* add id to outputs
* initial cloud build implementation for stage 0
* comments
* stage 0
* stage 1, untested
* add support for IAM and CB triggers to source repository module
* refactor stage 0 to use sourcerepo module
* refactor stage 1 to use sourcerepo module
* file descriptions
* fix gitlab pipeline
* GKE Hub initial PR commit
* variable management adjust
* comments, fixes and alphabetically ordered variables
* Update README.md
* Update README.md
* Update README.md
* fix test
* resources vs modules
still needs some love
* remove modules usage
* comments, readme update and output
* adjusting outputs and README
* fix README.md
* fix README
* adjusted based on comments
still need some love in the google_gke_hub_feature_membership variables management
* types and variable management
* optionally enable required api
* Update README.md
* reorder locals and use standard formatting
* Don't enable services from modules
* Use self links for member clusters
* Update readme
* members_clusters back to map
@juliocc let's talk about this cause we saw it together in our call and if I change it to a list than the other resources are not going to work, they need location there too.
* Forcing null feature to false due to a bug in provider
If a block is set to null the provider will crash with a "panic: interface conversion: interface {} is nil, not map[string]interface {}" a PR will follow
* Readme update
* Readme.md update
* Update README.md
* bring back tolist, WIP
* Update main.tf
* Readme.md update
* Update README.md
* Update main.tf
* Update main.tf
* Add id and self_links output to gke-cluster
* Use try and make all member feature blocks dynamic/optional
* Change member clusters to map
* Add gke-hub tests
* Address PR comments
* Update gke-hub readme
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
* Add ip_range variable for apigee-x-instance module
* Add variable definition and validation for ip_range
* Update the validation rule for ip_range variable
* Support services that require crypto/decrypt role on robot service accounts
* delete test and upload refactored implementation
* fix duplicate key on dependent services, add tests
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
We always use the same directory for terraform fixtures, so it's quite
easy to figure out its path from a pytest fixture by inspecting the
stack. This commit implements this functionality and decreases the
amount of boilerplate needed to write a test.
(Ported from fast)
* first implementation
* minimal output
* split service perimeters in regular and bridge
* tests and fixes
* new vpc-sc implementation
* remove providers file used for testing
* remove provider used during development
* First iteration updates
* All tests passing
* Updated README and var descriptions
* Updated README
* Updated example README
* Consolidated stateful vars
* consolidated stateful vars
* Updated README
* Requested changes to try
* Fixed README examples and try
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* refactor module and fix tests
* account for wildcard records
* account for empty recordset names
* align tests
* align networking end to end examples
* fix behaviour with wildcard and empty names
* Update main.tf
* fix dumb online edit :)
- Upgrade to latest terraform version (1.0.4)
- Remove tflint from linting pipeline (was not doing anything)
- Add terraform fmt check to linting pipeline
- Pass all code through terraform fmt
* Add support for lifecycle_rule in gcs module (#288)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* fix docs
* rename unrelated interconnect module tests
* fix doc example test
Co-authored-by: iury <1934268+IuryAlves@users.noreply.github.com>
* group_iam support for organization
* group_iam support for folder
* fix typo in variable description
* add group_iam to project module
* update project module README
* Add VPC-SC support for Regions, device policy and access policy dependency.
* fix compute mig module test
* Fixes
* Fix example
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* New Cloud Identity module
* Add tests to cloud-identity-group module
* Fix boilerplate
* Fix outputs
* Remove support for creating managers and admins
* Update cloud-identity-group README
* Small fix to cloud-identity-group README
* remove sensitive attribute from VPN modules key output
* fix type error in service account example
* update CI Terraform version
* update VPN modules docs
* require version in compute mig module
* require version in compute mig module for scaling_schedules
* update compute mig test, move provider version requirement in fixture
* add support for internal service account to GKE nodepool module, fixes#62
* update shared vpc example to use internally managed service account
* update shared vpc example to use internally managed service account
* update hub and spoke peering example to use renamed gke nodepool variables
With this commit the folders module (now called simply 'folder') only
creates a single google_folder resource. Support for creating multiple
folders is no longer needed since Terraform 0.13 added for_each support
to modules.
* add support for internal address purpose
* update gcs module README
* refactor net address module interface and add tests
* add more examples in net-address README
* Add alias IP support in `compute-vm`
* Fix tests
* add end to end tests for data solutions examples and fix example errors
* update changelog
* add missing boilerplate
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* rename infrastructure folder to networking
* example WIP: VPCs
* move ip forwarding to its own variable in compute-vm module
* add per-instance metadata support to compute-vm module
* ipip tunnels on linux savepoint
* simple multinic gateways example
* remove stale files
* resolve conflicts
* update diagram
* rename folder
* use a template for gw cloud config, rename some resources and files
* Update README.md
* Update README.md
* add basic plan tests for all networking e2e examples
* fix test for foundations/environments e2e example
* fix shared vpc e2 example count error in gke node service account permissions
* use module path for assets in onprem e2e example
* use project id from module in ilb e2e example
* add mising boilerplates in tests
* run examples tests in ci
* update module's README
* rename ilb example
* Update README.md
* fix rp_filter configuration
* README
* Update README.md
* Update README.md
* Update README.md
* update CHANGELOG
* update CHANGELOG
* Update README.md
* Invert the list for role/member mapping so that member is the key
* Add iam_additive_bindings to replace iam_additive_members and iam_additive_roles, change test suite accordingly
* attribute 'mode' added as it would error without
* Update Readme to reflect the new variable iam_additive_bindings
* test branch access
* iam_additive_bindings to replace iam_additive roles and iam_additive_members
* update foundation samples to new additive bindings format
* set bq dataset options in foundation environments to allow destroying
* trap exceptions raised during destroy in project module
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* Add support to Cloud KMS
* Fixes
* Fix tests
* Fix tests
* - change variable name to be consistent with BQ module
- remove output, not needed
- change string default value to null
* use locals to pre-populate kms key variable for all names
* rename kms variable, fix prefix check in locals
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* preliminary net-ilb module, untested
* outputs
* fix basic mistakes, add initial test
* test variable defaults on all resources
* README stub
* net-ilb module fixes and example
* compute-vm module fixes
* fix test
* remove mig from compute vm module
* split out mig from compute-vm (untested)
* split out mig from compute-vm (untested)
* fix mig versions
* small fixes and examples for mig module
* Update README.md
* Update README.md
* switch mig to using a single variable for both region and zone
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
Ludovico Magnocavallo
Aleksandr Averbukh
Julio Castillo
Miren Esnaola
Daniel Strebel
Luca Prete
Daniel Marzini
apichick
Saurabh Shivgunde
Simone Ruffilli
lcaggio
yuryninog
Stenio Ferreira
Yury Nino
lcaggio
Andras Gyomrey
caiotavaresdito
dsiviglia
vanessabodard-voi
Roberto Jung Drebes