From 66bd9d51600b5c36ca6aef586d9367d8981ab285 Mon Sep 17 00:00:00 2001 From: apichick Date: Sun, 19 Nov 2023 13:17:12 +0100 Subject: [PATCH] Added workstation-cluster module --- CHANGELOG.md | 2 +- README.md | 2 +- blueprints/gke/binauthz/app/app.yaml | 45 ++++ blueprints/gke/binauthz/tenant-setup.yaml | 54 +++++ default-versions.tf | 4 +- modules/README.md | 1 + .../alloydb-instance/versions.tf | 4 +- modules/__experimental/net-neg/versions.tf | 4 +- modules/api-gateway/versions.tf | 4 +- modules/apigee/versions.tf | 4 +- modules/artifact-registry/versions.tf | 4 +- modules/bigquery-dataset/versions.tf | 4 +- modules/bigtable-instance/versions.tf | 4 +- modules/billing-account/versions.tf | 4 +- modules/binauthz/versions.tf | 4 +- .../__need_fixing/onprem/versions.tf | 4 +- .../coredns/versions.tf | 4 +- .../cos-generic-metadata/versions.tf | 4 +- .../envoy-sni-dyn-fwd-proxy/versions.tf | 4 +- .../envoy-traffic-director/versions.tf | 4 +- .../cloud-config-container/mysql/versions.tf | 4 +- .../nginx-tls/versions.tf | 4 +- .../cloud-config-container/nginx/versions.tf | 4 +- .../simple-nva/versions.tf | 4 +- .../cloud-config-container/squid/versions.tf | 4 +- modules/cloud-function-v1/versions.tf | 4 +- modules/cloud-function-v2/versions.tf | 4 +- modules/cloud-identity-group/versions.tf | 4 +- modules/cloud-run/versions.tf | 4 +- modules/cloudsql-instance/versions.tf | 4 +- modules/compute-mig/versions.tf | 4 +- modules/compute-vm/versions.tf | 4 +- modules/container-registry/versions.tf | 4 +- modules/data-catalog-policy-tag/versions.tf | 4 +- modules/datafusion/versions.tf | 4 +- modules/dataplex-datascan/versions.tf | 4 +- modules/dataplex/versions.tf | 4 +- modules/dataproc/versions.tf | 4 +- modules/dns-response-policy/versions.tf | 4 +- modules/dns/versions.tf | 4 +- modules/endpoints/versions.tf | 4 +- modules/folder/versions.tf | 4 +- modules/gcs/versions.tf | 4 +- modules/gcve-private-cloud/versions.tf | 4 +- modules/gke-cluster-autopilot/versions.tf | 4 +- modules/gke-cluster-standard/versions.tf | 4 +- modules/gke-hub/versions.tf | 4 +- modules/gke-nodepool/versions.tf | 4 +- modules/iam-service-account/versions.tf | 4 +- modules/kms/versions.tf | 4 +- modules/logging-bucket/versions.tf | 4 +- modules/ncc-spoke-ra/versions.tf | 4 +- modules/net-address/versions.tf | 4 +- modules/net-cloudnat/versions.tf | 4 +- modules/net-firewall-policy/versions.tf | 4 +- .../net-ipsec-over-interconnect/versions.tf | 4 +- modules/net-lb-app-ext/versions.tf | 4 +- modules/net-lb-app-int/versions.tf | 4 +- modules/net-lb-ext/versions.tf | 4 +- modules/net-lb-int/versions.tf | 4 +- modules/net-lb-proxy-int/versions.tf | 4 +- modules/net-swp/versions.tf | 4 +- modules/net-vlan-attachment/versions.tf | 4 +- modules/net-vpc-firewall/versions.tf | 4 +- modules/net-vpc-peering/versions.tf | 4 +- modules/net-vpc/versions.tf | 4 +- modules/net-vpn-dynamic/versions.tf | 4 +- modules/net-vpn-ha/versions.tf | 4 +- modules/net-vpn-static/versions.tf | 4 +- modules/organization/versions.tf | 4 +- modules/project/versions.tf | 4 +- modules/projects-data-source/versions.tf | 4 +- modules/pubsub/versions.tf | 4 +- modules/secret-manager/versions.tf | 4 +- modules/service-directory/versions.tf | 4 +- modules/source-repository/versions.tf | 4 +- modules/vpc-sc/versions.tf | 4 +- modules/workstation-cluster/README.md | 192 ++++++++++++++++++ modules/workstation-cluster/iam.tf | 128 ++++++++++++ modules/workstation-cluster/main.tf | 131 ++++++++++++ modules/workstation-cluster/outputs.tf | 40 ++++ modules/workstation-cluster/variables.tf | 152 ++++++++++++++ modules/workstation-cluster/versions.tf | 29 +++ .../examples/custom-image.yaml | 77 +++++++ .../workstation_cluster/examples/iam.yaml | 103 ++++++++++ .../examples/private-cluster.yaml | 64 ++++++ .../workstation_cluster/examples/simple.yaml | 64 ++++++ 87 files changed, 1226 insertions(+), 146 deletions(-) create mode 100644 blueprints/gke/binauthz/app/app.yaml create mode 100644 blueprints/gke/binauthz/tenant-setup.yaml create mode 100644 modules/workstation-cluster/README.md create mode 100644 modules/workstation-cluster/iam.tf create mode 100644 modules/workstation-cluster/main.tf create mode 100644 modules/workstation-cluster/outputs.tf create mode 100644 modules/workstation-cluster/variables.tf create mode 100644 modules/workstation-cluster/versions.tf create mode 100644 tests/modules/workstation_cluster/examples/custom-image.yaml create mode 100644 tests/modules/workstation_cluster/examples/iam.yaml create mode 100644 tests/modules/workstation_cluster/examples/private-cluster.yaml create mode 100644 tests/modules/workstation_cluster/examples/simple.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index c04b94e879..e9dd39f019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -90,7 +90,7 @@ All notable changes to this project will be documented in this file. - [[#1846](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1846)] Add support for IAM to vpc sc module ([ludoo](https://github.com/ludoo)) - [[#1844](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1844)] Allow disabling IAM for sink identity in resource manager modules ([apichick](https://github.com/apichick)) - [[#1841](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1841)] Fix modules to support new Apigee X environment types ([Teodelas](https://github.com/Teodelas)) -- [[#1842](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1842)] Bump provider version to 5.4.0 ([wiktorn](https://github.com/wiktorn)) +- [[#1842](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1842)] Bump