New FAST data platform (#3066)
* copy from broken dp dev branch * remove extra excalidraw file * fix networking yaml * tfdoc * tfdoc * nuke old data platform * fix tests * tests * tflint * high level diagram * make location optional in composer schema * add composer outputs * docs * remove schema docs * tfdoc * update service agent encryption composer def for composer 3 * encryption keys * typo * typo * fix security IAM * inventory * tflint * Fix roles and diagram. * Fix tflint * Fix test DP. * Fix test * Diagrams excalidraw gz --------- Co-authored-by: lcaggio <lorenzo.caggioni@gmail.com>
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
4c7ff3381e
commit
cb7bed50e3
@@ -131,10 +131,10 @@ fields:
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L26) | Id of the project where Tag Templates will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L31) | Default region for tag templates. | <code>string</code> | ✓ | |
|
||||
| [factories_config](variables.tf#L17) | Paths to data files and folders that enable factory functionality. | <code title="object({ tag_templates = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [tag_templates](variables.tf#L36) | Tag templates definitions in the form {TAG_TEMPLATE_ID => TEMPLATE_DEFINITION}. | <code title="map(object({ display_name = optional(string) force_delete = optional(bool, false) region = optional(string) fields = map(object({ display_name = optional(string) description = optional(string) is_required = optional(bool, false) order = optional(number) type = object({ primitive_type = optional(string) enum_type_values = optional(list(string)) }) })) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [project_id](variables.tf#L29) | Id of the project where Tag Templates will be created. | <code>string</code> | ✓ | |
|
||||
| [factories_config](variables.tf#L17) | Paths to data files and folders that enable factory functionality. | <code title="object({ tag_templates = optional(string) context = optional(object({ regions = optional(map(string), {}) }), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [region](variables.tf#L34) | Default region for tag templates. | <code>string</code> | | <code>null</code> |
|
||||
| [tag_templates](variables.tf#L40) | Tag templates definitions in the form {TAG_TEMPLATE_ID => TEMPLATE_DEFINITION}. | <code title="map(object({ display_name = optional(string) force_delete = optional(bool, false) region = optional(string) fields = map(object({ display_name = optional(string) description = optional(string) is_required = optional(bool, false) order = optional(number) type = object({ primitive_type = optional(string) enum_type_values = optional(list(string)) }) })) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -53,9 +53,13 @@ locals {
|
||||
}
|
||||
|
||||
resource "google_data_catalog_tag_template" "default" {
|
||||
for_each = local.tag_templates
|
||||
project = var.project_id
|
||||
region = coalesce(each.value.region, var.region)
|
||||
for_each = local.tag_templates
|
||||
project = var.project_id
|
||||
region = lookup(
|
||||
var.factories_config,
|
||||
coalesce(each.value.region, var.region),
|
||||
coalesce(each.value.region, var.region)
|
||||
)
|
||||
tag_template_id = each.key
|
||||
display_name = each.value.display_name
|
||||
dynamic "fields" {
|
||||
|
||||
@@ -18,6 +18,9 @@ variable "factories_config" {
|
||||
description = "Paths to data files and folders that enable factory functionality."
|
||||
type = object({
|
||||
tag_templates = optional(string)
|
||||
context = optional(object({
|
||||
regions = optional(map(string), {})
|
||||
}), {})
|
||||
})
|
||||
nullable = false
|
||||
default = {}
|
||||
@@ -31,6 +34,7 @@ variable "project_id" {
|
||||
variable "region" {
|
||||
description = "Default region for tag templates."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "tag_templates" {
|
||||
|
||||
@@ -69,12 +69,19 @@ module "aspect-types" {
|
||||
|
||||
Aspect types can also be defined via a resource factory, where the file name will be used as the aspect type id. The resulting data is then internally combined with the `aspect_types` variable.
|
||||
|
||||
IAM attributes can leverage substitutions for principals, which need to be defined via the `factories_configs.context.iam_principals` variable as shown in the example below.
