Enable terraform_naming_convention in tflint (#3930)
* Draft terraform_naming_convention * Two fast/stages fixes for terraform_naming_convention * Disable terraform_naming_convention for resources for now * module fixes for terraform_naming_convention * tfdoc * Remove "moved" from recipe and needs-fixing * Fix moved for spoke_ra * fix tests * Use default (snake_case) for resources * factory.terraform_data.project-preconditions * First-pass migration of resources + tests * Fix tests/modules/organization * Require snake_case for variables; Add annotations for _testing * permit _fast_debug variable * Fix net_vpc_factory and net_vpc_firewall tests * tfdoc addons and recipe * Fix more tests * Fix some net-global -> net_global tests --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This commit is contained in:
Simon Roberts
@@ -86,7 +86,12 @@ resource "google_dialogflow_cx_security_settings" "default" {
|
||||
}
|
||||
}
|
||||
|
||||
module "audio_export_settings_bucket" {
|
||||
moved {
|
||||
from = module.audio_export_settings_bucket
|
||||
to = module.audio-export-settings-bucket
|
||||
}
|
||||
|
||||
module "audio-export-settings-bucket" {
|
||||
count = (
|
||||
var.chat_agent_security_configs.audio_export_settings == null
|
||||
|| try(var.chat_agent_security_configs.audio_export_settings.id, null) != null
|
||||
|
||||
@@ -18,9 +18,9 @@ Once deployed do the following to see that it works:
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L27) | Identifier of the project. | <code>string</code> | ✓ | |
|
||||
| [regions](variables.tf#L32) | List of regions to deploy the proxy in. | <code>list(string)</code> | ✓ | |
|
||||
| [_testing](variables.tf#L17) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [project_id](variables.tf#L28) | Identifier of the project. | <code>string</code> | ✓ | |
|
||||
| [regions](variables.tf#L33) | List of regions to deploy the proxy in. | <code>list(string)</code> | ✓ | |
|
||||
| [_testing](variables.tf#L18) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ locals {
|
||||
}
|
||||
backends = [
|
||||
for region in var.regions : {
|
||||
backend = google_compute_region_network_endpoint_group.serverless-negs[region].id
|
||||
backend = google_compute_region_network_endpoint_group.serverless_negs[region].id
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -136,7 +136,7 @@ module "glb" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_endpoint_group" "serverless-negs" {
|
||||
resource "google_compute_region_network_endpoint_group" "serverless_negs" {
|
||||
for_each = toset(var.regions)
|
||||
provider = google-beta
|
||||
name = "serverless-neg-${module.gateways[each.value].gateway_id}"
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# tflint-ignore: terraform_naming_convention
|
||||
variable "_testing" {
|
||||
description = "Populate this variable to avoid triggering the data source."
|
||||
type = object({
|
||||
|
||||
@@ -24,11 +24,11 @@ Once the terraform configuration is applied you can verify that all is working b
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [analytics_region](variables.tf#L27) | Region. | <code>string</code> | ✓ | |
|
||||
| [instance_region](variables.tf#L32) | Region. | <code>string</code> | ✓ | |
|
||||
| [network_config](variables.tf#L37) | Network configuration. | <code>object({…})</code> | ✓ | |
|
||||
| [project_id](variables.tf#L46) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L17) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [analytics_region](variables.tf#L28) | Region. | <code>string</code> | ✓ | |
|
||||
| [instance_region](variables.tf#L33) | Region. | <code>string</code> | ✓ | |
|
||||
| [network_config](variables.tf#L38) | Network configuration. | <code>object({…})</code> | ✓ | |
|
||||
| [project_id](variables.tf#L47) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L18) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -120,7 +120,7 @@ module "apigee" {
|
||||
}
|
||||
}
|
||||
|
||||
module "ext_lb" {
|
||||
module "ext-lb" {
|
||||
source = "../../../modules/net-lb-app-ext"
|
||||
name = "glb"
|
||||
project_id = module.project.id
|
||||
@@ -178,7 +178,7 @@ module "swp" {
|
||||
allowed-hosts = {
|
||||
priority = 1000
|
||||
allow = true
|
||||
session_matcher = "host() == '${module.nginx_vm.internal_ip}'"
|
||||
session_matcher = "host() == '${module.nginx-vm.internal_ip}'"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -197,7 +197,7 @@ module "addresses" {
|
||||
}
|
||||
}
|
||||
|
||||
module "nginx_vm" {
|
||||
module "nginx-vm" {
|
||||
source = "../../../modules/compute-vm"
|
||||
project_id = module.project.project_id
|
||||
zone = "${var.instance_region}-b"
|
||||
@@ -223,7 +223,7 @@ module "nginx_vm" {
|
||||
|
||||
resource "local_file" "target_endpoint_file" {
|
||||
content = templatefile("${path.module}/templates/targets/default.xml.tpl", {
|
||||
ip_address = module.nginx_vm.internal_ip
|
||||
ip_address = module.nginx-vm.internal_ip
|
||||
})
|
||||
filename = "${path.module}/bundle/apiproxy/targets/default.xml"
|
||||
file_permission = "0644"
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# tflint-ignore: terraform_naming_convention
|
||||
variable "_testing" {
|
||||
description = "Populate this variable to avoid triggering the data source."
