = {
|
||||||
|
|
|
@ -12,7 +12,7 @@ This example will create a `cloud-config` that starts [Envoy Proxy](https://www.
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cos-envoy" {
|
module "cos-envoy" {
|
||||||
source = "./fabric/modules/cloud-config-container/cos-generic-metadata"
|
source = "./fabric/modules/cloud-config-container/cos-generic-metadata"
|
||||||
container_image = "envoyproxy/envoy:v1.14.1"
|
container_image = "envoyproxy/envoy:v1.14.1"
|
||||||
container_name = "envoy"
|
container_name = "envoy"
|
||||||
container_args = "-c /etc/envoy/envoy.yaml --log-level info --allow-unknown-static-fields"
|
container_args = "-c /etc/envoy/envoy.yaml --log-level info --allow-unknown-static-fields"
|
||||||
|
|
|
@ -62,7 +62,7 @@ module "cos-mysql" {
|
||||||
source = "./fabric/modules/cloud-config-container/mysql"
|
source = "./fabric/modules/cloud-config-container/mysql"
|
||||||
mysql_config = "./my.cnf"
|
mysql_config = "./my.cnf"
|
||||||
mysql_password = "CiQAsd7WY=="
|
mysql_password = "CiQAsd7WY=="
|
||||||
kms_config = {
|
kms_config = {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
keyring = "test-cos"
|
keyring = "test-cos"
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
|
|
|
@ -24,7 +24,7 @@ This example will create a `cloud-config` that uses the module's defaults, creat
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cos-nginx" {
|
module "cos-nginx" {
|
||||||
source = "./fabric/modules/cloud-config-container/nginx"
|
source = "./fabric/modules/cloud-config-container/nginx"
|
||||||
}
|
}
|
||||||
|
|
||||||
module "vm-nginx-tls" {
|
module "vm-nginx-tls" {
|
||||||
|
|
|
@ -24,9 +24,9 @@ This example will create a `cloud-config` that allows any client in the 10.0.0.0
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cos-squid" {
|
module "cos-squid" {
|
||||||
source = "./fabric/modules/cloud-config-container/squid"
|
source = "./fabric/modules/cloud-config-container/squid"
|
||||||
allow = [".github.com"]
|
allow = [".github.com"]
|
||||||
clients = ["10.0.0.0/8"]
|
clients = ["10.0.0.0/8"]
|
||||||
}
|
}
|
||||||
|
|
||||||
module "vm" {
|
module "vm" {
|
||||||
|
|
|
@ -16,10 +16,10 @@ This deploys a Cloud Function with an HTTP endpoint, using a pre-existing GCS bu
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets/"
|
source_dir = "fabric/assets/"
|
||||||
output_path = "bundle.zip"
|
output_path = "bundle.zip"
|
||||||
|
@ -31,11 +31,11 @@ module "cf-http" {
|
||||||
Analogous example using 2nd generation Cloud Functions
|
Analogous example using 2nd generation Cloud Functions
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
v2 = true
|
v2 = true
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets/"
|
source_dir = "fabric/assets/"
|
||||||
output_path = "bundle.zip"
|
output_path = "bundle.zip"
|
||||||
|
@ -111,15 +111,15 @@ To allow anonymous access to the function, grant the `roles/cloudfunctions.invok
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets/"
|
source_dir = "fabric/assets/"
|
||||||
output_path = "bundle.zip"
|
output_path = "bundle.zip"
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
"roles/cloudfunctions.invoker" = ["allUsers"]
|
"roles/cloudfunctions.invoker" = ["allUsers"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -132,15 +132,15 @@ You can have the module auto-create the GCS bucket used for deployment via the `
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bucket_config = {
|
bucket_config = {
|
||||||
lifecycle_delete_age_days = 1
|
lifecycle_delete_age_days = 1
|
||||||
}
|
}
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets/"
|
source_dir = "fabric/assets/"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=3
|
# tftest modules=1 resources=3
|
||||||
|
@ -152,10 +152,10 @@ To use a custom service account managed by the module, set `service_account_crea
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets/"
|
source_dir = "fabric/assets/"
|
||||||
output_path = "bundle.zip"
|
output_path = "bundle.zip"
|
||||||
|
@ -169,10 +169,10 @@ To use an externally managed service account, pass its email in `service_account
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets/"
|
source_dir = "fabric/assets/"
|
||||||
output_path = "bundle.zip"
|
output_path = "bundle.zip"
|
||||||
|
@ -188,10 +188,10 @@ In order to help prevent `archive_zip.output_md5` from changing cross platform (
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets"
|
source_dir = "fabric/assets"
|
||||||
output_path = "bundle.zip"
|
output_path = "bundle.zip"
|
||||||
|
@ -207,10 +207,10 @@ This deploys a Cloud Function with an HTTP endpoint, using a pre-existing GCS bu
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cf-http" {
|
module "cf-http" {
|
||||||
source = "./fabric/modules/cloud-function"
|
source = "./fabric/modules/cloud-function"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "test-cf-http"
|
name = "test-cf-http"
|
||||||
bucket_name = "test-cf-bundles"
|
bucket_name = "test-cf-bundles"
|
||||||
build_worker_pool = "projects/my-project/locations/europe-west1/workerPools/my_build_worker_pool"
|
build_worker_pool = "projects/my-project/locations/europe-west1/workerPools/my_build_worker_pool"
|
||||||
bundle_config = {
|
bundle_config = {
|
||||||
source_dir = "fabric/assets"
|
source_dir = "fabric/assets"
|
||||||
|
|
|
@ -14,18 +14,18 @@ module "cloud_run" {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "hello"
|
name = "hello"
|
||||||
containers = [{
|
containers = [{
|
||||||
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||||||
options = {
|
options = {
|
||||||
command = null
|
command = null
|
||||||
args = null
|
args = null
|
||||||
env = {
|
env = {
|
||||||
"VAR1": "VALUE1",
|
"VAR1" : "VALUE1",
|
||||||
"VAR2": "VALUE2",
|
"VAR2" : "VALUE2",
|
||||||
}
|
}
|
||||||
env_from = null
|
env_from = null
|
||||||
}
|
}
|
||||||
ports = null
|
ports = null
|
||||||
resources = null
|
resources = null
|
||||||
volume_mounts = null
|
volume_mounts = null
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -42,18 +42,18 @@ module "cloud_run" {
|
||||||
containers = [{
|
containers = [{
|
||||||
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||||||
options = {
|
options = {
|
||||||
command = null
|
command = null
|
||||||
args = null
|
args = null
|
||||||
env = null
|
env = null
|
||||||
env_from = {
|
env_from = {
|
||||||
"CREDENTIALS": {
|
"CREDENTIALS" : {
|
||||||
name = "credentials"
|
name = "credentials"
|
||||||
key = "1"
|
key = "1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ports = null
|
ports = null
|
||||||
resources = null
|
resources = null
|
||||||
volume_mounts = null
|
volume_mounts = null
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -64,26 +64,26 @@ module "cloud_run" {
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cloud_run" {
|
module "cloud_run" {
|
||||||
source = "./fabric/modules/cloud-run"
|
source = "./fabric/modules/cloud-run"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "hello"
|
name = "hello"
|
||||||
region = var.region
|
region = var.region
|
||||||
revision_name = "green"
|
revision_name = "green"
|
||||||
containers = [{
|
containers = [{
|
||||||
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||||||
options = null
|
options = null
|
||||||
ports = null
|
ports = null
|
||||||
resources = null
|
resources = null
|
||||||
volume_mounts = {
|
volume_mounts = {
|
||||||
"credentials": "/credentials"
|
"credentials" : "/credentials"
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
volumes = [
|
volumes = [
|
||||||
{
|
{
|
||||||
name = "credentials"
|
name = "credentials"
|
||||||
secret_name = "credentials"
|
secret_name = "credentials"
|
||||||
items = [{
|
items = [{
|
||||||
key = "1"
|
key = "1"
|
||||||
path = "v1.txt"
|
path = "v1.txt"
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -98,9 +98,9 @@ This deploys a Cloud Run service with traffic split between two revisions.
