diff --git a/CHANGELOG.md b/CHANGELOG.md
index c04b94e879..e9dd39f019 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -90,7 +90,7 @@ All notable changes to this project will be documented in this file.
- [[#1846](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1846)] Add support for IAM to vpc sc module ([ludoo](https://github.com/ludoo))
- [[#1844](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1844)] Allow disabling IAM for sink identity in resource manager modules ([apichick](https://github.com/apichick))
- [[#1841](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1841)] Fix modules to support new Apigee X environment types ([Teodelas](https://github.com/Teodelas))
-- [[#1842](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1842)] Bump provider version to 5.4.0 ([wiktorn](https://github.com/wiktorn))
+- [[#1842](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1842)] Bump provider version to 5.6.0 ([wiktorn](https://github.com/wiktorn))
- [[#1823](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1823)] Add end-to-end tests for project module ([wiktorn](https://github.com/wiktorn))
- [[#1837](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1837)] Added envoy as SNI dynamic forward proxy to cloud-config-container ([apichick](https://github.com/apichick))
- [[#1839](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1839)] Added create_before_destroy = true for self-managed certificates ([apichick](https://github.com/apichick))
diff --git a/README.md b/README.md
index 08907864fb..5840a8f852 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ Currently available modules:
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud)
- **data** - [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
-- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
+- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Workstation cluster](./modules/workstation-cluster)
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)
- **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run)
diff --git a/blueprints/gke/binauthz/app/app.yaml b/blueprints/gke/binauthz/app/app.yaml
new file mode 100644
index 0000000000..d5b5c74e02
--- /dev/null
+++ b/blueprints/gke/binauthz/app/app.yaml
@@ -0,0 +1,45 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: storage-api-sa
+ namespace: apis
+ annotations:
+ iam.gke.io/gcp-service-account: sa-storage-api@ba-g-prj-cd-sb-binauthz-001.iam.gserviceaccount.com
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: storage-api-deployment
+ namespace: apis
+spec:
+ selector:
+ matchLabels:
+ app: storage-api
+ replicas: 2
+ template:
+ metadata:
+ labels:
+ app: storage-api
+ spec:
+ serviceAccountName: storage-api-sa
+ containers:
+ - name: storage-api
+ image: europe-west1-docker.pkg.dev/ba-g-prj-cd-sb-binauthz-001/ba-registry/storage-api:DIGEST
+ ports:
+ - containerPort: 3000
+ nodeSelector:
+ iam.gke.io/gke-metadata-server-enabled: "true"
\ No newline at end of file
diff --git a/blueprints/gke/binauthz/tenant-setup.yaml b/blueprints/gke/binauthz/tenant-setup.yaml
new file mode 100644
index 0000000000..68cbdd4aa8
--- /dev/null
+++ b/blueprints/gke/binauthz/tenant-setup.yaml
@@ -0,0 +1,54 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: apis
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: app-deployment-manager
+ namespace: apis
+rules:
+- apiGroups:
+ - ''
+ - 'extensions'
+ - 'apps'
+ resources:
+ - 'namespaces'
+ - 'serviceaccounts'
+ - 'deployments'
+ verbs:
+ - 'get'
+ - 'list'
+ - 'watch'
+ - 'create'
+ - 'update'
+ - 'patch'
+ - 'delete'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: app-deployment-manager
+ namespace: apis
+subjects:
+- kind: User
+ name: sa-cb-app@ba-g-prj-cd-sb-binauthz-001.iam.gserviceaccount.com
+roleRef:
+ kind: Role
+ name: app-deployment-manager
+ apiGroup: rbac.authorization.k8s.io
diff --git a/default-versions.tf b/default-versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/default-versions.tf
+++ b/default-versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/README.md b/modules/README.md
index cefc5e5592..fa54a68c46 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -92,6 +92,7 @@ These modules are used in the examples included in this repository. If you are u
- [Artifact Registry](./artifact-registry)
- [Container Registry](./container-registry)
- [Cloud Source Repository](./source-repository)
+- [Workstation cluster](./workstation-cluster)
## Security
diff --git a/modules/__experimental/alloydb-instance/versions.tf b/modules/__experimental/alloydb-instance/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/__experimental/alloydb-instance/versions.tf
+++ b/modules/__experimental/alloydb-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/__experimental/net-neg/versions.tf b/modules/__experimental/net-neg/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/__experimental/net-neg/versions.tf
+++ b/modules/__experimental/net-neg/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/api-gateway/versions.tf
+++ b/modules/api-gateway/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/apigee/versions.tf