|
||||
type = object({
|
||||
|
||||
@@ -72,14 +72,24 @@ resource "google_logging_billing_account_sink" "sink" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "gcs-sinks-binding" {
|
||||
moved {
|
||||
from = google_storage_bucket_iam_member.gcs-sinks-binding
|
||||
to = google_storage_bucket_iam_member.gcs_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "gcs_sinks_binding" {
|
||||
for_each = local.sink_bindings["storage"]
|
||||
bucket = each.value.destination
|
||||
role = "roles/storage.objectCreator"
|
||||
member = google_logging_billing_account_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
moved {
|
||||
from = google_bigquery_dataset_iam_member.bq-sinks-binding
|
||||
to = google_bigquery_dataset_iam_member.bq_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq_sinks_binding" {
|
||||
for_each = local.sink_bindings["bigquery"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
dataset_id = split("/", each.value.destination)[3]
|
||||
@@ -87,7 +97,12 @@ resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
member = google_logging_billing_account_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
moved {
|
||||
from = google_pubsub_topic_iam_member.pubsub-sinks-binding
|
||||
to = google_pubsub_topic_iam_member.pubsub_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub_sinks_binding" {
|
||||
for_each = local.sink_bindings["pubsub"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
topic = split("/", each.value.destination)[3]
|
||||
@@ -95,7 +110,12 @@ resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
member = google_logging_billing_account_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.bucket-sinks-binding
|
||||
to = google_project_iam_member.bucket_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket_sinks_binding" {
|
||||
for_each = local.sink_bindings["logging"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
role = "roles/logging.bucketWriter"
|
||||
@@ -108,7 +128,12 @@ resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.project-sinks-binding
|
||||
to = google_project_iam_member.project_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project_sinks_binding" {
|
||||
for_each = local.sink_bindings["project"]
|
||||
project = each.value.destination
|
||||
role = "roles/logging.logWriter"
|
||||
|
||||
@@ -45,9 +45,9 @@ locals {
|
||||
vpn_dynamic_config = var.vpn_dynamic_config
|
||||
}
|
||||
netblocks = concat(
|
||||
data.google_netblock_ip_ranges.dns-forwarders.cidr_blocks_ipv4,
|
||||
data.google_netblock_ip_ranges.private-googleapis.cidr_blocks_ipv4,
|
||||
data.google_netblock_ip_ranges.restricted-googleapis.cidr_blocks_ipv4
|
||||
data.google_netblock_ip_ranges.dns_forwarders.cidr_blocks_ipv4,
|
||||
data.google_netblock_ip_ranges.private_googleapis.cidr_blocks_ipv4,
|
||||
data.google_netblock_ip_ranges.restricted_googleapis.cidr_blocks_ipv4
|
||||
)
|
||||
vpn_config = merge(var.vpn_config, {
|
||||
peer_ip_wildcard = "%${var.vpn_config.peer_ip}"
|
||||
@@ -55,14 +55,14 @@ locals {
|
||||
})
|
||||
}
|
||||
|
||||
data "google_netblock_ip_ranges" "dns-forwarders" {
|
||||
data "google_netblock_ip_ranges" "dns_forwarders" {
|
||||
range_type = "dns-forwarders"
|
||||
}
|
||||
|
||||
data "google_netblock_ip_ranges" "private-googleapis" {
|
||||
data "google_netblock_ip_ranges" "private_googleapis" {
|
||||
range_type = "private-googleapis"
|
||||
}
|
||||
|
||||
data "google_netblock_ip_ranges" "restricted-googleapis" {
|
||||
data "google_netblock_ip_ranges" "restricted_googleapis" {
|
||||
range_type = "restricted-googleapis"
|
||||
}
|
||||
|
||||
@@ -116,14 +116,24 @@ resource "google_logging_folder_sink" "sink" {
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "gcs-sinks-binding" {
|
||||
moved {
|
||||
from = google_storage_bucket_iam_member.gcs-sinks-binding
|
||||
to = google_storage_bucket_iam_member.gcs_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "gcs_sinks_binding" {
|
||||
for_each = local.sink_bindings["storage"]
|
||||
bucket = each.value.destination
|
||||
role = "roles/storage.objectCreator"
|
||||
member = google_logging_folder_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
moved {
|
||||
from = google_bigquery_dataset_iam_member.bq-sinks-binding
|
||||
to = google_bigquery_dataset_iam_member.bq_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq_sinks_binding" {
|
||||
for_each = local.sink_bindings["bigquery"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
dataset_id = split("/", each.value.destination)[3]
|
||||
@@ -131,7 +141,12 @@ resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
member = google_logging_folder_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
moved {
|
||||
from = google_pubsub_topic_iam_member.pubsub-sinks-binding
|
||||
to = google_pubsub_topic_iam_member.pubsub_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub_sinks_binding" {
|
||||
for_each = local.sink_bindings["pubsub"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
topic = split("/", each.value.destination)[3]
|
||||
@@ -139,7 +154,12 @@ resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
member = google_logging_folder_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.bucket-sinks-binding
|
||||
to = google_project_iam_member.bucket_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket_sinks_binding" {
