Merge remote-tracking branch 'origin/master' into fast-dev
This commit is contained in:
Ludo
@@ -34,7 +34,7 @@ Currently available modules:
|
||||
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC factory](./modules/net-vpc-factory/README.md), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp)
|
||||
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud)
|
||||
- **data** - [AlloyDB instance](./modules/alloydb), [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Biglake Catalog](./modules/biglake-catalog), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex Aspect Types](./modules/dataplex-aspect-types/), [Dataplex DataScan](./modules/dataplex-datascan), [Cloud SQL instance](./modules/cloudsql-instance), [Spanner instance](./modules/spanner-instance), [Firestore](./modules/firestore), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/), [Looker Core](./modules/looker-core)
|
||||
- **AI** - [Agentspace](./modules/agentspace/README.md)
|
||||
- **AI** - [AI Applications](./modules/ai-applications/README.md)
|
||||
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Secure Source Manager instance](./modules/secure-source-manager-instance), [Workstation cluster](./modules/workstation-cluster)
|
||||
- **security** - [Binauthz](./modules/binauthz/), [Certificate Authority Service (CAS)](./modules/certificate-authority-service), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc), [Certificate Manager](./modules/certificate-manager/)
|
||||
- **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run), [Cloud Run v2](./modules/cloud-run-v2)
|
||||
|
||||
@@ -54,7 +54,7 @@ iam.serviceAccountKeyExposureResponse:
|
||||
rules:
|
||||
- allow:
|
||||
values:
|
||||
- DISABLE_KEY
|
||||
- is:DISABLE_KEY
|
||||
|
||||
iam.workloadIdentityPoolAwsAccounts:
|
||||
rules:
|
||||
|
||||
@@ -114,7 +114,7 @@ compute.restrictProtocolForwardingCreationForTypes:
|
||||
rules:
|
||||
- allow:
|
||||
values:
|
||||
- INTERNAL
|
||||
- is:INTERNAL
|
||||
|
||||
# compute.restrictSharedVpcHostProjects:
|
||||
# rules:
|
||||
|
||||
@@ -22,7 +22,7 @@ iam.allowedPolicyMemberDomains:
|
||||
rules:
|
||||
- allow:
|
||||
values:
|
||||
- ${organization.customer_id}
|
||||
- is:${organization.customer_id}
|
||||
condition:
|
||||
title: Restrict member domains
|
||||
expression: |
|
||||
@@ -54,7 +54,7 @@ iam.serviceAccountKeyExposureResponse:
|
||||
rules:
|
||||
- allow:
|
||||
values:
|
||||
- DISABLE_KEY
|
||||
- is:DISABLE_KEY
|
||||
|
||||
iam.workloadIdentityPoolAwsAccounts:
|
||||
rules:
|
||||
|
||||
@@ -43,13 +43,13 @@ module "organization" {
|
||||
# they are managed authoritatively and will break multitenant stages
|
||||
tags = merge(local.tags, {
|
||||
(var.tag_names.context) = {
|
||||
description = "Resource management context."
|
||||
iam = try(local.tags.context.iam, {})
|
||||
description = try(local.tags[var.tag_names.context].description, "Resource management context.")
|
||||
iam = try(local.tags[var.tag_names.context].iam, {})
|
||||
values = local.context_tag_values
|
||||
},
|
||||
(var.tag_names.environment) = {
|
||||
description = "Environment definition."
|
||||
iam = try(local.tags.environment.iam, {})
|
||||
description = try(local.tags[var.tag_names.environment].description, "Environment definition.")
