diff --git a/blueprints/data-solutions/data-platform-minimal/02-composer.tf b/blueprints/data-solutions/data-platform-minimal/02-composer.tf index 218df0445b..da6fca9ac1 100644 --- a/blueprints/data-solutions/data-platform-minimal/02-composer.tf +++ b/blueprints/data-solutions/data-platform-minimal/02-composer.tf @@ -109,6 +109,15 @@ resource "google_composer_environment" "processing-cmp-0" { kms_key_name = var.service_encryption_keys.composer } } + web_server_network_access_control { + dynamic "allowed_ip_range" { + for_each = var.composer_config.web_server_access_control + content { + value = allowed_ip_range.key + description = allowed_ip_range.value + } + } + } } depends_on = [ module.processing-project diff --git a/blueprints/data-solutions/data-platform-minimal/README.md b/blueprints/data-solutions/data-platform-minimal/README.md index 3d00ea4939..5760f3f6bc 100644 --- a/blueprints/data-solutions/data-platform-minimal/README.md +++ b/blueprints/data-solutions/data-platform-minimal/README.md @@ -280,13 +280,13 @@ The application layer is out of scope of this script. As a demo purpuse only, on | [organization_domain](variables.tf#L119) | Organization domain. | string | ✓ | | | [prefix](variables.tf#L124) | Prefix used for resource names. | string | ✓ | | | [project_config](variables.tf#L133) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | | -| [composer_config](variables.tf#L17) | Cloud Composer config. | object({…}) | | {} | -| [data_catalog_tags](variables.tf#L54) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {…} | -| [data_force_destroy](variables.tf#L65) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false | -| [enable_services](variables.tf#L71) | Flag to enable or disable services in the Data Platform. | object({…}) | | {} | -| [groups](variables.tf#L80) | User groups. | map(string) | | {…} | -| [location](variables.tf#L90) | Location used for multi-regional resources. | string | | "eu" | -| [network_config](variables.tf#L96) | Shared VPC network configurations to use. If null networks will be created in projects. | object({…}) | | {} | +| [composer_config](variables.tf#L17) | Cloud Composer config. | object({…}) | | {} | +| [data_catalog_tags](variables.tf#L55) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {…} | +| [data_force_destroy](variables.tf#L66) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false | +| [enable_services](variables.tf#L72) | Flag to enable or disable services in the Data Platform. | object({…}) | | {} | +| [groups](variables.tf#L81) | User groups. | map(string) | | {…} | +| [location](variables.tf#L91) | Location used for multi-regional resources. | string | | "eu" | +| [network_config](variables.tf#L97) | Shared VPC network configurations to use. If null networks will be created in projects. | object({…}) | | {} | | [project_suffix](variables.tf#L157) | Suffix used only for project ids. | string | | null | | [region](variables.tf#L163) | Region used for regional resources. | string | | "europe-west1" | | [service_encryption_keys](variables.tf#L169) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | {} | diff --git a/blueprints/data-solutions/data-platform-minimal/variables.tf b/blueprints/data-solutions/data-platform-minimal/variables.tf index 09cdfdb8f3..a5f5143ea8 100644 --- a/blueprints/data-solutions/data-platform-minimal/variables.tf +++ b/blueprints/data-solutions/data-platform-minimal/variables.tf @@ -24,6 +24,7 @@ variable "composer_config" { env_variables = optional(map(string), {}) image_version = optional(string, "composer-2-airflow-2") }), {}) + web_server_access_control = optional(map(string), {}) workloads_config = optional(object({ scheduler = optional(object({ cpu = optional(number, 0.5) @@ -106,7 +107,6 @@ variable "network_config" { pods_range_name = optional(string, "pods") services_range_name = optional(string, "services") }), {}) - # web_server_network_access_control = list(string) }) nullable = false default = {}