Update factories and apigee tests
This commit is contained in:
parent
b186365cab
commit
edce6edd28
|
@ -76,3 +76,35 @@ Do the following to verify that everything works as expected.
|
||||||
| [ip_address](outputs.tf#L17) | IP address. | |
|
| [ip_address](outputs.tf#L17) | IP address. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
## Test
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "test" {
|
||||||
|
source = "./fabric/blueprints/apigee/bigquery-analytics"
|
||||||
|
project_create = {
|
||||||
|
billing_account_id = "12345-12345-12345"
|
||||||
|
parent = "folders/123456789"
|
||||||
|
}
|
||||||
|
project_id = "my-project"
|
||||||
|
envgroups = {
|
||||||
|
test = ["test.cool-demos.space"]
|
||||||
|
}
|
||||||
|
environments = {
|
||||||
|
apis-test = {
|
||||||
|
envgroups = ["test"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
instances = {
|
||||||
|
instance-ew1 = {
|
||||||
|
region = "europe-west1"
|
||||||
|
environments = ["apis-test"]
|
||||||
|
runtime_ip_cidr_range = "10.0.4.0/22"
|
||||||
|
troubleshooting_ip_cidr_range = "10.1.0.0/28"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
psc_config = {
|
||||||
|
europe-west1 = "10.0.0.0/28"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# tftest modules=10 resources=62
|
||||||
|
```
|
||||||
|
|
|
@ -29,7 +29,7 @@ The diagram below depicts the architecture.
|
||||||
|
|
||||||
5. Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command
|
5. Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command
|
||||||
|
|
||||||
ansible-playbook playbook.yaml -vvvß
|
ansible-playbook playbook.yaml -vvv
|
||||||
|
|
||||||
## Testing the blueprint
|
## Testing the blueprint
|
||||||
|
|
||||||
|
@ -67,3 +67,18 @@ The diagram below depicts the architecture.
|
||||||
| [ip_address](outputs.tf#L17) | GLB IP address. | |
|
| [ip_address](outputs.tf#L17) | GLB IP address. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
||||||
|
## Test
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "test" {
|
||||||
|
source = "./fabric/blueprints/apigee/hybrid-gke"
|
||||||
|
project_create = {
|
||||||
|
billing_account_id = "12345-12345-12345"
|
||||||
|
parent = "folders/123456789"
|
||||||
|
}
|
||||||
|
project_id = "my-project"
|
||||||
|
hostname = "test.myorg.org"
|
||||||
|
}
|
||||||
|
# tftest modules=18 resources=59
|
||||||
|
```
|
||||||
|
|
|
@ -67,3 +67,17 @@ Do the following to verify that everything works as expected.
|
||||||
| [ip_address](outputs.tf#L17) | GLB IP address. | |
|
| [ip_address](outputs.tf#L17) | GLB IP address. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
||||||
|
## Test
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "test" {
|
||||||
|
source = "./fabric/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg"
|
||||||
|
billing_account_id = "12345-12345-12345"
|
||||||
|
parent = "folders/123456789"
|
||||||
|
apigee_project_id = "my-apigee-project"
|
||||||
|
onprem_project_id = "my-onprem-project"
|
||||||
|
hostname = "test.myorg.org"
|
||||||
|
}
|
||||||
|
# tftest modules=14 resources=73
|
||||||
|
```
|
||||||
|
|
|
@ -74,6 +74,7 @@ This blueprint can be used as a building block for setting up an end2end ML Ops
|
||||||
| [project_id](outputs.tf#L49) | Project ID. | |
|
| [project_id](outputs.tf#L49) | Project ID. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
- Add support for User Managed Notebooks, SA permission option and non default SA for Single User mode.
|
- Add support for User Managed Notebooks, SA permission option and non default SA for Single User mode.
|
||||||
- Improve default naming for local VPC and Cloud NAT
|
- Improve default naming for local VPC and Cloud NAT
|
||||||
|
|
|
@ -71,6 +71,7 @@ module "bq" {
|
||||||
| [views_path](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
|
| [views_path](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
- [ ] add external table support
|
- [ ] add external table support
|
||||||
|
|
|
@ -9,13 +9,22 @@ Yaml abstraction for Groups can simplify groups creation and members management.
|
||||||
### Terraform code
|
### Terraform code
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "prod-firewall" {
|
module "groups" {
|
||||||
source = "./fabric/blueprints/factories/cloud-identity-group-factory"
|
source = "./fabric/blueprints/factories/cloud-identity-group-factory"
|
||||||
|
|
||||||
customer_id = "customers/C0xxxxxxx"
|
customer_id = "customers/C0xxxxxxx"
|
||||||
data_dir = "data"
|
data_dir = "data"
|
||||||
}
|
}
|
||||||
# tftest skip
|
# tftest modules=2 resources=3 files=group1 inventory=example.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# tftest-file id=group1 path=data/group1@example.com.yaml
|
||||||
|
display_name: Group 1
|
||||||
|
description: Group 1
|
||||||
|
members:
|
||||||
|
- user1@example.com
|
||||||
|
managers:
|
||||||
|
- user2@example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
### Configuration Structure
|
### Configuration Structure
|
||||||
|
|
|
@ -17,8 +17,8 @@ module "prod-firewall" {
|
||||||
project_id = "my-prod-project"
|
project_id = "my-prod-project"
|
||||||
network = "my-prod-network"
|
network = "my-prod-network"
|
||||||
config_directories = [
|
config_directories = [
|
||||||
"./prod",
|
"./firewall/prod",
|
||||||
"./common"
|
"./firewall/common"
|
||||||
]
|
]
|
||||||
|
|
||||||
log_config = {
|
log_config = {
|
||||||
|
@ -32,13 +32,86 @@ module "dev-firewall" {
|
||||||
project_id = "my-dev-project"
|
project_id = "my-dev-project"
|
||||||
network = "my-dev-network"
|