|
||||
|
||||
```hcl
|
||||
module "aspect-types" {
|
||||
source = "./fabric/modules/dataplex-aspect-types"
|
||||
project_id = "test-project"
|
||||
factories_config = {
|
||||
aspect_types = "data/aspect-types"
|
||||
context = {
|
||||
iam_principals = {
|
||||
test-sa = "serviceAccount:sa-0@test-project.iam.gserviceaccount.com"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4 files=aspect-0,aspect-1
|
||||
@@ -83,8 +90,8 @@ module "aspect-types" {
|
||||
```yaml
|
||||
display_name: "Test template 0."
|
||||
iam:
|
||||
roles/dataplex.aspectTypeOwner:
|
||||
- "group:data-owners@example.com"
|
||||
"roles/dataplex.aspectTypeOwner":
|
||||
- group:data-owners@example.com
|
||||
metadata_template: |
|
||||
{
|
||||
"name": "tf-test-template-0",
|
||||
@@ -117,8 +124,8 @@ metadata_template: |
|
||||
display_name: "Test template 1."
|
||||
iam_bindings_additive:
|
||||
user:
|
||||
role: "roles/dataplex.aspectTypeUser"
|
||||
member: "serviceAccount:sa-0@test-project.iam.gserviceaccount.com"
|
||||
role: roles/dataplex.aspectTypeUser
|
||||
member: test-sa
|
||||
metadata_template: |
|
||||
{
|
||||
"name": "tf-test-template-1",
|
||||
@@ -151,10 +158,10 @@ metadata_template: |
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L64) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L67) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [aspect_types](variables.tf#L17) | Aspect templates. Merged with those defined via the factory. | <code title="map(object({ description = optional(string) display_name = optional(string) labels = optional(map(string), {}) metadata_template = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [factories_config](variables.tf#L48) | Paths to folders for the optional factories. | <code title="object({ aspect_types = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L57) | Location for aspect types. | <code>string</code> | | <code>"global"</code> |
|
||||
| [factories_config](variables.tf#L48) | Paths to folders for the optional factories. | <code title="object({ aspect_types = optional(string) context = optional(object({ iam_principals = optional(map(string), {}) }), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L60) | Location for aspect types. | <code>string</code> | | <code>"global"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -55,14 +55,20 @@ resource "google_dataplex_aspect_type_iam_binding" "authoritative" {
|
||||
}
|
||||
role = each.value.role
|
||||
aspect_type_id = google_dataplex_aspect_type.default[each.value.aspect_type_id].id
|
||||
members = each.value.members
|
||||
members = [
|
||||
for v in each.value.members :
|
||||
lookup(var.factories_config.context.iam_principals, v, v)
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_dataplex_aspect_type_iam_binding" "bindings" {
|
||||
for_each = local.iam_bindings
|
||||
role = each.value.role
|
||||
aspect_type_id = google_dataplex_aspect_type.default[each.value.aspect_type_id].id
|
||||
members = each.value.members
|
||||
members = [
|
||||
for v in each.value.members :
|
||||
lookup(var.factories_config.context.iam_principals, v, v)
|
||||
]
|
||||
dynamic "condition" {
|
||||
for_each = each.value.condition == null ? [] : [""]
|
||||
content {
|
||||
@@ -77,7 +83,9 @@ resource "google_dataplex_aspect_type_iam_member" "members" {
|
||||
for_each = local.iam_bindings_additive
|
||||
aspect_type_id = google_dataplex_aspect_type.default[each.value.aspect_type_id].id
|
||||
role = each.value.role
|
||||
member = each.value.member
|
||||
member = lookup(
|
||||
var.factories_config.context.iam_principals, each.value.member, each.value.member
|
||||
)
|
||||
dynamic "condition" {
|
||||
for_each = each.value.condition == null ? [] : [""]
|
||||
content {
|
||||
|
||||
@@ -49,6 +49,9 @@ variable "factories_config" {
|
||||
description = "Paths to folders for the optional factories."
