diff --git a/blueprints/cloud-operations/adfs/README.md b/blueprints/cloud-operations/adfs/README.md index 0b9548846c..893dc155c6 100644 --- a/blueprints/cloud-operations/adfs/README.md +++ b/blueprints/cloud-operations/adfs/README.md @@ -52,20 +52,20 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [ad_dns_domain_name](variables.tf#L44) | AD DNS domain name. | string | ✓ | | -| [adfs_dns_domain_name](variables.tf#L49) | ADFS DNS domain name. | string | ✓ | | -| [project_id](variables.tf#L24) | Host project ID. | string | ✓ | | -| [ad_ip_cidr_block](variables.tf#L90) | Managed AD IP CIDR block. | string | | "10.0.0.0/24" | -| [disk_size](variables.tf#L54) | Disk size. | number | | 50 | -| [disk_type](variables.tf#L60) | Disk type. | string | | "pd-ssd" | -| [image](variables.tf#L66) | Image. | string | | "projects/windows-cloud/global/images/family/windows-2022" | -| [instance_type](variables.tf#L72) | Instance type. | string | | "n1-standard-2" | -| [network_config](variables.tf#L35) | Network configuration | object({…}) | | null | -| [prefix](variables.tf#L29) | Prefix for the resources created. | string | | null | -| [project_create](variables.tf#L15) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L78) | Region. | string | | "europe-west1" | -| [subnet_ip_cidr_block](variables.tf#L96) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | -| [zone](variables.tf#L84) | Zone. | string | | "europe-west1-c" | +| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | string | ✓ | | +| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | string | ✓ | | +| [project_id](variables.tf#L79) | Host project ID. | string | ✓ | | +| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | string | | "10.0.0.0/24" | +| [disk_size](variables.tf#L31) | Disk size. | number | | 50 | +| [disk_type](variables.tf#L37) | Disk type. | string | | "pd-ssd" | +| [image](variables.tf#L43) | Image. | string | | "projects/windows-cloud/global/images/family/windows-2022" | +| [instance_type](variables.tf#L49) | Instance type. | string | | "n1-standard-2" | +| [network_config](variables.tf#L55) | Network configuration | object({…}) | | null | +| [prefix](variables.tf#L64) | Prefix for the resources created. | string | | null | +| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L84) | Region. | string | | "europe-west1" | +| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | +| [zone](variables.tf#L96) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/cloud-operations/adfs/variables.tf b/blueprints/cloud-operations/adfs/variables.tf index 4a8b70f260..4ac2fdc154 100644 --- a/blueprints/cloud-operations/adfs/variables.tf +++ b/blueprints/cloud-operations/adfs/variables.tf @@ -12,38 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -variable "project_create" { - description = "Parameters for the creation of the new project." - type = object({ - billing_account_id = string - parent = string - }) - default = null -} - -variable "project_id" { - description = "Host project ID." - type = string -} - -variable "prefix" { - description = "Prefix for the resources created." +variable "ad_dns_domain_name" { + description = "AD DNS domain name." type = string - default = null } -variable "network_config" { - description = "Network configuration" - type = object({ - network = string - subnet = string - }) - default = null -} - -variable "ad_dns_domain_name" { - description = "AD DNS domain name." +variable "ad_ip_cidr_block" { + description = "Managed AD IP CIDR block." type = string + default = "10.0.0.0/24" } variable "adfs_dns_domain_name" { @@ -75,26 +52,49 @@ variable "instance_type" { default = "n1-standard-2" } -variable "region" { - description = "Region." +variable "network_config" { + description = "Network configuration" + type = object({ + network = string + subnet = string + }) + default = null +} + +variable "prefix" { + description = "Prefix for the resources created." type = string - default = "europe-west1" + default = null } -variable "zone" { - description = "Zone." +variable "project_create" { + description = "Parameters for the creation of the new project." + type = object({ + billing_account_id = string + parent = string + }) + default = null +} + +variable "project_id" { + description = "Host project ID." type = string - default = "europe-west1-c" } -variable "ad_ip_cidr_block" { - description = "Managed AD IP CIDR block." +variable "region" { + description = "Region." type = string - default = "10.0.0.0/24" + default = "europe-west1" } variable "subnet_ip_cidr_block" { description = "Subnet IP CIDR block." type = string default = "10.0.1.0/28" -} \ No newline at end of file +} + +variable "zone" { + description = "Zone." + type = string + default = "europe-west1-c" +} diff --git a/blueprints/cloud-operations/apigee/README.md b/blueprints/cloud-operations/apigee/README.md index 27b831b7de..65bcea51c0 100644 --- a/blueprints/cloud-operations/apigee/README.md +++ b/blueprints/cloud-operations/apigee/README.md @@ -58,16 +58,16 @@ Do the following to verify that everything works as expected. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [envgroups](variables.tf#L54) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | ✓ | | -| [environments](variables.tf#L60) | Environments. | map(object({…})) | ✓ | | -| [instances](variables.tf#L76) | Instance. | map(object({…})) | ✓ | | -| [project_id](variables.tf#L32) | Project ID. | string | ✓ | | -| [psc_config](variables.tf#L104) | PSC configuration. | map(string) | ✓ | | -| [datastore_name](variables.tf#L97) | Datastore | string | | "gcs" | -| [organization](variables.tf#L38) | Apigee organization. | object({…}) | | {…} | -| [path](variables.tf#L90) | Bucket path. | string | | "/analytics" | -| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | object({…}) | | null | -| [vpc_create](variables.tf#L26) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | +| [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | ✓ | | +| [environments](variables.tf#L30) | Environments. | map(object({…})) | ✓ | | +| [instances](variables.tf#L46) | Instance. | map(object({…})) | ✓ | | +| [project_id](variables.tf#L92) | Project ID. | string | ✓ | | +| [psc_config](variables.tf#L98) | PSC configuration. | map(string) | ✓ | | +| [datastore_name](variables.tf#L17) | Datastore | string | | "gcs" | +| [organization](variables.tf#L60) | Apigee organization. | object({…}) | | {…} | +| [path](variables.tf#L76) | Bucket path. | string | | "/analytics" | +| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | object({…}) | | null | +| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | bool | | true | ## Outputs diff --git a/blueprints/cloud-operations/apigee/variables.tf b/blueprints/cloud-operations/apigee/variables.tf index 5cddf8b04a..61c9339101 100644 --- a/blueprints/cloud-operations/apigee/variables.tf +++ b/blueprints/cloud-operations/apigee/variables.tf @@ -14,41 +14,11 @@ * limitations under the License. */ -variable "project_create" { - description = "Parameters for the creation of the new project." - type = object({ - billing_account_id = string - parent = string - }) - default = null -} - -variable "vpc_create" { - description = "Boolean flag indicating whether the VPC should be created or not." - type = bool - default = true -} - -variable "project_id" { - description = "Project ID." +variable "datastore_name" { + description = "Datastore" type = string nullable = false -} - -variable "organization" { - description = "Apigee organization." - type = object({ - display_name = optional(string, "Apigee organization created by tf module") - description = optional(string, "Apigee organization created by tf module") - authorized_network = optional(string, "vpc") - runtime_type = optional(string, "CLOUD") - billing_type = optional(string) - database_encryption_key = optional(string) - analytics_region = optional(string, "europe-west1") - }) - nullable = false - default = { - } + default = "gcs" } variable "envgroups" { @@ -87,6 +57,22 @@ variable "instances" { nullable = false } +variable "organization" { + description = "Apigee organization." + type = object({ + display_name = optional(string, "Apigee organization created by tf module") + description = optional(string, "Apigee organization created by tf module") + authorized_network = optional(string, "vpc") + runtime_type = optional(string, "CLOUD") + billing_type = optional(string) + database_encryption_key = optional(string) + analytics_region = optional(string, "europe-west1") + }) + nullable = false + default = { + } +} + variable "path" { description = "Bucket path." type = string @@ -94,11 +80,19 @@ variable "path" { nullable = false } -variable "datastore_name" { - description = "Datastore" +variable "project_create" { + description = "Parameters for the creation of the new project." + type = object({ + billing_account_id = string + parent = string + }) + default = null +} + +variable "project_id" { + description = "Project ID." type = string nullable = false - default = "gcs" } variable "psc_config" { @@ -106,3 +100,9 @@ variable "psc_config" { type = map(string) nullable = false } + +variable "vpc_create" { + description = "Boolean flag indicating whether the VPC should be created or not." + type = bool + default = true +} diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md index 9be8a09bda..3af3428901 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md @@ -11,8 +11,8 @@ The codebase provisions the following list of resources: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [impersonate_service_account_email](variables.tf#L21) | Service account to be impersonated by workload identity. | string | ✓ | | -| [project_id](variables.tf#L16) | GCP project ID. | string | ✓ | | +| [impersonate_service_account_email](variables.tf#L16) | Service account to be impersonated by workload identity. | string | ✓ | | +| [project_id](variables.tf#L21) | GCP project ID. | string | ✓ | | | [workload_identity_pool_provider_id](variables.tf#L26) | GCP workload identity pool provider ID. | string | ✓ | | diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md index bb8d79831f..dcad294b38 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md @@ -27,9 +27,9 @@ provider "google-beta" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [impersonate_service_account_email](variables.tf#L22) | Service account to be impersonated by workload identity federation. | string | ✓ | | -| [workload_identity_pool_provider_id](variables.tf#L17) | GCP workload identity pool provider ID. | string | ✓ | | -| [tmp_oidc_token_path](variables.tf#L27) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | string | | ".oidc_token" | +| [impersonate_service_account_email](variables.tf#L17) | Service account to be impersonated by workload identity federation. | string | ✓ | | +| [workload_identity_pool_provider_id](variables.tf#L28) | GCP workload identity pool provider ID. | string | ✓ | | +| [tmp_oidc_token_path](variables.tf#L22) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | string | | ".oidc_token" | ## Outputs diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf index 06f310da98..1100e622ef 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf @@ -14,11 +14,6 @@ * limitations under the License. */ -variable "workload_identity_pool_provider_id" { - description = "GCP workload identity pool provider ID." - type = string -} - variable "impersonate_service_account_email" { description = "Service account to be impersonated by workload identity federation." type = string @@ -29,3 +24,8 @@ variable "tmp_oidc_token_path" { type = string default = ".oidc_token" } + +variable "workload_identity_pool_provider_id" { + description = "GCP workload identity pool provider ID." + type = string +} diff --git a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf index 3a1d81dc2a..76cf7014a2 100644 --- a/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf +++ b/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf @@ -13,13 +13,13 @@ # limitations under the License. -variable "project_id" { - description = "GCP project ID." +variable "impersonate_service_account_email" { + description = "Service account to be impersonated by workload identity." type = string } -variable "impersonate_service_account_email" { - description = "Service account to be impersonated by workload identity." +variable "project_id" { + description = "GCP project ID." type = string } diff --git a/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md b/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md index 7af5a04e74..a3a21dbd27 100644 --- a/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md +++ b/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md @@ -99,13 +99,13 @@ gcloud compute ssh --zone europe-west1-b nginx-test -- 'uptime' | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account](variables.tf#L16) | Billing account id used as default for new projects. | string | ✓ | | -| [project_id](variables.tf#L33) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | string | ✓ | | -| [grace_period](variables.tf#L56) | Grace period for an instance startup. | string | | "180s" | -| [location](variables.tf#L21) | App Engine location used in the example (required for CloudFunctions). | string | | "europe-west" | -| [project_create](variables.tf#L27) | Create project instead of using an existing one. | bool | | false | -| [region](variables.tf#L38) | Compute region used in the example. | string | | "europe-west1" | -| [root_node](variables.tf#L44) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | -| [schedule](variables.tf#L50) | Cron schedule for executing compute instances healthcheck. | string | | "*/5 * * * *" # every five minutes" | +| [project_id](variables.tf#L39) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | string | ✓ | | +| [grace_period](variables.tf#L21) | Grace period for an instance startup. | string | | "180s" | +| [location](variables.tf#L27) | App Engine location used in the example (required for CloudFunctions). | string | | "europe-west" | +| [project_create](variables.tf#L33) | Create project instead of using an existing one. | bool | | false | +| [region](variables.tf#L44) | Compute region used in the example. | string | | "europe-west1" | +| [root_node](variables.tf#L50) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | string | | null | +| [schedule](variables.tf#L56) | Cron schedule for executing compute instances healthcheck. | string | | "*/5 * * * *" # every five minutes" | | [tcp_port](variables.tf#L62) | TCP port to run healthcheck against. | string | | "80" #http" | | [timeout](variables.tf#L68) | TCP probe timeout. | string | | "1000ms" | diff --git a/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf b/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf index d015757cf2..14409a6643 100644 --- a/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf +++ b/blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf @@ -18,6 +18,12 @@ variable "billing_account" { type = string } +variable "grace_period" { + description = "Grace period for an instance startup." + type = string + default = "180s" +} + variable "location" { description = "App Engine location used in the example (required for CloudFunctions)." type = string @@ -53,12 +59,6 @@ variable "schedule" { default = "*/5 * * * *" # every five minutes } -variable "grace_period" { - description = "Grace period for an instance startup." - type = string - default = "180s" -} - variable "tcp_port" { description = "TCP port to run healthcheck against." type = string diff --git a/blueprints/data-solutions/cloudsql-multiregion/README.md b/blueprints/data-solutions/cloudsql-multiregion/README.md index 5bdc632933..1fc060087f 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/README.md +++ b/blueprints/data-solutions/cloudsql-multiregion/README.md @@ -143,25 +143,25 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [postgres_user_password](variables.tf#L40) | `postgres` user password. | string | ✓ | | -| [prefix](variables.tf#L51) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L65) | Project id, references existing project if `project_create` is null. | string | ✓ | | -| [data_eng_principals](variables.tf#L23) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string) | | [] | -| [network_config](variables.tf#L29) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [postgres_database](variables.tf#L45) | `postgres` database. | string | | "guestbook" | -| [project_create](variables.tf#L56) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [regions](variables.tf#L70) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | -| [service_encryption_keys](variables.tf#L17) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | -| [sql_configuration](variables.tf#L84) | Cloud SQL configuration | object({…}) | | {…} | +| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | +| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string) | | [] | +| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | +| [postgres_database](variables.tf#L34) | `postgres` database. | string | | "guestbook" | +| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | +| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | +| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | object({…}) | | {…} | ## Outputs | name | description | sensitive | |---|---|:---:| -| [bucket](outputs.tf#L22) | Cloud storage bucket to import/export data from Cloud SQL. | | -| [connection_names](outputs.tf#L17) | Connection name of each instance. | | -| [demo_commands](outputs.tf#L37) | Demo commands. | | -| [ips](outputs.tf#L27) | IP address of each instance. | | -| [project_id](outputs.tf#L32) | ID of the project containing all the instances. | | +| [bucket](outputs.tf#L17) | Cloud storage bucket to import/export data from Cloud SQL. | | +| [connection_names](outputs.tf#L22) | Connection name of each instance. | | +| [demo_commands](outputs.tf#L27) | Demo commands. | | +| [ips](outputs.tf#L36) | IP address of each instance. | | +| [project_id](outputs.tf#L41) | ID of the project containing all the instances. | | | [service_accounts](outputs.tf#L46) | Service Accounts. | | diff --git a/blueprints/data-solutions/cloudsql-multiregion/outputs.tf b/blueprints/data-solutions/cloudsql-multiregion/outputs.tf index 698401953b..09960e1382 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/outputs.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/outputs.tf @@ -14,14 +14,23 @@ * limitations under the License. */ +output "bucket" { + description = "Cloud storage bucket to import/export data from Cloud SQL." + value = module.gcs.name +} + output "connection_names" { description = "Connection name of each instance." value = module.db.connection_names } -output "bucket" { - description = "Cloud storage bucket to import/export data from Cloud SQL." - value = module.gcs.name +output "demo_commands" { + description = "Demo commands." + value = { + "01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b" + "02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &" + "03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'" + } } output "ips" { @@ -34,15 +43,6 @@ output "project_id" { value = module.project.project_id } -output "demo_commands" { - description = "Demo commands." - value = { - "01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b" - "02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &" - "03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'" - } -} - output "service_accounts" { description = "Service Accounts." value = { diff --git a/blueprints/data-solutions/cloudsql-multiregion/variables.tf b/blueprints/data-solutions/cloudsql-multiregion/variables.tf index 66083b5f9c..aa91afbf7e 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/variables.