From 1bbbab1926c02a00a1bf9e90a6f9c3aded5c7121 Mon Sep 17 00:00:00 2001 From: Ludo Date: Thu, 6 Oct 2022 20:19:30 +0200 Subject: [PATCH 1/7] refactor compute-vm for Terraform 1.3 --- modules/compute-vm/README.md | 59 +++++++++++++++--------------- modules/compute-vm/main.tf | 4 +-- modules/compute-vm/variables.tf | 63 +++++++++++++++++---------------- 3 files changed, 64 insertions(+), 62 deletions(-) diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md index 19609682d1..e977d77274 100644 --- a/modules/compute-vm/README.md +++ b/modules/compute-vm/README.md @@ -326,36 +326,35 @@ module "instance-group" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L160) | Instance name. | string | ✓ | | -| [network_interfaces](variables.tf#L174) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | -| [project_id](variables.tf#L209) | Project id. | string | ✓ | | -| [zone](variables.tf#L268) | Compute zone. | string | ✓ | | -| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | -| [attached_disks](variables.tf#L32) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | -| [boot_disk](variables.tf#L58) | Boot disk properties. | object({…}) | | {…} | -| [boot_disk_delete](variables.tf#L72) | Auto delete boot disk. | bool | | true | -| [can_ip_forward](variables.tf#L78) | Enable IP forwarding. | bool | | false | -| [confidential_compute](variables.tf#L84) | Enable Confidential Compute for these instances. | bool | | false | -| [create_template](variables.tf#L90) | Create instance template instead of instances. | bool | | false | -| [description](variables.tf#L95) | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | -| [enable_display](variables.tf#L100) | Enable virtual display on the instances. | bool | | false | -| [encryption](variables.tf#L106) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | -| [group](variables.tf#L116) | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | -| [hostname](variables.tf#L124) | Instance FQDN name. | string | | null | -| [iam](variables.tf#L130) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [instance_type](variables.tf#L136) | Instance type. | string | | "f1-micro" | -| [labels](variables.tf#L142) | Instance labels. | map(string) | | {} | -| [metadata](variables.tf#L148) | Instance metadata. | map(string) | | {} | -| [min_cpu_platform](variables.tf#L154) | Minimum CPU platform. | string | | null | -| [network_interface_options](variables.tf#L165) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | -| [options](variables.tf#L187) | Instance options. | object({…}) | | {…} | -| [scratch_disks](variables.tf#L214) | Scratch disks configuration. | object({…}) | | {…} | -| [service_account](variables.tf#L226) | Service account email. Unused if service account is auto-created. | string | | null | -| [service_account_create](variables.tf#L232) | Auto-create service account. | bool | | false | -| [service_account_scopes](variables.tf#L240) | Scopes applied to service account. | list(string) | | [] | -| [shielded_config](variables.tf#L246) | Shielded VM configuration of the instances. | object({…}) | | null | -| [tag_bindings](variables.tf#L256) | Tag bindings for this instance, in key => tag value id format. | map(string) | | null | -| [tags](variables.tf#L262) | Instance network tags for firewall rule targets. | list(string) | | [] | +| [name](variables.tf#L163) | Instance name. | string | ✓ | | +| [network_interfaces](variables.tf#L177) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | +| [project_id](variables.tf#L212) | Project id. | string | ✓ | | +| [zone](variables.tf#L271) | Compute zone. | string | ✓ | | +| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | +| [attached_disks](variables.tf#L31) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | +| [boot_disk](variables.tf#L64) | Boot disk properties. | object({…}) | | {…} | +| [can_ip_forward](variables.tf#L80) | Enable IP forwarding. | bool | | false | +| [confidential_compute](variables.tf#L86) | Enable Confidential Compute for these instances. | bool | | false | +| [create_template](variables.tf#L92) | Create instance template instead of instances. | bool | | false | +| [description](variables.tf#L97) | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | +| [enable_display](variables.tf#L103) | Enable virtual display on the instances. | bool | | false | +| [encryption](variables.tf#L109) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | +| [group](variables.tf#L119) | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | +| [hostname](variables.tf#L127) | Instance