diff --git a/README.md b/README.md
index 478af9e384..87524ce7ad 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ Currently available modules:
- **process factories** - [project factory](./modules/project-factory/README.md)
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud)
-- **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/)
+- **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Spanner instance](./modules/spanner-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Workstation cluster](./modules/workstation-cluster)
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)
- **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run), [Cloud Run v2](./modules/cloud-run-v2)
diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tf b/blueprints/gke/patterns/autopilot-cluster/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/blueprints/gke/patterns/autopilot-cluster/versions.tf
+++ b/blueprints/gke/patterns/autopilot-cluster/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/blueprints/gke/patterns/batch/versions.tf b/blueprints/gke/patterns/batch/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/blueprints/gke/patterns/batch/versions.tf
+++ b/blueprints/gke/patterns/batch/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/blueprints/gke/patterns/kafka/versions.tf b/blueprints/gke/patterns/kafka/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/blueprints/gke/patterns/kafka/versions.tf
+++ b/blueprints/gke/patterns/kafka/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/blueprints/gke/patterns/kong-cloudrun/versions.tf b/blueprints/gke/patterns/kong-cloudrun/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/blueprints/gke/patterns/kong-cloudrun/versions.tf
+++ b/blueprints/gke/patterns/kong-cloudrun/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/blueprints/gke/patterns/mysql/versions.tf b/blueprints/gke/patterns/mysql/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/blueprints/gke/patterns/mysql/versions.tf
+++ b/blueprints/gke/patterns/mysql/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/blueprints/gke/patterns/redis-cluster/versions.tf b/blueprints/gke/patterns/redis-cluster/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/blueprints/gke/patterns/redis-cluster/versions.tf
+++ b/blueprints/gke/patterns/redis-cluster/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/default-versions.tf b/default-versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/default-versions.tf
+++ b/default-versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/fast/stages/0-bootstrap/README.md b/fast/stages/0-bootstrap/README.md
index d5abcbb110..6dcb6e8b92 100644
--- a/fast/stages/0-bootstrap/README.md
+++ b/fast/stages/0-bootstrap/README.md
@@ -18,7 +18,9 @@ Use the following diagram as a simple high level reference for the following sec
- [Design overview and choices](#design-overview-and-choices)
- [User groups](#user-groups)
- [Organization-level IAM](#organization-level-iam)
- - [Organization policies and tag-based conditions](#organization-policies-and-tag-based-conditions)
+ - [Organization policies](#organization-policies)
+ - [Security Command Center Enterprise](#security-command-center-enterprise)
+ - [Tags and Organization Policy conditions](#tags-and-organization-policy-conditions)
- [Automation project and resources](#automation-project-and-resources)
- [Billing account](#billing-account)
- [Organization-level logging](#organization-level-logging)
@@ -70,13 +72,19 @@ One consequence of the above setup is the need to configure IAM bindings that ca
A full reference of IAM roles managed by this stage [is available here](./IAM.md).
-### Organization policies and tag-based conditions
+### Organization policies
It's often desirable to have organization policies deployed before any other resource in the org, so as to ensure compliance with specific requirements (e.g. location restrictions), or control the configuration of specific resources (e.g. default network at project creation or service account grants).
To cover this use case, organization policies have been moved from the resource management to the bootstrap stage in FAST versions after 26.0.0. They are managed via the usual factory approach, and a [sample set of data files](./data/org-policies/) is included with this stage. They are not applied during the initial run when the `bootstrap_user` variable is set, to work around incompatibilities with user credentials.
-The only current exception to the factory approach is the `iam.allowedPolicyMemberDomains` constraint, which is managed in code so as to be able to auto-allow the organization's domain. More domains can be added via the `org_policies_config` variable, which also serves as an umbrella for future policies that will need to be managed in code.
+The only current exception to the factory approach is the `iam.allowedPolicyMemberDomains` constraint (DRS), which is managed in code so as to be able to auto-allow the organization's domain. More domains can be added via the `org_policies_config` variable, which also serves as an umbrella for future policies that will need to be managed in code.
+
+#### Security Command Center Enterprise
+
+The DRS policy mentioned above might make it complex to [enable Security Command Center Enterprise](https://cloud.google.com/security-command-center/docs/activate-enterprise-tier#verify_organization_policies). If this is the case, you can temporarily disable it via the Cloud Console, enable SCC Enterprise, then re-enable the policy.
+
+#### Tags and Organization Policy conditions
Organization policy exceptions are managed via a dedicated resource management tag hierarchy, rooted in the `org-policies` tag key. A default condition is already present for the the `iam.allowedPolicyMemberDomains` constraint, that relaxes the policy on resources that have the `org-policies/allowed-policy-member-domains-all` tag value bound or inherited.