|
||||
iam = try(local.tags[var.tag_names.environment].iam, {})
|
||||
values = local.environment_tag_values
|
||||
}
|
||||
})
|
||||
|
||||
@@ -199,7 +199,7 @@ module "stage2-folder" {
|
||||
}
|
||||
org_policies = each.value.folder_config.org_policies
|
||||
tag_bindings = merge({
|
||||
context = local.tag_values["context/${each.key}"].id
|
||||
(var.tag_names.context) = local.tag_values["${var.tag_names.context}/${each.key}"].id
|
||||
}, {
|
||||
for k, v in each.value.folder_config.tag_bindings : k => try(
|
||||
local.tag_values[v].id, v
|
||||
@@ -216,7 +216,7 @@ module "stage2-folder-env" {
|
||||
parent = module.stage2-folder[each.value.stage].id
|
||||
name = each.value.name
|
||||
tag_bindings = {
|
||||
environment = try(
|
||||
(var.tag_names.environment) = try(
|
||||
local.tag_values["${var.tag_names.environment}/${each.value.tag_name}"].id,
|
||||
null
|
||||
)
|
||||
|
||||
@@ -154,7 +154,7 @@ module "stage3-folder" {
|
||||
org_policies = each.value.folder_config.org_policies
|
||||
tag_bindings = merge(
|
||||
{
|
||||
environment = local.tag_values["environment/${var.environments[each.value.environment].tag_name}"].id
|
||||
(var.tag_names.environment) = local.tag_values["${var.tag_names.environment}/${var.environments[each.value.environment].tag_name}"].id
|
||||
},
|
||||
{
|
||||
for k, v in each.value.folder_config.tag_bindings : k => try(
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Shared security resources and VPC Service Controls
|
||||
# Shared security resources
|
||||
|
||||
This stage sets up an area dedicated to hosting security resources and configurations which impact the whole organization, or are shared across the hierarchy to other projects and teams.
|
||||
|
||||
|
||||
@@ -1,88 +0,0 @@
|
||||
# skip boilerplate check
|
||||
- accessapproval.googleapis.com
|
||||
- adsdatahub.googleapis.com
|
||||
- aiplatform.googleapis.com
|
||||
- alpha-documentai.googleapis.com
|
||||
- apigee.googleapis.com
|
||||
- apigeeconnect.googleapis.com
|
||||
- artifactregistry.googleapis.com
|
||||
- assuredworkloads.googleapis.com
|
||||
- automl.googleapis.com
|
||||
- bigquery.googleapis.com
|
||||
- bigquerydatatransfer.googleapis.com
|
||||
- bigtable.googleapis.com
|
||||
- binaryauthorization.googleapis.com
|
||||
- cloudasset.googleapis.com
|
||||
- cloudbuild.googleapis.com
|
||||
- cloudfunctions.googleapis.com
|
||||
- cloudkms.googleapis.com
|
||||
- cloudprofiler.googleapis.com
|
||||
- cloudresourcemanager.googleapis.com
|
||||
- cloudsearch.googleapis.com
|
||||
- cloudtrace.googleapis.com
|
||||
- composer.googleapis.com
|
||||
- compute.googleapis.com
|
||||
- connectgateway.googleapis.com
|
||||
- contactcenterinsights.googleapis.com
|
||||
- container.googleapis.com
|
||||
- containeranalysis.googleapis.com
|
||||
- containerregistry.googleapis.com
|
||||
- containerthreatdetection.googleapis.com
|
||||
- datacatalog.googleapis.com
|
||||
- dataflow.googleapis.com
|
||||
- datafusion.googleapis.com
|
||||
- dataproc.googleapis.com
|
||||
- datastream.googleapis.com
|
||||
- dialogflow.googleapis.com
|
||||
- dlp.googleapis.com
|
||||
- dns.googleapis.com
|
||||
- documentai.googleapis.com
|
||||
- eventarc.googleapis.com
|
||||
- file.googleapis.com
|
||||
- gameservices.googleapis.com
|
||||
- gkeconnect.googleapis.com
|
||||
- gkehub.googleapis.com
|
||||
- healthcare.googleapis.com
|
||||
- iam.googleapis.com
|
||||
- iaptunnel.googleapis.com
|
||||
- language.googleapis.com
|
||||
- lifesciences.googleapis.com
|
||||
- logging.googleapis.com
|
||||
- managedidentities.googleapis.com
|
||||
- memcache.googleapis.com
|
||||
- meshca.googleapis.com
|
||||
- metastore.googleapis.com
|
||||
- ml.googleapis.com
|
||||
- monitoring.googleapis.com
|
||||
- networkconnectivity.googleapis.com