|
||||
type = object({
|
||||
aspect_types = optional(string)
|
||||
context = optional(object({
|
||||
iam_principals = optional(map(string), {})
|
||||
}), {})
|
||||
})
|
||||
nullable = false
|
||||
default = {}
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -19,7 +19,8 @@
|
||||
locals {
|
||||
# reimplement the billing account factory here to interpolate projects
|
||||
_budget_path = try(pathexpand(var.factories_config.budgets.budgets_data_path), null)
|
||||
_budgets = (
|
||||
_budgets = merge(
|
||||
var.factories_data.budgets,
|
||||
{
|
||||
for f in try(fileset(local._budget_path, "**/*.yaml"), []) :
|
||||
trimsuffix(f, ".yaml") => yamldecode(file("${local._budget_path}/${f}"))
|
||||
|
||||
@@ -20,11 +20,14 @@ locals {
|
||||
_folders_path = try(
|
||||
pathexpand(var.factories_config.folders_data_path), null
|
||||
)
|
||||
_folders = {
|
||||
for f in local._hierarchy_files : dirname(f) => yamldecode(file(
|
||||
"${coalesce(var.factories_config.folders_data_path, "-")}/${f}"
|
||||
))
|
||||
}
|
||||
_folders = merge(
|
||||
var.factories_data.hierarchy,
|
||||
{
|
||||
for f in local._hierarchy_files : dirname(f) => yamldecode(file(
|
||||
"${coalesce(var.factories_config.folders_data_path, "-")}/${f}"
|
||||
))
|
||||
}
|
||||
)
|
||||
_hierarchy_files = try(
|
||||
fileset(local._folders_path, "**/_config.yaml"),
|
||||
[]
|
||||
|
||||
@@ -47,7 +47,7 @@ variable "data_defaults" {
|
||||
service_agent_subnet_iam = optional(map(list(string)), {})
|
||||
service_iam_grants = optional(list(string), [])
|
||||
network_subnet_users = optional(map(list(string)), {})
|
||||
}), { host_project = null })
|
||||
}))
|
||||
storage_location = optional(string)
|
||||
tag_bindings = optional(map(string), {})
|
||||
# non-project resources
|
||||
@@ -151,3 +151,247 @@ variable "factories_config" {
|
||||
})
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "factories_data" {
|
||||
description = "Alternate factory data input allowing to use this module as a library. Merged with local YAML data."
|
||||
type = object({
|
||||
budgets = optional(map(object({
|
||||
amount = object({
|
||||
currency_code = optional(string)
|
||||
nanos = optional(number)
|
||||
units = optional(number)
|
||||
use_last_period = optional(bool)
|
||||
})
|
||||
display_name = optional(string)
|
||||
filter = optional(object({
|
||||
credit_types_treatment = optional(object({
|
||||
exclude_all = optional(bool)
|
||||
include_specified = optional(list(string))
|
||||
}))
|
||||
label = optional(object({
|
||||
key = string
|
||||
value = string
|
||||
}))
|
||||
period = optional(object({
|
||||
calendar = optional(string)
|
||||
custom = optional(object({
|
||||
start_date = object({
|
||||
day = number
|
||||
month = number
|
||||
year = number
|
||||
})
|
||||
end_date = optional(object({
|
||||
day = number
|
||||
month = number
|
||||
year = number
|
||||
}))
|
||||
}))
|
||||
}))
|
||||
projects = optional(list(string))
|
||||
resource_ancestors = optional(list(string))
|
||||
services = optional(list(string))
|
||||
subaccounts = optional(list(string))
|
||||
}))
|
||||
threshold_rules = optional(list(object({
|
||||
percent = number
|
||||
forecasted_spend = optional(bool)
|
||||
})), [])
|
||||
update_rules = optional(map(object({
|
||||
disable_default_iam_recipients = optional(bool)
|
||||
monitoring_notification_channels = optional(list(string))
|
||||
pubsub_topic = optional(string)
|
||||
})), {})
|
||||
})), {})
|
||||
hierarchy = optional(map(object({
|
||||
name = optional(string)
|
||||
parent = optional(string)
|
||||
iam = optional(map(list(string)), {})
|
||||
iam_bindings = optional(map(object({
|
||||
members = list(string)
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_bindings_additive = optional(map(object({
|
||||
member = string
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_by_principals = optional(map(list(string)), {})
|
||||
tag_bindings = optional(map(string), {})
|
||||
})), {})
|
||||
projects = optional(map(object({
|
||||
automation = optional(object({
|
||||
project = string
|
||||
bucket = optional(object({
|
||||
location = string
|
||||
description = optional(string)
|
||||
prefix = optional(string)
|
||||
storage_class = optional(string, "STANDARD")
|
||||
uniform_bucket_level_access = optional(bool, true)
|
||||
versioning = optional(bool)
|
||||
iam = optional(map(list(string)), {})
|
||||
iam_bindings = optional(map(object({
|
||||
members = list(string)