diff --git a/modules/README.md b/modules/README.md
index 37c057107f..e64cb3bde8 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -84,6 +84,7 @@ These modules are used in the examples included in this repository. If you are u
- [BigQuery dataset](./bigquery-dataset)
- [Bigtable instance](./bigtable-instance)
- [Cloud SQL instance](./cloudsql-instance)
+- [Spanner instance](./spanner-instance)
- [Data Catalog Policy Tag](./data-catalog-policy-tag)
- [Data Catalog Tag](./data-catalog-tag)
- [Data Catalog Tag Template](./data-catalog-tag-template)
diff --git a/modules/__experimental_deprecated/alloydb-instance/versions.tf b/modules/__experimental_deprecated/alloydb-instance/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/__experimental_deprecated/alloydb-instance/versions.tf
+++ b/modules/__experimental_deprecated/alloydb-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/__experimental_deprecated/net-neg/versions.tf b/modules/__experimental_deprecated/net-neg/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/__experimental_deprecated/net-neg/versions.tf
+++ b/modules/__experimental_deprecated/net-neg/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/__experimental_deprecated/project-iam-magic/versions.tf b/modules/__experimental_deprecated/project-iam-magic/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/__experimental_deprecated/project-iam-magic/versions.tf
+++ b/modules/__experimental_deprecated/project-iam-magic/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/alloydb/versions.tf b/modules/alloydb/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/alloydb/versions.tf
+++ b/modules/alloydb/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/analytics-hub/versions.tf b/modules/analytics-hub/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/analytics-hub/versions.tf
+++ b/modules/analytics-hub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/api-gateway/versions.tf
+++ b/modules/api-gateway/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/apigee/versions.tf
+++ b/modules/apigee/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/artifact-registry/versions.tf
+++ b/modules/artifact-registry/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/bigquery-dataset/versions.tf
+++ b/modules/bigquery-dataset/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/bigtable-instance/versions.tf
+++ b/modules/bigtable-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/billing-account/versions.tf
+++ b/modules/billing-account/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/binauthz/versions.tf
+++ b/modules/binauthz/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf
+++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/__need_fixing/squid/versions.tf b/modules/cloud-config-container/__need_fixing/squid/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/__need_fixing/squid/versions.tf
+++ b/modules/cloud-config-container/__need_fixing/squid/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/bindplane/versions.tf b/modules/cloud-config-container/bindplane/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/bindplane/versions.tf
+++ b/modules/cloud-config-container/bindplane/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/coredns/versions.tf
+++ b/modules/cloud-config-container/coredns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/cos-generic-metadata/versions.tf
+++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
+++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/envoy-traffic-director/versions.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/mysql/versions.tf
+++ b/modules/cloud-config-container/mysql/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/nginx-tls/versions.tf
+++ b/modules/cloud-config-container/nginx-tls/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/nginx/versions.tf
+++ b/modules/cloud-config-container/nginx/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-config-container/simple-nva/versions.tf
+++ b/modules/cloud-config-container/simple-nva/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-function-v1/versions.tf
+++ b/modules/cloud-function-v1/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-function-v2/README.md b/modules/cloud-function-v2/README.md
index bb87dfa22e..0c68b2eb17 100644
--- a/modules/cloud-function-v2/README.md
+++ b/modules/cloud-function-v2/README.md
@@ -282,27 +282,28 @@ module "cf-http" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [bucket_name](variables.tf#L26) | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | string | ✓ | |
-| [bundle_config](variables.tf#L38) | Cloud function source. Path can point to a GCS object URI, or a local path. A local path to a zip archive will generate a GCS object using its basename, a folder will be zipped and the GCS object name inferred when not specified. | object({…}) | ✓ | |
-| [name](variables.tf#L133) | Name used for cloud function and associated resources. | string | ✓ | |
-| [project_id](variables.tf#L148) | Project id used for all resources. | string | ✓ | |
-| [region](variables.tf#L153) | Region used for all resources. | string | ✓ | |
+| [bundle_config](variables.tf#L44) | Cloud function source. Path can point to a GCS object URI, or a local path. A local path to a zip archive will generate a GCS object using its basename, a folder will be zipped and the GCS object name inferred when not specified. | object({…}) | ✓ | |
+| [name](variables.tf#L139) | Name used for cloud function and associated resources. | string | ✓ | |
+| [project_id](variables.tf#L154) | Project id used for all resources. | string | ✓ | |
+| [region](variables.tf#L159) | Region used for all resources. | string | ✓ | |
| [bucket_config](variables.tf#L17) | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({…}) | | null |
-| [build_worker_pool](variables.tf#L32) | Build worker pool, in projects//locations//workerPools/ format. | string | | null |
-| [description](variables.tf#L71) | Optional description. | string | | "Terraform managed." |
-| [docker_repository_id](variables.tf#L77) | User managed repository created in Artifact Registry. | string | | null |
-| [environment_variables](variables.tf#L83) | Cloud function environment variables. | map(string) | | {} |
-| [function_config](variables.tf#L89) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | object({…}) | | {…} |
-| [iam](variables.tf#L109) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| [ingress_settings](variables.tf#L115) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | string | | null |
-| [kms_key](variables.tf#L121) | Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources in key id format. If specified, you must also provide an artifact registry repository using the docker_repository_id field that was created with the same KMS crypto key. | string | | null |
-| [labels](variables.tf#L127) | Resource labels. | map(string) | | {} |
-| [prefix](variables.tf#L138) | Optional prefix used for resource names. | string | | null |
-| [secrets](variables.tf#L158) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | map(object({…})) | | {} |
-| [service_account](variables.tf#L170) | Service account email. Unused if service account is auto-created. | string | | null |
-| [service_account_create](variables.tf#L176) | Auto-create service account. | bool | | false |
-| [trigger_config](variables.tf#L182) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null |
-| [vpc_connector](variables.tf#L200) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null |
-| [vpc_connector_config](variables.tf#L210) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null |
+| [build_service_account](variables.tf#L32) | Build service account email. | string | | null |
+| [build_worker_pool](variables.tf#L38) | Build worker pool, in projects//locations//workerPools/ format. | string | | null |
+| [description](variables.tf#L77) | Optional description. | string | | "Terraform managed." |
+| [docker_repository_id](variables.tf#L83) | User managed repository created in Artifact Registry. | string | | null |
+| [environment_variables](variables.tf#L89) | Cloud function environment variables. | map(string) | | {} |
+| [function_config](variables.tf#L95) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | object({…}) | | {…} |
+| [iam](variables.tf#L115) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [ingress_settings](variables.tf#L121) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | string | | null |
+| [kms_key](variables.tf#L127) | Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources in key id format. If specified, you must also provide an artifact registry repository using the docker_repository_id field that was created with the same KMS crypto key. | string | | null |
+| [labels](variables.tf#L133) | Resource labels. | map(string) | | {} |
+| [prefix](variables.tf#L144) | Optional prefix used for resource names. | string | | null |
+| [secrets](variables.tf#L164) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | map(object({…})) | | {} |
+| [service_account](variables.tf#L176) | Service account email. Unused if service account is auto-created. | string | | null |
+| [service_account_create](variables.tf#L182) | Auto-create service account. | bool | | false |
+| [trigger_config](variables.tf#L188) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null |
+| [vpc_connector](variables.tf#L206) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null |
+| [vpc_connector_config](variables.tf#L216) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null |
## Outputs
diff --git a/modules/cloud-function-v2/main.tf b/modules/cloud-function-v2/main.tf
index 5211c636bc..0089a89996 100644
--- a/modules/cloud-function-v2/main.tf
+++ b/modules/cloud-function-v2/main.tf
@@ -66,6 +66,7 @@ resource "google_cloudfunctions2_function" "function" {
description = var.description
kms_key_name = var.kms_key
build_config {
+ service_account = var.build_service_account
worker_pool = var.build_worker_pool
runtime = var.function_config.runtime
entry_point = var.function_config.entry_point
diff --git a/modules/cloud-function-v2/variables.tf b/modules/cloud-function-v2/variables.tf
index 5e41288e3a..d347e24fda 100644
--- a/modules/cloud-function-v2/variables.tf
+++ b/modules/cloud-function-v2/variables.tf
@@ -29,6 +29,12 @@ variable "bucket_name" {
nullable = false
}
+variable "build_service_account" {
+ description = "Build service account email."