|
||||
- networkmanagement.googleapis.com
|
||||
- networksecurity.googleapis.com
|
||||
- networkservices.googleapis.com
|
||||
- notebooks.googleapis.com
|
||||
- opsconfigmonitoring.googleapis.com
|
||||
- osconfig.googleapis.com
|
||||
- oslogin.googleapis.com
|
||||
- privateca.googleapis.com
|
||||
- pubsub.googleapis.com
|
||||
- pubsublite.googleapis.com
|
||||
- recaptchaenterprise.googleapis.com
|
||||
- recommender.googleapis.com
|
||||
- redis.googleapis.com
|
||||
- run.googleapis.com
|
||||
- secretmanager.googleapis.com
|
||||
- servicecontrol.googleapis.com
|
||||
- servicedirectory.googleapis.com
|
||||
- spanner.googleapis.com
|
||||
- speakerid.googleapis.com
|
||||
- speech.googleapis.com
|
||||
- sqladmin.googleapis.com
|
||||
- storage.googleapis.com
|
||||
- storagetransfer.googleapis.com
|
||||
- texttospeech.googleapis.com
|
||||
- tpu.googleapis.com
|
||||
- trafficdirector.googleapis.com
|
||||
- transcoder.googleapis.com
|
||||
- translate.googleapis.com
|
||||
- videointelligence.googleapis.com
|
||||
- vision.googleapis.com
|
||||
- vpcaccess.googleapis.com
|
||||
@@ -103,7 +103,7 @@ These modules are used in the examples included in this repository. If you are u
|
||||
|
||||
## AI
|
||||
|
||||
- [Agentspace](./agentspace/README.md)
|
||||
- [AI Applications](./ai-applications/README.md)
|
||||
|
||||
## Development
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
# Agentspace
|
||||
# AI Applications
|
||||
|
||||
This module handles the creation of Agentspace data sources, engines and related configurations.
|
||||
This module handles the creation of [AI Applications](https://cloud.google.com/generative-ai-app-builder/docs/introduction) data sources, engines and related configurations.
|
||||
|
||||
<!-- TOC -->
|
||||
* [Agentspace module](#agentspace)
|
||||
* [AI Applications module](#ai-applications)
|
||||
* [APIs](#apis)
|
||||
* [Quota Project](#quota-project)
|
||||
* [Examples](#examples)
|
||||
@@ -38,8 +38,8 @@ export USER_PROJECT_OVERRIDE=true
|
||||
This is a minimal example to create a Chat Engine agent.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-chat-app"
|
||||
project_id = var.project_id
|
||||
data_stores_configs = {
|
||||
@@ -66,8 +66,8 @@ module "agentspace" {
|
||||
This is a minimal example to create a Search Engine agent.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-search-app"
|
||||
project_id = var.project_id
|
||||
data_stores_configs = {
|
||||
@@ -90,8 +90,8 @@ module "agentspace" {
|
||||
By default services are deployed globally. You optionally specify a region where to deploy them.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-chat-app"
|
||||
project_id = var.project_id
|
||||
location = var.region
|
||||
@@ -119,8 +119,8 @@ module "agentspace" {
|
||||
You can reference from engines existing data sources created outside this module, by passing their ids. In this case, you'll need to configure in the engine valid `industry_vertical` and `location`.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-search-app"
|
||||
project_id = var.project_id
|
||||
engines_configs = {
|
||||
@@ -141,8 +141,8 @@ module "agentspace" {
|
||||
You can create and connect from your engines multiple data stores.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-chat-app"
|
||||
project_id = var.project_id
|
||||
data_stores_configs = {
|
||||
@@ -176,8 +176,8 @@ module "agentspace" {
|
||||
You can configure JSON data store schema definitions directly in your data store configuration.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-search-app"
|
||||
project_id = var.project_id
|
||||
data_stores_configs = {
|
||||
@@ -195,8 +195,8 @@ module "agentspace" {
|
||||
You can make data stores point to multiple websites and optionally specify their sitemap.