network = "my-dev-network"
|
||||||
config_directories = [
|
config_directories = [
|
||||||
"./dev",
|
"./firewall/dev",
|
||||||
"./common"
|
"./firewall/common"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
# tftest skip
|
# tftest modules=2 resources=16 files=common,dev,prod inventory=example.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# tftest-file id=common path=firewall/common/common.yaml
|
||||||
|
# allow ingress from GCLB to all instances in the network
|
||||||
|
lb-health-checks:
|
||||||
|
allow:
|
||||||
|
- ports: []
|
||||||
|
protocol: tcp
|
||||||
|
direction: INGRESS
|
||||||
|
priority: 1001
|
||||||
|
source_ranges:
|
||||||
|
- 35.191.0.0/16
|
||||||
|
- 130.211.0.0/22
|
||||||
|
|
||||||
|
# deny all egress
|
||||||
|
deny-all:
|
||||||
|
deny:
|
||||||
|
- ports: []
|
||||||
|
protocol: all
|
||||||
|
direction: EGRESS
|
||||||
|
priority: 65535
|
||||||
|
destination_ranges:
|
||||||
|
- 0.0.0.0/0
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# tftest-file id=dev path=firewall/dev/app.yaml
|
||||||
|
# Myapp egress
|
||||||
|
web-app-dev-egress:
|
||||||
|
allow:
|
||||||
|
- ports: [443]
|
||||||
|
protocol: tcp
|
||||||
|
direction: EGRESS
|
||||||
|
destination_ranges:
|
||||||
|
- 192.168.0.0/24
|
||||||
|
target_service_accounts:
|
||||||
|
- myapp@myproject-dev.iam.gserviceaccount.com
|
||||||
|
# Myapp ingress
|
||||||
|
web-app-dev-ingress:
|
||||||
|
allow:
|
||||||
|
- ports: [1234]
|
||||||
|
protocol: tcp
|
||||||
|
direction: INGRESS
|
||||||
|
source_service_accounts:
|
||||||
|
- frontend-sa@myproject-dev.iam.gserviceaccount.com
|
||||||
|
target_service_accounts:
|
||||||
|
- web-app-a@myproject-dev.iam.gserviceaccount.com
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# tftest-file id=prod path=firewall/prod/app.yaml
|
||||||
|
# Myapp egress
|
||||||
|
web-app-prod-egress:
|
||||||
|
allow:
|
||||||
|
- ports: [443]
|
||||||
|
protocol: tcp
|
||||||
|
direction: EGRESS
|
||||||
|
destination_ranges:
|
||||||
|
- 192.168.10.0/24
|
||||||
|
target_service_accounts:
|
||||||
|
- myapp@myproject-prod.iam.gserviceaccount.com
|
||||||
|
# Myapp ingress
|
||||||
|
web-app-prod-ingress:
|
||||||
|
allow:
|
||||||
|
- ports: [1234]
|
||||||
|
protocol: tcp
|
||||||
|
direction: INGRESS
|
||||||
|
source_service_accounts:
|
||||||
|
- frontend-sa@myproject-prod.iam.gserviceaccount.com
|
||||||
|
target_service_accounts:
|
||||||
|
- web-app-a@myproject-prod.iam.gserviceaccount.com
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
### Configuration Structure
|
### Configuration Structure
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -86,54 +159,6 @@ rule-name: # descriptive name, naming convention is adjusted by the module
|
||||||
- myapp@myproject-id.iam.gserviceaccount.com
|
- myapp@myproject-id.iam.gserviceaccount.com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
Firewall rules example yaml configuration
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cat ./prod/core-network/common-rules.yaml
|
|
||||||
# allow ingress from GCLB to all instances in the network
|
|
||||||
lb-health-checks:
|
|
||||||
allow:
|
|
||||||
- ports: []
|
|
||||||
protocol: tcp
|
|
||||||
direction: INGRESS
|
|
||||||
priority: 1001
|
|
||||||
source_ranges:
|
|
||||||
- 35.191.0.0/16
|
|
||||||
- 130.211.0.0/22
|
|
||||||
|
|
||||||
# deny all egress
|
|
||||||
deny-all:
|
|
||||||
deny:
|
|
||||||
- ports: []
|
|
||||||
protocol: all
|
|
||||||
direction: EGRESS
|
|
||||||
priority: 65535
|
|
||||||
destination_ranges:
|
|
||||||
- 0.0.0.0/0
|
|
||||||
|
|
||||||
cat ./dev/team-a/web-app-a.yaml
|
|
||||||
# Myapp egress
|
|
||||||
web-app-a-egress:
|
|
||||||
allow:
|
|
||||||
- ports: [443]
|
|
||||||
protocol: tcp
|
|
||||||
direction: EGRESS
|
|
||||||
destination_ranges:
|
|
||||||
- 192.168.0.0/24
|
|
||||||
target_service_accounts:
|
|
||||||
- myapp@myproject-id.iam.gserviceaccount.com
|
|
||||||
# Myapp ingress
|
|
||||||
web-app-a-ingress:
|
|
||||||
allow:
|
|
||||||
- ports: [1234]
|
|
||||||
protocol: tcp
|
|
||||||
direction: INGRESS
|
|
||||||
source_service_accounts:
|
|
||||||
- frontend-sa@myproject-id.iam.gserviceaccount.com
|
|
||||||
target_service_accounts:
|
|
||||||
- web-app-a@myproject-id.iam.gserviceaccount.com
|
|
||||||
```
|
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
|
@ -76,7 +76,7 @@ module "projects" {
|
||||||
service_identities_iam = try(each.value.service_identities_iam, {})
|
service_identities_iam = try(each.value.service_identities_iam, {})
|
||||||
vpc = try(each.value.vpc, null)
|
vpc = try(each.value.vpc, null)
|
||||||
}
|
}
|
||||||
# tftest modules=7 resources=29
|
# tftest modules=7 resources=30 inventory=example.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
### Projects configuration
|
### Projects configuration
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
|
@ -44,7 +44,8 @@ kms_service_agents:
|
||||||
|
|
||||||
# [opt] Labels for the project - merged with the ones defined in defaults
|
# [opt] Labels for the project - merged with the ones defined in defaults
|
||||||
labels:
|
labels:
|
||||||
environment: dev
|
environment: dev2
|
||||||
|
costcenter: apps
|
||||||
|
|
||||||
# [opt] Org policy overrides defined at project level
|
# [opt] Org policy overrides defined at project level
|
||||||
org_policies:
|
org_policies:
|
||||||
|
@ -70,7 +71,7 @@ service_accounts:
|
||||||
another-service-account:
|
another-service-account:
|
||||||
- roles/compute.admin
|
- roles/compute.admin
|
||||||
my-service-account:
|
my-service-account:
|
||||||
- roles/compute.admin
|
- roles/compute.adminv1
|
||||||
|
|
||||||
# [opt] APIs to enable on the project.
|
# [opt] APIs to enable on the project.
|
||||||
services:
|
services:
|
||||||
|
@ -103,4 +104,4 @@ vpc:
|
||||||
subnets_iam:
|
subnets_iam:
|
||||||
europe-west1/dev-default-ew1:
|
europe-west1/dev-default-ew1:
|
||||||
- user:foobar@example.com
|
- user:foobar@example.com
|
||||||
- serviceAccount:service-account1
|
- serviceAccount:my-service-account
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
|
@ -1,24 +0,0 @@
|
||||||
project_create = {
|
|
||||||
billing_account_id = "12345-12345-12345"
|
|
||||||
parent = "folders/123456789"
|
|
||||||
}
|
|
||||||
project_id = "my-project"
|
|
||||||
envgroups = {
|
|
||||||
test = ["test.cool-demos.space"]
|
|
||||||
}
|
|
||||||
environments = {
|
|
||||||
apis-test = {
|
|
||||||
envgroups = ["test"]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
instances = {
|
|
||||||
instance-ew1 = {
|
|
||||||
region = "europe-west1"
|
|
||||||
environments = ["apis-test"]
|
|
||||||
runtime_ip_cidr_range = "10.0.4.0/22"
|
|
||||||
troubleshooting_ip_cidr_range = "10.1.0.0/28"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
psc_config = {
|
|
||||||
europe-west1 = "10.0.0.0/28"
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
counts:
|
|
||||||
modules: 9
|
|
||||||
resources: 62
|
|
|
@ -1,18 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
module: blueprints/apigee/bigquery-analytics
|
|
||||||
|
|
||||||
tests:
|
|
||||||
basic:
|
|
|
@ -1,13 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
|
@ -1,6 +0,0 @@
|
||||||
project_create = {
|
|
||||||
billing_account_id = "12345-12345-12345"
|
|
||||||
parent = "folders/123456789"
|
|
||||||
}
|
|
||||||
project_id = "my-project"
|
|
||||||
hostname = "test.myorg.org"
|
|
|
@ -1,17 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
counts:
|
|
||||||
modules: 17
|
|
||||||
resources: 59
|
|
|
@ -1,18 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
module: blueprints/apigee/hybrid-gke
|
|
||||||
|
|
||||||
tests:
|
|
||||||
basic:
|
|
|
@ -1,13 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
|
@ -1,5 +0,0 @@
|
||||||
billing_account_id = "12345-12345-12345"
|
|
||||||
parent = "folders/123456789"
|
|
||||||
apigee_project_id = "my-apigee-project"
|
|
||||||
onprem_project_id = "my-onprem-project"
|
|
||||||
hostname = "test.myorg.org"
|
|
|
@ -1,17 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
counts:
|
|
||||||
modules: 13
|
|
||||||
resources: 73
|
|
|
@ -1,18 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
module: blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg
|
|
||||||
|
|
||||||
tests:
|
|
||||||
basic:
|
|
|
@ -1,13 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.groups.module.group["group1@example.com"].google_cloud_identity_group.group:
|
||||||
|
description: Group 1
|
||||||
|
display_name: Group 1
|
||||||
|
group_key:
|
||||||
|
- id: group1@example.com
|
||||||
|
namespace: null
|
||||||
|
initial_group_config: EMPTY
|
||||||
|
labels:
|
||||||
|
cloudidentity.googleapis.com/groups.discussion_forum: ''
|
||||||
|
parent: customers/C0xxxxxxx
|
||||||
|
module.groups.module.group["group1@example.com"].google_cloud_identity_group_membership.managers["user2@example.com"]:
|
||||||
|
preferred_member_key:
|
||||||
|
- id: user2@example.com
|
||||||
|
namespace: null
|
||||||
|
roles:
|
||||||
|
- name: MANAGER
|
||||||
|
- name: MEMBER
|
||||||
|
module.groups.module.group["group1@example.com"].google_cloud_identity_group_membership.members["user1@example.com"]:
|
||||||
|
preferred_member_key:
|
||||||
|
- id: user1@example.com
|
||||||
|
namespace: null
|
||||||
|
roles:
|
||||||
|
- name: MEMBER
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_cloud_identity_group: 1
|
||||||
|
google_cloud_identity_group_membership: 2
|
|
@ -1,8 +0,0 @@
|
||||||
# skip boilerplate check
|
|
||||||
|
|
||||||
display_name: Group 1
|
|
||||||
description: Group 1
|
|
||||||
members:
|
|
||||||
- user1@example.com
|
|
||||||
managers:
|
|
||||||
- user2@example.com
|
|
|
@ -1,21 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
module "test" {
|
|
||||||
source = "../../../../../blueprints/factories/cloud-identity-group-factory/"
|
|
||||||
customer_id = "customers/C01234567"
|
|
||||||
data_dir = "data"
|
|
||||||
}
|
|
|
@ -1,19 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
def test_resources(e2e_plan_runner):
|
|
||||||
"Test that plan works and the numbers of resources is as expected."
