From 0bb75f3ae1f2296c733890ce06aea74868749af0 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 21 Jun 2024 20:19:29 +0200 Subject: [PATCH 1/6] support build service account in cloud function v2 module (#2371) --- modules/cloud-function-v2/README.md | 41 +++++++++++++------------- modules/cloud-function-v2/main.tf | 1 + modules/cloud-function-v2/variables.tf | 6 ++++ 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/modules/cloud-function-v2/README.md b/modules/cloud-function-v2/README.md index bb87dfa22e..0c68b2eb17 100644 --- a/modules/cloud-function-v2/README.md +++ b/modules/cloud-function-v2/README.md @@ -282,27 +282,28 @@ module "cf-http" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [bucket_name](variables.tf#L26) | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | string | ✓ | | -| [bundle_config](variables.tf#L38) | Cloud function source. Path can point to a GCS object URI, or a local path. A local path to a zip archive will generate a GCS object using its basename, a folder will be zipped and the GCS object name inferred when not specified. | object({…}) | ✓ | | -| [name](variables.tf#L133) | Name used for cloud function and associated resources. | string | ✓ | | -| [project_id](variables.tf#L148) | Project id used for all resources. | string | ✓ | | -| [region](variables.tf#L153) | Region used for all resources. | string | ✓ | | +| [bundle_config](variables.tf#L44) | Cloud function source. Path can point to a GCS object URI, or a local path. A local path to a zip archive will generate a GCS object using its basename, a folder will be zipped and the GCS object name inferred when not specified. | object({…}) | ✓ | | +| [name](variables.tf#L139) | Name used for cloud function and associated resources. | string | ✓ | | +| [project_id](variables.tf#L154) | Project id used for all resources. | string | ✓ | | +| [region](variables.tf#L159) | Region used for all resources. | string | ✓ | | | [bucket_config](variables.tf#L17) | Enable and configure auto-created bucket. Set fields to null to use defaults. | object({…}) | | null | -| [build_worker_pool](variables.tf#L32) | Build worker pool, in projects//locations//workerPools/ format. | string | | null | -| [description](variables.tf#L71) | Optional description. | string | | "Terraform managed." | -| [docker_repository_id](variables.tf#L77) | User managed repository created in Artifact Registry. | string | | null | -| [environment_variables](variables.tf#L83) | Cloud function environment variables. | map(string) | | {} | -| [function_config](variables.tf#L89) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | object({…}) | | {…} | -| [iam](variables.tf#L109) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [ingress_settings](variables.tf#L115) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | string | | null | -| [kms_key](variables.tf#L121) | Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources in key id format. If specified, you must also provide an artifact registry repository using the docker_repository_id field that was created with the same KMS crypto key. | string | | null | -| [labels](variables.tf#L127) | Resource labels. | map(string) | | {} | -| [prefix](variables.tf#L138) | Optional prefix used for resource names. | string | | null | -| [secrets](variables.tf#L158) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | map(object({…})) | | {} | -| [service_account](variables.tf#L170) | Service account email. Unused if service account is auto-created. | string | | null | -| [service_account_create](variables.tf#L176) | Auto-create service account. | bool | | false | -| [trigger_config](variables.tf#L182) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null | -| [vpc_connector](variables.tf#L200) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null | -| [vpc_connector_config](variables.tf#L210) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null | +| [build_service_account](variables.tf#L32) | Build service account email. | string | | null | +| [build_worker_pool](variables.tf#L38) | Build worker pool, in projects//locations//workerPools/ format. | string | | null | +| [description](variables.tf#L77) | Optional description. | string | | "Terraform managed." | +| [docker_repository_id](variables.tf#L83) | User managed repository created in Artifact Registry. | string | | null | +| [environment_variables](variables.tf#L89) | Cloud function environment variables. | map(string) | | {} | +| [function_config](variables.tf#L95) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | object({…}) | | {…} | +| [iam](variables.tf#L115) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [ingress_settings](variables.tf#L121) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | string | | null | +| [kms_key](variables.tf#L127) | Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources in key id format. If specified, you must also provide an artifact registry repository using the docker_repository_id field that was created with the same KMS crypto key. | string | | null | +| [labels](variables.tf#L133) | Resource labels. | map(string) | | {} | +| [prefix](variables.tf#L144) | Optional prefix used for resource names. | string | | null | +| [secrets](variables.tf#L164) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | map(object({…})) | | {} | +| [service_account](variables.tf#L176) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L182) | Auto-create service account. | bool | | false | +| [trigger_config](variables.tf#L188) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null | +| [vpc_connector](variables.tf#L206) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null | +| [vpc_connector_config](variables.tf#L216) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null | ## Outputs diff --git a/modules/cloud-function-v2/main.tf b/modules/cloud-function-v2/main.tf index 5211c636bc..0089a89996 100644 --- a/modules/cloud-function-v2/main.tf +++ b/modules/cloud-function-v2/main.tf @@ -66,6 +66,7 @@ resource "google_cloudfunctions2_function" "function" { description = var.description kms_key_name = var.kms_key build_config { + service_account = var.build_service_account worker_pool = var.build_worker_pool runtime = var.function_config.runtime entry_point = var.function_config.entry_point diff --git a/modules/cloud-function-v2/variables.tf b/modules/cloud-function-v2/variables.tf index 5e41288e3a..d347e24fda 100644 --- a/modules/cloud-function-v2/variables.tf +++ b/modules/cloud-function-v2/variables.tf @@ -29,6 +29,12 @@ variable "bucket_name" { nullable = false } +variable "build_service_account" { + description = "Build service account email." + type = string + default = null +} + variable "build_worker_pool" { description = "Build worker pool, in projects//locations//workerPools/ format." type = string From 270f61a75a2796964e7d7ff3b8f06890c1d8f24b Mon Sep 17 00:00:00 2001 From: Dean Sorie <66969624+deanosaurx@users.noreply.github.com> Date: Sun, 23 Jun 2024 18:20:10 +0300 Subject: [PATCH 2/6] Added expire_time option to the secret-manager module (#2373) * Added expire_time option to the secret module * Ran tfdoc to update the readme file * Fixed a failed test, moved the expire_time variable to the top and ran tfdoc again --- modules/secret-manager/README.md | 11 ++++++----- modules/secret-manager/main.tf | 12 +++++++----- modules/secret-manager/variables.tf | 7 ++++++- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/modules/secret-manager/README.md b/modules/secret-manager/README.md index eefec750b5..32e6b305a2 100644 --- a/modules/secret-manager/README.md +++ b/modules/secret-manager/README.md @@ -110,11 +110,12 @@ module "secret-manager" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L29) | Project id where the keyring