|
||||
|
||||
```hcl
|
||||
module "agentspace" {
|
||||
source = "./fabric/modules/agentspace"
|
||||
module "ai-applications" {
|
||||
source = "./fabric/modules/ai-applications"
|
||||
name = "my-search-app"
|
||||
project_id = var.project_id
|
||||
data_stores_configs = {
|
||||
@@ -210,7 +210,7 @@ module "agentspace" {
|
||||
}
|
||||
exclude-one-page = {
|
||||
exact_match = true
|
||||
provided_uri_pattern = "https://cloud.google.com/agentspace"
|
||||
provided_uri_pattern = "https://cloud.google.com/ai-applications"
|
||||
type = "EXCLUDE"
|
||||
}
|
||||
}
|
||||
@@ -236,8 +236,8 @@ module "agentspace" {
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L159) | The name of the resources. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L165) | The ID of the project where the data stores and the agents will be created. | <code>string</code> | ✓ | |
|
||||
| [data_stores_configs](variables.tf#L17) | The Agentspace datastore configurations. | <code title="map(object({ advanced_site_search_config = optional(object({ disable_initial_index = optional(bool) disable_automatic_refresh = optional(bool) })) content_config = optional(string, "NO_CONTENT") create_advanced_site_search = optional(bool) display_name = optional(string, "Terraform managed.") document_processing_config = optional(object({ chunking_config = optional(object({ layout_based_chunking_config = optional(object({ chunk_size = optional(number) include_ancestor_headings = optional(bool) })) })) default_parsing_config = optional(object({ digital_parsing_config = optional(bool) layout_parsing_config = optional(bool) ocr_parsing_config = optional(object({ use_native_text = optional(bool) })) })) parsing_config_overrides = map(object({ digital_parsing_config = optional(bool) layout_parsing_config = optional(bool) ocr_parsing_config = optional(object({ use_native_text = optional(bool) })) })) })) industry_vertical = optional(string, "GENERIC") json_schema = optional(string) location = optional(string) skip_default_schema_creation = optional(bool) solution_types = optional(list(string)) sites_search_config = optional(object({ sitemap_uri = optional(string) target_sites = map(object({ provided_uri_pattern = string exact_match = optional(bool, false) type = optional(string, "INCLUDE") })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [engines_configs](variables.tf#L112) | The Agentspace engines configurations. | <code title="map(object({ data_store_ids = list(string) collection_id = optional(string, "default_collection") chat_engine_config = optional(object({ allow_cross_region = optional(bool) business = optional(string) company_name = optional(string) default_language_code = optional(string) dialogflow_agent_to_link = optional(string) time_zone = optional(string) })) industry_vertical = optional(string) location = optional(string) search_engine_config = optional(object({ search_add_ons = optional(list(string), []) search_tier = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [data_stores_configs](variables.tf#L17) | The ai-applications datastore configurations. | <code title="map(object({ advanced_site_search_config = optional(object({ disable_initial_index = optional(bool) disable_automatic_refresh = optional(bool) })) content_config = optional(string, "NO_CONTENT") create_advanced_site_search = optional(bool) display_name = optional(string) document_processing_config = optional(object({ chunking_config = optional(object({ layout_based_chunking_config = optional(object({ chunk_size = optional(number) include_ancestor_headings = optional(bool) })) })) default_parsing_config = optional(object({ digital_parsing_config = optional(bool) layout_parsing_config = optional(bool) ocr_parsing_config = optional(object({ use_native_text = optional(bool) })) })) parsing_config_overrides = map(object({ digital_parsing_config = optional(bool) layout_parsing_config = optional(bool) ocr_parsing_config = optional(object({ use_native_text = optional(bool) })) })) })) industry_vertical = optional(string, "GENERIC") json_schema = optional(string) location = optional(string) skip_default_schema_creation = optional(bool) solution_types = optional(list(string)) sites_search_config = optional(object({ sitemap_uri = optional(string) target_sites = map(object({ provided_uri_pattern = string exact_match = optional(bool, false) type = optional(string, "INCLUDE") })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [engines_configs](variables.tf#L112) | The ai-applications engines configurations. | <code title="map(object({ data_store_ids = list(string) collection_id = optional(string, "default_collection") chat_engine_config = optional(object({ allow_cross_region = optional(bool) business = optional(string) company_name = optional(string) default_language_code = optional(string) dialogflow_agent_to_link = optional(string) time_zone = optional(string) })) industry_vertical = optional(string) location = optional(string) search_engine_config = optional(object({ search_add_ons = optional(list(string), []) search_tier = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L153) | Location where the data stores and agents will be created. | <code>string</code> | | <code>"global"</code> |
|
||||
|
||||
## Outputs
|
||||
@@ -35,12 +35,14 @@ resource "google_discovery_engine_data_store" "default" {
|
||||
data_store_id = "${var.name}-${each.key}"
|
||||
project = var.project_id
|
||||
location = coalesce(each.value.location, var.location)
|
||||
display_name = each.value.display_name
|
||||
industry_vertical = each.value.industry_vertical
|
||||
content_config = each.value.content_config
|
||||
solution_types = each.value.solution_types
|
||||
create_advanced_site_search = each.value.create_advanced_site_search
|
||||
skip_default_schema_creation = each.value.skip_default_schema_creation
|
||||
display_name = coalesce(
|
||||
each.value.display_name, "${var.name}-${each.key}"
|
||||
)
|
||||
|
||||
dynamic "advanced_site_search_config" {
|
||||
for_each = (
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
|
||||
variable "data_stores_configs" {
|
||||
description = "The Agentspace datastore configurations."
