kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bump GCP provider version to 7.33.0 (#4004)

Browse Source 
* Bump provider version

* Fix inventories

* Ignore certificates in inventories

* Add header to cloud run recipe

* Optimize file copy for example-based tests

* Remove local references
This commit is contained in:
Julio Castillo
2026-05-31 23:04:01 +02:00
committed by GitHub
parent 5d1f5a0431
commit d8d66583f8
254 changed files with 2081 additions and 1042 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/examples_e2e/setup_module/versions.tf generated
View File

@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 7.29.0, < 8.0.0" # tftest
version = ">= 7.33.0, < 8.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 7.29.0, < 8.0.0" # tftest
version = ">= 7.33.0, < 8.0.0" # tftest
}
}
provider_meta "google" {

4
tests/examples_e2e/setup_module/versions.tofu generated
View File

@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 7.29.0, < 8.0.0" # tftest
version = ">= 7.33.0, < 8.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 7.29.0, < 8.0.0" # tftest
version = ">= 7.33.0, < 8.0.0" # tftest
}
}
provider_meta "google" {

59
tests/fast/addons/a2_networking_ngfw/simple.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,22 +12,29 @@
# See the License for the specific language governing permissions and
# limitations under the License.
counts:
google_certificate_manager_trust_config: 1
google_network_security_firewall_endpoint: 1
google_network_security_firewall_endpoint_association: 1
google_network_security_security_profile: 2
google_network_security_security_profile_group: 1
google_network_security_tls_inspection_policy: 1
google_privateca_ca_pool: 1
google_privateca_certificate_authority: 1
google_storage_bucket_object: 1
modules: 1
resources: 10
values:
google_certificate_manager_trust_config.default["ngfw-0"]:
allowlisted_certificates:
- {}
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
location: europe-west8
name: ngfw-0
project: xxx-prod-net-landing-0
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
trust_stores:
- intermediate_cas:
- {}
trust_anchors:
- {}
google_network_security_firewall_endpoint.default["europe-west8-b"]:
billing_project_id: xxx-prod-net-landing-0
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
endpoint_settings: []
@@ -39,6 +46,7 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
google_network_security_firewall_endpoint_association.default["europe-west8-b-prod"]:
deletion_policy: DELETE
disabled: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -53,6 +61,7 @@ values:
google_network_security_security_profile.default["ngfw-0"]:
custom_intercept_profile: []
custom_mirroring_profile: []
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
@@ -76,6 +85,7 @@ values:
google_network_security_security_profile.url_filtering["ngfw-0"]:
custom_intercept_profile: []
custom_mirroring_profile: []
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
@@ -92,6 +102,7 @@ values:
google_network_security_security_profile_group.default["ngfw-0"]:
custom_intercept_profile: null
custom_mirroring_profile: null
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
@@ -104,6 +115,7 @@ values:
timeouts: null
google_network_security_tls_inspection_policy.default["ngfw-0"]:
custom_tls_features: null
deletion_policy: DELETE
description: null
exclude_public_ca_set: null
location: europe-west8
@@ -120,7 +132,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: different hash
event_based_hold: null
force_empty_content_type: null
@@ -131,6 +143,7 @@ values:
temporary_hold: null
timeouts: null
module.cas["ngfw-0"].google_privateca_ca_pool.default[0]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
encryption_spec: []
@@ -188,6 +201,7 @@ values:
unknown_extended_key_usages: []
name_constraints: []
policy_ids: []
deletion_policy: DELETE
deletion_protection: false
desired_state: null
effective_labels:
@@ -209,3 +223,18 @@ values:
timeouts: null
type: SELF_SIGNED
user_defined_access_urls: []
counts:
google_certificate_manager_trust_config: 1
google_network_security_firewall_endpoint: 1
google_network_security_firewall_endpoint_association: 1
google_network_security_security_profile: 2
google_network_security_security_profile_group: 1
google_network_security_tls_inspection_policy: 1
google_privateca_ca_pool: 1
google_privateca_certificate_authority: 1
google_storage_bucket_object: 1
modules: 1
resources: 10
outputs: {}

74
tests/fast/stages/s0_org_setup/customizations.yaml
View File

@@ -35,7 +35,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -54,7 +54,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -72,7 +72,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -90,7 +90,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -142,6 +142,7 @@ values:
default_partition_expiration_ms: null
default_table_expiration_ms: null
delete_contents_on_destroy: false
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -161,6 +162,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -193,6 +195,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -225,12 +228,14 @@ values:
module.factory.module.folder-1-iam["prod"].google_tags_tag_binding.binding["environment"]:
timeouts: null
module.factory.module.folder-1["dev"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Development
parent: organizations/1234567890
tags: null
timeouts: null
module.factory.module.folder-1["prod"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Production
parent: organizations/1234567890
@@ -251,6 +256,7 @@ values:
service_project: ft0-dev-app-example-0
timeouts: null
module.factory.module.projects-iam["dev-net-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
deletion_policy: DELETE
project: ft0-dev-net-shared-0
timeouts: null
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/cloudbuild.builds.editor"]:
@@ -283,6 +289,7 @@ values:
service_project: ft0-prod-app-example-0
timeouts: null
module.factory.module.projects-iam["prod-net-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
deletion_policy: DELETE
project: ft0-prod-net-shared-0
timeouts: null
module.factory.module.projects["dev-app-0"].data.google_bigquery_default_service_account.bq_sa[0]:
@@ -315,30 +322,35 @@ values:
project: ft0-dev-app-example-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["dev-app-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
@@ -385,36 +397,42 @@ values:
project: ft0-dev-net-shared-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["dev-net-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["dns.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: dns.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["iap.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: iap.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
@@ -483,114 +501,133 @@ values:
project: ft0-prod-iac-core-0
role: roles/pubsub.serviceAgent
module.factory.module.projects["iac-0"].google_project_service.org_policy_service[0]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: orgpolicy.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["accesscontextmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: accesscontextmanager.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigquerystorage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigquerystorage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudbilling.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudbilling.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudkms.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudkms.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudresourcemanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudresourcemanager.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["essentialcontacts.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: essentialcontacts.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["iam.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: iam.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["iamcredentials.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: iamcredentials.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["pubsub.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: pubsub.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["serviceusage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: serviceusage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["storage-component.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: storage-component.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: storage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["sts.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
@@ -642,30 +679,35 @@ values:
project: ft0-prod-app-example-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["prod-app-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
@@ -712,36 +754,42 @@ values:
project: ft0-prod-net-shared-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["prod-net-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["dns.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: dns.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["iap.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: iap.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
@@ -766,6 +814,7 @@ values:
module.factory.module.service-accounts["iac-0/iac-org-rw"].google_service_account.service_account[0]:
account_id: iac-org-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for org setup (read-write).
@@ -782,6 +831,7 @@ values:
output: null
triggers_replace: null
module.organization-iam[0].google_logging_organization_sink.sink["audit-logs"]:
deletion_policy: DELETE
description: audit-logs (Terraform-managed).
disabled: false
exclusions: []
@@ -972,6 +1022,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow GCP Healthcheck Ranges.
direction: INGRESS
@@ -996,6 +1047,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow IAP.
direction: INGRESS
@@ -1017,6 +1069,7 @@ values:
allow:
- ports: []
protocol: icmp
deletion_policy: DELETE
deny: []
description: Allow ICMP.
direction: INGRESS
@@ -1038,6 +1091,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow GCP Healthcheck Ranges.
direction: INGRESS
@@ -1062,6 +1116,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow IAP.
direction: INGRESS
@@ -1083,6 +1138,7 @@ values:
allow:
- ports: []
protocol: icmp
deletion_policy: DELETE
deny: []
description: Allow ICMP.
direction: INGRESS
@@ -1104,6 +1160,7 @@ values:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: true
deletion_policy: DELETE
description: Terraform managed
enable_ula_internal_ipv6: null
mtu: 1500
@@ -1115,6 +1172,7 @@ values:
routing_mode: GLOBAL
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: dev-shared-0-directpath-googleapis
@@ -1129,6 +1187,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: dev-shared-0-private-googleapis
@@ -1143,6 +1202,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: dev-shared-0-restricted-googleapis
@@ -1157,6 +1217,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_subnetwork.subnetwork["europe-west1/default"]:
deletion_policy: DELETE
description: Default primary-region subnet for dev
ip_cidr_range: 10.0.0.0/24
ip_collection: null
@@ -1177,6 +1238,7 @@ values:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: true
deletion_policy: DELETE
description: Terraform managed
enable_ula_internal_ipv6: null
mtu: 1500
@@ -1188,6 +1250,7 @@ values:
routing_mode: GLOBAL
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: prod-shared-0-directpath-googleapis
@@ -1202,6 +1265,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: prod-shared-0-private-googleapis
@@ -1216,6 +1280,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: prod-shared-0-restricted-googleapis
@@ -1230,6 +1295,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_subnetwork.subnetwork["europe-west1/default"]:
deletion_policy: DELETE
description: Default primary-region subnet for prod
ip_cidr_range: 10.0.0.0/24
ip_collection: null