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_bindings_additive = optional(map(object({
|
||||
member = string
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
labels = optional(map(string), {})
|
||||
}))
|
||||
service_accounts = optional(map(object({
|
||||
description = optional(string)
|
||||
iam = optional(map(list(string)), {})
|
||||
iam_bindings = optional(map(object({
|
||||
members = list(string)
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_bindings_additive = optional(map(object({
|
||||
member = string
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_billing_roles = optional(map(list(string)), {})
|
||||
iam_folder_roles = optional(map(list(string)), {})
|
||||
iam_organization_roles = optional(map(list(string)), {})
|
||||
iam_project_roles = optional(map(list(string)), {})
|
||||
iam_sa_roles = optional(map(list(string)), {})
|
||||
iam_storage_roles = optional(map(list(string)), {})
|
||||
})), {})
|
||||
}))
|
||||
billing_account = optional(string)
|
||||
billing_budgets = optional(list(string), [])
|
||||
buckets = optional(map(object({
|
||||
location = string
|
||||
description = optional(string)
|
||||
prefix = optional(string)
|
||||
storage_class = optional(string, "STANDARD")
|
||||
uniform_bucket_level_access = optional(bool, true)
|
||||
versioning = optional(bool)
|
||||
iam = optional(map(list(string)), {})
|
||||
iam_bindings = optional(map(object({
|
||||
members = list(string)
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_bindings_additive = optional(map(object({
|
||||
member = string
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
labels = optional(map(string), {})
|
||||
})), {})
|
||||
contacts = optional(map(list(string)), {})
|
||||
iam = optional(map(list(string)), {})
|
||||
iam_bindings = optional(map(object({
|
||||
members = list(string)
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_bindings_additive = optional(map(object({
|
||||
member = string
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
description = optional(string)
|
||||
}))
|
||||
})), {})
|
||||
iam_by_principals = optional(map(list(string)), {})
|
||||
labels = optional(map(string), {})
|
||||
metric_scopes = optional(list(string), [])
|
||||
name = optional(string)
|
||||
org_policies = optional(map(object({
|
||||
inherit_from_parent = optional(bool) # for list policies only.
|
||||
reset = optional(bool)
|
||||
rules = optional(list(object({
|
||||
allow = optional(object({
|
||||
all = optional(bool)
|
||||
values = optional(list(string))
|
||||
}))
|
||||
deny = optional(object({
|
||||
all = optional(bool)
|
||||
values = optional(list(string))
|
||||
}))
|
||||
enforce = optional(bool) # for boolean policies only.
|
||||
condition = optional(object({
|
||||
description = optional(string)
|
||||
expression = optional(string)
|
||||
location = optional(string)
|
||||
title = optional(string)
|
||||
}), {})
|
||||
parameters = optional(string)
|
||||
})), [])
|
||||
})), {})
|
||||
parent = optional(string)
|
||||
prefix = optional(string)
|
||||
service_accounts = optional(map(object({
|
||||
display_name = optional(string)
|
||||
iam_self_roles = optional(list(string), [])
|
||||
iam_project_roles = optional(map(list(string)), {})
|
||||
})), {})
|
||||
service_encryption_key_ids = optional(map(list(string)), {})
|
||||
services = optional(list(string), [])
|
||||
shared_vpc_host_config = optional(object({
|
||||
enabled = bool
|
||||
service_projects = optional(list(string), [])
|
||||
}))
|
||||
shared_vpc_service_config = optional(object({
|
||||
host_project = string
|
||||
network_users = optional(list(string), [])
|
||||
service_agent_iam = optional(map(list(string)), {})
|
||||
service_agent_subnet_iam = optional(map(list(string)), {})
|
||||
service_iam_grants = optional(list(string), [])
|
||||
network_subnet_users = optional(map(list(string)), {})
|
||||
}))
|
||||
tag_bindings = optional(map(string), {})
|
||||
vpc_sc = optional(object({
|
||||
perimeter_name = string
|
||||
perimeter_bridges = optional(list(string), [])
|
||||
is_dry_run = optional(bool, false)
|
||||
}))
|
||||
})), {})
|
||||
})
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
@@ -1654,12 +1654,12 @@ alerts:
|
||||
