kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-11-08 17:07:49 +00:00
parent 81010a97c0 b3df16fee8
commit 16da9ffaad
10 changed files with 929 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fast/stages/2-project-factory/data/projects/dev-app-a-0.yaml
View File

@@ -16,6 +16,6 @@
parent: $folder_ids:team-a/dev
shared_vpc_service_config:
host_project: $project_ids:dev-spoke-0
host_project: $project_ids:net-dev-0
# network_users:
# - group:team-a-admins@example.com

2
fast/stages/2-project-factory/data/projects/prod-app-a-0.yaml
View File

@@ -16,6 +16,6 @@
parent: $folder_ids:team-a/prod
shared_vpc_service_config:
host_project: $project_ids:prod-spoke-0
host_project: $project_ids:net-prod-0
# network_users:
# - group:team-a-admins@example.com

257
modules/compute-vm/README.md
View File

@@ -234,7 +234,6 @@ module "vm-disk-options-example" {
source_type = "image"
source = "image-1"
options = {
auto_delete = false
replica_zone = "${var.region}-c"
}
},
@@ -256,6 +255,192 @@ module "vm-disk-options-example" {
# tftest inventory=disk-options.yaml
```
For hyperdisks there are additional options available to configure performance.
```hcl
module "vm-disk-options-example" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
zone = "${var.region}-b"
name = "test"
instance_type = "n4-standard-2"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}]
boot_disk = {
initialize_params = {
image = "projects/debian-cloud/global/images/family/debian-12"
provisioned_iops = 3000
provisioned_throughput = 140
type = "hyperdisk-balanced"
}
}
attached_disks = [
{
name = "data1"
size = "10"
options = {
provisioned_iops = 3000
provisioned_throughput = 140
type = "hyperdisk-balanced"
}
},
{
name = "data2"
size = "10"
source_type = "image"
source = "projects/debian-cloud/global/images/family/debian-12"
options = {
provisioned_iops = 5000
provisioned_throughput = 500
type = "hyperdisk-balanced"
}
},
]
service_account = {
auto_create = true
}
shielded_config = {}
}
# tftest inventory=disk-hyperdisk-cust-performance.yaml e2e
```
You can use storage pool for better management of storage capacity.
```hcl
# hyperdisk - with storage pool
resource "google_compute_storage_pool" "default" {
project = var.project_id
name = "storage-pool-basic"
pool_provisioned_capacity_gb = "20480"
pool_provisioned_iops = "10000"
pool_provisioned_throughput = 1024
storage_pool_type = "hyperdisk-balanced"
zone = "${var.region}-b"
deletion_protection = false
}
module "vm-disk-options-example" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
zone = "${var.region}-b"
name = "test"
instance_type = "c4d-standard-2"
network_interfaces = [
{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
]
boot_disk = {
use_independent_disk = true
initialize_params = {
image = "projects/debian-cloud/global/images/family/debian-12"
provisioned_iops = 3000
provisioned_throughput = 140
storage_pool = google_compute_storage_pool.default.id
type = "hyperdisk-balanced"
}
}
attached_disks = [
{
name = "data1"
size = "10"
options = {
# provisioned_iops = 3000
# provisioned_throughput = 140
storage_pool = google_compute_storage_pool.default.id
type = "hyperdisk-balanced"
}
},
{
name = "data2"
size = "10"
source_type = "image"
source = "projects/debian-cloud/global/images/family/debian-12"
options = {
provisioned_iops = 5000
provisioned_throughput = 500
type = "hyperdisk-balanced"
}
},
]
service_account = {
auto_create = true
}
shielded_config = {}
}
# tftest inventory=disk-hyperdisk-pool.yaml e2e
```
You need to specify additional options if you are using ARM-based instances
For hyperdisks there are additional options available to configure performance.
```hcl
module "vm-arm" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
zone = "${var.region}-b"
name = "test"
instance_type = "c4a-standard-1"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}]
boot_disk = {
initialize_params = {
image = "projects/debian-cloud/global/images/family/debian-12-arm64"
architecture = "ARM64"
provisioned_iops = 3000
provisioned_throughput = 140
type = "hyperdisk-balanced"
}
}
attached_disks = [
{
name = "data1"
size = "10"
options = {
architecture = "ARM64"
provisioned_iops = 3000
provisioned_throughput = 140
type = "hyperdisk-balanced"
}
},
{
name = "data2"
size = "10"
source_type = "image"
source = "projects/debian-cloud/global/images/family/debian-12-arm64"
options = {
architecture = "ARM64"
provisioned_iops = 5000
provisioned_throughput = 500
type = "hyperdisk-balanced"
}
},
]
service_account = {
auto_create = true
}
shielded_config = {}
}
# tftest inventory=disk-hyperdisk-arm.yaml e2e
```
#### Boot disk as an independent resource
To create the boot disk as an independent resources instead of as part of the instance creation flow, set `boot_disk.use_independent_disk` to `true` and optionally configure `boot_disk.initialize_params`.