492
tests/fast/stages/s0_org_setup/hardened.yaml
View File

File diff suppressed because it is too large Load Diff

370
tests/fast/stages/s0_org_setup/simple.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -35,7 +35,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -67,7 +67,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -100,7 +100,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -133,7 +133,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -166,7 +166,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -199,7 +199,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -218,7 +218,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -236,7 +236,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -254,7 +254,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -367,7 +367,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -673,6 +673,7 @@ values:
default_partition_expiration_ms: null
default_table_expiration_ms: null
delete_contents_on_destroy: false
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -692,6 +693,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -729,6 +731,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -766,6 +769,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -959,18 +963,21 @@ values:
module.factory.module.folder-1-iam["teams"].google_tags_tag_binding.binding["context"]:
timeouts: null
module.factory.module.folder-1["networking"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Networking
parent: organizations/1234567890
tags: null
timeouts: null
module.factory.module.folder-1["security"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Security
parent: organizations/1234567890
tags: null
timeouts: null
module.factory.module.folder-1["teams"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Teams
parent: organizations/1234567890
@@ -985,21 +992,25 @@ values:
module.factory.module.folder-2-iam["security/prod"].google_tags_tag_binding.binding["environment"]:
timeouts: null
module.factory.module.folder-2["networking/dev"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Development
tags: null
timeouts: null
module.factory.module.folder-2["networking/prod"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Production
tags: null
timeouts: null
module.factory.module.folder-2["security/dev"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Development
tags: null
timeouts: null
module.factory.module.folder-2["security/prod"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Production
tags: null
@@ -1039,6 +1050,26 @@ values:
condition: []
project: ft0-prod-billing-exp-0
role: roles/viewer
module.factory.module.projects-iam["iac-0"].google_org_policy_policy.default["iam.workloadIdentityPoolProviders"]:
dry_run_spec: []
name: projects/ft0-prod-iac-core-0/policies/iam.workloadIdentityPoolProviders
parent: projects/ft0-prod-iac-core-0
spec:
- inherit_from_parent: null
reset: null
rules:
- allow_all: null
condition: []
deny_all: null
enforce: null
parameters: null
values:
- allowed_values:
- https://token.actions.githubusercontent.com
- https://gitlab.com
- https://app.terraform.io
denied_values: null
timeouts: null
module.factory.module.projects-iam["iac-0"].google_project_iam_audit_config.default["iam.googleapis.com"]:
audit_log_config:
- exempted_members: []
@@ -1148,18 +1179,21 @@ values:
project: ft0-prod-billing-exp-0
role: roles/bigquerydatatransfer.serviceAgent
module.factory.module.projects["billing-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-billing-exp-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["billing-0"].google_project_service.project_services["bigquerydatatransfer.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-billing-exp-0
service: bigquerydatatransfer.googleapis.com
timeouts: null
module.factory.module.projects["billing-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-billing-exp-0
@@ -1176,26 +1210,6 @@ values:
module.factory.module.projects["iac-0"].data.google_storage_project_service_account.gcs_sa[0]:
project: ft0-prod-iac-core-0
user_project: null
module.factory.module.projects-iam["iac-0"].google_org_policy_policy.default["iam.workloadIdentityPoolProviders"]:
dry_run_spec: []
name: projects/ft0-prod-iac-core-0/policies/iam.workloadIdentityPoolProviders
parent: projects/ft0-prod-iac-core-0
spec:
- inherit_from_parent: null
reset: null
rules:
- allow_all: null
condition: []
deny_all: null
enforce: null
parameters: null
values:
- allowed_values:
- https://token.actions.githubusercontent.com
- https://gitlab.com
- https://app.terraform.io
denied_values: null
timeouts: null
module.factory.module.projects["iac-0"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-012345-012345
@@ -1252,162 +1266,189 @@ values:
project: ft0-prod-iac-core-0
role: roles/servicenetworking.serviceAgent
module.factory.module.projects["iac-0"].google_project_service.org_policy_service[0]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: orgpolicy.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["accesscontextmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: accesscontextmanager.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigqueryreservation.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigqueryreservation.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigquerystorage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigquerystorage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["billingbudgets.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: billingbudgets.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudasset.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudasset.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudbilling.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudbilling.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudbuild.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudbuild.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudkms.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudkms.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudquotas.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudquotas.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudresourcemanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudresourcemanager.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["datacatalog.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: datacatalog.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["essentialcontacts.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: essentialcontacts.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["iam.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: iam.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["iamcredentials.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: iamcredentials.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["networksecurity.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: networksecurity.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["pubsub.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: pubsub.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["servicenetworking.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: servicenetworking.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["serviceusage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: serviceusage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["storage-component.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: storage-component.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: storage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["sts.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
@@ -1466,18 +1507,21 @@ values:
project: ft0-prod-audit-logs-0
role: roles/pubsub.serviceAgent
module.factory.module.projects["log-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-audit-logs-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["log-0"].google_project_service.project_services["pubsub.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-audit-logs-0
service: pubsub.googleapis.com
timeouts: null
module.factory.module.projects["log-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-audit-logs-0
@@ -1487,126 +1531,6 @@ values:
project: ft0-prod-audit-logs-0
service: pubsub.googleapis.com
timeouts: null
module.factory.module.service-accounts["iac-0/iac-networking-ro"].google_service_account.service_account[0]:
account_id: iac-networking-ro
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for networking (read-only).
email: iac-networking-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-networking-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-networking-rw"].google_service_account.service_account[0]:
account_id: iac-networking-rw
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for networking (read-write).
email: iac-networking-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-networking-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-cicd-ro"].google_service_account.service_account[0]:
account_id: iac-org-cicd-ro
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for org setup CI/CD (read-only).
email: iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-cicd-rw"].google_service_account.service_account[0]:
account_id: iac-org-cicd-rw
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for org setup CI/CD (read-write).
email: iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-ro"].google_service_account.service_account[0]:
account_id: iac-org-ro
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for org setup (read-only).
email: iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-rw"].google_service_account.service_account[0]:
account_id: iac-org-rw
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for org setup (read-write).
email: iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-pf-ro"].google_service_account.service_account[0]:
account_id: iac-pf-ro
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for project factory (read-only).
email: iac-pf-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-pf-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-pf-rw"].google_service_account.service_account[0]:
account_id: iac-pf-rw
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for project factory (read-write).
email: iac-pf-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-pf-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-security-ro"].google_service_account.service_account[0]:
account_id: iac-security-ro
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for security (read-only).
email: iac-security-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-security-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-security-rw"].google_service_account.service_account[0]:
account_id: iac-security-rw
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for security (read-write).
email: iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-vpcsc-ro"].google_service_account.service_account[0]:
account_id: iac-vpcsc-ro
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for VPC service controls (read-only).
email: iac-vpcsc-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-vpcsc-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-vpcsc-rw"].google_service_account.service_account[0]:
account_id: iac-vpcsc-rw
create_ignore_already_exists: null
description: null
disabled: false
display_name: IaC service account for VPC service controls (read-write).
email: iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
? module.factory.module.service-accounts-iam["iac-0/iac-org-cicd-ro"].google_service_account_iam_member.additive["$service_account_ids:iac-0/iac-org-ro-roles/iam.serviceAccountTokenCreator"]
: condition: []
role: roles/iam.serviceAccountTokenCreator
@@ -1623,6 +1547,138 @@ values:
: condition: []
role: roles/iam.workloadIdentityUser
service_account_id: projects/ft0-prod-iac-core-0/serviceAccounts/iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
module.factory.module.service-accounts["iac-0/iac-networking-ro"].google_service_account.service_account[0]:
account_id: iac-networking-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for networking (read-only).
email: iac-networking-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-networking-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-networking-rw"].google_service_account.service_account[0]:
account_id: iac-networking-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for networking (read-write).
email: iac-networking-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-networking-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-cicd-ro"].google_service_account.service_account[0]:
account_id: iac-org-cicd-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for org setup CI/CD (read-only).
email: iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-cicd-rw"].google_service_account.service_account[0]:
account_id: iac-org-cicd-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for org setup CI/CD (read-write).
email: iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-ro"].google_service_account.service_account[0]:
account_id: iac-org-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for org setup (read-only).
email: iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-org-rw"].google_service_account.service_account[0]:
account_id: iac-org-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for org setup (read-write).
email: iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-pf-ro"].google_service_account.service_account[0]:
account_id: iac-pf-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for project factory (read-only).
email: iac-pf-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-pf-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-pf-rw"].google_service_account.service_account[0]:
account_id: iac-pf-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for project factory (read-write).
email: iac-pf-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-pf-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-security-ro"].google_service_account.service_account[0]:
account_id: iac-security-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for security (read-only).
email: iac-security-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-security-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-security-rw"].google_service_account.service_account[0]:
account_id: iac-security-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for security (read-write).
email: iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-vpcsc-ro"].google_service_account.service_account[0]:
account_id: iac-vpcsc-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for VPC service controls (read-only).
email: iac-vpcsc-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-vpcsc-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.module.service-accounts["iac-0/iac-vpcsc-rw"].google_service_account.service_account[0]:
account_id: iac-vpcsc-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for VPC service controls (read-write).
email: iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
member: serviceAccount:iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
module.factory.terraform_data.defaults_preconditions:
input: null
output: null
@@ -1632,6 +1688,7 @@ values:
output: null
triggers_replace: null
module.organization-iam[0].google_logging_organization_sink.sink["audit-logs"]:
deletion_policy: DELETE
description: audit-logs (Terraform-managed).
disabled: false
exclusions: []
@@ -1649,6 +1706,7 @@ values:
name: audit-logs
org_id: '1234567890'
module.organization-iam[0].google_logging_organization_sink.sink["iam"]:
deletion_policy: DELETE
description: iam (Terraform-managed).
disabled: false
exclusions: []
@@ -1664,6 +1722,7 @@ values:
name: iam
org_id: '1234567890'
module.organization-iam[0].google_logging_organization_sink.sink["vpc-sc"]:
deletion_policy: DELETE
description: vpc-sc (Terraform-managed).
disabled: false
exclusions: []
@@ -2610,6 +2669,7 @@ values:
storage_location: europe-west1
timeouts: null
module.organization[0].google_organization_iam_custom_role.roles["network_firewall_policies_admin"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2623,6 +2683,7 @@ values:
stage: GA
title: Custom role networkFirewallPoliciesAdmin
module.organization[0].google_organization_iam_custom_role.roles["ngfw_enterprise_admin"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2660,6 +2721,7 @@ values:
stage: GA
title: Custom role ngfwEnterpriseAdmin
module.organization[0].google_organization_iam_custom_role.roles["ngfw_enterprise_viewer"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2683,6 +2745,7 @@ values:
stage: GA
title: Custom role ngfwEnterpriseViewer
module.organization[0].google_organization_iam_custom_role.roles["organization_admin_viewer"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2705,6 +2768,7 @@ values:
stage: GA
title: Custom role organizationAdminViewer
module.organization[0].google_organization_iam_custom_role.roles["organization_iam_admin"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2715,6 +2779,7 @@ values:
stage: GA
title: Custom role organizationIamAdmin
module.organization[0].google_organization_iam_custom_role.roles["project_iam_viewer"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2727,6 +2792,7 @@ values:
stage: GA
title: Custom role projectIamViewer
module.organization[0].google_organization_iam_custom_role.roles["service_project_network_admin"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2744,6 +2810,7 @@ values:
stage: GA
title: Custom role serviceProjectNetworkAdmin
module.organization[0].google_organization_iam_custom_role.roles["storage_viewer"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:
@@ -2765,6 +2832,7 @@ values:
stage: GA
title: Custom role storageViewer
module.organization[0].google_organization_iam_custom_role.roles["tag_viewer"]:
deletion_policy: DELETE
description: Terraform-managed.
org_id: '1234567890'
permissions:

106
tests/fast/stages/s0_org_setup/starter-gcd.yaml
View File

@@ -35,7 +35,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -45,6 +45,38 @@ values:
source: null
temporary_hold: null
timeouts: null
google_storage_bucket_object.providers["0-org-setup-ro"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\
\ License, Version 2.0 (the \"License\");\n * you may not use this file except\
\ in compliance with the License.\n * You may obtain a copy of the License at\n\
\ *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required\
\ by applicable law or agreed to in writing, software\n * distributed under\
\ the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR\
\ CONDITIONS OF ANY KIND, either express or implied.\n * See the License for\
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
\ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n }\n}\nprovider\
\ \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
metadata: null
name: providers/0-org-setup-ro-providers.tf
retention: []
source: null
temporary_hold: null
timeouts: null
google_storage_bucket_object.tfvars["globals"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
@@ -54,7 +86,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -72,7 +104,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -90,7 +122,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -163,6 +195,7 @@ values:
default_partition_expiration_ms: null
default_table_expiration_ms: null
delete_contents_on_destroy: false
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -182,6 +215,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -214,6 +248,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -246,12 +281,14 @@ values:
module.factory.module.folder-1-iam["prod"].google_tags_tag_binding.binding["environment"]:
timeouts: null
module.factory.module.folder-1["dev"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Development
parent: organizations/1234567890
tags: null
timeouts: null
module.factory.module.folder-1["prod"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Production
parent: organizations/1234567890
@@ -272,6 +309,7 @@ values:
service_project: ft0-dev-app-example-0
timeouts: null
module.factory.module.projects-iam["dev-net-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
deletion_policy: DELETE
project: ft0-dev-net-shared-0
timeouts: null
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/cloudbuild.builds.editor"]:
@@ -304,6 +342,7 @@ values:
service_project: ft0-prod-app-example-0
timeouts: null
module.factory.module.projects-iam["prod-net-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
deletion_policy: DELETE
project: ft0-prod-net-shared-0
timeouts: null
module.factory.module.projects["dev-app-0"].data.google_bigquery_default_service_account.bq_sa[0]:
@@ -336,30 +375,35 @@ values:
project: ft0-dev-app-example-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["dev-app-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["dev-app-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-app-example-0
@@ -406,36 +450,42 @@ values:
project: ft0-dev-net-shared-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["dev-net-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["dns.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: dns.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["iap.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: iap.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["dev-net-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-dev-net-shared-0
@@ -504,114 +554,133 @@ values:
project: ft0-prod-iac-core-0
role: roles/pubsub.serviceAgent
module.factory.module.projects["iac-0"].google_project_service.org_policy_service[0]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: orgpolicy.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["accesscontextmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: accesscontextmanager.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["bigquerystorage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: bigquerystorage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudbilling.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudbilling.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudkms.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudkms.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["cloudresourcemanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: cloudresourcemanager.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["essentialcontacts.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: essentialcontacts.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["iam.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: iam.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["iamcredentials.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: iamcredentials.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["pubsub.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: pubsub.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["serviceusage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: serviceusage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["storage-component.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: storage-component.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
service: storage.googleapis.com
timeouts: null
module.factory.module.projects["iac-0"].google_project_service.project_services["sts.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-iac-core-0
@@ -663,30 +732,35 @@ values:
project: ft0-prod-app-example-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["prod-app-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["prod-app-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-app-example-0
@@ -733,36 +807,42 @@ values:
project: ft0-prod-net-shared-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["prod-net-0"].google_project_service.project_services["compute.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: compute.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["container.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: container.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["dns.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: dns.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["iap.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: iap.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["prod-net-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: ft0-prod-net-shared-0
@@ -787,6 +867,7 @@ values:
module.factory.module.service-accounts["iac-0/iac-org-rw"].google_service_account.service_account[0]:
account_id: iac-org-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: IaC service account for org setup (read-write).
@@ -803,6 +884,7 @@ values:
output: null
triggers_replace: null
module.organization-iam[0].google_logging_organization_sink.sink["audit-logs"]:
deletion_policy: DELETE
description: audit-logs (Terraform-managed).
disabled: false
exclusions: []
@@ -977,6 +1059,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow GCP Healthcheck Ranges.
direction: INGRESS
@@ -1001,6 +1084,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow IAP.
direction: INGRESS
@@ -1022,6 +1106,7 @@ values:
allow:
- ports: []
protocol: icmp
deletion_policy: DELETE
deny: []
description: Allow ICMP.
direction: INGRESS
@@ -1043,6 +1128,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow GCP Healthcheck Ranges.
direction: INGRESS
@@ -1067,6 +1153,7 @@ values:
allow:
- ports: []
protocol: all
deletion_policy: DELETE
deny: []
description: Allow IAP.
direction: INGRESS
@@ -1088,6 +1175,7 @@ values:
allow:
- ports: []
protocol: icmp
deletion_policy: DELETE
deny: []
description: Allow ICMP.
direction: INGRESS
@@ -1109,6 +1197,7 @@ values:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: true
deletion_policy: DELETE
description: Terraform managed
enable_ula_internal_ipv6: null
mtu: 1500
@@ -1120,6 +1209,7 @@ values:
routing_mode: GLOBAL
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: dev-shared-0-directpath-googleapis
@@ -1134,6 +1224,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: dev-shared-0-private-googleapis
@@ -1148,6 +1239,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: dev-shared-0-restricted-googleapis
@@ -1162,6 +1254,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["dev"].google_compute_subnetwork.subnetwork["u-germany-northeast1/default"]:
deletion_policy: DELETE
description: Default primary-region subnet for dev
ip_cidr_range: 10.0.0.0/24
ip_collection: null
@@ -1182,6 +1275,7 @@ values:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: true
deletion_policy: DELETE
description: Terraform managed
enable_ula_internal_ipv6: null
mtu: 1500
@@ -1193,6 +1287,7 @@ values:
routing_mode: GLOBAL
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: prod-shared-0-directpath-googleapis
@@ -1207,6 +1302,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: prod-shared-0-private-googleapis
@@ -1221,6 +1317,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: prod-shared-0-restricted-googleapis
@@ -1235,6 +1332,7 @@ values:
tags: null
timeouts: null
module.vpcs.module.vpcs["prod"].google_compute_subnetwork.subnetwork["u-germany-northeast1/default"]:
deletion_policy: DELETE
description: Default primary-region subnet for prod
ip_cidr_range: 10.0.0.0/24
ip_collection: null

10
tests/fast/stages/s1_vpcsc/hardened.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,7 +21,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -39,7 +39,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -237,3 +237,7 @@ counts:
local_file: 1
modules: 1
resources: 6
outputs:
tfvars: __missing__
vpc_sc_perimeter_default: __missing__

10
tests/fast/stages/s1_vpcsc/simple.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,7 +21,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -39,7 +39,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -259,3 +259,7 @@ counts:
local_file: 1
modules: 1
resources: 7
outputs:
tfvars: __missing__
vpc_sc_perimeter_default: __missing__

46
tests/fast/stages/s2_project_factory/data-platform.yaml
View File

@@ -21,7 +21,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -34,6 +34,7 @@ values:
module.factory.module.aspect-types["core-0"].google_dataplex_aspect_type.default["basic"]:
aspect_type_id: basic
data_classification: null
deletion_policy: DELETE
description: null
display_name: Basic template
effective_labels:
@@ -52,6 +53,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -94,6 +96,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -134,6 +137,7 @@ values:
module.factory.module.automation-service-accounts["product-0/automation/iac-ro"].google_service_account.service_account[0]:
account_id: product-0-iac-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Product 0/0 (ro)
@@ -149,6 +153,7 @@ values:
module.factory.module.automation-service-accounts["product-0/automation/iac-rw"].google_service_account.service_account[0]:
account_id: product-0-iac-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Product 0/0 (rw)
@@ -164,6 +169,7 @@ values:
module.factory.module.automation-service-accounts["shared-0/automation/iac-ro"].google_service_account.service_account[0]:
account_id: shared-0-iac-ro
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Domain 0 (ro)
@@ -179,6 +185,7 @@ values:
module.factory.module.automation-service-accounts["shared-0/automation/iac-rw"].google_service_account.service_account[0]:
account_id: shared-0-iac-rw
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Domain 0 (rw)
@@ -197,6 +204,7 @@ values:
default_partition_expiration_ms: null
default_table_expiration_ms: null
delete_contents_on_destroy: false
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -217,6 +225,7 @@ values:
default_partition_expiration_ms: null
default_table_expiration_ms: null
delete_contents_on_destroy: false
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -239,6 +248,7 @@ values:
project: testorg-prod-dp-dd0-p0
role: roles/bigquery.dataViewer
module.factory.module.bigquery-datasets["product-0/public"].google_tags_location_tag_binding.binding["exposure"]:
deletion_policy: DELETE
location: europe-west1
timeouts: null
module.factory.module.buckets["product-0/private"].google_storage_bucket.bucket[0]:
@@ -246,6 +256,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -273,6 +284,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -303,10 +315,12 @@ values:
role: roles/storage.objectViewer
timeouts: null
module.factory.module.buckets["product-0/public"].google_tags_location_tag_binding.binding["exposure"]:
deletion_policy: DELETE
location: europe-west1
parent: //storage.googleapis.com/projects/_/buckets/testorg-prod-dp-dd0-p0-public
timeouts: null
module.factory.module.folder-1["domain-0"].google_folder.folder[0]:
deletion_policy: DELETE
deletion_protection: false
display_name: Data Domain 0
parent: folders/1234567890
@@ -417,30 +431,35 @@ values:
project: testorg-prod-dp-core-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["core-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-core-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["core-0"].google_project_service.project_services["datacatalog.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-core-0
service: datacatalog.googleapis.com
timeouts: null
module.factory.module.projects["core-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-core-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["core-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-core-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["core-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-core-0
@@ -500,60 +519,70 @@ values:
project: testorg-prod-dp-dd0-p0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["product-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["cloudaicompanion.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: cloudaicompanion.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["cloudresourcemanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: cloudresourcemanager.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["composer.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: composer.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["datacatalog.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: datacatalog.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["datalineage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: datalineage.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["dataplex.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: dataplex.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["product-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd0-p0
@@ -609,48 +638,56 @@ values:
project: testorg-prod-dp-dd-0
role: roles/monitoring.notificationServiceAgent
module.factory.module.projects["shared-0"].google_project_service.project_services["bigquery.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: bigquery.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["composer.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: composer.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["datacatalog.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: datacatalog.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["datalineage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: datalineage.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["dataplex.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: dataplex.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["shared-0"].google_project_service.project_services["storage.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: testorg-prod-dp-dd-0
@@ -676,6 +713,7 @@ values:
module.factory.module.service-accounts["product-0/processing"].google_service_account.service_account[0]:
account_id: processing
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Processing service account.
@@ -686,6 +724,7 @@ values:
module.factory.module.service-accounts["shared-0/composer"].google_service_account.service_account[0]:
account_id: composer
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.
@@ -711,6 +750,7 @@ values:
module.factory.module.taxonomies["core-0"].google_data_catalog_taxonomy.default:
activated_policy_types:
- FINE_GRAINED_ACCESS_CONTROL
deletion_policy: DELETE
description: Taxonomy for data platform.
display_name: taxonomy
project: testorg-prod-dp-core-0
@@ -728,6 +768,7 @@ values:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: true
deletion_policy: DELETE
description: Terraform managed
enable_ula_internal_ipv6: null
mtu: 1500
@@ -739,6 +780,7 @@ values:
routing_mode: GLOBAL
timeouts: null
module.vpc-factory.module.vpcs["domain-0"].google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: domain-0-directpath-googleapis
@@ -753,6 +795,7 @@ values:
tags: null
timeouts: null
module.vpc-factory.module.vpcs["domain-0"].google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: domain-0-private-googleapis
@@ -767,6 +810,7 @@ values:
tags: null
timeouts: null
module.vpc-factory.module.vpcs["domain-0"].google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: domain-0-restricted-googleapis