will be created. | string | ✓ | | -| [iam](variables.tf#L17) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | -| [labels](variables.tf#L23) | Optional labels for each secret. | map(map(string)) | | {} | -| [secrets](variables.tf#L34) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | map(object({…})) | | {} | -| [versions](variables.tf#L43) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | map(map(object({…}))) | | {} | +| [project_id](variables.tf#L34) | Project id where the keyring will be created. | string | ✓ | | +| [expire_time](variables.tf#L16) | Timestamp in UTC when the Secret is scheduled to expire. | string | | null | +| [iam](variables.tf#L22) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} | +| [labels](variables.tf#L28) | Optional labels for each secret. | map(map(string)) | | {} | +| [secrets](variables.tf#L39) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | map(object({…})) | | {} | +| [versions](variables.tf#L48) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | map(map(object({…}))) | | {} | ## Outputs diff --git a/modules/secret-manager/main.tf b/modules/secret-manager/main.tf index 61f4d5efe2..d5df3730c3 100644 --- a/modules/secret-manager/main.tf +++ b/modules/secret-manager/main.tf @@ -33,13 +33,15 @@ locals { version_keypairs = { for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair } + expire_time = var.expire_time != null ? var.expire_time : "" } resource "google_secret_manager_secret" "default" { - for_each = var.secrets - project = var.project_id - secret_id = each.key - labels = lookup(var.labels, each.key, null) + for_each = var.secrets + project = var.project_id + secret_id = each.key + labels = lookup(var.labels, each.key, null) + expire_time = local.expire_time != "" ? local.expire_time : null dynamic "replication" { for_each = each.value.locations == null ? [""] : [] @@ -93,4 +95,4 @@ resource "google_secret_manager_secret_iam_binding" "default" { role = each.value.role secret_id = google_secret_manager_secret.default[each.value.secret].id members = each.value.members -} \ No newline at end of file +} diff --git a/modules/secret-manager/variables.tf b/modules/secret-manager/variables.tf index 089f2a69b2..6fb447239c 100644 --- a/modules/secret-manager/variables.tf +++ b/modules/secret-manager/variables.tf @@ -13,6 +13,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +variable "expire_time" { + description = "Timestamp in UTC when the Secret is scheduled to expire." + type = string + default = null +} variable "iam" { description = "IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format." @@ -47,4 +52,4 @@ variable "versions" { data = string }))) default = {} -} \ No newline at end of file +} From 73e286c0ab2db8316c8bcb4343a1280fe6628dec Mon Sep 17 00:00:00 2001 From: apichick Date: Sun, 23 Jun 2024 19:25:22 +0200 Subject: [PATCH 3/6] Added spanner-instance module (#2372) --- README.md | 2 +- .../patterns/autopilot-cluster/versions.tf | 4 +- blueprints/gke/patterns/batch/versions.tf | 4 +- blueprints/gke/patterns/kafka/versions.tf | 4 +- .../gke/patterns/kong-cloudrun/versions.tf | 4 +- blueprints/gke/patterns/mysql/versions.tf | 4 +- .../gke/patterns/redis-cluster/versions.tf | 4 +- default-versions.tf | 4 +- modules/README.md | 1 + .../alloydb-instance/versions.tf | 4 +- .../net-neg/versions.tf | 4 +- .../project-iam-magic/versions.tf | 4 +- modules/alloydb/versions.tf | 4 +- modules/analytics-hub/versions.tf | 4 +- modules/api-gateway/versions.tf | 4 +- modules/apigee/versions.tf | 4 +- modules/artifact-registry/versions.tf | 4 +- modules/bigquery-dataset/versions.tf | 4 +- modules/bigtable-instance/versions.tf | 4 +- modules/billing-account/versions.tf | 4 +- modules/binauthz/versions.tf | 4 +- .../__need_fixing/onprem/versions.tf | 4 +- .../__need_fixing/squid/versions.tf | 4 +- .../bindplane/versions.tf | 4 +- .../coredns/versions.tf | 4 +- .../cos-generic-metadata/versions.tf | 4 +- .../envoy-sni-dyn-fwd-proxy/versions.tf | 4 +- .../envoy-traffic-director/versions.tf | 4 +- .../cloud-config-container/mysql/versions.tf | 4 +- .../nginx-tls/versions.tf | 4 +- .../cloud-config-container/nginx/versions.tf | 4 +- .../simple-nva/versions.tf | 4 +- modules/cloud-function-v1/versions.tf | 4 +- modules/cloud-function-v2/versions.tf | 4 +- modules/cloud-identity-group/versions.tf | 4 +- modules/cloud-run-v2/versions.tf | 4 +- modules/cloud-run/versions.tf | 4 +- modules/cloudsql-instance/versions.tf | 4 +- modules/compute-mig/versions.tf | 4 +- modules/compute-vm/versions.tf | 4 +- modules/container-registry/versions.tf | 4 +- modules/data-catalog-policy-tag/versions.tf | 4 +- modules/data-catalog-tag-template/versions.tf | 4 +- modules/data-catalog-tag/versions.tf | 4 +- modules/dataform-repository/versions.tf | 4 +- modules/datafusion/versions.tf | 4 +- modules/dataplex-datascan/versions.tf | 4 +- modules/dataplex/versions.tf | 4 +- modules/dataproc/versions.tf | 4 +- modules/dns-response-policy/versions.tf | 4 +- modules/dns/versions.tf | 4 +- modules/endpoints/versions.tf | 4 +- modules/folder/versions.tf | 4 +- modules/gcs/versions.tf | 4 +- modules/gcve-private-cloud/versions.tf | 4 +- modules/gke-cluster-autopilot/versions.tf | 4 +- modules/gke-cluster-standard/versions.tf | 4 +- modules/gke-hub/versions.tf | 4 +- modules/gke-nodepool/versions.tf | 4 +- modules/iam-service-account/versions.tf | 4 +- modules/kms/versions.tf | 4 +- modules/logging-bucket/versions.tf | 4 +- modules/ncc-spoke-ra/versions.tf | 4 +- modules/net-address/versions.tf | 4 +- modules/net-cloudnat/versions.tf | 4 +- modules/net-firewall-policy/versions.tf | 4 +- .../net-ipsec-over-interconnect/versions.tf | 4 +- modules/net-lb-app-ext-regional/versions.tf | 4 +- modules/net-lb-app-ext/versions.tf | 4 +- .../net-lb-app-int-cross-region/versions.tf | 4 +- modules/net-lb-app-int/versions.tf | 4 +- modules/net-lb-ext/versions.tf | 4 +- modules/net-lb-int/versions.tf | 4 +- modules/net-lb-proxy-int/versions.tf | 4 +- modules/net-swp/versions.tf | 4 +- modules/net-vlan-attachment/versions.tf | 4 +- modules/net-vpc-firewall/versions.tf | 4 +- modules/net-vpc-peering/versions.tf | 4 +- modules/net-vpc/versions.tf | 4 +- modules/net-vpn-dynamic/versions.tf | 4 +- modules/net-vpn-ha/versions.tf | 4 +- modules/net-vpn-static/versions.tf | 4 +- modules/organization/versions.tf | 4 +- modules/project/versions.tf | 4 +- modules/projects-data-source/versions.tf | 4 +- modules/pubsub/versions.tf | 4 +- modules/secret-manager/versions.tf | 4 +- modules/service-directory/versions.tf | 4 +- modules/source-repository/versions.tf | 4 +- modules/spanner-instance/README.md | 189 ++++++++++++++++++ modules/spanner-instance/iam.tf | 99 +++++++++ modules/spanner-instance/main.tf | 90 +++++++++ modules/spanner-instance/outputs.tf | 45 +++++ modules/spanner-instance/variables.tf | 138 +++++++++++++ modules/spanner-instance/versions.tf | 27 +++ modules/vpc-sc/versions.tf | 4 +- modules/workstation-cluster/versions.tf | 4 +- tests/examples_e2e/setup_module/versions.tf | 4 +- .../spanner_instance/examples/iam.yaml | 72 +++++++ .../examples/instance-with-autoscaling.yaml | 42 ++++ .../examples/instance-with-custom-config.yaml | 42 ++++ .../simple-instance-with-database.yaml | 40 ++++ 102 files changed, 966 insertions(+), 181 deletions(-) create mode 100644 modules/spanner-instance/README.md create mode 100644 modules/spanner-instance/iam.tf create mode 100644 modules/spanner-instance/main.tf create mode 100644 modules/spanner-instance/outputs.tf create mode 100644 modules/spanner-instance/variables.tf create mode 100644 modules/spanner-instance/versions.tf create mode 100644 tests/modules/spanner_instance/examples/iam.yaml create mode 100644 tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml create mode 