FQDN name. | string | | null | +| [iam](variables.tf#L133) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [instance_type](variables.tf#L139) | Instance type. | string | | "f1-micro" | +| [labels](variables.tf#L145) | Instance labels. | map(string) | | {} | +| [metadata](variables.tf#L151) | Instance metadata. | map(string) | | {} | +| [min_cpu_platform](variables.tf#L157) | Minimum CPU platform. | string | | null | +| [network_interface_options](variables.tf#L168) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | +| [options](variables.tf#L190) | Instance options. | object({…}) | | {…} | +| [scratch_disks](variables.tf#L217) | Scratch disks configuration. | object({…}) | | {…} | +| [service_account](variables.tf#L229) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L235) | Auto-create service account. | bool | | false | +| [service_account_scopes](variables.tf#L243) | Scopes applied to service account. | list(string) | | [] | +| [shielded_config](variables.tf#L249) | Shielded VM configuration of the instances. | object({…}) | | null | +| [tag_bindings](variables.tf#L259) | Tag bindings for this instance, in key => tag value id format. | map(string) | | null | +| [tags](variables.tf#L265) | Instance network tags for firewall rule targets. | list(string) | | [] | ## Outputs diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf index 3a5881600f..be92f8171f 100644 --- a/modules/compute-vm/main.tf +++ b/modules/compute-vm/main.tf @@ -169,7 +169,7 @@ resource "google_compute_instance" "default" { } boot_disk { - auto_delete = var.boot_disk_delete + auto_delete = var.boot_disk.auto_delete initialize_params { type = var.boot_disk.type image = var.boot_disk.image @@ -272,7 +272,7 @@ resource "google_compute_instance_template" "default" { labels = var.labels disk { - auto_delete = var.boot_disk_delete + auto_delete = var.boot_disk.auto_delete boot = true disk_size_gb = var.boot_disk.size disk_type = var.boot_disk.type diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf index 867194082d..f4331e3a2d 100644 --- a/modules/compute-vm/variables.tf +++ b/modules/compute-vm/variables.tf @@ -22,7 +22,6 @@ variable "attached_disk_defaults" { type = string }) default = { - auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" @@ -34,13 +33,20 @@ variable "attached_disks" { type = list(object({ name = string size = string - source = string - source_type = string - options = object({ - mode = string - replica_zone = string - type = string - }) + source = optional(string) + source_type = optional(string, null) + options = optional( + object({ + mode = optional(string, "READ_WRITE") + replica_zone = optional(string, null) + type = optional(string, "pd-balanced") + }), + { + mode = "READ_WRITE" + replica_zone = null + type = "pd-balanced" + } + ) })) default = [] validation { @@ -58,23 +64,19 @@ variable "attached_disks" { variable "boot_disk" { description = "Boot disk properties." type = object({ - image = string - size = number - type = string + auto_delete = optional(bool, true) + image = optional(string, "projects/debian-cloud/global/images/family/debian-11") + size = optional(number, 10) + type = optional(string, "pd-balanced") }) default = { - image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-balanced" - size = 10 + auto_delete = true + image = "projects/debian-cloud/global/images/family/debian-11" + type = "pd-balanced" + size = 10 } } -variable "boot_disk_delete" { - description = "Auto delete boot disk." - type = bool - default = true -} - variable "can_ip_forward" { description = "Enable IP forwarding." type = bool @@ -97,6 +99,7 @@ variable "description" { type = string default = "Managed by the compute-vm Terraform module." } + variable "enable_display" { description = "Enable virtual display on the instances." type = bool @@ -106,7 +109,7 @@ variable "enable_display" { variable "encryption" { description = "Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk." type = object({ - encrypt_boot = bool + encrypt_boot = optional(bool, false) disk_encryption_key_raw = string kms_key_self_link = string }) @@ -165,8 +168,8 @@ variable "name" { variable "network_interface_options" { description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them." type = map(object({ - alias_ips = map(string) - nic_type = string + alias_ips = optional(map(string), null) + nic_type = optional(string, null) })) default = {} } @@ -174,23 +177,23 @@ variable "network_interface_options" { variable "network_interfaces" { description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed." type = list(object({ - nat = bool + nat = optional(bool, false) network = string subnetwork = string - addresses = object({ + addresses = optional(object({ internal = string external = string - }) + }), null) })) } variable "options" { description = "Instance options." type = object({ - allow_stopping_for_update = bool - deletion_protection = bool - spot = bool - termination_action = string + allow_stopping_for_update = optional(bool, true) + deletion_protection = optional(bool, false) + spot = optional(bool, false) + termination_action = optional(string, null) }) default = { allow_stopping_for_update = true From f07394b972ff4be4c1deb865a67a1f17154ebf9c Mon Sep 17 00:00:00 2001 From: Ludo Date: Thu, 6 Oct 2022 20:36:12 +0200 Subject: [PATCH 2/7] bump Terraform version in CI tests config --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a7e427d779..9dc0121a80 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ env: PYTEST_ADDOPTS: "--color=yes" PYTHON_VERSION: "3.10" TF_PLUGIN_CACHE_DIR: "/home/runner/.terraform.d/plugin-cache" - TF_VERSION: 1.3.0 + TF_VERSION: 1.3.2 jobs: doc-examples: From 336dc40c3724419c5d7b2374b476f06201894461 Mon Sep 17 00:00:00 2001 From: Ludo Date: Fri, 7 Oct 2022 08:21:40 +0200 Subject: [PATCH 3/7] fix optional null handling (ht jccb) --- modules/compute-vm/variables.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf index f4331e3a2d..7f532b4351 100644 --- a/modules/compute-vm/variables.tf +++ b/modules/compute-vm/variables.tf @@ -34,11 +34,11 @@ variable "attached_disks" { name = string size = string source = optional(string) - source_type = optional(string, null) + source_type = optional(string) options = optional( object({ mode = optional(string, "READ_WRITE") - replica_zone = optional(string, null) + replica_zone = optional(string) type = optional(string, "pd-balanced") }), { @@ -168,8 +168,8 @@ variable "name" { variable "network_interface_options" { description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them." type = map(object({ - alias_ips = optional(map(string), null) - nic_type = optional(string, null) + alias_ips = optional(map(string)) + nic_type = optional(string) })) default = {} } @@ -193,7 +193,7 @@ variable "options" { allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) spot = optional(bool, false) - termination_action = optional(string, null) + termination_action = optional(string) }) default = { allow_stopping_for_update = true From bc06cce7e07aeabe1febc42873cc142c1e482a53 Mon Sep 17 00:00:00 2001 From: Ludo Date: Fri, 7 Oct 2022 08:23:16 +0200 Subject: [PATCH 4/7] tfdoc --- modules/compute-vm/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md index e977d77274..1d50bd3726 100644 --- a/modules/compute-vm/README.md +++ b/modules/compute-vm/README.md @@ -331,7 +331,7 @@ module "instance-group" { | [project_id](variables.tf#L212) | Project id. | string | ✓ | | | [zone](variables.tf#L271) | Compute zone. | string | ✓ | | | [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | -| [attached_disks](variables.tf#L31) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | +| [attached_disks](variables.tf#L31) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | | [boot_disk](variables.tf#L64) | Boot disk properties. | object({…}) | | {…} | | [can_ip_forward](variables.tf#L80) | Enable IP forwarding. | bool | | false | | [confidential_compute](variables.tf#L86) | Enable Confidential Compute for these instances. | bool | | false | @@ -346,8 +346,8 @@ module "instance-group" { | [labels](variables.tf#L145) | Instance labels. | map(string) | | {} | | [metadata](variables.tf#L151) | Instance metadata. | map(string) | | {} | | [min_cpu_platform](variables.tf#L157) | Minimum CPU platform. | string | | null | -| [network_interface_options](variables.tf#L168) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | -| [options](variables.tf#L190) | Instance options. | object({…}) | | {…} | +| [network_interface_options](variables.tf#L168) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | +| [options](variables.tf#L190) | Instance options. | object({…}) | | {…} | | [scratch_disks](variables.tf#L217) | Scratch disks configuration. | object({…}) | | {…} | | [service_account](variables.tf#L229) | Service account