+ type = string
+ default = null
+}
+
variable "build_worker_pool" {
description = "Build worker pool, in projects//locations//workerPools/ format."
type = string
diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-function-v2/versions.tf
+++ b/modules/cloud-function-v2/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-identity-group/versions.tf
+++ b/modules/cloud-identity-group/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-run-v2/versions.tf b/modules/cloud-run-v2/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-run-v2/versions.tf
+++ b/modules/cloud-run-v2/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloud-run/versions.tf
+++ b/modules/cloud-run/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/cloudsql-instance/versions.tf
+++ b/modules/cloudsql-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/compute-mig/versions.tf
+++ b/modules/compute-mig/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/compute-vm/versions.tf
+++ b/modules/compute-vm/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/container-registry/versions.tf
+++ b/modules/container-registry/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/data-catalog-policy-tag/versions.tf
+++ b/modules/data-catalog-policy-tag/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/data-catalog-tag-template/versions.tf b/modules/data-catalog-tag-template/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/data-catalog-tag-template/versions.tf
+++ b/modules/data-catalog-tag-template/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/data-catalog-tag/versions.tf b/modules/data-catalog-tag/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/data-catalog-tag/versions.tf
+++ b/modules/data-catalog-tag/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataform-repository/versions.tf b/modules/dataform-repository/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/dataform-repository/versions.tf
+++ b/modules/dataform-repository/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/datafusion/versions.tf
+++ b/modules/datafusion/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/dataplex-datascan/versions.tf
+++ b/modules/dataplex-datascan/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/dataplex/versions.tf
+++ b/modules/dataplex/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/dataproc/versions.tf
+++ b/modules/dataproc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/dns-response-policy/versions.tf
+++ b/modules/dns-response-policy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/dns/versions.tf
+++ b/modules/dns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/endpoints/versions.tf
+++ b/modules/endpoints/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/folder/versions.tf
+++ b/modules/folder/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/gcs/versions.tf
+++ b/modules/gcs/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/gcve-private-cloud/versions.tf
+++ b/modules/gcve-private-cloud/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/gke-cluster-autopilot/versions.tf
+++ b/modules/gke-cluster-autopilot/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/gke-cluster-standard/versions.tf
+++ b/modules/gke-cluster-standard/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/gke-hub/versions.tf
+++ b/modules/gke-hub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/gke-nodepool/versions.tf
+++ b/modules/gke-nodepool/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/iam-service-account/versions.tf
+++ b/modules/iam-service-account/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/kms/versions.tf
+++ b/modules/kms/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/logging-bucket/versions.tf
+++ b/modules/logging-bucket/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/ncc-spoke-ra/versions.tf
+++ b/modules/ncc-spoke-ra/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-address/versions.tf
+++ b/modules/net-address/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-cloudnat/versions.tf
+++ b/modules/net-cloudnat/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-firewall-policy/versions.tf
+++ b/modules/net-firewall-policy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-ipsec-over-interconnect/versions.tf
+++ b/modules/net-ipsec-over-interconnect/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-ext-regional/versions.tf b/modules/net-lb-app-ext-regional/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-app-ext-regional/versions.tf
+++ b/modules/net-lb-app-ext-regional/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-app-ext/versions.tf
+++ b/modules/net-lb-app-ext/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-int-cross-region/versions.tf b/modules/net-lb-app-int-cross-region/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-app-int-cross-region/versions.tf
+++ b/modules/net-lb-app-int-cross-region/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-app-int/versions.tf
+++ b/modules/net-lb-app-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-ext/versions.tf
+++ b/modules/net-lb-ext/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-int/versions.tf
+++ b/modules/net-lb-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-lb-proxy-int/versions.tf
+++ b/modules/net-lb-proxy-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-swp/versions.tf
+++ b/modules/net-swp/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vlan-attachment/versions.tf
+++ b/modules/net-vlan-attachment/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vpc-firewall/versions.tf
+++ b/modules/net-vpc-firewall/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vpc-peering/versions.tf
+++ b/modules/net-vpc-peering/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vpc/versions.tf
+++ b/modules/net-vpc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vpn-dynamic/versions.tf
+++ b/modules/net-vpn-dynamic/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-ha/README.md b/modules/net-vpn-ha/README.md
index 164e009f7e..aca124a153 100644
--- a/modules/net-vpn-ha/README.md
+++ b/modules/net-vpn-ha/README.md
@@ -213,9 +213,9 @@ module "vpn_ha" {
| [region](variables.tf#L52) | Region used for resources. | string | ✓ | |
| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | map(object({…})) | | {} |
-| [tunnels](variables.tf#L72) | VPN tunnel configurations. | map(object({…})) | | {} |