+++ b/modules/apigee/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/artifact-registry/versions.tf
+++ b/modules/artifact-registry/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/bigquery-dataset/versions.tf
+++ b/modules/bigquery-dataset/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/bigtable-instance/versions.tf
+++ b/modules/bigtable-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf
index cee7f9c764..c7a022f014 100644
--- a/modules/billing-account/versions.tf
+++ b/modules/billing-account/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/binauthz/versions.tf
+++ b/modules/binauthz/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf
+++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/coredns/versions.tf
+++ b/modules/cloud-config-container/coredns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/cos-generic-metadata/versions.tf
+++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
index ceb6930fb3..28a6f3a143 100644
--- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
+++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/envoy-traffic-director/versions.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/mysql/versions.tf
+++ b/modules/cloud-config-container/mysql/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/nginx-tls/versions.tf
+++ b/modules/cloud-config-container/nginx-tls/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/nginx/versions.tf
+++ b/modules/cloud-config-container/nginx/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/simple-nva/versions.tf
+++ b/modules/cloud-config-container/simple-nva/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/squid/versions.tf b/modules/cloud-config-container/squid/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-config-container/squid/versions.tf
+++ b/modules/cloud-config-container/squid/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-function-v1/versions.tf
+++ b/modules/cloud-function-v1/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-function-v2/versions.tf
+++ b/modules/cloud-function-v2/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-identity-group/versions.tf
+++ b/modules/cloud-identity-group/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloud-run/versions.tf
+++ b/modules/cloud-run/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/cloudsql-instance/versions.tf
+++ b/modules/cloudsql-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/compute-mig/versions.tf
+++ b/modules/compute-mig/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/compute-vm/versions.tf
+++ b/modules/compute-vm/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/container-registry/versions.tf
+++ b/modules/container-registry/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/data-catalog-policy-tag/versions.tf
+++ b/modules/data-catalog-policy-tag/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/datafusion/versions.tf
+++ b/modules/datafusion/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/dataplex-datascan/versions.tf
+++ b/modules/dataplex-datascan/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/dataplex/versions.tf
+++ b/modules/dataplex/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/dataproc/versions.tf
+++ b/modules/dataproc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/dns-response-policy/versions.tf
+++ b/modules/dns-response-policy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/dns/versions.tf
+++ b/modules/dns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/endpoints/versions.tf
+++ b/modules/endpoints/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/folder/versions.tf
+++ b/modules/folder/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/gcs/versions.tf
+++ b/modules/gcs/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/gcve-private-cloud/versions.tf
+++ b/modules/gcve-private-cloud/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/gke-cluster-autopilot/versions.tf
+++ b/modules/gke-cluster-autopilot/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/gke-cluster-standard/versions.tf
+++ b/modules/gke-cluster-standard/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/gke-hub/versions.tf
+++ b/modules/gke-hub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/gke-nodepool/versions.tf
+++ b/modules/gke-nodepool/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/iam-service-account/versions.tf
+++ b/modules/iam-service-account/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/kms/versions.tf
+++ b/modules/kms/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/logging-bucket/versions.tf
+++ b/modules/logging-bucket/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/ncc-spoke-ra/versions.tf
+++ b/modules/ncc-spoke-ra/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-address/versions.tf
+++ b/modules/net-address/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-cloudnat/versions.tf
+++ b/modules/net-cloudnat/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-firewall-policy/versions.tf
+++ b/modules/net-firewall-policy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-ipsec-over-interconnect/versions.tf
+++ b/modules/net-ipsec-over-interconnect/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-lb-app-ext/versions.tf