|
||||
for_each = local.sink_bindings["logging"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
role = "roles/logging.bucketWriter"
|
||||
@@ -151,14 +171,24 @@ resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.project-sinks-binding
|
||||
to = google_project_iam_member.project_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project_sinks_binding" {
|
||||
for_each = local.sink_bindings["project"]
|
||||
project = each.value.destination
|
||||
role = "roles/logging.logWriter"
|
||||
member = google_logging_folder_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_logging_folder_exclusion" "logging-exclusion" {
|
||||
moved {
|
||||
from = google_logging_folder_exclusion.logging-exclusion
|
||||
to = google_logging_folder_exclusion.logging_exclusion
|
||||
}
|
||||
|
||||
resource "google_logging_folder_exclusion" "logging_exclusion" {
|
||||
for_each = var.logging_exclusions
|
||||
name = each.key
|
||||
folder = local.folder_id
|
||||
|
||||
@@ -146,7 +146,12 @@ resource "google_service_account_iam_member" "bindings" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_billing_account_iam_member" "billing-roles" {
|
||||
moved {
|
||||
from = google_billing_account_iam_member.billing-roles
|
||||
to = google_billing_account_iam_member.billing_roles
|
||||
}
|
||||
|
||||
resource "google_billing_account_iam_member" "billing_roles" {
|
||||
for_each = {
|
||||
for pair in local.iam_billing_pairs :
|
||||
"${pair.entity}-${pair.role}" => pair
|
||||
@@ -158,7 +163,12 @@ resource "google_billing_account_iam_member" "billing-roles" {
|
||||
member = local.iam_email
|
||||
}
|
||||
|
||||
resource "google_folder_iam_member" "folder-roles" {
|
||||
moved {
|
||||
from = google_folder_iam_member.folder-roles
|
||||
to = google_folder_iam_member.folder_roles
|
||||
}
|
||||
|
||||
resource "google_folder_iam_member" "folder_roles" {
|
||||
for_each = {
|
||||
for pair in local.iam_folder_pairs :
|
||||
"${pair.entity}-${pair.role}" => pair
|
||||
@@ -170,7 +180,12 @@ resource "google_folder_iam_member" "folder-roles" {
|
||||
member = local.iam_email
|
||||
}
|
||||
|
||||
resource "google_organization_iam_member" "organization-roles" {
|
||||
moved {
|
||||
from = google_organization_iam_member.organization-roles
|
||||
to = google_organization_iam_member.organization_roles
|
||||
}
|
||||
|
||||
resource "google_organization_iam_member" "organization_roles" {
|
||||
for_each = {
|
||||
for pair in local.iam_organization_pairs :
|
||||
"${pair.entity}-${pair.role}" => pair
|
||||
@@ -182,7 +197,12 @@ resource "google_organization_iam_member" "organization-roles" {
|
||||
member = local.iam_email
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project-roles" {
|
||||
moved {
|
||||
from = google_project_iam_member.project-roles
|
||||
to = google_project_iam_member.project_roles
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project_roles" {
|
||||
for_each = {
|
||||
for pair in local.iam_project_pairs :
|
||||
"${pair.entity}-${pair.role}" => pair
|
||||
@@ -208,7 +228,12 @@ resource "google_service_account_iam_member" "additive" {
|
||||
member = local.iam_email
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "bucket-roles" {
|
||||
moved {
|
||||
from = google_storage_bucket_iam_member.bucket-roles
|
||||
to = google_storage_bucket_iam_member.bucket_roles
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "bucket_roles" {
|
||||
for_each = {
|
||||
for pair in local.iam_storage_pairs :
|
||||
"${pair.entity}-${pair.role}" => pair
|
||||
|
||||
@@ -159,7 +159,7 @@ module "spoke-ra" {
|
||||
| [hub](outputs.tf#L17) | NCC hub resource (only if auto-created). | |
|
||||
| [id](outputs.tf#L22) | Fully qualified hub id. | |
|
||||
| [router](outputs.tf#L27) | Cloud Router resource. | |
|
||||
| [spoke-ra](outputs.tf#L32) | NCC spoke resource. | |
|
||||
| [spoke_ra](outputs.tf#L32) | NCC spoke resource. | |
|
||||
|
||||
## Fixtures
|
||||
|
||||
|
||||
@@ -33,7 +33,12 @@ resource "google_network_connectivity_hub" "hub" {
|
||||
description = var.hub.description
|
||||
}
|
||||
|
||||
resource "google_network_connectivity_spoke" "spoke-ra" {
|
||||
moved {
|
||||
from = google_network_connectivity_spoke.spoke-ra
|
||||
to = google_network_connectivity_spoke.spoke_ra
|
||||
}
|
||||
|
||||
resource "google_network_connectivity_spoke" "spoke_ra" {
|
||||
project = var.project_id
|
||||
hub = try(google_network_connectivity_hub.hub[0].id, var.hub.id)
|
||||
location = var.region
|
||||
@@ -109,7 +114,7 @@ resource "google_compute_router_peer" "peer_0" {
|
||||
router_appliance_instance = each.value.vm
|
||||
|
||||
depends_on = [
|
||||
google_network_connectivity_spoke.spoke-ra
|
||||
google_network_connectivity_spoke.spoke_ra
|
||||
]
|
||||
}
|
||||
|
||||
@@ -128,6 +133,6 @@ resource "google_compute_router_peer" "peer_1" {
|
||||
router_appliance_instance = each.value.vm
|
||||
|
||||
depends_on = [
|
||||
google_network_connectivity_spoke.spoke-ra
|
||||
google_network_connectivity_spoke.spoke_ra
|
||||
]
|
||||
}
|
||||
|
||||
@@ -29,7 +29,7 @@ output "router" {
|
||||
value = google_compute_router.cr
|
||||
}
|
||||
|
||||
output "spoke-ra" {
|
||||
output "spoke_ra" {
|
||||
description = "NCC spoke resource."
