From e66340c4db48ebe002e91b74b8e5fc1b4fd20263 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 7 Oct 2022 10:53:53 +0200 Subject: [PATCH] Refactor compute-vm for Terraform 1.3 (#860) * refactor compute-vm for Terraform 1.3 * bump Terraform version in CI tests config * fix optional null handling (ht jccb) * tfdoc * update blueprints * align fast * align README examples --- .github/workflows/tests.yml | 2 +- blueprints/cloud-operations/adfs/main.tf | 2 - .../asset-inventory-feed-remediation/main.tf | 2 - .../cloud-operations/glb_and_armor/main.tf | 11 -- blueprints/networking/filtering-proxy/main.tf | 4 - blueprints/networking/ilb-next-hop/vms.tf | 4 - .../nginx-reverse-proxy-cluster/main.tf | 67 +++------- .../onprem-google-access-dns/main.tf | 6 - .../main.tf | 4 - fast/stages/02-networking-nva/nva.tf | 12 +- .../02-networking-nva/test-resources.tf | 56 +------- .../02-networking-peering/test-resources.tf | 21 --- .../02-networking-vpn/test-resources.tf | 21 --- modules/compute-vm/README.md | 120 +++++------------- modules/compute-vm/main.tf | 18 +-- modules/compute-vm/variables.tf | 74 +++++------ tests/modules/compute_vm/fixture/variables.tf | 40 +----- 17 files changed, 104 insertions(+), 360 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a7e427d779..9dc0121a80 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ env: PYTEST_ADDOPTS: "--color=yes" PYTHON_VERSION: "3.10" TF_PLUGIN_CACHE_DIR: "/home/runner/.terraform.d/plugin-cache" - TF_VERSION: 1.3.0 + TF_VERSION: 1.3.2 jobs: doc-examples: diff --git a/blueprints/cloud-operations/adfs/main.tf b/blueprints/cloud-operations/adfs/main.tf index b7f8e92031..31ea0745e2 100644 --- a/blueprints/cloud-operations/adfs/main.tf +++ b/blueprints/cloud-operations/adfs/main.tf @@ -69,8 +69,6 @@ module "server" { network_interfaces = [{ network = var.network_config == null ? module.vpc[0].self_link : var.network_config.network subnetwork = var.network_config == null ? module.vpc[0].subnet_self_links["${var.region}/subnet"] : var.network_config.subnet - nat = false - addresses = null }] metadata = { # Enables OpenSSH in the Windows instance diff --git a/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf b/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf index e25fe11f58..a9f3f8e9ea 100644 --- a/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf +++ b/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf @@ -104,8 +104,6 @@ module "simple-vm-example" { network_interfaces = [{ network = module.vpc.self_link subnetwork = try(module.vpc.subnet_self_links["${var.region}/${var.name}-default"], "") - nat = false - addresses = null }] tags = ["${var.project_id}-test-feed", "shared-test-feed"] } diff --git a/blueprints/cloud-operations/glb_and_armor/main.tf b/blueprints/cloud-operations/glb_and_armor/main.tf index 8f4e97f6c3..357e1006f7 100644 --- a/blueprints/cloud-operations/glb_and_armor/main.tf +++ b/blueprints/cloud-operations/glb_and_armor/main.tf @@ -94,13 +94,9 @@ module "instance_template_ew1" { network_interfaces = [{ network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["europe-west1/subnet-ew1"] - nat = false - addresses = null }] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-ssd" - size = 10 } metadata = { startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh" @@ -119,13 +115,9 @@ module "instance_template_ue1" { network_interfaces = [{ network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"] - nat = false - addresses = null }] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-ssd" - size = 10 } metadata = { startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh" @@ -146,12 +138,9 @@ module "vm_siege" { network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["us-west1/subnet-uw1"] nat = true - addresses = null }] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-ssd" - size = 10 } metadata = { startup-script = <string | ✓ | | -| [network_interfaces](variables.tf#L174) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | -| [project_id](variables.tf#L209) | Project id. | string | ✓ | | -| [zone](variables.tf#L268) | Compute zone. | string | ✓ | | -| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | -| [attached_disks](variables.tf#L32) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | -| [boot_disk](variables.tf#L58) | Boot disk properties. | object({…}) | | {…} | -| [boot_disk_delete](variables.tf#L72) | Auto delete boot disk. | bool | | true | -| [can_ip_forward](variables.tf#L78) | Enable IP forwarding. | bool | | false | -| [confidential_compute](variables.tf#L84) | Enable Confidential Compute for these instances. | bool | | false | -| [create_template](variables.tf#L90) | Create instance template instead of instances. | bool | | false | -| [description](variables.tf#L95) | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | -| [enable_display](variables.tf#L100) | Enable virtual display on the instances. | bool | | false | -| [encryption](variables.tf#L106) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | -| [group](variables.tf#L116) | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | -| [hostname](variables.tf#L124) | Instance FQDN name. | string | | null | -| [iam](variables.tf#L130) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [instance_type](variables.tf#L136) | Instance type. | string | | "f1-micro" | -| [labels](variables.tf#L142) | Instance labels. | map(string) | | {} | -| [metadata](variables.tf#L148) | Instance metadata. | map(string) | | {} | -| [min_cpu_platform](variables.tf#L154) | Minimum CPU platform. | string | | null | -| [network_interface_options](variables.tf#L165) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | -| [options](variables.tf#L187) | Instance options. | object({…}) | | {…} | -| [scratch_disks](variables.tf#L214) | Scratch disks configuration. | object({…}) | | {…} | -| [service_account](variables.tf#L226) | Service account email. Unused if service account is auto-created. | string | | null | -| [service_account_create](variables.tf#L232) | Auto-create service account. | bool | | false | -| [service_account_scopes](variables.tf#L240) | Scopes applied to service account. | list(string) | | [] | -| [shielded_config](variables.tf#L246) | Shielded VM configuration of the instances. | object({…}) | | null | -| [tag_bindings](variables.tf#L256) | Tag bindings for this instance, in key => tag value id format. | map(string) | | null | -| [tags](variables.tf#L262) | Instance network tags for firewall rule targets. | list(string) | | [] | +| [name](variables.tf#L163) | Instance name. | string | ✓ | | +| [network_interfaces](variables.tf#L168) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | +| [project_id](variables.tf#L205) | Project id. | string | ✓ | | +| [zone](variables.tf#L264) | Compute zone. | string | ✓ | | +| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | +| [attached_disks](variables.tf#L31) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | +| [boot_disk](variables.tf#L64) | Boot disk properties. | object({…}) | | {…} | +| [can_ip_forward](variables.tf#L80) | Enable IP forwarding. | bool | | false | +| [confidential_compute](variables.tf#L86) | Enable Confidential Compute for these instances. | bool | | false | +| [create_template](variables.tf#L92) | Create instance template instead of instances. | bool | | false | +| [description](variables.tf#L97) | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | +| [enable_display](variables.tf#L103) | Enable virtual display on the instances. | bool | | false | +| [encryption](variables.tf#L109) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | +| [group](variables.tf#L119) | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | +| [hostname](variables.tf#L127) | Instance FQDN name. | string | | null | +| [iam](variables.tf#L133) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [instance_type](variables.tf#L139) | Instance type. | string | | "f1-micro" | +| [labels](variables.tf#L145) | Instance labels. | map(string) | | {} | +| [metadata](variables.tf#L151) | Instance metadata. | map(string) | | {} | +| [min_cpu_platform](variables.tf#L157) | Minimum CPU platform. | string | | null | +| [options](variables.tf#L183) | Instance options. | object({…}) | | {…} | +| [scratch_disks](variables.tf#L210) | Scratch disks configuration. | object({…}) | | {…} | +| [service_account](variables.tf#L222) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L228) | Auto-create service account. | bool | | false | +| [service_account_scopes](variables.tf#L236) | Scopes applied to service account. | list(string) | | [] | +| [shielded_config](variables.tf#L242) | Shielded VM configuration of the instances. | object({…}) | | null | +| [tag_bindings](variables.tf#L252) | Tag bindings for this instance, in key => tag value id format. | map(string) | | null | +| [tags](variables.tf#L258) | Instance network tags for firewall rule targets. | list(string) | | [] | ## Outputs diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf index 3a5881600f..567293ab4f 100644 --- a/modules/compute-vm/main.tf +++ b/modules/compute-vm/main.tf @@ -29,12 +29,6 @@ locals { for k, v in local.attached_disks : k => v if try(v.options.replica_zone, null) == null } - network_interface_options = { - for i, v in var.network_interfaces : i => lookup(var.network_interface_options, i, { - alias_ips = null, - nic_type = null - }) - } on_host_maintenance = ( var.options.spot || var.confidential_compute ? "TERMINATE" @@ -169,7 +163,7 @@ resource "google_compute_instance" "default" { } boot_disk { - auto_delete = var.boot_disk_delete + auto_delete = var.boot_disk.auto_delete initialize_params { type = var.boot_disk.type image = var.boot_disk.image @@ -200,14 +194,14 @@ resource "google_compute_instance" "default" { } } dynamic "alias_ip_range" { - for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {} + for_each = config.value.alias_ips iterator = config_alias content { subnetwork_range_name = config_alias.key ip_cidr_range = config_alias.value } } - nic_type = local.network_interface_options[config.key].nic_type + nic_type = config.value.nic_type } } @@ -272,7 +266,7 @@ resource "google_compute_instance_template" "default" { labels = var.labels disk { - auto_delete = var.boot_disk_delete + auto_delete = var.boot_disk.auto_delete boot = true disk_size_gb = var.boot_disk.size disk_type = var.boot_disk.type @@ -334,14 +328,14 @@ resource "google_compute_instance_template" "default" { } } dynamic "alias_ip_range" { - for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {} + for_each = config.value.alias_ips iterator = config_alias content { subnetwork_range_name = config_alias.key ip_cidr_range = config_alias.value } } - nic_type = local.network_interface_options[config.key].nic_type + nic_type = config.value.nic_type } } diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf index 867194082d..791968bb0d 100644 --- a/modules/compute-vm/variables.tf +++ b/modules/compute-vm/variables.tf @@ -22,7 +22,6 @@ variable "attached_disk_defaults" { type = string }) default = { - auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" @@ -34,13 +33,20 @@ variable "attached_disks" { type = list(object({ name = string size = string - source = string - source_type = string - options = object({ - mode = string - replica_zone = string - type = string - }) + source = optional(string) + source_type = optional(string) + options = optional( + object({ + mode = optional(string, "READ_WRITE") + replica_zone = optional(string) + type = optional(string, "pd-balanced") + }), + { + mode = "READ_WRITE" + replica_zone = null + type = "pd-balanced" + } + ) })) default = [] validation { @@ -58,23 +64,19 @@ variable "attached_disks" { variable "boot_disk" { description = "Boot disk properties." type = object({ - image = string - size = number - type = string + auto_delete = optional(bool, true) + image = optional(string, "projects/debian-cloud/global/images/family/debian-11") + size = optional(number, 10) + type = optional(string, "pd-balanced") }) default = { - image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-balanced" - size = 10 + auto_delete = true + image = "projects/debian-cloud/global/images/family/debian-11" + type = "pd-balanced" + size = 10 } } -variable "boot_disk_delete" { - description = "Auto delete boot disk." - type = bool - default = true -} - variable "can_ip_forward" { description = "Enable IP forwarding." type = bool @@ -97,6 +99,7 @@ variable "description" { type = string default = "Managed by the compute-vm Terraform module." } + variable "enable_display" { description = "Enable virtual display on the instances." type = bool @@ -106,9 +109,9 @@ variable "enable_display" { variable "encryption" { description = "Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk." type = object({ - encrypt_boot = bool - disk_encryption_key_raw = string - kms_key_self_link = string + encrypt_boot = optional(bool, false) + disk_encryption_key_raw = optional(string) + kms_key_self_link = optional(string) }) default = null } @@ -162,35 +165,28 @@ variable "name" { type = string } -variable "network_interface_options" { - description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them." - type = map(object({ - alias_ips = map(string) - nic_type = string - })) - default = {} -} - variable "network_interfaces" { description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed." type = list(object({ - nat = bool + nat = optional(bool, false) network = string subnetwork = string - addresses = object({ + addresses = optional(object({ internal = string external = string - }) + }), null) + alias_ips = optional(map(string), {}) + nic_type = optional(string) })) } variable "options" { description = "Instance options." type = object({ - allow_stopping_for_update = bool - deletion_protection = bool - spot = bool - termination_action = string + allow_stopping_for_update = optional(bool, true) + deletion_protection = optional(bool, false) + spot = optional(bool, false) + termination_action = optional(string) }) default = { allow_stopping_for_update = true diff --git a/tests/modules/compute_vm/fixture/variables.tf b/tests/modules/compute_vm/fixture/variables.tf index 1c28d2d979..c59199d95f 100644 --- a/tests/modules/compute_vm/fixture/variables.tf +++ b/tests/modules/compute_vm/fixture/variables.tf @@ -16,27 +16,13 @@ variable "attached_disks" { description = "Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null." - type = list(object({ - name = string - size = string - source = string - source_type = string - options = object({ - mode = string - replica_zone = string - type = string - }) - })) - default = [] + type = any + default = [] } variable "attached_disk_defaults" { description = "Defaults for attached disks options." - type = object({ - mode = string - replica_zone = string - type = string - }) + type = any default = { mode = "READ_WRITE" replica_zone = null @@ -70,31 +56,13 @@ variable "metadata" { } variable "network_interfaces" { - type = list(object({ - nat = bool - network = string - subnetwork = string - addresses = object({ - internal = string - external = string - }) - })) + type = any default = [{ network = "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default", subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default", - nat = false, - addresses = null }] } -variable "network_interface_options" { - type = map(object({ - alias_ips = map(string) - nic_type = string - })) - default = {} -} - variable "service_account_create" { type = bool default = false