+++ b/modules/net-lb-app-ext/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-lb-app-int/versions.tf
+++ b/modules/net-lb-app-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-lb-ext/versions.tf
+++ b/modules/net-lb-ext/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-lb-int/versions.tf
+++ b/modules/net-lb-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-lb-proxy-int/versions.tf
+++ b/modules/net-lb-proxy-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-swp/versions.tf
+++ b/modules/net-swp/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vlan-attachment/versions.tf
+++ b/modules/net-vlan-attachment/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vpc-firewall/versions.tf
+++ b/modules/net-vpc-firewall/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vpc-peering/versions.tf
+++ b/modules/net-vpc-peering/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vpc/versions.tf
+++ b/modules/net-vpc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vpn-dynamic/versions.tf
+++ b/modules/net-vpn-dynamic/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vpn-ha/versions.tf
+++ b/modules/net-vpn-ha/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/net-vpn-static/versions.tf
+++ b/modules/net-vpn-static/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/organization/versions.tf
+++ b/modules/organization/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/project/versions.tf b/modules/project/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/project/versions.tf
+++ b/modules/project/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/projects-data-source/versions.tf
+++ b/modules/projects-data-source/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/pubsub/versions.tf
+++ b/modules/pubsub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/secret-manager/versions.tf
+++ b/modules/secret-manager/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/service-directory/versions.tf
+++ b/modules/service-directory/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/source-repository/versions.tf
+++ b/modules/source-repository/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf
index 3adb51d3bd..4d3bd967e1 100644
--- a/modules/vpc-sc/versions.tf
+++ b/modules/vpc-sc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.4.0, < 6.0.0" # tftest
+ version = ">= 5.6.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/workstation-cluster/README.md b/modules/workstation-cluster/README.md
new file mode 100644
index 0000000000..4a0592c308
--- /dev/null
+++ b/modules/workstation-cluster/README.md
@@ -0,0 +1,192 @@
+# Workstation cluster
+
+This module allows to create a workstation cluster with associated workstation configs and workstations. In addition to this it allows to set up IAM bindings for the workstation configs and the workstations.
+
+
+- [Simple example](#simple-example)
+- [Private cluster](#private-cluster)
+- [Custom image](#custom-image)
+- [IAM](#iam)
+- [Variables](#variables)
+- [Outputs](#outputs)
+
+
+## Simple example
+
+Simple example showing how to create a cluster with publicly accessible workstations using the default base image.
+
+```hcl
+module "workstation-cluster" {
+ source = "./fabric/modules/workstation-cluster"
+ project_id = var.project_id
+ id = "my-workstation-cluster"
+ location = var.region
+ network_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ workstation_configs = {
+ my-workstation-config = {
+ workstations = {
+ my-workstation = {
+ labels = {
+ team = "my-team"
+ }
+ }
+ }
+ }
+ }
+}
+# tftest modules=1 resources=3 inventory=simple.yaml
+```
+
+## Private cluster
+
+Example showing how to create a cluster with a privately accessible workstation using the default base image.
+
+```hcl
+module "workstation-cluster" {
+ source = "./fabric/modules/workstation-cluster"
+ project_id = var.project_id
+ id = "my-workstation-cluster"
+ location = var.region
+ network_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ private_cluster_config = {
+ enable_private_endpoint = true
+ }
+ workstation_configs = {
+ my-workstation-config = {
+ workstations = {
+ my-workstation = {
+ labels = {
+ team = "my-team"
+ }
+ }
+ }
+ }
+ }
+}
+# tftest modules=1 resources=3 inventory=private-cluster.yaml
+```
+
+## Custom image
+
+Example showing how to create a cluster with publicly accesible workstation that run a custom image.
+
+```hcl
+module "workstation-cluster" {
+ source = "./fabric/modules/workstation-cluster"
+ project_id = var.project_id
+ id = "my-workstation-cluster"
+ location = var.region
+ network_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ workstation_configs = {
+ my-workstation-config = {
+ container = {
+ image = "repo/my-image:v10.0.0"
+ args = ["--arg1", "value1", "--arg2", "value2"]
+ env = {
+ VAR1 = "VALUE1"
+ VAR2 = "VALUE2"
+ }
+ working_dir = "/my-dir"
+ }
+ workstations = {
+ my-workstation = {
+ labels = {
+ team = "my-team"
+ }
+ }
+ }
+ }
+ }
+}
+# tftest modules=1 resources=3 inventory=custom-image.yaml
+```
+
+## IAM
+
+Example showing how to grant IAM roles on the workstation configuration or workstation.