@@ -937,42 +1122,42 @@ module "sole-tenancy" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L283) | Instance name. | <code>string</code> | ✓ | |
| [network_interfaces](variables.tf#L295) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list&#40;object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; alias_ips &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; nat &#61; optional&#40;bool, false&#41;&#10; nic_type &#61; optional&#40;string&#41;&#10; stack_type &#61; optional&#40;string&#41;&#10; addresses &#61; optional&#40;object&#40;&#123;&#10; internal &#61; optional&#40;string&#41;&#10; external &#61; optional&#40;string&#41;&#10; &#125;&#41;, null&#41;&#10; network_tier &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L380) | Project id. | <code>string</code> | ✓ | |
| [zone](variables.tf#L500) | Compute zone. | <code>string</code> | ✓ | |
| [name](variables.tf#L304) | Instance name. | <code>string</code> | ✓ | |
| [network_interfaces](variables.tf#L316) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list&#40;object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; alias_ips &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; nat &#61; optional&#40;bool, false&#41;&#10; nic_type &#61; optional&#40;string&#41;&#10; stack_type &#61; optional&#40;string&#41;&#10; addresses &#61; optional&#40;object&#40;&#123;&#10; internal &#61; optional&#40;string&#41;&#10; external &#61; optional&#40;string&#41;&#10; &#125;&#41;, null&#41;&#10; network_tier &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L401) | Project id. | <code>string</code> | ✓ | |
| [zone](variables.tf#L521) | Compute zone. | <code>string</code> | ✓ | |
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object&#40;&#123;&#10; auto_delete &#61; optional&#40;bool, false&#41;&#10; mode &#61; string&#10; replica_zone &#61; string&#10; type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; auto_delete &#61; true&#10; mode &#61; &#34;READ_WRITE&#34;&#10; replica_zone &#61; null&#10; type &#61; &#34;pd-balanced&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [attached_disks](variables.tf#L37) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list&#40;object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; device_name &#61; optional&#40;string&#41;&#10; size &#61; string&#10; snapshot_schedule &#61; optional&#40;list&#40;string&#41;&#41;&#10; source &#61; optional&#40;string&#41;&#10; source_type &#61; optional&#40;string&#41;&#10; options &#61; optional&#40;&#10; object&#40;&#123;&#10; auto_delete &#61; optional&#40;bool, false&#41;&#10; mode &#61; optional&#40;string, &#34;READ_WRITE&#34;&#41;&#10; replica_zone &#61; optional&#40;string&#41;&#10; type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10; &#125;&#41;,&#10; &#123;&#10; auto_delete &#61; true&#10; mode &#61; &#34;READ_WRITE&#34;&#10; replica_zone &#61; null&#10; type &#61; &#34;pd-balanced&#34;&#10; &#125;&#10; &#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [boot_disk](variables.tf#L82) | Boot disk properties. Initialize params are ignored when source is set. | <code title="object&#40;&#123;&#10; auto_delete &#61; optional&#40;bool, true&#41;&#10; snapshot_schedule &#61; optional&#40;list&#40;string&#41;&#41;&#10; source &#61; optional&#40;string&#41;&#10; initialize_params &#61; optional&#40;object&#40;&#123;&#10; image &#61; optional&#40;string, &#34;projects&#47;debian-cloud&#47;global&#47;images&#47;family&#47;debian-11&#34;&#41;&#10; size &#61; optional&#40;number, 10&#41;&#10; type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; use_independent_disk &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; initialize_params &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [can_ip_forward](variables.tf#L113) | Enable IP forwarding. | <code>bool</code> | | <code>false</code> |
| [confidential_compute](variables.tf#L119) | Enable Confidential Compute for these instances. | <code>bool</code> | | <code>false</code> |
| [context](variables.tf#L125) | Context-specific interpolations. | <code title="object&#40;&#123;&#10; addresses &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; custom_roles &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; kms_keys &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; iam_principals &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; locations &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; networks &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; project_ids &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; tag_values &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [create_template](variables.tf#L142) | Create instance template instead of instances. Defaults to a global template. | <code title="object&#40;&#123;&#10; regional &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L151) | Description of a Compute Instance. | <code>string</code> | | <code>&#34;Managed by the compute-vm Terraform module.&#34;</code> |
| [enable_display](variables.tf#L157) | Enable virtual display on the instances. | <code>bool</code> | | <code>false</code> |
| [encryption](variables.tf#L163) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | <code title="object&#40;&#123;&#10; encrypt_boot &#61; optional&#40;bool, false&#41;&#10; disk_encryption_key_raw &#61; optional&#40;string&#41;&#10; kms_key_self_link &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [gpu](variables.tf#L173) | GPU information. Based on https://cloud.google.com/compute/docs/gpus. | <code title="object&#40;&#123;&#10; count &#61; number&#10; type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [group](variables.tf#L208) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object&#40;&#123;&#10; named_ports &#61; map&#40;number&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [hostname](variables.tf#L216) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