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/variables.tf @@ -14,12 +14,6 @@ * limitations under the License. */ -variable "service_encryption_keys" { - description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured." - type = map(string) - default = null -} - variable "data_eng_principals" { description = "Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'." type = list(string) @@ -37,17 +31,17 @@ variable "network_config" { default = null } -variable "postgres_user_password" { - description = "`postgres` user password." - type = string -} - variable "postgres_database" { description = "`postgres` database." type = string default = "guestbook" } +variable "postgres_user_password" { + description = "`postgres` user password." + type = string +} + variable "prefix" { description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." type = string @@ -80,6 +74,11 @@ variable "regions" { } } +variable "service_encryption_keys" { + description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured." + type = map(string) + default = null +} variable "sql_configuration" { description = "Cloud SQL configuration" diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md index b7fcc806a6..35b4c9508c 100644 --- a/blueprints/data-solutions/data-platform-foundations/README.md +++ b/blueprints/data-solutions/data-platform-foundations/README.md @@ -266,12 +266,12 @@ You can find examples in the `[demo](./demo)` folder. | name | description | sensitive | |---|---|:---:| | [bigquery-datasets](outputs.tf#L17) | BigQuery datasets. | | -| [demo_commands](outputs.tf#L93) | Demo commands. | | -| [gcs-buckets](outputs.tf#L28) | GCS buckets. | | -| [kms_keys](outputs.tf#L42) | Cloud MKS keys. | | -| [projects](outputs.tf#L47) | GCP Projects informations. | | -| [vpc_network](outputs.tf#L75) | VPC network. | | -| [vpc_subnet](outputs.tf#L84) | VPC subnetworks. | | +| [demo_commands](outputs.tf#L28) | Demo commands. | | +| [gcs-buckets](outputs.tf#L41) | GCS buckets. | | +| [kms_keys](outputs.tf#L55) | Cloud MKS keys. | | +| [projects](outputs.tf#L60) | GCP Projects informations. | | +| [vpc_network](outputs.tf#L88) | VPC network. | | +| [vpc_subnet](outputs.tf#L97) | VPC subnetworks. | | ## TODOs diff --git a/blueprints/data-solutions/data-platform-foundations/outputs.tf b/blueprints/data-solutions/data-platform-foundations/outputs.tf index 3fd81a0ead..b941776cb0 100644 --- a/blueprints/data-solutions/data-platform-foundations/outputs.tf +++ b/blueprints/data-solutions/data-platform-foundations/outputs.tf @@ -25,6 +25,19 @@ output "bigquery-datasets" { } } +output "demo_commands" { + description = "Demo commands." + value = { + 01 = "gsutil -i ${module.drop-sa-cs-0.email} cp demo/data/*.csv gs://${module.drop-cs-0.name}" + 02 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/data/*.j* gs://${module.orch-cs-0.name}" + 03 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/*.py ${google_composer_environment.orch-cmp-0.config[0].dag_gcs_prefix}/" + 04 = "Open ${google_composer_environment.orch-cmp-0.config.0.airflow_uri} and run uploaded DAG." + 05 = <string | ✓ | | -| [project_id](variables.tf#L22) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | +| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [location](variables.tf#L16) | The location where resources will be deployed. | string | | "EU" | | [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | object({…}) | | null | | [region](variables.tf#L41) | The region where resources will be deployed. | string | | "europe-west1" | diff --git a/blueprints/data-solutions/data-playground/variables.tf b/blueprints/data-solutions/data-playground/variables.tf index 76ba0db184..1c410ae27a 100644 --- a/blueprints/data-solutions/data-playground/variables.tf +++ b/blueprints/data-solutions/data-playground/variables.tf @@ -19,8 +19,8 @@ variable "location" { default = "EU" } -variable "project_id" { - description = "Project id, references existing project if `project_create` is null." +variable "prefix" { + description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." type = string } @@ -33,8 +33,8 @@ variable "project_create" { default = null } -variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." +variable "project_id" { + description = "Project id, references existing project if `project_create` is null." type = string } diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md index 915ada213d..b062f4e3fa 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md @@ -208,10 +208,10 @@ The above command will delete the associated resources so there will be no billa |---|---|:---:| | [bq_tables](outputs.tf#L15) | Bigquery Tables. | | | [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. | | -| [command_01_gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. | | -| [command_02_dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. | | -| [command_03_bq](outputs.tf#L69) | BigQuery command to query imported data. | | -| [project_id](outputs.tf#L28) | Project id. | | -| [service_accounts](outputs.tf#L33) | Service account. | | +| [command_01_gcs](outputs.tf#L28) | gcloud command to copy data into the created bucket impersonating the service account. | | +| [command_02_dataflow](outputs.tf#L33) | Command to run Dataflow template impersonating the service account. | | +| [command_03_bq](outputs.tf#L54) | BigQuery command to query imported data. | | +| [project_id](outputs.tf#L64) | Project id. | | +| [service_accounts](outputs.tf#L69) | Service account. | | diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf index eed3052b65..82b059cc1d 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf @@ -25,21 +25,6 @@ output "buckets" { } } -output "project_id" { - description = "Project id." - value = module.project.project_id -} - -output "service_accounts" { - description = "Service account." - value = { - bq = module.service-account-bq.email - df = module.service-account-df.email - orch = module.service-account-orch.email - landing = module.service-account-landing.email - } -} - output "command_01_gcs" { description = "gcloud command to copy data into the created bucket impersonating the service account." value = "gsutil -i ${module.service-account-landing.email} cp data-demo/* ${module.gcs-data.url}" @@ -75,3 +60,18 @@ output "command_03_bq" { sql_limit = 1000 }) } + +output "project_id" { + description = "Project id." + value = module.project.project_id +} + +output "service_accounts" { + description = "Service account." + value = { + bq = module.service-account-bq.email + df = module.service-account-df.email + orch = module.service-account-orch.email + landing = module.service-account-landing.email + } +} diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md index a60acec796..ba1916c7d5 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/README.md +++ b/blueprints/data-solutions/sqlserver-alwayson/README.md @@ -35,32 +35,32 @@ and to `C:\GcpSetupLog.txt` file. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [ad_domain_fqdn](variables.tf#L111) | Active Directory domain (FQDN) | string | ✓ | | -| [ad_domain_netbios](variables.tf#L120) | Active Directory domain (NetBIOS) | string | ✓ | | -| [network](variables.tf#L38) | Network to use in the project | string | ✓ | | -| [project_id](variables.tf#L27) | Google Cloud project ID | string | ✓ | | -| [sql_admin_password](variables.tf#L102) | Password for the SQL admin user to be created | string | ✓ | | -| [subnetwork](variables.tf#L43) | Subnetwork to use in the project | string | ✓ | | -| [always_on_groups](variables.tf#L135) | List of Always On Groups | list(string) | | ["bookshelf"] | -| [boot_disk_size](variables.tf#L90) | Boot disk size in GB | number | | 50 | -| [cluster_name](variables.tf#L48) | Cluster name (prepended with prefix) | string | | "cluster" | -| [data_disk_size](variables.tf#L96) | Database disk size in GB | number | | 200 | -| [health_check_config](variables.tf#L147) | Health check configuration | | | {…} | -| [health_check_port](variables.tf#L141) | Health check port | number | | 59997 | -| [health_check_ranges](variables.tf#L60) | Health check ranges | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] | -| [managed_ad_dn](variables.tf#L129) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | string | | "" | -| [node_image](variables.tf#L78) | SQL Server node machine image | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | -| [node_instance_type](variables.tf#L66) | SQL Server database node instance type | string | | "n2-standard-8" | -| [node_name](variables.tf#L162) | Node base name | string | | "node" | -| [prefix](variables.tf#L15) | Prefix used for resources (for multiple clusters in a project) | string | | "aog" | -| [project_create](variables.tf#L174) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L21) | Region for resources | string | | "europe-west4" | -| [shared_vpc_project_id](variables.tf#L32) | Shared VPC project ID for firewall rules | string | | null | -| [sql_client_cidrs](variables.tf#L54) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | -| [vpc_ip_cidr_range](variables.tf#L183) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | -| [witness_image](variables.tf#L84) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | -| [witness_instance_type](variables.tf#L72) | SQL Server witness node instance type | string | | "n2-standard-2" | -| [witness_name](variables.tf#L168) | Witness base name | string | | "witness" | +| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | string | ✓ | | +| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | string | ✓ | | +| [network](variables.tf#L90) | Network to use in the project | string | ✓ | | +| [project_id](variables.tf#L128) | Google Cloud project ID | string | ✓ | | +| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | string | ✓ | | +| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | string | ✓ | | +| [always_on_groups](variables.tf#L33) | List of Always On Groups | list(string) | | ["bookshelf"] | +| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | number | | 50 | +| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | string | | "cluster" | +| [data_disk_size](variables.tf#L51) | Database disk size in GB | number | | 200 | +| [health_check_config](variables.tf#L57) | Health check configuration | | | {…} | +| [health_check_port](variables.tf#L72) | Health check port | number | | 59997 | +| [health_check_ranges](variables.tf#L78) | Health check ranges | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] | +| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | string | | "" | +| [node_image](variables.tf#L95) | SQL Server node machine image | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | +| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | string | | "n2-standard-8" | +| [node_name](variables.tf#L107) | Node base name | string | | "node" | +| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | string | | "aog" | +| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L133) | Region for resources | string | | "europe-west4" | +| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | string | | null | +| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | +| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | +| [witness_image](variables.tf#L171) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | +| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | string | | "n2-standard-2" | +| [witness_name](variables.tf#L183) | Witness base name | string | | "witness" | ## Outputs diff --git a/blueprints/data-solutions/sqlserver-alwayson/variables.tf b/blueprints/data-solutions/sqlserver-alwayson/variables.tf index 2e6a95c96a..1e558fafd8 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/variables.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/variables.tf @@ -12,49 +12,67 @@ # See the License for the specific language governing permissions and # limitations under the License. -variable "prefix" { - description = "Prefix used for resources (for multiple clusters in a project)" +variable "ad_domain_fqdn" { + description = "Active Directory domain (FQDN)" type = string - default = "aog" + validation { + condition = length(var.ad_domain_fqdn) > 0 + error_message = "Active Directory domain needs to be specified." + } } -variable "region" { - description = "Region for resources" +variable "ad_domain_netbios" { + description = "Active Directory domain (NetBIOS)" type = string - default = "europe-west4" + validation { + condition = length(var.ad_domain_netbios) > 0 + error_message = "Active Directory domain needs to be specified." + } } -variable "project_id" { - description = "Google Cloud project ID" - type = string +variable "always_on_groups" { + description = "List of Always On Groups" + type = list(string) + default = ["bookshelf"] } -variable "shared_vpc_project_id" { - description = "Shared VPC project ID for firewall rules" - type = string - default = null +variable "boot_disk_size" { + description = "Boot disk size in GB" + type = number + default = 50 } -variable "network" { - description = "Network to use in the project" +variable "cluster_name" { + description = "Cluster name (prepended with prefix)" type = string + default = "cluster" } -variable "subnetwork" { - description = "Subnetwork to use in the project" - type = string +variable "data_disk_size" { + description = "Database disk size in GB" + type = number + default = 200 } -variable "cluster_name" { - description = "Cluster name (prepended with prefix)" - type = string - default = "cluster" +variable "health_check_config" { + description = "Health check configuration" + type = object({ check_interval_sec = number, + healthy_threshold = number, + unhealthy_threshold = number, + timeout_sec = number, + }) + default = { + check_interval_sec = 2 + healthy_threshold = 1 + unhealthy_threshold = 2 + timeout_sec = 1 + } } -variable "sql_client_cidrs" { - description = "CIDR ranges that are allowed to connect to SQL Server" - type = list(string) - default = ["0.0.0.0/0"] +variable "health_check_port" { + description = "Health check port" + type = number + default = 59997 } variable "health_check_ranges" { @@ -63,16 +81,15 @@ variable "health_check_ranges" { default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] } -variable "node_instance_type" { - description = "SQL Server database node instance type" +variable "managed_ad_dn" { + description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)" type = string - default = "n2-standard-8" + default = "" } -variable "witness_instance_type" { - description = "SQL Server witness node instance type" +variable "network" { + description = "Network to use in the project" type = string - default = "n2-standard-2" } variable "node_image" { @@ -81,107 +98,90 @@ variable "node_image" { default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" } -variable "witness_image" { - description = "SQL Server witness machine image" +variable "node_instance_type" { + description = "SQL Server database node instance type" type = string - default = "projects/windows-cloud/global/images/family/windows-2019" + default = "n2-standard-8" } -variable "boot_disk_size" { - description = "Boot disk size in GB" - type = number - default = 50 +variable "node_name" { + description = "Node base name" + type = string + default = "node" } -variable "data_disk_size" { - description = "Database disk size in GB" - type = number - default = 200 +variable "prefix" { + description = "Prefix used for resources (for multiple clusters in a project)" + type = string + default = "aog" } -variable "sql_admin_password" { - description = "Password for the SQL admin user to be created" - type = string - validation { - condition = length(var.sql_admin_password) > 0 - error_message = "SQL administrator password needs to be specified." - } +variable "project_create" { + description = "Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format." + type = object({ + billing_account_id = string + parent = string + }) + default = null } -variable "ad_domain_fqdn" { - description = "Active Directory domain (FQDN)" +variable "project_id" { + description = "Google Cloud project ID" type = string - validation { - condition = length(var.ad_domain_fqdn) > 0 - error_message = "Active Directory domain needs to be specified." - } } -variable "ad_domain_netbios" { - description = "Active Directory domain (NetBIOS)" +variable "region" { + description = "Region for resources" type = string - validation { - condition = length(var.ad_domain_netbios) > 0 - error_message = "Active Directory domain needs to be specified." - } + default = "europe-west4" } -variable "managed_ad_dn" { - description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)" +variable "shared_vpc_project_id" { + description = "Shared VPC project ID for firewall rules" type = string - default = "" + default = null } -variable "always_on_groups" { - description = "List of Always On Groups" - type = list(string) - default = ["bookshelf"] +variable "sql_admin_password" { + description = "Password for the SQL admin user to be created" + type = string + validation { + condition = length(var.sql_admin_password) > 0 + error_message = "SQL administrator password needs to be specified." + } } -variable "health_check_port" { - description = "Health check port" - type = number - default = 59997 +variable "sql_client_cidrs" { + description = "CIDR ranges that are allowed to connect to SQL Server" + type = list(string) + default = ["0.0.0.0/0"] } -variable "health_check_config" { - description = "Health check configuration" - type = object({ check_interval_sec = number, - healthy_threshold = number, - unhealthy_threshold = number, - timeout_sec = number, - }) - default = { - check_interval_sec = 2 - healthy_threshold = 1 - unhealthy_threshold = 2 - timeout_sec = 1 - } +variable "subnetwork" { + description = "Subnetwork to use in the project" + type = string } -variable "node_name" { - description = "Node base name" +variable "vpc_ip_cidr_range" { + description = "Ip range used in the subnet deployef in the Service Project." type = string - default = "node" + default = "10.0.0.0/20" } -variable "witness_name" { - description = "Witness base name" +variable "witness_image" { + description = "SQL Server witness machine image" type = string - default = "witness" + default = "projects/windows-cloud/global/images/family/windows-2019" } -variable "project_create" { - description = "Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format." - type = object({ - billing_account_id = string - parent = string - }) - default = null +variable "witness_instance_type" { + description = "SQL Server witness node instance type" + type = string + default = "n2-standard-2" } -variable "vpc_ip_cidr_range" { - description = "Ip range used in the subnet deployef in the Service Project." +variable "witness_name" { + description = "Witness base name" type = string - default = "10.0.0.0/20" + default = "witness" } diff --git a/blueprints/factories/bigquery-factory/README.md b/blueprints/factories/bigquery-factory/README.md index 01c098bec9..3f1acc4a77 100644 --- a/blueprints/factories/bigquery-factory/README.md +++ b/blueprints/factories/bigquery-factory/README.md @@ -67,20 +67,17 @@ labels: # not required, defaults to {}, Example: {"a":"thisislabela","b":"thisis use_legacy_sql: bool # not required, defaults to false deletion_protection: bool # not required, defaults to false ``` - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L27) | Project ID | string | ✓ | | +| [project_id](variables.tf#L17) | Project ID | string | ✓ | | | [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | string | ✓ | | -| [views_dir](variables.tf#L17) | Relative path for the folder storing view data. | string | ✓ | | +| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | string | ✓ | | - - ## TODO - [ ] add external table support diff --git a/blueprints/factories/bigquery-factory/variables.tf b/blueprints/factories/bigquery-factory/variables.tf index e4910d215e..cd34f02bd0 100644 --- a/blueprints/factories/bigquery-factory/variables.tf +++ b/blueprints/factories/bigquery-factory/variables.tf @@ -14,8 +14,8 @@ * limitations under the License. */ -variable "views_dir" { - description = "Relative path for the folder storing view data." +variable "project_id" { + description = "Project ID" type = string } @@ -24,8 +24,7 @@ variable "tables_dir" { type = string } -variable "project_id" { - description = "Project ID" +variable "views_dir" { + description = "Relative path for the folder storing view data." type = string - } diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md index cee829ff97..cc5ed96246 100644 --- a/blueprints/factories/project-factory/README.md +++ b/blueprints/factories/project-factory/README.md @@ -239,9 +239,9 @@ vpc: | [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string)) | | {} | | [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | | [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | -| [service_identities_iam](variables.tf#L195) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [service_identities_iam_additive](variables.tf#L202) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [services](variables.tf#L188) | Services