* support network attachments in net-vpc module
* support network attachments in net-address module
* fix examples
* fix examples
* add support for psc interfaces to compute-vm module
* add service attachment support to lb app int module
* allow direct referencing of self managed ig in ilb module
* add service attachment support to net-ilb-int
* add service attachments example to net-lb-int
* fix resource name in net-lb-ext
* rename fwd rules resource in test inventories
* add toc to net-lb-int
Add support for Cloud Run v2 jobs
* create a separate file for service creation (service.tf) and job
(job.tf) - for easy comparison
* add E2E tests where possibile
* remove default value for input variable `region`
* fix subnet range VPC Access Connector example
* add creation of service account for audit logs call (trigger requires
service account)
* use provided trigger service account email in
`local.trigger_sa_email`, so explicitly provided SA is passed to
trigger
* set default value for vpc_connector_create.throughput.max, to match
what is set by GCP API, as provider uses wrong default of 300 which
results in perma-diff
* create inventory fiels for all examples
Global changes
* (tests) add input variable `project_number`, to allow assigning IAM permissions to Service Accounts in fixtures
* (tests) fix not outputting the path, when object is not found in inventory
* (tests) fix `create_e2e_sandbox.sh` - now it properly finds root of the repo
Secret Manager
* added `version_versions` output, to allow specifying versions in other modules. `versions` is sensitive and it makes it unsuitable for `for_each` values
New test fixtures
* `pubsub.tf` - creating one topic
* `secret-credential.tf` - creating Secret Manager `credential` secret
* `shared-vpc.tf` - creating two projects (host and service), and vpc in host project
* `vpc-connector.tf` - creating VPC Access Connector instance
* Fix DNS E2E test + add one to net-lb-app-int-cross-region
* Update README.md
* Fix inventory for tests
* Fix tests
* Fix number of resources
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* implement optionals in gke-hub module
* simplify gke hub module call in mc mesh blueprint
* simplify gke hub module call and variables in multitenant blueprint
* gke hub inventory
* provide cluster and fleet examples in stage
null address results in following error:
Error creating GlobalAddress: googleapi: Error 400: Invalid value for field 'resource.address': ''. The field is not a valid IP address or does not match the given prefix length, invalid
Error creating Address: googleapi: Error 400: Invalid value for field 'resource.purpose': 'SHARED_LOADBALANCER_VIP'. Shared LoadBalancer VIP IPv6 address reservation is not supported., invalid
Endpoints in Service Directory can be *associated* with a
VPC. In this case, they can be used by supported Google
Cloud products to send requests directly to resources inside
a VPC. This feature is called Private Network Access.
The `google_service_directory_endpoint` resource supports
this configuration with a new argument `network`.
Unfortunately, this argument has an unusual format: it
is similar to a standard VPC ID, but instead of the project ID,
it expects the project number.
This PR changes variable region's default value in example tests to real region value.
Some of the modules parse the region name to decide whether to create regional or zonal resources.
* Update shared vpc config for project factory and project module for more granular Shared VPC configuration
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* improve project factory example
* light refactor of project modules shared vpc internals and docs
* add support for subnet-level grants on host project
Ludovico Magnocavallo
Wiktor Niesiobędzki
Julio Castillo
Thinh Ha
dibaskar-google
apichick
Stefano Tribioli
Andy Bubune Amewuda
andybubu
Luca Prete
simonebruzzechesse
Simone Ruffilli
Thangaraju R
Thomas Colomb
Thangaraju R