| [iam](variables.tf#L222) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [instance_schedule](variables.tf#L228) | Assign or create and assign an instance schedule policy. Either resource policy id or create_config must be specified if not null. Set active to null to dtach a policy from vm before destroying. | <code title="object&#40;&#123;&#10; active &#61; optional&#40;bool, true&#41;&#10; description &#61; optional&#40;string&#41;&#10; expiration_time &#61; optional&#40;string&#41;&#10; start_time &#61; optional&#40;string&#41;&#10; timezone &#61; optional&#40;string, &#34;UTC&#34;&#41;&#10; vm_start &#61; optional&#40;string&#41;&#10; vm_stop &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [instance_type](variables.tf#L252) | Instance type. | <code>string</code> | | <code>&#34;f1-micro&#34;</code> |
| [labels](variables.tf#L258) | Instance labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [metadata](variables.tf#L264) | Instance metadata. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [metadata_startup_script](variables.tf#L270) | Instance startup script. Will trigger recreation on change, even after importing. | <code>string</code> | | <code>null</code> |
| [min_cpu_platform](variables.tf#L277) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
| [network_attached_interfaces](variables.tf#L288) | Network interfaces using network attachments. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [network_tag_bindings](variables.tf#L316) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance only for networking purposes, and modifiable without impacting the main resource lifecycle. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [options](variables.tf#L323) | Instance options. | <code title="object&#40;&#123;&#10; advanced_machine_features &#61; optional&#40;object&#40;&#123;&#10; enable_nested_virtualization &#61; optional&#40;bool&#41;&#10; enable_turbo_mode &#61; optional&#40;bool&#41;&#10; enable_uefi_networking &#61; optional&#40;bool&#41;&#10; performance_monitoring_unit &#61; optional&#40;string&#41;&#10; threads_per_core &#61; optional&#40;number&#41;&#10; visible_core_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; allow_stopping_for_update &#61; optional&#40;bool, true&#41;&#10; deletion_protection &#61; optional&#40;bool, false&#41;&#10; graceful_shutdown &#61; optional&#40;object&#40;&#123;&#10; enabled &#61; optional&#40;bool, false&#41;&#10; max_duration_secs &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; max_run_duration &#61; optional&#40;object&#40;&#123;&#10; nanos &#61; optional&#40;number&#41;&#10; seconds &#61; number&#10; &#125;&#41;&#41;&#10; node_affinities &#61; optional&#40;map&#40;object&#40;&#123;&#10; values &#61; list&#40;string&#41;&#10; in &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; spot &#61; optional&#40;bool, false&#41;&#10; termination_action &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; allow_stopping_for_update &#61; true&#10; deletion_protection &#61; false&#10; spot &#61; false&#10; termination_action &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [project_number](variables.tf#L385) | Project number. Used in tag bindings to avoid a permadiff. | <code>string</code> | | <code>null</code> |
| [resource_policies](variables.tf#L391) | Resource policies to attach to the instance or template. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [scratch_disks](variables.tf#L398) | Scratch disks configuration. | <code title="object&#40;&#123;&#10; count &#61; number&#10; interface &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; count &#61; 0&#10; interface &#61; &#34;NVME&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [service_account](variables.tf#L410) | Service account email and scopes. If email is null, the default Compute service account will be used unless auto_create is true, in which case a service account will be created. Set the variable to null to avoid attaching a service account. | <code title="object&#40;&#123;&#10; auto_create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string&#41;&#10; scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [shielded_config](variables.tf#L420) | Shielded VM configuration of the instances. | <code title="object&#40;&#123;&#10; enable_secure_boot &#61; bool&#10; enable_vtpm &#61; bool&#10; enable_integrity_monitoring &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [snapshot_schedules](variables.tf#L430) | Snapshot schedule resource policies that can be attached to disks. | <code title="map&#40;object&#40;&#123;&#10; schedule &#61; object&#40;&#123;&#10; daily &#61; optional&#40;object&#40;&#123;&#10; days_in_cycle &#61; number&#10; start_time &#61; string&#10; &#125;&#41;&#41;&#10; hourly &#61; optional&#40;object&#40;&#123;&#10; hours_in_cycle &#61; number&#10; start_time &#61; string&#10; &#125;&#41;&#41;&#10; weekly &#61; optional&#40;list&#40;object&#40;&#123;&#10; day &#61; string&#10; start_time &#61; string&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#10; description &#61; optional&#40;string&#41;&#10; retention_policy &#61; optional&#40;object&#40;&#123;&#10; max_retention_days &#61; number&#10; on_source_disk_delete_keep &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; snapshot_properties &#61; optional&#40;object&#40;&#123;&#10; chain_name &#61; optional&#40;string&#41;&#10; guest_flush &#61; optional&#40;bool&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; storage_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [tag_bindings](variables.tf#L473) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance and zonal disks, and modifiable without impacting the main resource lifecycle. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [tag_bindings_immutable](variables.tf#L480) | Immutable resource manager tag bindings, in tagKeys/id => tagValues/id format. These are set on the instance or instance template at creation time, and trigger recreation if changed. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [tags](variables.tf#L494) | Instance network tags for firewall rule targets. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [attached_disks](variables.tf#L37) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list&#40;object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; device_name &#61; optional&#40;string&#41;&#10; size &#61; string&#10; snapshot_schedule &#61; optional&#40;list&#40;string&#41;&#41;&#10; source &#61; optional&#40;string&#41;&#10; source_type &#61; optional&#40;string&#41;&#10; options &#61; optional&#40;&#10; object&#40;&#123;&#10; architecture &#61; optional&#40;string&#41;&#10; auto_delete &#61; optional&#40;bool, false&#41; &#35; applies only to vm templates&#10; mode &#61; optional&#40;string, &#34;READ_WRITE&#34;&#41;&#10; provisioned_iops &#61; optional&#40;number&#41;&#10; provisioned_throughput &#61; optional&#40;number&#41; &#35; in MiB&#47;s&#10; replica_zone &#61; optional&#40;string&#41;&#10; storage_pool &#61; optional&#40;string&#41;&#10; type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10; &#125;&#41;,&#10; &#123;&#10; auto_delete &#61; true&#10; mode &#61; &#34;READ_WRITE&#34;&#10; replica_zone &#61; null&#10; type &#61; &#34;pd-balanced&#34;&#10; &#125;&#10; &#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [boot_disk](variables.tf#L92) | Boot disk properties. Initialize params are ignored when source is set. | <code title="object&#40;&#123;&#10; auto_delete &#61; optional&#40;bool, true&#41;&#10; snapshot_schedule &#61; optional&#40;list&#40;string&#41;&#41;&#10; source &#61; optional&#40;string&#41;&#10; initialize_params &#61; optional&#40;object&#40;&#123;&#10; architecture &#61; optional&#40;string&#41;&#10; image &#61; optional&#40;string, &#34;projects&#47;debian-cloud&#47;global&#47;images&#47;family&#47;debian-11&#34;&#41;&#10; provisioned_iops &#61; optional&#40;number&#41;&#10; provisioned_throughput &#61; optional&#40;number&#41; &#35; in MiB&#47;s&#10; size &#61; optional&#40;number, 10&#41;&#10; storage_pool &#61; optional&#40;string&#41;&#10; type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; use_independent_disk &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; initialize_params &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [can_ip_forward](variables.tf#L134) | Enable IP forwarding. | <code>bool</code> | | <code>false</code> |
| [confidential_compute](variables.tf#L140) | Enable Confidential Compute for these instances. | <code>bool</code> | | <code>false</code> |
| [context](variables.tf#L146) | Context-specific interpolations. | <code title="object&#40;&#123;&#10; addresses &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; custom_roles &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; kms_keys &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; iam_principals &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; locations &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; networks &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; project_ids &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; tag_values &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [create_template](variables.tf#L163) | Create instance template instead of instances. Defaults to a global template. | <code title="object&#40;&#123;&#10; regional &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L172) | Description of a Compute Instance. | <code>string</code> | | <code>&#34;Managed by the compute-vm Terraform module.&#34;</code> |
| [enable_display](variables.tf#L178) | Enable virtual display on the instances. | <code>bool</code> | | <code>false</code> |
| [encryption](variables.tf#L184) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | <code title="object&#40;&#123;&#10; encrypt_boot &#61; optional&#40;bool, false&#41;&#10; disk_encryption_key_raw &#61; optional&#40;string&#41;&#10; kms_key_self_link &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [gpu](variables.tf#L194) | GPU information. Based on https://cloud.google.com/compute/docs/gpus. | <code title="object&#40;&#123;&#10; count &#61; number&#10; type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [group](variables.tf#L229) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object&#40;&#123;&#10; named_ports &#61; map&#40;number&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [hostname](variables.tf#L237) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
| [iam](variables.tf#L243) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [instance_schedule](variables.tf#L249) | Assign or create and assign an instance schedule policy. Either resource policy id or create_config must be specified if not null. Set active to null to dtach a policy from vm before destroying. | <code title="object&#40;&#123;&#10; active &#61; optional&#40;bool, true&#41;&#10; description &#61; optional&#40;string&#41;&#10; expiration_time &#61; optional&#40;string&#41;&#10; start_time &#61; optional&#40;string&#41;&#10; timezone &#61; optional&#40;string, &#34;UTC&#34;&#41;&#10; vm_start &#61; optional&#40;string&#41;&#10; vm_stop &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [instance_type](variables.tf#L273) | Instance type. | <code>string</code> | | <code>&#34;f1-micro&#34;</code> |
| [labels](variables.tf#L279) | Instance labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [metadata](variables.tf#L285) | Instance metadata. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [metadata_startup_script](variables.tf#L291) | Instance startup script. Will trigger recreation on change, even after importing. | <code>string</code> | | <code>null</code> |
| [min_cpu_platform](variables.tf#L298) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