100644 tests/modules/spanner_instance/examples/instance-with-custom-config.yaml create mode 100644 tests/modules/spanner_instance/examples/simple-instance-with-database.yaml diff --git a/README.md b/README.md index 478af9e384..87524ce7ad 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Currently available modules: - **process factories** - [project factory](./modules/project-factory/README.md) - **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp) - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud) -- **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/) +- **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Spanner instance](./modules/spanner-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/) - **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Workstation cluster](./modules/workstation-cluster) - **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc) - **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run), [Cloud Run v2](./modules/cloud-run-v2) diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tf b/blueprints/gke/patterns/autopilot-cluster/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/blueprints/gke/patterns/autopilot-cluster/versions.tf +++ b/blueprints/gke/patterns/autopilot-cluster/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/batch/versions.tf b/blueprints/gke/patterns/batch/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/blueprints/gke/patterns/batch/versions.tf +++ b/blueprints/gke/patterns/batch/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/kafka/versions.tf b/blueprints/gke/patterns/kafka/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/blueprints/gke/patterns/kafka/versions.tf +++ b/blueprints/gke/patterns/kafka/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/kong-cloudrun/versions.tf b/blueprints/gke/patterns/kong-cloudrun/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/blueprints/gke/patterns/kong-cloudrun/versions.tf +++ b/blueprints/gke/patterns/kong-cloudrun/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/mysql/versions.tf b/blueprints/gke/patterns/mysql/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/blueprints/gke/patterns/mysql/versions.tf +++ b/blueprints/gke/patterns/mysql/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/redis-cluster/versions.tf b/blueprints/gke/patterns/redis-cluster/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/blueprints/gke/patterns/redis-cluster/versions.tf +++ b/blueprints/gke/patterns/redis-cluster/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/default-versions.tf b/default-versions.tf index 15c205b963..d1f29b96bb 100644 --- a/default-versions.tf +++ b/default-versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/README.md b/modules/README.md index 37c057107f..e64cb3bde8 100644 --- a/modules/README.md +++ b/modules/README.md @@ -84,6 +84,7 @@ These modules are used in the examples included in this repository. If you are u - [BigQuery dataset](./bigquery-dataset) - [Bigtable instance](./bigtable-instance) - [Cloud SQL instance](./cloudsql-instance) +- [Spanner instance](./spanner-instance) - [Data Catalog Policy Tag](./data-catalog-policy-tag) - [Data Catalog Tag](./data-catalog-tag) - [Data Catalog Tag Template](./data-catalog-tag-template) diff --git a/modules/__experimental_deprecated/alloydb-instance/versions.tf b/modules/__experimental_deprecated/alloydb-instance/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/__experimental_deprecated/alloydb-instance/versions.tf +++ b/modules/__experimental_deprecated/alloydb-instance/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental_deprecated/net-neg/versions.tf b/modules/__experimental_deprecated/net-neg/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/__experimental_deprecated/net-neg/versions.tf +++ b/modules/__experimental_deprecated/net-neg/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental_deprecated/project-iam-magic/versions.tf b/modules/__experimental_deprecated/project-iam-magic/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/__experimental_deprecated/project-iam-magic/versions.tf +++ b/modules/__experimental_deprecated/project-iam-magic/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/alloydb/versions.tf b/modules/alloydb/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/alloydb/versions.tf +++ b/modules/alloydb/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/analytics-hub/versions.tf b/modules/analytics-hub/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/analytics-hub/versions.tf +++ b/modules/analytics-hub/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/api-gateway/versions.tf +++ b/modules/api-gateway/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/apigee/versions.tf +++ b/modules/apigee/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/artifact-registry/versions.tf +++ b/modules/artifact-registry/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/bigquery-dataset/versions.tf +++ b/modules/bigquery-dataset/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/bigtable-instance/versions.tf +++ b/modules/bigtable-instance/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/billing-account/versions.tf +++ b/modules/billing-account/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/binauthz/versions.tf +++ b/modules/binauthz/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf +++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/squid/versions.tf b/modules/cloud-config-container/__need_fixing/squid/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/__need_fixing/squid/versions.tf +++ b/modules/cloud-config-container/__need_fixing/squid/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/bindplane/versions.tf b/modules/cloud-config-container/bindplane/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/bindplane/versions.tf +++ b/modules/cloud-config-container/bindplane/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/coredns/versions.tf +++ b/modules/cloud-config-container/coredns/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/cos-generic-metadata/versions.tf +++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf +++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/envoy-traffic-director/versions.tf +++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/mysql/versions.tf +++ b/modules/cloud-config-container/mysql/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/nginx-tls/versions.tf +++ b/modules/cloud-config-container/nginx-tls/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/nginx/versions.tf +++ b/modules/cloud-config-container/nginx/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-config-container/simple-nva/versions.tf +++ b/modules/cloud-config-container/simple-nva/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-function-v1/versions.tf +++ b/modules/cloud-function-v1/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-function-v2/versions.tf +++ b/modules/cloud-function-v2/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-identity-group/versions.tf +++ b/modules/cloud-identity-group/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run-v2/versions.tf b/modules/cloud-run-v2/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-run-v2/versions.tf +++ b/modules/cloud-run-v2/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloud-run/versions.tf +++ b/modules/cloud-run/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/cloudsql-instance/versions.tf +++ b/modules/cloudsql-instance/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/compute-mig/versions.tf +++ b/modules/compute-mig/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/compute-vm/versions.tf +++ b/modules/compute-vm/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/container-registry/versions.tf +++ b/modules/container-registry/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/data-catalog-policy-tag/versions.tf +++ b/modules/data-catalog-policy-tag/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-tag-template/versions.tf b/modules/data-catalog-tag-template/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/data-catalog-tag-template/versions.tf +++ b/modules/data-catalog-tag-template/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-tag/versions.tf b/modules/data-catalog-tag/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/data-catalog-tag/versions.tf +++ b/modules/data-catalog-tag/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/dataform-repository/versions.tf b/modules/dataform-repository/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/dataform-repository/versions.tf +++ b/modules/dataform-repository/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/datafusion/versions.tf +++ b/modules/datafusion/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/dataplex-datascan/versions.tf +++ b/modules/dataplex-datascan/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/dataplex/versions.tf +++ b/modules/dataplex/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/dataproc/versions.tf +++ b/modules/dataproc/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/dns-response-policy/versions.tf +++ b/modules/dns-response-policy/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/dns/versions.tf +++ b/modules/dns/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/endpoints/versions.tf +++ b/modules/endpoints/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/folder/versions.tf +++ b/modules/folder/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/gcs/versions.tf +++ b/modules/gcs/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/gcve-private-cloud/versions.tf +++ b/modules/gcve-private-cloud/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/gke-cluster-autopilot/versions.tf +++ b/modules/gke-cluster-autopilot/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/gke-cluster-standard/versions.tf +++ b/modules/gke-cluster-standard/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/gke-hub/versions.tf +++ b/modules/gke-hub/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/gke-nodepool/versions.tf +++ b/modules/gke-nodepool/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/iam-service-account/versions.tf +++ b/modules/iam-service-account/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/kms/versions.tf +++ b/modules/kms/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/logging-bucket/versions.tf +++ b/modules/logging-bucket/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/ncc-spoke-ra/versions.tf +++ b/modules/ncc-spoke-ra/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-address/versions.tf +++ b/modules/net-address/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-cloudnat/versions.tf +++ b/modules/net-cloudnat/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-firewall-policy/versions.tf +++ b/modules/net-firewall-policy/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-ipsec-over-interconnect/versions.tf +++ b/modules/net-ipsec-over-interconnect/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext-regional/versions.tf b/modules/net-lb-app-ext-regional/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-app-ext-regional/versions.tf +++ b/modules/net-lb-app-ext-regional/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-app-ext/versions.tf +++ b/modules/net-lb-app-ext/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int-cross-region/versions.tf b/modules/net-lb-app-int-cross-region/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-app-int-cross-region/versions.tf +++ b/modules/net-lb-app-int-cross-region/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-app-int/versions.tf +++ b/modules/net-lb-app-int/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-ext/versions.tf +++ b/modules/net-lb-ext/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-int/versions.tf +++ b/modules/net-lb-int/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-lb-proxy-int/versions.tf +++ b/modules/net-lb-proxy-int/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-swp/versions.tf +++ b/modules/net-swp/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vlan-attachment/versions.tf +++ b/modules/net-vlan-attachment/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vpc-firewall/versions.tf +++ b/modules/net-vpc-firewall/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vpc-peering/versions.tf +++ b/modules/net-vpc-peering/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vpc/versions.tf +++ b/modules/net-vpc/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vpn-dynamic/versions.tf +++ b/modules/net-vpn-dynamic/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vpn-ha/versions.tf +++ b/modules/net-vpn-ha/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/net-vpn-static/versions.tf +++ b/modules/net-vpn-static/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/organization/versions.tf +++ b/modules/organization/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/project/versions.tf b/modules/project/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/project/versions.tf +++ b/modules/project/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/projects-data-source/versions.tf +++ b/modules/projects-data-source/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/pubsub/versions.tf +++ b/modules/pubsub/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/secret-manager/versions.tf +++ b/modules/secret-manager/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/service-directory/versions.tf +++ b/modules/service-directory/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/source-repository/versions.tf +++ b/modules/source-repository/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/spanner-instance/README.md b/modules/spanner-instance/README.md new file mode 100644 index 0000000000..ea0f0a147f --- /dev/null +++ b/modules/spanner-instance/README.md @@ -0,0 +1,189 @@ +# Spanner instance + +This module allows to create a spanner instance with associated spanner instance config and databases in the instance. Additionally it allows creating instance IAM bindings and database IAM bindings. + +## Examples + +### Basic instance with a database + +```hcl +module "spanner_instace" { + source = "./fabric/modules/spanner-instance" + project_id = var.project_id + instance = { + name = "my-instance" + display_name = "Regional instance in us-central1" + config = { + name = "regional-us-central1" + } + num_nodes = 1 + } + databases = { + my-database = { + + } + } +} +# tftest modules=1 resources=2 inventory=simple-instance-with-database.yaml +``` + +### Instance with autoscaling + +```hcl +module "spanner_instance" { + source = "./fabric/modules/spanner-instance" + project_id = var.project_id + instance = { + name = "my-instance" + display_name = "Regional instance" + config = { + name = "regional-us-central1" + } + autoscaling = { + limits = { + min_processing_units = 2000 + max_processing_units = 3000 + } + targets = { + high_priority_cpu_utilization_percent = 75 + storage_utilization_percent = 90 + } + } + labels = { + foo = "bar" + } + } +} +# tftest modules=1 resources=1 inventory=instance-with-autoscaling.yaml +``` + +### Instance with custom config + +```hcl +module "spanner_instance" { + source = "./fabric/modules/spanner-instance" + project_id = var.project_id + instance = { + name = "my-instance" + display_name = "Regional instance" + config = { + name = "custom-nam11-config" + auto_create = { + display_name = "Test Spanner Instance Config" + base_config = "name11" + replicas = [ + { + location = "us-west1" + type = "READ_ONLY" + default_leader_location = false + } + ] + } + } + num_nodes = 1 + } +} +# tftest modules=1 resources=2 inventory=instance-with-custom-config.yaml +``` + +### New database in existing instance + +```hcl +module "spanner_instance" { + source = "./fabric/modules/spanner-instance" + project_id = var.project_id + instance = { + name = "my-instance" + } + instance_create = false + databases = { + my-database = { + + } + } +} +# tftest skip +``` + +### IAM + +```hcl +module "spanner_instance" { + source = "./fabric/modules/spanner-instance" + project_id = var.project_id + instance = { + name = "my-instance" + display_name = "Regional instance" + config = { + name = "regional-us-central1" + } + num_nodes = 1 + } + databases = { + my-database = { + version_retention_period = "1d" + iam = { + "roles/spanner.databaseReader" = [ + "group:group1@myorg.com" + ] + } + iam_bindings = { + "spanner-database-role-user" = { + role = "roles/spanner.databaseRoleUser" + members = [ + "group:group2@myorg.com" + ] + condition = { + title = "role-my_role" + description = "Grant permissions on my_role" + expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/my_role\")))" + } + } + } + iam_bindings_additive = { + "spanner-database-admin" = { + role = "roles/spanner.databaseAdmin" + member = "group:group3@myorg.com" + condition = { + title = "delegated-role-grants" + description = "Delegated role grants." + expression = format( + "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])", + join(",", formatlist("'%s'", + [ + "roles/storage.databaseReader", + ] + )) + ) + } + } + } + } + } +} +# tftest modules=1 resources=5 inventory=iam.yaml +``` + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [instance](variables.tf#L89) | Instance attributes. | object({…}) | ✓ | | +| [project_id](variables.tf#L134) | Project id. | string | ✓ | | +| [databases](variables.tf#L17) | Databases. | map(object({…})) | | {} | +| [iam](variables.tf#L63) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_bindings](variables.tf#L69) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | +| [iam_bindings_additive](variables.tf#L79) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | +| [instance_create](variables.tf#L127) | Set to false to manage databases and IAM bindings in an existing instance. | bool | | true | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [spanner_database_ids](outputs.tf#L17) | Spanner database ids. | | +| [spanner_databases](outputs.tf#L22) | Spanner databases. | | +| [spanner_instance](outputs.tf#L27) | Spanner instance. | | +| [spanner_instance_config](outputs.tf#L32) | Spanner instance config. | | +| [spanner_instance_config_id](outputs.tf#L37) | Spanner instance config id. | | +| [spanner_instance_id](outputs.tf#L42) | Spanner instance id. | | + diff --git a/modules/spanner-instance/iam.tf b/modules/spanner-instance/iam.tf new file mode 100644 index 0000000000..582d2bb14f --- /dev/null +++ b/modules/spanner-instance/iam.tf @@ -0,0 +1,99 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + spanner_database_iam = merge([for k1, v1 in var.databases : { for k2, v2 in v1.iam : + "${k1}.${k2}" => { + database = k1 + role = k2 + members = v2 + } }]...) + spanner_database_iam_bindings = merge([for k1, v1 in var.databases : { for k2, v2 in v1.iam_bindings : + "${k1}.${k2}" => merge(v2, { + database = k1 + }) }]...) + spanner_database_iam_bindings_additive = merge([for k1, v1 in var.databases : { for k2, v2 in v1.iam_bindings_additive : + "${k1}.${k2}" => merge(v2, { + database = k1 + }) }]...) +} + +resource "google_spanner_instance_iam_binding" "authoritative" { + for_each = var.iam + project = local.spanner_instance.project + instance = local.spanner_instance.id + role = each.key + members = each.value +} + +resource "google_spanner_instance_iam_binding" "bindings" { + for_each = var.iam_bindings + project = local.spanner_instance.project + instance = local.spanner_instance.id + role = each.value.role + members = each.value.members +} + +resource "google_spanner_instance_iam_member" "bindings" { + for_each = var.iam_bindings_additive + project = var.project_id + instance = local.spanner_instance.id + role = each.value.role + member = each.value.member +} + +resource "google_spanner_database_iam_binding" "authoritative" { + for_each = local.spanner_database_iam + project = google_spanner_database.spanner_databases[each.value.database].project + instance = google_spanner_database.spanner_databases[each.value.database].instance + database = google_spanner_database.spanner_databases[each.value.database].name + role = each.value.role + members = each.value.members +} + +resource "google_spanner_database_iam_binding" "bindings" { + for_each = local.spanner_database_iam_bindings + project = google_spanner_database.spanner_databases[each.value.database].project + instance = google_spanner_database.spanner_databases[each.value.database].instance + database = google_spanner_database.spanner_databases[each.value.database].name + role = each.value.role + members = each.value.members + dynamic "condition" { + for_each = each.value.condition == null ? [] : [""] + content { + expression = each.value.condition.expression + title = each.value.condition.title + description = each.value.condition.description + } + } +} + +resource "google_spanner_database_iam_member" "bindings" { + for_each = local.spanner_database_iam_bindings_additive + project = google_spanner_database.spanner_databases[each.value.database].project + instance = google_spanner_database.spanner_databases[each.value.database].instance + database = google_spanner_database.spanner_databases[each.value.database].name + role = each.value.role + member = each.value.member + dynamic "condition" { + for_each = each.value.condition == null ? [] : [""] + content { + expression = each.value.condition.expression + title = each.value.condition.title + description = each.value.condition.description + } + } +} diff --git a/modules/spanner-instance/main.tf b/modules/spanner-instance/main.tf new file mode 100644 index 0000000000..d35589ec11 --- /dev/null +++ b/modules/spanner-instance/main.tf @@ -0,0 +1,90 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + spanner_instance = var.instance_create ? google_spanner_instance.spanner_instance[0] : data.google_spanner_instance.spanner_instance[0] +} + +resource "google_spanner_instance_config" "spanner_instance_config" { + count = try(var.instance.config.auto_create, null) == null ? 0 : 1 + name = var.instance.config.name + project = var.project_id + display_name = coalesce(var.instance.config.auto_create.display_name, var.instance.config.name) + base_config = var.instance.config.auto_create.base_config + dynamic "replicas" { + for_each = var.instance.config.auto_create.replicas + content { + location = replicas.value.location + type = replicas.value.type + default_leader_location = replicas.value.default_leader_location + } + } + labels = var.instance.config.auto_create.labels +} + +data "google_spanner_instance" "spanner_instance" { + count = var.instance_create ? 0 : 1 + project = var.project_id + name = var.instance.name +} + +resource "google_spanner_instance" "spanner_instance" { + count = var.instance_create ? 