| [service_encryption_key_ids](variables.tf#L204) | Service Agents to be granted encryption/decryption permissions over Cloud KMS encryption keys. Format {SERVICE_AGENT => [KEY_ID]}. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [services](variables.tf#L211) | Service APIs to enable. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [shared_vpc_host_config](variables.tf#L217) | Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project). | <code title="object({ enabled = bool service_projects = optional(list(string), []) })">object({…})</code> | | <code>null</code> |
|
||||
| [shared_vpc_service_config](variables.tf#L226) | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | <code title="object({ host_project = string network_users = optional(list(string), []) service_agent_iam = optional(map(list(string)), {}) service_agent_subnet_iam = optional(map(list(string)), {}) service_iam_grants = optional(list(string), []) network_subnet_users = optional(map(list(string)), {}) })">object({…})</code> | | <code title="{ host_project = null }">{…}</code> |
|
||||
| [skip_delete](variables.tf#L254) | Deprecated. Use deletion_policy. | <code>bool</code> | | <code>null</code> |
|
||||
| [shared_vpc_service_config](variables.tf#L227) | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | <code title="object({ host_project = string network_users = optional(list(string), []) service_agent_iam = optional(map(list(string)), {}) service_agent_subnet_iam = optional(map(list(string)), {}) service_iam_grants = optional(list(string), []) network_subnet_users = optional(map(list(string)), {}) })">object({…})</code> | | <code title="{ host_project = null }">{…}</code> |
|
||||
| [skip_delete](variables.tf#L255) | Deprecated. Use deletion_policy. | <code>bool</code> | | <code>null</code> |
|
||||
| [tag_bindings](variables-tags.tf#L81) | Tag bindings for this project, in key => tag value id format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tags](variables-tags.tf#L88) | Tags by key name. If `id` is provided, key or value creation is skipped. The `iam` attribute behaves like the similarly named one at module level. | <code title="map(object({ description = optional(string, "Managed by the Terraform project module.") iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) id = optional(string) values = optional(map(object({ description = optional(string, "Managed by the Terraform project module.") iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) id = optional(string) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [universe](variables.tf#L266) | GCP universe where to deploy the project. The prefix will be prepended to the project id. | <code title="object({ prefix = string unavailable_services = optional(list(string), []) })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_sc](variables.tf#L275) | VPC-SC configuration for the project, use when `ignore_changes` for resources is set in the VPC-SC module. | <code title="object({ perimeter_name = string perimeter_bridges = optional(list(string), []) is_dry_run = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
| [universe](variables.tf#L267) | GCP universe where to deploy the project. The prefix will be prepended to the project id. | <code title="object({ prefix = string unavailable_services = optional(list(string), []) })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_sc](variables.tf#L276) | VPC-SC configuration for the project, use when `ignore_changes` for resources is set in the VPC-SC module. | <code title="object({ perimeter_name = string perimeter_bridges = optional(list(string), []) is_dry_run = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -27,10 +27,9 @@ locals {
|
||||
"artifactregistry.googleapis.com" : ["artifactregistry"]
|
||||
"bigtableadmin.googleapis.com" : ["bigtable"]
|
||||
"bigquery.googleapis.com" : ["bigquery-encryption"]
|
||||
"composer.googleapis.com" : [
|
||||
"composer", "artifactregistry", "container-engine",
|
||||
"compute", "pubsub", "storage"
|
||||
]
|
||||
# the list for composer now track composer 3
|
||||
# https://cloud.google.com/composer/docs/composer-3/configure-cmek-encryption#grant-roles-permissions
|
||||
"composer.googleapis.com" : ["composer", "storage"]
|
||||
"compute.googleapis.com" : ["compute"]
|
||||
"container.googleapis.com" : ["compute"]
|
||||
"dataflow.googleapis.com" : ["dataflow", "compute"]
|
||||
|
||||
@@ -220,7 +220,8 @@ variable "shared_vpc_host_config" {
|
||||
enabled = bool
|
||||
service_projects = optional(list(string), [])
|
||||
})
|
||||
default = null
|
||||
nullable = true
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "shared_vpc_service_config" {
|
||||
|
||||
Reference in New Issue
Block a user