| [network_attached_interfaces](variables.tf#L309) | Network interfaces using network attachments. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [network_tag_bindings](variables.tf#L337) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance only for networking purposes, and modifiable without impacting the main resource lifecycle. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [options](variables.tf#L344) | Instance options. | <code title="object&#40;&#123;&#10; advanced_machine_features &#61; optional&#40;object&#40;&#123;&#10; enable_nested_virtualization &#61; optional&#40;bool&#41;&#10; enable_turbo_mode &#61; optional&#40;bool&#41;&#10; enable_uefi_networking &#61; optional&#40;bool&#41;&#10; performance_monitoring_unit &#61; optional&#40;string&#41;&#10; threads_per_core &#61; optional&#40;number&#41;&#10; visible_core_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; allow_stopping_for_update &#61; optional&#40;bool, true&#41;&#10; deletion_protection &#61; optional&#40;bool, false&#41;&#10; graceful_shutdown &#61; optional&#40;object&#40;&#123;&#10; enabled &#61; optional&#40;bool, false&#41;&#10; max_duration_secs &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; max_run_duration &#61; optional&#40;object&#40;&#123;&#10; nanos &#61; optional&#40;number&#41;&#10; seconds &#61; number&#10; &#125;&#41;&#41;&#10; node_affinities &#61; optional&#40;map&#40;object&#40;&#123;&#10; values &#61; list&#40;string&#41;&#10; in &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; spot &#61; optional&#40;bool, false&#41;&#10; termination_action &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; allow_stopping_for_update &#61; true&#10; deletion_protection &#61; false&#10; spot &#61; false&#10; termination_action &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [project_number](variables.tf#L406) | Project number. Used in tag bindings to avoid a permadiff. | <code>string</code> | | <code>null</code> |
| [resource_policies](variables.tf#L412) | Resource policies to attach to the instance or template. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [scratch_disks](variables.tf#L419) | Scratch disks configuration. | <code title="object&#40;&#123;&#10; count &#61; number&#10; interface &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; count &#61; 0&#10; interface &#61; &#34;NVME&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [service_account](variables.tf#L431) | Service account email and scopes. If email is null, the default Compute service account will be used unless auto_create is true, in which case a service account will be created. Set the variable to null to avoid attaching a service account. | <code title="object&#40;&#123;&#10; auto_create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string&#41;&#10; scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [shielded_config](variables.tf#L441) | Shielded VM configuration of the instances. | <code title="object&#40;&#123;&#10; enable_secure_boot &#61; optional&#40;bool, true&#41;&#10; enable_vtpm &#61; optional&#40;bool, true&#41;&#10; enable_integrity_monitoring &#61; optional&#40;bool, true&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [snapshot_schedules](variables.tf#L451) | Snapshot schedule resource policies that can be attached to disks. | <code title="map&#40;object&#40;&#123;&#10; schedule &#61; object&#40;&#123;&#10; daily &#61; optional&#40;object&#40;&#123;&#10; days_in_cycle &#61; number&#10; start_time &#61; string&#10; &#125;&#41;&#41;&#10; hourly &#61; optional&#40;object&#40;&#123;&#10; hours_in_cycle &#61; number&#10; start_time &#61; string&#10; &#125;&#41;&#41;&#10; weekly &#61; optional&#40;list&#40;object&#40;&#123;&#10; day &#61; string&#10; start_time &#61; string&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#10; description &#61; optional&#40;string&#41;&#10; retention_policy &#61; optional&#40;object&#40;&#123;&#10; max_retention_days &#61; number&#10; on_source_disk_delete_keep &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; snapshot_properties &#61; optional&#40;object&#40;&#123;&#10; chain_name &#61; optional&#40;string&#41;&#10; guest_flush &#61; optional&#40;bool&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; storage_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [tag_bindings](variables.tf#L494) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance and zonal disks, and modifiable without impacting the main resource lifecycle. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [tag_bindings_immutable](variables.tf#L501) | Immutable resource manager tag bindings, in tagKeys/id => tagValues/id format. These are set on the instance or instance template at creation time, and trigger recreation if changed. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [tags](variables.tf#L515) | Instance network tags for firewall rule targets. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
## Outputs

42
modules/compute-vm/main.tf
View File

@@ -82,10 +82,14 @@ resource "google_compute_disk" "boot" {
zone = local.zone
# by default, GCP creates boot disks with the same name as instance, the deviation here is kept for backwards
# compatibility
name = "${var.name}-boot"
type = var.boot_disk.initialize_params.type
size = var.boot_disk.initialize_params.size
image = var.boot_disk.initialize_params.image
name = "${var.name}-boot"
type = var.boot_disk.initialize_params.type
size = var.boot_disk.initialize_params.size
architecture = var.boot_disk.initialize_params.architecture
image = var.boot_disk.initialize_params.image
provisioned_iops = var.boot_disk.initialize_params.provisioned_iops
provisioned_throughput = var.boot_disk.initialize_params.provisioned_throughput
storage_pool = var.boot_disk.initialize_params.storage_pool
labels = merge(var.labels, {
disk_name = "boot"
disk_type = var.boot_disk.initialize_params.type
@@ -108,13 +112,17 @@ resource "google_compute_disk" "disks" {
for k, v in local.attached_disks_zonal :
k => v if v.source_type != "attach"
}
project = local.project_id
zone = local.zone
name = "${var.name}-${each.key}"
type = each.value.options.type
size = each.value.size
image = each.value.source_type == "image" ? each.value.source : null
snapshot = each.value.source_type == "snapshot" ? each.value.source : null
project = local.project_id
zone = local.zone
name = "${var.name}-${each.key}"
type = each.value.options.type
size = each.value.size
architecture = each.value.options.architecture
image = each.value.source_type == "image" ? each.value.source : null
provisioned_iops = each.value.options.provisioned_iops
provisioned_throughput = each.value.options.provisioned_throughput
snapshot = each.value.source_type == "snapshot" ? each.value.source : null
storage_pool = each.value.options.storage_pool
labels = merge(var.labels, {
disk_name = each.value.name
disk_type = each.value.options.type
@@ -278,10 +286,14 @@ resource "google_compute_instance" "default" {
: [""]
)
content {
image = var.boot_disk.initialize_params.image
size = var.boot_disk.initialize_params.size
type = var.boot_disk.initialize_params.type