56
tests/fast/stages/s2_security/simple.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,16 +12,34 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# yamllint disable rule:line-length
values:
google_storage_bucket_object.tfvars[0]:
bucket: test
cache_control: null
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
metadata: null
name: tfvars/2-security.auto.tfvars.json
retention: []
source: null
temporary_hold: null
timeouts: null
google_storage_bucket_object.version[0]:
bucket: test
cache_control: null
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -32,6 +50,7 @@ values:
temporary_hold: null
timeouts: null
module.cas["prod-ca-0"].google_privateca_ca_pool.default[0]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
encryption_spec: []
@@ -89,6 +108,7 @@ values:
unknown_extended_key_usages: []
name_constraints: []
policy_ids: []
deletion_policy: DELETE
deletion_protection: true
desired_state: null
effective_labels:
@@ -163,36 +183,42 @@ values:
project: fast-dev-sec-core-0
role: roles/monitoring.notificationServiceAgent
? module.factory.module.projects["dev-sec-core-0"].google_project_service.project_services["certificatemanager.googleapis.com"]
: disable_dependent_services: false
: deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-dev-sec-core-0
service: certificatemanager.googleapis.com
timeouts: null
module.factory.module.projects["dev-sec-core-0"].google_project_service.project_services["cloudkms.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-dev-sec-core-0
service: cloudkms.googleapis.com
timeouts: null
module.factory.module.projects["dev-sec-core-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-dev-sec-core-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["dev-sec-core-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-dev-sec-core-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["dev-sec-core-0"].google_project_service.project_services["privateca.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-dev-sec-core-0
service: privateca.googleapis.com
timeouts: null
module.factory.module.projects["dev-sec-core-0"].google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-dev-sec-core-0
@@ -251,36 +277,42 @@ values:
project: fast-prod-sec-core-0
role: roles/monitoring.notificationServiceAgent
? module.factory.module.projects["prod-sec-core-0"].google_project_service.project_services["certificatemanager.googleapis.com"]
: disable_dependent_services: false
: deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-prod-sec-core-0
service: certificatemanager.googleapis.com
timeouts: null
module.factory.module.projects["prod-sec-core-0"].google_project_service.project_services["cloudkms.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-prod-sec-core-0
service: cloudkms.googleapis.com
timeouts: null
module.factory.module.projects["prod-sec-core-0"].google_project_service.project_services["logging.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-prod-sec-core-0
service: logging.googleapis.com
timeouts: null
module.factory.module.projects["prod-sec-core-0"].google_project_service.project_services["monitoring.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-prod-sec-core-0
service: monitoring.googleapis.com
timeouts: null
module.factory.module.projects["prod-sec-core-0"].google_project_service.project_services["privateca.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-prod-sec-core-0
service: privateca.googleapis.com
timeouts: null
module.factory.module.projects["prod-sec-core-0"].google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: fast-prod-sec-core-0
@@ -315,6 +347,7 @@ values:
output: null
triggers_replace: null
module.kms["dev-primary-default"].google_kms_crypto_key.default["bigquery"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -326,6 +359,7 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms["dev-primary-default"].google_kms_crypto_key.default["composer"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -337,6 +371,7 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms["dev-primary-default"].google_kms_crypto_key.default["compute"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -348,6 +383,7 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms["dev-primary-default"].google_kms_crypto_key.default["gke"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -359,6 +395,7 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms["dev-primary-default"].google_kms_crypto_key.default["storage"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -375,6 +412,7 @@ values:
project: fast-dev-sec-core-0
timeouts: null
module.kms["prod-primary-default"].google_kms_crypto_key.default["compute"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -386,6 +424,7 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms["prod-primary-default"].google_kms_crypto_key.default["storage"]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
@@ -417,3 +456,8 @@ counts:
modules: 8
resources: 49
terraform_data: 2
outputs:
ca_pools: __missing__
kms_keys_ids: __missing__
tfvars: __missing__

23
tests/fixtures.py
View File

@@ -45,7 +45,7 @@ def _prepare_root_module(path):
_ignore = shutil.ignore_patterns('*.auto.tfvars', '*.auto.tfvars.json',
'[0-9]-*-providers.tf', 'terraform.tfstate*',
'.terraform.lock.hcl', 'terraform.tfvars',
'.terraform', '.git', 'pytest-*')
'.terraform', '.git', 'pytest-*', 'fabric')
def ignore_patterns(src, names):
ignored = set(_ignore(src, names))
@@ -59,6 +59,10 @@ def _prepare_root_module(path):
# ~20% slower than when run in a copy made with symlinks=False.
shutil.copytree(path, tmp_path, dirs_exist_ok=True, symlinks=False,
ignore=ignore_patterns)
# Recreate the 'fabric' symlink to avoid copying the whole repository
# recursively (which happens if followed via symlinks=False)
if (path / 'fabric').is_symlink():
(tmp_path / 'fabric').symlink_to((path / 'fabric').readlink())
lockfile = _REPO_ROOT / 'tools' / 'lockfile' / '.terraform.lock.hcl'
if lockfile.exists():
shutil.copy(lockfile, tmp_path / '.terraform.lock.hcl')
@@ -148,13 +152,22 @@ def plan_summary(module_path, basedir, tf_var_files=None, extra_files=None,
def filter_plan_values(values, ignored_attributes):
"""Remove ignored attributes from plan values."""
"""Remove ignored attributes from plan values recursively."""
if not ignored_attributes:
return values
for addr, resource_values in values.items():
if isinstance(resource_values, dict):
def _filter(obj):
if isinstance(obj, dict):
for attr in ignored_attributes:
resource_values.pop(attr, None)
obj.pop(attr, None)
for k, v in obj.items():
_filter(v)
elif isinstance(obj, list):
for item in obj:
_filter(item)
for addr, resource_values in values.items():
_filter(resource_values)
return values

4
tests/modules/agent_engine/examples/container.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/context.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

12
tests/modules/agent_engine/examples/deletion-protection.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,6 +26,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -54,7 +55,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -62,7 +63,6 @@ values:
name: dependencies.tar.gz
retention: []
source: assets/src/dependencies.tar.gz
source_md5hash: 49a4c43e6bef605c2fa6ddabac48ba6a
temporary_hold: null
timeouts: null
module.agent_engine.google_storage_bucket_object.pickle[0]:
@@ -73,7 +73,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -81,7 +81,6 @@ values:
name: pickle.pkl
retention: []
source: assets/src/pickle.pkl
source_md5hash: 493cf9bf3e59e39913e61916549f95a5
temporary_hold: null
timeouts: null
module.agent_engine.google_storage_bucket_object.requirements[0]:
@@ -92,7 +91,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -100,7 +99,6 @@ values:
name: requirements.txt
retention: []
source: assets/src/requirements.txt
source_md5hash: 0acf2b14e855722af60e03e8fa8b04ff
temporary_hold: null
timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:

4
tests/modules/agent_engine/examples/encryption.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/environment.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/image-spec.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/memory-bank.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -33,7 +33,7 @@ values:
- default_ttl: 2592000s
granular_ttl_config: []
memory_revision_default_ttl: null
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

14
tests/modules/agent_engine/examples/minimal-pickle.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,6 +26,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -54,7 +55,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -62,7 +63,6 @@ values:
name: dependencies.tar.gz
retention: []
source: assets/src/dependencies.tar.gz
source_md5hash: 49a4c43e6bef605c2fa6ddabac48ba6a
temporary_hold: null
timeouts: null
module.agent_engine.google_storage_bucket_object.pickle[0]:
@@ -73,7 +73,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -81,7 +81,6 @@ values:
name: pickle.pkl
retention: []
source: assets/src/pickle.pkl
source_md5hash: 493cf9bf3e59e39913e61916549f95a5
temporary_hold: null
timeouts: null
module.agent_engine.google_storage_bucket_object.requirements[0]:
@@ -92,7 +91,7 @@ values:
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -100,12 +99,11 @@ values:
name: requirements.txt
retention: []
source: assets/src/requirements.txt
source_md5hash: 0acf2b14e855722af60e03e8fa8b04ff
temporary_hold: null
timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/minimal.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

5
tests/modules/agent_engine/examples/pickle-gcs.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,6 +26,7 @@ values:
cors: []
custom_placement_config: []
default_event_based_hold: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
@@ -48,7 +49,7 @@ values:
uniform_bucket_level_access: true
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/psc-i.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

5
tests/modules/agent_engine/examples/sa-create.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,6 +26,7 @@ values:
module.agent_engine.google_service_account.service_account[0]:
account_id: my-agent
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: my-agent
@@ -35,7 +36,7 @@ values:
timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

4
tests/modules/agent_engine/examples/sa-external.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -15,7 +15,7 @@
values:
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

5
tests/modules/agent_engine/examples/unmanaged.yaml
View File

@@ -4,13 +4,14 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
@@ -22,7 +23,7 @@ values:
role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.unmanaged[0]:
context_spec: []
deletion_policy: null
deletion_policy: DELETE
description: Terraform managed.
display_name: my-agent
effective_labels:

22
tests/modules/alloydb/examples/psc.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,7 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# yamllint disable rule:indentation
values:
module.alloydb.google_alloydb_cluster.primary:
annotations: null
@@ -24,7 +23,10 @@ values:
recovery_window_days: 14
database_version: POSTGRES_15
deletion_policy: DEFAULT
deletion_protection: false
display_name: db
effective_labels:
goog-terraform-provisioned: 'true'
encryption_config: []
etag: null
initial_user: []
@@ -35,15 +37,23 @@ values:
psc_config:
- psc_enabled: true
restore_backup_source: []
restore_backupdr_backup_source: []
restore_backupdr_pitr_source: []
restore_continuous_backup_source: []
secondary_config: []
skip_await_major_version_upgrade: true
subscription_type: STANDARD
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.alloydb.google_alloydb_instance.primary:
annotations: null
availability_type: REGIONAL
connection_pool_config: []
deletion_policy: DELETE
display_name: db
effective_labels:
goog-terraform-provisioned: 'true'
gce_zone: null
instance_id: db
instance_type: PRIMARY
@@ -52,13 +62,17 @@ values:
- cpu_count: 2
psc_instance_config:
- allowed_consumer_projects:
- '123'
- '123'
psc_auto_connections: []
psc_interface_configs: []
query_insights_config:
- query_plans_per_minute: 5
query_string_length: 1024
record_application_tags: true
record_client_address: true
read_pool_config: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
counts:

17
tests/modules/alloydb/examples/read_pool_with_advanced_query_insights.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2024 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -51,6 +51,7 @@ values:
annotations: null
availability_type: REGIONAL
connection_pool_config: []
deletion_policy: DELETE
display_name: db
effective_labels:
goog-terraform-provisioned: 'true'
@@ -77,6 +78,7 @@ values:
module.alloydb.google_alloydb_instance.read_pool_primary["regional-read-pool"]:
annotations: null
connection_pool_config: []
deletion_policy: DELETE
display_name: regional-read-pool
effective_labels:
goog-terraform-provisioned: 'true'
@@ -125,18 +127,21 @@ values:
project: test-alloydb
role: roles/servicenetworking.serviceAgent
module.project.google_project_service.project_services["alloydb.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-alloydb
service: alloydb.googleapis.com
timeouts: null
module.project.google_project_service.project_services["geminicloudassist.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-alloydb
service: geminicloudassist.googleapis.com
timeouts: null
module.project.google_project_service.project_services["servicenetworking.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-alloydb
@@ -153,6 +158,7 @@ values:
module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-alloydb"]:
address: 10.60.0.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
@@ -169,6 +175,7 @@ values:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: my-network
@@ -185,6 +192,7 @@ values:
project: test-alloydb
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: my-network-directpath-googleapis
@@ -199,6 +207,7 @@ values:
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: my-network-private-googleapis
@@ -213,6 +222,7 @@ values:
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: my-network-restricted-googleapis
@@ -227,6 +237,7 @@ values:
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.psc["europe-west8/psc"]:
deletion_policy: DELETE
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.3.0/24
ip_collection: null
@@ -244,7 +255,7 @@ values:
send_secondary_ip_range_if_empty: null
timeouts: null
module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
deletion_policy: null
deletion_policy: DELETE
reserved_peering_ranges:
- servicenetworking-googleapis-com-alloydb
service: servicenetworking.googleapis.com

61
tests/modules/alloydb/examples/simple.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2024 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,25 +23,38 @@ values:
recovery_window_days: 14
database_version: POSTGRES_15
deletion_policy: DEFAULT
deletion_protection: false
display_name: db
effective_labels:
goog-terraform-provisioned: 'true'
encryption_config: []
etag: null
initial_user: []
labels: null
location: europe-west8
maintenance_update_policy: []
network_config:
- allocated_ip_range: null
project: test-alloydb
psc_config: []
restore_backup_source: []
restore_backupdr_backup_source: []
restore_backupdr_pitr_source: []
restore_continuous_backup_source: []
secondary_config: []
skip_await_major_version_upgrade: true
subscription_type: STANDARD
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.alloydb.google_alloydb_instance.primary:
annotations: null
availability_type: REGIONAL
connection_pool_config: []
deletion_policy: DELETE
display_name: db
effective_labels:
goog-terraform-provisioned: 'true'
gce_zone: null
instance_id: db
instance_type: PRIMARY
@@ -54,16 +67,23 @@ values:
record_application_tags: true
record_client_address: true
read_pool_config: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.project.google_project.project[0]:
auto_create_network: false
billing_account: 123456-123456-123456
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
folder_id: '1122334455'
labels: null
name: test-alloydb
org_id: null
project_id: test-alloydb
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.project.google_project_iam_member.service_agents["alloydb"]:
condition: []
@@ -74,12 +94,14 @@ values:
project: test-alloydb
role: roles/servicenetworking.serviceAgent
module.project.google_project_service.project_services["alloydb.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-alloydb
service: alloydb.googleapis.com
timeouts: null
module.project.google_project_service.project_services["servicenetworking.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-alloydb
@@ -96,21 +118,30 @@ values:
module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-alloydb"]:
address: 10.60.0.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
ip_version: null
labels: null
name: servicenetworking-googleapis-com-alloydb
prefix_length: 16
project: test-alloydb
purpose: VPC_PEERING
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: test-alloydb
routing_mode: GLOBAL
timeouts: null
@@ -120,7 +151,23 @@ values:
network: my-network
project: test-alloydb
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: my-network-directpath-googleapis
network: my-network
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: test-alloydb
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: my-network-private-googleapis
@@ -129,11 +176,13 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: test-alloydb
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: my-network-restricted-googleapis
@@ -142,25 +191,31 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: test-alloydb
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.psc["europe-west8/psc"]:
deletion_policy: DELETE
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.3.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: psc
network: my-network
params: []
project: test-alloydb
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west8
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: null
timeouts: null
module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
deletion_policy: null
deletion_policy: DELETE
reserved_peering_ranges:
- servicenetworking-googleapis-com-alloydb
service: servicenetworking.googleapis.com

100
tests/modules/certificate_authority_service/examples/iam.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2024 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,10 +12,104 @@
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cas.google_privateca_ca_pool.default[0]:
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
encryption_spec: []
issuance_policy: []
labels: null
location: europe-west1
name: test-ca
project: project-id
publishing_options: []
terraform_labels:
goog-terraform-provisioned: 'true'
tier: DEVOPS
timeouts: null
module.cas.google_privateca_ca_pool_iam_binding.authoritative["roles/privateca.certificateManager"]:
condition: []
members:
- serviceAccount:sa1@sa.example
role: roles/privateca.certificateManager
module.cas.google_privateca_ca_pool_iam_member.bindings["cert-manager"]:
condition: []
member: group:organization-admins@example.org
role: roles/privateca.certificateManager
module.cas.google_privateca_certificate_authority.default["test-ca"]:
certificate_authority_id: test-ca
config:
- subject_config:
- subject:
- common_name: test.example.com
country_code: null
locality: null
organization: Test Example
organizational_unit: null
postal_code: null
province: null
street_address: null
subject_alt_name: []
subject_key_id: []
x509_config:
- additional_extensions: []
aia_ocsp_servers: null
ca_options:
- is_ca: true
max_issuer_path_length: null
non_ca: null
zero_max_issuer_path_length: null
key_usage:
- base_key_usage:
- cert_sign: true
content_commitment: false
crl_sign: true
data_encipherment: false
decipher_only: false
digital_signature: false
encipher_only: false
key_agreement: false
key_encipherment: true
extended_key_usage:
- client_auth: false
code_signing: false
email_protection: false
ocsp_signing: false
server_auth: true
time_stamping: false
unknown_extended_key_usages: []
name_constraints: []
policy_ids: []
deletion_policy: DELETE
deletion_protection: true
desired_state: null
effective_labels:
goog-terraform-provisioned: 'true'
gcs_bucket: null
ignore_active_certificates_on_deletion: false
key_spec:
- algorithm: RSA_PKCS1_2048_SHA256
cloud_kms_key_version: null
labels: null
lifetime: 315360000s
location: europe-west1
pem_ca_certificate: null
project: project-id
skip_grace_period: true
subordinate_config: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
type: SELF_SIGNED
user_defined_access_urls: []
counts:
google_privateca_ca_pool: 1
google_privateca_certificate_authority: 1
google_privateca_ca_pool_iam_binding: 1
google_privateca_ca_pool_iam_member: 1
google_privateca_certificate_authority: 1
modules: 1
resources: 4
outputs: {}

19
tests/modules/cloud_build_v2_connection/examples/bitbucket-cloud.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,11 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# yamllint disable rule:line-length
values:
module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
bitbucket_server_trigger_config: []
build: []
deletion_policy: DELETE
description: null
developer_connect_event_config: []
disabled: false
@@ -53,6 +53,7 @@ values:
- {}
workspace: my-workspace
bitbucket_data_center_config: []
deletion_policy: DELETE
disabled: false
github_config: []
github_enterprise_config: []
@@ -71,6 +72,7 @@ values:
role: roles/cloudbuild.connectionViewer
module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
annotations: null
deletion_policy: DELETE
location: europe-west8
name: my-repository
parent_connection: my-connection
@@ -80,6 +82,7 @@ values:
module.cb_service_account.google_service_account.service_account[0]:
account_id: cloudbuild
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.
@@ -117,12 +120,14 @@ values:
project: test-my-project
role: roles/cloudbuild.builds.builder
module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
service: cloudbuild.googleapis.com
timeouts: null
module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
@@ -134,6 +139,7 @@ values:
timeouts: null
module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -155,6 +161,7 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["read-authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -176,6 +183,7 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -205,7 +213,6 @@ values:
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -213,7 +220,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["read-authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -221,7 +227,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -245,3 +250,5 @@ counts:
google_service_account: 1
modules: 4
resources: 21
outputs: {}

19
tests/modules/cloud_build_v2_connection/examples/bitbucket-data-center.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,11 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# yamllint disable rule:line-length
values:
module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
bitbucket_server_trigger_config: []
build: []
deletion_policy: DELETE
description: null
developer_connect_event_config: []
disabled: false
@@ -55,6 +55,7 @@ values:
- {}
service_directory_config: []
ssl_ca: null
deletion_policy: DELETE
disabled: false
github_config: []
github_enterprise_config: []
@@ -73,6 +74,7 @@ values:
role: roles/cloudbuild.connectionViewer
module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
annotations: null
deletion_policy: DELETE
location: europe-west8
name: my-repository
parent_connection: my-connection
@@ -82,6 +84,7 @@ values:
module.cb_service_account.google_service_account.service_account[0]:
account_id: cloudbuild
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.
@@ -119,12 +122,14 @@ values:
project: test-my-project
role: roles/cloudbuild.builds.builder
module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
service: cloudbuild.googleapis.com
timeouts: null
module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
@@ -136,6 +141,7 @@ values:
timeouts: null
module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -157,6 +163,7 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["read-authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -178,6 +185,7 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -207,7 +215,6 @@ values:
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -215,7 +222,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["read-authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -223,7 +229,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -247,3 +252,5 @@ counts:
google_service_account: 1
modules: 4
resources: 21
outputs: {}