-| [vpn_gateway](variables.tf#L108) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | string | | null |
-| [vpn_gateway_create](variables.tf#L114) | Create HA VPN Gateway. Set to null to avoid creation. | object({…}) | | {} |
+| [tunnels](variables.tf#L72) | VPN tunnel configurations. | map(object({…})) | | {} |
+| [vpn_gateway](variables.tf#L106) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | string | | null |
+| [vpn_gateway_create](variables.tf#L112) | Create HA VPN Gateway. Set to null to avoid creation. | object({…}) | | {} |
## Outputs
diff --git a/modules/net-vpn-ha/main.tf b/modules/net-vpn-ha/main.tf
index bbb7ca0295..a86491cd0b 100644
--- a/modules/net-vpn-ha/main.tf
+++ b/modules/net-vpn-ha/main.tf
@@ -104,11 +104,7 @@ resource "google_compute_router_peer" "bgp_peer" {
? "CUSTOM"
: "DEFAULT"
)
- advertised_groups = concat(
- try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [],
- try(each.value.bgp_peer.custom_advertise.all_vpc_subnets, false) ? ["ALL_VPC_SUBNETS"] : [],
- try(each.value.bgp_peer.custom_advertise.all_peer_vpc_subnets, false) ? ["ALL_PEER_VPC_SUBNETS"] : []
- )
+ advertised_groups = try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : []
dynamic "advertised_ip_ranges" {
for_each = try(each.value.bgp_peer.custom_advertise.ip_ranges, {})
iterator = range
diff --git a/modules/net-vpn-ha/variables.tf b/modules/net-vpn-ha/variables.tf
index ba86eee6e9..cae4c2536c 100644
--- a/modules/net-vpn-ha/variables.tf
+++ b/modules/net-vpn-ha/variables.tf
@@ -77,10 +77,8 @@ variable "tunnels" {
asn = number
route_priority = optional(number, 1000)
custom_advertise = optional(object({
- all_subnets = bool
- all_vpc_subnets = bool
- all_peer_vpc_subnets = bool
- ip_ranges = map(string)
+ all_subnets = bool
+ ip_ranges = map(string)
}))
md5_authentication_key = optional(object({
name = string
diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vpn-ha/versions.tf
+++ b/modules/net-vpn-ha/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/net-vpn-static/versions.tf
+++ b/modules/net-vpn-static/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/organization/versions.tf
+++ b/modules/organization/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/project/versions.tf b/modules/project/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/project/versions.tf
+++ b/modules/project/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/projects-data-source/versions.tf
+++ b/modules/projects-data-source/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/pubsub/versions.tf
+++ b/modules/pubsub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/secret-manager/README.md b/modules/secret-manager/README.md
index eefec750b5..32e6b305a2 100644
--- a/modules/secret-manager/README.md
+++ b/modules/secret-manager/README.md
@@ -110,11 +110,12 @@ module "secret-manager" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L29) | Project id where the keyring will be created. | string | ✓ | |
-| [iam](variables.tf#L17) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} |
-| [labels](variables.tf#L23) | Optional labels for each secret. | map(map(string)) | | {} |
-| [secrets](variables.tf#L34) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | map(object({…})) | | {} |
-| [versions](variables.tf#L43) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | map(map(object({…}))) | | {} |
+| [project_id](variables.tf#L34) | Project id where the keyring will be created. | string | ✓ | |
+| [expire_time](variables.tf#L16) | Timestamp in UTC when the Secret is scheduled to expire. | string | | null |
+| [iam](variables.tf#L22) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} |
+| [labels](variables.tf#L28) | Optional labels for each secret. | map(map(string)) | | {} |
+| [secrets](variables.tf#L39) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | map(object({…})) | | {} |
+| [versions](variables.tf#L48) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | map(map(object({…}))) | | {} |
## Outputs
diff --git a/modules/secret-manager/main.tf b/modules/secret-manager/main.tf
index 61f4d5efe2..d5df3730c3 100644
--- a/modules/secret-manager/main.tf
+++ b/modules/secret-manager/main.tf
@@ -33,13 +33,15 @@ locals {
version_keypairs = {
for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair
}
+ expire_time = var.expire_time != null ? var.expire_time : ""
}
resource "google_secret_manager_secret" "default" {
- for_each = var.secrets
- project = var.project_id
- secret_id = each.key
- labels = lookup(var.labels, each.key, null)
+ for_each = var.secrets
+ project = var.project_id
+ secret_id = each.key
+ labels = lookup(var.labels, each.key, null)
+ expire_time = local.expire_time != "" ? local.expire_time : null
dynamic "replication" {
for_each = each.value.locations == null ? [""] : []
@@ -93,4 +95,4 @@ resource "google_secret_manager_secret_iam_binding" "default" {
role = each.value.role
secret_id = google_secret_manager_secret.default[each.value.secret].id
members = each.value.members
-}
\ No newline at end of file
+}
diff --git a/modules/secret-manager/variables.tf b/modules/secret-manager/variables.tf
index 089f2a69b2..6fb447239c 100644
--- a/modules/secret-manager/variables.tf
+++ b/modules/secret-manager/variables.tf
@@ -13,6 +13,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+variable "expire_time" {
+ description = "Timestamp in UTC when the Secret is scheduled to expire."
+ type = string
+ default = null
+}
variable "iam" {
description = "IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format."
@@ -47,4 +52,4 @@ variable "versions" {
data = string
})))
default = {}
-}
\ No newline at end of file
+}
diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/secret-manager/versions.tf
+++ b/modules/secret-manager/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/service-directory/versions.tf
+++ b/modules/service-directory/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/source-repository/versions.tf
+++ b/modules/source-repository/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/spanner-instance/README.md b/modules/spanner-instance/README.md
new file mode 100644
index 0000000000..ea0f0a147f
--- /dev/null
+++ b/modules/spanner-instance/README.md
@@ -0,0 +1,189 @@
+# Spanner instance
+
+This module allows to create a spanner instance with associated spanner instance config and databases in the instance. Additionally it allows creating instance IAM bindings and database IAM bindings.