|
||||
value = google_network_connectivity_spoke.spoke-ra
|
||||
value = google_network_connectivity_spoke.spoke_ra
|
||||
}
|
||||
|
||||
@@ -14,24 +14,39 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_compute_network_firewall_policy" "net-global" {
|
||||
moved {
|
||||
from = google_compute_network_firewall_policy.net-global
|
||||
to = google_compute_network_firewall_policy.net_global
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy" "net_global" {
|
||||
count = !local.use_hierarchical && !local.use_regional ? 1 : 0
|
||||
project = lookup(local.ctx.project_ids, var.parent_id, var.parent_id)
|
||||
name = var.name
|
||||
description = var.description
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy_association" "net-global" {
|
||||
moved {
|
||||
from = google_compute_network_firewall_policy_association.net-global
|
||||
to = google_compute_network_firewall_policy_association.net_global
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy_association" "net_global" {
|
||||
for_each = (
|
||||
!local.use_hierarchical && !local.use_regional ? var.attachments : {}
|
||||
)
|
||||
project = lookup(local.ctx.project_ids, var.parent_id, var.parent_id)
|
||||
name = "${var.name}-${each.key}"
|
||||
attachment_target = lookup(local.ctx.networks, each.value, each.value)
|
||||
firewall_policy = google_compute_network_firewall_policy.net-global[0].name
|
||||
firewall_policy = google_compute_network_firewall_policy.net_global[0].name
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy_rule" "net-global" {
|
||||
moved {
|
||||
from = google_compute_network_firewall_policy_rule.net-global
|
||||
to = google_compute_network_firewall_policy_rule.net_global
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy_rule" "net_global" {
|
||||
# Terraform's type system barfs in the condition if we use the locals map
|
||||
for_each = toset(
|
||||
!local.use_hierarchical && !local.use_regional
|
||||
@@ -39,7 +54,7 @@ resource "google_compute_network_firewall_policy_rule" "net-global" {
|
||||
: []
|
||||
)
|
||||
project = lookup(local.ctx.project_ids, var.parent_id, var.parent_id)
|
||||
firewall_policy = google_compute_network_firewall_policy.net-global[0].name
|
||||
firewall_policy = google_compute_network_firewall_policy.net_global[0].name
|
||||
rule_name = local.rules[each.key].name
|
||||
action = local.rules[each.key].action
|
||||
description = local.rules[each.key].description
|
||||
@@ -147,7 +162,12 @@ resource "google_compute_network_firewall_policy_rule" "net-global" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy_packet_mirroring_rule" "net-global" {
|
||||
moved {
|
||||
from = google_compute_network_firewall_policy_packet_mirroring_rule.net-global
|
||||
to = google_compute_network_firewall_policy_packet_mirroring_rule.net_global
|
||||
}
|
||||
|
||||
resource "google_compute_network_firewall_policy_packet_mirroring_rule" "net_global" {
|
||||
provider = google-beta
|
||||
for_each = toset(
|
||||
!local.use_hierarchical && !local.use_regional
|
||||
@@ -155,7 +175,7 @@ resource "google_compute_network_firewall_policy_packet_mirroring_rule" "net-glo
|
||||
: []
|
||||
)
|
||||
project = lookup(local.ctx.project_ids, var.parent_id, var.parent_id)
|
||||
firewall_policy = google_compute_network_firewall_policy.net-global[0].name
|
||||
firewall_policy = google_compute_network_firewall_policy.net_global[0].name
|
||||
rule_name = local.mirroring_rules[each.key].name
|
||||
action = local.mirroring_rules[each.key].action
|
||||
description = local.mirroring_rules[each.key].description
|
||||
|
||||
@@ -14,7 +14,12 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_compute_region_network_firewall_policy" "net-regional" {
|
||||
moved {
|
||||
from = google_compute_region_network_firewall_policy.net-regional
|
||||
to = google_compute_region_network_firewall_policy.net_regional
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_firewall_policy" "net_regional" {
|
||||
count = !local.use_hierarchical && local.use_regional ? 1 : 0
|
||||
project = lookup(local.ctx.project_ids, var.parent_id, var.parent_id)
|
||||
name = var.name
|
||||
@@ -22,7 +27,12 @@ resource "google_compute_region_network_firewall_policy" "net-regional" {
|
||||
region = lookup(local.ctx.locations, var.region, var.region)
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_firewall_policy_association" "net-regional" {
|
||||
moved {
|
||||
from = google_compute_region_network_firewall_policy_association.net-regional
|
||||
to = google_compute_region_network_firewall_policy_association.net_regional
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_firewall_policy_association" "net_regional" {
|
||||
for_each = (
|
||||
!local.use_hierarchical && local.use_regional ? var.attachments : {}
|
||||
)
|
||||
@@ -30,10 +40,15 @@ resource "google_compute_region_network_firewall_policy_association" "net-region
|
||||
region = lookup(local.ctx.locations, var.region, var.region)
|
||||
name = "${var.name}-${each.key}"
|
||||
attachment_target = lookup(local.ctx.networks, each.value, each.value)
|
||||
firewall_policy = google_compute_region_network_firewall_policy.net-regional[0].name
|
||||
firewall_policy = google_compute_region_network_firewall_policy.net_regional[0].name
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_firewall_policy_rule" "net-regional" {
|
||||
moved {
|
||||
from = google_compute_region_network_firewall_policy_rule.net-regional
|
||||
to = google_compute_region_network_firewall_policy_rule.net_regional
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_firewall_policy_rule" "net_regional" {
|
||||
# Terraform's type system barfs in the condition if we use the locals map
|
||||
for_each = toset(
|
||||
!local.use_hierarchical && local.use_regional
|
||||
@@ -42,7 +57,7 @@ resource "google_compute_region_network_firewall_policy_rule" "net-regional" {
|
||||
)
|
||||
project = lookup(local.ctx.project_ids, var.parent_id, var.parent_id)
|
||||