provider version to 5.6.0 ([wiktorn](https://github.com/wiktorn)) - [[#1823](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1823)] Add end-to-end tests for project module ([wiktorn](https://github.com/wiktorn)) - [[#1837](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1837)] Added envoy as SNI dynamic forward proxy to cloud-config-container ([apichick](https://github.com/apichick)) - [[#1839](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1839)] Added create_before_destroy = true for self-managed certificates ([apichick](https://github.com/apichick)) diff --git a/README.md b/README.md index 08907864fb..5840a8f852 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Currently available modules: - **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp) - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud) - **data** - [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub) -- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository) +- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Workstation cluster](./modules/workstation-cluster) - **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc) - **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run) diff --git a/blueprints/gke/binauthz/app/app.yaml b/blueprints/gke/binauthz/app/app.yaml new file mode 100644 index 0000000000..d5b5c74e02 --- /dev/null +++ b/blueprints/gke/binauthz/app/app.yaml @@ -0,0 +1,45 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storage-api-sa + namespace: apis + annotations: + iam.gke.io/gcp-service-account: sa-storage-api@ba-g-prj-cd-sb-binauthz-001.iam.gserviceaccount.com +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: storage-api-deployment + namespace: apis +spec: + selector: + matchLabels: + app: storage-api + replicas: 2 + template: + metadata: + labels: + app: storage-api + spec: + serviceAccountName: storage-api-sa + containers: + - name: storage-api + image: europe-west1-docker.pkg.dev/ba-g-prj-cd-sb-binauthz-001/ba-registry/storage-api:DIGEST + ports: + - containerPort: 3000 + nodeSelector: + iam.gke.io/gke-metadata-server-enabled: "true" \ No newline at end of file diff --git a/blueprints/gke/binauthz/tenant-setup.yaml b/blueprints/gke/binauthz/tenant-setup.yaml new file mode 100644 index 0000000000..68cbdd4aa8 --- /dev/null +++ b/blueprints/gke/binauthz/tenant-setup.yaml @@ -0,0 +1,54 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: apis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: app-deployment-manager + namespace: apis +rules: +- apiGroups: + - '' + - 'extensions' + - 'apps' + resources: + - 'namespaces' + - 'serviceaccounts' + - 'deployments' + verbs: + - 'get' + - 'list' + - 'watch' + - 'create' + - 'update' + - 'patch' + - 'delete' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: app-deployment-manager + namespace: apis +subjects: +- kind: User + name: sa-cb-app@ba-g-prj-cd-sb-binauthz-001.iam.gserviceaccount.com +roleRef: + kind: Role + name: app-deployment-manager + apiGroup: rbac.authorization.k8s.io diff --git a/default-versions.tf b/default-versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/default-versions.tf +++ b/default-versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/README.md b/modules/README.md index cefc5e5592..fa54a68c46 100644 --- a/modules/README.md +++ b/modules/README.md @@ -92,6 +92,7 @@ These modules are used in the examples included in this repository. If you are u - [Artifact Registry](./artifact-registry) - [Container Registry](./container-registry) - [Cloud Source Repository](./source-repository) +- [Workstation cluster](./workstation-cluster) ## Security diff --git a/modules/__experimental/alloydb-instance/versions.tf b/modules/__experimental/alloydb-instance/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/__experimental/alloydb-instance/versions.tf +++ b/modules/__experimental/alloydb-instance/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental/net-neg/versions.tf b/modules/__experimental/net-neg/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/__experimental/net-neg/versions.tf +++ b/modules/__experimental/net-neg/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/api-gateway/versions.tf +++ b/modules/api-gateway/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/apigee/versions.tf +++ b/modules/apigee/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/artifact-registry/versions.tf +++ b/modules/artifact-registry/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/bigquery-dataset/versions.tf +++ b/modules/bigquery-dataset/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/bigtable-instance/versions.tf +++ b/modules/bigtable-instance/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf index cee7f9c764..c7a022f014 100644 --- a/modules/billing-account/versions.tf +++ b/modules/billing-account/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/binauthz/versions.tf +++ b/modules/binauthz/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf +++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/coredns/versions.tf +++ b/modules/cloud-config-container/coredns/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/cos-generic-metadata/versions.tf +++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf index ceb6930fb3..28a6f3a143 100644 --- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf +++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/envoy-traffic-director/versions.tf +++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/mysql/versions.tf +++ b/modules/cloud-config-container/mysql/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/nginx-tls/versions.tf +++ b/modules/cloud-config-container/nginx-tls/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/nginx/versions.tf +++ b/modules/cloud-config-container/nginx/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/simple-nva/versions.tf +++ b/modules/cloud-config-container/simple-nva/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/squid/versions.tf b/modules/cloud-config-container/squid/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-config-container/squid/versions.tf +++ b/modules/cloud-config-container/squid/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-function-v1/versions.tf +++ b/modules/cloud-function-v1/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-function-v2/versions.tf +++ b/modules/cloud-function-v2/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-identity-group/versions.tf +++ b/modules/cloud-identity-group/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloud-run/versions.tf +++ b/modules/cloud-run/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/cloudsql-instance/versions.tf +++ b/modules/cloudsql-instance/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/compute-mig/versions.tf +++ b/modules/compute-mig/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/compute-vm/versions.tf +++ b/modules/compute-vm/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/container-registry/versions.tf +++ b/modules/container-registry/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/data-catalog-policy-tag/versions.tf +++ b/modules/data-catalog-policy-tag/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/datafusion/versions.tf +++ b/modules/datafusion/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/dataplex-datascan/versions.tf +++ b/modules/dataplex-datascan/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/dataplex/versions.tf +++ b/modules/dataplex/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/dataproc/versions.tf +++ b/modules/dataproc/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/dns-response-policy/versions.tf +++ b/modules/dns-response-policy/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/dns/versions.tf +++ b/modules/dns/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/endpoints/versions.tf +++ b/modules/endpoints/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/folder/versions.tf +++ b/modules/folder/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/gcs/versions.tf +++ b/modules/gcs/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/gcve-private-cloud/versions.tf +++ b/modules/gcve-private-cloud/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/gke-cluster-autopilot/versions.tf +++ b/modules/gke-cluster-autopilot/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/gke-cluster-standard/versions.tf +++ b/modules/gke-cluster-standard/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/gke-hub/versions.tf +++ b/modules/gke-hub/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/gke-nodepool/versions.tf +++ b/modules/gke-nodepool/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/iam-service-account/versions.tf +++ b/modules/iam-service-account/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/kms/versions.tf +++ b/modules/kms/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/logging-bucket/versions.tf +++ b/modules/logging-bucket/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/ncc-spoke-ra/versions.tf +++ b/modules/ncc-spoke-ra/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-address/versions.tf +++ b/modules/net-address/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-cloudnat/versions.tf +++ b/modules/net-cloudnat/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-firewall-policy/versions.tf +++ b/modules/net-firewall-policy/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-ipsec-over-interconnect/versions.tf +++ b/modules/net-ipsec-over-interconnect/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-lb-app-ext/versions.tf +++ b/modules/net-lb-app-ext/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-lb-app-int/versions.tf +++ b/modules/net-lb-app-int/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-lb-ext/versions.tf +++ b/modules/net-lb-ext/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-lb-int/versions.tf +++ b/modules/net-lb-int/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-lb-proxy-int/versions.tf +++ b/modules/net-lb-proxy-int/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-swp/versions.tf +++ b/modules/net-swp/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vlan-attachment/versions.tf +++ b/modules/net-vlan-attachment/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vpc-firewall/versions.tf +++ b/modules/net-vpc-firewall/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vpc-peering/versions.tf +++ b/modules/net-vpc-peering/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vpc/versions.tf +++ b/modules/net-vpc/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vpn-dynamic/versions.tf +++ b/modules/net-vpn-dynamic/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vpn-ha/versions.tf +++ b/modules/net-vpn-ha/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/net-vpn-static/versions.tf +++ b/modules/net-vpn-static/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/organization/versions.tf +++ b/modules/organization/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/project/versions.tf