|
||||
description = "The ai-applications datastore configurations."
|
||||
type = map(object({
|
||||
advanced_site_search_config = optional(object({
|
||||
disable_initial_index = optional(bool)
|
||||
@@ -23,7 +23,7 @@ variable "data_stores_configs" {
|
||||
}))
|
||||
content_config = optional(string, "NO_CONTENT")
|
||||
create_advanced_site_search = optional(bool)
|
||||
display_name = optional(string, "Terraform managed.")
|
||||
display_name = optional(string)
|
||||
document_processing_config = optional(object({
|
||||
chunking_config = optional(object({
|
||||
layout_based_chunking_config = optional(object({
|
||||
@@ -110,7 +110,7 @@ variable "data_stores_configs" {
|
||||
}
|
||||
|
||||
variable "engines_configs" {
|
||||
description = "The Agentspace engines configurations."
|
||||
description = "The ai-applications engines configurations."
|
||||
type = map(object({
|
||||
data_store_ids = list(string)
|
||||
collection_id = optional(string, "default_collection")
|
||||
@@ -23,6 +23,7 @@ This module allows creation and management of VPC networks including subnetworks
|
||||
- [Private Google Access routes](#private-google-access-routes)
|
||||
- [Allow Firewall Policy to be evaluated before Firewall Rules](#allow-firewall-policy-to-be-evaluated-before-firewall-rules)
|
||||
- [IPv6](#ipv6)
|
||||
- [IPv6-Only and IP Collections](#ipv6-only-and-ip-collections)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
@@ -712,6 +713,47 @@ module "vpc" {
|
||||
}
|
||||
# tftest modules=1 resources=6 inventory=ipv6.yaml e2e
|
||||
```
|
||||
|
||||
### IPv6-Only and IP Collections
|
||||
|
||||
An IPv6-only subnetwork can be specified by setting `ipv6_only` to `true` and
|
||||
setting `ip_cidr_range` to `null`. An IP Collection may be specified with
|
||||
`ip_collection` and a
|
||||
[reference](https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks/insert)
|
||||
to a collection source, like a PublicDelegatedPrefix (PDP) for BYOIPv6. The PDP
|
||||
must be a sub-PDP in `EXTERNAL_IPV6_SUBNETWORK_CREATION` mode.
