From c5312d59dc7970c73e5f0604d90ad96b10f2a7ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Wed, 3 Sep 2025 07:38:28 +0000 Subject: [PATCH 1/3] Fix E2E tests after provider upgrade to 7 --- modules/alloydb/README.md | 52 ++++++++++++++++++++-------------- modules/alloydb/main.tf | 1 + modules/alloydb/variables.tf | 6 ++++ modules/cloud-run-v2/README.md | 2 +- 4 files changed, 38 insertions(+), 23 deletions(-) diff --git a/modules/alloydb/README.md b/modules/alloydb/README.md index b2aa131bf..18657fe8a 100644 --- a/modules/alloydb/README.md +++ b/modules/alloydb/README.md @@ -66,8 +66,9 @@ module "alloydb" { network = module.vpc.id } } - instance_name = "db" - location = var.region + instance_name = "db" + location = var.region + deletion_protection = false } # tftest modules=3 resources=17 inventory=simple.yaml e2e ``` @@ -95,6 +96,7 @@ module "alloydb" { node_count = 2 } } + deletion_protection = false } # tftest modules=1 resources=4 inventory=read_pool.yaml e2e ``` @@ -118,6 +120,7 @@ module "alloydb" { enabled = true region = "europe-west12" } + deletion_protection = false } # tftest modules=1 resources=4 inventory=cross_region_replication.yaml e2e ``` @@ -141,6 +144,7 @@ module "alloydb" { network_config = { psc_config = { allowed_consumer_projects = [var.project_number] } } + deletion_protection = false } # tftest modules=1 resources=2 inventory=psc.yaml e2e ``` @@ -176,6 +180,7 @@ module "alloydb" { password = "mypassword" } } + deletion_protection = false } # tftest modules=1 resources=5 inventory=custom.yaml e2e ``` @@ -246,6 +251,7 @@ module "alloydb" { encryption_config = { primary_kms_key_name = module.kms.keys.key-regional.id } + deletion_protection = false } # tftest inventory=cmek.yaml e2e @@ -286,6 +292,7 @@ module "alloydb" { tag_bindings = { env-sandbox = module.org.tag_values["environment/sandbox"].id } + deletion_protection = false } # tftest modules=2 resources=7 ``` @@ -295,10 +302,10 @@ module "alloydb" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [cluster_name](variables.tf#L81) | Name of the primary cluster. | string | ✓ | | -| [instance_name](variables.tf#L177) | Name of primary instance. | string | ✓ | | -| [location](variables.tf#L189) | Region or zone of the cluster and instance. | string | ✓ | | -| [network_config](variables.tf#L234) | Network configuration for cluster and instance. Only one between psa_config and psc_config can be used. | object({…}) | ✓ | | -| [project_id](variables.tf#L269) | The ID of the project where this instances will be created. | string | ✓ | | +| [instance_name](variables.tf#L183) | Name of primary instance. | string | ✓ | | +| [location](variables.tf#L195) | Region or zone of the cluster and instance. | string | ✓ | | +| [network_config](variables.tf#L240) | Network configuration for cluster and instance. Only one between psa_config and psc_config can be used. | object({…}) | ✓ | | +| [project_id](variables.tf#L275) | The ID of the project where this instances will be created. | string | ✓ | | | [annotations](variables.tf#L17) | Map FLAG_NAME=>VALUE for annotations which allow client tools to store small amount of arbitrary data. | map(string) | | null | | [automated_backup_configuration](variables.tf#L23) | Automated backup settings for cluster. | object({…}) | | {} | | [availability_type](variables.tf#L58) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "REGIONAL" | @@ -308,22 +315,23 @@ module "alloydb" { | [cross_region_replication](variables.tf#L97) | Cross region replication config. | object({…}) | | {} | | [database_version](variables.tf#L129) | Database type and version to create. | string | | "POSTGRES_15" | | [deletion_policy](variables.tf#L135) | AlloyDB cluster and instance deletion policy. | string | | null | -| [display_name](variables.tf#L141) | AlloyDB instance display name. | string | | null | -| [encryption_config](variables.tf#L147) | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | object({…}) | | null | -| [flags](variables.tf#L156) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | -| [gce_zone](variables.tf#L162) | The GCE zone that the instance should serve from. This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. | string | | null | -| [initial_user](variables.tf#L168) | AlloyDB cluster initial user credentials. | object({…}) | | null | -| [labels](variables.tf#L183) | Labels to be attached to all instances. | map(string) | | null | -| [machine_config](variables.tf#L195) | AlloyDB machine config. | object({…}) | | {} | -| [maintenance_config](variables.tf#L209) | Set maintenance window configuration. | object({…}) | | {} | -| [prefix](variables.tf#L259) | Optional prefix used to generate instance names. | string | | null | -| [project_number](variables.tf#L274) | The project number of the project where this instances will be created. Only used for testing purposes. | string | | null | -| [query_insights_config](variables.tf#L280) | Query insights config. | object({…}) | | {} | -| [read_pool](variables.tf#L291) | Map of read pool instances to create in the primary cluster. | map(object({…})) | | {} | -| [skip_await_major_version_upgrade](variables.tf#L336) | Set to true to skip awaiting on the major version upgrade of the cluster. | bool | | true | -| [subscription_type](variables.tf#L342) | The subscription type of cluster. Possible values are: 'STANDARD' or 'TRIAL'. | string | | "STANDARD" | -| [tag_bindings](variables.tf#L348) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | -| [users](variables.tf#L355) | Map of users to create in the primary instance (and replicated to other replicas). Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'ALLOYDB_BUILT_IN' or 'ALLOYDB_IAM_USER'. | map(object({…})) | | {} | +| [deletion_protection](variables.tf#L141) | Whether Terraform will be prevented from destroying the cluster. When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the cluster will fail. When the field is set to false, deleting the cluster is allowed. | bool | | null | +| [display_name](variables.tf#L147) | AlloyDB instance display name. | string | | null | +| [encryption_config](variables.tf#L153) | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | object({…}) | | null | +| [flags](variables.tf#L162) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | +| [gce_zone](variables.tf#L168) | The GCE zone that the instance should serve from. This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. | string | | null | +| [initial_user](variables.tf#L174) | AlloyDB cluster initial user credentials. | object({…}) | | null | +| [labels](variables.tf#L189) | Labels to be attached to all instances. | map(string) | | null | +| [machine_config](variables.tf#L201) | AlloyDB machine config. | object({…}) | | {} | +| [maintenance_config](variables.tf#L215) | Set maintenance window configuration. | object({…}) | | {} | +| [prefix](variables.tf#L265) | Optional prefix used to generate instance names. | string | | null | +| [project_number](variables.tf#L280) | The project number of the project where this instances will be created. Only used for testing purposes. | string | | null | +| [query_insights_config](variables.tf#L286) | Query insights config. | object({…}) | | {} | +| [read_pool](variables.tf#L297) | Map of read pool instances to create in the primary cluster. | map(object({…})) | | {} | +| [skip_await_major_version_upgrade](variables.tf#L342) | Set to true to skip awaiting on the major version upgrade of the cluster. | bool | | true | +| [subscription_type](variables.tf#L348) | The subscription type of cluster. Possible values are: 'STANDARD' or 'TRIAL'. | string | | "STANDARD" | +| [tag_bindings](variables.tf#L354) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | +| [users](variables.tf#L361) | Map of users to create in the primary instance (and replicated to other replicas). Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'ALLOYDB_BUILT_IN' or 'ALLOYDB_IAM_USER'. | map(object({…})) | | {} | ## Outputs diff --git a/modules/alloydb/main.tf b/modules/alloydb/main.tf index 1e24255bd..1b04f6161 100644 --- a/modules/alloydb/main.tf +++ b/modules/alloydb/main.tf @@ -61,6 +61,7 @@ resource "google_alloydb_cluster" "primary" { cluster_type = var.cross_region_replication.switchover_mode ? "SECONDARY" : "PRIMARY" database_version = var.database_version deletion_policy = var.deletion_policy + deletion_protection = var.deletion_protection display_name = coalesce(var.cluster_display_name, local.primary_cluster_name) labels = var.labels location = var.location diff --git a/modules/alloydb/variables.tf b/modules/alloydb/variables.tf index 5c7e73021..3263e5c98 100644 --- a/modules/alloydb/variables.tf +++ b/modules/alloydb/variables.tf @@ -138,6 +138,12 @@ variable "deletion_policy" { default = null } +variable "deletion_protection" { + description = "Whether Terraform will be prevented from destroying the cluster. When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the cluster will fail. When the field is set to false, deleting the cluster is allowed." + type = bool + default = null +} + variable "display_name" { description = "AlloyDB instance display name." type = string diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md index 6b3ad5dfe..c4e0156cf 100644 --- a/modules/cloud-run-v2/README.md +++ b/modules/cloud-run-v2/README.md @@ -944,7 +944,7 @@ module "worker" { project_id = var.project_id name = "worker" region = var.region - launch_stage = "ALPHA" + launch_stage = "BETA" revision = { gpu_zonal_redundancy_disabled = true node_selector = { From b20d62815a739c78fb0e3aa2b757e11d5d2a0b8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Wed, 3 Sep 2025 13:13:15 +0200 Subject: [PATCH 2/3] Fix Cloud Run validation for refactored fields (#3295) Co-authored-by: Julio Castillo --- modules/cloud-run-v2/README.md | 16 ++++++++-------- modules/cloud-run-v2/variables.tf | 31 ++++++++++++++++--------------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md index c4e0156cf..13172c353 100644 --- a/modules/cloud-run-v2/README.md +++ b/modules/cloud-run-v2/README.md @@ -984,15 +984,15 @@ module "worker" { | [labels](variables.tf#L130) | Resource labels. | map(string) | | {} | | [launch_stage](variables.tf#L136) | The launch stage as