b/modules/project/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/project/versions.tf +++ b/modules/project/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/projects-data-source/versions.tf +++ b/modules/projects-data-source/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/pubsub/versions.tf +++ b/modules/pubsub/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/secret-manager/versions.tf +++ b/modules/secret-manager/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/service-directory/versions.tf +++ b/modules/service-directory/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/source-repository/versions.tf +++ b/modules/source-repository/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf index 3adb51d3bd..4d3bd967e1 100644 --- a/modules/vpc-sc/versions.tf +++ b/modules/vpc-sc/versions.tf @@ -17,11 +17,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.4.0, < 6.0.0" # tftest + version = ">= 5.6.0, < 6.0.0" # tftest } } } diff --git a/modules/workstation-cluster/README.md b/modules/workstation-cluster/README.md new file mode 100644 index 0000000000..4a0592c308 --- /dev/null +++ b/modules/workstation-cluster/README.md @@ -0,0 +1,192 @@ +# Workstation cluster + +This module allows to create a workstation cluster with associated workstation configs and workstations. In addition to this it allows to set up IAM bindings for the workstation configs and the workstations. + + +- [Simple example](#simple-example) +- [Private cluster](#private-cluster) +- [Custom image](#custom-image) +- [IAM](#iam) +- [Variables](#variables) +- [Outputs](#outputs) + + +## Simple example + +Simple example showing how to create a cluster with publicly accessible workstations using the default base image. + +```hcl +module "workstation-cluster" { + source = "./fabric/modules/workstation-cluster" + project_id = var.project_id + id = "my-workstation-cluster" + location = var.region + network_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } + workstation_configs = { + my-workstation-config = { + workstations = { + my-workstation = { + labels = { + team = "my-team" + } + } + } + } + } +} +# tftest modules=1 resources=3 inventory=simple.yaml +``` + +## Private cluster + +Example showing how to create a cluster with a privately accessible workstation using the default base image. + +```hcl +module "workstation-cluster" { + source = "./fabric/modules/workstation-cluster" + project_id = var.project_id + id = "my-workstation-cluster" + location = var.region + network_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } + private_cluster_config = { + enable_private_endpoint = true + } + workstation_configs = { + my-workstation-config = { + workstations = { + my-workstation = { + labels = { + team = "my-team" + } + } + } + } + } +} +# tftest modules=1 resources=3 inventory=private-cluster.yaml +``` + +## Custom image + +Example showing how to create a cluster with publicly accesible workstation that run a custom image. + +```hcl +module "workstation-cluster" { + source = "./fabric/modules/workstation-cluster" + project_id = var.project_id + id = "my-workstation-cluster" + location = var.region + network_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } + workstation_configs = { + my-workstation-config = { + container = { + image = "repo/my-image:v10.0.0" + args = ["--arg1", "value1", "--arg2", "value2"] + env = { + VAR1 = "VALUE1" + VAR2 = "VALUE2" + } + working_dir = "/my-dir" + } + workstations = { + my-workstation = { + labels = { + team = "my-team" + } + } + } + } + } +} +# tftest modules=1 resources=3 inventory=custom-image.yaml +``` + +## IAM + +Example showing how to grant IAM roles on the workstation configuration or workstation. + +```hcl +module "workstation-cluster" { + source = "./fabric/modules/workstation-cluster" + project_id = var.project_id + id = "my-workstation-cluster" + location = var.region + network_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } + workstation_configs = { + my-workstation-config = { + workstations = { + my-workstation = { + labels = { + team = "my-team" + } + iam = { + "roles/workstations.user" = ["user:user1@my-org.com"] + } + } + } + iam = { + "roles/viewer" = ["group:group1@my-org.com"] + } + iam_bindings = { + workstations-config-viewer = { + role = "roles/viewer" + members = ["group:group2@my-org.com"] + condition = { + title = "limited-access" + expression = "resource.name.startsWith('my-')" + } + } + } + iam_bindings_additive = { + workstations-config-editor = { + role = "roles/editor" + member = "group:group3@my-org.com" + condition = { + title = "limited-access" + expression = "resource.name.startsWith('my-')" + } + } + } + } + } +} +# tftest modules=1 resources=7 inventory=iam.yaml +``` + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [id](variables.tf#L35) | Workstation cluster ID. | string | ✓ | | +| [network_config](variables.tf#L52) | Network configuration. | object({…}) | ✓ | | +| [project_id](variables.tf#L70) | Cluster ID. | string | ✓ | | +| [workstation_configs](variables.tf#L75) | Workstation configurations. | map(object({…})) | ✓ | | +| [annotations](variables.tf#L17) | Workstation cluster annotations. | map(string) | | {} | +| [display_name](variables.tf#L23) | Display name. | string | | null | +| [domain](variables.tf#L29) | Domain. | string | | null | +| [labels](variables.tf#L40) | Workstation cluster labels. | map(string) | | {} | +| [location](variables.tf#L46) | Location. | string | | null | +| [private_cluster_config](variables.tf#L60) | Private cluster