|
|
||||||
modules, resources = e2e_plan_runner()
|
|
||||||
assert len(modules) == 1
|
|
||||||
assert len(resources) == 3
|
|
|
@ -1,13 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
|
@ -0,0 +1,188 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.dev-firewall.google_compute_firewall.rules["deny-all"]:
|
||||||
|
allow: []
|
||||||
|
deny:
|
||||||
|
- ports: []
|
||||||
|
protocol: all
|
||||||
|
destination_ranges:
|
||||||
|
- 0.0.0.0/0
|
||||||
|
direction: EGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config: []
|
||||||
|
name: fwr-my-dev-network-all-e-deny-all
|
||||||
|
network: my-dev-network
|
||||||
|
priority: 65535
|
||||||
|
project: my-dev-project
|
||||||
|
source_ranges: null
|
||||||
|
source_service_accounts: null
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts: null
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.dev-firewall.google_compute_firewall.rules["lb-health-checks"]:
|
||||||
|
allow:
|
||||||
|
- ports: []
|
||||||
|
protocol: tcp
|
||||||
|
deny: []
|
||||||
|
direction: INGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config: []
|
||||||
|
name: fwr-my-dev-network-all-i-lb-health-checks
|
||||||
|
network: my-dev-network
|
||||||
|
priority: 1001
|
||||||
|
project: my-dev-project
|
||||||
|
source_ranges:
|
||||||
|
- 130.211.0.0/22
|
||||||
|
- 35.191.0.0/16
|
||||||
|
source_service_accounts: null
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts: null
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.dev-firewall.google_compute_firewall.rules["web-app-dev-egress"]:
|
||||||
|
allow:
|
||||||
|
- ports:
|
||||||
|
- '443'
|
||||||
|
protocol: tcp
|
||||||
|
deny: []
|
||||||
|
destination_ranges:
|
||||||
|
- 192.168.0.0/24
|
||||||
|
direction: EGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config: []
|
||||||
|
name: fwr-my-dev-network-sac-e-web-app-dev-egress
|
||||||
|
network: my-dev-network
|
||||||
|
priority: 1000
|
||||||
|
project: my-dev-project
|
||||||
|
source_ranges: null
|
||||||
|
source_service_accounts: null
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts:
|
||||||
|
- myapp@myproject-dev.iam.gserviceaccount.com
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.dev-firewall.google_compute_firewall.rules["web-app-dev-ingress"]:
|
||||||
|
allow:
|
||||||
|
- ports:
|
||||||
|
- '1234'
|
||||||
|
protocol: tcp
|
||||||
|
deny: []
|
||||||
|
direction: INGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config: []
|
||||||
|
name: fwr-my-dev-network-sac-i-web-app-dev-ingress
|
||||||
|
network: my-dev-network
|
||||||
|
priority: 1000
|
||||||
|
project: my-dev-project
|
||||||
|
source_ranges: null
|
||||||
|
source_service_accounts:
|
||||||
|
- frontend-sa@myproject-dev.iam.gserviceaccount.com
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts:
|
||||||
|
- web-app-a@myproject-dev.iam.gserviceaccount.com
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.prod-firewall.google_compute_firewall.rules["deny-all"]:
|
||||||
|
allow: []
|
||||||
|
deny:
|
||||||
|
- ports: []
|
||||||
|
protocol: all
|
||||||
|
destination_ranges:
|
||||||
|
- 0.0.0.0/0
|
||||||
|
direction: EGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config:
|
||||||
|
- metadata: INCLUDE_ALL_METADATA
|
||||||
|
name: fwr-my-prod-network-all-e-deny-all
|
||||||
|
network: my-prod-network
|
||||||
|
priority: 65535
|
||||||
|
project: my-prod-project
|
||||||
|
source_ranges: null
|
||||||
|
source_service_accounts: null
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts: null
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.prod-firewall.google_compute_firewall.rules["lb-health-checks"]:
|
||||||
|
allow:
|
||||||
|
- ports: []
|
||||||
|
protocol: tcp
|
||||||
|
deny: []
|
||||||
|
direction: INGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config:
|
||||||
|
- metadata: INCLUDE_ALL_METADATA
|
||||||
|
name: fwr-my-prod-network-all-i-lb-health-checks
|
||||||
|
network: my-prod-network
|
||||||
|
priority: 1001
|
||||||
|
project: my-prod-project
|
||||||
|
source_ranges:
|
||||||
|
- 130.211.0.0/22
|
||||||
|
- 35.191.0.0/16
|
||||||
|
source_service_accounts: null
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts: null
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.prod-firewall.google_compute_firewall.rules["web-app-prod-egress"]:
|
||||||
|
allow:
|
||||||
|
- ports:
|
||||||
|
- '443'
|
||||||
|
protocol: tcp
|
||||||
|
deny: []
|
||||||
|
destination_ranges:
|
||||||
|
- 192.168.10.0/24
|
||||||
|
direction: EGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config:
|
||||||
|
- metadata: INCLUDE_ALL_METADATA
|
||||||
|
name: fwr-my-prod-network-sac-e-web-app-prod-egress
|
||||||
|
network: my-prod-network
|
||||||
|
priority: 1000
|
||||||
|
project: my-prod-project
|
||||||
|
source_ranges: null
|
||||||
|
source_service_accounts: null
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts:
|
||||||
|
- myapp@myproject-prod.iam.gserviceaccount.com
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
module.prod-firewall.google_compute_firewall.rules["web-app-prod-ingress"]:
|
||||||
|
allow:
|
||||||
|
- ports:
|
||||||
|
- '1234'
|
||||||
|
protocol: tcp
|
||||||
|
deny: []
|
||||||
|
direction: INGRESS
|
||||||
|
disabled: null
|
||||||
|
log_config:
|
||||||
|
- metadata: INCLUDE_ALL_METADATA
|
||||||
|
name: fwr-my-prod-network-sac-i-web-app-prod-ingress
|
||||||
|
network: my-prod-network
|
||||||
|
priority: 1000
|
||||||
|
project: my-prod-project
|
||||||
|
source_ranges: null
|
||||||
|
source_service_accounts:
|
||||||
|
- frontend-sa@myproject-prod.iam.gserviceaccount.com
|
||||||
|
source_tags: null
|
||||||
|
target_service_accounts:
|
||||||
|
- web-app-a@myproject-prod.iam.gserviceaccount.com
|
||||||
|
target_tags: null
|
||||||
|
timeouts: null
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_compute_firewall: 8
|
|
@ -1,25 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
module "firewall" {
|
|
||||||
source = "../../../../../blueprints/factories/net-vpc-firewall-yaml"
|
|
||||||
project_id = "my-project"
|
|
||||||
network = "my-network"
|
|
||||||
config_directories = [
|
|
||||||
"./rules"
|
|
||||||
]
|
|
||||||
log_config = var.log_config
|
|
||||||
}
|
|
|
@ -1,34 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
# allow ingress from GCLB to all instances in the network
|
|
||||||
lb-health-checks:
|
|
||||||
allow:
|
|
||||||
- ports: []
|
|
||||||
protocol: tcp
|
|
||||||
direction: INGRESS
|
|
||||||
priority: 1001
|
|
||||||
source_ranges:
|
|
||||||
- 35.191.0.0/16
|
|
||||||
- 130.211.0.0/22
|
|
||||||
|
|
||||||
# deny all egress
|
|
||||||
deny-all:
|
|
||||||
deny:
|
|
||||||
- ports: []
|
|
||||||
protocol: all
|
|
||||||
direction: EGRESS
|
|
||||||
priority: 65535
|
|
||||||
destination_ranges:
|
|
||||||
- 0.0.0.0/0
|
|
|
@ -1,23 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
variable "log_config" {
|
|
||||||
description = "Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging."