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cloud_run" {
|
module "cloud_run" {
|
||||||
source = "./fabric/modules/cloud-run"
|
source = "./fabric/modules/cloud-run"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "hello"
|
name = "hello"
|
||||||
revision_name = "green"
|
revision_name = "green"
|
||||||
containers = [{
|
containers = [{
|
||||||
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||||||
|
@ -110,7 +110,7 @@ module "cloud_run" {
|
||||||
volume_mounts = null
|
volume_mounts = null
|
||||||
}]
|
}]
|
||||||
traffic = {
|
traffic = {
|
||||||
"blue" = 25
|
"blue" = 25
|
||||||
"green" = 75
|
"green" = 75
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -159,8 +159,8 @@ module "cloud_run" {
|
||||||
}]
|
}]
|
||||||
audit_log_triggers = [
|
audit_log_triggers = [
|
||||||
{
|
{
|
||||||
service_name = "cloudresourcemanager.googleapis.com"
|
service_name = "cloudresourcemanager.googleapis.com"
|
||||||
method_name = "SetIamPolicy"
|
method_name = "SetIamPolicy"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,7 +88,7 @@ module "db" {
|
||||||
# generatea password for user1
|
# generatea password for user1
|
||||||
user1 = null
|
user1 = null
|
||||||
# assign a password to user2
|
# assign a password to user2
|
||||||
user2 = "mypassword"
|
user2 = "mypassword"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=6
|
# tftest modules=1 resources=6
|
||||||
|
|
|
@ -243,9 +243,9 @@ module "nginx-mig" {
|
||||||
target_size = 3
|
target_size = 3
|
||||||
instance_template = module.nginx-template.template.self_link
|
instance_template = module.nginx-template.template.self_link
|
||||||
update_policy = {
|
update_policy = {
|
||||||
minimal_action = "REPLACE"
|
minimal_action = "REPLACE"
|
||||||
type = "PROACTIVE"
|
type = "PROACTIVE"
|
||||||
min_ready_sec = 30
|
min_ready_sec = 30
|
||||||
max_surge = {
|
max_surge = {
|
||||||
fixed = 1
|
fixed = 1
|
||||||
}
|
}
|
||||||
|
@ -393,8 +393,8 @@ module "nginx-mig" {
|
||||||
stateful_config = {
|
stateful_config = {
|
||||||
# name needs to match a MIG instance name
|
# name needs to match a MIG instance name
|
||||||
instance-1 = {
|
instance-1 = {
|
||||||
minimal_action = "NONE",
|
minimal_action = "NONE",
|
||||||
most_disruptive_allowed_action = "REPLACE"
|
most_disruptive_allowed_action = "REPLACE"
|
||||||
preserved_state = {
|
preserved_state = {
|
||||||
disks = {
|
disks = {
|
||||||
persistent-disk-1 = {
|
persistent-disk-1 = {
|
||||||
|
|
|
@ -110,7 +110,7 @@ module "simple-vm-example" {
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
service_account_create = true
|
service_account_create = true
|
||||||
create_template = true
|
create_template = true
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=2
|
# tftest modules=1 resources=2
|
||||||
```
|
```
|
||||||
|
@ -131,8 +131,8 @@ module "kms-vm-example" {
|
||||||
}]
|
}]
|
||||||
attached_disks = [
|
attached_disks = [
|
||||||
{
|
{
|
||||||
name = "attached-disk"
|
name = "attached-disk"
|
||||||
size = 10
|
size = 10
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
service_account_create = true
|
service_account_create = true
|
||||||
|
@ -176,9 +176,9 @@ This example shows how to enable [gVNIC](https://cloud.google.com/compute/docs/n
|
||||||
```hcl
|
```hcl
|
||||||
|
|
||||||
resource "google_compute_image" "cos-gvnic" {
|
resource "google_compute_image" "cos-gvnic" {
|
||||||
project = "my-project"
|
project = "my-project"
|
||||||
name = "my-image"
|
name = "my-image"
|
||||||
source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-89-16108-534-18"
|
source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-89-16108-534-18"
|
||||||
|
|
||||||
guest_os_features {
|
guest_os_features {
|
||||||
type = "GVNIC"
|
type = "GVNIC"
|
||||||
|
@ -200,8 +200,8 @@ module "vm-with-gvnic" {
|
||||||
zone = "europe-west1-b"
|
zone = "europe-west1-b"
|
||||||
name = "test"
|
name = "test"
|
||||||
boot_disk = {
|
boot_disk = {
|
||||||
image = google_compute_image.cos-gvnic.self_link
|
image = google_compute_image.cos-gvnic.self_link
|
||||||
type = "pd-ssd"
|
type = "pd-ssd"
|
||||||
}
|
}
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
|
|
|
@ -12,7 +12,7 @@ module "cmn-dc" {
|
||||||
source = "./fabric/modules/data-catalog-policy-tag"
|
source = "./fabric/modules/data-catalog-policy-tag"
|
||||||
name = "my-datacatalog-policy-tags"
|
name = "my-datacatalog-policy-tags"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
tags = {
|
tags = {
|
||||||
low = null, medium = null, high = null
|
low = null, medium = null, high = null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -26,10 +26,10 @@ module "cmn-dc" {
|
||||||
source = "./fabric/modules/data-catalog-policy-tag"
|
source = "./fabric/modules/data-catalog-policy-tag"
|
||||||
name = "my-datacatalog-policy-tags"
|
name = "my-datacatalog-policy-tags"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
tags = {
|
tags = {
|
||||||
low = null
|
low = null
|
||||||
medium = null
|
medium = null
|
||||||
high = {"roles/datacatalog.categoryFineGrainedReader" = ["group:GROUP_NAME@example.com"]}
|
high = { "roles/datacatalog.categoryFineGrainedReader" = ["group:GROUP_NAME@example.com"] }
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
"roles/datacatalog.categoryAdmin" = ["group:GROUP_NAME@example.com"]
|
"roles/datacatalog.categoryAdmin" = ["group:GROUP_NAME@example.com"]
|
||||||
|
|
|
@ -8,11 +8,11 @@ This module allows simple management of ['Google Data Fusion'](https://cloud.goo
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "datafusion" {
|
module "datafusion" {
|
||||||
source = "./fabric/modules/datafusion"
|
source = "./fabric/modules/datafusion"
|
||||||
name = "my-datafusion"
|
name = "my-datafusion"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
network = "my-network-name"
|
network = "my-network-name"
|
||||||
# TODO: remove the following line
|
# TODO: remove the following line
|
||||||
firewall_create = false
|
firewall_create = false
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,11 +10,11 @@ This module allows the creation and management of folders, including support for
|
||||||
module "folder" {
|
module "folder" {
|
||||||
source = "./fabric/modules/folder"
|
source = "./fabric/modules/folder"
|
||||||
parent = "organizations/1234567890"
|
parent = "organizations/1234567890"
|
||||||
name = "Folder name"
|
name = "Folder name"
|
||||||
group_iam = {
|
group_iam = {
|
||||||
"cloud-owners@example.org" = [
|
"cloud-owners@example.org" = [
|
||||||
"roles/owner",
|
"roles/owner",
|
||||||
"roles/resourcemanager.projectCreator"
|
"roles/resourcemanager.projectCreator"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
|
@ -32,7 +32,7 @@ To manage organization policies, the `orgpolicy.googleapis.com` service should b
|
||||||
module "folder" {
|
module "folder" {
|
||||||
source = "./fabric/modules/folder"
|
source = "./fabric/modules/folder"
|
||||||
parent = "organizations/1234567890"
|
parent = "organizations/1234567890"
|
||||||
name = "Folder name"
|
name = "Folder name"
|
||||||
org_policies = {
|
org_policies = {
|
||||||
"compute.disableGuestAttributesAccess" = {
|
"compute.disableGuestAttributesAccess" = {
|
||||||
enforce = true
|
enforce = true
|
||||||
|
@ -85,9 +85,9 @@ In the same way as for the [organization](../organization) module, the in-built
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "folder" {
|
module "folder" {
|
||||||
source = "./fabric/modules/folder"
|
source = "./fabric/modules/folder"
|
||||||
parent = "organizations/1234567890"
|
parent = "organizations/1234567890"
|
||||||
name = "Folder name"
|
name = "Folder name"
|
||||||
firewall_policy_factory = {
|
firewall_policy_factory = {
|
||||||
cidr_file = "configs/firewall-policies/cidrs.yaml"
|
cidr_file = "configs/firewall-policies/cidrs.yaml"
|
||||||
policy_name = null
|
policy_name = null
|
||||||
|
@ -250,8 +250,8 @@ module "org" {
|
||||||
organization_id = var.organization_id
|
organization_id = var.organization_id
|
||||||
tags = {
|
tags = {
|
||||||
environment = {
|
environment = {
|
||||||
description = "Environment specification."