config. | object({…}) | | {} | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [cluster_hostname](outputs.tf#L17) | Cluster hostname. | | +| [id](outputs.tf#L22) | Workstation cluster id. | | +| [service_attachment_uri](outputs.tf#L27) | Workstation service attachment URI. | | +| [workstation_configs](outputs.tf#L32) | Workstation configurations. | | +| [workstations](outputs.tf#L37) | Workstations. | | + diff --git a/modules/workstation-cluster/iam.tf b/modules/workstation-cluster/iam.tf new file mode 100644 index 0000000000..18f6f9535f --- /dev/null +++ b/modules/workstation-cluster/iam.tf @@ -0,0 +1,128 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description IAM bindings + +resource "google_workstations_workstation_config_iam_binding" "authoritative" { + provider = google-beta + for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam : + "${k1}-${k2}" => { + workstation_config_id = k1 + role = k2 + members = v2 + } }])...) + project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project + location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location + workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id + workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id + role = each.value.role + members = each.value.members +} + +resource "google_workstations_workstation_config_iam_binding" "bindings" { + provider = google-beta + for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings : + "${k1}-${k2}" => merge(v2, { + workstation_config_id = k1 + }) }])...) + project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project + location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location + workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id + workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id + role = each.value.role + members = each.value.members +} + +resource "google_workstations_workstation_config_iam_member" "bindings" { + provider = google-beta + for_each = merge(flatten([for k1, v1 in var.workstation_configs : { for k2, v2 in v1.iam_bindings_additive : + "${k1}-${k2}" => merge(v2, { + workstation_config_id = k1 + }) }])...) + project = google_workstations_workstation_config.configs[each.value.workstation_config_id].project + location = google_workstations_workstation_config.configs[each.value.workstation_config_id].location + workstation_cluster_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_cluster_id + workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id + role = each.value.role + member = each.value.member +} + +resource "google_workstations_workstation_iam_binding" "authoritative" { + provider = google-beta + for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : + { for k3, v3 in v2.iam : "${k1}-${k2}-${k3}" => { + workstation_config_id = k1 + workstation_id = k2 + role = k3 + members = v3 + } }]])...) + project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project + location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location + workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id + workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id + workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id + role = each.value.role + members = each.value.members +} + +resource "google_workstations_workstation_iam_binding" "bindings" { + provider = google-beta + for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : + { for k3, v3 in v2.iam_bindings : "${k1}-${k2}-${k3}" => merge(v3, { + workstation_config_id = k1 + workstation_id = k2 + }) }]])...) + project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project + location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location + workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id + workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id + workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id + role = each.value.role + members = each.value.members +} + +resource "google_workstations_workstation_iam_member" "bindings" { + provider = google-beta + for_each = merge(flatten([for k1, v1 in var.workstation_configs : [for k2, v2 in v1.workstations : + { for k3, v3 in v2.iam_bindings_additive : "${k1}-${k2}-${k3}" => merge(v3, { + workstation_config_id = k1 + workstation_id = k2 + }) }]])...) + project = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].project + location = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].location + workstation_cluster_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_cluster_id + workstation_config_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_config_id + workstation_id = google_workstations_workstation.workstations["${each.value.workstation_config_id}-${each.value.workstation_id}"].workstation_id + role = each.value.role + member = each.value.member +} + diff --git a/modules/workstation-cluster/main.tf b/modules/workstation-cluster/main.tf new file mode 100644 index 0000000000..07399df4c8 --- /dev/null +++ b/modules/workstation-cluster/main.tf @@ -0,0 +1,131 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + workstations = merge(flatten([for k1, v1 in var.workstation_configs : + { for k2, v2 in v1.workstations : + "${k1}-${k2}" => merge({ + workstation_config_id = k1 + workstation_id = k2 + }, v2) }])...) +} + +resource "google_workstations_workstation_cluster" "cluster" { + provider = google-beta + workstation_cluster_id = var.id + project = var.project_id + display_name = var.display_name + network = var.network_config.network + subnetwork = var.network_config.subnetwork + location = var.location + annotations = var.annotations + labels = var.labels + dynamic "private_cluster_config" { + for_each = var.private_cluster_config == null ? [] : [""] + content { + enable_private_endpoint = var.private_cluster_config.enable_private_endpoint + allowed_projects = var.private_cluster_config.allowed_projects + } + } + dynamic "domain_config" { + for_each = var.domain == null ? [] : [""] + content { + domain = var.domain + } + } +} + +resource "google_workstations_workstation_config" "configs" { + for_each = var.workstation_configs + provider = google-beta + project = google_workstations_workstation_cluster.cluster.project + workstation_config_id = each.key + workstation_cluster_id = google_workstations_workstation_cluster.cluster.workstation_cluster_id + location = google_workstations_workstation_cluster.cluster.location + idle_timeout = each.value.idle_timeout + running_timeout = each.value.running_timeout + replica_zones = each.value.replica_zones + annotations = each.value.annotations + labels = each.value.labels + dynamic "host" { + for_each = each.value.gce_instance == null ? [] : [""] + content { + gce_instance { + machine_type = each.value.gce_instance.machine_type + service_account = each.value.gce_instance.service_account + service_account_scopes = each.value.gce_instance.service_account_scopes + pool_size = each.value.gce_instance.pool_size + boot_disk_size_gb = each.value.gce_instance.boot_disk_size_gb + tags = each.value.gce_instance.tags + disable_public_ip_addresses = each.value.disable_public_ip_addresses + enable_nested_virtualization = each.value.enable_nested_virtualization + dynamic "shielded_instance_config" { + for_each = each.value.gce_instance.shielded_instance_config == null ? [] : [""] + content { + enable_secure_boot = each.value.gce_instance.shielded_instance_config.enable_secure_boot + enable_vtpm = each.value.gce_instance.shielded_instance_config.enable_vtpm + enable_integrity_monitoring = each.value.gce_instance.shielded_instance_config.enable_integrity_monitoring + } + } + dynamic "confidential_instance_config" { + for_each = each.value.gce_instance.enable_confidential_compute ? [] : [""] + content { + enable_confidential_compute = true + } + } + dynamic "accelerators" { + for_each = each.value.gce_instance.accelerators + content { + type = accelerators.value.type + count = accelerators.value.count + } + } + } + } + } + dynamic "container" { + for_each = each.value.container == null ? [] : [""] + content { + image = each.value.container.image + command = each.value.container.command + args = each.value.container.args + working_dir = each.value.container.working_dir + env = each.value.container.env + run_as_user = each.value.container.run_as_user + } + } + dynamic "encryption_key" { + for_each = each.value.encryption_key == null ? [] : [""] + content { + kms_key = each.value.encryption_key.kms_key + kms_key_service_account = each.value.encryption_key.kms_key_service_account + } + } +} + +resource "google_workstations_workstation" "workstations" { + provider = google-beta + for_each = local.workstations + project = google_workstations_workstation_cluster.cluster.project + workstation_id = each.value.workstation_id + workstation_config_id = google_workstations_workstation_config.configs[each.value.workstation_config_id].workstation_config_id + workstation_cluster_id = google_workstations_workstation_cluster.cluster.workstation_cluster_id + location = google_workstations_workstation_cluster.cluster.location + labels = each.value.labels + env = each.value.env + annotations = each.value.annotations +} + diff --git a/modules/workstation-cluster/outputs.tf b/modules/workstation-cluster/outputs.tf new file mode 100644 index 0000000000..788d11466e --- /dev/null +++ b/modules/workstation-cluster/outputs.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "cluster_hostname" { + description = "Cluster hostname." + value = var.private_cluster_config != null ? google_workstations_workstation_cluster.cluster.private_cluster_config[0].cluster_hostname : null +} + +output "id" { + description = "Workstation cluster id." + value = google_workstations_workstation_cluster.cluster.workstation_cluster_id +} + +output "service_attachment_uri" { + description = "Workstation service attachment URI." + value = var.private_cluster_config != null ? google_workstations_workstation_cluster.cluster.private_cluster_config[0].service_attachment_uri : null +} + +output "workstation_configs" { + description = "Workstation configurations." + value = google_workstations_workstation_config.configs +} + +output "workstations" { + description = "Workstations." + value = google_workstations_workstation.workstations +} diff --git a/modules/workstation-cluster/variables.tf b/modules/workstation-cluster/variables.tf new file mode 100644 index 0000000000..613fe29de6 --- /dev/null +++ b/modules/workstation-cluster/variables.tf @@ -0,0 +1,152 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "annotations" { + description = "Workstation cluster annotations." + type = map(string) + default = {} +} + +variable "display_name" { + description = "Display name." + type = string + default = null +} + +variable "domain" { + description = "Domain." + type = string + default = null +} + +variable "id" { + description = "Workstation cluster ID." + type = string +} + +variable "labels" { + description = "Workstation cluster labels." + type = map(string) + default = {} +} + +variable "location" { + description = "Location." + type = string + default = null +} + +variable "network_config" { + description = "Network