1 : 0 + project = var.project_id + config = var.instance.config.auto_create == null ? var.instance.config.name : google_spanner_instance_config.spanner_instance_config[0].name + name = var.instance.name + display_name = coalesce(var.instance.display_name, var.instance.name) + num_nodes = var.instance.num_nodes + labels = var.instance.labels + force_destroy = var.instance.force_destroy + processing_units = var.instance.processing_units + dynamic "autoscaling_config" { + for_each = var.instance.autoscaling == null ? [] : [""] + content { + dynamic "autoscaling_limits" { + for_each = var.instance.autoscaling.limits == null ? [] : [""] + content { + max_processing_units = var.instance.autoscaling.limits.max_processing_units + min_processing_units = var.instance.autoscaling.limits.min_processing_units + } + } + dynamic "autoscaling_targets" { + for_each = var.instance.autoscaling.targets == null ? [] : [""] + content { + high_priority_cpu_utilization_percent = var.instance.autoscaling.targets.high_priority_cpu_utilization_percent + storage_utilization_percent = var.instance.autoscaling.targets.storage_utilization_percent + } + } + } + } +} + +resource "google_spanner_database" "spanner_databases" { + for_each = var.databases + project = var.project_id + instance = local.spanner_instance.name + name = each.key + ddl = each.value.ddl + enable_drop_protection = each.value.enable_drop_protection + deletion_protection = false + version_retention_period = each.value.version_retention_period + dynamic "encryption_config" { + for_each = each.value.kms_key_name == null ? [] : [""] + content { + kms_key_name = each.value.kms_key_name + } + } +} diff --git a/modules/spanner-instance/outputs.tf b/modules/spanner-instance/outputs.tf new file mode 100644 index 0000000000..7de01704f7 --- /dev/null +++ b/modules/spanner-instance/outputs.tf @@ -0,0 +1,45 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "spanner_database_ids" { + description = "Spanner database ids." + value = { for k, v in google_spanner_database.spanner_databases : k => v.id } +} + +output "spanner_databases" { + description = "Spanner databases." + value = google_spanner_database.spanner_databases +} + +output "spanner_instance" { + description = "Spanner instance." + value = local.spanner_instance +} + +output "spanner_instance_config" { + description = "Spanner instance config." + value = try(var.instance.config.auto_create, null) == null ? null : google_spanner_instance_config.spanner_instance_config[0] +} + +output "spanner_instance_config_id" { + description = "Spanner instance config id." + value = try(var.instance.config.auto_create, null) == null ? null : google_spanner_instance_config.spanner_instance_config[0].id +} + +output "spanner_instance_id" { + description = "Spanner instance id." + value = local.spanner_instance.id +} diff --git a/modules/spanner-instance/variables.tf b/modules/spanner-instance/variables.tf new file mode 100644 index 0000000000..5fa865e38c --- /dev/null +++ b/modules/spanner-instance/variables.tf @@ -0,0 +1,138 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "databases" { + description = "Databases." + type = map(object({ + database_dialect = optional(string) + ddl = optional(list(string), []) + deletion_protection = optional(bool) + enable_drop_protection = optional(bool) + iam = optional(map(list(string)), {}) + iam_bindings = optional(map(object({ + members = list(string) + role = string + condition = optional(object({ + expression = string + title = string + description = optional(string) + })) + })), {}) + iam_bindings_additive = optional(map(object({ + member = string + role = string + condition = optional(object({ + expression = string + title = string + description = optional(string) + })) + })), {}) + kms_key_name = optional(string) + version_retention_period = optional(string) + })) + default = {} + validation { + condition = alltrue( + [for k, v in var.databases : v.database_dialect == null ? true : contains(["GOOGLE_STANDARD_SQL", "POSTGRESQL"], v.database_dialect)] + ) + error_message = "Invalid database_dialect. If set, possible values are: GOOGLE_STANDARD_SQL, POSTGRESQL" + } + + validation { + condition = alltrue( + [for k, v in var.databases : v.version_retention_period == null ? true : can(regex("\\d+[smhd]", v.version_retention_period))] + ) + error_message = "Invalid version_retention_period. If set, the format has to be: \\d+[smhd]" + } + +} + +variable "iam" { + description = "IAM bindings in {ROLE => [MEMBERS]} format." + type = map(list(string)) + default = {} +} + +variable "iam_bindings" { + description = "Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary." + type = map(object({ + members = list(string) + role = string + })) + nullable = false + default = {} +} + +variable "iam_bindings_additive" { + description = "Individual additive IAM bindings. Keys are arbitrary." + type = map(object({ + member = string + role = string + })) + nullable = false + default = {} +} + +variable "instance" { + description = "Instance attributes." + type = object({ + autoscaling = optional(object({ + limits = optional(object({ + max_nodes = optional(number) + max_processing_units = optional(number) + min_nodes = optional(number) + min_processing_units = optional(number) + })) + targets = optional(object({ + high_priority_cpu_utilization_percent = optional(number) + storage_utilization_percent = optional(number) + })) + })) + config = optional(object({ + name = string + auto_create = optional(object({ + base_config = optional(string) + display_name = optional(string) + labels = optional(map(string), {}) + replicas = list(object({ + location = string + type = string + default_leader_location = bool + } + )) + })) + })) + display_name = optional(string) + labels = optional(map(string), {}) + name = string + num_nodes = optional(number) + processing_units = optional(number) + force_destroy = optional(bool) + }) +} + +variable "instance_create" { + description = "Set to false to manage databases and IAM bindings in an existing instance." + type = bool + default = true +} + + +variable "project_id" { + description = "Project id." + type = string +} + diff --git a/modules/spanner-instance/versions.tf b/modules/spanner-instance/versions.tf new file mode 100644 index 0000000000..d1f29b96bb --- /dev/null +++ b/modules/spanner-instance/versions.tf @@ -0,0 +1,27 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_version = ">= 1.7.4" + required_providers { + google = { + source = "hashicorp/google" + version = ">= 5.34.0, < 6.0.0" # tftest + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 5.34.0, < 6.0.0" # tftest + } + } +} diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/vpc-sc/versions.tf +++ b/modules/vpc-sc/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/modules/workstation-cluster/versions.tf +++ b/modules/workstation-cluster/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/tests/examples_e2e/setup_module/versions.tf b/tests/examples_e2e/setup_module/versions.tf index 15c205b963..d1f29b96bb 100644 --- a/tests/examples_e2e/setup_module/versions.tf +++ b/tests/examples_e2e/setup_module/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.32.0, < 6.0.0" # tftest + version = ">= 5.34.0, < 6.0.0" # tftest } } } diff --git a/tests/modules/spanner_instance/examples/iam.yaml b/tests/modules/spanner_instance/examples/iam.yaml new file mode 100644 index 0000000000..9bfe40b2d8 --- /dev/null +++ b/tests/modules/spanner_instance/examples/iam.yaml @@ -0,0 +1,72 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.spanner_instance.google_spanner_database.spanner_databases["my-database"]: + ddl: [] + deletion_protection: false + enable_drop_protection: false + encryption_config: [] + instance: my-instance + name: my-database + project: project-id + timeouts: null + version_retention_period: 1d + module.spanner_instance.google_spanner_database_iam_binding.authoritative["my-database.roles/spanner.databaseReader"]: + condition: [] + database: my-database + instance: my-instance + members: + - group:group1@myorg.com + project: project-id + role: roles/spanner.databaseReader + module.spanner_instance.google_spanner_database_iam_binding.bindings["my-database.spanner-database-role-user"]: + condition: + - description: Grant permissions on my_role + expression: (resource.type == "spanner.googleapis.com/DatabaseRole" && (resource.name.endsWith("/my_role"))) + title: role-my_role + database: my-database + instance: my-instance + members: + - group:group2@myorg.com + project: project-id + role: roles/spanner.databaseRoleUser + module.spanner_instance.google_spanner_database_iam_member.bindings["my-database.spanner-database-admin"]: + condition: + - description: Delegated role grants. + expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/storage.databaseReader']) + title: delegated-role-grants + database: my-database + instance: my-instance + member: group:group3@myorg.com + project: project-id + role: roles/spanner.databaseAdmin + module.spanner_instance.google_spanner_instance.spanner_instance[0]: + autoscaling_config: [] + config: regional-us-central1 + display_name: Regional instance + force_destroy: false + labels: null + name: my-instance + num_nodes: 1 + project: project-id + timeouts: null + +counts: + google_spanner_database: 1 + google_spanner_database_iam_binding: 2 + google_spanner_database_iam_member: 1 + google_spanner_instance: 1 + modules: 1 + resources: 5 \ No newline at end of file diff --git a/tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml b/tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml new file mode 100644 index 0000000000..f3e2f1d76c --- /dev/null +++ b/tests/modules/spanner_instance/examples/instance-with-autoscaling.yaml @@ -0,0 +1,42 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.spanner_instance.google_spanner_instance.spanner_instance[0]: + autoscaling_config: + - autoscaling_limits: + - max_nodes: null + max_processing_units: 3000 + min_nodes: null + min_processing_units: 2000 + autoscaling_targets: + - high_priority_cpu_utilization_percent: 75 + storage_utilization_percent: 90 + config: regional-us-central1 + display_name: Regional instance + effective_labels: + foo: bar + force_destroy: false + labels: + foo: bar + name: my-instance + project: project-id + terraform_labels: + foo: bar + timeouts: null + +counts: + google_spanner_instance: 1 + modules: 1 + resources: 1 \ No newline at end of file diff --git a/tests/modules/spanner_instance/examples/instance-with-custom-config.yaml b/tests/modules/spanner_instance/examples/instance-with-custom-config.yaml new file mode 100644 index 0000000000..3a5cc03802 --- /dev/null +++ b/tests/modules/spanner_instance/examples/instance-with-custom-config.yaml @@ -0,0 +1,42 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.spanner_instance.google_spanner_instance.spanner_instance[0]: + autoscaling_config: [] + config: custom-nam11-config + display_name: Regional instance + force_destroy: false + labels: null + name: my-instance + num_nodes: 1 + project: project-id + timeouts: null + module.spanner_instance.google_spanner_instance_config.spanner_instance_config[0]: + base_config: name11 + display_name: Test Spanner Instance Config + labels: null + name: custom-nam11-config + project: project-id + replicas: + - default_leader_location: false + location: us-west1 + type: READ_ONLY + timeouts: null + +counts: + google_spanner_instance: 1 + google_spanner_instance_config: 1 + modules: 1 + resources: 2 \ No newline at end of file diff --git a/tests/modules/spanner_instance/examples/simple-instance-with-database.yaml b/tests/modules/spanner_instance/examples/simple-instance-with-database.yaml new file mode 100644 index 0000000000..982f50262a --- /dev/null +++ b/tests/modules/spanner_instance/examples/simple-instance-with-database.yaml @@ -0,0 +1,40 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.spanner_instace.google_spanner_database.spanner_databases["my-database"]: + ddl: [] + deletion_protection: false + enable_drop_protection: false + encryption_config: [] + instance: my-instance + name: my-database + project: project-id + timeouts: null + module.spanner_instace.google_spanner_instance.spanner_instance[0]: + autoscaling_config: [] + config: regional-us-central1 + display_name: Regional instance in us-central1 + force_destroy: false + labels: null + name: my-instance + num_nodes: 1 + project: project-id + timeouts: null + +counts: + google_spanner_database: 1 + google_spanner_instance: 1 + modules: 1 + resources: 2 \ No newline at end of file From 6358ba34e0a38a1fe28e480ff83d2740a5e1293e Mon Sep 17 00:00:00 2001 From: apichick Date: Mon, 24 Jun 2024 08:59:29 +0200 Subject: [PATCH 4/6] Minor fixes in workstations IAM (#2375) --- modules/workstation-cluster/iam.tf | 93 ++++++++++++++---------------- 1 file changed, 43 insertions(+), 50 deletions(-) diff --git a/modules/workstation-cluster/iam.tf b/modules/workstation-cluster/iam.tf index 18f6f9535f..491c5f2129 100644 --- a/modules/workstation-cluster/iam.tf +++ b/modules/workstation-cluster/iam.tf @@ -14,32 +14,45 @@ * limitations under the License. */ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - # tfdoc:file:description IAM bindings -resource "google_workstations_workstation_config_iam_binding" "authoritative" { - provider = google-beta - for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam : +locals { + workstation_config_iam = merge([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam : "${k1}-${k2}" => { workstation_config_id = k1 role = k2 members = v2 - } }])...) + } }]...) + workstation_config_iam_bindings = merge([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings : + "${k1}-${k2}" => merge(v2, { + workstation_config_id = k1 + }) }]...) + workstation_config_iam_bindings_additive = merge([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive : + "${k1}-${k2}" => merge(v2, { + workstation_config_id = k1 + }) }]...) + workstation_iam = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : + { for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => { + workstation_config_id = k1 + workstation_id = k2 + role = k3 + members = v3 + } }]])...) + workstation_iam_bindings = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : + { for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, { + workstation_config_id = k1 + workstation_id = k2 + }) }]])...) + workstation_iam_bindings_additive = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : + { for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, { + workstation_config_id = k1 + workstation_id = k2 + }) }]])...) +} + +resource "google_workstations_workstation_config_iam_binding" "authoritative" { + provider = google-beta + for_each = local.workstation_config_iam project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id @@ -49,11 +62,8 @@ resource "google_workstations_workstation_config_iam_binding" "authoritative" { } resource "google_workstations_workstation_config_iam_binding" "bindings" { - provider = google-beta - for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings : - "${k1}-${k2}" => merge(v2, { - workstation_config_id = k1 - }) }])...) + provider = google-beta + for_each = local.workstation_config_iam_bindings project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id @@ -63,11 +73,8 @@ resource "google_workstations_workstation_config_iam_binding" "bindings" { } resource "google_workstations_workstation_config_iam_member" "bindings" { - provider = google-beta - for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive : - "${k1}-${k2}" => merge(v2, { - workstation_config_id = k1 - }) }])...) + provider = google-beta + for_each = local.workstation_config_iam_bindings_additive project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id @@ -77,14 +84,8 @@ resource "google_workstations_workstation_config_iam_member" "bindings" { } resource "google_workstations_workstation_iam_binding" "authoritative" { - provider = google-beta - for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : - { for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => { - workstation_config_id = k1 - workstation_id = k2 - role = k3 - members = v3 - } }]])...) + provider = google-beta + for_each = local.workstation_iam project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id @@ -95,12 +96,8 @@ resource "google_workstations_workstation_iam_binding" "authoritative" { } resource "google_workstations_workstation_iam_binding" "bindings" { - provider = google-beta - for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : - { for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, { - workstation_config_id = k1 - workstation_id = k2 - }) }]])...) + provider = google-beta + for_each = local.workstation_iam_bindings project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id @@ -111,12 +108,8 @@ resource "google_workstations_workstation_iam_binding" "bindings" { } resource "google_workstations_workstation_iam_member" "bindings" { - provider = google-beta - for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : - { for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, { - workstation_config_id = k1 - workstation_id = k2 - }) }]])...) + provider = google-beta + for_each = local.workstation_iam_bindings_additive project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id From 6c54ab69db72364ebf03e98486addf54ed4a3464 Mon Sep 17 00:00:00 2001 From: apichick Date: Mon, 24 Jun 2024 09:15:19 +0200 Subject: [PATCH 5/6] Removed advertised_groups ALL_VPC_SUBNETS, ALL_VPC_SUBNETS as they are no longer supported (#2376) Removed advertised_groups ALL_VPC_SUBNETS, ALL_VPC_SUBNETS as they are no longer supported --- modules/net-vpn-ha/README.md | 6 +++--- modules/net-vpn-ha/main.tf | 6 +----- modules/net-vpn-ha/variables.tf | 6 ++---- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/modules/net-vpn-ha/README.md b/modules/net-vpn-ha/README.md index 164e009f7e..aca124a153 100644 --- a/modules/net-vpn-ha/README.md +++ b/modules/net-vpn-ha/README.md @@ -213,9 +213,9 @@ module "vpn_ha" { | [region](variables.tf#L52) | Region used for resources. | string | ✓ | | | [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | | | [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | map(object({…})) | | {} | -| [tunnels](variables.tf#L72) | VPN tunnel configurations. | map(object({…})) | | {} | -| [vpn_gateway](variables.tf#L108) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | string | | null | -| [vpn_gateway_create](variables.tf#L114) | Create HA VPN Gateway. Set to null to avoid creation. | object({…}) | | {} | +| [tunnels](variables.tf#L72) | VPN tunnel configurations. | map(object({…})) | | {} | +| [vpn_gateway](variables.tf#L106) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | string | | null | +| [vpn_gateway_create](variables.tf#L112) | Create HA VPN Gateway. Set to null to avoid creation. | object({…}) | | {} | ## Outputs diff --git a/modules/net-vpn-ha/main.tf b/modules/net-vpn-ha/main.tf index bbb7ca0295..a86491cd0b 100644 --- a/modules/net-vpn-ha/main.tf +++ b/modules/net-vpn-ha/main.tf @@ -104,11 +104,7 @@ resource "google_compute_router_peer" "bgp_peer" { ? "CUSTOM" : "DEFAULT" ) - advertised_groups = concat( - try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [], - try(each.value.bgp_peer.custom_advertise.all_vpc_subnets, false) ? ["ALL_VPC_SUBNETS"] : [], - try(each.value.bgp_peer.custom_advertise.all_peer_vpc_subnets, false) ? ["ALL_PEER_VPC_SUBNETS"] : [] - ) + advertised_groups = try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [] dynamic "advertised_ip_ranges" { for_each = try(each.value.bgp_peer.custom_advertise.ip_ranges, {}) iterator = range diff --git a/modules/net-vpn-ha/variables.tf b/modules/net-vpn-ha/variables.tf index ba86eee6e9..cae4c2536c 100644 --- a/modules/net-vpn-ha/variables.tf +++ b/modules/net-vpn-ha/variables.tf @@ -77,10 +77,8 @@ variable "tunnels" { asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ - all_subnets = bool - all_vpc_subnets = bool - all_peer_vpc_subnets = bool - ip_ranges = map(string) + all_subnets = bool + ip_ranges = map(string) })) md5_authentication_key = optional(object({ name = string From d70cdf83934176eb797bbcff16d2744eb4ae1b93 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Mon, 24 Jun 2024 19:03:07 +0200 Subject: [PATCH 6/6] add wording for SCC Enterprise to FAST stage 0 (#2378) --- fast/stages/0-bootstrap/README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/fast/stages/0-bootstrap/README.md b/fast/stages/0-bootstrap/README.md index d5abcbb110..6dcb6e8b92 100644 --- a/fast/stages/0-bootstrap/README.md +++ b/fast/stages/0-bootstrap/README.md @@ -18,7 +18,9 @@ Use the following diagram as a simple high level reference for the following sec - [Design overview and choices](#design-overview-and-choices) - [User groups](#user-groups) - [Organization-level IAM](#organization-level-iam) - - [Organization policies and tag-based conditions](#organization-policies-and-tag-based-conditions) + - [Organization policies](#organization-policies) + - [Security Command Center Enterprise](#security-command-center-enterprise) + - [Tags and Organization Policy conditions](#tags-and-organization-policy-conditions) - [Automation project and resources](#automation-project-and-resources) - [Billing account](#billing-account) - [Organization-level logging](#organization-level-logging) @@ -70,13 +72,19 @@ One consequence of the above setup is the need to configure IAM bindings that ca A full reference of IAM roles managed by this stage [is available here](./IAM.md). -### Organization policies and tag-based conditions +### Organization policies It's often desirable to have organization policies deployed before any other resource in the org, so as to ensure compliance with specific requirements (e.g. location restrictions), or control the configuration of specific resources (e.g. default network at project creation or service account grants). To cover this use case, organization policies have been moved from the resource management to the bootstrap stage in FAST versions after 26.0.0. They are managed via the usual factory approach, and a [sample set of data files](./data/org-policies/) is included with this stage. They are not applied during the initial run when the `bootstrap_user` variable is set, to work around incompatibilities with user credentials. -The only current exception to the factory approach is the `iam.allowedPolicyMemberDomains` constraint, which is managed in code so as to be able to auto-allow the organization's domain. More domains can be added via the `org_policies_config` variable, which also serves as an umbrella for future policies that will need to be managed in code. +The only current exception to the factory approach is the `iam.allowedPolicyMemberDomains` constraint (DRS), which is managed in code so as to be able to auto-allow the organization's domain. More domains can be added via the `org_policies_config` variable, which also serves as an umbrella for future policies that will need to be managed in code. + +#### Security Command Center Enterprise + +The DRS policy mentioned above might make it complex to [enable Security Command Center Enterprise](https://cloud.google.com/security-command-center/docs/activate-enterprise-tier#verify_organization_policies). If this is the case, you can temporarily disable it via the Cloud Console, enable SCC Enterprise, then re-enable the policy. + +#### Tags and Organization Policy conditions Organization policy exceptions are managed via a dedicated resource management tag hierarchy, rooted in the `org-policies` tag key. A default condition is already present for the the `iam.allowedPolicyMemberDomains` constraint, that relaxes the policy on resources that have the `org-policies/allowed-policy-member-domains-all` tag value bound or inherited.