+
+```hcl
+module "workstation-cluster" {
+ source = "./fabric/modules/workstation-cluster"
+ project_id = var.project_id
+ id = "my-workstation-cluster"
+ location = var.region
+ network_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ workstation_configs = {
+ my-workstation-config = {
+ workstations = {
+ my-workstation = {
+ labels = {
+ team = "my-team"
+ }
+ iam = {
+ "roles/workstations.user" = ["user:user1@my-org.com"]
+ }
+ }
+ }
+ iam = {
+ "roles/viewer" = ["group:group1@my-org.com"]
+ }
+ iam_bindings = {
+ workstations-config-viewer = {
+ role = "roles/viewer"
+ members = ["group:group2@my-org.com"]
+ condition = {
+ title = "limited-access"
+ expression = "resource.name.startsWith('my-')"
+ }
+ }
+ }
+ iam_bindings_additive = {
+ workstations-config-editor = {
+ role = "roles/editor"
+ member = "group:group3@my-org.com"
+ condition = {
+ title = "limited-access"
+ expression = "resource.name.startsWith('my-')"
+ }
+ }
+ }
+ }
+ }
+}
+# tftest modules=1 resources=7 inventory=iam.yaml
+```
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [id](variables.tf#L35) | Workstation cluster ID. | string
| ✓ | |
+| [network_config](variables.tf#L52) | Network configuration. | object({…})
| ✓ | |
+| [project_id](variables.tf#L70) | Cluster ID. | string
| ✓ | |
+| [workstation_configs](variables.tf#L75) | Workstation configurations. | map(object({…}))
| ✓ | |
+| [annotations](variables.tf#L17) | Workstation cluster annotations. | map(string)
| | {}
|
+| [display_name](variables.tf#L23) | Display name. | string
| | null
|
+| [domain](variables.tf#L29) | Domain. | string
| | null
|
+| [labels](variables.tf#L40) | Workstation cluster labels. | map(string)
| | {}
|
+| [location](variables.tf#L46) | Location. | string
| | null
|
+| [private_cluster_config](variables.tf#L60) | Private cluster config. | object({…})
| | {}
|
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [cluster_hostname](outputs.tf#L17) | Cluster hostname. | |
+| [id](outputs.tf#L22) | Workstation cluster id. | |
+| [service_attachment_uri](outputs.tf#L27) | Workstation service attachment URI. | |
+| [workstation_configs](outputs.tf#L32) | Workstation configurations. | |
+| [workstations](outputs.tf#L37) | Workstations. | |
+
diff --git a/modules/workstation-cluster/iam.tf b/modules/workstation-cluster/iam.tf
new file mode 100644
index 0000000000..18f6f9535f
--- /dev/null
+++ b/modules/workstation-cluster/iam.tf
@@ -0,0 +1,128 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+# tfdoc:file:description IAM bindings
+
+resource "google_workstations_workstation_config_iam_binding" "authoritative" {
+ provider = google-beta
+ for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam :
+ "${k1}-${k2}" => {
+ workstation_config_id = k1
+ role = k2
+ members = v2
+ } }])...)
+ project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
+ location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
+ workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
+ workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
+ role = each.value.role
+ members = each.value.members
+}
+
+resource "google_workstations_workstation_config_iam_binding" "bindings" {
+ provider = google-beta
+ for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings :
+ "${k1}-${k2}" => merge(v2, {
+ workstation_config_id = k1
+ }) }])...)
+ project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
+ location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
+ workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
+ workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
+ role = each.value.role
+ members = each.value.members
+}
+
+resource "google_workstations_workstation_config_iam_member" "bindings" {
+ provider = google-beta
+ for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive :
+ "${k1}-${k2}" => merge(v2, {
+ workstation_config_id = k1
+ }) }])...)
+ project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
+ location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
+ workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
+ workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
+ role = each.value.role
+ member = each.value.member
+}
+
+resource "google_workstations_workstation_iam_binding" "authoritative" {
+ provider = google-beta
+ for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
+ { for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => {
+ workstation_config_id = k1
+ workstation_id = k2
+ role = k3
+ members = v3
+ } }]])...)
+ project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
+ location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
+ workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
+ workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id
+ workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id
+ role = each.value.role
+ members = each.value.members
+}
+
+resource "google_workstations_workstation_iam_binding" "bindings" {
+ provider = google-beta
+ for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
+ { for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, {
+ workstation_config_id = k1
+ workstation_id = k2
+ }) }]])...)