configuration." + type = object({ + network = string + subnetwork = string + }) +} + +variable "private_cluster_config" { + description = "Private cluster config." + type = object({ + enable_private_endpoint = optional(bool, false) + allowed_projects = optional(list(string)) + }) + nullable = false + default = {} +} + +variable "project_id" { + description = "Cluster ID." + type = string +} + +variable "workstation_configs" { + description = "Workstation configurations." + type = map(object({ + annotations = optional(map(string)) + container = optional(object({ + image = optional(string) + command = optional(list(string), []) + args = optional(list(string), []) + working_dir = optional(string) + env = optional(map(string), {}) + run_as_user = optional(string) + })) + display_name = optional(string) + enable_audit_agent = optional(bool) + encryption_key = optional(object({ + kms_key = string + kms_key_service_account = string + })) + gce_instance = optional(object({ + machine_type = optional(string) + service_account = optional(string) + service_account_scopes = optional(list(string), []) + pool_size = optional(number) + boot_disk_size_gb = optional(number) + tags = optional(list(string)) + disable_public_ip_addresses = optional(bool, false) + enable_nested_virtualization = optional(bool, false) + shielded_instance_config = optional(object({ + enable_secure_boot = optional(bool, false) + enable_vtpm = optional(bool, false) + enable_integrity_monitoring = optional(bool, false) + })) + enable_confidential_compute = optional(bool, false) + accelerators = optional(list(object({ + type = optional(string) + count = optional(number) + })), []) + })) + iam = optional(map(list(string)), {}) + iam_bindings = optional(map(object({ + role = string + members = list(string) + })), {}) + iam_bindings_additive = optional(map(object({ + role = string + member = string + })), {}) + idle_timeout = optional(string) + labels = optional(map(string)) + persistent_directories = optional(list(object({ + mount_path = optional(string) + gce_pd = optional(object({ + size_gb = optional(number) + fs_type = optional(string) + disk_type = optional(string) + source_snapshot = optional(string) + reclaim_policy = optional(string) + })) + })), []) + running_timeout = optional(string) + replica_zones = optional(list(string)) + workstations = optional(map(object({ + annotations = optional(map(string)) + display_name = optional(string) + env = optional(map(string)) + iam = optional(map(list(string)), {}) + iam_bindings = optional(map(object({ + role = string + members = list(string) + })), {}) + iam_bindings_additive = optional(map(object({ + role = string + member = string + })), {}) + labels = optional(map(string)) + })), {}) + })) +} diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf new file mode 100644 index 0000000000..4d3bd967e1 --- /dev/null +++ b/modules/workstation-cluster/versions.tf @@ -0,0 +1,29 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_version = ">= 1.4.4" + required_providers { + google = { + source = "hashicorp/google" + version = ">= 5.6.0, < 6.0.0" # tftest + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 5.6.0, < 6.0.0" # tftest + } + } +} + + diff --git a/tests/modules/workstation_cluster/examples/custom-image.yaml b/tests/modules/workstation_cluster/examples/custom-image.yaml new file mode 100644 index 0000000000..ed3c7eb3e8 --- /dev/null +++ b/tests/modules/workstation_cluster/examples/custom-image.yaml @@ -0,0 +1,77 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]: + annotations: null + display_name: null + effective_labels: + team: my-team + env: null + labels: + team: my-team + location: region + project: project-id + terraform_labels: + team: my-team + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + workstation_id: my-workstation + module.workstation-cluster.google_workstations_workstation_cluster.cluster: + annotations: null + display_name: null + domain_config: [] + labels: null + location: region + network: projects/xxx/global/networks/aaa + private_cluster_config: + - enable_private_endpoint: false + project: project-id + subnetwork: subnet_self_link + timeouts: null + workstation_cluster_id: my-workstation-cluster + module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]: + annotations: null + container: + - args: + - --arg1 + - value1 + - --arg2 + - value2 + command: [] + env: + VAR1: VALUE1 + VAR2: VALUE2 + image: repo/my-image:v10.0.0 + run_as_user: null + working_dir: /my-dir + display_name: null + enable_audit_agent: null + encryption_key: [] + idle_timeout: 1200s + labels: null + location: region + project: project-id + running_timeout: 43200s + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + +counts: + google_workstations_workstation: 1 + google_workstations_workstation_cluster: 1 + google_workstations_workstation_config: 1 + modules: 1 + resources: 3 \ No newline at end of file diff --git a/tests/modules/workstation_cluster/examples/iam.yaml b/tests/modules/workstation_cluster/examples/iam.yaml new file mode 100644 index 0000000000..be6c00efe9 --- /dev/null +++ b/tests/modules/workstation_cluster/examples/iam.yaml @@ -0,0 +1,103 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]: + annotations: null + display_name: null + effective_labels: + team: my-team + env: null + labels: + team: my-team + location: region + project: project-id + terraform_labels: + team: my-team + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + workstation_id: my-workstation + module.workstation-cluster.google_workstations_workstation_cluster.cluster: + annotations: null + display_name: null + domain_config: [] + labels: null + location: region + network: projects/xxx/global/networks/aaa + private_cluster_config: + - enable_private_endpoint: false + project: project-id + subnetwork: subnet_self_link + timeouts: null + workstation_cluster_id: my-workstation-cluster + module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]: + annotations: null + display_name: null + enable_audit_agent: null + encryption_key: [] + idle_timeout: 1200s + labels: null + location: region + project: project-id + running_timeout: 43200s + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + ? module.workstation-cluster.google_workstations_workstation_config_iam_binding.authoritative["my-workstation-config-roles/viewer"] + : condition: [] + location: region + members: + - group:group1@my-org.com + project: project-id + role: roles/viewer + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + ? module.workstation-cluster.google_workstations_workstation_config_iam_binding.bindings["my-workstation-config-workstations-config-viewer"] + : condition: [] + location: region + members: + - group:group2@my-org.com + project: project-id + role: roles/viewer + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + ? module.workstation-cluster.google_workstations_workstation_config_iam_member.bindings["my-workstation-config-workstations-config-editor"] + : condition: [] + location: region + member: group:group3@my-org.com + project: project-id + role: roles/editor + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + ? module.workstation-cluster.google_workstations_workstation_iam_binding.authoritative["my-workstation-config-my-workstation-roles/workstations.user"] + : condition: [] + location: region + members: + - user:user1@my-org.com + project: project-id + role: roles/workstations.user + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + workstation_id: my-workstation + +counts: + google_workstations_workstation: 1 + google_workstations_workstation_cluster: 1 + google_workstations_workstation_config: 1 + google_workstations_workstation_config_iam_binding: 2 + google_workstations_workstation_config_iam_member: 1 + google_workstations_workstation_iam_binding: 1 + modules: 1 + resources: 7 \ No newline at end of file diff --git a/tests/modules/workstation_cluster/examples/private-cluster.yaml b/tests/modules/workstation_cluster/examples/private-cluster.yaml new file mode 100644 index 0000000000..08b08d0229 --- /dev/null +++ b/tests/modules/workstation_cluster/examples/private-cluster.yaml @@ -0,0 +1,64 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]: + annotations: null + display_name: null + effective_labels: + team: my-team + env: null + labels: + team: my-team + location: region + project: project-id + terraform_labels: + team: my-team + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + workstation_id: my-workstation + module.workstation-cluster.google_workstations_workstation_cluster.cluster: + annotations: null + display_name: null + domain_config: [] + labels: null + location: region + network: projects/xxx/global/networks/aaa + private_cluster_config: + - enable_private_endpoint: true + project: project-id + subnetwork: subnet_self_link + timeouts: null + workstation_cluster_id: my-workstation-cluster + module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]: + annotations: null + display_name: null + enable_audit_agent: null + encryption_key: [] + idle_timeout: 1200s + labels: null + location: region + project: project-id + running_timeout: 43200s + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + +counts: + google_workstations_workstation: 1 + google_workstations_workstation_cluster: 1 + google_workstations_workstation_config: 1 + modules: 1 + resources: 3 \ No newline at end of file diff --git a/tests/modules/workstation_cluster/examples/simple.yaml b/tests/modules/workstation_cluster/examples/simple.yaml new file mode 100644 index 0000000000..8f5307380f --- /dev/null +++ b/tests/modules/workstation_cluster/examples/simple.yaml @@ -0,0 +1,64 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.workstation-cluster.google_workstations_workstation.workstations["my-workstation-config-my-workstation"]: + annotations: null + display_name: null + effective_labels: + team: my-team + env: null + labels: + team: my-team + location: region + project: project-id + terraform_labels: + team: my-team + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + workstation_id: my-workstation + module.workstation-cluster.google_workstations_workstation_cluster.cluster: + annotations: null + display_name: null + domain_config: [] + labels: null + location: region + network: projects/xxx/global/networks/aaa + private_cluster_config: + - enable_private_endpoint: false + project: project-id + subnetwork: subnet_self_link + timeouts: null + workstation_cluster_id: my-workstation-cluster + module.workstation-cluster.google_workstations_workstation_config.configs["my-workstation-config"]: + annotations: null + display_name: null + enable_audit_agent: null + encryption_key: [] + idle_timeout: 1200s + labels: null + location: region + project: project-id + running_timeout: 43200s + timeouts: null + workstation_cluster_id: my-workstation-cluster + workstation_config_id: my-workstation-config + +counts: + google_workstations_workstation: 1 + google_workstations_workstation_cluster: 1 + google_workstations_workstation_config: 1 + modules: 1 + resources: 3 \ No newline at end of file