to be enabled for the project. | list(string) | | [] | +| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [services](variables.tf#L202) | Services to be enabled for the project. | list(string) | | [] | | [vpc](variables.tf#L209) | VPC configuration for the project. | object({…}) | | null | ## Outputs diff --git a/blueprints/factories/project-factory/variables.tf b/blueprints/factories/project-factory/variables.tf index 8efc0bc1ef..cbcae798aa 100644 --- a/blueprints/factories/project-factory/variables.tf +++ b/blueprints/factories/project-factory/variables.tf @@ -185,13 +185,6 @@ variable "service_accounts_iam_additive" { nullable = false } -variable "services" { - description = "Services to be enabled for the project." - type = list(string) - default = [] - nullable = false -} - variable "service_identities_iam" { description = "Custom IAM settings for service identities in service => [role] format." type = map(list(string)) @@ -206,6 +199,13 @@ variable "service_identities_iam_additive" { nullable = false } +variable "services" { + description = "Services to be enabled for the project." + type = list(string) + default = [] + nullable = false +} + variable "vpc" { description = "VPC configuration for the project." type = object({ diff --git a/blueprints/gke/binauthz/README.md b/blueprints/gke/binauthz/README.md index dad6dd8af5..41eef22b6a 100644 --- a/blueprints/gke/binauthz/README.md +++ b/blueprints/gke/binauthz/README.md @@ -107,21 +107,21 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L26) | Project ID. | string | ✓ | | -| [master_cidr_block](variables.tf#L49) | Master CIDR block. | string | | "10.0.0.0/28" | -| [pods_cidr_block](variables.tf#L37) | Pods CIDR block. | string | | "172.16.0.0/20" | -| [prefix](variables.tf#L31) | Prefix for resources created. | string | | null | -| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L61) | Region. | string | | "europe-west1" | -| [services_cidr_block](variables.tf#L43) | Services CIDR block. | string | | "192.168.0.0/24" | -| [subnet_cidr_block](variables.tf#L55) | Subnet CIDR block. | string | | "10.0.1.0/24" | +| [project_id](variables.tf#L44) | Project ID. | string | ✓ | | +| [master_cidr_block](variables.tf#L17) | Master CIDR block. | string | | "10.0.0.0/28" | +| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | string | | "172.16.0.0/20" | +| [prefix](variables.tf#L29) | Prefix for resources created. | string | | null | +| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L49) | Region. | string | | "europe-west1" | +| [services_cidr_block](variables.tf#L55) | Services CIDR block. | string | | "192.168.0.0/24" | +| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | string | | "10.0.1.0/24" | | [zone](variables.tf#L67) | Zone. | string | | "europe-west1-c" | ## Outputs | name | description | sensitive | |---|---|:---:| -| [app_repo_url](outputs.tf#L22) | App source repository url. | | -| [image_repo_url](outputs.tf#L17) | Image source repository url. | | +| [app_repo_url](outputs.tf#L17) | App source repository url. | | +| [image_repo_url](outputs.tf#L22) | Image source repository url. | | diff --git a/blueprints/gke/binauthz/outputs.tf b/blueprints/gke/binauthz/outputs.tf index dc0829d580..4efaf9b357 100644 --- a/blueprints/gke/binauthz/outputs.tf +++ b/blueprints/gke/binauthz/outputs.tf @@ -14,12 +14,12 @@ * limitations under the License. */ -output "image_repo_url" { - description = "Image source repository url." - value = "ssh://@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}" -} - output "app_repo_url" { description = "App source repository url." value = "ssh://@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.app_repo.name}" } + +output "image_repo_url" { + description = "Image source repository url." + value = "ssh://@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}" +} diff --git a/blueprints/gke/binauthz/variables.tf b/blueprints/gke/binauthz/variables.tf index c010a12ac9..2e19b1aaeb 100644 --- a/blueprints/gke/binauthz/variables.tf +++ b/blueprints/gke/binauthz/variables.tf @@ -14,6 +14,24 @@ * limitations under the License. */ +variable "master_cidr_block" { + description = "Master CIDR block." + type = string + default = "10.0.0.0/28" +} + +variable "pods_cidr_block" { + description = "Pods CIDR block." + type = string + default = "172.16.0.0/20" +} + +variable "prefix" { + description = "Prefix for resources created." + type = string + default = null +} + variable "project_create" { description = "Parameters for the creation of the new project." type = object({ @@ -28,16 +46,10 @@ variable "project_id" { type = string } -variable "prefix" { - description = "Prefix for resources created." - type = string - default = null -} - -variable "pods_cidr_block" { - description = "Pods CIDR block." +variable "region" { + description = "Region." type = string - default = "172.16.0.0/20" + default = "europe-west1" } variable "services_cidr_block" { @@ -46,24 +58,12 @@ variable "services_cidr_block" { default = "192.168.0.0/24" } -variable "master_cidr_block" { - description = "Master CIDR block." - type = string - default = "10.0.0.0/28" -} - variable "subnet_cidr_block" { description = "Subnet CIDR block." type = string default = "10.0.1.0/24" } -variable "region" { - description = "Region." - type = string - default = "europe-west1" -} - variable "zone" { description = "Zone." type = string diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md index f57d5f5449..7deafdadaa 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md @@ -64,14 +64,14 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | -| [fleet_project_id](variables.tf#L32) | Management Project ID. | string | ✓ | | -| [host_project_id](variables.tf#L27) | Project ID. | string | ✓ | | -| [mgmt_project_id](variables.tf#L37) | Management Project ID. | string | ✓ | | -| [parent](variables.tf#L22) | Parent. | string | ✓ | | -| [clusters_config](variables.tf#L54) | Clusters configuration. | map(object({…})) | | {…} | -| [istio_version](variables.tf#L98) | ASM version | string | | "1.14.1-asm.3" | -| [mgmt_server_config](variables.tf#L78) | Mgmt server configuration | object({…}) | | {…} | -| [mgmt_subnet_cidr_block](variables.tf#L42) | Management subnet CIDR block. | string | | "10.0.0.0/28" | -| [region](variables.tf#L48) | Region. | string | | "europe-west1" | +| [fleet_project_id](variables.tf#L46) | Management Project ID. | string | ✓ | | +| [host_project_id](variables.tf#L51) | Project ID. | string | ✓ | | +| [mgmt_project_id](variables.tf#L63) | Management Project ID. | string | ✓ | | +| [parent](variables.tf#L94) | Parent. | string | ✓ | | +| [clusters_config](variables.tf#L22) | Clusters configuration. | map(object({…})) | | {…} | +| [istio_version](variables.tf#L57) | ASM version | string | | "1.14.1-asm.3" | +| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | object({…}) | | {…} | +| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | string | | "10.0.0.0/28" | +| [region](variables.tf#L99) | Region. | string | | "europe-west1" | diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf index a973a3ac62..4cff10fb5e 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf @@ -19,38 +19,6 @@ variable "billing_account_id" { type = string } -variable "parent" { - description = "Parent." - type = string -} - -variable "host_project_id" { - description = "Project ID." - type = string -} - -variable "fleet_project_id" { - description = "Management Project ID." - type = string -} - -variable "mgmt_project_id" { - description = "Management Project ID." - type = string -} - -variable "mgmt_subnet_cidr_block" { - description = "Management subnet CIDR block." - type = string - default = "10.0.0.0/28" -} - -variable "region" { - description = "Region." - type = string - default = "europe-west1" -} - variable "clusters_config" { description = "Clusters configuration." type = map(object({ @@ -75,6 +43,28 @@ variable "clusters_config" { } } +variable "fleet_project_id" { + description = "Management Project ID." + type = string +} + +variable "host_project_id" { + description = "Project ID." + type = string +} + + +variable "istio_version" { + description = "ASM version" + type = string + default = "1.14.1-asm.3" +} + +variable "mgmt_project_id" { + description = "Management Project ID." + type = string +} + variable "mgmt_server_config" { description = "Mgmt server configuration" type = object({ @@ -95,8 +85,19 @@ variable "mgmt_server_config" { } } -variable "istio_version" { - description = "ASM version" +variable "mgmt_subnet_cidr_block" { + description = "Management subnet CIDR block." type = string - default = "1.14.1-asm.3" + default = "10.0.0.0/28" +} + +variable "parent" { + description = "Parent." + type = string +} + +variable "region" { + description = "Region." + type = string + default = "europe-west1" } diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md index bd6df94518..9e1cd9b57b 100644 --- a/blueprints/gke/multitenant-fleet/README.md +++ b/blueprints/gke/multitenant-fleet/README.md @@ -265,8 +265,8 @@ module "gke" { | name | description | sensitive | |---|---|:---:| -| [cluster_ids](outputs.tf#L22) | Cluster ids. | | -| [clusters](outputs.tf#L17) | Cluster resources. | | +| [cluster_ids](outputs.tf#L17) | Cluster ids. | | +| [clusters](outputs.tf#L24) | Cluster resources. | | | [project_id](outputs.tf#L29) | GKE project id. | | diff --git a/blueprints/gke/multitenant-fleet/outputs.tf b/blueprints/gke/multitenant-fleet/outputs.tf index e2676246bc..e9eb6985ee 100644 --- a/blueprints/gke/multitenant-fleet/outputs.tf +++ b/blueprints/gke/multitenant-fleet/outputs.tf @@ -14,11 +14,6 @@ # tfdoc:file:description Output variables. -output "clusters" { - description = "Cluster resources." - value = module.gke-cluster -} - output "cluster_ids" { description = "Cluster ids." value = { @@ -26,6 +21,11 @@ output "cluster_ids" { } } +output "clusters" { + description = "Cluster resources." + value = module.gke-cluster +} + output "project_id" { description = "GKE project id." value = module.gke-project-0.project_id diff --git a/blueprints/networking/glb-and-armor/README.md b/blueprints/networking/glb-and-armor/README.md index 0c9a802ec0..ff399bf468 100644 --- a/blueprints/networking/glb-and-armor/README.md +++ b/blueprints/networking/glb-and-armor/README.md @@ -118,17 +118,16 @@ The easiest way to remove all the deployed resources is to run the following com terraform destroy The above command will delete the associated resources so there will be no billable charges made afterwards. - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L26) | Identifier of the project. | string | ✓ | | -| [enforce_security_policy](variables.tf#L31) | Enforce security policy. | bool | | true | -| [prefix](variables.tf#L37) | Prefix used for created resources. | string | | null | -| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | object({…}) | | null | +| [project_id](variables.tf#L38) | Identifier of the project. | string | ✓ | | +| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | bool | | true | +| [prefix](variables.tf#L23) | Prefix used for created resources. | string | | null | +| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | object({…}) | | null | ## Outputs diff --git a/blueprints/networking/glb-and-armor/variables.tf b/blueprints/networking/glb-and-armor/variables.tf index 38513fd96e..a428a8840c 100644 --- a/blueprints/networking/glb-and-armor/variables.tf +++ b/blueprints/networking/glb-and-armor/variables.tf @@ -14,6 +14,18 @@ * limitations under the License. */ +variable "enforce_security_policy" { + description = "Enforce security policy." + type = bool + default = true +} + +variable "prefix" { + description = "Prefix used for created resources." + type = string + default = null +} + variable "project_create" { description = "Parameters for the creation of the new project." type = object({ @@ -27,15 +39,3 @@ variable "project_id" { description = "Identifier of the project." type = string } - -variable "enforce_security_policy" { - description = "Enforce security policy." - type = bool - default = true -} - -variable "prefix" { - description = "Prefix used for created resources." - type = string - default = null -} diff --git a/blueprints/networking/psc-hybrid/README.md b/blueprints/networking/psc-hybrid/README.md index 1b67596be5..c697e68a88 100644 --- a/blueprints/networking/psc-hybrid/README.md +++ b/blueprints/networking/psc-hybrid/README.md @@ -40,16 +40,16 @@ Before applying this Terraform | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [dest_ip_address](variables.tf#L37) | On-prem service destination IP address. | string | ✓ | | -| [prefix](variables.tf#L17) | Prefix to use for resource names. | string | ✓ | | -| [producer](variables.tf#L88) | Producer configuration. | object({…}) | ✓ | | -| [project_id](variables.tf#L22) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | -| [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | -| [subnet_consumer](variables.tf#L98) | Consumer subnet CIDR. | string # CIDR | ✓ | | -| [zone](variables.tf#L32) | Zone where resources will be created. | string | ✓ | | -| [dest_port](variables.tf#L42) | On-prem service destination port. | string | | "80" | -| [project_create](variables.tf#L48) | Whether to automatically create a project. | bool | | false | -| [vpc_config](variables.tf#L60) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | -| [vpc_create](variables.tf#L54) | Whether to automatically create VPCs. | bool | | true | +| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | string | ✓ | | +| [prefix](variables.tf#L28) | Prefix to use for resource names. | string | ✓ | | +| [producer](variables.tf#L33) | Producer configuration. | object({…}) | ✓ | | +| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | +| [region](variables.tf#L54) | Region where resources will be created. | string | ✓ | | +| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | string # CIDR | ✓ | | +| [zone](variables.tf#L98) | Zone where resources will be created. | string | ✓ | | +| [dest_port](variables.tf#L22) | On-prem service destination port. | string | | "80" | +| [project_create](variables.tf#L43) | Whether to automatically create a project. | bool | | false | +| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | +| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | bool | | true | diff --git a/blueprints/networking/psc-hybrid/psc-consumer/README.md b/blueprints/networking/psc-hybrid/psc-consumer/README.md index 23fd8f733f..b681fb1e34 100644 --- a/blueprints/networking/psc-hybrid/psc-consumer/README.md +++ b/blueprints/networking/psc-hybrid/psc-consumer/README.md @@ -1,18 +1,17 @@ # PSC Consumer The module creates a consumer VPC and a Private Service Connect (PSC) endpoint, pointing to the PSC Service Attachment (SA) specified. - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L22) | Name of the resources created. | string | ✓ | | -| [network](variables.tf#L32) | Consumer network id. | string | ✓ | | -| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | string | ✓ | | -| [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | -| [sa_id](variables.tf#L42) | PSC producer service attachment id. | string | ✓ | | -| [subnet](variables.tf#L37) | Subnetwork id where resources will be associated. | string | ✓ | | +| [name](variables.tf#L17) | Name of the resources created. | string | ✓ | | +| [network](variables.tf#L22) | Consumer network id. | string | ✓ | | +| [project_id](variables.tf#L27) | The ID of the project where this VPC will be created. | string | ✓ | | +| [region](variables.tf#L32) | Region where resources will be created. | string | ✓ | | +| [sa_id](variables.tf#L37) | PSC producer service attachment id. | string | ✓ | | +| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | string | ✓ | | diff --git a/blueprints/networking/psc-hybrid/psc-consumer/variables.tf b/blueprints/networking/psc-hybrid/psc-consumer/variables.tf index 47a0f9a638..03f8c2fe32 100644 --- a/blueprints/networking/psc-hybrid/psc-consumer/variables.tf +++ b/blueprints/networking/psc-hybrid/psc-consumer/variables.tf @@ -14,28 +14,23 @@ * limitations under the License. */ -variable "project_id" { - description = "The ID of the project where this VPC will be created." - type = string -} - variable "name" { description = "Name of the resources created." type = string } -variable "region" { - description = "Region where resources will be created." +variable "network" { + description = "Consumer network id." type = string } -variable "network" { - description = "Consumer network id." +variable "project_id" { + description = "The ID of the project where this VPC will be created." type = string } -variable "subnet" { - description = "Subnetwork id where resources will be associated." +variable "region" { + description = "Region where resources will be created." type = string } @@ -43,3 +38,8 @@ variable "sa_id" { description = "PSC producer service attachment id." type = string } + +variable "subnet" { + description = "Subnetwork id where resources will be associated." + type = string +} diff --git a/blueprints/networking/psc-hybrid/psc-producer/README.md b/blueprints/networking/psc-hybrid/psc-producer/README.md index 5efd420fbc..23f1a67094 100644 --- a/blueprints/networking/psc-hybrid/psc-producer/README.md +++ b/blueprints/networking/psc-hybrid/psc-producer/README.md @@ -5,24 +5,23 @@ The module creates: - a producer VPC - an internal regional TCP proxy load balancer with a hybrid Network Endpoint Group (NEG) backend, pointing to an on-prem service (IP + port) - a Private Service Connect Service Attachment (PSC SA) exposing the service to [PSC consumers](../psc-consumer/README.md) - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [accepted_limits](variables.tf#L68) | Incoming accepted projects with endpoints limit. | map(number) | ✓ | | -| [dest_ip_address](variables.tf#L57) | On-prem service destination IP address. | string | ✓ | | -| [name](variables.tf#L22) | Name of the resources created. | string | ✓ | | -| [network](variables.tf#L37) | Producer network id. | string | ✓ | | -| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | string | ✓ | | -| [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | -| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | string | ✓ | | -| [subnet_proxy](variables.tf#L47) | L7 Regional load balancing subnet id. | string | ✓ | | -| [subnets_psc](variables.tf#L52) | PSC NAT subnets. | list(string) | ✓ | | -| [zone](variables.tf#L32) | Zone where resources will be created. | string | ✓ | | -| [dest_port](variables.tf#L62) | On-prem service destination port. | string | | "80" | +| [accepted_limits](variables.tf#L17) | Incoming accepted projects with endpoints limit. | map(number) | ✓ | | +| [dest_ip_address](variables.tf#L22) | On-prem service destination IP address. | string | ✓ | | +| [name](variables.tf#L33) | Name of the resources created. | string | ✓ | | +| [network](variables.tf#L38) | Producer network id. | string | ✓ | | +| [project_id](variables.tf#L43) | The ID of the project where this VPC will be created. | string | ✓ | | +| [region](variables.tf#L48) | Region where resources will be created. | string | ✓ | | +| [subnet](variables.tf#L53) | Subnetwork id where resources will be associated. | string | ✓ | | +| [subnet_proxy](variables.tf#L58) | L7 Regional load balancing subnet id. | string | ✓ | | +| [subnets_psc](variables.tf#L63) | PSC NAT subnets. | list(string) | ✓ | | +| [zone](variables.tf#L68) | Zone where resources will be created. | string | ✓ | | +| [dest_port](variables.tf#L27) | On-prem service destination port. | string | | "80" | ## Outputs diff --git a/blueprints/networking/psc-hybrid/psc-producer/variables.tf b/blueprints/networking/psc-hybrid/psc-producer/variables.tf index c085ecdcc6..c4105e4a1a 100644 --- a/blueprints/networking/psc-hybrid/psc-producer/variables.tf +++ b/blueprints/networking/psc-hybrid/psc-producer/variables.tf @@ -14,28 +14,39 @@ * limitations under the License. */ -variable "project_id" { - description = "The ID of the project where this VPC will be created." +variable "accepted_limits" { + description = "Incoming accepted projects with endpoints limit." + type = map(number) +} + +variable "dest_ip_address" { + description = "On-prem service destination IP address." type = string } +variable "dest_port" { + description = "On-prem service destination port." + type = string + default = "80" +} + variable "name" { description = "Name of the resources created." type = string } -variable "region" { - description = "Region where resources will be created." +variable "network" { + description = "Producer network id." type = string } -variable "zone" { - description = "Zone where resources will be created." +variable "project_id" { + description = "The ID of the project where this VPC will be created." type = string } -variable "network" { - description = "Producer network id." +variable "region" { + description = "Region where resources will be created." type = string } @@ -54,18 +65,7 @@ variable "subnets_psc" { type = list(string) } -variable "dest_ip_address" { - description = "On-prem service destination IP address." - type = string -} - -variable "dest_port" { - description = "On-prem service destination port." +variable "zone" { + description = "Zone where resources will be created." type = string - default = "80" -} - -variable "accepted_limits" { - description = "Incoming accepted projects with endpoints limit." - type = map(number) } diff --git a/blueprints/networking/psc-hybrid/variables.tf b/blueprints/networking/psc-hybrid/variables.tf index 012e26d063..1d38692d3a 100644 --- a/blueprints/networking/psc-hybrid/variables.tf +++ b/blueprints/networking/psc-hybrid/variables.tf @@ -14,47 +14,51 @@ * limitations under the License. */ -variable "prefix" { - description = "Prefix to use for resource names." +variable "dest_ip_address" { + description = "On-prem service destination IP address." type = string } -variable "project_id" { - description = "When referncing existing projects, the id of the project where resources will be created." +variable "dest_port" { + description = "On-prem service destination port." type = string + default = "80" } -variable "region" { - description = "Region where resources will be created." +variable "prefix" { + description = "Prefix to use for resource names." type = string } -variable "zone" { - description = "Zone where resources will be created." - type = string +variable "producer" { + description = "Producer configuration." + type = object({ + subnet_main = string # CIDR + subnet_proxy = string # CIDR + subnet_psc = string # CIDR + accepted_limits = map(number) # Accepted project ids => PSC endpoint limit + }) } -variable "dest_ip_address" { - description = "On-prem service destination IP address." - type = string +variable "project_create" { + description = "Whether to automatically create a project." + type = bool + default = false } -variable "dest_port" { - description = "On-prem service destination port." +variable "project_id" { + description = "When referncing existing projects, the id of the project where resources will be created." type = string - default = "80" } -variable "project_create" { - description = "Whether to automatically create a project." - type = bool - default = false +variable "region" { + description = "Region where resources will be created." + type = string } -variable "vpc_create" { - description = "Whether to automatically create VPCs." - type = bool - default = true +variable "subnet_consumer" { + description = "Consumer subnet CIDR." + type = string # CIDR } variable "vpc_config" { @@ -85,17 +89,13 @@ variable "vpc_config" { } } -variable "producer" { - description = "Producer configuration." - type = object({ - subnet_main = string # CIDR - subnet_proxy = string # CIDR - subnet_psc = string # CIDR - accepted_limits = map(number) # Accepted project ids => PSC endpoint limit - }) +variable "vpc_create" { + description = "Whether to automatically create VPCs." + type = bool + default = true } -variable "subnet_consumer" { - description = "Consumer subnet CIDR." - type = string # CIDR +variable "zone" { + description = "Zone where resources will be created." + type = string } diff --git a/blueprints/third-party-solutions/openshift/tf/README.md b/blueprints/third-party-solutions/openshift/tf/README.md index 9ff776f532..190f0b42ee 100644 --- a/blueprints/third-party-solutions/openshift/tf/README.md +++ b/blueprints/third-party-solutions/openshift/tf/README.md @@ -8,18 +8,18 @@ This example is a companion setup to the Python script in the parent folder, and | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [cluster_name](variables.tf#L23) | Name used for the cluster and DNS zone. | string | ✓ | | -| [domain](variables.tf#L28) | Domain name used to derive the DNS zone. | string | ✓ | | -| [fs_paths](variables.tf#L87) | Filesystem paths for commands and data, supports home path expansion. | object({…}) | ✓ | | -| [host_project](variables.tf#L44) | Shared VPC project and network configuration. | object({…}) | ✓ | | -| [service_project](variables.tf#L124) | Service project configuration. | object({…}) | ✓ | | +| [domain](variables.tf#L39) | Domain name used to derive the DNS zone. | string | ✓ | | +| [fs_paths](variables.tf#L44) | Filesystem paths for commands and data, supports home path expansion. | object({…}) | ✓ | | +| [host_project](variables.tf#L55) | Shared VPC project and network configuration. | object({…}) | ✓ | | +| [service_project](variables.tf#L125) | Service project configuration. | object({…}) | ✓ | | | [allowed_ranges](variables.tf#L17) | Ranges that can SSH to the boostrap VM and API endpoint. | list(any) | | ["10.0.0.0/8"] | -| [disk_encryption_key](variables.tf#L33) | Optional CMEK for disk encryption. | object({…}) | | null | -| [install_config_params](variables.tf#L57) | OpenShift cluster configuration. | object({…}) | | {…} | -| [post_bootstrap_config](variables.tf#L102) | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({…}) | | null | -| [region](variables.tf#L110) | Region where resources will be created. | string | | "europe-west1" | -| [rhcos_gcp_image](variables.tf#L116) | RHCOS image used. | string | | "projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64" | -| [tags](variables.tf#L131) | Additional tags for instances. | list(string) | | ["ssh"] | -| [zones](variables.tf#L137) | Zones used for instances. | list(string) | | ["b", "c", "d"] | +| [disk_encryption_key](variables.tf#L28) | Optional CMEK for disk encryption. | object({…}) | | null | +| [install_config_params](variables.tf#L68) | OpenShift cluster configuration. | object({…}) | | {…} | +| [post_bootstrap_config](variables.tf#L103) | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({…}) | | null | +| [region](variables.tf#L111) | Region where resources will be created. | string | | "europe-west1" | +| [rhcos_gcp_image](variables.tf#L117) | RHCOS image used. | string | | "projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64" | +| [tags](variables.tf#L132) | Additional tags for instances. | list(string) | | ["ssh"] | +| [zones](variables.tf#L138) | Zones used for instances. | list(string) | | ["b", "c", "d"] | ## Outputs diff --git a/blueprints/third-party-solutions/openshift/tf/variables.tf b/blueprints/third-party-solutions/openshift/tf/variables.tf index 3017403e36..ee90bfef81 100644 --- a/blueprints/third-party-solutions/openshift/tf/variables.tf +++ b/blueprints/third-party-solutions/openshift/tf/variables.tf @@ -23,13 +23,8 @@ variable "allowed_ranges" { variable "cluster_name" { description = "Name used for the cluster and DNS zone." type = string -} -variable "domain" { - description = "Domain name used to derive the DNS zone." - type = string } - variable "disk_encryption_key" { description = "Optional CMEK for disk encryption." type = object({ @@ -41,6 +36,22 @@ variable "disk_encryption_key" { default = null } +variable "domain" { + description = "Domain name used to derive the DNS zone." + type = string +} + +variable "fs_paths" { + description = "Filesystem paths for commands and data, supports home path expansion." + type = object({ + credentials = string + config_dir = string + openshift_install = string + pull_secret = string + ssh_key = string + }) +} + variable "host_project" { description = "Shared VPC project and network configuration." type = object({ @@ -84,16 +95,6 @@ variable "install_config_params" { } } -variable "fs_paths" { - description = "Filesystem paths for commands and data, supports home path expansion." - type = object({ - credentials = string - config_dir = string - openshift_install = string - pull_secret = string - ssh_key = string - }) -} # oc -n openshift-cloud-credential-operator get CredentialsRequest \ # openshift-machine-api-gcp \ diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md index 683025a77c..ec1b025a99 100644 --- a/fast/stages/00-bootstrap/README.md +++ b/fast/stages/00-bootstrap/README.md @@ -491,8 +491,8 @@ The remaining configuration is manual, as it regards the repositories themselves | [federated_identity](outputs.tf#L116) | Workload Identity Federation pool and providers. | | | | [outputs_bucket](outputs.tf#L126) | GCS bucket where generated output files are stored. | | | | [project_ids](outputs.tf#L131) | Projects created by this stage. | | | -| [providers](outputs.tf#L151) | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | -| [service_accounts](outputs.tf#L140) | Automation service accounts created by this stage. | | | -| [tfvars](outputs.tf#L160) | Terraform variable files for the following stages. | ✓ | | +| [providers](outputs.tf#L141) | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | +| [service_accounts](outputs.tf#L148) | Automation service accounts created by this stage. | | | +| [tfvars](outputs.tf#L158) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/00-bootstrap/outputs.tf b/fast/stages/00-bootstrap/outputs.tf index 2511c939ad..73dd64f4e9 100644 --- a/fast/stages/00-bootstrap/outputs.tf +++ b/fast/stages/00-bootstrap/outputs.tf @@ -137,6 +137,14 @@ output "project_ids" { } } +# ready to use provider configurations for subsequent stages when not using files +output "providers" { + # tfdoc:output:consumers stage-01 + description = "Terraform provider files for this stage and dependent stages." + sensitive = true + value = local.providers +} + output "service_accounts" { description = "Automation service accounts created by this stage." value = { @@ -146,17 +154,7 @@ output "service_accounts" { } } -# ready to use provider configurations for subsequent stages when not using files - -output "providers" { - # tfdoc:output:consumers stage-01 - description = "Terraform provider files for this stage and dependent stages." - sensitive = true - value = local.providers -} - # ready to use variable values for subsequent stages - output "tfvars" { description = "Terraform variable files for the following stages." sensitive = true diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md index 52e73c55e8..449fa614f5 100644 --- a/fast/stages/01-resman/README.md +++ b/fast/stages/01-resman/README.md @@ -201,13 +201,13 @@ Due to its simplicity, this stage lends itself easily to customizations: adding |---|---|:---:|---| | [cicd_repositories](outputs.tf#L197) | WIF configuration for CI/CD repositories. | | | | [dataplatform](outputs.tf#L211) | Data for the Data Platform stage. | | | -| [gke_multitenant](outputs.tf#L283) | Data for the GKE multitenant stage. | | 03-gke-multitenant | -| [networking](outputs.tf#L227) | Data for the networking stage. | | | -| [project_factories](outputs.tf#L236) | Data for the project factories stage. | | | -| [providers](outputs.tf#L252) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · 03-dataplatform · xx-sandbox · xx-teams | -| [sandbox](outputs.tf#L259) | Data for the sandbox stage. | | xx-sandbox | -| [security](outputs.tf#L273) | Data for the networking stage. | | 02-security | -| [teams](outputs.tf#L304) | Data for the teams stage. | | | -| [tfvars](outputs.tf#L317) | Terraform variable files for the following stages. | ✓ | | +| [gke_multitenant](outputs.tf#L227) | Data for the GKE multitenant stage. | | 03-gke-multitenant | +| [networking](outputs.tf#L248) | Data for the networking stage. | | | +| [project_factories](outputs.tf#L257) | Data for the project factories stage. | | | +| [providers](outputs.tf#L272) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · 03-dataplatform · xx-sandbox · xx-teams | +| [sandbox](outputs.tf#L279) | Data for the sandbox stage. | | xx-sandbox | +| [security](outputs.tf#L293) | Data for the networking stage. | | 02-security | +| [teams](outputs.tf#L303) | Data for the teams stage. | | | +| [tfvars](outputs.tf#L315) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/01-resman/outputs.tf b/fast/stages/01-resman/outputs.tf index 54c661af9d..9b1a676058 100644 --- a/fast/stages/01-resman/outputs.tf +++ b/fast/stages/01-resman/outputs.tf @@ -224,6 +224,27 @@ output "dataplatform" { } } +output "gke_multitenant" { + # tfdoc:output:consumers 03-gke-multitenant + description = "Data for the GKE multitenant stage." + value = ( + var.fast_features.gke + ? { + "dev" = { + folder = module.branch-gke-dev-folder.0.id + gcs_bucket = module.branch-gke-dev-gcs.0.name + service_account = module.branch-gke-dev-sa.0.email + } + "prod" = { + folder = module.branch-gke-prod-folder.0.id + gcs_bucket = module.branch-gke-prod-gcs.0.name + service_account = module.branch-gke-prod-sa.0.email + } + } + : {} + ) +} + output "networking" { description = "Data for the networking stage." value = { @@ -248,7 +269,6 @@ output "project_factories" { } # ready to use provider configurations for subsequent stages - output "providers" { # tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams description = "Terraform provider files for this stage and dependent stages." @@ -280,27 +300,6 @@ output "security" { } } -output "gke_multitenant" { - # tfdoc:output:consumers 03-gke-multitenant - description = "Data for the GKE multitenant stage." - value = ( - var.fast_features.gke - ? { - "dev" = { - folder = module.branch-gke-dev-folder.0.id - gcs_bucket = module.branch-gke-dev-gcs.0.name - service_account = module.branch-gke-dev-sa.0.email - } - "prod" = { - folder = module.branch-gke-prod-folder.0.id - gcs_bucket = module.branch-gke-prod-gcs.0.name - service_account = module.branch-gke-prod-sa.0.email - } - } - : {} - ) -} - output "teams" { description = "Data for the teams stage." value = { @@ -313,7 +312,6 @@ output "teams" { } # ready to use variable values for subsequent stages - output "tfvars" { description = "Terraform variable files for the following stages." sensitive = true diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md index cddfddaa18..a8c9d95669 100644 --- a/fast/stages/02-networking-nva/README.md +++ b/fast/stages/02-networking-nva/README.md @@ -396,7 +396,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [host_project_ids](outputs.tf#L58) | Network project ids. | | | | [host_project_numbers](outputs.tf#L63) | Network project numbers. | | | | [shared_vpc_self_links](outputs.tf#L68) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L87) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L73) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L73) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L79) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-nva/outputs.tf b/fast/stages/02-networking-nva/outputs.tf index d4a4a1ce1a..df324570dd 100644 --- a/fast/stages/02-networking-nva/outputs.tf +++ b/fast/stages/02-networking-nva/outputs.tf @@ -70,6 +70,12 @@ output "shared_vpc_self_links" { value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -83,9 +89,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-networking-peering/README.md b/fast/stages/02-networking-peering/README.md index 1dfdb9a59f..f6a8280991 100644 --- a/fast/stages/02-networking-peering/README.md +++ b/fast/stages/02-networking-peering/README.md @@ -321,7 +321,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [host_project_ids](outputs.tf#L68) | Network project ids. | | | | [host_project_numbers](outputs.tf#L73) | Network project numbers. | | | | [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-peering/outputs.tf b/fast/stages/02-networking-peering/outputs.tf index 405b2dbe84..3b97b7f254 100644 --- a/fast/stages/02-networking-peering/outputs.tf +++ b/fast/stages/02-networking-peering/outputs.tf @@ -80,6 +80,12 @@ output "shared_vpc_self_links" { value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-networking-separate-envs/README.md b/fast/stages/02-networking-separate-envs/README.md index 6fdb00cff0..a874311a96 100644 --- a/fast/stages/02-networking-separate-envs/README.md +++ b/fast/stages/02-networking-separate-envs/README.md @@ -259,11 +259,11 @@ You're now ready to run `terraform init` and `apply`. | name | description | sensitive | consumers | |---|---|:---:|---| | [dev_cloud_dns_inbound_policy](outputs.tf#L59) | IP Addresses for Cloud DNS inbound policy for the dev environment. | | | -| [host_project_ids](outputs.tf#L69) | Network project ids. | | | -| [host_project_numbers](outputs.tf#L74) | Network project numbers. | | | -| [prod_cloud_dns_inbound_policy](outputs.tf#L64) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | | +| [host_project_ids](outputs.tf#L64) | Network project ids. | | | +| [host_project_numbers](outputs.tf#L69) | Network project numbers. | | | +| [prod_cloud_dns_inbound_policy](outputs.tf#L74) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | | | [shared_vpc_self_links](outputs.tf#L79) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L98) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L84) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L84) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L90) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-separate-envs/outputs.tf b/fast/stages/02-networking-separate-envs/outputs.tf index 22016037d2..d06d499d63 100644 --- a/fast/stages/02-networking-separate-envs/outputs.tf +++ b/fast/stages/02-networking-separate-envs/outputs.tf @@ -61,11 +61,6 @@ output "dev_cloud_dns_inbound_policy" { value = [for s in module.dev-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] } -output "prod_cloud_dns_inbound_policy" { - description = "IP Addresses for Cloud DNS inbound policy for the prod environment." - value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] -} - output "host_project_ids" { description = "Network project ids." value = local.host_project_ids @@ -76,11 +71,22 @@ output "host_project_numbers" { value = local.host_project_numbers } +output "prod_cloud_dns_inbound_policy" { + description = "IP Addresses for Cloud DNS inbound policy for the prod environment." + value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] +} + output "shared_vpc_self_links" { description = "Shared VPC host projects." value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -94,9 +100,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md index 783b11fb22..8a884c09b4 100644 --- a/fast/stages/02-networking-vpn/README.md +++ b/fast/stages/02-networking-vpn/README.md @@ -347,7 +347,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [host_project_ids](outputs.tf#L68) | Network project ids. | | | | [host_project_numbers](outputs.tf#L73) | Network project numbers. | | | | [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | | -| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | | -| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | | +| [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | | +| [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | | diff --git a/fast/stages/02-networking-vpn/outputs.tf b/fast/stages/02-networking-vpn/outputs.tf index 405b2dbe84..3b97b7f254 100644 --- a/fast/stages/02-networking-vpn/outputs.tf +++ b/fast/stages/02-networking-vpn/outputs.tf @@ -80,6 +80,12 @@ output "shared_vpc_self_links" { value = local.vpc_self_links } +output "tfvars" { + description = "Terraform variables file for the following stages." + sensitive = true + value = local.tfvars +} + output "vpn_gateway_endpoints" { description = "External IP Addresses for the GCP VPN gateways." value = local.enable_onprem_vpn == false ? null : { @@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" { } } } - -output "tfvars" { - description = "Terraform variables file for the following stages." - sensitive = true - value = local.tfvars -} diff --git a/fast/stages/02-security/README.md b/fast/stages/02-security/README.md index 7d1a83a3b4..72e93606f7 100644 --- a/fast/stages/02-security/README.md +++ b/fast/stages/02-security/README.md @@ -265,13 +265,13 @@ Some references that might be useful in setting up this stage: | [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 00-bootstrap | | [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | | [folder_ids](variables.tf#L34) | Folder name => id mappings, the 'security' folder name must exist. | object({…}) | ✓ | | 01-resman | -| [organization](variables.tf#L91) | Organization details. | object({…}) | ✓ | | 00-bootstrap | -| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | -| [service_accounts](variables.tf#L80) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | object({…}) | ✓ | | 01-resman | +| [organization](variables.tf#L80) | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L96) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | +| [service_accounts](variables.tf#L107) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | object({…}) | ✓ | | 01-resman | | [groups](variables.tf#L42) | Group names to grant organization-level permissions. | map(string) | | {…} | 00-bootstrap | | [kms_defaults](variables.tf#L57) | Defaults used for KMS keys. | object({…}) | | {…} | | | [kms_keys](variables.tf#L69) | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | map(object({…})) | | {} | | -| [outputs_location](variables.tf#L101) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | +| [outputs_location](variables.tf#L90) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | | [vpc_sc_access_levels](variables.tf#L118) | VPC SC access level definitions. | map(object({…})) | | {} | | | [vpc_sc_egress_policies](variables.tf#L147) | VPC SC egress policy defnitions. | map(object({…})) | | {} | | | [vpc_sc_ingress_policies](variables.tf#L167) | VPC SC ingress policy defnitions. | map(object({…})) | | {} | | diff --git a/fast/stages/02-security/variables.tf b/fast/stages/02-security/variables.tf index a28ed56ae4..349589c964 100644 --- a/fast/stages/02-security/variables.tf +++ b/fast/stages/02-security/variables.tf @@ -77,17 +77,6 @@ variable "kms_keys" { default = {} } -variable "service_accounts" { - # tfdoc:variable:source 01-resman - description = "Automation service accounts that can assign the encrypt/decrypt roles on keys." - type = object({ - data-platform-dev = string - data-platform-prod = string - project-factory-dev = string - project-factory-prod = string - }) -} - variable "organization" { # tfdoc:variable:source 00-bootstrap description = "Organization details." @@ -115,6 +104,17 @@ variable "prefix" { } } +variable "service_accounts" { + # tfdoc:variable:source 01-resman + description = "Automation service accounts that can assign the encrypt/decrypt roles on keys." + type = object({ + data-platform-dev = string + data-platform-prod = string + project-factory-dev = string + project-factory-prod = string + }) +} + variable "vpc_sc_access_levels" { description = "VPC SC access level definitions." type = map(object({ diff --git a/fast/stages/03-data-platform/dev/README.md b/fast/stages/03-data-platform/dev/README.md index 342e11fc93..d987a5e106 100644 --- a/fast/stages/03-data-platform/dev/README.md +++ b/fast/stages/03-data-platform/dev/README.md @@ -190,11 +190,11 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data- | name | description | sensitive | consumers | |---|---|:---:|---| | [bigquery_datasets](outputs.tf#L42) | BigQuery datasets. | | | -| [demo_commands](outputs.tf#L72) | Demo commands. | | | -| [gcs_buckets](outputs.tf#L47) | GCS buckets. | | | -| [kms_keys](outputs.tf#L52) | Cloud MKS keys. | | | -| [projects](outputs.tf#L57) | GCP Projects informations. | | | -| [vpc_network](outputs.tf#L62) | VPC network. | | | -| [vpc_subnet](outputs.tf#L67) | VPC subnetworks. | | | +| [demo_commands](outputs.tf#L47) | Demo commands. | | | +| [gcs_buckets](outputs.tf#L52) | GCS buckets. | | | +| [kms_keys](outputs.tf#L57) | Cloud MKS keys. | | | +| [projects](outputs.tf#L62) | GCP Projects informations. | | | +| [vpc_network](outputs.tf#L67) | VPC network. | | | +| [vpc_subnet](outputs.tf#L72) | VPC subnetworks. | | | diff --git a/fast/stages/03-data-platform/dev/outputs.tf b/fast/stages/03-data-platform/dev/outputs.tf index 346bf16b02..d0f79358cb 100644 --- a/fast/stages/03-data-platform/dev/outputs.tf +++ b/fast/stages/03-data-platform/dev/outputs.tf @@ -44,6 +44,11 @@ output "bigquery_datasets" { value = module.data-platform.bigquery-datasets } +output "demo_commands" { + description = "Demo commands." + value = module.data-platform.demo_commands +} + output "gcs_buckets" { description = "GCS buckets." value = module.data-platform.gcs-buckets @@ -68,8 +73,3 @@ output "vpc_subnet" { description = "VPC subnetworks." value = module.data-platform.vpc_subnet } - -output "demo_commands" { - description = "Demo commands." - value = module.data-platform.demo_commands -} diff --git a/fast/stages/03-gke-multitenant/dev/README.md b/fast/stages/03-gke-multitenant/dev/README.md index f3abf494e1..c446fbcb4a 100644 --- a/fast/stages/03-gke-multitenant/dev/README.md +++ b/fast/stages/03-gke-multitenant/dev/README.md @@ -143,7 +143,7 @@ terraform apply | [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 00-bootstrap | | [billing_account](variables.tf#L29) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | | [folder_ids](variables.tf#L149) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 01-resman | -| [host_project_ids](variables.tf#L171) | Host project for the shared VPC. | object({…}) | ✓ | | 02-networking | +| [host_project_ids](variables.tf#L164) | Host project for the shared VPC. | object({…}) | ✓ | | 02-networking | | [prefix](variables.tf#L213) | Prefix used for resources that need unique names. | string | ✓ | | | | [vpc_self_links](variables.tf#L225) | Self link for the shared VPC. | object({…}) | ✓ | | 02-networking | | [clusters](variables.tf#L38) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | | @@ -152,7 +152,7 @@ terraform apply | [fleet_features](variables.tf#L129) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | object({…}) | | null | | | [fleet_workload_identity](variables.tf#L142) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | bool | | false | | | [group_iam](variables.tf#L157) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | map(list(string)) | | {} | | -| [iam](variables.tf#L164) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | +| [iam](variables.tf#L172) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | | [labels](variables.tf#L179) | Project-level labels. | map(string) | | {} | | | [nodepools](variables.tf#L185) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | | | [outputs_location](variables.tf#L207) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | @@ -162,8 +162,8 @@ terraform apply | name | description | sensitive | consumers | |---|---|:---:|---| -| [cluster_ids](outputs.tf#L63) | Cluster ids. | | | -| [clusters](outputs.tf#L57) | Cluster resources. | ✓ | | +| [cluster_ids](outputs.tf#L57) | Cluster ids. | | | +| [clusters](outputs.tf#L62) | Cluster resources. | ✓ | | | [project_id](outputs.tf#L68) | GKE project id. | | | diff --git a/fast/stages/03-gke-multitenant/dev/outputs.tf b/fast/stages/03-gke-multitenant/dev/outputs.tf index 216db95dd1..87b0ca737c 100644 --- a/fast/stages/03-gke-multitenant/dev/outputs.tf +++ b/fast/stages/03-gke-multitenant/dev/outputs.tf @@ -54,17 +54,17 @@ resource "google_storage_bucket_object" "tfvars" { # outputs +output "cluster_ids" { + description = "Cluster ids." + value = module.gke-multitenant.cluster_ids +} + output "clusters" { description = "Cluster resources." value = module.gke-multitenant.clusters sensitive = true } -output "cluster_ids" { - description = "Cluster ids." - value = module.gke-multitenant.cluster_ids -} - output "project_id" { description = "GKE project id." value = module.gke-multitenant.project_id diff --git a/fast/stages/03-gke-multitenant/dev/variables.tf b/fast/stages/03-gke-multitenant/dev/variables.tf index 9c5a1d388e..6be89126a5 100644 --- a/fast/stages/03-gke-multitenant/dev/variables.tf +++ b/fast/stages/03-gke-multitenant/dev/variables.tf @@ -161,13 +161,6 @@ variable "group_iam" { nullable = false } -variable "iam" { - description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format." - type = map(list(string)) - default = {} - nullable = false -} - variable "host_project_ids" { # tfdoc:variable:source 02-networking description = "Host project for the shared VPC." @@ -176,6 +169,13 @@ variable "host_project_ids" { }) } +variable "iam" { + description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format." + type = map(list(string)) + default = {} + nullable = false +} + variable "labels" { description = "Project-level labels." type = map(string) diff --git a/fast/stages/03-project-factory/dev/README.md b/fast/stages/03-project-factory/dev/README.md index 3c29c5dce7..8fe213cee9 100644 --- a/fast/stages/03-project-factory/dev/README.md +++ b/fast/stages/03-project-factory/dev/README.md @@ -109,12 +109,12 @@ terraform apply | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [billing_account](variables.tf#L19) | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | -| [prefix](variables.tf#L47) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L56) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 00-bootstrap | | [data_dir](variables.tf#L28) | Relative path for the folder storing configuration data. | string | | "data/projects" | | -| [defaults_file](variables.tf#L41) | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | -| [environment_dns_zone](variables.tf#L34) | DNS zone suffix for environment. | string | | null | 02-networking | -| [host_project_ids](variables.tf#L67) | Host project for the shared VPC. | object({…}) | | null | 02-networking | -| [vpc_self_links](variables.tf#L58) | Self link for the shared VPC. | object({…}) | | null | 02-networking | +| [defaults_file](variables.tf#L34) | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | +| [environment_dns_zone](variables.tf#L40) | DNS zone suffix for environment. | string | | null | 02-networking | +| [host_project_ids](variables.tf#L47) | Host project for the shared VPC. | object({…}) | | null | 02-networking | +| [vpc_self_links](variables.tf#L67) | Self link for the shared VPC. | object({…}) | | null | 02-networking | ## Outputs diff --git a/fast/stages/03-project-factory/dev/variables.tf b/fast/stages/03-project-factory/dev/variables.tf index 0fe8c7dc18..2993bfba7b 100644 --- a/fast/stages/03-project-factory/dev/variables.tf +++ b/fast/stages/03-project-factory/dev/variables.tf @@ -31,6 +31,12 @@ variable "data_dir" { default = "data/projects" } +variable "defaults_file" { + description = "Relative path for the file storing the project factory configuration." + type = string + default = "data/defaults.yaml" +} + variable "environment_dns_zone" { # tfdoc:variable:source 02-networking description = "DNS zone suffix for environment." @@ -38,10 +44,13 @@ variable "environment_dns_zone" { default = null } -variable "defaults_file" { - description = "Relative path for the file storing the project factory configuration." - type = string - default = "data/defaults.yaml" +variable "host_project_ids" { + # tfdoc:variable:source 02-networking + description = "Host project for the shared VPC." + type = object({ + dev-spoke-0 = string + }) + default = null } variable "prefix" { @@ -63,12 +72,3 @@ variable "vpc_self_links" { }) default = null } - -variable "host_project_ids" { - # tfdoc:variable:source 02-networking - description = "Host project for the shared VPC." - type = object({ - dev-spoke-0 = string - }) - default = null -} diff --git a/modules/__experimental/net-neg/README.md b/modules/__experimental/net-neg/README.md index e00f797afb..a4113f0ca7 100644 --- a/modules/__experimental/net-neg/README.md +++ b/modules/__experimental/net-neg/README.md @@ -29,19 +29,19 @@ module "neg" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [endpoints](variables.tf#L42) | List of (instance, port, address) of the NEG. | list(object({…})) | ✓ | | -| [name](variables.tf#L22) | NEG name. | string | ✓ | | -| [network](variables.tf#L27) | Name or self link of the VPC used for the NEG. Use the self link for Shared VPC. | string | ✓ | | -| [project_id](variables.tf#L17) | NEG project id. | string | ✓ | | -| [subnetwork](variables.tf#L32) | VPC subnetwork name or self link. | string | ✓ | | -| [zone](variables.tf#L37) | NEG zone. | string | ✓ | | +| [endpoints](variables.tf#L17) | List of (instance, port, address) of the NEG. | list(object({…})) | ✓ | | +| [name](variables.tf#L26) | NEG name. | string | ✓ | | +| [network](variables.tf#L31) | Name or self link of the VPC used for the NEG. Use the self link for Shared VPC. | string | ✓ | | +| [project_id](variables.tf#L36) | NEG project id. | string | ✓ | | +| [subnetwork](variables.tf#L41) | VPC subnetwork name or self link. | string | ✓ | | +| [zone](variables.tf#L46) | NEG zone. | string | ✓ | | ## Outputs | name | description | sensitive | |---|---|:---:| | [id](outputs.tf#L17) | Network endpoint group ID. | | -| [self_lnk](outputs.tf#L27) | Network endpoint group self link. | | -| [size](outputs.tf#L22) | Size of the network endpoint group. | | +| [self_lnk](outputs.tf#L22) | Network endpoint group self link. | | +| [size](outputs.tf#L27) | Size of the network endpoint group. | | diff --git a/modules/__experimental/net-neg/outputs.tf b/modules/__experimental/net-neg/outputs.tf index a8ccdbf003..cb496f5cf3 100644 --- a/modules/__experimental/net-neg/outputs.tf +++ b/modules/__experimental/net-neg/outputs.tf @@ -19,12 +19,12 @@ output "id" { value = google_compute_network_endpoint_group.group.name } -output "size" { - description = "Size of the network endpoint group." - value = google_compute_network_endpoint_group.group.size -} - output "self_lnk" { description = "Network endpoint group self link." value = google_compute_network_endpoint_group.group.self_link } + +output "size" { + description = "Size of the network endpoint group." + value = google_compute_network_endpoint_group.group.size +} diff --git a/modules/__experimental/net-neg/variables.tf b/modules/__experimental/net-neg/variables.tf index 0771def150..b4eb42ac62 100644 --- a/modules/__experimental/net-neg/variables.tf +++ b/modules/__experimental/net-neg/variables.tf @@ -14,9 +14,13 @@ * limitations under the License. */ -variable "project_id" { - description = "NEG project id." - type = string +variable "endpoints" { + description = "List of (instance, port, address) of the NEG." + type = list(object({ + instance = string + port = number + ip_address = string + })) } variable "name" { @@ -29,6 +33,11 @@ variable "network" { type = string } +variable "project_id" { + description = "NEG project id." + type = string +} + variable "subnetwork" { description = "VPC subnetwork name or self link." type = string @@ -38,12 +47,3 @@ variable "zone" { description = "NEG zone." type = string } - -variable "endpoints" { - description = "List of (instance, port, address) of the NEG." - type = list(object({ - instance = string - port = number - ip_address = string - })) -} diff --git a/modules/apigee/README.md b/modules/apigee/README.md index 8071594f1a..d521e87194 100644 --- a/modules/apigee/README.md +++ b/modules/apigee/README.md @@ -141,22 +141,22 @@ module "apigee" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L17) | Project ID. | string | ✓ | | -| [envgroups](variables.tf#L36) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | null | -| [environments](variables.tf#L42) | Environments. | map(object({…})) | | null | -| [instances](variables.tf#L58) | Instance. | map(object({…})) | | null | -| [organization](variables.tf#L22) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null | +| [project_id](variables.tf#L68) | Project ID. | string | ✓ | | +| [envgroups](variables.tf#L18) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | null | +| [environments](variables.tf#L24) | Environments. | map(object({…})) | | null | +| [instances](variables.tf#L40) | Instance. | map(object({…})) | | null | +| [organization](variables.tf#L54) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| [envgroups](outputs.tf#L32) | Environment groups. | | -| [environments](outputs.tf#L37) | Environment. | | -| [instances](outputs.tf#L42) | Instances | | -| [org_id](outputs.tf#L22) | Organization ID. | | -| [org_name](outputs.tf#L27) | Organization name. | | -| [organization](outputs.tf#L17) | Organization. | | +| [envgroups](outputs.tf#L17) | Environment groups. | | +| [environments](outputs.tf#L22) | Environment. | | +| [instances](outputs.tf#L27) | Instances | | +| [org_id](outputs.tf#L32) | Organization ID. | | +| [org_name](outputs.tf#L37) | Organization name. | | +| [organization](outputs.tf#L42) | Organization. | | | [service_attachments](outputs.tf#L47) | Service attachments. | | diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf index 6173f30fc3..5d043f1888 100644 --- a/modules/apigee/outputs.tf +++ b/modules/apigee/outputs.tf @@ -14,21 +14,6 @@ * limitations under the License. */ -output "organization" { - description = "Organization." - value = try(google_apigee_organization.organization[0], null) -} - -output "org_id" { - description = "Organization ID." - value = local.org_id -} - -output "org_name" { - description = "Organization name." - value = try(google_apigee_organization.organization[0].name, var.project_id) -} - output "envgroups" { description = "Environment groups." value = try(google_apigee_envgroup.envgroups, null) @@ -44,6 +29,21 @@ output "instances" { value = try(google_apigee_instance.instances, null) } +output "org_id" { + description = "Organization ID." + value = local.org_id +} + +output "org_name" { + description = "Organization name." + value = try(google_apigee_organization.organization[0].name, var.project_id) +} + +output "organization" { + description = "Organization." + value = try(google_apigee_organization.organization[0], null) +} + output "service_attachments" { description = "Service attachments." value = { for k, v in google_apigee_instance.instances : k => v.service_attachment } diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf index 0eb2ed685e..c9cae91c42 100644 --- a/modules/apigee/variables.tf +++ b/modules/apigee/variables.tf @@ -14,24 +14,6 @@ * limitations under the License. */ -variable "project_id" { - description = "Project ID." - type = string -} - -variable "organization" { - description = "Apigee organization. If set to null the organization must already exist." - type = object({ - display_name = optional(string) - description = optional(string, "Terraform-managed") - authorized_network = optional(string) - runtime_type = optional(string, "CLOUD") - billing_type = optional(string) - database_encryption_key = optional(string) - analytics_region = optional(string, "europe-west1") - }) - default = null -} variable "envgroups" { description = "Environment groups (NAME => [HOSTNAMES])." @@ -68,3 +50,22 @@ variable "instances" { })) default = null } + +variable "organization" { + description = "Apigee organization. If set to null the organization must already exist." + type = object({ + display_name = optional(string) + description = optional(string, "Terraform-managed") + authorized_network = optional(string) + runtime_type = optional(string, "CLOUD") + billing_type = optional(string) + database_encryption_key = optional(string) + analytics_region = optional(string, "europe-west1") + }) + default = null +} + +variable "project_id" { + description = "Project ID." + type = string +} diff --git a/modules/binauthz/README.md b/modules/binauthz/README.md index 5d6ecdfa9e..7d8a0b3010 100644 --- a/modules/binauthz/README.md +++ b/modules/binauthz/README.md @@ -61,19 +61,19 @@ module "binauthz" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L17) | Project ID. | string | ✓ | | -| [admission_whitelist_patterns](variables.tf#L28) | An image name pattern to allowlist | list(string) | | null | -| [attestors_config](variables.tf#L58) | Attestors configuration | map(object({…})) | | null | -| [cluster_admission_rules](variables.tf#L48) | Admission rules | map(object({…})) | | null | -| [default_admission_rule](variables.tf#L34) | Default admission rule | object({…}) | | {…} | -| [global_policy_evaluation_mode](variables.tf#L22) | Global policy evaluation mode. | string | | null | +| [project_id](variables.tf#L68) | Project ID. | string | ✓ | | +| [admission_whitelist_patterns](variables.tf#L17) | An image name pattern to allowlist | list(string) | | null | +| [attestors_config](variables.tf#L23) | Attestors configuration | map(object({…})) | | null | +| [cluster_admission_rules](variables.tf#L38) | Admission rules | map(object({…})) | | null | +| [default_admission_rule](variables.tf#L48) | Default admission rule | object({…}) | | {…} | +| [global_policy_evaluation_mode](variables.tf#L62) | Global policy evaluation mode. | string | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| [attestors](outputs.tf#L22) | Attestors. | | -| [id](outputs.tf#L17) | Binary Authorization policy ID | | +| [attestors](outputs.tf#L17) | Attestors. | | +| [id](outputs.tf#L25) | Binary Authorization policy ID | | | [notes](outputs.tf#L30) | Notes. | | diff --git a/modules/binauthz/outputs.tf b/modules/binauthz/outputs.tf index 19fac83688..9273e52d19 100644 --- a/modules/binauthz/outputs.tf +++ b/modules/binauthz/outputs.tf @@ -14,11 +14,6 @@ * limitations under the License. */ -output "id" { - description = "Binary Authorization policy ID" - value = google_binary_authorization_policy.policy.id -} - output "attestors" { description = "Attestors." value = google_binary_authorization_attestor.attestors @@ -27,6 +22,11 @@ output "attestors" { ] } +output "id" { + description = "Binary Authorization policy ID" + value = google_binary_authorization_policy.policy.id +} + output "notes" { description = "Notes." value = google_container_analysis_note.notes diff --git a/modules/binauthz/variables.tf b/modules/binauthz/variables.tf index f9502a69b6..9ba38c4b9d 100644 --- a/modules/binauthz/variables.tf +++ b/modules/binauthz/variables.tf @@ -14,23 +14,37 @@ * limitations under the License. */ -variable "project_id" { - description = "Project ID." - type = string -} - -variable "global_policy_evaluation_mode" { - description = "Global policy evaluation mode." - type = string - default = null -} - variable "admission_whitelist_patterns" { description = "An image name pattern to allowlist" type = list(string) default = null } +variable "attestors_config" { + description = "Attestors configuration" + type = map(object({ + note_reference = string + iam = map(list(string)) + pgp_public_keys = list(string) + pkix_public_keys = list(object({ + id = string + public_key_pem = string + signature_algorithm = string + })) + })) + default = null +} + +variable "cluster_admission_rules" { + description = "Admission rules" + type = map(object({ + evaluation_mode = string + enforcement_mode = string + attestors = list(string) + })) + default = null +} + variable "default_admission_rule" { description = "Default admission rule" type = object({ @@ -45,27 +59,13 @@ variable "default_admission_rule" { } } -variable "cluster_admission_rules" { - description = "Admission rules" - type = map(object({ - evaluation_mode = string - enforcement_mode = string - attestors = list(string) - })) - default = null +variable "global_policy_evaluation_mode" { + description = "Global policy evaluation mode." + type = string + default = null } -variable "attestors_config" { - description = "Attestors configuration" - type = map(object({ - note_reference = string - iam = map(list(string)) - pgp_public_keys = list(string) - pkix_public_keys = list(object({ - id = string - public_key_pem = string - signature_algorithm = string - })) - })) - default = null +variable "project_id" { + description = "Project ID." + type = string } diff --git a/modules/cloud-config-container/cos-generic-metadata/README.md b/modules/cloud-config-container/cos-generic-metadata/README.md index a5abc9d45b..16d1935ed3 100644 --- a/modules/cloud-config-container/cos-generic-metadata/README.md +++ b/modules/cloud-config-container/cos-generic-metadata/README.md @@ -61,20 +61,20 @@ module "cos-envoy" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [container_image](variables.tf#L42) | Container image. | string | ✓ | | -| [authenticate_gcr](variables.tf#L112) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | -| [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s. | list(string) | | [] | -| [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | -| [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config`. | map(any) | | {} | -| [container_args](variables.tf#L35) | Arguments for container. | string | | "" | -| [container_name](variables.tf#L47) | Name of the container to be run. | string | | "container" | -| [container_volumes](variables.tf#L53) | List of volumes. | list(object({…})) | | [] | -| [docker_args](variables.tf#L62) | Extra arguments to be passed for docker. | string | | null | -| [file_defaults](variables.tf#L68) | Default owner and permissions for files. | object({…}) | | {…} | -| [files](variables.tf#L80) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| [run_as_first_user](variables.tf#L106) | Run as the first user if users are specified. | bool | | true | -| [run_commands](variables.tf#L90) | List of cloud-init `runcmd`s. | list(string) | | [] | -| [users](variables.tf#L96) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | +| [container_image](variables.tf#L47) | Container image. | string | ✓ | | +| [authenticate_gcr](variables.tf#L17) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | +| [boot_commands](variables.tf#L23) | List of cloud-init `bootcmd`s. | list(string) | | [] | +| [cloud_config](variables.tf#L29) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | +| [config_variables](variables.tf#L35) | Additional variables used to render the template passed via `cloud_config`. | map(any) | | {} | +| [container_args](variables.tf#L41) | Arguments for container. | string | | "" | +| [container_name](variables.tf#L52) | Name of the container to be run. | string | | "container" | +| [container_volumes](variables.tf#L58) | List of volumes. | list(object({…})) | | [] | +| [docker_args](variables.tf#L67) | Extra arguments to be passed for docker. | string | | null | +| [file_defaults](variables.tf#L73) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L85) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [run_as_first_user](variables.tf#L95) | Run as the first user if users are specified. | bool | | true | +| [run_commands](variables.tf#L101) | List of cloud-init `runcmd`s. | list(string) | | [] | +| [users](variables.tf#L107) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | ## Outputs diff --git a/modules/cloud-config-container/cos-generic-metadata/variables.tf b/modules/cloud-config-container/cos-generic-metadata/variables.tf index 1720afa198..0225916492 100644 --- a/modules/cloud-config-container/cos-generic-metadata/variables.tf +++ b/modules/cloud-config-container/cos-generic-metadata/variables.tf @@ -14,6 +14,12 @@ * limitations under the License. */ +variable "authenticate_gcr" { + description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined." + type = bool + default = false +} + variable "boot_commands" { description = "List of cloud-init `bootcmd`s." type = list(string) @@ -38,7 +44,6 @@ variable "container_args" { default = "" } - variable "container_image" { description = "Container image." type = string @@ -87,6 +92,12 @@ variable "files" { default = {} } +variable "run_as_first_user" { + description = "Run as the first user if users are specified." + type = bool + default = true +} + variable "run_commands" { description = "List of cloud-init `runcmd`s." type = list(string) @@ -102,15 +113,3 @@ variable "users" { default = [ ] } - -variable "run_as_first_user" { - description = "Run as the first user if users are specified." - type = bool - default = true -} - -variable "authenticate_gcr" { - description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined." - type = bool - default = false -} diff --git a/modules/cloud-config-container/nginx-tls/README.md b/modules/cloud-config-container/nginx-tls/README.md index fbd048fd79..d5790cf238 100644 --- a/modules/cloud-config-container/nginx-tls/README.md +++ b/modules/cloud-config-container/nginx-tls/README.md @@ -50,10 +50,10 @@ module "vm-nginx-tls" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [files](variables.tf#L35) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null | -| [nginx_image](variables.tf#L17) | Nginx container image to use. | string | | "nginx:1.23.1" | -| [runcmd_post](variables.tf#L29) | Extra commands to run after starting nginx. | list(string) | | [] | -| [runcmd_pre](variables.tf#L23) | Extra commands to run before starting nginx. | list(string) | | [] | +| [files](variables.tf#L17) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null | +| [nginx_image](variables.tf#L27) | Nginx container image to use. | string | | "nginx:1.23.1" | +| [runcmd_post](variables.tf#L33) | Extra commands to run after starting nginx. | list(string) | | [] | +| [runcmd_pre](variables.tf#L39) | Extra commands to run before starting nginx. | list(string) | | [] | | [users](variables.tf#L45) | Additional list of usernames to be created. | list(object({…})) | | […] | ## Outputs diff --git a/modules/cloud-config-container/nginx-tls/variables.tf b/modules/cloud-config-container/nginx-tls/variables.tf index fd7f6625dc..9ca826266e 100644 --- a/modules/cloud-config-container/nginx-tls/variables.tf +++ b/modules/cloud-config-container/nginx-tls/variables.tf @@ -14,32 +14,32 @@ * limitations under the License. */ +variable "files" { + description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." + type = map(object({ + content = string + owner = string + permissions = string + })) + default = null +} + variable "nginx_image" { description = "Nginx container image to use." type = string default = "nginx:1.23.1" } -variable "runcmd_pre" { - description = "Extra commands to run before starting nginx." - type = list(string) - default = [] -} - variable "runcmd_post" { description = "Extra commands to run after starting nginx." type = list(string) default = [] } -variable "files" { - description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." - type = map(object({ - content = string - owner = string - permissions = string - })) - default = null +variable "runcmd_pre" { + description = "Extra commands to run before starting nginx." + type = list(string) + default = [] } variable "users" { diff --git a/modules/cloud-config-container/nginx/README.md b/modules/cloud-config-container/nginx/README.md index 25cbc98c5b..12ca3d5d0b 100644 --- a/modules/cloud-config-container/nginx/README.md +++ b/modules/cloud-config-container/nginx/README.md @@ -62,12 +62,12 @@ module "cos-nginx" { |---|---|:---:|:---:|:---:| | [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | | [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | map(any) | | {} | -| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | object({…}) | | {…} | -| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| [image](variables.tf#L29) | Nginx container image. | string | | "nginxdemos/hello:plain-text" | -| [nginx_config](variables.tf#L35) | Nginx configuration path, if null container default will be used. | string | | null | -| [runcmd_post](variables.tf#L69) | Extra commands to run after starting nginx. | list(string) | | [] | -| [runcmd_pre](variables.tf#L63) | Extra commands to run before starting nginx. | list(string) | | [] | +| [file_defaults](variables.tf#L29) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L41) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [image](variables.tf#L51) | Nginx container image. | string | | "nginxdemos/hello:plain-text" | +| [nginx_config](variables.tf#L57) | Nginx configuration path, if null container default will be used. | string | | null | +| [runcmd_post](variables.tf#L63) | Extra commands to run after starting nginx. | list(string) | | [] | +| [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | list(string) | | [] | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | | [users](variables.tf#L75) | List of additional usernames to be created. | list(object({…})) | | […] | diff --git a/modules/cloud-config-container/nginx/variables.tf b/modules/cloud-config-container/nginx/variables.tf index 62f5894499..973baff283 100644 --- a/modules/cloud-config-container/nginx/variables.tf +++ b/modules/cloud-config-container/nginx/variables.tf @@ -26,18 +26,6 @@ variable "config_variables" { default = {} } -variable "image" { - description = "Nginx container image." - type = string - default = "nginxdemos/hello:plain-text" -} - -variable "nginx_config" { - description = "Nginx configuration path, if null container default will be used." - type = string - default = null -} - variable "file_defaults" { description = "Default owner and permissions for files." type = object({ @@ -60,10 +48,16 @@ variable "files" { default = {} } -variable "runcmd_pre" { - description = "Extra commands to run before starting nginx." - type = list(string) - default = [] +variable "image" { + description = "Nginx container image." + type = string + default = "nginxdemos/hello:plain-text" +} + +variable "nginx_config" { + description = "Nginx configuration path, if null container default will be used." + type = string + default = null } variable "runcmd_post" { @@ -72,6 +66,12 @@ variable "runcmd_post" { default = [] } +variable "runcmd_pre" { + description = "Extra commands to run before starting nginx." + type = list(string) + default = [] +} + variable "users" { description = "List of additional usernames to be created." type = list(object({ diff --git a/modules/cloud-config-container/simple-nva/README.md b/modules/cloud-config-container/simple-nva/README.md index 3f5b05530c..0e495df5bf 100644 --- a/modules/cloud-config-container/simple-nva/README.md +++ b/modules/cloud-config-container/simple-nva/README.md @@ -72,8 +72,8 @@ module "nva" { |---|---|:---:|:---:|:---:| | [network_interfaces](variables.tf#L39) | Network interfaces configuration. | list(object({…})) | ✓ | | | [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | -| [enable_health_checks](variables.tf#L33) | Configures routing to enable responses to health check probes. | bool | | false | -| [files](variables.tf#L23) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [enable_health_checks](variables.tf#L23) | Configures routing to enable responses to health check probes. | bool | | false | +| [files](variables.tf#L29) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | diff --git a/modules/cloud-config-container/simple-nva/variables.tf b/modules/cloud-config-container/simple-nva/variables.tf index 3c2ebfcbf6..39d96d913f 100644 --- a/modules/cloud-config-container/simple-nva/variables.tf +++ b/modules/cloud-config-container/simple-nva/variables.tf @@ -20,6 +20,12 @@ variable "cloud_config" { default = null } +variable "enable_health_checks" { + description = "Configures routing to enable responses to health check probes." + type = bool + default = false +} + variable "files" { description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." type = map(object({ @@ -30,12 +36,6 @@ variable "files" { default = {} } -variable "enable_health_checks" { - description = "Configures routing to enable responses to health check probes." - type = bool - default = false -} - variable "network_interfaces" { description = "Network interfaces configuration." type = list(object({ diff --git a/modules/cloud-config-container/squid/README.md b/modules/cloud-config-container/squid/README.md index b28fe72a1a..1c866b25ac 100644 --- a/modules/cloud-config-container/squid/README.md +++ b/modules/cloud-config-container/squid/README.md @@ -64,15 +64,15 @@ module "cos-squid" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [allow](variables.tf#L57) | List of domains Squid will allow connections to. | list(string) | | [] | -| [clients](variables.tf#L69) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] | -| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null | -| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} | -| [default_action](variables.tf#L75) | Default action for domains not matching neither the allow or deny lists. | string | | "deny" | -| [deny](variables.tf#L63) | List of domains Squid will deny connections to. | list(string) | | [] | -| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} | -| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | -| [squid_config](variables.tf#L29) | Squid configuration path, if null default will be used. | string | | null | +| [allow](variables.tf#L18) | List of domains Squid will allow connections to. | list(string) | | [] | +| [clients](variables.tf#L24) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] | +| [cloud_config](variables.tf#L30) | Cloud config template path. If null default will be used. | string | | null | +| [config_variables](variables.tf#L36) | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} | +| [default_action](variables.tf#L42) | Default action for domains not matching neither the allow or deny lists. | string | | "deny" | +| [deny](variables.tf#L52) | List of domains Squid will deny connections to. | list(string) | | [] | +| [file_defaults](variables.tf#L58) | Default owner and permissions for files. | object({…}) | | {…} | +| [files](variables.tf#L70) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | +| [squid_config](variables.tf#L80) | Squid configuration path, if null default will be used. | string | | null | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | diff --git a/modules/cloud-config-container/squid/variables.tf b/modules/cloud-config-container/squid/variables.tf index 5180c6d327..b7708821c4 100644 --- a/modules/cloud-config-container/squid/variables.tf +++ b/modules/cloud-config-container/squid/variables.tf @@ -14,6 +14,19 @@ * limitations under the License. */ + +variable "allow" { + description = "List of domains Squid will allow connections to." + type = list(string) + default = [] +} + +variable "clients" { + description = "List of CIDR ranges from which Squid will allow connections." + type = list(string) + default = [] +} + variable "cloud_config" { description = "Cloud config template path. If null default will be used." type = string @@ -26,10 +39,20 @@ variable "config_variables" { default = {} } -variable "squid_config" { - description = "Squid configuration path, if null default will be used." +variable "default_action" { + description = "Default action for domains not matching neither the allow or deny lists." type = string - default = null + default = "deny" + validation { + condition = var.default_action == "deny" || var.default_action == "allow" + error_message = "Default action must be allow or deny." + } +} + +variable "deny" { + description = "List of domains Squid will deny connections to." + type = list(string) + default = [] } variable "file_defaults" { @@ -54,30 +77,8 @@ variable "files" { default = {} } -variable "allow" { - description = "List of domains Squid will allow connections to." - type = list(string) - default = [] -} - -variable "deny" { - description = "List of domains Squid will deny connections to." - type = list(string) - default = [] -} - -variable "clients" { - description = "List of CIDR ranges from which Squid will allow connections." - type = list(string) - default = [] -} - -variable "default_action" { - description = "Default action for domains not matching neither the allow or deny lists." +variable "squid_config" { + description = "Squid configuration path, if null default will be used." type = string - default = "deny" - validation { - condition = var.default_action == "deny" || var.default_action == "allow" - error_message = "Default action must be allow or deny." - } + default = null } diff --git a/modules/cloud-function/README.md b/modules/cloud-function/README.md index 9d8994c04f..b813a364f9 100644 --- a/modules/cloud-function/README.md +++ b/modules/cloud-function/README.md @@ -243,9 +243,9 @@ module "cf-http" { | [service_account](variables.tf#L132) | Service account email. Unused if service account is auto-created. | string | | null | | [service_account_create](variables.tf#L138) | Auto-create service account. | bool | | false | | [trigger_config](variables.tf#L144) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | { v1 = null, v2 = null } | -| [v2](variables.tf#L192) | Whether to use Cloud Function version 2nd Gen or 1st Gen. | bool | | false | -| [vpc_connector](variables.tf#L173) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null | -| [vpc_connector_config](variables.tf#L183) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null | +| [v2](variables.tf#L173) | Whether to use Cloud Function version 2nd Gen or 1st Gen. | bool | | false | +| [vpc_connector](variables.tf#L179) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null | +| [vpc_connector_config](variables.tf#L189) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null | ## Outputs @@ -255,13 +255,13 @@ module "cf-http" { | [bucket_name](outputs.tf#L24) | Bucket name. | | | [function](outputs.tf#L29) | Cloud function resources. | | | [function_name](outputs.tf#L34) | Cloud function name. | | -| [service_account](outputs.tf#L42) | Service account resource. | | -| [service_account_email](outputs.tf#L47) | Service account email. | | -| [service_account_iam_email](outputs.tf#L52) | Service account email. | | -| [trigger_service_account](outputs.tf#L60) | Service account resource. | | -| [trigger_service_account_email](outputs.tf#L65) | Service account email. | | -| [trigger_service_account_iam_email](outputs.tf#L70) | Service account email. | | -| [uri](outputs.tf#L38) | Cloud function service uri. | | -| [vpc_connector](outputs.tf#L78) | VPC connector resource if created. | | +| [service_account](outputs.tf#L39) | Service account resource. | | +| [service_account_email](outputs.tf#L44) | Service account email. | | +| [service_account_iam_email](outputs.tf#L49) | Service account email. | | +| [trigger_service_account](outputs.tf#L57) | Service account resource. | | +| [trigger_service_account_email](outputs.tf#L62) | Service account email. | | +| [trigger_service_account_iam_email](outputs.tf#L67) | Service account email. | | +| [uri](outputs.tf#L75) | Cloud function service uri. | | +| [vpc_connector](outputs.tf#L80) | VPC connector resource if created. | | diff --git a/modules/cloud-function/outputs.tf b/modules/cloud-function/outputs.tf index 5f6e12bef9..04ce290503 100644 --- a/modules/cloud-function/outputs.tf +++ b/modules/cloud-function/outputs.tf @@ -35,10 +35,7 @@ output "function_name" { description = "Cloud function name." value = local.function.name } -output "uri" { - description = "Cloud function service uri." - value = var.v2 ? google_cloudfunctions2_function.function[0].service_config[0].uri : null -} + output "service_account" { description = "Service account resource." value = try(google_service_account.service_account[0], null) @@ -75,6 +72,11 @@ output "trigger_service_account_iam_email" { ]) } +output "uri" { + description = "Cloud function service uri." + value = var.v2 ? google_cloudfunctions2_function.function[0].service_config[0].uri : null +} + output "vpc_connector" { description = "VPC connector resource if created." value = try(google_vpc_access_connector.connector.0.id, null) diff --git a/modules/cloud-function/variables.tf b/modules/cloud-function/variables.tf index 08e166d937..528a594f8b 100644 --- a/modules/cloud-function/variables.tf +++ b/modules/cloud-function/variables.tf @@ -170,6 +170,12 @@ variable "trigger_config" { } } +variable "v2" { + description = "Whether to use Cloud Function version 2nd Gen or 1st Gen." + type = bool + default = false +} + variable "vpc_connector" { description = "VPC connector configuration. Set create to 'true' if a new connector needs to be created." type = object({ @@ -189,10 +195,4 @@ variable "vpc_connector_config" { default = null } -variable "v2" { - description = "Whether to use Cloud Function version 2nd Gen or 1st Gen." - type = bool - default = false -} - diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md index 0355486664..2ef627abee 100644 --- a/modules/cloudsql-instance/README.md +++ b/modules/cloudsql-instance/README.md @@ -146,27 +146,27 @@ module "db" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [database_version](variables.tf#L50) | Database type and version to create. | string | ✓ | | -| [name](variables.tf#L97) | Name of primary instance. | string | ✓ | | -| [network](variables.tf#L102) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | | -| [project_id](variables.tf#L117) | The ID of the project where this instances will be created. | string | ✓ | | -| [region](variables.tf#L122) | Region of the primary instance. | string | ✓ | | -| [tier](variables.tf#L142) | The machine type to use for the instances. | string | ✓ | | +| [database_version](variables.tf#L49) | Database type and version to create. | string | ✓ | | +| [name](variables.tf#L102) | Name of primary instance. | string | ✓ | | +| [network](variables.tf#L107) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | | +| [project_id](variables.tf#L122) | The ID of the project where this instances will be created. | string | ✓ | | +| [region](variables.tf#L127) | Region of the primary instance. | string | ✓ | | +| [tier](variables.tf#L147) | The machine type to use for the instances. | string | ✓ | | | [authorized_networks](variables.tf#L17) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null | | [availability_type](variables.tf#L23) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "ZONAL" | | [backup_configuration](variables.tf#L29) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) | | {…} | -| [databases](variables.tf#L55) | Databases to create once the primary instance is created. | list(string) | | null | -| [deletion_protection](variables.tf#L61) | Allow terraform to delete instances. | bool | | false | -| [disk_size](variables.tf#L67) | Disk size in GB. Set to null to enable autoresize. | number | | null | -| [disk_type](variables.tf#L73) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" | -| [encryption_key_name](variables.tf#L79) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null | -| [flags](variables.tf#L85) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | -| [ipv4_enabled](variables.tf#L153) | Add a public IP address to database instance. | bool | | false | -| [labels](variables.tf#L91) | Labels to be attached to all instances. | map(string) | | null | -| [prefix](variables.tf#L107) | Optional prefix used to generate instance names. | string | | null | -| [replicas](variables.tf#L127) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | -| [root_password](variables.tf#L136) | Root password of the Cloud SQL instance. Required for MS SQL Server | string | | null | -| [users](variables.tf#L147) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null | +| [databases](variables.tf#L54) | Databases to create once the primary instance is created. | list(string) | | null | +| [deletion_protection](variables.tf#L60) | Allow terraform to delete instances. | bool | | false | +| [disk_size](variables.tf#L66) | Disk size in GB. Set to null to enable autoresize. | number | | null | +| [disk_type](variables.tf#L72) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" | +| [encryption_key_name](variables.tf#L78) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null | +| [flags](variables.tf#L84) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | +| [ipv4_enabled](variables.tf#L90) | Add a public IP address to database instance. | bool | | false | +| [labels](variables.tf#L96) | Labels to be attached to all instances. | map(string) | | null | +| [prefix](variables.tf#L112) | Optional prefix used to generate instance names. | string | | null | +| [replicas](variables.tf#L132) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | +| [root_password](variables.tf#L141) | Root password of the Cloud SQL instance. Required for MS SQL Server | string | | null | +| [users](variables.tf#L152) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null | ## Outputs diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf index 858807aebc..8b0adbba41 100644 --- a/modules/cloudsql-instance/variables.tf +++ b/modules/cloudsql-instance/variables.tf @@ -46,7 +46,6 @@ variable "backup_configuration" { } } - variable "database_version" { description = "Database type and version to create." type = string @@ -88,6 +87,12 @@ variable "flags" { default = null } +variable "ipv4_enabled" { + description = "Add a public IP address to database instance." + type = bool + default = false +} + variable "labels" { description = "Labels to be attached to all instances." type = map(string) @@ -149,9 +154,3 @@ variable "users" { type = map(string) default = null } - -variable "ipv4_enabled" { - description = "Add a public IP address to database instance." - type = bool - default = false -} diff --git a/modules/compute-mig/README.md b/modules/compute-mig/README.md index c14f69d809..9356e6ecd6 100644 --- a/modules/compute-mig/README.md +++ b/modules/compute-mig/README.md @@ -429,8 +429,8 @@ module "nginx-mig" { | [distribution_policy](variables.tf#L95) | DIstribution policy for regional MIG. | object({…}) | | null | | [health_check_config](variables.tf#L104) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | null | | [named_ports](variables.tf#L189) | Named ports. | map(number) | | null | -| [stateful_config](variables.tf#L207) | Stateful configuration for individual instances. | map(object({…})) | | {} | -| [stateful_disks](variables.tf#L200) | Stateful disk configuration applied at the MIG level to all instances, in device name => on permanent instance delete rule as boolean. | map(bool) | | {} | +| [stateful_config](variables.tf#L200) | Stateful configuration for individual instances. | map(object({…})) | | {} | +| [stateful_disks](variables.tf#L219) | Stateful disk configuration applied at the MIG level to all instances, in device name => on permanent instance delete rule as boolean. | map(bool) | | {} | | [target_pools](variables.tf#L226) | Optional list of URLs for target pools to which new instances in the group are added. | list(string) | | [] | | [target_size](variables.tf#L232) | Group target size, leave null when using an autoscaler. | number | | null | | [update_policy](variables.tf#L238) | Update policy. Minimal action and type are required. | object({…}) | | null | diff --git a/modules/compute-mig/variables.tf b/modules/compute-mig/variables.tf index 056bd198ee..ecddd6687a 100644 --- a/modules/compute-mig/variables.tf +++ b/modules/compute-mig/variables.tf @@ -197,13 +197,6 @@ variable "project_id" { type = string } -variable "stateful_disks" { - description = "Stateful disk configuration applied at the MIG level to all instances, in device name => on permanent instance delete rule as boolean." - type = map(bool) - default = {} - nullable = false -} - variable "stateful_config" { description = "Stateful configuration for individual instances." type = map(object({ @@ -223,6 +216,13 @@ variable "stateful_config" { nullable = false } +variable "stateful_disks" { + description = "Stateful disk configuration applied at the MIG level to all instances, in device name => on permanent instance delete rule as boolean." + type = map(bool) + default = {} + nullable = false +} + variable "target_pools" { description = "Optional list of URLs for target pools to which new instances in the group are added." type = list(string) diff --git a/modules/dns/README.md b/modules/dns/README.md index 62b38efc27..fc57afd953 100644 --- a/modules/dns/README.md +++ b/modules/dns/README.md @@ -98,8 +98,8 @@ module "private-dns" { | [client_networks](variables.tf#L21) | List of VPC self links that can see this zone. | list(string) | | [] | | [description](variables.tf#L28) | Domain description. | string | | "Terraform managed." | | [dnssec_config](variables.tf#L34) | DNSSEC configuration for this zone. | object({…}) | | {…} | -| [enable_logging](variables.tf#L65) | Enable query logging for this zone. Only valid for public zones. | bool | | false | -| [forwarders](variables.tf#L59) | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} | +| [enable_logging](variables.tf#L59) | Enable query logging for this zone. Only valid for public zones. | bool | | false | +| [forwarders](variables.tf#L66) | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} | | [peer_network](variables.tf#L77) | Peering network self link, only valid for 'peering' zone types. | string | | null | | [recordsets](variables.tf#L88) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} | | [service_directory_namespace](variables.tf#L123) | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string | | null | diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index aafe6a1d95..df30327d4c 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -56,12 +56,6 @@ variable "domain" { type = string } -variable "forwarders" { - description = "Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default." - type = map(string) - default = {} -} - variable "enable_logging" { description = "Enable query logging for this zone. Only valid for public zones." type = bool @@ -69,6 +63,12 @@ variable "enable_logging" { nullable = false } +variable "forwarders" { + description = "Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default." + type = map(string) + default = {} +} + variable "name" { description = "Zone name, must be unique within the project." type = string diff --git a/modules/net-glb/README.md b/modules/net-glb/README.md index 635f29f07d..4044fcaa4e 100644 --- a/modules/net-glb/README.md +++ b/modules/net-glb/README.md @@ -549,33 +549,33 @@ Target proxies leverage [url-maps](url-map.tf): set of L7 rules, which create a | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L17) | Load balancer name. | string | ✓ | | -| [project_id](variables.tf#L22) | Project id. | string | ✓ | | -| [backend_services_config](variables.tf#L62) | The backends services configuration. | map(object({…})) | | {} | -| [forwarding_rule_config](variables.tf#L226) | Regional forwarding rule configurations. | object({…}) | | {…} | -| [global_forwarding_rule_config](variables.tf#L208) | Global forwarding rule configurations. | object({…}) | | {…} | -| [health_checks_config](variables.tf#L51) | Custom health checks configuration. | map(object({…})) | | {} | -| [health_checks_config_defaults](variables.tf#L33) | Auto-created health check default configuration. | object({…}) | | {…} | -| [https](variables.tf#L247) | Whether to enable HTTPS. | bool | | false | -| [region](variables.tf#L27) | Create a regional load balancer in this region. | string | | null | -| [reserve_ip_address](variables.tf#L253) | Whether to reserve a static global IP address. | bool | | false | -| [ssl_certificates_config](variables.tf#L171) | The SSL certificate configuration. | map(object({…})) | | {} | -| [ssl_certificates_config_defaults](variables.tf#L184) | The SSL certificate default configuration. | object({…}) | | {…} | -| [target_proxy_https_config](variables.tf#L200) | The HTTPS target proxy configuration. | object({…}) | | null | -| [url_map_config](variables.tf#L157) | The url-map configuration. | object({…}) | | null | +| [name](variables.tf#L186) | Load balancer name. | string | ✓ | | +| [project_id](variables.tf#L191) | Project id. | string | ✓ | | +| [backend_services_config](variables.tf#L17) | The backends services configuration. | map(object({…})) | | {} | +| [forwarding_rule_config](variables.tf#L112) | Regional forwarding rule configurations. | object({…}) | | {…} | +| [global_forwarding_rule_config](variables.tf#L133) | Global forwarding rule configurations. | object({…}) | | {…} | +| [health_checks_config](variables.tf#L151) | Custom health checks configuration. | map(object({…})) | | {} | +| [health_checks_config_defaults](variables.tf#L162) | Auto-created health check default configuration. | object({…}) | | {…} | +| [https](variables.tf#L180) | Whether to enable HTTPS. | bool | | false | +| [region](variables.tf#L196) | Create a regional load balancer in this region. | string | | null | +| [reserve_ip_address](variables.tf#L202) | Whether to reserve a static global IP address. | bool | | false | +| [ssl_certificates_config](variables.tf#L208) | The SSL certificate configuration. | map(object({…})) | | {} | +| [ssl_certificates_config_defaults](variables.tf#L221) | The SSL certificate default configuration. | object({…}) | | {…} | +| [target_proxy_https_config](variables.tf#L237) | The HTTPS target proxy configuration. | object({…}) | | null | +| [url_map_config](variables.tf#L245) | The url-map configuration. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| [backend_services](outputs.tf#L22) | Backend service resources. | | -| [forwarding_rule](outputs.tf#L67) | The regional forwarding rule. | | -| [global_forwarding_rule](outputs.tf#L62) | The global forwarding rule. | | -| [health_checks](outputs.tf#L17) | Health-check resources. | | -| [ip_address](outputs.tf#L44) | The reserved global IP address. | | -| [ip_address_self_link](outputs.tf#L49) | The URI of the reserved global IP address. | | -| [ssl_certificates](outputs.tf#L35) | The SSL certificate. | | -| [target_proxy](outputs.tf#L54) | The target proxy. | | -| [url_map](outputs.tf#L30) | The url-map. | | +| [backend_services](outputs.tf#L17) | Backend service resources. | | +| [forwarding_rule](outputs.tf#L25) | The regional forwarding rule. | | +| [global_forwarding_rule](outputs.tf#L30) | The global forwarding rule. | | +| [health_checks](outputs.tf#L35) | Health-check resources. | | +| [ip_address](outputs.tf#L40) | The reserved global IP address. | | +| [ip_address_self_link](outputs.tf#L45) | The URI of the reserved global IP address. | | +| [ssl_certificates](outputs.tf#L50) | The SSL certificate. | | +| [target_proxy](outputs.tf#L59) | The target proxy. | | +| [url_map](outputs.tf#L67) | The url-map. | | diff --git a/modules/net-glb/outputs.tf b/modules/net-glb/outputs.tf index 8e2e4e5806..38aeed13cd 100644 --- a/modules/net-glb/outputs.tf +++ b/modules/net-glb/outputs.tf @@ -14,11 +14,6 @@ * limitations under the License. */ -output "health_checks" { - description = "Health-check resources." - value = try(google_compute_health_check.health_check, []) -} - output "backend_services" { description = "Backend service resources." value = { @@ -27,18 +22,19 @@ output "backend_services" { } } -output "url_map" { - description = "The url-map." - value = google_compute_url_map.url_map +output "forwarding_rule" { + description = "The regional forwarding rule." + value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0 : google_compute_forwarding_rule.forwarding_rule.0 } -output "ssl_certificates" { - description = "The SSL certificate." - value = try( - google_compute_managed_ssl_certificate.managed, - google_compute_ssl_certificate.unmanaged, - null - ) +output "global_forwarding_rule" { + description = "The global forwarding rule." + value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0 : null +} + +output "health_checks" { + description = "Health-check resources." + value = try(google_compute_health_check.health_check, []) } output "ip_address" { @@ -51,6 +47,15 @@ output "ip_address_self_link" { value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0.ip_address : google_compute_forwarding_rule.forwarding_rule.0.ip_address } +output "ssl_certificates" { + description = "The SSL certificate." + value = try( + google_compute_managed_ssl_certificate.managed, + google_compute_ssl_certificate.unmanaged, + null + ) +} + output "target_proxy" { description = "The target proxy." value = try( @@ -59,12 +64,7 @@ output "target_proxy" { ) } -output "global_forwarding_rule" { - description = "The global forwarding rule." - value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0 : null -} - -output "forwarding_rule" { - description = "The regional forwarding rule." - value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0 : google_compute_forwarding_rule.forwarding_rule.0 +output "url_map" { + description = "The url-map." + value = google_compute_url_map.url_map } diff --git a/modules/net-glb/variables.tf b/modules/net-glb/variables.tf index 3260a9237d..69427a3fd1 100644 --- a/modules/net-glb/variables.tf +++ b/modules/net-glb/variables.tf @@ -14,51 +14,6 @@ * limitations under the License. */ -variable "name" { - description = "Load balancer name." - type = string -} - -variable "project_id" { - description = "Project id." - type = string -} - -variable "region" { - description = "Create a regional load balancer in this region." - type = string - default = null -} - -variable "health_checks_config_defaults" { - description = "Auto-created health check default configuration." - type = object({ - type = string # http https tcp ssl http2 - check = map(any) # actual health check block attributes - options = map(number) # interval, thresholds, timeout - logging = bool - }) - default = { - type = "http" - logging = false - options = {} - check = { - port_specification = "USE_SERVING_PORT" - } - } -} - -variable "health_checks_config" { - description = "Custom health checks configuration." - type = map(object({ - type = string # http https tcp ssl http2 - check = map(any) # actual health check block attributes - options = map(number) # interval, thresholds, timeout - logging = bool - })) - default = {} -} - variable "backend_services_config" { description = "The backends services configuration." type = map(object({ @@ -154,18 +109,100 @@ variable "backend_services_config" { default = {} } -variable "url_map_config" { - description = "The url-map configuration." +variable "forwarding_rule_config" { + description = "Regional forwarding rule configurations." type = object({ - default_service = string - default_route_action = any - default_url_redirect = map(any) - header_action = any - host_rules = list(any) - path_matchers = list(any) - tests = list(map(string)) + ip_protocol = string + ip_version = string + load_balancing_scheme = string + port_range = string + network_tier = string + network = string }) - default = null + default = { + load_balancing_scheme = "EXTERNAL_MANAGED" + ip_protocol = "TCP" + ip_version = "IPV4" + network_tier = "STANDARD" + network = "default" + # If not specified, 80 for https = false, 443 otherwise + port_range = null + } +} + +variable "global_forwarding_rule_config" { + description = "Global forwarding rule configurations." + type = object({ + ip_protocol = string + ip_version = string + load_balancing_scheme = string + port_range = string + + }) + default = { + load_balancing_scheme = "EXTERNAL" + ip_protocol = "TCP" + ip_version = "IPV4" + # If not specified, 80 for https = false, 443 otherwise + port_range = null + } +} + +variable "health_checks_config" { + description = "Custom health checks configuration." + type = map(object({ + type = string # http https tcp ssl http2 + check = map(any) # actual health check block attributes + options = map(number) # interval, thresholds, timeout + logging = bool + })) + default = {} +} + +variable "health_checks_config_defaults" { + description = "Auto-created health check default configuration." + type = object({ + type = string # http https tcp ssl http2 + check = map(any) # actual health check block attributes + options = map(number) # interval, thresholds, timeout + logging = bool + }) + default = { + type = "http" + logging = false + options = {} + check = { + port_specification = "USE_SERVING_PORT" + } + } +} + +variable "https" { + description = "Whether to enable HTTPS." + type = bool + default = false +} + +variable "name" { + description = "Load balancer name." + type = string +} + +variable "project_id" { + description = "Project id." + type = string +} + +variable "region" { + description = "Create a regional load balancer in this region." + type = string + default = null +} + +variable "reserve_ip_address" { + description = "Whether to reserve a static global IP address." + type = bool + default = false } variable "ssl_certificates_config" { @@ -205,53 +242,16 @@ variable "target_proxy_https_config" { default = null } -variable "global_forwarding_rule_config" { - description = "Global forwarding rule configurations." - type = object({ - ip_protocol = string - ip_version = string - load_balancing_scheme = string - port_range = string - - }) - default = { - load_balancing_scheme = "EXTERNAL" - ip_protocol = "TCP" - ip_version = "IPV4" - # If not specified, 80 for https = false, 443 otherwise - port_range = null - } -} - -variable "forwarding_rule_config" { - description = "Regional forwarding rule configurations." +variable "url_map_config" { + description = "The url-map configuration." type = object({ - ip_protocol = string - ip_version = string - load_balancing_scheme = string - port_range = string - network_tier = string - network = string + default_service = string + default_route_action = any + default_url_redirect = map(any) + header_action = any + host_rules = list(any) + path_matchers = list(any) + tests = list(map(string)) }) - default = { - load_balancing_scheme = "EXTERNAL_MANAGED" - ip_protocol = "TCP" - ip_version = "IPV4" - network_tier = "STANDARD" - network = "default" - # If not specified, 80 for https = false, 443 otherwise - port_range = null - } -} - -variable "https" { - description = "Whether to enable HTTPS." - type = bool - default = false -} - -variable "reserve_ip_address" { - description = "Whether to reserve a static global IP address." - type = bool - default = false + default = null } diff --git a/modules/net-ilb-l7/README.md b/modules/net-ilb-l7/README.md index bdce663ce9..d7847fdb0b 100644 --- a/modules/net-ilb-l7/README.md +++ b/modules/net-ilb-l7/README.md @@ -591,7 +591,7 @@ output | | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [name](variables.tf#L54) | Load balancer name. | string | ✓ | | -| [project_id](variables.tf#L126) | Project id. | string | ✓ | | +| [project_id](variables.tf#L132) | Project id. | string | ✓ | | | [region](variables.tf#L150) | The region where to allocate the ILB resources. | string | ✓ | | | [vpc_config](variables.tf#L177) | VPC-level configuration. | object({…}) | ✓ | | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | @@ -603,7 +603,7 @@ output | | [labels](variables.tf#L48) | Labels set on resources. | map(string) | | {} | | [neg_configs](variables.tf#L59) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | | [network_tier_premium](variables.tf#L119) | Use premium network tier. Defaults to true. | bool | | true | -| [ports](variables.tf#L131) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string) | | null | +| [ports](variables.tf#L126) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string) | | null | | [protocol](variables.tf#L137) | Protocol supported by this load balancer. | string | | "HTTP" | | [service_directory_registration](variables.tf#L155) | Service directory namespace and service used to register this load balancer. | object({…}) | | null | | [ssl_certificates](variables.tf#L164) | SSL target proxy certificates (only if protocol is HTTPS). | object({…}) | | {} | diff --git a/modules/net-ilb-l7/variables.tf b/modules/net-ilb-l7/variables.tf index 58048c9e62..0577ddf6e6 100644 --- a/modules/net-ilb-l7/variables.tf +++ b/modules/net-ilb-l7/variables.tf @@ -123,17 +123,17 @@ variable "network_tier_premium" { nullable = false } -variable "project_id" { - description = "Project id." - type = string -} - variable "ports" { description = "Optional ports for HTTP load balancer, valid ports are 80 and 8080." type = list(string) default = null } +variable "project_id" { + description = "Project id." + type = string +} + variable "protocol" { description = "Protocol supported by this load balancer." type = string diff --git a/modules/net-ilb/README.md b/modules/net-ilb/README.md index 619a127506..bf2b507bd3 100644 --- a/modules/net-ilb/README.md +++ b/modules/net-ilb/README.md @@ -146,8 +146,8 @@ module "ilb" { | [forwarding_rule_address](outputs.tf#L37) | Forwarding rule address. | | | [forwarding_rule_id](outputs.tf#L42) | Forwarding rule id. | | | [forwarding_rule_self_link](outputs.tf#L47) | Forwarding rule self link. | | -| [group_self_links](outputs.tf#L57) | Optional unmanaged instance group self links. | | -| [groups](outputs.tf#L52) | Optional unmanaged instance group resources. | | +| [group_self_links](outputs.tf#L52) | Optional unmanaged instance group self links. | | +| [groups](outputs.tf#L59) | Optional unmanaged instance group resources. | | | [health_check](outputs.tf#L64) | Auto-created health-check resource. | | | [health_check_self_id](outputs.tf#L69) | Auto-created health-check self id. | | | [health_check_self_link](outputs.tf#L74) | Auto-created health-check self link. | | diff --git a/modules/net-ilb/outputs.tf b/modules/net-ilb/outputs.tf index 3f8eb9e4c7..c97612f53d 100644 --- a/modules/net-ilb/outputs.tf +++ b/modules/net-ilb/outputs.tf @@ -49,11 +49,6 @@ output "forwarding_rule_self_link" { value = google_compute_forwarding_rule.default.self_link } -output "groups" { - description = "Optional unmanaged instance group resources." - value = google_compute_instance_group.unmanaged -} - output "group_self_links" { description = "Optional unmanaged instance group self links." value = { @@ -61,6 +56,11 @@ output "group_self_links" { } } +output "groups" { + description = "Optional unmanaged instance group resources." + value = google_compute_instance_group.unmanaged +} + output "health_check" { description = "Auto-created health-check resource." value = try(google_compute_health_check.default.0, null) diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index d0cd32ff03..eb6912a7d7 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -178,8 +178,8 @@ healthchecks: | [project_id](variables.tf#L114) | Project id of the project that holds the network. | string | ✓ | | | [default_rules_config](variables.tf#L17) | Optionally created convenience rules. Set the variable or individual members to null to disable. | object({…}) | | {} | | [egress_rules](variables.tf#L37) | List of egress rule definitions, default to deny action. | map(object({…})) | | {} | -| [factories_config](variables.tf#L83) | Paths to data files and folders that enable factory functionality. | object({…}) | | null | -| [ingress_rules](variables.tf#L60) | List of ingress rule definitions, default to allow action. | map(object({…})) | | {} | +| [factories_config](variables.tf#L60) | Paths to data files and folders that enable factory functionality. | object({…}) | | null | +| [ingress_rules](variables.tf#L69) | List of ingress rule definitions, default to allow action. | map(object({…})) | | {} | | [named_ranges](variables.tf#L92) | Define mapping of names to ranges that can be used in custom rules. | map(list(string)) | | {…} | ## Outputs diff --git a/modules/net-vpc-firewall/variables.tf b/modules/net-vpc-firewall/variables.tf index dd8033342c..86aea9e2e5 100644 --- a/modules/net-vpc-firewall/variables.tf +++ b/modules/net-vpc-firewall/variables.tf @@ -57,6 +57,15 @@ variable "egress_rules" { nullable = false } +variable "factories_config" { + description = "Paths to data files and folders that enable factory functionality." + type = object({ + cidr_tpl_file = optional(string) + rules_folder = string + }) + default = null +} + variable "ingress_rules" { description = "List of ingress rule definitions, default to allow action." type = map(object({ @@ -80,15 +89,6 @@ variable "ingress_rules" { nullable = false } -variable "factories_config" { - description = "Paths to data files and folders that enable factory functionality." - type = object({ - cidr_tpl_file = optional(string) - rules_folder = string - }) - default = null -} - variable "named_ranges" { description = "Define mapping of names to ranges that can be used in custom rules." type = map(list(string)) diff --git a/modules/organization/README.md b/modules/organization/README.md index a716e665b7..31dc3de0fe 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -459,8 +459,8 @@ module "org" { | [org_policies_data_path](variables.tf#L220) | Path containing org policies in YAML format. | string | | null | | [org_policy_custom_constraints](variables.tf#L226) | Organization policiy custom constraints keyed by constraint name. | map(object({…})) | | {} | | [org_policy_custom_constraints_data_path](variables.tf#L240) | Path containing org policy custom constraints in YAML format. | string | | null | -| [tag_bindings](variables.tf#L275) | Tag bindings for this organization, in key => tag value id format. | map(string) | | null | -| [tags](variables.tf#L255) | Tags by key name. The `iam` attribute behaves like the similarly named one at module level. | map(object({…})) | | {} | +| [tag_bindings](variables.tf#L255) | Tag bindings for this organization, in key => tag value id format. | map(string) | | null | +| [tags](variables.tf#L261) | Tags by key name. The `iam` attribute behaves like the similarly named one at module level. | map(object({…})) | | {} | ## Outputs diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf index 855c84f60a..84c81ff5b5 100644 --- a/modules/organization/variables.tf +++ b/modules/organization/variables.tf @@ -252,6 +252,12 @@ variable "organization_id" { } } +variable "tag_bindings" { + description = "Tag bindings for this organization, in key => tag value id format." + type = map(string) + default = null +} + variable "tags" { description = "Tags by key name. The `iam` attribute behaves like the similarly named one at module level." type = map(object({ @@ -271,9 +277,3 @@ variable "tags" { error_message = "Use an empty map instead of null as value." } } - -variable "tag_bindings" { - description = "Tag bindings for this organization, in key => tag value id format." - type = map(string) - default = null -} diff --git a/modules/projects-data-source/README.md b/modules/projects-data-source/README.md index 617a01dbd1..6fd7dd8abf 100644 --- a/modules/projects-data-source/README.md +++ b/modules/projects-data-source/README.md @@ -50,15 +50,15 @@ output "dev-folders" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [parent](variables.tf#L17) | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | ✓ | | -| [filter](variables.tf#L26) | A string filter as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list#query-parameters). | string | | "lifecycleState:ACTIVE" | +| [parent](variables.tf#L23) | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string | ✓ | | +| [filter](variables.tf#L17) | A string filter as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list#query-parameters). | string | | "lifecycleState:ACTIVE" | ## Outputs | name | description | sensitive | |---|---|:---:| | [folders](outputs.tf#L17) | Map of folders attributes keyed by folder id. | | -| [project_numbers](outputs.tf#L27) | List of project numbers. | | -| [projects](outputs.tf#L22) | Map of projects attributes keyed by projects id. | | +| [project_numbers](outputs.tf#L22) | List of project numbers. | | +| [projects](outputs.tf#L27) | Map of projects attributes keyed by projects id. | | diff --git a/modules/projects-data-source/outputs.tf b/modules/projects-data-source/outputs.tf index d2b0a133f6..b7e38ae2cf 100644 --- a/modules/projects-data-source/outputs.tf +++ b/modules/projects-data-source/outputs.tf @@ -19,12 +19,12 @@ output "folders" { value = local.all_folders } -output "projects" { - description = "Map of projects attributes keyed by projects id." - value = local.projects -} - output "project_numbers" { description = "List of project numbers." value = [for _, v in local.projects : v.number] } + +output "projects" { + description = "Map of projects attributes keyed by projects id." + value = local.projects +} diff --git a/modules/projects-data-source/variables.tf b/modules/projects-data-source/variables.tf index 0895ab2dd6..a7f393d335 100644 --- a/modules/projects-data-source/variables.tf +++ b/modules/projects-data-source/variables.tf @@ -14,6 +14,12 @@ * limitations under the License. */ +variable "filter" { + description = "A string filter as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list#query-parameters)." + type = string + default = "lifecycleState:ACTIVE" +} + variable "parent" { description = "Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format." type = string @@ -22,9 +28,3 @@ variable "parent" { error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." } } - -variable "filter" { - description = "A string filter as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list#query-parameters)." - type = string - default = "lifecycleState:ACTIVE" -} \ No newline at end of file diff --git a/modules/pubsub/README.md b/modules/pubsub/README.md index 7042f37b0e..61e4aaf5b7 100644 --- a/modules/pubsub/README.md +++ b/modules/pubsub/README.md @@ -145,10 +145,10 @@ module "pubsub" { | name | description | sensitive | |---|---|:---:| | [id](outputs.tf#L17) | Topic id. | | -| [schema](outputs.tf#L43) | Schema resource. | | -| [schema_id](outputs.tf#L48) | Schema resource id. | | -| [subscription_id](outputs.tf#L25) | Subscription ids. | | -| [subscriptions](outputs.tf#L35) | Subscription resources. | | +| [schema](outputs.tf#L25) | Schema resource. | | +| [schema_id](outputs.tf#L30) | Schema resource id. | | +| [subscription_id](outputs.tf#L35) | Subscription ids. | | +| [subscriptions](outputs.tf#L45) | Subscription resources. | | | [topic](outputs.tf#L53) | Topic resource. | | diff --git a/modules/pubsub/outputs.tf b/modules/pubsub/outputs.tf index 3660d3679a..4aea42c53b 100644 --- a/modules/pubsub/outputs.tf +++ b/modules/pubsub/outputs.tf @@ -22,6 +22,16 @@ output "id" { ] } +output "schema" { + description = "Schema resource." + value = try(google_pubsub_schema.default[0], null) +} + +output "schema_id" { + description = "Schema resource id." + value = try(google_pubsub_schema.default[0].id, null) +} + output "subscription_id" { description = "Subscription ids." value = { @@ -40,16 +50,6 @@ output "subscriptions" { ] } -output "schema" { - description = "Schema resource." - value = try(google_pubsub_schema.default[0], null) -} - -output "schema_id" { - description = "Schema resource id." - value = try(google_pubsub_schema.default[0].id, null) -} - output "topic" { description = "Topic resource." value = google_pubsub_topic.default @@ -57,4 +57,3 @@ output "topic" { google_pubsub_topic_iam_binding.default ] } - diff --git a/tools/check_documentation.py b/tools/check_documentation.py index fbf4e59da7..3733f128b2 100755 --- a/tools/check_documentation.py +++ b/tools/check_documentation.py @@ -30,7 +30,27 @@ BASEDIR = pathlib.Path(__file__).resolve().parents[1] -State = enum.Enum('State', 'OK FAIL SKIP') + +class State(enum.IntEnum): + SKIP = enum.auto() + OK = enum.auto() + FAIL_STALE_README = enum.auto() + FAIL_UNSORTED_VARS = enum.auto() + FAIL_UNSORTED_OUTPUTS = enum.auto() + + @property + def failed(self): + return self.value > State.OK + + @property + def label(self): + return { + State.SKIP: ' ', + State.OK: '✓ ', + State.FAIL_STALE_README: '✗R', + State.FAIL_UNSORTED_VARS: '✗V', + State.FAIL_UNSORTED_OUTPUTS: '✗O', + }[self.value] def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): @@ -39,6 +59,7 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): for readme_path in sorted(dir_path.glob('**/README.md')): if '.terraform' in str(readme_path): continue + diff = None readme = readme_path.read_text() mod_name = str(readme_path.relative_to(dir_path).parent) @@ -49,33 +70,39 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False): try: new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra, exclude_files, readme) - variables = [v.name for v in new_doc.variables] - outputs = [v.name for v in new_doc.outputs] + # TODO: support variables in multiple files + variables = [ + v.name for v in new_doc.variables if v.file == "variables.tf" + ] + outputs = [o.name for o in new_doc.outputs if o.file == "outputs.tf"] except SystemExit: state = state.SKIP else: - if new_doc.content == result['doc']: - state = State.OK + state = State.OK + + if new_doc.content != result['doc']: + state = State.FAIL_STALE_README + header = f'----- {mod_name} diff -----\n' + ndiff = difflib.ndiff(result['doc'].split('\n'), + new_doc.content.split('\n')) + diff = '\n'.join([header] + list(ndiff)) + elif variables != sorted(variables): - state = state.FAIL + state = state.FAIL_UNSORTED_VARS diff = "\n".join([ f'----- {mod_name} variables -----', f'variables should be in this order: ', ', '.join(sorted(variables)), ]) + elif outputs != sorted(outputs): - state = state.FAIL + state = state.FAIL_UNSORTED_OUTPUTS diff = "\n".join([ f'----- {mod_name} outputs -----', f'outputs should be in this order: ', ', '.join(sorted(outputs)), ]) - else: - state = State.FAIL - header = f'----- {mod_name} diff -----\n' - ndiff = difflib.ndiff(result['doc'].split('\n'), - new_doc.content.split('\n')) - diff = '\n'.join([header] + list(ndiff)) + yield mod_name, state, diff @@ -90,17 +117,18 @@ def main(dirs, exclude_file=None, files=False, show_diffs=False, 'Cycle through modules and ensure READMEs are up-to-date.' print(f'files: {files}, extra: {show_extra}, diffs: {show_diffs}\n') errors = [] - state_labels = {State.FAIL: '✗', State.OK: '✓', State.SKIP: ' '} for dir_name in dirs: print(f'----- {dir_name} -----') - for mod_name, state, diff in _check_dir(dir_name, exclude_file, files, - show_extra): - if state == State.FAIL: + result = _check_dir(dir_name, exclude_file, files, show_extra) + for mod_name, state, diff in result: + if state.failed: errors.append((mod_name, diff)) - print(f'[{state_labels[state]}] {mod_name}') + print(f'[{state.label}] {mod_name}') + if errors: if show_diffs: print('Errored diffs:') + print(errors) print('\n'.join([e[1] for e in errors])) else: print('Errored modules:')