+ project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
+ location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
+ workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
+ workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id
+ workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id
+ role = each.value.role
+ members = each.value.members
+}
+
+resource "google_workstations_workstation_iam_member" "bindings" {
+ provider = google-beta
+ for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
+ { for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, {
+ workstation_config_id = k1
+ workstation_id = k2
+ }) }]])...)
+ project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
+ location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
+ workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
+ workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id
+ workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id
+ role = each.value.role
+ member = each.value.member
+}
+
diff --git a/modules/workstation-cluster/main.tf b/modules/workstation-cluster/main.tf
new file mode 100644
index 0000000000..07399df4c8
--- /dev/null
+++ b/modules/workstation-cluster/main.tf
@@ -0,0 +1,131 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ workstations = merge(flatten([for k1, v1 in var.workstation_configs :
+ { for k2, v2 in v1.workstations :
+ "${k1}-${k2}" => merge({
+ workstation_config_id = k1
+ workstation_id = k2
+ }, v2) }])...)
+}
+
+resource "google_workstations_workstation_cluster" "cluster" {
+ provider = google-beta
+ workstation_cluster_id = var.id
+ project = var.project_id
+ display_name = var.display_name
+ network = var.network_config.network
+ subnetwork = var.network_config.subnetwork
+ location = var.location
+ annotations = var.annotations
+ labels = var.labels
+ dynamic "private_cluster_config" {
+ for_each = var.private_cluster_config == null ? [] : [""]
+ content {
+ enable_private_endpoint = var.private_cluster_config.enable_private_endpoint
+ allowed_projects = var.private_cluster_config.allowed_projects
+ }
+ }
+ dynamic "domain_config" {
+ for_each = var.domain == null ? [] : [""]
+ content {
+ domain = var.domain
+ }
+ }
+}
+
+resource "google_workstations_workstation_config" "configs" {
+ for_each = var.workstation_configs
+ provider = google-beta
+ project = google_workstations_workstation_cluster.cluster.project
+ workstation_config_id = each.key
+ workstation_cluster_id = google_workstations_workstation_cluster.cluster.workstation_cluster_id
+ location = google_workstations_workstation_cluster.cluster.location
+ idle_timeout = each.value.idle_timeout
+ running_timeout = each.value.running_timeout
+ replica_zones = each.value.replica_zones
+ annotations = each.value.annotations
+ labels = each.value.labels
+ dynamic "host" {
+ for_each = each.value.gce_instance == null ? [] : [""]
+ content {
+ gce_instance {
+ machine_type = each.value.gce_instance.machine_type
+ service_account = each.value.gce_instance.service_account
+ service_account_scopes = each.value.gce_instance.service_account_scopes
+ pool_size = each.value.gce_instance.pool_size
+ boot_disk_size_gb = each.value.gce_instance.boot_disk_size_gb
+ tags = each.value.gce_instance.tags
+ disable_public_ip_addresses = each.value.disable_public_ip_addresses
+ enable_nested_virtualization = each.value.enable_nested_virtualization
+ dynamic "shielded_instance_config" {
+ for_each = each.value.gce_instance.shielded_instance_config == null ? [] : [""]
+ content {
+ enable_secure_boot = each.value.gce_instance.shielded_instance_config.enable_secure_boot
+ enable_vtpm = each.value.gce_instance.shielded_instance_config.enable_vtpm
+ enable_integrity_monitoring = each.value.gce_instance.shielded_instance_config.enable_integrity_monitoring
+ }
+ }
+ dynamic "confidential_instance_config" {
+ for_each = each.value.gce_instance.enable_confidential_compute ? [] : [""]
+ content {
+ enable_confidential_compute = true
+ }
+ }
+ dynamic "accelerators" {
+ for_each = each.value.gce_instance.accelerators
+ content {
+ type = accelerators.value.type
+ count = accelerators.value.count
+ }
+ }
+ }
+ }
+ }
+ dynamic "container" {
+ for_each = each.value.container == null ? [] : [""]
+ content {
+ image = each.value.container.image
+ command = each.value.container.command
+ args = each.value.container.args
+ working_dir = each.value.container.working_dir
+ env = each.value.container.env
+ run_as_user = each.value.container.run_as_user
+ }
+ }
+ dynamic "encryption_key" {
+ for_each = each.value.encryption_key == null ? [] : [""]
+ content {
+ kms_key = each.value.encryption_key.kms_key
+ kms_key_service_account = each.value.encryption_key.kms_key_service_account
+ }
+ }
+}
+
+resource "google_workstations_workstation" "workstations" {
+ provider = google-beta
+ for_each = local.workstations
+ project = google_workstations_workstation_cluster.cluster.project
+ workstation_id = each.value.workstation_id
+ workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id
+ workstation_cluster_id = google_workstations_workstation_cluster.cluster.workstation_cluster_id
+ location = google_workstations_workstation_cluster.cluster.location
+ labels = each.value.labels
+ env = each.value.env
+ annotations = each.value.annotations
+}
+
diff --git a/modules/workstation-cluster/outputs.tf b/modules/workstation-cluster/outputs.tf
new file mode 100644
index 0000000000..788d11466e
--- /dev/null
+++ b/modules/workstation-cluster/outputs.tf
@@ -0,0 +1,40 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "cluster_hostname" {
+ description = "Cluster hostname."