|
||||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = var.project_id
|
||||
name = "my-network"
|
||||
ipv6_config = {
|
||||
enable_ula_internal = true
|
||||
}
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = null
|
||||
name = "test-v6only"
|
||||
region = "europe-west1"
|
||||
ipv6 = {
|
||||
ipv6_only = true
|
||||
}
|
||||
},
|
||||
{
|
||||
ip_cidr_range = null
|
||||
name = "test-v6only"
|
||||
region = "europe-west3"
|
||||
ipv6 = {
|
||||
access_type = "EXTERNAL"
|
||||
ipv6_only = true
|
||||
}
|
||||
ip_collection = "https://www.googleapis.com/compute/v1/projects/project-id/regions/europe-west3/publicDelegatedPrefixes/test-sub-pdp"
|
||||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=6 inventory=ipv6_only.yaml e2e
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
@@ -736,11 +778,11 @@ module "vpc" {
|
||||
| [routing_mode](variables.tf#L234) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L244) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L250) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnets](variables.tf#L256) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) allow_subnet_cidr_routes_overlap = optional(bool, null) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") })) secondary_ip_ranges = optional(map(string)) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_private_nat](variables.tf#L303) | List of private NAT subnets. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L315) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = optional(bool, true) global = optional(bool, false) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L349) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L381) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
| [subnets](variables.tf#L256) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) allow_subnet_cidr_routes_overlap = optional(bool, null) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") ipv6_only = optional(bool, false) })) ip_collection = optional(string, null) secondary_ip_ranges = optional(map(string)) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_private_nat](variables.tf#L305) | List of private NAT subnets. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L317) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = optional(bool, true) global = optional(bool, false) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L351) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L383) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -56,9 +56,15 @@
|
||||
"properties": {
|
||||
"access_type": {
|
||||
"type": "string"
|
||||
},
|
||||
"ipv6_only": {
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
},
|
||||
"ip_collection": {
|
||||
"type": "string"
|
||||
},
|
||||
"name": {
|
||||
"type": "string"
|
||||
},
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
- **ipv6**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **access_type**: *string*
|
||||
- +**ipv6_only**: *boolean*
|
||||
- ⁺**ip_collection**: *string*
|
||||
- **name**: *string*
|
||||
- ⁺**region**: *string*
|
||||
- **psc**: *boolean*
|
||||
|
||||
@@ -43,7 +43,9 @@ locals {
|
||||
ip_cidr_range = v.ip_cidr_range
|
||||
ipv6 = !can(v.ipv6) ? null : {
|
||||
access_type = try(v.ipv6.access_type, "INTERNAL")
|
||||
ipv6_only = try(v.ipv6.ipv6_only, false)
|
||||
}
|
||||
ip_collection = try(v.ip_collection, null)
|
||||
name = try(v.name, k)
|
||||
region = v.region_computed
|
||||
secondary_ip_ranges = try(v.secondary_ip_ranges, null)
|
||||
@@ -145,7 +147,7 @@ resource "google_compute_subnetwork" "subnetwork" {
|
||||
network = local.network.name
|
||||
name = each.value.name
|
||||
region = each.value.region
|
||||
ip_cidr_range = each.value.ip_cidr_range
|
||||
ip_cidr_range = try(each.value.ipv6.ipv6_only, false) ? null : each.value.ip_cidr_range
|
||||
allow_subnet_cidr_routes_overlap = each.value.allow_subnet_cidr_routes_overlap
|
||||
description = (
|
||||
each.value.description == null
|
||||
@@ -154,12 +156,19 @@ resource "google_compute_subnetwork" "subnetwork" {
|
||||
)
|
||||
private_ip_google_access = each.value.enable_private_access
|
||||
stack_type = (
|
||||
try(each.value.ipv6, null) != null ? "IPV4_IPV6" : null
|
||||
try(each.value.ipv6, null) != null
|
||||
? (
|
||||
try(each.value.ipv6.ipv6_only, false)
|
||||
? "IPV6_ONLY"
|
||||
: "IPV4_IPV6"
|
||||
)
|
||||
: null
|
||||
)
|
||||
ipv6_access_type = (
|
||||
try(each.value.ipv6, null) != null ? each.value.ipv6.access_type : null
|
||||
)