region = lookup(local.ctx.locations, var.region, var.region)
|
||||
firewall_policy = google_compute_region_network_firewall_policy.net-regional[0].name
|
||||
firewall_policy = google_compute_region_network_firewall_policy.net_regional[0].name
|
||||
rule_name = local.rules[each.key].name
|
||||
action = local.rules[each.key].action
|
||||
description = local.rules[each.key].description
|
||||
|
||||
@@ -21,8 +21,8 @@ output "id" {
|
||||
? google_compute_firewall_policy.hierarchical[0].id
|
||||
: (
|
||||
local.use_regional
|
||||
? google_compute_region_network_firewall_policy.net-regional[0].id
|
||||
: google_compute_network_firewall_policy.net-global[0].id
|
||||
? google_compute_region_network_firewall_policy.net_regional[0].id
|
||||
: google_compute_network_firewall_policy.net_global[0].id
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -29,12 +29,12 @@ This recipe addresses common requirements of backends protected by IAP:
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L39) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L44) | Region. | <code>string</code> | ✓ | |
|
||||
| [support_email](variables.tf#L49) | Support email for IAP brand. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L17) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [accessors](variables.tf#L27) | List of identities able to access the service via IAP (e.g. group:mygroup@myorg.com). | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [impersonators](variables.tf#L33) | List of identities able to impersonate the service account for programmatica access. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [project_id](variables.tf#L40) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L45) | Region. | <code>string</code> | ✓ | |
|
||||
| [support_email](variables.tf#L50) | Support email for IAP brand. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L18) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [accessors](variables.tf#L28) | List of identities able to access the service via IAP (e.g. group:mygroup@myorg.com). | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [impersonators](variables.tf#L34) | List of identities able to impersonate the service account for programmatica access. | <code>list(string)</code> | | <code>[]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ module "project" {
|
||||
]
|
||||
}
|
||||
|
||||
module "application_service_account" {
|
||||
module "application-service-account" {
|
||||
source = "../../../modules/iam-service-account"
|
||||
project_id = var.project_id
|
||||
name = "application"
|
||||
@@ -53,7 +53,7 @@ resource "google_iap_client" "iap_client" {
|
||||
brand = google_iap_brand.iap_brand.name
|
||||
}
|
||||
|
||||
module "backend_service" {
|
||||
module "backend-service" {
|
||||
source = "../../../modules/cloud-run-v2"
|
||||
project_id = module.project.id
|
||||
name = "backend"
|
||||
@@ -132,7 +132,7 @@ resource "google_iap_web_backend_service_iam_binding" "iam_bindings" {
|
||||
members = concat(
|
||||
var.accessors,
|
||||
[
|
||||
module.application_service_account.iam_email
|
||||
module.application-service-account.iam_email
|
||||
])
|
||||
}
|
||||
|
||||
|
||||
@@ -25,14 +25,14 @@ EOT
|
||||
|
||||
output "application_service_account_email" {
|
||||
description = "Application service account email."
|
||||
value = module.application_service_account.email
|
||||
value = module.application-service-account.email
|
||||
}
|
||||
|
||||
output "command" {
|
||||
description = "Command."
|
||||
value = templatestring(local.command_tpl, {
|
||||
aud = google_iap_client.iap_client.client_id
|
||||
sa = module.application_service_account.email
|
||||
sa = module.application-service-account.email
|
||||
url = local.url
|
||||
})
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# tflint-ignore: terraform_naming_convention
|
||||
variable "_testing" {
|
||||
description = "Populate this variable to avoid triggering the data source."
|
||||
type = object({
|
||||
|
||||
@@ -64,14 +64,14 @@ A sample testing session using `tmux`:
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [prefix](variables.tf#L48) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L57) | Existing project id. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L17) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [ilb_right_enable](variables.tf#L27) | Route right to left traffic through ILB. | <code>bool</code> | | <code>false</code> |
|
||||
| [ilb_session_affinity](variables.tf#L33) | Session affinity configuration for ILBs. | <code>string</code> | | <code>"CLIENT_IP"</code> |
|
||||
| [ip_ranges](variables.tf#L39) | IP CIDR ranges used for VPC subnets. | <code>map(string)</code> | | <code>{…}</code> |
|
||||
| [region](variables.tf#L62) | Region used for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [zones](variables.tf#L68) | Zone suffixes used for instances. | <code>list(string)</code> | | <code>["b", "c"]</code> |
|
||||
| [prefix](variables.tf#L49) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L58) | Existing project id. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L18) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [ilb_right_enable](variables.tf#L28) | Route right to left traffic through ILB. | <code>bool</code> | | <code>false</code> |
|
||||
| [ilb_session_affinity](variables.tf#L34) | Session affinity configuration for ILBs. | <code>string</code> | | <code>"CLIENT_IP"</code> |
|
||||
| [ip_ranges](variables.tf#L40) | IP CIDR ranges used for VPC subnets. | <code>map(string)</code> | | <code>{…}</code> |
|
||||
| [region](variables.tf#L63) | Region used for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [zones](variables.tf#L69) | Zone suffixes used for instances. | <code>list(string)</code> | | <code>["b", "c"]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# tflint-ignore: terraform_naming_convention
|
||||
variable "_testing" {
|
||||
description = "Populate this variable to avoid triggering the data source."