|
description = "Environment specification."
|
||||||
iam = null
|
iam = null
|
||||||
values = {
|
values = {
|
||||||
dev = null
|
dev = null
|
||||||
prod = null
|
prod = null
|
||||||
|
|
|
@ -62,7 +62,7 @@ module "bucket" {
|
||||||
source = "./fabric/modules/gcs"
|
source = "./fabric/modules/gcs"
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
prefix = "test"
|
prefix = "test"
|
||||||
name = "my-bucket"
|
name = "my-bucket"
|
||||||
|
|
||||||
iam = {
|
iam = {
|
||||||
"roles/storage.admin" = ["group:storage@example.com"]
|
"roles/storage.admin" = ["group:storage@example.com"]
|
||||||
|
|
|
@ -22,7 +22,7 @@ module "cluster-1" {
|
||||||
master_authorized_ranges = {
|
master_authorized_ranges = {
|
||||||
internal-vms = "10.0.0.0/8"
|
internal-vms = "10.0.0.0/8"
|
||||||
}
|
}
|
||||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||||
}
|
}
|
||||||
max_pods_per_node = 32
|
max_pods_per_node = 32
|
||||||
private_cluster_config = {
|
private_cluster_config = {
|
||||||
|
@ -54,7 +54,7 @@ module "cluster-1" {
|
||||||
master_authorized_ranges = {
|
master_authorized_ranges = {
|
||||||
internal-vms = "10.0.0.0/8"
|
internal-vms = "10.0.0.0/8"
|
||||||
}
|
}
|
||||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||||
}
|
}
|
||||||
private_cluster_config = {
|
private_cluster_config = {
|
||||||
enable_private_endpoint = true
|
enable_private_endpoint = true
|
||||||
|
|
|
@ -56,7 +56,7 @@ module "cluster_1" {
|
||||||
master_authorized_ranges = {
|
master_authorized_ranges = {
|
||||||
fc1918_10_8 = "10.0.0.0/8"
|
fc1918_10_8 = "10.0.0.0/8"
|
||||||
}
|
}
|
||||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||||
}
|
}
|
||||||
enable_features = {
|
enable_features = {
|
||||||
dataplane_v2 = true
|
dataplane_v2 = true
|
||||||
|
@ -115,7 +115,7 @@ module "hub" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
configmanagement_clusters = {
|
configmanagement_clusters = {
|
||||||
"default" = [ "cluster-1" ]
|
"default" = ["cluster-1"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -216,7 +216,7 @@ module "cluster_1" {
|
||||||
mgmt = "10.0.0.0/28"
|
mgmt = "10.0.0.0/28"
|
||||||
pods-cluster-1 = "10.3.0.0/16"
|
pods-cluster-1 = "10.3.0.0/16"
|
||||||
}
|
}
|
||||||
master_ipv4_cidr_block = "192.168.1.0/28"
|
master_ipv4_cidr_block = "192.168.1.0/28"
|
||||||
}
|
}
|
||||||
private_cluster_config = {
|
private_cluster_config = {
|
||||||
enable_private_endpoint = false
|
enable_private_endpoint = false
|
||||||
|
@ -240,10 +240,10 @@ module "cluster_1_nodepool" {
|
||||||
}
|
}
|
||||||
|
|
||||||
module "cluster_2" {
|
module "cluster_2" {
|
||||||
source = "./fabric/modules/gke-cluster"
|
source = "./fabric/modules/gke-cluster"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "cluster-2"
|
name = "cluster-2"
|
||||||
location = "europe-west4"
|
location = "europe-west4"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.vpc.self_link
|
network = module.vpc.self_link
|
||||||
subnetwork = module.vpc.subnet_self_links["europe-west4/subnet-cluster-2"]
|
subnetwork = module.vpc.subnet_self_links["europe-west4/subnet-cluster-2"]
|
||||||
|
@ -251,7 +251,7 @@ module "cluster_2" {
|
||||||
mgmt = "10.0.0.0/28"
|
mgmt = "10.0.0.0/28"
|
||||||
pods-cluster-1 = "10.3.0.0/16"
|
pods-cluster-1 = "10.3.0.0/16"
|
||||||
}
|
}
|
||||||
master_ipv4_cidr_block = "192.168.2.0/28"
|
master_ipv4_cidr_block = "192.168.2.0/28"
|
||||||
}
|
}
|
||||||
private_cluster_config = {
|
private_cluster_config = {
|
||||||
enable_private_endpoint = false
|
enable_private_endpoint = false
|
||||||
|
@ -264,11 +264,11 @@ module "cluster_2" {
|
||||||
}
|
}
|
||||||
|
|
||||||
module "cluster_2_nodepool" {
|
module "cluster_2_nodepool" {
|
||||||
source = "./fabric/modules/gke-nodepool"
|
source = "./fabric/modules/gke-nodepool"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
cluster_name = module.cluster_2.name
|
cluster_name = module.cluster_2.name
|
||||||
location = "europe-west4"
|
location = "europe-west4"
|
||||||
name = "nodepool"
|
name = "nodepool"
|
||||||
node_count = { initial = 1 }
|
node_count = { initial = 1 }
|
||||||
service_account = { create = true }
|
service_account = { create = true }
|
||||||
tags = ["cluster-2-node"]
|
tags = ["cluster-2-node"]
|
||||||
|
|
|
@ -10,11 +10,11 @@ If no specific node configuration is set via variables, the module uses the prov
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cluster-1-nodepool-1" {
|
module "cluster-1-nodepool-1" {
|
||||||
source = "./fabric/modules/gke-nodepool"
|
source = "./fabric/modules/gke-nodepool"
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
cluster_name = "cluster-1"
|
cluster_name = "cluster-1"
|
||||||
location = "europe-west1-b"
|
location = "europe-west1-b"
|
||||||
name = "nodepool-1"
|
name = "nodepool-1"
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=1
|
# tftest modules=1 resources=1
|
||||||
```
|
```
|
||||||
|
@ -31,11 +31,11 @@ To use the GCE default service account, you can ignore the variable which is equ
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cluster-1-nodepool-1" {
|
module "cluster-1-nodepool-1" {
|
||||||
source = "./fabric/modules/gke-nodepool"
|
source = "./fabric/modules/gke-nodepool"
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
cluster_name = "cluster-1"
|
cluster_name = "cluster-1"
|
||||||
location = "europe-west1-b"
|
location = "europe-west1-b"
|
||||||
name = "nodepool-1"
|
name = "nodepool-1"
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=1
|
# tftest modules=1 resources=1
|
||||||
```
|
```
|
||||||
|
@ -46,11 +46,11 @@ To use an existing service account, pass in just the `email` attribute.