+ value = var.private_cluster_config != null ? google_workstations_workstation_cluster.cluster.private_cluster_config[0].cluster_hostname : null
+}
+
+output "id" {
+ description = "Workstation cluster id."
+ value = google_workstations_workstation_cluster.cluster.workstation_cluster_id
+}
+
+output "service_attachment_uri" {
+ description = "Workstation service attachment URI."
+ value = var.private_cluster_config != null ? google_workstations_workstation_cluster.cluster.private_cluster_config[0].service_attachment_uri : null
+}
+
+output "workstation_configs" {
+ description = "Workstation configurations."
+ value = google_workstations_workstation_config.configs
+}
+
+output "workstations" {
+ description = "Workstations."
+ value = google_workstations_workstation.workstations
+}
diff --git a/modules/workstation-cluster/variables.tf b/modules/workstation-cluster/variables.tf
new file mode 100644
index 0000000000..613fe29de6
--- /dev/null
+++ b/modules/workstation-cluster/variables.tf
@@ -0,0 +1,152 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "annotations" {
+ description = "Workstation cluster annotations."
+ type = map(string)
+ default = {}
+}
+
+variable "display_name" {
+ description = "Display name."
+ type = string
+ default = null
+}
+
+variable "domain" {
+ description = "Domain."
+ type = string
+ default = null
+}
+
+variable "id" {
+ description = "Workstation cluster ID."
+ type = string
+}
+
+variable "labels" {
+ description = "Workstation cluster labels."
+ type = map(string)
+ default = {}
+}
+
+variable "location" {
+ description = "Location."
+ type = string
+ default = null
+}
+
+variable "network_config" {
+ description = "Network configuration."
+ type = object({
+ network = string
+ subnetwork = string
+ })
+}
+
+variable "private_cluster_config" {
+ description = "Private cluster config."
+ type = object({
+ enable_private_endpoint = optional(bool, false)
+ allowed_projects = optional(list(string))
+ })
+ nullable = false
+ default = {}
+}
+
+variable "project_id" {
+ description = "Cluster ID."
+ type = string
+}
+
+variable "workstation_configs" {
+ description = "Workstation configurations."