defined by Google Cloud Platform Launch Stages. | string | | null | | [managed_revision](variables.tf#L153) | Whether the Terraform module should control the deployment of revisions. | bool | | true | -| [revision](variables.tf#L175) | Revision template configurations. | object({…}) | | {} | -| [service_account](variables.tf#L235) | Service account email. Unused if service account is auto-created. | string | | null | -| [service_account_create](variables.tf#L241) | Auto-create service account. | bool | | false | -| [service_config](variables.tf#L247) | Cloud Run service specific configuration options. | object({…}) | | {} | -| [tag_bindings](variables.tf#L310) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | -| [type](variables.tf#L317) | Type of Cloud Run resource to deploy: JOB, SERVICE or WORKERPOOL. | string | | "SERVICE" | -| [volumes](variables.tf#L327) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | +| [revision](variables.tf#L175) | Revision template configurations. | object({…}) | | {} | +| [service_account](variables.tf#L236) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L242) | Auto-create service account. | bool | | false | +| [service_config](variables.tf#L248) | Cloud Run service specific configuration options. | object({…}) | | {} | +| [tag_bindings](variables.tf#L311) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | +| [type](variables.tf#L318) | Type of Cloud Run resource to deploy: JOB, SERVICE or WORKERPOOL. | string | | "SERVICE" | +| [volumes](variables.tf#L328) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | | [vpc_connector_create](variables-vpcconnector.tf#L17) | Populate this to create a Serverless VPC Access connector. | object({…}) | | null | -| [workerpool_config](variables.tf#L361) | Cloud Run Worker Pool specific configuration. | object({…}) | | {} | +| [workerpool_config](variables.tf#L362) | Cloud Run Worker Pool specific configuration. | object({…}) | | {} | ## Outputs diff --git a/modules/cloud-run-v2/variables.tf b/modules/cloud-run-v2/variables.tf index 615d833e9..4472e94d3 100644 --- a/modules/cloud-run-v2/variables.tf +++ b/modules/cloud-run-v2/variables.tf @@ -189,34 +189,35 @@ variable "revision" { tags = optional(list(string)) }), {}) timeout = optional(string) + # deprecated fields + gen2_execution_environment = optional(any) # DEPRECATED + job = optional(any) # DEPRECATED + max_concurrency = optional(any) # DEPRECATED + max_instance_count = optional(any) # DEPRECATED + min_instance_count = optional(any) # DEPRECATED }) default = {} nullable = false validation { - condition = !contains(keys(var.revision), "gen2_execution_environment") - error_message = "Field gen2_execution_environment moved to var.service_config." + condition = lookup(var.revision, "gen2_execution_environment", null) == null + error_message = "Field gen2_execution_environment has moved to var.service_config." } validation { - condition = !contains(keys(var.revision), "max_concurrency") - error_message = "Field max_concurrency moved to var.service_config." + condition = lookup(var.revision, "job", null) == null + error_message = "Field job has moved to var.job_config." } validation { - condition = !contains(keys(var.revision), "max_concurrency") - error_message = "Field max_concurrency moved to var.service_config." + condition = lookup(var.revision, "max_concurrency", null) == null + error_message = "Field max_concurrency has moved to var.service_config." } validation { - condition = !contains(keys(var.revision), "max_instance_count") - error_message = "Field max_instance_count moved to var.service_config." + condition = lookup(var.revision, "max_instance_count", null) == null + error_message = "Field max_instance_count has moved to var.service_config." } validation { - condition = !contains(keys(var.revision), "min_instance_count") - error_message = "Field min_instance_count moved to var.service_config." + condition = lookup(var.revision, "min_instance_count", null) == null + error_message = "Field min_instance_count has moved to var.service_config." } - validation { - condition = !contains(keys(var.revision), "job") - error_message = "Field job moved to var.job_config." - } - validation { condition = ( try(var.revision.vpc_access.egress, null) == null ? true : contains( From 7b8ad07b29835a413324a67783678c5920ae1ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=B3sa=20M=C3=A1rk=C3=B3?= Date: Wed, 3 Sep 2025 13:29:27 +0200 Subject: [PATCH 3/3] gke-hub.tf update local to use cluster.fleet_config.configmanagement_template instead of the highest level block (#3297) --- fast/stages/3-gke-dev/gke-hub.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fast/stages/3-gke-dev/gke-hub.tf b/fast/stages/3-gke-dev/gke-hub.tf index 7ca8e4945..8540fe586 100644 --- a/fast/stages/3-gke-dev/gke-hub.tf +++ b/fast/stages/3-gke-dev/gke-hub.tf @@ -18,7 +18,7 @@ locals { fleet_clusters = var.fleet_config == null ? {} : { - for k, v in var.clusters : k => v.configmanagement_template + for k, v in var.clusters : k => v.fleet_config.configmanagement_template if v.fleet_config.register == true } fleet_mcs_enabled = (