76
tests/modules/cloud_build_v2_connection/examples/github-enterprise.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,6 +16,7 @@ values:
module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
bitbucket_server_trigger_config: []
build: []
deletion_policy: DELETE
description: null
developer_connect_event_config: []
disabled: false
@@ -31,11 +32,11 @@ values:
project: test-my-project
pubsub_config: []
repository_event_config:
- pull_request: []
push:
- branch: main
invert_regex: null
tag: null
- pull_request: []
push:
- branch: main
invert_regex: null
tag: null
service_account: null
source_to_build: []
substitutions: null
@@ -47,15 +48,16 @@ values:
annotations: null
bitbucket_cloud_config: []
bitbucket_data_center_config: []
deletion_policy: DELETE
disabled: false
github_config: []
github_enterprise_config:
- app_id: 1234567
app_installation_id: 123456789
app_slug: https://my-ghe-server.net/settings/apps/app-slug
host_uri: https://mmy-ghe-server.net.
service_directory_config: []
ssl_ca: null
- app_id: 1234567
app_installation_id: 123456789
app_slug: https://my-ghe-server.net/settings/apps/app-slug
host_uri: https://mmy-ghe-server.net.
service_directory_config: []
ssl_ca: null
gitlab_config: []
location: europe-west8
name: my-connection
@@ -65,12 +67,13 @@ values:
condition: []
location: europe-west8
members:
- group:organization-admins@example.org
- group:organization-admins@example.org
name: my-connection
project: test-my-project
role: roles/cloudbuild.connectionViewer
module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
annotations: null
deletion_policy: DELETE
location: europe-west8
name: my-repository
parent_connection: my-connection
@@ -80,6 +83,7 @@ values:
module.cb_service_account.google_service_account.service_account[0]:
account_id: cloudbuild
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.
@@ -92,20 +96,20 @@ values:
billing_account: 123456-123456-123456
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: "true"
folder_id: "1122334455"
goog-terraform-provisioned: 'true'
folder_id: '1122334455'
labels: null
name: test-my-project
org_id: null
project_id: test-my-project
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
condition: []
members:
- serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
- serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
project: test-my-project
role: roles/logging.logWriter
module.project.google_project_iam_member.service_agents["cloudbuild"]:
@@ -117,12 +121,14 @@ values:
project: test-my-project
role: roles/cloudbuild.builds.builder
module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
service: cloudbuild.googleapis.com
timeouts: null
module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
@@ -134,20 +140,21 @@ values:
timeouts: null
module.secret_manager.google_secret_manager_secret.default["private-key-secret"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
labels: null
project: test-my-project
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: private-key-secret
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
topics: []
ttl: null
@@ -155,33 +162,33 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
labels: null
project: test-my-project
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: webhook-secret
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
topics: []
ttl: null
version_aliases: null
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["private-key-secret.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["private-key-secret.roles/secretmanager.secretAccessor"]
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_version.default["private-key-secret/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -189,7 +196,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -213,3 +219,5 @@ counts:
google_service_account: 1
modules: 4
resources: 18
outputs: {}

54
tests/modules/cloud_build_v2_connection/examples/github.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,6 +16,7 @@ values:
module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
bitbucket_server_trigger_config: []
build: []
deletion_policy: DELETE
description: null
developer_connect_event_config: []
disabled: false
@@ -31,11 +32,11 @@ values:
project: test-my-project
pubsub_config: []
repository_event_config:
- pull_request: []
push:
- branch: main
invert_regex: null
tag: null
- pull_request: []
push:
- branch: main
invert_regex: null
tag: null
service_account: null
source_to_build: []
substitutions: null
@@ -47,11 +48,12 @@ values:
annotations: null
bitbucket_cloud_config: []
bitbucket_data_center_config: []
deletion_policy: DELETE
disabled: false
github_config:
- app_installation_id: null
authorizer_credential:
- {}
- app_installation_id: null
authorizer_credential:
- {}
github_enterprise_config: []
gitlab_config: []
location: europe-west8
@@ -62,12 +64,13 @@ values:
condition: []
location: europe-west8
members:
- group:organization-admins@example.org
- group:organization-admins@example.org
name: my-connection
project: test-my-project
role: roles/cloudbuild.connectionViewer
module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
annotations: null
deletion_policy: DELETE
location: europe-west8
name: my-repository
parent_connection: my-connection
@@ -77,6 +80,7 @@ values:
module.cb_service_account.google_service_account.service_account[0]:
account_id: cloudbuild
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.
@@ -89,20 +93,20 @@ values:
billing_account: 123456-123456-123456
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: "true"
folder_id: "1122334455"
goog-terraform-provisioned: 'true'
folder_id: '1122334455'
labels: null
name: test-my-project
org_id: null
project_id: test-my-project
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
condition: []
members:
- serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
- serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
project: test-my-project
role: roles/logging.logWriter
module.project.google_project_iam_member.service_agents["cloudbuild"]:
@@ -114,12 +118,14 @@ values:
project: test-my-project
role: roles/cloudbuild.builds.builder
module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
service: cloudbuild.googleapis.com
timeouts: null
module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
@@ -131,30 +137,30 @@ values:
timeouts: null
module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
labels: null
project: test-my-project
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: authorizer-credential
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
topics: []
ttl: null
version_aliases: null
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -178,3 +184,5 @@ counts:
google_service_account: 1
modules: 4
resources: 15
outputs: {}

84
tests/modules/cloud_build_v2_connection/examples/gitlab.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,6 +16,7 @@ values:
module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
bitbucket_server_trigger_config: []
build: []
deletion_policy: DELETE
description: null
developer_connect_event_config: []
disabled: false
@@ -31,11 +32,11 @@ values:
project: test-my-project
pubsub_config: []
repository_event_config:
- pull_request: []
push:
- branch: main
invert_regex: null
tag: null
- pull_request: []
push:
- branch: main
invert_regex: null
tag: null
service_account: null
source_to_build: []
substitutions: null
@@ -47,12 +48,13 @@ values:
annotations: null
bitbucket_cloud_config: []
bitbucket_data_center_config: []
deletion_policy: DELETE
disabled: false
github_config: []
github_enterprise_config: []
gitlab_config:
- service_directory_config: []
ssl_ca: null
- service_directory_config: []
ssl_ca: null
location: europe-west8
name: my-connection
project: test-my-project
@@ -61,12 +63,13 @@ values:
condition: []
location: europe-west8
members:
- group:organization-admins@example.org
- group:organization-admins@example.org
name: my-connection
project: test-my-project
role: roles/cloudbuild.connectionViewer
module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
annotations: null
deletion_policy: DELETE
location: europe-west8
name: my-repository
parent_connection: my-connection
@@ -76,6 +79,7 @@ values:
module.cb_service_account.google_service_account.service_account[0]:
account_id: cloudbuild
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.
@@ -88,20 +92,20 @@ values:
billing_account: 123456-123456-123456
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: "true"
folder_id: "1122334455"
goog-terraform-provisioned: 'true'
folder_id: '1122334455'
labels: null
name: test-my-project
org_id: null
project_id: test-my-project
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
condition: []
members:
- serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
- serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
project: test-my-project
role: roles/logging.logWriter
module.project.google_project_iam_member.service_agents["cloudbuild"]:
@@ -113,12 +117,14 @@ values:
project: test-my-project
role: roles/cloudbuild.builds.builder
module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
service: cloudbuild.googleapis.com
timeouts: null
module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
deletion_policy: DELETE
disable_dependent_services: false
disable_on_destroy: false
project: test-my-project
@@ -130,20 +136,21 @@ values:
timeouts: null
module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
labels: null
project: test-my-project
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: authorizer-credential
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
topics: []
ttl: null
@@ -151,20 +158,21 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["read-authorizer-credential"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
labels: null
project: test-my-project
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: read-authorizer-credential
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
topics: []
ttl: null
@@ -172,36 +180,36 @@ values:
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
labels: null
project: test-my-project
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: webhook-secret
tags: null
terraform_labels:
goog-terraform-provisioned: "true"
goog-terraform-provisioned: 'true'
timeouts: null
topics: []
ttl: null
version_aliases: null
version_destroy_ttl: null
module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["read-authorizer-credential.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["read-authorizer-credential.roles/secretmanager.secretAccessor"]
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]
: condition: []
role: roles/secretmanager.secretAccessor
module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -209,7 +217,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["read-authorizer-credential/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -217,7 +224,6 @@ values:
secret_data_wo_version: 1
timeouts: null
module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -241,3 +247,5 @@ counts:
google_service_account: 1
modules: 4
resources: 21
outputs: {}

13
tests/modules/cloud_function_v1/examples/custom-bundle.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -39,6 +39,7 @@ values:
available_memory_mb: 256
build_environment_variables: null
build_worker_pool: null
deletion_policy: DELETE
description: Terraform managed.
docker_registry: ARTIFACT_REGISTRY
docker_repository: null
@@ -81,6 +82,7 @@ values:
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -94,8 +96,9 @@ values:
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -111,3 +114,7 @@ counts:
google_project_iam_member: 4
google_service_account: 1
google_storage_bucket_object: 1
modules: 1
resources: 8
outputs: {}

12
tests/modules/cloud_function_v1/examples/http-trigger.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -38,6 +38,7 @@ values:
available_memory_mb: 256
build_environment_variables: null
build_worker_pool: null
deletion_policy: DELETE
description: Terraform managed.
docker_registry: ARTIFACT_REGISTRY
docker_repository: null
@@ -80,6 +81,7 @@ values:
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -93,8 +95,9 @@ values:
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -110,6 +113,7 @@ counts:
google_project_iam_member: 4
google_service_account: 1
google_storage_bucket_object: 1
modules: 1
resources: 8
outputs: {}

15
tests/modules/cloud_function_v1/examples/private-build-pool.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -15,6 +15,7 @@
values:
google_cloudbuild_worker_pool.pool:
annotations: null
deletion_policy: DELETE
display_name: null
location: europe-west9
name: custom-pool
@@ -24,6 +25,7 @@ values:
timeouts: null
worker_config:
- disk_size_gb: 100
enable_nested_virtualization: null
machine_type: e2-standard-4
no_external_ip: false
google_project_iam_member.artifact_writer:
@@ -50,6 +52,7 @@ values:
module.cf-http.google_cloudfunctions_function.function:
available_memory_mb: 256
build_environment_variables: null
deletion_policy: DELETE
description: Terraform managed.
docker_registry: ARTIFACT_REGISTRY
docker_repository: null
@@ -92,6 +95,7 @@ values:
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -105,8 +109,9 @@ values:
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -123,3 +128,7 @@ counts:
google_project_iam_member: 4
google_service_account: 1
google_storage_bucket_object: 1
modules: 1
resources: 9
outputs: {}

