kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow using no service account in compute-vm (#1692)

Browse Source 
* module and tests

* align blueprints

* tfdoc

* remove stale variables

* fix blueprint

* variable description
This commit is contained in:
Ludovico Magnocavallo
2023-09-19 18:56:51 +02:00
committed by GitHub
parent 96c28e605b
commit df5daab6cc
33 changed files with 622 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/main.tf
View File

@@ -298,8 +298,9 @@ module "proxy-vm" {
user-data = !var.tls ? module.cos-nginx.0.cloud_config : module.cos-nginx-tls.0.cloud_config
google-logging-enabled = true
}
service_account = module.service-account-proxy.email
service_account_create = false
service_account = {
email = module.service-account-proxy.email
}
}
module "glb" {

25
blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf
View File

@@ -240,10 +240,11 @@ module "vm-test1" {
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
service_account = {
email = module.service-account-gce.email
}
tags = ["ssh"]
}
module "vm-test2" {
@@ -257,10 +258,11 @@ module "vm-test2" {
nat = false
addresses = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
service_account = {
email = module.service-account-gce.email
}
tags = ["ssh"]
}
################################################################################
@@ -322,7 +324,8 @@ module "vm-onprem" {
network = module.vpc.name
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
}]
service_account = module.service-account-onprem.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
tags = ["ssh"]
service_account = {
email = module.service-account-onprem.email
}
tags = ["ssh"]
}

4
blueprints/networking/filtering-proxy-psc/consumer.tf
View File

@@ -48,7 +48,9 @@ module "test-vm-consumer" {
nat = false
addresses = null
}]
service_account_create = true
service_account = {
auto_create = true
}
metadata = {
startup-script = templatefile("${path.module}/startup.sh", { proxy_url = "http://proxy.internal:3128" })
}

5
blueprints/networking/filtering-proxy-psc/main.tf
View File

@@ -155,8 +155,9 @@ module "squid-vm" {
image = "cos-cloud/cos-stable"
}
}
service_account = module.service-account-squid.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
service_account = {
email = module.service-account-squid.email
}
metadata = {
user-data = module.cos-squid.cloud_config
google-logging-enabled = true

9
blueprints/networking/filtering-proxy/main.tf
View File

@@ -167,8 +167,9 @@ module "squid-vm" {
image = "cos-cloud/cos-stable"
}
}
service_account = module.service-account-squid.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
service_account = {
email = module.service-account-squid.email
}
metadata = {
user-data = module.cos-squid.cloud_config
}
@@ -270,5 +271,7 @@ module "test-vm" {
nat = false
addresses = null
}]
service_account_create = true
service_account = {
auto_create = true
}
}

21
blueprints/networking/glb-hybrid-neg-internal/nva.tf
View File

@@ -17,15 +17,16 @@
# tfdoc:file:description Network Virtual Appliances (NVAs).
module "nva_instance_templates" {
for_each = var.regions
source = "../../../modules/compute-vm"
project_id = module.project_landing.project_id
can_ip_forward = true
create_template = true
name = "nva-${each.value}"
service_account_create = true
zone = local.zones[each.key]
for_each = var.regions
source = "../../../modules/compute-vm"
project_id = module.project_landing.project_id
can_ip_forward = true
create_template = true
name = "nva-${each.value}"
service_account = {
auto_create = true
}
zone = local.zones[each.key]
metadata = {
startup-script = templatefile(
"${path.module}/data/nva-startup-script.tftpl",
@@ -36,7 +37,6 @@ module "nva_instance_templates" {
}
)
}
network_interfaces = [
{
network = module.vpc_landing_untrusted.self_link
@@ -47,7 +47,6 @@ module "nva_instance_templates" {
subnetwork = module.vpc_landing_trusted.subnet_self_links["${each.value}/trusted-${each.value}"]
}
]
tags = [
"http-server",
"https-server",

19
blueprints/networking/glb-hybrid-neg-internal/spoke.tf
View File

@@ -90,28 +90,27 @@ module "nats_spoke_01" {
}
module "test_vms" {
for_each = var.regions
source = "../../../modules/compute-vm"
name = "spoke-01-${each.value}"
project_id = module.project_spoke_01.project_id
create_template = var.ilb_create
service_account_create = true
zone = local.zones[each.key]
for_each = var.regions
source = "../../../modules/compute-vm"
name = "spoke-01-${each.value}"
project_id = module.project_spoke_01.project_id
zone = local.zones[each.key]
service_account = {
auto_create = true
}
metadata = {
startup-script = "apt update && apt install -y nginx"
}
network_interfaces = [{
network = module.vpc_spoke_01.self_link
subnetwork = module.vpc_spoke_01.subnet_self_links["${each.value}/spoke-01-${each.value}"]
}]
tags = [
"http-server",
"https-server",
"ssh"
]
create_template = var.ilb_create
}
module "test_vm_migs" {

27
blueprints/networking/hub-and-spoke-peering/main.tf
View File

@@ -188,10 +188,11 @@ module "vm-hub" {
nat = false
addresses = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
service_account = {
email = module.service-account-gce.email
}
tags = ["ssh"]
}
module "vm-spoke-1" {
@@ -205,10 +206,11 @@ module "vm-spoke-1" {
nat = false
addresses = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
service_account = {
email = module.service-account-gce.email
}
tags = ["ssh"]
}
module "vm-spoke-2" {
@@ -222,10 +224,11 @@ module "vm-spoke-2" {
nat = false
addresses = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
service_account = {
email = module.service-account-gce.email
}
tags = ["ssh"]
}

13
blueprints/networking/ilb-next-hop/gateways.tf
View File

@@ -21,7 +21,6 @@ module "gw" {
zone = each.value
name = "${var.prefix}-gw-${each.key}"
instance_type = "f1-micro"
boot_disk = {
initialize_params = {
image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2004-lts",
@@ -29,7 +28,6 @@ module "gw" {
size = 10
}
}
network_interfaces = [
{
network = module.vpc-left.self_link
@@ -52,11 +50,12 @@ module "gw" {
ip_cidr_right = var.ip_ranges.right
})
}
service_account = try(
module.service-accounts.emails["${var.prefix}-gce-vm"], null
)
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
group = { named_ports = null }
service_account = {
email = try(
module.service-accounts.emails["${var.prefix}-gce-vm"], null
)
}
group = { named_ports = null }
}
module "ilb-left" {

14
blueprints/networking/ilb-next-hop/vms.tf
View File

@@ -39,10 +39,9 @@ module "vm-left" {
metadata = {
startup-script = local.vm_startup_script
}
service_account = try(
module.service-accounts.email, null
)
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
service_account = {
email = try(module.service-accounts.email, null)
}
}
module "vm-right" {
@@ -62,8 +61,7 @@ module "vm-right" {
metadata = {
startup-script = local.vm_startup_script
}
service_account = try(
module.service-accounts.email, null
)
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
service_account = {
email = try(module.service-accounts.email, null)
}
}

4
blueprints/networking/shared-vpc-gke/main.tf
View File

@@ -192,7 +192,9 @@ module "vm-bastion" {
"service tinyproxy restart"
])
}
service_account_create = true
service_account = {
auto_create = true
}
}
################################################################################