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cluster-1-nodepool-1" {
|
module "cluster-1-nodepool-1" {
|
||||||
source = "./fabric/modules/gke-nodepool"
|
source = "./fabric/modules/gke-nodepool"
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
cluster_name = "cluster-1"
|
cluster_name = "cluster-1"
|
||||||
location = "europe-west1-b"
|
location = "europe-west1-b"
|
||||||
name = "nodepool-1"
|
name = "nodepool-1"
|
||||||
service_account = {
|
service_account = {
|
||||||
email = "foo-bar@myproject.iam.gserviceaccount.com"
|
email = "foo-bar@myproject.iam.gserviceaccount.com"
|
||||||
}
|
}
|
||||||
|
@ -64,11 +64,11 @@ To have the module create a service account, set the `create` attribute to `true
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "cluster-1-nodepool-1" {
|
module "cluster-1-nodepool-1" {
|
||||||
source = "./fabric/modules/gke-nodepool"
|
source = "./fabric/modules/gke-nodepool"
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
cluster_name = "cluster-1"
|
cluster_name = "cluster-1"
|
||||||
location = "europe-west1-b"
|
location = "europe-west1-b"
|
||||||
name = "nodepool-1"
|
name = "nodepool-1"
|
||||||
service_account = {
|
service_account = {
|
||||||
create = true
|
create = true
|
||||||
# optional
|
# optional
|
||||||
|
|
|
@ -8,12 +8,12 @@ Note that this module does not fully comply with our design principles, as outpu
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "myproject-default-service-accounts" {
|
module "myproject-default-service-accounts" {
|
||||||
source = "./fabric/modules/iam-service-account"
|
source = "./fabric/modules/iam-service-account"
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
name = "vm-default"
|
name = "vm-default"
|
||||||
generate_key = true
|
generate_key = true
|
||||||
# authoritative roles granted *on* the service accounts to other identities
|
# authoritative roles granted *on* the service accounts to other identities
|
||||||
iam = {
|
iam = {
|
||||||
"roles/iam.serviceAccountUser" = ["user:foo@example.com"]
|
"roles/iam.serviceAccountUser" = ["user:foo@example.com"]
|
||||||
}
|
}
|
||||||
# non-authoritative roles granted *to* the service accounts on other resources
|
# non-authoritative roles granted *to* the service accounts on other resources
|
||||||
|
|
|
@ -14,9 +14,9 @@ In this module **no lifecycle blocks are set on resources to prevent destroy**,
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "kms" {
|
module "kms" {
|
||||||
source = "./fabric/modules/kms"
|
source = "./fabric/modules/kms"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/cloudkms.admin" = ["user:user1@example.com"]
|
"roles/cloudkms.admin" = ["user:user1@example.com"]
|
||||||
}
|
}
|
||||||
keyring = { location = "europe-west1", name = "test" }
|
keyring = { location = "europe-west1", name = "test" }
|
||||||
|
@ -63,8 +63,8 @@ module "kms" {
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "kms" {
|
module "kms" {
|
||||||
source = "./fabric/modules/kms"
|
source = "./fabric/modules/kms"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
key_purpose = {
|
key_purpose = {
|
||||||
key-c = {
|
key-c = {
|
||||||
purpose = "ASYMMETRIC_SIGN"
|
purpose = "ASYMMETRIC_SIGN"
|
||||||
|
@ -74,8 +74,8 @@ module "kms" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
keyring = { location = "europe-west1", name = "test" }
|
keyring = { location = "europe-west1", name = "test" }
|
||||||
keys = { key-a = null, key-b = null, key-c = null }
|
keys = { key-a = null, key-b = null, key-c = null }
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=4
|
# tftest modules=1 resources=4
|
||||||
```
|
```
|
||||||
|
|
|
@ -27,12 +27,12 @@ module "addresses" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
internal_addresses = {
|
internal_addresses = {
|
||||||
ilb-1 = {
|
ilb-1 = {
|
||||||
purpose = "SHARED_LOADBALANCER_VIP"
|
purpose = "SHARED_LOADBALANCER_VIP"
|
||||||
region = var.region
|
region = var.region
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
}
|
}
|
||||||
ilb-2 = {
|
ilb-2 = {
|
||||||
address = "10.0.0.2"
|
address = "10.0.0.2"
|
||||||
region = var.region
|
region = var.region
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
}
|
}
|
||||||
|
@ -66,11 +66,11 @@ module "addresses" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
psc_addresses = {
|
psc_addresses = {
|
||||||
one = {
|
one = {
|
||||||
address = null
|
address = null
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
}
|
}
|
||||||
two = {
|
two = {
|
||||||
address = "10.0.0.32"
|
address = "10.0.0.32"
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -117,7 +117,7 @@ The module uses a classic Global Load Balancer by default. To use the non-classi
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "glb-0" {
|
module "glb-0" {
|
||||||
source = "./fabric/modules/net-glb"
|
source = "./fabric/modules/net-glb"
|
||||||
project_id = "myprj"
|
project_id = "myprj"
|
||||||
name = "glb-test-0"
|
name = "glb-test-0"
|
||||||
use_classic_version = false
|
use_classic_version = false
|
||||||
|
@ -320,8 +320,8 @@ module "glb-0" {
|
||||||
neg_configs = {
|
neg_configs = {
|
||||||
neg-0 = {
|
neg-0 = {
|
||||||
hybrid = {
|
hybrid = {
|
||||||
network = "projects/myprj-host/global/networks/svpc"
|
network = "projects/myprj-host/global/networks/svpc"
|
||||||
zone = "europe-west8-b"
|
zone = "europe-west8-b"
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
ip_address = "10.0.0.10"
|
ip_address = "10.0.0.10"
|
||||||
port = 80
|
port = 80
|
||||||
|
@ -355,10 +355,10 @@ module "glb-0" {
|
||||||
neg_configs = {
|
neg_configs = {
|
||||||
neg-0 = {
|
neg-0 = {
|
||||||
internet = {
|
internet = {
|
||||||
use_fqdn = true
|
use_fqdn = true
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
destination = "www.example.org"
|
destination = "www.example.org"
|
||||||
port = 80
|
port = 80
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -373,7 +373,7 @@ The module supports managing PSC NEGs if the non-classic version of the load bal
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "glb-0" {
|
module "glb-0" {
|
||||||
source = "./fabric/modules/net-glb"
|
source = "./fabric/modules/net-glb"
|
||||||
project_id = "myprj"
|
project_id = "myprj"
|
||||||
name = "glb-test-0"
|
name = "glb-test-0"
|
||||||
use_classic_version = false
|
use_classic_version = false
|
||||||
|
@ -390,7 +390,7 @@ module "glb-0" {