resource_manager_tags = var.tag_bindings_immutable
architecture = var.boot_disk.initialize_params.architecture
image = var.boot_disk.initialize_params.image
size = var.boot_disk.initialize_params.size
type = var.boot_disk.initialize_params.type
resource_manager_tags = var.tag_bindings_immutable
provisioned_iops = var.boot_disk.initialize_params.provisioned_iops
provisioned_throughput = var.boot_disk.initialize_params.provisioned_throughput
storage_pool = var.boot_disk.initialize_params.storage_pool
}
}
}

2
modules/compute-vm/resource-policies.tf
View File

@@ -21,7 +21,7 @@ locals {
google_compute_resource_policy.schedule[0].id
]
disk_zonal_schedule_attachments = flatten([
for disk_key, disk_data in try(local.attached_disks_zonal, []) :
for disk_key, disk_data in local.attached_disks_zonal :
disk_data.snapshot_schedule != null ? [
for schedule in disk_data.snapshot_schedule : {
disk_key = disk_key

44
modules/compute-vm/template.tf
View File

@@ -57,12 +57,15 @@ resource "google_compute_instance_template" "default" {
}
disk {
auto_delete = var.boot_disk.auto_delete
boot = true
disk_size_gb = var.boot_disk.initialize_params.size
disk_type = var.boot_disk.initialize_params.type
resource_manager_tags = var.tag_bindings_immutable
source_image = var.boot_disk.initialize_params.image
architecture = var.boot_disk.initialize_params.architecture
auto_delete = var.boot_disk.auto_delete
boot = true
disk_size_gb = var.boot_disk.initialize_params.size
disk_type = var.boot_disk.initialize_params.type
provisioned_iops = var.boot_disk.initialize_params.provisioned_iops
provisioned_throughput = var.boot_disk.initialize_params.provisioned_throughput
resource_manager_tags = var.tag_bindings_immutable
source_image = var.boot_disk.initialize_params.image
dynamic "disk_encryption_key" {
for_each = var.encryption != null ? [""] : []
@@ -94,7 +97,8 @@ resource "google_compute_instance_template" "default" {
for_each = local.attached_disks
iterator = config
content {
auto_delete = config.value.options.auto_delete
architecture = config.value.options.architecture
auto_delete = config.value.options.auto_delete
device_name = coalesce(
config.value.device_name, config.value.name, config.key
)
@@ -106,7 +110,9 @@ resource "google_compute_instance_template" "default" {
disk_size_gb = (
config.value.source_type != "attach" ? config.value.size : null
)
mode = config.value.options.mode
mode = config.value.options.mode
provisioned_iops = config.value.options.provisioned_iops
provisioned_throughput = config.value.options.provisioned_throughput
source_image = (
config.value.source_type == "image" ? config.value.source : null
)
@@ -276,12 +282,15 @@ resource "google_compute_region_instance_template" "default" {
}
disk {
auto_delete = var.boot_disk.auto_delete
boot = true
disk_size_gb = var.boot_disk.initialize_params.size
disk_type = var.boot_disk.initialize_params.type
resource_manager_tags = var.tag_bindings_immutable
source_image = var.boot_disk.initialize_params.image
architecture = var.boot_disk.initialize_params.architecture
auto_delete = var.boot_disk.auto_delete
boot = true
disk_size_gb = var.boot_disk.initialize_params.size
disk_type = var.boot_disk.initialize_params.type
provisioned_iops = var.boot_disk.initialize_params.provisioned_iops
provisioned_throughput = var.boot_disk.initialize_params.provisioned_throughput
resource_manager_tags = var.tag_bindings_immutable
source_image = var.boot_disk.initialize_params.image
dynamic "disk_encryption_key" {
for_each = var.encryption != null ? [""] : []
@@ -312,7 +321,8 @@ resource "google_compute_region_instance_template" "default" {
for_each = local.attached_disks
iterator = config
content {
auto_delete = config.value.options.auto_delete
architecture = config.value.options.architecture
auto_delete = config.value.options.auto_delete
device_name = coalesce(
config.value.device_name, config.value.name, config.key
)
@@ -324,7 +334,9 @@ resource "google_compute_region_instance_template" "default" {
disk_size_gb = (
config.value.source_type != "attach" ? config.value.size : null
)
mode = config.value.options.mode
mode = config.value.options.mode
provisioned_iops = config.value.options.provisioned_iops
provisioned_throughput = config.value.options.provisioned_throughput
source_image = (
config.value.source_type == "image" ? config.value.source : null
)

41
modules/compute-vm/variables.tf
View File

@@ -46,10 +46,14 @@ variable "attached_disks" {
source_type = optional(string)
options = optional(
object({
auto_delete = optional(bool, false)
mode = optional(string, "READ_WRITE")
replica_zone = optional(string)
type = optional(string, "pd-balanced")
architecture = optional(string)
auto_delete = optional(bool, false) # applies only to vm templates
mode = optional(string, "READ_WRITE")
provisioned_iops = optional(number)
provisioned_throughput = optional(number) # in MiB/s
replica_zone = optional(string)
storage_pool = optional(string)
type = optional(string, "pd-balanced")
}),
{
auto_delete = true
@@ -77,6 +81,12 @@ variable "attached_disks" {
]) == length(var.attached_disks)
error_message = "auto_delete can only be specified on READ_WRITE disks."
}
validation {
condition = alltrue([for d in var.attached_disks :
(d.options.architecture == null || contains(["ARM64", "x86_64"], d.options.architecture))
])
error_message = "Architecture can be null, 'x86_64' or 'ARM64'."
}
}
variable "boot_disk" {
@@ -86,9 +96,13 @@ variable "boot_disk" {
snapshot_schedule = optional(list(string))
source = optional(string)
initialize_params = optional(object({
image = optional(string, "projects/debian-cloud/global/images/family/debian-11")
size = optional(number, 10)
type = optional(string, "pd-balanced")
architecture = optional(string)
image = optional(string, "projects/debian-cloud/global/images/family/debian-11")
provisioned_iops = optional(number)
provisioned_throughput = optional(number) # in MiB/s
size = optional(number, 10)
storage_pool = optional(string)
type = optional(string, "pd-balanced")
}), {})
use_independent_disk = optional(bool, false)
})
@@ -108,6 +122,13 @@ variable "boot_disk" {
)
error_message = "Using an independent disk for boot requires initialize params."