+ type = map(object({
+ annotations = optional(map(string))
+ container = optional(object({
+ image = optional(string)
+ command = optional(list(string), [])
+ args = optional(list(string), [])
+ working_dir = optional(string)
+ env = optional(map(string), {})
+ run_as_user = optional(string)
+ }))
+ display_name = optional(string)
+ enable_audit_agent = optional(bool)
+ encryption_key = optional(object({
+ kms_key = string
+ kms_key_service_account = string
+ }))
+ gce_instance = optional(object({
+ machine_type = optional(string)
+ service_account = optional(string)
+ service_account_scopes = optional(list(string), [])
+ pool_size = optional(number)
+ boot_disk_size_gb = optional(number)
+ tags = optional(list(string))
+ disable_public_ip_addresses = optional(bool, false)
+ enable_nested_virtualization = optional(bool, false)
+ shielded_instance_config = optional(object({
+ enable_secure_boot = optional(bool, false)
+ enable_vtpm = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, false)
+ }))
+ enable_confidential_compute = optional(bool, false)
+ accelerators = optional(list(object({
+ type = optional(string)
+ count = optional(number)
+ })), [])
+ }))
+ iam = optional(map(list(string)), {})
+ iam_bindings = optional(map(object({
+ role = string
+ members = list(string)
+ })), {})
+ iam_bindings_additive = optional(map(object({
+ role = string
+ member = string
+ })), {})
+ idle_timeout = optional(string)
+ labels = optional(map(string))
+ persistent_directories = optional(list(object({
+ mount_path = optional(string)
+ gce_pd = optional(object({
+ size_gb = optional(number)
+ fs_type = optional(string)
+ disk_type = optional(string)
+ source_snapshot = optional(string)
+ reclaim_policy = optional(string)
+ }))
+ })), [])
+ running_timeout = optional(string)
+ replica_zones = optional(list(string))
+ workstations = optional(map(object({
+ annotations = optional(map(string))
+ display_name = optional(string)
+ env = optional(map(string))
+ iam = optional(map(list(string)), {})
+ iam_bindings = optional(map(object({
+ role = string
+ members = list(string)
+ })), {})
+ iam_bindings_additive = optional(map(object({
+ role = string
+ member = string
+ })), {})
+ labels = optional(map(string))
+ })), {})
+ }))
+}
diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf
new file mode 100644
index 0000000000..4d3bd967e1
--- /dev/null
+++ b/modules/workstation-cluster/versions.tf
@@ -0,0 +1,29 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.4.4"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 5.6.0, < 6.0.0" # tftest
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 5.6.0, < 6.0.0" # tftest
+ }
+ }
+}
+
+
diff --git a/tests/modules/workstation_cluster/examples/custom-image.yaml b/tests/modules/workstation_cluster/examples/custom-image.yaml
new file mode 100644
index 0000000000..ed3c7eb3e8
--- /dev/null
+++ b/tests/modules/workstation_cluster/examples/custom-image.yaml
@@ -0,0 +1,77 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
+ annotations: null
+ display_name: null
+ effective_labels:
+ team: my-team
+ env: null
+ labels:
+ team: my-team
+ location: region
+ project: project-id
+ terraform_labels:
+ team: my-team
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ workstation_id: my-workstation
+ module.workstation-cluster.google_workstations_workstation_cluster.cluster:
+ annotations: null
+ display_name: null
+ domain_config: []
+ labels: null
+ location: region
+ network: projects/xxx/global/networks/aaa
+ private_cluster_config:
+ - enable_private_endpoint: false
+ project: project-id
+ subnetwork: subnet_self_link
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
+ annotations: null
+ container:
+ - args:
+ - --arg1
+ - value1
+ - --arg2
+ - value2
+ command: []
+ env:
+ VAR1: VALUE1
+ VAR2: VALUE2
+ image: repo/my-image:v10.0.0
+ run_as_user: null
+ working_dir: /my-dir
+ display_name: null
+ enable_audit_agent: null
+ encryption_key: []
+ idle_timeout: 1200s
+ labels: null
+ location: region
+ project: project-id
+ running_timeout: 43200s
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+
+counts:
+ google_workstations_workstation: 1
+ google_workstations_workstation_cluster: 1
+ google_workstations_workstation_config: 1
+ modules: 1
+ resources: 3
\ No newline at end of file
diff --git a/tests/modules/workstation_cluster/examples/iam.yaml b/tests/modules/workstation_cluster/examples/iam.yaml
new file mode 100644
index 0000000000..be6c00efe9
--- /dev/null
+++ b/tests/modules/workstation_cluster/examples/iam.yaml
@@ -0,0 +1,103 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
+ annotations: null
+ display_name: null
+ effective_labels:
+ team: my-team
+ env: null
+ labels:
+ team: my-team
+ location: region
+ project: project-id
+ terraform_labels:
+ team: my-team
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ workstation_id: my-workstation
+ module.workstation-cluster.google_workstations_workstation_cluster.cluster:
+ annotations: null
+ display_name: null
+ domain_config: []
+ labels: null