|
||||||
neg_configs = {
|
neg_configs = {
|
||||||
neg-0 = {
|
neg-0 = {
|
||||||
psc = {
|
psc = {
|
||||||
region = "europe-west8"
|
region = "europe-west8"
|
||||||
target_service = "europe-west8-cloudkms.googleapis.com"
|
target_service = "europe-west8-cloudkms.googleapis.com"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -465,7 +465,7 @@ module "glb-0" {
|
||||||
pathmap = {
|
pathmap = {
|
||||||
default_service = "default"
|
default_service = "default"
|
||||||
path_rules = [{
|
path_rules = [{
|
||||||
paths = ["/other", "/other/*"]
|
paths = ["/other", "/other/*"]
|
||||||
service = "other"
|
service = "other"
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -554,16 +554,16 @@ module "glb-0" {
|
||||||
neg-gce-0 = {
|
neg-gce-0 = {
|
||||||
backends = [{
|
backends = [{
|
||||||
balancing_mode = "RATE"
|
balancing_mode = "RATE"
|
||||||
backend = "neg-ew8-c"
|
backend = "neg-ew8-c"
|
||||||
max_rate = { per_endpoint = 10 }
|
max_rate = { per_endpoint = 10 }
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
neg-hybrid-0 = {
|
neg-hybrid-0 = {
|
||||||
backends = [{
|
backends = [{
|
||||||
backend = "neg-hello"
|
backend = "neg-hello"
|
||||||
}]
|
}]
|
||||||
health_checks = ["neg"]
|
health_checks = ["neg"]
|
||||||
protocol = "HTTPS"
|
protocol = "HTTPS"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
group_configs = {
|
group_configs = {
|
||||||
|
@ -600,7 +600,7 @@ module "glb-0" {
|
||||||
gce = {
|
gce = {
|
||||||
network = "projects/myprj-host/global/networks/svpc"
|
network = "projects/myprj-host/global/networks/svpc"
|
||||||
subnetwork = "projects/myprj-host/regions/europe-west8/subnetworks/gce"
|
subnetwork = "projects/myprj-host/regions/europe-west8/subnetworks/gce"
|
||||||
zone = "europe-west8-c"
|
zone = "europe-west8-c"
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
instance = "nginx-ew8-c"
|
instance = "nginx-ew8-c"
|
||||||
ip_address = "10.24.32.26"
|
ip_address = "10.24.32.26"
|
||||||
|
@ -610,8 +610,8 @@ module "glb-0" {
|
||||||
}
|
}
|
||||||
neg-hello = {
|
neg-hello = {
|
||||||
hybrid = {
|
hybrid = {
|
||||||
network = "projects/myprj-host/global/networks/svpc"
|
network = "projects/myprj-host/global/networks/svpc"
|
||||||
zone = "europe-west8-b"
|
zone = "europe-west8-b"
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
ip_address = "192.168.0.3"
|
ip_address = "192.168.0.3"
|
||||||
port = 443
|
port = 443
|
||||||
|
|
|
@ -176,7 +176,7 @@ module "ilb-l7" {
|
||||||
backend_service_configs = {
|
backend_service_configs = {
|
||||||
default = {
|
default = {
|
||||||
port_name = "http"
|
port_name = "http"
|
||||||
backends = [
|
backends = [
|
||||||
{ group = "default" }
|
{ group = "default" }
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -237,7 +237,7 @@ module "ilb-l7" {
|
||||||
default = {
|
default = {
|
||||||
backends = [{
|
backends = [{
|
||||||
balancing_mode = "RATE"
|
balancing_mode = "RATE"
|
||||||
group = "my-neg"
|
group = "my-neg"
|
||||||
max_rate = { per_endpoint = 1 }
|
max_rate = { per_endpoint = 1 }
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -245,11 +245,11 @@ module "ilb-l7" {
|
||||||
neg_configs = {
|
neg_configs = {
|
||||||
my-neg = {
|
my-neg = {
|
||||||
gce = {
|
gce = {
|
||||||
zone = "europe-west1-b"
|
zone = "europe-west1-b"
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
instance = "test-1"
|
instance = "test-1"
|
||||||
ip_address = "10.0.0.10"
|
ip_address = "10.0.0.10"
|
||||||
port = 80
|
port = 80
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -274,7 +274,7 @@ module "ilb-l7" {
|
||||||
default = {
|
default = {
|
||||||
backends = [{
|
backends = [{
|
||||||
balancing_mode = "RATE"
|
balancing_mode = "RATE"
|
||||||
group = "my-neg"
|
group = "my-neg"
|
||||||
max_rate = { per_endpoint = 1 }
|
max_rate = { per_endpoint = 1 }
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -282,10 +282,10 @@ module "ilb-l7" {
|
||||||
neg_configs = {
|
neg_configs = {
|
||||||
my-neg = {
|
my-neg = {
|
||||||
hybrid = {
|
hybrid = {
|
||||||
zone = "europe-west1-b"
|
zone = "europe-west1-b"
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
ip_address = "10.0.0.10"
|
ip_address = "10.0.0.10"
|
||||||
port = 80
|
port = 80
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -310,7 +310,7 @@ module "ilb-l7" {
|
||||||
default = {
|
default = {
|
||||||
backends = [{
|
backends = [{
|
||||||
balancing_mode = "RATE"
|
balancing_mode = "RATE"
|
||||||
group = "my-neg"
|
group = "my-neg"
|
||||||
max_rate = { per_endpoint = 1 }
|
max_rate = { per_endpoint = 1 }
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -367,7 +367,7 @@ module "ilb-l7" {
|
||||||
pathmap = {
|
pathmap = {
|
||||||
default_service = "default"
|
default_service = "default"
|
||||||
path_rules = [{
|
path_rules = [{
|
||||||
paths = ["/video", "/video/*"]
|
paths = ["/video", "/video/*"]
|
||||||
service = "video"
|
service = "video"
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
@ -521,7 +521,7 @@ module "ilb-l7" {
|
||||||
}
|
}
|
||||||
neg-home-hello = {
|
neg-home-hello = {
|
||||||
hybrid = {
|
hybrid = {
|
||||||
zone = "europe-west8-b"
|
zone = "europe-west8-b"
|
||||||
endpoints = [{
|
endpoints = [{
|
||||||
ip_address = "192.168.0.3"
|
ip_address = "192.168.0.3"
|
||||||
port = 443
|
port = 443
|
||||||
|
|
|
@ -37,7 +37,7 @@ module "ilb" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
backends = [{
|
backends = [{
|
||||||
group = module.ilb.groups.my-group.self_link
|
group = module.ilb.groups.my-group.self_link
|
||||||
}]
|
}]
|
||||||
health_check_config = {
|
health_check_config = {
|
||||||
http = {
|
http = {
|
||||||
|
@ -96,7 +96,7 @@ module "ilb" {
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
}
|
}
|
||||||
ports = [80]
|
ports = [80]
|
||||||
backends = [
|
backends = [
|
||||||
for z, mod in module.instance-group : {
|
for z, mod in module.instance-group : {
|
||||||
|
|
|
@ -44,11 +44,11 @@ module "firewall" {
|
||||||
default_rules_config = {
|
default_rules_config = {
|
||||||
admin_ranges = ["10.0.0.0/8"]
|
admin_ranges = ["10.0.0.0/8"]
|
||||||
}
|
}
|
||||||
egress_rules = {
|
egress_rules = {
|
||||||
# implicit `deny` action
|
# implicit `deny` action
|
||||||
allow-egress-rfc1918 = {
|
allow-egress-rfc1918 = {
|
||||||
description = "Allow egress to RFC 1918 ranges."
|
description = "Allow egress to RFC 1918 ranges."