}
validation {
condition = (
var.boot_disk.initialize_params.architecture == null ||
contains(["ARM64", "x86_64"], var.boot_disk.initialize_params.architecture)
)
error_message = "Architecture can be null, 'x86_64' or 'ARM64'."
}
}
variable "can_ip_forward" {
@@ -420,9 +441,9 @@ variable "service_account" {
variable "shielded_config" {
description = "Shielded VM configuration of the instances."
type = object({
enable_secure_boot = bool
enable_vtpm = bool
enable_integrity_monitoring = bool
enable_secure_boot = optional(bool, true)
enable_vtpm = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
})
default = null
}

198
tests/modules/compute_vm/examples/disk-hyperdisk-arm.yaml Normal file
View File

@@ -0,0 +1,198 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vm-arm.google_compute_disk.disks["data1"]:
architecture: ARM64
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: data1
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: null
labels:
disk_name: data1
disk_type: hyperdisk-balanced
name: test-data1
params: []
project: project-id
provisioned_iops: 3000
provisioned_throughput: 140
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
storage_pool: null
terraform_labels:
disk_name: data1
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-arm.google_compute_disk.disks["data2"]:
architecture: ARM64
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: data2
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: projects/debian-cloud/global/images/family/debian-12-arm64
labels:
disk_name: data2
disk_type: hyperdisk-balanced
name: test-data2
params: []
project: project-id
provisioned_iops: 5000
provisioned_throughput: 500
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
storage_pool: null
terraform_labels:
disk_name: data2
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-arm.google_compute_instance.default[0]:
advanced_machine_features: []
allow_stopping_for_update: true
attached_disk:
- device_name: data1
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data1
- device_name: data2
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data2
boot_disk:
- auto_delete: true
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
initialize_params:
- architecture: ARM64
enable_confidential_compute: null
image: projects/debian-cloud/global/images/family/debian-12-arm64
provisioned_iops: 3000
provisioned_throughput: 140
resource_manager_tags: null
size: 10
source_image_encryption_key: []
source_snapshot_encryption_key: []
storage_pool: null
type: hyperdisk-balanced
interface: null
mode: READ_WRITE
can_ip_forward: false
deletion_protection: false
description: Managed by the compute-vm Terraform module.
desired_status: null
effective_labels:
goog-terraform-provisioned: 'true'
enable_display: false
hostname: null
instance_encryption_key: []
key_revocation_action_type: null
labels: null
machine_type: c4a-standard-1
metadata: null
metadata_startup_script: null
name: test
network_interface:
- access_config: []
alias_ip_range: []
ipv6_access_config: []
network: projects/xxx/global/networks/aaa
nic_type: null
queue_count: null
security_policy: null
subnetwork: subnet_self_link
network_performance_config: []
params: []
partner_metadata: null
project: project-id
resource_policies: null
scheduling:
- automatic_restart: true
availability_domain: null
graceful_shutdown: []
host_error_timeout_seconds: null
instance_termination_action: null
local_ssd_recovery_timeout: []
maintenance_interval: null
max_run_duration: []
min_node_cpus: null
node_affinities: []
on_host_maintenance: MIGRATE
on_instance_stop_action: []
preemptible: false
provisioning_model: STANDARD
skip_guest_os_shutdown: false
termination_time: null
scratch_disk: []
service_account:
- email: tf-vm-test@project-id.iam.gserviceaccount.com
scopes:
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/userinfo.email
shielded_instance_config:
- enable_integrity_monitoring: true
enable_secure_boot: true
enable_vtpm: true
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
zone: europe-west8-b
module.vm-arm.google_service_account.service_account[0]:
account_id: tf-vm-test
create_ignore_already_exists: null
description: null
disabled: false
display_name: Terraform VM test.
email: tf-vm-test@project-id.iam.gserviceaccount.com
member: serviceAccount:tf-vm-test@project-id.iam.gserviceaccount.com
project: project-id
timeouts: null
counts:
google_compute_disk: 2
google_compute_instance: 1

192
tests/modules/compute_vm/examples/disk-hyperdisk-cust-performance.yaml Normal file
View File

@@ -0,0 +1,192 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vm-disk-options-example.google_compute_disk.disks["data1"]:
architecture: null
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: data1
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: null
labels:
disk_name: data1
disk_type: hyperdisk-balanced
name: test-data1
params: []
project: project-id
provisioned_iops: 3000
provisioned_throughput: 140
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
storage_pool: null
terraform_labels:
disk_name: data1
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-disk-options-example.google_compute_disk.disks["data2"]:
architecture: null
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: data2
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: projects/debian-cloud/global/images/family/debian-12
labels:
disk_name: data2
disk_type: hyperdisk-balanced
name: test-data2
params: []
project: project-id
provisioned_iops: 5000
provisioned_throughput: 500
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
storage_pool: null
terraform_labels:
disk_name: data2
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-disk-options-example.google_compute_instance.default[0]:
advanced_machine_features: []
allow_stopping_for_update: true
attached_disk:
- device_name: data1
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data1
- device_name: data2
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data2
boot_disk:
- auto_delete: true
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
initialize_params:
- image: projects/debian-cloud/global/images/family/debian-12
provisioned_iops: 3000
provisioned_throughput: 140
resource_manager_tags: null
size: 10
source_image_encryption_key: []
source_snapshot_encryption_key: []
storage_pool: null
type: hyperdisk-balanced
interface: null
mode: READ_WRITE
can_ip_forward: false
deletion_protection: false
description: Managed by the compute-vm Terraform module.