|
||||
type = object({
|
||||
|
||||
@@ -24,7 +24,12 @@ locals {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow-admins" {
|
||||
moved {
|
||||
from = google_compute_firewall.allow-admins
|
||||
to = google_compute_firewall.allow_admins
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow_admins" {
|
||||
count = length(local.default_rules.admin_ranges) > 0 ? 1 : 0
|
||||
project = local.project_id
|
||||
network = local.network
|
||||
@@ -36,7 +41,12 @@ resource "google_compute_firewall" "allow-admins" {
|
||||
allow { protocol = "all" }
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow-tag-http" {
|
||||
moved {
|
||||
from = google_compute_firewall.allow-tag-http
|
||||
to = google_compute_firewall.allow_tag_http
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow_tag_http" {
|
||||
count = length(local.default_rules.http_ranges) > 0 ? 1 : 0
|
||||
project = local.project_id
|
||||
network = local.network
|
||||
@@ -52,7 +62,12 @@ resource "google_compute_firewall" "allow-tag-http" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow-tag-https" {
|
||||
moved {
|
||||
from = google_compute_firewall.allow-tag-https
|
||||
to = google_compute_firewall.allow_tag_https
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow_tag_https" {
|
||||
count = length(local.default_rules.https_ranges) > 0 ? 1 : 0
|
||||
project = local.project_id
|
||||
network = local.network
|
||||
@@ -68,7 +83,12 @@ resource "google_compute_firewall" "allow-tag-https" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow-tag-ssh" {
|
||||
moved {
|
||||
from = google_compute_firewall.allow-tag-ssh
|
||||
to = google_compute_firewall.allow_tag_ssh
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "allow_tag_ssh" {
|
||||
count = length(local.default_rules.ssh_ranges) > 0 ? 1 : 0
|
||||
project = local.project_id
|
||||
network = local.network
|
||||
|
||||
@@ -108,7 +108,12 @@ locals {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "custom-rules" {
|
||||
moved {
|
||||
from = google_compute_firewall.custom-rules
|
||||
to = google_compute_firewall.custom_rules
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "custom_rules" {
|
||||
for_each = local.rules
|
||||
project = local.project_id
|
||||
network = local.network
|
||||
|
||||
@@ -17,14 +17,14 @@
|
||||
output "default_rules" {
|
||||
description = "Default rule resources."
|
||||
value = {
|
||||
admin = try(google_compute_firewall.allow-admins, null)
|
||||
http = try(google_compute_firewall.allow-tag-http, null)
|
||||
https = try(google_compute_firewall.allow-tag-https, null)
|
||||
ssh = try(google_compute_firewall.allow-tag-ssh, null)
|
||||
admin = try(google_compute_firewall.allow_admins, null)
|
||||
http = try(google_compute_firewall.allow_tag_http, null)
|
||||
https = try(google_compute_firewall.allow_tag_https, null)
|
||||
ssh = try(google_compute_firewall.allow_tag_ssh, null)
|
||||
}
|
||||
}
|
||||
|
||||
output "rules" {
|
||||
description = "Custom rule resources."