+
+## Examples
+
+### Basic instance with a database
+
+```hcl
+module "spanner_instace" {
+ source = "./fabric/modules/spanner-instance"
+ project_id = var.project_id
+ instance = {
+ name = "my-instance"
+ display_name = "Regional instance in us-central1"
+ config = {
+ name = "regional-us-central1"
+ }
+ num_nodes = 1
+ }
+ databases = {
+ my-database = {
+
+ }
+ }
+}
+# tftest modules=1 resources=2 inventory=simple-instance-with-database.yaml
+```
+
+### Instance with autoscaling
+
+```hcl
+module "spanner_instance" {
+ source = "./fabric/modules/spanner-instance"
+ project_id = var.project_id
+ instance = {
+ name = "my-instance"
+ display_name = "Regional instance"
+ config = {
+ name = "regional-us-central1"
+ }
+ autoscaling = {
+ limits = {
+ min_processing_units = 2000
+ max_processing_units = 3000
+ }
+ targets = {
+ high_priority_cpu_utilization_percent = 75
+ storage_utilization_percent = 90
+ }
+ }
+ labels = {
+ foo = "bar"
+ }
+ }
+}
+# tftest modules=1 resources=1 inventory=instance-with-autoscaling.yaml
+```
+
+### Instance with custom config
+
+```hcl
+module "spanner_instance" {
+ source = "./fabric/modules/spanner-instance"
+ project_id = var.project_id
+ instance = {
+ name = "my-instance"
+ display_name = "Regional instance"
+ config = {
+ name = "custom-nam11-config"
+ auto_create = {
+ display_name = "Test Spanner Instance Config"
+ base_config = "name11"
+ replicas = [
+ {
+ location = "us-west1"
+ type = "READ_ONLY"
+ default_leader_location = false
+ }
+ ]
+ }
+ }
+ num_nodes = 1
+ }
+}
+# tftest modules=1 resources=2 inventory=instance-with-custom-config.yaml
+```
+
+### New database in existing instance
+
+```hcl
+module "spanner_instance" {
+ source = "./fabric/modules/spanner-instance"
+ project_id = var.project_id
+ instance = {
+ name = "my-instance"
+ }
+ instance_create = false
+ databases = {
+ my-database = {
+
+ }
+ }
+}
+# tftest skip
+```
+
+### IAM
+
+```hcl
+module "spanner_instance" {
+ source = "./fabric/modules/spanner-instance"
+ project_id = var.project_id
+ instance = {
+ name = "my-instance"
+ display_name = "Regional instance"
+ config = {
+ name = "regional-us-central1"
+ }
+ num_nodes = 1
+ }
+ databases = {
+ my-database = {
+ version_retention_period = "1d"
+ iam = {
+ "roles/spanner.databaseReader" = [
+ "group:group1@myorg.com"
+ ]
+ }
+ iam_bindings = {
+ "spanner-database-role-user" = {
+ role = "roles/spanner.databaseRoleUser"
+ members = [
+ "group:group2@myorg.com"
+ ]
+ condition = {
+ title = "role-my_role"
+ description = "Grant permissions on my_role"
+ expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/my_role\")))"
+ }
+ }
+ }
+ iam_bindings_additive = {
+ "spanner-database-admin" = {
+ role = "roles/spanner.databaseAdmin"
+ member = "group:group3@myorg.com"
+ condition = {
+ title = "delegated-role-grants"
+ description = "Delegated role grants."
+ expression = format(
+ "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
+ join(",", formatlist("'%s'",
+ [
+ "roles/storage.databaseReader",
+ ]
+ ))
+ )
+ }
+ }
+ }
+ }
+ }
+}
+# tftest modules=1 resources=5 inventory=iam.yaml
+```
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [instance](variables.tf#L89) | Instance attributes. | object({…}) | ✓ | |
+| [project_id](variables.tf#L134) | Project id. | string | ✓ | |
+| [databases](variables.tf#L17) | Databases. | map(object({…})) | | {} |
+| [iam](variables.tf#L63) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [iam_bindings](variables.tf#L69) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} |
+| [iam_bindings_additive](variables.tf#L79) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} |
+| [instance_create](variables.tf#L127) | Set to false to manage databases and IAM bindings in an existing instance. | bool | | true |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [spanner_database_ids](outputs.tf#L17) | Spanner database ids. | |
+| [spanner_databases](outputs.tf#L22) | Spanner databases. | |
+| [spanner_instance](outputs.tf#L27) | Spanner instance. | |
+| [spanner_instance_config](outputs.tf#L32) | Spanner instance config. | |
+| [spanner_instance_config_id](outputs.tf#L37) | Spanner instance config id. | |
+| [spanner_instance_id](outputs.tf#L42) | Spanner instance id. | |
+
diff --git a/modules/spanner-instance/iam.tf b/modules/spanner-instance/iam.tf
new file mode 100644
index 0000000000..582d2bb14f
--- /dev/null
+++ b/modules/spanner-instance/iam.tf
@@ -0,0 +1,99 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ spanner_database_iam = merge([for k1, v1 in var.databases : { for k2, v2 in v1.iam :
+ "${k1}.${k2}" => {
+ database = k1
+ role = k2
+ members = v2
+ } }]...)
+ spanner_database_iam_bindings = merge([for k1, v1 in var.databases : { for k2, v2 in v1.iam_bindings :
+ "${k1}.${k2}" => merge(v2, {
+ database = k1
+ }) }]...)
+ spanner_database_iam_bindings_additive = merge([for k1, v1 in var.databases : { for k2, v2 in v1.iam_bindings_additive :
+ "${k1}.${k2}" => merge(v2, {
+ database = k1
+ }) }]...)