email. Unused if service account is auto-created. | string | | null | | [service_account_create](variables.tf#L235) | Auto-create service account. | bool | | false | From 4b156cbadd1aca19aaf4f673c0f9ae0d5b43ccd5 Mon Sep 17 00:00:00 2001 From: Ludo Date: Fri, 7 Oct 2022 08:36:56 +0200 Subject: [PATCH 5/7] update blueprints --- blueprints/cloud-operations/adfs/main.tf | 2 - .../asset-inventory-feed-remediation/main.tf | 2 - .../cloud-operations/glb_and_armor/main.tf | 11 --- blueprints/networking/filtering-proxy/main.tf | 4 -- blueprints/networking/ilb-next-hop/vms.tf | 4 -- .../nginx-reverse-proxy-cluster/main.tf | 67 ++++++------------- .../onprem-google-access-dns/main.tf | 6 -- .../main.tf | 4 -- 8 files changed, 20 insertions(+), 80 deletions(-) diff --git a/blueprints/cloud-operations/adfs/main.tf b/blueprints/cloud-operations/adfs/main.tf index b7f8e92031..31ea0745e2 100644 --- a/blueprints/cloud-operations/adfs/main.tf +++ b/blueprints/cloud-operations/adfs/main.tf @@ -69,8 +69,6 @@ module "server" { network_interfaces = [{ network = var.network_config == null ? module.vpc[0].self_link : var.network_config.network subnetwork = var.network_config == null ? module.vpc[0].subnet_self_links["${var.region}/subnet"] : var.network_config.subnet - nat = false - addresses = null }] metadata = { # Enables OpenSSH in the Windows instance diff --git a/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf b/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf index e25fe11f58..a9f3f8e9ea 100644 --- a/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf +++ b/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf @@ -104,8 +104,6 @@ module "simple-vm-example" { network_interfaces = [{ network = module.vpc.self_link subnetwork = try(module.vpc.subnet_self_links["${var.region}/${var.name}-default"], "") - nat = false - addresses = null }] tags = ["${var.project_id}-test-feed", "shared-test-feed"] } diff --git a/blueprints/cloud-operations/glb_and_armor/main.tf b/blueprints/cloud-operations/glb_and_armor/main.tf index 8f4e97f6c3..357e1006f7 100644 --- a/blueprints/cloud-operations/glb_and_armor/main.tf +++ b/blueprints/cloud-operations/glb_and_armor/main.tf @@ -94,13 +94,9 @@ module "instance_template_ew1" { network_interfaces = [{ network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["europe-west1/subnet-ew1"] - nat = false - addresses = null }] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-ssd" - size = 10 } metadata = { startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh" @@ -119,13 +115,9 @@ module "instance_template_ue1" { network_interfaces = [{ network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"] - nat = false - addresses = null }] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-ssd" - size = 10 } metadata = { startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh" @@ -146,12 +138,9 @@ module "vm_siege" { network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["us-west1/subnet-uw1"] nat = true - addresses = null }] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-11" - type = "pd-ssd" - size = 10 } metadata = { startup-script = < Date: Fri, 7 Oct 2022 08:41:42 +0200 Subject: [PATCH 6/7] align fast --- fast/stages/02-networking-nva/nva.tf | 12 +--- .../02-networking-nva/test-resources.tf | 56 +------------------ .../02-networking-peering/test-resources.tf | 21 ------- .../02-networking-vpn/test-resources.tf | 21 ------- 4 files changed, 3 insertions(+), 107 deletions(-) diff --git a/fast/stages/02-networking-nva/nva.tf b/fast/stages/02-networking-nva/nva.tf index 26d2de1857..b7dd698816 100644 --- a/fast/stages/02-networking-nva/nva.tf +++ b/fast/stages/02-networking-nva/nva.tf @@ -38,28 +38,20 @@ module "nva-template-ew1" { { network = module.landing-untrusted-vpc.self_link subnetwork = module.landing-untrusted-vpc.subnet_self_links["europe-west1/landing-untrusted-default-ew1"] - nat = false - addresses = null }, { network = module.landing-trusted-vpc.self_link subnetwork = module.landing-trusted-vpc.subnet_self_links["europe-west1/landing-trusted-default-ew1"] - nat = false - addresses = null } ] boot_disk = { image = "projects/debian-cloud/global/images/family/debian-10" - type = "pd-balanced" - size = 10 } create_template = true instance_type = "f1-micro" options = { - allow_stopping_for_update = true - deletion_protection = false - spot = true - termination_action = "STOP" + spot = true + termination_action = "STOP" } metadata = { startup-script = templatefile( diff --git a/fast/stages/02-networking-nva/test-resources.tf b/fast/stages/02-networking-nva/test-resources.tf index f36f22b580..d3b6109e3c 100644 --- a/fast/stages/02-networking-nva/test-resources.tf +++ b/fast/stages/02-networking-nva/test-resources.tf @@ -26,20 +26,13 @@ # network_interfaces = [{ # network = module.landing-untrusted-vpc.self_link # subnetwork = module.landing-untrusted-vpc.subnet_self_links["europe-west1/landing-untrusted-default-ew1"] -# alias_ips = {} -# nat = false -# addresses = null # }] # tags = ["ew1", "ssh"] # service_account_create = true # boot_disk = { # image = "projects/debian-cloud/global/images/family/debian-10" -# type = "pd-balanced" -# size = 10 # } # options = { -# allow_stopping_for_update = true -# deletion_protection = false # spot = true # termination_action = "STOP" # } @@ -59,20 +52,13 @@ # network_interfaces = [{ # network = module.landing-untrusted-vpc.self_link # subnetwork = module.landing-untrusted-vpc.subnet_self_links["europe-west4/landing-untrusted-default-ew4"] -# alias_ips = {} -# nat = false -# addresses = null # }] # tags = ["ew4", "ssh"] # service_account_create = true # boot_disk = { # image = "projects/debian-cloud/global/images/family/debian-10" -# type = "pd-balanced" -# size = 10 # } # options = { -# allow_stopping_for_update = true -# deletion_protection = false # spot = true # termination_action = "STOP" # } @@ -94,22 +80,15 @@ # network_interfaces = [{ # network = module.landing-trusted-vpc.self_link # subnetwork = module.landing-trusted-vpc.subnet_self_links["europe-west1/landing-trusted-default-ew1"] -# alias_ips = {} -# nat = false -# addresses = null # }] # tags = ["ew1", "ssh"] # service_account_create = true # boot_disk = { # image = "projects/debian-cloud/global/images/family/debian-10" -# type = "pd-balanced" -# size = 10 # } # options = { -# allow_stopping_for_update = true -# deletion_protection = false # spot = true -# termination_action = "STOP" +# termination_action = "STOP" # } # metadata = { # startup-script = < Date: Fri, 7 Oct 2022 10:38:34 +0200 Subject: [PATCH 7/7] align README examples --- modules/compute-vm/README.md | 87 ++++--------------- modules/compute-vm/main.tf | 14 +-- modules/compute-vm/variables.tf | 15 +--- tests/modules/compute_vm/fixture/variables.tf | 40 +-------- 4 files changed, 31 insertions(+), 125 deletions(-) diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md index 1d50bd3726..58f288f772 100644 --- a/modules/compute-vm/README.md +++ b/modules/compute-vm/README.md @@ -22,8 +22,6 @@ module "simple-vm-example" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] service_account_create = true } @@ -42,16 +40,12 @@ module "spot-vm-example" { zone = "europe-west1-b" name = "test" options = { - allow_stopping_for_update = true - deletion_protection = false spot = true termination_action = "STOP" } network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] service_account_create = true } @@ -79,18 +73,14 @@ module "simple-vm-example" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] attached_disks = [{ name = "repd-1" - size = null + size = 10 source_type = "attach" source = "regions/${var.region}/disks/repd-test-1" options = { - mode = null replica_zone = "${var.region}-c" - type = null } }] service_account_create = true @@ -109,18 +99,14 @@ module "simple-vm-example" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] attached_disks = [{ name = "repd" - size = null + size = 10 source_type = "attach" source = "https://www.googleapis.com/compute/v1/projects/${var.project_id}/regions/${var.region}/disks/repd-test-1" options = { - mode = null replica_zone = "${var.region}-c" - type = null } }] service_account_create = true @@ -142,27 +128,19 @@ module "kms-vm-example" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] attached_disks = [ { name = "attached-disk" - size = 10 - source = null - source_type = null - options = null + size = 10 } ] service_account_create = true boot_disk = { image = "projects/debian-cloud/global/images/family/debian-10" - type = "pd-ssd" - size = 10 } encryption = { encrypt_boot = true - disk_encryption_key_raw = null kms_key_self_link = var.kms_key.self_link } } @@ -182,17 +160,10 @@ module "vm-with-alias-ips" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null - }] - network_interface_options = { - 0 = { - alias_ips = { - alias1 = "10.16.0.10/32" - } - nic_type = null + alias_ips = { + alias1 = "10.16.0.10/32" } - } + }] service_account_create = true } # tftest modules=1 resources=2 @@ -231,20 +202,12 @@ module "vm-with-gvnic" { boot_disk = { image = google_compute_image.cos-gvnic.self_link type = "pd-ssd" - size = 10 } network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null + nic_type = "GVNIC" }] - network_interface_options = { - 0 = { - alias_ips = null - nic_type = "GVNIC" - } - } service_account_create = true } # tftest modules=1 resources=3 @@ -263,21 +226,14 @@ module "cos-test" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] boot_disk = { image = "projects/cos-cloud/global/images/family/cos-stable" - type = "pd-ssd" - size = 10 } attached_disks = [ { name = "disk-1" size = 10 - source = null - source_type = null - options = null } ] service_account = "vm-default@my-project.iam.gserviceaccount.com" @@ -303,13 +259,9 @@ module "instance-group" { network_interfaces = [{ network = var.vpc.self_link subnetwork = var.subnet.self_link - nat = false - addresses = null }] boot_disk = { image = "projects/cos-cloud/global/images/family/cos-stable" - type = "pd-ssd" - size = 10 } service_account = var.service_account.email service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"] @@ -327,9 +279,9 @@ module "instance-group" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [name](variables.tf#L163) | Instance name. | string | ✓ | | -| [network_interfaces](variables.tf#L177) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | -| [project_id](variables.tf#L212) | Project id. | string | ✓ | | -| [zone](variables.tf#L271) | Compute zone. | string | ✓ | | +| [network_interfaces](variables.tf#L168) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({…})) | ✓ | | +| [project_id](variables.tf#L205) | Project id. | string | ✓ | | +| [zone](variables.tf#L264) | Compute zone. | string | ✓ | | | [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | object({…}) | | {…} | | [attached_disks](variables.tf#L31) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({…})) | | [] | | [boot_disk](variables.tf#L64) | Boot disk properties. | object({…}) | | {…} | @@ -338,7 +290,7 @@ module "instance-group" { | [create_template](variables.tf#L92) | Create instance template instead of instances. | bool | | false | | [description](variables.tf#L97) | Description of a Compute Instance. | string | | "Managed by the compute-vm Terraform module." | | [enable_display](variables.tf#L103) | Enable virtual display on the instances. | bool | | false | -| [encryption](variables.tf#L109) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | +| [encryption](variables.tf#L109) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({…}) | | null | | [group](variables.tf#L119) | Define this variable to create an instance group for instances. Disabled for template use. | object({…}) | | null | | [hostname](variables.tf#L127) | Instance FQDN name. | string | | null | | [iam](variables.tf#L133) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | @@ -346,15 +298,14 @@ module "instance-group" { | [labels](variables.tf#L145) | Instance labels. | map(string) | | {} | | [metadata](variables.tf#L151) | Instance metadata. | map(string) | | {} | | [min_cpu_platform](variables.tf#L157) | Minimum CPU platform. | string | | null | -| [network_interface_options](variables.tf#L168) | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({…})) | | {} | -| [options](variables.tf#L190) | Instance options. | object({…}) | | {…} | -| [scratch_disks](variables.tf#L217) | Scratch disks configuration. | object({…}) | | {…} | -| [service_account](variables.tf#L229) | Service account email. Unused if service account is auto-created. | string | | null | -| [service_account_create](variables.tf#L235) | Auto-create service account. | bool | | false | -| [service_account_scopes](variables.tf#L243) | Scopes applied to service account. | list(string) | | [] | -| [shielded_config](variables.tf#L249) | Shielded VM configuration of the instances. | object({…}) | | null | -| [tag_bindings](variables.tf#L259) | Tag bindings for this instance, in key => tag value id format. | map(string) | | null | -| [tags](variables.tf#L265) | Instance network tags for firewall rule targets. | list(string) | | [] | +| [options](variables.tf#L183) | Instance options. | object({…}) | | {…} | +| [scratch_disks](variables.tf#L210) | Scratch disks configuration. | object({…}) | | {…} | +| [service_account](variables.tf#L222) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L228) | Auto-create