|
||||||
destination_ranges = [
|
destination_ranges = [
|
||||||
"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
|
"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
|
||||||
]
|
]
|
||||||
# implicit { protocol = "all" } rule
|
# implicit { protocol = "all" } rule
|
||||||
|
@ -108,7 +108,7 @@ module "firewall" {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
network = "my-network"
|
network = "my-network"
|
||||||
default_rules_config = {
|
default_rules_config = {
|
||||||
ssh_ranges = []
|
ssh_ranges = []
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=2
|
# tftest modules=1 resources=2
|
||||||
|
@ -134,9 +134,9 @@ The module includes a rules factory (see [Resource Factories](../../blueprints/f
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "firewall" {
|
module "firewall" {
|
||||||
source = "./fabric/modules/net-vpc-firewall"
|
source = "./fabric/modules/net-vpc-firewall"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
network = "my-network"
|
network = "my-network"
|
||||||
factories_config = {
|
factories_config = {
|
||||||
rules_folder = "configs/firewall/rules"
|
rules_folder = "configs/firewall/rules"
|
||||||
cidr_tpl_file = "configs/firewall/cidrs.yaml"
|
cidr_tpl_file = "configs/firewall/cidrs.yaml"
|
||||||
|
|
|
@ -45,9 +45,9 @@ module "vpc-hub" {
|
||||||
project_id = "hub"
|
project_id = "hub"
|
||||||
name = "vpc-hub"
|
name = "vpc-hub"
|
||||||
subnets = [{
|
subnets = [{
|
||||||
ip_cidr_range = "10.0.0.0/24"
|
ip_cidr_range = "10.0.0.0/24"
|
||||||
name = "subnet-1"
|
name = "subnet-1"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,9 +56,9 @@ module "vpc-spoke-1" {
|
||||||
project_id = "spoke1"
|
project_id = "spoke1"
|
||||||
name = "vpc-spoke1"
|
name = "vpc-spoke1"
|
||||||
subnets = [{
|
subnets = [{
|
||||||
ip_cidr_range = "10.0.1.0/24"
|
ip_cidr_range = "10.0.1.0/24"
|
||||||
name = "subnet-2"
|
name = "subnet-2"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
}]
|
}]
|
||||||
peering_config = {
|
peering_config = {
|
||||||
peer_vpc_self_link = module.vpc-hub.self_link
|
peer_vpc_self_link = module.vpc-hub.self_link
|
||||||
|
@ -75,8 +75,8 @@ module "vpc-spoke-1" {
|
||||||
```hcl
|
```hcl
|
||||||
locals {
|
locals {
|
||||||
service_project_1 = {
|
service_project_1 = {
|
||||||
project_id = "project1"
|
project_id = "project1"
|
||||||
gke_service_account = "gke"
|
gke_service_account = "gke"
|
||||||
cloud_services_service_account = "cloudsvc"
|
cloud_services_service_account = "cloudsvc"
|
||||||
}
|
}
|
||||||
service_project_2 = {
|
service_project_2 = {
|
||||||
|
@ -128,9 +128,9 @@ module "vpc" {
|
||||||
name = "my-network"
|
name = "my-network"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = "10.0.0.0/24"
|
ip_cidr_range = "10.0.0.0/24"
|
||||||
name = "production"
|
name = "production"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
psa_config = {
|
psa_config = {
|
||||||
|
@ -151,13 +151,13 @@ module "vpc" {
|
||||||
name = "my-network"
|
name = "my-network"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = "10.0.0.0/24"
|
ip_cidr_range = "10.0.0.0/24"
|
||||||
name = "production"
|
name = "production"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
psa_config = {
|
psa_config = {
|
||||||
ranges = { myrange = "10.0.1.0/24" }
|
ranges = { myrange = "10.0.1.0/24" }
|
||||||
export_routes = true
|
export_routes = true
|
||||||
import_routes = true
|
import_routes = true
|
||||||
}
|
}
|
||||||
|
@ -205,7 +205,7 @@ module "vpc" {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "my-network"
|
name = "my-network"
|
||||||
dns_policy = {
|
dns_policy = {
|
||||||
inbound = true
|
inbound = true
|
||||||
outbound = {
|
outbound = {
|
||||||
private_ns = ["10.0.0.1"]
|
private_ns = ["10.0.0.1"]
|
||||||
public_ns = ["8.8.8.8"]
|
public_ns = ["8.8.8.8"]
|
||||||
|
@ -213,9 +213,9 @@ module "vpc" {
|
||||||
}
|
}
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = "10.0.0.0/24"
|
ip_cidr_range = "10.0.0.0/24"
|
||||||
name = "production"
|
name = "production"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,11 +23,11 @@ module "vm" {
|
||||||
|
|
||||||
|
|
||||||
module "vpn-dynamic" {
|
module "vpn-dynamic" {
|
||||||
source = "./fabric/modules/net-vpn-dynamic"
|
source = "./fabric/modules/net-vpn-dynamic"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
network = var.vpc.name
|
network = var.vpc.name
|
||||||
name = "gateway-1"
|
name = "gateway-1"
|
||||||
router_config = {
|
router_config = {
|
||||||
asn = 64514
|
asn = 64514
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,7 @@ module "vpn-1" {
|
||||||
name = "net1-to-net-2"
|
name = "net1-to-net-2"
|
||||||
peer_gateway = { gcp = module.vpn-2.self_link }
|
peer_gateway = { gcp = module.vpn-2.self_link }
|
||||||
router_config = {
|
router_config = {
|
||||||
asn = 64514
|
asn = 64514
|
||||||
custom_advertise = {
|
custom_advertise = {
|
||||||
all_subnets = true
|
all_subnets = true
|
||||||
ip_ranges = {
|
ip_ranges = {
|
||||||
|
@ -48,7 +48,7 @@ module "vpn-2" {
|
||||||
network = var.vpc2.self_link
|
network = var.vpc2.self_link
|
||||||
name = "net2-to-net1"
|
name = "net2-to-net1"
|
||||||
router_config = { asn = 64513 }
|
router_config = { asn = 64513 }
|
||||||
peer_gateway = { gcp = module.vpn-1.self_link}
|
peer_gateway = { gcp = module.vpn-1.self_link }
|
||||||
tunnels = {
|
tunnels = {
|
||||||
remote-0 = {
|
remote-0 = {
|
||||||
bgp_peer = {
|
bgp_peer = {
|
||||||
|
|
|
@ -16,7 +16,7 @@ To manage organization policies, the `orgpolicy.googleapis.com` service should b
|
||||||
module "org" {
|
module "org" {
|
||||||
source = "./fabric/modules/organization"
|
source = "./fabric/modules/organization"
|
||||||
organization_id = "organizations/1234567890"
|
organization_id = "organizations/1234567890"
|
||||||
group_iam = {
|
group_iam = {
|
||||||
"cloud-owners@example.org" = ["roles/owner", "roles/projectCreator"]
|
"cloud-owners@example.org" = ["roles/owner", "roles/projectCreator"]
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
|
@ -126,8 +126,8 @@ The example below deploys a few org policy custom constraints split between two
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "org" {
|
module "org" {
|
||||||
source = "./fabric/modules/organization"
|
source = "./fabric/modules/organization"
|
||||||
organization_id = var.organization_id
|
organization_id = var.organization_id
|
||||||
org_policy_custom_constraints_data_path = "configs/custom-constraints"
|
org_policy_custom_constraints_data_path = "configs/custom-constraints"
|
||||||
org_policies = {
|
org_policies = {
|
||||||
"custom.gkeEnableAutoUpgrade" = {
|
"custom.gkeEnableAutoUpgrade" = {
|
||||||
|
@ -333,7 +333,7 @@ module "org" {
|
||||||
debug = {
|
debug = {
|
||||||
destination = module.bucket.id
|
destination = module.bucket.id
|
||||||
filter = "severity=DEBUG"
|
filter = "severity=DEBUG"
|
||||||
exclusions = {
|
exclusions = {
|
||||||
no-compute = "logName:compute"
|
no-compute = "logName:compute"
|
||||||
}
|
}
|
||||||
type = "logging"
|
type = "logging"
|
||||||
|
@ -374,12 +374,12 @@ module "org" {
|
||||||
organization_id = var.organization_id
|
organization_id = var.organization_id
|
||||||
tags = {
|
tags = {
|
||||||
environment = {
|
environment = {
|
||||||
description = "Environment specification."