|
|
||||||
type = object({
|
|
||||||
metadata = string
|
|
||||||
})
|
|
||||||
default = null
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
def test_firewall_simple(plan_runner):
|
|
||||||
"Test firewall rules from rules/common.yaml with no extra options."
|
|
||||||
_, resources = plan_runner()
|
|
||||||
assert len(resources) == 4
|
|
||||||
assert set(r['type'] for r in resources) == set([
|
|
||||||
'google_compute_firewall', 'time_static'
|
|
||||||
])
|
|
||||||
firewall_values = [r['values'] for r in resources if r['type']
|
|
||||||
== 'google_compute_firewall']
|
|
||||||
assert set([f['project'] for f in firewall_values]) == set(['my-project'])
|
|
||||||
assert set([f['network'] for f in firewall_values]) == set(['my-network'])
|
|
||||||
|
|
||||||
|
|
||||||
def test_firewall_log_config(plan_runner):
|
|
||||||
"Test firewall rules log configuration."
|
|
||||||
log_config = """ {
|
|
||||||
metadata = "INCLUDE_ALL_METADATA"
|
|
||||||
}
|
|
||||||
"""
|
|
||||||
log_config_value = [{"metadata": "INCLUDE_ALL_METADATA"}]
|
|
||||||
_, resources = plan_runner(log_config=log_config)
|
|
||||||
assert len(resources) == 4
|
|
||||||
assert set(r['type'] for r in resources) == set([
|
|
||||||
'google_compute_firewall', 'time_static'
|
|
||||||
])
|
|
||||||
firewall_values = [r['values'] for r in resources if r['type']
|
|
||||||
== 'google_compute_firewall']
|
|
||||||
assert all(f['log_config'] == log_config_value for f in firewall_values)
|
|
|
@ -1,13 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
|
@ -1,25 +0,0 @@
|
||||||
# skip boilerplate check
|
|
||||||
|
|
||||||
billing_account_id: 012345-67890A-BCDEF0
|
|
||||||
|
|
||||||
# [opt] Setup for billing alerts
|
|
||||||
billing_alert:
|
|
||||||
amount: 1000
|
|
||||||
thresholds:
|
|
||||||
current: [0.5, 0.8]
|
|
||||||
forecasted: [0.5, 0.8]
|
|
||||||
credit_treatment: INCLUDE_ALL_CREDITS
|
|
||||||
|
|
||||||
# [opt] Contacts for billing alerts and important notifications
|
|
||||||
essential_contacts: ["team-contacts@example.com"]
|
|
||||||
|
|
||||||
# [opt] Labels set for all projects
|
|
||||||
labels:
|
|
||||||
environment: prod
|
|
||||||
department: accounting
|
|
||||||
application: example-app
|
|
||||||
foo: bar
|
|
||||||
|
|
||||||
# [opt] Additional notification channels for billing
|
|
||||||
notification_channels: []
|
|
||||||
prefix: test
|
|
|
@ -1,52 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
locals {
|
|
||||||
_defaults = yamldecode(file(var.defaults_file))
|
|
||||||
_defaults_net = {
|
|
||||||
billing_account_id = var.billing_account_id
|
|
||||||
environment_dns_zone = var.environment_dns_zone
|
|
||||||
shared_vpc_self_link = var.shared_vpc_self_link
|
|
||||||
vpc_host_project = var.vpc_host_project
|
|
||||||
}
|
|
||||||
defaults = merge(local._defaults, local._defaults_net)
|
|
||||||
projects = {
|
|
||||||
for f in fileset("${var.data_dir}", "**/*.yaml") :
|
|
||||||
trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}"))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
module "projects" {
|
|
||||||
source = "../../../../../blueprints/factories/project-factory"
|
|
||||||
for_each = local.projects
|
|
||||||
defaults = local.defaults
|
|
||||||
project_id = each.key
|
|
||||||
billing_account_id = try(each.value.billing_account_id, null)
|
|
||||||
billing_alert = try(each.value.billing_alert, null)
|
|
||||||
dns_zones = try(each.value.dns_zones, [])
|
|
||||||
essential_contacts = try(each.value.essential_contacts, [])
|
|
||||||
folder_id = each.value.folder_id
|
|
||||||
group_iam = try(each.value.group_iam, {})
|
|
||||||
iam = try(each.value.iam, {})
|
|
||||||
kms_service_agents = try(each.value.kms, {})
|
|
||||||
labels = try(each.value.labels, {})
|
|
||||||
org_policies = try(each.value.org_policies, null)
|
|
||||||
prefix = each.value.prefix
|
|
||||||
service_accounts = try(each.value.service_accounts, {})
|
|
||||||
services = try(each.value.services, [])
|
|
||||||
service_identities_iam = try(each.value.service_identities_iam, {})
|
|
||||||
vpc = try(each.value.vpc, null)
|
|
||||||
}
|
|
|
@ -1,103 +0,0 @@
|
||||||
# skip boilerplate check
|
|
||||||
|
|
||||||
# [opt] Billing account id - overrides default if set
|
|
||||||
billing_account_id: 012345-67890A-BCDEF0
|
|
||||||
|
|
||||||
# [opt] Billing alerts config - overrides default if set
|
|
||||||
billing_alert:
|
|
||||||
amount: 10
|
|
||||||
thresholds:
|
|
||||||
current:
|
|
||||||
- 0.5
|
|
||||||
- 0.8
|
|
||||||
forecasted: []
|
|
||||||
credit_treatment: INCLUDE_ALL_CREDITS
|
|
||||||
|
|
||||||
# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults
|
|
||||||
dns_zones:
|
|
||||||
- lorem