desired_status: null
effective_labels:
goog-terraform-provisioned: 'true'
enable_display: false
hostname: null
instance_encryption_key: []
key_revocation_action_type: null
labels: null
machine_type: n4-standard-2
metadata: null
metadata_startup_script: null
name: test
network_interface:
- access_config: []
alias_ip_range: []
ipv6_access_config: []
network: projects/xxx/global/networks/aaa
nic_type: null
queue_count: null
security_policy: null
subnetwork: subnet_self_link
network_performance_config: []
params: []
partner_metadata: null
project: project-id
resource_policies: null
scheduling:
- automatic_restart: true
availability_domain: null
graceful_shutdown: []
host_error_timeout_seconds: null
instance_termination_action: null
local_ssd_recovery_timeout: []
maintenance_interval: null
max_run_duration: []
min_node_cpus: null
node_affinities: []
on_host_maintenance: MIGRATE
on_instance_stop_action: []
preemptible: false
provisioning_model: STANDARD
skip_guest_os_shutdown: false
termination_time: null
scratch_disk: []
service_account:
- email: tf-vm-test@project-id.iam.gserviceaccount.com
scopes:
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/userinfo.email
shielded_instance_config:
- enable_integrity_monitoring: true
enable_secure_boot: true
enable_vtpm: true
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
zone: europe-west8-b
module.vm-disk-options-example.google_service_account.service_account[0]:
account_id: tf-vm-test
create_ignore_already_exists: null
description: null
disabled: false
display_name: Terraform VM test.
email: tf-vm-test@project-id.iam.gserviceaccount.com
member: serviceAccount:tf-vm-test@project-id.iam.gserviceaccount.com
project: project-id
timeouts: null

229
tests/modules/compute_vm/examples/disk-hyperdisk-pool.yaml Normal file
View File

@@ -0,0 +1,229 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_storage_pool.default:
deletion_protection: false
description: null
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
name: storage-pool-basic
pool_provisioned_capacity_gb: '20480'
pool_provisioned_iops: '10000'
pool_provisioned_throughput: '1024'
project: project-id
storage_pool_type: hyperdisk-balanced
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
zone: europe-west8-b
module.vm-disk-options-example.google_compute_disk.boot[0]:
architecture: null
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: boot
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: projects/debian-cloud/global/images/family/debian-12
labels:
disk_name: boot
disk_type: hyperdisk-balanced
name: test-boot
params: []
project: project-id
provisioned_iops: 3000
provisioned_throughput: 140
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
terraform_labels:
disk_name: boot
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-disk-options-example.google_compute_disk.disks["data1"]:
architecture: null
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: data1
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: null
labels:
disk_name: data1
disk_type: hyperdisk-balanced
name: test-data1
params: []
project: project-id
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
terraform_labels:
disk_name: data1
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-disk-options-example.google_compute_disk.disks["data2"]:
architecture: null
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key: []
effective_labels:
disk_name: data2
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
image: projects/debian-cloud/global/images/family/debian-12
labels:
disk_name: data2
disk_type: hyperdisk-balanced
name: test-data2
params: []
project: project-id
provisioned_iops: 5000
provisioned_throughput: 500
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
storage_pool: null
terraform_labels:
disk_name: data2
disk_type: hyperdisk-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: hyperdisk-balanced
zone: europe-west8-b
module.vm-disk-options-example.google_compute_instance.default[0]:
advanced_machine_features: []
allow_stopping_for_update: true
attached_disk:
- device_name: data1
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data1
- device_name: data2
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data2
boot_disk:
- auto_delete: false
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
interface: null
mode: READ_WRITE
can_ip_forward: false
deletion_protection: false
description: Managed by the compute-vm Terraform module.
desired_status: null
effective_labels:
goog-terraform-provisioned: 'true'
enable_display: false
hostname: null
instance_encryption_key: []
key_revocation_action_type: null
labels: null
machine_type: c4d-standard-2
metadata: null
metadata_startup_script: null
name: test
network_interface:
- access_config: []
alias_ip_range: []
ipv6_access_config: []
network: projects/xxx/global/networks/aaa
nic_type: null
queue_count: null
security_policy: null
subnetwork: subnet_self_link
network_performance_config: []
params: []
partner_metadata: null
project: project-id
resource_policies: null
scheduling:
- automatic_restart: true
availability_domain: null
graceful_shutdown: []
host_error_timeout_seconds: null
instance_termination_action: null
local_ssd_recovery_timeout: []
maintenance_interval: null
max_run_duration: []
min_node_cpus: null
node_affinities: []
on_host_maintenance: MIGRATE
on_instance_stop_action: []
preemptible: false
provisioning_model: STANDARD
skip_guest_os_shutdown: false
termination_time: null
scratch_disk: []
service_account:
- email: tf-vm-test@project-id.iam.gserviceaccount.com
scopes:
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/userinfo.email
shielded_instance_config:
- enable_integrity_monitoring: true
enable_secure_boot: true
enable_vtpm: true
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
zone: europe-west8-b
module.vm-disk-options-example.google_service_account.service_account[0]:
account_id: tf-vm-test
create_ignore_already_exists: null
description: null
disabled: false
display_name: Terraform VM test.
email: tf-vm-test@project-id.iam.gserviceaccount.com
member: serviceAccount:tf-vm-test@project-id.iam.gserviceaccount.com
project: project-id
timeouts: null