* add locals for additive and authoritative org iam roles
* first shot at IAM and logging location
* tfdoc
* use locals for locations
* fix file parsing, resman stubs
* initial resman implementation
* remove unneeded code
* fix data file
* replace dumb yamldecode
* fix wrong type in organization additive bindings try
* simplify logging local
* Use check asserts for version and org id
* Checks on checklist for resman
* refactor checks, ignore checklist files on wrong org id
* stage 0 tests
* fix checklist checks
* stage 1 tests
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
* Allow empty string for 'identity_type' supported by Google provider and use correct value name for ingress 'identity_type'
* Sanitizing variables as the logical operators in Terraform do not short-circuit.
null address results in following error:
Error creating GlobalAddress: googleapi: Error 400: Invalid value for field 'resource.address': ''. The field is not a valid IP address or does not match the given prefix length, invalid
Error creating Address: googleapi: Error 400: Invalid value for field 'resource.purpose': 'SHARED_LOADBALANCER_VIP'. Shared LoadBalancer VIP IPv6 address reservation is not supported., invalid
Error creating Address: googleapi: Error 400: Invalid value for field 'resource.networkTier': 'STANDARD'. An address with type INTERNAL cannot have a network tier., invalid
HTTP to HTTPS needs work, now fails with:
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.IPAddress': '34.160.52.156'. Invalid IP address specified., invalid
with module.ralb-test-0-redirect.google_compute_forwarding_rule.default,
on fabric/modules/net-lb-app-ext-regional/main.tf line 32, in resource "google_compute_forwarding_rule" "default":
32: resource "google_compute_forwarding_rule" "default" {
Endpoints in Service Directory can be *associated* with a
VPC. In this case, they can be used by supported Google
Cloud products to send requests directly to resources inside
a VPC. This feature is called Private Network Access.
The `google_service_directory_endpoint` resource supports
this configuration with a new argument `network`.
Unfortunately, this argument has an unusual format: it
is similar to a standard VPC ID, but instead of the project ID,
it expects the project number.
Can't provide just one size (like `web_server` or `triggerrer`) because
of no defaults are taken:
module.composer.google_composer_environment.env: Modifying... [id=***]
╷
│ Error: googleapi: Error 400: Found 6 problems:
│ 1) You have to specify Scheduler CPUs not lower than 0.5.
│ 2) You have to specify number of schedulers larger than 0.
│ 3) You have to specify Web Server CPUs not lower than 0.5.
│ 4) You have to specify Worker CPUs not lower than 0.5.
│ 5) You have to specify minimum number of workers larger than 0.
│ 6) Triggerer memory must be between 1.00GB and 6.50GB for given vCpu
So provide the defaults as set workloads_config == null