+}
+
+resource "google_spanner_instance_iam_binding" "authoritative" {
+ for_each = var.iam
+ project = local.spanner_instance.project
+ instance = local.spanner_instance.id
+ role = each.key
+ members = each.value
+}
+
+resource "google_spanner_instance_iam_binding" "bindings" {
+ for_each = var.iam_bindings
+ project = local.spanner_instance.project
+ instance = local.spanner_instance.id
+ role = each.value.role
+ members = each.value.members
+}
+
+resource "google_spanner_instance_iam_member" "bindings" {
+ for_each = var.iam_bindings_additive
+ project = var.project_id
+ instance = local.spanner_instance.id
+ role = each.value.role
+ member = each.value.member
+}
+
+resource "google_spanner_database_iam_binding" "authoritative" {
+ for_each = local.spanner_database_iam
+ project = google_spanner_database.spanner_databases[each.value.database].project
+ instance = google_spanner_database.spanner_databases[each.value.database].instance
+ database = google_spanner_database.spanner_databases[each.value.database].name
+ role = each.value.role
+ members = each.value.members
+}
+
+resource "google_spanner_database_iam_binding" "bindings" {
+ for_each = local.spanner_database_iam_bindings
+ project = google_spanner_database.spanner_databases[each.value.database].project
+ instance = google_spanner_database.spanner_databases[each.value.database].instance
+ database = google_spanner_database.spanner_databases[each.value.database].name
+ role = each.value.role
+ members = each.value.members
+ dynamic "condition" {
+ for_each = each.value.condition == null ? [] : [""]
+ content {
+ expression = each.value.condition.expression
+ title = each.value.condition.title
+ description = each.value.condition.description
+ }
+ }
+}
+
+resource "google_spanner_database_iam_member" "bindings" {
+ for_each = local.spanner_database_iam_bindings_additive
+ project = google_spanner_database.spanner_databases[each.value.database].project
+ instance = google_spanner_database.spanner_databases[each.value.database].instance
+ database = google_spanner_database.spanner_databases[each.value.database].name
+ role = each.value.role
+ member = each.value.member
+ dynamic "condition" {
+ for_each = each.value.condition == null ? [] : [""]
+ content {
+ expression = each.value.condition.expression
+ title = each.value.condition.title
+ description = each.value.condition.description
+ }
+ }
+}
diff --git a/modules/spanner-instance/main.tf b/modules/spanner-instance/main.tf
new file mode 100644
index 0000000000..d35589ec11
--- /dev/null
+++ b/modules/spanner-instance/main.tf
@@ -0,0 +1,90 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ spanner_instance = var.instance_create ? google_spanner_instance.spanner_instance[0] : data.google_spanner_instance.spanner_instance[0]
+}
+
+resource "google_spanner_instance_config" "spanner_instance_config" {
+ count = try(var.instance.config.auto_create, null) == null ? 0 : 1
+ name = var.instance.config.name
+ project = var.project_id
+ display_name = coalesce(var.instance.config.auto_create.display_name, var.instance.config.name)
+ base_config = var.instance.config.auto_create.base_config
+ dynamic "replicas" {
+ for_each = var.instance.config.auto_create.replicas
+ content {
+ location = replicas.value.location
+ type = replicas.value.type
+ default_leader_location = replicas.value.default_leader_location
+ }
+ }
+ labels = var.instance.config.auto_create.labels
+}
+
+data "google_spanner_instance" "spanner_instance" {
+ count = var.instance_create ? 0 : 1
+ project = var.project_id
+ name = var.instance.name
+}
+
+resource "google_spanner_instance" "spanner_instance" {
+ count = var.instance_create ? 1 : 0
+ project = var.project_id
+ config = var.instance.config.auto_create == null ? var.instance.config.name : google_spanner_instance_config.spanner_instance_config[0].name
+ name = var.instance.name
+ display_name = coalesce(var.instance.display_name, var.instance.name)
+ num_nodes = var.instance.num_nodes
+ labels = var.instance.labels
+ force_destroy = var.instance.force_destroy
+ processing_units = var.instance.processing_units
+ dynamic "autoscaling_config" {
+ for_each = var.instance.autoscaling == null ? [] : [""]
+ content {
+ dynamic "autoscaling_limits" {
+ for_each = var.instance.autoscaling.limits == null ? [] : [""]
+ content {
+ max_processing_units = var.instance.autoscaling.limits.max_processing_units
+ min_processing_units = var.instance.autoscaling.limits.min_processing_units
+ }
+ }
+ dynamic "autoscaling_targets" {
+ for_each = var.instance.autoscaling.targets == null ? [] : [""]
+ content {
+ high_priority_cpu_utilization_percent = var.instance.autoscaling.targets.high_priority_cpu_utilization_percent
+ storage_utilization_percent = var.instance.autoscaling.targets.storage_utilization_percent
+ }
+ }
+ }
+ }
+}
+
+resource "google_spanner_database" "spanner_databases" {
+ for_each = var.databases
+ project = var.project_id
+ instance = local.spanner_instance.name
+ name = each.key
+ ddl = each.value.ddl
+ enable_drop_protection = each.value.enable_drop_protection
+ deletion_protection = false
+ version_retention_period = each.value.version_retention_period
+ dynamic "encryption_config" {
+ for_each = each.value.kms_key_name == null ? [] : [""]
+ content {
+ kms_key_name = each.value.kms_key_name
+ }
+ }
+}
diff --git a/modules/spanner-instance/outputs.tf b/modules/spanner-instance/outputs.tf
new file mode 100644
index 0000000000..7de01704f7
--- /dev/null
+++ b/modules/spanner-instance/outputs.tf
@@ -0,0 +1,45 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "spanner_database_ids" {
+ description = "Spanner database ids."
+ value = { for k, v in google_spanner_database.spanner_databases : k => v.id }
+}
+
+output "spanner_databases" {
+ description = "Spanner databases."
+ value = google_spanner_database.spanner_databases
+}
+
+output "spanner_instance" {
+ description = "Spanner instance."
+ value = local.spanner_instance
+}
+
+output "spanner_instance_config" {
+ description = "Spanner instance config."
+ value = try(var.instance.config.auto_create, null) == null ? null : google_spanner_instance_config.spanner_instance_config[0]
+}
+
+output "spanner_instance_config_id" {
+ description = "Spanner instance config id."
+ value = try(var.instance.config.auto_create, null) == null ? null : google_spanner_instance_config.spanner_instance_config[0].id
+}
+
+output "spanner_instance_id" {
+ description = "Spanner instance id."
+ value = local.spanner_instance.id
+}
diff --git a/modules/spanner-instance/variables.tf b/modules/spanner-instance/variables.tf
new file mode 100644
index 0000000000..5fa865e38c
--- /dev/null
+++ b/modules/spanner-instance/variables.tf
@@ -0,0 +1,138 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "databases" {
+ description = "Databases."
+ type = map(object({
+ database_dialect = optional(string)
+ ddl = optional(list(string), [])
+ deletion_protection = optional(bool)
+ enable_drop_protection = optional(bool)
+ iam = optional(map(list(string)), {})
+ iam_bindings = optional(map(object({
+ members = list(string)
+ role = string
+ condition = optional(object({
+ expression = string
+ title = string
+ description = optional(string)
+ }))
+ })), {})
+ iam_bindings_additive = optional(map(object({
+ member = string
+ role = string
+ condition = optional(object({
+ expression = string
+ title = string
+ description = optional(string)
+ }))
+ })), {})
+ kms_key_name = optional(string)
+ version_retention_period = optional(string)
+ }))
+ default = {}
+ validation {
+ condition = alltrue(
+ [for k, v in var.databases : v.database_dialect == null ? true : contains(["GOOGLE_STANDARD_SQL", "POSTGRESQL"], v.database_dialect)]
+ )
+ error_message = "Invalid database_dialect. If set, possible values are: GOOGLE_STANDARD_SQL, POSTGRESQL"
+ }
+
+ validation {
+ condition = alltrue(
+ [for k, v in var.databases : v.version_retention_period == null ? true : can(regex("\\d+[smhd]", v.version_retention_period))]
+ )
+ error_message = "Invalid version_retention_period. If set, the format has to be: \\d+[smhd]"
+ }
+
+}
+
+variable "iam" {
+ description = "IAM bindings in {ROLE => [MEMBERS]} format."