14
tests/modules/cloud_function_v2/examples/custom-bundle.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -45,6 +45,7 @@ values:
storage_source:
- bucket: bucket
worker_pool: null
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -59,6 +60,7 @@ values:
available_cpu: '0.166'
available_memory: 256M
binary_authorization_policy: null
direct_vpc_network_interface: []
environment_variables:
LOG_EXECUTION_ID: 'true'
ingress_settings: ALLOW_ALL
@@ -86,6 +88,7 @@ values:
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -99,8 +102,9 @@ values:
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -116,3 +120,7 @@ counts:
google_project_iam_member: 4
google_service_account: 1
google_storage_bucket_object: 1
modules: 1
resources: 8
outputs: {}

13
tests/modules/cloud_function_v2/examples/http-trigger.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -44,6 +44,7 @@ values:
storage_source:
- bucket: bucket
worker_pool: null
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -58,6 +59,7 @@ values:
available_cpu: '0.166'
available_memory: 256M
binary_authorization_policy: null
direct_vpc_network_interface: []
environment_variables:
LOG_EXECUTION_ID: 'true'
ingress_settings: ALLOW_ALL
@@ -85,6 +87,7 @@ values:
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -98,8 +101,9 @@ values:
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -115,6 +119,7 @@ counts:
google_project_iam_member: 4
google_service_account: 1
google_storage_bucket_object: 1
modules: 1
resources: 8
outputs: {}

16
tests/modules/cloud_function_v2/examples/private-build-pool.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -15,6 +15,7 @@
values:
google_cloudbuild_worker_pool.pool:
annotations: null
deletion_policy: DELETE
display_name: null
location: europe-west9
name: custom-pool
@@ -24,6 +25,7 @@ values:
timeouts: null
worker_config:
- disk_size_gb: 100
enable_nested_virtualization: null
machine_type: e2-standard-4
no_external_ip: false
google_project_iam_member.artifact_writer:
@@ -56,6 +58,7 @@ values:
- repo_source: []
storage_source:
- bucket: bucket
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
@@ -70,6 +73,7 @@ values:
available_cpu: '0.166'
available_memory: 256M
binary_authorization_policy: null
direct_vpc_network_interface: []
environment_variables:
LOG_EXECUTION_ID: 'true'
ingress_settings: ALLOW_ALL
@@ -97,6 +101,7 @@ values:
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -110,8 +115,9 @@ values:
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: null
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
@@ -128,3 +134,7 @@ counts:
google_project_iam_member: 4
google_service_account: 1
google_storage_bucket_object: 1
modules: 1
resources: 9
outputs: {}

131
tests/modules/cloud_function_v2/examples/secrets.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,26 +12,89 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# yamllint disable rule:indentation
values:
google_project_iam_member.artifact_writer:
condition: []
member: serviceAccount:123-compute@developer.gserviceaccount.com
project: project-id
role: roles/artifactregistry.createOnPushWriter
google_project_iam_member.bucket_default_compute_account_grant:
condition: []
member: serviceAccount:123-compute@developer.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
module.cf-http.data.archive_file.bundle[0]:
exclude_symlink_directories: null
excludes: null
output_file_mode: '0644'
output_path: /tmp/bundle-project-id-test-cf-http.zip
source: []
source_content: null
source_content_filename: null
source_dir: assets/sample-function/
source_file: null
type: zip
module.cf-http.google_cloudfunctions2_function.function:
build_config:
- entry_point: main
on_deploy_update_policy: []
runtime: python310
source:
- repo_source: []
storage_source:
- bucket: bucket
worker_pool: null
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
event_trigger: []
kms_key_name: null
labels: null
location: europe-west8
name: test-cf-http
project: project-id
service_config:
- secret_environment_variables:
- key: VARIABLE_SECRET
project_id: project-id
# secret: var_secret # known after apply
version: latest
secret_volumes:
- mount_path: /app/secret
project_id: project-id
# secret: var_secret # known after apply
versions:
- {}
service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
- all_traffic_on_latest_revision: true
available_cpu: '0.166'
available_memory: 256M
binary_authorization_policy: null
direct_vpc_network_interface: []
environment_variables:
LOG_EXECUTION_ID: 'true'
ingress_settings: ALLOW_ALL
max_instance_count: 1
min_instance_count: 0
secret_environment_variables:
- key: VARIABLE_SECRET
project_id: project-id
version: latest
secret_volumes:
- mount_path: /app/secret
project_id: project-id
versions:
- {}
service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
timeout_seconds: 180
vpc_connector: null
vpc_connector_egress_settings: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.cf-http.google_project_iam_member.default["roles/logging.logWriter"]:
condition: []
member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
project: project-id
role: roles/logging.logWriter
module.cf-http.google_project_iam_member.default["roles/monitoring.metricWriter"]:
condition: []
member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
project: project-id
role: roles/monitoring.metricWriter
module.cf-http.google_service_account.service_account[0]:
account_id: test-cf-http
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: test-cf-http
@@ -39,17 +102,35 @@ values:
member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
project: project-id
timeouts: null
module.cf-http.google_storage_bucket_object.bundle[0]:
bucket: bucket
cache_control: null
content_disposition: null
content_encoding: null
content_language: null
contexts: []
customer_encryption: []
deletion_policy: DELETE
detect_md5hash: null
event_based_hold: null
force_empty_content_type: null
metadata: null
retention: []
source: /tmp/bundle-project-id-test-cf-http.zip
temporary_hold: null
timeouts: null
module.secret-manager.google_secret_manager_secret.default["credentials"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
project: project-id
replication:
- auto:
- customer_managed_encryption: []
user_managed: []
- auto:
- customer_managed_encryption: []
user_managed: []
rotation: []
secret_id: credentials
tags: null
@@ -60,13 +141,12 @@ values:
ttl: null
version_aliases: null
version_destroy_ttl: null
module.secret-manager.google_secret_manager_secret_iam_binding.authoritative["credentials.roles/secretmanager.secretAccessor"]:
condition: []
? module.secret-manager.google_secret_manager_secret_iam_binding.authoritative["credentials.roles/secretmanager.secretAccessor"]
: condition: []
members:
- serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
- serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
role: roles/secretmanager.secretAccessor
module.secret-manager.google_secret_manager_secret_version.default["credentials/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: manual foo bar spam
@@ -75,8 +155,15 @@ values:
timeouts: null
counts:
archive_file: 1
google_cloudfunctions2_function: 1
google_project_iam_member: 4
google_secret_manager_secret: 1
google_secret_manager_secret_iam_binding: 1
google_secret_manager_secret_version: 1
google_service_account: 1
google_storage_bucket_object: 1
modules: 2
resources: 11
outputs: {}

39
tests/modules/cloud_run_v2/examples/service-iam-env.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2023 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,7 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# yamllint disable rule:line-length
values:
module.cloud_run.google_cloud_run_v2_service.service[0]:
annotations: null
@@ -22,6 +21,7 @@ values:
client_version: null
custom_audiences: null
default_uri_disabled: null
deletion_policy: DELETE
deletion_protection: false
description: null
effective_labels:
@@ -30,6 +30,7 @@ values:
invoker_iam_disabled: false
labels: null
location: europe-west8
multi_region_settings: []
name: example-hello
project: project-id
template:
@@ -54,14 +55,18 @@ values:
image: us-docker.pkg.dev/cloudrun/container/hello
liveness_probe: []
name: hello
readiness_probe: []
source_code: []
volume_mounts: []
working_dir: null
encryption_key: null
execution_environment: EXECUTION_ENVIRONMENT_GEN1
gpu_zonal_redundancy_disabled: null
health_check_disabled: null
labels: null
node_selector: []
revision: null
service_account: example-hello@project-id.iam.gserviceaccount.com
service_mesh: []
session_affinity: null
volumes: []
@@ -74,8 +79,30 @@ values:
members:
- allUsers
role: roles/run.invoker
module.cloud_run.google_project_iam_member.default["roles/logging.logWriter"]:
condition: []
member: serviceAccount:example-hello@project-id.iam.gserviceaccount.com
project: project-id
role: roles/logging.logWriter
module.cloud_run.google_project_iam_member.default["roles/monitoring.metricWriter"]:
condition: []
member: serviceAccount:example-hello@project-id.iam.gserviceaccount.com
project: project-id
role: roles/monitoring.metricWriter
module.cloud_run.google_service_account.service_account[0]:
account_id: example-hello
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: example-hello
email: example-hello@project-id.iam.gserviceaccount.com
member: serviceAccount:example-hello@project-id.iam.gserviceaccount.com
project: project-id
timeouts: null
module.secret-manager.google_secret_manager_secret.default["credentials"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -103,13 +130,13 @@ values:
- serviceAccount:project-id@appspot.gserviceaccount.com
role: roles/secretmanager.secretAccessor
module.secret-manager.google_secret_manager_secret_version.default["credentials/v1"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: manual foo bar spam
secret_data_wo: null
secret_data_wo_version: 0
timeouts: null
counts:
google_cloud_run_v2_service: 1
google_cloud_run_v2_service_iam_binding: 1
@@ -118,3 +145,7 @@ counts:
google_secret_manager_secret_iam_binding: 1
google_secret_manager_secret_version: 1
google_service_account: 1
modules: 2
resources: 8
outputs: {}

27
tests/modules/cloud_run_v2/recipes/cloudsql_iam_auth_proxy/examples/recipe-cloudsql-iam-auth-proxy.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2023 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,6 +21,7 @@ values:
client_version: null
custom_audiences: null
default_uri_disabled: null
deletion_policy: DELETE
deletion_protection: false
description: null
effective_labels:
@@ -29,6 +30,7 @@ values:
invoker_iam_disabled: false
labels: null
location: europe-west8
multi_region_settings: []
name: db-test
project: project-id
template:
@@ -41,9 +43,12 @@ values:
image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.18.0
liveness_probe: []
name: authproxy
readiness_probe: []
source_code: []
volume_mounts:
- mount_path: /cloudsql
name: custom_cloudsql
sub_path: null
working_dir: null
- args: null
base_image_uri: null
@@ -64,13 +69,17 @@ values:
ports:
- container_port: 8080
name: http1
readiness_probe: []
source_code: []
volume_mounts:
- mount_path: /cloudsql
name: custom_cloudsql
sub_path: null
working_dir: null
encryption_key: null
execution_environment: EXECUTION_ENVIRONMENT_GEN1
gpu_zonal_redundancy_disabled: null
health_check_disabled: null
labels: null
node_selector: []
revision: null
@@ -97,18 +106,25 @@ values:
project: project-id
timeouts: null
module.db.google_sql_database_instance.primary:
backupdr_backup: null
clone: []
database_version: MYSQL_8_4
deletion_policy: DELETE
deletion_protection: false
final_backup_description: null
name: db
point_in_time_restore_context: []
project: project-id
region: europe-west8
restore_backup_context: []
root_password: null
root_password_wo: null
root_password_wo_version: null
settings:
- activation_policy: ALWAYS
active_directory_config: []
advanced_machine_features: []
auto_upgrade_enabled: null
availability_type: ZONAL
collation: null
database_flags:
@@ -124,6 +140,8 @@ values:
edition: ENTERPRISE
enable_dataplex_integration: null
enable_google_ml_integration: null
entraid_config: []
final_backup_config: []
ip_configuration:
- allocated_ip_range: null
authorized_networks: []
@@ -133,6 +151,7 @@ values:
private_network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
psc_config: []
server_ca_pool: null
server_certificate_rotation_mode: null
maintenance_window: []
password_validation_policy: []
pricing_plan: PER_USE
@@ -142,7 +161,8 @@ values:
time_zone: null
timeouts: null
module.db.google_sql_user.users["db-run@project-id.iam.gserviceaccount.com"]:
deletion_policy: null
database_roles: null
deletion_policy: DELETE
instance: db
name: db-run@project-id.iam.gserviceaccount.com
password: null
@@ -171,6 +191,7 @@ values:
module.run-sa.google_service_account.service_account[0]:
account_id: db-run
create_ignore_already_exists: null
deletion_policy: DELETE
description: null
disabled: false
display_name: Terraform-managed.