|
||||
value = google_compute_firewall.custom-rules
|
||||
value = google_compute_firewall.custom_rules
|
||||
}
|
||||
|
||||
@@ -44,7 +44,12 @@ resource "google_compute_forwarding_rule" "esp" {
|
||||
ip_protocol = "ESP"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp-500" {
|
||||
moved {
|
||||
from = google_compute_forwarding_rule.udp-500
|
||||
to = google_compute_forwarding_rule.udp_500
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp_500" {
|
||||
name = "vpn-${var.name}-udp-500"
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
@@ -54,7 +59,12 @@ resource "google_compute_forwarding_rule" "udp-500" {
|
||||
port_range = "500"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp-4500" {
|
||||
moved {
|
||||
from = google_compute_forwarding_rule.udp-4500
|
||||
to = google_compute_forwarding_rule.udp_4500
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp_4500" {
|
||||
name = "vpn-${var.name}-udp-4500"
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
|
||||
@@ -10,15 +10,15 @@ The architecture deployed by this recipe is the one depicted below:
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [aws_asn](variables.tf#L27) | AWS ASN. | <code>string</code> | ✓ | |
|
||||
| [aws_region](variables.tf#L32) | AWS Region. | <code>string</code> | ✓ | |
|
||||
| [aws_vpc_cidr_block](variables.tf#L37) | CIDR block. | <code>string</code> | ✓ | |
|
||||
| [gcp_asn](variables.tf#L42) | Google ASN. | <code>string</code> | ✓ | |
|
||||
| [gcp_region](variables.tf#L47) | GCP Region. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L52) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [shared_secret](variables.tf#L63) | Shared secret. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L17) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [propagate_routes](variables.tf#L57) | Flag indicating whether routed received by AWS's Virtual Private Gateway should be propagated to main route table. | <code>bool</code> | | <code>false</code> |
|
||||
| [aws_asn](variables.tf#L28) | AWS ASN. | <code>string</code> | ✓ | |
|
||||
| [aws_region](variables.tf#L33) | AWS Region. | <code>string</code> | ✓ | |
|
||||
| [aws_vpc_cidr_block](variables.tf#L38) | CIDR block. | <code>string</code> | ✓ | |
|
||||
| [gcp_asn](variables.tf#L43) | Google ASN. | <code>string</code> | ✓ | |
|
||||
| [gcp_region](variables.tf#L48) | GCP Region. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L53) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [shared_secret](variables.tf#L64) | Shared secret. | <code>string</code> | ✓ | |
|
||||
| [_testing](variables.tf#L18) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [propagate_routes](variables.tf#L58) | Flag indicating whether routed received by AWS's Virtual Private Gateway should be propagated to main route table. | <code>bool</code> | | <code>false</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ resource "aws_vpn_gateway" "vpn_gateway" {
|
||||
resource "aws_customer_gateway" "customer_gateways" {
|
||||
count = 2
|
||||
bgp_asn = var.gcp_asn
|
||||
ip_address = module.gcp_vpn.gateway.vpn_interfaces[count.index].ip_address
|
||||
ip_address = module.gcp-vpn.gateway.vpn_interfaces[count.index].ip_address
|
||||
type = "ipsec.1"
|
||||
|
||||
tags = {
|
||||
|
||||
@@ -33,7 +33,7 @@ module "vpc" {
|
||||
name = "vpc"
|
||||
}
|
||||
|
||||
module "gcp_vpn" {
|
||||
module "gcp-vpn" {
|
||||
source = "../../../modules/net-vpn-ha"
|
||||
project_id = module.project.project_id
|
||||
region = var.gcp_region
|
||||
|
||||
@@ -16,15 +16,15 @@
|
||||
|
||||
output "external_gateway" {
|
||||
description = "External VPN gateway resource."
|
||||
value = module.gcp_vpn.external_gateway
|
||||
value = module.gcp-vpn.external_gateway
|
||||
}
|
||||
|
||||
output "gateway" {
|
||||
description = "VPN gateway resource (only if auto-created)."
|
||||
value = module.gcp_vpn.gateway
|
||||
value = module.gcp-vpn.gateway
|
||||
}
|
||||
|
||||
output "id" {
|
||||
description = "Fully qualified VPN gateway id."
|
||||
value = module.gcp_vpn.id
|
||||
value = module.gcp-vpn.id
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# tflint-ignore: terraform_naming_convention
|
||||
variable "_testing" {
|
||||
description = "Populate this variable to avoid triggering the data source."
|
||||
type = object({
|
||||
|
||||
@@ -45,7 +45,12 @@ resource "google_compute_forwarding_rule" "esp" {
|
||||
ip_protocol = "ESP"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp-500" {
|
||||
moved {
|
||||
from = google_compute_forwarding_rule.udp-500
|
||||
to = google_compute_forwarding_rule.udp_500
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp_500" {
|
||||
name = "vpn-${var.name}-udp-500"
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
@@ -55,7 +60,12 @@ resource "google_compute_forwarding_rule" "udp-500" {
|
||||
port_range = "500"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp-4500" {
|
||||
moved {
|
||||
from = google_compute_forwarding_rule.udp-4500
|
||||
to = google_compute_forwarding_rule.udp_4500
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "udp_4500" {
|
||||
name = "vpn-${var.name}-udp-4500"
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
|
||||
@@ -119,14 +119,24 @@ resource "google_logging_organization_sink" "sink" {
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "storage-sinks-binding" {
|
||||
moved {
|
||||
from = google_storage_bucket_iam_member.storage-sinks-binding
|
||||
to = google_storage_bucket_iam_member.storage_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "storage_sinks_binding" {
|
||||
for_each = local.sink_bindings["storage"]
|
||||
bucket = each.value.destination
|
||||
role = "roles/storage.objectCreator"
|
||||
member = google_logging_organization_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
moved {
|
||||
from = google_bigquery_dataset_iam_member.bq-sinks-binding
|
||||
to = google_bigquery_dataset_iam_member.bq_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq_sinks_binding" {
|
||||
for_each = local.sink_bindings["bigquery"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
dataset_id = split("/", each.value.destination)[3]
|
||||
@@ -134,7 +144,12 @@ resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
member = google_logging_organization_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
moved {
|
||||
from = google_pubsub_topic_iam_member.pubsub-sinks-binding
|
||||
to = google_pubsub_topic_iam_member.pubsub_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub_sinks_binding" {
|
||||
for_each = local.sink_bindings["pubsub"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
topic = split("/", each.value.destination)[3]
|
||||
@@ -142,7 +157,12 @@ resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
member = google_logging_organization_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.bucket-sinks-binding
|
||||
to = google_project_iam_member.bucket_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket_sinks_binding" {
|
||||
for_each = local.sink_bindings["logging"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
role = "roles/logging.bucketWriter"
|
||||
@@ -154,14 +174,24 @@ resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.project-sinks-binding
|
||||
to = google_project_iam_member.project_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project_sinks_binding" {
|
||||
for_each = local.sink_bindings["project"]
|
||||
project = each.value.destination
|
||||
role = "roles/logging.logWriter"
|
||||
member = google_logging_organization_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_logging_organization_exclusion" "logging-exclusion" {
|
||||
moved {
|
||||
from = google_logging_organization_exclusion.logging-exclusion
|
||||
to = google_logging_organization_exclusion.logging_exclusion
|
||||
}
|
||||
|
||||
resource "google_logging_organization_exclusion" "logging_exclusion" {
|
||||
for_each = var.logging_exclusions
|
||||
name = each.key
|
||||
org_id = local.organization_id_numeric
|
||||
|
||||
@@ -101,7 +101,12 @@ module "service-accounts" {
|
||||
tag_bindings = each.value.tag_bindings
|
||||
}
|
||||
|
||||
module "service_accounts-iam" {
|
||||
moved {
|
||||
from = module.service_accounts-iam
|
||||
to = module.service-accounts-iam
|
||||
}
|
||||
|
||||
module "service-accounts-iam" {
|
||||
source = "../iam-service-account"
|
||||
for_each = {
|
||||
for k in local.projects_service_accounts :
|
||||
|
||||
@@ -95,7 +95,12 @@ locals {
|
||||
]...)