|
description = "Environment specification."
|
||||||
iam = {
|
iam = {
|
||||||
"roles/resourcemanager.tagAdmin" = ["group:admins@example.com"]
|
"roles/resourcemanager.tagAdmin" = ["group:admins@example.com"]
|
||||||
}
|
}
|
||||||
values = {
|
values = {
|
||||||
dev = {}
|
dev = {}
|
||||||
prod = {
|
prod = {
|
||||||
description = "Environment: production."
|
description = "Environment: production."
|
||||||
iam = {
|
iam = {
|
||||||
|
@ -405,13 +405,13 @@ module "org" {
|
||||||
organization_id = var.organization_id
|
organization_id = var.organization_id
|
||||||
network_tags = {
|
network_tags = {
|
||||||
net-environment = {
|
net-environment = {
|
||||||
description = "This is a network tag."
|
description = "This is a network tag."
|
||||||
network = "my_project/my_vpc"
|
network = "my_project/my_vpc"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/resourcemanager.tagAdmin" = ["group:admins@example.com"]
|
"roles/resourcemanager.tagAdmin" = ["group:admins@example.com"]
|
||||||
}
|
}
|
||||||
values = {
|
values = {
|
||||||
dev = null
|
dev = null
|
||||||
prod = {
|
prod = {
|
||||||
description = "Environment: production."
|
description = "Environment: production."
|
||||||
iam = {
|
iam = {
|
||||||
|
|
|
@ -26,7 +26,7 @@ module "project" {
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
parent = "folders/1234567890"
|
parent = "folders/1234567890"
|
||||||
prefix = "foo"
|
prefix = "foo"
|
||||||
services = [
|
services = [
|
||||||
"container.googleapis.com",
|
"container.googleapis.com",
|
||||||
"stackdriver.googleapis.com"
|
"stackdriver.googleapis.com"
|
||||||
]
|
]
|
||||||
|
@ -48,7 +48,7 @@ module "project" {
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
parent = "folders/1234567890"
|
parent = "folders/1234567890"
|
||||||
prefix = "foo"
|
prefix = "foo"
|
||||||
services = [
|
services = [
|
||||||
"container.googleapis.com",
|
"container.googleapis.com",
|
||||||
"stackdriver.googleapis.com"
|
"stackdriver.googleapis.com"
|
||||||
]
|
]
|
||||||
|
@ -70,17 +70,17 @@ Additive IAM is typically used where bindings for specific roles are controlled
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "project" {
|
module "project" {
|
||||||
source = "./fabric/modules/project"
|
source = "./fabric/modules/project"
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
iam_additive = {
|
iam_additive = {
|
||||||
"roles/viewer" = [
|
"roles/viewer" = [
|
||||||
"group:one@example.org",
|
"group:one@example.org",
|
||||||
"group:two@xample.org"
|
"group:two@xample.org"
|
||||||
],
|
],
|
||||||
"roles/storage.objectAdmin" = [
|
"roles/storage.objectAdmin" = [
|
||||||
"group:two@example.org"
|
"group:two@example.org"
|
||||||
],
|
],
|
||||||
"roles/owner" = [
|
"roles/owner" = [
|
||||||
"group:three@example.org"
|
"group:three@example.org"
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
@ -94,8 +94,8 @@ As mentioned above, there are cases where authoritative management of specific I
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "project" {
|
module "project" {
|
||||||
source = "./fabric/modules/project"
|
source = "./fabric/modules/project"
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
group_iam = {
|
group_iam = {
|
||||||
"foo@example.com" = [
|
"foo@example.com" = [
|
||||||
"roles/editor"
|
"roles/editor"
|
||||||
|
@ -120,8 +120,8 @@ You can enable Shared VPC Host at the project level and manage project service a
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "project" {
|
module "project" {
|
||||||
source = "./fabric/modules/project"
|
source = "./fabric/modules/project"
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
shared_vpc_host_config = {
|
shared_vpc_host_config = {
|
||||||
enabled = true
|
enabled = true
|
||||||
}
|
}
|
||||||
|
@ -133,16 +133,16 @@ module "project" {
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "project" {
|
module "project" {
|
||||||
source = "./fabric/modules/project"
|
source = "./fabric/modules/project"
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
shared_vpc_service_config = {
|
shared_vpc_service_config = {
|
||||||
attach = true
|
attach = true
|
||||||
host_project = "my-host-project"
|
host_project = "my-host-project"
|
||||||
service_identity_iam = {
|
service_identity_iam = {
|
||||||
"roles/compute.networkUser" = [
|
"roles/compute.networkUser" = [
|
||||||
"cloudservices", "container-engine"
|
"cloudservices", "container-engine"
|
||||||
]
|
]
|
||||||
"roles/vpcaccess.user" = [
|
"roles/vpcaccess.user" = [
|
||||||
"cloudrun"
|
"cloudrun"
|
||||||
]
|
]
|
||||||
"roles/container.hostServiceAgentUser" = [
|
"roles/container.hostServiceAgentUser" = [
|
||||||
|
@ -165,7 +165,7 @@ module "project" {
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
parent = "folders/1234567890"
|
parent = "folders/1234567890"
|
||||||
prefix = "foo"
|
prefix = "foo"
|
||||||
services = [
|
services = [
|
||||||
"container.googleapis.com",
|
"container.googleapis.com",
|
||||||
"stackdriver.googleapis.com"
|
"stackdriver.googleapis.com"
|
||||||
]
|
]
|
||||||
|
@ -409,8 +409,8 @@ module "org" {
|
||||||
organization_id = var.organization_id
|
organization_id = var.organization_id
|
||||||
tags = {
|
tags = {
|
||||||
environment = {
|
environment = {
|
||||||
description = "Environment specification."
|
description = "Environment specification."