|
|
||||||
- ipsum
|
|
||||||
|
|
||||||
# [opt] Contacts for billing alerts and important notifications
|
|
||||||
essential_contacts:
|
|
||||||
- team-a-contacts@example.com
|
|
||||||
|
|
||||||
# Folder the project will be created as children of
|
|
||||||
folder_id: folders/012345678901
|
|
||||||
|
|
||||||
# [opt] Authoritative IAM bindings in group => [roles] format
|
|
||||||
group_iam:
|
|
||||||
test-team-foobar@fast-lab-0.gcp-pso-italy.net:
|
|
||||||
- roles/compute.admin
|
|
||||||
|
|
||||||
# [opt] Authoritative IAM bindings in role => [principals] format
|
|
||||||
# Generally used to grant roles to service accounts external to the project
|
|
||||||
iam:
|
|
||||||
roles/compute.admin:
|
|
||||||
- serviceAccount:service-account
|
|
||||||
|
|
||||||
# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter
|
|
||||||
# in service => [keys] format
|
|
||||||
kms_service_agents:
|
|
||||||
compute: [key1, key2]
|
|
||||||
storage: [key1, key2]
|
|
||||||
|
|
||||||
# [opt] Labels for the project - merged with the ones defined in defaults
|
|
||||||
labels:
|
|
||||||
environment: prod
|
|
||||||
|
|
||||||
# [opt] Org policy overrides defined at project level
|
|
||||||
org_policies:
|
|
||||||
compute.disableGuestAttributesAccess:
|
|
||||||
rules:
|
|
||||||
- enforce: true
|
|
||||||
compute.trustedImageProjects:
|
|
||||||
rules:
|
|
||||||
- allow:
|
|
||||||
values:
|
|
||||||
- projects/fast-prod-iac-core-0
|
|
||||||
|
|
||||||
# [opt] Prefix - overrides default if set
|
|
||||||
prefix: test1
|
|
||||||
|
|
||||||
# [opt] Service account to create for the project and their roles on the project
|
|
||||||
# in name => [roles] format
|
|
||||||
service_accounts:
|
|
||||||
another-service-account:
|
|
||||||
- roles/compute.admin
|
|
||||||
my-service-account:
|
|
||||||
- roles/compute.admin
|
|
||||||
|
|
||||||
# [opt] APIs to enable on the project.
|
|
||||||
services:
|
|
||||||
- storage.googleapis.com
|
|
||||||
- stackdriver.googleapis.com
|
|
||||||
- compute.googleapis.com
|
|
||||||
|
|
||||||
# [opt] Roles to assign to the service identities in service => [roles] format
|
|
||||||
service_identities_iam:
|
|
||||||
compute:
|
|
||||||
- roles/storage.objectViewer
|
|
||||||
|
|
||||||
# [opt] VPC setup.
|
|
||||||
# If set enables the `compute.googleapis.com` service and configures
|
|
||||||
# service project attachment
|
|
||||||
vpc:
|
|
||||||
# [opt] If set, enables the container API
|
|
||||||
gke_setup:
|
|
||||||
# Grants "roles/container.hostServiceAgentUser" to the container robot if set
|
|
||||||
enable_host_service_agent: false
|
|
||||||
|
|
||||||
# Grants "roles/compute.securityAdmin" to the container robot if set
|
|
||||||
enable_security_admin: true
|
|
||||||
|
|
||||||
# Host project the project will be service project of
|
|
||||||
host_project: fast-prod-net-spoke-0
|
|
||||||
|
|
||||||
# [opt] Subnets in the host project where principals will be granted networkUser
|
|
||||||
# in region/subnet-name => [principals]
|
|
||||||
subnets_iam:
|
|
||||||
europe-west1/prod-default-ew1:
|
|
||||||
- user:foobar@example.com
|
|
||||||
- serviceAccount:service-account1@example.com
|
|
||||||
- my-service-account
|
|
|
@ -1,64 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
variable "billing_account_id" {
|
|
||||||
description = "Billing account id."
|
|
||||||
type = string
|
|
||||||
default = "012345-67890A-BCDEF0"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "data_dir" {
|
|
||||||
description = "Relative path for the folder storing configuration data."
|
|
||||||
type = string
|
|
||||||
default = "./projects/"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "environment_dns_zone" {
|
|
||||||
description = "DNS zone suffix for environment."
|
|
||||||
type = string
|
|
||||||
default = "prod.gcp.example.com"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "defaults_file" {
|
|
||||||
description = "Relative path for the file storing the project factory configuration."
|
|
||||||
type = string
|
|
||||||
default = "./defaults.yaml"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "service_accounts" {
|
|
||||||
description = "Service accounts to be created, and roles assigned them on the project."
|
|
||||||
type = map(list(string))
|
|
||||||
default = {}
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "service_accounts_iam" {
|
|
||||||
description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}"
|
|
||||||
type = map(map(list(string)))
|
|
||||||
default = {}
|
|
||||||
nullable = false
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "shared_vpc_self_link" {
|
|
||||||
description = "Self link for the shared VPC."