+ type = map(list(string))
+ default = {}
+}
+
+variable "iam_bindings" {
+ description = "Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary."
+ type = map(object({
+ members = list(string)
+ role = string
+ }))
+ nullable = false
+ default = {}
+}
+
+variable "iam_bindings_additive" {
+ description = "Individual additive IAM bindings. Keys are arbitrary."
+ type = map(object({
+ member = string
+ role = string
+ }))
+ nullable = false
+ default = {}
+}
+
+variable "instance" {
+ description = "Instance attributes."
+ type = object({
+ autoscaling = optional(object({
+ limits = optional(object({
+ max_nodes = optional(number)
+ max_processing_units = optional(number)
+ min_nodes = optional(number)
+ min_processing_units = optional(number)
+ }))
+ targets = optional(object({
+ high_priority_cpu_utilization_percent = optional(number)
+ storage_utilization_percent = optional(number)
+ }))
+ }))
+ config = optional(object({
+ name = string
+ auto_create = optional(object({
+ base_config = optional(string)
+ display_name = optional(string)
+ labels = optional(map(string), {})
+ replicas = list(object({
+ location = string
+ type = string
+ default_leader_location = bool
+ }
+ ))
+ }))
+ }))
+ display_name = optional(string)
+ labels = optional(map(string), {})
+ name = string
+ num_nodes = optional(number)
+ processing_units = optional(number)
+ force_destroy = optional(bool)
+ })
+}
+
+variable "instance_create" {
+ description = "Set to false to manage databases and IAM bindings in an existing instance."
+ type = bool
+ default = true
+}
+
+
+variable "project_id" {
+ description = "Project id."
+ type = string
+}
+
diff --git a/modules/spanner-instance/versions.tf b/modules/spanner-instance/versions.tf
new file mode 100644
index 0000000000..d1f29b96bb
--- /dev/null
+++ b/modules/spanner-instance/versions.tf
@@ -0,0 +1,27 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_version = ">= 1.7.4"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 5.34.0, < 6.0.0" # tftest
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = ">= 5.34.0, < 6.0.0" # tftest
+ }
+ }
+}
diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/vpc-sc/versions.tf
+++ b/modules/vpc-sc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/modules/workstation-cluster/iam.tf b/modules/workstation-cluster/iam.tf
index 18f6f9535f..491c5f2129 100644
--- a/modules/workstation-cluster/iam.tf
+++ b/modules/workstation-cluster/iam.tf
@@ -14,32 +14,45 @@
* limitations under the License.
*/
-/**
- * Copyright 2023 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
# tfdoc:file:description IAM bindings
-resource "google_workstations_workstation_config_iam_binding" "authoritative" {
- provider = google-beta
- for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam :
+locals {
+ workstation_config_iam = merge([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam :
"${k1}-${k2}" => {
workstation_config_id = k1
role = k2
members = v2
- } }])...)
+ } }]...)
+ workstation_config_iam_bindings = merge([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings :
+ "${k1}-${k2}" => merge(v2, {
+ workstation_config_id = k1
+ }) }]...)
+ workstation_config_iam_bindings_additive = merge([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive :
+ "${k1}-${k2}" => merge(v2, {
+ workstation_config_id = k1
+ }) }]...)
+ workstation_iam = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
+ { for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => {
+ workstation_config_id = k1
+ workstation_id = k2
+ role = k3
+ members = v3
+ } }]])...)
+ workstation_iam_bindings = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
+ { for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, {
+ workstation_config_id = k1
+ workstation_id = k2
+ }) }]])...)
+ workstation_iam_bindings_additive = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
+ { for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, {
+ workstation_config_id = k1
+ workstation_id = k2
+ }) }]])...)
+}
+
+resource "google_workstations_workstation_config_iam_binding" "authoritative" {
+ provider = google-beta
+ for_each = local.workstation_config_iam
project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
@@ -49,11 +62,8 @@ resource "google_workstations_workstation_config_iam_binding" "authoritative" {
}
resource "google_workstations_workstation_config_iam_binding" "bindings" {
- provider = google-beta
- for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings :
- "${k1}-${k2}" => merge(v2, {
- workstation_config_id = k1
- }) }])...)
+ provider = google-beta
+ for_each = local.workstation_config_iam_bindings
project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
@@ -63,11 +73,8 @@ resource "google_workstations_workstation_config_iam_binding" "bindings" {
}
resource "google_workstations_workstation_config_iam_member" "bindings" {
- provider = google-beta
- for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive :
- "${k1}-${k2}" => merge(v2, {
- workstation_config_id = k1
- }) }])...)
+ provider = google-beta
+ for_each = local.workstation_config_iam_bindings_additive
project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project
location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location
workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id
@@ -77,14 +84,8 @@ resource "google_workstations_workstation_config_iam_member" "bindings" {
}
resource "google_workstations_workstation_iam_binding" "authoritative" {
- provider = google-beta
- for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
- { for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => {
- workstation_config_id = k1
- workstation_id = k2
- role = k3
- members = v3
- } }]])...)
+ provider = google-beta
+ for_each = local.workstation_iam
project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
@@ -95,12 +96,8 @@ resource "google_workstations_workstation_iam_binding" "authoritative" {
}
resource "google_workstations_workstation_iam_binding" "bindings" {
- provider = google-beta
- for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
- { for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, {
- workstation_config_id = k1
- workstation_id = k2
- }) }]])...)
+ provider = google-beta
+ for_each = local.workstation_iam_bindings
project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
@@ -111,12 +108,8 @@ resource "google_workstations_workstation_iam_binding" "bindings" {
}
resource "google_workstations_workstation_iam_member" "bindings" {
- provider = google-beta
- for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations :
- { for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, {
- workstation_config_id = k1
- workstation_id = k2
- }) }]])...)