+ location: region
+ network: projects/xxx/global/networks/aaa
+ private_cluster_config:
+ - enable_private_endpoint: false
+ project: project-id
+ subnetwork: subnet_self_link
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
+ annotations: null
+ display_name: null
+ enable_audit_agent: null
+ encryption_key: []
+ idle_timeout: 1200s
+ labels: null
+ location: region
+ project: project-id
+ running_timeout: 43200s
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ ? module.workstation-cluster.google_workstations_workstation_config_iam_binding.authoritative["my-workstation-config-roles/viewer"]
+ : condition: []
+ location: region
+ members:
+ - group:group1@my-org.com
+ project: project-id
+ role: roles/viewer
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ ? module.workstation-cluster.google_workstations_workstation_config_iam_binding.bindings["my-workstation-config-workstations-config-viewer"]
+ : condition: []
+ location: region
+ members:
+ - group:group2@my-org.com
+ project: project-id
+ role: roles/viewer
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ ? module.workstation-cluster.google_workstations_workstation_config_iam_member.bindings["my-workstation-config-workstations-config-editor"]
+ : condition: []
+ location: region
+ member: group:group3@my-org.com
+ project: project-id
+ role: roles/editor
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ ? module.workstation-cluster.google_workstations_workstation_iam_binding.authoritative["my-workstation-config-my-workstation-roles/workstations.user"]
+ : condition: []
+ location: region
+ members:
+ - user:user1@my-org.com
+ project: project-id
+ role: roles/workstations.user
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ workstation_id: my-workstation
+
+counts:
+ google_workstations_workstation: 1
+ google_workstations_workstation_cluster: 1
+ google_workstations_workstation_config: 1
+ google_workstations_workstation_config_iam_binding: 2
+ google_workstations_workstation_config_iam_member: 1
+ google_workstations_workstation_iam_binding: 1
+ modules: 1
+ resources: 7
\ No newline at end of file
diff --git a/tests/modules/workstation_cluster/examples/private-cluster.yaml b/tests/modules/workstation_cluster/examples/private-cluster.yaml
new file mode 100644
index 0000000000..08b08d0229
--- /dev/null
+++ b/tests/modules/workstation_cluster/examples/private-cluster.yaml
@@ -0,0 +1,64 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
+ annotations: null
+ display_name: null
+ effective_labels:
+ team: my-team
+ env: null
+ labels:
+ team: my-team
+ location: region
+ project: project-id
+ terraform_labels:
+ team: my-team
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ workstation_id: my-workstation
+ module.workstation-cluster.google_workstations_workstation_cluster.cluster:
+ annotations: null
+ display_name: null
+ domain_config: []
+ labels: null
+ location: region
+ network: projects/xxx/global/networks/aaa
+ private_cluster_config:
+ - enable_private_endpoint: true
+ project: project-id
+ subnetwork: subnet_self_link
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
+ annotations: null
+ display_name: null
+ enable_audit_agent: null
+ encryption_key: []
+ idle_timeout: 1200s
+ labels: null
+ location: region
+ project: project-id
+ running_timeout: 43200s
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+
+counts:
+ google_workstations_workstation: 1
+ google_workstations_workstation_cluster: 1
+ google_workstations_workstation_config: 1
+ modules: 1
+ resources: 3
\ No newline at end of file
diff --git a/tests/modules/workstation_cluster/examples/simple.yaml b/tests/modules/workstation_cluster/examples/simple.yaml
new file mode 100644
index 0000000000..8f5307380f
--- /dev/null
+++ b/tests/modules/workstation_cluster/examples/simple.yaml
@@ -0,0 +1,64 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]:
+ annotations: null
+ display_name: null
+ effective_labels:
+ team: my-team
+ env: null
+ labels:
+ team: my-team
+ location: region
+ project: project-id
+ terraform_labels:
+ team: my-team
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+ workstation_id: my-workstation
+ module.workstation-cluster.google_workstations_workstation_cluster.cluster:
+ annotations: null
+ display_name: null
+ domain_config: []
+ labels: null
+ location: region
+ network: projects/xxx/global/networks/aaa
+ private_cluster_config:
+ - enable_private_endpoint: false
+ project: project-id
+ subnetwork: subnet_self_link
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]:
+ annotations: null
+ display_name: null
+ enable_audit_agent: null
+ encryption_key: []
+ idle_timeout: 1200s
+ labels: null
+ location: region
+ project: project-id
+ running_timeout: 43200s
+ timeouts: null
+ workstation_cluster_id: my-workstation-cluster
+ workstation_config_id: my-workstation-config
+
+counts:
+ google_workstations_workstation: 1
+ google_workstations_workstation_cluster: 1
+ google_workstations_workstation_config: 1
+ modules: 1
+ resources: 3
\ No newline at end of file