|
||||
}
|
||||
|
||||
resource "terraform_data" "project-preconditions" {
|
||||
moved {
|
||||
from = terraform_data.project-preconditions
|
||||
to = terraform_data.project_preconditions
|
||||
}
|
||||
|
||||
resource "terraform_data" "project_preconditions" {
|
||||
lifecycle {
|
||||
precondition {
|
||||
condition = alltrue([
|
||||
|
||||
@@ -117,14 +117,24 @@ resource "google_logging_project_sink" "sink" {
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "gcs-sinks-binding" {
|
||||
moved {
|
||||
from = google_storage_bucket_iam_member.gcs-sinks-binding
|
||||
to = google_storage_bucket_iam_member.gcs_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "gcs_sinks_binding" {
|
||||
for_each = local.sink_bindings["storage"]
|
||||
bucket = each.value.destination
|
||||
role = "roles/storage.objectCreator"
|
||||
member = google_logging_project_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
moved {
|
||||
from = google_bigquery_dataset_iam_member.bq-sinks-binding
|
||||
to = google_bigquery_dataset_iam_member.bq_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_bigquery_dataset_iam_member" "bq_sinks_binding" {
|
||||
for_each = local.sink_bindings["bigquery"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
dataset_id = split("/", each.value.destination)[3]
|
||||
@@ -132,7 +142,12 @@ resource "google_bigquery_dataset_iam_member" "bq-sinks-binding" {
|
||||
member = google_logging_project_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
moved {
|
||||
from = google_pubsub_topic_iam_member.pubsub-sinks-binding
|
||||
to = google_pubsub_topic_iam_member.pubsub_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_member" "pubsub_sinks_binding" {
|
||||
for_each = local.sink_bindings["pubsub"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
topic = split("/", each.value.destination)[3]
|
||||
@@ -140,7 +155,12 @@ resource "google_pubsub_topic_iam_member" "pubsub-sinks-binding" {
|
||||
member = google_logging_project_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.bucket-sinks-binding
|
||||
to = google_project_iam_member.bucket_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "bucket_sinks_binding" {
|
||||
for_each = local.sink_bindings["logging"]
|
||||
project = split("/", each.value.destination)[1]
|
||||
role = "roles/logging.bucketWriter"
|
||||
@@ -153,14 +173,24 @@ resource "google_project_iam_member" "bucket-sinks-binding" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project-sinks-binding" {
|
||||
moved {
|
||||
from = google_project_iam_member.project-sinks-binding
|
||||
to = google_project_iam_member.project_sinks_binding
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "project_sinks_binding" {
|
||||
for_each = local.sink_bindings["project"]
|
||||
project = each.value.destination
|
||||
role = "roles/logging.logWriter"
|
||||
member = google_logging_project_sink.sink[each.key].writer_identity
|
||||
}
|
||||
|
||||
resource "google_logging_project_exclusion" "logging-exclusion" {
|
||||
moved {
|
||||
from = google_logging_project_exclusion.logging-exclusion
|
||||
to = google_logging_project_exclusion.logging_exclusion
|
||||
}
|
||||
|
||||
resource "google_logging_project_exclusion" "logging_exclusion" {
|
||||
for_each = var.logging_exclusions
|
||||
name = each.key
|
||||
project = local.project.project_id
|
||||
@@ -168,7 +198,12 @@ resource "google_logging_project_exclusion" "logging-exclusion" {
|
||||
filter = each.value
|
||||
}
|
||||
|
||||
resource "google_logging_log_scope" "log-scopes" {
|
||||
moved {
|
||||
from = google_logging_log_scope.log-scopes
|
||||
to = google_logging_log_scope.log_scopes
|
||||
}
|
||||
|
||||
resource "google_logging_log_scope" "log_scopes" {
|
||||
for_each = local.log_scopes
|
||||
parent = "projects/${local.project.project_id}"
|
||||
location = "global"
|
||||
|
||||
Reference in New Issue
Block a user