+ provider = google-beta
+ for_each = local.workstation_iam_bindings_additive
project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project
location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location
workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id
diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/modules/workstation-cluster/versions.tf
+++ b/modules/workstation-cluster/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/tests/examples_e2e/setup_module/versions.tf b/tests/examples_e2e/setup_module/versions.tf
index 15c205b963..d1f29b96bb 100644
--- a/tests/examples_e2e/setup_module/versions.tf
+++ b/tests/examples_e2e/setup_module/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.32.0, < 6.0.0" # tftest
+ version = ">= 5.34.0, < 6.0.0" # tftest
}
}
}
diff --git a/tests/modules/spanner_instance/examples/iam.yaml b/tests/modules/spanner_instance/examples/iam.yaml
new file mode 100644
index 0000000000..9bfe40b2d8
--- /dev/null
+++ b/tests/modules/spanner_instance/examples/iam.yaml
@@ -0,0 +1,72 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.spanner_instance.google_spanner_database.spanner_databases["my-database"]:
+ ddl: []
+ deletion_protection: false
+ enable_drop_protection: false
+ encryption_config: []
+ instance: my-instance
+ name: my-database
+ project: project-id
+ timeouts: null
+ version_retention_period: 1d
+ module.spanner_instance.google_spanner_database_iam_binding.authoritative["my-database.roles/spanner.databaseReader"]:
+ condition: []
+ database: my-database
+ instance: my-instance
+ members:
+ - group:group1@myorg.com
+ project: project-id
+ role: roles/spanner.databaseReader
+ module.spanner_instance.google_spanner_database_iam_binding.bindings["my-database.spanner-database-role-user"]:
+ condition:
+ - description: Grant permissions on my_role
+ expression: (resource.type == "spanner.googleapis.com/DatabaseRole" && (resource.name.endsWith("/my_role")))
+ title: role-my_role
+ database: my-database
+ instance: my-instance
+ members:
+ - group:group2@myorg.com
+ project: project-id
+ role: roles/spanner.databaseRoleUser
+ module.spanner_instance.google_spanner_database_iam_member.bindings["my-database.spanner-database-admin"]:
+ condition:
+ - description: Delegated role grants.
+ expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/storage.databaseReader'])
+ title: delegated-role-grants
+ database: my-database
+ instance: my-instance
+ member: group:group3@myorg.com
+ project: project-id
+ role: roles/spanner.databaseAdmin
+ module.spanner_instance.google_spanner_instance.spanner_instance[0]:
+ autoscaling_config: []
+ config: regional-us-central1
+ display_name: Regional instance
+ force_destroy: false
+ labels: null
+ name: my-instance
+ num_nodes: 1
+ project: project-id
+ timeouts: null
+
+counts:
+ google_spanner_database: 1
+ google_spanner_database_iam_binding: 2
+ google_spanner_database_iam_member: 1
+ google_spanner_instance: 1
+ modules: 1
+ resources: 5
\ No newline at end of file
diff --git a/tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml b/tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml
new file mode 100644
index 0000000000..f3e2f1d76c
--- /dev/null
+++ b/tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml
@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.spanner_instance.google_spanner_instance.spanner_instance[0]:
+ autoscaling_config:
+ - autoscaling_limits:
+ - max_nodes: null
+ max_processing_units: 3000
+ min_nodes: null
+ min_processing_units: 2000
+ autoscaling_targets:
+ - high_priority_cpu_utilization_percent: 75
+ storage_utilization_percent: 90
+ config: regional-us-central1
+ display_name: Regional instance
+ effective_labels:
+ foo: bar
+ force_destroy: false
+ labels:
+ foo: bar
+ name: my-instance
+ project: project-id
+ terraform_labels:
+ foo: bar
+ timeouts: null
+
+counts:
+ google_spanner_instance: 1
+ modules: 1
+ resources: 1
\ No newline at end of file
diff --git a/tests/modules/spanner_instance/examples/instance-with-custom-config.yaml b/tests/modules/spanner_instance/examples/instance-with-custom-config.yaml
new file mode 100644
index 0000000000..3a5cc03802
--- /dev/null
+++ b/tests/modules/spanner_instance/examples/instance-with-custom-config.yaml
@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.spanner_instance.google_spanner_instance.spanner_instance[0]:
+ autoscaling_config: []
+ config: custom-nam11-config
+ display_name: Regional instance
+ force_destroy: false
+ labels: null
+ name: my-instance
+ num_nodes: 1
+ project: project-id
+ timeouts: null
+ module.spanner_instance.google_spanner_instance_config.spanner_instance_config[0]:
+ base_config: name11
+ display_name: Test Spanner Instance Config
+ labels: null
+ name: custom-nam11-config
+ project: project-id
+ replicas:
+ - default_leader_location: false
+ location: us-west1
+ type: READ_ONLY
+ timeouts: null
+
+counts:
+ google_spanner_instance: 1
+ google_spanner_instance_config: 1
+ modules: 1
+ resources: 2
\ No newline at end of file
diff --git a/tests/modules/spanner_instance/examples/simple-instance-with-database.yaml b/tests/modules/spanner_instance/examples/simple-instance-with-database.yaml
new file mode 100644
index 0000000000..982f50262a
--- /dev/null
+++ b/tests/modules/spanner_instance/examples/simple-instance-with-database.yaml
@@ -0,0 +1,40 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.spanner_instace.google_spanner_database.spanner_databases["my-database"]:
+ ddl: []
+ deletion_protection: false
+ enable_drop_protection: false
+ encryption_config: []
+ instance: my-instance
+ name: my-database
+ project: project-id
+ timeouts: null
+ module.spanner_instace.google_spanner_instance.spanner_instance[0]:
+ autoscaling_config: []
+ config: regional-us-central1
+ display_name: Regional instance in us-central1
+ force_destroy: false
+ labels: null
+ name: my-instance
+ num_nodes: 1
+ project: project-id
+ timeouts: null
+
+counts:
+ google_spanner_database: 1
+ google_spanner_instance: 1
+ modules: 1
+ resources: 2
\ No newline at end of file