|
||||||
iam = null
|
iam = null
|
||||||
values = {
|
values = {
|
||||||
dev = null
|
dev = null
|
||||||
prod = null
|
prod = null
|
||||||
|
@ -438,8 +438,8 @@ One non-obvious output is `service_accounts`, which offers a simple way to disco
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "project" {
|
module "project" {
|
||||||
source = "./fabric/modules/project"
|
source = "./fabric/modules/project"
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
services = [
|
services = [
|
||||||
"compute.googleapis.com"
|
"compute.googleapis.com"
|
||||||
]
|
]
|
||||||
|
|
|
@ -28,7 +28,7 @@ module "topic_with_schema" {
|
||||||
name = "my-topic"
|
name = "my-topic"
|
||||||
schema = {
|
schema = {
|
||||||
msg_encoding = "JSON"
|
msg_encoding = "JSON"
|
||||||
schema_type = "AVRO"
|
schema_type = "AVRO"
|
||||||
definition = jsonencode({
|
definition = jsonencode({
|
||||||
"type" = "record",
|
"type" = "record",
|
||||||
"name" = "Avro",
|
"name" = "Avro",
|
||||||
|
|
|
@ -16,7 +16,7 @@ The secret replication policy is automatically managed if no location is set, or
|
||||||
module "secret-manager" {
|
module "secret-manager" {
|
||||||
source = "./fabric/modules/secret-manager"
|
source = "./fabric/modules/secret-manager"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
secrets = {
|
secrets = {
|
||||||
test-auto = null
|
test-auto = null
|
||||||
test-manual = ["europe-west1", "europe-west4"]
|
test-manual = ["europe-west1", "europe-west4"]
|
||||||
}
|
}
|
||||||
|
@ -32,12 +32,12 @@ IAM bindings can be set per secret in the same way as for most other modules sup
|
||||||
module "secret-manager" {
|
module "secret-manager" {
|
||||||
source = "./fabric/modules/secret-manager"
|
source = "./fabric/modules/secret-manager"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
secrets = {
|
secrets = {
|
||||||
test-auto = null
|
test-auto = null
|
||||||
test-manual = ["europe-west1", "europe-west4"]
|
test-manual = ["europe-west1", "europe-west4"]
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
test-auto = {
|
test-auto = {
|
||||||
"roles/secretmanager.secretAccessor" = ["group:auto-readers@example.com"]
|
"roles/secretmanager.secretAccessor" = ["group:auto-readers@example.com"]
|
||||||
}
|
}
|
||||||
test-manual = {
|
test-manual = {
|
||||||
|
@ -56,7 +56,7 @@ As mentioned above, please be aware that **version data will be stored in state
|
||||||
module "secret-manager" {
|
module "secret-manager" {
|
||||||
source = "./fabric/modules/secret-manager"
|
source = "./fabric/modules/secret-manager"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
secrets = {
|
secrets = {
|
||||||
test-auto = null
|
test-auto = null
|
||||||
test-manual = ["europe-west1", "europe-west4"]
|
test-manual = ["europe-west1", "europe-west4"]
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,10 +11,10 @@ It can be used in conjunction with the [DNS](../dns) module to create [service-d
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "service-directory" {
|
module "service-directory" {
|
||||||
source = "./fabric/modules/service-directory"
|
source = "./fabric/modules/service-directory"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
name = "sd-1"
|
name = "sd-1"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/servicedirectory.editor" = [
|
"roles/servicedirectory.editor" = [
|
||||||
"serviceAccount:namespace-editor@example.com"
|
"serviceAccount:namespace-editor@example.com"
|
||||||
|
@ -28,10 +28,10 @@ module "service-directory" {
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "service-directory" {
|
module "service-directory" {
|
||||||
source = "./fabric/modules/service-directory"
|
source = "./fabric/modules/service-directory"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
name = "sd-1"
|
name = "sd-1"
|
||||||
services = {
|
services = {
|
||||||
one = {
|
one = {
|
||||||
endpoints = ["first", "second"]
|
endpoints = ["first", "second"]
|
||||||
|
@ -59,9 +59,9 @@ Wiring a service directory namespace to a private DNS zone allows querying the n
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "service-directory" {
|
module "service-directory" {
|
||||||
source = "./fabric/modules/service-directory"
|
source = "./fabric/modules/service-directory"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
name = "apps"
|
name = "apps"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/servicedirectory.editor" = [
|
"roles/servicedirectory.editor" = [
|
||||||
|
|
|
@ -27,16 +27,16 @@ module "repo" {
|
||||||
name = "my-repo"
|
name = "my-repo"
|
||||||
triggers = {
|
triggers = {
|
||||||
foo = {
|
foo = {
|
||||||
filename = "ci/workflow-foo.yaml"
|
filename = "ci/workflow-foo.yaml"
|
||||||
included_files = ["**/*tf"]
|
included_files = ["**/*tf"]
|
||||||
service_account = null
|
service_account = null
|
||||||
substitutions = {
|
substitutions = {
|
||||||
BAR = 1
|
BAR = 1
|
||||||
}
|
}
|
||||||
template = {
|
template = {
|
||||||
branch_name = "main"
|
branch_name = "main"
|
||||||
project_id = null
|
project_id = null
|
||||||
tag_name = null
|
tag_name = null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,7 +120,7 @@ module "test" {
|
||||||
to = {
|
to = {
|
||||||
operations = [{
|
operations = [{
|
||||||
method_selectors = ["*"]
|
method_selectors = ["*"]
|
||||||
service_name = "storage.googleapis.com"
|
service_name = "storage.googleapis.com"
|
||||||
}]
|
}]
|
||||||
resources = ["projects/123456789"]
|
resources = ["projects/123456789"]
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,9 +24,9 @@ BLUEPRINTS_PATH = FABRIC_ROOT / 'blueprints/'
|
||||||
MODULES_PATH = FABRIC_ROOT / 'modules/'
|
MODULES_PATH = FABRIC_ROOT / 'modules/'
|
||||||
SUBMODULES_PATH = MODULES_PATH / 'cloud-config-container'
|
SUBMODULES_PATH = MODULES_PATH / 'cloud-config-container'
|
||||||
|
|
||||||
FILE_TEST_RE = re.compile(r'# tftest-file id=(\w+) path=([\S]+)')
|
FILE_TEST_RE = re.compile(r'# tftest-file +id=(\w+) +path=([\S]+)')
|
||||||
|
|
||||||
Example = collections.namedtuple('Example', 'code module files')
|
Example = collections.namedtuple('Example', 'name code module files')
|
||||||
File = collections.namedtuple('File', 'path content')
|
File = collections.namedtuple('File', 'path content')
|
||||||
|
|
||||||
|
|
||||||
|
@ -71,11 +71,11 @@ def pytest_generate_tests(metafunc):
|
||||||
continue
|
continue
|
||||||
if child.lang == 'hcl':
|
if child.lang == 'hcl':
|
||||||
path = module.relative_to(FABRIC_ROOT)
|
path = module.relative_to(FABRIC_ROOT)
|
||||||
examples.append(Example(code, path, files[last_header]))
|
|
||||||
name = f'{path}:{last_header}'
|
name = f'{path}:{last_header}'
|
||||||
if index > 1:
|
if index > 1:
|
||||||
name += f' {index}'
|
name += f' {index}'
|
||||||
ids.append(name)
|
ids.append(name)
|
||||||
|
examples.append(Example(name, code, path, files[last_header]))
|
||||||
elif isinstance(child, marko.block.Heading):
|
elif isinstance(child, marko.block.Heading):
|
||||||
last_header = child.children[0].children
|
last_header = child.children[0].children
|
||||||
index = 0
|
index = 0
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
|
import subprocess
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
BASE_PATH = Path(__file__).parent
|
BASE_PATH = Path(__file__).parent
|
||||||
|
@ -52,5 +53,12 @@ def test_example(plan_validator, tmp_path, example):
|
||||||
assert expected_modules == num_modules, 'wrong number of modules'
|
assert expected_modules == num_modules, 'wrong number of modules'
|
||||||
assert expected_resources == num_resources, 'wrong number of resources'
|
assert expected_resources == num_resources, 'wrong number of resources'
|
||||||
|
|
||||||
|
# TODO(jccb): this should probably be done in check_documentation
|
||||||
|
# but we already have all the data here.
|
||||||
|
result = subprocess.run(
|
||||||
|
'terraform fmt -check -diff -no-color main.tf'.split(), cwd=tmp_path,
|
||||||
|
stdout=subprocess.PIPE, encoding='utf-8')
|
||||||
|
assert result.returncode == 0, f'terraform code not formatted correctly\n{result.stdout}'
|
||||||
|
|
||||||
else:
|
else:
|
||||||
assert False, "can't find tftest directive"
|
assert False, "can't find tftest directive"
|
||||||
|
|
Loading…
Reference in New Issue