4
tests/modules/gke_cluster_standard/examples/access-google.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -56,6 +56,7 @@ values:
- enabled: true
datapath_provider: ADVANCED_DATAPATH
default_max_pods_per_node: 32
deletion_policy: DELETE
deletion_protection: true
description: null
disable_l4_lb_firewall_reconciliation: false
@@ -90,6 +91,7 @@ values:
maintenance_policy:
- daily_maintenance_window:
- start_time: 03:00
disruption_budget: []
maintenance_exclusion: []
recurring_window: []
master_auth:

4
tests/modules/gke_cluster_standard/examples/access-private.yaml
View File

@@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -56,6 +56,7 @@ values:
- enabled: true
datapath_provider: ADVANCED_DATAPATH
default_max_pods_per_node: 32
deletion_policy: DELETE
deletion_protection: true
description: null
disable_l4_lb_firewall_reconciliation: false
@@ -90,6 +91,7 @@ values:
maintenance_policy:
- daily_maintenance_window:
- start_time: 03:00
disruption_budget: []
maintenance_exclusion: []
recurring_window: []
master_auth:

22
tests/modules/gke_cluster_standard/examples/no-ip-access.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -40,16 +40,21 @@ values:
service_account: default
shielded_instance_config: []
autoscaling_profile: null
default_compute_class_enabled: null
resource_limits: []
control_plane_endpoints_config:
- dns_endpoint_config:
- allow_external_traffic: true
enable_k8s_certs_via_dns: null
enable_k8s_tokens_via_dns: null
ip_endpoints_config:
- enabled: false
cost_management_config:
- enabled: true
deletion_policy: DELETE
deletion_protection: true
description: null
disable_l4_lb_firewall_reconciliation: false
dns_config: []
effective_labels:
environment: dev
@@ -66,9 +71,11 @@ values:
enable_shielded_nodes: true
enable_tpu: false
fleet: []
in_transit_encryption_config: null
initial_node_count: 1
ip_allocation_policy:
- additional_pod_ranges_config: []
- additional_ip_ranges_config: []
additional_pod_ranges_config: []
cluster_secondary_range_name: pods
services_secondary_range_name: services
stack_type: IPV4
@@ -80,6 +87,7 @@ values:
maintenance_policy:
- daily_maintenance_window:
- start_time: 03:00
disruption_budget: []
maintenance_exclusion: []
recurring_window: []
master_auth:
@@ -93,8 +101,15 @@ values:
- enabled: true
name: cluster-1
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
network_performance_config: []
network_policy: []
networking_mode: VPC_NATIVE
node_pool_auto_config:
- linux_node_config: []
network_tags: []
node_kubelet_config:
- {}
resource_manager_tags: null
pod_security_policy_config: []
private_cluster_config:
- enable_private_endpoint: true
@@ -108,6 +123,7 @@ values:
environment: dev
resource_usage_export_config: []
secret_manager_config: []
secret_sync_config: []
subnetwork: subnet_self_link
terraform_labels:
environment: dev

44
tests/modules/net_vpc/examples/psa-prefix-services.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2024 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,32 +16,46 @@ values:
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
ip_version: null
labels: null
name: myrange
prefix_length: 24
project: project-id
purpose: VPC_PEERING
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.vpc.google_compute_global_address.psa_ranges["netapp"]:
address: 10.0.2.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
ip_version: null
labels: null
name: netapp
prefix_length: 24
project: project-id
purpose: VPC_PEERING
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: project-id
routing_mode: GLOBAL
timeouts: null
@@ -57,7 +71,23 @@ values:
network: my-network
project: project-id
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: my-network-directpath-googleapis
network: my-network
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: my-network-private-googleapis
@@ -66,11 +96,13 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: my-network-restricted-googleapis
@@ -79,25 +111,31 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
deletion_policy: DELETE
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: production
network: my-network
params: []
private_ip_google_access: true
project: project-id
region: europe-west1
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: true
timeouts: null
module.vpc.google_service_networking_connection.psa_connection["netapp.servicenetworking.goog"]:
deletion_policy: null
deletion_policy: DELETE
reserved_peering_ranges:
- netapp
service: netapp.servicenetworking.goog

54
tests/modules/net_vpc/examples/psa-prefix.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2023 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -13,33 +13,59 @@
# limitations under the License.
values:
? module.vpc.google_compute_global_address.psa_ranges["myrange"]
: address: 10.0.1.0
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
ip_version: null
labels: null
name: myrange
prefix_length: 24
project: project-id
purpose: VPC_PEERING
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: project-id
routing_mode: GLOBAL
timeouts: null
? module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]
: export_custom_routes: false
module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
export_custom_routes: false
import_custom_routes: false
network: my-network
project: project-id
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: my-network-directpath-googleapis
network: my-network
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: my-network-private-googleapis
@@ -48,11 +74,13 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: my-network-restricted-googleapis
@@ -61,28 +89,36 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
deletion_policy: DELETE
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: production
network: my-network
params: []
private_ip_google_access: true
project: project-id
region: europe-west1
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: true
timeouts: null
? module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]
: deletion_policy: null
module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
deletion_policy: DELETE
reserved_peering_ranges:
- myrange
- myrange
service: servicenetworking.googleapis.com
timeouts: null
update_on_creation_fail: null
counts:
google_compute_global_address: 1

64
tests/modules/net_vpc/examples/psa-routes.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2023 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -13,36 +13,65 @@
# limitations under the License.
values:
? module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]
: address: 10.0.1.0
module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]:
address: 10.0.1.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
data_classification: sensitive
environment: test
goog-terraform-provisioned: 'true'
ip_version: null
labels:
data_classification: sensitive
environment: test
name: servicenetworking-googleapis-com-myrange
prefix_length: 24
project: project-id
purpose: VPC_PEERING
labels:
terraform_labels:
data_classification: sensitive
environment: test
goog-terraform-provisioned: 'true'
timeouts: null
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: project-id
routing_mode: GLOBAL
timeouts: null
? module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]
: export_custom_routes: true
module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
export_custom_routes: true
import_custom_routes: true
network: my-network
project: project-id
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: my-network-directpath-googleapis
network: my-network
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: my-network-private-googleapis
@@ -51,11 +80,13 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: my-network-restricted-googleapis
@@ -64,30 +95,39 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
deletion_policy: DELETE
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: production
network: my-network
params: []
private_ip_google_access: true
project: project-id
region: europe-west1
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: true
timeouts: null
? module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]
: deletion_policy: null
module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
deletion_policy: DELETE
reserved_peering_ranges:
- servicenetworking-googleapis-com-myrange
- servicenetworking-googleapis-com-myrange
service: servicenetworking.googleapis.com
timeouts: null
? module.vpc.google_service_networking_peered_dns_domain.name["servicenetworking-googleapis-com-gcp-example-com"]
: dns_suffix: gcp.example.com.
update_on_creation_fail: null
module.vpc.google_service_networking_peered_dns_domain.name["servicenetworking-googleapis-com-gcp-example-com"]:
deletion_policy: DELETE
dns_suffix: gcp.example.com.
name: servicenetworking-googleapis-com-gcp-example-com
network: my-network
project: project-id

54
tests/modules/net_vpc/examples/psa.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2023 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -13,33 +13,59 @@
# limitations under the License.
values:
? module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]
: address: 10.0.1.0
module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]:
address: 10.0.1.0
address_type: INTERNAL
deletion_policy: DELETE
description: null
effective_labels:
goog-terraform-provisioned: 'true'
ip_version: null
labels: null
name: servicenetworking-googleapis-com-myrange
prefix_length: 24
project: project-id
purpose: VPC_PEERING
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: project-id
routing_mode: GLOBAL
timeouts: null
? module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]
: export_custom_routes: false
module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
export_custom_routes: false
import_custom_routes: false
network: my-network
project: project-id
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: my-network-directpath-googleapis
network: my-network
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: my-network-private-googleapis
@@ -48,11 +74,13 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: my-network-restricted-googleapis
@@ -61,28 +89,36 @@ values:
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
deletion_policy: DELETE
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: production
network: my-network
params: []
private_ip_google_access: true
project: project-id
region: europe-west1
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: true
timeouts: null
? module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]
: deletion_policy: null
module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
deletion_policy: DELETE
reserved_peering_ranges:
- servicenetworking-googleapis-com-myrange
- servicenetworking-googleapis-com-myrange
service: servicenetworking.googleapis.com
timeouts: null
update_on_creation_fail: null
counts:
google_compute_global_address: 1

10
tests/modules/secret_manager/examples/versions.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -15,6 +15,7 @@
values:
module.secret-manager.google_secret_manager_secret.default["test"]:
annotations: null
deletion_policy: DELETE
deletion_protection: false
effective_labels:
goog-terraform-provisioned: 'true'
@@ -35,7 +36,6 @@ values:
version_aliases: null
version_destroy_ttl: null
module.secret-manager.google_secret_manager_secret_version.default["test/a"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: foo
@@ -43,7 +43,6 @@ values:
secret_data_wo_version: 0
timeouts: null
module.secret-manager.google_secret_manager_secret_version.default["test/b"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: 'foo-secret
@@ -55,7 +54,6 @@ values:
secret_data_wo_version: 0
timeouts: null
module.secret-manager.google_secret_manager_secret_version.default["test/c"]:
deletion_policy: DELETE
enabled: true
is_secret_data_base64: false
secret_data: null
@@ -68,3 +66,5 @@ counts:
google_secret_manager_secret_version: 3
modules: 1
resources: 4
outputs: {}