service account. | bool | | false | +| [service_account_scopes](variables.tf#L236) | Scopes applied to service account. | list(string) | | [] | +| [shielded_config](variables.tf#L242) | Shielded VM configuration of the instances. | object({…}) | | null | +| [tag_bindings](variables.tf#L252) | Tag bindings for this instance, in key => tag value id format. | map(string) | | null | +| [tags](variables.tf#L258) | Instance network tags for firewall rule targets. | list(string) | | [] | ## Outputs diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf index be92f8171f..567293ab4f 100644 --- a/modules/compute-vm/main.tf +++ b/modules/compute-vm/main.tf @@ -29,12 +29,6 @@ locals { for k, v in local.attached_disks : k => v if try(v.options.replica_zone, null) == null } - network_interface_options = { - for i, v in var.network_interfaces : i => lookup(var.network_interface_options, i, { - alias_ips = null, - nic_type = null - }) - } on_host_maintenance = ( var.options.spot || var.confidential_compute ? "TERMINATE" @@ -200,14 +194,14 @@ resource "google_compute_instance" "default" { } } dynamic "alias_ip_range" { - for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {} + for_each = config.value.alias_ips iterator = config_alias content { subnetwork_range_name = config_alias.key ip_cidr_range = config_alias.value } } - nic_type = local.network_interface_options[config.key].nic_type + nic_type = config.value.nic_type } } @@ -334,14 +328,14 @@ resource "google_compute_instance_template" "default" { } } dynamic "alias_ip_range" { - for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {} + for_each = config.value.alias_ips iterator = config_alias content { subnetwork_range_name = config_alias.key ip_cidr_range = config_alias.value } } - nic_type = local.network_interface_options[config.key].nic_type + nic_type = config.value.nic_type } } diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf index 7f532b4351..791968bb0d 100644 --- a/modules/compute-vm/variables.tf +++ b/modules/compute-vm/variables.tf @@ -110,8 +110,8 @@ variable "encryption" { description = "Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk." type = object({ encrypt_boot = optional(bool, false) - disk_encryption_key_raw = string - kms_key_self_link = string + disk_encryption_key_raw = optional(string) + kms_key_self_link = optional(string) }) default = null } @@ -165,15 +165,6 @@ variable "name" { type = string } -variable "network_interface_options" { - description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them." - type = map(object({ - alias_ips = optional(map(string)) - nic_type = optional(string) - })) - default = {} -} - variable "network_interfaces" { description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed." type = list(object({ @@ -184,6 +175,8 @@ variable "network_interfaces" { internal = string external = string }), null) + alias_ips = optional(map(string), {}) + nic_type = optional(string) })) } diff --git a/tests/modules/compute_vm/fixture/variables.tf b/tests/modules/compute_vm/fixture/variables.tf index 1c28d2d979..c59199d95f 100644 --- a/tests/modules/compute_vm/fixture/variables.tf +++ b/tests/modules/compute_vm/fixture/variables.tf @@ -16,27 +16,13 @@ variable "attached_disks" { description = "Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null." - type = list(object({ - name = string - size = string - source = string - source_type = string - options = object({ - mode = string - replica_zone = string - type = string - }) - })) - default = [] + type = any + default = [] } variable "attached_disk_defaults" { description = "Defaults for attached disks options." - type = object({ - mode = string - replica_zone = string - type = string - }) + type = any default = { mode = "READ_WRITE" replica_zone = null @@ -70,31 +56,13 @@ variable "metadata" { } variable "network_interfaces" { - type = list(object({ - nat = bool - network = string - subnetwork = string - addresses = object({ - internal = string - external = string - }) - })) + type = any default = [{ network = "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default", subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default", - nat = false, - addresses = null }] } -variable "network_interface_options" { - type = map(object({ - alias_ips = map(string) - nic_type = string - })) - default = {} -} - variable "service_account_create" { type = bool default = false