|
|
||||||
type = string
|
|
||||||
default = "self-link"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "vpc_host_project" {
|
|
||||||
description = "Host project for the shared VPC."
|
|
||||||
type = string
|
|
||||||
default = "host-project"
|
|
||||||
}
|
|
|
@ -1,36 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
|
|
||||||
def test_plan(e2e_plan_runner):
|
|
||||||
"Check for a clean plan"
|
|
||||||
modules, resources = e2e_plan_runner()
|
|
||||||
assert len(modules) > 0 and len(resources) > 0
|
|
||||||
|
|
||||||
|
|
||||||
def test_plan_service_accounts(e2e_plan_runner):
|
|
||||||
"Check for a clean plan"
|
|
||||||
service_accounts = '''{
|
|
||||||
sa-001 = []
|
|
||||||
sa-002 = ["roles/owner"]
|
|
||||||
}'''
|
|
||||||
service_accounts_iam = '''{
|
|
||||||
sa-002 = {
|
|
||||||
"roles/iam.serviceAccountTokenCreator" = ["group:team-1@example.com"]
|
|
||||||
}
|
|
||||||
}'''
|
|
||||||
modules, resources = e2e_plan_runner(
|
|
||||||
service_accounts=service_accounts,
|
|
||||||
service_accounts_iam=service_accounts_iam)
|
|
||||||
assert len(modules) > 0 and len(resources) > 0
|
|
|
@ -18,7 +18,7 @@ from pathlib import Path
|
||||||
|
|
||||||
BASE_PATH = Path(__file__).parent
|
BASE_PATH = Path(__file__).parent
|
||||||
COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' +
|
COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' +
|
||||||
r'(?: +files=([\w,_-]+))?' +
|
r'(?: +files=([\w@,_-]+))?' +
|
||||||
r'(?: +inventory=([\w\-.]+))?')
|
r'(?: +inventory=([\w\-.]+))?')
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,235 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# This is one of the few modules where it actually makes sense to be
|
||||||
|
# very verbose with values
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.projects["project"].google_compute_subnetwork_iam_member.default["dev-default-ew1:serviceAccount:my-service-account"]:
|
||||||
|
condition: []
|
||||||
|
member: serviceAccount:my-service-account
|
||||||
|
project: fast-dev-net-spoke-0
|
||||||
|
region: europe-west1
|
||||||
|
role: roles/compute.networkUser
|
||||||
|
subnetwork: projects/fast-dev-net-spoke-0/regions/europe-west1/subnetworks/dev-default-ew1
|
||||||
|
module.projects["project"].google_compute_subnetwork_iam_member.default["dev-default-ew1:user:foobar@example.com"]:
|
||||||
|
condition: []
|
||||||
|
member: user:foobar@example.com
|
||||||
|
project: fast-dev-net-spoke-0
|
||||||
|
region: europe-west1
|
||||||
|
role: roles/compute.networkUser
|
||||||
|
subnetwork: projects/fast-dev-net-spoke-0/regions/europe-west1/subnetworks/dev-default-ew1
|
||||||
|
module.projects["project"].module.billing-alert["1"].google_billing_budget.budget:
|
||||||
|
all_updates_rule:
|
||||||
|
- disable_default_iam_recipients: false
|
||||||
|
pubsub_topic: null
|
||||||
|
schema_version: '1.0'
|
||||||
|
amount:
|
||||||
|
- last_period_amount: null
|
||||||
|
specified_amount:
|
||||||
|
- nanos: null
|
||||||
|
units: '10'
|
||||||
|
billing_account: 012345-67890A-BCDEF0
|
||||||
|
budget_filter:
|
||||||
|
- calendar_period: null
|
||||||
|
credit_types_treatment: INCLUDE_ALL_CREDITS
|
||||||
|
custom_period: []
|
||||||
|
display_name: test1-project budget
|
||||||
|
threshold_rules:
|
||||||
|
- spend_basis: CURRENT_SPEND
|
||||||
|
threshold_percent: 0.5
|
||||||
|
- spend_basis: CURRENT_SPEND
|
||||||
|
threshold_percent: 0.8
|
||||||
|
module.projects["project"].module.billing-alert["1"].google_monitoring_notification_channel.email_channels["team-a-contacts@example.com"]:
|
||||||
|
display_name: test1-project budget budget email notification (team-a-contacts@example.com)
|
||||||
|
labels:
|
||||||
|
email_address: team-a-contacts@example.com
|
||||||
|
project: test1-project
|
||||||
|
sensitive_labels: []
|
||||||
|
type: email
|
||||||
|
module.projects["project"].module.billing-alert["1"].google_monitoring_notification_channel.email_channels["team-contacts@example.com"]:
|
||||||
|
display_name: test1-project budget budget email notification (team-contacts@example.com)
|
||||||
|
labels:
|
||||||
|
email_address: team-contacts@example.com
|
||||||
|
project: test1-project
|
||||||
|
sensitive_labels: []
|
||||||
|
type: email
|
||||||
|
module.projects["project"].module.dns["ipsum"].google_dns_managed_zone.non-public[0]:
|
||||||
|
dns_name: ipsum.dev.example.org
|
||||||
|
name: ipsum
|
||||||
|
private_visibility_config:
|
||||||
|
- gke_clusters: []
|
||||||
|
networks:
|
||||||
|
- network_url: projects/foo/networks/bar
|
||||||
|
project: fast-dev-net-spoke-0
|
||||||
|
visibility: private
|
||||||
|
module.projects["project"].module.dns["lorem"].google_dns_managed_zone.non-public[0]:
|
||||||
|
dns_name: lorem.dev.example.org
|
||||||
|
name: lorem
|
||||||
|
private_visibility_config:
|
||||||
|
- gke_clusters: []
|
||||||
|
networks:
|
||||||
|
- network_url: projects/foo/networks/bar
|
||||||
|
project: fast-dev-net-spoke-0
|
||||||
|
module.projects["project"].module.project.google_compute_shared_vpc_service_project.shared_vpc_service[0]:
|
||||||
|
host_project: fast-dev-net-spoke-0
|
||||||
|
service_project: test1-project
|
||||||
|
module.projects["project"].module.project.google_essential_contacts_contact.contact["team-a-contacts@example.com"]:
|
||||||
|
email: team-a-contacts@example.com
|
||||||
|
language_tag: en
|
||||||
|
notification_category_subscriptions:
|
||||||
|
- ALL
|
||||||
|
parent: projects/test1-project
|
||||||
|
module.projects["project"].module.project.google_essential_contacts_contact.contact["team-contacts@example.com"]:
|
||||||
|
email: team-contacts@example.com
|
||||||
|
language_tag: en
|
||||||
|
notification_category_subscriptions:
|
||||||
|
- ALL
|
||||||
|
parent: projects/test1-project
|
||||||
|
module.projects["project"].module.project.google_org_policy_policy.default["constraints/compute.disableGuestAttributesAccess"]:
|
||||||
|
name: projects/test1-project/policies/constraints/compute.disableGuestAttributesAccess
|
||||||
|
parent: projects/test1-project
|
||||||
|
spec:
|
||||||
|
- inherit_from_parent: null
|
||||||
|
reset: null
|
||||||
|
rules:
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: 'TRUE'
|
||||||
|
values: []
|
||||||
|
module.projects["project"].module.project.google_org_policy_policy.default["constraints/compute.trustedImageProjects"]:
|
||||||
|
name: projects/test1-project/policies/constraints/compute.trustedImageProjects
|
||||||
|
parent: projects/test1-project
|
||||||
|
spec:
|
||||||
|
- inherit_from_parent: null
|
||||||
|
reset: null
|
||||||
|
rules:
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: null
|
||||||
|
values:
|
||||||
|
- allowed_values:
|
||||||
|
- projects/fast-dev-iac-core-0
|
||||||
|
denied_values: null
|
||||||
|
module.projects["project"].module.project.google_org_policy_policy.default["constraints/compute.vmExternalIpAccess"]:
|
||||||
|
name: projects/test1-project/policies/constraints/compute.vmExternalIpAccess
|
||||||
|
parent: projects/test1-project
|
||||||
|
spec:
|
||||||
|
- inherit_from_parent: null
|
||||||
|
reset: null
|
||||||
|
rules:
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: 'TRUE'
|
||||||
|
enforce: null
|
||||||
|
values: []
|
||||||
|
module.projects["project"].module.project.google_project.project[0]:
|
||||||
|
auto_create_network: false
|
||||||
|
billing_account: 012345-67890A-BCDEF0
|
||||||
|
folder_id: 012345678901
|
||||||
|
labels:
|
||||||
|
application: example-app
|
||||||
|
costcenter: apps
|
||||||
|
department: accounting
|
||||||
|
environment: dev
|
||||||
|
foo: bar
|
||||||
|
name: test1-project
|
||||||
|
org_id: null
|
||||||
|
project_id: test1-project
|
||||||
|
skip_delete: false
|
||||||
|
module.projects["project"].module.project.google_project_iam_binding.authoritative["roles/compute.admin"]:
|
||||||
|
condition: []
|
||||||
|
project: test1-project
|
||||||
|
role: roles/compute.admin
|
||||||
|
module.projects["project"].module.project.google_project_iam_binding.authoritative["roles/compute.adminv1"]:
|
||||||
|
condition: []
|
||||||
|
project: test1-project
|
||||||
|
role: roles/compute.adminv1
|
||||||
|
module.projects["project"].module.project.google_project_iam_binding.authoritative["roles/storage.objectViewer"]:
|
||||||
|
condition: []
|
||||||
|
project: test1-project
|
||||||
|
role: roles/storage.objectViewer
|
||||||
|
module.projects["project"].module.project.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]:
|
||||||
|
condition: []
|
||||||
|
project: fast-dev-net-spoke-0
|
||||||
|
role: roles/compute.networkUser
|
||||||
|
module.projects["project"].module.project.google_project_iam_member.shared_vpc_host_robots["roles/compute.securityAdmin:container-engine"]:
|
||||||
|
condition: []
|
||||||
|
project: fast-dev-net-spoke-0
|
||||||
|
role: roles/compute.securityAdmin
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["billingbudgets.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: billingbudgets.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["compute.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: compute.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["container.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: container.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["dns.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: dns.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["essentialcontacts.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: essentialcontacts.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["orgpolicy.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: orgpolicy.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: stackdriver.googleapis.com
|
||||||
|
module.projects["project"].module.project.google_project_service.project_services["storage.googleapis.com"]:
|
||||||
|
disable_dependent_services: false
|
||||||
|
disable_on_destroy: false
|
||||||
|
project: test1-project
|
||||||
|
service: storage.googleapis.com
|
||||||
|
module.projects["project"].module.service-accounts["another-service-account"].google_service_account.service_account[0]:
|
||||||
|
account_id: another-service-account
|
||||||
|
display_name: Terraform-managed.
|
||||||
|
project: test1-project
|
||||||
|
module.projects["project"].module.service-accounts["my-service-account"].google_service_account.service_account[0]:
|
||||||
|
account_id: my-service-account
|
||||||
|
display_name: Terraform-managed.
|
||||||
|
project: test1-project
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_billing_budget: 1
|
||||||
|
google_compute_shared_vpc_service_project: 1
|
||||||
|
google_compute_subnetwork_iam_member: 2
|
||||||
|
google_dns_managed_zone: 2
|
||||||
|
google_essential_contacts_contact: 2
|
||||||
|
google_monitoring_notification_channel: 2
|
||||||
|
google_org_policy_policy: 3
|
||||||
|
google_project: 1
|
||||||
|
google_project_iam_binding: 3
|
||||||
|
google_project_iam_member: 2
|
||||||
|
google_project_service: 8
|
||||||
|
google_service_account: 2
|
||||||
|
google_storage_project_service_account: 1
|
Loading…
Reference in New Issue