|
||||
private_ipv6_google_access = try(each.value.ipv6.enable_private_access, null)
|
||||
ip_collection = each.value.ip_collection
|
||||
send_secondary_ip_range_if_empty = true
|
||||
|
||||
dynamic "secondary_ip_range" {
|
||||
|
||||
@@ -274,7 +274,9 @@ variable "subnets" {
|
||||
access_type = optional(string, "INTERNAL")
|
||||
# this field is marked for internal use in the API documentation
|
||||
# enable_private_access = optional(string)
|
||||
ipv6_only = optional(bool, false)
|
||||
}))
|
||||
ip_collection = optional(string, null)
|
||||
secondary_ip_ranges = optional(map(string))
|
||||
iam = optional(map(list(string)), {})
|
||||
iam_bindings = optional(map(object({
|
||||
|
||||
@@ -1318,7 +1318,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- INTERNAL
|
||||
- is:INTERNAL
|
||||
denied_values: null
|
||||
timeouts: null
|
||||
module.organization.google_org_policy_policy.default["compute.setNewProjectDefaultToZonalDNSOnly"]:
|
||||
@@ -1493,7 +1493,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- C00000000
|
||||
- is:C00000000
|
||||
denied_values: null
|
||||
- allow_all: 'TRUE'
|
||||
condition:
|
||||
@@ -1583,7 +1583,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- DISABLE_KEY
|
||||
- is:DISABLE_KEY
|
||||
denied_values: null
|
||||
timeouts: null
|
||||
module.organization.google_org_policy_policy.default["iam.workloadIdentityPoolAwsAccounts"]:
|
||||
|
||||
@@ -430,7 +430,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- DISABLE_KEY
|
||||
- is:DISABLE_KEY
|
||||
denied_values: null
|
||||
timeouts: null
|
||||
module.organization.google_org_policy_policy.default["iam.workloadIdentityPoolAwsAccounts"]:
|
||||
|
||||
@@ -166,7 +166,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- INTERNAL
|
||||
- is:INTERNAL
|
||||
denied_values: null
|
||||
timeouts: null
|
||||
module.organization.google_org_policy_policy.default["compute.setNewProjectDefaultToZonalDNSOnly"]:
|
||||
@@ -341,7 +341,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- C00000000
|
||||
- is:C00000000
|
||||
denied_values: null
|
||||
- allow_all: 'TRUE'
|
||||
condition:
|
||||
@@ -431,7 +431,7 @@ values:
|
||||
parameters: null
|
||||
values:
|
||||
- allowed_values:
|
||||
- DISABLE_KEY
|
||||
- is:DISABLE_KEY
|
||||
denied_values: null
|
||||
timeouts: null
|
||||
module.organization.google_org_policy_policy.default["iam.workloadIdentityPoolAwsAccounts"]:
|
||||
|
||||
82
tests/modules/net_vpc/examples/ipv6_only.yaml
Normal file
82
tests/modules/net_vpc/examples/ipv6_only.yaml
Normal file
@@ -0,0 +1,82 @@
|
||||
# Copyright 2025 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_network.network[0]:
|
||||
auto_create_subnetworks: false
|
||||
delete_default_routes_on_create: false
|
||||
description: Terraform-managed.
|
||||
enable_ula_internal_ipv6: true
|
||||
# internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
|
||||
name: my-network
|
||||
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
||||
project: project-id
|
||||
routing_mode: GLOBAL
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["private-googleapis"]:
|
||||
description: Terraform-managed.
|
||||
dest_range: 199.36.153.8/30
|
||||
name: my-network-private-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
|
||||
description: Terraform-managed.
|
||||
dest_range: 199.36.153.4/30
|
||||
name: my-network-restricted-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: project-id
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test-v6only"]:
|
||||
description: Terraform-managed.
|
||||
ipv6_access_type: INTERNAL
|
||||
log_config: []
|
||||
name: test-v6only
|
||||
private_ip_google_access: true
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
role: null
|
||||
stack_type: IPV6_ONLY
|
||||
timeouts: null
|
||||
module.vpc.google_compute_subnetwork.subnetwork["europe-west3/test-v6only"]:
|
||||
description: Terraform-managed.
|
||||
ipv6_access_type: EXTERNAL
|
||||
log_config: []
|
||||
name: test-v6only
|
||||
private_ip_google_access: true
|
||||
project: project-id
|
||||
region: europe-west3
|
||||
role: null
|
||||
stack_type: IPV6_ONLY
|
||||
timeouts: null
|
||||
ip_collection: "https://www.googleapis.com/compute/v1/projects/project-id/regions/europe-west3/publicDelegatedPrefixes/test-sub-pdp"
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_route: 3
|
||||
google_compute_subnetwork: 2
|
||||
modules: 1
|
||||
resources: 6
|
||||
|
||||
outputs: {}
|
||||
Reference in New Issue
Block a user